As of July 28, 2023, Congress has allowed the statutory authority for the Chemical Facility Anti-Terrorism Standards (CFATS) program (6 CFR Part 27) to expire.
Therefore, CISA cannot enforce compliance with the CFATS regulations at this time. This means that CISA will not require facilities to report their chemicals of interest or submit any information in CSAT, perform inspections, or provide CFATS compliance assistance, amongst other activities. CISA can no longer require facilities to implement their CFATS Site Security Plan or CFATS Alternative Security Program.
CISA encourages facilities to maintain security measures. CISA’s voluntary ChemLock resources are available on the ChemLock webpages.
If CFATS is reauthorized, CISA will follow up with facilities in the future. To reach us, please contact CFATS@hq.dhs.gov.
Any facility that possesses or plans to possess any of the chemicals of interest (COI) regulated under the Chemical Facility Anti-Terrorism Standards (CFATS) regulation at or above a specified quantity or concentration must report their holdings to the Cybersecurity and Infrastructure Security Agency (CISA).
This printer-friendly fact sheet lists the most commonly reported COI, their main security issues, and the risks they pose.