npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@ansvar/ot-security-mcp

v0.2.1

Published

MCP server for OT (Operational Technology) security standards and frameworks

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ansvaransvar

Keywords

mcpmodel-context-protocolot-securityoperational-technologyicsindustrial-control-systemsscadaplcdcsiec-62443nist-800-53nist-800-82mitre-attackmitre-icssecurity-standardscompliancecybersecuritycritical-infrastructurethreat-intelligencepurdue-modelnetwork-segmentationclaudeclaude-desktop

Readme

OT Security MCP Server

IEC 62443 for the AI age.

npm version License GitHub stars Database Tests OpenSSF Scorecard Security

Query IEC 62443, NIST 800-82, NIST 800-53, and MITRE ATT&CK for ICS — the complete OT security framework stack — directly from Claude, Cursor, or any MCP-compatible client.

If you're securing industrial control systems, manufacturing plants, energy infrastructure, or critical OT environments, this is your security standards reference.

Built by Ansvar Systems — Stockholm, Sweden

Why This Exists

OT security standards are scattered across ISA PDFs, NIST publications, and MITRE matrices. Whether you're:

  • A control systems engineer implementing IEC 62443 security levels
  • A security architect designing network segmentation with the Purdue Model
  • A compliance officer mapping NIS2 requirements to IEC controls
  • A threat hunter investigating MITRE ATT&CK for ICS techniques
  • A product team building secure PLCs, SCADA systems, or industrial IoT devices

...you shouldn't need to juggle 6 different documentation sites and 200 pages of standards. Ask Claude. Get the exact requirement. With context.

This MCP server makes OT security standards searchable, cross-referenceable, and AI-readable.

Quick Start

Installation

npm install @ansvar/ot-security-mcp

Claude Desktop

Add to your claude_desktop_config.json:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "ot-security": {
      "command": "npx",
      "args": ["-y", "@ansvar/ot-security-mcp"]
    }
  }
}

Restart Claude Desktop. Done.

Cursor / VS Code

{
  "mcp.servers": {
    "ot-security": {
      "command": "npx",
      "args": ["-y", "@ansvar/ot-security-mcp"]
    }
  }
}

Example Queries

Once connected, just ask naturally:

IEC 62443 Security Levels

  • "What are the IEC 62443 requirements for Security Level 2?"
  • "Which security level should I target for a water treatment plant?"
  • "Compare requirements between SL-2 and SL-3"
  • "What is SR 1.1 (identification and authentication) in IEC 62443?"

Network Segmentation & Zones

  • "How should I segment my OT network using the Purdue Model?"
  • "What security controls belong at Level 3 of the Purdue Model?"
  • "Design a zone and conduit architecture for a manufacturing facility"
  • "What's the difference between a zone and a conduit in IEC 62443-3-2?"

Threat Intelligence

  • "What MITRE ATT&CK techniques target PLCs?"
  • "How do attackers perform lateral movement in ICS environments?"
  • "Show me MITRE ICS techniques for T0800 (Modify Control Logic)"
  • "Which mitigations prevent Man-in-the-Middle attacks on Modbus?"

NIST Guidance

  • "What are NIST's recommendations for OT asset management?"
  • "How does NIST 800-82 address incident response in control systems?"
  • "Map NIST 800-82 guidance to NIST 800-53 controls"

Cross-Standard Mapping

  • "Map IEC 62443 SR 1.1 to equivalent NIST controls"
  • "Which NIST 800-53 controls support IEC 62443 Security Level 3?"
  • "Compare identification and authentication across IEC and NIST"

Industry-Specific

  • "What security requirements apply to a power generation facility?"
  • "IEC 62443 requirements for pharmaceutical manufacturing"
  • "Security controls for a water/wastewater utility"

More examples: See docs/use-cases.md for industry-specific scenarios

What's Included

Standards Coverage

  • IEC 62443-3-3 — 67 System Security Requirements (SRs) across 7 foundational requirements
  • IEC 62443-4-2 — 51 Component Requirements (CRs) for embedded devices, host devices, network devices, and applications
  • IEC 62443-3-2 — Security risk assessment, zones & conduits, Purdue Model
  • NIST SP 800-53 Rev 5 — 228 OT-relevant controls from 12 control families
  • NIST SP 800-82 Rev 3 — Guide to Operational Technology Security
  • MITRE ATT&CK for ICS — 83 techniques, 52 mitigations, 331 relationships

Features

  • Full-Text Search — Find relevant requirements across all standards instantly
  • Security Level Mapping — Query IEC 62443 requirements by SL-1 through SL-4
  • Zone/Conduit Guidance — Network segmentation design with Purdue Model
  • Requirement Rationale — Understand WHY requirements exist, not just what they say
  • Threat Intelligence — MITRE ATT&CK techniques mapped to defensive controls
  • Cross-Standard Mappings — IEC ↔ NIST control relationships
  • Component Type Filtering — Requirements for embedded devices, hosts, networks, or applications

Data Quality

  • 238 Requirements — IEC 62443 foundation + NIST 800-82 guidance
  • 228 NIST 800-53 Controls — Automated OSCAL ingestion from official source
  • 83 MITRE ICS Techniques — Complete ATT&CK for ICS matrix
  • 16 Cross-Standard Mappings — NIST 800-82 ↔ 800-53 validated mappings
  • Daily Updates — Automatic freshness checks for NIST and MITRE sources

Detailed coverage: docs/coverage.md Use cases by industry: docs/use-cases.md Available tools: docs/tools.md

🎬 See It In Action

Why This Works

Authoritative Source Data:

  • IEC 62443: User-supplied (licensed standards) — you provide your own licensed data
  • NIST 800-53: Automated OSCAL ingestion from official NIST GitHub
  • NIST 800-82: Curated guidance from official PDF publication
  • MITRE ATT&CK: Automated STIX 2.0 ingestion from official MITRE repository
  • All data stored in SQLite with full-text search (FTS5)

Smart Architecture:

  • Security level filtering uses junction tables (many-to-many relationships)
  • Zone/conduit guidance generates markdown with Purdue Model context
  • Requirement rationale includes regulatory drivers and related standards
  • Cross-standard mappings use confidence scores for quality assessment

Technical Stack:

Official Source → Parse → Validate → SQLite → MCP Tools → AI Response
     ↑                        ↑            ↑
  OSCAL/STIX          JSON Schema    FTS5 Search

Example: Traditional vs. This MCP

| Traditional Approach | This MCP Server | |---------------------|-----------------| | Buy IEC 62443 PDFs ($500+) | Ingest your licensed IEC data once | | Navigate 300+ page security level tables | "What requirements apply to SL-2?" → instant answer | | Manual Purdue Model diagrams | get_zone_conduit_guidance → generated architecture | | Cross-reference NIST ↔ IEC manually | compare_ot_requirements → mapped instantly | | Search MITRE matrices by hand | "Show me PLC attacks" → filtered techniques | | 6 different documentation sites | One unified query interface |

Traditional example: Open IEC 62443-3-3 PDF → Find security level table → Ctrl+F "SR 1" → Read 15 pages → Cross-reference to IEC 62443-4-2 → Repeat for NIST

This MCP: "What are all IEC 62443 requirements for Security Level 2 targeting embedded devices?" → Done.

⚠️ Important Disclaimers

IEC 62443 Licensing

📄 IEC 62443 CONTENT NOT INCLUDED

IEC 62443 is a copyrighted standard published by the International Society of Automation (ISA) and International Electrotechnical Commission (IEC).

This MCP server provides:

  • Database schema and ingestion tools for IEC 62443 data
  • JSON templates showing the expected data structure
  • Sample data (2 requirements) demonstrating the format

You must provide:

  • Your own licensed copies of IEC 62443 standards
  • Your own JSON files created from your licensed standards

How to obtain IEC 62443 standards:

  • Purchase from ISA or IEC
  • Prices: ~$150-200 per part (3-3, 4-2, 3-2)

Ingestion guide: See docs/ingestion/iec62443-guide.md

Legal Advice

🚨 THIS TOOL IS NOT SECURITY CONSULTING OR LEGAL ADVICE 🚨

Security requirements are sourced from official public standards (NIST, MITRE) and user-supplied licensed standards (IEC 62443). However:

  • Security level targeting is risk-based and requires proper threat modeling
  • Zone/conduit architectures are design aids, not prescriptive solutions
  • Cross-standard mappings are interpretive aids, not official guidance
  • MITRE techniques are threat intelligence, not vulnerability assessments

Always:

  • Conduct proper risk assessments for your specific environment
  • Engage qualified OT security professionals for implementation guidance
  • Verify against official standard publications
  • Follow your organization's security policies and procedures

NIST & MITRE Data

Public domain content — NIST 800-53, NIST 800-82, and MITRE ATT&CK for ICS data are sourced from official U.S. government repositories and are in the public domain. No restrictions on use or distribution.

Related Projects: Ansvar Compliance Suite

This server is part of Ansvar's MCP ecosystem for industrial and enterprise security:

🏭 OT Security MCP (This Project)

Query IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS

  • Specialized for OT/ICS environments (manufacturing, energy, critical infrastructure)
  • Security levels, Purdue Model, zone/conduit architecture
  • MITRE ATT&CK for ICS threat intelligence
  • Install: npm install @ansvar/ot-security-mcp

🔐 Security Controls MCP

Query 1,451 security controls across 28 IT/OT frameworks

  • ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, and 22 more
  • Bidirectional framework mapping and gap analysis
  • Works with OT Security MCP for complete IT/OT coverage
  • Install: pipx install security-controls-mcp

🇪🇺 EU Regulations MCP

Query 47 EU regulations including NIS2 and Cyber Resilience Act

  • GDPR, AI Act, DORA, NIS2, MDR, CRA, and 41 more
  • Critical for EU OT operators under NIS2 directive
  • Install: npx @ansvar/eu-regulations-mcp

🇺🇸 US Regulations MCP

Query US compliance laws including TSA Pipeline Security

  • HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, and 9 more
  • Relevant for US critical infrastructure operators
  • Install: npm install @ansvar/us-regulations-mcp

How They Work Together for OT Security

Complete OT compliance workflow:

1. "What are NIS2 requirements for energy sector OT systems?"
   → EU Regulations MCP returns NIS2 Article 21 requirements

2. "What IEC 62443 security level satisfies NIS2 Article 21?"
   → OT Security MCP recommends Security Level 2-3 based on risk assessment

3. "Map IEC 62443-4-2 SR 1.1 to NIST 800-53 controls"
   → Security Controls MCP shows bidirectional mapping to AC-2, IA-2, etc.

4. "What MITRE ATT&CK techniques target this configuration?"
   → OT Security MCP shows relevant ICS attack techniques and mitigations

Stack these servers for:

  • EU OT operators (NIS2 + IEC 62443 + ISO 27001)
  • US critical infrastructure (NIST + IEC 62443 + sector-specific regulations)
  • Global manufacturers (All compliance + OT security + framework mapping)

About Ansvar Systems

We build AI-accelerated threat modeling and compliance tools for automotive OEMs, Tier 1 suppliers, industrial manufacturers, and critical infrastructure operators. This MCP server started as our internal IEC 62443 reference tool — turns out everyone securing OT environments has the same "6 documentation sites, 12 PDFs" problem.

So we're open-sourcing it. Navigating IEC 62443 security levels shouldn't require a spreadsheet and a law degree.

ansvar.eu — Stockholm, Sweden

Industries we serve:

  • Automotive (ISO 21434, UN R155)
  • Industrial Manufacturing (IEC 62443)
  • Energy & Utilities (NERC CIP, IEC 62443)
  • Medical Devices (IEC 81001-5-1, IEC 62443-4-2)

Documentation

Getting Started

Tools & Features

Use Cases

Development

Project Planning

Roadmap

Stage 3 (Planned Q2 2026)

  • IEC 62443-2-4 — Supplier security requirements (DORA/NIS2 relevance)
  • Rich Cross-Standard Mappings — IEC ↔ NIST ↔ MITRE with confidence scores
  • Automated Mapping Suggestions — ML-based requirement similarity
  • Compare Requirements Tool — Side-by-side multi-standard comparison

Stage 4 (Planned Q3 2026)

  • NERC CIP — North American energy sector requirements
  • Sector Applicability Engine — "Which standards apply to my facility?"
  • EU Regulatory Crosswalk — NIS2, DORA, CRA mappings to IEC 62443

See: ROADMAP.md for full feature timeline

Contributing

We welcome contributions! See CONTRIBUTING.md for:

  • Adding new standards
  • Improving cross-standard mappings
  • Enhancing tool capabilities
  • Fixing bugs or improving documentation

License

Code: Apache License 2.0 (see LICENSE)

Data:

  • IEC 62443: User-supplied (requires license from ISA/IEC)
  • NIST 800-53, 800-82: Public domain (U.S. government work)
  • MITRE ATT&CK for ICS: Apache 2.0 (MITRE Corporation)

Support

Community Support

Commercial Support

Need help with:

  • IEC 62443 security level targeting for your facility?
  • Custom zone/conduit architectures for complex OT networks?
  • Threat modeling using MITRE ATT&CK for ICS?
  • NIS2 or DORA compliance mapping to IEC 62443?

Contact: [email protected]