The Chemical Facility Anti-Terrorism Standards (CFATS) program requires a facility that is determined to be high-risk to develop and implement security measures that meet applicable risk-based performance standards (RBPS) for securing chemicals of interest (COI).
Both Section 550 of the Homeland Security Appropriations Act of 2007, Pub. L. No. 109-295 § 550 (2006), and CFATS, 6 CFR Part 27, provide authority for the Department of Homeland Security (DHS) to conduct authorization inspections. Specifically, 6 CFR § 27.250(a) provides authority for the Department to enter, inspect, and audit the property, equipment, operations, and records of CFATS covered facilities.
The Department has the authority to issue an enforcement action to a chemical facility found to be in violation of CFATS. Compliance failures are divided into several categories:
- Failure to File Violations
- Site Security Plan (SSP)/Alternative Security Program (ASP) Deficiencies (generally found during the authorization and approval process) and/or SSP/ASP Infractions (generally found during Compliance Inspections)
- Chemical-terrorism Vulnerability Information (CVI) Violations.
Required Security Standards for High-Risk Facilities
The CFATS program identifies and regulates high-risk chemical facilities to ensure they have the security measures in place to reduce the risks of terrorist attack or exploitation associated with more than 300 chemicals of interest (COI) listed in Appendix A. If held in specified quantities and/or concentrations, these chemicals trigger reporting requirements and facilities must submit a survey, known as a Top-Screen, through the Chemical Security Assessment Tool (CSAT) 2.0 in order to determine if a facility is high risk. A facility must submit a Top-Screen within 60 days of coming into possession of a COI.
Using the information from the Top-Screen, facilities are then ranked into four tiers, with Tier 1 representing the highest risk. (Learn more about the risk tiering methodology.) Based on their tier, facilities must develop and implement performance-based security standards appropriate to the risk they pose. These security measures are detailed in a Site Security Plan (SSP) or an Alternative Security Program (ASP) the facility submits to CFATS for approval. Once approved, a facility is subject to compliance inspections to ensure it continues to meet the required security standards.
Failure to Meet Required Security Standards
Failure to comply with the regulation may subject a facility to a civil penalty. The CFATS Penalty Policy outlines the policies and procedures that the Department’s Infrastructure Security Compliance Division (ISCD) follows to issue an Administrative Order (A Order) and an Order Assessing Civil Penalty (otherwise known as a B Order) to a chemical facility found to be in violation of CFATS (6 CFR Part 27) and the Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014 (CFATS Act of 2014), Pub. L. No. 113-254, (6 USC § 621, et seq.). Both A Orders and B Orders may be appealed pursuant to the procedures set forth in 6 CFR Part 27 Subpart C.
For further information, please refer to:
- Policy for Assessing Civil Penalties Under the Chemical Facility Anti-Terrorism Standards
- The Penalty Policy Overview Fact Sheet
For more information about the CFATS program or questions regarding the CFATS Penalty Policy, please contact CFATS@hq.dhs.gov.