security-controls-mcp 0.2.0__py3-none-any.whl → 0.3.1__py3-none-any.whl

security_controls_mcp/data_loader.py

@@ -38,6 +38,7 @@ class SCFData:
         """Build framework metadata from controls."""
         # Framework display names (keys must match actual data which uses dots in version numbers)
         framework_names = {
+            # Original 16 frameworks
             "nist_csf_2.0": "NIST Cybersecurity Framework 2.0",
             "nist_800_53_r5": "NIST SP 800-53 Revision 5",
             "iso_27001_2022": "ISO/IEC 27001:2022",
@@ -54,6 +55,22 @@ class SCFData:
             "uk_cyber_essentials": "UK Cyber Essentials",
             "fedramp_r5_moderate": "FedRAMP Revision 5 (Moderate)",
             "hipaa_security_rule": "HIPAA Security Rule",
+            # Tier 1: APAC (3 frameworks)
+            "australia_essential_8": "Australian Essential Eight",
+            "australia_ism_2024": "Australian ISM (June 2024)",
+            "singapore_mas_trm_2021": "Singapore MAS TRM 2021",
+            # Tier 1: Industry/Privacy (2 frameworks)
+            "swift_cscf_2023": "SWIFT Customer Security Framework 2023",
+            "nist_privacy_framework_1_0": "NIST Privacy Framework 1.0",
+            # Tier 2: European National (6 frameworks)
+            "netherlands": "Netherlands Cybersecurity Regulations",
+            "norway": "Norway Cybersecurity Regulations",
+            "sweden": "Sweden Cybersecurity Regulations",
+            "germany": "Germany Cybersecurity Regulations",
+            "germany_bait": "Germany BAIT (Banking IT Requirements)",
+            "germany_c5_2020": "Germany C5:2020 (Cloud Controls)",
+            # Tier 3: Cloud (1 framework)
+            "csa_ccm_4": "CSA Cloud Controls Matrix v4",
         }
 
         # Count controls per framework

{security_controls_mcp-0.2.0.dist-info → security_controls_mcp-0.3.1.dist-info}/METADATA

@@ -1,16 +1,15 @@
 Metadata-Version: 2.4
 Name: security-controls-mcp
-Version: 0.2.0
+Version: 0.3.1
 Summary: MCP server for querying security framework controls (SCF) - map between ISO 27001, NIST CSF, DORA, PCI DSS, and more
 Author-email: Ansvar Systems <hello@ansvar.eu>
-License: Apache-2.0
+License-Expression: Apache-2.0
 Project-URL: Homepage, https://github.com/Ansvar-Systems/security-controls-mcp
 Project-URL: Repository, https://github.com/Ansvar-Systems/security-controls-mcp
 Project-URL: Issues, https://github.com/Ansvar-Systems/security-controls-mcp/issues
 Keywords: mcp,security,compliance,iso27001,nist,dora,pci-dss
-Classifier: Development Status :: 3 - Alpha
+Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
@@ -43,7 +42,7 @@ Dynamic: license-file
 
 **The universal translator for security frameworks.**
 
-The Security Controls MCP Server is an open-source tool that makes 1,451 security controls across 16 frameworks searchable and AI-accessible directly through Claude, Cursor, or any MCP-compatible client.
+The Security Controls MCP Server is an open-source tool that makes 1,451 security controls across 28 frameworks searchable and AI-accessible directly through Claude, Cursor, or any MCP-compatible client.
 
 Built on the [Secure Controls Framework (SCF)](https://securecontrolsframework.com/) by ComplianceForge.
 
@@ -51,7 +50,7 @@ Built on the [Secure Controls Framework (SCF)](https://securecontrolsframework.c
 
 **Coverage:**
 - 1,451 security controls spanning governance, risk, compliance, and technical domains
-- 16 major frameworks including ISO 27001, NIST CSF, DORA, PCI DSS, CMMC, and more
+- 28 major frameworks including ISO 27001, NIST CSF, DORA, PCI DSS, CMMC, Australian Essential Eight, Singapore MAS TRM, SWIFT CSCF, and more
 - Bidirectional mapping between any two frameworks via SCF rosetta stone
 - Optional integration with purchased standards (ISO, NIST 800-53) for official text
 
@@ -62,9 +61,6 @@ Built on the [Secure Controls Framework (SCF)](https://securecontrolsframework.c
 - Control filtering by framework, domain, or keyword
 - SCF control metadata including PPTDF categories and security domain weights
 
-**Integration:**
-- Works seamlessly with [EU Regulations MCP](https://github.com/Ansvar-Systems/eu-regulations-mcp) for complete EU compliance coverage
-
 ---
 
 ## Why This Exists
@@ -73,8 +69,6 @@ When you're implementing security controls, you face a common problem: different
 
 This MCP server solves that by giving you instant **bidirectional mapping** between any two frameworks via the SCF rosetta stone. Ask Claude "What DORA controls does ISO 27001 A.5.15 map to?" and get an immediate, authoritative answer backed by ComplianceForge's comprehensive framework database.
 
-**Works with:** [EU Regulations MCP](https://github.com/Ansvar-Systems/eu-regulations-mcp) for complete EU compliance coverage (DORA + NIS2 + AI Act + GDPR + more).
-
 ---
 
 ## 🔒 Add Your Purchased Standards (Optional)
@@ -229,37 +223,76 @@ Ask Claude these natural language questions:
 
 ---
 
-## Available Frameworks (16 Total)
+## Available Frameworks (28 Total)
 
 When you call `list_frameworks()`, you get:
 
 ```
-Available Frameworks (16 total)
+Available Frameworks (28 total)
 
 - nist_800_53_r5: NIST SP 800-53 Revision 5 (777 controls)
 - soc_2_tsc: SOC 2 (TSC 2017:2022) (412 controls)
 - pci_dss_4.0.1: PCI DSS v4.0.1 (364 controls)
 - fedramp_r5_moderate: FedRAMP Revision 5 (Moderate) (343 controls)
+- australia_ism_2024: Australian ISM (June 2024) (336 controls)
+- csa_ccm_4: CSA Cloud Controls Matrix v4 (334 controls)
 - iso_27002_2022: ISO/IEC 27002:2022 (316 controls)
 - nist_csf_2.0: NIST Cybersecurity Framework 2.0 (253 controls)
+- germany_c5_2020: Germany C5:2020 (Cloud Controls) (239 controls)
 - cis_csc_8.1: CIS Critical Security Controls v8.1 (234 controls)
+- singapore_mas_trm_2021: Singapore MAS TRM 2021 (214 controls)
 - cmmc_2.0_level_2: CMMC 2.0 Level 2 (198 controls)
+- nist_privacy_framework_1_0: NIST Privacy Framework 1.0 (187 controls)
 - hipaa_security_rule: HIPAA Security Rule (136 controls)
+- swift_cscf_2023: SWIFT Customer Security Framework 2023 (127 controls)
 - dora: Digital Operational Resilience Act (DORA) (103 controls)
+- germany_bait: Germany BAIT (Banking IT Requirements) (91 controls)
 - nis2: Network and Information Security Directive (NIS2) (68 controls)
 - ncsc_caf_4.0: NCSC Cyber Assessment Framework 4.0 (67 controls)
 - cmmc_2.0_level_1: CMMC 2.0 Level 1 (52 controls)
 - iso_27001_2022: ISO/IEC 27001:2022 (51 controls)
 - gdpr: General Data Protection Regulation (GDPR) (42 controls)
+- australia_essential_8: Australian Essential Eight (37 controls)
+- netherlands: Netherlands Cybersecurity Regulations (27 controls)
 - uk_cyber_essentials: UK Cyber Essentials (26 controls)
+- sweden: Sweden Cybersecurity Regulations (25 controls)
+- norway: Norway Cybersecurity Regulations (23 controls)
+- germany: Germany Cybersecurity Regulations (18 controls)
 ```
 
 **Framework categories:**
-- **Government:** NIST 800-53, NIST CSF, FedRAMP, CMMC
+- **US Government:** NIST 800-53, NIST CSF, NIST Privacy, FedRAMP, CMMC
 - **International Standards:** ISO 27001, ISO 27002, CIS CSC
-- **Industry:** PCI DSS, SOC 2, HIPAA
-- **EU Regulations:** DORA, NIS2, GDPR
+- **US Industry:** PCI DSS, SOC 2, HIPAA
+- **APAC:** Australia Essential Eight, Australia ISM, Singapore MAS TRM
+- **EU Regulations:** GDPR, DORA, NIS2
 - **UK Standards:** NCSC CAF, Cyber Essentials
+- **European National:** Netherlands, Norway, Sweden, Germany (general/BAIT/C5)
+- **Financial:** SWIFT CSCF
+- **Cloud:** CSA CCM
+
+---
+
+## Framework Roadmap
+
+**Not Yet Available (Waiting for SCF Coverage):**
+
+These security frameworks are not currently included because the Secure Controls Framework (SCF) doesn't provide official mappings. We maintain data quality and compliance consulting credibility by using only ComplianceForge-vetted mappings.
+
+- 🇳🇱 **Netherlands BIO** (Baseline Informatiebeveiliging Overheid) - Dutch government security baseline
+- 🇫🇮 **Finland KATAKRI** - Finnish defense forces security audit criteria
+- 🇳🇴 **Norway NSM** Grunnprinsipper - Norwegian NSA basic security principles
+- 🇸🇪 **Sweden MSB** - Swedish Civil Contingencies Agency cybersecurity frameworks
+- 🇩🇰 **Denmark CFCS** - Center for Cybersikkerhed guidelines
+- 🇧🇪 **Belgium CCB** - Centre for Cybersecurity Belgium frameworks
+- 🇫🇷 **France ANSSI** SecNumCloud - French cybersecurity agency cloud framework
+
+**Note:** The European country frameworks we DO include (Netherlands, Norway, Sweden, Germany) map to national cybersecurity **laws and regulations** (article numbers from GDPR, NIS2, etc.), not the specific security baseline frameworks listed above.
+
+**Want these frameworks?**
+
+1. **For private use:** Fork this repository and use the [paid standards import feature](PAID_STANDARDS_GUIDE.md) to add your purchased frameworks
+2. **For public benefit:** Contribute framework mappings to SCF at https://securecontrolsframework.com/contact/
 
 ---
 
@@ -272,7 +305,7 @@ Get details about a specific SCF control by ID.
 get_control(control_id="GOV-01")
 ```
 
-**Returns:** Full control details including description, domain, weight, PPTDF category, and mappings to all 16 frameworks.
+**Returns:** Full control details including description, domain, weight, PPTDF category, and mappings to all 28 frameworks.
 
 ---
 
@@ -296,7 +329,7 @@ List all available frameworks with metadata.
 list_frameworks()
 ```
 
-**Returns:** All 16 frameworks with display names and control counts.
+**Returns:** All 28 frameworks with display names and control counts.
 
 ---
 
@@ -395,7 +428,7 @@ SCF JSON → In-memory index → MCP tools → AI response
 Based on **SCF 2025.4** released December 29, 2025.
 
 - **1,451 controls** across all domains
-- **180+ framework mappings** (16 frameworks × 0-777 controls each)
+- **580+ framework mappings** (28 frameworks × 18-777 controls each)
 - Licensed under **Creative Commons** (data)
 - Source: [ComplianceForge SCF](https://securecontrolsframework.com/)
 
@@ -417,6 +450,62 @@ Based on **SCF 2025.4** released December 29, 2025.
 
 ---
 
+## Related Projects: Complete Compliance Suite
+
+This server is part of **Ansvar's Compliance Suite** - three MCP servers that work together for end-to-end compliance coverage:
+
+### 🇪🇺 [EU Regulations MCP](https://github.com/Ansvar-Systems/EU_compliance_MCP)
+**Query 47 EU regulations directly from Claude**
+- GDPR, AI Act, DORA, NIS2, MiFID II, PSD2, eIDAS, Medical Device Regulation, and 39 more
+- Full regulatory text with article-level search
+- Cross-regulation reference and comparison
+- **Install:** `npx @ansvar/eu-regulations-mcp`
+
+### 🇺🇸 [US Regulations MCP](https://github.com/Ansvar-Systems/US_Compliance_MCP)
+**Query US federal and state compliance laws directly from Claude**
+- HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, and 8 more
+- Federal and state privacy law comparison
+- Breach notification timeline mapping
+- **Install:** `npm install @ansvar/us-regulations-mcp`
+
+### 🔐 Security Controls MCP (This Project)
+**Query 1,451 security controls across 28 frameworks**
+- ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, FedRAMP, and 21 more
+- Bidirectional framework mapping and gap analysis
+- Import your purchased standards for official text
+- **Install:** `pipx install security-controls-mcp`
+
+### How They Work Together
+
+**Regulations → Controls Implementation Workflow:**
+
+```
+1. "What DORA requirements apply to ICT risk management?"
+   → EU Regulations MCP returns Article 6 full text
+
+2. "What security controls satisfy DORA Article 6?"
+   → Security Controls MCP maps to ISO 27001, NIST CSF, and SCF controls
+
+3. "Show me ISO 27001 A.8.1 implementation details"
+   → Security Controls MCP returns control requirements and framework mappings
+```
+
+**Complete compliance in one chat:**
+- **EU/US Regulations MCPs** tell you WHAT compliance requirements you must meet
+- **Security Controls MCP** tells you HOW to implement controls that satisfy those requirements
+
+### Specialized: OT/ICS Security
+
+### 🏭 [OT Security MCP](https://github.com/Ansvar-Systems/ot-security-mcp)
+**Query IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS**
+- Specialized for OT/ICS environments (manufacturing, energy, critical infrastructure)
+- Security levels, Purdue Model, zone/conduit architecture
+- MITRE ATT&CK for ICS threat intelligence
+- **Install:** `npm install @ansvar/ot-security-mcp`
+- **Use case:** Industrial control systems, SCADA, PLCs, critical infrastructure
+
+---
+
 ## Developer Information
 
 **Built by:** [Ansvar Systems](https://ansvar.eu) (Stockholm, Sweden) — specializes in AI-accelerated threat modeling and compliance tools

{security_controls_mcp-0.2.0.dist-info → security_controls_mcp-0.3.1.dist-info}/RECORD

@@ -1,21 +1,21 @@
-security_controls_mcp/__init__.py,sha256=-331-VrKgRg6Va-GKynT7P1SesVazmZHN0Mwfq7_49s,108
+security_controls_mcp/__init__.py,sha256=iZBv9zFPOrTPGuwRe-JOl-Lev3Fc_HExWjUglIhji5c,108
 security_controls_mcp/__main__.py,sha256=4qAnCoMWk197dfiYhSjKJjYWpM-ZCQEHDu6dhZmf3Co,132
 security_controls_mcp/cli.py,sha256=7LoL0pJOVIrvfvZn7TfBb9V8sLg8UdDBn35JI5c9r3s,7540
 security_controls_mcp/config.py,sha256=7MW9pxKf9Fc0A8D25VW9SqSJbTMWw5r7mSezX164-oQ,4996
-security_controls_mcp/data_loader.py,sha256=-JiOX8O8owTyADkMPZplRhEvDz_5wW5E-OyNi-NCx1Q,6883
+security_controls_mcp/data_loader.py,sha256=6kiPkdYw1iGcA1lvMazizR32YKWt5HZ00w-tMRImZPo,7891
 security_controls_mcp/http_server.py,sha256=NL7hSJ_1L1RV3zNYt_z-BXrVNKY8gjqV9dZ-M2Bp-gQ,16785
 security_controls_mcp/legal_notice.py,sha256=078PKSwxc0-MYt9NxCXp0ayAGOcRffLwbIWAkq-cXi8,4330
 security_controls_mcp/providers.py,sha256=GrKpLnqqxnktoq1yIuxKCyE23IKql6XZ6O_E_iE1GzA,8547
 security_controls_mcp/registry.py,sha256=aPbI_zFF7XzjIif1wGE4o2Rd_0HbJvOeNSe0xWHKG_o,4417
 security_controls_mcp/server.py,sha256=SHzp9Iu0qdStU0imh9KMjtJjOolozhJC-FJAHM6d9ZY,24667
-security_controls_mcp/data/framework-to-scf.json,sha256=2frpsqOtxf5EOBJbm3TaeRYz6fT5xykCaUsmYHpZmqk,199403
-security_controls_mcp/data/scf-controls.json,sha256=7cfgsTmf56i4depNKqZqdjUK0qNt8ybdZJQN906yRZk,1540302
+security_controls_mcp/data/framework-to-scf.json,sha256=cR0-3b8QDJ_0NVVrCqkcxr-EH7am0ebkbQzeINFUSio,304863
+security_controls_mcp/data/scf-controls.json,sha256=U6gtDVE8z_HtHdypLn9CLkCh4ZCS0Q78fk6EwQZyq9E,2188171
 security_controls_mcp/extractors/__init__.py,sha256=_dQ1HOD7gTyw2FwQMMtgVTYQVSpxIdwBwqsdkSo1nyE,143
 security_controls_mcp/extractors/pdf_extractor.py,sha256=nYd8mbKn_ejeEm02VZrFColRIfYFbP_oOuUm2SfOVqc,7490
-security_controls_mcp-0.2.0.dist-info/licenses/LICENSE,sha256=RjWhs6k8-dS1rdwUk40lp3R0kf8UVOrlASOO0FTDRnU,743
-security_controls_mcp-0.2.0.dist-info/licenses/LICENSE-DATA.md,sha256=I7iuA6E8TQyL3SMQltKFoOO12Ew2W0D8NSEmFAL5XDw,2096
-security_controls_mcp-0.2.0.dist-info/METADATA,sha256=GyLyzQtRf8rWlwSOP51YZOuUNRzaNWJyCjbGO5L6VnM,15823
-security_controls_mcp-0.2.0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-security_controls_mcp-0.2.0.dist-info/entry_points.txt,sha256=pDgfu1FAwJGyGp2yGU4uhiLrt9Wy06uzTybWh7frYCs,59
-security_controls_mcp-0.2.0.dist-info/top_level.txt,sha256=BEEvk-ppPSeK1_OyEy0SIpt04wnf3nUorVOFU0fEmS0,22
-security_controls_mcp-0.2.0.dist-info/RECORD,,
+security_controls_mcp-0.3.1.dist-info/licenses/LICENSE,sha256=RjWhs6k8-dS1rdwUk40lp3R0kf8UVOrlASOO0FTDRnU,743
+security_controls_mcp-0.3.1.dist-info/licenses/LICENSE-DATA.md,sha256=I7iuA6E8TQyL3SMQltKFoOO12Ew2W0D8NSEmFAL5XDw,2096
+security_controls_mcp-0.3.1.dist-info/METADATA,sha256=J6XAPFDApGFKW-jIMnlvkrvsnbyfC0ZkBaZfwpfbFTw,20377
+security_controls_mcp-0.3.1.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+security_controls_mcp-0.3.1.dist-info/entry_points.txt,sha256=pDgfu1FAwJGyGp2yGU4uhiLrt9Wy06uzTybWh7frYCs,59
+security_controls_mcp-0.3.1.dist-info/top_level.txt,sha256=BEEvk-ppPSeK1_OyEy0SIpt04wnf3nUorVOFU0fEmS0,22
+security_controls_mcp-0.3.1.dist-info/RECORD,,