CFATS

Facilities must address all applicable RBPSs in their Site Security Plans (SSPs) or Alternate Security Programs (ASPs). These include:

• Restrict Area Perimeter
• Secure Site Assets
• Screen and Control Access
• Deter, Detect, and Delay
• Shipping, Receipt, and Storage
• Theft and Diversion
• Sabotage
• Cyber
• Response
• Monitoring
• Training
• Personnel Surety
• Elevated Threats
• Specific Threats, Vulnerabilities, or Risks
• Reporting of Significant Security Incidents
• Significant Security Incidents and Suspicious Activities
• Officials and Organization
• Records

DHS also included a nineteenth RBPS, permitting it to add “any additional performance standards” that may apply to a facility.