CFATS Update Blog
Posted: March 1st, 2021Authors: Lizzie S.
We are seeing some activity from the Department of Homeland Security (DHS) related to the Chemical Facility Anti-Terrorism Standards (CFATS) program and wanted to provide an update to our 4 the Record readers! In case you missed it, check out our previous blogs on the personnel surety process, some updates from last summer and on how to prepare for your CFATS compliance inspections. In this issue, we’ll discuss the DHS Chemical Security Seminars from December 2020 (these seminars replaced the in-person Chemical Security Summit), Personnel Surety Program (PSP) Rollout to Tier 3 and 4 facilities, a January 2021 Federal Register Notice, the recent National Terrorism Advisory System (NTAS) Bulletin, and an update on COVID impacts.
2020 Chemical Security Seminars
In December, DHS Cybersecurity and Infrastructure Security Agency (CISA) hosted three virtual Chemical Security Seminars in lieu of the in-person Chemical Security Summit, due to COVID. There were two seminar sessions specific to CFATS: “Risk-Based Performance Standards (RBPS) Deep Dive and Best Practices,” and “PSP Demo and Lessons Learned.”
The RBPS Deep Dive and Best Practices session provided:
- An overview of all 18 RBPS with tier-specific expectations;
- Tips for editing Site Security Plans (SSPs);
- Expectations for outreach to local law enforcement and participation in Local Emergency Planning Committee (LEPC);
- A review of annual audit requirements; and
- Incident investigation and reporting procedures.
The PSP Demo and Lessons Learned session provided:
- A video demonstration of the PSP within the CSAT portal and other PSP resources;
- Clarification that facilities may list contractors as either “facility personnel” or “visitors” for the purposes of PSP (reminder – “facility personnel” cannot be “escorted” and must be screened prior to accessing the COI);
- Options for complying with RBPS 12.4, Screening for Terrorist Ties; and
- A description of the PSP roles available within the CSAT portal.
Complete presentations from both CFATS-related sessions and the other sessions from the seminars can be found here.
PSP Rollout to Tier 3 and 4 Facilities
Last year, we issued a blog article on the PSP, the system within the CSAT portal used for identifying individuals with terrorist ties, and its rollout to Tier 3 and 4 facilities. DHS is ahead of their schedule to roll out PSP to all high-risk facilities by mid-year 2022. If your facility is Tier 3 or 4 and has not yet been required to implement PSP, here are some things to be aware of:
- Any future update to your SSP or Alternative Security Plan (ASP) will trigger PSP implementation;
- Otherwise, once notified by DHS, facilities have 30 days to submit an updated SSP or ASP including details on how PSP will be implemented; and
- Once the updated SSP or ASP is approved, the facility must implement PSP within 60 days.
A few reminders for ongoing compliance for facilities that have already implemented PSP:
- Any new personnel or contracted employee must have their information submitted to DHS via the PSP before being granted access to CFATS-restricted areas;
- If specified in the SSP or ASP, DHS must also be notified whenever an employee’s access is removed (i.e. in the event of an employee leaving the facility or moving to a different area of the facility) by removing the individual from the list of affected individuals in the PSP within the CSAT portal; and
- RBPS 12.5 requires an annual personnel surety audit to confirm that all individuals who have access to the CFATS-restricted area have undergone all required background checks.
January Federal Register Notice
On January 6, CISA published a notice in the Federal Register requesting public comment on an advance notice of proposed rulemaking (ANPRM) to consider removal of 49 Class 1, Division 1.1 explosive chemicals from the list of regulated chemicals of interest (COI), codified at 6 CFR Part 27, Appendix A. The public comment period ends March 8, 2021. The chemicals proposed for removal are already regulated by the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF).
The chemicals proposed for removal from Appendix A are currently listed as “Release-explosive” and/or “Theft/Diversion-Explosives/Improvised Explosive Device Precursors.” CISA estimates that these chemicals are present above threshold quantities at 85 facilities, 24 of which would no longer be regulated as high-risk under the CFATS program following removal of these chemicals.
The notice references comments received as far back as 2014 and 2015 regarding the overlap in ATF’s regulations and CFATS, as well as comments received in response to the retrospective economic analysis of the CFATS program that was published last summer. This is the first proposed update to Appendix A since it was first issued in 2007, and a promising sign that DHS is looking to reduce regulatory overlap and remove chemicals from Appendix A where protections may already be in place under a different program.
On January 27, NTAS issued a bulletin due to a heightened threat environment across the country related to issues including the election, COVID restrictions, and police use of force. The bulletin is not an elevated threat alert and does not require facilities to enact their heightened security or elevated alert procedures. The full bulletin can be found here. The bulletin is currently set to expire on April 30, 2021 at 1:00 PM.
We are beginning to see DHS resume scheduling in-person compliance inspections. We expect DHS to prioritize facilities whose inspections may have been delayed due to COVID, facilities who have not yet had their initial compliance inspection, and Tier 1 and 2 facilities. DHS targets visiting Tier 1 and 2 facilities every 12 months and Tier 3 and 4 facilities every 12-18 months.
If you have any questions regarding CFATS or any of the updates listed above, please contact me at firstname.lastname@example.org or at (770)999-0269. ALL4 has assisted clients with completing top-screens, developing SSPs/ASPs, implementation of planned measures, compliance documentation, annual self-audits, and compliance inspections. Look for more CFATS content from ALL4!