NIST CSF 2.0 Assessment Platform
Complete NIST Cybersecurity Framework 2.0 implementation with professional assessment GUI and comprehensive MCP server. Built for cybersecurity professionals, CISOs, and AI integration.
🎯 740 assessment questions • 🛡️ Multi-tier security • 📊 Executive dashboards • 🤖 40+ MCP tools
🚀 Quick Start
Choose your deployment option based on your use case:
Option 1: Professional Assessment GUI (Recommended)
Perfect for: CISOs, Security Teams, Executive Presentations
git clone https://github.com/rocklambros/nist-csf-2-mcp-server.git
cd nist-csf-2-mcp-server/gui-platform
docker-compose up
Access Your Platform:
- 🌐 Assessment Interface: http://localhost:3000
- 📊 Executive Dashboard: Real-time progress and benchmarking
- 🔧 Health Status: http://localhost:3001/health
Features:
- Company-size aware question filtering
- Persistent assessment sessions (pause/resume anytime)
- Real-time executive dashboards with industry benchmarking
- Professional PDF reports for board presentations
Option 2: MCP Server for AI Integration
Perfect for: Claude Desktop, ChatGPT, Technical Users
Claude Desktop Setup:
{
"mcpServers": {
"nist-csf": {
"command": "sh",
"args": ["-c", "docker run -i --rm ghcr.io/rocklambros/nist-csf-2-mcp-server:latest node dist/index.js 2>/dev/null"],
"env": {"MCP_SERVER": "true"}
}
}
}
🎨 Assessment GUI Experience
Workflow
- Organization Setup (2 minutes): Name, size, industry → automatic question filtering
- Function Assessment (2-4 hours, resumable): Navigate NIST CSF functions with dual questions
- Executive Dashboard (Instant): Real-time results with industry comparison
Professional Features
- Dual Question Types: Maturity rating + Implementation status per subcategory
- Smart Filtering: 740 total questions → relevant subset based on organization size
- Industry Benchmarking: Compare against similar organizations in your sector
- Executive Ready: Professional styling suitable for CISO and board presentations
🤖 MCP Tools (40 Tools)
Assessment & Scoring
start_assessment_workflow- Begin comprehensive assessmentpersistent_comprehensive_assessment- Resume assessments across sessionsassess_maturity- Calculate maturity scores across NIST functionscalculate_risk_score- Risk assessment with heat map generationget_assessment_questions- 740-question bank with size filtering
Planning & Implementation
generate_gap_analysis- Current vs target state analysiscreate_implementation_plan- Phased roadmap with timelinesgenerate_priority_matrix- Effort/impact prioritizationestimate_implementation_cost- Financial planning and ROI analysistrack_progress- Implementation progress monitoring
Reporting & Export
generate_executive_report- Board-ready executive summariesgenerate_dashboard- Real-time dashboard dataexport_data- Multi-format data export (PDF, CSV, Excel)generate_compliance_report- Multi-framework compliance mapping
Complete Tool Documentation with Examples →
📊 Technical Specifications
- Framework: Complete NIST CSF 2.0 (6 functions, 34 categories, 185 subcategories)
- Questions: 740 across 4 dimensions (Risk, Maturity, Implementation, Effectiveness)
- Performance: <100ms response times, 100+ concurrent users
- Security: Multi-tier authentication (development → API key → OAuth 2.1)
- Integration: MCP protocol, REST API, WebSocket real-time updates
🔧 Advanced Configuration
Security Modes
# Development
AUTH_MODE=disabled docker-compose up
# Production
AUTH_MODE=oauth OAUTH_ISSUER=https://your-provider.com docker-compose up
Performance Options
# Monitoring enabled
ENABLE_MONITORING=true docker-compose up
# Development with hot reload
docker-compose -f docker-compose.dev.yml up
📚 Documentation
- Deployment Guide: Complete setup options
- MCP Tools Reference: All 40 tools with examples
- Assessment Workflow: Detailed usage guide
- Architecture Overview: Technical details
🆘 Support
- GitHub Issues: Bug reports and feature requests
- GitHub Discussions: Community support
📋 License
MIT License
Enterprise-grade cybersecurity assessment platform for NIST CSF 2.0 compliance, executive reporting, and professional security evaluation.