Your connection was interrupted
What is MCP Compliance?
MCP Compliance is a project that provides a server and CLI tools to support compliance operations for AI agents, specifically focusing on FedRAMP compliance.
How to use MCP Compliance?
To use MCP Compliance, set up the MCP compliance binary, add it to your PATH, clone the repository, and deploy it locally. Configure your AI agent to interact with the MCP compliance server.
Key features of MCP Compliance?
- CLI tools for processing and querying FedRAMP baseline data
- An MCP server that exposes compliance data to LLM agents
- Detailed guidance for evidence collection related to compliance controls
Use cases of MCP Compliance?
- Assisting organizations in understanding and implementing FedRAMP compliance requirements.
- Providing tools for AI agents to interact with compliance data.
- Streamlining the evidence collection process for compliance documentation.
FAQ from MCP Compliance?
- What is FedRAMP?
FedRAMP stands for the Federal Risk and Authorization Management Program, which standardizes security assessment and authorization for cloud services.
- Is there a way to automate evidence collection?
Currently, the project is working on adding automation for evidence collection in future updates.
MCP Compliance
A project for compliance that provides CLI tools and an MCP server for agents to interact with compliance data.
Overview
The FedRAMP Compliance MCP Server is designed to support users throughout their compliance journey, which consists of three main phases:
- Understanding - Learning about security controls, their requirements, and how they apply to your system
- Implementing - Designing and implementing controls in your system to meet compliance requirements
- Evidencing - Collecting and documenting evidence to demonstrate compliance with controls
This project provides tools for working with FedRAMP compliance data, including:
- CLI tools for processing and querying FedRAMP baseline data
- An MCP server that exposes compliance data to LLM agents
Roadmap
This project is missing the automation of evidence collection. There needs to be a way to securely store what may be sensitive data in a shared location that provides the proper ACLs and data protection. This is intended to be added in a future hackathon or additional roadmap time.
Easy Button Quick Start
For the quickest setup:
# Create the directory for the MCP compliance binary
mkdir -p ~/.mcp-compliance/bin
# Add to your PATH (add this to your .bashrc or .zshrc for persistence)
export PATH=$PATH:~/.mcp-compliance/bin
# Clone the repository
git clone https://github.com/grafana/hackathon-12-mcp-compliance.git
cd hackathon-12-mcp-compliance
# Build and deploy locally
make deploy-local
Now you can configure your agent (Cursor or Claude Desktop) to use the MCP compliance server. See the Getting Started Guide for configuration details.
Documentation
- Getting Started Guide - Instructions for setting up and using the project
- Concept of Operations - Detailed explanation of system architecture and data flow
MCP Server
The MCP server provides the following tools for LLM agents:
get_control: Get detailed information about a specific controlget_control_family: Get all controls in a specific familylist_control_families: List all control families in a programsearch_controls: Search for controls by keywordget_control_evidence_guidance: Get detailed guidance for evidence about a specific control
Data Sources
The FedRAMP baseline files are sourced from the official GSA FedRAMP Automation GitHub repository: