Chemical Facility Anti-Terrorism Standards (CFATS) and Executive Order 13650
CFATS Announcement
As of July 28, 2023, Congress has allowed the statutory authority for the Chemical Facility Anti-Terrorism Standards (CFATS) program (6 CFR Part 27) to expire.
Therefore, CISA cannot enforce compliance with the CFATS regulations at this time. This means that CISA will not require facilities to report their chemicals of interest or submit any information in CSAT, perform inspections, or provide CFATS compliance assistance, amongst other activities. CISA can no longer require facilities to implement their CFATS Site Security Plan or CFATS Alternative Security Program.
CISA encourages facilities to maintain security measures. CISA’s voluntary ChemLock resources are available on the ChemLock webpages.
If CFATS is reauthorized, CISA will follow up with facilities in the future. To reach us, please contact CFATS@hq.dhs.gov.
On August 1, 2013, the Executive Order on Improving Chemical Facility Safety and Security (EO 13650) directed the federal government to improve the safety and security of chemical facilities and reduce the risks of hazardous chemicals to workers and communities. The EO established a Federal Interagency Working Group to:
- Improve operational coordination with state, local, and tribal partners.
- Enhance federal agency coordination and information sharing.
- Modernize policies, regulations, and standards.
- Work with stakeholders to identify best practices.
Tri-chaired by the Cybersecurity and Infrastructure Security Agency's (CISA) Infrastructure Security Division (ISD), the Department of Labor's Occupational Safety and Health Administration (OSHA), and the Environmental Protection Agency's (EPA) Office of Land and Emergency Management, the Chemical Facility Security and Safety Working Group coordinates with the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF); Department of Transportation (DOT); U.S. Department of Agriculture (USDA); state and local governments; first responders; chemical facility owners and operators; and community stakeholders to accomplish these goals.
CFATS and the CISA Gateway
Information systems play a vital role in allowing federal departments; state, local, tribal, and territorial (SLTT) government officials; and private sector partners identify, analyze, and manage risk to protect the nation. CISA established the CISA Gateway to improve information sharing and coordination among federal and SLTT agencies. This centrally managed repository of data and capabilities allow stakeholders to easily access, search, retrieve, visualize, analyze, and export critical infrastructure data from multiple sources.
CISA shares certain Chemical Facility Anti-Terrorism Standards (CFATS) data elements with authorized federal and SLTT agencies on a geospatial map to help these stakeholders identify regulated and unregulated chemical facilities located in their communities and which chemicals are housed in those facilities. This information can be used to support planning, preparedness, and prevention activities, and to develop a contingency plan to address risks.
The CISA Gateway uses three layers of information protection to ensure the data that stakeholders share is not exposed:
- Protected Critical Infrastructure Information (PCII)
- Chemical-terrorism Vulnerability Information (CVI)
- For Official Use Only (FOUO)
Level of authorized access is assessed on a case-by-case basis.
CFATS data is available in a FOUO and a CVI layer to authorized federal agencies, SLTT officials, and first responders with an established "need-to-know" as determined by CISA. FOUO access allows users to view information on any chemical facility that has filed a Top-Screen (such as name, location, and geospatial information) within their respective jurisdictions, whereas CVI access includes additional information, such as a facility's risk-based tier.
To obtain access to the CISA Gateway, all users must be PCII certified and must complete required PCII Authorized User training. For access to CFATS data on the CISA Gateway, all users must complete CVI Authorized User training and have a valid need to know.
After completing PCII and CVI Authorized User training:
- Visit the CISA Gateway EO 13650 Portal.
- Click "Request an IP Gateway EO 13650 account here" link.
- Fill out the online form.
Email CISA-GatewayHelpdesk@cisa.dhs.gov with any questions or concerns about accessing the CISA Gateway.
Actions Taken by CISA
Since the establishment of the CFATS program in 2007, CISA has engaged with industry to identify and regulate high-risk chemical facilities to ensure they have security measures in place to reduce the risk of chemicals of interest (COI) being weaponized. CFATS played a significant role in reducing the number of facilities storing threshold quantities of COI by working with these facilities to eliminate, reduce, or modify their holdings of certain COI.
Under this EO, CISA:
- Conducts Compliance Assistance Visits (CAVs) to assist CFATS-regulated facilities in understanding and meeting the program's risk-based security standards. A facility can request a CAV at any point in the CFATS process.
- Shares certain CFATS elements on CISA Gateway EO 13650 Portal with authorized federal and SLTT agencies to help strengthen community preparedness and response.
- Solicited feedback through a CFATS Advance Notice of Proposed Rulemaking (ANPRM) on potential modification of the CFATS regulations to address ammonium nitrate and an ANPRM on potential updates to the list of COI and other aspects of the CFATS regulation.
- Improved the methodology used to identify and assign risk tiers to high-risk chemical facilities by having external experts from industry and government review the process.
- Developed a guidance for the CFATS Risk-Based Performance Standards (RBPS).
- Worked with EPA to identify and notify potentially noncompliant facilities that possessed threshold quantities of CFATS COI.
Resources
- EPA's webpage on Executive Order 13650
- OSHA's webpage on Executive Order 13650
- CISA Gateway Digital Library
- CISA PCII Program
- CISA CVI Protections
Documents and Fact Sheets
Contact Information
If you have any questions or comments regarding the Chemical Facility Security and Safety Working Group, please email ChemSafe&Secure@hq.dhs.gov.