This bill, known as the Maritime Cybersecurity Act , amends title 46, United States Code, to significantly bolster cybersecurity measures for maritime facilities. It mandates the Secretary of the department in which the Coast Guard is operating, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency (CISA), to conduct annual assessments of cybersecurity risks associated with software and hardware used in designated covered facilities . These assessments specifically target weaknesses and risks, particularly concerning software or hardware manufactured by or controlled by foreign entities or countries of concern . The legislation grants the Secretary authority to conduct these assessments without requiring consent from facility owners or operators, and notwithstanding any end-user licensing agreements that might otherwise impede such evaluations. Furthermore, owners and operators of covered facilities are required to submit annual reports identifying covered software or hardware in use, any cybersecurity incidents, and other risks. They must also certify that their software and hardware has been assessed for consistency with National Institute of Standards and Technology (NIST) standards, with a prohibition on using non-compliant items unless a waiver is granted for low national security risk. The Secretary is also required to provide annual reports to Congress detailing assessment findings, actions taken, and recommendations for strengthening maritime security.