manage_cis_compliance
Assess and remediate CIS benchmark compliance for Microsoft 365 environments, track security controls, and generate compliance reports.
Instructions
Manage CIS (Center for Internet Security) benchmark compliance including assessment and remediation tracking.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| action | Yes | CIS compliance action | |
| benchmark | No | CIS benchmark to assess | |
| implementationGroup | No | Implementation group | |
| controlIds | No | Specific control IDs | |
| scope | No | Assessment scope | |
| settings | No | Assessment settings |
Implementation Reference
- Main handler function that executes the manage_cis_compliance tool logic, dispatching to CIS-specific assessment, reporting, monitoring, and remediation functions.export async function handleCISCompliance( graphClient: Client, args: CISComplianceArgs ): Promise<{ content: { type: string; text: string }[] }> { let result: any; switch (args.action) { case 'assess': // Perform CIS compliance assessment result = await performCISAssessment(graphClient, args); break; case 'get_benchmark': // Get CIS benchmark information result = await getCISBenchmark(args.benchmark || 'office365'); break; case 'generate_report': // Generate CIS compliance report result = await generateCISReport(graphClient, args); break; case 'configure_monitoring': // Configure CIS monitoring result = await configureCISMonitoring(args); break; case 'remediate': // Execute automated remediation result = await executeCISRemediation(graphClient, args); break; default: throw new McpError(ErrorCode.InvalidParams, `Invalid action: ${args.action}`); } return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] }; }
- src/server.ts:1030-1049 (registration)MCP server registration of the manage_cis_compliance tool, mapping it to handleCISCompliance handler with input schema and annotations.this.server.tool( "manage_cis_compliance", "Manage CIS (Center for Internet Security) benchmark compliance including assessment and remediation tracking.", cisComplianceSchema.shape, {"readOnlyHint":false,"destructiveHint":false,"idempotentHint":true}, wrapToolHandler(async (args: CISComplianceArgs) => { this.validateCredentials(); try { return await handleCISCompliance(this.getGraphClient(), args); } catch (error) { if (error instanceof McpError) { throw error; } throw new McpError( ErrorCode.InternalError, `Error executing tool: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }) );
- src/tool-definitions.ts:469-485 (schema)Zod input schema definition for the manage_cis_compliance tool parameters.export const cisComplianceSchema = z.object({ action: z.enum(['assess', 'get_benchmark', 'generate_report', 'configure_monitoring', 'remediate']).describe('CIS compliance action'), benchmark: z.enum(['windows-10', 'windows-11', 'windows-server-2019', 'windows-server-2022', 'office365', 'azure', 'intune']).optional().describe('CIS benchmark to assess'), implementationGroup: z.enum(['1', '2', '3']).optional().describe('Implementation group'), controlIds: z.array(z.string()).optional().describe('Specific control IDs'), scope: z.object({ devices: z.array(z.string()).optional().describe('Target devices'), users: z.array(z.string()).optional().describe('Target users'), policies: z.array(z.string()).optional().describe('Target policies'), }).optional().describe('Assessment scope'), settings: z.object({ automated: z.boolean().optional().describe('Automated assessment'), generateRemediation: z.boolean().optional().describe('Generate remediation plans'), includeEvidence: z.boolean().optional().describe('Include evidence'), riskPrioritization: z.boolean().optional().describe('Risk-based prioritization'), }).optional().describe('Assessment settings'), });
- TypeScript interface defining the input arguments for CIS compliance operations.export interface CISComplianceArgs { action: 'assess' | 'get_benchmark' | 'generate_report' | 'configure_monitoring' | 'remediate'; benchmark?: 'windows-10' | 'windows-11' | 'windows-server-2019' | 'windows-server-2022' | 'office365' | 'azure' | 'intune'; implementationGroup?: '1' | '2' | '3'; controlIds?: string[]; scope?: { devices?: string[]; users?: string[]; policies?: string[]; }; settings?: { automated?: boolean; generateRemediation?: boolean; includeEvidence?: boolean; riskPrioritization?: boolean; }; }
- src/tool-metadata.ts:201-204 (registration)Tool metadata providing description, title, and annotations used during MCP server registration.manage_cis_compliance: { description: "Manage CIS (Center for Internet Security) benchmark compliance including assessment and remediation tracking.", title: "CIS Compliance Manager", annotations: { title: "CIS Compliance Manager", readOnlyHint: false, destructiveHint: false, idempotentHint: true, openWorldHint: true }