News

USCG Issues Cybersecurity Training Verification Job Aid

January 14, 2026

The U.S. Coast Guard (USCG) Office of Maritime Cybersecurity Policy (CG-MCP) has issued the attached Cybersecurity Training Verification Job Aid (Job Aid) to provide USCG inspectors with targeted questions to verify compliance with MTSA cybersecurity training requirements (33 CFR Part 101, Subpart F). These questions can now be incorporated into existing MTSA inspections and spot checks. Accordingly, please review the Job Aid and be prepared to respond to each of the questions and produce evidence of compliance, if requested.

Below is a short summary of the focus areas highlighted in the Job Aid:

Cybersecurity Training Program

  • Scope of Training – Has the facility identified all personnel (including “key personnel) who require training?
  • Training Deadline – Was the initial training for all required personnel completed by January 12, 2026?
  • Training Content – Does the training provided address each of the required topics? 
  • New Hire Training – Do new personnel (employees and contractors) receive the required training within 5 days of gaining access or within 30 days of hire?

Training Records

  • Training Record Maintenance and Detail – Does the facility maintain records of cybersecurity training that, at a minimum, include: (1) the date and duration of the training; (2) a description of the training; and (3) a list of attendees?

Untrained Personnel Access Control

  • Untrained Access Policy – Does the facility have a process for managing persons who require access to IT or OT systems but have not completed the required training?
  • Supervision Measures – What methods are used to supervise persons who are unable to complete the required cybersecurity training?
  • Remote Escorting – Are there processes in place for remote escorting of untrained personnel and who is responsible for managing that process?
  • Contractor/Third-Party Provided Training – Does the facility provide training to contractors who access IT or OT systems or is the training provided by the contractor company? If provided by the contractor company, has the facility reviewed the training to ensure compliance with 33 CFR § 101.650(d).

MTSA Cybersecurity Training Compliance Reminder

January 8, 2026

As a reminder, MTSA cybersecurity training (33 CFR § 101.650(d)) must be completed no later than January 12, 2026. Specifically, this includes training for all persons with access to IT or OT systems and additional training for “key personnel” with access to IT or remotely accessible OT systems. Personnel who gain IT or OT system access on or after January 12, 2026 must complete training within five days – but no later than within 30 days of being hired, and annually thereafter.

Beginning on January 12, 2026, the USCG has the right (but not the obligation) to review MTSA cybersecurity training compliance. Please note however, the USCG cannot review compliance with other parts of the Cybersecurity Final Rule at this time (e.g., Cybersecurity Assessments, Cybersecurity Plans, etc.).

USCG Publishes MTSA Cybersecurity FAQs

August 4, 2025

The USCG’s Cybersecurity in the Marine Transportation System (MTS) Final Rule became effective on July 16, 2025. In response to industry questions – and to provide information while future guidance is considered – the USCG published a set of Frequently Asked Questions (FAQs) on July 22, 2025. The USCG notes that the FAQs are designed only to support the regulation and do not represent or supersede the regulation itself.

USCG Homeport Website Decommissioned

May 1, 2025

On April 12, 2025, the USCG decommissioned Homeport. The USCG stated that the “Homeport system is facing increasing costs and system obsolescence. As a result, it is no longer a viable tool for managing the many functions required to ensure the smooth and safe flow of vessel traffic.” It is unclear what, if anything, will replace it (which FSOs and other MTSA stakeholders primarily used for MARSEC status and Transportation Worker Identification Credential New Hire compliance). With respect to the former, the USCG now posts MARSEC Levels for each Captain of the Port Zone via its Navigation Center website. With respect to the latter, the Office of Port & Facility Compliance “will work directly with the U.S. Transportation Security Administration (TSA) to verify newly hired employees.” FSOs seeking to verify the status of a newly hired employee for accompanied access to secure areas must email [email protected].

Join Us for the MTSA Cybersecurity Final Rule Workshop – Hosted by the Houston Ship Channel Security District & EHCMA Security Committee

January 31, 2025

The U.S. Coast Guard recently issued a Final Rule amending the Maritime Transportation Security Act (MTSA) regulations to introduce new cybersecurity requirements for MTSA-regulated facilities. These changes represent one of the most significant updates to the MTSA program since its inception and will have a substantial impact on maritime security compliance for ports, terminals, and industrial facilities in the Houston Ship Channel and beyond.

To help Facility Security Officers (FSOs), Corporate Security Officers, and IT/OT cybersecurity professionals understand these new requirements and their implications, the Houston Ship Channel Security District and EHCMA Security Committee are hosting a MTSA Cybersecurity Regulation Workshop.

Workshop Details

Date: Wednesday, March 12, 2025
Time: 8:30 AM – 3:00 PM CST

Location: Houston Pilots Association – Meeting Room

Address: 203 Deerwood Glen Drive, Deer Park, TX 77536
Facilitator: Steve Roberts, Roberts Law Group / Chemical Security Group
Cost: Free | Lunch Provided
RSVP by March 7: [https://forms.office.com/r/cxuZSEk17F]

What You’ll Learn

Breakdown of the New MTSA Cybersecurity Regulations
Compliance Requirements & Implementation Strategies
Cybersecurity Risk Mitigation for Maritime Facilities
Best Practices for Facility Security Officers and IT/OT Teams
Interactive Discussions & Industry Insights

Why Attend?

🔹 Ensure Compliance with the U.S. Coast Guard’s Cybersecurity Final Rule
🔹 Learn from Leading Industry Experts
🔹 Engage with Security Professionals & Peers
🔹 Gain Practical, Actionable Insights

About the Facilitator: Steve Roberts

We are proud to have Steve Roberts from Roberts Law Group / Chemical Security Group leading this workshop. With extensive expertise in maritime security law, compliance, and regulatory enforcement, Steve brings a pragmatic and strategic approach to cybersecurity compliance in the maritime industry. Attendees will gain real-world insights on how to prepare for and implement the new MTSA cybersecurity requirements effectively.

How to Register

RSVP by March 7, 2025: [https://forms.office.com/r/cxuZSEk17F]

Don’t miss this opportunity to stay ahead of regulatory changes and fortify your maritime security program. We look forward to seeing you there!

Meta Description: Join the MTSA Cybersecurity Final Rule Workshop on March 12, 2025, in Deer Park, TX. Led by Steve Roberts, this free event will cover U.S. Coast Guard cybersecurity regulations, compliance strategies, and risk mitigation for MTSA-regulated facilities. RSVP by March 7!

Understanding the Impact of the Regulatory Freeze Executive Order on the MTSA Cybersecurity Final Rule

January 23, 2025

On January 17, 2025, the MTSA Cybersecurity Final Rule was published in the Federal Register establishing baseline cybersecurity measures for Maritime Transportation Security Act (MTSA) facilities. However, with the issuance of President Trump’s Executive Order (EO) “Regulatory Freeze Pending Review,” questions have arisen about the Rule’s timeline and implementation.

Specifically, Section (3) of the EO encourages federal agencies to delay the effective date of published rules for 60 days to review potential questions of fact, law, or policy. For the MTSA Cybersecurity Final Rule, the 60-day delay would extend to March 20, 2025, without affecting its current July 16, 2025, effective date. During this review period, agencies can open a comment period to evaluate issues and potentially propose further delays if needed.

In the case of the MTSA Cybersecurity Rule, there appear to be no substantial questions of fact, law, or policy:

  • Fact: Cybersecurity is a recognized security risk for the maritime sector.
  • Law: The U.S. Coast Guard has longstanding authority to regulate under the MTSA.
  • Policy: There is no new policy. Existing policy under Navigation and Vessel Inspection Circular remains in place.

Despite this, some stakeholders suggest the Rule may not go far enough. For instance, the exemption for foreign-flagged vessels has drawn scrutiny. It’s also worth noting that regulatory freezes are not new. The Biden Administration issued a similar “freeze” in 2021, with language nearly identical to the Trump Administration’s 2025 order. For now, the MTSA Cybersecurity Final Rule remains on track.