manage_gap_analysis
Identify compliance gaps in Microsoft 365 against frameworks like HITRUST, ISO27001, or SOC2 and generate remediation recommendations with risk prioritization.
Instructions
Perform gap analysis to identify compliance deficiencies and generate remediation recommendations.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| action | Yes | Gap analysis action | |
| analysisId | No | Analysis ID | |
| framework | Yes | Framework for gap analysis | |
| targetFramework | No | Target framework for cross-framework mapping | |
| scope | No | Analysis scope | |
| settings | No | Analysis settings |
Implementation Reference
- Primary handler function that dispatches manage_gap_analysis actions: generate, get_results, export. Calls helper functions for core logic.export async function handleGapAnalysis( graphClient: Client, args: GapAnalysisArgs ): Promise<{ content: { type: string; text: string }[] }> { let result: any; switch (args.action) { case 'generate': // Generate gap analysis const analysisId = `gap-analysis-${Date.now()}`; result = await generateGapAnalysis(graphClient, analysisId, args); break; case 'get_results': if (!args.analysisId) { throw new McpError(ErrorCode.InvalidParams, 'analysisId is required for get_results action'); } result = await getGapAnalysisResults(args.analysisId); break; case 'export': if (!args.analysisId) { throw new McpError(ErrorCode.InvalidParams, 'analysisId is required for export action'); } result = await exportGapAnalysis(args.analysisId); break; default: throw new McpError(ErrorCode.InvalidParams, `Invalid action: ${args.action}`); } return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] }; }
- TypeScript interface defining input parameters (GapAnalysisArgs) for the manage_gap_analysis tool handler, including action, framework, scope, and settings.export interface GapAnalysisArgs { action: 'generate' | 'get_results' | 'export'; analysisId?: string; framework: 'hitrust' | 'iso27001' | 'soc2'; targetFramework?: 'hitrust' | 'iso27001' | 'soc2'; // For cross-framework mapping scope?: { controlIds?: string[]; categories?: string[]; }; settings?: { includeRecommendations: boolean; prioritizeByRisk: boolean; includeTimeline: boolean; includeCostEstimate: boolean; }; }
- src/tool-metadata.ts:191-194 (schema)Tool metadata definition providing description, title, and annotations (read-only, non-destructive, idempotent, open-world) for the manage_gap_analysis tool.manage_gap_analysis: { description: "Perform gap analysis to identify compliance deficiencies and generate remediation recommendations.", title: "Compliance Gap Analyzer", annotations: { title: "Compliance Gap Analyzer", readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true }
- Helper function called by handler for 'generate' action, initiates gap analysis process and returns status.async function generateGapAnalysis(graphClient: Client, analysisId: string, args: GapAnalysisArgs) { // Generate gap analysis return { id: analysisId, framework: args.framework, status: 'running', generatedDate: new Date().toISOString(), estimatedCompletion: new Date(Date.now() + 1800000).toISOString() // 30 minutes }; }
- Helper function called by handler for 'get_results' action, returns mock gap analysis results with summary, gaps, and recommendations.async function getGapAnalysisResults(analysisId: string) { // Get gap analysis results return { id: analysisId, status: 'completed', summary: { totalControls: 114, compliantControls: 97, gapControls: 17, partialControls: 0, priorityGaps: { critical: 3, high: 8, medium: 6, low: 0 } }, gaps: [], recommendations: [] }; }