Asset Inventory & Mapping Guide
Requirement: IACS UR E26 (§4.1.1) and IEC 62443-2-4 require a documented inventory of all Computer Based Systems (CBS). This module provides the technical methodology for discovering and categorizing these assets.
You cannot protect what you cannot see. In the maritime environment, asset management is the process of identifying every PLC, HMI, Sensor, and Gateway that contributes to the safe operation of the vessel.
1. The Maritime Discovery Framework
Traditional IT “active scanning” is often too aggressive for sensitive maritime OT. Our framework utilizes a dual-layered approach to ensure 100% visibility without risking system crashes or network latency.
Listening to network traffic via SPAN ports to identify assets without sending any data. Safe for all maritime OT systems.
On-deck verification of serial numbers and firmware from nameplates on non-networked equipment.
Safety Warning: Active Scanning
Never perform active vulnerability scans or “NMAP” scans while the vessel is underway. High-frequency pings can cause PLCs to enter a “Fail-Safe” state.
2. Mandatory Data Points for E27 (§3.1.1)
Under IACS UR E27, every Computer Based System (CBS) must be documented with granular detail. This data forms the foundation of the system’s “Type Approval” and technical security profile.
The “Golden” Inventory Requirements
E27 COMPLIANT EVIDENCE| Category | Required Data Points (UR E27) |
|---|---|
|
Hardware Components Hosts, Embedded, Network Devices |
Identity: Name, Brand/Manufacturer, Model/Type Function: Short description of purpose Physical: physical interfaces (Network, Serial, USB, etc.) OS/Firmware: Name/Type, Version, and Patch Level Connectivity: Supported communication protocols |
|
Software Components Applications & Utilities |
Mapping: The hardware component where it is installed Identity: Brand/Manufacturer, Model/Type Function: functionality/purpose Version: Current software version |
Pro-Tip: Cross-referencing Physical Interfaces with Protocols is essential for Zone & Conduit mapping.
3. Enhancing the Inventory for UR E26 Compliance
While E27 looks at the system, UR E26 looks at the ship. To achieve full vessel resilience, your inventory must be enhanced with context that defines how systems interact.
UR E26 (§4.1.1.3) suggests two critical metadata points essential for proving Zone & Conduit architecture.
Determines the safety impact. Surveyor Tip: Always include a ‘Justification’ column to explain the safety classification.
Defines network boundary mapping. Allows for instant verification of your Firewall/Conduit rules.
4. Standardizing Mapping & UIDs
The most common cause of audit “Non-Conformities” is a lack of traceability. If your Network Diagram, Asset Inventory, and Cable Tags do not share the same naming convention, the Auditor cannot verify the security perimeter.
E27 requires every physical asset to have a Unique Asset Identifier (UID) to ensure software update reliability.
NAV-FURUNO-001
Example: The Hardware-to-Software Link
E27 Compliance Toolkit
Download our standardized Excel template and Physical Walk-through checklist to ensure your vessel’s CBS inventory meets IACS requirements.
Next Section
System Criticality Mapping
System Criticality Mapping Computer-based systems are categorized in accordance with IACS UR E22 (Cat I–III). UR E26 r...