Simulation
Hands on simulation
What are we doing here?
We can use semantic search to break any text (SOC2, Pen Test etc.) down into
vectors and compare those to the vectors associated with NIST-800-53 controls we
are concerned with. We can repeat this process for every control in the framework
to figure out where we have coverage and where we might have gaps in reports, our
policies, standards and procedures or other document where we expect a control to
be addressed.
Basic process follows:
- We got embeddings for each of the NIST-800-53 controls from OpenAI and stored them in a Pinecone vector database.
- We made a form for you to input a control (see below). We take that control, get an embedding from OpenAI and compare the control embedding to the embeddings in the Pinecone vector database looking for the three best matches.
- Just for fun we feed those matches back to OpenAI's chat model to get some commentary on the specifics of the match.
Retrieving elements of the NIST 800-53 framework and then using ChatGPT to generate commentary is a basic form of Retrieval Augmented Generation (RAG) which is a powerful tool for generating text based on a query.
Match a control to NIST using semantic search
Select an example control using a radio button or type any control in the box to find a match to NIST 800-53.