CFATS


CFATS REGULATORY OVERVIEW

Congress continues to debate chemical security and significant uncertainties remain, particularly with regard to Inherently Safer Technology (IST) and Maritime Transportation Security Act (MTSA) - CFATS "harmonization." While a number of competing chemical security bills were introduced in both the House and Senate in 2010 and 2011, Congress ultimately extended CFATS in its current form through October 2012.

  • CFATS establishes a Chemical Security Assessment Tool (CSAT) that comprises four elements

    (1) User Registration;
    (2) Top-Screen;
    (3) Security Vulnerability Assessment; and
    (4) Site Security Plan.


  • The failure to complete a Top-Screen in a timely manner may result in a presumptively high-risk determination, thereby forcing a facility to overcome the presumption.

  • The Security Vulnerability Assessment has five components:

    (1) Asset Characterization;
    (2) Threat Assessment;
    (3) Security Vulnerability Analysis;
    (4) Risk Assessment; and
    (5) Countermeasure Analysis.

  • The Site Security Plan must address the vulnerabilities identified in the Security Vulnerability Assessment and identify and describe how each security measure will, in fact, meet the applicable Risk-Based Performance Standards.


  • The Risk-Based Performance Standards are the essence of CFATS and, among other things, include:

    (1) Access Control;
    (2) Credentialing;
    (3) Cybersecurity;
    (4) Recordkeeping, Training, and Emergency Response;
    (5) Testing of Security Equipment ;
    (6) Reporting of Security Incidents and Suspicious Activity
    (7) Deterring, Detecting, and Delaying


  • DHS will review and approve (or deny) all Security Vulnerability Assessments and Site Security Plans.


  • Facilities subject to CFATS must keep detailed security records for 3 to 6 years.


  • Penalties for violations of CFATS may include a fine, not to exceed $25,000 per day, and, in extreme cases, cessation of operations.


  • Challenges to CFATS will be heard by a neutral adjudicator. There is also an appeal process, the conclusion of which represents final agency action that allows a party to elevate the matter to a U.S. District Court.