Chemical security is a shared responsibility among chemical facility owners, operators, and employees; the communities that surround these facilities; and federal, state, and local government officials.
Chemical facilities that are determined to be “high-risk” must follow the Chemical Facility Anti-Terrorism Standards (CFATS) regulation (6 CFR Part 27) and implement security measures that reduce the risks associated with chemicals of interest (COI).
Individuals and employees may report a potential CFATS violation to the Cybersecurity and Infrastructure Security Agency (CISA). Chemical facilities of interest are prohibited by law from retaliating against an employee for reporting a potential CFATS violation.
Potential CFATS violations may include, but are not limited to:
- Failure to submit a Top-Screen.
- Knowingly submitting false information.
- Failure to implement Site Security Plan (SSP) security measures.
- Failure to maintain records.
Download or print the How to Report a CFATS Violation Flyer.
Download or print the How to Report a CFATS Violation Flyer — Spanish.
How to Report a CFATS Violation
To submit a report to the Agency regarding a potential CFATS violation, contact the CFATS Chemical Facility Security Tip Line, 877-394-4347 (877-FYI 4 DHS), or email CFATSTips@hq.dhs.gov.
Individuals may also report violations via mail to:
Director, Infrastructure Security Compliance Division
Office of Infrastructure Protection
Department of Homeland Security
Mail Stop 0610
245 Murray Lane
Washington, D.C. 20528
If a security incident may already have occurred, call the National Infrastructure Coordinating Center: 202-282-9201.
Call 9-1-1 or contact your local FBI field office if the incident is a security emergency or terrorist incident.
What to Include in the Report
If possible, please include the facility name, address or location, facility contact information, and specific security concern in the report. The Agency will review and consider the information provided, and take action, as appropriate.
The Agency encourages anyone reporting a potential violation to identify himself or herself when making a report. This will allow CISA to acknowledge receipt of the information and facilitates the review of the violation.
For anonymous reports, please provide a detailed description of the nature of the potential violation, including, where possible, names and dates.
The Agency is committed to protecting whistleblower confidentiality. The identity of the reporting individual will be kept confidential, unless disclosure is unavoidable or is compelled by a court order. In these instances, the Agency will attempt to contact the whistleblower to inform him or her of the communication.
CISA will accept violations reported anonymously; however, in such instances, the Agency will be unable to provide acknowledgement of receipt of the information. Additionally, such reports can pose challenges as CISA cannot contact an anonymous reporter to obtain additional information.