5 options to becoming MSC428 (98) compliant. Option 4. NIST Cyber Security Framework and Validation Program

MSC 428(98) from January 1st has taken effect. Depending on the anniversary date of your Document of Compliance (DOC) you may have some months before you are required to demonstrate compliance. Each day this week we will highlight ways in which you can easily show the auditor that your Company complies.

4. NIST Cyber Security Framework and Validation Program

What is it?

The National Institute of Standards and Technology is part of the United States Commerce Department. The Cybersecurity Framework is a set of guidelines for private sector companies to follow to be better prepared in identifying, detecting, and responding to cyber-attacks.

As such there is no certification process but third party companies (including Eazi Security) can write policies and procedures which comply with the NIST standards.


Full compliance with NIST is in excess of the requirements of MSC428(98).

The framework is easy to understand with sufficient detail for a route-map to be adapted to each maritime company’s requirements.


NIST is not specifically designed for the maritime industry and certain sections of the framework may not be applicable to all vessels.


For a typical medium size ship operator with no existing procedures could expect costs to be in the region of USD $7500.

Time frame to compliance

4 to 8 weeks depending on vessel and company complexity.

If you wish to know more about Eazi Security and their world leading cyber security software solutions please contact David Clayden
Email David.clayden@eazisecurity.com Tel +44 (0)7711 351463