Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Notice of Allowability is in response to the reply by Applicant on 8/16/2022. Claims 3 and 16 have been canceled.  Claims 1, 2, 4-15 and 17-20 are pending. 


Allowable Subject Matter
Claims 1, 2, 4-15 and 17-20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
Applicant's arguments/amendments filed on 8/16/2022 make the record is clear regarding reasons for allowance. See MPEP 1302.14(1). According to MPEP 1302.14 (I): “In most cases, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (e) and 37 CFR 1.133(b). Thus, where the examiner’s actions clearly point out the reasons for rejection and the applicant’s reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary."    
A final search was conducted by Examiner on 8/23/2022.  It has been deemed that the closest prior art fails to disclose, teach or even suggest “receive, via the communication interface and from a computing device, indications of usage of a plurality of controls associated with an enterprise computing system; identify, based on a mapping between the plurality of controls and a plurality of attack vectors; one or more controls, of the plurality of controls, that are mapped to an attack vector, and respective effectiveness scores of the one or more controls that are mapped to the attack vector; determine, based on indications of usage of the one or more controls, respective compliance scores of the one or more controls; determine, based on the respective compliance scores and the respective effectiveness scores, a vulnerability score associated with the attack vector; and send, via the communication interface to the computing device, an indication of the determined vulnerability score associated with the attack vector.”  The closest prior art of 	Levin et al. (US  2020/0310889) and Glenn et al. (US 2019/0258804) and in further view of Ruane et al. (US 2021/0226779) teach about vulnerability with regards to attacks and the use of attack vectors.  However, the limitations of the instant application recite limitations that are not taught by such conventional means has in the prior art above.   While conventional means teach vulnerability score, they do not teach vulnerability scores which take into account compliance and effectiveness scores.  In addition, the instant applications also recites using attack vectors to map that are mapped to usage controls in order to determine effectiveness scores.  These are not steps that are taken by conventional means.  As a result the claims are in condition for Allowance.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661. The examiner can normally be reached Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

RODERICK . TOLENTINO
Examiner
Art Unit 2439



/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439