An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

    HOME    |    ABOUT    |    MARINE SAFETY LEADERS    |    CONTACT US   

Final Rule: Cybersecurity in the Marine Transportation System – Implementation Timeline

July 16, 2025

On January 17, 2025, the Coast Guard published a final rule, Cybersecurity in the Marine Transportation System (MTS), in the Federal Register (90 FR 6298).  This final rule is effective on July 16, 2025 for all U.S.-flagged vessels, Outer Continental Shelf (OCS) facilities, and facilities subject to Maritime Transportation Security Act of 2002 (MTSA).  This final rule was executed in continuation of updates to Captain of the Port authority that definitively designated cybersecurity vulnerabilities as a potential threat to the security and safety of United States ports.       

Requirements in the final rule include developing and maintaining a Cybersecurity Plan, designating a Cybersecurity Officer (CySO), and taking various measures to maintain cybersecurity within the MTS. The regulation contains a phased implementation schedule: 

  • Immediately upon the effective date of July 16, 2025, all reportable cyber incidents must be reported to the National Response Center. 
  • By January 12, 2026, and annually thereafter, all personnel must complete the training specified in 33 CFR 101.650.
  • By July 16, 2027, owners and operators must designate the Cybersecurity Officer, conduct the Cybersecurity Assessment, and submit the Cybersecurity Plan for approval. 

Recognizing the escalating cyber threat from adversarial actors targeting the U.S. Marine Transportation System, the U.S. Coast Guard, leveraging the post-9/11 alignment of domestic MTSA authorities with international SOLAS and ISPS Code regimes, will intensify Port State Control (PSC) scrutiny on indicators of poor cybersecurity practices, specifically those impacting International Safety Management (ISM) Code compliance on foreign flagged vessels. This elevated focus may lead to the issuance of deficiencies requiring correction, or, if circumstances warrant, result in vessel detention, denial of entry or Captain of the Port (COTP) action to control vessel movement, as the Coast Guard implements measures to control, secure and defend the nation’s ports, waterways and shipping interests while restoring U.S. maritime dominance.

For more information, see the final rule in the Federal Register using the eRulemaking Portal at www.regulations.gov under docket number USCG-2022-0802.

For further information about this rulemaking, email MTSCyberRule@uscg.mil. For facility-related questions, call Commander Brandon Link, Office of Port and Facility Compliance, at 202-372-1107. For vessel-related questions, call Commander Christopher Rabalais, Office of Design and Engineering Standards, at 202-372-1375.

Additional guidance on these regulations, including information about the waiver and Alternative Security Program process, will be posted on the Coast Guard Maritime Industry Cybersecurity Resource Website.

DATES: This final rule is effective July 16, 2025.

###

MTSA Cybersecurity MTS

Email Updates!

To sign up for updates or to access your subscriber preferences, please click on the link below.

Subscribe Now!

 

 

This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official publications, such as the Federal Register, Homeport and the Code of Federal Regulations. These publications remain the official source for regulatory information published by the Coast Guard.