ASTM F3449-20

1.1 This guide is designed to provide the maritime industry guidance, information, and options for incorporating cyber elements into safety management systems (SMS) in accordance with the International Safety Management (ISM) Code and other national (United States) and international requirements.

1.2 This guide will support U.S. maritime operating companies but is a guide only and does not recommend a specific course of action. However, this guide is to be used to improve cyber safety, address vulnerability, recommend and outline training, and raise knowledge and awareness of cyber threats by leveraging documented, auditable SMS mechanisms.

1.3 The purpose of this guide is to offer guidance, information, and options based on a consensus of opinions but not to establish a standard practice. Each organization shall evaluate their SMS, their information management systems at sea and ashore, and the level of cyber risk that exists within the organization to determine the best methods of compliance with the cybersecurity requirements of the ISM Code or other legal or self-imposed requirements or both.

1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.

1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.