fedramp-docs-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@fedramp-docs-mcplist KSIs in the Access Control theme"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
fedramp-docs-mcp
An unofficial Model Context Protocol (MCP) server that exposes the public FedRAMP 20x machine-readable documentation (FRMR) as deterministic, citable lookup tools for AI assistants.
โ ๏ธ Not affiliated with FedRAMP, GSA, or the U.S. government. This is a community-built tool. Data is sourced from the public GSA FedRAMP docs repository at https://github.com/FedRAMP/docs. The bundled
FRMR.documentation.jsonis a U.S. government work in the public domain (17 U.S.C. ยง 105); this server's code is MIT-licensed.
Why this exists
When using AI assistants to analyze, scope, or write about FedRAMP 20x requirements, the model can paraphrase FRMR content from memory and drift on numbers, IDs, dates, or definitions. This MCP server replaces that with structured lookups against the canonical JSON โ every response carries a _source block pointing to the exact upstream commit and JSON path. The model literally cannot answer without citing the source.
Related MCP server: fedreg-mcp
Install
๐ฆ PyPI release is planned but not yet published. Install directly from this GitHub repo via
uvxfor now. The PyPI path below will work once v0.1.0 stabilizes.
Install from GitHub (current path)
uvx can install directly from a git URL โ no PyPI required, no clone needed:
uvx --from git+https://github.com/Andrew-Nolan-owl/fedramp-docs-mcp.git fedramp-docs-mcp --help(Install uv first if needed: brew install uv on macOS, or see https://docs.astral.sh/uv/.)
You can pin to a specific tag or commit for reproducibility:
# pin to a tag
uvx --from git+https://github.com/Andrew-Nolan-owl/fedramp-docs-mcp.git@v0.1.0 fedramp-docs-mcp
# pin to a commit SHA
uvx --from git+https://github.com/Andrew-Nolan-owl/fedramp-docs-mcp.git@<sha> fedramp-docs-mcpInstall from PyPI (planned, not yet available)
Once v0.1.0 is published to PyPI, this will be the simpler path:
# Not yet โ coming with v0.1.0 PyPI release
uvx fedramp-docs-mcpConfigure your MCP client
Claude Code / Claude Desktop
Add to your MCP client config (e.g., ~/.claude.json):
{
"mcpServers": {
"fedramp-docs": {
"command": "uvx",
"args": [
"--from",
"git+https://github.com/Andrew-Nolan-owl/fedramp-docs-mcp.git",
"fedramp-docs-mcp"
]
}
}
}Once the PyPI release ships, the config simplifies to:
{
"mcpServers": {
"fedramp-docs": {
"command": "uvx",
"args": ["fedramp-docs-mcp"]
}
}
}Restart your client. The tools appear automatically; verify with /mcp in Claude Code.
Available tools (v0.1.0 โ 20x only)
Tool | Purpose |
| Enumerate Key Security Indicators (~60 across 11 themes) |
| Full text of a KSI indicator by ID (e.g. |
| Enumerate FedRAMP Requirements & Rules sections with effective status |
| Full text of an FRR section (e.g. |
| FedRAMP Definition lookup by ID, term, or alt |
| Full-text search across KSIs, FRRs, and FRDs |
| Vendored snapshot metadata โ upstream commit, fetched_at, etc. |
Every response includes _source:
{
"_source": {
"file": "FRMR.documentation.json",
"upstream_commit": "a06fa8f9b103c0346895fb669b721962f5891bb6",
"upstream_url": "https://github.com/FedRAMP/docs",
"frmr_last_updated": "2026-04-08",
"json_path": "/KSI/AFR/indicators/KSI-AFR-ADS"
}
}Refreshing the FRMR snapshot
This server ships with a vendored snapshot of FRMR.documentation.json pinned to a specific upstream commit. To pull the latest:
uvx fedramp-docs-mcp refreshRefresh is a CLI action (not an MCP tool) because it mutates local state across all future sessions. Reference servers (fetch, time) follow the same pattern.
Run refresh when:
You're starting a new work session that needs current data
Upstream has new commits at https://github.com/FedRAMP/docs
get_source_infoshows a stalefetched_at
Scope
v0.1.0 surfaces only 20x-effective content (items where effective.20x.is != "no" in FRMR). Rev 5 expansion is planned for v0.3.0. See ROADMAP.md if present, or the GitHub issues.
Design notes
Framework: FastMCP (high-level decorator API in the official
mcpPython SDK)Distribution: PyPI, runnable via
uvxData: Vendored snapshot + explicit
refreshCLI (deterministic by default, fresh on demand)Citations: Structural โ every response carries
_sourceso attribution can't be dropped or paraphrased
Development
git clone https://github.com/Andrew-Nolan-owl/fedramp-docs-mcp.git
cd fedramp-docs-mcp
uv venv
source .venv/bin/activate
uv pip install -e ".[dev]"
pytestContributing
Issues and PRs welcome. This is an alpha-stage tool โ tool ergonomics, error messages, and search ranking are all open to iteration.
License
MIT (see LICENSE). The bundled FRMR JSON is a U.S. government work in the public domain.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Andrew-Nolan-owl/fedramp-docs-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server