Automated Compliance Mapping in Cloud Security with Domain-Adapted Sentence Transformers
Teaching AI to match security rules to technical safeguards automatically
Matching security regulations to actual technical controls in cloud systems has always meant manual work by compliance experts. This paper trains AI models on 14,000 examples of security requirements paired with technical metrics, allowing them to automate the matching process—with the best models improving accuracy by up to 23 percentage points over standard AI approaches. The technique also works across different security standards, so a mapping learned from one regulation can help with others.
Cloud companies spend thousands of hours manually documenting how their technical systems satisfy security regulations. Automating this work could cut compliance overhead significantly, reduce human error in safety-critical mappings, and let teams redeploy compliance staff to higher-level risk assessment. For regulators, automated accuracy checking could catch gaps that slip through human review.