Csf

Name: Csf
Author: compligent

compligent/mcp-platform

Map product and infra controls to NIST CSF 2.0 and run structured security assessments from your coding agent.

Overview

io.github.compl-i-agent/csf is a MCP server for the Ship phase that applies NIST CSF 2.0 through 35 tools and 12 prompts for agent-driven cybersecurity framework work.

What is this MCP server?

35 MCP tools aligned to NIST Cybersecurity Framework 2.0
12 guided prompts for assessments and control conversations
stdio npm package @compligent-mcp/csf (v2.4.6)
Professional CSF-oriented workflow for builders and small teams
Pairs with agent-driven compliance gap analysis
12 prompts
Server version 2.4.6

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

You know you need a credible security story but CSF tiers, categories, and control mapping feel overwhelming to do consistently in a solo sprint.

Who is it for?

Indie SaaS founders preparing for SOC2-curious buyers, security questionnaires, or internal hardening sprints who want CSF vocabulary in the IDE.

Skip if: Teams that need automated pentesting, live vuln scanning, or certified compliance attestation without human review.

What do I get? / Deliverables

Your agent can reference CSF 2.0 structures, run framework-aligned prompts, and produce control-oriented notes you can turn into a backlog and customer-facing security narrative.

CSF-aligned control and gap discussion notes
Prompt-driven assessment outputs for security backlog items
Repeatable agent access to 35 framework tools

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Cybersecurity framework work peaks before and after launch when you harden and prove posture; CSF is the canonical shelf for ship-phase security planning. NIST CSF is a security control and risk framework, not a deploy or test runner—security subphase is the natural home.

How it compares

NIST CSF framework MCP server, not a single passive security skill or a generic OWASP cheat sheet.

Common Questions / FAQ

Who is io.github.compl-i-agent/csf for?

Solo builders and small teams shipping SaaS or APIs who want NIST CSF 2.0 structure inside Claude Code, Cursor, or similar agents.

When should I use io.github.compl-i-agent/csf?

Use it during security hardening, pre-launch reviews, customer security questionnaires, or when scoping what controls you actually need.

How do I add io.github.compl-i-agent/csf to my agent?

Install @compligent-mcp/csf from npm, add a stdio MCP entry pointing at the package, restart the agent, and invoke tools from the CSF catalog.

Csf