As a reminder, MTSA cybersecurity training (33 CFR § 101.650(d)) must be completed no later than January 12, 2026. Specifically, this includes training for all persons with access to IT or OT systems and additional training for “key personnel” with access to IT or remotely accessible OT systems. Personnel who gain IT or OT system access on or after January 12, 2026 must complete training within five days – but no later than within 30 days of being hired, and annually thereafter.
Beginning on January 12, 2026, the USCG has the right (but not the obligation) to review MTSA cybersecurity training compliance. Please note however, the USCG cannot review compliance with other parts of the Cybersecurity Final Rule at this time (e.g., Cybersecurity Assessments, Cybersecurity Plans, etc.).