scope:

The requirements in this Guide are applicable to standalone, federated, and integrated computer-based information technology and operational technology systems installed on a vessel.

Classification Scope

Compliance with the requirements in this Guide may result in issuance of a CS-System, CS‑Ready, CS-1, or CS-2 notation to an ABS-classed vessel with cyber-enabled functions. The scope of each notation is limited to Primary Essential Services and ancillary OT or IT systems or functions digitally connected to Primary Essential Services systems.

Primary Essential Services are those services considered necessary for continuous operation to maintain propulsion and steering as well as services that are essential for safety in an emergency. See 4‑8‑1/7.3.3 of the Marine Vessel Rules or other applicable Rule set (see Note 1 below). For examples of Primary Essential Services, refer to 4‑8‑1/Table 1 of the Marine Vessel Rules, 4‑1‑1/ Table 3 of the MOU Rules, and Section 1/Table 1 of this Guide. The assessment is also to include ancillary integrated OT control and related IT systems that potentially impact automated systems integrity and security. Composite or integrated functions such as propulsion management systems will be reviewed as priority combinations of Primary Essential Services.

Non-safety-related connected control systems or information systems, and non-safety-related ancillary connected equipment are not included in the notation unless detailed in the verification plan. However, if a review of the vessel's Primary Essential Services and connected system architecture determines that the verification plan omits cyber-enabled equipment deemed important by the Company, that equipment may be added to the verification plan and included in the business agreement in place for the notation assessment.

Notes:

1 The Marine Vessel Rules (4-9-3/1) define relevant automated systems as, "Computer-based systems used for control, monitoring, safety, or internal communication systems". For vessels classed with the notation ACCU or those built after 2012, computerized control interface systems and controllers are automatically categorized Primary Essential Services. For all other vessels, inclusion of such systems and controllers in the scope of the notation depends on their relevance to safety and security or potential effects on Primary Essential Services.

2 This Guide applies to manned and self-propelled, existing and new marine vessels and offshore units (including liftboats), referred to as "vessels" in this Guide, for which the optional CS‑System, CS-Ready, CS-1, and CS-2 notations have been requested.