CFATS Risk-Based Performance Standard (RBPS) 10 — Monitoring

CFATS Announcement

As of July 28, 2023, Congress has allowed the statutory authority for the Chemical Facility Anti-Terrorism Standards (CFATS) program (6 CFR Part 27) to expire.

Therefore, CISA cannot enforce compliance with the CFATS regulations at this time. This means that CISA will not require facilities to report their chemicals of interest or submit any information in CSAT, perform inspections, or provide CFATS compliance assistance, amongst other activities. CISA can no longer require facilities to implement their CFATS Site Security Plan or CFATS Alternative Security Program.

CISA encourages facilities to maintain security measures. CISA’s voluntary ChemLock resources are available on the ChemLock webpages.

If CFATS is reauthorized, CISA will follow up with facilities in the future. To reach us, please contact CFATS@hq.dhs.gov.

Risk-Based Performance Standard (RBPS) 10 — Monitoring is the performance standard for inspection, testing, maintenance, and calibration of security systems, communications and warning systems, and other equipment, as well as any repairs, upgrades, or improvements that need to be made.

The security systems and equipment employed to monitor the facility and warn personnel in a timely manner (e.g., cameras, lights, alarms, access control systems) need to be regularly maintained to ensure reliability and to have any deficiencies promptly corrected and system failures addressed.

Note: This RBPS does not refer to actual monitoring of the facility, chemicals of interest (COI), assets, and perimeter using technologies, procedures, and personnel, which are explained in RBPS 1-7 — Detection and Delay.

What Are Security Systems and Equipment?

Security systems and security equipment are key components of facility security. An integrated security system may include various equipment and components such as sensors, remote surveillance, and human monitoring, as well methods of transmitting and displaying data gathered by these components. Security equipment may also include measures like gates, fencing, and locking mechanisms. Regular maintenance ensures the various equipment and components that compose the security systems are working correctly.

Security Measures for Monitoring

Security systems and equipment that are in good working order allow a facility to notify its personnel and local first responders in a timely manner about security incidents. Measures should be designed to ensure inspection, testing, maintenance and calibration of security, communications, warning systems, and other equipment, as well as any repairs, upgrades, or improvements that need to be made.

Under RBPS 10, facilities should consider security measures to:

  • Develop written procedures to regularly inspect, test, calibrate, repair, and maintain security and security-related systems. Procedures should identify the task, person responsible, frequency, and any documents required.
  • Follow the manufacturer's instructions on inspection, testing, and maintenance.
  • Ensure all security equipment is included in routine inspection and maintenance.
  • Develop temporary security measures to use while performing maintenance and in response to non-routine outages or equipment failures.
  • Document all non-routine incidents and ensure they are promptly reported to the proper personnel (e.g., Facility Security Officer).
  • Develop procedures to document and verify the identities of contractor personnel who inspect, test, and perform equipment maintenance (excluding regular contractors who fall under RBPS 12 — Personnel Surety).

Security Systems Maintenance Records

Under RBPS 18 — Records, facilities are required to maintain all records of maintenance, testing, and calibration of security equipment, as specified in 6 CFR §27.255(a)(4) for at least three years.

Maintenance records must include the date and time, name and qualification of the technician(s) doing the work, and specific security equipment involved for each occurrence of maintenance, calibration, and testing.

Note: Records may be handled by third-party contractors but must be available to CISA upon request.

Contact Information

Information provided is derived from the CFATS RBPS Guidance. For additional information on RBPS 10 and all other RBPS, visit the RBPS webpage.

For more information about the CFATS program, please contact CFATS@hq.dhs.gov.