CMCA (from CRIBB) - Cribb Cyber Security

CMCA (CRIBB Maritime Cyber Assurance)

CRIBB Maritime Cyber Assurance (CMCA) is a unique and affordable security framework designed specifically for maritime and cruise. It provides a robust alternative / gateway to ISO27001 that is recognised by IASME. CMCA is designed to deliver shareholder reassurance from crew members in a simple way.

CMCA is also designed to support your commitments to integrating the IMO 2021 Cyber Security and information governance requirements.



The International Maritime Organisation has stated that as of 1st January 2021, all vessels must comply with the International Safety Management (ISM) Code. They must ensure that they have installed robust cyber security measures into their onboard safety management systems.

To help with this, the IMO has established a set of guidelines built around five steps. These are based on the National Institute of Standards and Technology (NIST) framework:

Identifying risk | Detecting risk | Protecting assets | Responding to risk | Recovering from attacks

These guidelines are definitely useful. However, they were not created specifically for the maritime industry so vessel owners and managers will almost certainly need additional help. That is where CRIBB Cyber Security can step in.

How can CRIBB help with the IMO 2021 regulations?

The CMCA solution from theICEway and CRIBB Cyber Security offers clients the chance to increase their protection. It will help to improve their defences and assess their data protection readiness. It also helps them to achieve as high a level of compliance as possible, ultimately increasing their overall efficiency.

CRIBB Maritime Cyber Assurance provides full consultation throughout as well as help with security policies. There is an evaluation of the existing ‘organisation of information’ and a complete assessment of compliance. The level of Operations Security will be analysed, as will management and HR. An experienced and certified data protection and GDPR practitioner will offer guidance on ‘Subject Access’, a review of current policies and procedures and more.

Clients wishing to implement CMCA can also take advantage of supplier relationship assessments, plus environmental and equipment checks. They can validate technical controls, firewalls and malware and network / cloud. They will also receive advice with cryptography, asset management, business continuity management and the management of security incidents.

Why CRIBB for Cruise?

We will:

  • Increase employee cyber awareness
  • Define your policies for data protection and the minimisation of data held
  • Provide total employee awareness, with clearly defined roles and relevant training
  • Ensure that you are processing data on a lawful basis
  • Check that you have provided the required privacy information to the data subject
  • Offer you peace of mind that you have obtained consent where required
  • Help you implement robust procedures for data subject access requests

Let CRIBB and theICEway take the strain

The points listed above are all more crucial than ever nowadays in an industry which:

  • Grows increasingly more dependent on IT and technology
  • Is host to an increasing number of cyber-attacks on vessels and ports
  • Does not have any simple solutions.

Clients can also decide to add-on other cyber security services such as certified vulnerability scans, penetration tests and external Data Protection Officer (DPO) services.

Who are CRIBB?

CRIBB Cyber Security is part of theICEway ecosystem of companies. This is a collection of IT Specialist brands that join forces to deliver a complete digital solution for clients in maritime and cruise, travel and healthcare. Our cyber security experts adopt a security by design approach to offer end-to-end cyber resilience. We are an official certification body backed by the UK Government.

CRIBB Cyber Security is committed to working alongside companies looking to increase their security and compliance levels. Our wide range of services and solutions are designed to achieve just that and more. We can provide expert advice, guidance and support for: Data protection, GDPR, Cyber Essentials, PCI DSS, PECR and DPO. We offer complete maintenance and support services throughout the year plus specific training for companies and their staff.


We have all the experience and knowledge required to help and are highly trained to properly assess risk, to mitigate dangers and to keep businesses and data safe and secure.

Why the Maritime and Cruise industry?

In previous years, the risk of cyber-attacks was one that the maritime industry largely failed to recognise. Nowadays, however, with vessels becoming digital worlds in their own right, this outlook has had to change. One area of concern that needs to be raised within shipping revolves around the fact that unlike onshore attacks, maritime cyber-attacks often go unreported. Another is that in today’s industry, internet connectivity between vessels is huge and growing ever more, meaning that a cyber-attack at sea can be more dangerous than one occurring on the shore. This, combined with a lack of inbuilt encryption or authentication codes for navigation systems, creates an issue where potential attackers often view shipping as a ‘soft target’.

Cyber security training is a requirement for all employees in maritime and cruise, from the owner of the shipping company all the way through to the junior deck hand. Reports for 2017 indicated that only 47 percent of crew members were aware of cyber-safe policies or cyber-hygiene guidelines.

Considering just how costly cyber-attacks can be to correct and given the often hugely adverse effect to company reputation, it is definitely worth seeking out an appropriate cyber security solution.

Contact us to discover more about CRIBB Maritime Cyber Assurance.