Built for the vessels that keep America's energy infrastructure running
33 CFR Part 101 Subpart F
Enter your vessel details to see exactly which requirements apply and when they take effect.
Phase 1 active
July 2025
Phase 2 in effect
January 2026
Phase 3 approaching
July 2027
Your information is used solely to generate this compliance report. We don't spam.
Any fleet. Any scale.
DeckTrust handles any fleet configuration — OSVs in the Gulf, tankers on international routes, drillships, ATBs, ferries, or mixed fleets across multiple operators. Every entity gets its own compliance tracking, every person gets the right training track, and every document is scoped to the vessel it belongs to. Add an entity, assign personnel, and compliance tracking starts automatically.

23 deliverables. 5 outcomes.
The USCG inspection checklist maps to specific documents, records, and evidence. DeckTrust produces all of them.
Self-paced cybersecurity training mapped to every 101.650(d) requirement. Dual-clock deadline enforcement, key personnel tracking, completion certificates, and duration records that satisfy inspector scrutiny.
IT and OT asset inventory across every vessel. Cybersecurity assessments with field-ready mobile forms, photo evidence, and structured findings. CISA KEV cross-referencing for known vulnerabilities.
Cybersecurity Plan builder covering all 14 required sections under 101.630(c). Vessel Security Assessments, Vessel Security Plans, CySO designation documentation, and submission-ready workflows for when USCG opens its plan-review queue.
Structured reporting for all five categories of reportable cyber incidents. Cyber Incident Response Plans with notification chains, drill scheduling, deficiency tracking, and NRC submission records.
Signature Feature
Every deliverable above rolls up into a single, downloadable inspection package — organized and indexed to match every question on the USCG inspector's checklist. When the boarding team requests documentation, you don't scramble. You hand them a complete package and get back to work.
Inspection Package
23 documents, organized by checklist section

Training Delivery
Not repackaged IT policies with a ship on the cover. Every module is built around real vessel scenarios — OT systems on the bridge, port facility networks, threats specific to maritime operations. Written by a marine assurance professional with the offshore and cybersecurity background to back it up. Your crew completes training on any device and every completion generates records that meet 101.640 retention requirements.
Why this exists

DeckTrust was built by a marine assurance professional with 14 years in offshore oil and gas — half of it on rigs and vessels. As an independent third party, he was the one BP, Shell, Chevron, and Exxon brought in to verify operations met standard: marine warranty surveys, marine assurance reviews, and OVID inspections. The job was to show up, check the work against the regulation, and document exactly what was found.
When the MTSA Cybersecurity Rule was published, he saw the gap immediately. It's a new inspection regime aimed at operators who don't have cybersecurity teams — and the tools that exist were built by software companies that have never been through a marine inspection. They don't know what an inspector actually opens, reads, and signs off on.
On the cybersecurity side: CISSP, CCSP, and hands-on cyber assessment and incident-investigation work. That assurance-plus-security combination is what shapes DeckTrust — every deliverable and workflow built around what an inspection actually requires, not a generic checklist.
33 CFR Part 101 Subpart F applies to every MTSA-regulated vessel and facility. Three compliance phases are rolling out now.
July 2025
Cyber incident reporting to the National Response Center
January 2026
Cybersecurity training for all personnel with IT/OT system access
July 2027
CySO designation, Cybersecurity Assessment, Cybersecurity Plan