mcp-server-for-oscal
Verified Safeby awslabs
Overview
The server acts as an AI agent providing expert assistance on OSCAL (Open Security Controls Assessment Language) by leveraging specialized tools and Amazon Bedrock's knowledge base capabilities.
Installation
python -m mcp_server_for_oscalEnvironment Variables
- BEDROCK_MODEL_ID
- OSCAL_KB_ID
- AWS_PROFILE
- AWS_REGION
- LOG_LEVEL
- OSCAL_MCP_SERVER_NAME
- OSCAL_MCP_TRANSPORT
Security Notes
The codebase demonstrates strong security practices. It explicitly implements file integrity checks using SHA-256 hashes against a `hashes.json` manifest for both OSCAL schemas and documentation directories at server startup. This prevents the server from operating with tampered or corrupted bundled content. Configuration for sensitive details like AWS credentials and Bedrock IDs are handled through environment variables, with no hardcoded secrets found. The server defaults to binding to `127.0.0.1`, limiting network exposure. Interaction with AWS Bedrock is via the official Boto3 SDK, relying on AWS's inherent service security. The primary point of external interaction (Bedrock KB) relies on the security posture of the AWS account and the content within the knowledge base, which is outside the direct control of this server's codebase.
Similar Servers
agentgateway
An API Gateway specialized for agent-to-agent and agent-to-tool communication, providing routing, security, and AI/LLM integration capabilities.
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
agent-identity-management
A production-ready identity verification and security platform for AI agents and Model Context Protocol (MCP) servers, providing cryptographic identity, access control, and real-time threat detection.
mcp
The Tenzir MCP Server enables AI assistants to interact with Tenzir, a data pipeline engine for security operations, by providing tools for TQL execution, OCSF schema querying, package management, and code generation.