ISCD Updates a Number of CFATS Information Documents

Recently the DHS Infrastructure Security Compliance Division (ISCD) provided links to a number of new and updated information documents related to the Chemical Facility Anti-Terrorism Standards (CFATS) program. Links were provided on either the CFATS Knowledge Center page or the CFATS Resources page.

The new or revised documents I found are:

• CFATS Risk-Based Performance Standards (RBPS) 10 – Monitoring (new);

• Chemical Facility Anti-Terrorism Standards: Top Regulated Chemicals of Interest (COI) (revised);

• Chemical Facility Anti-Terrorism Standards: The Role of First Responders (new);

• DHS Guidance for the Expedited Approval Program (?);

• Chemical Facility Anti-Terrorism Standards: Expedited Approval Program (new);

• Chemical Facility Anti-Terrorism Standards: Resubmitting a Top-Screen (revised);

• CFATS Risk-Based Performance Standards (RBPS) 1-7: Detection and Delay (revised); and

• CFATS Risk-Based Performance Standards (RBPS) 12iv – Screening for Terrorist Ties (revised)

I have not done (and probably will not do) a detailed review of the revised documents. These are ‘fact sheets’ and those are seldom (if ever) used to announce new policy. If new policy were involved, we would have seen a more formal announcement of the revised documents. I suspect that this was mainly a branding exercise for the new Cybersecurity and Infrastructure Security Administration (CISA).

The odd one on the list above was the EAP guidance document. It was not rebranded with the CISA format or logo. There is no date on the document, so I am not even sure that it was revised. It was listed on the top of the ‘User Manuals’ column of the CFATS Knowledge Center, so ISCD is apparently attempting to at least call attention to the manual. The EAP program was mandated by Congress in the first re-write of the CFATS legislation and may not survive the second re-write. It has not been used by more than a handful of facilities, but that is more because it was introduced after the vast majority of facilities had already submitted proposed Site Security Plans under the existing program than it was because of any problems with the EAP.

Most of the documents listed above have dates back in May. I am not sure when they were actually published or the links made available. A couple of years ago DHS generally stopped putting date of change notices on their web pages. With web sites that are as voluminous as the CFATS program this makes it very difficult to keep up with the changes. I had hoped with the rise of CISA (and the fall of NPPD, its predecessor) that we would see a change in this policy. Every once-in-a-while a ‘last published date’ slips in (see here), but I have not seen any indication that this is more than the action of isolated web-scriptors trying to do right.