- Home
- MCP servers
- NIST CSF 2
NIST CSF 2
- typescript
46
GitHub Stars
typescript
Language
5 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"rocklambros-nist-csf-2-mcp-server": {
"command": "sh",
"args": [
"-c",
"docker run -i --rm ghcr.io/rocklambros/nist-csf-2-mcp-server:latest node dist/index.js 2>/dev/null"
],
"env": {
"MCP_SERVER": "true"
}
}
}
}You can run and connect to a complete NIST CSF 2.0 assessment server that provides a 740-question bank, maturity and implementation scoring, executive dashboards, and tools to plan and report on your cybersecurity program. This MCP server is designed for seamless integration with MCP clients and supports quick start for AI-assisted workflows as well as enterprise deployments.
How to use
You start the MCP server using the provided local runtime and then connect your MCP client to begin assessments. When connected, you can initiate a full organization-wide assessment, pause and resume sessions, and view real-time dashboards with industry benchmarking. You will work through the NIST CSF 2.0 functions and subcategories, receiving both maturity and implementation-status information for each item. Use the executive dashboard to present progress and benchmarking to stakeholders.
Typical usage patterns include: 1) set up your organization’s profile to filter questions relevant to your size and industry, 2) run the comprehensive assessment workflow to collect maturity and implementation data, 3) generate an executive report and dashboard for board-level discussions, and 4) export data in PDF, CSV, or Excel for distribution and archiving.
How to install
Prerequisites you need before starting: install Docker on your machine or server, and ensure you have a compatible runtime environment for containers.
Step 1: Prepare the MCP runtime using the provided stdio configuration. This starts the MCP server inside a Docker container so you can interact with it through your MCP client.
Step 2: Start the MCP server using the following commands.
export MCP_SERVER=true
docker run -i --rm ghcr.io/rocklambros/nist-csf-2-mcp-server:latest node dist/index.js 2>/dev/null
Security and configuration
The server runs in a controlled runtime and uses environment flags to activate the MCP mode. When starting, you can enable or disable authentication modes as needed for development or production environments. Use your MCP client to begin assessments and avoid exposing the MCP API to untrusted clients.
If you need to switch to a different runtime mode or adjust performance, you can apply the following options to your deployment: enable monitoring, or run a development version with hot reload during your testing. Make sure to restart the server after applying changes.
Tools and capabilities
This MCP server provides a comprehensive toolset to manage assessments, planning, reporting, and export operations. You can start assessments, resume across sessions, calculate maturity and risk scores, retrieve the 740-question bank with size filtering, generate gap analyses, create implementation plans, and export executive reports and dashboards.
Troubleshooting
If you encounter connection issues, verify that the MCP server container is running and listen for client connections. Check that the MCP_SERVER flag is set to enable MCP mode and review the server logs for any startup errors or missing dependencies.
Notes
This server focuses on delivering a structured, enterprise-grade assessment workflow aligned with NIST CSF 2.0, with real-time dashboards and board-ready reports. Each session supports persistence so you can pause and resume as needed.
Available tools
start_assessment_workflow
Begin a comprehensive assessment workflow that guides you through the full NIST CSF 2.0 evaluation.
persistent_comprehensive_assessment
Resume assessments across sessions so you can pick up where you left off.
assess_maturity
Calculate maturity scores across NIST functions and subcategories.
calculate_risk_score
Assess risk with a heat map visualization to identify high-priority areas.
get_assessment_questions
Retrieve the 740-question bank with size-based filtering.
generate_gap_analysis
Produce a current-vs-target gap analysis to plan improvements.
create_implementation_plan
Generate a phased roadmap with timelines for remediation.
generate_priority_matrix
Prioritize actions using effort vs impact insights.
estimate_implementation_cost
Budget and ROI analysis for recommended initiatives.
track_progress
Monitor implementation progress over time.
generate_executive_report
Create board-ready summaries and insights.
generate_dashboard
Provide real-time dashboard data for leadership reviews.
export_data
Export assessment data in PDF, CSV, or Excel formats.
generate_compliance_report
Map your controls to multiple frameworks for compliance reporting.