33 CFR 101.620 - Owner or operator.

Regulations last checked for updates: Aug 05, 2025

Title 33 - Navigation and Navigable Waters last revised: Aug 01, 2025

View all text of Subpart F [§ 101.600 - § 101.670]

§ 101.620 - Owner or operator.

(a) Each owner or operator of a U.S.-flagged vessel, facility, or OCS facility is responsible for compliance with the requirements of this subpart.

(b) For each U.S.-flagged vessel, facility, or OCS facility, the owner or operator must—

(1) Ensure a Cybersecurity Plan is developed, approved, and maintained;

(2) Define in Section 1 of the Cybersecurity Plan the cybersecurity organizational structure and identify each person exercising cybersecurity duties and responsibilities within that structure, with the support needed to fulfill those obligations;

(3) Designate, in writing, by name and by title, a Cybersecurity Officer (CySO) who is accessible to the Coast Guard 24 hours a day, 7 days a week, and identify how the CySO can be contacted at any time;

(4) Ensure that cybersecurity exercises, audits, and inspections, as well as the Cybersecurity Assessment, are conducted as required by this part and in accordance with the Cybersecurity Plan (see § 101.625(d)(1), (3), (6) and (7));

(5) Ensure that the U.S.-flagged vessel, facility, or OCS facility operates in compliance with the approved Cybersecurity Plan;

(6) Ensure the development, approval, and execution of the Cyber Incident Response Plan; and

(7) For entities that have not reported to the Coast Guard pursuant to, or are not subject to, 33 CFR 6.16-1, ensure all reportable cyber incidents are reported to the National Response Center (NRC).

authority: 46 U.S.C. 70101-70104 and 70124; Executive Order 12656, 3 CFR, 1988 Comp., p. 585; 33 CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; Department of Homeland Security Delegation No. 00170.1, Revision No. 01.4

source: USCG-2003-14792, 68 FR 39278, July 1, 2003, unless otherwise noted.

cite as: 33 CFR 101.620