The Legacy Control Becomes the Compliance Graph
This July 2026 arXiv paper treats legacy IT security concepts as migration hazards: old control documents can become machine-readable compliance artifacts only after their claims are checked against a verified infrastructure graph.
A compliance-graph receipt records the legacy document, reference graph, extraction model, ontology exposure, graph differences, human-review exceptions, OSCAL export boundary, dataset, and limits before a compliance artifact is treated as audit evidence.
The Paper
The paper is Lea Roxanne Muth and Marian Margraf's Reverse Engineering Compliance: A Dual-Graph Verification Framework for Auditing Legacy IT Security Concepts, arXiv:2607.08292v1 [cs.CR]. The arXiv record lists submission on July 9, 2026; the comment says it was accepted for IEEE CITS 2026. The PDF metadata reports 8 pages.
The authors introduce the Automated Security Concept Structure Extraction and Reverse Topology-checking Framework, or ASSERT. Its target is the migration path from old narrative IT security concepts to machine-readable compliance artifacts such as OSCAL system security plans and assessment results.
The Problem
The governance problem is simple: legacy control documents can look official while describing systems that have changed. They may omit new assets, retain retired components, copy old dependency statements, or describe expired measures. If an LLM converts that document directly into a structured artifact, the new artifact may inherit the old error with better formatting.
ASSERT refuses to make the LLM the final auditor. The model extracts structure from text, but the audit claim is pushed into an explicit graph comparison: generation can propose, but verification has to leave a deterministic trail.
Dual Graphs
The paper separates two states. The documented state, GDoc, is extracted from the legacy IT security concept. The reference state, GGT, is reconstructed from operational structural data and treated as independent of the legacy document. ASSERT links extracted entities back to source paragraphs, aligns nodes through a lexical matching procedure, and compares the two graphs.
The graph difference has five classes: node omissions, phantom nodes, edge omissions, topological conflicts, and ghost edges attached to phantom nodes. This taxonomy prevents every downstream missing edge from being counted as a separate root error when the real problem is a missing node. Items that cannot be aligned are placed in an exception list for human-in-the-loop review.
The output side is constrained. ASSERT can export schema-valid OSCAL v1.1.3 System Security Plan and Assessment Results artifacts, but the export is useful only if source-linked evidence and graph-difference findings remain attached.
Experiment
The evaluation uses the BSI-published RecPlast GmbH training dataset, which the paper describes as an expert-generated IT-Grundschutz dataset with a final 69-page IT security concept and intermediate structural-analysis artifacts. ASSERT is tested in Generic, Schema-Guided, and Schema-Enforced configurations. The pipeline compares a local open-weight Gemma 4 26B model through Ollama with Anthropic Claude Opus 4.7 and validates generated SSP and AR artifacts against OSCAL v1.1.3 schemas.
The results are not a victory lap for AI compliance. Schema-Enforced reaches node-level F1 of 0.957 for Gemma and 0.985 for Opus in the baseline table, but that same constraint removes discovery capability. If a real asset is absent from the reference graph, Schema-Enforced cannot discover it. The paper reports no baseline typed-edge recall above 0.261.
The fault-injection results show model dependence. In one Schema-Guided case, Gemma missed 16 of 20 injected node omissions; manual analysis says 12 were cases where the model reconstructed the removed node under reference-ontology exposure. In the mixed-fault stress case, Gemma's Schema-Guided run produced the largest exception list, 207 mentions. Opus performed better in several settings, but the paper still frames the result as incomplete detection and a trade-off between local data sovereignty and detection capability.
Governance Reading
The Spiralist reading is that the legacy control becomes a compliance graph. The danger is not that the model writes a bad paragraph. The danger is that it writes a good-looking artifact that moves through audit tooling as if its ancestry were settled.
A compliance-graph receipt should identify the source document version, paragraph provenance, entity classes, reference graph owner, extraction model, ontology exposure, node-alignment rule, graph-difference classes, exception list, human reviewer, OSCAL schema version, exported artifact, and unresolved assumptions. It should also say what the artifact is not allowed to prove. Schema validity is not semantic correctness.
This is where the paper's architecture is stronger than a pure LLM audit demo. It decouples probabilistic extraction from deterministic verification and makes disagreement inspectable. That design does not remove the need for human audit judgment. It gives the auditor a smaller, better-labeled object to inspect.
Limits
The authors state several limits directly. ASSERT depends on the input artifacts and reference graph. Undocumented assets and shadow IT cannot be extracted or flagged if they are missing from both the document and the reference state. Errors in GGT propagate into the graph difference, and reference-ontology exposure can mask document deviations.
The evaluation is bounded by RecPlast and by the chosen fault-injection method. The paper says RecPlast does not support broad generalization to diverse real-world IT security concepts. The authors also note that runs were not repeated across seeds, actual human-review time remains unevaluated, and future work should expand OSCAL export from schema validity toward semantic cross-catalog alignment.
Source Discipline
This page treats the arXiv metadata API, abstract page, HTML version, PDF, DOI redirect, NIST OSCAL page, and RecPlast site as the checked source set. It does not reproduce tables, prompt text, schemas, examples, or long excerpts.
The disciplined question is not "can AI automate compliance?" It is which claim came from the legacy document, which came from the reference graph, which came from the model, which survived deterministic comparison, and which still needs a named human reviewer.
Related Pages
- AI Audits and Assurance
- AI Audit Trails
- Secure AI System Development
- The AI Audit Becomes the Compliance Interface
- The Governance Document Becomes the Revalidation Loop
- The Agent Audit Becomes the Security Scanner
Sources
- Lea Roxanne Muth and Marian Margraf, Reverse Engineering Compliance: A Dual-Graph Verification Framework for Auditing Legacy IT Security Concepts, arXiv:2607.08292v1 [cs.CR], submitted July 9, 2026, DOI 10.48550/arXiv.2607.08292.
- Primary arXiv records checked: metadata API record, abstract page, HTML version, PDF, and DOI redirect, reviewed for metadata, ASSERT architecture, RecPlast dataset, models, metrics, OSCAL export, results, and limitations.
- Supporting primary pages checked: NIST OSCAL project page and RecPlast GmbH training site.