These exercises go beyond compliance; they build readiness. Cyber incidents in ports, ship management systems, and supply chains can halt operations and impact national logistics. By conducting realistic simulations, organizations improve response coordination, reduce downtime, and gain greater confidence in their preparedness during audits or inspections.
In this post, we’ll outline the Coast Guard’s requirements, clarify the difference between drills and exercises, and show how to create your 2026 exercise calendar using free resources from CISA, NIST, and the Coast Guard, along with expert guidance from MAD Security.
The terms cyber drill and cyber exercise are often used interchangeably, but they serve distinct purposes, and both play a role in compliance and operational readiness.
A cyber drill is a focused, scenario-based test designed to measure how your team responds to a specific event. For instance, a phishing drill can test employee reporting and IT escalation, while a ransomware containment drill verifies isolation and data restoration procedures.
|
|
Goal: Validate a targeted response or technical process.You can enhance drill outcomes with User Awareness Training and Managed Security Services from MAD Security. |
A cyber exercise is broader and cross-functional, it simulates a real-world cyber incident from start to finish. A full-scope supply chain compromise exercise, for example, might involve IT, operations, legal, and compliance teams working together to detect, contain, and resolve an event.
|
|
Goal: Assess coordination, communication, and decision-making under operational pressure.To support long-term readiness, pair exercises with Virtual Compliance Management. |
For Coast Guard compliance, both drills and exercises qualify toward annual requirements. To count, each must follow 33 CFR 101.635 and include documented lessons learned, corrective actions, and participant evidence.
Who It Applies To
These requirements apply to organizations under the Maritime Transportation Security Act (MTSA). While focused on maritime operations, the rule also affects entities within the DIB where DFARS 252.204-7012 and CMMC compliance align with NIST SP 800-171 incident response controls.
If your organization also supports Department of Defense contracts, ensure your exercises integrate with your broader compliance strategy so you can get credit for both Coast Guard and CMMC requirements. Learn more through:
| CMMC Overview | |
| CMMC Compliance | |
| Continuous Monitoring and Maturity |
These requirements apply to organizations under the Maritime Transportation Security Act (MTSA). While focused on maritime operations, the rule also affects entities within the DIB where DFARS 252.204-7012 and CMMC compliance align with NIST SP 800-171 incident response controls.
If your organization also supports Department of Defense contracts, ensure your exercises integrate with your broader compliance strategy so you can get credit for both Coast Guard and CMMC requirements. Learn more through:
| Frequency: At least two cyber drills and one full-scale exercise per year. |
|
|
|
Scope: Exercises can cover multiple facilities or vessels, provided each entity maintains documentation and meets the standards outlined in 33 CFR 101.635. |
| Documentation: Keep records of objectives, participants, outcomes, and corrective actions. These must be available for audits and inspections. | |
| Credit Sharing: A single exercise can apply to multiple facilities or vessels if done simultaneously, but each must retain its own after-action records and lessons learned. |
This rule is more than a compliance checkbox; it’s a framework for strengthening organizational resilience. Regular drills and exercises:
| Reinforce incident response processes | |
| Improve cross-team collaboration | |
| Demonstrate continuous compliance with readiness |
Organizations that embed these requirements into a structured risk and compliance program are better positioned for success. MAD Security helps clients align these activities with Coast Guard and DoD expectations through:
| Reinforce incident response processes Gap Assessments | |
| Improve cross-team collaboration Policy Development and Review | |
| Demonstrate continuous compliance with readiness Virtual Compliance Management |
Building a cybersecurity exercise program doesn’t have to start from scratch. Several free tools can help maritime and defense organizations conduct professional-grade drills that meet compliance and improve readiness.
|
|
Coast Guard Cyber Protection TeamsThe Coast Guard offers free assessments through their Cyber Protection Teams, which support port and maritime cybersecurity readiness through assessments. For more information, contact your local USCG Sector or email MaritimeCyber@uscg.mil and prepare to submit a signed Request for Technical Assistance (RTA). |
|
|
CISA Tabletop Exercise Packages (TTX-Ps)Facilitator guides and templates for ransomware, phishing, insider threats, and supply chain incidents. These resources are easy to customize for maritime and DIB applications. |
|
|
NIST SP 800-84The gold-standard Guide to Test, Training, and Exercise Programs, offering step-by-step methods for designing, executing, and evaluating exercises. |
MAD Security helps organizations adapt these resources for their operational environments, linking each outcome directly to compliance controls and creating audit-ready documentation. Learn more about our Continuous Monitoring and Maturity services and Virtual Compliance Manager.
Meeting regulatory expectations is easier when exercises are distributed strategically throughout the year. A structured plan allows time for preparation, response testing, and follow-up improvements.
|
Quarter |
Focus |
Example Scenario |
|
Q1 |
Tabletop Exercise |
Organization-wide ransomware response and decision-making simulation |
|
Q2 |
Cyber Drill |
Detection and triage of a simulated data exfiltration alert |
|
Q3 |
Full-Scale Exercise |
Supply chain compromise involving a third-party vendor |
|
Q4 |
Cyber Drill + Review |
Privileged access abuse scenario with year-end lessons-learned wrap-up |
This rule is more than a compliance checkbox; it’s a framework for strengthening organizational resilience. Regular drills and exercises:
| Coordinate Across Departments: Develop a RACI matrix defining who leads, approves, and executes actions during incidents such as ransomware or insider threats. Consider vCISO Consulting for organizational alignment. | |
| Document Thoroughly: Keep detailed records of objectives, participants, and outcomes. These serve as evidence for Coast Guard and CMMC audits supported by Risk Assessments. | |
| Integrate Lessons Learned: Each exercise should result in measurable improvement actions. Schedule retests to ensure progress supported by Threat Detection and Vulnerability Assessment. |
MAD Security’s Managed Security Tabletop Exercise (MSTTX) Services simplify this process. Our team conducts realistic simulations, aligns them to your threat landscape, and provides detailed documentation suitable for compliance and audits. Explore more under Managed Security Services.
Don’t wait until deadlines loom to meet regulatory requirements. Treating cyber drills as an afterthought limits their effectiveness and can leave your organization unprepared for real threats.
MAD Security works with maritime and defense organizations to design, facilitate, and document effective cyber drills and exercises. Each engagement is tailored to your operational environment, compliance standards, and risk landscape ensuring your exercises build resilience and demonstrate readiness.
| Align tabletop scenarios to relevant threat | |
| Generate audit-ready documentation |
|
| Conduct guided sessions with cyber and compliance professionals |
Original Publish Date: December 02, 2025
By: Maritime MAD Security