The CFATS Expedited Approval Program (EAP) is an option Tier 3 and Tier 4 high-risk chemical facilities can choose to submit a Site Security Plan (SSP) and certification. SSPs submitted through the EAP for approval to DHS bypass the Authorization and Authorization Inspection step in the CFATS process and enter straight into the CFATS regulatory cycle.
The Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014 (“CFATS Act of 2014”) Public Law 113-254 (6 U.S.C. § 621, et seq.), established an Expedited Approval Program (EAP) and directed DHS to issue prescriptive guidance that “identifies specific security measures that are sufficient to meet the risk-based performance standards” for facilities that choose to submit an SSP pursuant to the EAP. See 6 U.S.C § 622(c)(4)(B)(i).
Along with the EAP SSP, the facility must submit a certification that, among other requirements listed in 6 U.S.C. § 622(c)(4)(C), certifies the owner or operator has visited, examined, documented, and verified that the facility meets the criteria in the SSP.
DHS Guidance for EAP
The DHS Guidance for the Expedited Approval Program was specifically developed to meet the requirements of 6 U.S.C. § 622(c)(4)(B). The Guidance provides Tier 3 and 4 chemical facilities with a better understanding of security measures that could be used to meet the CFATS Risk-Based Performance Standards (RBPS), and helps identify and select processes, measures, and activities they may choose to implement in order to secure and monitor their facility. The prescriptive measures contained in the Guidance are intended to apply specifically to facilities that elect to participate in the EAP.
Note: The security posture of facilities submitting a security plan (SSP or Alternative Security Program (ASP)) through the regular, non-prescriptive CFATS process will continue to be evaluated against the RBPS in a holistic fashion.
- Read or download the DHS Guidance for the Expedited Approval Program
Certification Under Penalty of Perjury
The certification is a document that is signed under penalty of perjury by the owner or operator of an expedited approval facility, and submitted with the EAP SSP, that certifies compliance with all of the requirements contained in 6 U.S.C. § 622(c)(4)(C).
Participation in the EAP
A facility that elects to submit an SSP under the EAP must notify DHS of its intention to do so at least 30 days prior to submitting the SSP and certification via the Department’s Chemical Security Assessment Tool (CSAT) system, or via a letter sent to:
Director, Infrastructure Security Compliance Division
Office of Infrastructure Protection
Department of Homeland Security
Mail Stop 0610
245 Murray Lane
Washington, D.C. 20528
All Tier 3 and Tier 4 facilities that choose to use the EAP to submit an SSP must include security measures which cover all of the RBPS. The security measures within the EAP SSP must either be existing security measures or planned measures, with a clear timeline for implementation not to exceed twelve (12) months from date of the approval. See 6 U.S.C. § 622(c)(4)(C)(v).
If a facility uses a security measure that materially deviates from a measure specified in the Guidance, then the facility’s SSP must identify the deviation for the specific security measure and explain how the new measure meets the relevant RBPS. See 6 U.S.C. § 622(c)(4)(B)(ii).
For further questions about the EAP, please contact CFATS@hq.dhs.gov.