IT Audit based on the CMMM
  • Hardware and software audit of the IT network onboard
  • Maintenance process and system administration audit
  • Audit of the networks structure for the pro, crew and OT networks
OT Audit (Operationnal Technology)
  • Informations gathering from product suppliers, audit of backup strategy and incident management
  • Assessment of information based on DNV or BV norms
  • Audit of the vulnerability of OT network interconnections
Audit report with findings discribing the levels of current IT and OT cyber security
  • IT cybersecurity level based on CMMM
  • OT cybersecurity level based on DNV / BV cyber secure class notation
  • General vulnerability level regard to business continuity
Recommendations for cybersecurity development
  • Recommendations to developp IT cybersecurity hygiene based on CMMM
  • Recommendations to reach the DNV / BV requirements on the OT perimeter
  • Recommendations to include best practices from the IT sector into your activity

The theoretical frameworks

Cyber security is a mature and standardized field with many ready-to-use frameworks.

The ISM code requires to implement a cybersecurity approach. From ISO standards to NIST and GPRD, including their specific variations to the maritime industry produced by DNV or BV, the cybersecurity frameworks are our basic working tools. With these frameworks we help you to situate yourself objectively on your practices compare to official references.

The audit methods

Audit methods allows to gather and organize the collected information.

These methods are referencing the theoretical frameworks and provides ready-to-use tools. Many are availlable, each ones with their pros and cons, from the french MEHARI method made by Clusif to EBIOS made by ANSSI or the american Cybersecurity Maturity Model Certification(CMMC). They mainly vary on the way to plan and execute the audit steps. The CMMC offers the advantage of providing finer granularity on intermediate levels of cyber security.

Our solution, the CMMM.

An audit method based on the CMMC and adapted to the needs of maritime IT.

We made an adaptation of the CMMC to the maritime sector constraints in a version we call CMMM : Cybersecurity Maturity Model Maritime. This method allows you to situate yourself and correctly prioritize corrective actions - because cybersecurity must be seen as an evolution and not as a revolution.