RMF-GPT - OpenAI GPT-3.5 LLM, Blockchain, NFT, Model Cards and OpenScap Enabled Intelligent RMF Automation System
Conference
Bandara, E, Shetty, S, Rahman, A et al. (2024). RMF-GPT - OpenAI GPT-3.5 LLM, Blockchain, NFT, Model Cards and OpenScap Enabled Intelligent RMF Automation System
. 653-658. 10.1109/ICNC59896.2024.10555963
Bandara, E, Shetty, S, Rahman, A et al. (2024). RMF-GPT - OpenAI GPT-3.5 LLM, Blockchain, NFT, Model Cards and OpenScap Enabled Intelligent RMF Automation System
. 653-658. 10.1109/ICNC59896.2024.10555963
The Risk Management Framework (RMF) provides a structured approach to managing risks to the con-fidentiality, integrity, and availability of information systems. However, automating the RMF process can be challenging due to various factors such as complexity, dealing with various standards (e.g. NIST SP 800-53), and supporting continuous Authority to Operate(ATO). In this research, we propose a solution to these issues through an end-to-end RMF automation system enabled by Custom-Trained 'OpenAI GPT-3.5 LLM', blockchain, NFT, Model Cards, and OpenScap. The proposed system uses blockchain smart contracts to automate the vul-nerability scanning and fixing process. Smart contracts interact with OpenScap API, which scans vulnerabilities on servers/nodes based on provided RMF checklists such as PCI DSS, NIST 800, STIG. The system then employs the custom-trained GPT-3.5 LLM(which powers the ChatGPT) to generates vulnerability fixing scripts (referred to as server hardening scripts) using Ansible/Puppet based on the identified vulnerabilities. Finally, the system runs these scripts to fix the vulnerabilities. This approach creates a fully automated RMF system that uses blockchain/smart contracts. All the system statuses, such as vulnerability and fixed status, are represented as NFT tokens with a customized NFT schema. The data provenance information is traced through Model Cards, which reduces the complexity of RMF automation and improves the capability of continuous ATOs. In this way, the proposed end-to-end RMF automation system enabled by GPT-3.5 LLM, Blockchain, NFT, Model Cards, and OpenScap addresses the challenges associated with RMF automation, providing a more efficient and effective way to manage the security of information systems.
