FedRAMP Docs MCP Server

List available FRMR JSON documents and metadata. This is usually the first tool to call to discover what FedRAMP data is available. Returns KSI (Key Security Indicators), MAS (Minimum Assessment Standard), VDR (Vulnerability Detection), SCN (Significant Change Notifications), FRD (Definitions), and ADS (Authorization Data Sharing) documents.

Retrieve a FRMR document with metadata, raw JSON, and summary. Use this to get KSI categories (like KSI-IAM, KSI-CNA), MAS requirements, or other FRMR content. First use list_frmr_documents to find available documents, then use this tool with the path. For KSI, use path 'FRMR.KSI.key-security-indicators.json'.

List detected FRMR versions and associated metadata from documents.

List individual KSI requirement entries (like KSI-IAM-01, KSI-CNA-02) with optional filters. To see all KSI categories and their descriptions, use get_frmr_document with path 'FRMR.KSI.key-security-indicators.json' instead. This tool filters specific requirements within categories.

Retrieve a single KSI entry by id.

Filter Key Security Indicators (KSI) by impact level. Returns all KSI items that apply to the specified impact level (low, moderate, or high).

Get comprehensive guidance for a KSI theme. Returns all indicators in the theme, impact breakdown, related NIST controls, and links to relevant documentation.

Get suggested evidence examples for KSI compliance. Returns automation-friendly evidence collection sources (APIs, CLI commands, artifacts) for each KSI. NOTE: These are community suggestions, not official FedRAMP guidance.

Return flattened control mappings across FRMR sets.

Get all FedRAMP requirements mapped to a specific NIST control. Returns KSI items and FRMR requirements that reference the control.

Analyze which NIST control families have FedRAMP requirements. Returns a coverage report showing which control families are addressed and how many controls/mappings exist for each.

Full-text search across FedRAMP markdown documentation and guidance. Use this to find information about policies, procedures, requirements, and guidance. Examples: 'continuous monitoring', 'incident response', 'significant change', 'authorization boundary'.

Read a markdown file and return its contents and digest.

Search FedRAMP definitions (FRD document) by term. Returns matching definitions with their full text and any alternate terms.

Get any FedRAMP requirement by its ID. Works with KSI indicators (KSI-), FRR requirements (FRR-), and FRD definitions (FRD-*).

Compute a structured diff between two FRMR documents by identifier.

Search markdown files for occurrences of a control identifier.

Aggregate markdown sections and FRMR references related to Significant Change.

Verify the index is ready and report status. Returns: indexed file count, repository path, FedRAMP docs commit hash and date, last update check time, and auto-update settings.

Force update the cached FedRAMP docs repository to get the latest data. This fetches and resets to the latest version from GitHub. The server automatically checks for updates every 24 hours by default, but you can use this tool to update immediately. After updating, you may need to restart the MCP server or rebuild the index to see changes.