OT Security MCP: AI Query for Multiple Industrial Standards, Empowering Devs with Threat Intelligence

Ot Security MCP

The OT Security MCP Server provides AI query services for industrial control system security standards such as IEC 62443, NIST 800 - 82/53, and MITRE ATT&CK for ICS, helping engineers, architects, and compliance officers quickly obtain security requirements, network segmentation guidance, and threat intelligence.

Security Law and compliance #OT security #Industrial control #Security standards #Threat intelligence .TypeScript

rating : 2.5 points

downloads : 7.0K

update time : 2026-03-13

Open Site

What is the OT Security MCP Server?

This is an AI assistant specifically designed for industrial control system (OT) security. It integrates security requirements scattered across different standard documents into a unified query interface. Whether you are designing a security architecture, conducting compliance checks, or performing threat analysis, you can obtain accurate security standard information by asking questions in natural language.

How to use the OT Security MCP Server?

After installation, you can directly ask questions in Claude Desktop, Cursor, or any AI client that supports the MCP protocol. There's no need to flip through hundreds of pages of PDF documents. Simply describe your needs in natural language, and the system will return relevant security requirements, control measures, and best practices.

Applicable scenarios

It is applicable to all industries that use industrial control systems, such as manufacturing, energy facilities, water treatment plants, and transportation systems. It is particularly suitable for security engineers to conduct risk assessments, compliance officers to prepare audit materials, system architects to design secure networks, and product teams to develop industrial equipment that meets security standards.

Main features

Multi - standard integrated query

Query four major standard systems, namely IEC 62443, NIST 800 - 82, NIST 800 - 53, and MITRE ATT&CK for ICS, simultaneously without switching between different documents.

Intelligent mapping of security levels

Automatically filter relevant requirements according to the security levels (SL - 1 to SL - 4) of IEC 62443 to help you determine control measures suitable for your risk level.

Network segmentation guidance

Based on the concepts of zones and conduits in the Purdue model and IEC 62443, provide suggestions and best practices for network segmentation architecture design.

Threat intelligence integration

Integrate attack techniques and mitigation measures from MITRE ATT&CK for ICS to help you understand specific threats to industrial control systems.

Cross - standard comparison

Automatically map IEC 62443 requirements to corresponding NIST control measures to simplify compliance work and conversion between standards.

Component type filtering

Filter applicable security requirements according to device types (embedded devices, host devices, network devices, applications).

Explanation of requirement principles

Not only provide the content of security requirements but also explain why these requirements are needed to help understand the underlying security principles.

Advantages

Save time: No need to manually flip through hundreds of pages of PDF documents, and the query speed is increased by more than 10 times.

Accuracy: Based on official standard source data, ensure the accuracy and authority of information.

Ease of use: Query in natural language without memorizing complex standard numbers and terms.

Comprehensiveness: Cover the main standards and frameworks of OT security, providing a one - stop solution.

Practicality: Provide practical design guidance and best practices, not just theoretical requirements.

Limitations

Users need to provide IEC 62443 content themselves: Due to copyright restrictions, you need to have a legal license for the IEC 62443 standard to use all functions.

Does not replace professional consultation: The tool provides information for reference but cannot replace the risk assessment of professional security consultants.

Requires technical understanding: Although the interface is user - friendly, users still need to have basic OT security knowledge.

Depends on AI clients: It needs to be used in an AI tool that supports the MCP protocol.

How to use

Install the server

Install the OT Security MCP server package via npm

Configure the AI client

Add server settings to the configuration file of Claude Desktop or Cursor

Prepare IEC 62443 data (optional)

If you need to query the IEC 62443 standard, you need to prepare your license data according to the guide

Start querying

Restart the AI client, and then you can ask questions in natural language

Usage examples

Design a security architecture for a new manufacturing facility

As a security architect, you need to design an OT network security architecture for a newly built automobile manufacturing plant and determine appropriate security levels and network segmentation schemes.

Prepare for NIS2 compliance audit

As a compliance officer, you need to ensure that your company's energy facilities comply with the EU NIS2 directive requirements and map the NIS2 requirements to specific security control measures.

Analyze PLC security risks

As a threat analyst, you need to evaluate the security threats faced by your company's PLC devices and understand possible attack techniques and mitigation measures.

Develop industrial products that meet security standards

As a product manager, you need to ensure that the newly developed industrial router meets relevant security standards, especially the requirements for network devices.

Frequently Asked Questions

Do I need to purchase the IEC 62443 standard to use this tool?

Can this tool replace professional security consulting?

Which AI clients are supported?

How often is the data updated?

Is local deployment supported?

How to obtain the IEC 62443 standard?

Related resources

Official GitHub repository

Source code, issue tracking, and contribution guidelines

IEC 62443 import guide

How to prepare and import your IEC 62443 standard data

Usage case collection

Specific usage scenarios and examples in various industries

Ansvar Systems official website

Official website of the development company to learn more about industrial security solutions

Other related MCP servers

Supporting MCP servers for EU regulations, US regulations, security controls, etc.

Official documentation of the MCP protocol

Official technical specification of the Model Context Protocol

🚀 OT Security MCP Server

IEC 62443 tailored for the AI era. Query the complete OT security framework stack directly from Claude, Cursor, or any MCP-compatible client.

This server enables you to query IEC 62443, NIST 800-82, NIST 800-53, and MITRE ATT&CK for ICS directly through Claude, Cursor, or any MCP-compatible client. It's an essential security standards reference for safeguarding industrial control systems, manufacturing plants, energy infrastructure, and other critical OT environments.

Built by Ansvar Systems in Stockholm, Sweden.

🚀 Quick Start

Installation

npm install @ansvar/ot-security-mcp

Claude Desktop

Add the following to your claude_desktop_config.json file:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "ot-security": {
      "command": "npx",
      "args": ["-y", "@ansvar/ot-security-mcp"]
    }
  }
}

Restart Claude Desktop, and you're done.

Cursor / VS Code

{
  "mcp.servers": {
    "ot-security": {
      "command": "npx",
      "args": ["-y", "@ansvar/ot-security-mcp"]
    }
  }
}

✨ Features

Standards Coverage

IEC 62443-3-3: Comprises 67 System Security Requirements (SRs) across 7 foundational requirements.
IEC 62443-4-2: Contains 51 Component Requirements (CRs) for embedded devices, host devices, network devices, and applications.
IEC 62443-3-2: Covers security risk assessment, zones & conduits, and the Purdue Model.
NIST SP 800-53 Rev 5: Includes 228 OT-relevant controls from 12 control families.
NIST SP 800-82 Rev 3: A guide to Operational Technology Security.
MITRE ATT&CK for ICS: Features 83 techniques, 52 mitigations, and 331 relationships.

Key Features

Full-Text Search: Instantly find relevant requirements across all standards.
Security Level Mapping: Query IEC 62443 requirements by SL-1 through SL-4.
Zone/Conduit Guidance: Design network segmentation with the Purdue Model.
Requirement Rationale: Understand the reasons behind requirements, not just the content.
Threat Intelligence: Map MITRE ATT&CK techniques to defensive controls.
Cross-Standard Mappings: Identify relationships between IEC and NIST controls.
Component Type Filtering: Filter requirements based on component types such as embedded devices, hosts, networks, or applications.

Data Quality

238 Requirements: Combine IEC 62443 foundation requirements with NIST 800-82 guidance.
228 NIST 800-53 Controls: Automatically ingest from the official NIST source using OSCAL.
83 MITRE ICS Techniques: Cover the entire ATT&CK for ICS matrix.
16 Cross-Standard Mappings: Validate mappings between NIST 800-82 and 800-53.
Daily Updates: Automatically check the freshness of NIST and MITRE sources.

Detailed coverage: docs/coverage.md Use cases by industry: docs/use-cases.md Available tools: docs/tools.md

💻 Usage Examples

Once connected, you can make natural queries:

IEC 62443 Security Levels

"What are the IEC 62443 requirements for Security Level 2?"
"Which security level should I target for a water treatment plant?"
"Compare requirements between SL-2 and SL-3"
"What is SR 1.1 (identification and authentication) in IEC 62443?"

Network Segmentation & Zones

"How should I segment my OT network using the Purdue Model?"
"What security controls belong at Level 3 of the Purdue Model?"
"Design a zone and conduit architecture for a manufacturing facility"
"What's the difference between a zone and a conduit in IEC 62443-3-2?"

Threat Intelligence

"What MITRE ATT&CK techniques target PLCs?"
"How do attackers perform lateral movement in ICS environments?"
"Show me MITRE ICS techniques for T0800 (Modify Control Logic)"
"Which mitigations prevent Man-in-the-Middle attacks on Modbus?"

NIST Guidance

"What are NIST's recommendations for OT asset management?"
"How does NIST 800-82 address incident response in control systems?"
"Map NIST 800-82 guidance to NIST 800-53 controls"

Cross-Standard Mapping

"Map IEC 62443 SR 1.1 to equivalent NIST controls"
"Which NIST 800-53 controls support IEC 62443 Security Level 3?"
"Compare identification and authentication across IEC and NIST"

Industry-Specific

"What security requirements apply to a power generation facility?"
"IEC 62443 requirements for pharmaceutical manufacturing"
"Security controls for a water/wastewater utility"

More examples: See docs/use-cases.md for industry-specific scenarios.

📚 Documentation

Getting Started

Quick Start Guide: Installation and first queries.
IEC 62443 Ingestion Guide: How to ingest your licensed standards.
NIST Ingestion Guide: Automated NIST data setup.

Tools & Features

Available Tools: All 7 MCP tools with examples.
Tool Reference: Security Level Mapping
Tool Reference: Zone/Conduit Guidance
Tool Reference: Requirement Rationale

Use Cases

Industry Use Cases: Automotive, energy, manufacturing, water/wastewater.
Coverage Details: Complete standard coverage breakdown.

Development

Development Guide: Contributing, adding standards.
Architecture: Database schema, tool design.
Troubleshooting: Common issues and fixes.
Privacy Policy: Data handling and retention notes.

Project Planning

Stage 2 Design: Complete architectural design.
Stage 2 Implementation: Task breakdown.
Release Notes v0.2.0: What's new in Stage 2.

🔧 Technical Details

Why This Works

Authoritative Source Data:

IEC 62443: User-supplied (licensed standards) — you provide your own licensed data.
NIST 800-53: Automated OSCAL ingestion from official NIST GitHub.
NIST 800-82: Curated guidance from official PDF publication.
MITRE ATT&CK: Automated STIX 2.0 ingestion from official MITRE repository. All data is stored in SQLite with full-text search (FTS5).

Smart Architecture:

Security level filtering uses junction tables (many-to-many relationships).
Zone/conduit guidance generates markdown with Purdue Model context.
Requirement rationale includes regulatory drivers and related standards.
Cross-standard mappings use confidence scores for quality assessment.

Technical Stack:

Official Source → Parse → Validate → SQLite → MCP Tools → AI Response
     ↑                        ↑            ↑
  OSCAL/STIX          JSON Schema    FTS5 Search

Example: Traditional vs. This MCP

Traditional Approach	This MCP Server
Buy IEC 62443 PDFs ($500+)	Ingest your licensed IEC data once
Navigate 300+ page security level tables	"What requirements apply to SL-2?" → instant answer
Manual Purdue Model diagrams	`get_zone_conduit_guidance` → generated architecture
Cross-reference NIST ↔ IEC manually	`compare_ot_requirements` → mapped instantly
Search MITRE matrices by hand	"Show me PLC attacks" → filtered techniques
6 different documentation sites	One unified query interface

Traditional example: Open IEC 62443-3-3 PDF → Find security level table → Ctrl+F "SR 1" → Read 15 pages → Cross-reference to IEC 62443-4-2 → Repeat for NIST.

This MCP: "What are all IEC 62443 requirements for Security Level 2 targeting embedded devices?" → Done.

📄 License

Code: Apache License 2.0 (see LICENSE)

Data:

IEC 62443: User-supplied (requires license from ISA/IEC).
NIST 800-53, 800-82: Public domain (U.S. government work).
MITRE ATT&CK for ICS: Apache 2.0 (MITRE Corporation).

⚠️ Important Note

IEC 62443 Licensing

📄 IEC 62443 CONTENT NOT INCLUDED

IEC 62443 is a copyrighted standard published by the International Society of Automation (ISA) and International Electrotechnical Commission (IEC).

This MCP server provides:

Database schema and ingestion tools for IEC 62443 data.

JSON templates showing the expected data structure.

Sample data (2 requirements) demonstrating the format.

You must provide:

Your own licensed copies of IEC 62443 standards.

Your own JSON files created from your licensed standards.

How to obtain IEC 62443 standards:

Purchase from ISA or IEC.

Prices: ~$150 - 200 per part (3 - 3, 4 - 2, 3 - 2).

Ingestion guide: See docs/ingestion/iec62443-guide.md.

Legal Advice

🚨 THIS TOOL IS NOT SECURITY CONSULTING OR LEGAL ADVICE 🚨

Security requirements are sourced from official public standards (NIST, MITRE) and user-supplied licensed standards (IEC 62443). However:

Security level targeting is risk-based and requires proper threat modeling.

Zone/conduit architectures are design aids, not prescriptive solutions.

Cross-standard mappings are interpretive aids, not official guidance.

MITRE techniques are threat intelligence, not vulnerability assessments.

Always:

Conduct proper risk assessments for your specific environment.

Engage qualified OT security professionals for implementation guidance.

Verify against official standard publications.

Follow your organization's security policies and procedures.

NIST & MITRE Data

NIST 800-53, NIST 800-82, and MITRE ATT&CK for ICS data are sourced from official U.S. government repositories and are in the public domain. There are no restrictions on use or distribution.

Related Projects: Ansvar Compliance Suite

This server is part of Ansvar's MCP ecosystem for industrial and enterprise security:

🏭 OT Security MCP (This Project)

Query IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS.

Specialized for OT/ICS environments (manufacturing, energy, critical infrastructure).
Covers security levels, Purdue Model, zone/conduit architecture.
Provides MITRE ATT&CK for ICS threat intelligence.
Install: npm install @ansvar/ot-security-mcp

🔐 Security Controls MCP

Query 1,451 security controls across 28 IT/OT frameworks.

Includes ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, and 22 more.
Enables bidirectional framework mapping and gap analysis.
Works with OT Security MCP for complete IT/OT coverage.
Install: pipx install security-controls-mcp

🇪🇺 EU Regulations MCP

Query 47 EU regulations including NIS2 and Cyber Resilience Act.

Covers GDPR, AI Act, DORA, NIS2, MDR, CRA, and 41 more.
Critical for EU OT operators under NIS2 directive.
Install: npx @ansvar/eu-regulations-mcp

🇺🇸 US Regulations MCP

Query US compliance laws including TSA Pipeline Security.

Includes HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, and 9 more.
Relevant for US critical infrastructure operators.
Install: npm install @ansvar/us-regulations-mcp

How They Work Together for OT Security

Complete OT compliance workflow:

1. "What are NIS2 requirements for energy sector OT systems?"
   → EU Regulations MCP returns NIS2 Article 21 requirements.

2. "What IEC 62443 security level satisfies NIS2 Article 21?"
   → OT Security MCP recommends Security Level 2 - 3 based on risk assessment.

3. "Map IEC 62443-4-2 SR 1.1 to NIST 800-53 controls"
   → Security Controls MCP shows bidirectional mapping to AC - 2, IA - 2, etc.

4. "What MITRE ATT&CK techniques target this configuration?"
   → OT Security MCP shows relevant ICS attack techniques and mitigations.

Stack these servers for:

EU OT operators (NIS2 + IEC 62443 + ISO 27001)
US critical infrastructure (NIST + IEC 62443 + sector - specific regulations)
Global manufacturers (All compliance + OT security + framework mapping)

Directory Review Notes

Testing Account and Sample Data

This server is read - only and does not require a login account for functional review. For directory review, use the bundled dataset and these sample prompts:

"What IEC 62443 requirements apply to Security Level 2?"
"Show MITRE ICS techniques related to PLC manipulation."
"Map IEC 62443 SR 1.1 to NIST controls."

Remote Authentication (OAuth 2.0)

If you deploy a remote authenticated endpoint, use OAuth 2.0 over TLS with certificates from recognized authorities. If deployed in read - only unauthenticated mode, document that deployment policy explicitly.

Roadmap

Stage 3 (Planned Q2 2026)

IEC 62443-2-4: Supplier security requirements (DORA/NIS2 relevance).
Rich Cross-Standard Mappings: IEC ↔ NIST ↔ MITRE with confidence scores.
Automated Mapping Suggestions: ML-based requirement similarity.
Compare Requirements Tool: Side-by-side multi-standard comparison.

Stage 4 (Planned Q3 2026)

NERC CIP: North American energy sector requirements.
Sector Applicability Engine: "Which standards apply to my facility?"
EU Regulatory Crosswalk: NIS2, DORA, CRA mappings to IEC 62443.

See: ROADMAP.md for full feature timeline.

More Open Source from Ansvar

We maintain a family of MCP servers for compliance and security professionals:

Server	Description	Install
EU Regulations	47 EU regulations (GDPR, AI Act, DORA, NIS2, MiFID II, eIDAS, MDR...)	`npx @ansvar/eu-regulations-mcp`
US Regulations	HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, state privacy laws	`npx @ansvar/us-regulations-mcp`
Security Controls	1,451 controls across 28 frameworks (ISO 27001, NIST CSF, PCI DSS, CMMC...)	`pipx install security-controls-mcp`
Automotive	UNECE R155/R156, ISO 21434 for automotive cybersecurity	`npx @ansvar/automotive-cybersecurity-mcp`
Sanctions	Offline sanctions screening with OpenSanctions (30+ lists)	`pip install ansvar-sanctions-mcp`