Developer Documentation

Secureframe MCP Server

Connect an AI assistant to your Secureframe workspace and query or update your compliance data through the Model Context Protocol (MCP).

Overview

The Secureframe MCP server allows you to access and manage your Secureframe data — controls, tests, vendors, frameworks, risks, and more — as Model Context Protocol tools. Any MCP-capable client (Claude Code, Claude Desktop, Cursor, and others) can connect, letting you ask an assistant to look things up and take actions on your behalf.

Every request runs as the API key's user and respects that user's existing permissions — the assistant can only see and do what you can.

Connect to your region

Use the URL that matches your Secureframe data region:

RegionMCP URL
United Stateshttps://mcp.secureframe.com/
United Kingdomhttps://mcp-uk.secureframe.com/

The examples below use the US URL — substitute your regional URL if applicable.

Authentication

Authenticate with your Secureframe REST API key and secret. Generate a key in Secureframe → Company Settings → API keys. Each request must include an Authorization header containing the key and secret, separated by a space:

Authorization: <API_KEY> <API_SECRET>
Treat your API secret like a password. Anyone with it can act as your user in Secureframe. Prefer supplying it through environment variables rather than pasting it into a shared config file — for example:
export SECUREFRAME_API_KEY="your-api-key"
export SECUREFRAME_API_SECRET="your-api-secret"

Then reference those variables when you connect, as shown below.

Connecting a client

Claude Code

Add the server with a single command, using the environment variables from above:

claude mcp add --transport http secureframe https://mcp.secureframe.com/ \
  --header "Authorization: ${SECUREFRAME_API_KEY} ${SECUREFRAME_API_SECRET}"
--transport http is required — without it, the CLI treats the argument as a local command to launch. --scope is optional: it controls where the config is saved — the default (local) applies to the current project only, while --scope user makes the server available across all your projects.

Other MCP clients

For clients configured with JSON (Claude Desktop, Cursor, etc.), point an HTTP MCP server at the endpoint and pass the same header:

{
  "mcpServers": {
    "secureframe": {
      "type": "http",
      "url": "https://mcp.secureframe.com/",
      "headers": {
        "Authorization": "<YOUR_API_KEY> <YOUR_API_SECRET>"
      }
    }
  }
}
MCP servers are loaded when the client starts. After adding the server, restart your client so it picks up the new connection.

Available tools

These tools wrap the Secureframe REST API. Any query filters and parameters available on an API endpoint are also available on its matching tool — see the full API documentation for details. Connected MCP clients receive each tool's parameter schema automatically, so your assistant knows what inputs a tool accepts without any extra setup.

105 tools across 38 categories. Expand a category to see its tools.

Cloud Resource3 tools
get_cloud_resource read

Get a Cloud Resource

list_cloud_resources read

List Cloud Resources

update_cloud_resource write

Update a Cloud Resource

Cloud Resource Framework Asset Scope2 tools
create_cloud_resource_framework_asset_scope write

Create Framework Asset Scope

list_cloud_resource_framework_asset_scopes read

List Framework Asset Scopes

Comment5 tools
create_comment write

Create a Comment

delete_comment write

Delete a Comment

get_comment read

Get a Comment

list_comments read

List Comments

update_comment write

Update a Comment

Control2 tools
get_control read

Get a Control

list_controls read

List Controls

Custom Integration1 tool
data_custom_integration write

Publish data

Device2 tools
get_device read

Get a Device

list_devices read

List Devices

Device Framework Asset Scope2 tools
create_device_framework_asset_scope write

Create Framework Asset Scope

list_device_framework_asset_scopes read

List Framework Asset Scopes

Evidence1 tool
get_evidence read

Get an Evidence

Framework2 tools
get_framework read

Get a Framework

list_frameworks read

List Frameworks

Framework Requirement2 tools
get_framework_requirement read

Get a Framework Requirement

list_framework_requirements read

List Framework Requirements

Integration Connection3 tools
archive_integration_connection write

Archive an Integration Connection

get_integration_connection read

Get an Integration Connection

list_integration_connections read

List Integration Connections

Knowledge Base Answer4 tools
create_knowledge_base_answer write

Create a Knowledge Base Answer

delete_knowledge_base_answer write

Delete a Knowledge Base Answer

get_knowledge_base_answer read

Get a Knowledge Base Answer

update_knowledge_base_answer write

Update a Knowledge Base Answer

Knowledge Base Question4 tools
create_knowledge_base_question write

Create a Knowledge Base Question

delete_knowledge_base_question write

Delete a Knowledge Base Question

get_knowledge_base_question read

Get a Knowledge Base Question

update_knowledge_base_question write

Update a Knowledge Base Question

POA&M Item5 tools
create_poam_item write

Create a POA&M item

discard_poam_item write

Discard a POA&M item

get_poam_item read

Get a POA&M item

list_poam_items read

List POA&M items

update_poam_item write

Update a POA&M item

Repository3 tools
get_repository read

Get a Repository

list_repositories read

List Repositories

update_repository write

Update a Repository

Repository Framework Asset Scope2 tools
create_repository_framework_asset_scope write

Create Framework Asset Scope

list_repository_framework_asset_scopes read

List Framework Asset Scopes

Risk2 tools
get_risk read

Get a Risk

list_risks read

List Risks

SSP Duty5 tools
create_ssp_duty write

Create an SSP Duty

delete_ssp_duty write

Delete an SSP Duty

get_ssp_duty read

Get an SSP Duty

list_ssp_duties read

List SSP Duties

update_ssp_duty write

Update an SSP Duty

SSP Duty Role4 tools
create_ssp_duty_role write

Create an SSP Duty Role

delete_ssp_duty_role write

Delete an SSP Duty Role

get_ssp_duty_role read

Get an SSP Duty Role

list_ssp_duty_roles read

List SSP Duty Roles

SSP Policy5 tools
create_ssp_policy write

Create an SSP Policy

delete_ssp_policy write

Delete an SSP Policy

get_ssp_policy read

Get an SSP Policy

list_ssp_policies read

List SSP Policies

update_ssp_policy write

Update an SSP Policy

SSP Report3 tools
create_ssp_report write

Create an SSP Report

get_ssp_report read

Get an SSP Report

list_ssp_reports read

List SSP Reports

SSP Report Assessment Objective3 tools
get_ssp_report_assessment_objective read

Get an SSP Report Assessment Objective

list_ssp_report_assessment_objectives read

List SSP Report Assessment Objectives

update_ssp_report_assessment_objective write

Update an SSP Report Assessment Objective

SSP Report Section3 tools
get_ssp_report_section read

Get an SSP Report Section

list_ssp_report_sections read

List SSP Report Sections

update_ssp_report_section write

Update an SSP Report Section

SSP Report Section Block3 tools
get_ssp_report_section_block read

Get an SSP Report Section Block

list_ssp_report_section_blocks read

List SSP Report Section Blocks

update_ssp_report_section_block write

Update an SSP Report Section Block

SSP Role5 tools
create_ssp_role write

Create a SSP Role

delete_ssp_role write

Delete a SSP Role

get_ssp_role read

Get a SSP Role

list_ssp_roles read

List SSP Roles

update_ssp_role write

Update a SSP Role

SSP Vendor5 tools
create_ssp_vendor write

Create an SSP Vendor

delete_ssp_vendor write

Delete an SSP Vendor

get_ssp_vendor read

Get an SSP Vendor

list_ssp_vendors read

List SSP Vendors

update_ssp_vendor write

Update an SSP Vendor

Security Questionnaire1 tool
create_security_questionnaire write

Create a Security Questionnaire

Test3 tools
get_test read

Get a Test

list_tests read

List Tests

update_test write

Update a Test

Test Evidence1 tool
create_test_evidence write

Create Test Evidence

Test Export1 tool
create_test_export write

Create a Test Export

Test Export Reading1 tool
get_test_export_reading read

Get a Test Export

Third Party Risk Management Vendor3 tools
archive_third_party_risk_management_vendor write

Archive a Third Party Risk Management Vendor.

get_third_party_risk_management_vendor read

Get a Third Party Risk Management Vendor.

list_third_party_risk_management_vendors read

List Third Party Risk Management Vendors

Trust Center Request3 tools
get_trust_center_request read

Get a Trust Center Request

list_trust_center_requests read

List Trust Center Requests

update_trust_center_request write

Update a Trust Center Request

User3 tools
get_user read

Get a User

list_users read

List Users

update_user write

Update a User

User Account3 tools
get_user_account read

Get a User Account

link_user_account write

Link a User Account

list_user_accounts read

List User Accounts

User Evidence1 tool
create_user_evidence write

Create User Evidence

User Security Settings1 tool
list_user_security_settings read

Get user security settings

Vendor3 tools
archive_vendor write

Archive a Vendor

get_vendor read

Get a Vendor

list_vendors read

List Vendors