Guidance for Chemical Facility Anti-Terrorism Standards (CFATS) Regulations
As of July 28, 2023, Congress has allowed the statutory authority for the Chemical Facility Anti-Terrorism Standards (CFATS) program (6 CFR Part 27) to expire.
Therefore, CISA cannot enforce compliance with the CFATS regulations at this time. This means that CISA will not require facilities to report their chemicals of interest or submit any information in CSAT, perform inspections, or provide CFATS compliance assistance, amongst other activities. CISA can no longer require facilities to implement their CFATS Site Security Plan or CFATS Alternative Security Program.
CISA encourages facilities to maintain security measures. CISA’s voluntary ChemLock resources are available on the ChemLock webpages.
If CFATS is reauthorized, CISA will follow up with facilities in the future. To reach us, please contact CFATS@hq.dhs.gov.
These are the guidance documents to help covered chemical facilities implement the regulations for the Chemical Facility Anti-Terrorism Standards (CFATS) regulatory program.
The CFATS regulations were developed as an interim final rule in April 2007 and as a final rule in November 2007. Visit the 6 CFR, Part 27 Federal Regulations webpage for the CFATS regulations.
Chemical Facility Anti-Terrorism Standards: Guidance for the Expedited Approval Program
Published May, 13, 2015. This guidance complies with the Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014. The Act amended the Homeland Security Act of 2002 to require DHS to issue guidance for an Expedited Approval Program (EAP) as a voluntary option for high-risk chemical facilities assigned a final tier level of 3 or 4 to develop and submit Site Security Plans (SSPs) for expedited approval, and identifies the specific security measures sufficient to meet risk-based performance standards for facilities that choose to submit an SSP under the EAP.
Risk-Based Performance Standards Guidance
Published on May 15, 2009. This guidance provides the Department's interpretation of the level of performance facilities should strive to achieve under each risk-based performance standard (RBPS). It also helps facilities comply with CFATS by describing in greater detail the 18 RBPSs enumerated in CFATS, by providing examples of various security measures and practices that could be selected to achieve the desired level of performance for each RBPS at each of the risk-based tiers created by CFATS.