Chemical-terrorism Vulnerability Information (CVI) is the information protection regime administered under the Chemical Facility Anti-Terrorism Standards (CFATS) regulation to ensure information chemical facilities provide to the Department is protected from public disclosure or misuse. Accordingly, the Department expects individuals in possession of CVI to safeguard it with equal care.
For access to CVI—which includes having a need to know and obtaining an Authorized User number—visit the CVI training page. Only CVI Authorized Users can access CFATS-related documents housed in the portal.
The CVI Procedures Manual provides guidance to anyone authorized to possess, disclose, or receive CVI on how to ensure sensitive information about the Nation's high-risk chemical facilities is safeguarded.
The Homeland Security Appropriations Act of 2007, Pub. L. No. 109-295 directed the Department to protect any information developed or submitted under Section 550 of the Act from inappropriate public disclosure. This includes information that is developed and/or submitted to DHS under the CFATS regulation (6 CFR Part 27). In 2014, Congress reauthorized and amended CFATS through the Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014, Pub. L. No. 113-254.
A covered person is an individual who has a need to know CVI or someone who gains access to what they know to be or reasonably know to constitute CVI.
The following information (whether written, verbal, electronic, digital, or otherwise) is is specified in 6 CFR § 27.400(b)(1) to (9) as CVI:
- Security Vulnerability Assessments under 6 CFR § 27.215
- Site Security Plans under 6 CFR § 27.225
- Documents relating to the Department's review and approval of SVA and SSP, including Letters of Authorization, Letters of Approval, and responses thereto; written notices; and other documents developed pursuant to 6 CFR §§ 27.240 or 27.245
- Alternative Security Programs under 6 CFR § 27.235
- Documents relating to inspections or audits under 6 CFR § 27.250
- Any records required to be created or retained by a covered facility under 6 CFR § 27.255
- Sensitive portions of orders, notices or letters under 6 CFR § 27.300
- Information developed pursuant to 6 CFR §§ 27.200 or 27.205 (such as the CSAT Top-Screen and the determination by the Assistant Secretary that a chemical facility presents a high level of security risk)
- Other information developed for chemical facility security purposes that the Secretary, in his discretion, determines is similar to the information protected in 6 CFR § 27.400(b)(1) through (8)
The process for a facility to seek designation of CVI under 6 CFR § 27.400(b)(9) is described in Section 5.3 of the Revised CVI Procedures Manual.
Materials containing CVI must be appropriately designated and withheld from public disclosure. CVI must also be physically controlled and protected. The protections include:
- Storage of CVI
- Marking of CVI
- Transmission of CVI
- Responsibilities when in transit with CVI
- Destruction of CVI
Use the CVI cover sheet to help safeguard CVI from unauthorized or inadvertent disclosure by placing it on the front and back of transmittal letters, reports, or documents.
Access to and/or disclosure of CVI is based on the following general principles:
- Except in exigent or emergency circumstances, CVI may only be disclosed to CVI Authorized Users with a need to know.
- A need to know should be assessed on a case-by-case basis (typically including an individualized assessment of the documents involved).
- A covered person in possession of CVI should take reasonable steps to confirm that any individual seeking access to CVI is a CVI Authorized User and has a need to know.
DHS provides each CVI Authorized User with a unique identification number. Before sharing CVI, ask for this number. You can contact the CSAT Help Desk at 866-323-2957 to confirm a person's CVI Authorized User status.
If you have questions, call the CFATS Help Desk at 866-323-2957 Monday through Friday (except federal holidays) from 8:30 a.m. to 5 p.m. (ET), or email CSAT@hq.dhs.gov.