Add Security Assurance Profiles as Section 3.3 of MCP Security Whitepaper#73
Open
nik-kale wants to merge 2 commits intocosai-oasis:feat/mcp-security-v2from
Open
Conversation
Define four graduated assurance levels (L1-L4) for MCP deployments with concrete control requirements across eight security dimensions. Maps to MCP-T1 through MCP-T12 threat categories and DP1-DP3 deployment patterns from the V1 whitepaper, with cross-references to the OWASP MCP Top 10. Refs cosai-oasis#36 Made-with: Cursor
|
|
Move assurance profiles content from standalone practical-guides/ file into the main whitepaper (model-context-protocol-security.md) as a new Section 3.3, placed after Controls and Mitigations (3.2). Adds four graduated security levels (L1-L4) across eight control dimensions with threat coverage mapping to MCP-T1 through MCP-T12 and OWASP MCP Top 10. Resolves cosai-oasis#36
nik-kale
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Integrates MCP Security Assurance Profiles directly into
model-context-protocol-security.mdas Section 3.3, placed after Controls and Mitigations (3.2) and before Conclusion (4). This replaces the earlier standalone file underpractical-guides/.Defines four graduated security assurance levels (L1 Sandbox, L2 Internal, L3 Production, L4 Regulated) across eight control dimensions:
Each control maps back to MCP-T1 through MCP-T12 threat categories and cross-references the OWASP MCP Top 10. Deployment pattern mapping aligns with Appendix 6.1.
No existing sections were renumbered. Sections 4 (Conclusion), 5 (Contributors), and 6 (Appendix) remain unchanged.
Changes
practical-guides/mcp-security-assurance-profiles.md(moved into whitepaper)model-context-protocol-security.md:Related