fedramp-docs-mcp
Verified Safeby ethanolivertroy
Overview
A Model Context Protocol (MCP) server for querying FedRAMP compliance documentation and NIST controls, designed to be used by AI agents and developers.
Installation
npx fedramp-docs-mcpSecurity Notes
The server uses 'simple-git' to clone and update the official 'FedRAMP/docs' GitHub repository. While 'simple-git' is a well-established library for Git operations, any execution of external commands ('git') inherently introduces a potential attack surface. However, the repository source and branch are configurable via environment variables, not directly by user input to tools, which mitigates command injection risks. The Docker setup provides strong security hardening (e.g., non-root user, read-only filesystem, dropped capabilities, no-new-privileges, network isolation) which significantly enhances security in containerized deployments. No direct 'eval' or intentional obfuscation is observed.
Similar Servers
mesh
An open-source control plane for Model Context Protocol (MCP) traffic, providing unified authentication, routing, observability, and tool management for AI agents and integrations across various services.
mcp-server
Provides a Model Context Protocol (MCP) server for AI agents to search and retrieve curated documentation for the Strands Agents framework, facilitating AI coding assistance.
mcp-advisor
Provides LLMs and humans with structured access to the Model Context Protocol (MCP) specification and documentation for understanding and compliance evaluation.
FedRAMP20xMCP
An MCP server for FedRAMP 20x compliance analysis, providing automated code and infrastructure scanning, evidence automation, and documentation tools.