nist-csf-2

The NIST CSF 2.0 MCP server provides a comprehensive automation layer for guiding security assessments and integrating AI tools. It exposes a robust set of MCP tools designed to help with assessment workflow orchestration, gap analysis, prioritization, and reporting, including start_assessment_workflow, persistent_comprehensive_assessment, assess_maturity, generate_gap_analysis, and generate_executive_report. When deployed for AI integration, you can run the server inside a container and connect your AI agents (e.g., Claude Desktop, ChatGPT) to orchestrate assessment steps, retrieve questions, and generate tailored reports. The platform also supports real-time dashboards and export options to share progress with stakeholders. Typical usage involves starting the server container, then issuing MCP tool commands through your integration layer to drive assessments, track progress, and produce board-ready outputs.

Prerequisites:

• Docker installed and running
• Access to the repository (clone or download)

Option A: Run the MCP server for AI integration (AI/CLI workflow)

1. Ensure Docker is running: docker version
2. Start the MCP server container (example from the README): docker run -i --rm ghcr.io/rocklambros/nist-csf-2-mcp-server:latest node dist/index.js 2>/dev/null This command runs the MCP server which exposes the MCP tools for integration.
3. Interact with the MCP tools from your integration layer by calling the exposed MCP endpoints/commands as described in the PROMPTS.md and API docs (see repository PROMPTS.md for tool usage examples).

Option B: Run the Professional Assessment GUI (optional)

1. Clone the repository and navigate to the GUI folder: git clone https://github.com/rocklambros/nist-csf-2-mcp-server.git cd nist-csf-2-mcp-server/gui-platform
2. Ensure Docker Compose is available on your system.
3. Start the GUI stack: docker-compose up
4. Access the interface at:
   • Assessment Interface: http://localhost:3000
   • Health: http://localhost:3001/health

Prereqs recap:

• Docker for containerized server and/or GUI deployment
• Optional: Docker Compose for GUI orchestration
• Basic familiarity with MCP tool usage from PROMPTS.md

Tips and common considerations:

• Environment variable MCP_SERVER=true is used in the example to signal AI integration mode; adjust based on your deployment scenario.
• The health endpoint for the GUI is at /health (http://localhost:3001/health).
• When using the AI integration pattern, you typically run the MCP server container and drive interactions via the MCP tools exposed by the server (see PROMPTS.md for tool documentation and usage examples).
• If using the docker-based run command, ensure that the host has permission to pull the ghcr.io/rocklambros/nist-csf-2-mcp-server:latest image and that the port exposure complies with your network policy.
• For production, consider authentication mode and OAuth configuration as described in the Security/Deployment guides inside the repository.