Chemical-Terrorism Vulnerability Information (CVI)
CFATS Announcement
As of July 28, 2023, Congress has allowed the statutory authority for the Chemical Facility Anti-Terrorism Standards (CFATS) program (6 CFR Part 27) to expire.
Therefore, CISA cannot enforce compliance with the CFATS regulations at this time. This means that CISA will not require facilities to report their chemicals of interest or submit any information in CSAT, perform inspections, or provide CFATS compliance assistance, amongst other activities. CISA can no longer require facilities to implement their CFATS Site Security Plan or CFATS Alternative Security Program.
CISA encourages facilities to maintain security measures. CISA’s voluntary ChemLock resources are available on the ChemLock webpages.
If CFATS is reauthorized, CISA will follow up with facilities in the future. To reach us, please contact CFATS@hq.dhs.gov.
Chemical-terrorism Vulnerability Information (CVI) is the information protection regime administered under the Chemical Facility Anti-Terrorism Standards (CFATS) regulation to ensure information chemical facilities provide to the Cybersecurity and Infrastructure Security Agency (CISA) is protected from public disclosure or misuse. Accordingly, the Agency expects individuals in possession of CVI to safeguard it with equal care.
For access to CVI—which includes having a need to know and obtaining an Authorized User number—visit the CVI Authorized User training page. Only CVI Authorized Users can access CFATS-related documents housed in the Chemical Security Assessment Tool (CSAT).
Note: CVI Authorized User Training is not currently available online due to the lapse of CFATS authorities. For questions on accessing historical CVI data or applying to be a CVI Authorized User, please email CFATS@hq.dhs.gov.
Defining CVI
What information is protected as CVI?
Disclosure of CVI
How to safeguard and share CVI.
Handling CVI
Materials containing CVI must be physically controlled and protected, appropriately designated, and withheld from public disclosure.
Evaluating Need to Know CVI
How should you evaluate a need to know CVI?
CVI Authorized User Training and Application
Complete the Safeguarding Information Designated as Chemical-terrorism Vulnerability Information (CVI) Authorized User Training and then submit the CVI Authorized User Application.
Note: CVI Authorized User Training is not currently available online due to the lapse of CFATS authorities. For questions on accessing historical CVI data or applying to be a CVI Authorized User, please email CFATS@hq.dhs.gov.
CVI Resources
The CVI Procedures Manual provides guidance to anyone authorized to possess, disclose, or receive CVI on how to ensure sensitive information about the nation's high-risk chemical facilities is safeguarded.
Use the CVI cover sheet to help safeguard CVI from unauthorized or inadvertent disclosure by placing it on the front and back of transmittal letters, reports, or documents.
Contact Information
For questions, please email CFATS@hq.dhs.gov.
For technical assistance, call the Chemical Security Assessment Tool (CSAT) Help Desk at 866-323-2957 Monday through Friday (except federal holidays) from 8:30 a.m. to 5 p.m. (ET) or email CSAT@hq.dhs.gov.