MCP Servers

A collection of Model Context Protocol servers, templates, tools and more.

M
MCP Compliance
by @zavora-ai
GitHub Repo(1 stars)

MCP server for regulatory compliance — GDPR, SOX, HIPAA, ISO27001, PCI-DSS, SOC2, NIST (27 tools)

Created 5/27/2026
Updated about 4 hours ago
README
View Source
Repository documentation and setup instructions

Compliance MCP Server

Crates.io Docs.rs License ADK-Rust Enterprise Registry Ready

Regulatory compliance engine for ADK-Rust Enterprise agents. Provides 27 MCP tools covering the full compliance lifecycle — frameworks, policies, controls, audits, findings, evidence collection, risk assessments, gap analysis, training tracking, GDPR DSARs, and incident management. Supports GDPR, SOX, HIPAA, ISO 27001, PCI-DSS, SOC2, and NIST out of the box.

Key Principles

  • Framework-driven — map policies and controls to any regulatory framework
  • Audit lifecycle — plan, execute, find, remediate, close
  • Evidence-based — collect and link evidence to controls for audit readiness
  • Risk matrix — likelihood x impact scoring with auto-classification
  • Gap analysis — identify missing controls, untested controls, missing evidence
  • GDPR built-in — DSAR management with 30-day SLA tracking
  • Incident response — report, investigate, contain, resolve
  • Zero configuration — starts immediately with no external dependencies

Tools (27)

Frameworks (2)

| Tool | Description | |------|-------------| | framework_create | Register framework (GDPR, SOX, HIPAA, ISO27001, PCI-DSS, SOC2, NIST, custom) | | framework_list | List all registered frameworks |

Policies (2)

| Tool | Description | |------|-------------| | policy_create | Create policy (data protection, access control, incident response, etc) | | policy_list | List policies with review status |

Controls (3)

| Tool | Description | |------|-------------| | control_create | Create control (preventive, detective, corrective) linked to policy | | control_list | List controls with testing status | | control_test | Mark control as tested |

Audits (2)

| Tool | Description | |------|-------------| | audit_create | Create audit (internal, external, certification) | | audit_list | List audits with findings count |

Findings (3)

| Tool | Description | |------|-------------| | finding_create | Record finding (critical, high, medium, low) | | finding_update | Update status (open, in_progress, remediated, accepted, closed) | | finding_list | List findings with open count |

Evidence (2)

| Tool | Description | |------|-------------| | evidence_collect | Collect evidence (screenshot, log, report, attestation, config) | | evidence_list | List evidence for a control |

Risk Assessment (2)

| Tool | Description | |------|-------------| | risk_create | Create risk (likelihood 1-5 x impact 1-5 = auto score and level) | | risk_list | List risks sorted by score, with critical/high counts |

Gap Analysis (1)

| Tool | Description | |------|-------------| | gap_analysis | Framework gap analysis: missing controls, missing evidence, untested controls |

Training (3)

| Tool | Description | |------|-------------| | training_create | Create training requirement, assign to users | | training_complete | Mark training completed by user | | training_list | List trainings with completion rates |

GDPR - DSARs (3)

| Tool | Description | |------|-------------| | dsar_create | Create DSAR (access, erasure, portability, rectification, restriction) | | dsar_update | Update DSAR status | | dsar_list | List DSARs with overdue count (30-day SLA) |

Incidents (3)

| Tool | Description | |------|-------------| | incident_create | Report incident (data breach, unauthorized access, policy violation) | | incident_update | Update status (reported, investigating, contained, resolved, closed) | | incident_list | List incidents with open count |

Dashboard (1)

| Tool | Description | |------|-------------| | dashboard | Compliance summary: frameworks, policies, findings, risks, DSARs, incidents |

Installation

cargo install mcp-compliance

Client Configuration

{
  "mcpServers": {
    "compliance": { "command": "mcp-compliance" }
  }
}

Quick Start

1. Set up framework and policies

{"name": "framework_create", "arguments": {"name": "GDPR", "version": "2018", "description": "EU General Data Protection Regulation"}}
{"name": "policy_create", "arguments": {"title": "Data Protection Policy", "framework_id": "fw_abc", "category": "data_protection", "description": "Controls for personal data handling", "owner": "DPO"}}

2. Define controls and collect evidence

{"name": "control_create", "arguments": {"title": "Encryption at Rest", "policy_id": "pol_abc", "control_type": "preventive", "frequency": "continuous", "description": "All PII encrypted with AES-256", "owner": "security_team"}}
{"name": "evidence_collect", "arguments": {"control_id": "ctrl_abc", "title": "AWS KMS Config Export", "evidence_type": "config", "url": "s3://evidence/kms-config.json", "collected_by": "james"}}

3. Run audit and record findings

{"name": "audit_create", "arguments": {"title": "Q2 GDPR Audit", "framework_id": "fw_abc", "scope": "All EU data processing", "auditor": "External Auditor Ltd", "due_date": "2026-06-30"}}
{"name": "finding_create", "arguments": {"audit_id": "aud_abc", "title": "Missing consent records", "severity": "high", "description": "No consent audit trail for marketing emails"}}

4. Risk assessment

{"name": "risk_create", "arguments": {"title": "Third-party data breach", "category": "vendor", "likelihood": 3, "impact": 5, "description": "Vendor with access to PII has weak security", "owner": "CISO", "mitigation": "Require SOC2 from all vendors"}}

5. GDPR DSAR

{"name": "dsar_create", "arguments": {"request_type": "erasure", "subject_name": "John Doe", "subject_email": "john@example.com", "details": "Delete all my data"}}

Competitive Comparison

| Feature | OneTrust | Vanta | Drata | ServiceNow GRC | Us | |---------|:-:|:-:|:-:|:-:|:-:| | Framework management | ✅ | ✅ | ✅ | ✅ | ✅ | | Policy management | ✅ | ✅ | ✅ | ✅ | ✅ | | Controls | ✅ | ✅ | ✅ | ✅ | ✅ | | Audit management | ✅ | ❌ | ❌ | ✅ | ✅ | | Findings tracking | ✅ | ✅ | ✅ | ✅ | ✅ | | Evidence collection | ✅ | ✅ | ✅ | ✅ | ✅ | | Risk assessment | ✅ | ❌ | ❌ | ✅ | ✅ | | Gap analysis | ✅ | ✅ | ✅ | ✅ | ✅ | | Training tracking | ✅ | ✅ | ✅ | ❌ | ✅ | | GDPR DSARs | ✅ | ❌ | ❌ | ✅ | ✅ | | Incident management | ✅ | ❌ | ❌ | ✅ | ✅ | | Zero config | ❌ | ❌ | ❌ | ❌ | ✅ | | Open source | ❌ | ❌ | ❌ | ❌ | ✅ | | MCP native | ❌ | ❌ | ❌ | ❌ | ✅ |

Error Codes

| Code | Meaning | |------|---------| | CONTROL_NOT_FOUND | Control ID does not exist | | FINDING_NOT_FOUND | Finding ID does not exist | | TRAINING_NOT_FOUND | Training ID does not exist | | DSAR_NOT_FOUND | DSAR ID does not exist | | INCIDENT_NOT_FOUND | Incident ID does not exist |

License

Apache-2.0

Part of the ADK-Rust Enterprise MCP server ecosystem.

Built with ❤️ by Zavora AI

Quick Setup
Installation guide for this server

Installation Command (package not published)

git clone https://github.com/zavora-ai/mcp-compliance
Manual Installation: Please check the README for detailed setup instructions and any additional dependencies required.

Cursor configuration (mcp.json)

{ "mcpServers": { "zavora-ai-mcp-compliance": { "command": "git", "args": [ "clone", "https://github.com/zavora-ai/mcp-compliance" ] } } }
Author Servers
Other servers by zavora-ai

Excel MCP Server

excel-mcp-server is a high-performance Model Context Protocol (MCP) server that gives AI agents full control over Excel spreadsheets. Built in Rust with zavora-xlsx for native xlsx read/write and rmcp for the MCP protocol layer.

1

Computer Use MCP

MCP server + client for macOS computer control. Screenshot, mouse, keyboard, clipboard, and app management — all in-process via Rust NAPI.

1

MCP A2a

A2A Remote Agent MCP server for ADK-Rust Enterprise — agent discovery, task management, streaming

1

MCP Environment

Environment / Runtime MCP server for ADK-Rust Enterprise

1