On November 25, 2002, Congress passed the Maritime Transportation Security Act of 2002 (MTSA), giving the Department of Homeland Security (DHS), and specifically the U.S. Coast Guard (Coast Guard), the authority to regulate facilities and vessels located on or adjacent to waterways under U.S. jurisdiction. The Coast Guard subsequently published MTSA’s implementing regulations (found at 33 CFR Parts 101-106) through an interim final rule on October 22, 2003:
MTSA-regulated facilities must complete a Facility Security Assessment (FSA) that identifies and evaluates critical assets, critical infrastructures, potential threats to critical assets and infrastructures, and general facility security vulnerabilities. The facility must then develop and submit a Facility Security Plan (FSP) to the Coast Guard that addresses, among other things, the vulnerabilities identified in the FSA. The FSP, which must be approved by the Coast Guard, is valid for five years, after which time the facility must submit an updated FSP for re-approval.
The Coast Guard typically conducts at least one scheduled audit and one unannounced "spot check" each year. As such, facilities must ensure ongoing compliance, which includes, among other things, recordkeeping, annual internal Facility Security Plan (FSP) audits, ensuring proper implementation of Transportation Worker Identification Credential (TWIC) requirements, and conducting routine training, drills, and exercises.