b'ment). These systems or devices detectGENERAL TRAINING for all personnel whose duties SAFETYor cause a change through the moni- REQUIREMENTS include using OTtoring or control of devices, processes,The general training must cover: andevents.Examplesincludeauto- Specialized Training forpilot, remote camera control, engine Recognition and detection ofKey Personnel and controlsystems,etc.Moreexamplescybersecurity threats and incidents the Cybersecurity Officer can be found in the PVA Cybersecu- Keypersonnelwithspecificrolesin rity Guidelines located in the MemberTechniques to circumvent cyberse- cyber incident response must receive Resource area of the PVA website. [33curity measures specializedtrainingrelevanttotheir CFR 101.615] responsibilities. This includes: Basic cyber hygiene, such as phish-By Jan. 12, 2026, all personnel (full- ing prevention, password man-Understanding roles and responsi- time, part-time, temporary employees,agement, and secure practices forbilities during a cyber incident and andcontractors)whohaveaccesstointeracting with critical systemsresponse procedure information technology or operation-al technology systems must completeProcedures for reporting cyber Maintaining current knowledge oftheinitialtrainingandannuallyincidents to the designated companychanging cybersecurity threats and thereafter. New personnel hired aftersecurity officer (CSO) or cybersecu- countermeasures, potentially by the effective date must complete thisrity officer (CySO) once assignedreferencing reliable sources such as trainingwithin30daysofgaininginformation from the Cybersecurity system access.OT specific cybersecurity trainingand Infrastructure SecurityAgency (CISA) or sector-specific information sharing and analysis centers (ISACs) Companieswilldeterminetheirkey personnelandwilllikelyinclude company leadership, CSO, vessel and facilitysecurityofficers,individuals with elevated system access, and OT engineers and technicians. Companieswhohaveoutsourced their IT or are payment card industry (CPI)compliantandhaveexisting cyber awareness and hygiene training should compare their current training and verify that the training meets the Coast Guard requirements.Vendorsandcontractorswhowill have access to a companys IT and OT systems should be prepared to attest to compliance with 33 CFR 101.650(d) prior to being granted unescorted ac-cess to those systems. FOGHORN 52'