// MCP TOOL REFERENCE

SECURITY FRAMEWORK TOOLS

41 tools from the Security Framework MCP Server, categorised by risk level.

View the Security Framework policy →
// ALL 41 SECURITY FRAMEWORK TOOLS
READ 38 tools
Read assess_mcp_security Assess an MCP server deployment against the OWASP MCP Top 10 security risks. Read assess_stack Given a technology stack, recommend relevant OWASP security guidelines, cheat sheets, and test cases. Read compliance_map compliance_map Read cross_reference cross_reference Read database_status Show local database availability, freshness, and path. Read get_api_top10 Get OWASP API Security Top 10 2023 items with CWE mappings. Read get_asvs get_asvs Read get_attack_pattern get_attack_pattern Read get_cheatsheet Get an OWASP Cheat Sheet by name, or list all available cheat sheets. Read get_cve_detail Fetch detailed information for a specific CVE from the live NVD database. Read get_cwe Look up a CWE (Common Weakness Enumeration) by ID with description and OWASP cross-references. Read get_llm_top10 Get OWASP Top 10 for LLM Applications 2025 items with CWE mappings. Read get_masvs get_masvs Read get_mcp_top10 Get OWASP Top 10 for MCP Servers 2025 — security risks specific to MCP deployments. Read get_nice_roles get_nice_roles Read get_nist_cmvp get_nist_cmvp Read get_nist_control get_nist_control Read get_nist_csf get_nist_csf Read get_nist_glossary Look up NIST cybersecurity terms and definitions. Read get_nist_mapping get_nist_mapping Read get_nist_pf get_nist_pf Read get_nist_publication get_nist_publication Read get_nist_rmf Get NIST SP 800-37 Risk Management Framework (RMF) steps, tasks, and key documents. Read get_proactive_controls Get OWASP Proactive Controls 2024 — defensive measures developers should implement. Read get_project Get detailed info for a specific OWASP project. Read get_top10 Get OWASP Top 10 2021 items with CWE mappings. Read get_wstg get_wstg Read list_projects list_projects Read lookup_compliance lookup_compliance Read map_finding map_finding Read nist_compliance_map nist_compliance_map Read read_publication read_publication Read search_cve search_cve Read search_kev search_kev Read search_nist search_nist Read search_owasp search_owasp Read search_projects search_projects Read triage_cve Triage CVEs with EPSS scores, CVSS severity, and KEV status. Note: makes individual NVD API calls per CVE; ...
WRITE 2 tools
Write generate_checklist generate_checklist Write update_database Rebuild the local OWASP database from upstream sources.
OTHER 1 tools
Other threat_model threat_model

Route Security Framework through PolicyLayer and every one of its 41 tools is checked against your policy before it runs.

CHECK YOUR STACK →

See every tool, the dangerous ones, and the token cost across your stack.

// FAQ
How many tools does the Security Framework MCP server have? +

The Security Framework MCP server exposes 41 tools across 3 categories: Read, Write, Other.

How do I enforce policies on Security Framework tools? +

Route the Security Framework server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard; they are enforced on every call before it reaches the server.

What risk categories do Security Framework tools fall into? +

Security Framework tools are categorised as Read (38), Write (2), Other (1). Each category has a recommended default policy.

Enforce policy on every Security Framework tool call.

Start from Security Framework, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

CHECK YOUR STACK →

Free to start. No card required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.