CFATS Legislative Update
On Tuesday March 6, 2012, the House Committee on Homeland Security held a hearing on the Chemical Facility Anti-Terrorism Standards (CFATS) focusing on an internal Department of Homeland Security (DHS) memorandum that was leaked to the media late last year. The leaked memo identifies a number of internal agency issues that have stymied the progress of CFATS program, including poor hiring decisions, high leadership turnover, and a culture within the agency that has allowed personnel to underperform.
DHS official responsible for the CFATS program explained several of the steps they are taking to address the challenges discussed in the leaked memorandum. Members of industry also testified at the hearing, offering suggestions for to streamlining the CFATS implementation process and more appropriately allocating agency resources. More information regarding the hearing, including a full list of hearing witnesses and their submitted statements, is available online.
***
The 112th Congress showed significant interest in chemical facility security legislation. Although multiple chemical security bills were introduced, Congress ultimately extended the Chemical Facility Anti-Terrorism Standards (CFATS) through an appropriations bill, in its current form, until October 4, 2012.
CFATS Personnel Surety Requirements
The Department of Homeland Security’s (DHS’s) Chemical Facility Anti-Terrorism Standards (CFATS) regulations and Risk-Based Performance Standard (RBPS) 12 require facilities to perform appropriate background checks on and ensure appropriate credentials for facility personnel and, as appropriate, for unescorted visitors with access to restricted areas or critical assets, including:
- Measures Designed to Verify and Validate Identity – This typically involves a social security/name trace search, which reveals names associated with a social security number, past and present addresses, and fraudulent use of social security numbers.
- Measures Designed to Check Criminal History – This typically involves a search of commercially available databases, such as county, state and/or federal criminal record repositories for jurisdictions in which the individual has worked or resided. The search should uncover any criminal charges, outstanding warrants, dates, sentencing, and disposition for felonies and/or misdemeanors.
- Measures Designed to Verify and Validate Legal Authorization to Work – This typically involves the filing of U.S. Citizenship and Immigration Services (USCIS) Form I-9: Employment Eligibility Verification or through DHS’s E-Verify program. Note that this option is not available for existing employees who were hired on or before November 6, 1986.
- Measures Designed to Identify People With Terrorist Ties – This is an inherently governmental function that requires a check of the Terrorist Screening Database (TSDB) which not commercially available. See Terrorist Screening Database Checks below for additional information.
DHS’s RBPS Guidance document provides a Metric Table with a narrative summary of the personnel surety measures a hypothetical facility may choose to implement at each risk-tier for the purposes of RBPS 12. Learn more.
Terrorist Screening Database (TSDB) Checks
Using the online Chemical Security Assessment Tool (CSAT) portal, DHS proposed to develop a system by which covered facilities can submit Personally Identifiable Information (PII) for cross-referencing against the Terrorism Screening Database (TSDB), as established by 6 CFR 27.230(a)(12)(iv). DHS summarized its proposal in April 2010. Click here to view the April 2010 Federal Register Information Collection Request.
In June 2011, DHS released three notices in the Federal Register describing requirements for the submission of information to the TSDB under its Personnel Surety Program (PSP):
Facilities will be required to submit information to DHS for two classes of personnel:
(1) Facility Personnel who have or are seeking access to restricted areas or critical assets; and
(2) Unescorted Visitors who have or are seeking access to restricted areas or critical assets.
DHS refers to these two classes collectively as “affected individuals,” and explained that classifying contractors as “facility personnel” or “visitors” should be “…a facility-specific determination, based on facility security, operational requirements, and business practices.”
Among other issues, DHS clarified that it will allow facilities to designate third parties to submit TSDB screening information to DHS on behalf of the facilities:
- Comment: Three commenters suggested that the Department should allow private third parties to submit information of individuals to DHS on behalf of chemical facilities. Specifically, these commenters suggested that if private third parties could directly submit information, substantial burden could be eliminated for high-risk chemical facilities. Another commenter suggested that the Department should provide a means through which non-employees would be able to directly provide their information to the Department.
- Response: As part of the Personnel Surety Program, DHS will also allow facilities to designate third party individuals as Submitters. Designated individuals will be able to submit TSDB screening information to DHS on behalf of the facilities that designate them as Submitters.
76 FR 34,727.
DHS also reiterated its position that it supports the sharing and reuse of vetting results. While there is still much discussion between DHS and industry, in this latest ICR Notice, DHS indicated that “affected individuals” who have successfully undergone TSDB vetting under other federal programs such as Transportation Worker Identification Credential (TWIC) or Hazardous Materials Endorsement (HME), will not need to be re-vetted under the CFATS PSP. However, facilities will still need to submit the affected individual’s personal information to DHS to ensure his or her credentials are current and valid.
Scope of CFATS Personnel Surety Requirements
The scope of individuals affected by the regulation is broad. For instance, individuals may require screening under CFATS despite the fact that they have, by virtue of the length of their employment, been “grandfathered in” by the company. DHS has specifically indicated that “[m]erely because an individual has worked in a chemical facility for a period of time without incident does not automatically mean that they do not pose a terrorism risk and should be given free access to restricted areas and critical assets without a background check.” 72 Fed. Reg. 17,708. Further, the regulation does not limit application in any manner to a specific type of “covered person.” This, in turn, raises contract considerations for certain classes of third-parties, such as security guards and security integrators.
The number and type of personnel requiring background checks pursuant to CFATS often may depend on how the facility defines its assets and/or restricted areas in its CFATS Site Security Plan (SSP).
Conceptually, only individuals with access to CFATS-Designated Restricted Areas at a facility would be subject to the CFATS personnel surety requirements. This may involve identifying (or creating) assets under RBPS 2 – Secure Site Assets.