ChemLock Security Plan

ChemLock wordmark. Know your chemicals. Lock in your security posture.

Do you have a security plan in place to secure your dangerous chemicals? If your facility experienced a cyber or physical attack, would you and your facility's personnel know what to do?

To help facilities that possess dangerous chemicals develop and implement a tailored security plan that will prevent dangerous chemicals from being exploited, CISA provides no-cost services and tools to help these facilities better understand the risks they face and improve their chemical security posture in a way that works for their business model.

ChemLock: Secure Your Chemicals

This is a guidance document that walks facilities step-by-step through the process of developing and implementing a facility security plan.

ChemLock: Secure Your Chemicals Facility Security Plan Template

This is an editable security plan template that can be easily customized to any organization's specifications and needs.

To request any CISA on-site assessment and assistance services, including help in developing a facility security plan, please fill out the ChemLock Services Request Form.

Request ChemLock Services

Other ChemLock Templates

Below are three additional customizable templates that individuals can download and use for their facility or organization.

Chemical Security Goals

The ChemLock: Secure Your Chemicals guidance document focuses on a holistic approach and presents five security goals for facilities to think through as they formulate a facility security plan:

  1. Can you DETECT an attack?
  2. Can you DELAY the adversary?
  3. Are you able to RESPOND in a timely manner?
  4. Are you securing your CYBER assets?
  5. Do you have the appropriate POLICIES, PLANS, and PROCEDURES to implement security measures?

Each of these five security goals include a list of specific security measures that facilities can consider when developing a facility security plan. By approaching security from this holistic approach, facilities can choose cost-effective, efficient security measures that work best to protect the dangerous chemicals at their facility from the threats and hazards most likely to occur at their facility.

Developing a Facility Security Plan

Understanding security principles is valuable, but without a facility security plan that implements specific security measures to meet the security goals, facilities may be unnecessarily exposing themselves to risk. The second part of ChemLock: Secure Your Chemicals provides a draft facility security plan that any facility can use to develop and implement a security plan customized to their unique circumstances and business model. (CISA also published ChemLock: Secure Your Chemicals Template in an editable format that can be easily customized to meet any organization's specifications and needs.)

To request CISA's chemical security expertise in helping to develop a facility security plan, please fill out the ChemLock Services Request Form above.

Security-in-Depth

Security-in-depth graphic. Three concentric circles representing perimter, building, and interior assets. Security measures are laid out at different points in the facility. See ChemLock: Secure Your Chemicals for more information on this graphic: cisa.gov/chemical-security-plan.

Security-in-depth (also referred to as layered security) is an industry-accepted concept in asset protection used to slow or dissuade potential criminals from unauthorized facility access. Most frequently, this is accomplished by placing the most critical or dangerous assets within the innermost interior of the site while applying multiple, complementary active and passive physical security measures to deter, detect, and delay an adversary.

ChemLock Contact Information

For more information or questions, please email ChemLock@cisa.dhs.gov.

NOTE: Participation in any portion of CISA's ChemLock program does not replace any reporting or compliance requirements under CISA's Chemical Facility Anti-Terrorism Standards (CFATS) regulation (6 CFR part 27). Some ChemLock activities may fulfill CFATS requirements, depending on your specific security plan. Contact local CISA Chemical Security personnel or visit the CFATS webpage to learn more about CFATS regulatory requirements.