MCP Compliance
by Grafana
The MCP Compliance project provides CLI tools and an MCP server for agents to interact with compliance data, specifically focusing on FedRAMP compliance. It assists users in understanding, implementing, and evidencing security controls.
Last updated: N/A
What is MCP Compliance?
The FedRAMP Compliance MCP Server is designed to support users throughout their compliance journey by providing tools for working with FedRAMP compliance data. It includes CLI tools for processing and querying FedRAMP baseline data and an MCP server that exposes compliance data to LLM agents.
How to use MCP Compliance?
To use the MCP Compliance server, first clone the repository and build it locally using the provided make deploy-local command. Then, configure your LLM agent (e.g., Cursor or Claude Desktop) to use the MCP compliance server, following the instructions in the Getting Started Guide.
Key features of MCP Compliance
CLI tools for processing and querying FedRAMP baseline data
MCP server exposing compliance data to LLM agents
Tools for understanding, implementing, and evidencing security controls
Support for FedRAMP Rev 5 HIGH and MODERATE baselines
Use cases of MCP Compliance
Automating compliance tasks using LLM agents
Querying FedRAMP baseline data for specific controls
Generating evidence for compliance audits
Understanding security control requirements and their application
FAQ from MCP Compliance
What is the purpose of the MCP server?
What is the purpose of the MCP server?
The MCP server exposes compliance data to LLM agents, allowing them to interact with and utilize the data for compliance-related tasks.
What data sources are used?
What data sources are used?
The FedRAMP baseline files are sourced from the official GSA FedRAMP Automation GitHub repository, including the FedRAMP Rev 5 HIGH and MODERATE baselines.
How do I configure my LLM agent to use the MCP server?
How do I configure my LLM agent to use the MCP server?
Refer to the Getting Started Guide for detailed instructions on configuring your agent to use the MCP compliance server.
What tools are available on the MCP server?
What tools are available on the MCP server?
The MCP server provides tools such as get_control, get_control_family, list_control_families, search_controls, and get_control_evidence_guidance.
Is there a way to automate evidence collection?
Is there a way to automate evidence collection?
Currently, the project is missing the automation of evidence collection, but this is intended to be added in a future hackathon or additional roadmap time.