This document establishes the elements of onboard cyber risk assessment and specifies requirements for the assessment process, assessment preparation, risk identification, risk analysis and risk evaluation.

This document applies to the risk assessment of onboard cyber systems based on network technologies which mainly include bridge systems, cargo management systems, propulsion and machinery management and power control systems, access control systems, passenger or visitor servicing and management systems, passenger-facing networks, core infrastructure systems, administrative and crew welfare systems and communication systems.