1717
1818---
1919
20- Search and query ** 3,439 security data points** through a single MCP interface — ** NIST** (1,196 SP 800-53 controls with 53A assessments and 53B baselines, CSF 2.0, PF 1.0, SP 800-37 RMF, 613 publications, CMVP, NICE, glossary, CSF↔800-53 mappings) and ** OWASP** (Top 10, API/LLM/MCP Top 10, ASVS 5.0, WSTG, MASVS, Proactive Controls, 113+ Cheat Sheets, 418+ projects) — with ** live NVD/CVE + CISA KEV** , PDF reading, compliance mapping, STRIDE threat modeling, and MCP security assessment.
20+ Search and query ** 4,700+ security data points** through a single MCP interface — ** NIST** (1,196 SP 800-53 controls with 53A assessments and 53B baselines, CSF 2.0, PF 1.0, SP 800-37 RMF, 613 publications, CMVP, NICE, glossary, CSF↔800-53 mappings) and ** OWASP** (Top 10, API/LLM/MCP Top 10, ASVS 5.0, WSTG, MASVS, Proactive Controls, 815+ CWEs, 559 CAPEC attack patterns, 113+ Cheat Sheets, 418+ projects) — with ** live NVD/CVE + CISA KEV + EPSS ** , PDF reading, compliance mapping, STRIDE threat modeling, and MCP security assessment.
2121
2222## Quick Start
2323
@@ -52,44 +52,48 @@ claude mcp add security -- security-framework-mcp
5252
5353</details >
5454
55- ## Data Sources (21 local + 2 live)
55+ First run automatically builds the local database (~ 15-20 seconds). Auto-refreshes weekly.
56+
57+ ## Data Sources (22 local + 3 live)
5658
5759### NIST (10)
5860
59- | Source | Records |
60- | --------| ---------|
61- | SP 800-53 Rev. 5 Controls (+ 53A assessments + 53B baselines) | 1,196 |
62- | CSF 2.0 | 225 |
63- | PF 1.0 | 92 |
64- | SP 800-37 RMF | 7 steps |
65- | Publications (SP 800, FIPS, IR, CSWP) | 613 |
66- | CSF ↔ 800-53 Mappings | 57 |
67- | Glossary | 39 |
68- | Synonyms | 53 |
69- | CMVP (FIPS 140) | 15 |
70- | NICE Work Roles | 43 |
71-
72- ### OWASP (11)
73-
74- | Source | Records |
75- | --------| ---------|
76- | Projects | 418 |
77- | ASVS 5.0 | 345 |
78- | WSTG | 111 |
79- | Top 10 2021 / API Top 10 2023 / LLM Top 10 2025 / MCP Top 10 2025 | 10 each |
80- | Proactive Controls 2024 | 10 |
81- | MASVS | 23 |
82- | CWE Database | 39 |
83- | Cheat Sheets | 113+ |
61+ | Source | Records | Description |
62+ | --------| ---------| -------------|
63+ | SP 800-53 Rev. 5 Controls | 1,196 | Security/privacy controls + ** 53A assessment objectives/methods** + ** 53B baselines (LOW/MODERATE/HIGH)** |
64+ | CSF 2.0 | 225 | Cybersecurity Framework (6 functions, 22 categories, 197 subcategories) |
65+ | PF 1.0 | 92 | Privacy Framework (5 functions) |
66+ | SP 800-37 RMF | 7 steps | Risk Management Framework (7-step process) |
67+ | Publications | 613 | Full NIST cybersecurity publications (SP 800, FIPS, IR, CSWP) |
68+ | CSF ↔ 800-53 Mappings | 57 | Framework cross-references |
69+ | Glossary | 39 | Core cybersecurity terms |
70+ | Synonyms | 53 | Security acronym expansions (MFA↔multi-factor authentication, etc.) |
71+ | CMVP | 15 | FIPS 140 validated crypto modules |
72+ | NICE Work Roles | 43 | Cybersecurity Workforce Framework roles |
73+
74+ ### OWASP (12)
75+
76+ | Source | Records | Description |
77+ | --------| ---------| -------------|
78+ | Projects | 418 | Flagship/Production/Lab/Incubator projects |
79+ | ASVS 5.0 | 345 | Application Security Verification Standard |
80+ | WSTG | 111 | Web Security Testing Guide |
81+ | Top 10 2021 / API Top 10 2023 / LLM Top 10 2025 / MCP Top 10 2025 | 10 each | Web/API/LLM/MCP security risks + CWE mappings |
82+ | Proactive Controls 2024 | 10 | Developer defense controls |
83+ | MASVS | 23 | Mobile Application Security Verification Standard |
84+ | CWE Database | 815+ | Full MITRE CWE + OWASP cross-references |
85+ | Cheat Sheets | 113+ | Security implementation guides (on-demand) |
86+ | CAPEC Attack Patterns | 559 | MITRE CAPEC attack patterns + CWE cross-references |
8487
8588### Live APIs
8689
8790| Source | Description |
8891| --------| -------------|
8992| NVD CVE API 2.0 | Real-time CVE search |
9093| CISA KEV | Known Exploited Vulnerabilities catalog |
94+ | FIRST EPSS | Exploit Prediction Scoring System |
9195
92- ## Tools (36 )
96+ ## Tools (41 )
9397
9498### NIST
9599
@@ -131,15 +135,20 @@ claude mcp add security -- security-framework-mcp
131135| ` get_cwe ` | CWE lookup + auto OWASP cross-references |
132136| ` search_cve ` | Live NVD search |
133137| ` get_cve_detail ` | Full CVE details |
134- | ` search_kev ` | CISA Known Exploited Vulnerabilities |
138+ | ` search_kev ` | CISA KEV — vendor/product/date/ransomware filters |
135139
136140### Analysis & Assessment
137141
138142| Tool | Description |
139143| ------| -------------|
140- | ` search_owasp ` | Search all 21 sources (NIST + OWASP unified) |
144+ | ` lookup_compliance ` | Reverse lookup: PCI-DSS/ISO 27001 requirement → NIST/ASVS |
145+ | ` triage_cve ` | CVE triage with EPSS + CVSS + KEV composite scoring |
146+ | ` map_finding ` | CWE/CVE → complete remediation chain |
147+ | ` get_attack_pattern ` | CAPEC attack patterns with CWE cross-references |
148+ | ` search_owasp ` | Search all 22 sources (NIST + OWASP unified) |
141149| ` cross_reference ` | CWE → Top 10 / ASVS / WSTG |
142150| ` compliance_map ` | ASVS → PCI-DSS 4.0 / ISO 27001:2022 / NIST 800-53 |
151+ | ` nist_compliance_map ` | SP 800-53 families → PCI-DSS 4.0 / ISO 27001:2022 |
143152| ` assess_stack ` | Tech stack security assessment |
144153| ` generate_checklist ` | Security checklist (web/api/mobile/llm/full × basic/standard/comprehensive) |
145154| ` assess_mcp_security ` | MCP Top 10 assessment |
@@ -156,6 +165,58 @@ claude mcp add security -- security-framework-mcp
156165| ` compliance_check ` | Compliance assessment |
157166| ` secure_code_review ` | Code security review |
158167
168+ ## Use Cases
169+
170+ ### Vulnerability Management
171+ ```
172+ > Triage CVE-2021-44228 and CVE-2023-44487 — show EPSS, CVSS, KEV status
173+
174+ > Show all CISA KEV entries for Microsoft added after 2025-01-01
175+
176+ > Show only KEV vulnerabilities with known ransomware campaign use
177+
178+ > What attack patterns target CWE-502 (deserialization)?
179+
180+ > Map CWE-79 to OWASP Top 10, ASVS requirements, WSTG tests, and remediation guidance
181+ ```
182+
183+ ### Compliance & Audit
184+ ```
185+ > What NIST SP 800-53 controls and ASVS requirements map to PCI-DSS 8.3?
186+
187+ > Map ASVS V4 to PCI-DSS 4.0, ISO 27001, and NIST 800-53
188+
189+ > Map NIST SP 800-53 AC family to PCI-DSS and ISO 27001
190+
191+ > Show SP 800-53 LOW baseline controls for the IA (Identification and Authentication) family
192+
193+ > Show SP 800-53 AC-1 control with 53A assessment objectives
194+ ```
195+
196+ ### Threat Modeling & Architecture Review
197+ ```
198+ > Generate a STRIDE threat model: payment API, JWT auth, PostgreSQL, Redis cache
199+
200+ > Assess my stack: React, Node.js, PostgreSQL, REST API, AWS Lambda
201+
202+ > Find CAPEC attack patterns related to SQL injection
203+
204+ > Search all NIST and OWASP sources for "zero trust"
205+ ```
206+
207+ ### Development Security
208+ ```
209+ > Generate a comprehensive security checklist for a web API project
210+
211+ > Show OWASP Cheat Sheet for Authentication
212+
213+ > Cross-reference CWE-352 (CSRF) to Top 10, ASVS, and WSTG test cases
214+
215+ > Show ASVS V3 (Session Management) level 2 requirements
216+
217+ > Search NVD for critical log4j CVEs
218+ ```
219+
159220## Configuration
160221
161222| Variable | Default | Description |
@@ -174,13 +235,13 @@ claude mcp add security -- security-framework-mcp
174235 │ stdio
175236┌──────────────▼──────────────────┐
176237│ security-framework-mcp │
177- │ 36 tools · 4 prompts · 6 rsrc │
238+ │ 41 tools · 4 prompts · 6 rsrc │
178239├──────────────┬──────────────────┤
179240│ SQLite FTS5 │ Live APIs │
180- │ (~6.2MB) │ NVD + CISA KEV │
241+ │ (~6.2MB) │ NVD+KEV+EPSS │
181242├──────────────┴──────────────────┤
182243│ NIST Collectors (10) │
183- │ OWASP Collectors (11 ) │
244+ │ OWASP Collectors (12 ) │
184245└──────────────┬──────────────────┘
185246 │ httpx (retry)
186247┌──────────────▼──────────────────┐
0 commit comments