security-controls-mcp 0.3.5__tar.gz → 0.4.0__tar.gz

{security_controls_mcp-0.3.5 → security_controls_mcp-0.4.0}/CLAUDE.md

@@ -4,11 +4,12 @@
 
 ## Project Overview
 
-MCP server providing access to 1,451 security controls across 28 frameworks. Uses SCF (Secure Controls Framework) as a rosetta stone for bidirectional framework mapping.
+MCP server providing access to 1,451 security controls across **261 frameworks**. Uses SCF (Secure Controls Framework) as a rosetta stone for bidirectional framework mapping.
 
 ## Key Features
 
-- **28 Frameworks**: ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, FedRAMP, and 21 more
+- **261 Frameworks**: ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, FedRAMP, and 254 more
+- **AI Governance**: ISO 42001, NIST AI RMF, EU AI Act, Cyber Resilience Act
 - **1,451 Controls**: Complete control catalog with descriptions
 - **Bidirectional Mapping**: Map any framework to any other framework
 - **Gap Analysis**: Compare control coverage between frameworks
@@ -157,14 +158,16 @@ poetry run pytest tests/test_map_frameworks.py -v
 
 ## Current Statistics
 
-- **Frameworks**: 28 (expanded from 16 in v0.2.1)
+- **Frameworks**: 261 (expanded from 28 in v0.4.0)
 - **Controls**: 1,451 unique controls
-- **Mappings**: 15,000+ bidirectional relationships
-- **Database Size**: ~8MB (SQLite)
-- **Tests**: 100% passing
+- **Mappings**: 50,000+ bidirectional relationships
+- **Database Size**: ~7MB (JSON)
+- **Tests**: 127 passing
 
 ## Version History
 
+- **v0.4.0** (2026-02-05): Major framework expansion (28→261), AI governance support
+- **v0.3.5** (2026-02-01): Entry point fix
 - **v0.2.1** (2026-01-29): Framework expansion (16→28 frameworks)
 - **v0.2.0**: Initial public release with 16 frameworks
 - **v0.1.0**: Internal beta

{security_controls_mcp-0.3.5 → security_controls_mcp-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: security-controls-mcp
-Version: 0.3.5
+Version: 0.4.0
 Summary: MCP server for querying security framework controls (SCF) - map between ISO 27001, NIST CSF, DORA, PCI DSS, and more
 Author-email: Ansvar Systems <hello@ansvar.eu>
 License-Expression: Apache-2.0
@@ -42,13 +42,14 @@ Dynamic: license-file
 
 ## Overview
 
-Universal translator for security frameworks. Makes 1,451 security controls across 28 frameworks searchable and AI-accessible through Claude, Cursor, or any MCP-compatible client.
+**THE definitive MCP server for security framework mapping.** Makes 1,451 security controls across **261 frameworks** searchable and AI-accessible through Claude, Cursor, or any MCP-compatible client.
 
 Built on the [Secure Controls Framework (SCF)](https://securecontrolsframework.com/) by ComplianceForge.
 
 **Key capabilities:**
 - 1,451 security controls across governance, risk, compliance, and technical domains
-- 28 major frameworks including ISO 27001, NIST CSF, DORA, PCI DSS, CMMC, and more
+- **261 frameworks** including ISO 27001, NIST CSF, DORA, PCI DSS, CMMC, and 256 more
+- **AI Governance:** ISO 42001, NIST AI RMF, EU AI Act, Cyber Resilience Act
 - Bidirectional mapping between frameworks via SCF rosetta stone
 - Optional integration with purchased standards (ISO, NIST 800-53) for official text
 - Full-text search across all control descriptions
@@ -119,27 +120,46 @@ Same configuration under `"mcp.servers"` in your settings.
 - "List all controls needed for PCI DSS compliance"
 - "Which DORA requirements does ISO 27001 A.5.15 satisfy?"
 - "Show me all NIST CSF 2.0 controls related to incident response"
-
-## Available Frameworks (28)
-
-- **US Government:** NIST 800-53 (777), NIST CSF 2.0 (253), FedRAMP (343), CMMC 2.0 (198/52)
-- **International Standards:** ISO 27001 (51), ISO 27002 (316), CIS CSC v8.1 (234)
-- **US Industry:** PCI DSS v4.0.1 (364), SOC 2 (412), HIPAA (136)
-- **APAC:** Australia Essential Eight (37), Australia ISM (336), Singapore MAS TRM (214)
-- **EU Regulations:** GDPR (42), DORA (103), NIS2 (68)
-- **UK Standards:** NCSC CAF 4.0 (67), Cyber Essentials (26)
-- **European National:** Netherlands (27), Norway (23), Sweden (25), Germany (18/91/239)
-- **Financial:** SWIFT CSCF 2023 (127)
-- **Cloud:** CSA CCM v4 (334)
+- **NEW:** "What ISO 42001 controls map to NIST AI RMF?"
+- **NEW:** "Show me EU AI Act requirements for high-risk AI systems"
+
+## Available Frameworks (261)
+
+### AI Governance (NEW in v0.4.0)
+- **ISO 42001:2023** (149) - AI Management System
+- **NIST AI RMF 1.0** (158) - AI Risk Management Framework
+- **NIST AI 600-1** (139) - Generative AI Profile
+- **EU AI Act** (119) - Regulation 2024/1689
+- **EU Cyber Resilience Act** (18)
+
+### Core Frameworks
+- **US Government:** NIST 800-53 R5 (777), NIST CSF 2.0 (253), FedRAMP R5 (423), CMMC 2.0 (198/52)
+- **International Standards:** ISO 27001 (51), ISO 27002 (316), ISO 27017 (119), ISO 27018 (70), ISO 27701 (187), ISO 22301 (52)
+- **US Industry:** PCI DSS v4.0.1 (364), SOC 2 (412), HIPAA (136), SOX (2)
+- **Financial:** SWIFT CSCF 2023 (127), FFIEC (231), GLBA (108), DORA (103)
+- **Cloud:** CSA CCM v4 (334), Germany C5 (239)
+
+### Regional Coverage (50+ countries)
+- **APAC:** Australia ISM/Essential 8, Singapore MAS TRM, Japan ISMAP, China Cybersecurity Law, India DPDPA
+- **EU:** GDPR (42), NIS2 (68), PSD2 (61), plus 20+ national frameworks
+- **Americas:** US state laws (CA, NY, TX, etc.), Brazil LGPD, Canada PIPEDA
+- **Middle East/Africa:** Saudi SAMA, UAE NIAF, South Africa POPIA
+
+### Specialized
+- **Industrial/OT:** IEC 62443 (197), NERC CIP (224), NIST 800-82
+- **Automotive:** ISO/SAE 21434, TISAX, UN R155
+- **Healthcare:** HIPAA, HITRUST, CMS MARS-E
+
+See [docs/coverage.md](docs/coverage.md) for the complete list of 261 frameworks.
 
 ## Tools
 
 ### Core Tools
 
-**`list_frameworks()`** - List all 28 frameworks with control counts
+**`list_frameworks()`** - List all 261 frameworks with control counts
 
 **`get_control(control_id)`** - Get full details for a specific SCF control
-- Returns description, domain, weight, PPTDF category, and mappings to all 28 frameworks
+- Returns description, domain, weight, PPTDF category, and mappings to all 261 frameworks
 
 **`search_controls(query, frameworks=[], limit=10)`** - Search controls by keyword
 - Optional framework filtering
@@ -207,7 +227,7 @@ SCF JSON → In-memory index → MCP tools → AI response
 Based on **SCF 2025.4** (released December 29, 2025)
 
 - 1,451 controls across all domains
-- 580+ framework mappings (28 frameworks)
+- **261 frameworks** with full mapping coverage
 - Licensed under Creative Commons (data)
 - Source: [ComplianceForge SCF](https://securecontrolsframework.com/)
 

{security_controls_mcp-0.3.5 → security_controls_mcp-0.4.0}/README.md

@@ -9,13 +9,14 @@
 
 ## Overview
 
-Universal translator for security frameworks. Makes 1,451 security controls across 28 frameworks searchable and AI-accessible through Claude, Cursor, or any MCP-compatible client.
+**THE definitive MCP server for security framework mapping.** Makes 1,451 security controls across **261 frameworks** searchable and AI-accessible through Claude, Cursor, or any MCP-compatible client.
 
 Built on the [Secure Controls Framework (SCF)](https://securecontrolsframework.com/) by ComplianceForge.
 
 **Key capabilities:**
 - 1,451 security controls across governance, risk, compliance, and technical domains
-- 28 major frameworks including ISO 27001, NIST CSF, DORA, PCI DSS, CMMC, and more
+- **261 frameworks** including ISO 27001, NIST CSF, DORA, PCI DSS, CMMC, and 256 more
+- **AI Governance:** ISO 42001, NIST AI RMF, EU AI Act, Cyber Resilience Act
 - Bidirectional mapping between frameworks via SCF rosetta stone
 - Optional integration with purchased standards (ISO, NIST 800-53) for official text
 - Full-text search across all control descriptions
@@ -86,27 +87,46 @@ Same configuration under `"mcp.servers"` in your settings.
 - "List all controls needed for PCI DSS compliance"
 - "Which DORA requirements does ISO 27001 A.5.15 satisfy?"
 - "Show me all NIST CSF 2.0 controls related to incident response"
-
-## Available Frameworks (28)
-
-- **US Government:** NIST 800-53 (777), NIST CSF 2.0 (253), FedRAMP (343), CMMC 2.0 (198/52)
-- **International Standards:** ISO 27001 (51), ISO 27002 (316), CIS CSC v8.1 (234)
-- **US Industry:** PCI DSS v4.0.1 (364), SOC 2 (412), HIPAA (136)
-- **APAC:** Australia Essential Eight (37), Australia ISM (336), Singapore MAS TRM (214)
-- **EU Regulations:** GDPR (42), DORA (103), NIS2 (68)
-- **UK Standards:** NCSC CAF 4.0 (67), Cyber Essentials (26)
-- **European National:** Netherlands (27), Norway (23), Sweden (25), Germany (18/91/239)
-- **Financial:** SWIFT CSCF 2023 (127)
-- **Cloud:** CSA CCM v4 (334)
+- **NEW:** "What ISO 42001 controls map to NIST AI RMF?"
+- **NEW:** "Show me EU AI Act requirements for high-risk AI systems"
+
+## Available Frameworks (261)
+
+### AI Governance (NEW in v0.4.0)
+- **ISO 42001:2023** (149) - AI Management System
+- **NIST AI RMF 1.0** (158) - AI Risk Management Framework
+- **NIST AI 600-1** (139) - Generative AI Profile
+- **EU AI Act** (119) - Regulation 2024/1689
+- **EU Cyber Resilience Act** (18)
+
+### Core Frameworks
+- **US Government:** NIST 800-53 R5 (777), NIST CSF 2.0 (253), FedRAMP R5 (423), CMMC 2.0 (198/52)
+- **International Standards:** ISO 27001 (51), ISO 27002 (316), ISO 27017 (119), ISO 27018 (70), ISO 27701 (187), ISO 22301 (52)
+- **US Industry:** PCI DSS v4.0.1 (364), SOC 2 (412), HIPAA (136), SOX (2)
+- **Financial:** SWIFT CSCF 2023 (127), FFIEC (231), GLBA (108), DORA (103)
+- **Cloud:** CSA CCM v4 (334), Germany C5 (239)
+
+### Regional Coverage (50+ countries)
+- **APAC:** Australia ISM/Essential 8, Singapore MAS TRM, Japan ISMAP, China Cybersecurity Law, India DPDPA
+- **EU:** GDPR (42), NIS2 (68), PSD2 (61), plus 20+ national frameworks
+- **Americas:** US state laws (CA, NY, TX, etc.), Brazil LGPD, Canada PIPEDA
+- **Middle East/Africa:** Saudi SAMA, UAE NIAF, South Africa POPIA
+
+### Specialized
+- **Industrial/OT:** IEC 62443 (197), NERC CIP (224), NIST 800-82
+- **Automotive:** ISO/SAE 21434, TISAX, UN R155
+- **Healthcare:** HIPAA, HITRUST, CMS MARS-E
+
+See [docs/coverage.md](docs/coverage.md) for the complete list of 261 frameworks.
 
 ## Tools
 
 ### Core Tools
 
-**`list_frameworks()`** - List all 28 frameworks with control counts
+**`list_frameworks()`** - List all 261 frameworks with control counts
 
 **`get_control(control_id)`** - Get full details for a specific SCF control
-- Returns description, domain, weight, PPTDF category, and mappings to all 28 frameworks
+- Returns description, domain, weight, PPTDF category, and mappings to all 261 frameworks
 
 **`search_controls(query, frameworks=[], limit=10)`** - Search controls by keyword
 - Optional framework filtering
@@ -174,7 +194,7 @@ SCF JSON → In-memory index → MCP tools → AI response
 Based on **SCF 2025.4** (released December 29, 2025)
 
 - 1,451 controls across all domains
-- 580+ framework mappings (28 frameworks)
+- **261 frameworks** with full mapping coverage
 - Licensed under Creative Commons (data)
 - Source: [ComplianceForge SCF](https://securecontrolsframework.com/)
 

{security_controls_mcp-0.3.5 → security_controls_mcp-0.4.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "security-controls-mcp"
-version = "0.3.5"
+version = "0.4.0"
 description = "MCP server for querying security framework controls (SCF) - map between ISO 27001, NIST CSF, DORA, PCI DSS, and more"
 readme = "README.md"
 requires-python = ">=3.10"
@@ -73,3 +73,8 @@ target-version = "py310"
 [tool.ruff.lint]
 select = ["E", "F", "I"]
 ignore = ["E501"]  # Ignore line length (allow > 100 chars)
+
+[dependency-groups]
+dev = [
+    "openpyxl (>=3.1.5,<4.0.0)"
+]

{security_controls_mcp-0.3.5 → security_controls_mcp-0.4.0}/src/security_controls_mcp/__init__.py

@@ -1,3 +1,3 @@
 """Security Controls MCP Server - Query security framework controls and mappings."""
 
-__version__ = "0.3.4"
+__version__ = "0.4.0"