<RULE>
DEPARTMENT OF HOMELAND SECURITY
<SUBAGY>Coast Guard</SUBAGY>
<CFR>33 CFR Parts 101 and 160</CFR>
<DEPDOC>[Docket No. USCG-2022-0802]</DEPDOC>
<RIN>RIN 1625-AC77</RIN>
<SUBJECT>Cybersecurity in the Marine Transportation System</SUBJECT>
<HD SOURCE="HED">AGENCY:</HD>
Coast Guard, DHS.
<HD SOURCE="HED">ACTION:</HD>
Final rule; request for comments.
<SUM>
<HD SOURCE="HED">SUMMARY:</HD>
The Coast Guard is updating its maritime security regulations by establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations. This final rule addresses current and emerging cybersecurity threats in the marine transportation system by adding minimum cybersecurity requirements to help detect risks and respond to and recover from cybersecurity incidents. These include requirements to develop and maintain a Cybersecurity Plan, designate a Cybersecurity Officer, and take various measures to maintain cybersecurity within the marine transportation system. The Coast Guard is also seeking comments on a potential delay for the implementation periods for U.S.-flagged vessels.
</SUM>
<EFFDATE>
<HD SOURCE="HED">DATES:</HD>
This final rule is effective July 16, 2025.
<E T="03">Comment period for solicited comments:</E>
Comments on a potential 2-to-5-year delay for the implementation periods for U.S.-flagged vessels in Section VII of this preamble must be submitted by March 18, 2025.
</EFFDATE>
<HD SOURCE="HED">ADDRESSES:</HD>
<E T="03">Docket:</E>
To view documents mentioned in this preamble as being available in the docket, go to
<E T="03">www.regulations.gov,</E>
type USCG-2022-0802 in the search box, and click “Search.” Next, in the Document Type column, select “Supporting & Related Material.”
<E T="03">Comment period for solicited additional comments:</E>
You may submit comments on the implementation periods for U.S.-flagged vessels discussed in Section VII of this preamble via the electronic Federal Docket Management System. To do so, go to
<E T="03">www.regulations.gov,</E>
type USCG-2022-0802 in the search box and click “Search.” Next, look for this document in the Search Results column, and click on it. Then click on the Comment option. If you cannot submit your material by using
<E T="03">www.regulations.gov,</E>
call or email the person in the
<E T="02">FOR FURTHER INFORMATION CONTACT</E>
section of this final rule for alternate instructions.
<FURINF>
<HD SOURCE="HED">FOR FURTHER INFORMATION CONTACT:</HD>
For information about this document, email
<E T="03">MTSCyberRule@uscg.mil</E>
or call Commander Brandon Link, Office of Port and Facility Compliance, 202-372-1107; or Commander Christopher Rabalais, Office of Design and Engineering Standards, 202-372-1375.
</FURINF>
<SUPLINF>
<HD SOURCE="HED">SUPPLEMENTARY INFORMATION:</HD>
<HD SOURCE="HD1">Table of Contents for Preamble </HD>
<EXTRACT>
<FP SOURCE="FP-2">I. Abbreviations</FP>
<FP SOURCE="FP-2">II. Executive Summary</FP>
<FP SOURCE="FP-2">III. Basis and Purpose</FP>
<FP SOURCE="FP1-2">A. Cybersecurity Threats</FP>
<FP SOURCE="FP1-2">B. Legislation, Regulations, and Policy</FP>
<FP SOURCE="FP1-2">C. Legal Authority</FP>
<FP SOURCE="FP-2">IV. Background</FP>
<FP SOURCE="FP1-2">A. The Current State of Cybersecurity in the MTS</FP>
<FP SOURCE="FP1-2">B. Current MTSA Regulations Related to Cybersecurity</FP>
<FP SOURCE="FP-2">V. Discussion of Comments and Changes</FP>
<FP SOURCE="FP-2">VI. Discussion of the Final Rule</FP>
<FP SOURCE="FP-2">VII. Request for Comment</FP>
<FP SOURCE="FP-2">VIII. Regulatory Analyses</FP>
<FP SOURCE="FP1-2">A. Regulatory Planning and Review</FP>
<FP SOURCE="FP1-2">B. Small Entities</FP>
<FP SOURCE="FP1-2">C. Assistance for Small Entities</FP>
<FP SOURCE="FP1-2">D. Collection of Information</FP>
<FP SOURCE="FP1-2">E. Federalism</FP>
<FP SOURCE="FP1-2">F. Unfunded Mandates</FP>
<FP SOURCE="FP1-2">G. Taking of Private Property</FP>
<FP SOURCE="FP1-2">H. Civil Justice Reform</FP>
<FP SOURCE="FP1-2">I. Protection of Children</FP>
<FP SOURCE="FP1-2">J. Indian Tribal Governments</FP>
<FP SOURCE="FP1-2">K. Energy Effects</FP>
<FP SOURCE="FP1-2">L. Technical Standards</FP>
<FP SOURCE="FP1-2">M. Environment</FP>
<FP SOURCE="FP1-2">N. Congressional Review Act</FP>
</EXTRACT>
<HD SOURCE="HD1">I. Abbreviations </HD>
<EXTRACT>
<FP SOURCE="FP-1">ABS American Bureau of Shipping</FP>
<FP SOURCE="FP-1">The Act James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 (Pub. L. 117-263)</FP>
<FP SOURCE="FP-1">AGCS Allianz Global Corporate and Specialty</FP>
<FP SOURCE="FP-1">AIS Automatic Identification System</FP>
<FP SOURCE="FP-1">AMSCs Area Maritime Security Committees</FP>
<FP SOURCE="FP-1">ANPRM Advance notice of proposed rulemaking</FP>
<FP SOURCE="FP-1">ASP Alternative Security Program</FP>
<FP SOURCE="FP-1">BLS Bureau of Labor Statistics</FP>
<FP SOURCE="FP-1">BSEE Bureau of Safety and Environmental Enforcement</FP>
<FP SOURCE="FP-1">CEA Council of Economic Advisors</FP>
<FP SOURCE="FP-1">CFR Code of Federal Regulations</FP>
<FP SOURCE="FP-1">CGCSO Coast Guard Cyber Strategic Outlook</FP>
<FP SOURCE="FP-1">CG-CVC Coast Guard Office of Commercial Vessel Compliance</FP>
<FP SOURCE="FP-1">CGCYBER U.S. Coast Guard Cyber Command</FP>
<FP SOURCE="FP-1">CG-ENG Coast Guard Office of Design and Engineering Standards</FP>
<FP SOURCE="FP-1">CG-FAC Coast Guard Office of Port and Facility Compliance</FP>
<FP SOURCE="FP-1">CIRC Cyber Incident Reporting Council</FP>
<FP SOURCE="FP-1">CIRCIA Cyber Incident Reporting for Critical Infrastructure Act of 2022</FP>
<FP SOURCE="FP-1">CISA Cybersecurity and Infrastructure Security Agency</FP>
<FP SOURCE="FP-1">CISO Chief Information Security Officer</FP>
<FP SOURCE="FP-1">COTP Captain of the Port</FP>
<FP SOURCE="FP-1">CPG Cybersecurity Performance Goal</FP>
<FP SOURCE="FP-1">CRM Cyber risk management</FP>
<FP SOURCE="FP-1">CSF Cybersecurity Framework</FP>
<FP SOURCE="FP-1">CSO Company Security Officer</FP>
<FP SOURCE="FP-1">CSRC Computer Security Resource Center</FP>
<FP SOURCE="FP-1">CVC-WI Coast Guard's Office of Commercial Vessel Compliance's Work Instruction</FP>
<FP SOURCE="FP-1">CySO Cybersecurity Officer</FP>
<FP SOURCE="FP-1">DC3 Defense Cyber Crimes Center</FP>
<FP SOURCE="FP-1">DCISE Defense Industrial Base Collaborative Information Sharing Environment</FP>
<FP SOURCE="FP-1">DHS Department of Homeland Security</FP>
<FP SOURCE="FP-1">DOC Document of Compliance</FP>
<FP SOURCE="FP-1">DoD Department of Defense</FP>
<FP SOURCE="FP-1">FBI Federal Bureau of Investigation</FP>
<FP SOURCE="FP-1">FEMA Federal Emergency Management Agency</FP>
<FP SOURCE="FP-1">FR Federal Register</FP>
<FP SOURCE="FP-1">FRFA Final Regulatory Flexibility Analysis</FP>
<FP SOURCE="FP-1">FSA Facility Security Assessment</FP>
<FP SOURCE="FP-1">FSO Facility security officer</FP>
<FP SOURCE="FP-1">FSP Facility security plan</FP>
<FP SOURCE="FP-1">GPS Global Positioning System</FP>
<FP SOURCE="FP-1">HMI Human-machine interface</FP>
<FP SOURCE="FP-1">IACS International Association of Classification Societies</FP>
<FP SOURCE="FP-1">ICR Information collection request</FP>
<FP SOURCE="FP-1">IEc Industrial Economics, Incorporated</FP>
<FP SOURCE="FP-1">IMO International Maritime Organization</FP>
<FP SOURCE="FP-1">IP internet protocol</FP>
<FP SOURCE="FP-1">INMARSAT International Maritime Satellite</FP>
<FP SOURCE="FP-1">IRFA Initial Regulatory Flexibility Analysis</FP>
<FP SOURCE="FP-1">ISM International Safety Management</FP>
<FP SOURCE="FP-1">IT Information technology</FP>
<FP SOURCE="FP-1">KEV Known exploited vulnerability</FP>
<FP SOURCE="FP-1">LANTAREA Coast Guard Atlantic Area</FP>
<FP SOURCE="FP-1">MARSEC Maritime Security</FP>
<FP SOURCE="FP-1">MCAAG Maritime Cybersecurity Assessment and Annex Guide</FP>
<FP SOURCE="FP-1">MISLE Marine Information for Safety and Law Enforcement</FP>
<FP SOURCE="FP-1">MMC Merchant Mariner Credential</FP>
<FP SOURCE="FP-1">MODU Mobile offshore drilling unit</FP>
<FP SOURCE="FP-1">MSC Marine Safety Center</FP>
<FP SOURCE="FP-1">MSC-FAL International Maritime Organization's Marine Safety Committee and Facilitation Committee</FP>
<FP SOURCE="FP-1">MTS Marine transportation system</FP>
<FP SOURCE="FP-1">MTSA Maritime Transportation Security Act of 2002</FP>
<FP SOURCE="FP-1">NAICS North American Industry Classification System</FP>
<FP SOURCE="FP-1">NIST National Institute of Standards and Technology</FP>
<FP SOURCE="FP-1">NMSAC National Maritime Security Advisory Committee</FP>
<FP SOURCE="FP-1">NPRM Notice of proposed rulemaking</FP>
<FP SOURCE="FP-1">NRC National Response Center</FP>
<FP SOURCE="FP-1">NVIC Navigation and Vessel Inspection Circular</FP>
<FP SOURCE="FP-1">OCMI Officer in Charge, Marine Inspection</FP>
<FP SOURCE="FP-1">OCS Outer Continental Shelf</FP>
<FP SOURCE="FP-1">OCSLA Outer Continental Shelf Lands Act of 1953</FP>
<FP SOURCE="FP-1">OEWS Occupational Employment and Wage Statistics</FP>
<FP SOURCE="FP-1">
OMB Office of Management and Budget
</FP>
<FP SOURCE="FP-1">OSV Offshore supply vessel</FP>
<FP SOURCE="FP-1">OT Operational technology</FP>
<FP SOURCE="FP-1">PACS Physical Access Control Systems</FP>
<FP SOURCE="FP-1">PII Personally identifiable information</FP>
<FP SOURCE="FP-1">PRC People's Republic of China</FP>
<FP SOURCE="FP-1">PVA Passenger Vessel Association</FP>
<FP SOURCE="FP-1">QCEW Quarterly Census of Employment and Wages</FP>
<FP SOURCE="FP-1">RA Regulatory analysis</FP>
<FP SOURCE="FP-1">RO Recognized Organization</FP>
<FP SOURCE="FP-1">§ Section </FP>
<FP SOURCE="FP-1">SBA Small Business Administration</FP>
<FP SOURCE="FP-1">SME Subject matter expert</FP>
<FP SOURCE="FP-1">SMS Safety management system</FP>
<FP SOURCE="FP-1">SOLAS the Inter
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Preview showing 10k of 671k characters.
Full document text is stored and available for version comparison.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
This text is preserved for citation and comparison. View the official version for the authoritative text.