Position Paper: Leveraging Large Language Models for Cybersecurity Compliance

This position paper proposes the use of Large Language Models (LLMs) to evaluate the compliance of cybersecurity controls with organisational policies. We highlight the challenges related to efficiency, accuracy, and coverage associated with conventional compliance approaches and discuss how LLMs can address these issues. Additionally, we emphasise that organisational events and data can provide insightful evidence to measure true cybersecurity compliance value, rather than relying solely on documentary evidence. We develop our position by exploring current research directions in the use of LLMs within cybersecurity and demonstrating how their capability to assimilate and analyse unstructured data can be leveraged to provide a comprehensive compliance assessment for organisations. We present our research agenda to investigate this hypothesis and outline a comprehensive roadmap for studying the utility of LLMs in cybersecurity compliance.