NIST CSF 2

Provides a complete NIST CSF 2.0 assessment platform with an MCP interface, including 740 questions, maturity/implementation scoring, dashboards, and exportable reports.
  • typescript

46

GitHub Stars

typescript

Language

5 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "rocklambros-nist-csf-2-mcp-server": {
      "command": "sh",
      "args": [
        "-c",
        "docker run -i --rm ghcr.io/rocklambros/nist-csf-2-mcp-server:latest node dist/index.js 2>/dev/null"
      ],
      "env": {
        "MCP_SERVER": "true"
      }
    }
  }
}

You can run and connect to a complete NIST CSF 2.0 assessment server that provides a 740-question bank, maturity and implementation scoring, executive dashboards, and tools to plan and report on your cybersecurity program. This MCP server is designed for seamless integration with MCP clients and supports quick start for AI-assisted workflows as well as enterprise deployments.

How to use

You start the MCP server using the provided local runtime and then connect your MCP client to begin assessments. When connected, you can initiate a full organization-wide assessment, pause and resume sessions, and view real-time dashboards with industry benchmarking. You will work through the NIST CSF 2.0 functions and subcategories, receiving both maturity and implementation-status information for each item. Use the executive dashboard to present progress and benchmarking to stakeholders.

Typical usage patterns include: 1) set up your organization’s profile to filter questions relevant to your size and industry, 2) run the comprehensive assessment workflow to collect maturity and implementation data, 3) generate an executive report and dashboard for board-level discussions, and 4) export data in PDF, CSV, or Excel for distribution and archiving.

How to install

Prerequisites you need before starting: install Docker on your machine or server, and ensure you have a compatible runtime environment for containers.

Step 1: Prepare the MCP runtime using the provided stdio configuration. This starts the MCP server inside a Docker container so you can interact with it through your MCP client.

Step 2: Start the MCP server using the following commands.

export MCP_SERVER=true
docker run -i --rm ghcr.io/rocklambros/nist-csf-2-mcp-server:latest node dist/index.js 2>/dev/null

Security and configuration

The server runs in a controlled runtime and uses environment flags to activate the MCP mode. When starting, you can enable or disable authentication modes as needed for development or production environments. Use your MCP client to begin assessments and avoid exposing the MCP API to untrusted clients.

If you need to switch to a different runtime mode or adjust performance, you can apply the following options to your deployment: enable monitoring, or run a development version with hot reload during your testing. Make sure to restart the server after applying changes.

Tools and capabilities

This MCP server provides a comprehensive toolset to manage assessments, planning, reporting, and export operations. You can start assessments, resume across sessions, calculate maturity and risk scores, retrieve the 740-question bank with size filtering, generate gap analyses, create implementation plans, and export executive reports and dashboards.

Troubleshooting

If you encounter connection issues, verify that the MCP server container is running and listen for client connections. Check that the MCP_SERVER flag is set to enable MCP mode and review the server logs for any startup errors or missing dependencies.

Notes

This server focuses on delivering a structured, enterprise-grade assessment workflow aligned with NIST CSF 2.0, with real-time dashboards and board-ready reports. Each session supports persistence so you can pause and resume as needed.

Available tools

start_assessment_workflow

Begin a comprehensive assessment workflow that guides you through the full NIST CSF 2.0 evaluation.

persistent_comprehensive_assessment

Resume assessments across sessions so you can pick up where you left off.

assess_maturity

Calculate maturity scores across NIST functions and subcategories.

calculate_risk_score

Assess risk with a heat map visualization to identify high-priority areas.

get_assessment_questions

Retrieve the 740-question bank with size-based filtering.

generate_gap_analysis

Produce a current-vs-target gap analysis to plan improvements.

create_implementation_plan

Generate a phased roadmap with timelines for remediation.

generate_priority_matrix

Prioritize actions using effort vs impact insights.

estimate_implementation_cost

Budget and ROI analysis for recommended initiatives.

track_progress

Monitor implementation progress over time.

generate_executive_report

Create board-ready summaries and insights.

generate_dashboard

Provide real-time dashboard data for leadership reviews.

export_data

Export assessment data in PDF, CSV, or Excel formats.

generate_compliance_report

Map your controls to multiple frameworks for compliance reporting.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational