The cyber landscape in the Marine Transportation System (MTS) is continually evolving. Computer systems and technology play an increasing role in systems, equipment, and operations throughout the maritime environment. Recognizing the critical role cyber plays, the Coast Guard worked closely with industry and other government agencies to provide guidance on complying with cybersecurity requirements. Today we are proud to announce the release of Navigation and Vessel Inspection Circular (NVIC) No. 01-20:Guidelines for Addressing Cyber Risks at MTSA Regulated Facilities.
This NVIC provides guidance to facility owners and operators on complying with the requirements to assess, document, and address computer system and network vulnerabilities. In accordance with 33 CFR parts 105 and 106, which implement the Maritime Transportation Security Act (MTSA) of 2002, regulated facilities (including Outer Continental Shelf facilities) are required to assess and document vulnerabilities associated with their computer systems and networks in a Facility Security Assessment (FSA). Identified vulnerabilities in computer systems and networks are commonly referred to as cybersecurity vulnerabilities. Regulations require that any cybersecurity vulnerabilities identified in the FSA must be addressed in the Facility Security Plan (FSP) or Alternative Security Program (ASP).