Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@nist-mcpWhat are the NIST SP 800-53 controls for multi-factor authentication?"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
nist-mcp
A Model Context Protocol (MCP) server that gives AI assistants structured access to the full NIST cybersecurity catalog: SP 800 and SP 1800 publications, SP 800-53 Rev 5 security controls, NIST CSF 2.0, the NVD vulnerability database (CVEs and CPEs), FIPS 140-2/3 validated cryptographic modules (CMVP), NCP security checklists, the NIST glossary, and NICE Framework work roles — all served from a local SQLite index that builds automatically on first use (~2 seconds) by downloading structured data directly from NIST.
Installation
pipx install nist-mcp
# or
pip install nist-mcpConfiguration
Environment Variables
Variable | Default | Description |
|
| Directory for the local database and cached documents |
| (none) | Optional NVD API key for higher rate limits (recommended) |
|
| Seconds between background database rebuilds (default: 7 days) |
config.toml
Create ~/.nist-mcp/config.toml (or $NIST_MCP_DATA_DIR/config.toml) for persistent settings:
nvd_api_key = "your-api-key-here"
update_interval = 43200 # 12 hoursEnvironment variables take precedence over the config file.
MCP Client Config
Add to your MCP client's server list (e.g. Claude Desktop claude_desktop_config.json):
{
"mcpServers": {
"nist": {
"command": "nist-mcp",
"env": {
"NIST_MCP_NVD_API_KEY": "your-api-key-here"
}
}
}
}On first run, the server builds a local database by downloading structured data from NIST (~2 seconds). The database is cached and rebuilt automatically when stale (default: every 7 days).
Available Tools
Tool | Description |
| Meta-search across all 7 NIST data sources at once — use as starting point |
| Rebuild the local NIST index by downloading fresh data from NIST sources |
| Show database version, size, last update check, and file path |
| Full-text search across all NIST publication series (SP 800, SP 1800, FIPS, IR, CSWP, AI) |
| Full metadata for a specific publication: abstract, authors, supplemental materials |
| Read publication content as Markdown (PDF, XLSX, CSV, JSON, XML); returns TOC by default |
| Download a publication PDF or supplemental file to local cache |
| Resolve any publication ID to its newest available revision |
| Search SP 800-53 Rev 5 controls by keyword, control family, or baseline level |
| Full detail for a specific control: statement, guidance, parameters, baselines, CSF mappings |
| Browse/search the NIST CSF 2.0 hierarchy (functions, categories, subcategories) |
| Cross-reference between SP 800-53 controls and CSF subcategories, bidirectionally |
| Look up NIST cybersecurity/privacy term definitions with authoritative source |
| Search FIPS 140-2/3 validated cryptographic modules by vendor, algorithm, or validation level |
| Search NCP security configuration checklists by product, format, or authority |
| Search NICE Framework work roles by keyword or category |
| Search the NVD CVE database by keyword, severity, CPE product, CWE, date range, or KEV status |
| Full CVE details: CVSS scores, affected products, CWE, references, and CISA KEV status |
| Search the NVD CPE product dictionary by keyword or CPE name prefix |
| Audit trail of changes to a CVE (score updates, CPE additions, CWE remaps) |
Available Resources
URI | Description |
| Server version, database freshness, and quick-start tool guide |
| All 20 SP 800-53 Rev 5 control families with one-line descriptions |
| LOW, MODERATE, HIGH, and PRIVACY baselines with control counts and descriptions |
| CSF 2.0 structure: the 6 core Functions with descriptions |
| ~30 most commonly referenced NIST cybersecurity terms and definitions |
Available Prompts
Prompt | Parameters | Description |
|
| Step-by-step workflow to assess a system against an SP 800-53 baseline |
|
| Analyze a CVE's impact, affected components, and applicable NIST controls |
|
| Draft a security policy document grounded in SP 800-53 Rev 5 |
|
| NIST-based guidance for detecting, containing, and recovering from a security incident |
Quick Examples
Find NIST guidance on zero trust
search_nist("zero trust architecture")Look up the SP 800-207 publication
search_publications("zero trust")
get_publication("SP.800-207")Review access control requirements for a MODERATE system
search_controls(family="ac", baseline="MODERATE", detail_level="standard")
get_control("AC-2", include_enhancements=True)Analyze Log4Shell
get_cve("CVE-2021-44228")Check if your cryptographic library is FIPS validated
search_cmvp(vendor="OpenSSL", fips_level=1)Find CSF guidance on incident response
get_csf_data(function="RS")
get_csf_data(function="RC")Use a workflow prompt
compliance_assessment(
system_description="Web application processing PII, hosted on AWS, with MFA for admin access",
baseline="MODERATE"
)License
MIT license. Note that the optional pymupdf4llm dependency (used for PDF-to-Markdown conversion) is licensed under AGPL-3.0. If AGPL is not acceptable for your use case, the server functions fully without it for all non-document-content tools; remove pymupdf4llm from your installation and get_document_content will fall back to pdfplumber for PDF parsing.
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.