NOW SERVING CLIENTS NATIONWIDE — GULF COAST • EAST COAST • WEST COAST

Cybersecurity that
delivers real compliance
and resilience.

Applied Security Convergence partners with maritime, defense, and critical infrastructure operators to deliver expert CMMC assessments and certification support alongside USCG Subpart F compliance, plans, training, and automation — producing defensible results, not just paperwork.

30+ satisfied clients
USCG Subpart F • CMMC Level 2 • ISO 27001 • TSA • Texas DIR BuyBoard Approved Vendor
Proud Texas DIR BuyBoard Approved Vendor
Texas DIR BuyBoard
LIVE COMPLIANCE STATUS
98% Compliant
Current
Facilities Assessed 42
Systems Monitored 850+
Critical Findings Resolved 214
Powered by ccSentinel + ASC expertise
30+
Satisfied Clients
15
Subpart F Control Areas
850+
Systems Analyzed
98%
Average Compliance Rate
THE PROBLEM

Manual compliance is slow, risky,
and increasingly indefensible.

Maritime and critical infrastructure operators face mounting regulatory pressure. Traditional spreadsheet-driven assessments create gaps, inconsistencies, and audit risk — especially when proving continuous monitoring and compensating controls to USCG or other regulators.

Weeks of Manual Effort

Teams spend weeks compiling evidence across disconnected tools, emails, and spreadsheets. Audit readiness becomes a recurring fire drill instead of a continuous state.

Hidden Gaps & Audit Risk

Missed KEV matches, inconsistent control implementation, and incomplete records leave organizations exposed during USCG inspections or third-party audits.

OT/ICS Complexity

Legacy systems, proprietary protocols, and stricter thresholds for operational technology make traditional IT security tools and processes insufficient.

WHAT WE DELIVER

Integrated services for
real-world compliance.

Discuss your requirements

CISO / CySO Advisory

Fractional and advisory CISO services tailored to maritime and critical infrastructure. Strategic guidance, program development, and board-level reporting.

Learn more

Security Assessments

Comprehensive cyber and physical security assessments — including MTSA-regulated maritime physical security assessments and audits — aligned with USCG, CMMC (Level 2), ISO 27001, and TSA requirements. Actionable findings, gap remediation roadmaps, and certification readiness support.

Learn more

Cybersecurity Plans & Roadmaps

Development of USCG-compliant Cybersecurity Plans (33 CFR 101 Subpart F), Facility Security Plans, and strategic multi-year roadmaps that close gaps and demonstrate continuous improvement.

Learn more

Response Plans, Drills & Exercises

Incident response planning, tabletop exercises, and full-scale drills. Documentation and after-action reporting that satisfy regulatory expectations and improve real-world readiness.

Learn more

Workforce Training & Awareness

Role-based cybersecurity training, phishing simulations, and regulatory awareness programs. Includes support for BOSIET-certified personnel for remote maritime operations.

Learn more
FLAG SHIP PLATFORM

ccSentinel.
Automated Subpart F
compliance in minutes.

Our purpose-built SaaS platform turns weeks of manual evidence gathering into a streamlined, defensible process. From SIW upload or live scanner sync to submission-ready USCG reports — all mapped to the 15 control areas of 33 CFR Part 101 Subpart F.

Free for organizations with ≤3 facilities and <200 endpoints. No credit card required.
Intelligent Ingestion
Drag-and-drop SIW XML, Nessus, Rapid7, Action1, Yokogawa, Phosphorus, and Companion JSON. Auto-assigned to facilities or vessels.
Multi-Layer Detection
CISA KEV (refreshed every 6 hrs), 30+ SIW rules, 25+ Companion rules, MITRE ATT&CK for ICS. Stricter OT thresholds.
Automated Control Mapping
Findings automatically mapped to all 15 Subpart F control areas. AI chat for context-aware guidance and suggested assessor questions.
Defensible Reports
One-click print-optimized PDFs with executive summary, KEV matches, per-system detail, network topology maps, and full compliance narrative ready for USCG submission.
FROM SCAN TO SUBMISSION

Five steps. Minutes, not weeks.

1
Upload or Sync
SIW, Nessus, Action1, or live integrations. Auto-assign to facility or vessel.
2
Review Findings
Filter by severity, OT flag, source. Accept risk or document mitigation.
3
Complete Controls
Review auto-mapped findings. Answer AI-suggested questions. Use built-in AI chat.
4
Log Drills & Training
Record §101.535 drills. Pull training records. Overdue items flagged automatically.
5
Generate Report
One-click PDF with full Subpart F assessment, topology map, and submission-ready narrative.
OUR APPROACH

Side-by-side with operators who protect critical infrastructure.

Our team of experienced cyber and physical security professionals works directly with maritime and defense industry facility owners and operators to achieve and maintain compliance with frameworks such as CMMC (Level 2 & 3 certification support), ISO 27001, and maritime regulatory requirements (33 CFR Subpart F, MTSA, NVIC 02-24).

To support remote maritime operations, team members receive BOSIET training, ensuring they understand the unique operational realities of vessels and offshore facilities.

Deep domain expertise in OT/ICS environments and maritime operations
Practical, defensible documentation that stands up to regulator scrutiny
Convergence of physical security, cyber, and operational technology
Technology-enabled delivery via ccSentinel for speed and consistency
Flexible engagement: project-based, retainer, or fractional CISO
Proven track record with USCG-regulated facilities and vessels
WHO WE SERVE

Critical infrastructure operators
who can't afford to guess.

Maritime Operators

Vessel operators, marine terminals, OCS facilities, and port authorities requiring USCG 33 CFR compliance, MTSA-regulated physical security assessments and audits, and Subpart F readiness.

33 CFR 103 • 104 • 105 • 106 • Subpart F

Defense & Aerospace

Contractors and suppliers pursuing or maintaining CMMC certification (Level 2). We provide full-scope assessments, remediation planning, and CUI protection strategies to achieve and sustain compliance.

CMMC Level 2 • NIST SP 800-171 • Certification Support

Energy & Transportation

Pipeline operators, terminals, and transportation companies subject to TSA security directives and critical infrastructure protection requirements.

TSA SD-Pipeline • PHMSA

Broader Critical Infrastructure

Manufacturing, chemical, water, and other CI sectors seeking ISO 27001 certification or integrated physical-cyber security programs.

ISO 27001:2022 • NIST CSF