DHS Guidance Portal – 2-29-20

A reader from DHS alerted me to the fact the DHS has also set up their guidance document web site yesterday. While similar in effect to the EPA site that I mentioned earlier today, there are some interesting differences. As with the EPA site, the DHS site provides separate pages for the following DHS components:

• DHS Headquarters

• Cybersecurity and Infrastructure Security Agency (CISA)

• Federal Emergency Management Agency (FEMA)

• Transportation Security Administration (TSA)

• U.S. Citizenship and Immigration Services (USCIS)

• U.S. Coast Guard (USCG)

• U.S. Customs and Border Protection (CBP)

• U.S. Immigration and Customs Enforcement (ICE)

The DHS landing page includes an interesting discussion about what constitutes a ‘guidance document’. Unusually for a government agency it looks like DHS has taken a very proactive and expansive look at both the letter and intent of EO 13891. DHS has also taken the extra step of providing a procedure (described on the page) for addressing citizen complaints or questions about these guidance documents. Nice touch.

CISA Documents

The CISA Guidance page provides an interesting look at how much work the Cybersecurity and Infrastructure Security Agency has done in providing guidance to the private sector. There are two subdivisions on the page; Chemical Security and Protected Critical Infrastructure Information (PCII). The Chemical Security section lists a large number of documents from the Chemical Facility Anti-Terrorism Standards (CFATS) program. Almost all of them are listed on the CFATS web site but are scattered across a number of different pages on that site.

There is only document listed in PCII section of the page, the PCII Program Procedures Manual.

Interestingly, the main DHS cybersecurity agency has no publicly available cybersecurity guidance publications.

CFATS Sodium Chlorate Exemption

There is one CFATS related document that I have never seen before; Clarification for Sodium Chlorate Contained in Specific Products. That document includes a 2015 letter from Director Wulf {Director of the CISA Infrastructure Security Compliance Division (ISCD)} that notes:

“It has come to our attention that, due to their chemical composition, certain sodium chlorate mixtures may not present the same hazards as pure sodium chlorate and that further review of the issue is necessary.”

He then goes on to provide an indefinite exemption for reporting the following products on Top Screens “further review of the issue”:

• Defol 5

• Defol 750

• Pramitol 5 PS

• BareSpot Monobor-Chlorate

• BareSpot Weed and Grass

• BareSpot Ureabor

• BareGround Ultra

I am going to look into this in a little more depth in a future blog post.

TSA Documents

The TSA sub-site is a completely different format from the CISA site; at DHS is agency has it’s own website generation folks with their own unique styles. Instead of listing different agencies with TSA with separate listing of guidance documents, TSA has opted for a search style organization that has a pull-down menu for ‘Topics’. Selecting the ‘Surface’ topic results in 4 pages of documents, many of which should obviously also show up for other ‘Topics’.

Under the ‘Surface’ document listing I found “Counterterrorism Guide (CT) Freight Railroad (FR)”. This document is marked ‘For Official Use Only’ (FOUO). As such, it probably could have been left off of this site as a Sensitive But Unclassified (SBU) document. The other interesting thing about the document is that it is prominently marked as being privately (QUICKSERIES PUBLISHING) copywrite protected.

The TSA does have a ‘Cybersecurity’ topic listed on their search tool. That returns a single publication; “Counterterrorism Guide (CT) Cybersecurity”. It is also marked FOUO and copywrite protected by the same company.