glba-compliance-mcp
v0.1.0
Published
MCP server for Gramm-Leach-Bliley Act (GLBA) compliance — financial privacy safeguards, risk assessment, information security program requirements, vendor management, and incident response for financial institutions
Maintainers
crawdeReadme
glba-compliance-mcp
MCP server for Gramm-Leach-Bliley Act (GLBA) compliance — browse safeguard requirements, assess readiness, generate policies, classify NPI data elements, run gap analysis, and build evidence checklists for financial institutions.
Built for compliance officers, CISOs, auditors, and fintech companies subject to FTC Safeguards Rule.
Tools
| Tool | Description |
|------|-------------|
| browse_safeguards | Browse GLBA safeguards by rule (privacy/safeguards/pretexting), category, or risk level |
| assess_readiness | Score compliance readiness with institution-type-aware grading and recommendations |
| generate_policy | Generate detailed policy documents for any safeguard, customized per institution |
| classify_npi | Classify data elements as NPI and determine sharing restrictions under GLBA |
| gap_analysis | Compare implemented safeguards vs. requirements with prioritized remediation roadmap |
| evidence_checklist | Generate evidence collection checklists for audits or FTC examinations |
Safeguards Coverage
- Administrative: Qualified individual, risk assessment, ISP design, training, vendor oversight, incident response, privacy notices, opt-out rights
- Technical: Access controls & MFA, data inventory, encryption (transit + rest), secure SDLC, continuous monitoring & SIEM, change/patch management
- Physical: Facility access controls, secure data disposal, pretexting protection
Install
npx glba-compliance-mcpClaude Desktop
{
"mcpServers": {
"glba-compliance": {
"command": "npx",
"args": ["-y", "glba-compliance-mcp"]
}
}
}Examples
Browse all critical safeguards:
browse_safeguards({ riskLevel: "critical" })Assess readiness for a fintech:
assess_readiness({ implementedSafeguards: ["ADM-01", "TECH-01", "TECH-03"], institutionType: "fintech", hasOver5000Customers: true })Classify data elements:
classify_npi({ dataElements: ["SSN", "email address", "account balance", "credit score"], sharingContext: "nonaffiliate_marketing" })Generate an incident response policy:
generate_policy({ safeguardId: "ADM-06", companyName: "Acme Financial", institutionType: "mortgage_lender" })License
MIT