manage_compliance_frameworks
Configure and assess compliance frameworks like HIPAA, GDPR, and ISO 27001 to meet regulatory requirements in Microsoft 365 environments.
Instructions
Manage compliance frameworks and standards including HIPAA, GDPR, SOX, PCI-DSS, ISO 27001, and NIST configurations.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| action | Yes | Compliance framework management action | |
| framework | Yes | Compliance framework type | |
| scope | No | Assessment scope (organization, specific systems) | |
| settings | No | Framework settings |
Implementation Reference
- src/handlers/compliance-handler.ts:17-97 (handler)Main handler function implementing the manage_compliance_frameworks tool logic. Handles actions: list, configure, status, assess, activate, deactivate compliance frameworks (HITRUST, ISO27001, SOC2, CIS). Integrates with Microsoft Graph for secure scores and controls.// Compliance Framework Management Handler export async function handleComplianceFrameworks( graphClient: Client, args: ComplianceFrameworkArgs ): Promise<{ content: { type: string; text: string }[] }> { let result: any; switch (args.action) { case 'list': // List available compliance frameworks result = { frameworks: [ { id: 'hitrust', name: 'HITRUST CSF', version: '11.1', description: 'Health Information Trust Alliance Common Security Framework', controlFamilies: 49, totalControls: 156, status: 'available' }, { id: 'iso27001', name: 'ISO 27001:2022', version: '2022', description: 'Information Security Management System', controlFamilies: 14, totalControls: 114, status: 'available' }, { id: 'soc2', name: 'SOC 2 Type II', version: '2017', description: 'Service Organization Control 2', controlFamilies: 5, totalControls: 64, status: 'available' } ] }; break; case 'configure': // Configure compliance framework settings const frameworkConfig = { framework: args.framework, scope: args.scope || ['all'], settings: args.settings, configuredDate: new Date().toISOString(), status: 'configured' }; // In a real implementation, this would be stored in a database result = { message: 'Framework configured successfully', config: frameworkConfig }; break; case 'status': // Get compliance framework status result = await getFrameworkStatus(graphClient, args.framework); break; case 'assess': // Trigger compliance assessment result = await triggerAssessment(graphClient, args.framework, args.scope || []); break; case 'activate': result = { message: `${args.framework} framework activated`, status: 'active' }; break; case 'deactivate': result = { message: `${args.framework} framework deactivated`, status: 'inactive' }; break; default: throw new McpError(ErrorCode.InvalidParams, `Invalid action: ${args.action}`); } return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] }; }
- src/types/compliance-types.ts:1-7 (schema)TypeScript interface defining input schema for the tool: action (enum), framework (HITRUST/ISO/SOC2/CIS), optional scope and settings.// Compliance Framework Management Types export interface ComplianceFrameworkArgs { action: 'list' | 'configure' | 'status' | 'assess' | 'activate' | 'deactivate'; framework: 'hitrust' | 'iso27001' | 'soc2' | 'cis'; scope?: string[]; settings?: Record<string, unknown>; }
- src/server.ts:898-917 (registration)Registers the 'manage_compliance_frameworks' tool with MCP server, linking to handleComplianceFrameworks handler, schema, and metadata.this.server.tool( "manage_compliance_frameworks", "Manage compliance frameworks and standards including HIPAA, GDPR, SOX, PCI-DSS, ISO 27001, and NIST configurations.", complianceFrameworkSchema.shape, {"readOnlyHint":false,"destructiveHint":false,"idempotentHint":true}, wrapToolHandler(async (args: ComplianceFrameworkArgs) => { this.validateCredentials(); try { return await handleComplianceFrameworks(this.getGraphClient(), args); } catch (error) { if (error instanceof McpError) { throw error; } throw new McpError( ErrorCode.InternalError, `Error executing tool: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }) );
- src/handlers.ts:47-53 (registration)Imports the handleComplianceFrameworks function from compliance-handler.ts for use in main handlers index.import { handleComplianceFrameworks, handleComplianceAssessments, handleComplianceMonitoring, handleEvidenceCollection, handleGapAnalysis } from './handlers/compliance-handler.js';
- Helper function getFrameworkStatus that fetches Secure Score and control profiles from Microsoft Graph API to compute framework status.async function getFrameworkStatus(graphClient: Client, framework: string) { // Get data from Microsoft Compliance Manager and other sources const secureScore = await graphClient.api('/security/secureScores').top(1).get(); const controls = await graphClient.api('/security/secureScoreControlProfiles').get(); return { framework, overallScore: secureScore.value[0]?.currentScore || 0, maxScore: secureScore.value[0]?.maxScore || 100, compliancePercentage: Math.round((secureScore.value[0]?.currentScore / secureScore.value[0]?.maxScore) * 100) || 0, lastAssessmentDate: new Date().toISOString(), controlSummary: { total: controls.value?.length || 0, compliant: controls.value?.filter((c: any) => c.implementationStatus === 'implemented').length || 0, nonCompliant: controls.value?.filter((c: any) => c.implementationStatus === 'notImplemented').length || 0, partiallyCompliant: controls.value?.filter((c: any) => c.implementationStatus === 'partiallyImplemented').length || 0 } }; } async function triggerAssessment(graphClient: Client, framework: string, scope: string[]) {