IT analyst firm Gartner, today has again raised awareness for model-driven security in Tom Scholtz's report "No More Dr. No: Developing a Strategy for Business-Aligned Information Security" (10 March 2009, ID:G00166010), which advocates that rather than simply saying no to new technology, effectively aligning information security practices with business strategy results in optimized security efforts and investments. Such business alignment requires a multifaceted strategy." The report recommends businesses to "... investigate the potential benefits of modeling-based policy automation. Such technology solutions support the development, implementation and management of security policies that are inherently integrated into the business requirements modeled during IT service solution design.". You can find further information about model-driven security (+ model-driven compliance, model-driven security accreditation,) and about ObjectSecurity's OpenPMF product at www.objectsecurity.com.