Chemical Facility Anti-Terrorism Standards (CFATS) Enforcement

The Chemical Facility Anti-Terrorism Standards (CFATS) program requires a facility that is determined to be high-risk to develop and implement security measures that meet applicable risk-based performance standards (RBPS) for securing chemicals of interest (COI).

Both the Homeland Security Appropriations Act of 2007, Pub. L. No. 109-295 § 550 and CFATS, 6 CFR Part 27, provide authority for the Cybersecurity and Infrastructure Security Agency (CISA) to conduct authorization inspections. Specifically, 6 CFR § 27.250(a) provides authority for CISA to enter, inspect, and audit the property, equipment, operations, and records of CFATS-covered facilities.

While CISA is committed to helping facility personnel understand and comply with CFATS by providing technical assistance or on-site consultation, the Agency also has the authority to enforce compliance with the program.

CFATS Violations

CFATS violations are divided into several categories:

Failure to File Violations
Submission of False Information
Security Vulnerability Assessment (SVA)/Site Security Plan (SSP)/Alternative Security Program (ASP) Deficiencies (generally found during the authorization and approval process)
SSP/ASP Infractions (generally found during Compliance Inspections)
Chemical-terrorism Vulnerability Information (CVI) Violations

CFATS Penalty Policy

CISA is authorized to issue an Administrative Order (A Order) and an Order Assessing Civil Penalty (B Order) to a chemical facility found to be in violation of CFATS. Both A Orders and B Orders may be appealed pursuant to the procedures set forth in 6 CFR Part 27 Subpart C.

Policy for Assessing Civil Penalties Under Chemical Facility Anti-Terrorism Standards (CFATS) (PDF, 1.61 MB )

Chemical Facility Anti-Terrorism Standards (CFATS) Penalty Policy Overview Fact Sheet (PDF, 607.85 KB )

Contact Information

For questions or to get more information, please email CFATS@hq.dhs.gov.