These metrics show the maturation and growth of the CFATS program (6 CFR Part 27). Metrics under “Since Inception” include facilities that were tiered when the activity occurred, but were subsequently determined to no longer be high-risk. Typical reasons for a change in high-risk status includes removal of chemicals of interest (COI), reduction of the quantity of COI onsite, replacement of the COI with a lower concentration COI, and/or facility sale or closure.
Note: This regulatory program is cyclical in nature, meaning activities such as Compliance Inspections (CIs) are recurring. CISA began conducting recurring CIs in March 2017.
To date, CISA has received more than 93,000 Top-Screen submissions from more than 41,000 unique facilities. Of these, CFATS currently covers 3,316 facilities. These high-risk facilities are divided into four tiers, with Tier 1 facilities posing the highest security risk.
|Activity||Since Inception||September 2019|
|Authorization Inspections (AIs)||4,074||20|
|Compliance Inspections (CIs)||5,440||124|
|Compliance Assistance Visits (CAVs)||5,771||96|
* If an activity is canceled, it will be removed from the system. This may lead to a small change in the monthly numbers.
CFATS Facility Status
Approved Facilities: This metric shows the number of facilities that are currently approved. Once a facility’s security plan is approved and a Letter of Approval is issued, the facility enters into a regulatory cycle of CIs.
Authorized Facilities: This metric shows the number of facilities that are currently authorized. Once a facility has submitted their security plan (SSP or ASP), a Letter of Authorization will be issued if the security measures appear to satisfy the applicable established risk-based performance standards (RBPS) requirements.
Authorization Inspections (AIs): This metric shows the number of Authorization Inspections completed. Once a Letter of Authorization is issued, an AI is conducted at facilities to verify and validate that the content listed in the facility’s Site Security Plan (SSP) or Alternative Security Program (ASP) is accurate and complete, and that existing and planned equipment, processes, and procedures are appropriate and sufficient to meet the RBPS specified in the CFATS regulation. This inspection occurs prior to the final approval of the facility’s SSP or ASP.
Compliance Assistance Visits (CAVs): This metric shows the number of Compliance Assistance Visits completed. CAVs provide CFATS-covered facilities and facilities of interest an in-depth knowledge of how to meet CFATS requirements, such as determining COI reporting requirements, submitting or resubmitting a Top-Screen, developing an SSP or ASP, editing an SSP based on a change in security posture or tiering, or assistance in complying with any other part of the regulation.
Compliance Inspections (CIs): This metric shows the number of Compliance Inspections completed. A CI is conducted after a Letter of Approval has been issued. It is part of the recurring inspection process to ensure the covered facility continues to implement its approved SSP or ASP, and that existing and planned security measures are appropriate and sufficient to meet the RBPS. CIs will typically occur every one to two years, or as needed.
Tiered Facilities: Once a facility has submitted a Top-Screen, CISA uses a risk-based tiering methodology to determine if the facility is high-risk. This metric shows the number of high-risk facilities that are currently tiered, and are pending Authorizations and Approval.