MCP Server For OSCAL

Name: MCP Server For OSCAL
Author: awslabs

awslabs/mcp-server-for-oscal

Query and work with Open Security Controls Assessment Language (OSCAL) content from an agent using AWS Bedrock and a dedicated OSCAL knowledge base.

Overview

MCP Server for OSCAL is a MCP server for the Ship phase that exposes OSCAL-focused agent tools backed by AWS Bedrock and an OSCAL knowledge base.

What is this MCP server?

MCP Server for OSCAL v0.4.0 (awslabs) with stdio transport via PyPI `mcp-server-for-oscal`
Bedrock-backed documentation queries using BEDROCK_MODEL_ID and OSCAL_KB_ID
AWS credential wiring through AWS_PROFILE and AWS_REGION environment variables
Configurable LOG_LEVEL (DEBUG, INFO, WARNING, ERROR) for operational troubleshooting
Package and server version 0.4.0
Five documented environment variables: BEDROCK_MODEL_ID, OSCAL_KB_ID, AWS_PROFILE, AWS_REGION, LOG_LEVEL
Repository: github.com/awslabs/mcp-server-for-oscal

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Mapping product behavior to formal control frameworks in OSCAL format is slow and error-prone without agent-accessible, KB-grounded tooling.

Who is it for?

Builders shipping B2B or regulated-adjacent SaaS who already use AWS and want agent help navigating OSCAL catalogs and assessments.

Skip if: Hobby projects with no compliance requirements, teams without AWS Bedrock access, or orgs that forbid LLM-generated control interpretations as audit evidence.

What do I get? / Deliverables

Once configured, your agent can query OSCAL documentation and support compliance-oriented tasks using your Bedrock model and OSCAL_KB_ID.

Agent-callable OSCAL documentation and workflow tools via MCP
Bedrock-grounded answers tied to your configured OSCAL knowledge base
Environment-tuned logging for compliance integration debugging

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Compliance and control baselines belong in Ship when you harden the product before or during launch, not while you are still sketching features. Security is the canonical shelf because the server targets OSCAL control catalogs and assessment language, not general app CRUD.

How it compares

OSCAL-focused Bedrock MCP server—not a generic vulnerability scanner or AWS deployment skill.

Common Questions / FAQ

Who is MCP Server For OSCAL for?

Solo builders and small teams accountable for security compliance who work in AWS and need OSCAL-aware agent assistance.

When should I use MCP Server For OSCAL?

Use it during security and launch prep when you are aligning controls, assessments, or documentation with OSCAL and want grounded Q&A via Bedrock.

How do I add MCP Server For OSCAL to my agent?

Install `mcp-server-for-oscal` from PyPI as a stdio MCP server and set BEDROCK_MODEL_ID, OSCAL_KB_ID, AWS_PROFILE, AWS_REGION, and optional LOG_LEVEL in the server environment.

MCP Server For OSCAL

awslabs/mcp-server-for-oscal

Query and work with Open Security Controls Assessment Language (OSCAL) content from an agent using AWS Bedrock and a dedicated OSCAL knowledge base.

Overview

MCP Server for OSCAL is a MCP server for the Ship phase that exposes OSCAL-focused agent tools backed by AWS Bedrock and an OSCAL knowledge base.

What is this MCP server?

MCP Server for OSCAL v0.4.0 (awslabs) with stdio transport via PyPI `mcp-server-for-oscal`
Bedrock-backed documentation queries using BEDROCK_MODEL_ID and OSCAL_KB_ID
AWS credential wiring through AWS_PROFILE and AWS_REGION environment variables
Configurable LOG_LEVEL (DEBUG, INFO, WARNING, ERROR) for operational troubleshooting
Package and server version 0.4.0
Five documented environment variables: BEDROCK_MODEL_ID, OSCAL_KB_ID, AWS_PROFILE, AWS_REGION, LOG_LEVEL
Repository: github.com/awslabs/mcp-server-for-oscal

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Mapping product behavior to formal control frameworks in OSCAL format is slow and error-prone without agent-accessible, KB-grounded tooling.

Who is it for?

Builders shipping B2B or regulated-adjacent SaaS who already use AWS and want agent help navigating OSCAL catalogs and assessments.

Skip if: Hobby projects with no compliance requirements, teams without AWS Bedrock access, or orgs that forbid LLM-generated control interpretations as audit evidence.

What do I get? / Deliverables

Once configured, your agent can query OSCAL documentation and support compliance-oriented tasks using your Bedrock model and OSCAL_KB_ID.

Agent-callable OSCAL documentation and workflow tools via MCP
Bedrock-grounded answers tied to your configured OSCAL knowledge base
Environment-tuned logging for compliance integration debugging

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

OSCAL-focused Bedrock MCP server—not a generic vulnerability scanner or AWS deployment skill.

Common Questions / FAQ

Who is MCP Server For OSCAL for?

Solo builders and small teams accountable for security compliance who work in AWS and need OSCAL-aware agent assistance.

When should I use MCP Server For OSCAL?

Use it during security and launch prep when you are aligning controls, assessments, or documentation with OSCAL and want grounded Q&A via Bedrock.

How do I add MCP Server For OSCAL to my agent?

Install `mcp-server-for-oscal` from PyPI as a stdio MCP server and set BEDROCK_MODEL_ID, OSCAL_KB_ID, AWS_PROFILE, AWS_REGION, and optional LOG_LEVEL in the server environment.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is MCP Server For OSCAL for?

When should I use MCP Server For OSCAL?

How do I add MCP Server For OSCAL to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is MCP Server For OSCAL for?

When should I use MCP Server For OSCAL?

How do I add MCP Server For OSCAL to my agent?