NIST CSF 2.0 Assessment Platform
Enables comprehensive NIST Cybersecurity Framework 2.0 assessments with 40+ MCP tools for maturity scoring, gap analysis, implementation planning, risk assessment, and executive reporting across 740 security questions.
README
NIST CSF 2.0 Assessment Platform
Complete NIST Cybersecurity Framework 2.0 implementation with professional assessment GUI and comprehensive MCP server. Built for cybersecurity professionals, CISOs, and AI integration.
šÆ 740 assessment questions ā¢ š”ļø Multi-tier security ā¢ š Executive dashboards ā¢ š¤ 40+ MCP tools
š Quick Start
Choose your deployment option based on your use case:
Option 1: Professional Assessment GUI (Recommended)
Perfect for: CISOs, Security Teams, Executive Presentations
git clone https://github.com/rocklambros/nist-csf-2-mcp-server.git
cd nist-csf-2-mcp-server/gui-platform
docker-compose up
Access Your Platform:
- š Assessment Interface: http://localhost:3000
- š Executive Dashboard: Real-time progress and benchmarking
- š§ Health Status: http://localhost:3001/health
Features:
- Company-size aware question filtering
- Persistent assessment sessions (pause/resume anytime)
- Real-time executive dashboards with industry benchmarking
- Professional PDF reports for board presentations
Option 2: MCP Server for AI Integration
Perfect for: Claude Desktop, ChatGPT, Technical Users
Claude Desktop Setup:
{
"mcpServers": {
"nist-csf": {
"command": "sh",
"args": ["-c", "docker run -i --rm ghcr.io/rocklambros/nist-csf-2-mcp-server:latest node dist/index.js 2>/dev/null"],
"env": {"MCP_SERVER": "true"}
}
}
}
šØ Assessment GUI Experience
Workflow
- Organization Setup (2 minutes): Name, size, industry ā automatic question filtering
- Function Assessment (2-4 hours, resumable): Navigate NIST CSF functions with dual questions
- Executive Dashboard (Instant): Real-time results with industry comparison
Professional Features
- Dual Question Types: Maturity rating + Implementation status per subcategory
- Smart Filtering: 740 total questions ā relevant subset based on organization size
- Industry Benchmarking: Compare against similar organizations in your sector
- Executive Ready: Professional styling suitable for CISO and board presentations
š¤ MCP Tools (40 Tools)
Assessment & Scoring
start_assessment_workflow- Begin comprehensive assessmentpersistent_comprehensive_assessment- Resume assessments across sessionsassess_maturity- Calculate maturity scores across NIST functionscalculate_risk_score- Risk assessment with heat map generationget_assessment_questions- 740-question bank with size filtering
Planning & Implementation
generate_gap_analysis- Current vs target state analysiscreate_implementation_plan- Phased roadmap with timelinesgenerate_priority_matrix- Effort/impact prioritizationestimate_implementation_cost- Financial planning and ROI analysistrack_progress- Implementation progress monitoring
Reporting & Export
generate_executive_report- Board-ready executive summariesgenerate_dashboard- Real-time dashboard dataexport_data- Multi-format data export (PDF, CSV, Excel)generate_compliance_report- Multi-framework compliance mapping
Complete Tool Documentation with Examples ā
š Technical Specifications
- Framework: Complete NIST CSF 2.0 (6 functions, 34 categories, 185 subcategories)
- Questions: 740 across 4 dimensions (Risk, Maturity, Implementation, Effectiveness)
- Performance: <100ms response times, 100+ concurrent users
- Security: Multi-tier authentication (development ā API key ā OAuth 2.1)
- Integration: MCP protocol, REST API, WebSocket real-time updates
š§ Advanced Configuration
Security Modes
# Development
AUTH_MODE=disabled docker-compose up
# Production
AUTH_MODE=oauth OAUTH_ISSUER=https://your-provider.com docker-compose up
Performance Options
# Monitoring enabled
ENABLE_MONITORING=true docker-compose up
# Development with hot reload
docker-compose -f docker-compose.dev.yml up
š Documentation
- Deployment Guide: Complete setup options
- MCP Tools Reference: All 40 tools with examples
- Assessment Workflow: Detailed usage guide
- Architecture Overview: Technical details
š Support
- GitHub Issues: Bug reports and feature requests
- GitHub Discussions: Community support
š License
MIT License
Enterprise-grade cybersecurity assessment platform for NIST CSF 2.0 compliance, executive reporting, and professional security evaluation.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.