Today the DHS Infrastructure Security Compliance Division
(ISCD) updated their frequently asked questions (FAQ) list on the CFATS
Knowledge Center page. There is no listing of the 8 new FAQs and one
updated FAQ response in the ‘Latest News’ section of the page.
#
1450 What is the URL to the CSAT Web Portal?
#
1761 I have misplaced my Chemical-terrorism Vulnerability Information (CVI)
certificate. How can I retrieve a copy?
#
1762 Can our company’s human resources department request a change in
contact information to receive the Chemical-terrorism Vulnerability Information
(CVI) certificates?
#
1763 Why are my Chemical-terrorism Vulnerability Information (CVI)
documents and information located in my Chemical Security Assessment Tool
(CSAT) account inaccessible?
#
1764 How long will a facility have to implement the approved security
measures to check for terrorist ties (Risk-Based Performance Standard (RBPS)
12(iv)) in its Site Security Plan (SSP)/Alternative Security Program (ASP)?
#
1765 What does a facility need to do to comply with the Chemical Facility
Anti-Terrorism Standards (CFATS) Personnel Surety Program requirements that are
in effect now that the program has been implemented?
#
1766 Does DHS allow facilities to contract out the submission of
information under Option 1 or Option 2 for the Personnel Surety Program in
Risk-Based Performance Standards (RBPS) 12(iv) to third parties?
#
1767 Will the facility be notified if the Department learns that an
affected individual has terrorist ties?
#
1768 When will DHS grant access to the Chemical Security Assessment Tool
(CSAT) Personnel Surety Program application if a facility chooses to meet
Risk-Based Performance Standard (RBPS) 12(iv) by selecting Option 1 or Option 2
in its Site Security Plan (SSP)/Alternative Security Program (ASP)?
Updated FAQ
The FAQ that has been updated is #1450. As far as I can tell
there is no new information for either of the links provided in the response.
New CVI FAQs
The first three new FAQs (# 1761, # 1762, and # 1763) all
have to deal with the Chemical-Terrorism Vulnerability Information (CVI)
training certificate. This certificate is issued when you complete the on-line
CVI training course. Having this certificate is one of the prerequisites for
accessing CVI information on the CSAT web site. The information in the first
two FAQs is relatively straight forward and self-explanatory.
The third new CVI FAQ is a tad bit more complicated than the
response sets forth. One of the common reasons for the CVI certificate not
being synced with a user’s CSAT account is that the email provided for the CVI
training is different than the email used on the CSAT account. For those of us
who took the CVI training using a personal email account, we may not want to
(or be allowed to) use that personal email on our CSAT account. In other cases,
an individual may have taken the CVI training under a different employer’s
email system and probably no longer has access to that email address. Neither
of these cases is specifically addressed in the response to the FAQ.
I am pretty sure, however, that these two problems can be
resolved by a phone call to the CFATS Help Desk {(866) 323-2957}.
Personnel Surety
Program FAQs
The final five new FAQs all deal with the Personnel Surety
Program (PSP) still being rolled out by ISCD. We are still waiting on a
promised CFATS Personnel Surety Program Application User Manual and possibly a
revised CSAT Account Management user guide to reflect new user types for PSP
data submissions.
There is nothing in the new PSP FAQs that was not already
covered in the December 18th, 2015 Federal Register notice.
TSDB Match
Notifications
The one FAQ that is likely to cause some industry
consternation is the response to #
1767: Will the facility be notified if the Department learns that an
affected individual has terrorist ties? No one in industry (and few, if any, in
DHS) will really be satisfied with this weasel worded response:
“To prevent a significant threat to
a facility or loss of life, a high-risk chemical facility will be contacted where
appropriate and in accordance with federal law and policy and law enforcement
and intelligence requirements [emphasis added].”
If the folks at ISCD had their druthers, they would notify
the facility security officer as soon as they were notified that an individual’s
name submitted by a covered facility matched a name on the Terrorist Screening
Database (TSDB). Unfortunately, it is easy to imagine a situation where ISCD
would not be allowed to make that notification by the powers that be at the
Department of Justice that own the TSDB information. In fact, it is entirely
too likely that there will be instances where even ISCD is not informed.
If the DOJ or some investigative agency within the national
security apparat has an on-going criminal or national security investigation
connected with someone whose name has been submitted under the CFATS PSP, those
agencies are not going to want to have their investigation compromised by
notifying the facility (and thus the individual) of a TSDB match. If such a
notification is going to be made, it is likely to be made by the investigative
agency, not ISCD.
Additional Questions
Anyone from a CFATS covered facility with additional
questions can contact the CFATS Help Desk (866-323-2957).
Posts
No comments:
Post a Comment