fedramp-docs-mcp

fedramp-docs-mcp

An unofficial MCP server that exposes public FedRAMP 20x documentation as deterministic, citable lookup tools for AI assistants, with every response citing the exact upstream source.

Category
Visit Server

README

fedramp-docs-mcp

An unofficial Model Context Protocol (MCP) server that exposes the public FedRAMP 20x machine-readable documentation (FRMR) as deterministic, citable lookup tools for AI assistants.

โš ๏ธ Not affiliated with FedRAMP, GSA, or the U.S. government. This is a community-built tool. Data is sourced from the public GSA FedRAMP docs repository at https://github.com/FedRAMP/docs. The bundled FRMR.documentation.json is a U.S. government work in the public domain (17 U.S.C. ยง 105); this server's code is MIT-licensed.

Why this exists

When using AI assistants to analyze, scope, or write about FedRAMP 20x requirements, the model can paraphrase FRMR content from memory and drift on numbers, IDs, dates, or definitions. This MCP server replaces that with structured lookups against the canonical JSON โ€” every response carries a _source block pointing to the exact upstream commit and JSON path. The model literally cannot answer without citing the source.

Install

๐Ÿ“ฆ PyPI release is planned but not yet published. Install directly from this GitHub repo via uvx for now. The PyPI path below will work once v0.1.0 stabilizes.

Install from GitHub (current path)

uvx can install directly from a git URL โ€” no PyPI required, no clone needed:

uvx --from git+https://github.com/Andrew-Nolan-owl/fedramp-docs-mcp.git fedramp-docs-mcp --help

(Install uv first if needed: brew install uv on macOS, or see https://docs.astral.sh/uv/.)

You can pin to a specific tag or commit for reproducibility:

# pin to a tag
uvx --from git+https://github.com/Andrew-Nolan-owl/fedramp-docs-mcp.git@v0.1.0 fedramp-docs-mcp

# pin to a commit SHA
uvx --from git+https://github.com/Andrew-Nolan-owl/fedramp-docs-mcp.git@<sha> fedramp-docs-mcp

Install from PyPI (planned, not yet available)

Once v0.1.0 is published to PyPI, this will be the simpler path:

# Not yet โ€” coming with v0.1.0 PyPI release
uvx fedramp-docs-mcp

Configure your MCP client

Claude Code / Claude Desktop

Add to your MCP client config (e.g., ~/.claude.json):

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "uvx",
      "args": [
        "--from",
        "git+https://github.com/Andrew-Nolan-owl/fedramp-docs-mcp.git",
        "fedramp-docs-mcp"
      ]
    }
  }
}

Once the PyPI release ships, the config simplifies to:

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "uvx",
      "args": ["fedramp-docs-mcp"]
    }
  }
}

Restart your client. The tools appear automatically; verify with /mcp in Claude Code.

Available tools (v0.1.0 โ€” 20x only)

Tool Purpose
list_ksis(theme?) Enumerate Key Security Indicators (~60 across 11 themes)
get_ksi(id) Full text of a KSI indicator by ID (e.g. KSI-AFR-ADS; legacy KSI-AFR-03 also resolves via fka)
list_frrs(status?) Enumerate FedRAMP Requirements & Rules sections with effective status
get_frr_section(short_name) Full text of an FRR section (e.g. ADS, CCM)
get_definition(term_or_id) FedRAMP Definition lookup by ID, term, or alt
search(query, scope?) Full-text search across KSIs, FRRs, and FRDs
get_source_info() Vendored snapshot metadata โ€” upstream commit, fetched_at, etc.

Every response includes _source:

{
  "_source": {
    "file": "FRMR.documentation.json",
    "upstream_commit": "a06fa8f9b103c0346895fb669b721962f5891bb6",
    "upstream_url": "https://github.com/FedRAMP/docs",
    "frmr_last_updated": "2026-04-08",
    "json_path": "/KSI/AFR/indicators/KSI-AFR-ADS"
  }
}

Refreshing the FRMR snapshot

This server ships with a vendored snapshot of FRMR.documentation.json pinned to a specific upstream commit. To pull the latest:

uvx fedramp-docs-mcp refresh

Refresh is a CLI action (not an MCP tool) because it mutates local state across all future sessions. Reference servers (fetch, time) follow the same pattern.

Run refresh when:

  • You're starting a new work session that needs current data
  • Upstream has new commits at https://github.com/FedRAMP/docs
  • get_source_info shows a stale fetched_at

Scope

v0.1.0 surfaces only 20x-effective content (items where effective.20x.is != "no" in FRMR). Rev 5 expansion is planned for v0.3.0. See ROADMAP.md if present, or the GitHub issues.

Design notes

  • Framework: FastMCP (high-level decorator API in the official mcp Python SDK)
  • Distribution: PyPI, runnable via uvx
  • Data: Vendored snapshot + explicit refresh CLI (deterministic by default, fresh on demand)
  • Citations: Structural โ€” every response carries _source so attribution can't be dropped or paraphrased

Development

git clone https://github.com/Andrew-Nolan-owl/fedramp-docs-mcp.git
cd fedramp-docs-mcp
uv venv
source .venv/bin/activate
uv pip install -e ".[dev]"
pytest

Contributing

Issues and PRs welcome. This is an alpha-stage tool โ€” tool ergonomics, error messages, and search ranking are all open to iteration.

License

MIT (see LICENSE). The bundled FRMR JSON is a U.S. government work in the public domain.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured