OMB Approval of CFATS PSM to Tier III and IV

Earlier this week I ran into a blog post at Aradc.org (Agriculture Retailers Organization) by Andrea Mowers about the OMB’s approval of the information collection request to add Tier III and IV facilities in the Chemical Facilities Anti-Terrorism Standards (CFATS) program to the Personnel Surety Program (PSP) vetting of employees against the Terrorist Screening Data Base (TSDB). I missed the May 23^rd announcement by OMB’s Office of Information and Regulatory Affairs (OIRA), but the ICR certainly was approved.

We can expect to see the DHS Infrastructure Security Compliance Division (ISCD) publish a notice in the Federal Register about the implementation of the expansion of the PSP submission requirements. I will review the details of that process when the document is issued, but we can look at the Tier I and Tier II implementation and the documentation ISCD submitted to OIRA to get a general idea of what those requirements will be.

First off, ISCD will establish some sort of internal process to spread out the requirement to first modify approved site security plans (SSP) to explain how the facility will implement the process. That implementation plan would include which of the four options (or combination of options) that the facility plans to use to screen employees, contractors and visitors (the last two with unaccompanied access to critical areas of the facility) for potential terrorist ties. Finally, once that SSP revision is approved, ISCD will provide a deadline for the implementation of the plan. Facilities can probably expect that assistance will be available from Chemical Security Inspectors (CSI) during the process.

The general plan for the phased implementation of the Tier III and IV implementation of the PSP requirements was outlined in a response (.DOCX download) to industry comments submitted to OIRA. Response 4.1.1 notes:

“The Department agrees that a flexible approach is appropriate for the rollout of the Personnel Surety Program to Tier 3 and Tier 4 covered chemical facilities. If approved, the Department plans to implement the CFATS Personnel Surety Program in a phased manner to Tier 3 and Tier 4 covered chemical facilities over a three year period.  Similar to the successful and recent retiering effort, the Department plans to consider the number of facilities assigned to a single Authorizer when notifying facilities to implement the Personnel Surety Program, as not to overwhelm a single Authorizer. The Department will also allow the flexibility for Authorizers, if desired, to complete the process for their facilities before notification by the Department.”

While ISCD will certainly be providing individual facilities with notification of the deadline by which they will have to revise their SSP, I expect that ISCD will allow facilities to begin the process before that notification is given. I do suspect, however, that they would prefer that facilities not try to begin the process before the Federal Register Notice is published. Facilities could contact their CSI or the regional office to confirm this.

One final point, questions have been raised throughout the PSP development and implementation process about DHS’s reluctance to guarantee that facilities would receive timely notification if a person is identified in the TSDB vetting process as having potential terrorist ties. If this were totally up to ISCD, I am sure that timely notifications would be made. Unfortunately, intelligence and law enforcement entities outside of the Cybersecurity and Infrastructure Security Agency (CISA), the controlling agency under which ISCD resides, will be involved in making that decision. The comment response document again addresses this issue in response 5.62:

“The Department’s design of the CFATS Program is intended to promote and enhance the security of high-risk chemical facilities; the Personnel Surety Program is one element of the larger CFATS Program. To prevent a significant threat to a facility or loss of life, a high-risk chemical facility will be contacted where appropriate and in accordance with federal law and policy, and per law enforcement and intelligence requirements.”