Skip to content
LexBuild

33 CFR § 101.620 - Owner or operator. 

---
identifier: "/us/cfr/t33/s101.620"
source: "ecfr"
legal_status: "authoritative_unofficial"
title: "33 CFR § 101.620 - Owner or operator."
title_number: 33
title_name: "Navigation and Navigable Waters"
section_number: "101.620"
section_name: "Owner or operator."
chapter_name: "COAST GUARD, DEPARTMENT OF HOMELAND SECURITY"
subchapter_number: "H"
subchapter_name: "MARITIME SECURITY"
part_number: "101"
part_name: "MARITIME SECURITY: GENERAL"
positive_law: false
currency: "2026-03-24"
last_updated: "2026-03-24"
format_version: "1.1.0"
generator: "[email protected]"
authority: "46 U.S.C. 70101-70104 and 70124; Executive Order 12656, 3 CFR, 1988 Comp., p. 585; 33 CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; Department of Homeland Security Delegation No. 00170.1, Revision No. 01.4."
regulatory_source: "USCG-2003-14792, 68 FR 39278, July 1, 2003, unless otherwise noted."
cfr_part: "101"
---

# 101.620 Owner or operator.

(a) Each owner or operator of a U.S.-flagged vessel, facility, or OCS facility is responsible for compliance with the requirements of this subpart.

(b) For each U.S.-flagged vessel, facility, or OCS facility, the owner or operator must—

(1) Ensure a Cybersecurity Plan is developed, approved, and maintained;

(2) Define in Section 1 of the Cybersecurity Plan the cybersecurity organizational structure and identify each person exercising cybersecurity duties and responsibilities within that structure, with the support needed to fulfill those obligations;

(3) Designate, in writing, by name and by title, a Cybersecurity Officer (CySO) who is accessible to the Coast Guard 24 hours a day, 7 days a week, and identify how the CySO can be contacted at any time;

(4) Ensure that cybersecurity exercises, audits, and inspections, as well as the Cybersecurity Assessment, are conducted as required by this part and in accordance with the Cybersecurity Plan (see § 101.625(d)(1), (3), (6) and (7));

(5) Ensure that the U.S.-flagged vessel, facility, or OCS facility operates in compliance with the approved Cybersecurity Plan;

(6) Ensure the development, approval, and execution of the Cyber Incident Response Plan; and

(7) For entities that have not reported to the Coast Guard pursuant to, or are not subject to, 33 CFR 6.16-1, ensure all reportable cyber incidents are reported to the National Response Center (NRC).