The Coast Guard has published a final rule in the Federal Register to update cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf (OCS) facilities, and facilities subject to Maritime Transportation Security Act of 2002 (MTSA).
This final rule addresses current and emerging cybersecurity threats in the Marine Transportation System (MTS) by adding minimum cybersecurity requirements to help detect risks and respond to and recover from cybersecurity incidents. These requirements include developing and maintaining a Cybersecurity Plan, designating a Cybersecurity Officer (CySO), and taking various measures to maintain cybersecurity within the MTS.
DATES: This final rule is effective July 16, 2025.
This final rule also includes a solicitation for comments on a potential delay for the implementation periods for U.S.-flagged vessels.
Comments on a potential 2-to-5-year delay for the implementation periods for U.S.-flagged vessels discussed in Section VII of the final rule preamble must be submitted by March 18, 2025.
For more information, see the final rule in the Federal Register using the eRulemaking Portal at www.regulations.gov under docket number USCG-2022-0802.
For further information about this rulemaking, email MTSCyberRule@uscg.mil. For facility-related questions, call Commander Brandon Link, Office of Port and Facility Compliance, at 202-372-1107. For vessel-related questions, call Commander Christopher Rabalais, Office of Design and Engineering Standards, at 202-372-1375.
Additional guidance on these regulations including a cyber regulations fact sheet, a small entity compliance guide for vessels, a small entity compliance guide for facilities, and information about the waiver and Alternative Security Program process, will be posted on the Coast Guard Maritime Industry Cybersecurity Resource Website.
###