CFATS Risk-Based Performance Standard (RBPS) 11 — Training

CFATS Announcement

As of July 28, 2023, Congress has allowed the statutory authority for the Chemical Facility Anti-Terrorism Standards (CFATS) program (6 CFR Part 27) to expire.

Therefore, CISA cannot enforce compliance with the CFATS regulations at this time. This means that CISA will not require facilities to report their chemicals of interest or submit any information in CSAT, perform inspections, or provide CFATS compliance assistance, amongst other activities. CISA can no longer require facilities to implement their CFATS Site Security Plan or CFATS Alternative Security Program.

CISA encourages facilities to maintain security measures. CISA’s voluntary ChemLock resources are available on the ChemLock webpages.

If CFATS is reauthorized, CISA will follow up with facilities in the future. To reach us, please contact

RBPS 11 — Training is the performance standard that addresses security and response training, exercises, and drills for facility personnel. By properly training its personnel, a facility prepares them to better identify and respond to suspicious behavior, attempts to enter or attack a facility, or other malevolent acts by insiders or intruders.

A strong training program typically includes personnel-specific exercises and drills, and joint activities involving law enforcement and first responders. Well-trained personnel who practice how to react and who understand the facility's layout will be more effective at detecting attackers, delaying intruders, initiating response activities, and reducing the consequences of an attack.

Security Awareness and Training Program

Under RBPS 11, a facility should maintain a Security Awareness and Training Program (SATP)—a predefined and documented set of training activities that focuses on relevant security-related issues and enhances facility personnel's overall security awareness.

A comprehensive SATP applies to all levels of facility personnel, including executives, management, and operational and technical employees. Objectives may include reviewing response plans, policies, and procedures, and ensuring personnel are familiar with security equipment operations.

A comprehensive SATP should include:

  • Training: Hands-on activities, orientations, online or interactive programs, and briefings.
  • Exercises: Predefined, documented set of activities that represent a realistic rehearsal of an emergency.
  • Drills: Exercises focused on a single specific operation or function.
  • Tests: Demonstrations that show the correct operation of all equipment, procedures, processes, and systems.
  • Joint Initiatives: Training, exercises, or drills that involve the participation of entities outside of the facility.

Tailoring Training Requirements

A facility should consider creating training specific to its risks and security concerns. For example, all facilities should emphasize reporting of a security incident, but a release facility—toxic, flammable, or explosive COI that would affect populations within and beyond the facility if intentionally released—should specifically focus on ensuring the workforce has strong vehicle-borne improvised explosive device (VBIED) recognition and notification protocols.

Additionally, a facility should consider tailoring training topics to specific classes of employees, as not all personnel need the same level of training. For example, detailed training on security procedures, the operation of security equipment, and security laws and regulations is more beneficial for employees with specific security responsibilities. Conversely, certain topics, such as incident identification and notification, would be beneficial for the entire workforce.

Considerations and Best Practices

  • Consider obtaining input from staff on training needs.
  • Invite community representatives to provide training.
  • Include first responders to improve their understanding of the layout and hazards associated with the facility.
  • Align training with other regulatory requirements (e.g., Hazardous Materials Endorsement [HME], Occupational Safety and Health Administration [OSHA]), and include existing training.
  • Provide formal training on a set schedule (e.g., annually), but also hold more frequent, informal sessions.
  • Include regional or location-specific information as part of your training, if applicable.

Available Training and Resources

Below are a variety of free tools and resources that chemical security partners and stakeholders can use.

Contact Information

Information provided is derived from the CFATS RBPS Guidance. For additional information on RBPS 11 and all other RBPS, please visit the RBPS webpage.

For more information about the CFATS program, please contact