@compligent-mcp/rmf
Version:
Compligent MCP Client - NIST Risk Management Framework with Prompts and Resources (connects to hosted compliance database)
192 lines (144 loc) • 6.19 kB
Markdown
# @compligent-mcp/rmf
[](https://badge.fury.io/js/%40compligent-mcp%2Frmf)
[](https://opensource.org/licenses/MIT)
**Compligent MCP Client for NIST Risk Management Framework (RMF)**
> Thin client connecting to hosted RMF compliance service via Model Context Protocol (MCP)
## Overview
This package provides access to the comprehensive NIST Risk Management Framework (RMF) through a lightweight client that connects to Compligent's hosted compliance database. Perfect for risk assessment, continuous monitoring, and RMF lifecycle management.
## Features
- 🎯 **19 RMF Tools** - Complete lifecycle coverage from Prepare to Monitor
- 💬 **2 Interactive Prompts** - Categorization wizard and implementation guidance
- 📊 **1 Live Resource** - Real-time RMF lifecycle dashboard
- 🔗 **Zero Installation** - Access via `npx` without local setup
- ⚡ **Always Updated** - Connected to live compliance database
- 🌐 **Cloud-Powered** - Hosted on Railway with 99.9% uptime
## Quick Start
### Option 1: NPX (Recommended)
```bash
npx @compligent-mcp/rmf
```
### Option 2: Claude Desktop Integration
Add to your Claude Desktop MCP configuration:
```json
{
"mcpServers": {
"rmf": {
"command": "npx",
"args": ["-y", "@compligent-mcp/rmf@latest"],
"env": { "MCP_TRANSPORT": "stdio" }
}
}
}
```
## Capabilities
### 🛠️ Tools (19 available)
#### **Core RMF Operations**
- `list_rmf_steps` - All 7 RMF steps (PREPARE, CATEGORIZE, SELECT, IMPLEMENT, ASSESS, AUTHORIZE, MONITOR)
- `get_rmf_step` - Detailed step information with tasks
- `get_rmf_task` - Individual task details
- `search_rmf_tasks` - Find tasks by keyword
#### **Risk Assessment & Management**
- `calculate_rmf_risk_level` - Risk calculation engine
- `generate_rmf_risk_matrix` - Visual risk heat maps
- `generate_rmf_risk_register` - Comprehensive risk registers with POA&M integration
#### **Implementation Support**
- `generate_rmf_checklist` - Step-specific implementation checklists
- `generate_rmf_step_playbook` - Customized implementation guides
- `generate_rmf_responsibility_matrix` - RACI matrices for tasks
#### **Continuous Monitoring (ISCM)**
- `generate_rmf_iscm_strategy` - Monitoring strategy development
- `define_rmf_monitoring_metrics` - KPIs, KRIs, and alert criteria
- `create_rmf_dashboard_template` - Executive and operational dashboards
#### **Enhanced Intelligence**
- `get_rmf_task_details` - Complete task information with outputs, inputs, responsibilities
- `get_rmf_role_responsibilities` - Role definitions with task assignments
- `get_rmf_task_discussion` - Implementation guidance and best practices
- `get_rmf_reference_documents` - Related NIST publications
- `get_rmf_sdlc_integration` - RMF tasks mapped to SDLC phases
### 💬 Prompts (2 available)
#### **System Categorization Wizard** (`rmf_categorization_wizard`)
Interactive guidance for FIPS 199 system categorization with:
- Step-by-step impact analysis
- Confidentiality, integrity, availability assessment
- Baseline recommendation
- Documentation generation
#### **Implementation Guidance**
Comprehensive implementation support for RMF steps and tasks with:
- Organization-specific recommendations
- Best practices and common pitfalls
- Resource requirements and timelines
### 📊 Resources (1 available)
#### **RMF Lifecycle Dashboard** (`rmf://dashboard/lifecycle`)
Real-time view of RMF pipeline with:
- System status across all RMF steps
- Progress indicators and bottlenecks
- Executive summary and recommendations
- Interactive workflow visualization
## Example Usage
### Basic Tool Usage
```javascript
// List all RMF steps
const steps = await mcp.callTool('list_rmf_steps', {});
// Get specific step details
const prepareStep = await mcp.callTool('get_rmf_step', {
step_id: 'P'
});
// Calculate risk level
const riskLevel = await mcp.callTool('calculate_rmf_risk_level', {
threat_likelihood: 'High',
impact_level: 'Moderate',
control_effectiveness: 'Partially Effective'
});
```
### Interactive Prompts
```javascript
// System categorization wizard
const categorization = await mcp.getPrompt('rmf_categorization_wizard', {
system_name: 'Customer Portal',
system_type: 'web-application',
data_sensitivity: 'high'
});
```
### Live Resources
```javascript
// Access RMF lifecycle dashboard
const dashboard = await mcp.readResource('rmf://dashboard/lifecycle');
```
## Command Line Testing
```bash
# Test tool listing
echo '{"jsonrpc":"2.0","method":"tools/list","id":1}' | npx @compligent-mcp/rmf
# Test RMF steps
echo '{"jsonrpc":"2.0","method":"tools/call","params":{"name":"list_rmf_steps","arguments":{}},"id":2}' | npx @compligent-mcp/rmf
# Test prompts
echo '{"jsonrpc":"2.0","method":"prompts/list","id":3}' | npx @compligent-mcp/rmf
# Test resources
echo '{"jsonrpc":"2.0","method":"resources/list","id":4}' | npx @compligent-mcp/rmf
```
## Architecture
This thin client connects to Compligent's hosted RMF service:
- **Client**: Lightweight proxy (this package)
- **Service**: Full RMF server deployed on Railway
- **Data**: NIST SP 800-37 Rev 2 CPRT database
- **Protocol**: Model Context Protocol (MCP) over HTTPS
## Important Notes
**MCP Client Usage**: This is an MCP client designed for integration with AI assistants and MCP-compatible tools.
**Recommended Usage**:
1. **Claude Desktop**: Add to MCP configuration (recommended)
2. **NPX**: `npx @compligent-mcp/rmf` for testing
3. **Global Install**: `npm install -g @compligent-mcp/rmf`
**Not Recommended**: Direct command-line usage (this is an MCP client, not a CLI tool)
## Authentication
Optional API key authentication:
```bash
export COMPLIGENT_API_KEY=your-api-key
npx @compligent-mcp/rmf
```
## Support
- **Documentation**: [https://compligent.io/rmf](https://compligent.io/rmf)
- **Issues**: [GitHub Issues](https://github.com/compligent/mcp-platform/issues)
- **Support**: support@compligent.io
## License
MIT License - see LICENSE file for details.
---
**Compligent MCP Platform** | Streamlining Compliance Through AI