complianceiq-controls-mcp

MCP server for compliance control mapping and implementation guidance. Browse SOC2, ISO 27001, HIPAA, GDPR, PCI-DSS, NIST CSF, and FedRAMP controls, map between frameworks, and get actionable implementation steps.

Features

• browse_controls — Browse all controls for any major compliance framework, filter by category and priority
• get_control_detail — Get full implementation guidance, required evidence, and cross-framework mappings for any control
• map_controls — Map equivalent controls across frameworks (e.g., SOC2 CC6.1 → ISO 27001 A.9.2.1 → HIPAA 164.312(a)(1))
• compliance_readiness — Get a prioritized readiness checklist with tailored advice for your company type

Supported Frameworks

| Framework | Controls | Focus | |-----------|----------|-------| | SOC2 | Trust Services Criteria | SaaS, cloud services | | ISO 27001 | Annex A controls | International standard | | HIPAA | Administrative + Technical | Healthcare, ePHI | | GDPR | Articles 5-35+ | EU data protection | | PCI-DSS | Requirements 1-12 | Payment card data | | NIST CSF | Identify/Protect/Detect/Respond | US government, enterprise | | FedRAMP | NIST 800-53 subset | US federal cloud |

Installation

npx complianceiq-controls-mcp

Or install globally:

npm install -g complianceiq-controls-mcp

Usage with Claude Desktop

{
  "mcpServers": {
    "complianceiq-controls": {
      "command": "npx",
      "args": ["-y", "complianceiq-controls-mcp"]
    }
  }
}

Examples

"Show me all critical SOC2 controls"
"What do I need to implement for HIPAA 164.312(a)(1)?"
"Map our ISO 27001 A.9.2.1 control to HIPAA equivalents"
"Give me a PCI-DSS readiness checklist for a fintech startup"
"What controls overlap between SOC2 and GDPR?"

About ComplianceIQ

ComplianceIQ is an AI-powered compliance platform that generates audit-ready policy documents, runs gap assessments, and helps organizations achieve SOC2, ISO 27001, HIPAA, GDPR, and PCI-DSS compliance faster.

License

MIT