@iflow-mcp/ansvar-systems-ot-security-mcp
v0.4.0
Published
MCP server for OT (Operational Technology) security standards and frameworks
Downloads
30
Readme
OT Security MCP Server
IEC 62443 for the AI age.
Query IEC 62443, NIST 800-82, NIST 800-53, and MITRE ATT&CK for ICS — the complete OT security framework stack — directly from Claude, Cursor, or any MCP-compatible client.
If you're securing industrial control systems, manufacturing plants, energy infrastructure, or critical OT environments, this is your security standards reference.
Built by Ansvar Systems — Stockholm, Sweden
Why This Exists
OT security standards are scattered across ISA PDFs, NIST publications, and MITRE matrices. Whether you're:
- A control systems engineer implementing IEC 62443 security levels
- A security architect designing network segmentation with the Purdue Model
- A compliance officer mapping NIS2 requirements to IEC controls
- A threat hunter investigating MITRE ATT&CK for ICS techniques
- A product team building secure PLCs, SCADA systems, or industrial IoT devices
...you shouldn't need to juggle 6 different documentation sites and 200 pages of standards. Ask Claude. Get the exact requirement. With context.
This MCP server makes OT security standards searchable, cross-referenceable, and AI-readable.
Quick Start
Installation
npm install @ansvar/ot-security-mcpClaude Desktop
Add to your claude_desktop_config.json:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"ot-security": {
"command": "npx",
"args": ["-y", "@ansvar/ot-security-mcp"]
}
}
}Restart Claude Desktop. Done.
Cursor / VS Code
{
"mcp.servers": {
"ot-security": {
"command": "npx",
"args": ["-y", "@ansvar/ot-security-mcp"]
}
}
}Example Queries
Once connected, just ask naturally:
IEC 62443 Security Levels
- "What are the IEC 62443 requirements for Security Level 2?"
- "Which security level should I target for a water treatment plant?"
- "Compare requirements between SL-2 and SL-3"
- "What is SR 1.1 (identification and authentication) in IEC 62443?"
Network Segmentation & Zones
- "How should I segment my OT network using the Purdue Model?"
- "What security controls belong at Level 3 of the Purdue Model?"
- "Design a zone and conduit architecture for a manufacturing facility"
- "What's the difference between a zone and a conduit in IEC 62443-3-2?"
Threat Intelligence
- "What MITRE ATT&CK techniques target PLCs?"
- "How do attackers perform lateral movement in ICS environments?"
- "Show me MITRE ICS techniques for T0800 (Modify Control Logic)"
- "Which mitigations prevent Man-in-the-Middle attacks on Modbus?"
NIST Guidance
- "What are NIST's recommendations for OT asset management?"
- "How does NIST 800-82 address incident response in control systems?"
- "Map NIST 800-82 guidance to NIST 800-53 controls"
Cross-Standard Mapping
- "Map IEC 62443 SR 1.1 to equivalent NIST controls"
- "Which NIST 800-53 controls support IEC 62443 Security Level 3?"
- "Compare identification and authentication across IEC and NIST"
Industry-Specific
- "What security requirements apply to a power generation facility?"
- "IEC 62443 requirements for pharmaceutical manufacturing"
- "Security controls for a water/wastewater utility"
More examples: See docs/use-cases.md for industry-specific scenarios
What's Included
Standards Coverage
- IEC 62443-3-3 — 67 System Security Requirements (SRs) across 7 foundational requirements
- IEC 62443-4-2 — 51 Component Requirements (CRs) for embedded devices, host devices, network devices, and applications
- IEC 62443-3-2 — Security risk assessment, zones & conduits, Purdue Model
- NIST SP 800-53 Rev 5 — 228 OT-relevant controls from 12 control families
- NIST SP 800-82 Rev 3 — Guide to Operational Technology Security
- MITRE ATT&CK for ICS — 83 techniques, 52 mitigations, 331 relationships
Features
- Full-Text Search — Find relevant requirements across all standards instantly
- Security Level Mapping — Query IEC 62443 requirements by SL-1 through SL-4
- Zone/Conduit Guidance — Network segmentation design with Purdue Model
- Requirement Rationale — Understand WHY requirements exist, not just what they say
- Threat Intelligence — MITRE ATT&CK techniques mapped to defensive controls
- Cross-Standard Mappings — IEC ↔ NIST control relationships
- Component Type Filtering — Requirements for embedded devices, hosts, networks, or applications
Data Quality
- 238 Requirements — IEC 62443 foundation + NIST 800-82 guidance
- 228 NIST 800-53 Controls — Automated OSCAL ingestion from official source
- 83 MITRE ICS Techniques — Complete ATT&CK for ICS matrix
- 16 Cross-Standard Mappings — NIST 800-82 ↔ 800-53 validated mappings
- Daily Updates — Automatic freshness checks for NIST and MITRE sources
Detailed coverage: docs/coverage.md Use cases by industry: docs/use-cases.md Available tools: docs/tools.md
🎬 See It In Action
Why This Works
Authoritative Source Data:
- IEC 62443: User-supplied (licensed standards) — you provide your own licensed data
- NIST 800-53: Automated OSCAL ingestion from official NIST GitHub
- NIST 800-82: Curated guidance from official PDF publication
- MITRE ATT&CK: Automated STIX 2.0 ingestion from official MITRE repository
- All data stored in SQLite with full-text search (FTS5)
Smart Architecture:
- Security level filtering uses junction tables (many-to-many relationships)
- Zone/conduit guidance generates markdown with Purdue Model context
- Requirement rationale includes regulatory drivers and related standards
- Cross-standard mappings use confidence scores for quality assessment
Technical Stack:
Official Source → Parse → Validate → SQLite → MCP Tools → AI Response
↑ ↑ ↑
OSCAL/STIX JSON Schema FTS5 SearchExample: Traditional vs. This MCP
| Traditional Approach | This MCP Server |
|---------------------|-----------------|
| Buy IEC 62443 PDFs ($500+) | Ingest your licensed IEC data once |
| Navigate 300+ page security level tables | "What requirements apply to SL-2?" → instant answer |
| Manual Purdue Model diagrams | get_zone_conduit_guidance → generated architecture |
| Cross-reference NIST ↔ IEC manually | compare_ot_requirements → mapped instantly |
| Search MITRE matrices by hand | "Show me PLC attacks" → filtered techniques |
| 6 different documentation sites | One unified query interface |
Traditional example: Open IEC 62443-3-3 PDF → Find security level table → Ctrl+F "SR 1" → Read 15 pages → Cross-reference to IEC 62443-4-2 → Repeat for NIST
This MCP: "What are all IEC 62443 requirements for Security Level 2 targeting embedded devices?" → Done.
⚠️ Important Disclaimers
IEC 62443 Licensing
📄 IEC 62443 CONTENT NOT INCLUDED
IEC 62443 is a copyrighted standard published by the International Society of Automation (ISA) and International Electrotechnical Commission (IEC).
This MCP server provides:
- Database schema and ingestion tools for IEC 62443 data
- JSON templates showing the expected data structure
- Sample data (2 requirements) demonstrating the format
You must provide:
- Your own licensed copies of IEC 62443 standards
- Your own JSON files created from your licensed standards
How to obtain IEC 62443 standards:
Ingestion guide: See docs/ingestion/iec62443-guide.md
Legal Advice
🚨 THIS TOOL IS NOT SECURITY CONSULTING OR LEGAL ADVICE 🚨
Security requirements are sourced from official public standards (NIST, MITRE) and user-supplied licensed standards (IEC 62443). However:
- Security level targeting is risk-based and requires proper threat modeling
- Zone/conduit architectures are design aids, not prescriptive solutions
- Cross-standard mappings are interpretive aids, not official guidance
- MITRE techniques are threat intelligence, not vulnerability assessments
Always:
- Conduct proper risk assessments for your specific environment
- Engage qualified OT security professionals for implementation guidance
- Verify against official standard publications
- Follow your organization's security policies and procedures
NIST & MITRE Data
Public domain content — NIST 800-53, NIST 800-82, and MITRE ATT&CK for ICS data are sourced from official U.S. government repositories and are in the public domain. No restrictions on use or distribution.
Related Projects: Ansvar Compliance Suite
This server is part of Ansvar's MCP ecosystem for industrial and enterprise security:
🏭 OT Security MCP (This Project)
Query IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS
- Specialized for OT/ICS environments (manufacturing, energy, critical infrastructure)
- Security levels, Purdue Model, zone/conduit architecture
- MITRE ATT&CK for ICS threat intelligence
- Install:
npm install @ansvar/ot-security-mcp
🔐 Security Controls MCP
Query 1,451 security controls across 28 IT/OT frameworks
- ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, and 22 more
- Bidirectional framework mapping and gap analysis
- Works with OT Security MCP for complete IT/OT coverage
- Install:
pipx install security-controls-mcp
🇪🇺 EU Regulations MCP
Query 47 EU regulations including NIS2 and Cyber Resilience Act
- GDPR, AI Act, DORA, NIS2, MDR, CRA, and 41 more
- Critical for EU OT operators under NIS2 directive
- Install:
npx @ansvar/eu-regulations-mcp
🇺🇸 US Regulations MCP
Query US compliance laws including TSA Pipeline Security
- HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, and 9 more
- Relevant for US critical infrastructure operators
- Install:
npm install @ansvar/us-regulations-mcp
How They Work Together for OT Security
Complete OT compliance workflow:
1. "What are NIS2 requirements for energy sector OT systems?"
→ EU Regulations MCP returns NIS2 Article 21 requirements
2. "What IEC 62443 security level satisfies NIS2 Article 21?"
→ OT Security MCP recommends Security Level 2-3 based on risk assessment
3. "Map IEC 62443-4-2 SR 1.1 to NIST 800-53 controls"
→ Security Controls MCP shows bidirectional mapping to AC-2, IA-2, etc.
4. "What MITRE ATT&CK techniques target this configuration?"
→ OT Security MCP shows relevant ICS attack techniques and mitigationsStack these servers for:
- EU OT operators (NIS2 + IEC 62443 + ISO 27001)
- US critical infrastructure (NIST + IEC 62443 + sector-specific regulations)
- Global manufacturers (All compliance + OT security + framework mapping)
About Ansvar Systems
We build AI-accelerated threat modeling and compliance tools for automotive OEMs, Tier 1 suppliers, industrial manufacturers, and critical infrastructure operators. This MCP server started as our internal IEC 62443 reference tool — turns out everyone securing OT environments has the same "6 documentation sites, 12 PDFs" problem.
So we're open-sourcing it. Navigating IEC 62443 security levels shouldn't require a spreadsheet and a law degree.
ansvar.eu — Stockholm, Sweden
Industries we serve:
- Automotive (ISO 21434, UN R155)
- Industrial Manufacturing (IEC 62443)
- Energy & Utilities (NERC CIP, IEC 62443)
- Medical Devices (IEC 81001-5-1, IEC 62443-4-2)
Documentation
Getting Started
- Quick Start Guide — Installation and first queries
- IEC 62443 Ingestion Guide — How to ingest your licensed standards
- NIST Ingestion Guide — Automated NIST data setup
Tools & Features
- Available Tools — All 7 MCP tools with examples
- Tool Reference: Security Level Mapping
- Tool Reference: Zone/Conduit Guidance
- Tool Reference: Requirement Rationale
Use Cases
- Industry Use Cases — Automotive, energy, manufacturing, water/wastewater
- Coverage Details — Complete standard coverage breakdown
Development
- Development Guide — Contributing, adding standards
- Architecture — Database schema, tool design
- Troubleshooting — Common issues and fixes
- Privacy Policy — Data handling and retention notes
Project Planning
- Stage 2 Design — Complete architectural design
- Stage 2 Implementation — Task breakdown
- Release Notes v0.2.0 — What's new in Stage 2
Directory Review Notes
Testing Account and Sample Data
This server is read-only and does not require a login account for functional review. For directory review, use the bundled dataset and these sample prompts:
- "What IEC 62443 requirements apply to Security Level 2?"
- "Show MITRE ICS techniques related to PLC manipulation."
- "Map IEC 62443 SR 1.1 to NIST controls."
Remote Authentication (OAuth 2.0)
If you deploy a remote authenticated endpoint, use OAuth 2.0 over TLS with certificates from recognized authorities. If deployed in read-only unauthenticated mode, document that deployment policy explicitly.
Roadmap
Stage 3 (Planned Q2 2026)
- IEC 62443-2-4 — Supplier security requirements (DORA/NIS2 relevance)
- Rich Cross-Standard Mappings — IEC ↔ NIST ↔ MITRE with confidence scores
- Automated Mapping Suggestions — ML-based requirement similarity
- Compare Requirements Tool — Side-by-side multi-standard comparison
Stage 4 (Planned Q3 2026)
- NERC CIP — North American energy sector requirements
- Sector Applicability Engine — "Which standards apply to my facility?"
- EU Regulatory Crosswalk — NIS2, DORA, CRA mappings to IEC 62443
See: ROADMAP.md for full feature timeline
More Open Source from Ansvar
We maintain a family of MCP servers for compliance and security professionals:
| Server | Description | Install |
|--------|-------------|---------|
| EU Regulations | 47 EU regulations (GDPR, AI Act, DORA, NIS2, MiFID II, eIDAS, MDR...) | npx @ansvar/eu-regulations-mcp |
| US Regulations | HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, state privacy laws | npx @ansvar/us-regulations-mcp |
| Security Controls | 1,451 controls across 28 frameworks (ISO 27001, NIST CSF, PCI DSS, CMMC...) | pipx install security-controls-mcp |
| Automotive | UNECE R155/R156, ISO 21434 for automotive cybersecurity | npx @ansvar/automotive-cybersecurity-mcp |
| Sanctions | Offline sanctions screening with OpenSanctions (30+ lists) | pip install ansvar-sanctions-mcp |
Browse all projects: ansvar.eu/open-source
Contributing
We welcome contributions! See CONTRIBUTING.md for:
- Adding new standards
- Improving cross-standard mappings
- Enhancing tool capabilities
- Fixing bugs or improving documentation
License
Code: Apache License 2.0 (see LICENSE)
Data:
- IEC 62443: User-supplied (requires license from ISA/IEC)
- NIST 800-53, 800-82: Public domain (U.S. government work)
- MITRE ATT&CK for ICS: Apache 2.0 (MITRE Corporation)
Support
Community Support
- GitHub Issues: Report bugs or request features
- GitHub Discussions: Ask questions or share use cases
Commercial Support
Need help with:
- IEC 62443 security level targeting for your facility?
- Custom zone/conduit architectures for complex OT networks?
- Threat modeling using MITRE ATT&CK for ICS?
- NIS2 or DORA compliance mapping to IEC 62443?
Contact: [email protected]
