Identify: Asset Management & Mapping

IACS UR E26 Control 3.1.1: System Identification & Inventory

The foundation of vessel cyber security. You cannot protect what you cannot see. This playbook provides the procedures for discovering OT assets, mapping marine protocols, and establishing the criticality matrix required for a successful Class survey.

Phase: Identify (Step 01)
NIST CSF v2.0 Aligned
01
Identify
Asset Library & Protocol Mapping
02
Protect
03
Detect
04
Respond
05
Recover
Inventory Blueprint: Mapping the Cyber-Physical Ship

A compliant Asset Inventory is more than a list of IP addresses. It must define the Logical Connectivity between navigation, propulsion, and administrative systems. This blueprint visualizes how data flows across the vessel’s digital topography.

Vessel Asset Mapping Model

Reference: Tagsia Asset Discovery Standard (IACS UR E26 / NIST Aligned)

PILLAR A

Asset Management

Requirement 4.1.1: Full inventory of hardware, software, and firmware. Categorize systems (I, II, or III) based on safety impact.

PILLAR B

Communication Mapping

Mapping the digital topography. Document information flows, marine protocols, and critical system interdependencies.

PILLAR C

Governance & Certification

Finalizing audit readiness. Establishing roles, Management of Change (MoC) policies, and the final CSDD/Exclusion reports.

Step 01 Deliverables: Inventory Evidence

The following artifacts must be completed during the Identify phase to support later segmentation (Protect) and certification (Certify):

  • Master Asset Register: Verified list of CBS with MAC/IP and physical locations.
  • Criticality Assignment: Ranking of systems (Category I, II, III) based on safety impact.
  • Data Flow Map: Logical visualization of inter-system communication protocols.
Scroll to Top