manage_compliance_frameworks
Configure and monitor compliance frameworks like HIPAA, GDPR, and ISO 27001 within Microsoft 365 to meet regulatory requirements and assess security controls.
Instructions
Manage compliance frameworks and standards including HIPAA, GDPR, SOX, PCI-DSS, ISO 27001, and NIST configurations.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| action | Yes | Compliance framework management action | |
| framework | Yes | Compliance framework type | |
| scope | No | Assessment scope (organization, specific systems) | |
| settings | No | Framework settings |
Implementation Reference
- src/handlers/compliance-handler.ts:17-97 (handler)The main handler function for the 'manage_compliance_frameworks' tool. It processes various actions (list, configure, status, assess, activate, deactivate) for compliance frameworks like HITRUST, ISO27001, SOC2. Integrates with Microsoft Graph for status checks and assessments.// Compliance Framework Management Handler export async function handleComplianceFrameworks( graphClient: Client, args: ComplianceFrameworkArgs ): Promise<{ content: { type: string; text: string }[] }> { let result: any; switch (args.action) { case 'list': // List available compliance frameworks result = { frameworks: [ { id: 'hitrust', name: 'HITRUST CSF', version: '11.1', description: 'Health Information Trust Alliance Common Security Framework', controlFamilies: 49, totalControls: 156, status: 'available' }, { id: 'iso27001', name: 'ISO 27001:2022', version: '2022', description: 'Information Security Management System', controlFamilies: 14, totalControls: 114, status: 'available' }, { id: 'soc2', name: 'SOC 2 Type II', version: '2017', description: 'Service Organization Control 2', controlFamilies: 5, totalControls: 64, status: 'available' } ] }; break; case 'configure': // Configure compliance framework settings const frameworkConfig = { framework: args.framework, scope: args.scope || ['all'], settings: args.settings, configuredDate: new Date().toISOString(), status: 'configured' }; // In a real implementation, this would be stored in a database result = { message: 'Framework configured successfully', config: frameworkConfig }; break; case 'status': // Get compliance framework status result = await getFrameworkStatus(graphClient, args.framework); break; case 'assess': // Trigger compliance assessment result = await triggerAssessment(graphClient, args.framework, args.scope || []); break; case 'activate': result = { message: `${args.framework} framework activated`, status: 'active' }; break; case 'deactivate': result = { message: `${args.framework} framework deactivated`, status: 'inactive' }; break; default: throw new McpError(ErrorCode.InvalidParams, `Invalid action: ${args.action}`); } return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] }; }
- src/server.ts:897-917 (registration)MCP server tool registration for 'manage_compliance_frameworks'. Links the Zod input schema, metadata annotations, and the wrapped handler function.// Compliance Framework Management - Lazy loading enabled for tool discovery this.server.tool( "manage_compliance_frameworks", "Manage compliance frameworks and standards including HIPAA, GDPR, SOX, PCI-DSS, ISO 27001, and NIST configurations.", complianceFrameworkSchema.shape, {"readOnlyHint":false,"destructiveHint":false,"idempotentHint":true}, wrapToolHandler(async (args: ComplianceFrameworkArgs) => { this.validateCredentials(); try { return await handleComplianceFrameworks(this.getGraphClient(), args); } catch (error) { if (error instanceof McpError) { throw error; } throw new McpError( ErrorCode.InternalError, `Error executing tool: ${error instanceof Error ? error.message : 'Unknown error'}` ); } }) );
- src/tool-definitions.ts:400-405 (schema)Zod schema defining the input parameters for the tool, including action types and supported frameworks.export const complianceFrameworkSchema = z.object({ action: z.enum(['list', 'configure', 'status', 'assess', 'activate', 'deactivate']).describe('Compliance framework management action'), framework: z.enum(['hitrust', 'iso27001', 'soc2', 'cis']).describe('Compliance framework type'), scope: z.array(z.string()).optional().describe('Assessment scope (organization, specific systems)'), settings: z.record(z.string(), z.unknown()).optional().describe('Framework settings'), });
- src/types/compliance-types.ts:2-7 (schema)TypeScript interface defining the structure of arguments passed to the handler function.export interface ComplianceFrameworkArgs { action: 'list' | 'configure' | 'status' | 'assess' | 'activate' | 'deactivate'; framework: 'hitrust' | 'iso27001' | 'soc2' | 'cis'; scope?: string[]; settings?: Record<string, unknown>; }
- Key helper function that fetches real compliance data from Microsoft Graph API (secureScores, control profiles) to provide framework status.async function getFrameworkStatus(graphClient: Client, framework: string) { // Get data from Microsoft Compliance Manager and other sources const secureScore = await graphClient.api('/security/secureScores').top(1).get(); const controls = await graphClient.api('/security/secureScoreControlProfiles').get(); return { framework, overallScore: secureScore.value[0]?.currentScore || 0, maxScore: secureScore.value[0]?.maxScore || 100, compliancePercentage: Math.round((secureScore.value[0]?.currentScore / secureScore.value[0]?.maxScore) * 100) || 0, lastAssessmentDate: new Date().toISOString(), controlSummary: { total: controls.value?.length || 0, compliant: controls.value?.filter((c: any) => c.implementationStatus === 'implemented').length || 0, nonCompliant: controls.value?.filter((c: any) => c.implementationStatus === 'notImplemented').length || 0, partiallyCompliant: controls.value?.filter((c: any) => c.implementationStatus === 'partiallyImplemented').length || 0 } }; }