View all text of Subchapter XVI [§ 621 - § 629]
§ 622. Chemical Facility Anti-Terrorism Standards Program
(a) Program established
(1) In general
(2) RequirementsIn carrying out the Chemical Facility Anti-Terrorism Standards Program, the Secretary shall—
(A) identify—
(i) chemical facilities of interest; and
(ii) covered chemical facilities;
(B) require each chemical facility of interest to submit a Top-Screen and any other information the Secretary determines necessary to enable the Department to assess the security risks associated with the facility;
(C) establish risk-based performance standards designed to address high levels of security risk at covered chemical facilities; and
(D) require each covered chemical facility to—
(i) submit a security vulnerability assessment; and
(ii) develop, submit, and implement a site security plan.
(b) Security measures
(1) In general
(2) Employee input
(c) Approval or disapproval of site security plans
(1) In general
(A) Review
(B) Bases for disapprovalThe Secretary—
(i) may not disapprove a site security plan based on the presence or absence of a particular security measure; and
(ii) shall disapprove a site security plan if the plan fails to satisfy the risk-based performance standards established pursuant to subsection (a)(2)(C).
(2) Alternative security programs
(A) Authority to approve
(i) In general
(ii) Additional security measures
(B) Satisfaction of site security plan requirementA covered chemical facility may satisfy the site security plan requirement under subsection (a) by adopting an alternative security program that the Secretary has—
(i) reviewed and approved under subparagraph (A); and
(ii) determined to be appropriate for the operations and security concerns of the covered chemical facility.
(3) Site security plan assessments
(A) Risk assessment policies and procedures
(B) Previously approved plans
(4) Expedited approval program
(A) In generalA covered chemical facility assigned to tier 3 or 4 may meet the requirement to develop and submit a site security plan under subsection (a)(2)(D) by developing and submitting to the Secretary—
(i) a site security plan and the certification described in subparagraph (C); or
(ii) a site security plan in conformance with a template authorized under subparagraph (H).
(B) Guidance for expedited approval facilities
(i) In general
(ii) Material deviation from guidance
(iii) Applicability of other laws to development and issuance of initial guidanceDuring the period before the Secretary has met the deadline under clause (i), in developing and issuing, or amending, the guidance for expedited approval facilities under this subparagraph and in collecting information from expedited approval facilities, the Secretary shall not be subject to—(I)section 553 of title 5;(II) subchapter I of chapter 35 of title 44; or(III)section 627(b) of this title.
(C) CertificationThe owner or operator of an expedited approval facility shall submit to the Secretary a certification, signed under penalty of perjury, that—
(i) the owner or operator is familiar with the requirements of this subchapter and part 27 of title 6, Code of Federal Regulations, or any successor thereto, and the site security plan being submitted;
(ii) the site security plan includes the security measures required by subsection (b);
(iii)(I) the security measures in the site security plan do not materially deviate from the guidance for expedited approval facilities except where indicated in the site security plan;(II) any deviations from the guidance for expedited approval facilities in the site security plan meet the risk-based performance standards for the tier to which the facility is assigned; and(III) the owner or operator has provided an explanation of how the site security plan meets the risk-based performance standards for any material deviation;
(iv) the owner or operator has visited, examined, documented, and verified that the expedited approval facility meets the criteria set forth in the site security plan;
(v) the expedited approval facility has implemented all of the required performance measures outlined in the site security plan or set out planned measures that will be implemented within a reasonable time period stated in the site security plan;
(vi) each individual responsible for implementing the site security plan has been made aware of the requirements relevant to the individual’s responsibility contained in the site security plan and has demonstrated competency to carry out those requirements;
(vii) the owner or operator has committed, or, in the case of planned measures will commit, the necessary resources to fully implement the site security plan; and
(viii) the planned measures include an adequate procedure for addressing events beyond the control of the owner or operator in implementing any planned measures.
(D) Deadline
(i) In general
(ii) DateThe date described in this clause is—(I) for an expedited approval facility that was assigned to tier 3 or 4 under existing CFATS regulations before December 18, 2014, the date that is 210 days after December 18, 2014; and(II) for any expedited approval facility not described in subclause (I), the later of—(aa) the date on which the expedited approval facility is assigned to tier 3 or 4 under subsection (e)(2)(A); or(bb) the date that is 210 days after December 18, 2014.
(iii) Notice
(E) Compliance
(i) In generalFor an expedited approval facility submitting a site security plan and certification in accordance with subparagraphs (A), (B), (C), and (D)—(I) the expedited approval facility shall comply with all of the requirements of its site security plan; and(II) the Secretary—(aa) except as provided in subparagraph (G), may not disapprove the site security plan; and(bb) may audit and inspect the expedited approval facility under subsection (d) to verify compliance with its site security plan.
(ii) Noncompliance
(F) Amendments to site security plan
(i) Requirement(I) In general(II) Technical amendments
(ii) Amendment requiredThe owner or operator of an expedited approval facility shall amend the site security plan if—(I) there is a change in the design, construction, operation, or maintenance of the expedited approval facility that affects the site security plan;(II) the Secretary requires additional security measures or suspends a certification and recommends additional security measures under subparagraph (G); or(III) the owner or operator receives notice from the Secretary of a change in tiering under subsection (e)(3).
(iii) DeadlineAn amended site security plan and certification shall be submitted under clause (i)—(I) in the case of a change in design, construction, operation, or maintenance of the expedited approval facility that affects the security plan, not later than 120 days after the date on which the change in design, construction, operation, or maintenance occurred;(II) in the case of the Secretary requiring additional security measures or suspending a certification and recommending additional security measures under subparagraph (G), not later than 120 days after the date on which the owner or operator receives notice of the requirement for additional security measures or suspension of the certification and recommendation of additional security measures; and(III) in the case of a change in tiering, not later than 120 days after the date on which the owner or operator receives notice under subsection (e)(3).
(G) Facially deficient site security plans
(i) ProhibitionNotwithstanding subparagraph (A) or (E), the Secretary may suspend the authority of a covered chemical facility to certify a site security plan if the Secretary—(I) determines the certified site security plan or an amended site security plan is facially deficient; and(II) not later than 100 days after the date on which the Secretary receives the site security plan and certification, provides the covered chemical facility with written notification that the site security plan is facially deficient, including a clear explanation of each deficiency in the site security plan.
(ii) Additional security measures(I) In generalIf, during or after a compliance inspection of an expedited approval facility, the Secretary determines that planned or implemented security measures in the site security plan of the facility are insufficient to meet the risk-based performance standards based on misrepresentation, omission, or an inadequate description of the site, the Secretary may—(aa) require additional security measures; or(bb) suspend the certification of the facility.(II) Recommendation of additional security measuresIf the Secretary suspends the certification of an expedited approval facility under subclause (I), the Secretary shall—(aa) recommend specific additional security measures that, if made part of the site security plan by the facility, would enable the Secretary to approve the site security plan; and(bb) provide the facility an opportunity to submit a new or modified site security plan and certification under subparagraph (A).(III) Submission; reviewIf an expedited approval facility determines to submit a new or modified site security plan and certification as authorized under subclause (II)(bb)—(aa) not later than 90 days after the date on which the facility receives recommendations under subclause (II)(aa), the facility shall submit the new or modified plan and certification; and(bb) not later than 45 days after the date on which the Secretary receives the new or modified plan under item (aa), the Secretary shall review the plan and determine whether the plan is facially deficient.(IV) Determination not to include additional security measures(aa) Revocation of certification(bb) Effect of revocationIf the Secretary revokes the certification of an expedited approval facility under item (aa) by issuing an order under section 624(a)(1)(B) of this title—(AA) the order shall require the owner or operator of the facility to submit a site security plan or alternative security program for review by the Secretary review 1
1 So in original.
under subsection (c)(1); and(BB) the facility shall no longer be eligible to certify a site security plan under this paragraph.(V) Facial deficiencyIf the Secretary determines that a new or modified site security plan submitted by an expedited approval facility under subclause (III) is facially deficient—(aa) not later than 120 days after the date of the determination, the owner or operator of the facility shall submit a site security plan or alternative security program for review by the Secretary under subsection (c)(1); and(bb) the facility shall no longer be eligible to certify a site security plan under this paragraph.(H) Templates
(i) In general
(ii) Applicability of other laws to development and issuance of initial site security plan templates and related guidanceDuring the period before the Secretary has met the deadline under subparagraph (B)(i),2
2 So in original. Probably should be “(D)(i),”.
in developing and issuing, or amending, the site security plan templates under this subparagraph, in issuing guidance for implementation of the templates, and in collecting information from expedited approval facilities, the Secretary shall not be subject to—(I)section 553 of title 5;(II) subchapter I of chapter 35 of title 44; or(III)section 627(b) of this title.(iii) Rule of construction
(I) Evaluation
(i) In general
(ii) ReportNot later than 18 months after December 18, 2014, the Secretary shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security and the Committee on Energy and Commerce of the House of Representatives a report that contains—(I)(aa) the number of eligible facilities using the expedited approval program authorized under this paragraph; and(bb) the number of facilities that are eligible for the expedited approval program but are using the standard process for developing and submitting a site security plan under subsection (a)(2)(D);(II) any costs and efficiencies associated with the expedited approval program;(III) the impact of the expedited approval program on the backlog for site security plan approval and authorization inspections;(IV) an assessment of the ability of expedited approval facilities to submit facially sufficient site security plans;(V) an assessment of any impact of the expedited approval program on the security of chemical facilities; and(VI) a recommendation by the Secretary on the frequency of compliance inspections that may be required for expedited approval facilities.
(d) Compliance
(1) Audits and inspections
(A) DefinitionsIn this paragraph—
(i) the term “nondepartmental”—(I) with respect to personnel, means personnel that is not employed by the Department; and(II) with respect to an entity, means an entity that is not a component or other authority of the Department; and
(ii) the term “nongovernmental”—(I) with respect to personnel, means personnel that is not employed by the Federal Government; and(II) with respect to an entity, means an entity that is not an agency, department, or other authority of the Federal Government.
(B) Authority to conduct audits and inspectionsThe Secretary shall conduct audits or inspections under this subchapter using—
(i) employees of the Department;
(ii) nondepartmental or nongovernmental personnel approved by the Secretary; or
(iii) a combination of individuals described in clauses (i) and (ii).
(C) Support personnel
(D) Reporting structure
(i) Nondepartmental and nongovernmental audits and inspections
(ii) Requirement to report
(iii) Approval
(E) Standards for auditors and inspectorsThe Secretary shall prescribe standards for the training and retraining of each individual used by the Department as an auditor or inspector, including each individual employed by the Department and all nondepartmental or nongovernmental personnel, including—
(i) minimum training requirements for new auditors and inspectors;
(ii) retraining requirements;
(iii) minimum education and experience levels;
(iv) the submission of information as required by the Secretary to enable determination of whether the auditor or inspector has a conflict of interest;
(v) the proper certification or certifications necessary to handle chemical-terrorism vulnerability information (as defined in section 27.105 of title 6, Code of Federal Regulations, or any successor thereto);
(vi) the reporting of any issue of non-compliance with this section to the Secretary within 24 hours; and
(vii) any additional qualifications for fitness of duty as the Secretary may require.
(F) Conditions for nongovernmental auditors and inspectorsIf the Secretary arranges for an audit or inspection under subparagraph (B) to be carried out by a nongovernmental entity, the Secretary shall—
(i) prescribe standards for the qualification of the individuals who carry out such audits and inspections that are commensurate with the standards for similar Government auditors or inspectors; and
(ii) ensure that any duties carried out by a nongovernmental entity are not inherently governmental functions.
(2) Personnel surety
(A) Personnel surety programFor purposes of this subchapter, the Secretary shall establish and carry out a Personnel Surety Program that—
(i) does not require an owner or operator of a covered chemical facility that voluntarily participates in the program to submit information about an individual more than 1 time;
(ii) provides a participating owner or operator of a covered chemical facility with relevant information about an individual based on vetting the individual against the terrorist screening database, to the extent that such feedback is necessary for the facility to be in compliance with regulations promulgated under this subchapter; and
(iii) provides redress to an individual—(I) whose information was vetted against the terrorist screening database under the program; and(II) who believes that the personally identifiable information submitted to the Department for such vetting by a covered chemical facility, or its designated representative, was inaccurate.
(B) Personnel surety program implementationTo the extent that a risk-based performance standard established under subsection (a) requires identifying individuals with ties to terrorism—
(i) a covered chemical facility—(I) may satisfy its obligation under the standard by using any Federal screening program that periodically vets individuals against the terrorist screening database, or any successor program, including the Personnel Surety Program established under subparagraph (A); and(II) shall—(aa) accept a credential from a Federal screening program described in subclause (I) if an individual who is required to be screened presents such a credential; and(bb) address in its site security plan or alternative security program the measures it will take to verify that a credential or documentation from a Federal screening program described in subclause (I) is current;
(ii) visual inspection shall be sufficient to meet the requirement under clause (i)(II)(bb), but the facility should consider other means of verification, consistent with the facility’s assessment of the threat posed by acceptance of such credentials; and
(iii) the Secretary may not require a covered chemical facility to submit any information about an individual unless the individual—(I) is to be vetted under the Personnel Surety Program; or(II) has been identified as presenting a terrorism security risk.
(C) Rights unaffectedNothing in this section shall supersede the ability—
(i) of a facility to maintain its own policies regarding the access of individuals to restricted areas or critical assets; or
(ii) of an employing facility and a bargaining agent, where applicable, to negotiate as to how the results of a background check may be used by the facility with respect to employment status.
(3) Availability of information
(e) Responsibilities of the Secretary
(1) Identification of chemical facilities of interest
(2) Risk assessment
(A) In general
(B) Criteria for determining security riskThe criteria for determining the security risk of terrorism associated with a covered chemical facility shall take into account—
(i) relevant threat information;
(ii) potential severe economic consequences and the potential loss of human life in the event of the facility being subject to attack, compromise, infiltration, or exploitation by terrorists; and
(iii) vulnerability of the facility to attack, compromise, infiltration, or exploitation by terrorists.
(3) Changes in tiering
(A) Maintenance of recordsThe Secretary shall document the basis for each instance in which—
(i) tiering for a covered chemical facility is changed; or
(ii) a covered chemical facility is determined to no longer be subject to the requirements under this subchapter.
(B) Required information
(4) Semiannual performance reportingNot later than 6 months after December 18, 2014, and not less frequently than once every 6 months thereafter, the Secretary shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security and the Committee on Energy and Commerce of the House of Representatives a report that includes, for the period covered by the report—
(A) the number of covered chemical facilities in the United States;
(B) information—
(i) describing—(I) the number of instances in which the Secretary—(aa) placed a covered chemical facility in a lower risk tier; or(bb) determined that a facility that had previously met the criteria for a covered chemical facility under section 621(3) of this title no longer met the criteria; and(II) the basis, in summary form, for each action or determination under subclause (I); and
(ii) that is provided in a sufficiently anonymized form to ensure that the information does not identify any specific facility or company as the source of the information when viewed alone or in combination with other public information;
(C) the average number of days spent reviewing site security or an alternative security program for a covered chemical facility prior to approval;
(D) the number of covered chemical facilities inspected;
(E) the average number of covered chemical facilities inspected per inspector; and
(F) any other information that the Secretary determines will be helpful to Congress in evaluating the performance of the Chemical Facility Anti-Terrorism Standards Program.
(Pub. L. 107–296, title XXI, § 2102, as added Pub. L. 113–254, § 2(a), Dec. 18, 2014, 128 Stat. 2900; amended Pub. L. 115–278, § 2(g)(8)(A), Nov. 16, 2018, 132 Stat. 4180.)