Chemical Facility Anti-Terrorism Standards (CFATS) Enforcement
The Chemical Facility Anti-Terrorism Standards (CFATS) program requires a facility that is determined to be high-risk to develop and implement security measures that meet applicable risk-based performance standards (RBPS) for securing chemicals of interest (COI).
Both the Homeland Security Appropriations Act of 2007, Pub. L. No. 109-295 § 550 and CFATS, 6 CFR Part 27, provide authority for the Cybersecurity and Infrastructure Security Agency (CISA) to conduct authorization inspections. Specifically, 6 CFR § 27.250(a) provides authority for CISA to enter, inspect, and audit the property, equipment, operations, and records of CFATS-covered facilities.
While CISA is committed to helping facility personnel understand and comply with CFATS by providing technical assistance or on-site consultation, the Agency also has the authority to enforce compliance with the program.
CFATS violations are divided into several categories:
- Failure to File Violations
- Submission of False Information
- Security Vulnerability Assessment (SVA)/Site Security Plan (SSP)/Alternative Security Program (ASP) Deficiencies (generally found during the authorization and approval process)
- SSP/ASP Infractions (generally found during Compliance Inspections)
- Chemical-terrorism Vulnerability Information (CVI) Violations
CFATS Penalty Policy
CISA is authorized to issue an Administrative Order (A Order) and an Order Assessing Civil Penalty (B Order) to a chemical facility found to be in violation of CFATS. Both A Orders and B Orders may be appealed pursuant to the procedures set forth in 6 CFR Part 27 Subpart C.
For questions or to get more information, please email CFATS@hq.dhs.gov.