Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.

Handling CVI

CFATS Announcement

As of July 28, 2023, Congress has allowed the statutory authority for the Chemical Facility Anti-Terrorism Standards (CFATS) program (6 CFR Part 27) to expire.

Therefore, CISA cannot enforce compliance with the CFATS regulations at this time. This means that CISA will not require facilities to report their chemicals of interest or submit any information in CSAT, perform inspections, or provide CFATS compliance assistance, amongst other activities. CISA can no longer require facilities to implement their CFATS Site Security Plan or CFATS Alternative Security Program.

CISA encourages facilities to maintain security measures. CISA’s voluntary ChemLock resources are available on the ChemLock webpages.

If CFATS is reauthorized, CISA will follow up with facilities in the future. To reach us, please contact CFATS@hq.dhs.gov.

Learn more about ChemLock

Materials containing Chemical-terrorism Vulnerability Information (CVI) must be appropriately designated and withheld from public disclosure. CVI must also be physically controlled and protected. The protections include:

  • Storage of CVI
  • Marking of CVI
  • Transmission of CVI
  • Responsibilities when in transit with CVI
  • Destruction of CVI

Use the CVI cover sheet to help safeguard CVI from unauthorized or inadvertent disclosure by placing it on the front and back of transmittal letters, reports, or documents.

CVI Cover Sheet(PDF, 41.10 KB )

The CVI Procedures Manual provides guidance to anyone authorized to possess, disclose, or receive CVI on how to ensure sensitive information about the nation's high-risk chemical facilities is safeguarded.

Safeguarding Information Designated as Chemical-Terrorism Vulnerability Information (CVI) Revised Procedure Manual(PDF, 647.74 KB )

Defining CVI

What information is protected as CVI?

Evaluating Need to Know CVI

How to evaluate a need to know CVI.

Disclosure of CVI

How to appropriately share and disclose CVI.

Reporting CVI Incidents

Under 6 CFR § 27.400(d), covered persons must notify the Agency of any unauthorized releases of CVI and refer to the Agency any requests for access to CVI by persons without a need to know.

Contact Information

If you have questions or need technical assistance, contact the CSAT Help Desk at 866-323-2957 Monday through Friday (except federal holidays) from 8:30 a.m. to 5 p.m. (ET) or via email at CSAT@hq.dhs.gov.