Last updated
March 16, 2026
MCP profile
Github KevinRabun FedRAMP20xMCP
An MCP server that provides access to FedRAMP 20x security requirements and controls.
Developer ToolsPackagePythonOpen SourceExternal
Visibility
Public
ByRegistry
About This MCP Server
This server loads FedRAMP 20x data from the official FedRAMP documentation repository and provides tools for querying requirements by control, family, or keyword.
The server uses a unified pattern-based architecture for all FedRAMP 20x compliance analysis:
1. Pattern Loading: YAML patterns loaded from data/patterns/ directory 2. Analysis Execution: Code analyzed using tree-sitter AST parsing with pattern matching 3. Finding Generation: Patterns generate findings with severity, description, and remediation 4. Result Aggregation: Findings grouped by requirement family with deduplication
FedRAMP 20x requires machine-readable formats (JSON, XML, or structured data) for Authorization Data Sharing. OSCAL is NOT mentioned in FedRAMP 20x requirements - it's a NIST standard that can be used as one potential implementation approach. The actual requirement is simply "machine-readable" - you can use custom JSON/XML or OSCAL based on your implementation needs.
Validate a system architecture against FedRAMP 20x requirements.
Get architecture guidance for automated evidence collection systems.
1. minimal: Quick-start architecture for pilot projects
2. single-ksi: Production architecture for one KSI
3. category: Enterprise architecture for one KSI category (IAM, MLA, etc.)
4. all: Enterprise architecture for 72 KSIs
Capabilities
Requirements Data: JSON files from github.com/FedRAMP/docs (root directory)Documentation: Markdown files from github.com/FedRAMP/docs/tree/main/docs
Tools & Endpoints1
Example Workflow
• requirement_id (string): The requirement identifier (e.g., "KSI-IAM-01", "FRR-VDR-01")
Why Use Github KevinRabun FedRAMP20xMCP?
- 🎯 Automated Evidence Collection (NEW): Automation guidance for 65 active KSIs with Azure-native services, ready-to-use queries, and artifact specifications
- Query by Control: Get detailed information about specific FedRAMP requirements
- Query by Family: List all requirements within a family
- Keyword Search: Search across all requirements using keywords
- FedRAMP Definitions: Look up official FedRAMP term definitions
- Key Security Indicators: Access and query FedRAMP Key Security Indicators (KSI) with implementation status
- Documentation Search: Search and retrieve official FedRAMP documentation markdown files
- Dynamic Content: Automatically discovers and loads all markdown documentation files
- Implementation Planning: Generate strategic interview questions to help product managers and engineers think through FedRAMP 20x implementation considerations
- AST-Powered Code Analysis: Advanced Abstract Syntax Tree parsing using tree-sitter for accurate, context-aware security analysis across Python, C#, Java, TypeScript/JavaScript, Bicep, and Terraform
- Semantic Analysis: Deep code understanding with symbol resolution, control flow analysis, and interprocedural analysis capabilities
- 🚀 Pattern-Based Architecture: Unified analysis engine with 381 YAML patterns across 23 requirement families, supporting compliance analysis for KSIs and FRRs
Specifications
Status
live
Industry
Developer Tools
Category
General
Server type
Package
Language
Python
License
Open Source
Verified
Yes
Requirements
- • keywords (string): Keywords to search for in requirement text
Hosting
Hosting Options
- Package
API
Integrate this server into your application. Choose a connection method below.
1
Install
Install command
Python
pip install -e .2
Configure
Configuration
json
{
"mcpServers": {
"fedramp-20x": {
"command": "uv",
"args": [
"--directory",
"/absolute/path/to/FedRAMP20xMCP",
"run",
"fedramp-20x-mcp"
]
}
}
}Performance
Usage
Quick Reference
- Name
- Github KevinRabun FedRAMP20xMCP
- Function
- An MCP server that provides access to FedRAMP 20x security requirements and controls.
- Available Tools
- The server provides 48 tools organized into the following categories:
- Transport
- Package
- Language
- Python
- Install
- pip install -e .
- Source
- External (Registry)
- License
- Open Source
Get started
Ready to integrate this MCP server?
Book a demo to see how this server fits your workflow, or explore the full catalog.