Assess your OT/ICS security posture across 30 controls organized into 6 security principles: Business Driven, Risk Based, Enterprise Wide, Methodical, OT Security Focused, and OT Security Compliant. Returns an overall compliance percentage, principle-level scores, critical gaps, risk level, and prioritized remediation findings.
Built by a CISSP/CISM certified security professional at ToolWeb.in
TOOLWEB_API_KEY — Get your API key from portal.toolweb.incurl must be available on the systemPOST https://portal.toolweb.in/apis/security/ot-security-assessment
| Principle | Key | Controls | IDs |
|---|---|---|---|
| ----------- | ----- | ---------- | ----- |
| Business Driven | business_driven | 5 | bd.1 — bd.5 |
| Risk Based | risk_based | 5 | rb.1 — rb.5 |
| Enterprise Wide | enterprise_wide | 5 | ew.1 — ew.5 |
| Methodical | methodical | 5 | m.1 — m.5 |
| OT Security Focused | ot_security_focused | 5 | of.1 — of.5 |
| OT Security Compliant | ot_security_compliant | 5 | oc.1 — oc.5 |
Business Driven (bd.1 — bd.5):
Risk Based (rb.1 — rb.5):
Enterprise Wide (ew.1 — ew.5):
Methodical (m.1 — m.5):
OT Security Focused (of.1 — of.5):
OT Security Compliant (oc.1 — oc.5):
For each control, the user answers compliant (true) or non-compliant (false).
{
"business_driven": [
{"controlId": "bd.1", "compliant": true},
{"controlId": "bd.2", "compliant": false},
{"controlId": "bd.3", "compliant": false},
{"controlId": "bd.4", "compliant": true},
{"controlId": "bd.5", "compliant": false}
],
"risk_based": [
{"controlId": "rb.1", "compliant": true},
{"controlId": "rb.2", "compliant": false}
]
}
curl -s -X POST "https://portal.toolweb.in/apis/security/ot-security-assessment" \
-H "Content-Type: application/json" \
-H "X-API-Key: $TOOLWEB_API_KEY" \
-d '{
"tier": "standard",
"controls": {
"business_driven": [
{"controlId": "bd.1", "compliant": true},
{"controlId": "bd.2", "compliant": false},
{"controlId": "bd.3", "compliant": false},
{"controlId": "bd.4", "compliant": true},
{"controlId": "bd.5", "compliant": false}
],
"risk_based": [
{"controlId": "rb.1", "compliant": true},
{"controlId": "rb.2", "compliant": false},
{"controlId": "rb.3", "compliant": false},
{"controlId": "rb.4", "compliant": true},
{"controlId": "rb.5", "compliant": false}
],
"enterprise_wide": [
{"controlId": "ew.1", "compliant": false},
{"controlId": "ew.2", "compliant": false},
{"controlId": "ew.3", "compliant": true},
{"controlId": "ew.4", "compliant": false},
{"controlId": "ew.5", "compliant": false}
],
"methodical": [
{"controlId": "m.1", "compliant": true},
{"controlId": "m.2", "compliant": false},
{"controlId": "m.3", "compliant": false},
{"controlId": "m.4", "compliant": false},
{"controlId": "m.5", "compliant": false}
],
"ot_security_focused": [
{"controlId": "of.1", "compliant": true},
{"controlId": "of.2", "compliant": false},
{"controlId": "of.3", "compliant": false},
{"controlId": "of.4", "compliant": true},
{"controlId": "of.5", "compliant": false}
],
"ot_security_compliant": [
{"controlId": "oc.1", "compliant": false},
{"controlId": "oc.2", "compliant": false},
{"controlId": "oc.3", "compliant": false},
{"controlId": "oc.4", "compliant": false},
{"controlId": "oc.5", "compliant": false}
]
},
"sessionId": "<unique-id>"
}'
Tip: You don't need to include all 6 principles — the API will score missing principles as 0%. Include what the user provides.
🏭 OT Security Assessment
━━━━━━━━━━━━━━━━━━━━━━━━━━━
📊 Overall Compliance: [XX]%
Risk Level: [High/Medium/Low]
Total Controls: 30 | Compliant: [X] | Critical Gaps: [X]
📋 Principle Scores:
💼 Business Driven: [X]% (X/5)
⚠️ Risk Based: [X]% (X/5)
🏢 Enterprise Wide: [X]% (X/5)
📐 Methodical: [X]% (X/5)
🏭 OT Security Focused: [X]% (X/5)
✅ OT Security Compliant: [X]% (X/5)
🔴 Critical Findings:
[List highest-priority gaps with severity and recommendations]
📋 Priority Remediation:
1. [Most urgent fix] — Severity: Critical
2. [Next priority] — Severity: High
3. [Next priority] — Severity: Medium
📎 Full assessment powered by ToolWeb.in
TOOLWEB_API_KEY is not set: Tell the user to get an API key from https://portal.toolweb.inUser: "Assess the OT security of our manufacturing plant's control systems"
Agent flow:
Business Driven: Is your security strategy aligned with business objectives? Do you have OT-specific business impact analysis?"
Created by ToolWeb.in — a security-focused MicroSaaS platform with 200+ security APIs, built by a CISSP & CISM certified professional. Trusted by security teams in USA, UK, and Europe and we have platforms for "Pay-per-run", "API Gateway", "MCP Server", "OpenClaw", "RapidAPI" for execution and YouTube channel for demos.
共 1 个版本