The purpose of this part is to enhance the security of our Nation by furthering the mission of the Department as provided in 6 U.S.C. 111(b)(1) and by lowering the risk posed by certain chemical facilities.
資料由法律人 LawPlayer整理提供·U.S. federal law / curated by LawPlayer from GPO govinfo & eCFR
CHEMICAL FACILITY ANTI-TERRORISM STANDARDS
As used in this part:
A Commercial Grade (ACG) shall refer to any quality or concentration of a chemical of interest offered for commercial sale that a facility uses, stores, manufactures, or ships.
A Placarded Amount (APA) shall refer to the screening threshold quantity (STQ) for a sabotage and contamination chemical of interest, as calculated in accordance with § 27.203(d).
Alternative Security Program or ASP shall mean a third-party or industry organization program, a local authority, State or Federal government program, or any element or aspect thereof, that the Executive Assistant Director has determined meets the requirements of this part and provides for an equivalent level of security to that established by this part.
Associate Director for Chemical Security shall mean the Associate Director for Chemical Security, Infrastructure Security Division, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, or any successors to that position within the Department, or designee.
Chemical Facility or facility shall mean any establishment that possesses or plans to possess, at any relevant point in time, a quantity of a chemical substance determined by the Secretary to be potentially dangerous or that meets other risk-related criteria identified by the Department. As used herein, the term chemical facility or facility shall also refer to the owner or operator of the chemical facility. Where multiple owners and/or operators function within a common infrastructure or within a single fenced area, the Executive Assistant Director may determine that such owners and/or operators constitute a single chemical facility or multiple chemical facilities depending on the circumstances.
Chemical of Interest shall refer to a chemical listed in appendix A to part 27.
Chemical Security Assessment Tool or CSAT shall mean a suite of applications through which the Department will collect and analyze key data from chemical facilities.
Chemical-terrorism Vulnerability Information (CVI) shall mean the information listed in § 27.400(b).
Coordinating Official shall mean the person (or designee(s)) selected by the Executive Assistant Director to ensure that the regulations are implemented in a uniform, impartial, and fair manner.
Covered Facility or Covered Chemical Facility shall mean a chemical facility determined by the Executive Assistant Director to present high levels of security risk, or a facility that the Executive Assistant Director has determined is presumptively high risk under § 27.200.
CUM 100g shall refer to the cumulative STQ of 100 grams for designated Chemical Weapons (CW), located in appendix A to part 27 as the entry for the STQ and Minimum Concentration of certain Theft-CW/CWP chemicals.
Department shall mean the Department of Homeland Security.
Director shall mean the Director of the Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, or any successors to that position within the Department, or designee.
Executive Assistant Director shall mean the Executive Assistant Director for the Infrastructure Security Division, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, any successors to that position within the Department, or designee.
Office of the Chief Counsel shall mean the Office of the Chief Counsel of the Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, or any successors within the Department.
Operator shall mean a person who has responsibility for the daily operations of a facility or facilities subject to this part.
Owner shall mean the person or entity that owns any facility subject to this part.
Present high levels of security risk and high risk shall refer to a chemical facility that, in the discretion of the Secretary of Homeland Security, presents a high risk of significant adverse consequences for human life or health, national security, and/or critical economic assets if subjected to terrorist attack, compromise, infiltration, or exploitation.
Risk profiles shall mean criteria identified by the Executive Assistant Director for determining which chemical facilities will complete the Top-Screen or provide other risk assessment information.
Screening Threshold Quantity or STQ shall mean the quantity of a chemical of interest, upon which the facility's obligation to complete and submit the CSAT Top-Screen is based.
Secretary or Secretary of Homeland Security shall mean the Secretary of the Department of Homeland Security or any person, officer, or entity within the Department to whom the Secretary's authority under 6 U.S.C. 621 et seq. is delegated.
Security Issue shall refer to the type of risks associated with a given chemical. For purposes of this part, there are four main security issues:
(1) Release (including toxic, flammable, and explosive);
(2) Theft and diversion (including chemical weapons and chemical weapons precursors, weapons of mass effect, and explosives and improvised explosive device precursors);
(3) Sabotage and contamination; and
(4) Critical to government mission and national economy.
Terrorist attack or terrorist incident shall mean any incident or attempt that constitutes terrorism or terrorist activity under 6 U.S.C. 101(16) or 18 U.S.C. 2331(5) or 8 U.S.C. 1182(a)(3)(B)(iii), including any incident or attempt that involves or would involve sabotage of chemical facilities or theft, misappropriation, or misuse of a dangerous quantity of chemicals.
Tier shall mean the risk level associated with a covered chemical facility that is assigned to a facility by the Department. For purposes of this part, there are four risk-based tiers, ranging from highest risk at Tier 1 to lowest risk at Tier 4.
Top-Screen shall mean an initial screening process designed by the Executive Assistant Director through which chemical facilities provide information to the Department for use pursuant to § 27.200 of these regulations.
(a) This part applies to chemical facilities and to covered facilities as set out herein; and
(b) This part does not apply to a facility that is excluded as set forth in 6 U.S.C. 621(4):
(1) A facility regulated under the Maritime Transportation Security Act of 2002 (Pub. L. 107-295; 116 Stat. 2064);
(2) A public water system, as that term is defined in 42 U.S.C. 300f;
(3) A Treatment Works, as that term is defined in 33 U.S.C. 1292;
(4) A facility owned or operated by the Department of Defense or the Department of Energy; or
(5) A facility subject to regulation by the Nuclear Regulatory Commission, or by a State that has entered into an agreement with the Nuclear Regulatory Commission under 42 U.S.C. 2021(b) to protect against unauthorized access of any material, activity, or structure licensed by the Nuclear Regulatory Commission.
The Executive Assistant Director may implement this part in a phased manner, selecting certain chemical facilities for expedited initial processes under these regulations and identifying other chemical facilities or types or classes of chemical facilities for other phases of program implementation. The Executive Assistant Director has flexibility to designate particular chemical facilities for specific phases of program implementation based on potential risk or any other factor consistent with this part.
(a) The Executive Assistant Director will designate a Coordinating Official who will be responsible for ensuring that these regulations are implemented in a uniform, impartial, and fair manner.
(b) The Coordinating Official shall provide guidance to covered facilities regarding compliance with this part and shall, as necessary and to the extent that resources permit, be available to consult and to provide technical assistance to an owner or operator who seeks such consultation or assistance.
(c) In order to initiate consultations or seek technical assistance, a covered facility shall submit a written request for consultation or technical assistance to the Coordinating Official or contact the Department in any other manner specified in any subsequent guidance. Requests for consultation or technical guidance do not serve to toll any of the applicable timelines set forth in this part.
(d) If a covered facility modifies its facility, processes, or the types or quantities of materials that it possesses, and believes that such changes may impact the covered facility's obligations under this part, the covered facility may request a consultation with the Coordinating Official as specified in paragraph (c).
If a court finds any portion of this part to have been promulgated without proper authority, the remainder of this part will remain in full effect.
(a) Information to determine security risk. In order to determine the security risk posed by chemical facilities, the Secretary may, at any time, request information from chemical facilities that may reflect potential consequences of or vulnerabilities to a terrorist attack or incident, including questions specifically related to the nature of the business and activities conducted at the facility; information concerning the names, nature, conditions of storage, quantities, volumes, properties, customers, major uses, and other pertinent information about specific chemicals or chemicals meeting a specific criterion; information concerning facilities' security, safety, and emergency response practices, operations, and procedures; information regarding incidents, history, funding, and other matters bearing on the effectiveness of the security, safety, and emergency response programs, and other information as necessary.
(b) Obtaining information from facilities. (1) The Executive Assistant Director may seek the information provided in paragraph (a) of this section by contacting chemical facilities individually or by publishing a notice in the Federal Register seeking information from chemical facilities that meet certain criteria, which the Department will use to determine risk profiles. Through any such individual or Federal Register notification, the Executive Assistant Director may instruct such facilities to complete and submit a Top-Screen process, which may be completed through a secure Department Web site or through other means approved by the Executive Assistant Director.
(2) A facility must complete and submit a Top-Screen in accordance with the schedule provided in § 27.210, the calculation provisions in § 27.203, and the minimum concentration provisions in § 27.204 if it possesses any of the chemicals listed in appendix A to this part at or above the STQ for any applicable Security Issue.
(3) Where the Department requests that a facility complete and submit a Top-Screen, the facility must designate a person who is responsible for the submission of information through the CSAT system and who attests to the accuracy of the information contained in any CSAT submissions. Such submitter must be an officer of the corporation or other person designated by an officer of the corporation and must be domiciled in the United States.
(c) Presumptively High-Risk Facilities. (1) If a chemical facility subject to paragraph (a) or (b) of this section fails to provide information requested or complete the Top-Screen within the time frame provided in § 27.210, the Executive Assistant Director may, after attempting to consult with the facility, reach a preliminary determination, based on the information then available, that the facility presumptively presents a high level of security risk. The Executive Assistant Director shall then issue a notice to the entity of this determination and, if necessary, order the facility to provide information or complete the Top-Screen pursuant to these rules. If the facility then fails to do so, it may be subject to civil penalties pursuant to § 27.300, audit and inspection under § 27.250, or, if appropriate, an order to cease operations under § 27.300.
(2) If the facility deemed “presumptively high risk” pursuant to paragraph (c)(1) of this section completes the Top-Screen, and the Department determines that it does not present a high level of security risk under § 27.205, its status as “presumptively high risk” will terminate, and the Department will issue a notice to the facility to that effect.
(a) General. In calculating whether a facility possesses a chemical of interest that meets the STQ for any security issue, a facility need not include chemicals of interest:
(1) Used as a structural component;
(2) Used as products for routine janitorial maintenance;
(3) Contained in food, drugs, cosmetics, or other personal items used by employees;
(4) In process water or non-contact cooling water as drawn from environment or municipal sources;
(5) In air either as compressed air or as part of combustion;
(6) Contained in articles, as defined in 40 CFR 68.3;
(7) In solid waste (including hazardous waste) regulated under the Resource Conservation and Recovery Act, 42 U.S.C. 6901 et seq., except for the waste described in 40 CFR 261.33; or
(8) In naturally occurring hydrocarbon mixtures prior to entry of the mixture into a natural gas processing plant or a petroleum refining process unit. Naturally occurring hydrocarbon mixtures include condensate, crude oil, field gas, and produced water as defined in 40 CFR 68.3.
(b) Release chemicals —(1) Release-toxic, release-flammable, and release-explosive chemicals. Except as provided in paragraphs (b)(2) and (b)(3), in calculating whether a facility possesses an amount that meets the STQ for release chemicals of interest, the facility shall only include release chemicals of interest:
(i) In a vessel as defined in 40 CFR 68.3, in a underground storage facility, or stored in a magazine as defined in 27 CFR 555.11;
(ii) In transportation containers used for storage not incident to transportation, including transportation containers connected to equipment at a facility for loading or unloading and transportation containers detached from the motive power that delivered the container to the facility;
(iii) Present as process intermediates, by-products, or materials produced incidental to the production of a product if they exist at any given time;
(iv) In natural gas or liquefied natural gas stored in peak shaving facilities; and
(v) In gasoline, diesel, kerosene, or jet fuel (including fuels that have flammability hazard ratings of 1, 2, 3, or 4, as determined by using National Fire Protection Association (NFPA) 704: Standard System for the Identification of the Hazards of Materials for Emergency Response [2007 ed.], which is incorporated by reference at § 27.204(a)(2)), stored in aboveground tank farms, including tank farms that are part of pipeline systems;
(2) Release-toxic, release-flammable, and release-explosive chemicals. Except as provided in paragraph (b)(2)(i), in calculating whether a facility possesses an amount that meets the STQ for release-toxic, release-flammable, and release-explosive chemicals, a facility need not include release-toxic, release-flammable, or release-explosive chemicals of interest that a facility manufactures, processes, or uses in a laboratory at the facility under the supervision of a technically qualified individual as defined in 40 CFR 720.3.
(i) This exemption does not apply to specialty chemical production; manufacture, processing, or use of substances in pilot plant scale operations; or activities, including research and development, involving chemicals of interest conducted outside the laboratory.
(ii) [Reserved]
(3) Propane. In calculating whether a facility possesses an amount that meets the STQ for propane, a facility need not include propane in tanks of 10,000 pounds or less.
(c) Theft and diversion chemicals. In calculating whether a facility possesses an amount of a theft/diversion chemical of interest that meets the STQ, the facility shall only include theft/diversion chemicals of interest in a transportation packaging, as defined in 49 CFR 171.8. Where a theft/diversion-CW chemical is designated by “CUM 100g,” a facility shall total the quantity of all such designated chemicals in its possession to determine whether the facility possesses theft/diversion-CW chemicals that meet or exceed the STQ of 100 grams.
(d) Sabotage and contamination chemicals. A facility meets the STQ for a sabotage/contamination chemical of interest if it ships the chemical and is required to placard the shipment of that chemical pursuant to the provisions of subpart F of 49 CFR part 172.
(a) Release chemicals —(1) Release-toxic chemicals. If a release-toxic chemical of interest is present in a mixture, and the concentration of the chemical is equal to or greater than one percent (1%) by weight, the facility shall count the amount of the chemical of interest in the mixture toward the STQ. If a release-toxic chemical of interest is present in a mixture, and the concentration of the chemical is less than one percent (1%) by weight of the mixture, the facility need not count the amount of that chemical in the mixture in determining whether the facility possesses the STQ. Except for oleum, if the concentration of the chemical of interest in the mixture is one percent (1%) or greater by weight, but the facility can demonstrate that the partial pressure of the regulated substance in the mixture (solution) under handling or storage conditions in any portion of the process is less than 10 millimeters of mercury (mm Hg), the amount of the substance in the mixture in that portion of a vessel need not be considered when determining the STQ. The facility shall document this partial pressure measurement or estimate.
(2) Release-flammable chemicals. If a release-flammable chemical of interest is present in a mixture in a concentration equal to or greater than one percent (1%) by weight of the mixture, and the mixture has a NFPA flammability hazard rating of 4, the facility shall count the entire amount of the mixture toward the STQ. Except as provided in § 27.203(b)(1)(v) for fuels that are stored in aboveground tank farms (including farms that are part of pipeline systems), if a release-flammable chemical of interest is present in a mixture in a concentration equal to or greater than one percent (1%) by weight of the mixture, and the mixture has a NFPA flammability hazard rating of 1, 2, or 3, the facility need not count the mixture toward the STQ. The flammability hazard ratings are defined in NFPA 704: Standard System for the Identification of the Hazards of Materials for Emergency Response [2007 ed.]. The Director of the Federal Register approves the incorporation by reference of this standard in accordance with 5 U.S.C. 552(a) and 1 CFR part 51. You may obtain a copy of the incorporated standard from the NFPA at 1 Batterymarch Park, Quincy, MA 02169-7471 or http://www.nfpa.org. You may inspect a copy of the incorporated standard at the Department of Homeland Security, 1621 Kent Street, 9th Floor, Rosslyn, VA (please call 703-235-0709 to make an appointment), or at the National Archives and Records Administration (NARA). For information on the availability of material at NARA, call 202-741-6030, or go to http://www.archives.gov/federal_register/code_of_federal_regulations/ibr_locations.html. If a release-flammable chemical of interest is present in a mixture, and the concentration of the chemical is less than one percent (1%) by weight, the facility need not count the mixture in determining whether the facility possesses the STQ.
(3) Release-explosive chemicals. For each release-explosive chemical of interest, a facility shall count the total quantity of all commercial grades of the chemical of interest toward the STQ, unless a specific minimum concentration is assigned in the Minimum Concentration column of appendix A to part 27, in which case the facility should count the total quantity of all commercial grades of the chemical at the specified minimum concentration.
(b) Theft and diversion chemicals —(1) Theft/Diversion-Chemical Weapons (CW) and Chemical Weapons Precursors (CWP) chemicals. Where a theft/diversion-CW/CWP chemical of interest is not designated by “CUM 100g” in appendix A, and the chemical is present in a mixture at or above the minimum concentration amount listed in the Minimum Concentration column of appendix A to part 27, the facility shall count the entire amount of the mixture toward the STQ.
(2) Theft/Diversion-Weapon of Mass Effect (WME) chemicals. If a theft/diversion-WME chemical of interest is present in a mixture at or above the minimum concentration amount listed in the Minimum Concentration column of appendix A to part 27, the facility shall count the entire amount of the mixture toward the STQ.
(3) Theft/Diversion-Explosives/Improvised Explosive Device Precursor (EXP/IEDP) chemicals. For each theft/diversion-EXP/IEDP chemical of interest, a facility shall count the total quantity of all commercial grades of the chemical toward the STQ, unless a specific minimum concentration is assigned in the Minimum Concentration column of appendix A to part 27, in which case the facility should count the total quantity of all commercial grades of the chemical at the specified minimum concentration.
(c) Sabotage and contamination chemicals. For each sabotage and contamination chemical of interest, a facility shall count the total quantity of all commercial grades of the chemical toward the STQ.
(a) Initial determination. The Executive Assistant Director may determine at any time that a chemical facility presents a high level of security risk based on any information available (including any information submitted to the Department under § 27.200) that, in the Secretary's discretion, indicates the potential that a terrorist attack involving the facility could result in significant adverse consequences for human life or health, national security, or critical economic assets. Upon determining that a facility presents a high level of security risk, the Department shall notify the facility in writing of such initial determination and may also notify the facility of the Department's preliminary determination of the facility's placement in a risk-based tier pursuant to § 27.220(a).
(b) Redetermination. If a covered facility previously determined to present a high level of security risk has materially altered its operations, it may seek a redetermination by filing a Request for Redetermination with the Executive Assistant Director, and may request a meeting regarding the Request. Within 45 calendar days of receipt of such a Request, or within 45 calendar days of a meeting under this paragraph, the Executive Assistant Director shall notify the covered facility in writing of the Department's decision on the Request for Redetermination.
(a) Initial submission. The time frames in paragraphs (a)(2) and (a)(3) of this section also apply to covered facilities that submit an Alternative Security Program pursuant to § 27.235.
(1) Top-Screen. Facilities shall complete and submit a Top-Screen within the following time frames:
(i) Unless otherwise notified, within 60 calendar days of November 20, 2007 for facilities that possess any of the chemicals listed in appendix A at or above the STQ for any applicable Security Issue, or within 60 calendar days for facilities that come into possession of any of the chemicals listed in appendix A at or above the STQ for any applicable Security Issue; or
(ii) Within the time frame provided in any written notification from the Department or specified in any subsequent Federal Register notice.
(2) Security Vulnerability Assessment. Unless otherwise notified, a covered facility must complete and submit a Security Vulnerability Assessment within 90 calendar days of written notification from the Department or within the time frame specified in any subsequent Federal Register notice.
(3) Site Security Plan. Unless otherwise notified, a covered facility must complete and submit a Site Security Plan within 120 calendar days of written notification from the Department or within the time frame specified in any subsequent Federal Register notice.
(b) Resubmission schedule for covered facilities. The timeframes in this subsection also apply to covered facilities who submit an Alternative Security Program pursuant to § 27.235.
(1) Top-Screen. Unless otherwise notified:
(i) Tier 1 and Tier 2 covered facilities must complete and submit a new Top-Screen no less than two years, and no more than two years and 60 calendar days, from the date of the Department's approval of the facility's most recent Site Security Plan.
(ii) Tier 3 and Tier 4 covered facilities must routinely complete and submit a Top-Screen no less than three years, and no more than three years and 60 calendar days, from the date of the Department's approval of the facility's most recent Site Security Plan.
(2) Security Vulnerability Assessment. Unless otherwise notified and following a Top-Screen resubmission pursuant to paragraph (b)(1) of this section, a covered facility must complete and submit a new Security Vulnerability Assessment within 90 calendar days of written notification from the Department or within the time frame specified in any subsequent Federal Register notice.
(3) Site Security Plan. Unless otherwise notified and following a Security Vulnerability Assessment resubmission pursuant to paragraph (b)(2) of this section, a covered facility must complete and submit a new Site Security Plan within 120 calendar days of written notification from the Department or within the time frame specified in any subsequent Federal Register notice.
(c) The Executive Assistant Director retains the authority to modify the schedule in this part as needed. The Executive Assistant Director may shorten or extend these time periods based on the operations at the facility, the nature of the covered facility's vulnerabilities, the level and immediacy of security risk, or for other reasons. If the Department alters the time periods for a specific facility, the Department will do so in written notice to the facility.
(d) If a covered facility makes material modifications to its operations or site, the covered facility must complete and submit a revised Top-Screen to the Department within 60 days of the material modification. In accordance with the resubmission requirements in § 27.210(b)(2) and (3), the Department will notify the covered facility as to whether the covered facility must submit a revised Security Vulnerability Assessment, Site Security Plan, or both.
(a) Initial assessment. If the Executive Assistant Director determines that a chemical facility is high risk, the facility must complete a Security Vulnerability Assessment. A Security Vulnerability Assessment shall include:
(1) Asset Characterization, which includes the identification and characterization of potential critical assets; identification of hazards and consequences of concern for the facility, its surroundings, its identified critical asset(s), and its supporting infrastructure; and identification of existing layers of protection;
(2) Threat Assessment, which includes a description of possible internal threats, external threats, and internally-assisted threats;
(3) Security Vulnerability Analysis, which includes the identification of potential security vulnerabilities and the identification of existing countermeasures and their level of effectiveness in both reducing identified vulnerabilities and in meeting the applicable risk-based performance standards;
(4) Risk Assessment, including a determination of the relative degree of risk to the facility in terms of the expected effect on each critical asset and the likelihood of a success of an attack; and
(5) Countermeasures Analysis, including strategies that reduce the probability of a successful attack or reduce the probable degree of success, strategies that enhance the degree of risk reduction, the reliability and maintainability of the options, the capabilities and effectiveness of mitigation options, and the feasibility of the options.
(b) Except as provided in § 27.235, a covered facility must complete the Security Vulnerability Assessment through the CSAT process, or through any other methodology or process identified or issued by the Executive Assistant Director.
(c) Covered facilities must submit a Security Vulnerability Assessment to the Department in accordance with the schedule provided in § 27.210.
(d) Updates and revisions. (1) A covered facility must update and revise its Security Vulnerability Assessment in accordance with the schedule provided in § 27.210.
(2) Notwithstanding paragraph (d)(1) of this section, a covered facility must update, revise, or otherwise alter its Security Vulnerability Assessment to account for new or differing modes of potential terrorist attack or for other security-related reasons, if requested by the Executive Assistant Director.
(a) Preliminary determination of risk-based tiering. Based on the information the Department receives in accordance with §§ 27.200 and 27.205 (including information submitted through the Top-Screen process) and following its initial determination in § 27.205(a) that a facility presents a high level of security risk, the Department shall notify a facility of the Department's preliminary determination of the facility's placement in a risk-based tier.
(b) Confirmation or alteration of risk-based tiering. Following review of a covered facility's Security Vulnerability Assessment, the Executive Assistant Director shall notify the covered facility of its final placement within a risk-based tier, or for covered facilities previously notified of a preliminary tiering, confirm or alter such tiering.
(c) The Department shall place covered facilities in one of four risk-based tiers, ranging from highest risk facilities in Tier 1 to lowest risk facilities in Tier 4.
(d) The Executive Assistant Director may provide the facility with guidance regarding the risk-based performance standards and any other necessary guidance materials applicable to its assigned tier.
(a) The Site Security Plan must meet the following standards:
(1) Address each vulnerability identified in the facility's Security Vulnerability Assessment, and identify and describe the security measures to address each such vulnerability;
(2) Identify and describe how security measures selected by the facility will address the applicable risk-based performance standards and potential modes of terrorist attack including, as applicable, vehicle-borne explosive devices, water-borne explosive devices, ground assault, or other modes or potential modes identified by the Department;
(3) Identify and describe how security measures selected and utilized by the facility will meet or exceed each applicable performance standard for the appropriate risk-based tier for the facility; and
(4) Specify other information the Executive Assistant Director deems necessary regarding chemical facility security.
(b) Except as provided in § 27.235, a covered facility must complete the Site Security Plan through the CSAT process, or through any other methodology or process identified or issued by the Executive Assistant Director.
(c) Covered facilities must submit a Site Security Plan to the Department in accordance with the schedule provided in § 27.210.
(d) Updates and revisions. (1) When a covered facility updates, revises, or otherwise alters its Security Vulnerability Assessment pursuant to § 27.215(d), the covered facility shall make corresponding changes to its Site Security Plan.
(2) A covered facility must also update and revise its Site Security Plan in accordance with the schedule in § 27.210.
(e) A covered facility must conduct an annual audit of its compliance with its Site Security Plan.
(a) Covered facilities must satisfy the performance standards identified in this section. The Executive Assistant Director will issue guidance on the application of these standards to risk-based tiers of covered facilities, and the acceptable layering of measures used to meet these standards will vary by risk-based tier. Each covered facility must select, develop in their Site Security Plan, and implement appropriately risk-based measures designed to satisfy the following performance standards:
(1) Restrict area perimeter. Secure and monitor the perimeter of the facility;
(2) Secure site assets. Secure and monitor restricted areas or potentially critical targets within the facility;
(3) Screen and control access. Control access to the facility and to restricted areas within the facility by screening and/or inspecting individuals and vehicles as they enter, including,
(i) Measures to deter the unauthorized introduction of dangerous substances and devices that may facilitate an attack or actions having serious negative consequences for the population surrounding the facility; and
(ii) Measures implementing a regularly updated identification system that checks the identification of facility personnel and other persons seeking access to the facility and that discourages abuse through established disciplinary measures;
(4) Deter, detect, and delay. Deter, detect, and delay an attack, creating sufficient time between detection of an attack and the point at which the attack becomes successful, including measures to:
(i) Deter vehicles from penetrating the facility perimeter, gaining unauthorized access to restricted areas or otherwise presenting a hazard to potentially critical targets;
(ii) Deter attacks through visible, professional, well maintained security measures and systems, including security personnel, detection systems, barriers and barricades, and hardened or reduced value targets;
(iii) Detect attacks at early stages, through countersurveillance, frustration of opportunity to observe potential targets, surveillance and sensing systems, and barriers and barricades; and
(iv) Delay an attack for a sufficient period of time so to allow appropriate response through on-site security response, barriers and barricades, hardened targets, and well-coordinated response planning;
(5) Shipping, receipt, and storage. Secure and monitor the shipping, receipt, and storage of hazardous materials for the facility;
(6) Theft and diversion. Deter theft or diversion of potentially dangerous chemicals;
(7) Sabotage. Deter insider sabotage;
(8) Cyber. Deter cyber sabotage, including by preventing unauthorized onsite or remote access to critical process controls, such as Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), Process Control Systems (PCS), Industrial Control Systems (ICS), critical business system, and other sensitive computerized systems;
(9) Response. Develop and exercise an emergency plan to respond to security incidents internally and with assistance of local law enforcement and first responders;
(10) Monitoring. Maintain effective monitoring, communications and warning systems, including,
(i) Measures designed to ensure that security systems and equipment are in good working order and inspected, tested, calibrated, and otherwise maintained;
(ii) Measures designed to regularly test security systems, note deficiencies, correct for detected deficiencies, and record results so that they are available for inspection by the Department; and
(iii) Measures to allow the facility to promptly identify and respond to security system and equipment failures or malfunctions;
(11) Training. Ensure proper security training, exercises, and drills of facility personnel;
(12) Personnel surety. Perform appropriate background checks on and ensure appropriate credentials for facility personnel, and as appropriate, for unescorted visitors with access to restricted areas or critical assets, including,
(i) Measures designed to verify and validate identity;
(ii) Measures designed to check criminal history;
(iii) Measures designed to verify and validate legal authorization to work; and
(iv) Measures designed to identify people with terrorist ties;
(13) Elevated threats. Escalate the level of protective measures for periods of elevated threat;
(14) Specific threats, vulnerabilities, or risks. Address specific threats, vulnerabilities or risks identified by the Executive Assistant Director for the particular facility at issue;
(15) Reporting of significant security incidents. Report significant security incidents to the Department and to local law enforcement officials;
(16) Significant security incidents and suspicious activities. Identify, investigate, report, and maintain records of significant security incidents and suspicious activities in or near the site;
(17) Officials and organization. Establish official(s) and an organization responsible for security and for compliance with these standards;
(18) Records. Maintain appropriate records; and
(19) Address any additional performance standards the Executive Assistant Director may specify.
(b) [Reserved]
(a) Covered facilities may submit an Alternative Security Program (ASP) pursuant to the requirements of this section. The Executive Assistant Director may approve an ASP, in whole, in part, or subject to revisions or supplements, upon a determination that the ASP meets the requirements of this part and provides for an equivalent level of security to that established by this part.
(1) A Tier 4 facility may submit an ASP in lieu of a Security Vulnerability Assessment, Site Security Plan, or both.
(2) Tier 1, Tier 2, or Tier 3 facilities may submit an ASP in lieu of a Site Security Plan. Tier 1, Tier 2, and Tier 3 facilities may not submit an ASP in lieu of a Security Vulnerability Assessment.
(b) The Department will provide notice to a covered facility about the approval or disapproval, in whole or in part, of an ASP, using the procedure specified in § 27.240 if the ASP is intended to take the place of a Security Vulnerability Assessment or using the procedure specified in § 27.245 if the ASP is intended to take the place of a Site Security Plan.
(a) Review and approval. The Department will review and approve in writing all Security Vulnerability Assessments that satisfy the requirements of § 27.215, including ASPs submitted pursuant to § 27.235.
(b) If a Security Vulnerability Assessment does not satisfy the requirements of § 27.215, the Department will provide the facility with a written notification that includes a clear explanation of deficiencies in the Security Vulnerability Assessment. The facility shall then enter further consultations with the Department and resubmit a sufficient Security Vulnerability Assessment by the time specified in the written notification provided by the Department under this section. If the resubmitted Security Vulnerability Assessment does not satisfy the requirements of § 27.215, the Department will provide the facility with written notification (including a clear explanation of deficiencies in the Security Vulnerability Assessment) of the Department's disapproval of the Security Vulnerability Assessment.
(a) Review and approval. (1) The Department will review, and either approve or disapprove, all Site Security Plans that satisfy the requirements of § 27.225, including ASPs submitted pursuant to § 27.235.
(i) The Department will review Site Security Plans through a two-step process. Upon receipt of the Site Security Plan from the covered facility, the Department will review the documentation and make a preliminary determination as to whether it satisfies the requirements of § 27.225. If the Department finds that the requirements are satisfied, the Department will issue a Letter of Authorization to the covered facility.
(ii) Following issuance of the Letter of Authorization, the Department will inspect the covered facility in accordance with § 27.250 for purposes of determining compliance with the requirements of this part.
(iii) If the Department approves the Site Security Plan in accordance with § 27.250, the Department will issue a Letter of Approval to the facility, and the facility shall implement the approved Site Security Plan.
(2) The Department will not disapprove a Site Security Plan submitted under this part based on the presence or absence of a particular security measure. The Department may disapprove a Site Security Plan that fails to satisfy the risk-based performance standards established in § 27.230.
(b) When the Department disapproves a preliminary Site Security Plan issued prior to inspection or a Site Security Plan following inspection, the Department will provide the facility with a written notification that includes a clear explanation of deficiencies in the Site Security Plan. The facility shall then enter further consultations with the Department and resubmit a sufficient Site Security Plan by the time specified in the written notification provided by the Department under this section. If the resubmitted Site Security Plan does not satisfy the requirements of § 27.225, the Department will provide the facility with written notification (including a clear explanation of deficiencies in the Site Security Plan) of the Department's disapproval of the Site Security Plan.
(a) Authority. In order to assess compliance with the requirements of this part, authorized Department officials may enter, inspect, and audit the property, equipment, operations, and records of covered facilities.
(b) Following preliminary approval of a Site Security Plan in accordance with § 27.245, the Department will inspect the covered facility for purposes of determining compliance with the requirements of this part.
(1) If after the inspection, the Department determines that the requirements of § 27.225 have been met, the Department will issue a Letter of Approval to the covered facility.
(2) If after the inspection, the Department determines that the requirements of § 27.225 have not been met, the Department will proceed as directed by § 27.245(b) in “Review and Approval of Site Security Plans.”
(c) Time and manner. Authorized Department officials will conduct audits and inspections at reasonable times and in a reasonable manner. The Department will provide covered facility owners and/or operators with 24-hour advance notice before inspections, except
(1) If the Director or Executive Assistant Director determines that an inspection without such notice is warranted by exigent circumstances and approves such inspection; or
(2) If any delay in conducting an inspection might be seriously detrimental to security, and the Associate Director for Chemical Security determines that an inspection without notice is warranted, and approves an inspector to conduct such inspection.
(d) Inspectors. Inspections and audits are conducted by personnel duly authorized and designated for that purpose as “inspectors” by the Secretary or the Secretary's designee.
(1) An inspector will, on request, present his or her credentials for examination, but the credentials may not be reproduced by the facility.
(2) An inspector may administer oaths and receive affirmations, with the consent of any witness, in any matter.
(3) An inspector may gather information by reasonable means including, but not limited to, interviews, statements, photocopying, photography, and video- and audio-recording. All documents, objects, and electronically stored information collected by each inspector during the performance of that inspector's duties shall be maintained for a reasonable period of time in the files of the Department of Homeland Security maintained for that facility or matter.
(4) An inspector may request forthwith access to all records required to be kept pursuant to § 27.255. An inspector shall be provided with the immediate use of any photocopier or other equipment necessary to copy any such record. If copies can not be provided immediately upon request, the inspector shall be permitted immediately to take the original records for duplication and prompt return.
(e) Confidentiality. In addition to the protections provided under Chemical-terrorism Vulnerability Information in § 27.400, information received in an audit or inspection under this section, including the identity of the persons involved in the inspection or who provide information during the inspection, shall remain confidential under the investigatory file exception, or other appropriate exception, to the public disclosure requirements of 5 U.S.C. 552.
(f) Guidance. The Executive Assistant Director shall issue guidance identifying appropriate processes for such inspections, and specifying the type and nature of documentation that must be made available for review during inspections and audits.
(a) Except as provided in § 27.255(b), the covered facility must keep records of the activities as set out below for at least three years and make them available to the Department upon request. A covered facility must keep the following records:
(1) Training. For training, the date and location of each session, time of day and duration of session, a description of the training, the name and qualifications of the instructor, a clear, legible list of attendees to include the attendee signature, at least one other unique identifier of each attendee receiving the training, and the results of any evaluation or testing;
(2) Drills and exercises. For each drill or exercise, the date held, a description of the drill or exercise, a list of participants, a list of equipment (other than personal equipment) tested or employed in the exercise, the name(s) and qualifications of the exercise director, and any best practices or lessons learned, which may improve the Site Security Plan;
(3) Incidents and breaches of security. Date and time of occurrence, location within the facility, a description of the incident or breach, the identity of the individual to whom it was reported, and a description of the response;
(4) Maintenance, calibration, and testing of security equipment. The date and time, name and qualifications of the technician(s) doing the work, and the specific security equipment involved for each occurrence of maintenance, calibration, and testing;
(5) Security threats. Date and time of occurrence, how the threat was communicated, who received or identified the threat, a description of the threat, to whom it was reported, and a description of the response;
(6) Audits. For each audit of a covered facility's Site Security Plan (including each audit required under § 27.225(e)) or Security Vulnerability Assessment, a record of the audit, including the date of the audit, results of the audit, name(s) of the person(s) who conducted the audit, and a letter certified by the covered facility stating the date the audit was conducted; and
(7) Letters of Authorization and Approval. All Letters of Authorization and Approval from the Department, and documentation identifying the results of audits and inspections conducted pursuant to § 27.250.
(b) A covered facility must retain records of submitted Top-Screens, Security Vulnerability Assessments, Site Security Plans, and all related correspondence with the Department for at least six years and make them available to the Department upon request.
(c) To the extent necessary for security purposes, the Department may request that a covered facility make available records kept pursuant to other Federal programs or regulations.
(d) Records required by this section may be kept in electronic format. If kept in an electronic format, they must be protected against unauthorized access, deletion, destruction, amendment, and disclosure.
(a) Orders generally. When the Executive Assistant Director determines that a facility is in violation of any of the requirements of this part, the Executive Assistant Director may take appropriate action including the issuance of an appropriate Order.
(b) Orders Assessing Civil Penalty and Orders to Cease Operations. (1) Where the Executive Assistant Director determines that a facility is in violation of an Order issued pursuant to paragraph (a) of this section, the Executive Assistant Director may enter an Order Assessing Civil Penalty, Order to Cease Operations, or both.
(2) Following the issuance of an Order by the Executive Assistant Director pursuant to paragraph (b)(1) of this section, the facility may enter further consultations with the Department.
(3) Where the Executive Assistant Director determines that a facility is in violation of an Order issued pursuant to paragraph (a) of this section and issues an Order Assessing Civil Penalty pursuant to paragraph (b)(1) of this section, a chemical facility is liable to the United States for a civil penalty of not more than $25,000 for each day during which the violation continues, if the violation of the Order occurred on or before November 2, 2015, or $41,093 for each day during which the violation of the Order continues, if the violation occurred after November 2, 2015.
(c) Procedures for Orders. (1) At a minimum, an Order shall be signed by the Executive Assistant Director, shall be dated, and shall include:
(i) The name and address of the facility in question;
(ii) A listing of the provision(s) that the facility is alleged to have violated;
(iii) A statement of facts upon which the alleged instances of noncompliance are based;
(iv) A clear explanation of deficiencies in the facility's chemical security program, including, if applicable, any deficiencies in the facility's Security Vulnerability Assessment, Site Security Plan, or both;
(v) A statement indicating what action(s) the facility must take to remedy the instance(s) of noncompliance; and
(vi) The date by which the facility must comply with the terms of the Order.
(2) The Executive Assistant Director may establish procedures for the issuance of Orders.
(d) A facility must comply with the terms of the Order by the date specified in the Order unless the facility has filed a timely Notice of Application for Review under § 27.310.
(e) Where a facility or other person contests the determination of the Executive Assistant Director to issue an Order, a chemical facility may seek an adjudication pursuant to § 27.310.
(f) An Order issued under this section becomes final agency action when the time to file a Notice of Application for Review under § 27.310 has passed without such a filing or upon the conclusion of adjudication or appeal proceedings under this subpart.
(a) Any facility or other person who has received a Finding pursuant to § 27.230(a)(12)(iv), a Determination pursuant to § 27.245(b), or an Order pursuant to § 27.300 is entitled to an adjudication, by a neutral adjudications officer, of any issue of material fact relevant to any administrative action that deprives that person of a cognizable interest in liberty or property.
(b) A neutral adjudications officer appointed pursuant to § 27.315 shall issue an Initial Decision on any material factual issue related to a Finding pursuant to § 27.230(a)(12)(iv), a Determination pursuant to § 27.245, or an Order pursuant to § 27.300 before any such administrative action is reviewed on appeal pursuant to § 27.345.
(a) Proceedings instituted by facilities or other persons. A facility or other person may institute proceedings to review a determination by the Executive Assistant Director:
(1) Finding, pursuant to the § 27.230(a)(12)(iv), that an individual is a potential security threat;
(2) Disapproving a Site Security Plan pursuant to § 27.245(b); or
(3) Issuing an Order pursuant to § 27.300(a) or (b).
(b) Procedure for applications by facilities or other persons. A facility or other person may institute Proceedings by filing a Notice of Application for Review specifying that the facility or other person requests a Proceeding to review a determination specified in paragraph (a) of this section.
(1) An Applicant institutes a Proceeding by filing a Notice of Application for Review.
(2) An Applicant must file a Notice of Application for Review within seven calendar days of notification to the facility or other person of the Executive Assistant Director's Finding, Determination, or Order.
(3) The Applicant shall file and simultaneously serve each Notice of Application for Review and all subsequent filings on the Executive Assistant Director and the Office of the Chief Counsel.
(4) An Order is stayed from the timely filing of a Notice of Application for Review until the Presiding Officer issues an Initial Decision, unless the Secretary has lifted the stay due to exigent circumstances pursuant to paragraph (d) of this section.
(5) The Applicant shall file and serve an Application for Review within 14 calendar days of the notification to the facility or other person of the Executive Assistant Director's Finding, Determination, or Order.
(6) Each Application for Review shall be accompanied by all legal memoranda, other documents, declarations, affidavits, and other evidence supporting the position asserted by the Applicant.
(c) Response. The Executive Assistant Director, through the Office of the Chief Counsel, shall file and serve a Response, accompanied by all legal memoranda, other documents, declarations, affidavits, and other evidence supporting the position asserted by the Executive Assistant Director within 14 calendar days of the filing and service of the Application for Review and all supporting papers.
(d) Procedural modifications. The Secretary may, in exigent circumstances (as determined in his or her sole discretion):
(1) Lift any stay applicable to any Order under § 27.300;
(2) Modify the time for a response;
(3) Rule on the sufficiency of Applications for Review; or
(4) Otherwise modify these procedures with respect to particular matters.
(a) Immediately upon the filing of any Application for Review, the Secretary shall appoint an attorney, who is employed by the Department and who has not performed any investigative or prosecutorial function with respect to the matter, to act as a neutral adjudications officer or Presiding Officer for the compilation of a factual record and the recommendation of an Initial Decision for each Proceeding.
(b) Notwithstanding paragraph (a) of this section, the Secretary may appoint one or more attorneys who are employed by the Department and who do not perform any investigative or prosecutorial function with respect to this subpart, to serve, generally, in the capacity as Presiding Officer(s) for such matters pursuant to such procedures as the Secretary may hereafter establish.
(a) At no time after the designation of a Presiding Officer for a Proceeding and prior to the issuance of a Final Decision pursuant to § 27.345 with respect to a facility or other person, shall the appointed Presiding Officer, or any person who will advise that official in the decision on the matter, discuss ex parte the merits of the proceeding with any interested person outside the Department, with any Department official who performs a prosecutorial or investigative function in such proceeding or a factually related proceeding, or with any representative of such person.
(b) If, after appointment of a Presiding Officer and prior to the issuance of a Final Decision pursuant to § 27.345 with respect to a facility or other person, the appointed Presiding Officer, or any person who will advise that official in the decision on the matter, receives from or on behalf of any party, by means of an ex parte communication, information that is relevant to the decision of the matter and to which other parties have not had an opportunity to respond, a summary of such information shall be served on all other parties, who shall have an opportunity to reply to the ex parte communication within a time set by the Presiding Officer.
(c) The consideration of classified information or CVI pursuant to an in camera procedure does not constitute a prohibited ex parte communication for purposes of this subpart.
The Executive Assistant Director bears the initial burden of proving the facts necessary to support the challenged administrative action at every proceeding instituted under this subpart.
(a) The Presiding Officer appointed for each Proceeding shall immediately consider whether the summary adjudication of the Application for Review is appropriate based on the Application for Review, the Response, and all the supporting filings of the parties pursuant to §§ 27.310(b)(5) and 27.310(c).
(1) The Presiding Officer shall promptly issue any necessary scheduling order for any additional briefing of the issue of summary adjudication on the Application for Review and Response.
(2) The Presiding Officer may conduct scheduling conferences and other proceedings that the Presiding Officer determines to be appropriate.
(b) If the Presiding Officer determines that there is no genuine issue of material fact and that one party or the other is entitled to a decision as a matter of law, then the record shall be closed and the Presiding Officer shall issue an Initial Decision on the Application for Review pursuant to § 27.340.
(c) If a Presiding Officer determines that any factual issues require the cross-examination of one or more witnesses or other proceedings at a hearing, the Presiding Officer, in consultation with the parties, shall promptly schedule a hearing to be conducted pursuant to § 27.335.
(a) Any hearing shall be held as expeditiously as possible at the location most conducive to a prompt presentation of any necessary testimony or other proceedings.
(1) Videoconferencing and teleconferencing may be used where appropriate at the discretion of the Presiding Officer.
(2) Each party offering the affirmative testimony of a witness shall present that testimony by declaration, affidavit, or other sworn statement submitted in advance as ordered by the Presiding Officer.
(3) Any witness presented for further examination shall be asked to testify under an oath or affirmation.
(4) The hearing shall be recorded verbatim.
(b)(1) A facility or other person may appear and be heard on his or her own behalf or through any counsel of his or her choice who is qualified to possess CVI.
(2) A facility or other person individually, or through counsel, may offer relevant and material information including written direct testimony, which he or she believes should be considered in opposition to the administrative action, or which may bear on the sanction being sought.
(3) The facility or other person individually, or through counsel, may conduct such cross-examination as may be specifically allowed by the Presiding Officer for a full determination of the facts.
(a) The Presiding Officer shall close and certify the record of the adjudication promptly upon the completion of:
(1) Summary judgment proceedings,
(2) A hearing, if necessary,
(3) The submission of post hearing briefs, if any are ordered by the Presiding Officer, and
(4) The conclusion of oral arguments, if any are permitted by the Presiding Officer.
(b) The Presiding Officer shall issue an Initial Decision based on the certified record, and the decision shall be subject to appeal pursuant to § 27.345.
(c) An Initial Decision shall become a final agency action on the expiration of the time for an Appeal pursuant to § 27.345.
(a) Right to appeal. A facility or any person who has received an Initial Decision under § 27.340(b) has the right to appeal to the Director acting as a neutral appeals officer.
(b) Procedure for appeals. (1) The Executive Assistant Director, a facility or other person, or a representative on behalf of a facility or person, may institute an Appeal by filing a Notice of Appeal with the office of the Department hereinafter designated by the Secretary.
(2) The Executive Assistant Director, a facility, or other person must file a Notice of Appeal within seven calendar days of the service of the Presiding Officer's Initial Decision.
(3) The Appellant shall file with the designated office and simultaneously serve each Notice of Appeal and all subsequent filings on the Office of the Chief Counsel.
(4) An Initial Decision is stayed from the timely filing of a Notice of Appeal until the Director issues a Final Decision, unless the Secretary lifts the stay due to exigent circumstances pursuant to § 27.310(d).
(5) The Appellant shall file and serve a Brief within 28 calendar days of the notification of the service of the Presiding Officer's Initial Decision.
(6) The Appellee shall file and serve its Opposition Brief within 28 calendar days of the service of the Appellant's Brief.
(c) The Director may provide for an expedited appeal for appropriate matters.
(d) Ex parte communications. (1) At no time after the filing of a Notice of Appeal pursuant to paragraph (b)(1) of this section and prior to the issuance of a Final Decision on an Appeal pursuant to paragraph (f) of this section with respect to a facility or other person shall the Director, his or her designee, or any person who will advise that official in the decision on the matter, discuss ex parte the merits of the proceeding with any interested person outside the Department, with any Department official who performs a prosecutorial or investigative function in such proceeding or a factually related proceeding, or with any representative of such person.
(2) If, after the filing of a Notice of Appeal pursuant to paragraph (b)(1) of this section and prior to the issuance of a Final Decision on an Appeal pursuant to paragraph (f) of this section with respect to a facility or other person, the Director, his or her designee, or any person who will advise that official in the decision on the matter, receives from or on behalf of any party, by means of an ex parte communication, information that is relevant to the decision of the matter and to which other parties have not had an opportunity to respond, a summary of such information shall be served on all other parties, who shall have an opportunity to reply to the ex parte communication within a time set by the Director or his or her designee.
(3) The consideration of classified information or CVI pursuant to an in camera procedure does not constitute a prohibited ex parte communication for purposes of this subpart.
(e) A facility or other person may elect to have the Director participate in any mediation or other resolution process by expressly waiving, in writing, any argument that such participation has compromised the Appeal process.
(f) The Director shall issue a Final Decision and serve it upon the parties. A Final Decision made by the Director constitutes final agency action.
(g) The Secretary may establish procedures for the conduct of Appeals pursuant to this section.
(a) Applicability. This section governs the maintenance, safeguarding, and disclosure of information and records that constitute Chemical-terrorism Vulnerability Information (CVI), as defined in § 27.400(b). The Secretary shall administer this section consistent with 6 U.S.C. 621 et seq. , including appropriate sharing with Federal, State, and local officials.
(b) Chemical-terrorism vulnerability information. In accordance with 6 U.S.C. 623, the following information, whether transmitted verbally, electronically, or in written form, shall constitute CVI:
(1) Security Vulnerability Assessments under § 27.215;
(2) Site Security Plans under § 27.225;
(3) Documents relating to the Department's review and approval of Security Vulnerability Assessments and Site Security Plans, including Letters of Authorization, Letters of Approval, and responses thereto; written notices; and other documents developed pursuant to § 27.240 or § 27.245;
(4) Alternative Security Programs under § 27.235;
(5) Documents relating to inspection or audits under § 27.250;
(6) Any records required to be created or retained under § 27.255;
(7) Sensitive portions of orders, notices, or letters under § 27.300;
(8) Information developed pursuant to §§ 27.200 and 27.205; and
(9) Other information developed for chemical facility security purposes that the Secretary, in his or her discretion, determines is similar to the information protected in § 27.400(b)(1) through (8) and thus warrants protection as CVI.
(c) Covered persons. Persons subject to the requirements of this section are:
(1) Each person who has a need to know CVI, as specified in § 27.400(e); and
(2) Each person who otherwise receives or gains access to what they know or should reasonably know constitutes CVI.
(d) Duty to protect information. A covered person must:
(1) Take reasonable steps to safeguard CVI in that person's possession or control, including electronic data, from unauthorized disclosure. When a person is not in physical possession of CVI, the person must store it in a secure container, such as a safe, that limits access only to covered persons with a need to know;
(2) Disclose, or otherwise provide access to, CVI only to persons who have a need to know;
(3) Refer requests for CVI by persons without a need to know to the Executive Assistant Director;
(4) Mark CVI as specified in § 27.400(f);
(5) Dispose of CVI as specified in § 27.400(k);
(6) If a covered person receives a record or verbal transmission containing CVI that is not marked as specified in § 27.400(f), the covered person must:
(i) Mark the record as specified in § 27.400(f) of this section; and
(ii) Inform the sender of the record that the record must be marked as specified in § 27.400(f); or
(iii) If received verbally, make reasonable efforts to memorialize such information and mark the memorialized record as specified in § 27.400(f) of this section, and inform the speaker of any determination that such information warrants CVI protection.
(7) When a covered person becomes aware that CVI has been released to persons without a need to know (including a covered person under § 27.400(c)(2)), the covered person must promptly inform the Executive Assistant Director; and
(8) In the case of information that is CVI and also has been designated as Protected Critical Infrastructure Information under 6 U.S.C. 133, any covered person in possession of such information must comply with the disclosure restrictions and other requirements applicable to such information under 6 U.S.C. 133 and any implementing regulations.
(e) Need to know. (1) A person, including a State or local official, has a need to know CVI in each of the following circumstances:
(i) When the person requires access to specific CVI to carry out chemical facility security activities approved, accepted, funded, recommended, or directed by the Department.
(ii) When the person needs the information to receive training to carry out chemical facility security activities approved, accepted, funded, recommended, or directed by the Department.
(iii) When the information is necessary for the person to supervise or otherwise manage individuals carrying out chemical facility security activities approved, accepted, funded, recommended, or directed by the Department.
(iv) When the person needs the information to provide technical or legal advice to a covered person, who has a need to know the information, regarding chemical facility security requirements of Federal law.
(v) When the Department determines that access is required under § 27.400(h) or § 27.400(i) in the course of a judicial or administrative proceeding.
(2) Federal employees, contractors, and grantees. (i) A Federal employee has a need to know CVI if access to the information is necessary for performance of the employee's official duties.
(ii) A person acting in the performance of a contract with or grant from the Department has a need to know CVI if access to the information is necessary to performance of the contract or grant. Contractors or grantees may not further disclose CVI without the consent of the Executive Assistant Director.
(iii) The Department may require that non-Federal persons seeking access to CVI complete a non-disclosure agreement before such access is granted.
(3) Background check. The Department may make an individual's access to the CVI contingent upon satisfactory completion of a security background check or other procedures and requirements for safeguarding CVI that are satisfactory to the Department.
(4) Need to know further limited by the Department. For some specific CVI, the Department may make a finding that only specific persons or classes of persons have a need to know.
(5) Nothing in § 27.400(e) shall prevent the Department from determining, in its discretion, that a person not otherwise listed in § 27.400(e) has a need to know CVI in a particular circumstance.
(f) Marking of paper records. (1) In the case of paper records containing CVI, a covered person must mark the record by placing the protective marking conspicuously on the top, and the distribution limitation statement on the bottom, of:
(i) The outside of any front and back cover, including a binder cover or folder, if the document has a front and back cover;
(ii) Any title page; and
(iii) Each page of the document.
(2) Protective markings. The protective marking is: CHEMICAL-TERRORISM VULNERABILITY INFORMATION.
(3) Distribution limitation statement. The distribution limitation statement is: WARNING: This record contains Chemical-terrorism Vulnerability Information controlled by 6 CFR 27.400. Do not disclose to persons without a “need to know” in accordance with 6 CFR 27.400(e). Unauthorized release may result in civil penalties or other action. In any administrative or judicial proceeding, this information shall be treated as classified information in accordance with 6 CFR 27.400(h) and (i).
(4) Other types of records. In the case of non-paper records that contain CVI, including motion picture films, videotape recordings, audio recordings, and electronic and magnetic records, a covered person must clearly and conspicuously mark the records with the protective marking and the distribution limitation statement such that the viewer or listener is reasonably likely to see or hear them when obtaining access to the contents of the record.
(g) Disclosure by the Department —(1) In general. Except as otherwise provided in this section, and notwithstanding the Freedom of Information Act (5 U.S.C. 552), the Privacy Act (5 U.S.C. 552a), and other laws, records containing CVI are not available for public inspection or copying, nor does the Department release such records to persons without a need to know.
(2) Disclosure of Segregable Information under the Freedom of Information Act and the Privacy Act. If a record is marked to signify both CVI and information that is not CVI, the Department, on a proper Freedom of Information Act or Privacy Act request, may disclose the record with the CVI redacted, provided the record is not otherwise exempt from disclosure under the Freedom of Information Act or Privacy Act.
(h) Disclosure in administrative enforcement proceedings. (1) The Department may provide CVI to a person governed by 6 U.S.C. 621 et seq. , and his or her counsel, in the context of an administrative enforcement proceeding of 6 U.S.C. 621 et seq. when, in the sole discretion of the Department, as appropriate, access to the CVI is necessary for the person to prepare a response to allegations contained in a legal enforcement action document issued by the Department.
(2) Security background check. Prior to providing CVI to a person under § 27.400(h)(1), the Department may require the individual or, in the case of an entity, the individuals representing the entity, and their counsel, to undergo and satisfy, in the judgment of the Department, a security background check.
(i) Disclosure in judicial proceedings. (1) In any judicial enforcement proceeding of 6 U.S.C. 621 et seq. , the Secretary, in his or her sole discretion, may, subject to § 27.400(i)(1)(i), authorize access to CVI for persons necessary for the conduct of such proceedings, including such persons' counsel, provided that no other persons not so authorized shall have access to or be present for the disclosure of such information.
(i) Security background check. Prior to providing CVI to a person under § 27.400(i)(1), the Department may require the individual to undergo and satisfy, in the judgment of the Department, a security background check.
(ii) [Reserved]
(2) In any judicial enforcement proceeding under 6 U.S.C. 621 et seq. where a person seeks to disclose CVI to a person not authorized to receive it under paragraph (i)(1) of this section, or where a person not authorized to receive CVI under paragraph (i)(1) of this section seeks to compel its disclosure through discovery, the United States may make an ex parte application in writing to the court seeking authorization to:
(i) Redact specified items of CVI from documents to be introduced into evidence or made available to the defendant through discovery under the Federal Rules of Civil Procedure;
(ii) Substitute a summary of the information for such CVI; or
(iii) Substitute a statement admitting relevant facts that the CVI would tend to prove.
(3) The court shall grant a request under paragraph (i)(2) of this section if, after in camera review, the court finds that the redacted item, stipulation, or summary is sufficient to allow the defendant to prepare a defense.
(4) If the court enters an order granting a request under paragraph (i)(2) of this section, the entire text of the documents to which the request relates shall be sealed and preserved in the records of the court to be made available to the appellate court in the event of an appeal.
(5) If the court enters an order denying a request of the United States under paragraph (i)(2) of this section, the United States may take an immediate, interlocutory appeal of the court's order in accordance with 18 U.S.C. 2339B(f)(4), (5). For purposes of such an appeal, the entire text of the documents to which the request relates, together with any transcripts of arguments made ex parte to the court in connection therewith, shall be maintained under seal and delivered to the appellate court.
(6) Except as provided otherwise at the sole discretion of the Secretary, access to CVI shall not be available in any civil or criminal litigation unrelated to the enforcement under 6 U.S.C. 621 et seq. .
(7) Taking of trial testimony —(i) Objection. During the examination of a witness in any judicial proceeding, the United States may object to any question or line of inquiry that may require the witness to disclose CVI not previously found to be admissible.
(ii) Action by court. In determining whether a response is admissible, the court shall take precautions to guard against the compromise of any CVI, including—
(A) Permitting the United States to provide the court, ex parte, with a proffer of the witness's response to the question or line of inquiry; and
(B) Requiring the defendant to provide the court with a proffer of the nature of the information that the defendant seeks to elicit.
(iii) Obligation of defendant. In any judicial enforcement proceeding, it shall be the defendant's obligation to establish the relevance and materiality of any CVI sought to be introduced.
(8) Construction. Nothing in this subsection shall prevent the United States from seeking protective orders or asserting privileges ordinarily available to the United States to protect against the disclosure of classified information, including the invocation of the military and State secrets privilege.
(j) Consequences of violation. Violation of this section is grounds for a civil penalty and other enforcement or corrective action by the Department, and appropriate personnel actions for Federal employees. Corrective action may include issuance of an order requiring retrieval of CVI to remedy unauthorized disclosure or an order to cease future unauthorized disclosure.
(k) Destruction of CVI. (1) The Department of Homeland Security. Subject to the requirements of the Federal Records Act (codified at 44 U.S.C. 3101 et seq. and 3301 et seq. ), including the duty to preserve records containing documentation of a Federal agency's policies, decisions, and essential transactions, the Department destroys CVI when no longer needed to carry out the agency's function.
(2) Other covered persons —(i) In general. A covered person must destroy CVI completely to preclude recognition or reconstruction of the information when the covered person no longer needs the CVI to carry out security measures under paragraph (e) of this section.
(ii) Exception. Section 27.400(k)(2) does not require a State or local government agency to destroy information that the agency is required to preserve under State or local law.
(a) As per current law, no law, regulation, or administrative action of a State or political subdivision thereof, or any decision or order rendered by a court under State law, shall have any effect if such law, regulation, or decision conflicts with, hinders, poses an obstacle to, or frustrates the purposes of this regulation or of any approval, disapproval, or order issued there under.
(1) Nothing in this part is intended to displace other federal requirements administered by the Environmental Protection Agency, U.S. Department of Justice, U.S. Department of Labor, U.S. Department of Transportation, or other federal agencies.
(2) [Reserved]
(b) State law, regulation, or administrative action defined. For purposes of this section, the phrase “State law, regulation, or administrative action” means any enacted law, promulgated regulation, ordinance, administrative action, order, decision, or common law standard of a State or any of its political subdivisions.
(c) Submission for review. Any chemical facility covered by these regulations and any State may petition the Department by submitting a copy of a State law, regulation, administrative action, decision, or order of a court for review under this section.
(d) Review and opinion —(1) Review. The Department may review State laws, administrative actions, opinions, or orders of a court under State law and regulations submitted under this section, and may offer an opinion whether the application or enforcement of the State law or regulation would conflict with, hinder, pose an obstacle to, or frustrate the purposes of this part.
(2) Opinion. The Department may issue a written opinion on any question regarding preemption. If the question was submitted under subsection (c) of this part, the Executive Assistant Director will notify the affected chemical facility and the Attorney General of the subject State of any opinion under this section.
(3) Consultation with States. In conducting a review under this section, the Department will seek the views of the State or local jurisdiction whose laws may be affected by the Department's review.
(a) Nothing in this part shall confer upon any person except the Secretary a right of action, in law or equity, for any remedy including, but not limited to, injunctions or damages to enforce any provision of this part.
(b) An owner or operator of a chemical facility may petition the Executive Assistant Director to provide the Department's view in any litigation involving any issues or matters regarding this part.
Cite this law
CHEMICAL FACILITY ANTI-TERRORISM STANDARDS (U.S.C.). Retrieved via LawPlayer, https://lawplayer.com/us/act/cfr-title-6-part-27
United States government works (U.S. Code, Code of Federal Regulations) are in the public domain under 17 U.S.C. § 105.
本頁資料來源:GPO govinfo / eCFR·整理提供:法律人 LawPlayer· lawplayer.com