Releases: kenithphilip/FedPy
Releases · kenithphilip/FedPy
v0.2.0 — Full FedRAMP 20x coverage + NIST 800-53 benchmark
v0.2.0
This tag was signed with the committer’s verified signature.
kenithphilip
Kenith B. Philip
4f84e4e
This commit was signed with the committer’s verified signature.
kenithphilip
Kenith B. Philip
First feature release on top of the 0.1.0 scaffold. The collector now accounts for the entire 223-requirement FedRAMP 20x set (all 63 KSIs), lets you pick an impact tier, and benchmarks your cloud against NIST 800-53.
Highlights
- Full Low / Moderate / High coverage —
--impact-levelselector scopes all 223 requirements; High applicability is derived from NIST 800-53 Rev5 and labeled as such. 44 KSIs run live cloud collectors; the rest emit signed process-artifact evidence or are tracked awareness-only. - NIST 800-53 control benchmark (
control-benchmark.json) — roll findings up to controls and score each one, in two framings:--framework 20x(controls the KSIs reference) or--framework rev5(full SP 800-53B baseline: Low 149 / Moderate 287 / High 370). - Tamper-evident evidence — Ed25519-signed manifests + optional RFC 3161 timestamps; offline
verifyCLI. OSCAL 1.1 Assessment Results + NIST→SOC2/ISO27001/HIPAA crosswalk. - Production hardening — retry/backoff, adaptive concurrency under throttle, append-only run ledger, run lock.
- Runtimes — collector runs on Node (tsx), Bun (recommended), and Deno 2.8+.
- Tracker security suite — TOTP 2FA, granular RBAC, audit-log search, backup/restore, evidence uploads, collector-runs view with the benchmark headline.
- Quality gates — 495 tests (cloud-evidence 396 + tracker 99) and a push/PR CI workflow (Node 22 + 24).
See CHANGELOG.md for the full list.
Install
```bash
git clone git@github.com:kenithphilip/FedPy.git "FedRAMP 20x" && cd "FedRAMP 20x"
cd cloud-evidence && npm install && npm run collect -- --dry-run
```
Licensed under Apache-2.0.