If you're working with NIST's Open Security Controls Assessment Language, this server gives Claude direct access to OSCAL schemas, models, and documentation. It bundles all the reference content locally and exposes tools to query the eight GA OSCAL models (catalog, profile, SSP, component definition, assessment plan, assessment results, POA&M, and mapping collection), retrieve JSON and XML schemas, and navigate OSCAL resources without hitting external APIs. The team at AWS Labs built this because LLMs alone produce inconsistent OSCAL guidance due to limited training examples. It's designed for security and compliance engineers who need to generate valid OSCAL templates, understand model relationships, or get their AI assistant up to speed on framework mappings and control implementation without manually feeding it specification docs.
claude mcp add --transport stdio awslabs-mcp-server-for-oscal -- uvx mcp-server-for-oscal