Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance:
The prior art references of record do not expressly teach or render obvious the claimed invention as recited in claim 1. Specifically, the prior art references of record fail to teach or suggest at least: “A computer-implemented method comprising: maintaining (a) a database comprising mappings between (i) a plurality of security controls and (ii) security requirements related to a plurality of security standards, and (b) a plurality of verification methods for at least a given one of the security controls, wherein each respective one of the verification methods verifies whether the given security control satisfies a corresponding one of a plurality of security levels, wherein said maintaining is based at least in a part on a software script that evaluates text of the plurality of security standards to identify overlapping sections; obtaining information ... comprises a diagram comprising a plurality of elements of the software project, ... identifying, based at least in part on the diagram, one or more of the security controls in the database to be implemented in the software project in order to satisfy at least a threshold level of security ... corresponds to one of the plurality of security levels and is based at least in part on one or more of the plurality of security standards related to the target market; generating a modified diagram of the software project that visually indicates at least one of the identified security controls with respect to at least one of the plurality of elements; and automatically implementing at least one of the identified security controls in the software project; and providing the modified diagram and at least one of a plurality of verification methods maintained in the database for the implemented at least one security control that corresponds to the threshold level of security defined for the software project to verify whether the implemented at least one security control satisfies at least the threshold level security level ...,” when taken in context with other features of the independent claim as a whole.
In particular, an updated search of the prior art determined that the following references are pertinent to the claimed subject matter, but fail to teach or suggest at least the above-recited limitations for the following reasons:
Bowman-Amuah, Michel K., U.S. 7,139,999 B2, teaches systems and methods providing a development framework including defining, implementing, and verifying security requirements, including the implementation of security standards, but does not more particularly teach maintaining a plurality of mappings between security controls and standards and a plurality of verification methods verifying that a security control satisfies a security level, wherein maintaining the database is based at least in part on a software script identifying overlapping sections of the security standards text, obtaining software project and target market information comprising at least a diagram comprising software project elements, identifying based at least in part on the diagram one or more controls to satisfy a security level corresponding to at least one security standard related to the target market, generating a modified diagram visually indicating the identified controls, automatically implementing the security control, and providing the modified diagram and at least one verification method for the implemented controls corresponding to the threshold level of security;
Brigandi, Gianluca, U.S. 2019/0354690 A1, teaches systems and methods for continuously identifying, reporting, mitigating and remediating data privacy-related and security threats and compliance monitoring in applications, including a determination of actionable mitigation and remediation recommendations for meeting security and compliance requirements, but does not more particularly teach maintaining a plurality of mappings between security controls and standards and a plurality of verification methods verifying that a security control satisfies a security level, wherein maintaining the database is based at least in part on a software script identifying overlapping sections of the security standards text, obtaining software project and target market information comprising at least a diagram comprising software project elements, identifying based at least in part on the diagram one or more controls to satisfy a security level corresponding to at least one security standard related to the target market, generating a modified diagram visually indicating the identified controls, automatically implementing the security control, and providing the modified diagram and at least one verification method for the implemented controls corresponding to the threshold level of security;
G. R. Haron and Ng Kang Siong, "Extrapolating security requirements to an established software process: Version 1.0," teaches a method for defining a security model consistent with an organization and objectives, extrapolate security requirements based on application risk and vulnerabilities, define security-related activities in an established software process, and provide information related to the process to stakeholders, but does not more particularly teach maintaining a plurality of mappings between security controls and standards and a plurality of verification methods verifying that a security control satisfies a security level, wherein maintaining the database is based at least in part on a software script identifying overlapping sections of the security standards text, obtaining software project and target market information comprising at least a diagram comprising software project elements, identifying based at least in part on the diagram one or more controls to satisfy a security level corresponding to at least one security standard related to the target market, generating a modified diagram visually indicating the identified controls, automatically implementing the security control, and providing the modified diagram and at least one verification method for the implemented controls corresponding to the threshold level of security; and
K. Rindell and J. Holvitie, "Security Risk Assessment and Management as Technical Debt," teaches methods for extending risk-based extensions to prioritization mechanisms in technical debt management systems in order to identify, assess and mitigate security debt, but does not more particularly teach maintaining a plurality of mappings between security controls and standards and a plurality of verification methods verifying that a security control satisfies a security level, wherein maintaining the database is based at least in part on a software script identifying overlapping sections of the security standards text, obtaining software project and target market information comprising at least a diagram comprising software project elements, identifying based at least in part on the diagram one or more controls to satisfy a security level corresponding to at least one security standard related to the target market, generating a modified diagram visually indicating the identified controls, automatically implementing the security control, and providing the modified diagram and at least one verification method for the implemented controls corresponding to the threshold level of security.
In view of the foregoing discussion, the identified claimed limitations, in combination with the other limitations of claim 1, are not present in the prior art of record and would not have been obvious; thus, pending claim 1 is allowed. Claims 12 and 17 contain subject matter similar to that of claim 1, and are also allowed for the above reasons. Claims 2-6, 8-11 and 21-22 depend from claim 1; claims 13, 15-16 and 24 depend from claim 12; and claims 18 and 25 depend from claim 17, and are also allowable at least based on their dependence from allowable independent claims 1, 12 and 17.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communication from Examiner should be directed to ANDREW M. LYONS whose telephone number is (571) 270-3529. The examiner can normally be reached Monday to Friday from 9:00 AM to 5:00 PM. 
If attempts to reach Examiner by telephone are unsuccessful, Examiner’s supervisor, WEI ZHEN, can be reached at (571) 272-3708. The fax number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (in USA or Canada) or (571) 272-1000.
/Andrew M. Lyons/Examiner, Art Unit 2191