Client portal
RUS
CN
Client portal
RUS
CN
A secure fleet starts with a precise audit.
CYBER NEVA LLC specializes in comprehensive vessel cybersecurity audits – from a complete inventory of hardware and software to vulnerability analysis and the development of a prioritized protection plan. We utilize the updated guidelines of IMO MSC-FAL.1/Circ.3-Rev.3, approved on April 4, 2025, which provide clear criteria for the assessment and risk management of IT and OT systems.
Furthermore, we ensure compliance with the new IACS Unified Requirements UR-E26 and UR-E27, which are mandatory for ships built under contracts signed after July 1, 2024. This guarantees the readiness of both crew and equipment for CYBER-class certification.
Our goal is to ensure your fleet's compliance with international requirements, resilience against cyber threats, and seamless readiness for inspections and certifications without disruptions or delays.
Services
  • Inventory (Identify)
    • We create a complete map of the network infrastructure: physical and virtual segments.
    • We account for IT devices (servers, PCs, communication equipment) and OT systems (shipboard controllers, sensors, actuation systems).
    • Documentation of software, versions, and external connections — IT and OT together (CBS – Computer-Based Systems).
  • Vulnerability detection
    • Comprehensive scanning using automated tools and manual testing (penetration testing).
    • Network checks for open ports, outdated services, and insecure configurations.
    • Separate analysis of the OT segment: monitoring the security integrity of industrial controllers.
  • Risk assessment according to standards
    • Risk analysis based on classification: probability + impact on safety/operations.
    • Alignment with the recommendations of IMO MSC-FAL.1/Circ.3 and including resolution MSC.428(98).
    • Accounting for IACS UR E26/E27 (from 1 Jan 2024) on IT/OT integration and equipment protection.
    • Compliance with the requirements of RMRS and the ISM/ISPS Code.
  • Protection enhancement plan (Treat & Prioritize)
    • Preparation of a plan with prioritized measures: urgent and strategic.
    • Protection practices: network segmentation, updates, access control, software hardening.
    • Implementation of attack detection (IDS/IPS), ensuring backup procedures, and developing incident response and recovery plans.
    • Preparation for compliance with CYBER class + IACS UR, IMO/SMS, and RMRS requirements.
  • Documentation and reporting
    • We prepare a comprehensive report including: infrastructure maps, test results, risk assessments, and a recommended roadmap.
    • Preparation for classification and reclassification audits (RMRS/ISM/ISPS) with complete documentation.
    • The plan includes materials for internal crew cybersecurity training.
  • Monitoring and change management
    • Configuration of the identify-protect-detect-respond-recover cycle (NIST/IMO framework).
    • A change control protocol for infrastructure – systems for inventory and tracking software updates, including the OT environment.
    • Support for the procedure of regular risk review and audit.
Results for the customer
  • Comprehensive report on network and IT/OT assets
    • Complete inventory of equipment, networks, software, and connections.
    • Graphical diagrams, topology maps, and tables for clarity.
  • Identified vulnerabilities and technical risks
    • A list of discovered vulnerabilities with severity levels and evidence (screenshots, logs).
    • A technical document for each vulnerability describing potential consequences and providing a brief overview of countermeasures.
  • Risk assessment and priority matrix
    • Risk Evaluation and Priority Matrix: Determination of the risk level for each vulnerability (Probability × Impact) according to IMO MSC-FAL.1/Circ.3, IACS, RMRS, and ISO/NIST frameworks .
    • Risk Matrix: A risk matrix with clearly defined zones of highest criticality.
  • Executive digest for management
    • Executive Summary: A concise description of key findings, identified threats, and associated business risks.
    • Key Recommendations: Proposals for key improvements, necessary investments, and KPIs for monitoring effectiveness.
  • Protection level enhancement plan / cyber security plan
    • Action Plan: Measures broken down into immediate/short-term, medium-term, and long-term actions (e.g., patching, network segmentation, SIEM/IDS implementation, personnel training) .
    • Accountability and Tracking: Definition of responsible parties, timelines, and key milestones (KPIs) for each task.
  • International compliance status
    • Compliance Assessment: Evaluation of conformity with IMO, IACS, RMRS, and ISO 27001/ NIST Cybersecurity Framework standards .
    • Status Checklist and Roadmap: A "status" checklist for compliance with the Cyber-class notation and a detailed roadmap for achieving full compliance.
  • Additional materials
    • Policy and Procedure Guidance: Recommendations on security policies, staff roles, incident management procedures, and preparation for ISO audits .
    • Technical Implementation Guides: Instructions for internal audits (as per the ISM Code), network segmentation, and security measures for remote access.
Why clients choose us?
  • Certified Equipment
    Compliance with RMRS requirements and international standards
  • Wide range
    Solutions for any task
  • Durability and reliability
    Resistance to harsh marine conditions
  • Technical support
    Assistance with selection and maintenance
Contact us
"CYBER NEVA LLC" – comprehensive cyber resilience solutions for shipboard IT and OT systems.

Phone: +7 (996) 795-36-09
Email: projectmanager@cyberneva.ru
By clicking the “Send request” button, I consent to the processing of my personal data and agree to the terms of the Privacy Policy.