Get server version, control/framework counts, and top 10 frameworks by coverage. Use this as a quick overview of what data is available. For structured provenance metadata, use the 'about' tool instead. Returns ~500 tokens.

Returns structured JSON with server metadata, dataset provenance, data fingerprint, freshness indicators, and security posture. Use this to verify data currency and coverage before relying on results. Prefer this over version_info when you need machine-readable metadata. Returns ~800 tokens.

Retrieve a specific SCF control by its exact ID. Returns the control's domain, description, weight (1-10 criticality), PPTDF classification, validation cadence, and optionally all framework mappings. Use this when you already know the control ID (e.g., GOV-01, IAC-05, CRY-01). If you don't know the ID, use search_controls first. Returns 'not found' for invalid IDs. With include_mappings=true (default), returns ~1000-3000 tokens depending on how many frameworks map to this control. Set include_mappings=false to reduce to ~200 tokens.

Look up the SCF controls mapped to a security-framework provision reference, or fetch one SCF control directly with law='SCF'. Examples: law='ISO_27001', article='6.1.1'; law='IEC_62443', article='SR 1.1'; law='SCF', article='GOV-01'. Accepts gateway framework keys (ISO_27001, ISO_27002, NIST_CSF, NIST_800_53, IEC_62443, PCI_DSS, SOC_2, CIS, CMMC, COBIT, HIPAA) or any SCF framework key from list_frameworks (e.g. 'iso_27001_2022'). A bare parent ref (e.g. '6.1') matches all sub-references ('6.1.1', '6.1.2', ...). Returns a JSON envelope {results, _meta} with per-item _citation metadata. Body text is always the SCF control catalog (CC BY-ND 4.0) — this server does not redistribute framework body text. Returns up to 10 controls (~150 tokens each).

Full-text search across all 1,451 SCF controls by keyword in name or description. Returns matching controls with text snippets and their top framework mappings. Use this to discover controls by topic (e.g., 'encryption', 'incident response', 'access control'). Optionally filter to controls that map to specific frameworks. Returns 'No controls found' when no matches exist. Each result is ~100 tokens; default limit of 10 returns ~1000 tokens.

List all 249 supported security frameworks, optionally filtered by category. Without a category filter, returns all frameworks grouped by category (~3000 tokens). With a category filter, returns only that category's frameworks (~200-500 tokens). Use this to discover valid framework keys for get_framework_controls and map_frameworks. Returns an error listing valid categories if an invalid category is given.

Get all SCF controls that map to a specific framework, grouped by domain. WARNING: Large frameworks like NIST 800-53 can return 700+ controls (~5000 tokens with descriptions, ~2000 without). Set include_descriptions=false (default) to reduce token usage. Controls are capped at 10 per domain with overflow indicated. Returns 'not found' with a list of valid framework keys if the framework doesn't exist. Use list_frameworks to discover valid keys.

Map controls between two frameworks via SCF as a rosetta stone. Shows which target framework requirements are satisfied by source framework controls, and identifies gaps where no mapping exists. Useful for gap analysis and compliance mapping. Results are capped at 20 mappings; use source_control to filter to a specific control for detailed mapping. Returns 'not found' if either framework key is invalid. Typical response: ~1500-3000 tokens.

List all available standards: SCF (always built-in), bundled public framework profiles shipped with the server, plus any purchased standards the user has imported via PDF upload. Bundled public profiles provide curated summaries linked to official sources. Purchased standards provide official clause text from the user's imported copy. Returns ~200-800 tokens.

Search within a bundled public framework profile or a purchased standard by keyword. Bundled public profiles contain curated summaries linked to official sources. Purchased standards return text from the user's imported copy. Returns matching clauses with text snippets. If the standard is not found, returns available standard IDs. Use list_available_standards to check what's available before calling. Returns ~500-2000 tokens depending on matches.

Get a specific clause or section from a bundled public framework profile or a purchased standard by its clause ID. Bundled public profiles return curated summary text with official source attribution. Purchased standards return text from the user's imported copy with license notice. If the clause is not found, returns an error message. Use query_standard to discover clause IDs first.

Returns the full version timeline for a specific SCF control. Shows when the control was added, modified, or removed across SCF releases. Premium feature — requires Ansvar Intelligence Portal.

Shows what changed in an SCF control between two SCF releases. Returns a change summary and affected framework mappings. Premium feature — requires Ansvar Intelligence Portal.

Lists all SCF control changes that affected a specific framework's mappings. Useful for monitoring how framework coverage evolves across releases. Premium feature — requires Ansvar Intelligence Portal.