Today the CISA Infrastructure Security Compliance Division
(ISCD) updated the responses to 15 frequently asked questions (FAQs) on the
Chemical Facility Anti-Terrorism Standards (CFATS) Knowledge Center web page.
The following FAQ responses were revised:
FAQ #1275 What
needs to be done with the facility ID in the Chemical Security Assessment Tool
(CSAT) when a covered chemical facility is bought or sold?
FAQ #1481 What
factors does a facility need to account for when calculating whether a facility
possesses the screening threshold quantity (STQ) for a theft/diversion chemical
of interest (COI)?
FAQ #1489 Can
a covered facility have contractors or lawyers fill out their Security
Vulnerability Assessment (SVA)/Site Security Plan (SSP)?
FAQ #1490 Must
all employees involved in filling out the Top-Screen, Security Vulnerability
Assessment (SVA), or Site Security Plan (SSP) at my facility be
Chemical-terrorism Vulnerability Information (CVI) Authorized Users?
FAQ #1554 Does
the Cybersecurity and Infrastructure Security Agency (CISA) have enforcement
authority to fine noncompliant facilities, to include shutting down a facility?
FAQ #1620 How
does an individual report a possible security concern involving the Chemical
Facility Anti-Terrorism Standards (CFATS) regulation at one’s facility or
another facility?
FAQ #1633 What
is a proposed measure and why would a facility include one in their Site
Security Plan (SSP)?
FAQ #1635 The
Risk-Based Performance Standards (RBPS) for "Shipping, Receipt and
Storage" (RBPS 5) and for "Theft and Diversion" (RBPS 6) in the
Chemical Facility Anti-Terrorism Standards (CFATS) regulation (6 CFR §§
27.230(a)(5) and (a)(6)) refer to "hazardous materials" and to
"dangerous chemicals," respectively. Do those terms include any
chemicals other than chemicals of interest (COI) listed in Appendix A of the
CFATS regulation?
FAQ #1653 If
a facility is in a location where another entity provides certain security
measures (e.g., industrial park, co-located facility: office park, etc.), can
the facility include these security measures as part of its Security
Vulnerability Assessment (SVA)/Site Security Plan (SSP)?
FAQ #1724 How
do National Terrorism Advisory System (NTAS) Alerts and Bulletins affect a
CFATS facility’s RBPS 13 compliance responsibilities?
FAQ #1735 How
can a corporation with multiple facilities regulated under the Chemical
Facility Anti-Terrorism Standards (CFATS) request the corporate approach and
what benefits does this provide the corporation?
FAQ #1738 What
is the difference between the Expedited Approval Program (EAP) and the Chemical
Facility Anti-Terrorism Standards (CFATS) program?
FAQ #1745 If
a facility has submitted a Site Security Plan (SSP) or an Alternative Security
Program (ASP) in lieu of an SSP, but does not yet have approval, can it still
be part of the Expedited Approval Program (EAP)?
FAQ #1750 What
happens after I submit my Expedited Approval Program Site Security Plan (EAP
SSP)?
FAQ #1751 If
my facility has been issued a “letter of acceptance” through the Expedited
Approval Program (EAP), but then the Cybersecurity and Infrastructure Security
Agency (CISA) discovers that the measures in the Site Security Plan (SSP)
insufficiently meet the risk-based performance standards (RBPS) during a
Compliance Inspection, what happens?
NOTE: The links provided for the FAQs in this post were
copied from the CFATS Knowledge Center but may not work when followed from your
machine. This is an artifact of that web site. If the links do not take you to
the referenced FAQ you will have to use the ‘Advanced Search’ function on the
page to link to the FAQ or download the ‘All FAQs’ document at the bottom of
the ‘Advanced Search’ page.
The following changes were made in the referenced responses:
#1275 Editorial change to address –
Changed ‘Chemical Security’ to ‘Office of Chemical Security’,
#1481 Editorial change to Question –
Added ‘?’ at the end of the question,
#1489 Editorial change to Answer –
Changed ‘(high risk)’ to ‘(high-risk)’,
#1490 Editorial change to Answer – In
first paragraph changed ‘with regards to the SVA development’ to read ‘with
regards to the development of the facility's Top-Screen, SVA, or SSP’,
#1554 Editorial change to Answer – In
first paragraph changed ‘specified time frame’ to read ‘specified timeframe’,
#1620 Editorial change to Answer –
In second paragraph changed type on email address to BOLD,
#1633 Editorial change to Answer –
Added period at the end of each sentence in the subparagraphs,
#1635 Editorial change to Question –
Changed ‘Risk-based’ to ‘Risk-Based’,
#1653 No apparent change,
#1724 Editorial change to Answer – In
first paragraph changed ‘businesses and governments’ to read ‘businesses, and
governments’,
#1735 Editorial change to Answer –
In second paragraph changed ‘Chief of Regulatory Compliance’ to ‘Chief of
Chemical Security’,
#1738 Editorial change to Answer –
Changed ‘meets the applicable’ to read ‘meet the applicable’,
#1745 No apparent change,
#1750 Editorial change to Answer – In
second paragraph changed ‘if DHS fails’ to read ‘if CISA fails’,
#1751 Editorial change to Question –
Changed ‘Cyber Infrastructure Security Agency (CISA)’ to “Cybersecurity
Infrastructure Security Agency (CISA).
Posts
No comments:
Post a Comment