USCG Issues Waiver & Equivalency Guidance

On June 3, 2026, the U.S. Coast Guard’s (USCG’s) Office of Cybersecurity Policy (CG-MCP) issued Cybersecurity Waiver & Equivalency Guidance (MCP-WI-002) to provide a unified process for entities to request waivers or equivalencies from the Maritime Transportation Security Act (MTSA) Cybersecurity Regulation (33 CFR Part 101 – Subpart F). The Work Instruction promotes consistent USCG review of waiver and equivalency requests while preserving flexibility for entities with different operational profiles, cyber maturity levels, and Information Technology (IT) and Operational Technology (OT) environments. The Work Instruction also emphasizes that a completed Cybersecurity Assessment (CSA) is the required foundation, and a mandatory

Read More »

USCG Issues Cybersecurity Assessment Initial Scoping and Process Policy Letter

USCG Issues Cybersecurity Assessment Initial Scoping and Process Policy Letter On June 2, 2026, the U.S. Coast Guard’s (USCG’s) Office of Cybersecurity Policy (CG-MCP) issued Policy Letter 01-26: Cybersecurity Assessment Initial Scoping and Process. The Policy Letter provides guidance that regulated entities may use to identify Information Technology (IT) and Operational Technology (OT) that is “in scope” for the purposes of applicability under the MTSA Cybersecurity Regulation (33 CFR Part 101 – Subpart F). This process is centered on the use of a Cybersecurity Assessment (CSA). Note: The methodology / process outlined in the Policy Letter is not mandatory. Companies

Read More »