Chemical-Terrorism Vulnerability Information (CVI)

What is Chemical-Terrorism Vulnerability Information?


As enumerated by 6 CFR § 27.400(b), CVI includes, among other things:

  • Top-Screens;
  • Security Vulnerability Assessments (SVAs);
  • Site Security Plans (SSPs) and Alternate Security Programs (ASPs);
  • CFATS records required to be retained under the regulation (e.g., training, security incidents, etc.);
  • DHS-issued initial and final tier determination letters; and
  • Inspection and audit findings.

CVI does not include, among other things, information developed and/or submitted to a government agency pursuant to a law or regulation other than CFATS (e.g., EPA RMP).


DHS no longer requires completion of a CVI Non-Disclosure Agreement, although DHS retains the right to require them (once again) in the future. However, DHS does require acceptance of CVI Affirmation Statements indicating that the user will comply with all CVI requirements. These Affirmation Statements are completed at the end of the CVI Authorized User Training.