ABS Cyber Resilience Program


ABS Cyber Resilience for On-board Systems and Equipment

Interconnection of computer systems on vessels, together with the widespread use onboard of commercial-off-the-shelf (COTS) products, open the possibility for attacks to affect personnel data, impact human and vessel safety and threaten the environment.  The International Association of Classification Societies (IACS) has recognized the need for a common set of minimum functional and performance requirements to support more cyber-resilient vessels, establishing UR E26 and UR E27, which come into effect January 1, 2024.  ABS supports these IACS efforts and has incorporated two new sections in the ABS Marine Vessel Rules to enhance onboard cyber safety.  Section 4-9-13 “Cyber Resilience for Vessels” and Section 4-9-14 “Cyber Resilience for On-board Systems and Equipment” are the two new sections and are in alignment with IACS UR E26 and UR E27 respectively.

The ABS Cyber Resilience Program helps system and equipment vendors understand and identify the needed cyber resilience capabilities.

Ultimately, the value of ABS approval supports your competitive edge by helping you demonstrate to your customers that your equipment and systems are compliant with IACS and ABS Cyber Resilience requirements. 

Certification Process

The ABS certification process applies to a range of digitally-enabled equipment and systems covering individual components all the way through the system and network levels. ABS offers Product Design Assessment (PDA) and Service Provider approval, providing a comprehensive certification solution.



  • Assessment of 31 security capabilities required for Cyber Resilience in accordance with ABS 4-9-14 and IACS UR E27, such as:          

                - Authenticator management

                - Authorization enforcement

                - Auditable events

                - Communication integrity

                - Malicious code protection

                - Security functionality verification

                - Denial of service protection

                - System backup

                - System recovery and reconstitution

                - Network and security configuration settings


  • Assessment of 10 additional security capabilities required for Cyber Resilience when there is network communication with untrusted networks (communication interface with any networks outside the scope of ABS 4-9-13 and UR E26), such as:

             - Multifactor authentication

             - Explicit access request approval

             - Remote session termination



  • Improves competitive position by demonstrating compliance with IACS and ABS Cyber Resilience requirements 
  • Recognition on the external ABS Type Approval database   
  • Helps control cybersecurity vulnerabilities in the supply chain


For more information on cyber resilience for on-board systems and equipment, feel free to reach out to us at abstaprograms@eagle.org


Questions about UR E27 and E27? Contact our advisors for assistance with your projects.