AI Techniques for Operating System Security Compliance Automation: A Survey

Protecting an organization's IT infrastructure requires operating systems to comply with well-defined security standards and best practices. To achieve this, many organizations rely on security frameworks published by authorities such as the Center for Internet Security (CIS) and the Defense Information Systems Agency (DISA). These frameworks provide detailed benchmarks and guidelines that help organizations configure and maintain their systems securely. In practice, most of these security recommendations are written as textual rules in natural language. Because the guidelines are often unstructured, the process of auditing systems against them becomes complex and time-consuming. As a result, organizations frequently use these guidelines to design auditing procedures as well as remediation mechanisms that help correct security misconfigurations. This paper presents a survey of different techniques proposed for ensuring operating system security compliance, with particular focus on approaches that incorporate artificial intelligence. It reviews traditional compliance auditing practices, rule-based remediation mechanisms, and more recent methods that utilize machine learning. Special attention is given to techniques based on natural language processing and large language models that assist in automatically generating audit or remediation scripts. The survey also examines current research from the perspective of automation capabilities, advantages, and limitations. Several practical challenges are discussed, including concerns related to reliability, scalability, and potential security risks associated with AI-generated scripts. Finally, the paper highlights possible research directions that could contribute to improving automated compliance verification and remediation in operating systems.