Command Palette

Search for a command to run...

UnylyUnyly
Browse all

NIST Server

FreeNot checked

Provides comprehensive access to NIST cybersecurity frameworks and controls, enabling AI assistants and applications to query, analyze, and manage NIST security

GitHubEmbed

About

Provides comprehensive access to NIST cybersecurity frameworks and controls, enabling AI assistants and applications to query, analyze, and manage NIST security controls through a standardized interface.

README

A professional Model Context Protocol (MCP) server providing comprehensive access to NIST cybersecurity frameworks and controls. Enables AI assistants and applications to query, analyze, and manage NIST security controls through a standardized, secure interface.

🚀 Quick Start

Get started with NIST's complete control catalog in minutes:

# Install and run
git clone https://github.com/your-username/nist-mcp.git
cd nist-mcp
./scripts/install.sh
python -m nist_mcp.server

That's it! Your MCP server is now running with access to 1,196+ NIST security controls.

🔧 What You Can Do

Core Control Operations

  • Browse all NIST SP 800-53 controls (1,196 total: base controls + enhancements)
  • Get detailed control information with implementation guidance
  • Search by keywords, families, or baseline levels
  • Map controls to Cybersecurity Framework subcategories

Enterprise Compliance Support

  • CMMC 2.0 assessments across all 5 maturity levels
  • FedRAMP readiness for Low/Moderate/High impact systems
  • SP 800-171 CUI baseline for protecting sensitive information
  • NIST Cybersecurity Framework alignment and mapping

Advanced Analysis

  • Gap analysis against baseline requirements
  • Coverage assessments across control families
  • Compliance mapping to other frameworks (SOC2, ISO27001)
  • Risk evaluation of control implementations

📖 Installation & Setup

One-Command Setup (Recommended)

git clone https://github.com/your-username/nist-mcp.git
cd nist-mcp
./scripts/install.sh
python -m nist_mcp.server

That's it! Your NIST MCP server is now running with 1,196+ controls.

Manual Setup

# 1. Clone and install
git clone https://github.com/your-username/nist-mcp.git
cd nist-mcp
pip install -e ".[dev]"

# 2. Download NIST data
python scripts/download_nist_data.py

# 3. Start server
python -m nist_mcp.server

Prerequisites

  • Python 3.10+
  • uv package manager (optional, but recommended)

🛠️ Practical Examples

Here are real examples of how to use the NIST MCP tools:

Basic Control Lookup

"What does AC-1 say?"

// Call: get_control("AC-1")
{
  "id": "ac-1",
  "title": "Policy and Procedures",
  "class": "SP800-53",
  "family": "AC",
  "parts": [
    {
      "name": "statement",
      "prose": "The organization develops and maintains a comprehensive security policy..."
    }
  ],
  "links": [...]
}

"Show me all Access Control family controls"

// Call: get_control_family("AC")
{
  "family": "AC",
  "name": "Access Control",
  "description": "The AC family contains controls...",
  "total_controls": 57,
  "base_controls": 25,
  "enhancements": 32,
  "controls": [...]
}

Compliance Analysis

"Do we meet Moderate baseline requirements?"

// Call: gap_analysis(implemented_controls=["AC-1", "AU-1"], target_baseline="moderate")
{
  "total_required": 177,
  "implemented_count": 2,
  "missing_count": 175,
  "compliance_percentage": 1.13,
  "critical_gaps": ["Risk Assessment", "Configuration Management"],
  "next_priorities": ["AC-2", "IA-2", "AU-2"]
}

"What's our CMMC Level 2 readiness?"

// Call: cmmc_compliance_assessment(implemented_controls=["AC-1", "IA-2"], target_level=2)
{
  "current_level": 1,
  "target_level": 2,
  "achieved_domains": ["AC", "IA"],
  "missing_domains": ["CM", "CP", "IR"],
  "progress_percentage": 23.5,
  "next_steps": ["Implement CM-2", "Add CP-9 controls"]
}

Risk Assessments

"How risky is our current access control implementation?"

// Call: risk_assessment_helper(control_ids=["AC-1", "AC-2", "IA-3"])
{
  "overall_risk_score": 7.3,
  "critical_gaps": ["AC-6 (Least Privilege)", "AC-18 (Wireless Access)"],
  "recommendations": [
    "Implement multi-factor authentication (IA-3)",
    "Review access control policies (AC-1)",
    "Add session timeout controls"
  ]
}

Enterprise Framework Alignment

"Map our controls to NIST CSF functions"

// Call: get_control_mappings("AC-1")
{
  "control_id": "AC-1",
  "csf_mappings": ["PR.IP-1", "PR.IP-6"],
  "functions": ["Protect"],
  "categories": ["Identity Management"],
  "rationale": "Policy framework supports identity protection"
}

"Prepare for FedRAMP Moderate authorization"

// Call: get_baseline_controls("moderate")
{
  "baseline": "Moderate",
  "total_controls": 177,
  "required_families": {
    "AC": 12, "AU": 9, "CA": 5,
    "CM": 10, "IA": 8, "IR": 6,
    "MP": 4, "PE": 8, "PS": 3,
    "RA": 5, "SC": 45, "SI": 16,
    "SA": 6, "AT": 1, "PL": 2
  },
  "implementation_timeline": "12-18 months"
}

📚 MCP Tool Reference

Core Control Operations

  • list_controls() - Browse all 1,196 NIST controls
  • get_control("AC-1") - Get detailed control info with implementation guidance
  • search_controls("access", "AC", 10) - Search controls by keyword within families
  • get_control_family("AC") - Get complete access control family (57 total controls)

Framework & Compliance

  • get_baseline_controls("moderate") - NIST baselines for system categorization
  • cmmc_compliance_assessment(current_controls, 3) - CMMC readiness assessment
  • fedramp_readiness_assessment(controls, "saas") - FedRAMP cloud readiness
  • get_sp800171_baseline() - CUI protection baseline (DOD contractors)

Advanced Analysis

  • gap_analysis(implemented, "high") - Identify missing controls against baselines
  • analyze_control_coverage(["AC-1", "AU-1"]) - Assess control family coverage
  • compliance_mapping("ISO27001", controls) - Cross-framework mapping

Cybersecurity Framework

  • get_csf_framework() - Complete NIST CSF 2.0 with all functions
  • search_csf_subcategories("multi-factor") - Find relevant CSF subcategories
  • csf_to_controls_mapping("PR.AC-1") - Map CSF requirements to controls

Project Structure

nist-mcp/
├── src/nist_mcp/           # Main package
│   ├── server.py           # MCP server implementation
│   ├── data/               # Data loading and caching
│   │   └── loader.py       # NIST data loader
│   ├── tools/              # MCP tools (future expansion)
│   └── utils/              # Utility functions
├── data/                   # NIST data sources
│   ├── nist-sources/       # Official NIST data
│   │   ├── sp800-53/       # SP 800-53 controls and baselines
│   │   ├── sp800-171/      # SP 800-171 CUI baseline profiles
│   │   ├── cmmc/           # CMMC framework and maturity levels
│   │   ├── fedramp/        # FedRAMP framework and impact levels
│   │   ├── csf/            # Cybersecurity Framework data
│   │   └── mappings/       # Control-to-CSF mappings
│   ├── oscal-schemas/      # OSCAL JSON schemas
│   └── examples/           # Example OSCAL documents
├── scripts/                # Utility scripts
│   └── download_nist_data.py # Data download script and framework creation
├── tools/                  # Additional control tools
│   └── control_tools.py    # Control management utilities
└── tests/                  # Test suite

📋 Important Notes

Data Sources

Uses official public domain NIST data:

  • SP 800-53 Rev 5 (1,196 controls)
  • Cybersecurity Framework 2.0
  • OSCAL schemas for document validation

Development & Testing

uv sync --dev                    # Install dev tools
make test                       # Run full test suite
make test-security              # Security testing only
python -m nist_mcp.server       # Start server

License

  • MIT License (code)
  • Public Domain (NIST data)
  • Apache 2.0 (OSCAL schemas)

Support

from github.com/tnicholson/nist-mcp-server

Install NIST Server in Claude Desktop, Claude Code & Cursor

Recommended · one command, every IDE
unyly install nist-mcp-server

Installs into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.

First time? Get the CLI: curl -fsSL https://unyly.org/install | sh

Or configure manually

Run in your terminal:

claude mcp add nist-mcp-server -- uvx --from git+https://github.com/tnicholson/nist-mcp-server nist-mcp

FAQ

Is NIST Server MCP free?

Yes, NIST Server MCP is free — one-click install via Unyly at no cost.

Does NIST Server need an API key?

No, NIST Server runs without API keys or environment variables.

Is NIST Server hosted or self-hosted?

Self-hosted: the server runs locally on your machine via the install command above.

How do I install NIST Server in Claude Desktop, Claude Code or Cursor?

Open NIST Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare NIST Server with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All ai MCPs