Part of the Audit & Compliance Section
← Return to Hub
Phase Review & Verification
This matrix summarizes the mandatory functional requirements from IACS UR E26 (Rev.1 Nov 2023). For a vessel to be compliant, the ETO must verify that each action below is implemented and testable.
PHASE 1: IDENTIFY
| §4.1.1: Vessel asset inventory | Functional Action: Create and maintain a full inventory of all Computer Based Systems (CBS), identifying their category (I, II, or III) and physical location. |
PHASE 2: PROTECT
| §4.2.1: Security zones & segmentation | Functional Action: Define logical and physical boundaries between systems of different categories. |
| §4.2.2: Network protection safeguards | Functional Action: Implement firewalls or managed switches to control and filter traffic between zones. |
| §4.2.3: Data protection, Antivirus, AntiMalware, AntiSpam | Functional Action: Ensure data integrity during transit and storage, protecting sensitive system configurations. |
| §4.2.4: Access control | Functional Action: Limit physical, logical, digital access to critical CBS hardware and network infrastructure. |
| §4.2.5: Wireless communication | Functional Action: Secure all wireless interfaces with encryption and authentication to prevent unauthorized bridge access. |
| §4.2.6: Remote access control | Functional Action: Implement strict rules for all vendor VSAT or shore-to-ship connections and untrusted Networks. |
| §4.2.7: Mobile & Portable Devices | Functional Action: Control the use of USB drives and laptops to prevent malware introduction into the OT network. |
PHASE 3: DETECT
| §4.3.1: Network operation monitoring | Functional Action: Implement tools to monitor network traffic for anomalies and generate alerts for suspicious activity. |
| §4.3.2: Verification & diagnostics | Functional Action: Regularly test that detection systems are active and logs are being correctly recorded. |
PHASE 4: RESPOND
| §4.4.1: Incident response plan | Functional Action: Establish clear procedures for the crew to follow when a cyber-incident is detected. |
| §4.4.2: Local & manual operation | Functional Action: Ensure the ship can be safely operated via local controls if the network is compromised. |
| §4.4.3: Network isolation | Functional Action: Provide the capability to physically or logically isolate network segments during an attack. |
| §4.4.4: Fallback to minimal risk | Functional Action: Develop procedures to bring the vessel to a “Minimal Risk Condition” safely after a security failure. |
PHASE 5: RECOVER
| §4.5.1: Recovery planning | Functional Action: Maintain a documented recovery plan to restore essential functions post-incident. |
| §4.5.2: Backup and restore | Functional Action: Regularly back up system configurations and verify that they can be successfully restored. |
| §4.5.3: Controlled shutdown & reset | Functional Action: Demonstrate that systems can be cleanly reset and restarted to a known safe state. |