secureframe

The Secureframe MCP Server provides read-only access to Secureframe’s compliance data, enabling AI assistants and MCP clients to query security controls, view compliance tests, and inspect audit information across multiple frameworks such as SOC 2, ISO 27001, CMMC, and FedRAMP. With the server you can list controls, fetch test statuses, enumerate users and devices, review vendor and repository data, and examine integration connections. The available tools are designed for read-only exploration and reporting, helping AI assistants surface relevant security and compliance insights without modifying data. To use it, configure your MCP client to point at the server’s Python entry point and supply your API credentials via environment variables; then call the provided tools (e.g., list_controls, list_tests, list_users) with appropriate query parameters as needed.

Prerequisites:\n- Python 3.7 or higher\n- Access to Secureframe API with generated API keys\n- MCP-compatible client (e.g., Claude Desktop, Cursor IDE)\n\nStep-by-step installation:\n1) Clone the repository and set up the environment:\nbash\ngit clone https://github.com/secureframe/secureframe-mcp-server.git\ncd secureframe-mcp-server\npython -m venv venv\nsource venv/bin/activate # On Windows: venv\Scripts\activate\n\n2) Install dependencies:\nbash\npip install -r requirements.txt\n\n3) Configure credentials:\nbash\cp env.example .env\n# Edit .env with your API credentials (SECUREFRAME_API_KEY, SECUREFRAME_API_SECRET, SECUREFRAME_API_URL)\n\n4) Run the MCP server locally for testing:\nbash\npython main.py\n\n5) In your MCP client (Claude Cursor, etc.), add the server under mcpServers with the Python command and path to main.py, and set the required environment variables as described in the configuration section.

Tips and considerations:\n- Ensure your API credentials are kept secure; do not commit .env to version control.\n- If your API region is not US, set SECUREFRAME_API_URL to the appropriate regional endpoint (e.g., https://api-secureframe.example.com).\n- The MCP server exposes only read operations. For debugging, use the MCP Inspector with the provided debugging command in Development.\n- When configuring clients, use absolute paths to main.py to avoid path resolution issues.\n- If you encounter rate limiting or authentication errors, verify that the API keys have not expired and that the environment variables are visible to the process running main.py.\n- The available tools include: list_controls, list_tests, list_users, list_devices, list_user_accounts, list_tprm_vendors, list_vendors, list_frameworks, list_repositories, list_integration_connections, and list_repository_framework_scopes; combine them with Lucene-style queries for powerful filtering.