Today CISA updated both the Chemical Facility Anti-Terrorism Standards (CFATS) program landing page and the CFATS Knowledge Center to make the chemical security community aware of new guidance (Reporting Cyber Incidents) on the reporting of cyber incidents under Risk-Based Performance Standard (RBPS) 8 (Cyber) and RBPS 15 (Reporting of Significant Security Incidents).
While the Office of Chemical Security is not currently requiring changes to approved site security plans (SSPs), covered facilities can expect that chemical security inspectors will begin inspecting compliance with this new guidance. Chemical facilities that are not currently covered by CFATS should probably review the new guidance documents and incorporate them into their incident response plans.
CFATS covered facilities should review all of these new pages to determine if there is anything covered in them that is not appropriately reflected in their Site Security Plan. If the plans do appear to be deficient in any way, the facility should contact their chemical security inspector to determine if a formal revision of the SSP is required.
For more details on the documents and guidance, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/cfats-and-cyber-incident-reporting
- subscription required.
No comments:
Post a Comment