framework-mcp 1.3.6 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/.claude/agents/mcp-developer.md +41 -0
  2. package/.claude/agents/project-orchestrator.md +43 -0
  3. package/.claude/agents/version-consistency-reviewer.md +50 -0
  4. package/COPILOT_INTEGRATION.md +49 -62
  5. package/DEPLOYMENT_GUIDE.md +48 -49
  6. package/MCP_INTEGRATION_GUIDE.md +96 -129
  7. package/MIGRATION_GUIDE_v1.4.0.md +190 -0
  8. package/README.md +149 -173
  9. package/RELEASE_NOTES_v1.3.7.md +275 -0
  10. package/RELEASE_NOTES_v1.4.0.md +178 -0
  11. package/SAFEGUARDS_VERIFICATION_LOG.md +157 -0
  12. package/dist/core/safeguard-manager.d.ts.map +1 -1
  13. package/dist/core/safeguard-manager.js +747 -1191
  14. package/dist/core/safeguard-manager.js.map +1 -1
  15. package/dist/index.d.ts +0 -1
  16. package/dist/index.d.ts.map +1 -1
  17. package/dist/index.js +1 -2
  18. package/dist/index.js.map +1 -1
  19. package/dist/interfaces/http/http-server.d.ts +0 -4
  20. package/dist/interfaces/http/http-server.d.ts.map +1 -1
  21. package/dist/interfaces/http/http-server.js +6 -113
  22. package/dist/interfaces/http/http-server.js.map +1 -1
  23. package/dist/interfaces/mcp/mcp-server.d.ts +0 -5
  24. package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -1
  25. package/dist/interfaces/mcp/mcp-server.js +4 -120
  26. package/dist/interfaces/mcp/mcp-server.js.map +1 -1
  27. package/dist/shared/types.d.ts +0 -37
  28. package/dist/shared/types.d.ts.map +1 -1
  29. package/examples/example-usage.md +43 -38
  30. package/examples/llm-analysis-patterns.md +553 -0
  31. package/package.json +2 -3
  32. package/scripts/validate-documentation.sh +4 -4
  33. package/src/core/safeguard-manager.ts +729 -1173
  34. package/src/index.ts +1 -2
  35. package/src/interfaces/http/http-server.ts +6 -139
  36. package/src/interfaces/mcp/mcp-server.ts +4 -145
  37. package/src/shared/types.ts +0 -40
  38. package/swagger.json +64 -313
  39. package/dist/core/capability-analyzer.d.ts +0 -29
  40. package/dist/core/capability-analyzer.d.ts.map +0 -1
  41. package/dist/core/capability-analyzer.js +0 -568
  42. package/dist/core/capability-analyzer.js.map +0 -1
  43. package/src/core/capability-analyzer.ts +0 -708
package/README.md CHANGED
@@ -5,25 +5,25 @@
5
5
  [![GitHub](https://img.shields.io/github/stars/therealcybermattlee/FrameworkMCP?style=social)](https://github.com/therealcybermattlee/FrameworkMCP)
6
6
  [![Website](https://img.shields.io/badge/Website-cyberrise.org-blue)](https://cyberrise.org)
7
7
 
8
- A Model Context Protocol (MCP) server that determines vendor tool **capability roles** (Full Implementation, Partial Implementation, Facilitates, Governance, Validates) against the **CIS Controls Framework**. This tool helps security professionals accurately categorize vendor capabilities for specific CIS Control safeguards with domain validation and evidence-based assessment.
8
+ A Model Context Protocol (MCP) server providing **authoritative CIS Controls Framework data** to empower LLMs with sophisticated, context-aware vendor capability analysis. This Pure Data Provider architecture enables security professionals to perform flexible, intelligent assessment of vendor tool capabilities against specific CIS Control safeguards.
9
9
 
10
10
  ## 🎯 Purpose
11
11
 
12
- This MCP server enables security teams to:
13
- - **Determine vendor tool capability roles** for specific CIS Control safeguards (1.1, 5.1, 6.3, etc.)
14
- - **Validate implementation capability claims** (FULL/PARTIAL) with domain-appropriate tool type verification
15
- - **Accurately categorize vendor roles** across 5 capability types: Full, Partial, Facilitates, Governance, and Validates
16
- - **Generate evidence-based assessments** showing capability alignment and domain validation results
12
+ This MCP server empowers security teams to:
13
+ - **Access authoritative CIS Controls data** for all 153 safeguards across 18 controls
14
+ - **Leverage LLM intelligence** for sophisticated, context-aware vendor capability analysis
15
+ - **Perform flexible assessment** across 5 capability types: Full, Partial, Facilitates, Governance, and Validates
16
+ - **Apply custom analysis methodologies** with complete transparency and reasoning
17
17
 
18
18
  ## 🎯 The 5 Capability Roles
19
19
 
20
- | Capability Role | Description | Domain Requirements |
21
- |-----------------|-------------|--------------------|
22
- | **FULL** | Complete implementation of safeguard requirements | Must use domain-appropriate tool types (e.g., inventory tools for asset safeguards) |
23
- | **PARTIAL** | Limited scope implementation with clear boundaries | Must use domain-appropriate tool types with explicit scope limitations |
24
- | **FACILITATES** | Enhancement capabilities that enable others to implement safeguards better/faster/stronger | No tool type restrictions - any tool can facilitate |
25
- | **GOVERNANCE** | Policy/process management and oversight capabilities | No tool type restrictions - governance applies across domains |
26
- | **VALIDATES** | Verification capabilities providing evidence and reporting | No tool type restrictions - validation applies across domains |
20
+ | Capability Role | Description | LLM Analysis Approach |
21
+ |-----------------|-------------|----------------------|
22
+ | **FULL** | Complete implementation of safeguard requirements | LLMs assess comprehensive coverage against detailed safeguard data |
23
+ | **PARTIAL** | Limited scope implementation with clear boundaries | LLMs identify scope limitations and coverage gaps |
24
+ | **FACILITATES** | Enhancement capabilities that enable others to implement safeguards better/faster/stronger | LLMs recognize facilitation patterns and indirect support capabilities |
25
+ | **GOVERNANCE** | Policy/process management and oversight capabilities | LLMs evaluate governance elements and process management features |
26
+ | **VALIDATES** | Verification capabilities providing evidence and reporting | LLMs assess audit, monitoring, and reporting capabilities |
27
27
 
28
28
  ## 🎨 CIS Controls Framework Integration
29
29
 
@@ -130,7 +130,7 @@ In your Copilot, create actions for capability assessment:
130
130
  **Primary Action - Validate Vendor Capability:**
131
131
  ```
132
132
  Action: Validate Vendor Mapping
133
- Description: Validate vendor capability claims against CIS Controls with domain validation
133
+ Description: Validate vendor capability claims against CIS Controls through content analysis
134
134
  Connector: Framework MCP Custom Connector
135
135
  Operation: validateVendorMapping
136
136
  Parameters:
@@ -177,27 +177,27 @@ curl -X POST https://your-api-url.com/api/validate-vendor-mapping \
177
177
  -d '{"vendor_name":"Test Vendor","safeguard_id":"1.1","claimed_capability":"facilitates","supporting_text":"We provide supplemental asset tracking capabilities that enhance existing inventory systems."}'
178
178
  ```
179
179
 
180
- ## 📋 Usage Examples
180
+ ## 📋 LLM-Driven Analysis Examples
181
181
 
182
- ### Analyze Single Vendor Response
182
+ ### Basic Vendor Capability Assessment
183
183
 
184
184
  ```bash
185
- claude-code "Determine the capability role for this vendor response to safeguard 5.1:
186
- Vendor: SecureIAM Corp
187
- Response: 'Our tool is a full identity provider with comprehensive account management. We maintain detailed user inventories including names, usernames, departments, and access rights. Automated quarterly reviews ensure all accounts are authorized and compliant.'"
185
+ claude-code "Get safeguard details for 5.1, then analyze this vendor response: SecureIAM Corp - 'Our tool is a full identity provider with comprehensive account management. We maintain detailed user inventories including names, usernames, departments, and access rights. Automated quarterly reviews ensure all accounts are authorized and compliant.' Determine appropriate capability role and provide confidence assessment."
188
186
  ```
189
187
 
190
- ### Validate Implementation Capability Claims
188
+ ### Context-Aware Analysis
191
189
 
192
190
  ```bash
193
- claude-code "Validate this implementation capability claim:
194
- Vendor: ComplianceBot
195
- Safeguard: 5.1
196
- Claimed Capability: FULL
197
- Response: 'We provide automated account lifecycle management with real-time inventory tracking and compliance reporting.'"
191
+ claude-code "Get safeguard 8.2 details. For a high-risk financial services environment, analyze this logging solution: 'We collect endpoint telemetry and forward logs to SIEM platforms.' Consider regulatory requirements (SOX, PCI-DSS) and determine capability role with implementation recommendations."
198
192
  ```
199
193
 
200
- ### Analyze Multiple Vendors from File
194
+ ### Multi-Vendor Comparative Analysis
195
+
196
+ ```bash
197
+ claude-code "Get safeguard 1.1 details. Compare these asset management solutions and rank by implementation completeness for a 500-employee company: 1) Lansweeper: 'Complete network discovery and automated inventory' 2) ServiceNow: 'CMDB with manual asset entry workflows' 3) Microsoft Intune: 'Managed device tracking with Azure AD integration'. Provide deployment complexity assessment."
198
+ ```
199
+
200
+ ### Bulk Analysis from File
201
201
 
202
202
  Create `vendors.csv`:
203
203
  ```csv
@@ -208,128 +208,114 @@ VendorC,6.3,"MFA enforcement for all external applications with SSO integration"
208
208
  ```
209
209
 
210
210
  ```bash
211
- claude-code "Determine capability roles for the vendor responses in vendors.csv and provide recommendations"
211
+ claude-code "Get details for safeguards referenced in vendors.csv. Analyze each vendor response, determine capability roles, and provide implementation roadmap recommendations based on organizational gaps."
212
212
  ```
213
213
 
214
- ### Get Safeguard Details
214
+ ### Claim Validation Assessment
215
215
 
216
216
  ```bash
217
- claude-code "Show me the detailed breakdown of safeguard 5.1 including all sub-elements"
217
+ claude-code "Get safeguard 12.4 details. This vendor claims FULL capability for network boundary monitoring: 'We monitor all network traffic, identify unauthorized devices, and generate real-time alerts.' Validate this claim against the specific safeguard requirements and provide evidence-based assessment."
218
218
  ```
219
219
 
220
- ### Validate Vendor Capability Claims
221
-
222
- **PRIMARY TOOL**: Validate whether a vendor's stated capability mapping is actually supported by their explanatory text.
220
+ ### Risk-Based Analysis
223
221
 
224
222
  ```bash
225
- claude-code "Use validate_vendor_mapping with vendor_name 'SecureAssets Corp', safeguard_id '1.1', claimed_capability 'full', and supporting_text 'Our comprehensive asset management platform performs automated discovery of all enterprise devices, maintains detailed hardware and software inventories, tracks ownership and location data, provides real-time asset status monitoring, and includes documented inventory procedures with bi-annual review capabilities.'"
223
+ claude-code "Get safeguard 11.1 details. For a healthcare organization with HIPAA requirements, assess Veeam Backup's capability: 'Automated daily backups with 99.9% recovery success rate and quarterly recovery testing.' Focus on governance and validation aspects."
226
224
  ```
227
225
 
228
- ## 📊 Sample Output
226
+ ## 📊 Sample LLM Analysis Patterns
229
227
 
230
- ### Standard Capability Role Analysis Output
231
- ```json
232
- {
233
- "vendor": "SecureIAM Corp",
234
- "safeguardId": "5.1",
235
- "safeguardTitle": "Establish and Maintain an Inventory of Accounts",
236
- "capabilityRole": "full",
237
- "additionalRoles": ["governance", "validates"],
238
- "confidence": 87,
239
- "domainValidation": {
240
- "detectedToolType": "identity_management",
241
- "domainMatch": true,
242
- "capabilityAdjusted": false
243
- },
244
- "evidenceAnalysis": {
245
- "coreRequirements": 85,
246
- "subElements": 75,
247
- "governance": 90,
248
- "languageConsistency": 88
249
- },
250
- "evidence": [
251
- "comprehensive account management",
252
- "detailed user inventories",
253
- "automated quarterly reviews"
254
- ]
255
- }
228
+ ### Context-Aware Assessment Response
256
229
  ```
230
+ ASSESSMENT: SecureIAM Corp - Safeguard 5.1 Analysis
257
231
 
258
- ### Primary Validation Tool Output (validate_vendor_mapping)
259
- ```json
260
- {
261
- "vendor": "SecureAssets Corp",
262
- "safeguard_id": "1.1",
263
- "safeguard_title": "Establish and Maintain a Detailed Enterprise Asset Inventory",
264
- "claimed_capability": "full",
265
- "validation_status": "SUPPORTED",
266
- "confidence_score": 85,
267
- "evidence_analysis": {
268
- "core_requirements_coverage": 100,
269
- "sub_elements_coverage": 47,
270
- "governance_alignment": 80,
271
- "language_consistency": 90
272
- },
273
- "domain_validation": {
274
- "required_tool_type": "inventory",
275
- "detected_tool_type": "inventory",
276
- "domain_match": true,
277
- "capability_adjusted": false
278
- },
279
- "gaps_identified": [],
280
- "strengths_identified": [
281
- "High coverage of core requirements and sub-elements",
282
- "Strong implementation language consistency",
283
- "Appropriate tool type for safeguard domain"
284
- ],
285
- "recommendations": [],
286
- "detailed_feedback": "Validation of FULL capability claim: SUPPORTED (85% alignment)\n\nSTRENGTHS:\n• High coverage of core requirements and sub-elements\n• Strong implementation language consistency\n• Appropriate tool type for safeguard domain\n\nASSESSMENT: The vendor's supporting evidence strongly aligns with their claimed capability."
287
- }
232
+ CAPABILITY DETERMINATION: FULL + GOVERNANCE + VALIDATES
233
+ CONFIDENCE: 87%
234
+
235
+ ANALYSIS:
236
+ Based on safeguard 5.1 requirements for comprehensive account inventory management:
237
+
238
+ ✅ CORE REQUIREMENTS COVERAGE:
239
+ - Complete user inventory (names, usernames, departments)
240
+ - Access rights tracking and management
241
+ - Identity provider capabilities with centralized management
242
+
243
+ ✅ GOVERNANCE ELEMENTS:
244
+ - Automated quarterly review processes
245
+ - Compliance verification workflows
246
+ - Policy enforcement capabilities
247
+
248
+ ✅ VALIDATION CAPABILITIES:
249
+ - Continuous monitoring and reporting
250
+ - Authorization verification
251
+ - Compliance status tracking
252
+
253
+ EVIDENCE QUALITY: High - Specific implementation details provided
254
+ SCOPE DEFINITION: Comprehensive enterprise account management
255
+
256
+ RECOMMENDATION: Strong FULL capability alignment with additional governance and validation roles. Suitable for enterprise Implementation Group 2-3 deployments.
288
257
  ```
289
258
 
290
- ### Domain Mismatch Example Output
291
- ```json
292
- {
293
- "vendor": "ThreatIntel Pro",
294
- "safeguard_id": "1.1",
295
- "safeguard_title": "Establish and Maintain a Detailed Enterprise Asset Inventory",
296
- "claimed_capability": "facilitates",
297
- "validation_status": "QUESTIONABLE",
298
- "confidence_score": 45,
299
- "evidence_analysis": {
300
- "core_requirements_coverage": 65,
301
- "sub_elements_coverage": 20,
302
- "governance_alignment": 30,
303
- "language_consistency": 75
304
- },
305
- "domain_validation": {
306
- "required_tool_type": "inventory",
307
- "detected_tool_type": "threat_intelligence",
308
- "domain_match": false,
309
- "capability_adjusted": true,
310
- "original_claim": "full"
311
- },
312
- "gaps_identified": [
313
- "Tool type mismatch: threat_intelligence tools cannot provide FULL coverage for Asset Inventory safeguards"
314
- ],
315
- "strengths_identified": [
316
- "Good language consistency in supporting text"
317
- ],
318
- "recommendations": [
319
- "Consider repositioning as FACILITATES capability to align with tool type"
320
- ],
321
- "detailed_feedback": "DOMAIN VALIDATION: Tool type 'threat_intelligence' cannot provide FULL coverage for safeguard 1.1 (Asset Inventory). Capability automatically adjusted from FULL to FACILITATES.\n\nThe vendor's claim has been downgraded due to domain mismatch, though evidence quality is reasonable for facilitation capabilities."
322
- }
259
+ ### Multi-Vendor Comparison Response
260
+ ```
261
+ COMPARATIVE ANALYSIS: Asset Management Solutions for Safeguard 1.1
262
+
263
+ RANKING BY IMPLEMENTATION COMPLETENESS:
264
+
265
+ 1. 🥇 LANSWEEPER (FULL + VALIDATES)
266
+ - Comprehensive automated discovery
267
+ - Network-wide asset visibility
268
+ - Strong for 500-employee deployment
269
+ - Implementation: Medium complexity
270
+
271
+ 2. 🥈 MICROSOFT INTUNE (PARTIAL + GOVERNANCE)
272
+ - Managed device focus (limited scope)
273
+ - Strong Azure AD integration
274
+ - Governance capabilities present
275
+ - Implementation: Low complexity (if using Microsoft stack)
276
+
277
+ 3. 🥉 SERVICENOW (FACILITATES + GOVERNANCE)
278
+ - CMDB foundation requires manual processes
279
+ - Strong workflow and governance features
280
+ - Facilitates comprehensive asset management
281
+ - Implementation: High complexity
282
+
283
+ RECOMMENDATION: Lansweeper provides best immediate coverage for IG1 requirements. Consider Intune if Microsoft-centric environment, ServiceNow for complex enterprise with mature processes.
284
+ ```
285
+
286
+ ### Risk-Based Healthcare Analysis
287
+ ```
288
+ HIPAA-FOCUSED ANALYSIS: Veeam Backup vs Safeguard 11.1
289
+
290
+ CAPABILITY: FULL + VALIDATES
291
+ COMPLIANCE CONFIDENCE: 92%
292
+
293
+ HIPAA CONSIDERATIONS:
294
+ ✅ Recovery time objectives meet healthcare uptime requirements
295
+ ✅ Quarterly testing demonstrates due diligence
296
+ ✅ 99.9% success rate supports business continuity
297
+
298
+ GOVERNANCE ALIGNMENT:
299
+ - Documented recovery procedures (required for HIPAA)
300
+ - Regular testing and validation processes
301
+ - Performance metrics and reporting
302
+
303
+ GAPS TO ADDRESS:
304
+ - Verify encryption at rest/in transit for PHI
305
+ - Confirm audit logging capabilities
306
+ - Validate access controls for backup systems
307
+
308
+ IMPLEMENTATION RECOMMENDATION: Strong foundation for HIPAA compliance. Supplement with documented encryption policies and access control procedures.
323
309
  ```
324
310
 
325
311
  ## 🔧 Available Tools
326
312
 
327
313
  | Tool | Description |
328
314
  |------|-------------|
329
- | `validate_vendor_mapping` | **PRIMARY** Validate vendor's claimed capability role against supporting evidence with domain validation |
330
- | `analyze_vendor_response` | Determine vendor tool capability role for specific safeguard |
331
- | `get_safeguard_details` | Get detailed safeguard breakdown |
332
- | `list_available_safeguards` | List all available CIS safeguards |
315
+ | `get_safeguard_details` | **PRIMARY** Get detailed safeguard breakdown with structured CIS data for LLM analysis |
316
+ | `list_available_safeguards` | List all available CIS safeguards (153 total) for framework exploration |
317
+
318
+ **Pure Data Provider Architecture**: Framework MCP provides authoritative CIS Controls data while LLMs perform sophisticated, context-aware capability analysis with unlimited flexibility.
333
319
 
334
320
  ## 📁 File Formats Supported
335
321
 
@@ -359,58 +345,47 @@ Vendor: AnotherVendor - Safeguard: 6.3
359
345
  Another response...
360
346
  ```
361
347
 
362
- ## 🆕 Vendor Mapping Validation
348
+ ## 🚀 LLM-Driven Analysis Advantages
363
349
 
364
- The **validate_vendor_mapping** tool provides evidence-based validation of vendor capability claims. This addresses a critical need: vendors often self-assess their capabilities, but practitioners need to verify whether the supporting evidence actually justifies the claimed mapping.
350
+ Framework MCP v1.4.0's **Pure Data Provider architecture** empowers LLMs to perform sophisticated vendor capability analysis with unprecedented flexibility and intelligence.
365
351
 
366
- ### Validation Criteria
352
+ ### Key Benefits Over Hardcoded Analysis
367
353
 
368
- | Capability | Requirements | Validation Thresholds |
369
- |------------|-------------|----------------------|
370
- | **FULL** | Complete implementation within scope | ≥70% core requirements + ≥40% sub-elements |
371
- | **PARTIAL** | Limited scope with clear boundaries | ≥30% core requirements OR some core + ≥20% sub-elements |
372
- | **FACILITATES** | Enables/enhances implementation | Facilitation language present, no direct implementation claims |
373
- | **GOVERNANCE** | Policy/process management | ≥60% governance elements + policy language |
374
- | **VALIDATES** | Evidence collection & reporting | Audit/monitoring/reporting capabilities present |
354
+ | Advantage | Description | LLM Capability |
355
+ |-----------|-------------|----------------|
356
+ | **Context Awareness** | Analysis considers industry, risk profile, and organizational needs | LLMs understand sector-specific requirements and compliance frameworks |
357
+ | **Analytical Flexibility** | Apply custom methodologies and assessment criteria | Multiple analysis approaches: strict compliance, risk-based, comparative |
358
+ | **Transparent Reasoning** | Complete visibility into analysis logic and evidence evaluation | LLMs explain their reasoning and provide detailed justifications |
359
+ | **Adaptive Intelligence** | Dynamic assessment based on evolving requirements | LLMs can adjust analysis based on new information or changing priorities |
360
+ | **Natural Language** | Complex analysis requests in plain English | No need for rigid tool parameters or predefined validation rules |
375
361
 
376
- ### Domain-Specific Validation Rules
362
+ ### Enhanced Analysis Capabilities
377
363
 
378
- **CRITICAL**: The validation tool enforces domain-specific requirements for capability claims:
364
+ **Multi-Dimensional Assessment**: LLMs can simultaneously evaluate:
365
+ - Technical capability alignment with safeguard requirements
366
+ - Deployment complexity and organizational fit
367
+ - Risk mitigation effectiveness and compliance coverage
368
+ - Integration potential with existing technology stacks
369
+ - Cost-benefit analysis and implementation roadmaps
379
370
 
380
- | Safeguard | Domain | Required Tool Types | Rule |
381
- |-----------|--------|-------------------|------|
382
- | **1.1** | Asset Inventory | inventory, asset_management, cmdb, discovery | Only inventory tools can claim FULL/PARTIAL |
383
- | **1.2** | Unauthorized Assets | inventory, asset_management, cmdb, discovery | Only inventory tools can claim FULL/PARTIAL |
384
- | **5.1** | Account Inventory | identity_management, governance | Only identity/governance tools can claim FULL/PARTIAL |
385
- | **6.3** | External MFA | identity_management | Only identity management tools can claim FULL/PARTIAL |
386
- | **7.1** | Vulnerability Process | vulnerability_management, governance | Only vulnerability/governance tools can claim FULL/PARTIAL |
371
+ **Advanced Analysis Patterns**:
372
+ - **Comparative Vendor Evaluation**: Rank multiple solutions against specific criteria
373
+ - **Gap Analysis**: Identify coverage gaps and recommend complementary tools
374
+ - **Risk-Based Assessment**: Prioritize capability importance based on threat landscape
375
+ - **Compliance Mapping**: Align vendor capabilities with regulatory requirements
376
+ - **Implementation Planning**: Generate deployment strategies and success metrics
387
377
 
388
- **Auto-Downgrade Logic**: When a tool type doesn't match the safeguard domain:
389
- - **FULL/PARTIAL** claims → Automatically downgraded to **FACILITATES**
390
- - **FACILITATES/GOVERNANCE/VALIDATES** claims → Remain unchanged
391
- - Validation status becomes **QUESTIONABLE** with explanation
392
-
393
- ### Validation Statuses
394
-
395
- - **SUPPORTED** (70-100%): Evidence strongly supports the claimed capability
396
- - **QUESTIONABLE** (40-69%): Evidence partially supports but has notable gaps OR domain mismatch occurred
397
- - **UNSUPPORTED** (0-39%): Evidence does not adequately support the claim
398
-
399
- ### Usage Examples
378
+ ### Flexibility Examples
400
379
 
401
380
  ```bash
402
- # Validate a FULL coverage claim (matching domain)
403
- claude-code "Use validate_vendor_mapping for vendor 'AssetMax Pro', safeguard '1.1', claimed capability 'full', with supporting text: 'Our platform provides comprehensive automated discovery, detailed inventory management, and complete asset lifecycle tracking for all enterprise devices including servers, workstations, and network equipment.'"
404
-
405
- # Validate a FACILITATES claim
406
- claude-code "Use validate_vendor_mapping for vendor 'ThreatIntel Feed', safeguard '1.1', claimed capability 'facilitates', with supporting text: 'Our threat intelligence service provides supplemental risk data that enriches existing asset management systems, enabling organizations to prioritize asset security based on threat exposure.'"
381
+ # Custom compliance-focused analysis
382
+ claude-code "Get safeguard 8.3 details. For PCI-DSS Level 1 compliance, assess Splunk Enterprise Security considering cardholder data environment requirements and provide implementation timeline recommendations."
407
383
 
408
- # Domain mismatch example (auto-downgraded)
409
- claude-code "Use validate_vendor_mapping for vendor 'VulnScanner Pro', safeguard '1.1', claimed capability 'full', with supporting text: 'Our vulnerability scanner performs comprehensive network discovery and maintains detailed device databases with complete visibility into enterprise infrastructure.'"
410
- # Result: Downgraded from FULL to FACILITATES (vulnerability_management ≠ inventory tool)
384
+ # Technology stack integration assessment
385
+ claude-code "Get safeguard 16.1 details. We use Azure DevOps and GitHub. Analyze how SonarQube integrates with our pipeline for secure code analysis and recommend configuration best practices."
411
386
 
412
- # Questionable claim (insufficient evidence)
413
- claude-code "Use validate_vendor_mapping for vendor 'BasicTracker', safeguard '1.1', claimed capability 'full', with supporting text: 'We help track computers and provide some visibility into your IT environment.'"
387
+ # Risk-based prioritization
388
+ claude-code "Get details for safeguards 13.1, 13.3, and 13.6. Our organization faces advanced persistent threats. Rank these network monitoring vendors by threat detection capability: 1) CrowdStrike Falcon 2) SentinelOne 3) Microsoft Defender for Endpoint."
414
389
  ```
415
390
 
416
391
  ## 🎯 CIS Controls Coverage
@@ -420,11 +395,12 @@ claude-code "Use validate_vendor_mapping for vendor 'BasicTracker', safeguard '1
420
395
  - **Full framework coverage** from Controls 1-18
421
396
  - **Comprehensive vendor analysis** capability for all CIS safeguards
422
397
 
423
- ### Current Version Highlights
424
- - ✅ **All 18 Controls** implemented (Enterprise Assets through Penetration Testing)
425
- - ✅ **Color-coded element categorization** (Orange/Green/Yellow/Gray)
426
- - ✅ **Enhanced capability detection** (Governance, Facilitates, Coverage, Validates)
427
- - ✅ **Production-ready** vendor analysis for complete compliance assessments
398
+ ### v1.4.0 Pure Data Provider Highlights
399
+ - ✅ **Simplified Architecture** - Clean data provision without analysis complexity
400
+ - ✅ **LLM-Powered Analysis** - Sophisticated, context-aware capability assessment
401
+ - ✅ **Enhanced Flexibility** - Custom methodologies and unlimited analysis approaches
402
+ - ✅ **Complete Framework** - All 18 Controls with 153 safeguards for comprehensive evaluation
403
+ - ✅ **Transparent Reasoning** - Full visibility into analysis logic and evidence evaluation
428
404
 
429
405
  ## 🛠️ Development
430
406