Nine controls running 24×7 on every vessel endpoint — vulnerability management, hardening, USB policy, MFA, secure remote — engineered for vessels at sea (bandwidth-light, offline-tolerant) and producing the live evidence a class-society surveyor, charterer auditor or port-state inspector actually asks for. One agent, one console, no on-board hardware.
Each control on this page does two things: it protects a real vessel risk continuously, and it produces the evidence a recognised maritime cyber framework asks for — automatically, in the same agent telemetry. No bolt-ons, no add-on SKUs, no second vendor to integrate.
Maps to: every framework. Pick a framework, pick a vessel (or the fleet), download a polished, signed PDF. The same artefact serves class-society surveyors, charterer auditors, port-state inspectors and P&I underwriters.
Maps to: IACS UR E27, BIMCO V5 "Identify". Every endpoint on every vessel — OS, role, last-seen, software inventory. The asset register the surveyor is going to ask for, kept current automatically. No spreadsheet to maintain.
Maps to: TMSA 3 KPI 13.2, BIMCO V5 "Protect". CIS-benchmark scoring per host, 600+ checks per scan, trended over time. Surveyors get the score, the gap and the corrective action in one view.
Maps to: IACS UR E27, BIMCO V5 "Protect". Continuous CVE matching against authoritative public databases, paired with vendor-published remediation. Demonstrates an active patch-management posture instead of a stated one.
Maps to: TMSA 3 KPI 13.4, BIMCO V5. USB allow / block enforced fleet-wide; every connect, mount and write logged with timestamp and (where applicable) operator. The removable-media evidence Element 13 explicitly calls for.
Maps to: TMSA 3 KPI 13.3, IMO ISM cyber clause. Every operator login secured by MFA (TOTP / WebAuthn). Role-based access, session controls and per-action audit log — enforced by default, not opt-in.
Maps to: IACS UR E27, ISM Code review obligations. Every operator action and significant agent event recorded with cryptographic chaining — defensible for surveys, P&I claims, charterer disputes and post-incident review.
Maps to: BIMCO V5 "Respond". Browser-based Remote Desktop, terminal and file transfer to any vessel endpoint. No client install for your team, no VPN for the ship, every session recorded and replayable for evidence.
Operational enabler. One activation key, one installer. Each device joins your fleet automatically on first boot — no engineer dispatch, no port-call window, no on-site provisioning. The new vessel is survey-ready the day it enrols.
Navis Arca is built for ships — not retrofitted from an enterprise EDR. The agent is sub-MB per day on the wire, tolerates extended offline windows, and queues telemetry locally until a satellite link is healthy.
A signed cross-platform agent runs on every endpoint. It collects posture, scans for vulnerabilities, executes operator commands, and ships a small, encrypted batch of telemetry to the Navis Arca cloud whenever a connection is available. Shore-side, your team works in a single browser console — no fat client, no VPN, no plugins.
No engineer dispatched to the vessel. No hardware shipped. No port-call install window blocked. Your DPA's evidence pack starts populating the day the vessel enrols.
One installer per vessel computer — Windows, macOS or Linux. Crew double-clicks. No engineer dispatch, no port-call window.
Each device joins your fleet automatically; evidence collection starts within seconds. Nothing for the DPA to configure.
Per-vessel and fleet-wide scoring against every framework — see exactly what is passing, what's gapping, what an inspector would write up.
Two clicks: framework + vessel. The surveyor gets the PDF. Same artefact serves the charterer, the P&I underwriter, and the port-state inspector.
The legacy maritime cyber category was built around a hardware appliance, a quarterly consultancy audit, and a stack of point-in-time PDFs that go stale the day they're filed. Navis Arca produces continuous, live evidence that survives every audience — class society, charterer, port-state, P&I underwriter — without re-keying.
| What the DPA / superintendent needs | Navis Arca | Legacy appliance + consultancy |
|---|---|---|
| Class-society survey readinessIACS UR E26 / E27 evidence, on demand. | Continuous · two-click PDF | Quarterly audit, manual write-up |
| Charterer / vetting evidenceTMSA 3 Element 13, BIMCO V5. | Same evidence base, charterer-formatted | Re-keyed per charterer |
| Port-state inspection readyIMO MSC.428(98), ISM cyber clause. | Live coverage, ready any day | Depends on last audit cycle |
| Time to first inspection-ready vesselFrom order to "we could be surveyed today". | Days — software install only | Weeks — port-call window + hardware ship |
| Evidence freshnessWhat the surveyor actually sees. | Live, last-refreshed-today | Point-in-time, often months old |
| Asset register currencyIACS UR E27 expects this. | Auto-maintained from agent telemetry | Spreadsheet, manually updated |
| Hardening evidenceCIS-benchmark scoring, per host. | 600+ checks, scored live, trended | Not provided |
| Removable-media logElement 13, BIMCO V5 explicit ask. | Per-device, attributable, defensible | Out of scope |
| Tamper-proof audit trailDefensible for surveys, insurance, disputes. | Cryptographic chain of custody | Standard activity logs |
| Coverage spans frameworksIACS UR E26 / E27, TMSA 3, BIMCO V5, IMO. | All four · pre-mapped · live | Selected frameworks, manual mapping |
| Bandwidth on the wireVSAT / LEO / intermittent satcom. | Sub-MB / day per device | Heavier — appliance-driven |
| Cost as fleet growsThe CFO's question. | Per-vessel subscription · no capex | Hardware capex per vessel + retainer |
Comparison based on each category's publicly documented capabilities at time of writing. Trademarks belong to their respective owners and are referenced for factual product comparison only.
30 minutes. We'll walk through a live coverage report against IACS UR E26 / E27, TMSA 3 and BIMCO V5 — using a fleet of demo vessels — and show your DPA exactly what an inspector would take away.