io.github.Ansvar-Systems/ot-security-mcp
OT security standards: IEC 62443, NIST 800-82/53, MITRE ATT&CK for ICS
Ask AI about io.github.Ansvar-Systems/ot-security-mcp
Powered by Claude Β· Grounded in docs
I know everything about io.github.Ansvar-Systems/ot-security-mcp. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
OT Security MCP Server
IEC 62443 for the AI age.
Query IEC 62443, NIST 800-82, NIST 800-53, and MITRE ATT&CK for ICS β the complete OT security framework stack β directly from Claude, Cursor, or any MCP-compatible client.
If you're securing industrial control systems, manufacturing plants, energy infrastructure, or critical OT environments, this is your security standards reference.
Built by Ansvar Systems β Stockholm, Sweden
Why This Exists
OT security standards are scattered across ISA PDFs, NIST publications, and MITRE matrices. Whether you're:
- A control systems engineer implementing IEC 62443 security levels
- A security architect designing network segmentation with the Purdue Model
- A compliance officer mapping NIS2 requirements to IEC controls
- A threat hunter investigating MITRE ATT&CK for ICS techniques
- A product team building secure PLCs, SCADA systems, or industrial IoT devices
...you shouldn't need to juggle 6 different documentation sites and 200 pages of standards. Ask Claude. Get the exact requirement. With context.
This MCP server makes OT security standards searchable, cross-referenceable, and AI-readable.
Quick Start
Installation
npm install @ansvar/ot-security-mcp
Claude Desktop
Add to your claude_desktop_config.json:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"ot-security": {
"command": "npx",
"args": ["-y", "@ansvar/ot-security-mcp"]
}
}
}
Restart Claude Desktop. Done.
Cursor / VS Code
{
"mcp.servers": {
"ot-security": {
"command": "npx",
"args": ["-y", "@ansvar/ot-security-mcp"]
}
}
}
Example Queries
Once connected, just ask naturally:
IEC 62443 Security Levels
- "What are the IEC 62443 requirements for Security Level 2?"
- "Which security level should I target for a water treatment plant?"
- "Compare requirements between SL-2 and SL-3"
- "What is SR 1.1 (identification and authentication) in IEC 62443?"
Network Segmentation & Zones
- "How should I segment my OT network using the Purdue Model?"
- "What security controls belong at Level 3 of the Purdue Model?"
- "Design a zone and conduit architecture for a manufacturing facility"
- "What's the difference between a zone and a conduit in IEC 62443-3-2?"
Threat Intelligence
- "What MITRE ATT&CK techniques target PLCs?"
- "How do attackers perform lateral movement in ICS environments?"
- "Show me MITRE ICS techniques for T0800 (Modify Control Logic)"
- "Which mitigations prevent Man-in-the-Middle attacks on Modbus?"
NIST Guidance
- "What are NIST's recommendations for OT asset management?"
- "How does NIST 800-82 address incident response in control systems?"
- "Map NIST 800-82 guidance to NIST 800-53 controls"
Cross-Standard Mapping
- "Map IEC 62443 SR 1.1 to equivalent NIST controls"
- "Which NIST 800-53 controls support IEC 62443 Security Level 3?"
- "Compare identification and authentication across IEC and NIST"
Industry-Specific
- "What security requirements apply to a power generation facility?"
- "IEC 62443 requirements for pharmaceutical manufacturing"
- "Security controls for a water/wastewater utility"
More examples: See docs/use-cases.md for industry-specific scenarios
What's Included
Standards Coverage
- IEC 62443-3-3 β 67 System Security Requirements (SRs) across 7 foundational requirements
- IEC 62443-4-2 β 51 Component Requirements (CRs) for embedded devices, host devices, network devices, and applications
- IEC 62443-3-2 β Security risk assessment, zones & conduits, Purdue Model
- NIST SP 800-53 Rev 5 β 228 OT-relevant controls from 12 control families
- NIST SP 800-82 Rev 3 β Guide to Operational Technology Security
- MITRE ATT&CK for ICS β 83 techniques, 52 mitigations, 331 relationships
Features
- Full-Text Search β Find relevant requirements across all standards instantly
- Security Level Mapping β Query IEC 62443 requirements by SL-1 through SL-4
- Zone/Conduit Guidance β Network segmentation design with Purdue Model
- Requirement Rationale β Understand WHY requirements exist, not just what they say
- Threat Intelligence β MITRE ATT&CK techniques mapped to defensive controls
- Cross-Standard Mappings β IEC β NIST control relationships
- Component Type Filtering β Requirements for embedded devices, hosts, networks, or applications
Data Quality
- 238 Requirements β IEC 62443 foundation + NIST 800-82 guidance
- 228 NIST 800-53 Controls β Automated OSCAL ingestion from official source
- 83 MITRE ICS Techniques β Complete ATT&CK for ICS matrix
- 16 Cross-Standard Mappings β NIST 800-82 β 800-53 validated mappings
- Daily Updates β Automatic freshness checks for NIST and MITRE sources
Detailed coverage: docs/coverage.md Use cases by industry: docs/use-cases.md Available tools: docs/tools.md
π¬ See It In Action
Why This Works
Authoritative Source Data:
- IEC 62443: User-supplied (licensed standards) β you provide your own licensed data
- NIST 800-53: Automated OSCAL ingestion from official NIST GitHub
- NIST 800-82: Curated guidance from official PDF publication
- MITRE ATT&CK: Automated STIX 2.0 ingestion from official MITRE repository
- All data stored in SQLite with full-text search (FTS5)
Smart Architecture:
- Security level filtering uses junction tables (many-to-many relationships)
- Zone/conduit guidance generates markdown with Purdue Model context
- Requirement rationale includes regulatory drivers and related standards
- Cross-standard mappings use confidence scores for quality assessment
Technical Stack:
Official Source β Parse β Validate β SQLite β MCP Tools β AI Response
β β β
OSCAL/STIX JSON Schema FTS5 Search
Example: Traditional vs. This MCP
| Traditional Approach | This MCP Server |
|---|---|
| Buy IEC 62443 PDFs ($500+) | Ingest your licensed IEC data once |
| Navigate 300+ page security level tables | "What requirements apply to SL-2?" β instant answer |
| Manual Purdue Model diagrams | get_zone_conduit_guidance β generated architecture |
| Cross-reference NIST β IEC manually | compare_ot_requirements β mapped instantly |
| Search MITRE matrices by hand | "Show me PLC attacks" β filtered techniques |
| 6 different documentation sites | One unified query interface |
Traditional example: Open IEC 62443-3-3 PDF β Find security level table β Ctrl+F "SR 1" β Read 15 pages β Cross-reference to IEC 62443-4-2 β Repeat for NIST
This MCP: "What are all IEC 62443 requirements for Security Level 2 targeting embedded devices?" β Done.
β οΈ Important Disclaimers
IEC 62443 Licensing
π IEC 62443 CONTENT NOT INCLUDED
IEC 62443 is a copyrighted standard published by the International Society of Automation (ISA) and International Electrotechnical Commission (IEC).
This MCP server provides:
- Database schema and ingestion tools for IEC 62443 data
- JSON templates showing the expected data structure
- Sample data (2 requirements) demonstrating the format
You must provide:
- Your own licensed copies of IEC 62443 standards
- Your own JSON files created from your licensed standards
How to obtain IEC 62443 standards:
Ingestion guide: See docs/ingestion/iec62443-guide.md
Legal Advice
π¨ THIS TOOL IS NOT SECURITY CONSULTING OR LEGAL ADVICE π¨
Security requirements are sourced from official public standards (NIST, MITRE) and user-supplied licensed standards (IEC 62443). However:
- Security level targeting is risk-based and requires proper threat modeling
- Zone/conduit architectures are design aids, not prescriptive solutions
- Cross-standard mappings are interpretive aids, not official guidance
- MITRE techniques are threat intelligence, not vulnerability assessments
Always:
- Conduct proper risk assessments for your specific environment
- Engage qualified OT security professionals for implementation guidance
- Verify against official standard publications
- Follow your organization's security policies and procedures
NIST & MITRE Data
Public domain content β NIST 800-53, NIST 800-82, and MITRE ATT&CK for ICS data are sourced from official U.S. government repositories and are in the public domain. No restrictions on use or distribution.
Related Projects: Ansvar Compliance Suite
This server is part of Ansvar's MCP ecosystem for industrial and enterprise security:
π OT Security MCP (This Project)
Query IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS
- Specialized for OT/ICS environments (manufacturing, energy, critical infrastructure)
- Security levels, Purdue Model, zone/conduit architecture
- MITRE ATT&CK for ICS threat intelligence
- Install:
npm install @ansvar/ot-security-mcp
π Security Controls MCP
Query 1,451 security controls across 28 IT/OT frameworks
- ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, and 22 more
- Bidirectional framework mapping and gap analysis
- Works with OT Security MCP for complete IT/OT coverage
- Install:
pipx install security-controls-mcp
πͺπΊ EU Regulations MCP
Query 47 EU regulations including NIS2 and Cyber Resilience Act
- GDPR, AI Act, DORA, NIS2, MDR, CRA, and 41 more
- Critical for EU OT operators under NIS2 directive
- Install:
npx @ansvar/eu-regulations-mcp
πΊπΈ US Regulations MCP
Query US compliance laws including TSA Pipeline Security
- HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, and 9 more
- Relevant for US critical infrastructure operators
- Install:
npm install @ansvar/us-regulations-mcp
How They Work Together for OT Security
Complete OT compliance workflow:
1. "What are NIS2 requirements for energy sector OT systems?"
β EU Regulations MCP returns NIS2 Article 21 requirements
2. "What IEC 62443 security level satisfies NIS2 Article 21?"
β OT Security MCP recommends Security Level 2-3 based on risk assessment
3. "Map IEC 62443-4-2 SR 1.1 to NIST 800-53 controls"
β Security Controls MCP shows bidirectional mapping to AC-2, IA-2, etc.
4. "What MITRE ATT&CK techniques target this configuration?"
β OT Security MCP shows relevant ICS attack techniques and mitigations
Stack these servers for:
- EU OT operators (NIS2 + IEC 62443 + ISO 27001)
- US critical infrastructure (NIST + IEC 62443 + sector-specific regulations)
- Global manufacturers (All compliance + OT security + framework mapping)
About Ansvar Systems
We build AI-accelerated threat modeling and compliance tools for automotive OEMs, Tier 1 suppliers, industrial manufacturers, and critical infrastructure operators. This MCP server started as our internal IEC 62443 reference tool β turns out everyone securing OT environments has the same "6 documentation sites, 12 PDFs" problem.
So we're open-sourcing it. Navigating IEC 62443 security levels shouldn't require a spreadsheet and a law degree.
ansvar.eu β Stockholm, Sweden
Industries we serve:
- Automotive (ISO 21434, UN R155)
- Industrial Manufacturing (IEC 62443)
- Energy & Utilities (NERC CIP, IEC 62443)
- Medical Devices (IEC 81001-5-1, IEC 62443-4-2)
Documentation
Getting Started
- Quick Start Guide β Installation and first queries
- IEC 62443 Ingestion Guide β How to ingest your licensed standards
- NIST Ingestion Guide β Automated NIST data setup
Tools & Features
- Available Tools β All 7 MCP tools with examples
- Tool Reference: Security Level Mapping
- Tool Reference: Zone/Conduit Guidance
- Tool Reference: Requirement Rationale
Use Cases
- Industry Use Cases β Automotive, energy, manufacturing, water/wastewater
- Coverage Details β Complete standard coverage breakdown
Development
- Development Guide β Contributing, adding standards
- Architecture β Database schema, tool design
- Troubleshooting β Common issues and fixes
- Privacy Policy β Data handling and retention notes
Project Planning
- Stage 2 Design β Complete architectural design
- Stage 2 Implementation β Task breakdown
- Release Notes v0.2.0 β What's new in Stage 2
Directory Review Notes
Testing Account and Sample Data
This server is read-only and does not require a login account for functional review. For directory review, use the bundled dataset and these sample prompts:
- "What IEC 62443 requirements apply to Security Level 2?"
- "Show MITRE ICS techniques related to PLC manipulation."
- "Map IEC 62443 SR 1.1 to NIST controls."
Remote Authentication (OAuth 2.0)
If you deploy a remote authenticated endpoint, use OAuth 2.0 over TLS with certificates from recognized authorities. If deployed in read-only unauthenticated mode, document that deployment policy explicitly.
Roadmap
Stage 3 (Planned Q2 2026)
- IEC 62443-2-4 β Supplier security requirements (DORA/NIS2 relevance)
- Rich Cross-Standard Mappings β IEC β NIST β MITRE with confidence scores
- Automated Mapping Suggestions β ML-based requirement similarity
- Compare Requirements Tool β Side-by-side multi-standard comparison
Stage 4 (Planned Q3 2026)
- NERC CIP β North American energy sector requirements
- Sector Applicability Engine β "Which standards apply to my facility?"
- EU Regulatory Crosswalk β NIS2, DORA, CRA mappings to IEC 62443
See: ROADMAP.md for full feature timeline
More Open Source from Ansvar
We maintain a family of MCP servers for compliance and security professionals:
| Server | Description | Install |
|---|---|---|
| EU Regulations | 47 EU regulations (GDPR, AI Act, DORA, NIS2, MiFID II, eIDAS, MDR...) | npx @ansvar/eu-regulations-mcp |
| US Regulations | HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, state privacy laws | npx @ansvar/us-regulations-mcp |
| Security Controls | 1,451 controls across 28 frameworks (ISO 27001, NIST CSF, PCI DSS, CMMC...) | pipx install security-controls-mcp |
| Automotive | UNECE R155/R156, ISO 21434 for automotive cybersecurity | npx @ansvar/automotive-cybersecurity-mcp |
| Sanctions | Offline sanctions screening with OpenSanctions (30+ lists) | pip install ansvar-sanctions-mcp |
Browse all projects: ansvar.eu/open-source
Contributing
We welcome contributions! See CONTRIBUTING.md for:
- Adding new standards
- Improving cross-standard mappings
- Enhancing tool capabilities
- Fixing bugs or improving documentation
License
Code: Apache License 2.0 (see LICENSE)
Data:
- IEC 62443: User-supplied (requires license from ISA/IEC)
- NIST 800-53, 800-82: Public domain (U.S. government work)
- MITRE ATT&CK for ICS: Apache 2.0 (MITRE Corporation)
Support
Community Support
- GitHub Issues: Report bugs or request features
- GitHub Discussions: Ask questions or share use cases
Commercial Support
Need help with:
- IEC 62443 security level targeting for your facility?
- Custom zone/conduit architectures for complex OT networks?
- Threat modeling using MITRE ATT&CK for ICS?
- NIS2 or DORA compliance mapping to IEC 62443?
Contact: info@ansvar.eu
Built with care in Stockholm, Sweden