@iflow-mcp/rocklambros-nist-csf-2-mcp-server
v1.0.0
Published
MCP server implementation for NIST Cybersecurity Framework 2.0
Readme
NIST CSF 2.0 Assessment Platform
Complete NIST Cybersecurity Framework 2.0 implementation with professional assessment GUI and comprehensive MCP server. Built for cybersecurity professionals, CISOs, and AI integration.
🎯 740 assessment questions • 🛡️ Multi-tier security • 📊 Executive dashboards • 🤖 40+ MCP tools
🚀 Quick Start
Choose your deployment option based on your use case:
Option 1: Professional Assessment GUI (Recommended)
Perfect for: CISOs, Security Teams, Executive Presentations
git clone https://github.com/rocklambros/nist-csf-2-mcp-server.git
cd nist-csf-2-mcp-server/gui-platform
docker-compose upAccess Your Platform:
- 🌐 Assessment Interface: http://localhost:3000
- 📊 Executive Dashboard: Real-time progress and benchmarking
- 🔧 Health Status: http://localhost:3001/health
Features:
- Company-size aware question filtering
- Persistent assessment sessions (pause/resume anytime)
- Real-time executive dashboards with industry benchmarking
- Professional PDF reports for board presentations
Option 2: MCP Server for AI Integration
Perfect for: Claude Desktop, ChatGPT, Technical Users
Claude Desktop Setup:
{
"mcpServers": {
"nist-csf": {
"command": "sh",
"args": ["-c", "docker run -i --rm ghcr.io/rocklambros/nist-csf-2-mcp-server:latest node dist/index.js 2>/dev/null"],
"env": {"MCP_SERVER": "true"}
}
}
}🎨 Assessment GUI Experience
Workflow
- Organization Setup (2 minutes): Name, size, industry → automatic question filtering
- Function Assessment (2-4 hours, resumable): Navigate NIST CSF functions with dual questions
- Executive Dashboard (Instant): Real-time results with industry comparison
Professional Features
- Dual Question Types: Maturity rating + Implementation status per subcategory
- Smart Filtering: 740 total questions → relevant subset based on organization size
- Industry Benchmarking: Compare against similar organizations in your sector
- Executive Ready: Professional styling suitable for CISO and board presentations
🤖 MCP Tools (40 Tools)
Assessment & Scoring
start_assessment_workflow- Begin comprehensive assessmentpersistent_comprehensive_assessment- Resume assessments across sessionsassess_maturity- Calculate maturity scores across NIST functionscalculate_risk_score- Risk assessment with heat map generationget_assessment_questions- 740-question bank with size filtering
Planning & Implementation
generate_gap_analysis- Current vs target state analysiscreate_implementation_plan- Phased roadmap with timelinesgenerate_priority_matrix- Effort/impact prioritizationestimate_implementation_cost- Financial planning and ROI analysistrack_progress- Implementation progress monitoring
Reporting & Export
generate_executive_report- Board-ready executive summariesgenerate_dashboard- Real-time dashboard dataexport_data- Multi-format data export (PDF, CSV, Excel)generate_compliance_report- Multi-framework compliance mapping
Complete Tool Documentation with Examples →
📊 Technical Specifications
- Framework: Complete NIST CSF 2.0 (6 functions, 34 categories, 185 subcategories)
- Questions: 740 across 4 dimensions (Risk, Maturity, Implementation, Effectiveness)
- Performance: <100ms response times, 100+ concurrent users
- Security: Multi-tier authentication (development → API key → OAuth 2.1)
- Integration: MCP protocol, REST API, WebSocket real-time updates
🔧 Advanced Configuration
Security Modes
# Development
AUTH_MODE=disabled docker-compose up
# Production
AUTH_MODE=oauth OAUTH_ISSUER=https://your-provider.com docker-compose upPerformance Options
# Monitoring enabled
ENABLE_MONITORING=true docker-compose up
# Development with hot reload
docker-compose -f docker-compose.dev.yml up📚 Documentation
- Deployment Guide: Complete setup options
- MCP Tools Reference: All 40 tools with examples
- Assessment Workflow: Detailed usage guide
- Architecture Overview: Technical details
🆘 Support
- GitHub Issues: Bug reports and feature requests
- GitHub Discussions: Community support
📋 License
MIT License
Enterprise-grade cybersecurity assessment platform for NIST CSF 2.0 compliance, executive reporting, and professional security evaluation.