OT Security MCP Server

IEC 62443 for the AI age.

Query IEC 62443, NIST 800-82, NIST 800-53, and MITRE ATT&CK for ICS — the complete OT security framework stack — directly from Claude, Cursor, or any MCP-compatible client.

If you're securing industrial control systems, manufacturing plants, energy infrastructure, or critical OT environments, this is your security standards reference.

Built by Ansvar Systems — Stockholm, Sweden

---

Why This Exists

OT security standards are scattered across ISA PDFs, NIST publications, and MITRE matrices. Whether you're:

• A control systems engineer implementing IEC 62443 security levels
• A security architect designing network segmentation with the Purdue Model
• A compliance officer mapping NIS2 requirements to IEC controls
• A threat hunter investigating MITRE ATT&CK for ICS techniques
• A product team building secure PLCs, SCADA systems, or industrial IoT devices

...you shouldn't need to juggle 6 different documentation sites and 200 pages of standards. Ask Claude. Get the exact requirement. With context.

This MCP server makes OT security standards searchable, cross-referenceable, and AI-readable.

---

Quick Start

Installation

npm install @ansvar/ot-security-mcp

Claude Desktop

Add to your claude_desktop_config.json:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

{
 "mcpServers": {
 "ot-security": {
 "command": "npx",
 "args": ["-y", "@ansvar/ot-security-mcp"]
 }
 }
}

Restart Claude Desktop. Done.

Cursor / VS Code

{
 "mcp.servers": {
 "ot-security": {
 "command": "npx",
 "args": ["-y", "@ansvar/ot-security-mcp"]
 }
 }
}

---

Public Endpoint (Streamable HTTP)

Connect from any MCP client (Claude Desktop, ChatGPT, Cursor, VS Code, GitHub Copilot):

https://mcp.ansvar.eu/ot-security/mcp

Claude Code:

claude mcp add ot-security --transport http https://mcp.ansvar.eu/ot-security/mcp

Claude Desktop / Cursor (claude_desktop_config.json):

{
 "mcpServers": {
 "ot-security": {
 "type": "url",
 "url": "https://mcp.ansvar.eu/ot-security/mcp"
 }
 }
}

No authentication required. See all Ansvar MCP endpoints.

Example Queries

Once connected, just ask naturally:

IEC 62443 Security Levels

• "What are the IEC 62443 requirements for Security Level 2?"
• "Which security level should I target for a water treatment plant?"
• "Compare requirements between SL-2 and SL-3"
• "What is SR 1.1 (identification and authentication) in IEC 62443?"

Network Segmentation & Zones

• "How should I segment my OT network using the Purdue Model?"
• "What security controls belong at Level 3 of the Purdue Model?"
• "Design a zone and conduit architecture for a manufacturing facility"
• "What's the difference between a zone and a conduit in IEC 62443-3-2?"

Threat Intelligence

• "What MITRE ATT&CK techniques target PLCs?"
• "How do attackers perform lateral movement in ICS environments?"
• "Show me MITRE ICS techniques for T0800 (Modify Control Logic)"
• "Which mitigations prevent Man-in-the-Middle attacks on Modbus?"

NIST Guidance

• "What are NIST's recommendations for OT asset management?"
• "How does NIST 800-82 address incident response in control systems?"
• "Map NIST 800-82 guidance to NIST 800-53 controls"

Cross-Standard Mapping

• "Map IEC 62443 SR 1.1 to equivalent NIST controls"
• "Which NIST 800-53 controls support IEC 62443 Security Level 3?"
• "Compare identification and authentication across IEC and NIST"

Industry-Specific

• "What security requirements apply to a power generation facility?"
• "IEC 62443 requirements for pharmaceutical manufacturing"
• "Security controls for a water/wastewater utility"

More examples: See docs/use-cases.md for industry-specific scenarios

---

What's Included

Standards Coverage

• IEC 62443-3-3 — 67 System Security Requirements (SRs) across 7 foundational requirements
• IEC 62443-4-2 — 51 Component Requirements (CRs) for embedded devices, host devices, network devices, and applications
• IEC 62443-3-2 — Security risk assessment, zones & conduits, Purdue Model
• NIST SP 800-53 Rev 5 — 228 OT-relevant controls from 12 control families
• NIST SP 800-82 Rev 3 — Guide to Operational Technology Security
• MITRE ATT&CK for ICS — 83 techniques, 52 mitigations, 331 relationships

Features

• Full-Text Search — Find relevant requirements across all standards instantly
• Security Level Mapping — Query IEC 62443 requirements by SL-1 through SL-4
• Zone/Conduit Guidance — Network segmentation design with Purdue Model
• Requirement Rationale — Understand WHY requirements exist, not just what they say
• Threat Intelligence — MITRE ATT&CK techniques mapped to defensive controls
• Cross-Standard Mappings — IEC ↔ NIST control relationships
• Component Type Filtering — Requirements for embedded devices, hosts, networks, or applications

Data Quality

• 238 Requirements — IEC 62443 foundation + NIST 800-82 guidance
• 228 NIST 800-53 Controls — Automated OSCAL ingestion from official source
• 83 MITRE ICS Techniques — Complete ATT&CK for ICS matrix
• 16 Cross-Standard Mappings — NIST 800-82 ↔ 800-53 validated mappings
• Daily Updates — Automatic freshness checks for NIST and MITRE sources

Detailed coverage: docs/coverage.md Use cases by industry: docs/use-cases.md Available tools: docs/tools.md

---

See It In Action

Why This Works

Authoritative Source Data:

• IEC 62443: User-supplied (licensed standards) — you provide your own licensed data
• NIST 800-53: Automated OSCAL ingestion from official NIST GitHub
• NIST 800-82: Curated guidance from official PDF publication
• MITRE ATT&CK: Automated STIX 2.0 ingestion from official MITRE repository
• All data stored in SQLite with full-text search (FTS5)

Smart Architecture:

• Security level filtering uses junction tables (many-to-many relationships)
• Zone/conduit guidance generates markdown with Purdue Model context
• Requirement rationale includes regulatory drivers and related standards
• Cross-standard mappings use confidence scores for quality assessment

Technical Stack:

Official Source → Parse → Validate → SQLite → MCP Tools → AI Response
 ↑ ↑ ↑
 OSCAL/STIX JSON Schema FTS5 Search

Example: Traditional vs. This MCP

Traditional Approach	This MCP Server
Buy IEC 62443 PDFs ($500+)	Ingest your licensed IEC data once
Navigate 300+ page security level tables	"What requirements apply to SL-2?" → instant answer
Manual Purdue Model diagrams	get_zone_conduit_guidance → generated architecture
Cross-reference NIST ↔ IEC manually	compare_ot_requirements → mapped instantly
Search MITRE matrices by hand	"Show me PLC attacks" → filtered techniques
6 different documentation sites	One unified query interface

Traditional example: Open IEC 62443-3-3 PDF → Find security level table → Ctrl+F "SR 1" → Read 15 pages → Cross-reference to IEC 62443-4-2 → Repeat for NIST

This MCP: "What are all IEC 62443 requirements for Security Level 2 targeting embedded devices?" → Done.

---

Important Disclaimers

IEC 62443 Licensing

** IEC 62443 CONTENT NOT INCLUDED**

IEC 62443 is a copyrighted standard published by the International Society of Automation (ISA) and International Electrotechnical Commission (IEC).

This MCP server provides:

• Database schema and ingestion tools for IEC 62443 data
• JSON templates showing the expected data structure
• Sample data (2 requirements) demonstrating the format

You must provide:

• Your own licensed copies of IEC 62443 standards
• Your own JSON files created from your licensed standards

How to obtain IEC 62443 standards:

• Purchase from ISA or IEC
• Prices: ~$150-200 per part (3-3, 4-2, 3-2)

Ingestion guide: See docs/ingestion/iec62443-guide.md

Legal Advice

** THIS TOOL IS NOT SECURITY CONSULTING OR LEGAL ADVICE **

Security requirements are sourced from official public standards (NIST, MITRE) and user-supplied licensed standards (IEC 62443). However:

• Security level targeting is risk-based and requires proper threat modeling
• Zone/conduit architectures are design aids, not prescriptive solutions
• Cross-standard mappings are interpretive aids, not official guidance
• MITRE techniques are threat intelligence, not vulnerability assessments

Always:

• Conduct proper risk assessments for your specific environment
• Engage qualified OT security professionals for implementation guidance
• Verify against official standard publications
• Follow your organization's security policies and procedures

NIST & MITRE Data

Public domain content — NIST 800-53, NIST 800-82, and MITRE ATT&CK for ICS data are sourced from official U.S. government repositories and are in the public domain. No restrictions on use or distribution.

---

Related Projects: Ansvar Compliance Suite

This server is part of Ansvar's MCP ecosystem for industrial and enterprise security:

OT Security MCP (This Project)

Query IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS

• Specialized for OT/ICS environments (manufacturing, energy, critical infrastructure)
• Security levels, Purdue Model, zone/conduit architecture
• MITRE ATT&CK for ICS threat intelligence
• Install: npm install @ansvar/ot-security-mcp

Security Controls MCP

Query 1,451 security controls across 28 IT/OT frameworks

• ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, and 22 more
• Bidirectional framework mapping and gap analysis
• Works with OT Security MCP for complete IT/OT coverage
• Install: pipx install security-controls-mcp

🇪🇺 EU Regulations MCP

Query 47 EU regulations including NIS2 and Cyber Resilience Act

• GDPR, AI Act, DORA, NIS2, MDR, CRA, and 41 more
• Critical for EU OT operators under NIS2 directive
• Install: npx @ansvar/eu-regulations-mcp

🇺🇸 US Regulations MCP

Query US compliance laws including TSA Pipeline Security

• HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, and 9 more
• Relevant for US critical infrastructure operators
• Install: npm install @ansvar/us-regulations-mcp

How They Work Together for OT Security

Complete OT compliance workflow:

1. "What are NIS2 requirements for energy sector OT systems?"
 → EU Regulations MCP returns NIS2 Article 21 requirements

2. "What IEC 62443 security level satisfies NIS2 Article 21?"
 → OT Security MCP recommends Security Level 2-3 based on risk assessment

3. "Map IEC 62443-4-2 SR 1.1 to NIST 800-53 controls"
 → Security Controls MCP shows bidirectional mapping to AC-2, IA-2, etc.

4. "What MITRE ATT&CK techniques target this configuration?"
 → OT Security MCP shows relevant ICS attack techniques and mitigations

Stack these servers for:

• EU OT operators (NIS2 + IEC 62443 + ISO 27001)
• US critical infrastructure (NIST + IEC 62443 + sector-specific regulations)
• Global manufacturers (All compliance + OT security + framework mapping)

---

About Ansvar Systems

We build AI-accelerated threat modeling and compliance tools for automotive OEMs, Tier 1 suppliers, industrial manufacturers, and critical infrastructure operators. This MCP server started as our internal IEC 62443 reference tool — turns out everyone securing OT environments has the same "6 documentation sites, 12 PDFs" problem.

So we're open-sourcing it. Navigating IEC 62443 security levels shouldn't require a spreadsheet and a law degree.

ansvar.eu — Stockholm, Sweden

Industries we serve:

• Automotive (ISO 21434, UN R155)
• Industrial Manufacturing (IEC 62443)
• Energy & Utilities (NERC CIP, IEC 62443)
• Medical Devices (IEC 81001-5-1, IEC 62443-4-2)

---

Documentation

Getting Started

• Quick Start Guide — Installation and first queries
• IEC 62443 Ingestion Guide — How to ingest your licensed standards
• NIST Ingestion Guide — Automated NIST data setup

Tools & Features

• Available Tools — All 7 MCP tools with examples
• Tool Reference: Security Level Mapping
• Tool Reference: Zone/Conduit Guidance
• Tool Reference: Requirement Rationale

Use Cases

• Industry Use Cases — Automotive, energy, manufacturing, water/wastewater
• Coverage Details — Complete standard coverage breakdown

Development

• Development Guide — Contributing, adding standards
• Architecture — Database schema, tool design
• Troubleshooting — Common issues and fixes
• Privacy Policy — Data handling and retention notes

Project Planning

• Stage 2 Design — Complete architectural design
• Stage 2 Implementation — Task breakdown
• Release Notes v0.2.0 — What's new in Stage 2

---

Directory Review Notes

Testing Account and Sample Data

This server is read-only and does not require a login account for functional review. For directory review, use the bundled dataset and these sample prompts:

• "What IEC 62443 requirements apply to Security Level 2?"
• "Show MITRE ICS techniques related to PLC manipulation."
• "Map IEC 62443 SR 1.1 to NIST controls."

Remote Authentication (OAuth 2.0)

If you deploy a remote authenticated endpoint, use OAuth 2.0 over TLS with certificates from recognized authorities. If deployed in read-only unauthenticated mode, document that deployment policy explicitly.

---

Roadmap

Stage 3 (Planned Q2 2026)

• IEC 62443-2-4 — Supplier security requirements (DORA/NIS2 relevance)
• Rich Cross-Standard Mappings — IEC ↔ NIST ↔ MITRE with confidence scores
• Automated Mapping Suggestions — ML-based requirement similarity
• Compare Requirements Tool — Side-by-side multi-standard comparison

Stage 4 (Planned Q3 2026)

• NERC CIP — North American energy sector requirements
• Sector Applicability Engine — "Which standards apply to my facility?"
• EU Regulatory Crosswalk — NIS2, DORA, CRA mappings to IEC 62443

See: ROADMAP.md for full feature timeline

---

More Open Source from Ansvar

We maintain a family of MCP servers for compliance and security professionals:

Server	Description	Install
EU Regulations	47 EU regulations (GDPR, AI Act, DORA, NIS2, MiFID II, eIDAS, MDR...)	npx @ansvar/eu-regulations-mcp
US Regulations	HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, state privacy laws	npx @ansvar/us-regulations-mcp
Security Controls	1,451 controls across 28 frameworks (ISO 27001, NIST CSF, PCI DSS, CMMC...)	pipx install security-controls-mcp
Automotive	UNECE R155/R156, ISO 21434 for automotive cybersecurity	npx @ansvar/automotive-cybersecurity-mcp
Sanctions	Offline sanctions screening with OpenSanctions (30+ lists)	pip install ansvar-sanctions-mcp

Browse all projects: ansvar.eu/open-source

---

Contributing

We welcome contributions! See CONTRIBUTING.md for:

• Adding new standards
• Improving cross-standard mappings
• Enhancing tool capabilities
• Fixing bugs or improving documentation

---

License

Code: Apache License 2.0 (see LICENSE)

Data:

• IEC 62443: User-supplied (requires license from ISA/IEC)
• NIST 800-53, 800-82: Public domain (U.S. government work)
• MITRE ATT&CK for ICS: Apache 2.0 (MITRE Corporation)

---

Support

Community Support

• GitHub Issues: Report bugs or request features
• GitHub Discussions: Ask questions or share use cases

Commercial Support

Need help with:

• IEC 62443 security level targeting for your facility?
• Custom zone/conduit architectures for complex OT networks?
• Threat modeling using MITRE ATT&CK for ICS?
• NIS2 or DORA compliance mapping to IEC 62443?

Contact: info@ansvar.eu

---

_{Built with care in Stockholm, Sweden}