(a) No person may operate an airport subject to § 1542.103 unless it adopts and carries out a security program that—

(1) Provides for the safety and security of persons and property on an aircraft operating in air transportation or intrastate air transportation against an act of criminal violence, aircraft piracy, and the introduction of an unauthorized weapon, explosive, or incendiary onto an aircraft;

(2) Is in writing and is signed by the airport operator;

(3) Includes the applicable items listed in § 1542.103;

(4) Includes an index organized in the same subject area sequence as § 1542.103; and

(5) Has been approved by TSA.

(b) Each airport operator subject to § 1542.103 must maintain one current and complete copy of its security program and provide a copy to TSA upon request.

(c) Each airport operator subject to § 1542.103 must—

(1) Restrict the distribution, disclosure, and availability of sensitive security information (SSI), as defined in part 1520 of this chapter, to persons with a need to know; and

(2) Refer all requests for SSI by other persons to TSA.

(a) Complete program. Except as otherwise approved by TSA, each airport operator regularly serving operations of an aircraft operator or foreign air carrier described in § 1544.101(a)(1) or § 1546.101(a) of this chapter, must include in its security program the following:

(1) The name, means of contact, duties, and training requirements of the ASC required under § 1542.3.

(2) [Reserved]

(3) A description of the secured areas, including—

(i) A description and map detailing boundaries and pertinent features;

(ii) Each activity or entity on, or adjacent to, a secured area that affects security;

(iii) Measures used to perform the access control functions required under § 1542.201(b)(1);

(iv) Procedures to control movement within the secured area, including identification media required under § 1542.201(b)(3); and

(v) A description of the notification signs required under § 1542.201(b)(6).

(4) A description of the AOA, including—

(i) A description and map detailing boundaries, and pertinent features;

(ii) Each activity or entity on, or adjacent to, an AOA that affects security;

(iii) Measures used to perform the access control functions required under § 1542.203(b)(1);

(iv) Measures to control movement within the AOA, including identification media as appropriate; and

(v) A description of the notification signs required under § 1542.203(b)(4).

(5) A description of the SIDA's, including—

(i) A description and map detailing boundaries and pertinent features; and

(ii) Each activity or entity on, or adjacent to, a SIDA.

(6) A description of the sterile areas, including—

(i) A diagram with dimensions detailing boundaries and pertinent features;

(ii) Access controls to be used when the passenger-screening checkpoint is non-operational and the entity responsible for that access control; and

(iii) Measures used to control access as specified in § 1542.207.

(7) Procedures used to comply with § 1542.209 regarding fingerprint-based criminal history records checks.

(8) A description of the personnel identification systems as described in § 1542.211.

(9) Escort procedures in accordance with § 1542.211(e).

(10) Challenge procedures in accordance with § 1542.211(d).

(11) Training programs required under §§ 1542.213 and 1542.217(c)(2), if applicable.

(12) A description of law enforcement support used to comply with § 1542.215(a).

(13) A system for maintaining the records described in § 1542.221.

(14) The procedures and a description of facilities and equipment used to support TSA inspection of individuals and property, and aircraft operator or foreign air carrier screening functions of parts 1544 and 1546 of this chapter.

(15) A contingency plan required under § 1542.301.

(16) Procedures for the distribution, storage, and disposal of security programs, Security Directives, Information Circulars, implementing instructions, and, as appropriate, classified information.

(17) Procedures for posting of public advisories as specified in § 1542.305.

(18) Incident management procedures used to comply with § 1542.307.

(19) Alternate security procedures, if any, that the airport operator intends to use in the event of natural disasters, and other emergency or unusual conditions.

(20) Each exclusive area agreement as specified in § 1542.111.

(21) Each airport tenant security program as specified in § 1542.113.

(b) Supporting program. Except as otherwise approved by TSA, each airport regularly serving operations of an aircraft operator or foreign air carrier described in § 1544.101(a)(2) or (f), or § 1546.101(b) or (c) of this chapter, must include in its security program a description of the following:

(1) Name, means of contact, duties, and training requirements of the ASC, as required under § 1542.3.

(2) A description of the law enforcement support used to comply with § 1542.215(a).

(3) Training program for law enforcement personnel required under § 1542.217(c)(2), if applicable.

(4) A system for maintaining the records described in § 1542.221.

(5) The contingency plan required under § 1542.301.

(6) Procedures for the distribution, storage, and disposal of security programs, Security Directives, Information Circulars, implementing instructions, and, as appropriate, classified information.

(7) Procedures for public advisories as specified in § 1542.305.

(8) Incident management procedures used to comply with § 1542.307.

(c) Partial program. Except as otherwise approved by TSA, each airport regularly serving operations of an aircraft operator or foreign air carrier described in § 1544.101(b) or § 1546.101(d) of this chapter, must include in its security program a description of the following:

(1) Name, means of contact, duties, and training requirements of the ASC as required under § 1542.3.

(2) A description of the law enforcement support used to comply with § 1542.215(b).

(3) Training program for law enforcement personnel required under § 1542.217(c)(2), if applicable.

(4) A system for maintaining the records described in § 1542.221.

(5) Procedures for the distribution, storage, and disposal of security programs, Security Directives, Information Circulars, implementing instructions, and, as appropriate, classified information.

(6) Procedures for public advisories as specified in § 1542.305.

(7) Incident management procedures used to comply with § 1542.307.

(d) Use of appendices. The airport operator may comply with paragraphs (a), (b), and (c) of this section by including in its security program, as an appendix, any document that contains the information required by paragraphs (a), (b), and (c) of this section. The appendix must be referenced in the corresponding section(s) of the security program.

(a) Initial approval of security program. Unless otherwise authorized by the designated official, each airport operator required to have a security program under this part must submit its initial proposed security program to the designated official for approval at least 90 days before the date any aircraft operator or foreign air carrier required to have a security program under part 1544 or part 1546 of this chapter is expected to begin operations. Such requests will be processed as follows:

(1) The designated official, within 30 days after receiving the proposed security program, will either approve the program or give the airport operator written notice to modify the program to comply with the applicable requirements of this part.

(2) The airport operator may either submit a modified security program to the designated official for approval, or petition the Administrator to reconsider the notice to modify within 30 days of receiving a notice to modify. A petition for reconsideration must be filed with the designated official.

(3) The designated official, upon receipt of a petition for reconsideration, either amends or withdraws the notice, or transmits the petition, together with any pertinent information, to the Administrator for reconsideration. The Administrator disposes of the petition within 30 days of receipt by either directing the designated official to withdraw or amend the notice to modify, or by affirming the notice to modify.

(b) Amendment requested by an airport operator. Except as provided in § 1542.103(c), an airport operator may submit a request to the designated official to amend its security program, as follows:

(1) The request for an amendment must be filed with the designated official at least 45 days before the date it proposes for the amendment to become effective, unless a shorter period is allowed by the designated official.

(2) Within 30 days after receiving a proposed amendment, the designated official, in writing, either approves or denies the request to amend.

(3) An amendment to a security program may be approved if the designated official determines that safety and the public interest will allow it, and the proposed amendment provides the level of security required under this part.

(4) Within 30 days after receiving a denial, the airport operator may petition the Administrator to reconsider the denial.

(5) Upon receipt of a petition for reconsideration, the designated official either approves the request to amend or transmits the petition within 30 days of receipt, together with any pertinent information, to the Administrator for reconsideration. The Administrator disposes of the petition within 30 days of receipt by either directing the designated official to approve the amendment or affirming the denial.

(c) Amendment by TSA. If safety and the public interest require an amendment, the designated official may amend a security program as follows:

(1) The designated official sends to the airport operator a notice, in writing, of the proposed amendment, fixing a period of not less than 30 days within which the airport operator may submit written information, views, and arguments on the amendment.

(2) After considering all relevant material, the designated official notifies the airport operator of any amendment adopted or rescinds the notice. If the amendment is adopted, it becomes effective not less than 30 days after the airport operator receives the notice of amendment, unless the airport operator petitions the Administrator to reconsider no later than 15 days before the effective date of the amendment. The airport operator must send the petition for reconsideration to the designated official. A timely petition for reconsideration stays the effective date of the amendment.

(3) Upon receipt of a petition for reconsideration, the designated official either amends or withdraws the notice, or transmits the petition, together with any pertinent information to the Administrator for reconsideration. The Administrator disposes of the petition within 30 days of receipt by either directing the designated official to withdraw or amend the amendment, or by affirming the amendment.

(d) Emergency amendments. Notwithstanding paragraph (c) of this section, if the designated official finds that there is an emergency requiring immediate action with respect to safety and security in air transportation or in air commerce that makes procedures in this section contrary to the public interest, the designated official may issue an amendment, effective without stay on the date the airport operator receives the notice of it. In such a case, the designated official must incorporate in the notice a brief statement of the reasons and findings for the amendment to be adopted. The airport operator may file a petition for reconsideration under paragraph (c) of this section; however, this does not stay the effective date of the emergency amendment.

(a) After approval of the security program, each airport operator must notify TSA when changes have occurred to the—

(1) Measures, training, area descriptions, or staffing, described in the security program;

(2) Operations of an aircraft operator or foreign air carrier that would require modifications to the security program as required under § 1542.103; or

(3) Layout or physical structure of any area under the control of the airport operator, airport tenant, aircraft operator, or foreign air carrier used to support the screening process, access, presence, or movement control functions required under part 1542, 1544, or 1546 of this chapter.

(b) Each airport operator must notify TSA no more than 6 hours after the discovery of any changed condition described in paragraph (a) of this section, or within the time specified in its security program, of the discovery of any changed condition described in paragraph (a) of this section. The airport operator must inform TSA of each interim measure being taken to maintain adequate security until an appropriate amendment to the security program is approved. Each interim measure must be acceptable to TSA.

(c) For changed conditions expected to be less than 60 days duration, each airport operator must forward the information required in paragraph (b) of this section in writing to TSA within 72 hours of the original notification of the change condition(s). TSA will notify the airport operator of the disposition of the notification in writing. If approved by TSA, this written notification becomes a part of the airport security program for the duration of the changed condition(s).

(d) For changed conditions expected to be 60 days or more duration, each airport operator must forward the information required in paragraph (b) of this section in the form of a proposed amendment to the airport operator's security program, as required under § 1542.105. The request for an amendment must be made within 30 days of the discovery of the changed condition(s). TSA will respond to the request in accordance with § 1542.105.

If in TSA's judgment, the overall safety and security of the airport, and aircraft operator or foreign air carrier operations are not diminished, TSA may approve a security program that provides for the use of alternate measures. Such a program may be considered only for an operator of an airport at which service by aircraft operators or foreign air carriers under part 1544 or 1546 of this chapter is determined by TSA to be seasonal or infrequent.

(a) TSA may approve an amendment to an airport security program under which an aircraft operator or foreign air carrier that has a security program under part 1544 or 1546 of this chapter assumes responsibility for specified security measures for all or portions of the secured area, AOA, or SIDA, including access points, as provided in § 1542.201, § 1542.203, or § 1542.205. The assumption of responsibility must be exclusive to one aircraft operator or foreign air carrier, and shared responsibility among aircraft operators or foreign air carriers is not permitted for an exclusive area.

(b) An exclusive area agreement must be in writing, signed by the airport operator and aircraft operator or foreign air carrier, and maintained in the airport security program. This agreement must contain the following:

(1) A description, a map, and, where appropriate, a diagram of the boundaries and pertinent features of each area, including individual access points, over which the aircraft operator or foreign air carrier will exercise exclusive security responsibility.

(2) A description of the measures used by the aircraft operator or foreign air carrier to comply with § 1542.201, § 1542.203, or § 1542.205, as appropriate.

(3) Procedures by which the aircraft operator or foreign air carrier will immediately notify the airport operator and provide for alternative security measures when there are changed conditions as described in § 1542.103(a).

(c) Any exclusive area agreements in effect on November 14, 2001, must meet the requirements of this section and § 1544.227 no later than November 14, 2002.

(a) TSA may approve an airport tenant security program as follows:

(1) The tenant must assume responsibility for specified security measures of the secured area, AOA, or SIDA as provided in §§ 1542.201, 1542.203, and 1542.205.

(2) The tenant may not assume responsibility for law enforcement support under § 1542.215.

(3) The tenant must assume the responsibility within the tenant's leased areas or areas designated for the tenant's exclusive use. A tenant may not assume responsibility under a tenant security program for the airport passenger terminal.

(4) Responsibility must be exclusive to one tenant, and shared responsibility among tenants is not permitted.

(5) TSA must find that the tenant is able and willing to carry out the airport tenant security program.

(b) An airport tenant security program must be in writing, signed by the airport operator and the airport tenant, and maintained in the airport security program. The airport tenant security program must include the following:

(1) A description and a map of the boundaries and pertinent features of each area over which the airport tenant will exercise security responsibilities.

(2) A description of the measures the airport tenant has assumed.

(3) Measures by which the airport operator will monitor and audit the tenant's compliance with the security program.

(4) Monetary and other penalties to which the tenant may be subject if it fails to carry out the airport tenant security program.

(5) Circumstances under which the airport operator will terminate the airport tenant security program for cause.

(6) A provision acknowledging that the tenant is subject to inspection by TSA in accordance with § 1542.5.

(7) A provision acknowledging that individuals who carry out the tenant security program are contracted to or acting for the airport operator and are required to protect sensitive information in accordance with part 1520 of this chapter, and may be subject to civil penalties for failing to protect sensitive security information.

(8) Procedures by which the tenant will immediately notify the airport operator of and provide for alternative security measures for changed conditions as described in § 1542.103(a).

(c) If TSA has approved an airport tenant security program, the airport operator may not be found to be in violation of a requirement of this part in any case in which the airport operator demonstrates that:

(1) The tenant or an employee, permittee, or invitee of the tenant, is responsible for such violation; and

(2) The airport operator has complied with all measures in its security program to ensure the tenant has complied with the airport tenant security program.

(d) TSA may amend or terminate an airport tenant security program in accordance with § 1542.105.