playbooks

home / mcp / ot security mcp server

OT Security MCP Server

Queries IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS to enable AI-assisted OT security planning.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "ansvar-systems-ot-security-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@ansvar/ot-security-mcp"
      ]
    }
  }
}

You can query and combine OT security standards from IEC 62443, NIST SP 800-82/53, and MITRE ATT&CK for ICS using this MCP server. It centralizes access, enables AI-assisted understanding, and helps you map requirements, design zone/conduit architectures, and cross-reference standards for OT environments.

How to use

Connect to the MCP server from your preferred MCP client. Once connected, you can ask natural-language questions like seeking security level requirements, Purdue model guidance, cross-standard mappings, and MITRE ATT&CK correlations. The server returns structured results that let you quickly compare standards, surface relevant controls, and design concrete OT security plans.

How to install

Prerequisites: install Node.js and npm on your workstation or server.

Verify installations:

node -v
npm -v

Install the OT Security MCP package.

Run this command to install the MCP server package.

npm install @ansvar/ot-security-mcp

Configure your MCP client to connect to the local MCP server using the included runtime command.

Use the following configuration in your MCP client to load the server via npx.

{
  "mcpServers": {
    "ot-security": {
      "command": "npx",
      "args": ["-y", "@ansvar/ot-security-mcp"]
    }
  }
}

Additional sections

Configuration notes: this MCP server relies on the client to load and query data sources. It supports full-text search, security level mapping, zone/conduit guidance, rationale explanations, threat intelligence, cross-standard mappings, and component-type filtering. Ensure you provide licensed IEC 62443 data and connect to official NIST and MITRE sources as documented in your data ingestion workflow.

Usage notes: start by loading your standards data, then perform queries such as: which IEC 62443 requirements apply to SL-2 for embedded devices, how to segment a plant network according to the Purdue Model, or which MITRE ICS techniques map to a given control.

Available tools

Full-Text Search

Search across all standards to quickly locate relevant requirements, controls, and mappings using natural language queries and keyword filters.

Security Level Mapping

Filter and retrieve IEC 62443 requirements by security level (SL-1 through SL-4) to assess appropriate protections.

Zone/Conduit Guidance

Generate Purdue Model-aligned zone and conduit designs with context for boundaries and data flows.

Requirement Rationale

Display the rationale behind each requirement, including regulatory drivers and cross-standard context.

Threat Intelligence

Map MITRE ATT&CK for ICS techniques to defensive controls and mitigations to reduce risk.

Cross-Standard Mappings

Explore relationships and mappings between IEC, NIST, and MITRE frameworks with confidence scoring.

Component Type Filtering

Isolate requirements applicable to embedded devices, hosts, networks, or applications for targeted planning.