FedRAMP20xMCP
Verified Safeby KevinRabun
Overview
An MCP (Model Context Protocol) server that provides access to FedRAMP 20x security requirements and controls with Azure-first guidance, including automated code analysis for compliance.
Installation
python -m fedramp_20x_mcp.serverEnvironment Variables
- GITHUB_TOKEN
- NVD_API_KEY
- OPENAI_API_KEY
Security Notes
The server's core functionality is to detect security vulnerabilities and compliance issues in other code (IaC, application code, CI/CD pipelines). It uses advanced techniques like AST parsing (for C#) to reduce false positives. It incorporates external vulnerability data (CVEFetcher using GitHub Advisory Database and NVD). The server itself logs operations for audit purposes and encourages secure practices in its recommendations. No obvious hardcoded secrets or malicious patterns are detected within its own codebase, and dependencies like `httpx` are standard. It provides clear security guidelines via `SECURITY.md`.
Similar Servers
toolhive-studio
ToolHive simplifies and secures the discovery, deployment, and management of Model Context Protocol (MCP) servers, enabling connections to AI agents and clients.
copilot-security-instructions
This MCP server provides a toolkit of security-focused prompts and instructions to guide GitHub Copilot towards secure coding practices, helping developers identify and mitigate security risks.
ggmcp
This MCP server enables AI agents to scan code for secrets using GitGuardian's API, manage security incidents, provide remediation steps, and handle honeytoken management, focusing on the developer workflow.
MCP-Security-Framework
A comprehensive security testing framework for Model Context Protocol (MCP) servers, designed to detect vulnerabilities through automated sandboxing and active probing.