map_controls
Map security framework controls to EU regulation requirements to identify which articles satisfy specific security controls.
Instructions
Map security framework controls to EU regulation requirements. Shows which articles satisfy specific security controls.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| framework | Yes | Control framework: ISO27001 (ISO 27001:2022) or NIST_CSF (NIST Cybersecurity Framework) | |
| control | No | Optional: specific control ID (e.g., "A.5.1" for ISO27001, "PR.AA-01" for NIST CSF 2.0) | |
| regulation | No | Optional: filter mappings to specific regulation | |
| limit | No | Maximum control groups to return (default: 100) |
Implementation Reference
- src/tools/map.ts:23-98 (handler)The core implementation of the map_controls tool, which executes a SQL query to map security controls to regulations and groups the resulting mappings.
export async function mapControls( db: DatabaseAdapter, input: MapControlsInput ): Promise<ControlMapping[]> { const VALID_FRAMEWORKS = ['ISO27001', 'NIST_CSF']; const { framework, control, regulation } = input; if (!VALID_FRAMEWORKS.includes(framework)) { throw new Error(`Invalid framework "${framework}". Must be one of: ${VALID_FRAMEWORKS.join(', ')}`); } let limit = input.limit ?? 100; if (!Number.isFinite(limit) || limit < 0) limit = 100; limit = Math.min(Math.floor(limit), 1000); let sql = ` SELECT control_id, control_name, regulation, articles, coverage, notes FROM control_mappings WHERE framework = $1 `; const params: string[] = [framework]; if (control) { sql += ` AND control_id = $${params.length + 1}`; params.push(control); } if (regulation) { sql += ` AND regulation = $${params.length + 1}`; params.push(regulation); } sql += ` ORDER BY control_id, regulation`; sql += ` LIMIT $${params.length + 1}`; params.push(String(limit)); const result = await db.query(sql, params); const rows = result.rows as Array<{ control_id: string; control_name: string; regulation: string; articles: string; coverage: 'full' | 'partial' | 'related'; notes: string | null; }>; // Group by control_id const controlMap = new Map<string, ControlMapping>(); for (const row of rows) { if (!controlMap.has(row.control_id)) { controlMap.set(row.control_id, { control_id: row.control_id, control_name: row.control_name, mappings: [], }); } controlMap.get(row.control_id)!.mappings.push({ regulation: row.regulation, articles: JSON.parse(row.articles), coverage: row.coverage, notes: row.notes, }); } return Array.from(controlMap.values()); } - src/tools/map.ts:3-8 (schema)Schema definition for the map_controls tool input parameters.
export interface MapControlsInput { framework: 'ISO27001' | 'NIST_CSF'; control?: string; regulation?: string; limit?: number; } - src/tools/registry.ts:197-226 (registration)Registration of the map_controls tool in the central registry, defining its schema and mapping it to the handler function.
name: 'map_controls', description: 'Map security framework controls to EU regulation requirements. Shows which articles satisfy specific security controls.', inputSchema: { type: 'object', properties: { framework: { type: 'string', enum: ['ISO27001', 'NIST_CSF'], description: 'Control framework: ISO27001 (ISO 27001:2022) or NIST_CSF (NIST Cybersecurity Framework)', }, control: { type: 'string', description: 'Optional: specific control ID (e.g., "A.5.1" for ISO27001, "PR.AA-01" for NIST CSF 2.0)', }, regulation: { type: 'string', description: 'Optional: filter mappings to specific regulation', }, limit: { type: 'number', description: 'Maximum control groups to return (default: 100)', }, }, required: ['framework'], }, handler: async (db, args) => { const input = args as unknown as MapControlsInput; return await mapControls(db, input); }, },