StacksVerified U.S. regulatory reference

33 CFR §101.620

Verified against eCFR.gov as of June 20, 2026View official text on eCFR.gov
  1. (a)Each owner or operator of a U.S.-flagged vessel, facility, or OCS facility is responsible for compliance with the requirements of this subpart.
  2. (b)For each U.S.-flagged vessel, facility, or OCS facility, the owner or operator must—
    1. (1)Ensure a Cybersecurity Plan is developed, approved, and maintained;
    2. (2)Define in Section 1 of the Cybersecurity Plan the cybersecurity organizational structure and identify each person exercising cybersecurity duties and responsibilities within that structure, with the support needed to fulfill those obligations;
    3. (3)Designate, in writing, by name and by title, a Cybersecurity Officer (CySO) who is accessible to the Coast Guard 24 hours a day, 7 days a week, and identify how the CySO can be contacted at any time;
    4. (4)Ensure that cybersecurity exercises, audits, and inspections, as well as the Cybersecurity Assessment, are conducted as required by this part and in accordance with the Cybersecurity Plan (see § 101.625(d)(1), (3), (6) and (7));
    5. (5)Ensure that the U.S.-flagged vessel, facility, or OCS facility operates in compliance with the approved Cybersecurity Plan;
    6. (6)Ensure the development, approval, and execution of the Cyber Incident Response Plan; and
    7. (7)For entities that have not reported to the Coast Guard pursuant to, or are not subject to, 33 CFR 6.16-1, ensure all reportable cyber incidents are reported to the National Response Center (NRC).