Submit
rocklambros

NIST CSF 2.0 Assessment Platform

Community rocklambros
Updated

MCP server implementation for NIST Cybersecurity Framework 2.0

NIST CSF 2.0 Assessment Platform

DockerTypeScriptMCP Tools

Complete NIST Cybersecurity Framework 2.0 implementation with professional assessment GUI and comprehensive MCP server. Built for cybersecurity professionals, CISOs, and AI integration.

๐ŸŽฏ 740 assessment questions โ€ข ๐Ÿ›ก๏ธ Multi-tier security โ€ข ๐Ÿ“Š Executive dashboards โ€ข ๐Ÿค– 40+ MCP tools

๐Ÿš€ Quick Start

Choose your deployment option based on your use case:

Option 1: Professional Assessment GUI (Recommended)

Perfect for: CISOs, Security Teams, Executive Presentations

git clone https://github.com/rocklambros/nist-csf-2-mcp-server.git
cd nist-csf-2-mcp-server/gui-platform
docker-compose up

Access Your Platform:

Features:

  • Company-size aware question filtering
  • Persistent assessment sessions (pause/resume anytime)
  • Real-time executive dashboards with industry benchmarking
  • Professional PDF reports for board presentations

Option 2: MCP Server for AI Integration

Perfect for: Claude Desktop, ChatGPT, Technical Users

Claude Desktop Setup:

{
  "mcpServers": {
    "nist-csf": {
      "command": "sh",
      "args": ["-c", "docker run -i --rm ghcr.io/rocklambros/nist-csf-2-mcp-server:latest node dist/index.js 2>/dev/null"],
      "env": {"MCP_SERVER": "true"}
    }
  }
}

๐ŸŽจ Assessment GUI Experience

Workflow

  1. Organization Setup (2 minutes): Name, size, industry โ†’ automatic question filtering
  2. Function Assessment (2-4 hours, resumable): Navigate NIST CSF functions with dual questions
  3. Executive Dashboard (Instant): Real-time results with industry comparison

Professional Features

  • Dual Question Types: Maturity rating + Implementation status per subcategory
  • Smart Filtering: 740 total questions โ†’ relevant subset based on organization size
  • Industry Benchmarking: Compare against similar organizations in your sector
  • Executive Ready: Professional styling suitable for CISO and board presentations

๐Ÿค– MCP Tools (40 Tools)

Assessment & Scoring

  • start_assessment_workflow - Begin comprehensive assessment
  • persistent_comprehensive_assessment - Resume assessments across sessions
  • assess_maturity - Calculate maturity scores across NIST functions
  • calculate_risk_score - Risk assessment with heat map generation
  • get_assessment_questions - 740-question bank with size filtering

Planning & Implementation

  • generate_gap_analysis - Current vs target state analysis
  • create_implementation_plan - Phased roadmap with timelines
  • generate_priority_matrix - Effort/impact prioritization
  • estimate_implementation_cost - Financial planning and ROI analysis
  • track_progress - Implementation progress monitoring

Reporting & Export

  • generate_executive_report - Board-ready executive summaries
  • generate_dashboard - Real-time dashboard data
  • export_data - Multi-format data export (PDF, CSV, Excel)
  • generate_compliance_report - Multi-framework compliance mapping

Complete Tool Documentation with Examples โ†’

๐Ÿ“Š Technical Specifications

  • Framework: Complete NIST CSF 2.0 (6 functions, 34 categories, 185 subcategories)
  • Questions: 740 across 4 dimensions (Risk, Maturity, Implementation, Effectiveness)
  • Performance: <100ms response times, 100+ concurrent users
  • Security: Multi-tier authentication (development โ†’ API key โ†’ OAuth 2.1)
  • Integration: MCP protocol, REST API, WebSocket real-time updates

๐Ÿ”ง Advanced Configuration

Security Modes

# Development
AUTH_MODE=disabled docker-compose up

# Production
AUTH_MODE=oauth OAUTH_ISSUER=https://your-provider.com docker-compose up

Performance Options

# Monitoring enabled
ENABLE_MONITORING=true docker-compose up

# Development with hot reload
docker-compose -f docker-compose.dev.yml up

๐Ÿ“š Documentation

  • Deployment Guide: Complete setup options
  • MCP Tools Reference: All 40 tools with examples
  • Assessment Workflow: Detailed usage guide
  • Architecture Overview: Technical details

๐Ÿ†˜ Support

๐Ÿ“‹ License

MIT License

Enterprise-grade cybersecurity assessment platform for NIST CSF 2.0 compliance, executive reporting, and professional security evaluation.

MCP Server ยท Populars

MCP Server ยท New