framework-mcp 2.4.4 → 2.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/safeguard-manager.d.ts.map +1 -1
- package/dist/core/safeguard-manager.js +60 -161
- package/dist/core/safeguard-manager.js.map +1 -1
- package/dist/interfaces/http/http-server.js +3 -3
- package/dist/interfaces/mcp/mcp-server.js +3 -3
- package/package.json +1 -1
- package/src/core/safeguard-manager.ts +49 -150
- package/src/interfaces/http/http-server.ts +3 -3
- package/src/interfaces/mcp/mcp-server.ts +3 -3
- package/swagger.json +2 -2
|
@@ -83,7 +83,7 @@ export class FrameworkHttpServer {
|
|
|
83
83
|
res.json({
|
|
84
84
|
status: 'healthy',
|
|
85
85
|
uptime: Math.round(process.uptime()),
|
|
86
|
-
version: '2.4.
|
|
86
|
+
version: '2.4.6',
|
|
87
87
|
timestamp: new Date().toISOString()
|
|
88
88
|
});
|
|
89
89
|
});
|
|
@@ -183,7 +183,7 @@ export class FrameworkHttpServer {
|
|
|
183
183
|
this.app.get('/api', (req, res) => {
|
|
184
184
|
res.json({
|
|
185
185
|
name: 'Framework MCP HTTP API',
|
|
186
|
-
version: '2.4.
|
|
186
|
+
version: '2.4.6',
|
|
187
187
|
description: 'Pure Data Provider serving authentic CIS Controls Framework data',
|
|
188
188
|
endpoints: {
|
|
189
189
|
'GET /api/safeguards': 'List all available CIS safeguards',
|
|
@@ -222,7 +222,7 @@ export class FrameworkHttpServer {
|
|
|
222
222
|
}
|
|
223
223
|
start() {
|
|
224
224
|
this.app.listen(this.port, '0.0.0.0', () => {
|
|
225
|
-
console.log(`🚀 Framework MCP HTTP Server v2.4.
|
|
225
|
+
console.log(`🚀 Framework MCP HTTP Server v2.4.6 running on port ${this.port}`);
|
|
226
226
|
console.log(`📊 Health check: http://localhost:${this.port}/health`);
|
|
227
227
|
console.log(`📖 API docs: http://localhost:${this.port}/api`);
|
|
228
228
|
console.log(`🔧 Environment: ${process.env.NODE_ENV || 'development'}`);
|
|
@@ -7,7 +7,7 @@ export class FrameworkMcpServer {
|
|
|
7
7
|
constructor() {
|
|
8
8
|
this.server = new Server({
|
|
9
9
|
name: 'framework-analyzer',
|
|
10
|
-
version: '2.4.
|
|
10
|
+
version: '2.4.6',
|
|
11
11
|
});
|
|
12
12
|
this.safeguardManager = new SafeguardManager();
|
|
13
13
|
this.setupHandlers();
|
|
@@ -103,7 +103,7 @@ export class FrameworkMcpServer {
|
|
|
103
103
|
safeguards,
|
|
104
104
|
total: safeguards.length,
|
|
105
105
|
framework: 'CIS Controls v8.1',
|
|
106
|
-
version: '2.4.
|
|
106
|
+
version: '2.4.6'
|
|
107
107
|
}, null, 2),
|
|
108
108
|
},
|
|
109
109
|
],
|
|
@@ -122,7 +122,7 @@ export class FrameworkMcpServer {
|
|
|
122
122
|
async run() {
|
|
123
123
|
const transport = new StdioServerTransport();
|
|
124
124
|
await this.server.connect(transport);
|
|
125
|
-
console.error('🤖 Framework MCP Server v2.4.
|
|
125
|
+
console.error('🤖 Framework MCP Server v2.4.6 running via stdio');
|
|
126
126
|
console.error('📊 Pure Data Provider for CIS Controls v8.1');
|
|
127
127
|
}
|
|
128
128
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "framework-mcp",
|
|
3
|
-
"version": "2.4.
|
|
3
|
+
"version": "2.4.6",
|
|
4
4
|
"description": "Pure Data Provider architecture serving authentic CIS Controls Framework data via MCP and HTTP API. Empowers LLMs with authoritative safeguards data for analysis. Supports Microsoft Copilot custom connectors and cloud deployments.",
|
|
5
5
|
"main": "dist/interfaces/http/http-server.js",
|
|
6
6
|
"type": "module",
|
|
@@ -4149,33 +4149,23 @@ export class SafeguardManager {
|
|
|
4149
4149
|
assetType: ["Users"],
|
|
4150
4150
|
securityFunction: ["Identify"],
|
|
4151
4151
|
governanceElements: [ // Orange - MUST be met
|
|
4152
|
-
"Establish and maintain
|
|
4153
|
-
"
|
|
4154
|
-
"At a minimum, should contain the person's name, username, start/stop dates, and department",
|
|
4152
|
+
"Establish and maintain",
|
|
4153
|
+
"Must include",
|
|
4155
4154
|
"Validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently"
|
|
4156
4155
|
],
|
|
4157
4156
|
coreRequirements: [ // Green - The "what"
|
|
4158
4157
|
"Inventory of Accounts"
|
|
4159
4158
|
],
|
|
4160
4159
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
4161
|
-
"Establish",
|
|
4162
|
-
"Maintain",
|
|
4163
|
-
"Validate that all active accounts are authorized",
|
|
4164
|
-
"Recurring schedule",
|
|
4165
|
-
"Must Include",
|
|
4166
|
-
"At a minimum",
|
|
4167
|
-
"Minimum Quarterly",
|
|
4168
|
-
"More Frequently",
|
|
4169
4160
|
"User Accounts",
|
|
4170
4161
|
"Administrator Accounts",
|
|
4162
|
+
"Service Accounts",
|
|
4171
4163
|
"Name",
|
|
4172
4164
|
"Username",
|
|
4173
4165
|
"Start Stop Dates",
|
|
4174
4166
|
"Department"
|
|
4175
4167
|
],
|
|
4176
4168
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
4177
|
-
"Account and Access Control Management",
|
|
4178
|
-
"Identity and Access Management Tool"
|
|
4179
4169
|
],
|
|
4180
4170
|
relatedSafeguards: ["1.1", "2.1", "5.2", "5.3", "5.4", "5.5", "5.6", "6.1", "6.2", "6.7", "12.8"],
|
|
4181
4171
|
systemPromptFull: {
|
|
@@ -4266,22 +4256,16 @@ export class SafeguardManager {
|
|
|
4266
4256
|
assetType: ["Users"],
|
|
4267
4257
|
securityFunction: ["Protect"],
|
|
4268
4258
|
governanceElements: [ // Orange - MUST be met
|
|
4269
|
-
"Use
|
|
4270
|
-
"
|
|
4259
|
+
"Use",
|
|
4260
|
+
"At a minimum, an 8-character password for accounts using Multi-Factor Authentication (MFA) and a 14-character password for accounts not using MFA"
|
|
4271
4261
|
],
|
|
4272
4262
|
coreRequirements: [ // Green - The "what"
|
|
4273
4263
|
"Unique Passwords"
|
|
4274
4264
|
],
|
|
4275
4265
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
4276
|
-
"
|
|
4277
|
-
"At a minimum",
|
|
4278
|
-
"All Enterprise Assets",
|
|
4279
|
-
"8-character password for accounts using MFA",
|
|
4280
|
-
"14-character password for accounts not using MFA"
|
|
4266
|
+
"All Enterprise Assets"
|
|
4281
4267
|
],
|
|
4282
4268
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
4283
|
-
"Account and Access Control Management",
|
|
4284
|
-
"Password Management Tool"
|
|
4285
4269
|
],
|
|
4286
4270
|
relatedSafeguards: ["5.1"],
|
|
4287
4271
|
systemPromptFull: {
|
|
@@ -4372,20 +4356,16 @@ export class SafeguardManager {
|
|
|
4372
4356
|
assetType: ["Users"],
|
|
4373
4357
|
securityFunction: ["Protect"],
|
|
4374
4358
|
governanceElements: [ // Orange - MUST be met
|
|
4375
|
-
"
|
|
4359
|
+
"after a period of 45 days of inactivity",
|
|
4360
|
+
"where supported"
|
|
4376
4361
|
],
|
|
4377
4362
|
coreRequirements: [ // Green - The "what"
|
|
4378
4363
|
"Dormant Accounts"
|
|
4379
4364
|
],
|
|
4380
4365
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
4381
|
-
"
|
|
4382
|
-
"Delete",
|
|
4383
|
-
"Period of 45 days of inactivity",
|
|
4384
|
-
"Where Supported"
|
|
4366
|
+
"Dormant Accounts"
|
|
4385
4367
|
],
|
|
4386
4368
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
4387
|
-
"Account and Access Control Management",
|
|
4388
|
-
"Identity and Access Management Tool"
|
|
4389
4369
|
],
|
|
4390
4370
|
relatedSafeguards: ["5.1"],
|
|
4391
4371
|
systemPromptFull: {
|
|
@@ -4476,22 +4456,18 @@ export class SafeguardManager {
|
|
|
4476
4456
|
assetType: ["Users"],
|
|
4477
4457
|
securityFunction: ["Protect"],
|
|
4478
4458
|
governanceElements: [ // Orange - MUST be met
|
|
4479
|
-
"Restrict
|
|
4480
|
-
"Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user's primary, non-privileged account"
|
|
4459
|
+
"Restrict"
|
|
4481
4460
|
],
|
|
4482
4461
|
coreRequirements: [ // Green - The "what"
|
|
4483
4462
|
"Administrator Privileges",
|
|
4484
4463
|
"Dedicated Admin Accounts"
|
|
4485
4464
|
],
|
|
4486
4465
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
4487
|
-
"Restrict",
|
|
4488
4466
|
"Enterprise assets",
|
|
4489
4467
|
"User's primary, non-privileged account",
|
|
4490
4468
|
"General Computing Activities"
|
|
4491
4469
|
],
|
|
4492
4470
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
4493
|
-
"Account and Access Control Management",
|
|
4494
|
-
"Identity and Access Management Tool",
|
|
4495
4471
|
"Such as",
|
|
4496
4472
|
"Internet browsing",
|
|
4497
4473
|
"Email",
|
|
@@ -4586,29 +4562,20 @@ export class SafeguardManager {
|
|
|
4586
4562
|
assetType: ["Users"],
|
|
4587
4563
|
securityFunction: ["Identify"],
|
|
4588
4564
|
governanceElements: [ // Orange - MUST be met
|
|
4589
|
-
"Establish and maintain
|
|
4590
|
-
"
|
|
4591
|
-
"Perform service account reviews to validate that all active accounts are authorized,
|
|
4565
|
+
"Establish and maintain",
|
|
4566
|
+
"at a minimum, must contain",
|
|
4567
|
+
"Perform service account reviews to validate that all active accounts are authorized",
|
|
4568
|
+
"recurring schedule at a minimum quarterly, or more frequently"
|
|
4592
4569
|
],
|
|
4593
4570
|
coreRequirements: [ // Green - The "what"
|
|
4594
4571
|
"Inventory of Service Accounts"
|
|
4595
4572
|
],
|
|
4596
4573
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
4597
|
-
"Establish",
|
|
4598
|
-
"Maintain",
|
|
4599
|
-
"At a Minimum Must Contain",
|
|
4600
|
-
"Perform service account reviews to validate that all active accounts are authorized",
|
|
4601
|
-
"On a recurring schedule",
|
|
4602
4574
|
"Department Owner",
|
|
4603
4575
|
"Review date",
|
|
4604
|
-
"Purpose"
|
|
4605
|
-
"At a minimum quarterly",
|
|
4606
|
-
"More frequently",
|
|
4607
|
-
"Or"
|
|
4576
|
+
"Purpose"
|
|
4608
4577
|
],
|
|
4609
4578
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
4610
|
-
"Account and Access Control Management",
|
|
4611
|
-
"Identity and Access Management Tool"
|
|
4612
4579
|
],
|
|
4613
4580
|
relatedSafeguards: ["5.1"],
|
|
4614
4581
|
systemPromptFull: {
|
|
@@ -4699,20 +4666,16 @@ export class SafeguardManager {
|
|
|
4699
4666
|
assetType: ["Users"],
|
|
4700
4667
|
securityFunction: ["Govern"],
|
|
4701
4668
|
governanceElements: [ // Orange - MUST be met
|
|
4702
|
-
"Centralize
|
|
4669
|
+
"Centralize"
|
|
4703
4670
|
],
|
|
4704
4671
|
coreRequirements: [ // Green - The "what"
|
|
4705
4672
|
"Account Management"
|
|
4706
4673
|
],
|
|
4707
4674
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
4708
|
-
"Centralize",
|
|
4709
4675
|
"Directory Service",
|
|
4710
|
-
"Identity Service"
|
|
4711
|
-
"Or"
|
|
4676
|
+
"Identity Service"
|
|
4712
4677
|
],
|
|
4713
4678
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
4714
|
-
"Account and Access Control Management",
|
|
4715
|
-
"Identity and Access Management Tool"
|
|
4716
4679
|
],
|
|
4717
4680
|
relatedSafeguards: ["5.1", "6.6", "6.7", "12.5"],
|
|
4718
4681
|
systemPromptFull: {
|
|
@@ -4800,30 +4763,22 @@ export class SafeguardManager {
|
|
|
4800
4763
|
title: "Establish an Access Granting Process",
|
|
4801
4764
|
description: "Establish and follow a documented process, preferably automated, for granting access to enterprise assets upon new hire or role change of a user.",
|
|
4802
4765
|
implementationGroup: "IG1",
|
|
4803
|
-
assetType: ["
|
|
4766
|
+
assetType: ["Documentation"],
|
|
4804
4767
|
securityFunction: ["Govern"],
|
|
4805
4768
|
governanceElements: [ // Orange - MUST be met
|
|
4806
4769
|
"Establish",
|
|
4807
|
-
"Follow"
|
|
4808
|
-
"Account and Access Control Management",
|
|
4809
|
-
"Account and Credential Management Policy/Process",
|
|
4810
|
-
"Documentation"
|
|
4770
|
+
"Follow"
|
|
4811
4771
|
],
|
|
4812
4772
|
coreRequirements: [ // Green - The "what"
|
|
4813
4773
|
"documented process",
|
|
4814
4774
|
"granting access to enterprise assets"
|
|
4815
4775
|
],
|
|
4816
4776
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
4817
|
-
"preferably automated",
|
|
4818
4777
|
"upon new hire",
|
|
4819
4778
|
"role change of a user",
|
|
4820
|
-
"New Hire",
|
|
4821
|
-
"Role Change",
|
|
4822
4779
|
"Enterprise assets"
|
|
4823
4780
|
],
|
|
4824
4781
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
4825
|
-
"Account and Access Control Management",
|
|
4826
|
-
"Account and Credential Management Policy/Process"
|
|
4827
4782
|
],
|
|
4828
4783
|
relatedSafeguards: ["5.1", "6.7", "6.8"],
|
|
4829
4784
|
systemPromptFull: {
|
|
@@ -4911,25 +4866,17 @@ export class SafeguardManager {
|
|
|
4911
4866
|
title: "Establish an Access Revoking Process",
|
|
4912
4867
|
description: "Establish and follow a process, preferably automated, for revoking access to enterprise assets, through disabling accounts immediately upon termination, rights revocation, or role change of a user. Disabling accounts, instead of deleting accounts, may be necessary to preserve audit trails.",
|
|
4913
4868
|
implementationGroup: "IG1",
|
|
4914
|
-
assetType: ["
|
|
4869
|
+
assetType: ["Documentation"],
|
|
4915
4870
|
securityFunction: ["Govern"],
|
|
4916
4871
|
governanceElements: [ // Orange - MUST be met
|
|
4917
4872
|
"Establish",
|
|
4918
4873
|
"Follow",
|
|
4919
|
-
"
|
|
4920
|
-
"Account and Credential Management Policy/Process",
|
|
4921
|
-
"Documentation"
|
|
4874
|
+
"Disabling Accounts, instead of Deleting accounts, may be necessary to preserve audit trails"
|
|
4922
4875
|
],
|
|
4923
4876
|
coreRequirements: [ // Green - The "what"
|
|
4924
|
-
"
|
|
4925
|
-
"revoking access to enterprise assets",
|
|
4926
|
-
"disabling accounts immediately"
|
|
4877
|
+
"Access Revoking Process"
|
|
4927
4878
|
],
|
|
4928
4879
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
4929
|
-
"preferably automated",
|
|
4930
|
-
"upon termination",
|
|
4931
|
-
"rights revocation",
|
|
4932
|
-
"role change of a user",
|
|
4933
4880
|
"Role Change",
|
|
4934
4881
|
"Termination",
|
|
4935
4882
|
"Rights revocation",
|
|
@@ -4937,9 +4884,7 @@ export class SafeguardManager {
|
|
|
4937
4884
|
"Disabling accounts immediately"
|
|
4938
4885
|
],
|
|
4939
4886
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
4940
|
-
"
|
|
4941
|
-
"Account and Access Control Management",
|
|
4942
|
-
"Account and Credential Management Policy/Process"
|
|
4887
|
+
"Preferably Automated"
|
|
4943
4888
|
],
|
|
4944
4889
|
relatedSafeguards: ["5.1", "6.7"],
|
|
4945
4890
|
systemPromptFull: {
|
|
@@ -5031,24 +4976,18 @@ export class SafeguardManager {
|
|
|
5031
4976
|
securityFunction: ["Protect"],
|
|
5032
4977
|
governanceElements: [ // Orange - MUST be met
|
|
5033
4978
|
"Require",
|
|
5034
|
-
"
|
|
5035
|
-
"
|
|
4979
|
+
"Enforce",
|
|
4980
|
+
"Where Supported"
|
|
5036
4981
|
],
|
|
5037
4982
|
coreRequirements: [ // Green - The "what"
|
|
5038
4983
|
"all externally-exposed enterprise or third-party applications to enforce MFA",
|
|
5039
|
-
"
|
|
4984
|
+
"MFA - Multi Factor Authentication"
|
|
5040
4985
|
],
|
|
5041
4986
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
5042
|
-
"
|
|
5043
|
-
"Enforce",
|
|
5044
|
-
"Where supported"
|
|
4987
|
+
"MFA for all externally exposed enterprise or third-party applications"
|
|
5045
4988
|
],
|
|
5046
4989
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
5047
|
-
"Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard"
|
|
5048
|
-
"Directory service",
|
|
5049
|
-
"SSO Provider",
|
|
5050
|
-
"Account and Access Control Management",
|
|
5051
|
-
"Multi-Factor Authentication Tool"
|
|
4990
|
+
"Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard"
|
|
5052
4991
|
],
|
|
5053
4992
|
relatedSafeguards: ["2.1", "4.1"],
|
|
5054
4993
|
systemPromptFull: {
|
|
@@ -5139,20 +5078,15 @@ export class SafeguardManager {
|
|
|
5139
5078
|
assetType: ["Users"],
|
|
5140
5079
|
securityFunction: ["Protect"],
|
|
5141
5080
|
governanceElements: [ // Orange - MUST be met
|
|
5142
|
-
"Require"
|
|
5143
|
-
"Account and Access Control Management",
|
|
5144
|
-
"Multi-Factor Authentication Tool"
|
|
5081
|
+
"Require"
|
|
5145
5082
|
],
|
|
5146
5083
|
coreRequirements: [ // Green - The "what"
|
|
5147
|
-
"MFA"
|
|
5148
|
-
"remote network access"
|
|
5084
|
+
"MFA for remote network access"
|
|
5149
5085
|
],
|
|
5150
5086
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
5151
|
-
"Remote Network Access"
|
|
5087
|
+
"MFA for Remote Network Access"
|
|
5152
5088
|
],
|
|
5153
5089
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
5154
|
-
"Account and Access Control Management",
|
|
5155
|
-
"Multi-Factor Authentication Tool"
|
|
5156
5090
|
],
|
|
5157
5091
|
relatedSafeguards: ["4.2", "12.7"],
|
|
5158
5092
|
systemPromptFull: {
|
|
@@ -5244,25 +5178,17 @@ export class SafeguardManager {
|
|
|
5244
5178
|
securityFunction: ["Protect"],
|
|
5245
5179
|
governanceElements: [ // Orange - MUST be met
|
|
5246
5180
|
"Require",
|
|
5247
|
-
"
|
|
5248
|
-
"Multi-Factor Authentication Tool"
|
|
5181
|
+
"Where Supported"
|
|
5249
5182
|
],
|
|
5250
5183
|
coreRequirements: [ // Green - The "what"
|
|
5251
|
-
"MFA"
|
|
5252
|
-
"all administrative access accounts",
|
|
5253
|
-
"all enterprise assets"
|
|
5184
|
+
"MFA on all administrative access accounts"
|
|
5254
5185
|
],
|
|
5255
5186
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
5256
|
-
"where supported",
|
|
5257
5187
|
"All Admin Access Accounts",
|
|
5258
5188
|
"All enterprise assets",
|
|
5259
|
-
"Onsite Management"
|
|
5260
|
-
"Service Provider",
|
|
5261
|
-
"Or"
|
|
5189
|
+
"Onsite Management accounts or Service Provider Admin Accounts"
|
|
5262
5190
|
],
|
|
5263
5191
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
5264
|
-
"Account and Access Control Management",
|
|
5265
|
-
"Multi-Factor Authentication Tool"
|
|
5266
5192
|
],
|
|
5267
5193
|
relatedSafeguards: ["4.1"],
|
|
5268
5194
|
systemPromptFull: {
|
|
@@ -5350,30 +5276,22 @@ export class SafeguardManager {
|
|
|
5350
5276
|
title: "Establish and Maintain an Inventory of Authentication and Authorization Systems",
|
|
5351
5277
|
description: "Establish and maintain an inventory of the enterprise's authentication and authorization systems, including those hosted on-site or at a remote service provider. Review and update the inventory, at a minimum, annually, or more frequently.",
|
|
5352
5278
|
implementationGroup: "IG2",
|
|
5353
|
-
assetType: ["
|
|
5279
|
+
assetType: ["Software"],
|
|
5354
5280
|
securityFunction: ["Identify"],
|
|
5355
5281
|
governanceElements: [ // Orange - MUST be met
|
|
5356
5282
|
"Establish",
|
|
5357
5283
|
"maintain",
|
|
5358
|
-
"Review and update",
|
|
5359
|
-
"
|
|
5360
|
-
"Account and Credential Management Policy/Process"
|
|
5284
|
+
"Review and update inventory",
|
|
5285
|
+
"At a minimum, monthly or more frequenlty"
|
|
5361
5286
|
],
|
|
5362
5287
|
coreRequirements: [ // Green - The "what"
|
|
5363
5288
|
"inventory of the enterprise's authentication and authorization systems"
|
|
5364
5289
|
],
|
|
5365
5290
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
5366
|
-
"
|
|
5367
|
-
"at a
|
|
5368
|
-
"Hosted on-site",
|
|
5369
|
-
"Remote Service Provider",
|
|
5370
|
-
"Or",
|
|
5371
|
-
"At a minimum Annually",
|
|
5372
|
-
"More frequently"
|
|
5291
|
+
"hosted on-site",
|
|
5292
|
+
"hosted at a remote service provider"
|
|
5373
5293
|
],
|
|
5374
5294
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
5375
|
-
"Account and Access Control Management",
|
|
5376
|
-
"Account and Credential Management Policy/Process"
|
|
5377
5295
|
],
|
|
5378
5296
|
relatedSafeguards: ["1.1", "2.1", "3.3", "5.6", "6.7"],
|
|
5379
5297
|
systemPromptFull: {
|
|
@@ -5465,27 +5383,17 @@ export class SafeguardManager {
|
|
|
5465
5383
|
securityFunction: ["Protect"],
|
|
5466
5384
|
governanceElements: [ // Orange - MUST be met
|
|
5467
5385
|
"Centralize",
|
|
5468
|
-
"
|
|
5469
|
-
"Account and Credential Management Policy/Process",
|
|
5470
|
-
"Identity and Access Management Tool"
|
|
5386
|
+
"Where Supported"
|
|
5471
5387
|
],
|
|
5472
5388
|
coreRequirements: [ // Green - The "what"
|
|
5473
|
-
"access control"
|
|
5474
|
-
"all enterprise assets"
|
|
5389
|
+
"access control"
|
|
5475
5390
|
],
|
|
5476
5391
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
5477
5392
|
"through a directory service or SSO provider",
|
|
5478
|
-
"
|
|
5479
|
-
"
|
|
5480
|
-
"SSO Provider",
|
|
5481
|
-
"Or",
|
|
5482
|
-
"All enterprise assets",
|
|
5483
|
-
"Where Supported"
|
|
5393
|
+
"Directory Service or SSO Provider",
|
|
5394
|
+
"All enterprise assets"
|
|
5484
5395
|
],
|
|
5485
5396
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
5486
|
-
"Account and Access Control Management",
|
|
5487
|
-
"Account and Credential Management Policy/Process",
|
|
5488
|
-
"Identity and Access Management Tool"
|
|
5489
5397
|
],
|
|
5490
5398
|
relatedSafeguards: ["4.1", "5.1", "5.6", "6.1", "6.2", "6.6", "12.5", "12.7"],
|
|
5491
5399
|
systemPromptFull: {
|
|
@@ -5578,30 +5486,21 @@ export class SafeguardManager {
|
|
|
5578
5486
|
governanceElements: [ // Orange - MUST be met
|
|
5579
5487
|
"Define",
|
|
5580
5488
|
"maintain",
|
|
5581
|
-
"
|
|
5582
|
-
"
|
|
5583
|
-
"
|
|
5584
|
-
"Identity and Access management Tool"
|
|
5489
|
+
"Necessary",
|
|
5490
|
+
"Perform access control reviews of enterprise assets to validate that all privileges are authorized, on a recurring schedule",
|
|
5491
|
+
"At a mimimum Annually, or more Frequently"
|
|
5585
5492
|
],
|
|
5586
5493
|
coreRequirements: [ // Green - The "what"
|
|
5587
|
-
"role-based access control"
|
|
5588
|
-
"determining and documenting the access rights necessary for each role within the enterprise to successfully carry out its assigned duties"
|
|
5494
|
+
"role-based access control"
|
|
5589
5495
|
],
|
|
5590
5496
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
5591
5497
|
"Access rights",
|
|
5592
5498
|
"Each Role",
|
|
5593
|
-
"
|
|
5594
|
-
"Successfully carry out its assigned duties",
|
|
5499
|
+
"Neccesary to Successfully carry out its assigned duties",
|
|
5595
5500
|
"Determining",
|
|
5596
|
-
"Documenting"
|
|
5597
|
-
"At a minimum Annually",
|
|
5598
|
-
"More frequently",
|
|
5599
|
-
"Or"
|
|
5501
|
+
"Documenting"
|
|
5600
5502
|
],
|
|
5601
5503
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
5602
|
-
"Account and Access Control Management",
|
|
5603
|
-
"Account and Credential Management Policy/Process",
|
|
5604
|
-
"Identity and Access management Tool"
|
|
5605
5504
|
],
|
|
5606
5505
|
relatedSafeguards: ["3.3", "4.1", "6.1"],
|
|
5607
5506
|
systemPromptFull: {
|
|
@@ -106,7 +106,7 @@ export class FrameworkHttpServer {
|
|
|
106
106
|
res.json({
|
|
107
107
|
status: 'healthy',
|
|
108
108
|
uptime: Math.round(process.uptime()),
|
|
109
|
-
version: '2.4.
|
|
109
|
+
version: '2.4.6',
|
|
110
110
|
timestamp: new Date().toISOString()
|
|
111
111
|
});
|
|
112
112
|
});
|
|
@@ -222,7 +222,7 @@ export class FrameworkHttpServer {
|
|
|
222
222
|
this.app.get('/api', (req, res) => {
|
|
223
223
|
res.json({
|
|
224
224
|
name: 'Framework MCP HTTP API',
|
|
225
|
-
version: '2.4.
|
|
225
|
+
version: '2.4.6',
|
|
226
226
|
description: 'Pure Data Provider serving authentic CIS Controls Framework data',
|
|
227
227
|
endpoints: {
|
|
228
228
|
'GET /api/safeguards': 'List all available CIS safeguards',
|
|
@@ -273,7 +273,7 @@ export class FrameworkHttpServer {
|
|
|
273
273
|
|
|
274
274
|
public start(): void {
|
|
275
275
|
this.app.listen(this.port, '0.0.0.0', () => {
|
|
276
|
-
console.log(`🚀 Framework MCP HTTP Server v2.4.
|
|
276
|
+
console.log(`🚀 Framework MCP HTTP Server v2.4.6 running on port ${this.port}`);
|
|
277
277
|
console.log(`📊 Health check: http://localhost:${this.port}/health`);
|
|
278
278
|
console.log(`📖 API docs: http://localhost:${this.port}/api`);
|
|
279
279
|
console.log(`🔧 Environment: ${process.env.NODE_ENV || 'development'}`);
|
|
@@ -18,7 +18,7 @@ export class FrameworkMcpServer {
|
|
|
18
18
|
this.server = new Server(
|
|
19
19
|
{
|
|
20
20
|
name: 'framework-analyzer',
|
|
21
|
-
version: '2.4.
|
|
21
|
+
version: '2.4.6',
|
|
22
22
|
}
|
|
23
23
|
);
|
|
24
24
|
|
|
@@ -129,7 +129,7 @@ export class FrameworkMcpServer {
|
|
|
129
129
|
safeguards,
|
|
130
130
|
total: safeguards.length,
|
|
131
131
|
framework: 'CIS Controls v8.1',
|
|
132
|
-
version: '2.4.
|
|
132
|
+
version: '2.4.6'
|
|
133
133
|
}, null, 2),
|
|
134
134
|
},
|
|
135
135
|
],
|
|
@@ -153,7 +153,7 @@ export class FrameworkMcpServer {
|
|
|
153
153
|
const transport = new StdioServerTransport();
|
|
154
154
|
await this.server.connect(transport);
|
|
155
155
|
|
|
156
|
-
console.error('🤖 Framework MCP Server v2.4.
|
|
156
|
+
console.error('🤖 Framework MCP Server v2.4.6 running via stdio');
|
|
157
157
|
console.error('📊 Pure Data Provider for CIS Controls v8.1');
|
|
158
158
|
}
|
|
159
159
|
}
|
package/swagger.json
CHANGED
|
@@ -299,7 +299,7 @@
|
|
|
299
299
|
},
|
|
300
300
|
"version": {
|
|
301
301
|
"type": "string",
|
|
302
|
-
"example": "2.4.
|
|
302
|
+
"example": "2.4.6"
|
|
303
303
|
},
|
|
304
304
|
"timestamp": {
|
|
305
305
|
"type": "string",
|
|
@@ -344,7 +344,7 @@
|
|
|
344
344
|
},
|
|
345
345
|
"version": {
|
|
346
346
|
"type": "string",
|
|
347
|
-
"example": "2.4.
|
|
347
|
+
"example": "2.4.6"
|
|
348
348
|
},
|
|
349
349
|
"description": {
|
|
350
350
|
"type": "string",
|