We implement the MTSA Cybersecurity Appendix requirements from initial assessment through completed documentation submission. We begin with a gap assessment against the rule’s requirements, then develop your Cybersecurity Plan (CSP) as an appendix to your existing Facility Security Plan or as a standalone document where applicable. We address both information technology (IT) and operational technology (OT) environments

— because maritime operations frequently involve industrial control systems, navigation systems, and cargo management platforms that are in scope for the rule but often overlooked in generic cybersecurity assessments.

• Gap assessment against MTSA Cybersecurity Appendix requirements
  
• Cybersecurity risk assessment covering IT and OT environments
• Cybersecurity Plan (CSP) development — compliant with USCG requirements
• Incident response procedures tailored to maritime operations
• Cybersecurity roles and responsibilities documentation
• Crew and personnel cybersecurity awareness program
• Access control and network segmentation recommendations
• USCG submission documentation support
• Integration with existing Facility Security Plan (FSP) where applicable

Most cybersecurity compliance frameworks address enterprise IT environments. Maritime operations introduce industrial control systems — vessel management systems, cargo handling automation, navigation technology — that require a different assessment approach.  Generic cybersecurity consultants apply IT frameworks to OT environments without understanding the operational constraints. We scope both environments under the rule’s requirements.  Additionally, most MTSA compliance practitioners are security plan specialists, not cybersecurity professionals. We approach this from the cybersecurity implementation side, which is where the new compliance gap sits.