This week (apparently, DHS no longer provides ‘last published’
dates on their web pages) the DHS Cybersecurity and Infrastructure Security Agency
(CISA) posted
links to new versions of three manuals used by facilities covered under the
Chemical Security Anti-Terrorism Standards (CFATS) program. The manuals are ‘dated’
June and July 2019, but there has been no notice of the new manuals provided on
either the CFATS
web site landing page nor on the CFATS
Knowledge Center. The two remaining manuals for the Chemical Security
Assessment Tool (CSAT) have not yet been updated.
The manuals affected are:
DHS has long stopped putting change notices in their documents,
so it is difficult to tell what changes, if any, have been made in the documents.
One change is obvious in all three documents, they have been rebranded with a
CISA front page; a branding that reflects more on the CISA cybersecurity
mission than the chemical security mission of the CFATS program.
PSP Instructions
This manual has certainly been revised to reflect the recent
implementation of the extension of the terrorist ties screening requirement to
Tier III and IV facilities. You can tell this by the new ‘Note’ on page 4:
“For more information on RBPS
12(iv) and the Personnel Surety Program, see 84 FR 32768, Notice
of Implementation Chemical Facility Anti-Terrorism Standards Personnel
Surety Program published on July 9, 2019 or access the DHS Personnel
Surety Program.”
Since there was no reference to the submitting facility’s
tiering in the original manual, there was no need to make changes reflecting
the expanded implementation. In a quick perusal of the two versions, I do not
see any changes beyond pagination and layout changes, with one exception. The ‘addendums’
at the end of the 2018 manual have been renamed ‘Appendix A’, ‘Appendix B’ and
the acronym list has been labeled ‘Appendix C’ in the new version.
CSAT User Manual
This User Manual has been substantially reformatted and ‘enhanced’.
The table of contents page, for instance now provides a link to the indicated
section and the sub-sections of the text are listed down to the X.Y.Z level
where the previous version was limited to the X.Y level. The other major
enhancement is that each graphic provides a textbox with additional details
when the cursor is placed on the graphic; this will, of course, only be useful
in the electronic version.
This manual is ‘dated’ June 2019, so it would presumably predate
the PSP changes.
SVA/SSP Instructions
As one would expect this manual has been updated to reflect
the expansion of the PSP program. A note similar to that in the PSP manual can
be found on page 97 of the new manual.
Commentary
None of the changes that I have seen are significant; they
would have no impact on a facility’s implementation of the CFATS program in
general or the PSP program in particular. I have not, however, done a line by
line review of any of the documents. In any case, security managers and those
interested in the CFATS program should download these new manuals, just to ensure
that they have the latest version available.
Oh, it is interesting to note that while the description of
the SVA/SSP manual found on the CFATS Knowledge Center describe the previous
version of these manual, the links take one to the newer version. This is
unusual in that the URL’s for the document are completely different than those found
on the CSAT web site. The links for the other two manuals on the Knowledge
Center page still go to the older manuals.
Posts
No comments:
Post a Comment