Enforce Security Policies

Configure security policies to control which MCP servers your teams can execute, based on certification levels, origins, and custom rules.

6 min read

Security policies are the governance layer of MCP Hub Platform. They let you control what your organization can run, setting minimum certification requirements, filtering by origin type, and defining custom rules. This tutorial covers setting up and managing policies at every level – from organization-wide defaults to individual server overrides.

Before You Begin

You need:

A running MCP Hub Platform instance (see Quick Start)
An organization with Admin or Owner role (see Set Up an Organization)
At least one certified MCP server in your organization

Understanding the Policy Model

Policies in MCP Hub Platform follow a hierarchical structure with inheritance:

Platform Defaults
    |
    v
Organization Policies  (set by Org Admin/Owner)
    |
    v
Area Policies          (override org for specific areas)
    |
    v
Server Policies        (override area for specific servers)
    |
    v
Client Enforcement     (mcp-client checks at runtime)

At each level, policies can only become more restrictive than the level above. A team area cannot lower the minimum certification level below the organization default – it can only raise it.

Step 1: Set Organization-Wide Policies

Navigate to your organization > Settings > Security Policies.

Minimum Certification Level

The most important policy. It defines the lowest certification level that MCP servers must meet before they can be executed by your team.

Level	Name	What It Means
0	Integrity Verified	Only digest and schema validation required
1	Static Verified	Basic static analysis with score >= 60
2	Security Certified	Full analysis with score >= 80 and evidence
3	Runtime Certified	Dynamic analysis with score >= 90 (future)

Recommendation: Start with Level 1 for development environments and Level 2 for production. Level 0 is suitable for internal experimentation only.

To set the minimum level:

Under Minimum Certification Level, select the desired level
Click Save Policies

Any MCP server below this level will be blocked from execution by the MCP Client.

Origin Type Filtering

Origin types indicate the trust level of the MCP server publisher:

Origin	Description	Use Case
Official	Maintained by the MCP Hub team	Highest trust, always safe to allow
Verified	Publisher has verified identity	Recommended for production
Community	Any publisher, no identity guarantees	Allow with caution

Configure which origins your organization permits:

Under Allowed Origins, check the origin types to allow
Click Save Policies

Example configurations:

Environment	Allowed Origins	Rationale
Production	Official, Verified	Only trusted publishers
Staging	Official, Verified, Community	Broader testing
Development	All	Maximum flexibility

Allow and Deny Lists

For fine-grained control, use explicit allow and deny lists:

Allow List – Only these servers can be executed, regardless of other policies:

Allow List:
  - @acme-corp/database-connector
  - @acme-corp/api-gateway
  - @official/filesystem-server

Deny List – These servers are always blocked, even if they meet all other criteria:

Deny List:
  - @community/untrusted-tool
  - @external-org/deprecated-server

Deny List Takes Precedence

If a server appears on both the allow list and the deny list, the deny list wins. The server will be blocked.

Step 2: Configure Area-Level Policies

Areas within your organization can have their own policies that are more restrictive than the organization defaults.

Navigate to your organization > Areas
Select an area (e.g., production-services)
Open the Policies tab

Example: Stricter Production Area

Organization Default:
  min_cert_level: 1
  allowed_origins: [Official, Verified, Community]

Area "production-services" Override:
  min_cert_level: 2
  allowed_origins: [Official, Verified]

In this example, the production area requires certification level 2 and blocks community-origin servers, while the rest of the organization uses the more permissive defaults.

Example: Relaxed Development Area

You cannot make area policies more permissive than the organization level. If the organization minimum is level 1, no area can set it to level 0. However, areas can choose not to override, in which case they inherit the organization defaults:

Organization Default:
  min_cert_level: 1

Area "dev-sandbox":
  min_cert_level: (inherited: 1)

Area "staging":
  min_cert_level: 2  (stricter override)

Step 3: Set Server-Specific Overrides

Individual MCP servers can have policy overrides that are more restrictive than their area or organization:

Navigate to the MCP server’s detail page
Open the Policies tab
Configure server-specific overrides

This is useful for high-risk servers that require extra scrutiny:

Area "backend-tools" (min_cert_level: 2):
    |
    +--- database-connector: min_cert_level: 3  (handles sensitive data)
    +--- logger-server: (inherited: 2)
    +--- metrics-server: (inherited: 2)

Step 4: Client-Side Policy Enforcement

The MCP Client enforces policies at runtime. When a user attempts to run an MCP server, the client checks the artifact’s certification level and origin against the applicable policies.

Default Client Configuration

Configure the client to use your organization’s policies:

# Set the default organization
mcp-client config set organization acme-corp

# Set the hub endpoint for policy resolution
mcp-client config set hub-url http://localhost:8080

Runtime Enforcement

When running a server, the client enforces all applicable policies:

# This will check org + area + server policies before execution
mcp-client run @acme-corp/[email protected]

If the artifact fails any policy check, execution is blocked:

Error: policy violation
  Server: @acme-corp/[email protected]
  Required cert level: 2 (Security Certified)
  Actual cert level: 1 (Static Verified)

  This server does not meet your organization's minimum
  certification level. Contact your organization admin
  to adjust policies or wait for a higher-scoring version.

Overriding Policies Locally

In some cases (development, testing), you may want to override policies. This requires explicit flags:

# Override minimum certification level (requires --force)
mcp-client run @acme-corp/[email protected] \
  --min-cert-level 0 \
  --force

# Allow community origin (requires --force)
mcp-client run @community/[email protected] \
  --allow-origin community \
  --force

Force Flag Audit Trail

Using --force to override policies is logged in the client’s audit trail and, when connected to an organization, reported to the Hub. Enterprise administrators can see who overrode policies and when.

Step 5: Enterprise Governance

For enterprise deployments, MCP Hub Platform provides additional governance features.

Mandatory Policies

Enterprise administrators can set mandatory policies that cannot be overridden by organizations or the --force flag:

Go to the Admin Panel > Global Policies
Enable Mandatory Policy Mode
Configure the global minimums

These policies are enforced platform-wide and take precedence over everything else.

Policy Audit Reports

Generate reports showing policy compliance across your organization:

Navigate to your organization > Reports > Policy Compliance
Select the time period
View compliance metrics:
- Percentage of servers meeting minimum certification level
- Policy override usage (how often --force is used)
- Origin type distribution
- Trend over time

Notifications and Alerts

Configure notifications when policy-related events occur:

A server drops below the minimum certification level after re-analysis
A team member uses --force to override a policy
A new community-origin server is added to a production area

Set up notifications under Settings > Notifications > Policy Alerts.

Policy Precedence Summary

When the MCP Client evaluates whether to allow execution, it checks policies in this order:

Priority	Source	Can Override?
1 (highest)	Enterprise mandatory policies	No
2	Deny list (org or area)	No
3	Server-specific override	Only stricter
4	Area policy	Only stricter than org
5	Organization default	Set by admin
6 (lowest)	Platform defaults	Baseline

The first matching rule that blocks execution takes effect. If no rule blocks, execution proceeds.

Common Policy Configurations

Startup / Small Team

Organization:
  min_cert_level: 1
  allowed_origins: [Official, Verified, Community]
  deny_list: []

Mid-Size Company

Organization:
  min_cert_level: 1
  allowed_origins: [Official, Verified, Community]

Area "production":
  min_cert_level: 2
  allowed_origins: [Official, Verified]

Area "development":
  (inherits organization defaults)

Enterprise

Global Mandatory:
  min_cert_level: 1

Organization:
  min_cert_level: 2
  allowed_origins: [Official, Verified]

Area "critical-infrastructure":
  min_cert_level: 3
  allowed_origins: [Official]
  allow_list: [only-approved-servers]

Next Steps

Set Up an Organization – Configure your organization structure
Self-Hosted Deployment – Deploy the platform on your own infrastructure
Publish from GitHub – Automate certification with Git integration