Thursday, September 25, 2008

New CVI Manual – Introduction

As I noted in an earlier blog entry (see: “Chemical Security Page Update 09-22-08”) DHS has revised the CVI Procedures Manual. Along with the new manual there is a new, on-line CVI Training program and a number of explanatory new web pages. Additionally, DHS added nine new CVI-related questions to the CSAT FAQ web page. All in all, this is a well thought out and well explained roll-out of the new CVI procedures.


As I have done with previous DHS rules and regulations, I will try to provide a detailed analysis of the changes that DHS has made to the CVI program in a series of blogs. In this first blog I will provide an overview of the changes made to the program and provide some links to the various supporting documentation provided by DHS.


Procedure Manual Change Log


DHS has documented the changes made to the CVI procedures in the Change Log on page three of the new manual. This provides a good summary of the scope of the changes that have been made. Those changes include:


  • “Removed DHS internal procedures to make the Chemical-Terrorism Vulnerability (CVI) Procedures Manual more user-friendly.
  • “Clarified which aspects of the Manual constitute guidance and which are based on existing statutory and regulatory requirements.
  • “Removed the requirements that individuals enter into non-disclosure agreements (NDAs), whether in the course of completing CVI on-line training or otherwise, to obtain access to CVI. This includes any prior requirements for an NDA as a condition for sharing CVI with third parties. DHS reserves the right under 6 CFR § 27.400(e)(2)(iii) to require NDA’s in the future, as appropriate.
  • “Replaced the previous suggested models for access and disclosure of CVI within and between private and public entities with new, more effective models.
  • “Eliminated the concept of CVI Tracking Numbers.
  • “Clarified the meaning of “need to know”.
  • “Provide greater details about what information is and is not considered CVI.
  • “Clarified that DHS does not need to be notified when CVI is properly disclosed to Authorized Users with a need to know.
  • “Updated CVI Cover Page.”

Chemical Security Web Page


DHS has provided a number of web pages that help to explain some of the changes made in the CVI program. Links to these pages can be found on the Critical Infrastructure – Chemical Security Web page. That page, under its ‘What’s New’ heading provides the following explanation of the importance of the changes:


  • “The Department of Homeland Security has revised the Chemical-terrorism Vulnerability (CVI) Information Procedures Manual and the CVI Authorized User Training. The revisions take into account feedback from the private sector and the experience gained since implementing Chemical Facility Anti-Terrorism Standards (CFATS) in April2007.
  • “Individuals in the private and public sectors impacted by CFATS as well as currently CVI Authorized Users are encouraged to review the changes and complete the updated training.
  • “Covered facilities that have been determined to be high risk by DHS must complete and submit a Security Vulnerability Assessment (SVA). All Chemical Secerity Assessment Tool (CSAT) Users must be CVI Authorized before being allowed to access the SVA.
  • “Become a CVI Authorized User by completing the CVI Training.”

CVI Web Pages


The Chemical Security web page provides a link to a CVI information portal, the Chemical-terrorism Vulnerability Information page. That page provides links to seven additional pages that explain various parts of the CVI program. Those pages are:


 In future blogs I will look at some of this information in greater detail.

No comments:

/* Use this with templates/template-twocol.html */