security-controls-mcp 0.2.0__py3-none-any.whl → 0.2.1__py3-none-any.whl

security_controls_mcp/data_loader.py

@@ -38,6 +38,7 @@ class SCFData:
         """Build framework metadata from controls."""
         # Framework display names (keys must match actual data which uses dots in version numbers)
         framework_names = {
+            # Original 16 frameworks
             "nist_csf_2.0": "NIST Cybersecurity Framework 2.0",
             "nist_800_53_r5": "NIST SP 800-53 Revision 5",
             "iso_27001_2022": "ISO/IEC 27001:2022",
@@ -54,6 +55,22 @@ class SCFData:
             "uk_cyber_essentials": "UK Cyber Essentials",
             "fedramp_r5_moderate": "FedRAMP Revision 5 (Moderate)",
             "hipaa_security_rule": "HIPAA Security Rule",
+            # Tier 1: APAC (3 frameworks)
+            "australia_essential_8": "Australian Essential Eight",
+            "australia_ism_2024": "Australian ISM (June 2024)",
+            "singapore_mas_trm_2021": "Singapore MAS TRM 2021",
+            # Tier 1: Industry/Privacy (2 frameworks)
+            "swift_cscf_2023": "SWIFT Customer Security Framework 2023",
+            "nist_privacy_framework_1_0": "NIST Privacy Framework 1.0",
+            # Tier 2: European National (6 frameworks)
+            "netherlands": "Netherlands Cybersecurity Regulations",
+            "norway": "Norway Cybersecurity Regulations",
+            "sweden": "Sweden Cybersecurity Regulations",
+            "germany": "Germany Cybersecurity Regulations",
+            "germany_bait": "Germany BAIT (Banking IT Requirements)",
+            "germany_c5_2020": "Germany C5:2020 (Cloud Controls)",
+            # Tier 3: Cloud (1 framework)
+            "csa_ccm_4": "CSA Cloud Controls Matrix v4",
         }
 
         # Count controls per framework

{security_controls_mcp-0.2.0.dist-info → security_controls_mcp-0.2.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: security-controls-mcp
-Version: 0.2.0
+Version: 0.2.1
 Summary: MCP server for querying security framework controls (SCF) - map between ISO 27001, NIST CSF, DORA, PCI DSS, and more
 Author-email: Ansvar Systems <hello@ansvar.eu>
 License: Apache-2.0
@@ -43,7 +43,7 @@ Dynamic: license-file
 
 **The universal translator for security frameworks.**
 
-The Security Controls MCP Server is an open-source tool that makes 1,451 security controls across 16 frameworks searchable and AI-accessible directly through Claude, Cursor, or any MCP-compatible client.
+The Security Controls MCP Server is an open-source tool that makes 1,451 security controls across 28 frameworks searchable and AI-accessible directly through Claude, Cursor, or any MCP-compatible client.
 
 Built on the [Secure Controls Framework (SCF)](https://securecontrolsframework.com/) by ComplianceForge.
 
@@ -51,7 +51,7 @@ Built on the [Secure Controls Framework (SCF)](https://securecontrolsframework.c
 
 **Coverage:**
 - 1,451 security controls spanning governance, risk, compliance, and technical domains
-- 16 major frameworks including ISO 27001, NIST CSF, DORA, PCI DSS, CMMC, and more
+- 28 major frameworks including ISO 27001, NIST CSF, DORA, PCI DSS, CMMC, Australian Essential Eight, Singapore MAS TRM, SWIFT CSCF, and more
 - Bidirectional mapping between any two frameworks via SCF rosetta stone
 - Optional integration with purchased standards (ISO, NIST 800-53) for official text
 
@@ -229,37 +229,76 @@ Ask Claude these natural language questions:
 
 ---
 
-## Available Frameworks (16 Total)
+## Available Frameworks (28 Total)
 
 When you call `list_frameworks()`, you get:
 
 ```
-Available Frameworks (16 total)
+Available Frameworks (28 total)
 
 - nist_800_53_r5: NIST SP 800-53 Revision 5 (777 controls)
 - soc_2_tsc: SOC 2 (TSC 2017:2022) (412 controls)
 - pci_dss_4.0.1: PCI DSS v4.0.1 (364 controls)
 - fedramp_r5_moderate: FedRAMP Revision 5 (Moderate) (343 controls)
+- australia_ism_2024: Australian ISM (June 2024) (336 controls)
+- csa_ccm_4: CSA Cloud Controls Matrix v4 (334 controls)
 - iso_27002_2022: ISO/IEC 27002:2022 (316 controls)
 - nist_csf_2.0: NIST Cybersecurity Framework 2.0 (253 controls)
+- germany_c5_2020: Germany C5:2020 (Cloud Controls) (239 controls)
 - cis_csc_8.1: CIS Critical Security Controls v8.1 (234 controls)
+- singapore_mas_trm_2021: Singapore MAS TRM 2021 (214 controls)
 - cmmc_2.0_level_2: CMMC 2.0 Level 2 (198 controls)
+- nist_privacy_framework_1_0: NIST Privacy Framework 1.0 (187 controls)
 - hipaa_security_rule: HIPAA Security Rule (136 controls)
+- swift_cscf_2023: SWIFT Customer Security Framework 2023 (127 controls)
 - dora: Digital Operational Resilience Act (DORA) (103 controls)
+- germany_bait: Germany BAIT (Banking IT Requirements) (91 controls)
 - nis2: Network and Information Security Directive (NIS2) (68 controls)
 - ncsc_caf_4.0: NCSC Cyber Assessment Framework 4.0 (67 controls)
 - cmmc_2.0_level_1: CMMC 2.0 Level 1 (52 controls)
 - iso_27001_2022: ISO/IEC 27001:2022 (51 controls)
 - gdpr: General Data Protection Regulation (GDPR) (42 controls)
+- australia_essential_8: Australian Essential Eight (37 controls)
+- netherlands: Netherlands Cybersecurity Regulations (27 controls)
 - uk_cyber_essentials: UK Cyber Essentials (26 controls)
+- sweden: Sweden Cybersecurity Regulations (25 controls)
+- norway: Norway Cybersecurity Regulations (23 controls)
+- germany: Germany Cybersecurity Regulations (18 controls)
 ```
 
 **Framework categories:**
-- **Government:** NIST 800-53, NIST CSF, FedRAMP, CMMC
+- **US Government:** NIST 800-53, NIST CSF, NIST Privacy, FedRAMP, CMMC
 - **International Standards:** ISO 27001, ISO 27002, CIS CSC
-- **Industry:** PCI DSS, SOC 2, HIPAA
-- **EU Regulations:** DORA, NIS2, GDPR
+- **US Industry:** PCI DSS, SOC 2, HIPAA
+- **APAC:** Australia Essential Eight, Australia ISM, Singapore MAS TRM
+- **EU Regulations:** GDPR, DORA, NIS2
 - **UK Standards:** NCSC CAF, Cyber Essentials
+- **European National:** Netherlands, Norway, Sweden, Germany (general/BAIT/C5)
+- **Financial:** SWIFT CSCF
+- **Cloud:** CSA CCM
+
+---
+
+## Framework Roadmap
+
+**Not Yet Available (Waiting for SCF Coverage):**
+
+These security frameworks are not currently included because the Secure Controls Framework (SCF) doesn't provide official mappings. We maintain data quality and compliance consulting credibility by using only ComplianceForge-vetted mappings.
+
+- 🇳🇱 **Netherlands BIO** (Baseline Informatiebeveiliging Overheid) - Dutch government security baseline
+- 🇫🇮 **Finland KATAKRI** - Finnish defense forces security audit criteria
+- 🇳🇴 **Norway NSM** Grunnprinsipper - Norwegian NSA basic security principles
+- 🇸🇪 **Sweden MSB** - Swedish Civil Contingencies Agency cybersecurity frameworks
+- 🇩🇰 **Denmark CFCS** - Center for Cybersikkerhed guidelines
+- 🇧🇪 **Belgium CCB** - Centre for Cybersecurity Belgium frameworks
+- 🇫🇷 **France ANSSI** SecNumCloud - French cybersecurity agency cloud framework
+
+**Note:** The European country frameworks we DO include (Netherlands, Norway, Sweden, Germany) map to national cybersecurity **laws and regulations** (article numbers from GDPR, NIS2, etc.), not the specific security baseline frameworks listed above.
+
+**Want these frameworks?**
+
+1. **For private use:** Fork this repository and use the [paid standards import feature](PAID_STANDARDS_GUIDE.md) to add your purchased frameworks
+2. **For public benefit:** Contribute framework mappings to SCF at https://securecontrolsframework.com/contact/
 
 ---
 
@@ -272,7 +311,7 @@ Get details about a specific SCF control by ID.
 get_control(control_id="GOV-01")
 ```
 
-**Returns:** Full control details including description, domain, weight, PPTDF category, and mappings to all 16 frameworks.
+**Returns:** Full control details including description, domain, weight, PPTDF category, and mappings to all 28 frameworks.
 
 ---
 
@@ -296,7 +335,7 @@ List all available frameworks with metadata.
 list_frameworks()
 ```
 
-**Returns:** All 16 frameworks with display names and control counts.
+**Returns:** All 28 frameworks with display names and control counts.
 
 ---
 
@@ -395,7 +434,7 @@ SCF JSON → In-memory index → MCP tools → AI response
 Based on **SCF 2025.4** released December 29, 2025.
 
 - **1,451 controls** across all domains
-- **180+ framework mappings** (16 frameworks × 0-777 controls each)
+- **580+ framework mappings** (28 frameworks × 18-777 controls each)
 - Licensed under **Creative Commons** (data)
 - Source: [ComplianceForge SCF](https://securecontrolsframework.com/)
 

{security_controls_mcp-0.2.0.dist-info → security_controls_mcp-0.2.1.dist-info}/RECORD

@@ -1,21 +1,21 @@
-security_controls_mcp/__init__.py,sha256=-331-VrKgRg6Va-GKynT7P1SesVazmZHN0Mwfq7_49s,108
+security_controls_mcp/__init__.py,sha256=Cz3dmC_tZBaSYffXLP5v3KeFtXeXT5tMfrqV_ZHJ-Eo,108
 security_controls_mcp/__main__.py,sha256=4qAnCoMWk197dfiYhSjKJjYWpM-ZCQEHDu6dhZmf3Co,132
 security_controls_mcp/cli.py,sha256=7LoL0pJOVIrvfvZn7TfBb9V8sLg8UdDBn35JI5c9r3s,7540
 security_controls_mcp/config.py,sha256=7MW9pxKf9Fc0A8D25VW9SqSJbTMWw5r7mSezX164-oQ,4996
-security_controls_mcp/data_loader.py,sha256=-JiOX8O8owTyADkMPZplRhEvDz_5wW5E-OyNi-NCx1Q,6883
+security_controls_mcp/data_loader.py,sha256=6kiPkdYw1iGcA1lvMazizR32YKWt5HZ00w-tMRImZPo,7891
 security_controls_mcp/http_server.py,sha256=NL7hSJ_1L1RV3zNYt_z-BXrVNKY8gjqV9dZ-M2Bp-gQ,16785
 security_controls_mcp/legal_notice.py,sha256=078PKSwxc0-MYt9NxCXp0ayAGOcRffLwbIWAkq-cXi8,4330
 security_controls_mcp/providers.py,sha256=GrKpLnqqxnktoq1yIuxKCyE23IKql6XZ6O_E_iE1GzA,8547
 security_controls_mcp/registry.py,sha256=aPbI_zFF7XzjIif1wGE4o2Rd_0HbJvOeNSe0xWHKG_o,4417
 security_controls_mcp/server.py,sha256=SHzp9Iu0qdStU0imh9KMjtJjOolozhJC-FJAHM6d9ZY,24667
-security_controls_mcp/data/framework-to-scf.json,sha256=2frpsqOtxf5EOBJbm3TaeRYz6fT5xykCaUsmYHpZmqk,199403
-security_controls_mcp/data/scf-controls.json,sha256=7cfgsTmf56i4depNKqZqdjUK0qNt8ybdZJQN906yRZk,1540302
+security_controls_mcp/data/framework-to-scf.json,sha256=cR0-3b8QDJ_0NVVrCqkcxr-EH7am0ebkbQzeINFUSio,304863
+security_controls_mcp/data/scf-controls.json,sha256=U6gtDVE8z_HtHdypLn9CLkCh4ZCS0Q78fk6EwQZyq9E,2188171
 security_controls_mcp/extractors/__init__.py,sha256=_dQ1HOD7gTyw2FwQMMtgVTYQVSpxIdwBwqsdkSo1nyE,143
 security_controls_mcp/extractors/pdf_extractor.py,sha256=nYd8mbKn_ejeEm02VZrFColRIfYFbP_oOuUm2SfOVqc,7490
-security_controls_mcp-0.2.0.dist-info/licenses/LICENSE,sha256=RjWhs6k8-dS1rdwUk40lp3R0kf8UVOrlASOO0FTDRnU,743
-security_controls_mcp-0.2.0.dist-info/licenses/LICENSE-DATA.md,sha256=I7iuA6E8TQyL3SMQltKFoOO12Ew2W0D8NSEmFAL5XDw,2096
-security_controls_mcp-0.2.0.dist-info/METADATA,sha256=GyLyzQtRf8rWlwSOP51YZOuUNRzaNWJyCjbGO5L6VnM,15823
-security_controls_mcp-0.2.0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-security_controls_mcp-0.2.0.dist-info/entry_points.txt,sha256=pDgfu1FAwJGyGp2yGU4uhiLrt9Wy06uzTybWh7frYCs,59
-security_controls_mcp-0.2.0.dist-info/top_level.txt,sha256=BEEvk-ppPSeK1_OyEy0SIpt04wnf3nUorVOFU0fEmS0,22
-security_controls_mcp-0.2.0.dist-info/RECORD,,
+security_controls_mcp-0.2.1.dist-info/licenses/LICENSE,sha256=RjWhs6k8-dS1rdwUk40lp3R0kf8UVOrlASOO0FTDRnU,743
+security_controls_mcp-0.2.1.dist-info/licenses/LICENSE-DATA.md,sha256=I7iuA6E8TQyL3SMQltKFoOO12Ew2W0D8NSEmFAL5XDw,2096
+security_controls_mcp-0.2.1.dist-info/METADATA,sha256=GbBcqcG6vCkSAY7uDpZ8fK4u7q4edsAOOfoPZnYRrpA,18326
+security_controls_mcp-0.2.1.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+security_controls_mcp-0.2.1.dist-info/entry_points.txt,sha256=pDgfu1FAwJGyGp2yGU4uhiLrt9Wy06uzTybWh7frYCs,59
+security_controls_mcp-0.2.1.dist-info/top_level.txt,sha256=BEEvk-ppPSeK1_OyEy0SIpt04wnf3nUorVOFU0fEmS0,22
+security_controls_mcp-0.2.1.dist-info/RECORD,,