framework-mcp 2.4.2 → 2.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -83,7 +83,7 @@ export class FrameworkHttpServer {
83
83
  res.json({
84
84
  status: 'healthy',
85
85
  uptime: Math.round(process.uptime()),
86
- version: '2.4.2',
86
+ version: '2.4.3',
87
87
  timestamp: new Date().toISOString()
88
88
  });
89
89
  });
@@ -183,7 +183,7 @@ export class FrameworkHttpServer {
183
183
  this.app.get('/api', (req, res) => {
184
184
  res.json({
185
185
  name: 'Framework MCP HTTP API',
186
- version: '2.4.2',
186
+ version: '2.4.3',
187
187
  description: 'Pure Data Provider serving authentic CIS Controls Framework data',
188
188
  endpoints: {
189
189
  'GET /api/safeguards': 'List all available CIS safeguards',
@@ -7,7 +7,7 @@ export class FrameworkMcpServer {
7
7
  constructor() {
8
8
  this.server = new Server({
9
9
  name: 'framework-analyzer',
10
- version: '2.4.2',
10
+ version: '2.4.3',
11
11
  });
12
12
  this.safeguardManager = new SafeguardManager();
13
13
  this.setupHandlers();
@@ -103,7 +103,7 @@ export class FrameworkMcpServer {
103
103
  safeguards,
104
104
  total: safeguards.length,
105
105
  framework: 'CIS Controls v8.1',
106
- version: '2.4.2'
106
+ version: '2.4.3'
107
107
  }, null, 2),
108
108
  },
109
109
  ],
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "framework-mcp",
3
- "version": "2.4.2",
3
+ "version": "2.4.3",
4
4
  "description": "Pure Data Provider architecture serving authentic CIS Controls Framework data via MCP and HTTP API. Empowers LLMs with authoritative safeguards data for analysis. Supports Microsoft Copilot custom connectors and DigitalOcean App Services deployment.",
5
5
  "main": "dist/interfaces/http/http-server.js",
6
6
  "type": "module",
@@ -1461,7 +1461,7 @@ export class SafeguardManager {
1461
1461
  title: "Establish and Maintain a Data Management Process",
1462
1462
  description: "Establish and maintain a documented data management process. In the process, address data sensitivity, data owner, handling of data, data retention limits, and disposal requirements, based on sensitivity and retention standards for the enterprise. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
1463
1463
  implementationGroup: "IG1",
1464
- assetType: ["data"],
1464
+ assetType: ["Data"],
1465
1465
  securityFunction: ["Govern"],
1466
1466
  governanceElements: [ // Orange - MUST be met
1467
1467
  "Establish",
@@ -1469,20 +1469,15 @@ export class SafeguardManager {
1469
1469
  "Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard"
1470
1470
  ],
1471
1471
  coreRequirements: [ // Green - The "what"
1472
- "documented data management process",
1473
- "address data sensitivity, data owner, handling of data, data retention limits, and disposal requirements, based on sensitivity and retention standards for the enterprise"
1472
+ "documented data management process"
1474
1473
  ],
1475
1474
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
1476
- "Documented Data management process",
1477
1475
  "Data Sensitivity",
1478
1476
  "Data Owner",
1479
1477
  "Data Handling",
1480
1478
  "Data Retention Limits",
1481
1479
  "Disposal Requirements",
1482
- "Retention Standards",
1483
- "Review and update documentation",
1484
- "Annually",
1485
- "When significant enterprise changes occur that could impact this Safeguard"
1480
+ "Retention Standards"
1486
1481
  ],
1487
1482
  implementationSuggestions: [ // Gray - Implementation suggestions
1488
1483
  ],
@@ -1572,7 +1567,7 @@ export class SafeguardManager {
1572
1567
  title: "Establish and Maintain a Data Inventory",
1573
1568
  description: "Establish and maintain a data inventory based on the enterprise's data management process. Inventory sensitive data, at a minimum. Review and update inventory annually, at a minimum, with a priority on sensitive data.",
1574
1569
  implementationGroup: "IG1",
1575
- assetType: ["data"],
1570
+ assetType: ["Data"],
1576
1571
  securityFunction: ["Identify"],
1577
1572
  governanceElements: [ // Orange - MUST be met
1578
1573
  "Establish",
@@ -1580,16 +1575,11 @@ export class SafeguardManager {
1580
1575
  "Review and update inventory annually, at a minimum, with a priority on sensitive data"
1581
1576
  ],
1582
1577
  coreRequirements: [ // Green - The "what"
1583
- "data inventory based on the enterprise's data management process",
1584
- "inventory sensitive data, at a minimum"
1578
+ "data inventory"
1585
1579
  ],
1586
1580
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
1587
- "Data Inventory",
1588
1581
  "Based on Data Management process",
1589
- "Sensitive Data at a Minimum",
1590
- "Review and update inventory",
1591
- "Annually, at a minimum",
1592
- "Priority on sensitive data"
1582
+ "Sensitive Data at a Minimum"
1593
1583
  ],
1594
1584
  implementationSuggestions: [ // Gray - Implementation suggestions
1595
1585
  ],
@@ -1679,14 +1669,13 @@ export class SafeguardManager {
1679
1669
  title: "Configure Data Access Control Lists",
1680
1670
  description: "Configure data access control lists based on a user's need to know. Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications.",
1681
1671
  implementationGroup: "IG1",
1682
- assetType: ["data"],
1672
+ assetType: ["Data"],
1683
1673
  securityFunction: ["Protect"],
1684
1674
  governanceElements: [ // Orange - MUST be met
1685
- "Configure",
1686
- "Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications"
1675
+ "Configure"
1687
1676
  ],
1688
1677
  coreRequirements: [ // Green - The "what"
1689
- "data access control lists based on a user's need to know"
1678
+ "data access control lists"
1690
1679
  ],
1691
1680
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
1692
1681
  "Data Access control lists",
@@ -1785,7 +1774,7 @@ export class SafeguardManager {
1785
1774
  title: "Enforce Data Retention",
1786
1775
  description: "Retain data according to the enterprise's documented data management process. Data retention must include both minimum and maximum timelines.",
1787
1776
  implementationGroup: "IG1",
1788
- assetType: ["data"],
1777
+ assetType: ["Data"],
1789
1778
  securityFunction: ["Protect"],
1790
1779
  governanceElements: [ // Orange - MUST be met
1791
1780
  "Retain",
@@ -1798,7 +1787,6 @@ export class SafeguardManager {
1798
1787
  ],
1799
1788
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
1800
1789
  "Data Retention",
1801
- "Must Include",
1802
1790
  "Minimum Timelines",
1803
1791
  "Maximum timelines"
1804
1792
  ],
@@ -1890,19 +1878,17 @@ export class SafeguardManager {
1890
1878
  title: "Securely Dispose of Data",
1891
1879
  description: "Securely dispose of data as outlined in the enterprise's data management process. Ensure the disposal process and method are commensurate with the data sensitivity.",
1892
1880
  implementationGroup: "IG1",
1893
- assetType: ["data"],
1881
+ assetType: ["Data"],
1894
1882
  securityFunction: ["Protect"],
1895
1883
  governanceElements: [ // Orange - MUST be met
1896
- "Securely dispose of data",
1884
+ "Disposal process and method are commensurate with the data sensitivity",
1897
1885
  "Ensure"
1898
1886
  ],
1899
1887
  coreRequirements: [ // Green - The "what"
1900
- "as outlined in the enterprise's data management process",
1901
- "the disposal process and method are commensurate with the data sensitivity"
1888
+ "Securely Dispose of Data"
1902
1889
  ],
1903
1890
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
1904
- "Securely dispose of data",
1905
- "Disposal process and method are commensurate with the data sensitivity"
1891
+ "Securely dispose of Data"
1906
1892
  ],
1907
1893
  implementationSuggestions: [ // Gray - Implementation suggestions
1908
1894
  ],
@@ -1992,17 +1978,17 @@ export class SafeguardManager {
1992
1978
  title: "Encrypt Data on End-User Devices",
1993
1979
  description: "Encrypt data on end-user devices containing sensitive data. Example implementations can include: Windows BitLocker®, Apple FileVault®, Linux® dm-crypt.",
1994
1980
  implementationGroup: "IG1",
1995
- assetType: ["data"],
1981
+ assetType: ["Data"],
1996
1982
  securityFunction: ["Protect"],
1997
1983
  governanceElements: [ // Orange - MUST be met
1998
1984
  "Encrypt"
1999
1985
  ],
2000
1986
  coreRequirements: [ // Green - The "what"
2001
- "data on end-user devices containing sensitive data"
1987
+ "data on end-user devices"
2002
1988
  ],
2003
1989
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
2004
1990
  "Data on end-user devices",
2005
- "Sensitive data"
1991
+ "that contain Sensitive data"
2006
1992
  ],
2007
1993
  implementationSuggestions: [ // Gray - Implementation suggestions
2008
1994
  "Windows Bitlocker",
@@ -2095,7 +2081,7 @@ export class SafeguardManager {
2095
2081
  title: "Establish and Maintain a Data Classification Scheme",
2096
2082
  description: "Establish and maintain an overall data classification scheme for the enterprise. Enterprises may use labels, such as \"Sensitive,\" \"Confidential,\" and \"Public,\" and classify their data according to those labels. Review and update the classification scheme annually, or when significant enterprise changes occur that could impact this Safeguard.",
2097
2083
  implementationGroup: "IG2",
2098
- assetType: ["data"],
2084
+ assetType: ["Data"],
2099
2085
  securityFunction: ["Identify"],
2100
2086
  governanceElements: [ // Orange - MUST be met
2101
2087
  "Establish",
@@ -2103,15 +2089,10 @@ export class SafeguardManager {
2103
2089
  "Review and update the classification scheme annually, or when significant enterprise changes occur that could impact this Safeguard"
2104
2090
  ],
2105
2091
  coreRequirements: [ // Green - The "what"
2106
- "overall data classification scheme for the enterprise",
2107
- "classify their data according to those labels"
2092
+ "data classification scheme"
2108
2093
  ],
2109
2094
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
2110
- "Data classification scheme",
2111
- "Classify their data according to labels",
2112
- "Review and update classification scheme",
2113
- "Annually",
2114
- "When significant enterprise changes occur that could impact this Safeguard"
2095
+ "Classify their data according to labels"
2115
2096
  ],
2116
2097
  implementationSuggestions: [ // Gray - Implementation suggestions
2117
2098
  "Sensitive",
@@ -2204,27 +2185,19 @@ export class SafeguardManager {
2204
2185
  title: "Document Data Flows",
2205
2186
  description: "Document data flows. Data flow documentation includes service provider data flows and should be based on the enterprise's data management process. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
2206
2187
  implementationGroup: "IG2",
2207
- assetType: ["data"],
2188
+ assetType: ["Data"],
2208
2189
  securityFunction: ["Identify"],
2209
2190
  governanceElements: [ // Orange - MUST be met
2210
- "Document data flows",
2211
- "Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard"
2191
+ "Document data flows"
2212
2192
  ],
2213
2193
  coreRequirements: [ // Green - The "what"
2214
- "Data flow documentation includes service provider data flows and should be based on the enterprise's data management process"
2194
+ "Document Data Flows"
2215
2195
  ],
2216
2196
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
2217
- "Document data flows",
2218
2197
  "Enterprise Data Flows",
2219
- "Service Provider Data Flows",
2220
- "Review and update documentation",
2221
- "Annually",
2222
- "When significant enterprise changes occur that could impact this Safeguard"
2198
+ "Service Provider Data Flows"
2223
2199
  ],
2224
2200
  implementationSuggestions: [ // Gray - Implementation suggestions
2225
- "Data management systems",
2226
- "Data flow mapping tools",
2227
- "Service provider documentation"
2228
2201
  ],
2229
2202
  relatedSafeguards: ["3.1", "3.2", "3.7", "3.9", "3.10", "3.11"],
2230
2203
  systemPromptFull: {
@@ -2312,16 +2285,16 @@ export class SafeguardManager {
2312
2285
  title: "Encrypt Data on Removable Media",
2313
2286
  description: "Encrypt Data on Removable Media",
2314
2287
  implementationGroup: "IG2",
2315
- assetType: ["data"],
2288
+ assetType: ["Data"],
2316
2289
  securityFunction: ["Protect"],
2317
2290
  governanceElements: [ // Orange - MUST be met
2318
- "Encrypt Data on Removable Media"
2291
+ "Encrypt"
2319
2292
  ],
2320
2293
  coreRequirements: [ // Green - The "what"
2294
+ "Encrypt Data on Removable Media"
2321
2295
  ],
2322
2296
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
2323
2297
  "Data on Removable Media",
2324
- "Maintain"
2325
2298
  ],
2326
2299
  implementationSuggestions: [ // Gray - Implementation suggestions
2327
2300
  ],
@@ -2411,13 +2384,13 @@ export class SafeguardManager {
2411
2384
  title: "Encrypt Sensitive Data in Transit",
2412
2385
  description: "Encrypt sensitive data in transit. Example implementations can include: Transport Layer Security (TLS) and Open Secure Shell (OpenSSH).",
2413
2386
  implementationGroup: "IG2",
2414
- assetType: ["data"],
2387
+ assetType: ["Data"],
2415
2388
  securityFunction: ["Protect"],
2416
2389
  governanceElements: [ // Orange - MUST be met
2417
2390
  "Encrypt"
2418
2391
  ],
2419
2392
  coreRequirements: [ // Green - The "what"
2420
- "sensitive data in transit"
2393
+ "Encrypt sensitive data in transit"
2421
2394
  ],
2422
2395
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
2423
2396
  "Sensitive data in transit"
@@ -2512,23 +2485,21 @@ export class SafeguardManager {
2512
2485
  title: "Encrypt Sensitive Data at Rest",
2513
2486
  description: "Encrypt sensitive data at rest on servers, applications, and databases. Storage-layer encryption, also known as server-side encryption, meets the minimum requirement of this Safeguard. Additional encryption methods may include application-layer encryption, also known as client-side encryption, where access to the data storage device(s) does not permit access to the plain-text data.",
2514
2487
  implementationGroup: "IG2",
2515
- assetType: ["data"],
2488
+ assetType: ["Data"],
2516
2489
  securityFunction: ["Protect"],
2517
2490
  governanceElements: [ // Orange - MUST be met
2518
2491
  "Encrypt",
2519
- "meets the minimum requirement of this Safeguard"
2492
+ "Minimum Requirement"
2520
2493
  ],
2521
2494
  coreRequirements: [ // Green - The "what"
2522
- "sensitive data at rest on servers, applications, and databases",
2523
- "Storage-layer encryption, also known as server-side encryption"
2495
+ "Encrypt sensitive data at rest"
2524
2496
  ],
2525
2497
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
2526
- "Encrypt Sensitive Data At Rest",
2498
+ "Sensitive Data At Rest",
2527
2499
  "Servers",
2528
- "Software",
2500
+ "Applications",
2529
2501
  "Databases",
2530
- "Storage Layer (server side) encryption",
2531
- "Minimum Requirement"
2502
+ "Storage Layer (server side) encryption"
2532
2503
  ],
2533
2504
  implementationSuggestions: [ // Gray - Implementation suggestions
2534
2505
  "Application layer (client-side) encryption",
@@ -2620,19 +2591,17 @@ export class SafeguardManager {
2620
2591
  title: "Segment Data Processing and Storage Based on Sensitivity",
2621
2592
  description: "Segment data processing and storage based on the sensitivity of the data. Do not process sensitive data on enterprise assets intended for lower sensitivity data.",
2622
2593
  implementationGroup: "IG2",
2623
- assetType: ["data"],
2594
+ assetType: ["Data"],
2624
2595
  securityFunction: ["Protect"],
2625
2596
  governanceElements: [ // Orange - MUST be met
2626
- "Segment data processing and storage based on the sensitivity of the data",
2627
2597
  "Do not process sensitive data on enterprise assets intended for lower sensitivity data"
2628
2598
  ],
2629
2599
  coreRequirements: [ // Green - The "what"
2600
+ "Segment Data Processing",
2601
+ "Segment Data Storage",
2602
+ "Based on Sensitivity"
2630
2603
  ],
2631
2604
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
2632
- "Based on the sensitivity of data",
2633
- "Segment data processing (compute)",
2634
- "Segment Storage",
2635
- "Do not process sensitive data on enterprise assets intended for lower sensitivity data"
2636
2605
  ],
2637
2606
  implementationSuggestions: [ // Gray - Implementation suggestions
2638
2607
  ],
@@ -2722,17 +2691,15 @@ export class SafeguardManager {
2722
2691
  title: "Deploy a Data Loss Prevention Solution",
2723
2692
  description: "Implement an automated tool, such as a host-based Data Loss Prevention (DLP) tool to identify all sensitive data stored, processed, or transmitted through enterprise assets, including those located onsite or at a remote service provider, and update the enterprise's data inventory.",
2724
2693
  implementationGroup: "IG3",
2725
- assetType: ["data"],
2694
+ assetType: ["Data"],
2726
2695
  securityFunction: ["Protect"],
2727
2696
  governanceElements: [ // Orange - MUST be met
2728
- "Implement",
2729
- "Update Data Inventory"
2697
+ "Implement"
2730
2698
  ],
2731
2699
  coreRequirements: [ // Green - The "what"
2732
- "automated tool to identify all sensitive data stored, processed, or transmitted through enterprise assets, including those located onsite or at a remote service provider"
2700
+ "automated tool to identify all sensitive data"
2733
2701
  ],
2734
2702
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
2735
- "Automated DLP Tool",
2736
2703
  "Identify all sensitive Data",
2737
2704
  "Stored",
2738
2705
  "Processed",
@@ -2830,19 +2797,15 @@ export class SafeguardManager {
2830
2797
  title: "Log Sensitive Data Access",
2831
2798
  description: "Log sensitive data access, including modification and disposal.",
2832
2799
  implementationGroup: "IG3",
2833
- assetType: ["data"],
2800
+ assetType: ["Data"],
2834
2801
  securityFunction: ["Detect"],
2835
2802
  governanceElements: [ // Orange - MUST be met
2836
2803
  "Log"
2837
2804
  ],
2838
2805
  coreRequirements: [ // Green - The "what"
2839
- "sensitive data access, including modification and disposal"
2806
+ "Log sensitive data access, including modification and disposal"
2840
2807
  ],
2841
2808
  subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
2842
- "Sensitive Data access",
2843
- "Access",
2844
- "Modification",
2845
- "Disposal"
2846
2809
  ],
2847
2810
  implementationSuggestions: [ // Gray - Implementation suggestions
2848
2811
  ],
@@ -4110,7 +4073,7 @@ export class SafeguardManager {
4110
4073
  title: "Separate Enterprise Workspaces on Mobile End-User Devices",
4111
4074
  description: "Ensure separate enterprise workspaces are used on mobile end-user devices, where supported. Example implementations include using an Apple® Configuration Profile or AndroidTM Work Profile to separate enterprise applications and data from personal applications and data.",
4112
4075
  implementationGroup: "IG3",
4113
- assetType: ["devices", "data"],
4076
+ assetType: ["devices", "Data"],
4114
4077
  securityFunction: ["Protect"],
4115
4078
  governanceElements: [ // Orange - MUST be met
4116
4079
  "Ensure",
@@ -6577,7 +6540,7 @@ export class SafeguardManager {
6577
6540
  title: "Establish and Maintain an Audit Log Management Process",
6578
6541
  description: "Establish and maintain a documented audit log management process that defines the enterprise's logging requirements. At a minimum, address the collection, review, and retention of audit logs for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
6579
6542
  implementationGroup: "IG1",
6580
- assetType: ["enterprise assets", "data"],
6543
+ assetType: ["enterprise assets", "Data"],
6581
6544
  securityFunction: ["Govern"],
6582
6545
  governanceElements: [
6583
6546
  "establish and maintain",
@@ -6687,7 +6650,7 @@ export class SafeguardManager {
6687
6650
  title: "Collect Audit Logs",
6688
6651
  description: "Collect audit logs. Ensure that logging, per the enterprise's audit log management process, has been enabled across enterprise assets.",
6689
6652
  implementationGroup: "IG1",
6690
- assetType: ["enterprise assets", "data"],
6653
+ assetType: ["enterprise assets", "Data"],
6691
6654
  securityFunction: ["Detect"],
6692
6655
  governanceElements: [
6693
6656
  "per the enterprise's audit log management process"
@@ -6790,7 +6753,7 @@ export class SafeguardManager {
6790
6753
  title: "Ensure Adequate Audit Log Storage",
6791
6754
  description: "Ensure that logging destinations maintain adequate storage to comply with the enterprise's audit log management process.",
6792
6755
  implementationGroup: "IG1",
6793
- assetType: ["data"],
6756
+ assetType: ["Data"],
6794
6757
  securityFunction: ["Protect"],
6795
6758
  governanceElements: [
6796
6759
  "comply with the enterprise's audit log management process"
@@ -6894,7 +6857,7 @@ export class SafeguardManager {
6894
6857
  title: "Standardize Time Synchronization",
6895
6858
  description: "Standardize time synchronization. Configure at least two synchronized time sources across enterprise assets, where supported.",
6896
6859
  implementationGroup: "IG2",
6897
- assetType: ["enterprise assets", "data"],
6860
+ assetType: ["enterprise assets", "Data"],
6898
6861
  securityFunction: ["Protect"],
6899
6862
  governanceElements: [
6900
6863
  "standardize time synchronization"
@@ -7000,7 +6963,7 @@ export class SafeguardManager {
7000
6963
  title: "Collect Detailed Audit Logs",
7001
6964
  description: "Configure detailed audit logging for enterprise assets containing sensitive data. Include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements that could assist in a forensic investigation.",
7002
6965
  implementationGroup: "IG2",
7003
- assetType: ["enterprise assets", "data"],
6966
+ assetType: ["enterprise assets", "Data"],
7004
6967
  securityFunction: ["Detect"],
7005
6968
  governanceElements: [
7006
6969
  "configure detailed audit logging"
@@ -7109,7 +7072,7 @@ export class SafeguardManager {
7109
7072
  title: "Collect DNS Query Audit Logs",
7110
7073
  description: "Collect DNS query audit logs on enterprise assets, where appropriate and supported.",
7111
7074
  implementationGroup: "IG2",
7112
- assetType: ["enterprise assets", "data"],
7075
+ assetType: ["enterprise assets", "Data"],
7113
7076
  securityFunction: ["Detect"],
7114
7077
  governanceElements: [
7115
7078
  "where appropriate and supported"
@@ -7214,7 +7177,7 @@ export class SafeguardManager {
7214
7177
  title: "Collect URL Request Audit Logs",
7215
7178
  description: "Collect URL request audit logs on enterprise assets, where appropriate and supported.",
7216
7179
  implementationGroup: "IG2",
7217
- assetType: ["enterprise assets", "data"],
7180
+ assetType: ["enterprise assets", "Data"],
7218
7181
  securityFunction: ["Detect"],
7219
7182
  governanceElements: [
7220
7183
  "where appropriate and supported"
@@ -7319,7 +7282,7 @@ export class SafeguardManager {
7319
7282
  title: "Collect Command-Line Audit Logs",
7320
7283
  description: "Collect command-line audit logs. Example implementations include collecting audit logs from PowerShell®, BASH™, and remote administrative terminals.",
7321
7284
  implementationGroup: "IG2",
7322
- assetType: ["data"],
7285
+ assetType: ["Data"],
7323
7286
  securityFunction: ["Detect"],
7324
7287
  governanceElements: [
7325
7288
  "collect command-line audit logs"
@@ -7423,7 +7386,7 @@ export class SafeguardManager {
7423
7386
  title: "Centralize Audit Logs",
7424
7387
  description: "Centralize, to the extent possible, audit log collection and retention across enterprise assets in accordance with the documented audit log management process. Example implementations include leveraging a SIEM tool to centralize multiple log sources.",
7425
7388
  implementationGroup: "IG2",
7426
- assetType: ["enterprise assets", "data"],
7389
+ assetType: ["enterprise assets", "Data"],
7427
7390
  securityFunction: ["Detect"],
7428
7391
  governanceElements: [
7429
7392
  "in accordance with documented audit log management process",
@@ -7529,7 +7492,7 @@ export class SafeguardManager {
7529
7492
  title: "Retain Audit Logs",
7530
7493
  description: "Retain audit logs across enterprise assets for a minimum of 90 days.",
7531
7494
  implementationGroup: "IG2",
7532
- assetType: ["enterprise assets", "data"],
7495
+ assetType: ["enterprise assets", "Data"],
7533
7496
  securityFunction: ["Protect"],
7534
7497
  governanceElements: [
7535
7498
  "minimum of 90 days"
@@ -7630,7 +7593,7 @@ export class SafeguardManager {
7630
7593
  title: "Conduct Audit Log Reviews",
7631
7594
  description: "Conduct reviews of audit logs to detect anomalies or abnormal events that could indicate a potential threat. Conduct reviews on a weekly, or more frequent, basis.",
7632
7595
  implementationGroup: "IG2",
7633
- assetType: ["data"],
7596
+ assetType: ["Data"],
7634
7597
  securityFunction: ["Detect"],
7635
7598
  governanceElements: [
7636
7599
  "conduct reviews on a weekly, or more frequent, basis"
@@ -7734,7 +7697,7 @@ export class SafeguardManager {
7734
7697
  title: "Collect Service Provider Logs",
7735
7698
  description: "Collect service provider logs, where supported. Example implementations include collecting authentication and authorization events, data creation and disposal events, and user management events.",
7736
7699
  implementationGroup: "IG3",
7737
- assetType: ["data"],
7700
+ assetType: ["Data"],
7738
7701
  securityFunction: ["Detect"],
7739
7702
  governanceElements: [
7740
7703
  "where supported"
@@ -9408,7 +9371,7 @@ export class SafeguardManager {
9408
9371
  title: "Establish and Maintain a Data Recovery Process",
9409
9372
  description: "Establish and maintain a documented data recovery process. In the process, address the scope of data recovery activities, recovery prioritization, and the security of backup data. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard",
9410
9373
  implementationGroup: "IG1",
9411
- assetType: ["data"],
9374
+ assetType: ["Data"],
9412
9375
  securityFunction: ["Govern"],
9413
9376
  governanceElements: [ // Orange - MUST be met
9414
9377
  "establish documented data recovery process",
@@ -9525,7 +9488,7 @@ export class SafeguardManager {
9525
9488
  title: "Perform Automated Backups",
9526
9489
  description: "Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data",
9527
9490
  implementationGroup: "IG1",
9528
- assetType: ["data"],
9491
+ assetType: ["Data"],
9529
9492
  securityFunction: ["Recover"],
9530
9493
  governanceElements: [ // Orange - MUST be met
9531
9494
  "perform automated backups",
@@ -9640,7 +9603,7 @@ export class SafeguardManager {
9640
9603
  title: "Protect Recovery Data",
9641
9604
  description: "Protect recovery data with equivalent controls to the original data. Reference encryption or data separation, based on requirements",
9642
9605
  implementationGroup: "IG1",
9643
- assetType: ["data"],
9606
+ assetType: ["Data"],
9644
9607
  securityFunction: ["Protect"],
9645
9608
  governanceElements: [ // Orange - MUST be met
9646
9609
  "protect recovery data",
@@ -9754,7 +9717,7 @@ export class SafeguardManager {
9754
9717
  title: "Establish and Maintain an Isolated Instance of Recovery Data",
9755
9718
  description: "Establish and maintain an isolated instance of recovery data. Example implementations include version controlling backup destinations through offline, cloud, or off-site systems or services",
9756
9719
  implementationGroup: "IG1",
9757
- assetType: ["data"],
9720
+ assetType: ["Data"],
9758
9721
  securityFunction: ["Recover"],
9759
9722
  governanceElements: [ // Orange - MUST be met
9760
9723
  "establish isolated instance of recovery data",
@@ -9871,7 +9834,7 @@ export class SafeguardManager {
9871
9834
  title: "Test Data Recovery",
9872
9835
  description: "Test backup recovery quarterly, or more frequently, for a sampling of in-scope enterprise assets",
9873
9836
  implementationGroup: "IG2",
9874
- assetType: ["data"],
9837
+ assetType: ["Data"],
9875
9838
  securityFunction: ["Recover"],
9876
9839
  governanceElements: [ // Orange - MUST be met
9877
9840
  "test backup recovery quarterly or more frequently",
@@ -13713,7 +13676,7 @@ export class SafeguardManager {
13713
13676
  title: "Monitor Service Providers",
13714
13677
  description: "Monitor service providers consistent with the enterprise's service provider management policy. Monitoring may include periodic reassessment of service provider compliance, monitoring service provider release notes, and dark web monitoring",
13715
13678
  implementationGroup: "IG3",
13716
- assetType: ["data"],
13679
+ assetType: ["Data"],
13717
13680
  securityFunction: ["Govern"],
13718
13681
  governanceElements: [ // Orange - MUST be met
13719
13682
  "monitor service providers consistent with enterprise's service provider management policy",
@@ -13824,7 +13787,7 @@ export class SafeguardManager {
13824
13787
  title: "Securely Decommission Service Providers",
13825
13788
  description: "Securely decommission service providers. Example considerations include user and service account deactivation, termination of data flows, and secure disposal of enterprise data within service provider systems",
13826
13789
  implementationGroup: "IG3",
13827
- assetType: ["data"],
13790
+ assetType: ["Data"],
13828
13791
  securityFunction: ["Protect"],
13829
13792
  governanceElements: [ // Orange - MUST be met
13830
13793
  "securely decommission service providers",
@@ -106,7 +106,7 @@ export class FrameworkHttpServer {
106
106
  res.json({
107
107
  status: 'healthy',
108
108
  uptime: Math.round(process.uptime()),
109
- version: '2.4.2',
109
+ version: '2.4.3',
110
110
  timestamp: new Date().toISOString()
111
111
  });
112
112
  });
@@ -222,7 +222,7 @@ export class FrameworkHttpServer {
222
222
  this.app.get('/api', (req, res) => {
223
223
  res.json({
224
224
  name: 'Framework MCP HTTP API',
225
- version: '2.4.2',
225
+ version: '2.4.3',
226
226
  description: 'Pure Data Provider serving authentic CIS Controls Framework data',
227
227
  endpoints: {
228
228
  'GET /api/safeguards': 'List all available CIS safeguards',
@@ -18,7 +18,7 @@ export class FrameworkMcpServer {
18
18
  this.server = new Server(
19
19
  {
20
20
  name: 'framework-analyzer',
21
- version: '2.4.2',
21
+ version: '2.4.3',
22
22
  }
23
23
  );
24
24
 
@@ -129,7 +129,7 @@ export class FrameworkMcpServer {
129
129
  safeguards,
130
130
  total: safeguards.length,
131
131
  framework: 'CIS Controls v8.1',
132
- version: '2.4.2'
132
+ version: '2.4.3'
133
133
  }, null, 2),
134
134
  },
135
135
  ],