search

MCP setup guide

This guide explains how to connect your AI assistant to CISO Assistant using the Model Context Protocol (MCP). Once set up, you'll be able to ask your AI to create risk assessments, manage compliance

Compatible with: SaaS or on-premises, CE ou Pro

hashtag
What is MCP?

MCP (Model Context Protocol) allows AI assistants like Claude to interact with external tools and services. Think of it as giving your AI a set of capabilities to read and write data in CISO Assistant.

The CISO Assistant MCP server provides 80+ tools covering:

  • Risk management (assessments, scenarios, matrices)

  • Compliance audits (frameworks, requirements)

  • Asset management

  • Third-party risk management (TPRM)

  • EBIOS RM methodology

  • And more...

hashtag
Why stdio Transport?

The MCP server uses stdio (standard input/output) transport instead of HTTP. Here's why:

  1. Local file access - stdio allows the server to read and process local files on your machine, which HTTP-based servers cannot do securely.

  2. Network control - All API calls to CISO Assistant go through your local machine. You have full visibility and control over network traffic, and can use your existing firewall rules and proxies.

  3. No open ports - Unlike HTTP servers, stdio doesn't require opening any ports on your machine, reducing your attack surface.

  4. Simpler security model - The AI client spawns the MCP server as a subprocess. No need for API keys between the client and MCP server, or dealing with CORS and network authentication.

  5. Works offline - The MCP server itself runs locally. Only the actual CISO Assistant API calls require network access.

hashtag
Step 0: Get the MCP Server Code

The MCP server code is included in the CISO Assistant repository. You need to download it to your machine first.

hashtag
Option A: Clone with Git (recommended)

This makes it easy to update later with git pull.

hashtag
Option B: Download as ZIP

  1. Go to https://github.com/intuitem/ciso-assistant-community

  2. Click the green Code button

  3. Select Download ZIP

  4. Extract the ZIP file to a folder of your choice

  5. Navigate to the cli folder inside

Note: The MCP server lives in the cli folder. You'll need the full path to this folder for the configuration steps below.

hashtag
Prerequisites

Before you begin, make sure you have:

  1. CISO Assistant running - Either locally or on a server (can be the same machine or a remote server). If you're on a SaaS instance, you need to have the API enabled. You can open a support request to do, and keep in mind that it requires ip filtering to be enabled as well.

  2. Python 3.12+ installed

  3. uv package manager (recommended) - Install with:

hashtag
Step 1: Generate a Personal Access Token (PAT)

You need a token to authenticate the MCP server with CISO Assistant:

  1. Log in to CISO Assistant

  2. Click on your profile icon (top right)

  3. Go to Settings β†’ Personal Access Tokens

  4. Click Create Token

  5. Give it a name (e.g., "MCP Integration")

  6. Copy the token - you'll need it in the next step

Important: Save this token somewhere safe. You won't be able to see it again.

hashtag
Step 2: Configure the MCP Server

Navigate to the cli folder in your CISO Assistant installation:

Create your configuration file:

Edit .mcp.env with your details:

Common API URLs:

  • Local Docker setup: http://localhost:8000/api

  • Local development: http://127.0.0.1:8000/api

  • Production server: https://your-server.com/api

hashtag
Setup for Claude Desktop

Claude Desktop uses a JSON configuration file to know about MCP servers.

hashtag
Find your config file location

Operating System
Config File Path

macOS

~/Library/Application Support/Claude/claude_desktop_config.json

Windows

%APPDATA%\Claude\claude_desktop_config.json

Linux

~/.config/Claude/claude_desktop_config.json

hashtag
Create or edit the config file

If the file doesn't exist, create it. Add the following configuration:

Replace /path/to/ciso-assistant-community/cli with your actual path.

hashtag
Example paths by OS

macOS:

Windows:

Linux:

hashtag
Alternative: Pass credentials via environment

Instead of using .mcp.env, you can pass credentials directly in the config:

hashtag
Restart Claude Desktop

After saving the config file, completely quit and restart Claude Desktop. The MCP server should now be available.

hashtag
Verify it works

In Claude Desktop, try asking:

"What folders exist in CISO Assistant?"

If configured correctly, Claude will use the MCP tools to query your CISO Assistant instance.

hashtag
Setup for Claude Code (CLI)

Claude Code reads MCP configuration from a .mcp.json file.

hashtag
Create the config file

In your home directory or project folder, create .mcp.json:

hashtag
Config file locations

Claude Code looks for .mcp.json in these locations (in order):

  1. Current working directory

  2. Home directory (~/.mcp.json)

hashtag
Alternative: Specify full path to uv

If uv isn't in your PATH, use the full path:

Find uv's location with:

hashtag
Verify it works

Start Claude Code and ask:

"List all risk assessments in CISO Assistant"

hashtag
Setup for LM Studio

LM Studio supports MCP servers through an mcp.json configuration file, similar to Claude Desktop.

hashtag
Step 1: Open the MCP configuration

  1. Open LM Studio

  2. Go to Settings (gear icon)

  3. Click on the Program tab

  4. Find Integrations section

  5. Click the Install button

  6. Select Edit mcp.json

hashtag
Step 2: Add the CISO Assistant server

Add the following configuration to your mcp.json:

Replace:

  • /path/to/uv with your actual uv path (find it with which uv on macOS/Linux)

  • /path/to/ciso-assistant-community/cli with your actual cli folder path

  • your-personal-access-token with the token from Step 1

hashtag
Example (macOS)

hashtag
Step 3: Save and restart

Save the mcp.json file and restart LM Studio for the changes to take effect

hashtag
Troubleshooting

hashtag
"Connection refused" or "Cannot connect to API"

  • Make sure CISO Assistant is running

  • Verify the API_URL is correct

  • Check if you can access the API in your browser: http://localhost:8000/api/

hashtag
"Authentication failed" or "401 Unauthorized"

  • Verify your token is correct in .mcp.env

  • Make sure the token hasn't expired

  • Generate a new token if needed

hashtag
"Certificate verification failed"

  • For local development, set VERIFY_CERTIFICATE=false

  • For production with self-signed certs, also set to false

  • For production with valid SSL, set to true

hashtag
MCP server not appearing in Claude Desktop

  1. Check the config file location is correct for your OS

  2. Verify the JSON syntax is valid (use a JSON validator)

  3. Make sure paths use forward slashes / (even on Windows) or escape backslashes \\

  4. Restart Claude Desktop completely (quit, don't just close)

hashtag
"uv: command not found"

  • Install uv (see Prerequisites section)

  • Use the full path to uv in your config

  • On macOS/Linux, you may need to add ~/.cargo/bin to your PATH

hashtag
Check MCP server logs

Test the server directly from terminal:

If there are configuration errors, they'll appear here.

hashtag
What Can You Do With It?

Once connected, try these example prompts:

Explore your data:

  • "Show me all risk assessments"

  • "List the compliance frameworks I have imported"

  • "What assets are in the Production folder?"

Create new items:

  • "Create a new folder called 'IT Security'"

  • "Add a risk scenario for ransomware affecting the CRM system"

  • "Create a compliance assessment for ISO 27001"

Analyze and report:

  • "Show me the gap analysis for my SOC2 audit"

  • "What are the high-risk scenarios in my assessment?"

  • "List all controls that are not yet implemented"

Manage third parties:

  • "List all our vendors"

  • "Create an entity assessment for Acme Corp"

  • "What contracts are expiring soon?"

hashtag
Need Help?

hashtag
Quick Reference: Environment Variables

Variable
Required
Default
Description

TOKEN

Yes

-

Personal Access Token from CISO Assistant

API_URL

No

http://localhost:8000/api

CISO Assistant API endpoint

VERIFY_CERTIFICATE

No

false

SSL certificate verification

PreviousOutgoing webhooksNextGRC Summit - Luxembourg 2025

Last updated

Was this helpful?