33 CFR Part 101 · Subpart F · Cybersecurity

Cleared
for 2027.

If your vessel or facility carries a security plan under MTSA, the Coast Guard’s cyber rule now applies to you. The assessment and plan are due July 16, 2027. We get operators across the country there, and we do it without making you overspend.

Start your assessment See what’s required
Days to the deadline
until the Cybersecurity Assessment and Plan are due for every covered U.S.-flagged vessel and facility.
DEADLINE: 16 JUL 2027  ·  33 CFR § 101.650(e)(1)

Where the fleet stands in the channel

Jul 16, 2025
Rule in effect. Incident reporting begins.
Passed
Jan 12, 2026
Personnel cyber training due, annually after.
Passed
Jul 16, 2027
CySO named, Assessment done, Plan submitted.
Ahead
What the rule actually requires

One assessment everybody has to do. We make sure you only buy what you need.

The Coast Guard added cybersecurity to the security-plan framework that already covers your boats and docks. It is not optional, and the footprint of your systems does not get you out of it.

  • §101.650(e)(1)Cybersecurity AssessmentThe required first step. Maps your IT and OT and the real risk. Due July 16, 2027 and every year after.
  • §101.625Cybersecurity Officer (CySO)A designated officer reachable by the Coast Guard 24/7. One person can cover a small fleet.
  • §101.630Cybersecurity PlanBuilt off the assessment, submitted to the Coast Guard for approval by the deadline.
  • §101.650(d)Crew trainingAnnual cybersecurity awareness training for your people, plus role training for key personnel.
  • §101.615Incident reportingReportable cyber incidents go to the National Response Center without delay.
The part operators miss

Even a boat with almost no computers still has to do the assessment. The rule covers inland towing vessels, barges, OSVs, waterfront facilities, and offshore platforms. The Coast Guard turned down requests to leave small towboats out.

Good news: once the assessment is done, the requirements that are impractical for older equipment can usually be met with compensating controls in your plan, not expensive upgrades. That is where we save you money.

What we handle

The whole compliance job, start to inspection.

You run the boats. We run the paperwork, the assessment, and the standing officer role the rule requires.

Cybersecurity Assessment

§ 101.650(e)(1)

The required foundation. We map your IT and OT footprint and document the findings that drive everything else.

Cybersecurity Plan

§ 101.630

We write and submit the plan the Coast Guard approves, integrated with your existing vessel or facility security plan.

CySO as a service

§ 101.625

A designated Cybersecurity Officer, reachable 24/7, without putting another salaried role on your books.

Waivers & equivalency

§ 101.665

When a requirement is impractical on older gear, we file the right relief, and only when it is actually needed.

Training & records

§ 101.650(d)

Annual crew training and the recordkeeping the Coast Guard expects to see, kept current and inspection-ready.

Annual upkeep

recurring

The assessment repeats every year and on any sale. We keep you compliant cycle to cycle so it never lapses.

How we keep it affordable

You have to do the assessment. You don’t have to gold-plate it.

Most compliance shops sell you the most expensive version of everything. We start from what the rule actually lets you document, and price the job to your real footprint.

01

Compensating controls first

For older equipment, the rule lets you document practical controls in your plan instead of forcing costly upgrades. We take that path wherever it is allowed.

02

Right-size, don’t over-buy

The assessment tells us your true footprint. A four-boat operation does not need a refinery’s cybersecurity program, and we will not sell you one.

03

Waivers only when needed

Formal Coast Guard filings are slow. We reserve them for the few requirements that genuinely call for one, and handle the submission for you.

Who we work with

Built for the working fleet, from a single towboat to a full OSV operation.

  • Family towing and barge operations on the inland rivers and the Intracoastal
  • Offshore supply and crew boat fleets working the coasts and offshore fields
  • Waterfront facilities, fleeting areas, and OCS platforms under MTSA
  • Operators anywhere in the U.S. who want plain answers, not jargon
The deadline is real
July 16, 2027The date your assessment must be complete and your plan submitted for Coast Guard approval. The earlier you start, the cheaper and calmer it is.
Get on the schedule
How the engagement runs

Four steps to compliant, and staying that way.

STEP 01

Intake

A short call and a simple footprint form. We learn your vessels, systems, and what you already have in place.

STEP 02

Assessment

We conduct the Cybersecurity Assessment, identify what is critical, and produce the finding record the rule requires.

STEP 03

Plan & filings

We write the plan, document compensating controls, and file any waivers, then submit for Coast Guard approval.

STEP 04

Ongoing CySO

We hold the 24/7 officer role, run your annual assessment and training, and keep records inspection-ready.

Let’s talk

Get your fleet compliant before 2027.

Tell us how many vessels or facilities you run and where they operate. We will come back with a clear scope and a flat price, no jargon.

andrew@pelicancompliance.com
(504) 275-5157
Serving the U.S. fleet nationwide
Opens your email to send. Nothing is stored on this page.