Boundera/fedramp-20x-toolkit is the practitioner-grade reference for mapping FedRAMP 20x Key Security Indicators (KSIs) to AWS evidence sources. Covers the IAM family (KSI-IAM-MFA, KSI-IAM-APM, KSI-IAM-SNU, KSI-IAM-JIT, KSI-IAM-ELP, KSI-IAM-SUS, KSI-IAM-AAM) and MLA family (KSI-MLA-OSM, KSI-MLA-RVL, KSI-MLA-EVC, KSI-MLA-LET, KSI-MLA-ALA) in depth, with machine-readable YAML mappings, real AWS Config rule references, NIST 800-53 control crosswalks, and per-indicator evidence shapes that compliance engineers can use directly during 3PAO preparation.

Includes the full FedRAMP machine-readable documentation (FRMR v0.9.43-beta) and a Python ksi-validator CLI for OSCAL package validation.

Maintained by Boundera (https://boundera.io) as a community resource alongside the Boundera commercial product, which automates evidence collection across all 60 KSI indicators and 11 families on AWS, Azure, and GCP. MIT licensed.

Project Activity

See All Activity >

Categories

Systems Administration, CI/CD, Cybersecurity

License

MIT License

Follow FedRAMP 20x Toolkit

FedRAMP 20x Toolkit Web Site

Other Useful Business Software
Full-stack observability with actually useful AI | Grafana Cloud Icon
Full-stack observability with actually useful AI | Grafana Cloud

Our generous forever free tier includes the full platform, including the AI Assistant, for 3 users with 10k metrics, 50GB logs, and 50GB traces.

Built on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
Create free account
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of FedRAMP 20x Toolkit!

Additional Project Details

Operating Systems

Linux

Registered

20 hours ago
Report inappropriate content