BIMCO Cyber Security
BIMCO Guidelines on Cyber Security Onboard Ships
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (8)
BIMCO Ch10: Respond and Recover
| Code | Title |
|---|---|
| BIMCO-10.2 | The four phases of incident response |
| BIMCO-10.3 | Recovery plan |
| BIMCO-10.4 | Data recovery capability |
| BIMCO-10.5 | Investigating cyber incidents |
BIMCO Ch1: Cyber Security and Risk Management
| Code | Title |
|---|---|
| BIMCO-1.2 | Senior management involvement |
| BIMCO-1.3 | Roles, responsibilities and tasks |
| BIMCO-1.4 | Differences between IT and OT systems |
| BIMCO-1.5 | Plans and procedures |
| BIMCO-1.8 | Relationship with vendors and other external parties |
BIMCO Ch2: Identify Threats
| Code | Title |
|---|---|
| BIMCO-2.1 | Threat actors |
| BIMCO-2.2 | Types of cyber threats |
BIMCO Ch3: Identify Vulnerabilities
| Code | Title |
|---|---|
| BIMCO-3.1 | Common vulnerabilities |
| BIMCO-3.3 | Typical vulnerable systems |
| BIMCO-3.4 | Ship to shore interface |
| BIMCO-3.6 | Remote access |
| BIMCO-3.7 | System and software maintenance |
BIMCO Ch4-6: Likelihood, Impact and Risk Assessment
| Code | Title |
|---|---|
| BIMCO-4 | Assessing the likelihood |
| BIMCO-5.1 | Impact assessment (CIA model) |
| BIMCO-6.2 | The four phases of a risk assessment |
| BIMCO-6.3 | Third party risk assessments |
BIMCO Ch7: Develop Protection Measures
| Code | Title |
|---|---|
| BIMCO-7.1 | Defence in depth and in breadth |
| BIMCO-7.2 | Technical protection measures |
| BIMCO-7.3 | Procedural protection measures |
BIMCO Ch8: Develop Detection Measures
| Code | Title |
|---|---|
| BIMCO-8.1 | Detection, logging, blocking and alerts |
| BIMCO-8.2 | Malware detection |
BIMCO Ch9: Establish Contingency Plans
| Code | Title |
|---|---|
| BIMCO-9 | Establish contingency plans |
Maps to 1 other framework
Frequently Asked Questions
What is BIMCO Cyber Security?
BIMCO Cyber Security is a compliance framework from International with 8 domains and 26 controls. BIMCO Guidelines on Cyber Security Onboard Ships It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does BIMCO Cyber Security have?
BIMCO Cyber Security has 26 controls organised across 8 domains. The largest domains are BIMCO Ch1: Cyber Security and Risk Management (5 controls), BIMCO Ch3: Identify Vulnerabilities (5 controls), BIMCO Ch10: Respond and Recover (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does BIMCO Cyber Security map to?
BIMCO Cyber Security maps to 1 other compliance frameworks. The top mapping partners are NIST Cybersecurity Framework 2.0 (100% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with BIMCO Cyber Security compliance?
Start your BIMCO Cyber Security compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about BIMCO Cyber Security requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 26 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.
Get Started Free →Free forever — no credit card required