PUBLICATION

CFATS Risk-Based Performance Standard (RBPS) 8 – Cyber Fact Sheet

Related topics:

CFATS Announcement

As of July 28, 2023, Congress has allowed the statutory authority for the Chemical Facility Anti-Terrorism Standards (CFATS) program (6 CFR Part 27) to expire.

Therefore, CISA cannot enforce compliance with the CFATS regulations at this time. This means that CISA will not require facilities to report their chemicals of interest or submit any information in CSAT, perform inspections, or provide CFATS compliance assistance, amongst other activities. CISA can no longer require facilities to implement their CFATS Site Security Plan or CFATS Alternative Security Program.

CISA encourages facilities to maintain security measures. CISA’s voluntary ChemLock resources are available on the ChemLock webpages.

If CFATS is reauthorized, CISA will follow up with facilities in the future. To reach us, please contact CFATS@hq.dhs.gov.

Under Risk-Based Performance Standard (RBPS) 8 – Cyber, high-risk facilities must have appropriate security policies, practices, and people to prevent, protect, respond to, and recover from cyber sabotage and incidents.

This is a printer-friendly fact sheet with information to help Chemical Facility Anti-Terrorism Standards (CFATS)-covered facilities comply with RBPS 8.