To address high manual dependency, lengthy processes, elevated false-positive rates, and poor knowledge reuse in enterprise cybersecurity compliance, this paper proposes an expert system–driven security compliance automation framework. The framework innovatively models domain expertise as persistent, transferable, and inferable knowledge units, integrating rule-based reasoning, knowledge graphs, VA/PT toolchain orchestration, automated workflow scheduling, and feedback-driven incremental learning. It overcomes the limitations of siloed security tools by enabling cross-scenario, cross-cycle adaptive auditing and continuous capability evolution. Experimental evaluation in representative enterprise networks demonstrates a 50% reduction in initial assessment time and a 20% reduction in re-assessment time, alongside significant decreases in false negatives, improved compliance coverage and result consistency, and markedly reduced reliance on human experts.

Organizations constantly exposed to cyber threats are compelled to comply with cyber security standards and policies for protecting their digital assets. Vulnerability assessment (VA) and penetration testing (PT) are widely adopted methods for security compliance (SC) to identify security gaps and anticipate security breaches. However, these methods for security compliance tend to be highly repetitive and resource-intensive. In this paper, we propose a novel method to tackle the ever-growing problem of efficiency in network security auditing by designing and developing an Expert-System Automated Security Compliance Framework (ESASCF). ESASCF enables industrial and open-source VA and PT tools to extract, process, store and re-use the expertise in similar scenarios or during periodic re-testing. ESASCF was tested on different size networks and proved efficient in terms of time efficiency and testing effectiveness. ESASCF takes over autonomously the SC in re-testing and offloading the human expert by automating repeated segments SC and thus enabling experts to prioritize important tasks in ad-hoc compliance tests. The obtained results show a performance improvement by cutting the time required for an expert to 50% in the context of typical corporate networks’ first security compliance and 20% in re-testing. In addition, the framework allows a long-term impact illustrated in the knowledge extraction, generalization, and re-utilization, which enables better SC confidence independent of the human expert skills, coverage, and wrong decisions resulting in false negatives.