CFATS is the nation’s first regulatory program focused specifically on security at high-risk chemical facilities. Managed by the Cybersecurity and Infrastructure Security Agency (CISA), the CFATS program identifies and regulates high-risk facilities to ensure they have security measures in place to reduce the risk that certain hazardous chemicals are weaponized by terrorists.
Follow @CISAgov on Twitter for the latest infrastructure security news.
September 2, 2021: In light of the flurry of cyberattacks that our nation and chemical facilities have faced this year, CISA released a new webpage and fact sheet, Chemical Facility Anti-Terrorism Standards (CFATS): Reporting Cyber Incidents, to help high-risk CFATS facilities know how and when to report significant cyber incidents under Risk-Based Performance Standard (RBPS) 8 – Cyber and RBPS 15 – Reporting of Significant Security Incidents.
August 4, 2021: CISA published a Final Rule (86 FR 41889) in the Federal Register that updates the regulatory language to reflect the current organizational structure, as well as other non-substantive technical edits that clarify the regulation. Facilities regulated under the CFATS program do not need to take any action in response to this Final Rule.
- July 9, 2019: CISA published a Federal Register notice announcing implementation of the CFATS Personnel Surety Program (PSP) at all high-risk chemical facilities—including Tier 3 and 4 facilities—closing the final gap to vet individuals with access to critical assets/restricted areas for terrorist ties. For more details, the PSP Toolkit, and a demo video, visit the PSP page.
Under CFATS, a chemical facility is any establishment or individual that possesses or plans to possess any of the more than 300 chemicals of interest (COI) in Appendix A at or above the listed screening threshold quantity (STQ). These facilities must report their chemicals to CISA via an online survey, known as a Top-Screen. CISA uses the Top-Screen information a facility submits to determine if the facility is considered high-risk and must develop a security plan.
The CFATS regulation applies to facilities across many industries—chemical manufacturing, storage, and distribution, energy and utilities, agriculture and food, explosives, mining, electronics, plastics, universities and laboratories, paint and coatings, and healthcare and pharmaceuticals, among others.
Chemical security is not a temporary issue. As threats evolve, the Agency is committed to working with stakeholders to protect the nation’s highest-risk chemical infrastructure.
CFATS Act of 2014
Initially authorized by Congress in 2007 (6 CFR Part 27), the program uses a dynamic multi-tiered risk assessment process to identify high-risk chemical facilities. After being assigned a tier, facilities are required to meet and maintain performance-based security standards appropriate to their unique security challenges and tier level.
On December 18, 2014, the Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014 (“CFATS Act of 2014”) was signed into law. The Act recodified and reauthorized the CFATS program for four years.
On January 18, 2019, the Chemical Facility Anti-Terrorism Standards Program Extension Act to extend the CFATS program for 15 months was signed into law.
On March 27, 2020, the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which included a provision to extend the CFATS program to July 23, 2020, was signed into law.
On July 22, 2020, Pub. L. No. 116-150 to extend the expiration date of the Protecting and Security Chemical Facilities from Terrorist Attacks Act of 2014, Pub. L. No. 113-254, to July 27, 2023, was signed into law.
Executive Order 13650
On August 1, 2013, the Executive Order on Improving Chemical Facility Safety and Security (EO 13650) directed the federal government to improve the safety and security of chemical facilities and reduce the risks of hazardous chemicals to workers and communities. The EO established the Chemical Facility Safety and Security Working Group (Working Group)—tri-chaired by CISA, the Environmental Protection Agency (EPA), and the Secretary of Labor—to oversee this effort.
In response, CISA created the CISA Gateway—a repository of critical infrastructure tools and information—to improve coordination between federal, state and local governments, and community stakeholders and to strengthen the CFATS program.
Visit CFATS and the Executive Order 13650 to learn more about the EO actions CISA has implemented.
CFATS Monthly Statistics
CISA has received Top-Screen submissions from more than 42,000 unique facilities. A unique facility is a facility that has submitted multiple Top-Screens, but is counted only once in this metric. Facilities may submit additional Top-Screens to reflect the changes in their chemical holdings and/or security posture. Review the Monthly Statistics for updated data and other metrics on CFATS-covered facilities.
CFATS Knowledge Center
The CFATS Knowledge Center is an online repository of FAQs, articles, and the latest CFATS program news.
For more information about the CFATS program, please email CFATS@hq.dhs.gov.
For technical assistance, call the Chemical Security Assessment Tool (CSAT) Help Desk at 1-866-323-2957 from Monday through Friday from 8:30 a.m. to 5 p.m. (ET).