Local-LLM: A Cybersecurity Policy Compliance Analysis System Based on Local Large Language Models

Local-LLM is an open-source tool that runs completely offline. Based on the locally deployed Gemma3 large language model, it helps enterprises analyze the compliance of their cybersecurity policies with the NIST Cybersecurity Framework, automatically generating gap analysis reports and improvement recommendations. This project addresses the issues of time-consuming manual work, high costs in traditional compliance audits, and data leakage risks in cloud-based analysis, balancing efficiency and privacy protection.

In today's wave of digital transformation, cybersecurity is a core issue for enterprise operations. However, organizations face challenges such as difficulty in keeping up with compliance requirements, low efficiency and high costs of manual audits, and data leakage risks in cloud-based analysis. Local-LLM was developed by the HACK-IITK-2025-C3iHub team, combining local large models with NIST CSF to provide an efficient and secure compliance analysis solution.

Local-LLM adopts a four-layer modular architecture:

• Application layer: Builds CLI based on argparse and generates PDF reports using ReportLab;
• LLM layer: Uses the Gemma3:4b model, executed locally via Ollama;
• Document processing layer: Supports parsing of txt/pdf/docx formats;
• Reference standard layer: Built-in with authoritative standards such as NIST CSF and CIS MS-ISAC 2024.

The system includes four core modules:

• Gap analysis: Compares enterprise policies with 106 requirements of NIST CSF to identify weak points;
• Policy revision: Generates consistent-style improvement documents;
• Implementation roadmap: Develops plans in three phases;
• Executive summary: Outputs a business perspective summary for management.

The fully offline design offers three key advantages:

• Data sovereignty guarantee (sensitive documents never leave the local environment);
• Controllable costs (no additional cloud fees);
• Environmental adaptability (supports deployment in isolated networks/confidential computer rooms).

Minimum configuration: Intel i5/AMD Ryzen5, 8GB RAM, 10GB storage; Recommended configuration: Intel i7/AMD Ryzen7, 16GB RAM, 20GB storage. Deployment steps: Install Python3.8+, install dependencies via pip, configure Ollama and Gemma3 model, and launch in 5 minutes.

Applicable scenarios include pre-audit for compliance certification, regular policy review, security training material generation, security assessment for M&A due diligence, etc. As regulations become more comprehensive, the value of automated compliance tools will become more prominent.

Current limitations: Ultra-long documents need to be processed in segments, and analysis quality depends on prompt engineering. Improvement directions: Model quantization to reduce resource usage, multi-model switching, expanding support for standards such as ISO27001. Conclusion: Local-LLM balances compliance and security, and is an open-source project worth paying attention to. It is expected to continue evolving with community collaboration.