fedramp-compliance-mcp
v0.1.0
Published
MCP server for FedRAMP compliance — browse security controls by baseline (Low/Moderate/High), assess authorization readiness, generate SSP/POA&M templates, evidence checklists, and gap analysis for cloud service providers seeking federal authorization
Maintainers
crawdeReadme
fedramp-compliance-mcp
MCP server for FedRAMP (Federal Risk and Authorization Management Program) compliance — browse security controls by baseline, assess authorization readiness, generate SSP sections, evidence checklists, gap analysis, and continuous monitoring deliverable templates for cloud service providers.
Built for CSPs seeking FedRAMP authorization, 3PAO assessors, and federal agency security teams.
Tools
| Tool | Description |
|------|-------------|
| browse_controls | Browse FedRAMP controls by baseline (Low/Moderate/High), family, priority, or search |
| assess_readiness | Score authorization readiness with baseline-specific and path-specific (JAB/Agency/Li-SaaS) assessment |
| generate_ssp | Generate SSP sections per FedRAMP template format for any control or family |
| evidence_checklist | Generate 3PAO assessment evidence collection checklists |
| gap_analysis | Compare implemented controls vs. baseline requirements, generate POA&M |
| conmon_deliverables | Generate monthly, quarterly, and annual ConMon deliverable templates |
Control Families Covered
AC (Access Control), AU (Audit & Accountability), CA (Security Assessment & Authorization), CM (Configuration Management), CP (Contingency Planning), IA (Identification & Authentication), IR (Incident Response), PL (Planning), RA (Risk Assessment), SC (System & Communications Protection), SI (System & Information Integrity)
Install
npx fedramp-compliance-mcpClaude Desktop
{
"mcpServers": {
"fedramp-compliance": {
"command": "npx",
"args": ["-y", "fedramp-compliance-mcp"]
}
}
}Examples
Browse all P1 controls for Moderate baseline:
browse_controls({ baseline: "moderate", priority: "P1" })Assess readiness for JAB P-ATO:
assess_readiness({ implementedControls: ["AC-1", "AC-2", "AC-3", "AU-2", "SC-13"], targetBaseline: "moderate", authorizationPath: "jab" })Generate SSP for Incident Response controls:
generate_ssp({ family: "IR", cspName: "Acme Cloud", systemName: "AcmeCloud Platform" })Generate monthly ConMon deliverables:
conmon_deliverables({ period: "monthly", month: "May 2026", cspName: "Acme Cloud", systemName: "AcmeCloud Platform" })License
MIT