Maritime OT Playbooks & Implementation Hub
NIST-Aligned Security Lifecycle: Identify • Protect • Detect • Respond • Recover
The central repository for standardized maritime cyber-security operations. These playbooks translate IACS UR E26/E27 requirements into actionable engineering and bridge-level procedures for total fleet resilience.
What is a maritime OT playbook?
A playbook is a structured, step-by-step procedure written for the people who actually work on the systems — the ETO, Chief Engineer, and bridge officers — not a policy document produced for management review. Each playbook explains the reasoning behind a control, how to implement it in a maritime OT environment, and what evidence it produces. Whether you are working toward IACS UR E26 compliance on a newbuild, implementing IMO MSC-FAL.1 requirements on an existing vessel, or simply trying to understand what good cyber security practice looks like on a ship, the playbooks give you the operational detail that generic frameworks leave out.
The five phases follow the NIST Cybersecurity Framework (CSF v2.0), which underpins IACS UR E26, the Industry Guidelines on Cyber Security Onboard Ships (v5, 2024), and IMO MSC-FAL.1/Circ.3 Rev.3. This means the same work satisfies multiple frameworks simultaneously — an asset inventory produced for E26 §4.1 also satisfies the TMSA 3 Element 13 risk assessment requirement and the BIMCO guidelines’ Identify function. The phases are sequential but not isolated — evidence produced in IDENTIFY feeds directly into PROTECT, and lessons from RECOVER feed back into IDENTIFY at the next review cycle.
1. Inventory & Map
Start with the Identify Playbook to define your asset library and zones. You cannot protect what you haven’t mapped.
2. Deploy Safeguards
Apply technical hardening and monitoring from the Protect and Detect sections to secure the digital perimeter.
3. Document & Comply
Use the Form templates to record implementation evidence. This documentation is the final requirement for IACS UR E26/E27 Audit Readiness.
