Inventory: IACS E26/E27 standards
To comply with the IACS E26/E27 standards, maritime organizations must create detailed asset inventories for both ship-wide and onboard systems and equipment. Here's a breakdown of the key inventory requirements from the IACS E26 and E27 specifications:
IACS UR E26: Cyber Resilience of Ships
For E26, the inventory must cover:
- Vessel Asset Inventory: This includes all OT (Operational Technology) and IT (Information Technology) equipment throughout the vessel’s lifecycle. The inventory should detail:
- Equipment type and specifications
- Location on the vessel
- Network connections and configurations
- Cybersecurity features and compliance status
- Zones and Conduit Diagram: A comprehensive mapping of the vessel's zones and conduits, identifying network segments and communication pathways.
- Cyber-Security Design Description: Documentation of the cybersecurity measures implemented during the design and construction phases.
IACS UR E27: Cyber Resilience of Onboard Systems and Equipment
For E27, the inventory must cover:
- CBS (Computer-Based Systems) Asset Inventory: Detailed information on all computer-based systems, particularly those interfacing with untrusted networks. This includes:
- System identification and specifications
- Interface descriptions
- Security capabilities and compliance status
- CBS Topology Diagrams: Network diagrams showing the interconnections and communications between CBSs.
- Description of Security Capabilities: Detailed descriptions of the security capabilities for each CBS, particularly for systems interfacing with untrusted networks.
- Security Configuration Guidelines: Documentation outlining the security configurations and best practices for each system.
Excel Inventory Template
Here's an expanded Excel table template for your inventory, with detailed descriptions for each column:
| Asset Type | Equipment/System Name | Location | Specifications | Network Connections | Cybersecurity Features | Compliance Status |
|---|---|---|---|---|---|---|
| OT Equipment | Engine Control System | Engine Room | Manufacturer, Model, Version, Serial Number, Performance Specs, Environmental Specs | IP Address, MAC Address, Protocols Used, Connected Systems, Physical Connections | Antivirus, Firewalls, Encryption, Access Controls, Intrusion Detection | Compliant, Non-compliant, Pending |
| IT Equipment | Ship's Server | Server Room | Manufacturer, Model, OS Version, CPU, RAM, Storage, Network Interface Cards (NICs) | IP Address, MAC Address, Protocols Used, Connected Systems, Physical Connections | Antivirus, Firewalls, Encryption, Access Controls, Intrusion Detection | Compliant, Non-compliant, Pending |
| CBS | Navigation System | Bridge | Manufacturer, Model, Version, Serial Number, Functional Specs, Redundancy Features | IP Address, MAC Address, Protocols Used, Connected Systems, Physical Connections | Antivirus, Firewalls, Encryption, Access Controls, Intrusion Detection | Compliant, Non-compliant, Pending |
Column Descriptions:
- Specifications:
- Manufacturer: The company that made the equipment.
- Model: The specific model number or name.
- Version: The version of the software or firmware installed.
- Serial Number: Unique identifier for the equipment.
- Performance Specs: Details on the equipment's capabilities (e.g., processing speed, memory capacity).
- Environmental Specs: Operational limits (e.g., temperature range, humidity tolerance).
- Network Connections:
- IP Address: The IP address assigned to the equipment.
- MAC Address: The Media Access Control address.
- Protocols Used: Network protocols the equipment uses (e.g., TCP/IP, UDP).
- Connected Systems: Other systems or devices to which the equipment is connected.
- Physical Connections: Physical network connections (e.g., Ethernet ports, wireless connections).
- Cybersecurity Features:
- Antivirus: Information on antivirus software installed.
- Firewalls: Details about firewall configurations and rules.
- Encryption: Types of encryption used for data protection.
- Access Controls: Measures in place to control access (e.g., passwords, multi-factor authentication).
- Intrusion Detection: Systems or software used to detect unauthorized access.
- Compliance Status:
- Compliant: Equipment meets the required cybersecurity standards.
- Non-compliant: Equipment does not meet the standards.
- Pending: Compliance status is under review or pending updates.
Example Entry:
| Asset Type | Equipment/System Name | Location | Specifications | Network Connections | Cybersecurity Features | Compliance Status |
|---|---|---|---|---|---|---|
| OT Equipment | Engine Control System | Engine Room | Manufacturer: Siemens, Model: S7-1500, Version: 2.0, Serial Number: 1234567890, Performance Specs: 1 GHz CPU, Environmental Specs: 0-60°C | IP Address: 192.168.1.10, MAC Address: 00:1A:2B:3C:4D:5E, Protocols Used: TCP/IP, Connected Systems: PLC Network, Physical Connections: Ethernet | Antivirus: McAfee, Firewalls: Cisco ASA, Encryption: AES-256, Access Controls: Password Protected, Intrusion Detection: Snort | Compliant |
IT or OT Inventory Excel Table Columns
- Asset ID: Unique identifier for each asset.
- Asset Type: IT or OT.
- Asset Name: Name of the system or device.
- Description: Brief description of the asset.
- Manufacturer: Name of the manufacturer or vendor.
- Model: Model number or name.
- Serial Number: Serial number of the device.
- Location: Physical location on the vessel (e.g., Bridge, Engine Room).
- IP Address: Network IP address, if applicable.
- MAC Address: MAC address for network devices.
- Operating System/Firmware: Version of the operating system or firmware.
- Function: Purpose of the asset (e.g., Navigation, Communication, Control).
- Connectivity: Type of connectivity (e.g., Ethernet, Wi-Fi, Serial).
- Network Segment: Segment of the network where the device is connected (e.g., VLAN, Subnet).
- Security Level: Classification of security importance (e.g., Critical, High, Medium, Low).
- Owner: Person or department responsible for the asset.
- Vendor Support: Contact information for vendor support.
- Warranty Expiry Date: Date when the warranty expires.
- Last Maintenance Date: Date of the last maintenance or inspection.
- Next Maintenance Date: Scheduled date for the next maintenance.
- End of Life (EOL): Expected end-of-life date for the asset.
- Compliance: Compliance with specific standards or regulations (e.g., IACS E26/E27, IMO).
- Risk Level: Risk assessment level (e.g., High, Medium, Low).
- Redundancy: Availability of backup or redundant systems.
- Criticality: How critical the asset is to vessel operations.
- Comments/Notes: Additional notes or comments.
Download the Inventory template file here
Instructions
- Asset Identification: Use a consistent naming convention for Asset IDs.
- Regular Updates: Regularly update the inventory to reflect changes in assets, maintenance, or compliance status.
- Security and Compliance: Ensure that all critical and high-risk assets are properly documented, maintained, and compliant with relevant standards.
- Backup: Keep a secure backup of this inventory in a location accessible to key personnel.
This inventory template will help you manage and monitor the IT and OT assets on your vessel effectively. You can customize the columns based on your specific needs and vessel operations.
You can create this table in an Excel file, ensuring each column has appropriate space for detailed entries. This structured approach will help ensure comprehensive documentation and easier management of compliance with the IACS E26 and E27 standards.
This table format can be expanded and customized according to the specific needs and equipment of your vessel.
This inventory template and guidance will help ensure your maritime operations align with the IACS E26 and E27 standards, enhancing your vessel's cyber resilience.
