scope:

This document specifies requirements, methods of testing and required test results where standards are needed to provide a basic level of protection against cyber incidents (i.e. malicious attempts, which actually or potentially result in adverse consequences to equipment, their networks or the information that they process, store or transmit) for:

a) shipborne radio equipment forming part of the global maritime distress and safety system (GMDSS) mentioned in the International Convention for Safety of Life at Sea (SOLAS) as amended, and by the Torremolinos International Convention for the Safety of Fishing Vessels as amended, and to other shipborne radio equipment, where appropriate;

b) shipborne navigational equipment mentioned in the International Convention for Safety of Life at Sea (SOLAS) as amended, and by the Torremolinos International Convention for the Safety of Fishing Vessels as amended,

c) other shipborne navigational aids, and Aids to Navigation (AtoN), where appropriate.

The document is organised as a series of modules dealing with different aspects. The document considers both normal operation of equipment and the maintenance of equipment. For each module, a statement is provided indicating whether the module applies during normal operation or in maintenance mode.

Communication initiated from navigation or radiocommunication equipment outside of items a), b) and c) above, for example ship side to other ship or shore side, are outside of the scope of this document.

This document does not address cyber-hygiene checks, for example anti-malware scanning, etc., performed outside of the cases defined in this document.