TAGSIA.COM
Threat Mapping Matrix
Functional Threat-to-System Mapping for OT Risk Assessment (IACS UR E26 §4.2 / UR E27 / IEC 62443)
Doc ID: TAG-OT-LOG-06
Compliance: E26 §4.2 / E27 / IEC 62443
Rev: 1.0
Compliance: E26 §4.2 / E27 / IEC 62443
Rev: 1.0
1. VESSEL & ASSESSMENT DETAILS
| Vessel Name: | IMO Number: | ||
| Assessment Date: | Review Type: | ||
| Prepared by: | Reviewed by: | ||
| Vessel Type: | Flag State: | ||
| CSDD Reference: | Class / Surveyor: |
2. PURPOSE & SCOPE
Purpose: This matrix maps identified functional threat scenarios to the specific CBS (Computer Based Systems) on this vessel that could be affected, the safety impact category of each system, and the technical controls in place to mitigate each threat. It supports the risk assessment required under IACS UR E26 §4.2 and provides the threat-to-control evidence required under UR E27 for in-scope equipment.
| CBS categories in scope: | |
| Threat scenarios assessed: |
3. THREAT MAPPING MATRIX
For each threat scenario, identify the affected CBS, its safety category, the potential safety impact, the likelihood rating, and the technical controls in place. Add rows as required for vessel-specific systems.
| # | Threat Scenario | Affected CBS / System | CBS Cat. | Safety Impact if Exploited | Likelihood (H/M/L) |
Mitigating Control(s) in Place | Residual Risk (H/M/L) |
|---|---|---|---|---|---|---|---|
| 1 | |||||||
| 2 | |||||||
| 3 | |||||||
| 4 | |||||||
| 5 | |||||||
| 6 | |||||||
| 7 | |||||||
| 8 |
4. LIKELIHOOD RATING GUIDE
Use the following definitions consistently across all rows. Likelihood is based on the accessibility of the threat vector and the adequacy of current controls — not on the sophistication of a hypothetical attacker.
| Rating | Label | Definition |
|---|---|---|
| H | High | The threat vector is readily accessible from the current network architecture or physical environment. Existing controls do not adequately restrict access. Exploitation requires limited skill or resources. |
| M | Medium | The threat vector exists but is partially restricted by current controls. Exploitation requires some access, skill, or opportunity. Residual risk remains after current mitigations are applied. |
| L | Low | The threat vector is substantially restricted by existing controls. Exploitation would require significant resources, insider knowledge, or physical access that is itself adequately controlled. |
5. OPEN FINDINGS & REMEDIATION ACTIONS
List any threat scenarios rated H or M residual risk where additional mitigations are required. Each finding must be assigned an owner and a target completion date.
| Row # | Threat Scenario | Residual Risk | Required Remediation Action | Owner | Target Date | Status |
|---|---|---|---|---|---|---|
6. SIGN-OFF
| Prepared by (ETO): | Signature / Date: | ||
| Reviewed by (DPA): | Signature / Date: | ||
| Approved by (Master): | Signature / Date: | ||
| Next review due: | Trigger for early review: |
TAG-OT-LOG-06 · Threat Mapping Matrix · Rev 1.0 · tagsia.com
IACS UR E26 §4.2 · UR E27 · IEC 62443 · ISM Code §7
© Tagsia — Free to registered users
