U.S. Coast Guard rolls out cybersecurity training checks for vessel inspections
The U.S. Coast Guard has introduced a new job aid to standardise cybersecurity training checks during inspections. This tool will help inspectors verify that vessel operators, offshore facilities, and Outer Continental Shelf operations meet training requirements. It does not introduce new rules but provides clear guidance for routine assessments.
The job aid is divided into three main sections. The first checks whether a formal cybersecurity training programme exists and covers essential topics. These include threat recognition, incident reporting, and operational technology (OT) security.
The second section ensures that training records are properly maintained and easily accessible. Inspectors will confirm that all personnel, including contractors, complete mandatory training by the January 12, 2026 deadline.
The final part focuses on controls for untrained staff. Operators must show how they supervise personnel without training and manage access for third parties. During inspections, they will also need to demonstrate compliant programmes, up-to-date records, and procedures for restricting system access.
The job aid gives inspectors a consistent way to assess cybersecurity training compliance. Operators must now prove their programmes are in place, records are complete, and untrained personnel are properly managed. The tool applies to all U.S.-flagged vessels, facilities, and offshore operations under Coast Guard oversight.
