CFATS


CFATS REGULATORY OVERVIEW

Congress continues to debate chemical security and significant uncertainties remain, particularly with regard to Inherently Safer Technology (IST) and Maritime Transportation Security Act (MTSA) - CFATS “harmonization.” A number of competing chemical security bills were introduced in both the House and Senate in 2009 and 2010. Notwithstanding recent Congressional action, it is unlikely that any of this legislation will make much progress before the November midterm elections. Thus, it seems inevitable that CFATS will once again be extended in its current form for one year, through October 2011.

  • CFATS establishes a Chemical Security Assessment Tool (CSAT) that comprises four elements

    (1) User Registration;
    (2) Top-Screen;
    (3) Security Vulnerability Assessment; and
    (4) Site Security Plan.


  • The failure to complete a Top-Screen in a timely manner may result in a presumptively high-risk determination, thereby forcing a facility to overcome the presumption.

  • The Security Vulnerability Assessment has five components:

    (1) Asset Characterization;
    (2) Threat Assessment;
    (3) Security Vulnerability Analysis;
    (4) Risk Assessment; and
    (5) Countermeasure Analysis.

  • The Site Security Plan must address the vulnerabilities identified in the Security Vulnerability Assessment and identify and describe how each security measure will, in fact, meet the applicable Risk-Based Performance Standards.


  • The Risk-Based Performance Standards are the essence of CFATS and, among other things, include:

    (1) Access Control;
    (2) Credentialing;
    (3) Cybersecurity;
    (4) Recordkeeping, Training, and Emergency Response;
    (5) Testing of Security Equipment ;
    (6) Reporting of Security Incidents and Suspicious Activity
    (7) Deterring, Detecting, and Delaying


  • DHS will review and approve (or deny) all Security Vulnerability Assessments and Site Security Plans.


  • Facilities subject to CFATS must keep detailed security records for 3 to 6 years.


  • Penalties for violations of CFATS may include a fine, not to exceed $25,000 per day, and, in extreme cases, cessation of operations.


  • Challenges to CFATS will be heard by a neutral adjudicator. There is also an appeal process, the conclusion of which represents final agency action that allows a party to elevate the matter to a U.S. District Court.