OT Security MCP Server

IEC 62443 for the AI age.

Query IEC 62443, NIST 800-82, NIST 800-53, and MITRE ATT&CK for ICS — the complete OT security framework stack — directly from Claude, Cursor, or any MCP-compatible client.

If you're securing industrial control systems, manufacturing plants, energy infrastructure, or critical OT environments, this is your security standards reference.

Built by Ansvar Systems — Stockholm, Sweden

Why This Exists

OT security standards are scattered across ISA PDFs, NIST publications, and MITRE matrices. Whether you're:

A control systems engineer implementing IEC 62443 security levels
A security architect designing network segmentation with the Purdue Model
A compliance officer mapping NIS2 requirements to IEC controls
A threat hunter investigating MITRE ATT&CK for ICS techniques
A product team building secure PLCs, SCADA systems, or industrial IoT devices

...you shouldn't need to juggle 6 different documentation sites and 200 pages of standards. Ask Claude. Get the exact requirement. With context.

This MCP server makes OT security standards searchable, cross-referenceable, and AI-readable.

Quick Start

Installation

npm install @ansvar/ot-security-mcp

Claude Desktop

Add to your claude_desktop_config.json:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "ot-security": {
      "command": "npx",
      "args": ["-y", "@ansvar/ot-security-mcp"]
    }
  }
}

Restart Claude Desktop. Done.

Cursor / VS Code

{
  "mcp.servers": {
    "ot-security": {
      "command": "npx",
      "args": ["-y", "@ansvar/ot-security-mcp"]
    }
  }
}

Example Queries

Once connected, just ask naturally:

IEC 62443 Security Levels

"What are the IEC 62443 requirements for Security Level 2?"
"Which security level should I target for a water treatment plant?"
"Compare requirements between SL-2 and SL-3"
"What is SR 1.1 (identification and authentication) in IEC 62443?"

Network Segmentation & Zones

"How should I segment my OT network using the Purdue Model?"
"What security controls belong at Level 3 of the Purdue Model?"
"Design a zone and conduit architecture for a manufacturing facility"
"What's the difference between a zone and a conduit in IEC 62443-3-2?"

Threat Intelligence

"What MITRE ATT&CK techniques target PLCs?"
"How do attackers perform lateral movement in ICS environments?"
"Show me MITRE ICS techniques for T0800 (Modify Control Logic)"
"Which mitigations prevent Man-in-the-Middle attacks on Modbus?"

NIST Guidance

"What are NIST's recommendations for OT asset management?"
"How does NIST 800-82 address incident response in control systems?"
"Map NIST 800-82 guidance to NIST 800-53 controls"

Cross-Standard Mapping

"Map IEC 62443 SR 1.1 to equivalent NIST controls"
"Which NIST 800-53 controls support IEC 62443 Security Level 3?"
"Compare identification and authentication across IEC and NIST"

Industry-Specific

"What security requirements apply to a power generation facility?"
"IEC 62443 requirements for pharmaceutical manufacturing"
"Security controls for a water/wastewater utility"

More examples: See docs/use-cases.md for industry-specific scenarios

What's Included

Standards Coverage

IEC 62443-3-3 — 67 System Security Requirements (SRs) across 7 foundational requirements
IEC 62443-4-2 — 51 Component Requirements (CRs) for embedded devices, host devices, network devices, and applications
IEC 62443-3-2 — Security risk assessment, zones & conduits, Purdue Model
NIST SP 800-53 Rev 5 — 228 OT-relevant controls from 12 control families
NIST SP 800-82 Rev 3 — Guide to Operational Technology Security
MITRE ATT&CK for ICS — 83 techniques, 52 mitigations, 331 relationships

Features

Full-Text Search — Find relevant requirements across all standards instantly
Security Level Mapping — Query IEC 62443 requirements by SL-1 through SL-4
Zone/Conduit Guidance — Network segmentation design with Purdue Model
Requirement Rationale — Understand WHY requirements exist, not just what they say
Threat Intelligence — MITRE ATT&CK techniques mapped to defensive controls
Cross-Standard Mappings — IEC ↔ NIST control relationships
Component Type Filtering — Requirements for embedded devices, hosts, networks, or applications

Data Quality

238 Requirements — IEC 62443 foundation + NIST 800-82 guidance
228 NIST 800-53 Controls — Automated OSCAL ingestion from official source
83 MITRE ICS Techniques — Complete ATT&CK for ICS matrix
16 Cross-Standard Mappings — NIST 800-82 ↔ 800-53 validated mappings
Daily Updates — Automatic freshness checks for NIST and MITRE sources

Detailed coverage: docs/coverage.md Use cases by industry: docs/use-cases.md Available tools: docs/tools.md

🎬 See It In Action

Why This Works

Authoritative Source Data:

IEC 62443: User-supplied (licensed standards) — you provide your own licensed data
NIST 800-53: Automated OSCAL ingestion from official NIST GitHub
NIST 800-82: Curated guidance from official PDF publication
MITRE ATT&CK: Automated STIX 2.0 ingestion from official MITRE repository
All data stored in SQLite with full-text search (FTS5)

Smart Architecture:

Security level filtering uses junction tables (many-to-many relationships)
Zone/conduit guidance generates markdown with Purdue Model context
Requirement rationale includes regulatory drivers and related standards
Cross-standard mappings use confidence scores for quality assessment

Technical Stack:

Official Source → Parse → Validate → SQLite → MCP Tools → AI Response
     ↑                        ↑            ↑
  OSCAL/STIX          JSON Schema    FTS5 Search

Example: Traditional vs. This MCP

Traditional Approach	This MCP Server
Buy IEC 62443 PDFs ($500+)	Ingest your licensed IEC data once
Navigate 300+ page security level tables	"What requirements apply to SL-2?" → instant answer
Manual Purdue Model diagrams	`get_zone_conduit_guidance` → generated architecture
Cross-reference NIST ↔ IEC manually	`compare_ot_requirements` → mapped instantly
Search MITRE matrices by hand	"Show me PLC attacks" → filtered techniques
6 different documentation sites	One unified query interface

Traditional example: Open IEC 62443-3-3 PDF → Find security level table → Ctrl+F "SR 1" → Read 15 pages → Cross-reference to IEC 62443-4-2 → Repeat for NIST

This MCP: "What are all IEC 62443 requirements for Security Level 2 targeting embedded devices?" → Done.

⚠️ Important Disclaimers

IEC 62443 Licensing

📄 IEC 62443 CONTENT NOT INCLUDED

IEC 62443 is a copyrighted standard published by the International Society of Automation (ISA) and International Electrotechnical Commission (IEC).

This MCP server provides:

Database schema and ingestion tools for IEC 62443 data

JSON templates showing the expected data structure

Sample data (2 requirements) demonstrating the format

You must provide:

Your own licensed copies of IEC 62443 standards

Your own JSON files created from your licensed standards

How to obtain IEC 62443 standards:

Purchase from ISA or IEC

Prices: ~$150-200 per part (3-3, 4-2, 3-2)

Ingestion guide: See docs/ingestion/iec62443-guide.md

Legal Advice

🚨 THIS TOOL IS NOT SECURITY CONSULTING OR LEGAL ADVICE 🚨

Security requirements are sourced from official public standards (NIST, MITRE) and user-supplied licensed standards (IEC 62443). However:

Security level targeting is risk-based and requires proper threat modeling

Zone/conduit architectures are design aids, not prescriptive solutions

Cross-standard mappings are interpretive aids, not official guidance

MITRE techniques are threat intelligence, not vulnerability assessments

Always:

Conduct proper risk assessments for your specific environment

Engage qualified OT security professionals for implementation guidance

Verify against official standard publications

Follow your organization's security policies and procedures

NIST & MITRE Data

Public domain content — NIST 800-53, NIST 800-82, and MITRE ATT&CK for ICS data are sourced from official U.S. government repositories and are in the public domain. No restrictions on use or distribution.

Related Projects: Ansvar Compliance Suite

This server is part of Ansvar's MCP ecosystem for industrial and enterprise security:

🏭 OT Security MCP (This Project)

Query IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS

Specialized for OT/ICS environments (manufacturing, energy, critical infrastructure)
Security levels, Purdue Model, zone/conduit architecture
MITRE ATT&CK for ICS threat intelligence
Install: npm install @ansvar/ot-security-mcp

🔐 Security Controls MCP

Query 1,451 security controls across 28 IT/OT frameworks

ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, and 22 more
Bidirectional framework mapping and gap analysis
Works with OT Security MCP for complete IT/OT coverage
Install: pipx install security-controls-mcp

🇪🇺 EU Regulations MCP

Query 47 EU regulations including NIS2 and Cyber Resilience Act

GDPR, AI Act, DORA, NIS2, MDR, CRA, and 41 more
Critical for EU OT operators under NIS2 directive
Install: npx @ansvar/eu-regulations-mcp

🇺🇸 US Regulations MCP

Query US compliance laws including TSA Pipeline Security

HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, and 9 more
Relevant for US critical infrastructure operators
Install: npm install @ansvar/us-regulations-mcp

How They Work Together for OT Security

Complete OT compliance workflow:

1. "What are NIS2 requirements for energy sector OT systems?"
   → EU Regulations MCP returns NIS2 Article 21 requirements

2. "What IEC 62443 security level satisfies NIS2 Article 21?"
   → OT Security MCP recommends Security Level 2-3 based on risk assessment

3. "Map IEC 62443-4-2 SR 1.1 to NIST 800-53 controls"
   → Security Controls MCP shows bidirectional mapping to AC-2, IA-2, etc.

4. "What MITRE ATT&CK techniques target this configuration?"
   → OT Security MCP shows relevant ICS attack techniques and mitigations

Stack these servers for:

EU OT operators (NIS2 + IEC 62443 + ISO 27001)
US critical infrastructure (NIST + IEC 62443 + sector-specific regulations)
Global manufacturers (All compliance + OT security + framework mapping)

About Ansvar Systems

We build AI-accelerated threat modeling and compliance tools for automotive OEMs, Tier 1 suppliers, industrial manufacturers, and critical infrastructure operators. This MCP server started as our internal IEC 62443 reference tool — turns out everyone securing OT environments has the same "6 documentation sites, 12 PDFs" problem.

So we're open-sourcing it. Navigating IEC 62443 security levels shouldn't require a spreadsheet and a law degree.

ansvar.eu — Stockholm, Sweden

Industries we serve:

Automotive (ISO 21434, UN R155)
Industrial Manufacturing (IEC 62443)
Energy & Utilities (NERC CIP, IEC 62443)
Medical Devices (IEC 81001-5-1, IEC 62443-4-2)

Documentation

Getting Started

Quick Start Guide — Installation and first queries
IEC 62443 Ingestion Guide — How to ingest your licensed standards
NIST Ingestion Guide — Automated NIST data setup

Tools & Features

Available Tools — All 7 MCP tools with examples
Tool Reference: Security Level Mapping
Tool Reference: Zone/Conduit Guidance
Tool Reference: Requirement Rationale

Use Cases

Industry Use Cases — Automotive, energy, manufacturing, water/wastewater
Coverage Details — Complete standard coverage breakdown

Development

Development Guide — Contributing, adding standards
Architecture — Database schema, tool design
Troubleshooting — Common issues and fixes

Project Planning

Stage 2 Design — Complete architectural design
Stage 2 Implementation — Task breakdown
Release Notes v0.2.0 — What's new in Stage 2

Roadmap

Stage 3 (Planned Q2 2026)

IEC 62443-2-4 — Supplier security requirements (DORA/NIS2 relevance)
Rich Cross-Standard Mappings — IEC ↔ NIST ↔ MITRE with confidence scores
Automated Mapping Suggestions — ML-based requirement similarity
Compare Requirements Tool — Side-by-side multi-standard comparison

Stage 4 (Planned Q3 2026)

NERC CIP — North American energy sector requirements
Sector Applicability Engine — "Which standards apply to my facility?"
EU Regulatory Crosswalk — NIS2, DORA, CRA mappings to IEC 62443

See: ROADMAP.md for full feature timeline

More Open Source from Ansvar

We maintain a family of MCP servers for compliance and security professionals:

Server	Description	Install
EU Regulations	47 EU regulations (GDPR, AI Act, DORA, NIS2, MiFID II, eIDAS, MDR...)	`npx @ansvar/eu-regulations-mcp`
US Regulations	HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, state privacy laws	`npx @ansvar/us-regulations-mcp`
Security Controls	1,451 controls across 28 frameworks (ISO 27001, NIST CSF, PCI DSS, CMMC...)	`pipx install security-controls-mcp`
Automotive	UNECE R155/R156, ISO 21434 for automotive cybersecurity	`npx @ansvar/automotive-cybersecurity-mcp`
Sanctions	Offline sanctions screening with OpenSanctions (30+ lists)	`pip install ansvar-sanctions-mcp`

Browse all projects: ansvar.eu/open-source

Contributing

We welcome contributions! See CONTRIBUTING.md for:

Adding new standards
Improving cross-standard mappings
Enhancing tool capabilities
Fixing bugs or improving documentation

License

Code: Apache License 2.0 (see LICENSE)

Data:

IEC 62443: User-supplied (requires license from ISA/IEC)
NIST 800-53, 800-82: Public domain (U.S. government work)
MITRE ATT&CK for ICS: Apache 2.0 (MITRE Corporation)

Support

Community Support

GitHub Issues: Report bugs or request features
GitHub Discussions: Ask questions or share use cases

Commercial Support

Need help with:

IEC 62443 security level targeting for your facility?
Custom zone/conduit architectures for complex OT networks?
Threat modeling using MITRE ATT&CK for ICS?
NIS2 or DORA compliance mapping to IEC 62443?

Contact: info@ansvar.eu

_{Built with care in Stockholm, Sweden}

ot-security-mcp

Quick Install