framework-mcp 2.4.2 → 2.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/safeguard-manager.d.ts.map +1 -1
- package/dist/core/safeguard-manager.js +69 -106
- package/dist/core/safeguard-manager.js.map +1 -1
- package/dist/interfaces/http/http-server.js +2 -2
- package/dist/interfaces/mcp/mcp-server.js +2 -2
- package/package.json +1 -1
- package/src/core/safeguard-manager.ts +64 -101
- package/src/interfaces/http/http-server.ts +2 -2
- package/src/interfaces/mcp/mcp-server.ts +2 -2
|
@@ -83,7 +83,7 @@ export class FrameworkHttpServer {
|
|
|
83
83
|
res.json({
|
|
84
84
|
status: 'healthy',
|
|
85
85
|
uptime: Math.round(process.uptime()),
|
|
86
|
-
version: '2.4.
|
|
86
|
+
version: '2.4.3',
|
|
87
87
|
timestamp: new Date().toISOString()
|
|
88
88
|
});
|
|
89
89
|
});
|
|
@@ -183,7 +183,7 @@ export class FrameworkHttpServer {
|
|
|
183
183
|
this.app.get('/api', (req, res) => {
|
|
184
184
|
res.json({
|
|
185
185
|
name: 'Framework MCP HTTP API',
|
|
186
|
-
version: '2.4.
|
|
186
|
+
version: '2.4.3',
|
|
187
187
|
description: 'Pure Data Provider serving authentic CIS Controls Framework data',
|
|
188
188
|
endpoints: {
|
|
189
189
|
'GET /api/safeguards': 'List all available CIS safeguards',
|
|
@@ -7,7 +7,7 @@ export class FrameworkMcpServer {
|
|
|
7
7
|
constructor() {
|
|
8
8
|
this.server = new Server({
|
|
9
9
|
name: 'framework-analyzer',
|
|
10
|
-
version: '2.4.
|
|
10
|
+
version: '2.4.3',
|
|
11
11
|
});
|
|
12
12
|
this.safeguardManager = new SafeguardManager();
|
|
13
13
|
this.setupHandlers();
|
|
@@ -103,7 +103,7 @@ export class FrameworkMcpServer {
|
|
|
103
103
|
safeguards,
|
|
104
104
|
total: safeguards.length,
|
|
105
105
|
framework: 'CIS Controls v8.1',
|
|
106
|
-
version: '2.4.
|
|
106
|
+
version: '2.4.3'
|
|
107
107
|
}, null, 2),
|
|
108
108
|
},
|
|
109
109
|
],
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "framework-mcp",
|
|
3
|
-
"version": "2.4.
|
|
3
|
+
"version": "2.4.3",
|
|
4
4
|
"description": "Pure Data Provider architecture serving authentic CIS Controls Framework data via MCP and HTTP API. Empowers LLMs with authoritative safeguards data for analysis. Supports Microsoft Copilot custom connectors and DigitalOcean App Services deployment.",
|
|
5
5
|
"main": "dist/interfaces/http/http-server.js",
|
|
6
6
|
"type": "module",
|
|
@@ -1461,7 +1461,7 @@ export class SafeguardManager {
|
|
|
1461
1461
|
title: "Establish and Maintain a Data Management Process",
|
|
1462
1462
|
description: "Establish and maintain a documented data management process. In the process, address data sensitivity, data owner, handling of data, data retention limits, and disposal requirements, based on sensitivity and retention standards for the enterprise. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
|
|
1463
1463
|
implementationGroup: "IG1",
|
|
1464
|
-
assetType: ["
|
|
1464
|
+
assetType: ["Data"],
|
|
1465
1465
|
securityFunction: ["Govern"],
|
|
1466
1466
|
governanceElements: [ // Orange - MUST be met
|
|
1467
1467
|
"Establish",
|
|
@@ -1469,20 +1469,15 @@ export class SafeguardManager {
|
|
|
1469
1469
|
"Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard"
|
|
1470
1470
|
],
|
|
1471
1471
|
coreRequirements: [ // Green - The "what"
|
|
1472
|
-
"documented data management process"
|
|
1473
|
-
"address data sensitivity, data owner, handling of data, data retention limits, and disposal requirements, based on sensitivity and retention standards for the enterprise"
|
|
1472
|
+
"documented data management process"
|
|
1474
1473
|
],
|
|
1475
1474
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
1476
|
-
"Documented Data management process",
|
|
1477
1475
|
"Data Sensitivity",
|
|
1478
1476
|
"Data Owner",
|
|
1479
1477
|
"Data Handling",
|
|
1480
1478
|
"Data Retention Limits",
|
|
1481
1479
|
"Disposal Requirements",
|
|
1482
|
-
"Retention Standards"
|
|
1483
|
-
"Review and update documentation",
|
|
1484
|
-
"Annually",
|
|
1485
|
-
"When significant enterprise changes occur that could impact this Safeguard"
|
|
1480
|
+
"Retention Standards"
|
|
1486
1481
|
],
|
|
1487
1482
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
1488
1483
|
],
|
|
@@ -1572,7 +1567,7 @@ export class SafeguardManager {
|
|
|
1572
1567
|
title: "Establish and Maintain a Data Inventory",
|
|
1573
1568
|
description: "Establish and maintain a data inventory based on the enterprise's data management process. Inventory sensitive data, at a minimum. Review and update inventory annually, at a minimum, with a priority on sensitive data.",
|
|
1574
1569
|
implementationGroup: "IG1",
|
|
1575
|
-
assetType: ["
|
|
1570
|
+
assetType: ["Data"],
|
|
1576
1571
|
securityFunction: ["Identify"],
|
|
1577
1572
|
governanceElements: [ // Orange - MUST be met
|
|
1578
1573
|
"Establish",
|
|
@@ -1580,16 +1575,11 @@ export class SafeguardManager {
|
|
|
1580
1575
|
"Review and update inventory annually, at a minimum, with a priority on sensitive data"
|
|
1581
1576
|
],
|
|
1582
1577
|
coreRequirements: [ // Green - The "what"
|
|
1583
|
-
"data inventory
|
|
1584
|
-
"inventory sensitive data, at a minimum"
|
|
1578
|
+
"data inventory"
|
|
1585
1579
|
],
|
|
1586
1580
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
1587
|
-
"Data Inventory",
|
|
1588
1581
|
"Based on Data Management process",
|
|
1589
|
-
"Sensitive Data at a Minimum"
|
|
1590
|
-
"Review and update inventory",
|
|
1591
|
-
"Annually, at a minimum",
|
|
1592
|
-
"Priority on sensitive data"
|
|
1582
|
+
"Sensitive Data at a Minimum"
|
|
1593
1583
|
],
|
|
1594
1584
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
1595
1585
|
],
|
|
@@ -1679,14 +1669,13 @@ export class SafeguardManager {
|
|
|
1679
1669
|
title: "Configure Data Access Control Lists",
|
|
1680
1670
|
description: "Configure data access control lists based on a user's need to know. Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications.",
|
|
1681
1671
|
implementationGroup: "IG1",
|
|
1682
|
-
assetType: ["
|
|
1672
|
+
assetType: ["Data"],
|
|
1683
1673
|
securityFunction: ["Protect"],
|
|
1684
1674
|
governanceElements: [ // Orange - MUST be met
|
|
1685
|
-
"Configure"
|
|
1686
|
-
"Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications"
|
|
1675
|
+
"Configure"
|
|
1687
1676
|
],
|
|
1688
1677
|
coreRequirements: [ // Green - The "what"
|
|
1689
|
-
"data access control lists
|
|
1678
|
+
"data access control lists"
|
|
1690
1679
|
],
|
|
1691
1680
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
1692
1681
|
"Data Access control lists",
|
|
@@ -1785,7 +1774,7 @@ export class SafeguardManager {
|
|
|
1785
1774
|
title: "Enforce Data Retention",
|
|
1786
1775
|
description: "Retain data according to the enterprise's documented data management process. Data retention must include both minimum and maximum timelines.",
|
|
1787
1776
|
implementationGroup: "IG1",
|
|
1788
|
-
assetType: ["
|
|
1777
|
+
assetType: ["Data"],
|
|
1789
1778
|
securityFunction: ["Protect"],
|
|
1790
1779
|
governanceElements: [ // Orange - MUST be met
|
|
1791
1780
|
"Retain",
|
|
@@ -1798,7 +1787,6 @@ export class SafeguardManager {
|
|
|
1798
1787
|
],
|
|
1799
1788
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
1800
1789
|
"Data Retention",
|
|
1801
|
-
"Must Include",
|
|
1802
1790
|
"Minimum Timelines",
|
|
1803
1791
|
"Maximum timelines"
|
|
1804
1792
|
],
|
|
@@ -1890,19 +1878,17 @@ export class SafeguardManager {
|
|
|
1890
1878
|
title: "Securely Dispose of Data",
|
|
1891
1879
|
description: "Securely dispose of data as outlined in the enterprise's data management process. Ensure the disposal process and method are commensurate with the data sensitivity.",
|
|
1892
1880
|
implementationGroup: "IG1",
|
|
1893
|
-
assetType: ["
|
|
1881
|
+
assetType: ["Data"],
|
|
1894
1882
|
securityFunction: ["Protect"],
|
|
1895
1883
|
governanceElements: [ // Orange - MUST be met
|
|
1896
|
-
"
|
|
1884
|
+
"Disposal process and method are commensurate with the data sensitivity",
|
|
1897
1885
|
"Ensure"
|
|
1898
1886
|
],
|
|
1899
1887
|
coreRequirements: [ // Green - The "what"
|
|
1900
|
-
"
|
|
1901
|
-
"the disposal process and method are commensurate with the data sensitivity"
|
|
1888
|
+
"Securely Dispose of Data"
|
|
1902
1889
|
],
|
|
1903
1890
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
1904
|
-
"Securely dispose of
|
|
1905
|
-
"Disposal process and method are commensurate with the data sensitivity"
|
|
1891
|
+
"Securely dispose of Data"
|
|
1906
1892
|
],
|
|
1907
1893
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
1908
1894
|
],
|
|
@@ -1992,17 +1978,17 @@ export class SafeguardManager {
|
|
|
1992
1978
|
title: "Encrypt Data on End-User Devices",
|
|
1993
1979
|
description: "Encrypt data on end-user devices containing sensitive data. Example implementations can include: Windows BitLocker®, Apple FileVault®, Linux® dm-crypt.",
|
|
1994
1980
|
implementationGroup: "IG1",
|
|
1995
|
-
assetType: ["
|
|
1981
|
+
assetType: ["Data"],
|
|
1996
1982
|
securityFunction: ["Protect"],
|
|
1997
1983
|
governanceElements: [ // Orange - MUST be met
|
|
1998
1984
|
"Encrypt"
|
|
1999
1985
|
],
|
|
2000
1986
|
coreRequirements: [ // Green - The "what"
|
|
2001
|
-
"data on end-user devices
|
|
1987
|
+
"data on end-user devices"
|
|
2002
1988
|
],
|
|
2003
1989
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
2004
1990
|
"Data on end-user devices",
|
|
2005
|
-
"Sensitive data"
|
|
1991
|
+
"that contain Sensitive data"
|
|
2006
1992
|
],
|
|
2007
1993
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
2008
1994
|
"Windows Bitlocker",
|
|
@@ -2095,7 +2081,7 @@ export class SafeguardManager {
|
|
|
2095
2081
|
title: "Establish and Maintain a Data Classification Scheme",
|
|
2096
2082
|
description: "Establish and maintain an overall data classification scheme for the enterprise. Enterprises may use labels, such as \"Sensitive,\" \"Confidential,\" and \"Public,\" and classify their data according to those labels. Review and update the classification scheme annually, or when significant enterprise changes occur that could impact this Safeguard.",
|
|
2097
2083
|
implementationGroup: "IG2",
|
|
2098
|
-
assetType: ["
|
|
2084
|
+
assetType: ["Data"],
|
|
2099
2085
|
securityFunction: ["Identify"],
|
|
2100
2086
|
governanceElements: [ // Orange - MUST be met
|
|
2101
2087
|
"Establish",
|
|
@@ -2103,15 +2089,10 @@ export class SafeguardManager {
|
|
|
2103
2089
|
"Review and update the classification scheme annually, or when significant enterprise changes occur that could impact this Safeguard"
|
|
2104
2090
|
],
|
|
2105
2091
|
coreRequirements: [ // Green - The "what"
|
|
2106
|
-
"
|
|
2107
|
-
"classify their data according to those labels"
|
|
2092
|
+
"data classification scheme"
|
|
2108
2093
|
],
|
|
2109
2094
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
2110
|
-
"
|
|
2111
|
-
"Classify their data according to labels",
|
|
2112
|
-
"Review and update classification scheme",
|
|
2113
|
-
"Annually",
|
|
2114
|
-
"When significant enterprise changes occur that could impact this Safeguard"
|
|
2095
|
+
"Classify their data according to labels"
|
|
2115
2096
|
],
|
|
2116
2097
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
2117
2098
|
"Sensitive",
|
|
@@ -2204,27 +2185,19 @@ export class SafeguardManager {
|
|
|
2204
2185
|
title: "Document Data Flows",
|
|
2205
2186
|
description: "Document data flows. Data flow documentation includes service provider data flows and should be based on the enterprise's data management process. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
|
|
2206
2187
|
implementationGroup: "IG2",
|
|
2207
|
-
assetType: ["
|
|
2188
|
+
assetType: ["Data"],
|
|
2208
2189
|
securityFunction: ["Identify"],
|
|
2209
2190
|
governanceElements: [ // Orange - MUST be met
|
|
2210
|
-
"Document data flows"
|
|
2211
|
-
"Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard"
|
|
2191
|
+
"Document data flows"
|
|
2212
2192
|
],
|
|
2213
2193
|
coreRequirements: [ // Green - The "what"
|
|
2214
|
-
"Data
|
|
2194
|
+
"Document Data Flows"
|
|
2215
2195
|
],
|
|
2216
2196
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
2217
|
-
"Document data flows",
|
|
2218
2197
|
"Enterprise Data Flows",
|
|
2219
|
-
"Service Provider Data Flows"
|
|
2220
|
-
"Review and update documentation",
|
|
2221
|
-
"Annually",
|
|
2222
|
-
"When significant enterprise changes occur that could impact this Safeguard"
|
|
2198
|
+
"Service Provider Data Flows"
|
|
2223
2199
|
],
|
|
2224
2200
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
2225
|
-
"Data management systems",
|
|
2226
|
-
"Data flow mapping tools",
|
|
2227
|
-
"Service provider documentation"
|
|
2228
2201
|
],
|
|
2229
2202
|
relatedSafeguards: ["3.1", "3.2", "3.7", "3.9", "3.10", "3.11"],
|
|
2230
2203
|
systemPromptFull: {
|
|
@@ -2312,16 +2285,16 @@ export class SafeguardManager {
|
|
|
2312
2285
|
title: "Encrypt Data on Removable Media",
|
|
2313
2286
|
description: "Encrypt Data on Removable Media",
|
|
2314
2287
|
implementationGroup: "IG2",
|
|
2315
|
-
assetType: ["
|
|
2288
|
+
assetType: ["Data"],
|
|
2316
2289
|
securityFunction: ["Protect"],
|
|
2317
2290
|
governanceElements: [ // Orange - MUST be met
|
|
2318
|
-
"Encrypt
|
|
2291
|
+
"Encrypt"
|
|
2319
2292
|
],
|
|
2320
2293
|
coreRequirements: [ // Green - The "what"
|
|
2294
|
+
"Encrypt Data on Removable Media"
|
|
2321
2295
|
],
|
|
2322
2296
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
2323
2297
|
"Data on Removable Media",
|
|
2324
|
-
"Maintain"
|
|
2325
2298
|
],
|
|
2326
2299
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
2327
2300
|
],
|
|
@@ -2411,13 +2384,13 @@ export class SafeguardManager {
|
|
|
2411
2384
|
title: "Encrypt Sensitive Data in Transit",
|
|
2412
2385
|
description: "Encrypt sensitive data in transit. Example implementations can include: Transport Layer Security (TLS) and Open Secure Shell (OpenSSH).",
|
|
2413
2386
|
implementationGroup: "IG2",
|
|
2414
|
-
assetType: ["
|
|
2387
|
+
assetType: ["Data"],
|
|
2415
2388
|
securityFunction: ["Protect"],
|
|
2416
2389
|
governanceElements: [ // Orange - MUST be met
|
|
2417
2390
|
"Encrypt"
|
|
2418
2391
|
],
|
|
2419
2392
|
coreRequirements: [ // Green - The "what"
|
|
2420
|
-
"sensitive data in transit"
|
|
2393
|
+
"Encrypt sensitive data in transit"
|
|
2421
2394
|
],
|
|
2422
2395
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
2423
2396
|
"Sensitive data in transit"
|
|
@@ -2512,23 +2485,21 @@ export class SafeguardManager {
|
|
|
2512
2485
|
title: "Encrypt Sensitive Data at Rest",
|
|
2513
2486
|
description: "Encrypt sensitive data at rest on servers, applications, and databases. Storage-layer encryption, also known as server-side encryption, meets the minimum requirement of this Safeguard. Additional encryption methods may include application-layer encryption, also known as client-side encryption, where access to the data storage device(s) does not permit access to the plain-text data.",
|
|
2514
2487
|
implementationGroup: "IG2",
|
|
2515
|
-
assetType: ["
|
|
2488
|
+
assetType: ["Data"],
|
|
2516
2489
|
securityFunction: ["Protect"],
|
|
2517
2490
|
governanceElements: [ // Orange - MUST be met
|
|
2518
2491
|
"Encrypt",
|
|
2519
|
-
"
|
|
2492
|
+
"Minimum Requirement"
|
|
2520
2493
|
],
|
|
2521
2494
|
coreRequirements: [ // Green - The "what"
|
|
2522
|
-
"sensitive data at rest
|
|
2523
|
-
"Storage-layer encryption, also known as server-side encryption"
|
|
2495
|
+
"Encrypt sensitive data at rest"
|
|
2524
2496
|
],
|
|
2525
2497
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
2526
|
-
"
|
|
2498
|
+
"Sensitive Data At Rest",
|
|
2527
2499
|
"Servers",
|
|
2528
|
-
"
|
|
2500
|
+
"Applications",
|
|
2529
2501
|
"Databases",
|
|
2530
|
-
"Storage Layer (server side) encryption"
|
|
2531
|
-
"Minimum Requirement"
|
|
2502
|
+
"Storage Layer (server side) encryption"
|
|
2532
2503
|
],
|
|
2533
2504
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
2534
2505
|
"Application layer (client-side) encryption",
|
|
@@ -2620,19 +2591,17 @@ export class SafeguardManager {
|
|
|
2620
2591
|
title: "Segment Data Processing and Storage Based on Sensitivity",
|
|
2621
2592
|
description: "Segment data processing and storage based on the sensitivity of the data. Do not process sensitive data on enterprise assets intended for lower sensitivity data.",
|
|
2622
2593
|
implementationGroup: "IG2",
|
|
2623
|
-
assetType: ["
|
|
2594
|
+
assetType: ["Data"],
|
|
2624
2595
|
securityFunction: ["Protect"],
|
|
2625
2596
|
governanceElements: [ // Orange - MUST be met
|
|
2626
|
-
"Segment data processing and storage based on the sensitivity of the data",
|
|
2627
2597
|
"Do not process sensitive data on enterprise assets intended for lower sensitivity data"
|
|
2628
2598
|
],
|
|
2629
2599
|
coreRequirements: [ // Green - The "what"
|
|
2600
|
+
"Segment Data Processing",
|
|
2601
|
+
"Segment Data Storage",
|
|
2602
|
+
"Based on Sensitivity"
|
|
2630
2603
|
],
|
|
2631
2604
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
2632
|
-
"Based on the sensitivity of data",
|
|
2633
|
-
"Segment data processing (compute)",
|
|
2634
|
-
"Segment Storage",
|
|
2635
|
-
"Do not process sensitive data on enterprise assets intended for lower sensitivity data"
|
|
2636
2605
|
],
|
|
2637
2606
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
2638
2607
|
],
|
|
@@ -2722,17 +2691,15 @@ export class SafeguardManager {
|
|
|
2722
2691
|
title: "Deploy a Data Loss Prevention Solution",
|
|
2723
2692
|
description: "Implement an automated tool, such as a host-based Data Loss Prevention (DLP) tool to identify all sensitive data stored, processed, or transmitted through enterprise assets, including those located onsite or at a remote service provider, and update the enterprise's data inventory.",
|
|
2724
2693
|
implementationGroup: "IG3",
|
|
2725
|
-
assetType: ["
|
|
2694
|
+
assetType: ["Data"],
|
|
2726
2695
|
securityFunction: ["Protect"],
|
|
2727
2696
|
governanceElements: [ // Orange - MUST be met
|
|
2728
|
-
"Implement"
|
|
2729
|
-
"Update Data Inventory"
|
|
2697
|
+
"Implement"
|
|
2730
2698
|
],
|
|
2731
2699
|
coreRequirements: [ // Green - The "what"
|
|
2732
|
-
"automated tool to identify all sensitive data
|
|
2700
|
+
"automated tool to identify all sensitive data"
|
|
2733
2701
|
],
|
|
2734
2702
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
2735
|
-
"Automated DLP Tool",
|
|
2736
2703
|
"Identify all sensitive Data",
|
|
2737
2704
|
"Stored",
|
|
2738
2705
|
"Processed",
|
|
@@ -2830,19 +2797,15 @@ export class SafeguardManager {
|
|
|
2830
2797
|
title: "Log Sensitive Data Access",
|
|
2831
2798
|
description: "Log sensitive data access, including modification and disposal.",
|
|
2832
2799
|
implementationGroup: "IG3",
|
|
2833
|
-
assetType: ["
|
|
2800
|
+
assetType: ["Data"],
|
|
2834
2801
|
securityFunction: ["Detect"],
|
|
2835
2802
|
governanceElements: [ // Orange - MUST be met
|
|
2836
2803
|
"Log"
|
|
2837
2804
|
],
|
|
2838
2805
|
coreRequirements: [ // Green - The "what"
|
|
2839
|
-
"sensitive data access, including modification and disposal"
|
|
2806
|
+
"Log sensitive data access, including modification and disposal"
|
|
2840
2807
|
],
|
|
2841
2808
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
2842
|
-
"Sensitive Data access",
|
|
2843
|
-
"Access",
|
|
2844
|
-
"Modification",
|
|
2845
|
-
"Disposal"
|
|
2846
2809
|
],
|
|
2847
2810
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
2848
2811
|
],
|
|
@@ -4110,7 +4073,7 @@ export class SafeguardManager {
|
|
|
4110
4073
|
title: "Separate Enterprise Workspaces on Mobile End-User Devices",
|
|
4111
4074
|
description: "Ensure separate enterprise workspaces are used on mobile end-user devices, where supported. Example implementations include using an Apple® Configuration Profile or AndroidTM Work Profile to separate enterprise applications and data from personal applications and data.",
|
|
4112
4075
|
implementationGroup: "IG3",
|
|
4113
|
-
assetType: ["devices", "
|
|
4076
|
+
assetType: ["devices", "Data"],
|
|
4114
4077
|
securityFunction: ["Protect"],
|
|
4115
4078
|
governanceElements: [ // Orange - MUST be met
|
|
4116
4079
|
"Ensure",
|
|
@@ -6577,7 +6540,7 @@ export class SafeguardManager {
|
|
|
6577
6540
|
title: "Establish and Maintain an Audit Log Management Process",
|
|
6578
6541
|
description: "Establish and maintain a documented audit log management process that defines the enterprise's logging requirements. At a minimum, address the collection, review, and retention of audit logs for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
|
|
6579
6542
|
implementationGroup: "IG1",
|
|
6580
|
-
assetType: ["enterprise assets", "
|
|
6543
|
+
assetType: ["enterprise assets", "Data"],
|
|
6581
6544
|
securityFunction: ["Govern"],
|
|
6582
6545
|
governanceElements: [
|
|
6583
6546
|
"establish and maintain",
|
|
@@ -6687,7 +6650,7 @@ export class SafeguardManager {
|
|
|
6687
6650
|
title: "Collect Audit Logs",
|
|
6688
6651
|
description: "Collect audit logs. Ensure that logging, per the enterprise's audit log management process, has been enabled across enterprise assets.",
|
|
6689
6652
|
implementationGroup: "IG1",
|
|
6690
|
-
assetType: ["enterprise assets", "
|
|
6653
|
+
assetType: ["enterprise assets", "Data"],
|
|
6691
6654
|
securityFunction: ["Detect"],
|
|
6692
6655
|
governanceElements: [
|
|
6693
6656
|
"per the enterprise's audit log management process"
|
|
@@ -6790,7 +6753,7 @@ export class SafeguardManager {
|
|
|
6790
6753
|
title: "Ensure Adequate Audit Log Storage",
|
|
6791
6754
|
description: "Ensure that logging destinations maintain adequate storage to comply with the enterprise's audit log management process.",
|
|
6792
6755
|
implementationGroup: "IG1",
|
|
6793
|
-
assetType: ["
|
|
6756
|
+
assetType: ["Data"],
|
|
6794
6757
|
securityFunction: ["Protect"],
|
|
6795
6758
|
governanceElements: [
|
|
6796
6759
|
"comply with the enterprise's audit log management process"
|
|
@@ -6894,7 +6857,7 @@ export class SafeguardManager {
|
|
|
6894
6857
|
title: "Standardize Time Synchronization",
|
|
6895
6858
|
description: "Standardize time synchronization. Configure at least two synchronized time sources across enterprise assets, where supported.",
|
|
6896
6859
|
implementationGroup: "IG2",
|
|
6897
|
-
assetType: ["enterprise assets", "
|
|
6860
|
+
assetType: ["enterprise assets", "Data"],
|
|
6898
6861
|
securityFunction: ["Protect"],
|
|
6899
6862
|
governanceElements: [
|
|
6900
6863
|
"standardize time synchronization"
|
|
@@ -7000,7 +6963,7 @@ export class SafeguardManager {
|
|
|
7000
6963
|
title: "Collect Detailed Audit Logs",
|
|
7001
6964
|
description: "Configure detailed audit logging for enterprise assets containing sensitive data. Include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements that could assist in a forensic investigation.",
|
|
7002
6965
|
implementationGroup: "IG2",
|
|
7003
|
-
assetType: ["enterprise assets", "
|
|
6966
|
+
assetType: ["enterprise assets", "Data"],
|
|
7004
6967
|
securityFunction: ["Detect"],
|
|
7005
6968
|
governanceElements: [
|
|
7006
6969
|
"configure detailed audit logging"
|
|
@@ -7109,7 +7072,7 @@ export class SafeguardManager {
|
|
|
7109
7072
|
title: "Collect DNS Query Audit Logs",
|
|
7110
7073
|
description: "Collect DNS query audit logs on enterprise assets, where appropriate and supported.",
|
|
7111
7074
|
implementationGroup: "IG2",
|
|
7112
|
-
assetType: ["enterprise assets", "
|
|
7075
|
+
assetType: ["enterprise assets", "Data"],
|
|
7113
7076
|
securityFunction: ["Detect"],
|
|
7114
7077
|
governanceElements: [
|
|
7115
7078
|
"where appropriate and supported"
|
|
@@ -7214,7 +7177,7 @@ export class SafeguardManager {
|
|
|
7214
7177
|
title: "Collect URL Request Audit Logs",
|
|
7215
7178
|
description: "Collect URL request audit logs on enterprise assets, where appropriate and supported.",
|
|
7216
7179
|
implementationGroup: "IG2",
|
|
7217
|
-
assetType: ["enterprise assets", "
|
|
7180
|
+
assetType: ["enterprise assets", "Data"],
|
|
7218
7181
|
securityFunction: ["Detect"],
|
|
7219
7182
|
governanceElements: [
|
|
7220
7183
|
"where appropriate and supported"
|
|
@@ -7319,7 +7282,7 @@ export class SafeguardManager {
|
|
|
7319
7282
|
title: "Collect Command-Line Audit Logs",
|
|
7320
7283
|
description: "Collect command-line audit logs. Example implementations include collecting audit logs from PowerShell®, BASH™, and remote administrative terminals.",
|
|
7321
7284
|
implementationGroup: "IG2",
|
|
7322
|
-
assetType: ["
|
|
7285
|
+
assetType: ["Data"],
|
|
7323
7286
|
securityFunction: ["Detect"],
|
|
7324
7287
|
governanceElements: [
|
|
7325
7288
|
"collect command-line audit logs"
|
|
@@ -7423,7 +7386,7 @@ export class SafeguardManager {
|
|
|
7423
7386
|
title: "Centralize Audit Logs",
|
|
7424
7387
|
description: "Centralize, to the extent possible, audit log collection and retention across enterprise assets in accordance with the documented audit log management process. Example implementations include leveraging a SIEM tool to centralize multiple log sources.",
|
|
7425
7388
|
implementationGroup: "IG2",
|
|
7426
|
-
assetType: ["enterprise assets", "
|
|
7389
|
+
assetType: ["enterprise assets", "Data"],
|
|
7427
7390
|
securityFunction: ["Detect"],
|
|
7428
7391
|
governanceElements: [
|
|
7429
7392
|
"in accordance with documented audit log management process",
|
|
@@ -7529,7 +7492,7 @@ export class SafeguardManager {
|
|
|
7529
7492
|
title: "Retain Audit Logs",
|
|
7530
7493
|
description: "Retain audit logs across enterprise assets for a minimum of 90 days.",
|
|
7531
7494
|
implementationGroup: "IG2",
|
|
7532
|
-
assetType: ["enterprise assets", "
|
|
7495
|
+
assetType: ["enterprise assets", "Data"],
|
|
7533
7496
|
securityFunction: ["Protect"],
|
|
7534
7497
|
governanceElements: [
|
|
7535
7498
|
"minimum of 90 days"
|
|
@@ -7630,7 +7593,7 @@ export class SafeguardManager {
|
|
|
7630
7593
|
title: "Conduct Audit Log Reviews",
|
|
7631
7594
|
description: "Conduct reviews of audit logs to detect anomalies or abnormal events that could indicate a potential threat. Conduct reviews on a weekly, or more frequent, basis.",
|
|
7632
7595
|
implementationGroup: "IG2",
|
|
7633
|
-
assetType: ["
|
|
7596
|
+
assetType: ["Data"],
|
|
7634
7597
|
securityFunction: ["Detect"],
|
|
7635
7598
|
governanceElements: [
|
|
7636
7599
|
"conduct reviews on a weekly, or more frequent, basis"
|
|
@@ -7734,7 +7697,7 @@ export class SafeguardManager {
|
|
|
7734
7697
|
title: "Collect Service Provider Logs",
|
|
7735
7698
|
description: "Collect service provider logs, where supported. Example implementations include collecting authentication and authorization events, data creation and disposal events, and user management events.",
|
|
7736
7699
|
implementationGroup: "IG3",
|
|
7737
|
-
assetType: ["
|
|
7700
|
+
assetType: ["Data"],
|
|
7738
7701
|
securityFunction: ["Detect"],
|
|
7739
7702
|
governanceElements: [
|
|
7740
7703
|
"where supported"
|
|
@@ -9408,7 +9371,7 @@ export class SafeguardManager {
|
|
|
9408
9371
|
title: "Establish and Maintain a Data Recovery Process",
|
|
9409
9372
|
description: "Establish and maintain a documented data recovery process. In the process, address the scope of data recovery activities, recovery prioritization, and the security of backup data. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard",
|
|
9410
9373
|
implementationGroup: "IG1",
|
|
9411
|
-
assetType: ["
|
|
9374
|
+
assetType: ["Data"],
|
|
9412
9375
|
securityFunction: ["Govern"],
|
|
9413
9376
|
governanceElements: [ // Orange - MUST be met
|
|
9414
9377
|
"establish documented data recovery process",
|
|
@@ -9525,7 +9488,7 @@ export class SafeguardManager {
|
|
|
9525
9488
|
title: "Perform Automated Backups",
|
|
9526
9489
|
description: "Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data",
|
|
9527
9490
|
implementationGroup: "IG1",
|
|
9528
|
-
assetType: ["
|
|
9491
|
+
assetType: ["Data"],
|
|
9529
9492
|
securityFunction: ["Recover"],
|
|
9530
9493
|
governanceElements: [ // Orange - MUST be met
|
|
9531
9494
|
"perform automated backups",
|
|
@@ -9640,7 +9603,7 @@ export class SafeguardManager {
|
|
|
9640
9603
|
title: "Protect Recovery Data",
|
|
9641
9604
|
description: "Protect recovery data with equivalent controls to the original data. Reference encryption or data separation, based on requirements",
|
|
9642
9605
|
implementationGroup: "IG1",
|
|
9643
|
-
assetType: ["
|
|
9606
|
+
assetType: ["Data"],
|
|
9644
9607
|
securityFunction: ["Protect"],
|
|
9645
9608
|
governanceElements: [ // Orange - MUST be met
|
|
9646
9609
|
"protect recovery data",
|
|
@@ -9754,7 +9717,7 @@ export class SafeguardManager {
|
|
|
9754
9717
|
title: "Establish and Maintain an Isolated Instance of Recovery Data",
|
|
9755
9718
|
description: "Establish and maintain an isolated instance of recovery data. Example implementations include version controlling backup destinations through offline, cloud, or off-site systems or services",
|
|
9756
9719
|
implementationGroup: "IG1",
|
|
9757
|
-
assetType: ["
|
|
9720
|
+
assetType: ["Data"],
|
|
9758
9721
|
securityFunction: ["Recover"],
|
|
9759
9722
|
governanceElements: [ // Orange - MUST be met
|
|
9760
9723
|
"establish isolated instance of recovery data",
|
|
@@ -9871,7 +9834,7 @@ export class SafeguardManager {
|
|
|
9871
9834
|
title: "Test Data Recovery",
|
|
9872
9835
|
description: "Test backup recovery quarterly, or more frequently, for a sampling of in-scope enterprise assets",
|
|
9873
9836
|
implementationGroup: "IG2",
|
|
9874
|
-
assetType: ["
|
|
9837
|
+
assetType: ["Data"],
|
|
9875
9838
|
securityFunction: ["Recover"],
|
|
9876
9839
|
governanceElements: [ // Orange - MUST be met
|
|
9877
9840
|
"test backup recovery quarterly or more frequently",
|
|
@@ -13713,7 +13676,7 @@ export class SafeguardManager {
|
|
|
13713
13676
|
title: "Monitor Service Providers",
|
|
13714
13677
|
description: "Monitor service providers consistent with the enterprise's service provider management policy. Monitoring may include periodic reassessment of service provider compliance, monitoring service provider release notes, and dark web monitoring",
|
|
13715
13678
|
implementationGroup: "IG3",
|
|
13716
|
-
assetType: ["
|
|
13679
|
+
assetType: ["Data"],
|
|
13717
13680
|
securityFunction: ["Govern"],
|
|
13718
13681
|
governanceElements: [ // Orange - MUST be met
|
|
13719
13682
|
"monitor service providers consistent with enterprise's service provider management policy",
|
|
@@ -13824,7 +13787,7 @@ export class SafeguardManager {
|
|
|
13824
13787
|
title: "Securely Decommission Service Providers",
|
|
13825
13788
|
description: "Securely decommission service providers. Example considerations include user and service account deactivation, termination of data flows, and secure disposal of enterprise data within service provider systems",
|
|
13826
13789
|
implementationGroup: "IG3",
|
|
13827
|
-
assetType: ["
|
|
13790
|
+
assetType: ["Data"],
|
|
13828
13791
|
securityFunction: ["Protect"],
|
|
13829
13792
|
governanceElements: [ // Orange - MUST be met
|
|
13830
13793
|
"securely decommission service providers",
|
|
@@ -106,7 +106,7 @@ export class FrameworkHttpServer {
|
|
|
106
106
|
res.json({
|
|
107
107
|
status: 'healthy',
|
|
108
108
|
uptime: Math.round(process.uptime()),
|
|
109
|
-
version: '2.4.
|
|
109
|
+
version: '2.4.3',
|
|
110
110
|
timestamp: new Date().toISOString()
|
|
111
111
|
});
|
|
112
112
|
});
|
|
@@ -222,7 +222,7 @@ export class FrameworkHttpServer {
|
|
|
222
222
|
this.app.get('/api', (req, res) => {
|
|
223
223
|
res.json({
|
|
224
224
|
name: 'Framework MCP HTTP API',
|
|
225
|
-
version: '2.4.
|
|
225
|
+
version: '2.4.3',
|
|
226
226
|
description: 'Pure Data Provider serving authentic CIS Controls Framework data',
|
|
227
227
|
endpoints: {
|
|
228
228
|
'GET /api/safeguards': 'List all available CIS safeguards',
|
|
@@ -18,7 +18,7 @@ export class FrameworkMcpServer {
|
|
|
18
18
|
this.server = new Server(
|
|
19
19
|
{
|
|
20
20
|
name: 'framework-analyzer',
|
|
21
|
-
version: '2.4.
|
|
21
|
+
version: '2.4.3',
|
|
22
22
|
}
|
|
23
23
|
);
|
|
24
24
|
|
|
@@ -129,7 +129,7 @@ export class FrameworkMcpServer {
|
|
|
129
129
|
safeguards,
|
|
130
130
|
total: safeguards.length,
|
|
131
131
|
framework: 'CIS Controls v8.1',
|
|
132
|
-
version: '2.4.
|
|
132
|
+
version: '2.4.3'
|
|
133
133
|
}, null, 2),
|
|
134
134
|
},
|
|
135
135
|
],
|