security-framework-mcp
Unified NIST + OWASP security framework MCP server
한국어
Search and query 4,700+ security data points through a single MCP interface — NIST (1,196 SP 800-53 controls with 53A assessments and 53B baselines, CSF 2.0, PF 1.0, SP 800-37 RMF, 613 publications, CMVP, NICE, glossary, CSF↔800-53 mappings) and OWASP (Top 10, API/LLM/MCP Top 10, ASVS 5.0, WSTG, MASVS, Proactive Controls, 815+ CWEs, 559 CAPEC attack patterns, 113+ Cheat Sheets, 418+ projects) — with live NVD/CVE + CISA KEV + EPSS, PDF reading, compliance mapping, STRIDE threat modeling, and MCP security assessment.
Quick Start
pip install git+https://github.com/zer0-kr/security-framework-mcp.git
Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"security": {
"command": "security-framework-mcp"
}
}
}
Claude CLI (Claude Code):
claude mcp add security -- security-framework-mcp
Other MCP clients (Cursor, OpenCode)
{ "security": { "command": "security-framework-mcp" } }
First run automatically builds the local database (~15-20 seconds). Auto-refreshes weekly.
Data Sources (22 local + 3 live)
NIST (10)
| Source |
Records |
Description |
| SP 800-53 Rev. 5 Controls |
1,196 |
Security/privacy controls + 53A assessment objectives/methods + 53B baselines (LOW/MODERATE/HIGH) |
| CSF 2.0 |
225 |
Cybersecurity Framework (6 functions, 22 categories, 197 subcategories) |
| PF 1.0 |
92 |
Privacy Framework (5 functions) |
| SP 800-37 RMF |
7 steps |
Risk Management Framework (7-step process) |
| Publications |
613 |
Full NIST cybersecurity publications (SP 800, FIPS, IR, CSWP) |
| CSF ↔ 800-53 Mappings |
57 |
Framework cross-references |
| Glossary |
39 |
Core cybersecurity terms |
| Synonyms |
53 |
Security acronym expansions (MFA↔multi-factor authentication, etc.) |
| CMVP |
15 |
FIPS 140 validated crypto modules |
| NICE Work Roles |
43 |
Cybersecurity Workforce Framework roles |
OWASP (12)
| Source |
Records |
Description |
| Projects |
418 |
Flagship/Production/Lab/Incubator projects |
| ASVS 5.0 |
345 |
Application Security Verification Standard |
| WSTG |
111 |
Web Security Testing Guide |
| Top 10 2021 / API Top 10 2023 / LLM Top 10 2025 / MCP Top 10 2025 |
10 each |
Web/API/LLM/MCP security risks + CWE mappings |
| Proactive Controls 2024 |
10 |
Developer defense controls |
| MASVS |
23 |
Mobile Application Security Verification Standard |
| CWE Database |
815+ |
Full MITRE CWE + OWASP cross-references |
| Cheat Sheets |
113+ |
Security implementation guides (on-demand) |
| CAPEC Attack Patterns |
559 |
MITRE CAPEC attack patterns + CWE cross-references |
Live APIs
| Source |
Description |
| NVD CVE API 2.0 |
Real-time CVE search |
| CISA KEV |
Known Exploited Vulnerabilities catalog |
| FIRST EPSS |
Exploit Prediction Scoring System |
Tools (41)
NIST
| Tool |
Description |
search_nist |
Search all 10 NIST sources |
get_nist_control |
SP 800-53 control — statement, guidance, 53A assessment, 53B baseline filter (LOW/MODERATE/HIGH), family filter |
get_nist_csf |
CSF 2.0 functions/categories/subcategories |
get_nist_pf |
PF 1.0 |
get_nist_rmf |
SP 800-37 RMF steps, tasks, key documents |
get_nist_publication |
613 publications (SP 800, FIPS, IR, CSWP) |
read_publication |
Download + convert NIST PDFs to Markdown |
get_nist_mapping |
CSF 2.0 ↔ SP 800-53 bidirectional mappings |
get_nist_glossary |
Cybersecurity terms |
get_nist_cmvp |
FIPS 140 validated modules |
get_nice_roles |
NICE workforce roles |
OWASP
| Tool |
Description |
list_projects |
Browse 418+ projects by level/type |
search_projects |
Full-text search across projects |
get_project |
Project details |
get_asvs |
ASVS 5.0 — filter by chapter, level, query |
get_wstg |
WSTG test cases — filter by category, query |
get_top10 |
Top 10 2021 + CWE mappings |
get_api_top10 |
API Security Top 10 2023 |
get_llm_top10 |
LLM Top 10 2025 |
get_mcp_top10 |
MCP Top 10 2025 |
get_proactive_controls |
Proactive Controls 2024 |
get_masvs |
MASVS mobile security |
get_cheatsheet |
113+ Cheat Sheets |
Vulnerability & CWE
| Tool |
Description |
get_cwe |
CWE lookup + auto OWASP cross-references |
search_cve |
Live NVD search |
get_cve_detail |
Full CVE details |
search_kev |
CISA KEV — vendor/product/date/ransomware filters |
Analysis & Assessment
| Tool |
Description |
lookup_compliance |
Reverse lookup: PCI-DSS/ISO 27001 requirement → NIST/ASVS |
triage_cve |
CVE triage with EPSS + CVSS + KEV composite scoring |
map_finding |
CWE/CVE → complete remediation chain |
get_attack_pattern |
CAPEC attack patterns with CWE cross-references |
search_owasp |
Search all 22 sources (NIST + OWASP unified) |
cross_reference |
CWE → Top 10 / ASVS / WSTG |
compliance_map |
ASVS → PCI-DSS 4.0 / ISO 27001:2022 / NIST 800-53 |
nist_compliance_map |
SP 800-53 families → PCI-DSS 4.0 / ISO 27001:2022 |
assess_stack |
Tech stack security assessment |
generate_checklist |
Security checklist (web/api/mobile/llm/full × basic/standard/comprehensive) |
assess_mcp_security |
MCP Top 10 assessment |
threat_model |
STRIDE threat modeling |
update_database |
Rebuild index |
database_status |
DB status |
Prompts (4)
| Prompt |
Description |
security_review |
Guided security review |
threat_analysis |
Threat analysis workflow |
compliance_check |
Compliance assessment |
secure_code_review |
Code security review |
Use Cases
Vulnerability Management
> Triage CVE-2021-44228 and CVE-2023-44487 — show EPSS, CVSS, KEV status
> Show all CISA KEV entries for Microsoft added after 2025-01-01
> Show only KEV vulnerabilities with known ransomware campaign use
> What attack patterns target CWE-502 (deserialization)?
> Map CWE-79 to OWASP Top 10, ASVS requirements, WSTG tests, and remediation guidance
Compliance & Audit
> What NIST SP 800-53 controls and ASVS requirements map to PCI-DSS 8.3?
> Map ASVS V4 to PCI-DSS 4.0, ISO 27001, and NIST 800-53
> Map NIST SP 800-53 AC family to PCI-DSS and ISO 27001
> Show SP 800-53 LOW baseline controls for the IA (Identification and Authentication) family
> Show SP 800-53 AC-1 control with 53A assessment objectives
Threat Modeling & Architecture Review
> Generate a STRIDE threat model: payment API, JWT auth, PostgreSQL, Redis cache
> Assess my stack: React, Node.js, PostgreSQL, REST API, AWS Lambda
> Find CAPEC attack patterns related to SQL injection
> Search all NIST and OWASP sources for "zero trust"
Development Security
> Generate a comprehensive security checklist for a web API project
> Show OWASP Cheat Sheet for Authentication
> Cross-reference CWE-352 (CSRF) to Top 10, ASVS, and WSTG test cases
> Show ASVS V3 (Session Management) level 2 requirements
> Search NVD for critical log4j CVEs
Configuration
| Variable |
Default |
Description |
SECURITY_MCP_DATA_DIR |
~/.security-framework-mcp |
Database directory |
SECURITY_MCP_UPDATE_INTERVAL |
604800 (7 days) |
Refresh interval |
NVD_API_KEY |
(none) |
Optional NVD API key |
Architecture
┌─────────────────────────────────┐
│ MCP Client │
│ (Claude / Cursor / OpenCode) │
└──────────────┬──────────────────┘
│ stdio
┌──────────────▼──────────────────┐
│ security-framework-mcp │
│ 41 tools · 4 prompts · 6 rsrc │
├──────────────┬──────────────────┤
│ SQLite FTS5 │ Live APIs │
│ (~6.2MB) │ NVD+KEV+EPSS │
├──────────────┴──────────────────┤
│ NIST Collectors (10) │
│ OWASP Collectors (12) │
└──────────────┬──────────────────┘
│ httpx (retry)
┌──────────────▼──────────────────┐
│ NIST OSCAL/CSRC · OWASP GitHub │
└─────────────────────────────────┘
Development
git clone https://github.com/zer0-kr/security-framework-mcp.git
cd security-framework-mcp
pip install -e ".[dev]"
python -m pytest tests/test_unit_db.py tests/test_unit_collectors.py -v
python tests/test_comprehensive.py
Contributing
- Fork → 2. Branch → 3. Test (
python -m pytest) → 4. PR
License
MIT
Not affiliated with OWASP Foundation or NIST. Data sourced from public repositories.
