CSDD & Exclusion Assessment
UR E26 §5.1.1 & §6: The Cyber System Definition Document (CSDD) is the mandatory technical file submitted for Class approval. It defines the “Trust Boundary” of the vessel. Section 6 provides the framework for Risk-Based Exclusion, allowing non-critical systems to be removed from scope if they pose no threat to safety functions.
1. Assembling the CSDD (The Submission File)
The CSDD is your vessel’s “Master Blueprint.” It proves to the Auditor that you have Identified your assets correctly. Your CSDD must include these three core pillars:
Must show physical cabling (Ethernet/Serial) and logical zones. Highlight all “Conduits” crossing between IT and OT environments.
Comprehensive list including firmware versions. All software must be cross-referenced against the Vulnerability Feed.
Identify critical protocols (Modbus, NMEA, S7). This matrix defines the “Blast Radius” in the event of a cyber incident.
1.1 CSDD Checklist for Class Submission
Before submitting your technical file to the Class Society, verify that these specific data points are documented to avoid RFI (Request for Information) delays.
| [ ] | Boundary Logic | Are all Firewalls/Diodes identified by physical location and port mapping? |
| [ ] | Dependency Impact | Does the CSDD list the ‘System Criticality’ for every asset found in the inventory? |
| [ ] | Vendor Data Flow | Are NMEA/Modbus/Proprietary flows mapped between different OEM systems? |
| [ ] | Software Baseline | Is there a ‘Frozen’ firmware version listed for all Category II & III components? |
1.2 Technical Exclusion Matrix (UR E26 & DNV Benchmark)
Use this logic gate to justify why certain systems are removed from the audit scope. For DNV Vessels, this logic must be documented in the Cyber Security Risk Assessment for Exclusion (Doc F011/F021).
| System Example | Functional Test (Safety/Propulsion) | Logical Test (DNV Isolation) | Result |
|---|---|---|---|
| Crew Entertainment | Failure impacts morale? Yes. Safety? No. | Physically isolated standalone switch. No IP link. | EXCLUDABLE |
| Cabin HVAC | Failure impacts comfort? Yes. Safety? No. | Shares backbone/VLAN with AMS. | IN SCOPE (Shared Conduit) |
| Integrated Control System | Serves multiple vessel functions. | N/A – DNV logic forbids exclusion of ICS. | MANDATORY SCOPE |
💡 Strategic Intelligence: The “Maintenance Port” Trap
Auditors often reject exclusions for systems that appear isolated but have a “Remote Maintenance Port”. If an OEM can dial into a system, it is logically connected to the external world. Always audit the Physical Layer (Layer 1) before claiming Section 6 exclusion.
Risk-Based Exclusion Checklist
To qualify for exclusion under DNV-CG-0325 or UR E26 Section 6, you must provide evidence for the following five points:
- 1. Logical Isolation: No IP-network communication. No remote access.
- 2. Physical Control: System is in a locked, restricted area.
- 3. Port Lockdown: No physical ports (USB/RJ45) accessible to unauthorized personnel.
- 4. Non-Criticality: System is not needed for Propulsion, Steering, or Power.
- 5. No Integration: The system is not an Integrated Control System (ICS).
Class Evidence Tip
DNV and other Class Societies require that any “Negligible Risk” claim be supported by a technical justification. You must prove the system has a minimized attack surface and no potential impact on safety functions.
Compliance Documentation Previews
Standardized templates and technical logs. View watermarked previews below; premium SOPs and fillable forms require the Pro Bundle.
Next Section
Audit Evidence Templates
Audit Evidence Templates The Surveyor's View: During a Cyber Secure (Tier 1 or 2) audit, the inspector won't just look a...
