From a24f90e6f93426999479dc2f57057aff8f34a990 Mon Sep 17 00:00:00 2001 From: Zoe Braiterman Date: Fri, 19 Jun 2026 08:45:30 -0400 Subject: [PATCH 1/4] docs: Minor changes to the wording of the MCP Security chapter --- 1.0/en/0x10-C10-MCP-Security.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/1.0/en/0x10-C10-MCP-Security.md b/1.0/en/0x10-C10-MCP-Security.md index 667059c..ad12819 100644 --- a/1.0/en/0x10-C10-MCP-Security.md +++ b/1.0/en/0x10-C10-MCP-Security.md @@ -2,7 +2,7 @@ ## Control Objective -Ensure secure discovery, authentication, authorization, transport, and use of MCP-based tool and resource integrations to prevent context confusion, unauthorized tool invocation, or cross-tenant data exposure. This chapter covers MCP protocol-specific controls. +Ensure secure discovery, authentication, authorization, transport, and use of MCP-based tool and resource integrations to prevent context confusion, unauthorized tool invocation, or cross-tenant data exposure. This chapter covers MCP-specific controls. --- @@ -46,8 +46,8 @@ Ensure secure discovery, authentication, authorization, transport, and use of MC | # | Description | Level | | :--: | --- | :---: | -| **10.4.1** | **Verify that** MCP tools/list and tool responses are validated via a prompt injection guardrail system to prevent indirect prompt injection. | 1 | -| **10.4.2** | **Verify that** MCP tools/list and tool responses are schema validated before being injected into the model context. | 1 | +| **10.4.1** | **Verify that** MCP tools/list requests and tool responses are validated via a prompt injection guardrail system to prevent indirect prompt injection. | 1 | +| **10.4.2** | **Verify that** MCP tools/list requests and tool responses are schema validated before being injected into the model context. | 1 | | **10.4.3** | **Verify that** MCP servers reject unrecognized or oversized parameters in function calls. | 1 | | **10.4.4** | **Verify that** all MCP servers enforce strict schema validation. | 2 | | **10.4.5** | **Verify that** all MCP transports enforce maximum payload size limits. | 2 | From 1d5782607a95f806c9a756d51a33d913ed39db95 Mon Sep 17 00:00:00 2001 From: Zoe Braiterman Date: Fri, 19 Jun 2026 09:49:47 -0400 Subject: [PATCH 2/4] docs: Add MCP client security requirements for local server installation --- 1.0/en/0x10-C10-MCP-Security.md | 1 + 1 file changed, 1 insertion(+) diff --git a/1.0/en/0x10-C10-MCP-Security.md b/1.0/en/0x10-C10-MCP-Security.md index ad12819..d6381ad 100644 --- a/1.0/en/0x10-C10-MCP-Security.md +++ b/1.0/en/0x10-C10-MCP-Security.md @@ -53,6 +53,7 @@ Ensure secure discovery, authentication, authorization, transport, and use of MC | **10.4.5** | **Verify that** all MCP transports enforce maximum payload size limits. | 2 | | **10.4.6** | **Verify that** MCP servers sign tool responses with a unique nonce and timestamp so MCP clients can avoid replay attacks. | 2 | | **10.4.7** | **Verify that** MCP clients maintain a snapshot of tool definitions and that any change to a tool definition triggers re-approval before the modified tool can be invoked. | 3 | +| **10.4.8** | **Verify that** MCP clients present users with explicit consent dialogue and cancellation options upon installation of a local MCP server. | 2 | --- From eab257bdf1bac1990d8f46bbd3924c631db093bf Mon Sep 17 00:00:00 2001 From: Zoe Braiterman Date: Fri, 19 Jun 2026 09:57:20 -0400 Subject: [PATCH 3/4] Fix formatting in MCP Security document --- 1.0/en/0x10-C10-MCP-Security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/1.0/en/0x10-C10-MCP-Security.md b/1.0/en/0x10-C10-MCP-Security.md index d6381ad..7e04219 100644 --- a/1.0/en/0x10-C10-MCP-Security.md +++ b/1.0/en/0x10-C10-MCP-Security.md @@ -53,7 +53,7 @@ Ensure secure discovery, authentication, authorization, transport, and use of MC | **10.4.5** | **Verify that** all MCP transports enforce maximum payload size limits. | 2 | | **10.4.6** | **Verify that** MCP servers sign tool responses with a unique nonce and timestamp so MCP clients can avoid replay attacks. | 2 | | **10.4.7** | **Verify that** MCP clients maintain a snapshot of tool definitions and that any change to a tool definition triggers re-approval before the modified tool can be invoked. | 3 | -| **10.4.8** | **Verify that** MCP clients present users with explicit consent dialogue and cancellation options upon installation of a local MCP server. | 2 | +| **10.4.8** | **Verify that** MCP clients present users with explicit consent dialogue and cancellation options upon installation of a local MCP server. | 2 | --- From cb3cbae43c35aa4cc757ef7d4d0c60d82ca2dd06 Mon Sep 17 00:00:00 2001 From: Zoe Braiterman Date: Fri, 19 Jun 2026 10:31:39 -0400 Subject: [PATCH 4/4] Fix formatting in MCP Security validation table Change "tools/list requests" back to "tools/list", per reviewer's request. --- 1.0/en/0x10-C10-MCP-Security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/1.0/en/0x10-C10-MCP-Security.md b/1.0/en/0x10-C10-MCP-Security.md index 7e04219..fdc5cf8 100644 --- a/1.0/en/0x10-C10-MCP-Security.md +++ b/1.0/en/0x10-C10-MCP-Security.md @@ -46,8 +46,8 @@ Ensure secure discovery, authentication, authorization, transport, and use of MC | # | Description | Level | | :--: | --- | :---: | -| **10.4.1** | **Verify that** MCP tools/list requests and tool responses are validated via a prompt injection guardrail system to prevent indirect prompt injection. | 1 | -| **10.4.2** | **Verify that** MCP tools/list requests and tool responses are schema validated before being injected into the model context. | 1 | +| **10.4.1** | **Verify that** MCP tools/list and tool responses are validated via a prompt injection guardrail system to prevent indirect prompt injection. | 1 | +| **10.4.2** | **Verify that** MCP tools/list and tool responses are schema validated before being injected into the model context. | 1 | | **10.4.3** | **Verify that** MCP servers reject unrecognized or oversized parameters in function calls. | 1 | | **10.4.4** | **Verify that** all MCP servers enforce strict schema validation. | 2 | | **10.4.5** | **Verify that** all MCP transports enforce maximum payload size limits. | 2 |