What are NVIC 11/02 methodologies and where are they applied?

Published by Marshal on

NVIC 11-02, officially titled “Guidance for the Implementation and Assessment of Security Plans for Facilities Subject to the Maritime Transportation Security Act (MTSA)”, is a U.S. Coast Guard Navigation and Vessel Inspection Circular issued in 2002. It provides methodologies and guidance for implementing and evaluating Facility Security Plans (FSPs), as mandated by the Maritime Transportation Security Act of 2002 (MTSA).

It outlines how regulated port facilities should assess security vulnerabilities and implement mitigation strategies to reduce risk from potential terrorist attacks or other unlawful acts.

Overview of NVIC 11-02 Methodologies

The methodologies in NVIC 11-02 are designed to support a risk-based, performance-oriented approach to maritime facility security. They align with broader national security frameworks and are meant to be scalable depending on the facility’s characteristics and threat profile.

1. Security Assessment Process

This includes:

  • Asset Characterization: Identifying and categorizing assets within the facility (people, cargo, infrastructure, systems).

  • Threat Identification: Analyzing potential threats (e.g., terrorism, sabotage, theft).

  • Vulnerability Assessment: Identifying weaknesses that could be exploited by threats.

  • Consequence Analysis: Estimating the potential impact of an attack.

  • Risk Determination: A function of threat x vulnerability x consequence.

Methodology: This process often follows principles from the CARVER + Shock model (explained below), a common security risk assessment tool adopted by DHS and USCG.

2. Use of the CARVER + Shock Tool

CARVER + Shock is a structured methodology used to prioritize assets and evaluate security vulnerabilities. The acronym stands for:

  • Criticality: Public health/safety, economic impact, or symbolic value.

  • Accessibility: Ease of access to the asset.

  • Recuperability: Ability to recover from an attack.

  • Vulnerability: Weaknesses that could be exploited.

  • Effect: Direct losses and indirect consequences.

  • Recognizability: How easily an attacker can identify the target.

  • + Shock: Psychological impact of the attack.

The methodology assigns numeric scores to each attribute, allowing a facility to prioritize security resources and determine appropriate mitigation strategies.

3. Security Measures by MARSEC Levels

NVIC 11-02 outlines how FSPs must include scalable security measures aligned with MARSEC (Maritime Security) Levels:

  • Level 1: Normal operations; baseline security measures.

  • Level 2: Heightened risk of a transportation security incident.

  • Level 3: Imminent risk; emergency procedures are implemented.

Security actions must escalate accordingly and be clearly outlined in the FSP.

4. Performance-Based Approach

Instead of prescribing detailed measures, NVIC 11-02 encourages:

  • Tailored Security Plans based on the unique risks of each facility.

  • Performance standards over rigid checklists.

  • Documentation of rationale for chosen countermeasures.

This enables flexibility while ensuring compliance.

5. Integration with National Security Strategy

NVIC 11-02 aligns facility security plans with:

  • The National Strategy for Maritime Security (NSMS)

  • Homeland Security Presidential Directive 13 (HSPD-13)

  • The National Infrastructure Protection Plan (NIPP)

It encourages alignment with other critical infrastructure protection efforts.

Practical Application

When conducting a Facility Security Assessment or creating an FSP under NVIC 11-02, a facility would typically:

  1. Identify critical assets and operations.

  2. Conduct a threat and vulnerability assessment using CARVER + Shock.

  3. Develop risk mitigation measures scalable to MARSEC levels.

  4. Submit the plan for review and approval by the USCG.

  5. Undergo periodic audits and drills to validate effectiveness.

Summary

NVIC 11-02 provides a structured, scalable, and risk-based framework for maritime facility security planning. Its methodologies- especially the use of CARVER + Shock—help port and terminal operators prioritize security investments, meet MTSA requirements, and enhance national maritime security.

Categories: ProcurementResilience

Related Posts

Marketing

From Checklist to C-Suite: How AI Could Redefine the Role of Security Consultants

Security risk management (SRM) is broken. Traditional approaches, characterized by compliance checklists, subjective assessments, and qualitative risk ratings, fail to connect security decisions to optimal financial outcomes. While consultants produce impressive binders of findings that Read more…

Marketing

From Reactive to Revenue: How the Power of Integrated, Predictive Security Can Drive Sales

For too long, the world of security – both physical and cyber – has often operated in fragmented silos. We’ve seen reactive measures deployed after the fact, physical barriers erected in isolation from digital defenses, Read more…

Resilience

What Does an AI-Enabled Security Risk Management Company Look Like?

AI can provide automated threat detection, predictive analytics, and AI-driven surveillance to help clients mitigate risk, but how can it be applied to run your security risk management company more efficiently, from an Operations perspective? Read more…