security-controls-mcp 0.2.1__tar.gz → 0.3.1__tar.gz

{security_controls_mcp-0.2.1 → security_controls_mcp-0.3.1}/CHANGELOG.md

@@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.3.1] - 2026-01-31
+
+### Changed
+- Updated package metadata to use SPDX license format (removed deprecated table format)
+- Upgraded PyPI classifier from "Development Status :: 3 - Alpha" to "4 - Beta"
+- Removed deprecated license classifier per Poetry best practices
+
+### Technical
+- Production readiness verified: 104/104 tests passing, comprehensive security audit completed
+- No functional changes to MCP tools or data
+
 ## [0.3.0] - 2026-01-29
 
 ### Added

security_controls_mcp-0.3.1/CLAUDE.md

@@ -0,0 +1,203 @@
+# Security Controls MCP - Development Guide
+
+**Part of the Ansvar MCP Suite** → See [ANSVAR_MCP_ARCHITECTURE.md](./docs/ANSVAR_MCP_ARCHITECTURE.md) for complete suite documentation
+
+## Project Overview
+
+MCP server providing access to 1,451 security controls across 28 frameworks. Uses SCF (Secure Controls Framework) as a rosetta stone for bidirectional framework mapping.
+
+## Key Features
+
+- **28 Frameworks**: ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, FedRAMP, and 21 more
+- **1,451 Controls**: Complete control catalog with descriptions
+- **Bidirectional Mapping**: Map any framework to any other framework
+- **Gap Analysis**: Compare control coverage between frameworks
+- **Official Text Import**: Support for purchased ISO/NIST standards
+
+## Tech Stack
+
+- **Language**: Python 3.11+
+- **Database**: SQLite with FTS5 full-text search
+- **Package Manager**: Poetry
+- **Distribution**: PyPI (`pipx install security-controls-mcp`)
+- **Data Source**: SCF Framework (Creative Commons BY 4.0)
+
+## Quick Start
+
+```bash
+# Install
+pipx install security-controls-mcp
+
+# Verify
+security-controls-mcp --version
+
+# Claude Desktop config
+{
+  "mcpServers": {
+    "security-controls": {
+      "command": "security-controls-mcp"
+    }
+  }
+}
+```
+
+## Project Structure
+
+```
+security-controls-mcp/
+├── src/security_controls_mcp/
+│   ├── server.py              # MCP server entry point
+│   ├── data/
+│   │   ├── scf-controls.json      # 1,451 controls with mappings
+│   │   └── framework-to-scf.json  # Framework → SCF mappings
+│   ├── data_loader.py         # SCF data loading logic
+│   └── tools/                 # MCP tool implementations
+│       ├── version_info.py
+│       ├── list_frameworks.py
+│       ├── get_control.py
+│       ├── search_controls.py
+│       ├── get_framework_controls.py
+│       └── map_frameworks.py
+├── tests/                     # Comprehensive test suite
+├── docs/
+│   ├── ANSVAR_MCP_ARCHITECTURE.md  # **Central architecture doc**
+│   └── coverage.md            # Framework coverage details
+└── pyproject.toml             # Poetry configuration
+```
+
+## Available Tools
+
+### 1. `version_info`
+Get MCP server version and statistics
+
+### 2. `list_frameworks`
+List all 28 supported frameworks with control counts
+
+### 3. `get_control`
+Retrieve a specific control by ID from any framework
+
+### 4. `search_controls`
+Full-text search across all controls
+
+### 5. `get_framework_controls`
+Get all controls for a specific framework
+
+### 6. `map_frameworks`
+Map controls between any two frameworks (bidirectional)
+
+## Framework IDs
+
+```python
+# Use these IDs with the tools
+FRAMEWORKS = [
+    "iso_27001_2022", "iso_27002_2022", "nist_csf_2_0",
+    "nist_800_53_r5", "dora", "pci_dss_4_0", "soc_2",
+    "cmmc_2_0", "fedramp_high", "cis_controls_v8",
+    # ... 18 more (see docs/coverage.md)
+]
+```
+
+## Development
+
+```bash
+# Clone and install
+git clone https://github.com/Ansvar-Systems/security-controls-mcp
+cd security-controls-mcp
+poetry install
+
+# Run tests
+poetry run pytest
+
+# Run locally
+poetry run python -m src.security_controls_mcp.server
+
+# Build for PyPI
+poetry build
+```
+
+## Data Updates
+
+### SCF Framework Updates
+
+When SCF releases new versions:
+
+```bash
+# 1. Download new scf-controls.json from SCF repo
+# 2. Update src/security_controls_mcp/data/scf-controls.json
+# 3. Run tests to validate
+poetry run pytest
+
+# 4. Update version
+poetry version patch
+
+# 5. Build and publish
+poetry build
+poetry publish
+```
+
+### Adding New Frameworks
+
+1. Check if SCF includes the framework
+2. If yes, it's automatically available (SCF is the mapper)
+3. If no, request SCF team add it OR create manual mapping in `framework-to-scf.json`
+
+## Testing
+
+```bash
+# Run all tests
+poetry run pytest
+
+# With coverage
+poetry run pytest --cov=src --cov-report=html
+
+# Specific test
+poetry run pytest tests/test_map_frameworks.py -v
+```
+
+## Current Statistics
+
+- **Frameworks**: 28 (expanded from 16 in v0.2.1)
+- **Controls**: 1,451 unique controls
+- **Mappings**: 15,000+ bidirectional relationships
+- **Database Size**: ~8MB (SQLite)
+- **Tests**: 100% passing
+
+## Version History
+
+- **v0.2.1** (2026-01-29): Framework expansion (16→28 frameworks)
+- **v0.2.0**: Initial public release with 16 frameworks
+- **v0.1.0**: Internal beta
+
+## Integration with Other Ansvar MCPs
+
+This server works seamlessly with:
+- **EU Regulations MCP**: Map DORA/GDPR requirements to ISO 27001
+- **US Regulations MCP**: Map HIPAA/SOX to NIST controls
+- **OT Security MCP**: Bridge IT security controls to OT standards
+- **Sanctions MCP**: Security controls for vendor assessments
+
+See [ANSVAR_MCP_ARCHITECTURE.md](./docs/ANSVAR_MCP_ARCHITECTURE.md) for complete workflow examples.
+
+## Coding Guidelines
+
+- Python 3.11+ with type hints
+- Pydantic for data validation
+- SQLite for data storage
+- Black for formatting
+- Ruff for linting
+- pytest for testing
+
+## Support
+
+- **GitHub Issues**: Bug reports and feature requests
+- **GitHub Discussions**: Questions and use cases
+- **Commercial**: hello@ansvar.eu
+
+## License
+
+Apache License 2.0 - See [LICENSE](./LICENSE)
+
+---
+
+**For complete Ansvar MCP suite documentation, see:**
+📖 [docs/ANSVAR_MCP_ARCHITECTURE.md](./docs/ANSVAR_MCP_ARCHITECTURE.md)

{security_controls_mcp-0.2.1 → security_controls_mcp-0.3.1}/PKG-INFO

@@ -1,16 +1,15 @@
 Metadata-Version: 2.4
 Name: security-controls-mcp
-Version: 0.2.1
+Version: 0.3.1
 Summary: MCP server for querying security framework controls (SCF) - map between ISO 27001, NIST CSF, DORA, PCI DSS, and more
 Author-email: Ansvar Systems <hello@ansvar.eu>
-License: Apache-2.0
+License-Expression: Apache-2.0
 Project-URL: Homepage, https://github.com/Ansvar-Systems/security-controls-mcp
 Project-URL: Repository, https://github.com/Ansvar-Systems/security-controls-mcp
 Project-URL: Issues, https://github.com/Ansvar-Systems/security-controls-mcp/issues
 Keywords: mcp,security,compliance,iso27001,nist,dora,pci-dss
-Classifier: Development Status :: 3 - Alpha
+Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
@@ -62,9 +61,6 @@ Built on the [Secure Controls Framework (SCF)](https://securecontrolsframework.c
 - Control filtering by framework, domain, or keyword
 - SCF control metadata including PPTDF categories and security domain weights
 
-**Integration:**
-- Works seamlessly with [EU Regulations MCP](https://github.com/Ansvar-Systems/eu-regulations-mcp) for complete EU compliance coverage
-
 ---
 
 ## Why This Exists
@@ -73,8 +69,6 @@ When you're implementing security controls, you face a common problem: different
 
 This MCP server solves that by giving you instant **bidirectional mapping** between any two frameworks via the SCF rosetta stone. Ask Claude "What DORA controls does ISO 27001 A.5.15 map to?" and get an immediate, authoritative answer backed by ComplianceForge's comprehensive framework database.
 
-**Works with:** [EU Regulations MCP](https://github.com/Ansvar-Systems/eu-regulations-mcp) for complete EU compliance coverage (DORA + NIS2 + AI Act + GDPR + more).
-
 ---
 
 ## 🔒 Add Your Purchased Standards (Optional)
@@ -456,6 +450,62 @@ Based on **SCF 2025.4** released December 29, 2025.
 
 ---
 
+## Related Projects: Complete Compliance Suite
+
+This server is part of **Ansvar's Compliance Suite** - three MCP servers that work together for end-to-end compliance coverage:
+
+### 🇪🇺 [EU Regulations MCP](https://github.com/Ansvar-Systems/EU_compliance_MCP)
+**Query 47 EU regulations directly from Claude**
+- GDPR, AI Act, DORA, NIS2, MiFID II, PSD2, eIDAS, Medical Device Regulation, and 39 more
+- Full regulatory text with article-level search
+- Cross-regulation reference and comparison
+- **Install:** `npx @ansvar/eu-regulations-mcp`
+
+### 🇺🇸 [US Regulations MCP](https://github.com/Ansvar-Systems/US_Compliance_MCP)
+**Query US federal and state compliance laws directly from Claude**
+- HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, and 8 more
+- Federal and state privacy law comparison
+- Breach notification timeline mapping
+- **Install:** `npm install @ansvar/us-regulations-mcp`
+
+### 🔐 Security Controls MCP (This Project)
+**Query 1,451 security controls across 28 frameworks**
+- ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, FedRAMP, and 21 more
+- Bidirectional framework mapping and gap analysis
+- Import your purchased standards for official text
+- **Install:** `pipx install security-controls-mcp`
+
+### How They Work Together
+
+**Regulations → Controls Implementation Workflow:**
+
+```
+1. "What DORA requirements apply to ICT risk management?"
+   → EU Regulations MCP returns Article 6 full text
+
+2. "What security controls satisfy DORA Article 6?"
+   → Security Controls MCP maps to ISO 27001, NIST CSF, and SCF controls
+
+3. "Show me ISO 27001 A.8.1 implementation details"
+   → Security Controls MCP returns control requirements and framework mappings
+```
+
+**Complete compliance in one chat:**
+- **EU/US Regulations MCPs** tell you WHAT compliance requirements you must meet
+- **Security Controls MCP** tells you HOW to implement controls that satisfy those requirements
+
+### Specialized: OT/ICS Security
+
+### 🏭 [OT Security MCP](https://github.com/Ansvar-Systems/ot-security-mcp)
+**Query IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS**
+- Specialized for OT/ICS environments (manufacturing, energy, critical infrastructure)
+- Security levels, Purdue Model, zone/conduit architecture
+- MITRE ATT&CK for ICS threat intelligence
+- **Install:** `npm install @ansvar/ot-security-mcp`
+- **Use case:** Industrial control systems, SCADA, PLCs, critical infrastructure
+
+---
+
 ## Developer Information
 
 **Built by:** [Ansvar Systems](https://ansvar.eu) (Stockholm, Sweden) — specializes in AI-accelerated threat modeling and compliance tools

{security_controls_mcp-0.2.1 → security_controls_mcp-0.3.1}/README.md

@@ -28,9 +28,6 @@ Built on the [Secure Controls Framework (SCF)](https://securecontrolsframework.c
 - Control filtering by framework, domain, or keyword
 - SCF control metadata including PPTDF categories and security domain weights
 
-**Integration:**
-- Works seamlessly with [EU Regulations MCP](https://github.com/Ansvar-Systems/eu-regulations-mcp) for complete EU compliance coverage
-
 ---
 
 ## Why This Exists
@@ -39,8 +36,6 @@ When you're implementing security controls, you face a common problem: different
 
 This MCP server solves that by giving you instant **bidirectional mapping** between any two frameworks via the SCF rosetta stone. Ask Claude "What DORA controls does ISO 27001 A.5.15 map to?" and get an immediate, authoritative answer backed by ComplianceForge's comprehensive framework database.
 
-**Works with:** [EU Regulations MCP](https://github.com/Ansvar-Systems/eu-regulations-mcp) for complete EU compliance coverage (DORA + NIS2 + AI Act + GDPR + more).
-
 ---
 
 ## 🔒 Add Your Purchased Standards (Optional)
@@ -422,6 +417,62 @@ Based on **SCF 2025.4** released December 29, 2025.
 
 ---
 
+## Related Projects: Complete Compliance Suite
+
+This server is part of **Ansvar's Compliance Suite** - three MCP servers that work together for end-to-end compliance coverage:
+
+### 🇪🇺 [EU Regulations MCP](https://github.com/Ansvar-Systems/EU_compliance_MCP)
+**Query 47 EU regulations directly from Claude**
+- GDPR, AI Act, DORA, NIS2, MiFID II, PSD2, eIDAS, Medical Device Regulation, and 39 more
+- Full regulatory text with article-level search
+- Cross-regulation reference and comparison
+- **Install:** `npx @ansvar/eu-regulations-mcp`
+
+### 🇺🇸 [US Regulations MCP](https://github.com/Ansvar-Systems/US_Compliance_MCP)
+**Query US federal and state compliance laws directly from Claude**
+- HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, and 8 more
+- Federal and state privacy law comparison
+- Breach notification timeline mapping
+- **Install:** `npm install @ansvar/us-regulations-mcp`
+
+### 🔐 Security Controls MCP (This Project)
+**Query 1,451 security controls across 28 frameworks**
+- ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, FedRAMP, and 21 more
+- Bidirectional framework mapping and gap analysis
+- Import your purchased standards for official text
+- **Install:** `pipx install security-controls-mcp`
+
+### How They Work Together
+
+**Regulations → Controls Implementation Workflow:**
+
+```
+1. "What DORA requirements apply to ICT risk management?"
+   → EU Regulations MCP returns Article 6 full text
+
+2. "What security controls satisfy DORA Article 6?"
+   → Security Controls MCP maps to ISO 27001, NIST CSF, and SCF controls
+
+3. "Show me ISO 27001 A.8.1 implementation details"
+   → Security Controls MCP returns control requirements and framework mappings
+```
+
+**Complete compliance in one chat:**
+- **EU/US Regulations MCPs** tell you WHAT compliance requirements you must meet
+- **Security Controls MCP** tells you HOW to implement controls that satisfy those requirements
+
+### Specialized: OT/ICS Security
+
+### 🏭 [OT Security MCP](https://github.com/Ansvar-Systems/ot-security-mcp)
+**Query IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS**
+- Specialized for OT/ICS environments (manufacturing, energy, critical infrastructure)
+- Security levels, Purdue Model, zone/conduit architecture
+- MITRE ATT&CK for ICS threat intelligence
+- **Install:** `npm install @ansvar/ot-security-mcp`
+- **Use case:** Industrial control systems, SCADA, PLCs, critical infrastructure
+
+---
+
 ## Developer Information
 
 **Built by:** [Ansvar Systems](https://ansvar.eu) (Stockholm, Sweden) — specializes in AI-accelerated threat modeling and compliance tools

{security_controls_mcp-0.2.1 → security_controls_mcp-0.3.1}/pyproject.toml

@@ -1,18 +1,17 @@
 [project]
 name = "security-controls-mcp"
-version = "0.2.1"
+version = "0.3.1"
 description = "MCP server for querying security framework controls (SCF) - map between ISO 27001, NIST CSF, DORA, PCI DSS, and more"
 readme = "README.md"
 requires-python = ">=3.10"
-license = {text = "Apache-2.0"}
+license = "Apache-2.0"
 authors = [
     {name = "Ansvar Systems", email = "hello@ansvar.eu"}
 ]
 keywords = ["mcp", "security", "compliance", "iso27001", "nist", "dora", "pci-dss"]
 classifiers = [
-    "Development Status :: 3 - Alpha",
+    "Development Status :: 4 - Beta",
     "Intended Audience :: Developers",
-    "License :: OSI Approved :: Apache Software License",
     "Programming Language :: Python :: 3",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",

{security_controls_mcp-0.2.1 → security_controls_mcp-0.3.1}/src/security_controls_mcp/__init__.py

@@ -1,3 +1,3 @@
 """Security Controls MCP Server - Query security framework controls and mappings."""
 
-__version__ = "0.3.0"
+__version__ = "0.3.1"

{security_controls_mcp-0.2.1 → security_controls_mcp-0.3.1}/src/security_controls_mcp.egg-info/PKG-INFO

@@ -1,16 +1,15 @@
 Metadata-Version: 2.4
 Name: security-controls-mcp
-Version: 0.2.1
+Version: 0.3.1
 Summary: MCP server for querying security framework controls (SCF) - map between ISO 27001, NIST CSF, DORA, PCI DSS, and more
 Author-email: Ansvar Systems <hello@ansvar.eu>
-License: Apache-2.0
+License-Expression: Apache-2.0
 Project-URL: Homepage, https://github.com/Ansvar-Systems/security-controls-mcp
 Project-URL: Repository, https://github.com/Ansvar-Systems/security-controls-mcp
 Project-URL: Issues, https://github.com/Ansvar-Systems/security-controls-mcp/issues
 Keywords: mcp,security,compliance,iso27001,nist,dora,pci-dss
-Classifier: Development Status :: 3 - Alpha
+Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
@@ -62,9 +61,6 @@ Built on the [Secure Controls Framework (SCF)](https://securecontrolsframework.c
 - Control filtering by framework, domain, or keyword
 - SCF control metadata including PPTDF categories and security domain weights
 
-**Integration:**
-- Works seamlessly with [EU Regulations MCP](https://github.com/Ansvar-Systems/eu-regulations-mcp) for complete EU compliance coverage
-
 ---
 
 ## Why This Exists
@@ -73,8 +69,6 @@ When you're implementing security controls, you face a common problem: different
 
 This MCP server solves that by giving you instant **bidirectional mapping** between any two frameworks via the SCF rosetta stone. Ask Claude "What DORA controls does ISO 27001 A.5.15 map to?" and get an immediate, authoritative answer backed by ComplianceForge's comprehensive framework database.
 
-**Works with:** [EU Regulations MCP](https://github.com/Ansvar-Systems/eu-regulations-mcp) for complete EU compliance coverage (DORA + NIS2 + AI Act + GDPR + more).
-
 ---
 
 ## 🔒 Add Your Purchased Standards (Optional)
@@ -456,6 +450,62 @@ Based on **SCF 2025.4** released December 29, 2025.
 
 ---
 
+## Related Projects: Complete Compliance Suite
+
+This server is part of **Ansvar's Compliance Suite** - three MCP servers that work together for end-to-end compliance coverage:
+
+### 🇪🇺 [EU Regulations MCP](https://github.com/Ansvar-Systems/EU_compliance_MCP)
+**Query 47 EU regulations directly from Claude**
+- GDPR, AI Act, DORA, NIS2, MiFID II, PSD2, eIDAS, Medical Device Regulation, and 39 more
+- Full regulatory text with article-level search
+- Cross-regulation reference and comparison
+- **Install:** `npx @ansvar/eu-regulations-mcp`
+
+### 🇺🇸 [US Regulations MCP](https://github.com/Ansvar-Systems/US_Compliance_MCP)
+**Query US federal and state compliance laws directly from Claude**
+- HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, and 8 more
+- Federal and state privacy law comparison
+- Breach notification timeline mapping
+- **Install:** `npm install @ansvar/us-regulations-mcp`
+
+### 🔐 Security Controls MCP (This Project)
+**Query 1,451 security controls across 28 frameworks**
+- ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, FedRAMP, and 21 more
+- Bidirectional framework mapping and gap analysis
+- Import your purchased standards for official text
+- **Install:** `pipx install security-controls-mcp`
+
+### How They Work Together
+
+**Regulations → Controls Implementation Workflow:**
+
+```
+1. "What DORA requirements apply to ICT risk management?"
+   → EU Regulations MCP returns Article 6 full text
+
+2. "What security controls satisfy DORA Article 6?"
+   → Security Controls MCP maps to ISO 27001, NIST CSF, and SCF controls
+
+3. "Show me ISO 27001 A.8.1 implementation details"
+   → Security Controls MCP returns control requirements and framework mappings
+```
+
+**Complete compliance in one chat:**
+- **EU/US Regulations MCPs** tell you WHAT compliance requirements you must meet
+- **Security Controls MCP** tells you HOW to implement controls that satisfy those requirements
+
+### Specialized: OT/ICS Security
+
+### 🏭 [OT Security MCP](https://github.com/Ansvar-Systems/ot-security-mcp)
+**Query IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS**
+- Specialized for OT/ICS environments (manufacturing, energy, critical infrastructure)
+- Security levels, Purdue Model, zone/conduit architecture
+- MITRE ATT&CK for ICS threat intelligence
+- **Install:** `npm install @ansvar/ot-security-mcp`
+- **Use case:** Industrial control systems, SCADA, PLCs, critical infrastructure
+
+---
+
 ## Developer Information
 
 **Built by:** [Ansvar Systems](https://ansvar.eu) (Stockholm, Sweden) — specializes in AI-accelerated threat modeling and compliance tools

{security_controls_mcp-0.2.1 → security_controls_mcp-0.3.1}/src/security_controls_mcp.egg-info/SOURCES.txt

@@ -1,6 +1,7 @@
 .gitleaks.toml
 CHANGELOG.md
 CI-CD-PIPELINE.md
+CLAUDE.md
 CLAUDE_CODE_SETUP.md
 DEPLOYMENT_CHECKLIST.md
 Dockerfile

{security_controls_mcp-0.2.1 → security_controls_mcp-0.3.1}/tests/test_smoke.py

@@ -94,7 +94,7 @@ class TestModuleImports:
         """Can import main package."""
         import security_controls_mcp
 
-        assert security_controls_mcp.__version__ == "0.3.0"
+        assert security_controls_mcp.__version__ == "0.3.1"
 
     def test_import_server(self):
         """Can import server module."""