In May 2026 the United States National Security Agency published a Cybersecurity Information notice titled Model Context Protocol (MCP): Security Design Considerations for AI-Driven Automation (document ID U/OO/6030316-26 / PP-26-1834). It is fifteen pages on what the NSA considers the minimum security baseline for any production MCPdeployment. If you are building anything on MCP, server, client, gateway, orchestrator, framework, or agent runtime, read it. Then read this, because the standards work the NSA describes already exists, and you can integrate it today. What the NSA called out Four operational requirements run through the document. Cryptographically sign and verify MCP messages Quoting the NSA directly (page 12): "the standard can be extended with cryptographic signatures directly within the JSON payload ... MCP messages should include expiration timestamps and replay protection metadata ...…