Full Program
Summary:
This paper introduces a novel approach to semi-automated BSI IT-Grundschutz certification using a Multi-Large Language Model system with Hybrid Retrieval-Augmented Generation. The architecture addresses the challenges posed by the NIS2 directive, which will become fully mandatory from March 2025 affecting SMEs in particular.The architecture aims to increase efficiency in the certification process. By combining specialized LLMs and Knowledge Graphs, the system supports various phases of the certification process, including protection needs assessment modeling, IT-Grundschutz checks, and measure consolidation.
The automation of repetitive and time-consuming tasks allows certifiers to focus on complex aspects requiring human expertise, enabling them to process more security concepts in less time without compromising quality, or becoming overworked. The modular structure ensures flexibility and adaptability to evolving compliance requirements and company environments, positioning the system as a powerful support tool to increase certifier productivity and effectiveness, reduce costs, and address the shortage of qualified professionals.
Author(s):
Lea Muth
Freie Universität Berlin
Germany
Marian Margraf
Freie Universität Berlin
Germany