Chemical Security Group

CFATS

Chemical-Terrorism Vulnerability Information (CVI)

Who Has Access to Chemical-Terrorism Vulnerability Information?

 

CVI is exempt from disclosure under the Freedom of Information Act, as well as state open records laws.  Generally, only “authorized users” with a “need to know” may access CVI:
 

Authorized Users

 

An "authorized user" is any person who has:

  • Successfully completed the DHS online CVI training, which includes obtaining a CVI Authorized User Identification Number; and
  • Satisfied any DHS requirement demonstrating trustworthiness (e.g., a background check), as applicable.
     

Need to Know

 

The term “need to know” is defined by regulation at 6 CFR § 27.400(e). It sets forth five circumstances when a person, including a state or local official, has a “need to know:”

  • When the person requires access to specific CVI to carry out chemical facility security activities that are approved, accepted, funded, recommended, or directed by DHS;
  • When the person needs the information to receive training to carry out chemical facility security activities that are approved, accepted, funded, recommended, or directed by DHS;
  • When the information is necessary for the person to supervise or otherwise manage individuals carrying out chemical facility security activities that are approved, accepted, funded, recommended, or directed by DHS;
  • When the person needs the information to provide technical or legal advice to a covered person; and
  • When DHS determines that access is required under 6 CFR §§ 27.400(h) or (i) in the course of judicial or administrative proceedings.