[Federal Register Volume 68, Number 204 (Wednesday, October 22, 2003)]
[Rules and Regulations]
[Pages 60515-60544]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 03-26348]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Coast Guard

33 CFR Part 105

[USCG-2003-14732]
RIN 1625-AA43


Facility Security

AGENCY: Coast Guard, DHS.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This final rule adopts, with changes, the temporary interim 
rule published on July 1, 2003, that provides security measures for 
certain facilities in U.S. ports. It also requires owners or operators 
of facilities to designate security officers for facilities, develop 
security plans based on security

[[Page 60516]]

assessments and surveys, implement security measures specific to the 
facility's operations, and comply with Maritime Security Levels. This 
rule is one in a series of final rules on maritime security in today's 
Federal Register. To best understand this rule, first read the final 
rule titled ``Implementation of National Maritime Security 
Initiatives'' (USCG-2003-14792), published elsewhere in today's Federal 
Register.

DATES: This final rule is effective November 21, 2003. On July 1, 2003, 
the Director of the Federal Register approved the incorporation by 
reference of certain publications listed in this final rule.

ADDRESSES: Comments and material received from the public, as well as 
documents mentioned in this preamble as being available in the docket, 
are part of docket USCG-2003-14732 and are available for inspection or 
copying at the Docket Management Facility, U.S. Department of 
Transportation, room PL-401, 400 Seventh Street SW., Washington, DC, 
between 9 a.m. and 5 p.m., Monday through Friday, except Federal 
holidays. You may also find this docket on the Internet at http://dms.dot.gov.

FOR FURTHER INFORMATION CONTACT: If you have questions on this final 
rule, call Lieutenant Gregory Purvis (G-MPS-1), U.S. Coast Guard by 
telephone 202-267-1072 or by electronic mail [email protected]. If 
you have questions on viewing the docket, call Andrea M. Jenkins, 
Program Manager, Docket Operations, Department of Transportation, at 
telephone 202-366-0271.

SUPPLEMENTARY INFORMATION:

Regulatory Information

    On July 1, 2003, we published a temporary interim rule with request 
for comments and notice of public meeting titled ``Facility Security'' 
in the Federal Register (68 FR 39315). This temporary interim rule was 
one of a series of temporary interim rules on maritime security 
published in the July 1, 2003, issue of the Federal Register. On July 
16, 2003, we published a document correcting typographical errors and 
omissions in that rule (68 FR 41916).
    We received a total of 438 letters in response to the six temporary 
interim rules by July 31, 2003. The majority of these letters contained 
multiple comments, some of which applied to the docket to which the 
letter was submitted, and some of which applied to a different docket. 
For example, we received several letters in the docket for the 
temporary interim rule titled ``Implementation of National Maritime 
Security Initiatives'' that contained comments in that temporary 
interim rule, plus comments on the ``Facility Security'' temporary 
interim rule. We have addressed individual comments in the preamble to 
the appropriate final rule. Additionally, we had several commenters 
submit the same letter to all six dockets. We counted these duplicate 
submissions as only one letter, and we addressed each comment within 
that letter in the preamble for the appropriate final rules. Because of 
statutorily imposed time constraints for publishing these regulations, 
we were unable to consider comments received after the period for 
receipt of comments closed on July 31, 2003.
    A public meeting was held in Washington, DC, on July 23, 2003 and 
approximately 500 people attended. Comments from the public meeting are 
also included in the ``Discussion of Comments and Changes'' section of 
this preamble.
    In order to focus on the changes made to the regulatory text since 
the temporary interim rule was published, we have adopted the temporary 
interim rule and set out, in this final rule, only the changes made to 
the temporary interim rule. To view a copy of the complete regulatory 
text with the changes shown in this final rule, see http://www.uscg.mil/hq/g-m/mp/index.htm.

Background and Purpose

    A summary of the Coast Guard's regulatory initiatives for maritime 
security can be found under the ``Background and Purpose'' section in 
the preamble to the final rule titled ``Implementation of National 
Maritime Security Initiatives'' (USCG-2003-14792), published elsewhere 
in this issue of the Federal Register.

Impact on Existing Domestic Requirements

    33 CFR part 128, Security of Passenger Terminals, currently exists 
but applies only to cruise ship terminals. Until July 2004, 33 CFR part 
128 will remain in effect. Facilities that were required to comply with 
part 128 must now also meet the requirements of this part, including 
Sec.  105.290, titled ``Additional requirements--cruise ship 
terminals.'' The requirements in Sec.  105.290 generally capture the 
existing requirements in part 128 that are specific for cruise ship 
terminals and capture additional detail to comply with the requirements 
of SOLAS Chapter XI-2 and the ISPS Code.

Discussion of Comments and Changes

    Comments from each of the temporary interim rules and from the 
public meeting held on July 23, 2003, have been grouped by topic and 
addressed within the preambles to the applicable final rules. If a 
comment applied to more than one of the six rules, we discussed it in 
the preamble to each of the final rules that it concerned. For example, 
discussions of comments that requested clarification or changes to the 
Declaration of Security procedures are duplicated in the preambles to 
parts 104, 105, and 106. Several comments were submitted to a docket 
that included topics not addressed in that particular rule, but were 
addressed in one or more of the other rules. This was especially true 
for several comments submitted to the docket of part 101 (USCG-2003-
14792). In such cases, we discussed the comments only in the preamble 
to each of the final rules that concerned the topic addressed.

Subpart A--General

    This subpart contains provisions concerning applicability, waivers, 
and other subjects of a general nature applicable to part 105.
    One commenter stated the public access area was a very well thought 
out concept. Another commenter stated that the thresholds and exempted 
facilities specified in Sec.  105.105 should remain as written.
    One commenter requested that Sec.  105.105(a)(2) be revised, 
stating that the security requirements of facilities should be based on 
the terminal's size and capacity alone, rather than on the number of 
passengers a vessel is certificated to carry.
    While a terminal's size or capacity is a way to determine 
applicability, we chose to focus on vessel interface and cargo handling 
activities because this method is consistent with the conceptual 
applicability standards employed internationally. When we focused on 
vessel-to-facility interfaces, our risk assessment showed that vessels 
certificated to carry over 150 passengers, and the facilities servicing 
them, may be involved in a transportation security incident.
    Two commenters requested clarification on our reference to 
International Convention for Safety of Life at Sea, 1974, (SOLAS) and 
facility applicability. One commenter stated that because the 
applicability of the various chapters of SOLAS is not consistent, it is 
necessary to specify particular chapters in SOLAS to define the 
applicability of this regulation to U.S. flag vessels. The commenter

[[Page 60517]]

requested that we limit the reference to SOLAS in Sec.  105.105(a)(3) 
to ``SOLAS Chapter XI-2.'' Another commenter stated that it is not 
clear whether the words ``greater than 100 gross registered tons'' 
applied to SOLAS vessels as well as to vessels that are subject to 33 
CFR subchapter I.
    We agree that the general reference to SOLAS is broad and could 
encompass more vessels than necessary. We have amended the 
applicability reference to read ``SOLAS Chapter XI'' because subchapter 
H addresses those requirements in SOLAS Chapter XI. Also, we have 
amended Sec.  105.105(a) to apply the term ``greater than 100 gross 
registered tons'' to facilities that receive vessels subject only to 
subchapter I. We did not include references to foreign or U.S. 
ownership in the applicability paragraphs because it is duplicative of 
the existing language.
    Two commenters were concerned about the breadth of the regulations. 
One commenter asked that the regulations be broadened to allow for 
exemptions. One commenter stated that the applicability as described in 
Sec.  101.110 is ``much too general,'' stating that it can be 
interpreted as including a canoe tied up next to a floating dock in 
front of a private home. The commenter concluded that such a broad 
definition would generate ``a large amount of'' confusion and 
discontent among recreational boaters and waterfront homeowners.
    Our applicability for the security regulations in 33 CFR subchapter 
H is for all vessels and facilities; however, parts 104, 105, and 106 
directly regulate those vessels and facilities we have determined may 
be involved in transportation security incidents, which does not 
include canoes and private residences. For example, Sec.  104.105(a) 
applies to commercial vessels; therefore, a recreational boater is not 
regulated under part 104. If a waterfront homeowner does not meet any 
of the specifications in Sec.  105.105(a), the waterfront homeowner is 
not regulated under part 105. It should be noted that all waterfront 
areas and boaters are covered by parts 101 through 103 and, although 
there are no specific security measures for them in these parts, the 
AMS Plan may set forth measures that will be implemented at the various 
MARSEC Levels that may apply to them. Security zones and other measures 
to control vessel movement are some examples of AMS Plan actions that 
may affect a homeowner or a recreational boater. Additionally, the COTP 
may impose measures, when necessary, to prevent injury or damage or to 
address specific security concerns.
    Five commenters addressed the applicability of the regulations with 
respect to facilities and the boundaries of the Coast Guard 
jurisdiction relative to that of other Federal agencies. Four 
commenters advocated a ``firm line of demarcation'' limiting the Coast 
Guard authority to the ``dock,'' because as the rule is now written, a 
facility may still be left to wonder which Federal agency or department 
might have jurisdiction over it when it comes to facility security. One 
commenter suggested that the Coast Guard jurisdiction should not extend 
beyond ``the first continuous access control boundary shore side of the 
designated waterfront facility.''
    Section 102 of the MTSA requires the Secretary of the Department in 
which the Coast Guard is operating to prescribe certain security 
requirements for facilities. The Secretary has delegated that authority 
to the Coast Guard. Therefore, the Coast Guard is not only authorized, 
but also required under the MTSA, to regulate beyond the ``dock.''
    We received 64 comments concerned with the application of these 
security measures to ferries. The commenters did not want airport-like 
screening measures implemented on ferries, stating that such measures 
would cause travel delays, frustrating the mass transit aspect of ferry 
service. The commenters also stated that the security requirements will 
impose significant costs to the ferry owners, operators, and 
passengers.
    These regulations do not mandate airport-like security measures for 
ferries; however, ferry owners or operators may have to heighten their 
existing security measures to ensure that our ports are secure. Ferry 
owners and operators can implement more stringent screening or access 
measures, but they can also include existing security measures in the 
required security plan. These measures will be fully reviewed and 
considered by the Coast Guard to ensure that they cover all aspects of 
security for periods of normal and reduced operations.
    We understand that ferries often function as mass transit and we 
have included special provisions for them. Even with these provisions, 
our cost analysis indicated that compliance with these final rules 
imposes significant costs to ferry owners and operators. To address 
this concern, the Department of Homeland Security (DHS) has developed a 
grant program to provide funding for security upgrades. Ferry terminal 
owners and operators can apply for these grants.
    Six commenters stated that the term ``fleeting facility'' in Sec.  
105.105(a)(4) is more general than the definition of a ``barge fleeting 
facility'' in Sec.  101.105. The commenters pointed out that temporary 
staging areas of barges, or those areas for the breaking and making of 
tows provided by the U.S. Army Corps of Engineers, are not included in 
the definition of ``barge fleeting facility'' because they are not 
``commercial fleeting areas.'' The commenters suggested that these 
areas be included in AMS Plans.
    We agree with the commenters and are amending Sec.  105.105(a)(4) 
to make it consistent with the definition stated in Sec.  101.105 for 
``barge fleeting facility.'' This new language can be found in Sec.  
105.105(a)(6). With regards to barge fleeting areas that are provided 
by the U.S. Army Corps of Engineers, in accordance with Sec.  
105.105(b), those facilities that are not subject to part 105 will be 
covered by parts 101 through 103 of this subchapter and will be 
included in the AMS Plan for the COTP zone in which the facility is 
located.
    Three commenters disagreed with including all barge fleeting 
facilities that handle barges carrying hazardous material in the 
security requirements. The commenters stated that the security 
requirements are an undue burden on industry because the fleeting 
facilities are remote and routinely inaccessible by shore.
    We developed the fleeting facility security requirements because 
these facilities may, if they fleet hazardous barges, be involved in a 
transportation security incident. Remoteness or inaccessibility of 
fleeting facilities will be factors to consider during the Facility 
Security Assessment and will be key in determining the security 
measures to be implemented.
    One commenter noted that Sec.  105.105(a)(4) does not apply to 
barges in a gas-free state, and suggested that we amend this paragraph 
to read, ``whether loaded, unloaded, or gas-free.''
    Section 105.105(a)(4) applies to those barges that are actually 
loaded with cargoes regulated under 46 CFR subchapter D or O, not those 
that are gas-free. Barges that are gas-free are unlikely to be involved 
in a transportation security incident.
    Three commenters recommended that we amend Sec.  105.105(c)(3) to 
clarify the applicability of facilities that support the production, 
exploration, or development, of oil and natural gas.
    We agree with the commenters that the exemptions in Sec.  
105.105(c)(3) are confusing and are amending this section for clarity.
    Two commenters requested exemptions for ``facilities that handle 
certain fertilizers,'' stating that they do not pose risks to human 
health or the

[[Page 60518]]

environment from a transportation security perspective. The commenters 
requested that we exempt facilities that handle only certain non-
hazardous fertilizers from the requirements of part 105, stating that 
these facilities are not likely to be involved in a transportation 
security incident.
    Our risk assessment determined that facilities that receive vessels 
on international voyages, including those that carry non-hazardous 
fertilizers, may be involved in a transportation security incident. We 
are not, therefore, amending the applicability for facilities in part 
105 to exempt these facilities. The facility owner or operator may 
apply to the Commandant (G-MP) for a waiver as specified in Sec.  
105.130. Because a Facility Security Plan is based on the results of 
the Facility Security Assessment, the security measures implemented 
will be tailored to the operations of the facility. Those security 
measures will be appropriate for that facility, but will differ from 
the measures implemented at a facility that handles dangerous goods or 
hazardous substances.
    One commenter stated that we needed to clarify how the regulations 
apply to facilities in ``caretaker status.''
    Facilities operating with ``caretaker status'' as defined in 33 CFR 
154.105, that are not engaged in any of the activities regulated under 
part 105, will be covered under parts 101 through 103. Facilities in 
``caretaker status'' engaging in or intending to engage in any of the 
activities regulated under Sec.  105.105 must comply with part 105 by 
conducting a Facility Security Assessment and, 60 days prior to 
beginning operations, submitting a Facility Security Plan to the local 
COTP for approval. In such situations, the ``caretaker'' is the ``owner 
or operator'' as that term is defined in the regulations.
    Six commenters stated that part 105 should not apply to marinas 
that receive a small number of passenger vessels certificated to carry 
more than 150 passengers or to ``mixed-use or special-use facilities 
which might accept or provide dock space to a single vessel'' because 
the impact on local business in the facility could be substantial. Two 
commenters stated that private and public riverbanks should not be 
required to comply with part 105 because ``there is no one to complete 
a Declaration of Security with, and no way to secure the area, before 
the vessel arrives.'' Two commenters stated that facilities that are 
``100 percent public access'' should not be required to comply with 
part 105 because these types of facilities are ``vitally important to 
the local economy, as well as to the host municipalities.'' This 
commenter also stated that vessels certificated to carry more than 150 
passengers frequently embark guests at private, residential docks and 
small private marinas for special events such as weddings and 
anniversaries and may visit such a dock only once.
    We agree that the applicability of part 105 to facilities that have 
minimal infrastructure, but are capable of receiving passenger vessels, 
is unclear. Therefore, in the final rule for part 101, we added a 
definition for a ``public access facility'' to mean a facility approved 
by the cognizant COTP with public access that is primarily used for 
purposes such as recreation or entertainment and not for receiving 
vessels subject to part 104. By definition, a public access facility 
has minimal infrastructure for servicing vessels subject to part 104 
but may receive ferries and passenger vessels other than cruise ships, 
ferries certificated to carry vehicles, or passenger vessels subject to 
SOLAS. Minimal infrastructure would include, for example, bollards, 
docks, and ticket booths, but would not include, for example, permanent 
structures that contain passenger waiting areas or concessions. We have 
not allowed public access facilities to be designated if they receive 
vessels such as cargo vessels because such cargo-handling operations 
require additional security measures that public access facilities 
would not have. We amended part 105 to exclude these public access 
facilities, subject to COTP approval, from the requirements of part 
105. We believe this construct does not reduce security because the 
facility owner or operator or entity with operational control over 
these types of public access facilities still has obligations for 
security that will be detailed in the AMS Plan, based on the AMS 
Assessment. Additionally, Vessel Security Plans must address security 
measures for using the public access facility. This exemption does not 
affect existing COTP authority to require the implementation of 
additional security measures to deal with specific security concerns. 
We have also amended Sec.  103.505, to add public access facilities to 
the list of elements that must be addressed within the AMS Plan.
    We received 26 comments dealing with the definition of 
``facility.'' One commenter asked whether a facility that is inside a 
port that handles cargo or containers, but does not have direct water 
access, is covered under the definition of facility. Another commenter 
recommended that the definition specify that facilities without water 
access and that do not receive vessels be exempt from the requirements. 
One commenter asked whether small facilities located inland on a river 
would be subject to part 105 if they receive vessels greater than 100 
gross registered tons on international voyages. One commenter asked 
whether a company that receives refined products via pipeline from a 
dock facility that the company does not own qualifies as a regulated 
facility. One commenter asked whether part 105 applies to facilities at 
which vessels do not originate or terminate voyages. Two commenters 
stated that the word ``adjacent'' in the definition should be changed 
to read ``immediately adjacent'' to the ``navigable waters.'' One 
commenter suggested that, in the definition, the word ``adjacent'' be 
defined in terms of a physical distance from the shore and the terms 
``on, in, or under'' and ``waters subject to the jurisdiction of the 
U.S.'' be clarified. Two commenters understand the definition of 
``facility'' to possibly include overhead power cables, underwater pipe 
crossings, conveyors, communications conduits crossing under or over 
the water, or a riverbank. One commenter asked for a blanket exemption 
for electric and gas utilities. One commenter suggested rewriting the 
applicability of ``facilities'' in plain language or, alternatively, 
providing an accompanying guidance document to help owner and operators 
determine whether their facilities are subject to these regulations. 
One commenter asked us to clarify which facilities might ``qualify'' 
for future regulation and asked us to undertake a comprehensive review 
of security program gaps and overlaps, in coordination with DHS. One 
commenter stated that a facility that receives only vessels in ``lay 
up'' or for repairs should not be required to comply with part 105.
    We recognize that the definition of ``facility'' in Sec.  101.105 
is broad, and we purposefully used this definition to be consistent 
with existing U.S. statutes regarding maritime security. A facility 
within an area that is a marine transportation-related terminal or that 
receives vessels over 100 gross tons on international voyages is 
regulated under Sec.  105.105. All other facilities in an area not 
directly regulated under Sec.  105.105, such as some adjacent 
facilities and utility companies, are covered under parts 101 through 
103. If the COTP determines that a facility with no direct water access 
may pose a risk to the area, the facility owner or operator may be 
required to implement security

[[Page 60519]]

measures under existing COTP authority. With regard to facilities that 
receive only vessels in ``lay up'' or for repairs, we amended the 
regulations to define, using the definition of a general shipyard 
facility from 46 CFR 298.2, and exempt general shipyard facilities from 
the requirements of part 105 unless the facility is subject to 33 CFR 
parts 126, 127, or 154 or provides any other service beyond those 
services defined in Sec.  101.105 to any vessel subject to part 104. In 
a similar manner, in part 105, we are also exempting facilities that 
receive vessels certificated to carry more than 150 passengers if those 
vessels do not carry passengers while at the facility nor embark or 
disembark passengers from the facility. We exempted facilities that 
receive vessels for lay-up, dismantling, or placing out of commission 
to be consistent with the other changes we have discussed above. The 
facilities listed in the amended Sec.  105.105 as exceptions and Sec.  
105.110 as exemptions will be covered by the AMS Plan, and we intend to 
issue further guidance on addressing these facilities in the AMS Plan. 
Finally, while not in ``plain language'' format, we have attempted to 
make these regulations as clear as possible. We have created Small 
Business Compliance Guides, which should help facility owners and 
operators determine if their facilities are subject to these 
regulations. These Guides are available where listed in the 
``Assistance for Small Entities'' section of this final rule.
    Twelve commenters questioned our compliance dates. One commenter 
stated that because the June 2004 compliance date might not be easily 
achieved, the Coast Guard should consider a ``phased in approach'' to 
implementation. Four commenters asked us to verify our compliance date 
expectations and asked if a facility can ``gain relief'' from these 
deadlines for good reasons.
    The MTSA requires full compliance with these regulations 1 year 
after the publication of the temporary interim rules, which were 
published on July 1, 2003. Therefore, a ``phased in approach'' will not 
be used. While compliance dates are mandatory, a vessel or facility 
owner or operator could ``gain relief'' from making physical 
improvements, such as installing equipment or fencing, by addressing 
the intended improvements in the Vessel or Facility Security Plan and 
explaining the equivalent security measures that will be put into place 
until improvements have been made.
    After further review of the rules, we are amending the dates of 
compliance in Sec.  105.115(a) and (b), Sec.  105.120 introductory 
text, and Sec.  105.410(a) to align with the MTSA and the International 
Ship and Port Facility Security Code (ISPS Code) compliance dates. For 
example, we are changing the deadline in Sec.  105.115(a) for 
submitting a Facility Security Plan from December 29, 2003, to December 
31, 2003.
    One commenter requested that we clarify Sec.  105.125, 
Noncompliance, to ``focus on only those areas of noncompliance that are 
the core building blocks of the facility security program'' stating 
that the section requires a ``self-report [of] every minor glitch in 
implementation.''
    We did not intend for Sec.  105.125 to require self-reporting for 
minor deviations from these regulations if they are corrected 
immediately. We have clarified Sec. Sec.  104.125, 105.125, and 106.120 
to make it clear that owners or operators are required to request 
permission from the Coast Guard to continue operations when temporarily 
unable to comply with the regulations.
    Three commenters recommended developing an International Maritime 
Organization (IMO) list of port facilities to help foreign shipowners 
identify U.S. facilities not in compliance with subchapter H. In a 
related comment, there was a request for the Coast Guard to maintain 
and publish a list of non-compliant facilities and ports because a COTP 
may impose one or more control and compliance measures on a domestic or 
foreign vessel that has called on a facility or port that is not in 
compliance.
    We do not intend to publish a list of each individual facility that 
complies or does not comply with part 105. As discussed in the 
temporary interim rule (68 FR 39262) (part 101), our regulations align 
with the requirements of the ISPS Code, part A, section 16.5, by using 
the AMS Plan to satisfy our international obligations to communicate to 
IMO, as required by SOLAS Chapter XI-2, regulation 13.3, the locations 
within the U.S. that are covered by an approved port facility security 
plan. Any U.S. facility that receives vessels subject to SOLAS is 
required to comply with part 105.
    We received seven comments regarding waivers, equivalencies, and 
alternatives. Three commenters appreciated the flexibility of the Coast 
Guard in extending the opportunity to apply for a waiver or propose an 
equivalent security measure to satisfy a specific requirement. Four 
commenters requested detailed information regarding the factors the 
Coast Guard will focus on when evaluating applications for waivers, 
equivalencies, and alternatives.
    The Coast Guard believes that equivalencies and waivers provide 
flexibility for vessel owners and operators with unique operations. 
Sections 104.130, 105.130, and 106.125 state that vessel or facility 
owners or operators requesting waivers for any requirement of part 104, 
105, or 106 must include justification for why the specific requirement 
is unnecessary for that particular owner's or operator's vessel or 
facility or its operating conditions. Section 101.120 addresses 
Alternative Security Programs and Sec.  101.130 provides for 
equivalents to security measures. We intend to issue guidance that will 
provide more detailed information about the application procedures and 
requirements for waivers, equivalencies, and the Alternative Security 
Program.
    After further review of parts 101 and 104-106, we have amended 
Sec. Sec.  101.120(b)(3), 104.120(a)(3), 105.120(c), and 106.115(c) to 
clarify that a vessel or facility that is participating in the 
Alternative Security Program must complete a vessel or facility 
specific security assessment report in accordance with the Alternative 
Security Program, and it must be readily available.
    One commenter stated that facilities should be permitted to use 
equivalent security measures because facilities vary greatly in their 
design and security risk profile.
    We agree and have provided facilities the opportunity to apply for 
approval of equivalent security measures in Sec.  105.135.

Subpart B--Facility Security Requirements

    This subpart describes the responsibilities of the facility owner 
or operator and personnel relative to facility security. It includes 
requirements for training, drills, recordkeeping, and Declarations of 
Security. It identifies specific security measures, such as those for 
access control, cargo handling, monitoring, and particular types of 
facilities.
    Two commenters suggested that the Coast Guard should not regulate 
security measures but should establish security guidelines based on 
facility type, in essence creating a matrix with ``risk-levels'' and 
identified suggested measures for facility security.
    We cannot establish only guidelines because the MTSA and SOLAS 
require us to issue regulations. We have provided performance-based, 
rather than prescriptive, requirements in these regulations to give 
owners or operators flexibility in developing security plans

[[Page 60520]]

tailored to vessels' or facilities' unique operations.
    One commenter asked who would be ensuring the integrity of security 
training and exercise programs.
    Since the events of September 11, 2001, the Coast Guard has 
developed a directorate responsible for port, vessel, and facility 
security. This directorate oversees implementation and enforcement of 
the regulations found in parts 101 through 106. Additionally, owners 
and operators of vessels and facilities will be responsible for 
recordkeeping regarding training, drills, and exercises, and the Coast 
Guard will review these records during periodic inspections.
    One commenter stated that it is appropriate for Federal, State, and 
local authorities to assume responsibility for terminal security, and 
that there must be a responsible party for the terminal at all times 
whether a vessel is there or not.
    Section 105.200(a) states that the owner or operator of the 
facility must ensure that the facility operates in compliance with the 
requirements of this part. Therefore, the owner or operator is 
responsible for terminal security at all times whether or not a vessel 
is at the facility.
    Five commenters stated that the requirement of Sec.  105.200(b)(2), 
which compels Facility Security Officers to implement security measures 
in response to MARSEC Levels within 12 hours of notification would be 
problematic, especially for facilities with limited manpower, and 
during weekends, or nights.
    We disagree with the commenters and believe that it is well within 
reason to expect that Facility Security Officers can implement the 
necessary security measures changes within 12 hours.
    Two commenters recommended that the word ``adequate'' be deleted 
from Sec.  105.200(b)(6) because the commenter believes that the 
owners' or operators' definition of ``adequate'' might not be the same 
as intended in the regulations.
    The use of the word ``adequate'' throughout the regulations 
emphasizes that minimal coordination of security issues may not be 
sufficient and allows for differences in individual circumstances.
    One commenter recommended that facility owners or operators should 
limit access to vessels moored at the facility to those individuals and 
organizations that conduct business with the vessel, contending that 
the word ``visitor'' may have too broad a connotation.
    The regulations provide flexibility to define who can have access 
to a facility. The Facility Security Plan must contain security 
measures for access control and can limit access to those individuals 
and organizations that conduct business with the vessel. We do specify 
that a facility must ensure coordination of shore leave for vessel 
personnel or crew change-out, as well as access through the facility 
for representatives of seafarers' welfare and labor organizations.
    One commenter suggested adding a provision that would allow 
unimpeded access for passengers to board charterboats at facilities 
regulated under part 105, stating that the ``extraordinary measures'' 
required to ensure facility security could hamper public entrance to 
these facilities.
    A facility owner or operator must coordinate access to the facility 
with vessel personnel under Sec.  105.200(b)(7); however, that owner or 
operator is also required to implement security measures that include 
access control. We did not allow any group of vessel passengers or 
personnel unimpeded access to a facility regulated under this 
subchapter because it would undermine the purpose of access control. A 
facility owner or operator may impede passengers' access to 
charterboats if he or she perceives that these passengers pose a risk, 
are at risk, or if such passage is not in compliance with the 
facility's security plan.
    Nineteen commenters were concerned about the rights of seafarers at 
facilities. One commenter stated that the direct and specific 
references to shore leave in the regulations conform exactly with his 
position and the widespread belief that shore leave is a fundamental 
right of a seaman. One commenter stated that coordinating mariner shore 
leave with facility operators is important and should be retained, 
stating that shore leave for ships' crews exists as a fundamental 
seafarers' right that can be denied only in compelling circumstances. 
The commenter also stated that chaplains should continue to have access 
to vessels, especially during periods of heightened security. Four 
commenters requested that the regulations require facilities to allow 
vessel personnel access to the facilities for shore leave, or other 
purposes, stating that shore leave is a basic human right and should 
not be left to the discretion of the terminal owner or operator. One 
commenter stated that seafarers are being denied shore leave as they 
cannot apply for visas in a timely manner and that seafarers who meet 
all legal requirements should be permitted to move to and from the 
vessel through the facility, subject to reasonable requirements in the 
Facility Security Plan. One commenter stated that it is the 
responsibility of the government to determine appropriate measures for 
seafarers to disembark. One commenter encouraged the government to 
expedite the issuance of visas for shore leave.
    We agree that coordinating mariner shore leave and chaplains' 
access to vessels with facility operators is important and should be 
retained. Sections 104.200(b)(6) and 105.200(b)(7) require owners or 
operators of vessels and facilities to coordinate shore leave for 
vessel personnel in advance of a vessel's arrival. We have not 
mandated, however, that facilities allow access for shore leave because 
during periods of heightened security shore leave may not be in the 
best interest of the vessel personnel, the facility, or the public. 
Mandating such access could infringe on private property rights; 
however, we strongly encourage facility owners and operators to 
maximize opportunities for mariner shore leave and access to the vessel 
through the facility by seafarer welfare organizations. The Coast Guard 
does not issue, nor can it expedite the issuing of, visas. 
Additionally, visas are a matter of immigration law and are beyond the 
scope of these rules. Finally, it should also be noted that the 
government has treaties of friendship, commerce, and with several 
nations. These treaties provide that seafarers shall be allowed ashore 
by public authorities when they and the vessel on which they arrive in 
port meet the applicable requirements or conditions for entry. We have 
amended Sec. Sec.  104.200(b) and 105.200(b) to include language that 
treaties of friendship, commerce, and navigation should be taken into 
account when coordinating access between facility and vessel owners and 
operators.
    Three commenters stated that many of the requirements of Sec.  
104.265, security measures for access control, should not apply to 
unmanned vessels because there is no person on board the vessel at most 
times.
    We disagree. The owner or operator must ensure the implementation 
of security measures to control access because unmanned barges directly 
regulated under this subchapter may be involved in a transportation 
security incident. As provided in Sec.  104.215(a)(4), the Vessel 
Security Officer of an unmanned barge must coordinate with the Vessel 
Security Officer of any towing vessel and Facility Security Officer of 
any facility to ensure the implementation of security measures for the 
unmanned barge. We have amended Sec.  105.200 to clarify the facility 
owner's or operator's responsibility for the implementation of security 
measures for

[[Page 60521]]

unattended or unmanned vessels while moored at a facility.
    Four commenters stated that any future interim rules should not 
apply to certain waterfront areas, such as seafarers' welfare centers 
and clubs, and that these areas should not be considered facilities 
subject to the regulations under part 105.
    Seafarers' welfare centers and clubs are not specifically regulated 
under part 105 unless these facilities are contained within a marine 
transportation-related facility. Any future rulemakings regarding these 
types of centers or clubs would be subject to notice and comment.
    One commenter requested that we amend Sec.  105.200(b)(9) to 
clarify that owners or operators must report ``transportation'' 
security incidents because the word ``transportation'' is missing.
    We agree with the commenter and have amended the section 
accordingly. This language is now found in Sec.  105.200(b)(10).
    Five commenters supported the Coast Guard in not specifically 
defining training methods. Another commenter agrees with the Coast 
Guard's position that the owner or operator may certify that the 
personnel with security responsibilities are capable of performing the 
required functions based upon the competencies listed in the 
regulations. Two commenters stated that formal security training for 
Facility Security Officers and personnel with security related duties 
become mandatory as soon as possible. One commenter stated that they 
were concerned with the lack of formal training for Facility Security 
Officers.
    As we explained in the temporary interim rule (68 FR 39263) (part 
101), there are no approved courses for facility personnel and, 
therefore, we intend to allow Facility Security Officers to certify 
that personnel holding a security position have received the training 
required to fulfill their security duties. Section 109 of the MTSA 
required the Secretary of Transportation to develop standards and 
curricula for the education, training, and certification of maritime 
security personnel, including Facility Security Officers. The Secretary 
delegated that authority to the Maritime Administration (MARAD). MARAD 
has developed model training standards and curricula for maritime 
security personnel, including Facility Security Officers. In addition, 
MARAD intends to develop course approval and certification requirements 
in the near future.
    Three commenters stated that it would be difficult for smaller 
companies to meet the qualification requirements for Facility Security 
Officers that are set out in Sec.  105.205.
    We recognize that some companies will find it harder than others to 
locate individuals who are qualified to serve as Facility Security 
Officers. We believe there is flexibility in the structure of our 
requirements, and therefore these requirements are able to take this 
into account. We allow Facility Security Officers to have general 
knowledge, which they may acquire through training or through 
equivalent job experience. Formal training is not a prerequisite in the 
designation of a Facility Security Officer. We also allow an individual 
to serve as a Facility Security Officer on a collateral-duty basis, to 
serve as the Facility Security Officer for multiple facilities, and to 
delegate duties, all of which make it easier for companies to identify 
and designate qualified Facility Security Officers.
    Fifteen commenters asked that the Coast Guard re-examine the 
requirement that if a Facility Security Officer serves more than one 
facility, those facilities must be no further than 50 miles apart. The 
commenters argued that companies with multiple facilities should be 
able to assign Facility Security Officer delegations, regardless of 
distance between facilities, especially since this section allows the 
Facility Security Officer to delegate security duties to other 
personnel, so long as he or she retains final responsibility for these 
duties. Four of these commenters did not support the limitation on 
Facility Security Officers from serving facilities in different COTP 
zones, even if the facilities are within 50 miles of each other. One 
commenter stated that many facilities that are not co-located may be 
managed as multiple site complexes using shared operational and 
administrative resources, and that, as such, they should have one 
Facility Security Officer assigned to them regardless of the distance 
between them.
    We believe these commenters misinterpreted Sec.  105.205(a)(2). 
There is no requirement that the Facility Security Officer must be 
situated within any particular distance of the facilities for which he 
or she serves. Section 105.205(a)(2) pertains to the maximum distance 
between the individual facilities that can be served by a single 
Facility Security Officer. We determined that a distance of 50 miles 
between facilities within a single COTP zone was appropriate for 
several reasons. During our initial public meetings we received 
comments from many small facility operators who have numerous similarly 
designed, equipped and operated facilities in proximity to each other. 
They believed that a single Facility Security Officer could adequately 
meet the responsibilities set out in Sec.  105.205(c) in situations 
like this. The 50-mile distance requirement was determined because 
facilities sharing a similar design, equipment, and operations would 
often share other similar characteristics such as geography, 
infrastructure, proximity to population centers, and common emergency 
response and crisis management authorities. In addition to the 50-mile 
limit, we require all single Facility-Security-Officer-served-
facilities to be within a single COTP zone because the COTP is the 
Facility Security Plan approving authority, and the COTP, as Federal 
Maritime Security Coordinator, is the Federal official charged with 
communicating the MARSEC Levels to the Facility Security Officer. We 
have not specified where the designated Facility Security Officer must 
be in proximity to the facilities he or she serves. However, it is our 
opinion that in order to effectively carry out the duties and 
responsibilities specified in Sec.  105.205(c), the Facility Security 
Officer should be able to easily make on-site facility visits of 
sufficient frequency and scope so as to be able to effectively monitor 
compliance with the requirements established in 33 CFR part 105.
    Nine commenters requested formal alternatives to Facility Security 
Officers, Company Security Officers, and Vessel Security Officers much 
like the requirements of the Oil Pollution Act of 1990, which allow for 
alternate qualified individuals.
    Parts 104, 105, and 106 provide flexibility for a Company, Vessel, 
or Facility Security Officer to assign security duties to other vessel 
or facility personnel under Sec. Sec.  104.210(a)(4), 104.215(a)(5), 
105.205(a)(3), and 106.210(a)(3). An owner or operator is also allowed 
to designate more than one Company, Vessel, or Facility Security 
Officer. Because Company, Vessel, or Facility Security Officer 
responsibilities are key to security implementation, vessel and 
facility owners and operators are encouraged to assign an alternate 
Company, Vessel, or Facility Security Officer to coordinate vessel or 
facility security in the absence of the primary Company, Vessel, or 
Facility Security Officer.
    One commenter stated that allowing the Vessel Security Officer and 
Facility Security Officer to perform collateral non-security duties is 
not an adequate response to risk.

[[Page 60522]]

    Security responsibilities for the Company, Vessel, and Facility 
Security Officers in parts 104, 105, and 106 may be assigned to a 
dedicated individual if the owners or operators believe that the 
responsibilities and duties are best served by a person with no other 
duties.
    Two commenters stated that the Facility Security Officer should be 
allowed to assign the day-to-day security activities to other 
personnel.
    The regulations, allow for the Facility Security Officers to assign 
security duties to other facility personnel under Sec.  105.205(a)(3).
    After further review of Sec.  105.205, we are amending Sec.  
105.205(c)(11) to clarify that the responsibilities of the Facility 
Security Officer includes the execution of any required Declarations of 
Security with the Masters, Vessel Security Officers, or their 
designated representatives.
    Two commenters suggested that ferries be exempt from the ``while at 
sea'' clause in Sec.  104.220(i) that requires company or vessel 
personnel responsible for security duties to have knowledge on how to 
test and calibrate security equipment and systems and maintain them, 
arguing that ferries are not oceangoing and, therefore, typically use a 
manufacturer's service representative to perform equipment testing and 
calibration while at the dock. In addition, one commenter requested 
clarification on whether a manufacturer's technical expert could be 
used to perform regularly planned maintenance at the ferry terminal.
    We disagree with exempting ferry or facility security personnel 
from understanding how to test, calibrate, or maintain security 
equipment and systems. However, Sec. Sec.  104.220 and 105.210 provide 
the company the flexibility to determine who should have an 
understanding of how to test, calibrate, and maintain security 
equipment and systems. By stating ``company and vessel personnel 
responsible for security duties must * * * as appropriate,'' we have 
allowed a company to write a Vessel or Facility Security Plan that 
outlines responsibilities for security equipment and systems. If the 
company chooses to have company security personnel hold that 
responsibility, then vessel or facility security personnel would simply 
have to know how to contact the correct company security personnel and 
know how to implement interim measures as a result of equipment 
failures either at sea or in port. Sections 104.220 and 105.210 do not 
preclude a manufacturer's service representative from performing 
equipment maintenance, testing, and calibration.
    One commenter stated that crowd management and control techniques, 
under Sec.  105.210(e), should not be required of facility personnel 
with security duties, stating that this function is solely a 
responsibility of public responders.
    We believe that crowd management and control techniques may be 
appropriate for facility security personnel with certain security 
duties. The overall security and safe operation of a facility rests 
with the owner or operator of that facility. It is not outside the 
realm of facility personnel's duties to consider security and their 
role in minimizing risk, including crowd management and control 
techniques.
    Two commenters requested that ferries and their terminals be exempt 
from conducting physical screening and, therefore, should also be 
exempt from Sec. Sec.  104.220(l) and 105.210(l), which require 
security personnel to know how to screen persons, personal effects, 
baggage, cargo, and vessel stores.
    We disagree with exempting ferries and their terminals from the 
screening requirement and, therefore, will continue to require that 
certain security personnel understand the various methods that could be 
used to conduct physical screening. Because ferries certificated to 
carry more than 150 passengers and the terminals that serve them may be 
involved in a transportation security incident, it is imperative that 
security measures such as access control be implemented. Section 
104.292 provides passenger vessels and ferries alternatives to 
identification checks and passenger screening. However, it does not 
provide alternatives to the requirements for cargo or vehicle 
screening. Thus, ferry security personnel assigned to screening duties 
should know the methods for physical screening. There is no 
corresponding alternative to Sec.  104.292 for terminals serving 
ferries carrying more than 150 passengers; therefore, terminal security 
personnel assigned to screening duties should also know the methods for 
physical screening.
    One commenter suggested exempting ferry terminals from Sec.  
105.210(l) concerning methods of physical screening of persons, 
personal effects, baggage, cargo, and vessel stores because ``it is not 
applicable.''
    We disagree that all ferry terminals should be exempted, as this 
comment appears to presuppose that portions of the regulations are not 
applicable to all ferry terminals. We determined that facilities that 
receive vessels certificated to carry more than 150 passengers are at 
risk of being involved in a transportation security incident and are 
regulated under Sec.  105.105.
    Forty-one commenters requested that Sec. Sec.  104.225, 105.215, 
and 106.220 be either reworded or eliminated because the requirement to 
provide detailed security training to all contractors who work in a 
vessel or facility or to facility employees, even those with no 
security responsibilities such as a secretary or clerk, is impractical, 
if not impossible. The commenters stated that, unless a contractor has 
specific security duties, a contractor should only need to know how, 
when, and to whom to report anything unusual as well as how to react 
during an emergency. One commenter suggested adding a new section that 
listed specific training requirements for contractors and vendors.
    The requirements in Sec. Sec.  104.225, 105.215, and 106.220 are 
meant to be basic security and emergency procedure training 
requirements for all personnel working in a vessel or facility. In most 
cases, the requirement is similar to the basic safety training given to 
visitors to ensure they do not enter areas that could be harmful. To 
reduce the burden of these general training requirements, we allowed 
vessel and facility owners and operators to recognize equivalent job 
experience in meeting this requirement. However, we believe contractors 
need basic security training as much as any other personnel working on 
the vessel or facility. Depending on the vessel or facility, providing 
basic security training (e.g., how and when to report information, to 
whom to report unusual behaviors, how to react during a facility 
emergency) could be sufficient. To emphasize this, we have amended 
Sec. Sec.  104.225, 105.215, and 106.220 to clarify that the owners or 
operators of vessels and facilities must determine what basic security 
training requirements are appropriate for their operations.
    One commenter agreed with our inclusion of tabletop exercises as a 
cost-effective means of exercising the security plan.
    Eleven commenters requested clarification on drills and exercises. 
One commenter suggested that an exercise be defined as a tabletop 
exercise, while a drill be a one-topic, specific exercise that is one-
hour in length and is easily incorporated into daily operating 
activities. The commenter also suggested that the frequency of exercise 
requirements be extended to once every three years. Additionally, two 
commenters requested that security drills and exercises be integrated 
with non-security drills and exercises. Two commenters requested that 
certain

[[Page 60523]]

facilities be allowed to deviate from the requirements in Sec.  
105.220. Two commenters stated that exercises should be a company-wide 
test of a company's security readiness. One commenter requested a 
waiver from the three drills per year requirement, based upon facility 
size.
    We disagree that exercises should be exclusively tabletop 
exercises. Under Sec.  105.220(c), exercises may be full scale or live, 
tabletop simulation, or seminar or combined with other appropriate 
exercises as stated in Sec.  105.220(c)(2)(i-iii). Section 105.220(b) 
provides enough flexibility for drills to allow them to be incorporated 
into daily operations. We do not disagree that a drill may be 
accomplished in a one-hour period but believe that the length of time 
would actually depend on which portion of the security plan the drill 
is testing. Therefore, we did not constrict or prescribe a drill time-
length in the regulation. We believe that annual exercises are 
necessary for each facility to maintain an adequate level of security 
readiness. These security exercises, however, may be part of a 
cooperative exercise program with applicable facility and vessel 
security plans or comprehensive port exercises as stated in Sec.  
105.220(c)(3). We agree that the exercises should be a company-wide 
test of a company's security readiness in its areas of operation. 
Additionally, any facility owner or operator may request a waiver from 
any of the security requirements, in light of the operating conditions 
of the facility, in accordance with Sec.  105.130.
    Four commenters suggested that security drills are not needed when 
the only option is to call ``911.''
    Although calling ``911'' may test one element of the Facility 
Security Plan, additional drills are required to cover the other 
elements of the Facility Security Plan to ensure its effective 
implementation.
    Nine commenters stated that companies should be able to take credit 
toward fulfilling the drill and exercise requirements for actual 
incidents or threats, as under Sec.  103.515.
    We agree that, during an increased MARSEC Level, vessel and 
facility owners and operators may be able to take credit for 
implementing the higher security measures in their security plans. 
However, there are cases where a vessel or facility implementing a 
Vessel or Facility Security Plan may not attain the higher MARSEC Level 
or otherwise not be required to implement sufficient provisions of the 
plan to qualify as an exercise. Therefore, we have amended parts 104, 
105, and 106 to allow an actual increase in MARSEC Level to be credited 
as a drill or an exercise if the increase in MARSEC Level meets certain 
parameters. In the case of OCS facilities, this type of credit must be 
approved by the Coast Guard in a manner similar to the provision found 
in Sec.  103.515 for the AMS Plan requirements.
    One commenter stated that the language in Sec.  105.225, regarding 
recordkeeping, does not specify where the records should be kept. The 
commenter stated that it is presumed that such records may be kept off-
site in a secure location accessible to the Facility Security Officer 
and other appropriate personnel. One commenter asked for clarification 
of sensitive security information because there is no suitable place 
for such information to be protected on board an unmanned vessel. One 
commenter recommended that records be kept onshore and not on board the 
vessel.
    Sections 104.235(a) and 105.225(a) state that the records must be 
made available to the Coast Guard upon request, and Sec. Sec.  
104.235(c) and 105.225(c) state that the records must be protected from 
unauthorized access. Therefore, a facility or vessel owner or operator 
must ensure that records are kept safely and also are available for 
inspection by the Coast Guard upon request, but the records do not 
necessarily have to be kept at the facility or on the vessel.
    One commenter asked for a definition of ``security equipment'' and 
suggested using the term ``security system'' instead. The commenter 
also asked how much detail must be included in records of maintenance, 
calibration, and testing.
    Depending on how a facility owner or operator decides to implement 
the security measures of this part, either term would be appropriate. 
Some may choose to install stand-alone equipment, while others may 
choose to have an integrated security system. We did not prescribe 
specific details for recordkeeping of security equipment because of the 
diverse possibilities of implementation. The intent of the 
recordkeeping requirements in Sec.  105.225 was to keep a general log 
of calibration, testing, and maintenance performed.
    Two commenters recommended that a sentence be added to the end of 
Sec.  105.225(b)(1) that reads: ``Short domain awareness and other 
orientation type training that may be given to contractor and other 
personnel temporarily at the facility and not involved in security 
functions need not be recorded.'' The commenters stated that this 
change would eliminate the unnecessary recordkeeping for this general 
``domain awareness'' training.
    We agree that the recordkeeping requirements in Sec.  105.225 for 
training are broad and may capture training that, while necessary, does 
not need to be formally recorded. Therefore, we have amended the 
requirements in Sec.  105.225(b)(1) to only record training held to 
meet Sec.  105.210. We have also made corresponding changes to 
Sec. Sec.  104.235(b)(1) and 106.230(b)(1).
    Six commenters stated that the majority of the recordkeeping 
requirements for facilities and OCS facilities were overly burdensome 
and unnecessary. One commenter suggested adding exemptions to Sec.  
105.110(b) to exempt public access areas from the recordkeeping 
requirements under Sec. Sec.  105.225(b)(3), (b)(4), (e)(8) and (e)(9).
    We disagree with the commenters. Recordkeeping serves the vital 
function of documenting compliance with the regulations. We also 
disagree that exemptions from the recordkeeping requirements are 
appropriate for public access areas. We note that there is no Sec.  
105.225(e).
    We received 28 comments regarding communication of changes in the 
MARSEC Levels. Most commenters were concerned about the Coast Guard's 
capability to communicate timely changes in MARSEC Levels to facilities 
and vessels. Some stressed the importance of MARSEC security 
information reaching each port area in the COTP's zone and the entire 
maritime industry. Some stated that local Broadcast Notice to Mariners 
and MARSEC Directives are flawed methods of communication and stated 
that the only acceptable ways to communicate changes in MARSEC Levels, 
from a timing standpoint, are via email, phone, or fax as established 
by each COTP.
    MARSEC Level changes are generally issued at the Commandant level 
and each Marine Safety Office (MSO) will be able to disseminate them to 
vessel and facility owners or operators, or their designees, by various 
ways. Communication of MARSEC Levels will be done in the most 
expeditious means available, given the characteristics of the port and 
its operations. These means will be outlined in the AMS Plan and 
exercised to ensure vessel and facility owners and operators, or their 
designees, are able to quickly communicate with us and vice-versa. 
Because MARSEC Directives will not be as expeditiously communicated as 
other COTP Orders and are not meant to communicate changes in MARSEC 
Levels, we have amended Sec.  101.300 to remove the reference to MARSEC 
Directives.

[[Page 60524]]

    Six comments were received concerning the requirement that 
facilities communicate changes in MARSEC Levels to vessels. Four 
commenters requested that OCS facilities only notify those vessels 
subject to part 104 of a change in MARSEC Level, instead of notifying 
all vessels conducting operations with the OCS facility, vessels moored 
to a facility, or scheduled to arrive within 96 hours.
    We disagree with the commenter. Although vessels not covered under 
part 104 may not be likely to be involved in a transportation security 
incident, they may interface with facilities that are likely to be 
involved in a transportation security incident. Therefore, the Coast 
Guard requires facilities to transmit the necessary information on 
MARSEC Levels to all vessels they interface with regardless of whether 
the vessels have their own Vessel Security Plan to ensure that security 
at the facilities is not compromised.
    We received 15 comments on the facility owner's or operator's 
responsibility to communicate changes in MARSEC Levels to vessels bound 
for the facility. Nine commenters noted that it would be difficult and 
impractical for facilities to notify vessels 96 hours prior to arrival 
of changes in MARSEC Levels because some vessels and facilities do not 
have a means to provide secure communications. Three commenters stated 
that facilities should not be responsible for notifying vessels that 
have not arrived at the facility of MARSEC Level changes. In contrast, 
one commenter suggested that the Coast Guard amend Sec.  101.300(a) to 
include a provision for facilities to notify vessels of MARSEC Level 
changes within 96 hours, much like that which is currently found in 
Sec.  105.230(b)(1).
    The intent of the regulations was to give vessel owners or 
operators the maximum amount of time possible to ensure the higher 
MARSEC Level is implemented on the vessel prior to interfacing with a 
facility. This ensures that the facility's security at the higher 
MARSEC Level is not compromised when the vessel arrives. Therefore, 
while it may be difficult to contact a vessel in advance of its 
arrival, it is imperative for the security of the facility and the 
vessel. Additionally, communications between the facility and the 
vessel do not need to be secure, as MARSEC Levels are not classified 
information. We have not amended Sec.  101.300(a), as the commenter 
suggested, because this section is intended to regulate communication 
at the port level, whereas Sec.  105.230(b)(1) is intended to regulate 
communication at the individual facilities within the port.
    Seven commenters stated that although facility or vessel personnel 
need to understand the current MARSEC Level and have a heightened state 
of awareness, in most cases, the specifics of the threat should not be 
disclosed.
    It is necessary for the vessel or facility personnel to know about 
threats to the vessel or facility because this helps to focus their 
attention on specific attempts or types of threats to the vessel or 
facility. To balance this need with sensitive security concerns, 
Sec. Sec.  104.240(c) and 105.230(c) give the owners or operators 
discretion in deciding how much specific information needs to be 
disclosed to facility or vessel personnel.
    Thirty-three commenters stated that the public lacks either the 
authority or the expertise for implementing the security measures for 
MARSEC Level 3, which include armed patrols, waterborne security, and 
underwater screening.
    We disagree and believe that owners and operators have the 
authority to implement the identified security measures. For example, 
it is well settled under the law of every State that an employer may 
maintain private security guards or private security police to protect 
his or her property. The regulations do not require owners or operators 
to undertake law enforcement action, but rather to implement security 
measures consistent with their longstanding responsibility to ensure 
the security of their vessels and facilities, as specifically 
prescribed by 33 CFR 6.16-3 and 33 CFR 6.19-1, by: deterring 
transportation security incidents; detecting an actual or a threatened 
transportation security incident for reporting to appropriate 
authorities; and, as authorized by the relevant jurisdiction, defending 
themselves and others against attack. It is also important to note that 
the security measures identified by these commenters, while listed in 
Sec. Sec.  104.240(e) and 105.230(e), are not exclusive and only relate 
to MARSEC Level 3 implementation. In many instances, the owner or 
operator may decide to implement these security measures through 
qualified contractors or third parties who can provide any expertise 
that is lacking within the owner's or operator's own organization and 
who also have the required authority.
    One commenter asked for clarification of Sec.  104.240(b)(2) 
because ``facility and barge fleets have control of unmanned vessels'' 
moored at their facilities.
    We agree that the owners and operators of barge fleeting facilities 
have control of unmanned vessels that are moored at their facilities. 
As such, it is the responsibility of the facility owner or operator to 
ensure that the COTP is notified when compliance with a higher MARSEC 
Level has been implemented at the facility, including on the unmanned 
vessels moored at the facility.
    Two commenters stated that Sec.  105.235(b) requires an effective 
means of communications be in place and documented in the facility 
plan. One of the commenters asked if it was acceptable to communicate 
with the vessel through the person in charge.
    Section 105.235(b) provides enough flexibility that it may be 
appropriate to list the person in charge, as defined in 33 CFR part 
155, as a means of communication in the Facility Security Plan, 
provided it meets with the approval of the cognizant COTP.
    Two commenters suggested that the Coast Guard should be responsible 
for facilitating communications between vessels and facilities.
    We believe that it is the Coast Guard's role to ensure that vessels 
and facilities have the proper procedures and equipment for 
communicating with each other. The Coast Guard does have communication 
responsibilities, as found in Sec.  101.300. It is imperative, however, 
that vessels and facilities effectively communicate with each other in 
order to coordinate the implementation of security measures. Thus, we 
have placed this requirement on the owner or operator, not the Coast 
Guard. The Coast Guard will be inspecting facilities and vessels to 
ensure this communication is accomplished.
    We received 14 comments about the length of the effective period of 
a continuing Declaration of Security for each MARSEC Level. Five 
commenters stated that there is little need to renew a Declaration of 
Security every 90 days and that it should instead be part of an annual 
review of the Vessel Security Plan. Three commenters stated that the 
effective period of MARSEC Level 1 should not exceed 180 days while the 
effective period for MARSEC Level 2 should not exceed 90 days. One 
commenter noted that a vessel may execute a continuing Declaration of 
Security and assumed that this means that a Declaration of Security for 
a regular operating public transit system is good for the duration of 
the service route. Three commenters recommended that the effective 
period for a Declaration of Security be either 90 days or the term for 
which a vessel's service

[[Page 60525]]

to an OCS facility is contracted, whichever is greater. Two commenters 
recommended allowing ferry service operators and facility operators to 
enact pre-executed MARSEC Level 2 condition agreements rather than 
initiating a new Declaration of Security at every MARSEC Level change.
    We disagree with these comments and believe that continuing 
Declaration of Security agreements between vessel and facility owners 
and operators should be periodically reviewed to respond to the 
frequent changes in operations, personnel, and other conditions. We 
believe that the Declaration of Security ensures essential security-
related coordination and communication among vessels and facilities. 
Renewing a continuing Declaration of Security agreement requires only a 
brief interaction between vessel and facility owners and operators to 
review the essential elements of the agreement. Additionally, at a 
heightened MARSEC Level, that threat must be assessed and a new 
Declaration of Security must be completed. Less frequent review, such 
as during an annual or biannual review of the Vessel Security Plan, 
does not provide adequate oversight of the Declaration of Security 
agreement to ensure all parties are aware of their security 
responsibilities.
    Five commenters requested that Sec.  104.255(c) and (d) be amended 
so that a Declaration of Security need not be exchanged when conditions 
(e.g., adverse weather) would preclude the exchange of the Declaration 
of Security.
    We are not amending Sec.  104.255(c) and (d) because as stated in 
Sec.  104.205(b), if in the professional judgment of the Master a 
conflict between any safety and security requirements applicable to the 
vessel arises during its operations, the Master may give precedence to 
measures intended to maintain the safety of the vessel and take such 
temporary security measures as deemed best under all circumstances. 
Therefore, if the Declaration of Security between a vessel and facility 
could not be safely exchanged, the Master would not need to exchange 
the Declaration of Security before the interface. However, under 
Sec. Sec.  104.205(b)(1), (b)(2), and (b)(3), the Master would have to 
inform the nearest COTP of the delay in exchanging the Declaration of 
Security, meet alternative security measures considered commensurate 
with the prevailing MARSEC Level, and ensure that the COTP was 
satisfied with the ultimate resolution. In reviewing this provision, we 
realized that a similar provision to balance safety and security was 
not included in parts 105 or 106. We have amended these parts to give 
the owners or operators of facilities the responsibility of resolving 
conflicts between safety and security.
    Five commenters asked whether a company could have an agreement 
with a facility that outlines the responsibilities of all the company's 
vessels instead of a separate Declaration of Security for each vessel. 
The commenters stated that this would make the Declaration of Security 
more manageable for companies, vessels, and facilities that frequently 
interface with each other. One commenter raised a similar concern 
regarding barges and tugs conducting bunkering operations. One 
commenter suggested that Declarations of Security not be required when 
the vessels and ``their docking facilities'' share a common owner.
    As stated in Sec. Sec.  104.255(e), 105.245(e), and 106.250(e), at 
MARSEC Levels 1 and 2, owners or operators may establish continuing 
Declaration of Security procedures for vessels and facilities that 
frequently interface with each other. These sections do not preclude 
owners and operators from developing Declaration of Security procedures 
that could apply to vessels and facilities that frequently interface. 
However, as stated in Sec. Sec.  104.255(c) and (d), 105.245(d), and 
106.250(d), at MARSEC Level 3, all vessels and facilities required to 
comply with parts 104, 105, and 106 must enact a Declaration of 
Security agreement each time they interface. We believe that, even when 
under common ownership, vessels and facilities must coordinate security 
measures at higher MARSEC Levels and therefore should execute 
Declarations of Security. For MARSEC Level 1, only cruise ships and 
vessels carrying Certain Dangerous Cargoes (CDC) in bulk, and 
facilities that receive them, even when under common ownership, are 
required to complete a Declaration of Security each time they 
interface.
    Two commenters did not support the restriction on the Facility 
Security Officer from being able to delegate authority to other 
security personnel in periods of MARSEC Levels 2 and 3. The commenters 
suggested that the Coast Guard use the same language in Sec.  
105.245(b), which allows the Facility Security Officer to delegate 
authority to a designated representative to sign and implement a 
Declaration of Security at MARSEC Levels 2 and 3.
    Section 105.205 allows the Facility Security Officer to delegate 
security duties to other facility personnel. This delegation applies to 
the authority of the Facility Security Officer to sign and implement a 
Declaration of Security at MARSEC Levels 2 and 3. In order to clarify 
the regulations, however, we have amended Sec.  105.245(d) to include 
the language found in Sec.  105.245(b), allowing the Facility Security 
Officer to delegate this authority. We have also made the same change 
in Sec.  106.250(d).
    Three commenters suggested that the regulation should require that 
the Vessel Security Officer and Facility Security Officer have 
verified--via e-mail, phone, or other suitable means prior to the 
vessel's arrival in the port--that the provisions of the Declaration of 
Security remain valid.
    We disagree that there is a need to specify the means of 
communicating between the Vessel Security Officer and the Facility 
Security Officer about the provisions of the Declaration of Security. 
To maintain flexibility, the regulations neither preclude nor mandate a 
specific means to use when discussing a Declaration of Security.
    Eight commenters stated that there is significant confusion 
regarding the requirements to complete Declarations of Security, 
especially when dealing with unmanned barges. One commenter asked if a 
Declaration of Security is required when an unmanned barge is ``being 
dropped'' at a facility or when ``changing tows.''
    We agree with the commenter and are amending Sec. Sec.  104.255(c) 
and (d) and 106.250(d) to clarify that unmanned barges are not required 
to complete a Declaration of Security at any MARSEC Level. This aligns 
these requirements with those of Sec.  105.245(d). At MARSEC Levels 2 
and 3, a Declaration of Security must be completed whenever a manned 
vessel that must comply with this part is moored to a facility or for 
the duration of any vessel-to-vessel interface.
    Three commenters asked when the Coast Guard would communicate 
standards for U.S. flag vessels and facilities as to the timing and 
format of a Declaration of Security. One commenter requested 
information about how Declaration of Security requirements will be 
communicated to and coordinated with vessels that do not regularly call 
on U.S. ports and specific facilities.
    As specified in Sec.  101.505, the format of a Declaration of 
Security is described in SOLAS Chapter XI-2, Regulation 10, and the 
ISPS Code. The timing requirements for the Declaration of Security are 
specified in Sec. Sec.  104.255 and 105.245. The format for a 
Declaration of Security can be found as an appendix to the ISPS Code. 
We agree that the format requirement was not clearly included in Sec.  
101.505(a) when we called out the incorporation by reference. 
Therefore,

[[Page 60526]]

we have explicitly included a reference to the format in Sec.  
101.505(b).
    One commenter wanted to know who will become the arbiter in the 
event of a disagreement between a vessel and a facility, or between two 
vessels, in regards to the Declaration of Security.
    We do not anticipate this will be a frequent problem. The 
regulations do not provide for or specify an arbiter in the event that 
an agreement cannot be reached for a Declaration of Security. It is 
important to note that failure to resolve any such disagreement prior 
to the vessel-to-facility interface may result in civil penalties or 
other sanctions.
    Five commenters suggested that we add language to the requirements 
for security systems and equipment maintenance in Sec. Sec.  105.250 
and 106.255 to allow facility and OCS facility owners or operators to 
develop and follow other procedures which the owner or operator has 
found to be more appropriate through experience or other means.
    The intent of the security systems and equipment maintenance 
requirement is to require the use of the manufacturer's approved 
procedures for maintenance. If owners or operators have found other 
methods to be more appropriate, they may apply for equivalents 
following the procedures in Sec. Sec.  105.135 or 106.130.
    One commenter suggested that the Coast Guard establish additional 
criteria for certain expensive security equipment (such as access 
controls, lighting, and surveillance). The commenter said this would be 
helpful in ensuring a minimum compliance standard for those equipment 
elements that will be most costly to owners and operators.
    Our regulations set performance standards. Some industry standards 
already exist or are being developed by trade or standards-setting 
organizations. Owners and operators may assess their own security needs 
and the measures that best meet those needs, given the particular 
characteristics and unique operations of their vessels or facilities.
    One commenter stated that Sec.  105.255(a) regarding access control 
should explicitly state that the implementation of security measures 
should be based on the type of cargo handled and the Facility Security 
Assessment.
    We are not amending Sec.  105.255(a) because, through the 
development of the Facility Security Assessment and Facility Security 
Plan, the cargo handled should be a primary consideration of a 
facility's vulnerability to a transportation security incident. The 
security measures implemented will be based on the Facility Security 
Assessment and Facility Security Plan, which expressly account for the 
facility's specific operations.
    We received nine comments dealing with facility access control as 
it pertains to identification checks. Seven commenters asked us to add 
regulatory language to stipulate what will be accepted forms of 
identification for representatives from Federal agencies, because there 
is no standardized requirement for these representatives to carry their 
agency identification at all times and some agencies believe an officer 
in uniform and carrying a badge should be sufficient identification to 
gain access to a facility. One commenter suggested that security plans 
include access control measures specifically aimed at fumigators.
    As part of the requirements for access control in Sec.  
105.255(e)(3), a facility owner or operator must conduct a check of the 
identification of any person seeking to enter the facility, including 
vessel passengers and crew, facility employees, Federal agency 
representatives, vendors (such as fumigators), personnel duly 
authorized by the cognizant authority, and visitors. We have provided 
minimum standards for identification in Sec.  101.515, which must be 
met by all persons requesting access. This includes Federal agency 
representatives, and means that just a uniform will not be sufficient 
to meet the minimum standard set in Sec.  101.515, and only those 
badges meeting that standard will be acceptable.
    It should be noted that, with respect to Federal agency 
representatives, we have amended Sec.  101.515 by adding a new 
provision to clarify that the identification and access control 
requirements of this subchapter must not be used to delay or obstruct 
authorized law enforcement officials from being granted access to the 
vessel, facility, or OCS facility. Authorized law enforcement officials 
are those individuals who have the legal authority to go on the vessel, 
facility, or OCS facility for purposes of enforcing or assisting in 
enforcing any applicable laws. This authority is evident by the 
presentation of identification and credentials that meet the 
requirements of Sec.  101.515, as well as other factors such as the 
uniforms and markings on law enforcement vehicles and vessels. Delaying 
or obstructing access to authorized law enforcement officials by 
requiring independent verification or validation of their 
identification, credential, or purposes for gaining access could 
undermine compliance and inspection efforts, be contrary to enhancing 
security in some instances, and be contrary to law. Failure or refusal 
to permit an authorized law enforcement official presenting proper 
identification to enter or board a vessel, facility, or OCS facility 
will subject the operator or owner of the vessel, facility, or OCS 
facility to the penalties provided in law. In addition, an owner or 
operator of a vessel (including the Master), facility, or OCS facility 
that reasonably suspects individuals of using false law enforcement 
identification or impersonating a law enforcement official to gain 
unauthorized access, should report such concerns immediately to the 
COTP.
    Seven commenters suggested that, instead of requiring disciplinary 
measures to discourage abuse of identification systems, the Coast Guard 
should merely require companies to develop policies and procedures that 
discourage abuse. One commenter opposed provisions of these rules 
relating to identification checks of passengers and workers. The 
commenter stated that these provisions threaten constitutional rights 
to privacy, travel, and association, and are too broad for their 
purpose. The commenter argued that identification methods are 
inaccurate or unproven and can be abused, and that the costs of 
requiring identification checks outweigh the proven benefit.
    We recognize the seriousness of the commenters' concerns, but 
disagree that provisions for checking passenger and worker 
identification should be withdrawn. Identification checks, by 
themselves, may not ensure effective access control, but they can be 
critically important in attaining access control. Our rules implement 
the MTSA and the ISPS Code by requiring vessel and facility owners and 
operators to include access control measures in their security plans. 
However, instead of mandating uniform national measures, we leave 
owners and operators free to choose their own access control measures. 
In addition, our rules contain several provisions that work in favor of 
privacy. Identification systems must use disciplinary measures to 
discourage abuse. Owners and operators can take advantage of rules 
allowing for the use of alternatives, equivalents, and waivers. 
Passenger and ferry vessel owners or operators are specifically 
authorized to develop alternatives to passenger identification checks 
and screening. Signage requirements ensure that passengers and workers 
will have advance notice of their liability for screening or 
inspection. Vessel owners and operators are required to give particular 
consideration to the convenience, comfort, and personal privacy of 
vessel personnel. Taken as a whole, these rules strike the proper

[[Page 60527]]

balance between implementing the MTSA's provisions for deterring 
transportation security incidents and preserving constitutional rights 
to privacy, travel, and association.
    Four commenters asked for amendments to Sec. Sec.  105.255(c)(2) 
and 106.260(c)(2) to include coordination with aircraft identification 
systems, when practicable, in addition to coordination with vessel 
identification systems as a required access control measure.
    We agree with the commenters, and have amended Sec. Sec.  
105.255(c)(2) and 106.260(c)(2) to reflect this clarification. Most 
facilities, including OCS facilities, are accessible by multiple forms 
of transportation; therefore, coordination with identification systems 
used by those forms of transportation should enhance security.
    One commenter asked if the Coast Guard would issue guidelines on 
screening.
    The Coast Guard intends to coordinate with the Transportation 
Security Administration (TSA) and the Bureau of Customs and Border 
Protection (BCBP) in publishing guidance on screening to ensure that 
such guidance is consistent with intermodal policies and standards of 
TSA, and the standards and programs of BCBP for the screening of 
international passengers and cargo. Additionally, TSA is developing a 
list of items prohibited from being carried on board passenger vessels.
    One commenter asked if there is a difference between the terms 
``screening'' and ``inspection'' as used in Sec.  104.265(e)(2), 
requiring conspicuously posted signs.
    In 33 CFR subchapter H, the terms ``screening'' and ``inspection'' 
fully reflect the types of examinations that may be conducted under 
Sec. Sec.  104.265, 105.255, and 106.260. Therefore, both terms are 
included to maximize clarity.
    We received 10 comments regarding signage and posting of signs. Ten 
commenters stated that posting new signs required in Sec.  
104.265(e)(2) aboard unmanned barges to describe security measures in 
place is unnecessary because existing signs indicate that visitors are 
not permitted aboard. One commenter stated that the requirements in 
Sec.  105.255(e)(2) regarding signage are too prescriptive and believed 
that facilities should be allowed to post signs as they deem necessary 
and not attract additional attention.
    We disagree with the comment and believe that signs, appropriately 
posted, serve as a deterrent against unauthorized entry and provide 
awareness for facility security personnel. Although signage is 
primarily aimed at manned vessels, we extended this to all vessels 
because all vessels may on occasion be boarded by persons whose entry 
would subject them to possible screening. If existing signs accomplish 
this, the owner or operator is in compliance with the regulation.
    We received two comments on vehicle searches. One commenter stated 
that vehicle screenings prior to boarding vessels ``are not 
warranted.'' One commenter suggested that the government is responsible 
for vehicle inspections and searches.
    We disagree. Vehicles may be used to cause a transportation 
security incident. Therefore the screening of vehicles is warranted, 
and we have required the owner or operator to ensure this is done.
    We received comments from other Federal agencies requesting that 
government-owned vehicles on official business be exempt from screening 
or inspection. We have amended section 105.255(e)(1) and (f)(7) 
accordingly. This does not exempt government personnel from presenting 
identification credentials, on demand, for entry onto vessels or 
facilities.
    One commenter requested that owners or operators of small private 
facilities be exempt from the requirement to screen baggage, under 
Sec.  105.255, because they do not deal with passengers.
    Section 105.255(e)(1) states that owners or operators must screen 
baggage at the rate specified in the facility's approved security plan. 
Because Facility Security Plans are tailored to the specific facility, 
it is possible that an approved plan could have very different baggage-
screening provisions from a larger facility that serves multiple 
vessels. It is also possible that an approved plan could have 
provisions for coordinating baggage screening with vessels. However, we 
consider baggage screening an imperative security provision and have 
not exempted it in this final rule.
    Eight commenters suggested that access control aboard OCS 
facilities only be required when an unscheduled vessel is forced to 
discharge passengers for emergency reasons, and that the provisions of 
Sec.  105.255 and Sec.  106.260 be the responsibility of the shoreside 
facility and the vessel owner. The commenter stated that the need to 
duplicate the process at the facility is wasteful. The commenters asked 
for amendments to Sec.  105.255 and Sec.  106.260 in order to make 
clear that security controls should be established shoreside.
    The Coast Guard believes that access control must be established to 
ensure that the people on board any vessel or facility are identified 
and permitted to be there. We recognize that access control and 
personal identification checks at both the shoreside and OCS facility 
could be duplicative, and did not intend to require this duplication, 
unless needed. Our regulations provide the flexibility to integrate 
shoreside screening into OCS facility security measures. We note, 
however, that the OCS facility owner or operator retains ultimate 
responsibility for ensuring that access control measures are 
implemented. This means that, where integrated shoreside screening is 
implemented, the OCS facility owner or operator should have a means to 
verify that the shoreside screening is being done in accordance with 
the Facility Security Plan and these regulations. Even if integrated 
shoreside screening is arranged, the Facility Security Plan must also 
contain access control provisions for vessels or other types of 
transportation conveyances that do not regularly call on the OCS 
facility or might not use the designated shoreside screening process.
    One commenter asked for clarification on whether fencing was 
required and the dates by which the construction of the fences should 
be accomplished, stating that fences could make normal business 
operations difficult.
    The Coast Guard does not mandate fencing to prevent unauthorized 
access. Section 105.255 gives facility owners and operators the 
flexibility to implement those security measures that meet the specific 
performance standards for access control. Facilities must submit their 
security plan for approval by the Coast Guard on or before December 31, 
2003, and must be operating under a plan approved by the Coast Guard by 
July 1, 2004. If a facility owner or operator intends to make physical 
improvements, such as installing fencing, but has not done so, this can 
be addressed in the Facility Security Plan. However, until improvements 
have been made, equivalent security measures must be explained in the 
Facility Security Plan and implemented.
    In reviewing sections dealing with access control requirements, we 
noted an omission in text and are amending Sec.  104.265(b) to include 
a verb in the sentence for clarity. We are also mirroring this 
clarification in Sec. Sec.  105.255(b) and 106.260(b).
    Nine commenters were concerned about the designation of restricted 
areas. Six commenters requested that the Coast Guard clarify the 
wording in

[[Page 60528]]

Sec. Sec.  104.270(b) and 105.260(b) that states ``Restricted areas 
must include, as appropriate:'' because it is contradictory to impose a 
requirement with the word ``must,'' while offering the flexibility by 
stating ``as appropriate.'' One commenter stated that the provision 
that allows owners or operators to designate their entire facility as a 
restricted area could result in areas being designated as restricted 
without any legitimate security reason.
    We believe that the current wording of Sec. Sec.  104.270(b), 
105.260(b), and 106.265(b) is acceptable. While the word ``must'' 
requires owners or operators to designate restricted areas, the word 
``appropriate'' allows flexibility for owners or operators to restrict 
areas that are significant to their operations. The regulations provide 
for the entire facility to be designated as a restricted area, whereby 
a facility owner or operator would then be required to provide 
appropriate security measures to prevent unauthorized access into the 
entire facility.
    One commenter asked us to provide alternatives, including the use 
of locks, to the restricted-access control measures specified in Sec.  
105.260(d).
    The measures specified in Sec.  105.260(d) do not constitute an 
exclusive list; however, in Sec.  105.260(d)(2) we specifically provide 
for the use of measures to secure access points that are not in active 
use, and this could include the use of locks.
    One commenter stated that his facility could not implement the 
requirements of Sec.  105.260(e)(4) regarding restricting parking 
adjacent to vessels because the facility does not own the area where 
those vehicles are parked. The commenter also stated that the facility 
does not own the area where vessels are unloaded.
    Designating the area of the facility that is adjacent to a vessel a 
restricted area is of importance because vehicles may be used to cause 
a transportation security incident. Section 105.260(b)(1) requires, as 
appropriate, that areas adjacent to a vessel be designated as a 
restricted area. Section 105.260(e)(4) further emphasizes the 
importance of limiting parking near a vessel during heightened threat. 
The specific security measures implemented at the facility will be 
based on the Facility Security Assessment and Facility Security Plan, 
which expressly account for the facility's specific operations and the 
vessels it receives. Under certain circumstances, as documented in the 
facility security assessment report, it may be appropriate to park a 
properly screened vehicle alongside a vessel. However, in other 
circumstances it may be inappropriate based on the type of cargo and 
vessel involved and the current MARSEC Level. One way for a facility 
operator to restrict parking near the vessel is to coordinate 
arrangements with the neighboring facility owner so the area can be 
controlled. The Coast Guard will take into account issues concerning 
the individual responsibilities and jurisdiction of operators and the 
owners when reviewing the Facility Security Plan.
    Two commenters suggested that Sec.  105.265, ``Security Measures 
for Handling Cargo'' should state that it is applicable only to 
facilities that receive vessels that handle cargo.
    We agree that only facilities that receive vessels that handle 
cargo should comply with Sec.  105.265. Facilities that receive vessels 
that do not handle cargo do not have to comply with Sec.  105.265.
    One commenter stated that the language in Sec.  105.265(c) does not 
define the term ``active.'' The commenter wanted to know if the Coast 
Guard has developed an internal interpretation as to what is meant by 
``active'' access points and whether it is appropriate to assume that 
the facility has the discretion of identifying those access points.
    Access points to the facility that can be used for entering or 
exiting a facility should be blocked during heightened security levels. 
Any access point to a facility that can be used for entering or exiting 
a facility is considered an active access point.
    Three commenters asked for editorial revisions in Sec.  105.265(a). 
One commenter asked us to revise Sec.  105.265(a)(2), which requires 
facilities to ``prevent cargo that is not meant for carriage from being 
accepted and stored.'' The commenter stated that the section, as 
written, would preclude facilities from engaging in some legitimate 
activities such as warehousing or temporary storage. One commenter 
suggested adding the word ``unidentified'' before the word ``cargo'' in 
Sec.  105.265(a)(6) because some facilities only store goods and do not 
transport them. One commenter asked why the term ``location'' is used 
twice in Sec.  105.265(a)(9).
    We agree with the commenter that many waterfront facilities may be 
used for warehousing or temporary storage of goods, etc., that are not 
intended for carriage in maritime commerce. We have amended Sec.  
105.265(a)(2) to make it clear that facility owners or operators can 
store items that will not be shipped in maritime commerce if they do so 
knowingly. We have not added the word ``unidentified'' in this 
amendment because only identified items can be stored. We have reviewed 
and agree that the use of the word ``location'' twice in Sec.  
105.265(a)(9) is redundant. We have amended this section to remove the 
redundancy.
    One commenter asked us to confirm its inference that Sec.  
105.265(a)(6) allows for the legitimate accumulation of cargo for a yet 
to be determined vessel, or for operational reasons by either the 
vessel or facility operator.
    We agree with the commenter's interpretation. Facility owners or 
operators may accept cargo that does not have a confirmed date for 
loading, if they determine that it is appropriate to do so under the 
circumstances.
    Three commenters requested clarification on the restrictions of 
cargo entering a facility. Two commenters asked us to clarify the 
requirements in Sec.  105.265(a)(6) so that its restriction on entry of 
cargo to a facility would only apply to break-bulk and packaged cargo 
shipments, and would exclude bulk-liquid facilities. One commenter 
asked us to exempt bulk cargo facilities from the requirements of Sec.  
105.265.
    We disagree with the commenters. The intent of this regulation is 
to ensure that only those cargoes that have a legitimate reason for 
being at the facility are allowed entry. By excluding certain cargoes, 
as suggested by the commenters, the intent of the regulation would be 
weakened, and we do not see an improvement in security derived from the 
suggestion.
    Fourteen commenters stated that the requirements in Sec.  104.275 
regarding cargo handling are overly burdensome and difficult to 
implement. One commenter suggested that the regulations ensure that 
empty containers be opened and inspected. Three commenters stated it is 
not possible for a vessel owner or operator to ensure that cargo is not 
tampered with prior to being loaded, to identify cargo being brought on 
board, or to check cargo for dangerous substances. One commenter stated 
that imports should be screened at the loading port, not after they 
arrive in the U.S., and that the U.S. focus should be on knowing with 
whom vessel owners and operators are doing business. One commenter 
urged that the final rule clarify whether coordinating security 
measures with the shipper or other responsible party is mandatory. One 
commenter stated that checking cargo for dangerous substances and 
devices is a governmental function. Three commenters stated that the 
requirement in Sec.  105.265(a)(9) to maintain a continuous inventory 
of all dangerous goods and hazardous substances passing through the 
facility

[[Page 60529]]

is unnecessarily burdensome and should be deleted.
    We recognize that screening for dangerous substances and devices is 
a complex and technically difficult task to implement. We have amended 
Sec. Sec.  104.275 and 105.265 to clarify that cargo checks should be 
focused on the cargo, containers, or other cargo transport units 
arriving at or on the facility or vessel to detect evidence of 
tampering or to prevent cargo that is not meant for carriage from being 
accepted and stored at the facility without the knowing consent of the 
facility owner or operator. Screening of vehicles remains a requirement 
under these regulations; however, checking cargo containers may be 
limited to external examinations to detect signs of tampering, 
including checking of the integrity of seals. The issue of cargo 
screening will be addressed by TSA, BCBP, and other appropriate 
agencies through programs such as the Customs-Trade Partnership Against 
Terrorism (C-TPAT), the Container Security Initiative (CSI), 
performance standards developed under section 111 of the MTSA, and the 
Secure Systems of Transportation (SST) under 46 U.S.C. 70116. The 
requirement to ensure the coordination of security measures with the 
shipper or other party aligns with the ISPS Code. It is intended that 
provisions be coordinated when there are regular or repeated cargo 
operations with the same shipper. This facilitates security between the 
shipper and the facility, therefore, we have made this type of 
coordination mandatory. We have, however, amended Sec. Sec.  
104.275(a)(5) and 105.265(a)(8) to clarify that this coordination is 
only required for frequent shippers. The requirements in Sec.  
105.265(a)(9) may be challenging to implement, but the requirements are 
consistent with the ISPS Code, part B. We believe that a continuous 
inventory of goods is important to the security of facilities, 
especially for those that handle dangerous goods or hazardous 
substances and may be involved in a transportation security incident.
    Ten commenters were concerned about health and occupational safety 
during inspection of cargo spaces. Five commenters raised this concern 
in connection with tank barges under Sec.  104.275(b) and (c) vessel 
security measures for handling cargo. Two other commenters raised the 
concern under the facility cargo handling requirements in Sec.  
105.265(b)(1) and (b)(4).
    Under Sec.  104.275, we provide flexibility in how cargo spaces 
must be checked. This allows owners and operators to take safety into 
account in devising cargo check procedures. To emphasize safety during 
cargo operations, we have amended Sec. Sec.  104.275(b)(1) and 
105.265(b)(1) to reflect that a check on cargo and cargo spaces should 
be done unless it is unsafe to do so. We did not amend Sec.  
104.275(b)(4) in a similar manner because if the check of seals or 
other methods used to prevent tampering is unsafe for vessel personnel 
to conduct, they should liaise with the facility to ensure this is 
done.
    One commenter requested changes in the MARSEC Level 2 cargo 
handling provisions of Sec.  105.265(c). The commenter stated that the 
container segregation provisions of paragraph (c)(5) are impractical, 
and that the provision in paragraph (c)(7) for limiting the number of 
locations where dangerous goods or hazardous substances are stored 
would merely create easier targets for terrorists.
    We agree that the requirement in Sec.  105.265(c)(5) could be 
impractical for the majority of cargo operations; however, it should be 
noted that this section lists various methods to use in order to meet 
MARSEC Level 2. It was neither an exhaustive list nor a mandated one. 
To list an alternative cargo handling option, we have changed Sec.  
105.265(c)(5) by removing the requirement for cargo segregation and 
replacing it with the option to coordinate cargo shipments with regular 
shippers as was mentioned in Sec.  105.265(a). This change now aligns 
the facility cargo handling security measures with those found in Sec.  
104.275 for vessels, as appropriate. We did not amend Sec.  
105.265(c)(7) because we believe there may be circumstances when the 
requirement is desirable because it facilitates other security measures 
such as monitoring and access control.
    Two commenters stated that fleeting facilities should not be exempt 
from the requirements for security measures for delivery of vessel 
stores and bunkers because at some fleeting areas, stores are put on 
board vessels, surveyors collect samples, and equipment repairs are 
completed.
    We believe that certain activities, such as provisions being put on 
board vessels, surveyors collecting samples, and equipment repairs done 
at the fleeting facility, occur so infrequently that they would be 
adequately covered by the security measures of the involved vessels or 
barges. Those fleeting facilities where these activities routinely 
occur should take those activities into consideration in their Facility 
Security Assessments.
    One commenter stated that, as detailed in Sec.  105.270, the 
facility's responsibilities for the security of vessel stores are 
excessive. The commenter said that anything beyond validating the 
vendor's identity and the stores order should be the government's 
responsibility.
    We disagree with the commenter. A facility is a vital link in the 
transfer of vessel stores from vendor to vessel. Our requirements focus 
on the safety and integrity of stores brought into the facility and on 
preserving stores from tampering while they are at the facility, and 
therefore help protect both the facility and those whom it serves.
    Two commenters stated that the facility's responsibilities for the 
security of vessel stores as detailed in Sec.  105.270 are less 
restrictive than security measures for handling cargo. The commenter 
recommended combining the security requirements for stores and bunkers 
with those requirements for handling cargo. One commenter stated that 
the delivery of vessel stores and bunkers are usually coordinated with 
the ship's agent and not the facility, and therefore the facility owner 
or operator should not be required to ensure that security measures are 
implemented.
    We disagree with the commenters. We allow for the owner or operator 
to enact scalable measures that can provide for different levels of 
security. The owner or operator may enact more stringent measures for 
stores and bunkers to match those for handling cargo if desired. 
However, procedures for vessel stores and bunkers are appreciably 
different than procedures for most other cargo handling and usually 
involve different personnel; therefore, we have retained the language 
in Sec.  105.270. Further, we believe that the facility owner or 
operator has the responsibility for providing appropriate security 
measures for all deliveries on the facility.
    We received ten comments questioning our use of the words 
``continuous'' or ``continuously'' in the regulations. Four commenters 
requested that we amend language in Sec.  104.245(b) by replacing the 
word ``continuous'' with the word ``continual,'' stating that 
``continuous'' implies that there must be constant and uninterrupted 
communications. One commenter requested that we amend language in Sec.  
104.285(a)(1) by replacing the word ``continuously'' with the word 
``continually,'' stating that ``continuously'' implies that there must 
be constant and uninterrupted application of the security measure. One 
commenter requested that we amend language in Sec.  106.275 to replace 
the word ``continuously'' with the word ``frequently.'' One commenter

[[Page 60530]]

recommended that instead of using the word ``continuously'' in Sec.  
105.275, the Coast Guard revise the definition of monitor to mean a 
``systematic process for providing surveillance for a facility.'' One 
commenter stated that the continuous monitoring requirements in Sec.  
106.275 place a significant burden on the owners and operators of OCS 
facilities because increased staff levels would be necessary to keep 
watch not only in the facility, but also in the surrounding area.
    We did not amend the language in Sec. Sec.  104.245(b) 105.235(b), 
or 106.240(b) because the sections require that communications systems 
and procedures must allow for ``effective and continuous 
communications.'' This means that vessel owners or operators must 
always be able to communicate, not that they must always be 
communicating. Similarly, Sec. Sec.  104.285, 105.275, and 106.275, as 
a general requirement, require vessel and facility owners or operators 
to have the capability to ``continuously monitor.'' This means that 
vessel and facility owners or operators must always be able to monitor. 
We have amended Sec. Sec.  104.285(b)(4) and 106.275(b)(4) to use the 
word ``continuously'' instead of ``continually'' to be consistent with 
Sec.  105.275(b)(1). This general requirement is further refined in 
Sec. Sec.  104.285, 105.275,and 106.275, in that the Vessel and 
Facility Security Plans must detail the measures sufficient to meet the 
monitoring requirements at the three MARSEC Levels.
    One commenter asked how the Coast Guard defines ``critical vessel-
to-facility interface operations'' that need to be maintained during 
transportation security incidents.
    Section 104.290(a) requires vessel owners or operators to ensure 
that the Vessel Security Officer and vessel security personnel can 
respond to threats and breaches of security and maintain ``critical 
vessel and vessel-to-facility interface operations,'' while paragraph 
(e) of that section requires non-critical operations to be secured in 
order to focus response on critical operations. The Coast Guard does 
not define the critical operations that need to be maintained during 
security incidents, because these will vary depending on a vessel's 
physical and operational characteristics, but requires each vessel to 
provide its own definition as part of its Vessel Security Plan. Section 
104.305(d) requires that they discuss and evaluate in the Vessel 
Security Assessment report key vessel measures and operations, 
including operations involving other vessels or facilities.
    Two commenters supported the exemption from this part for those 
facilities that have designated public access areas. One commenter 
suggested that ferries be exempted from screening unaccompanied 
baggage. One commenter recommended that we explicitly exempt public 
access areas from MARSEC Level 2 and 3 passenger screening and 
identification requirements.
    We do not intend to exempt unaccompanied baggage from screening 
since we believe that it is absolutely necessary to screen 
unaccompanied baggage. We have amended the regulations to clarify the 
requirements for passenger vessels, ferries, and public access areas in 
Sec.  105.285 and to exempt public access areas from the MARSEC Level 2 
and 3 passenger screening and identification requirements in Sec.  
105.110.
    One commenter asked us to define the term ``CDC facility'' used in 
Sec.  105.295, and recommended that the section should apply only when 
CDC is actually present on a facility.
    A CDC facility is a ``facility'' that handles ``certain dangerous 
cargo (CDC).'' Both of these terms are defined in Sec.  101.105. We 
disagree that Sec.  105.295 should apply only when CDC is actually 
present on a facility, because the measures required by the section 
must be taken in advance so that they can be implemented when CDC is 
present. It should be noted that when defining what constitutes a CDC, 
we referenced Sec.  160.204 to ensure consistency in Title 33. We are 
constantly reviewing and, when necessary, revising the CDC list based 
on additional threat and technological information. Changes to Sec.  
160.204 would affect the regulations in 33 CFR subchapter H because any 
changes to the CDC list would also affect the applicability of 
subchapter H. Any such change would be the subject of a future 
rulemaking.
    Six commenters inquired whether Sec.  105.295(b)(2) requires 
personnel to be present or if electronic equipment, such as cameras or 
monitors watched by personnel, may be used to satisfy the requirement.
    Cameras or monitors watched by personnel could be used to meet the 
requirements of Sec.  105.275, Security measures for monitoring, for 
MARSEC Level 1. However, the intent of Sec.  105.295(b)(2), Additional 
requirements--Certain Dangerous Cargo (CDC) facilities, is to provide a 
higher level of security at MARSEC Level 2 or 3 for facilities handling 
CDCs. Guards and patrols provide a visible deterrent which we believe 
is an appropriate higher standard of security for CDC facilities 
because of the risk they pose if involved in a transportation security 
incident. To clarify, we are amending Sec.  105.295(b)(2) by removing 
the words ``guard or'' to eliminate any ambiguity as to the need for a 
physical presence at a facility that handles CDC during MARSEC Levels 2 
and 3. The intent of these regulations is to provide a higher level of 
security for these facilities.
    Five commenters stated that the additional requirements for barges 
in fleeting facilities (as stated in Sec.  105.296) should only apply 
to CDC barges at MARSEC Level 1.
    We disagree that the additional requirements for barges in fleeting 
facilities should only apply to CDC barges at MARSEC Level 1. In order 
to protect the facilities and barges, the requirements applying to 
barges carrying CDC should also apply to those carrying cargoes subject 
to subchapters D or O at MARSEC Level 1.
    Nine commenters stated that barges with CDC, subject to 46 CFR 
subchapters D or O, should be segregated ``as appropriate,'' or based 
on the results of a security assessment, because segregation of tank 
barges can be impractical when trying to assemble or break down a mixed 
tow and may only create a more attractive target for would-be 
terrorists.
    We recognize that facility owners and operators need flexibility in 
storing and handling barges and have modified Sec.  105.296 by removing 
the requirement to segregate barges carrying CDC or cargos subject to 
46 CFR subchapters D or O. Instead, we have required barges carrying 
these cargoes to be kept within a restricted area. This will allow 
facility owners and operators to store other barges within the 
restricted area. The regulations do not prohibit or require that the 
assembly or break down of tows occur within the restricted area. The 
security measures that will be applied while assembling or breaking 
tows must be addressed in the Facility Security Plan. We have also 
amended, for clarity, the requirements of part 105 so that it only 
applies to those barges that carry cargo regulated under 46 CFR 
subchapters D or O in bulk by amending Sec. Sec.  105.105 and 105.296.
    Six commenters asked us to clarify whether Sec.  105.296 requires 
one towing vessel per 100 barges that carry CDC.
    As written, Sec.  105.296 requires one towing vessel per 100 
barges, which means any type of barge, irrespective of cargo. It should 
be noted that this requirement conforms to the existing 1-to-100 tug/
barge ratio that already exists in 33 CFR part 165 during high water 
conditions.
    Two commenters stated that most barge fleeting facilities are 
difficult to

[[Page 60531]]

access by land and patrolling the shoreside is impractical. One 
commenter stated that it would be very difficult to coordinate shore-
side patrols when the facility owner does not own the land.
    We recognize that it may be difficult to monitor or patrol remote 
barge fleeting facilities. However, we have determined that barge 
fleeting facilities may be involved in a transportation security 
incident if fleeting barges carry dangerous goods or hazardous 
substances. Section 105.296 does allow facility owners and operators to 
use monitoring in remote locations as an alternative to shore-side 
patrols.
    Two commenters encouraged the formal training of Coast Guard Port 
State Control officers in enforcing these regulations to include the 
details of security systems and procedures, the details of security 
equipment, and the elements of knowledge required of the Vessel 
Security Officer and Facility Security Officer.
    The Coast Guard conducts comprehensive training of its personnel 
involved in ensuring the safety and security of facilities and 
commercial vessels. We continually update our curriculum to encompass 
new requirements, such as the Port State Control provisions of the ISPS 
Code. This training, however, is beyond the scope of this rule.

Subpart C--Facility Security Assessment (FSA)

    This subpart describes the content and procedures for Facility 
Security Assessments.
    We received 22 comments pertaining to sensitive security 
information and its disclosure. Twelve commenters requested that the 
Coast Guard delete the requirements that the Facility Security 
Assessment or Vessel Security Assessment be included in the submission 
of the Facility Security Plan or Vessel Security Plan respectively, 
stating that the security assessments are of such a sensitive nature 
that risk of disclosure is too great. Four commenters stated that the 
form CG-6025 ``Facility Vulnerability and Security Measures Summary'' 
should be sufficient for the needs of the Coast Guard and would promote 
facility security. Two commenters stated that there are too many ways 
for the general public to gain access to sensitive security 
information. One commenter stated that it was not clear how the Coast 
Guard would safeguard sensitive security information. One commenter 
stated that training for personnel in parts of the Facility Security 
Plan should not require access to the Facility Security Assessment.
    Sections 104.405, 105.405, and 106.405 require that the security 
assessment report be submitted with the respective security plans. We 
believe that the security assessment report must be submitted as part 
of the security plan approval process because it is used to determine 
if the security plan adequately addresses the security requirements of 
the regulations. The information provided in form CG-6025 will be used 
to assist in the development of AMS Plans. The security assessments are 
not required to be submitted. To clarify that the report, not the 
assessment, is what must be submitted with the Vessel or Facility 
Security Plan, we are amending Sec.  104.305 to add the word ``report'' 
where appropriate. We have also amended Sec. Sec.  105.305 and 106.305 
for facilities and OCS facilities, respectively. Additionally, we have 
amended these sections so that the Facility Security Assessment report 
requirements mirror the Vessel Security Assessment report requirements. 
All of these requirements were included in our original submission to 
OMB for ``Collection of Information'' approval, and there is no 
associated increase in burden in our collection of information summary. 
We also acknowledge that security assessments and security assessment 
reports have sensitive security information within them, and that they 
should be protected from unauthorized access under Sec. Sec.  
104.400(c), 105.400(c), and 106.400(c). Therefore, we are amending 
Sec. Sec.  104.305, 105.305, and 106.305 to clarify that all security 
assessments, security assessment reports, and security plans need to be 
protected from unauthorized disclosure. The Coast Guard has already 
instituted measures to protect sensitive security information, such as 
security assessment reports and security plans, from disclosure.
    Ten commenters addressed the disclosure of security plan 
information. One commenter seemed to advocate making security plans 
public. One commenter was concerned that plans will be disclosed under 
the Freedom of Information Act (FOIA). One commenter requested that 
mariners and other employees whose normal working conditions are 
altered by a Vessel or Facility Security Plan be granted access to 
sensitive security information contained in that plan on a need-to-know 
basis. One commenter stated that Company Security Officers and Facility 
Security Officers should have reasonable access to AMS Plan information 
on a need-to-know basis. One commenter stated that the Federal 
government must preempt State law in instances of sensitive security 
information because of past experience with State laws that require 
full disclosure of public documents. Three commenters supported our 
conclusion that the MTSA and our regulations preempt any conflicting 
State requirements. Another commenter is particularly pleased to 
observe the strong position taken by the Coast Guard in support of 
Federal preemption of possible State and local security regimes. One 
commenter supported our decision to designate security assessments and 
plans as sensitive security information.
    Portions of security plans are sensitive security information and 
must be protected in accordance with 49 CFR part 1520. Only those 
persons specified in 49 CFR part 1520 will be given access to security 
plans. In accordance with 49 CFR part 1520 and pursuant to 5 U.S.C. 
552(b)(3), sensitive security information is generally exempt from 
disclosure under FOIA, and TSA has concluded that State disclosure laws 
that conflict with 49 CFR part 1520 are preempted by that regulation. 
46 U.S.C. 70103(d) also provides that the information developed under 
this regulation is not required to be disclosed to the public. However, 
Sec. Sec.  104.220, 104.225, 105.210, 105.215, 106.215, and 106.220 of 
these rules state that vessel and facility personnel must have 
knowledge of relevant provisions of the security plan. Therefore, 
vessel and facility owners or operators will determine which provisions 
of the security plans are accessible to crewmembers and other 
personnel. Additionally, COTPs will determine what portions of the AMS 
Plan are accessible to Company or Facility Security Officers.
    Information designated as ``sensitive security information'' is 
generally exempt under FOIA, and TSA has concluded that State 
disclosure laws that conflict with 49 CFR part 1520 are preempted by 
that regulation. 46 U.S.C. 70103(d) also provides that the information 
developed under this regulation is not required to be disclosed to the 
public.
    Two commenters stated that our regulations suggest that information 
designated as sensitive security information is exempt from FOIA. One 
commenter suggested that all documentation submitted under this rule be 
done pursuant to the Homeland Security Act of 2002, to afford a more 
legally definite protection against disclosure.
    ``Sensitive security information'' is a designation mandated by 
regulations promulgated by TSA and may be found

[[Page 60532]]

in 49 CFR part 1520. These regulations state that information 
designated as sensitive security information may not be shared with the 
general public. FOIA exempts from its mandatory release provisions 
those items that other laws forbid from public release. Thus, security 
assessments, security assessment reports, and security plans, which 
should be designated as sensitive security information, are all exempt 
from release under FOIA.
    We received four comments regarding the use of third party 
companies to conduct security assessments. Two commenters asked if we 
will provide a list of acceptable assessment companies because of the 
concern that the vulnerability assessment could ``fall into the wrong 
hands.'' One commenter requested that the regulations define 
``appropriate skills'' that a third party must have in order to aid in 
the development of security assessments. One commenter stated that the 
person or company conducting the assessment might not be reliable.
    We will not be providing a list of acceptable assessment companies, 
nor will we define ``appropriate skills.'' It is the responsibility of 
the vessel or facility owner or operator to vet companies that assist 
them in their security assessments. In the temporary interim rule (68 
FR 39254), we stated, ``we reference ISPS Code, part B, paragraph 4.5, 
as a list of competencies all owners and operators should use to guide 
their decision on hiring a company to assist with meeting the 
regulations. We may provide further guidance on competencies for 
maritime security organizations, as necessary, but do not intend to 
list organizations, provide standards within the regulations, or 
certify organizations.'' We require security assessments to be 
protected from unauthorized disclosures and will enforce this 
requirement, including through the penalties provision, in Sec.  
101.415.
    Six commenters suggested that a template for security assessments 
and plans be provided for affected entities. One commenter specifically 
asked for guidance templates for barge fleeting facilities.
    We intend to develop guidelines for the development of security 
assessments and plans. Additionally, the regulations allow owners and 
operators of facilities and vessels to implement Alternative Security 
Programs. This would allow owners and operators to participate in a 
development process with other industry groups, associations, or 
organizations. We anticipate that one such Alternative Security Program 
will include a template for barge fleeting facilities.
    One commenter requested that we allow a group of facilities that 
combine to act as an identified unit to be considered as an equivalency 
or add a definition of either ``port'' or ``port authority.'' The 
commenter also stated that part 105 should allow port security plans, 
developed by local government port authorities and approved by State 
authorities, to serve as equivalent security measures.
    We do not agree with adding a definition of ``port'' to recognize a 
group of facilities that combine to act as an identified unit. However, 
groups of facilities may work together to enhance their collective 
security and achieve the performance standards in the regulations. 
Locally developed port security plans may serve as an excellent 
starting point for those facilities located within the jurisdiction of 
a port authority. We believe that the provisions of Sec. Sec.  
105.300(b), 105.310(b), and 105.400(a) permit the COTP to approve a 
Facility Security Plan that covers multiple facilities, such as a co-
located group of facilities that share security arrangements, provided 
that the particular aspects and operations of each subordinate facility 
are addressed in the common assessment and security plan. A single 
Facility Security Officer for the port or port cooperative should be 
designated to facilitate this common arrangement. Finally, local 
security programs developed by entities such as a port authority or a 
port cooperative may be submitted to the Coast Guard for consideration 
as Alternative Security Programs in accordance with Sec.  101.120(c).
    Four commenters requested that the Company and the Facility 
Security Officers be given access to the ``vulnerability assessment'' 
done by the COTP to facilitate the development of the Facility Security 
Plan and ensure that the Facility Security Plan does not conflict with 
the AMS Plan.
    The AMS Assessments directed by the Coast Guard are broader in 
scope than the required Facility Security Assessments. The AMS 
Assessment is used in the development of the AMS Plan, and it is a 
collaborative effort between Federal, State, Indian Tribal and local 
agencies as well as vessel and facility owners and operators and other 
interested stakeholders. The AMS Assessments are sensitive security 
information. Access to these assessments, therefore, is limited under 
49 CFR part 1520 to those persons with a legitimate need-to-know (e.g., 
Facility Security Officers who need to align Facility Security Plans 
with the AMS Plan may be deemed to have need to know sensitive security 
information). In addition, the Coast Guard will identify potential 
conflicts between security plans and the AMS Plan during the Facility 
Security Plan approval process.
    Five commenters were concerned about the ability of private 
industry to assess threats. One commenter asked that we change Sec.  
105.300(d)(1) to read ``known security threats and known patterns,'' 
stating that private industry has not been provided detailed knowledge 
on security threats and patterns. One commenter stated that vessels and 
facilities are not capable of determining their risks because they lack 
knowledge about the activities of individuals seeking to do harm from 
locations off the vessel or facility. One commenter asserted that 
scenarios ``outside the domain of control'' of a vessel or facility 
owner or operator cannot be countered by private industry, and stated 
that the expertise requirement for those conducting risk assessments 
should be suggested, not mandatory. One commenter stated that industry 
should not be required to address mitigation strategies for chemical, 
nuclear, or biological weapons because they lack the necessary 
expertise.
    The intent of Sec.  105.300(d)(1) is that those facility personnel 
involved in conducting the Facility Security Assessment should have 
expertise in security threats and patterns or be able to draw upon 
third parties who have this expertise. Amending the language as 
suggested is not necessary because, as allowed in Sec.  105.300(c), the 
Facility Security Officer may use third parties in any aspect of the 
Facility Security Assessment if that party has the appropriate skills 
and knowledge. Expertise in assessing risks is crucial for establishing 
security measures to accurately counter the risks, and therefore we 
believe that expertise is required.
    One commenter requested that local agencies, rather than the Coast 
Guard, analyze security requirements, stating that his company has 
already spent a considerable amount of money complying with local 
standards.
    We disagree that local agencies should have the sole responsibility 
to review, approve, and ensure implementation of security measures as 
required under part 105. The MTSA gave the Coast Guard the authority to 
require areas, vessels, and facilities to implement security measures. 
We do not intend to delegate this authority to State or local agencies 
because we believe the system, as mandated by the MTSA, provides the 
necessary

[[Page 60533]]

nationwide consistency to strengthen maritime security without putting 
any particular State or region at a competitive economic disadvantage. 
We believe, however, that local security considerations are imperative 
in security plans. Our regulations do not mandate specific security 
measures; rather, they require the development and implementation of 
security assessments and plans. It is possible that security measures 
taken to date to fulfill State or local requirements will be sufficient 
to meet the new Federal requirements. These security measures may be 
accounted for in security assessments and should be fully documented in 
the security plans submitted to the Coast Guard. Local COTPs, who will 
review Facility Security Assessment reports and Facility Security Plans 
submitted under part 105, will be able to assess compliance and 
alignment with local, State, and Federal requirements.
    One commenter asked for clarification of the terms ``self 
assessments,'' ``security assessments,'' ``risk/threat assessments,'' 
and ``on-scene surveys.''
    Risk/threat assessments and self assessments are not specifically 
defined in the regulations, but refer to the general practices of 
assessing where a vessel or facility is at risk. The assessments 
required in parts 104 through 106 must take into account threats, 
consequences, and vulnerabilities; therefore, they are most 
appropriately titled ``security assessments.'' This title also aligns 
with the ISPS Code. To clarify that Sec. Sec.  101.510 and 105.205 
address security assessments required by subchapter H, we have amended 
these sections to change the term ``risk'' to the more accurate term 
``security.'' ``On-scene surveys'' are explained in the security 
assessment requirements of parts 104, 105, and 106. As explained in 
Sec.  104.305(b), for example, the purpose of an on-scene survey is to 
``verify or collect information'' required to compile background 
information and ``consists of an actual survey that examines and 
evaluates existing vessel protective measures, procedures, and 
operations.'' An on-scene survey is part of a security assessment.
    One commenter stated that if a Facility Security Assessment 
determines a threat that is outside the scope of what is appropriate to 
include in the Facility Security Plan, the threat should be included as 
part of the AMS Plan.
    We agree with the commenter. The AMS Plan is more general in nature 
and takes into account those threats that may affect the entire port, 
or a segment of the port. As such, the AMS Plan should be designed to 
take into account those threats that are larger in scope than those 
threats that should be considered for individual facilities. To focus 
the Facility Security Assessments on their port interface rather than 
the broader requirement, we have amended Sec. Sec.  105.305 
(c)(2)(viii), (ix) and 106.305 (c)(2)(v) to reflect that the assessment 
of the facility should take into consideration the use of the facility 
as a transfer point for a weapon of mass destruction and the impact of 
a vessel blocking the entrance to or area surrounding a facility. Two 
commenters addressed the requirements of analyzing a facility's threats 
under Sec.  105.305(c)(2) and (c)(3). One commenter said that the 
analysis of threats required by Sec.  105.305(c)(2) and (c)(3) should 
be addressed in the AMS Plan and not in the Facility Security Plan 
because threat assessment is a government responsibility. One commenter 
stated that the analysis of threat information should not be required 
in the Facility Security Assessment because the government is best 
situated to assess threats.
    We agree that threat analysis is part of the AMS Plan. However, a 
facility's security also depends in large part on how well the owner or 
operator assesses vulnerabilities that only he or she would know about 
and the consequences that could occur from the unique operations or 
location of the facility, as well as on the assessment of threats 
identified by the government. The facility's own assessment is 
imperative to the development of the Facility Security Plan that must 
identify these unique aspects and address them in a manner appropriate 
for the facility. Threat information, which will be issued by the Coast 
Guard or other agencies having knowledge of this type of information, 
should be considered in the Facility Security Assessment. In general, 
however, lacking specific threat assessment information, the facility 
owner or operator must assume that threats will increase against the 
vulnerable part of the facility and develop progressively increasing 
security measures, as appropriate.
    Three commenters asked how a company should assess the ``worse-case 
scenario'' regarding barges and their cargo.
    There are various methods of conducting a security assessment, 
several of which we outlined in Sec.  101.510. These assessment tools, 
the assessment requirements themselves as discussed in Sec. Sec.  
104.305, 105.305, and 106.305, and other assessment tools that have 
been developed by industry should enable owners or operators to 
evaluate the vulnerability and potential consequences of a 
transportation security incident involving the barge or the cargo it 
carries.
    Three commenters noted that vulnerability assessments should take 
into account the type of cargo handled or transported, especially if 
the cargo is CDC. One commenter stated that CDCs should be carefully 
considered. One commenter stated that the Coast Guard should also take 
into account the type of cargo handled during our review of a Facility 
Security Assessment and Plan. One commenter noted that there is a lower 
risk associated with Great Lakes facilities that primarily handle dry-
bulk cargoes.
    We agree that security assessments and security plans should take 
into account the type of cargo that is handled to maximize the focus of 
security efforts. During our review of all assessments and plans, the 
Coast Guard will take into consideration types of cargo handled or 
transported.
    After further review of subpart C of parts 104, 105, and 106, we 
noted the omission of detailing when the security assessment must be 
reviewed. Therefore, we are amending Sec. Sec.  104.310, 105.310, and 
106.310 to state that the security assessment must be reviewed and 
updated each time the security plan is revised and when the security 
plan is submitted for re-approval.
    Two commenters asked for clarification regarding the reference to 
Sec.  105.415, ``Amendment and audit,'' found in Sec.  105.310(a).
    We reviewed Sec.  105.310(a) and have corrected the reference to 
read ``Sec.  105.410.'' We meant for the Facility Security Assessment 
report to be included with the Facility Security Plan when that plan is 
submitted to the Coast Guard for approval under Sec.  105.410. We are 
also amending Sec. Sec.  105.415 and 106.310 to make similar 
corrections to references.

Subpart D--Facility Security Plan (FSP)

    This subpart describes the content, format, and processing 
requirements for Facility Security Plans.
    We received five comments asking which entity, the owner or 
operator, assumes responsibility for compliance and facility security. 
Two commenters noted that multiple companies may temporarily lease a 
``dock facility,'' and questioned if each is required to submit a 
Facility Security Plan along with the ``dock owner.'' One commenter 
stated that the landlord of a facility should develop and implement a 
security plan and the tenants at the facility should be included in the 
landlord's plan. One commenter believed that 33 CFR part

[[Page 60534]]

105 should be clarified to state that the facility owner is the entity 
responsible for implementing and ensuring compliance with the facility 
security requirements and facility operators should be requested to 
address activities that are otherwise under their control, and noted 
that the facility operator lacked the jurisdiction to implement 
security measures for the entire facility.
    The regulations require the owner or operator of a facility to 
submit a Facility Security Plan. If the facility is comprised of 
independent operators, then each operator is required to submit a 
Facility Security Plan unless the owner submits a plan that encompasses 
the operations of each operator. The submission of the security plan 
should be coordinated between the owner and operators. The Coast Guard 
will take into account issues concerning the individual 
responsibilities and jurisdiction of operators and owners when 
reviewing the security plan.
    One commenter requested that the ``Facility Vulnerability and 
Security Measures Summary'' (form CG-6025) be available in electronic 
format and that electronic submission be available.
    We agree, and have placed the form on our Port Security Directorate 
Web site: http://www.uscg.mil/hq/g-m/mp/index.htm. We are not, at this 
time, able to accept these forms electronically because we do not have 
a site capable of receiving sensitive security information. We are 
working on this issue, however, and hope to have this capability in the 
future.
    We received three comments regarding access by individuals to and 
from vessels moored at a facility. Two commenters recommended the 
language in Sec.  105.405(a)(6) be modified by adding: ``including 
procedures for personnel access through the facility to and from the 
ship'' to the end of the existing verbiage. One commenter recommended 
that facility owners or operators should limit access to vessels moored 
at the facility to those individuals and organizations that conduct 
business with the vessel, contending that the word ``visitors'' may be 
too broad.
    The intent of the wording in Sec.  105.405(a)(10) was to encompass 
the concept of ``including procedures for personnel access through the 
facility to and from the ship.'' However, the regulations provide 
flexibility to allow the facility to limit access to those visitors 
that have official business with the vessel.
    Three commenters recommended that this rule be amended to close 
``the gap'' in the plan-approval process to address the period of time 
between December 29, 2003, and July 1, 2004. Another commenter 
suggested submitting the Facility Security Plan for review and approval 
for a new facility ``within six months of the facility owner's or 
operator's intent of operating it.''
    We agree that the regulations do not specify plan-submission lead 
time for vessels, facilities, and OCS facilities that come into 
operation after December 29, 2003, and before July 1, 2004. The owners 
or operators of such vessels, facilities, and OCS facilities are 
responsible for ensuring they have the necessary security plans 
submitted and approved by July 1, 2004, if they intend to operate. We 
have amended Sec. Sec.  104.410, 105.410, and 106.410 to clarify the 
plan-submission requirements for the various dates before July 1, 2004, 
and after this date.
    One commenter stated that Sec.  105.410 regarding the Facility 
Security Plan approval process does not address what would occur if the 
COTP fails to approve or disapprove a plan in a timely manner and 
recommended that the rule include language stating that a timely 
submitted plan that is not approved by the COTP within 24 months be 
deemed to have interim approval.
    As stated in Sec.  105.120(b), if the plan has not been reviewed 
prior to July 1, 2004, the facility owner or operator will receive an 
acknowledgement letter from the COTP stating that the COTP has received 
the Facility Security Plan for review and approval. The facility may 
continue to operate so long as it remains in compliance with the 
submitted Facility Security Plan. We do not agree with the commenter 
that after 24 months, the facility should have interim approval by 
default.
    Thirty commenters commended the Coast Guard for providing an option 
for an Alternative Security Program as described in Sec.  101.120(b) 
and urged the Coast Guard to approve these programs as soon as 
possible.
    We believe the provisions in Sec.  101.120(b) will provide greater 
flexibility and will help owners and operators meet the requirements of 
these rules. We will review Alternative Security Program submissions in 
a timely manner to determine if they comply with the security 
regulations for their particular segment. Additionally, we have amended 
Sec. Sec.  104.410(a)(2), 105.410(a)(2), 106.410(a)(2), 105.115(a), and 
106.110(a) to clarify the submission requirements for the Alternative 
Security Program.
    One commenter recommended that the COTP not be required to approve 
Facility Security Plans; rather, the COTP should ``spot-check'' 
facilities to see if they adhere to their plans' procedures.
    We disagree. The ISPS Code requires contracting governments to 
approve facility security plans for facilities within their 
jurisdiction. Approval of a Facility Security Plan by the COTP ensures 
that the facility's plan aligns with the requirements of the ISPS Code, 
the MTSA, and these final rules. Compliance by the facility with the 
terms of its approved plan will be the subject of periodic Coast Guard 
inspection.
    After further review of the ``Submission and approval'' 
requirements in Sec. Sec.  101.120, 104.410, 105.410, and 106.410, we 
have amended the requirements to clarify that security plan submissions 
can be returned for revision during the approval process.
    We received 15 comments about the process of amending and updating 
the security plans. Five commenters requested that they be exempted 
from auditing whenever they make minimal changes to the security plans. 
Two commenters stated that it should not be necessary to conduct both 
an amendment review and a full audit of security plans upon a change in 
ownership or operational control. Three commenters requested a de 
minimis exemption to the requirement that security plans be audited 
whenever there are modifications to the vessel or facility. Seven 
commenters stated that the rule should be revised to allow the 
immediate implementation of security measures without having to propose 
an amendment to the security plans at least 30 days before the change 
is to become effective. The commenters stated that there is something 
``conceptually wrong'' with an owner or operator having to submit 
proposed amendments to security plans for approval when the amendments 
are deemed necessary to protect vessels or facilities.
    The regulations require that upon a change in ownership of a vessel 
or facility, the security plan must be audited and include the name and 
contact information of the new owner or operator. This will enable the 
Coast Guard to have the most current contact information. Auditing the 
security plan is required to ensure that any changes in personnel or 
operations made by the new owner or operator do not conflict with the 
approved security plan. The regulations state that the security plan 
must be audited if there have been significant modifications to the 
vessel or facility, including, but not limited to, their physical 
structure, emergency response procedures, security measures, or 
operations. These all represent significant modifications. Therefore, 
we are not going to create an exception in the regulation. We recognize 
that the

[[Page 60535]]

regulations requiring that proposed amendments to security plans be 
submitted for approval 30 days before implementation could be construed 
as an impediment to taking necessary security measures in a timely 
manner. The intent of this requirement is to ensure that amendments to 
the security plans are reviewed to ensure they are consistent with and 
supportable by the security assessments. It is not intended to be, nor 
should it be, interpreted as precluding the owner or operator from the 
timely implementation of additional security measures above and beyond 
those enumerated in the approved security plan to address exigent 
security situations. Accordingly we have amended Sec. Sec.  104.415, 
105.415, and 106.415 to add a clause that allows for the immediate 
implementation of additional security measures to address exigent 
security situations.
    One commenter stated that insignificant failures in the Facility 
Security Plan discovered during exercises should not result in the need 
to resubmit a Facility Security Plan.
    We believe that any failure of the Facility Security Plan during an 
exercise is a significant failure and, therefore, should be corrected. 
Section 105.415 provides that the COTP may determine that an amendment 
to a Facility Security Plan is required to maintain the facility's 
security.
    Five commenters asked about the need for independent auditors under 
Sec. Sec.  104.415 and 105.415. Two commenters recommended that we 
amend Sec.  105.415(b)(4)(ii) to read ``not have regularly assigned 
duties for that facility'' as this would allow flexibility for audits 
to be conducted by individuals with security-related duties as long as 
those duties are not at that facility.
    We believe that independent auditors are one, but not the only, way 
to conduct audits of Facility Security Plans. In both Sec. Sec.  
104.415 and 105.415, paragraph (b)(4) lists three requirements for 
auditors that, for example, could be met by employees of the same owner 
or operator who do not work at the facility or on the vessel where the 
audit is being conducted. Additionally, paragraph (b)(4) states that 
all of these requirements do not need to be met if impracticable due to 
the facility's size or the nature of the company.
    One commenter believed that Sec.  105.415 does not provide enough 
flexibility in performing the annual audits of Facility Security Plans.
    We disagree that the requirements of Sec.  105.415 are not flexible 
enough with respect to auditing, insofar as it provides an exception to 
the requirements when they are ``impractical due to the size and nature 
of the company or the facility personnel.''

Additional Changes

    After further review of this part, we made several non-substantive 
editorial changes, such as adding plurals and fixing noun, verb, and 
subject agreements. These sections include: Sec. Sec.  105.105(c)(1), 
105.106(a), 105.205(c)(3), 105.275(a)(1), and 105.400(b). In addition, 
the part heading in this part has been amended to align with all the 
part headings within this subchapter.

Regulatory Assessment

    This final rule is a ``significant regulatory action'' under 
section 3(f) of Executive Order 12866, Regulatory Planning and Review. 
The Office of Management and Budget has reviewed it under that Order. 
It requires an assessment of potential costs and benefits under section 
6(a)(3) of that Order. It is significant under the regulatory policies 
and procedures of Department of Homeland Security. A ``Cost Assessment 
and Final Regulatory Flexibility Analysis'' is available in the docket 
as indicated under ADDRESSES. A summary of comments on the assessment, 
our responses, and a summary of the assessment follow.
    Two commenters addressed the burdens involved in moving from MARSEC 
Level 1 to MARSEC Level 2. One strongly urged the Coast Guard to be 
cautious whenever contemplating raising the MARSEC Level because the 
commenter claimed that we estimated the cost to the maritime industry 
of increasing the MARSEC Level from 1 to 2 will be $31 million per day. 
The other commenter expressed doubt that a facility's security would be 
substantially increased by hiring local security personnel ``as 
required'' at MARSEC Level 2.
    We agree that each MARSEC Level elevation may have serious economic 
impacts on the maritime industry. We make MARSEC Level changes in 
conjunction with Department of Homeland Security to ensure that the 
maritime sector has deterrent measures in place commensurate with the 
nature of the threat to it and our nation. The financial burden to the 
maritime sector is one of many factors that we consider when balancing 
security measure requirements with economic impacts. Furthermore, we 
disagree with the first commenter's statement of our cost assessment to 
the maritime industry for an increase in MARSEC Level 1 to MARSEC Level 
2. In the Cost Assessment and Initial Regulatory Flexibility Act 
analyses for the temporary interim rules, we estimated that the daily 
cost of elevating the MARSEC Level from 1 to 2 is $16 million. We also 
disagree with the second commenter's inference that hiring local 
security personnel to guard a facility is required at MARSEC Level 2. 
Section 105.255 lists ``assigning additional personnel to guard access 
points'' as one of the enhanced security measures that a facility may 
take at MARSEC Level 2, but this can be done by reassigning the 
facility's own staff rather than by hiring local security personnel. 
Moreover it is only one of several MARSEC Level 2 security enhancements 
listed in Sec.  105.255(f), which is not an exclusive list.
    One commenter suggested taking into greater account the risk 
factors of the facility and vessel as a whole, rather than simply 
relying on one factor, such as the capacity of a vessel as well as the 
cost-benefit of facility security to all of the business entities that 
make up a facility.
    The Coast Guard considered an extensive list of risk factors when 
developing these regulations including, but not limited to, vessel and 
facility type, the nature of the commerce in which the entity is 
engaged, potential trade routes, accessibility of facilities, gross 
tonnage, and passenger capacity. Our Cost Assessments and Regulatory 
Flexibility Act Analyses for both the temporary interim rules and the 
final rules are available in the docket, and they account for companies 
as whole business entities, not individual vessels or facilities.
    One commenter stated that the Coast Guard should consider the 
impact of security regulations on facilities that face international 
competition.
    The Coast Guard has determined that these regulations will impose 
significant costs on regulated facilities, and has considered the 
consequences of that cost. We assessed the financial impact to small 
businesses in the Initial and Final Cost Assessments and Regulatory 
Flexibility Analyses, which are found in the dockets for these rules. 
We were unable to specifically determine, however, which facilities 
face international competition.
    Three commenters stated that the cost-benefit assessment in the 
temporary interim rule (68 FR 39276) (part 101) is questionable. One 
commenter noted that we did not use the most recent industry data. Two 
commenters stated that cost estimates might be close to accurate but 
that the benefits were based on assumptions that are difficult to 
measure.

[[Page 60536]]

    We used the most reliable economic data available to us from the 
U.S. Census Bureau among other government data sources. In the notice 
of public meeting (67 FR 78742, December 20, 2002), we presented a 
preliminary cost analysis and requested comments and data be submitted 
to assist us in drafting our estimates. We amended our cost estimates 
incorporating comments and input we received. While the analysis may or 
may not be useful to the reader, we must develop a regulatory 
assessment for all significant rules, as required by Executive Order 
12866.
    One commenter stated that Florida laws require a double-gating 
standard for certain shipyards, which poses an economic burden on 
affected facilities, and the State of Florida has yet to conduct an 
economic assessment of the economic burden.
    The economic impact of State security requirements is beyond the 
scope of these rules and is best addressed to the States imposing such 
requirements.

Cost Assessment

    For the purposes of good business practice or pursuant to 
regulations promulgated by other Federal and State agencies, many 
companies already have spent a substantial amount of money and 
resources to upgrade and improve security. The costs shown in this 
assessment do not include the security measures these companies have 
already taken to enhance security. Because the changes in this final 
rule do not affect the original cost estimates presented in the 
temporary interim rule (68 FR 39319) (part 105), the costs remain 
unchanged.
    We realize that every company engaged in maritime commerce will not 
implement this final rule exactly as presented in the assessment. 
Depending on each company's choices, some companies could spend much 
less than what is estimated herein while others could spend 
significantly more. In general, we assume that each company will 
implement this final rule differently based on the type of facilities 
it owns or operates and whether it engages in international or domestic 
trade.
    The population affected by this final rule is approximately 5,000 
facilities, and the estimated Present Value cost to these facilities is 
approximately present value $5.399 billion (2003 to 2012, 7 percent 
discount rate). Approximately present value $2.718 billion of this 
total is attributed to facilities engaged in the transfer of hazardous 
bulk liquids (petroleum, edible oils, and liquified gases). The 
remaining present value $2.681 billion is attributable to facilities 
that receive vessels on international voyages or carry more than 150 
passengers, or fleet barges carrying certain dangerous cargoes or 
subchapter D or O cargoes in bulk. During the initial year of 
compliance, the cost is attributable to purchasing and installing 
equipment, hiring security officers, and preparing paperwork. The 
initial cost is an estimated $1.125 billion (non-discounted, $498 
million for the facilities with hazardous bulk liquids, $627 million 
for the other facilities). Following initial implementation, the annual 
cost is an estimated $656 million (non-discounted, $341 million for the 
facilities with hazardous bulk liquids, $315 million for the other 
facilities).
    Approximately 51 percent of the initial cost is for installing or 
upgrading equipment, 30 percent for hiring and training Facility 
Security Officers, 14 percent for hiring additional security guards, 
and 5 percent for paperwork (Facility Security Assessments and Facility 
Security Plans). Following the first year, approximately 52 percent of 
the annual cost is for Facility Security Officers (cost and training), 
24 percent for security guards, 9 percent for paperwork (updating 
Facility Security Assessments and Facility Security Plans), 9 percent 
for operations and maintenance for equipment, and approximately 6 
percent for drills. The cost of facility security consists primarily of 
installing or upgrading equipment and designating Facility Security 
Officers.

Benefit Assessment

    This rule is one of six final rules that implement national 
maritime security initiatives concerning general provisions, Area 
Maritime Security, vessels, facilities, Outer Continental Shelf 
facilities, and Automatic Identification System (AIS). The Coast Guard 
used the National Risk Assessment Tool (N-RAT) to assess benefits that 
would result from increased security for vessels, facilities, OCS 
facilities, and areas. The N-RAT considers threat, vulnerability, and 
consequences for several maritime entities in various security-related 
scenarios. For a more detailed discussion on the N-RAT and how we 
employed this tool, refer to ``Applicability of National Maritime 
Security Initiatives'' in the temporary interim rule titled 
``Implementation of National Maritime Security Initiatives'' (68 FR 
39243) (part 101). For this benefit assessment, the Coast Guard used a 
team to calculate a risk score for each entity and scenario before and 
after the implementation of required security measures. The difference 
in before and after scores indicated the benefit of the proposed 
action.
    We recognized that the final rules are a ``family'' of rules that 
will reinforce and support one another in their implementation. We have 
ensured, however, that risk reduction that is credited in one rule is 
not also credited in another. For a more detailed discussion on the 
benefit assessment and how we addressed the potential to double-count 
the risk reduced, refer to ``Benefit Assessment'' in the temporary 
interim rule titled ``Implementation of National Maritime Security 
Initiatives'' (68 FR 39274) (part 101).
    We determined annual risk points reduced for each of the six final 
rules using the N-RAT. The benefits are apportioned among the Vessel, 
Facility, OCS Facility, AMS, and AIS requirements. As shown in Table 1, 
the implementation of facility security for the affected population 
reduces 473,659 risk points annually through 2012. The benefits 
attributable for part 101, General Provisions, were not considered 
separately since it is an overarching section for all the parts.

                             Table 1.--Annual Risk Points Reduced by the Final Rules
----------------------------------------------------------------------------------------------------------------
                                                     Annual risk points reduced by final rule
                                 -------------------------------------------------------------------------------
         Maritime entity              Vessel         Facility      OCS  facility
                                     security        security        security           AMS             AIS
----------------------------------------------------------------------------------------------------------------
Vessels.........................         778,633           3,385           3,385           3,385           1,317
Facilities......................           2,025         469,686  ..............           2,025  ..............
OCS Facilities..................              41  ..............           9,903  ..............  ..............
Port Areas......................             587             587  ..............         129,792             105
                                 -----------------

[[Page 60537]]

 
    Total.......................         781,285         473,659          13,288         135,202           1,422
----------------------------------------------------------------------------------------------------------------

    Once we determined the annual risk points reduced, we discounted 
these estimates to their present value (7 percent discount rate, 2003-
2012) so that they could be compared to the costs. We presented the 
cost effectiveness, or dollars per risk point reduced, in two ways: 
first, we compared the first-year cost and first-year benefit because 
first-year cost is the highest in our assessment as companies develop 
security plans and purchase equipment. Second, we compared the 10-year 
present value cost and the 10-year present value benefit. The results 
of our assessment are presented in Table 2.

               Table 2.--First-Year and 10-Year Present Value Cost and Benefit of the Final Rules
----------------------------------------------------------------------------------------------------------------
                                                                    Final rule
                                 -------------------------------------------------------------------------------
              Item                    Vessel         Facility      OCS  facility
                                     security        security        security           AMS            AIS*
----------------------------------------------------------------------------------------------------------------
First-Year Cost (millions)......            $218          $1,125              $3            $120             $30
First-Year Benefit..............         781,285         473,659          13,288         135,202           1,422
First-Year Cost Effectiveness ($/            279           2,375             205             890          21,224
 Risk Point Reduced)............
10-Year Present Value Cost                 1,368           5,399              37             477              26
 (millions).....................
10-Year Present Value Benefit...       5,871,540       3,559,655          99,863       1,016,074          10,687
10-Year Present Value Cost                   233           1,517             368             469          2,427
 Effectiveness ($/Risk Point
 Reduced).......................
----------------------------------------------------------------------------------------------------------------
* Cost less monetized safety benefit.

Small Entities

    Under the Regulatory Flexibility Act (5 U.S.C. 601-612), we have 
considered whether this final rule would have a significant economic 
impact on a substantial number of small entities. The term ``small 
entities'' comprises small businesses, not-for-profit organizations 
that are independently owned and operated and are not dominant in their 
fields, and governmental jurisdictions with populations of less than 
50,000. We have reviewed this final rule for potential economic impacts 
on small entities. A Final Regulatory Flexibility Analysis discussing 
the impact of this final rule on small entities is available in the 
docket where indicated under ADDRESSES.
    Our assessment (copy available in the docket) concludes that 
implementing this final rule may have a significant economic impact on 
a substantial number of small entities.
    There are approximately 1,200 companies that own facilities that 
will be affected by the final rule. We researched these companies, and 
found revenue and business size data for 581 of them (48 percent). Of 
the 581, we determined that 296 are small entities according to Small 
Business Administration standards.
    The cost of the final rule to each facility is dependent on the 
security measures already in place at each facility and on the relevant 
risk to a maritime transportation security incident. The final rule 
calls for specific security measures to be in place at each affected 
facility. We realize, however, that most facilities already have 
implemented security measures that may satisfy the requirements of this 
rule. For example, we note that every facility will develop a Facility 
Security Assessment and a Facility Security Plan, but not all of them 
may need to install or upgrade fences or lighting equipment.
    For this reason, we analyzed the small entities under two 
scenarios, a higher cost and lower cost scenarios. The higher cost 
scenario uses an estimated initial cost of $1,942,500 and its 
corresponding annual cost of $742,700. The higher cost scenario assumed 
extensive capital improvements will be undertaken by the facilities in 
addition to the cost of complying with the minimum requirements 
(assigning Facility Security Officers, drafting Facility Security 
Assessments, drafting Facility Security Plans, conducting training, 
performing drills, and completing Declarations of Security). The lower 
cost scenario used an initial cost of $133,500 and annual cost of 
$156,800 for complying with the minimum requirements in the final rule.
    In the higher cost scenario, we estimated that the annual revenues 
of 94 percent of the small entities may be impacted initially by more 
than 5 percent, while the annual revenues of 80 percent of the small 
entities may be impacted annually by more than 5 percent. In the lower 
cost scenario, we found that the annual revenues of 57 percent of the 
small entities may be impacted initially and annually by more than 5 
percent.

Assistance for Small Entities

    Under section 213(a) of the Small Business Regulatory Enforcement 
Fairness Act of 1996 (Pub. L. 104-121), we offered to assist small 
entities in understanding the rule so that they could better evaluate 
its effects on them and participate in the rulemaking. We provided 
small entities with a name, phone number, and e-mail address to contact 
if they had questions concerning the provisions of the final rules or 
options for compliance.
    We have placed Small Business Compliance Guides in the dockets for 
the Area Maritime, Vessel, and Facility Security and the AIS rules. 
These Compliance Guides will explain the applicability of the 
regulations, as well as the actions small businesses will be

[[Page 60538]]

required to take in order to comply with each respective final rule. We 
have not created Compliance Guides for part 101 or for the OCS Facility 
Security final rule, as neither will affect a substantial number of 
small entities.
    Small businesses may send comments on the actions of Federal 
employees who enforce, or otherwise determine compliance with, Federal 
regulations to the Small Business and Agriculture Regulatory 
Enforcement Ombudsman and the Regional Small Business Regulatory 
Fairness Boards. The Ombudsman evaluates these actions annually and 
rates each agency's responsiveness to small business. If you wish to 
comment on actions by employees of the Coast Guard, call 1-888-REG-FAIR 
(1-888-734-3247).

Collection of Information

    This final rule contains no new collection of information 
requirements under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-
3520). As defined in 5 CFR 1320.3(c), ``collection of information'' 
comprises reporting, recordkeeping, monitoring, posting, labeling, and 
other similar actions. The final rules are covered by two existing OMB-
approved collections--1625-0100 (formerly 2115-0557) and 1625-0077 
(formerly 2115-0622).
    We received comments regarding collection of information; these 
comments are discussed within the ``Discussion of Comments and 
Changes'' section of this preamble. You are not required to respond to 
a collection of information unless it displays a currently valid OMB 
control number. We received OMB approval for these collections of 
information on June 16, 2003. They are valid until December 31, 2003.

Federalism

    Executive Order 13132 requires the Coast Guard to develop an 
accountable process to ensure ``meaningful and timely input by State 
and local officials in the development of regulatory policies that have 
federalism implications.'' ``Policies that have federalism 
implications'' is defined in the Executive Order to include regulations 
that have ``substantial direct effects on the States, on the 
relationship between the national government and the States, or on the 
distribution of power and responsibilities among the various levels of 
government.'' Under the Executive Order, the Coast Guard may construe a 
Federal statute to preempt State law only where, among other things, 
the exercise of State authority conflicts with the exercise of Federal 
authority under the Federal statute.
    This action has been analyzed in accordance with the principles and 
criteria in the Executive Order, and it has been determined that this 
final rule does have Federalism implications and a substantial direct 
effect on the States. This final rule requires those States that own or 
operate vessels or facilities that may be involved in a transportation 
security incident to conduct security assessments of their vessels and 
facilities and to develop security plans for their protection. These 
plans must contain measures that will be implemented at each of the 
three MARSEC Levels and must be reviewed and approved by the Coast 
Guard.
    Additionally, the Coast Guard has reviewed the MTSA with a view to 
whether we may construe it as non-preemptive of State authority over 
the same subject matter. We have determined that it would be 
inconsistent with the federalism principles stated in the Executive 
Order to construe the MTSA as not preempting State regulations that 
conflict with the regulations in this final rule. This is because 
owners or operators of facilities and vessels--that are subject to the 
requirements for conducting security assessments, planning to secure 
their facilities and vessels against threats revealed by those 
assessments, and complying with the standards, both performance and 
specific construction, design, equipment, and operating requirements--
must have one uniform, national standard that they must meet. Vessels 
and shipping companies, particularly, would be confronted with an 
unreasonable burden if they had to comply with varying requirements as 
they moved from State to State. Therefore, we believe that the 
federalism principles enumerated by the Supreme Court in U.S. v. Locke, 
529 U.S. 89 (2000) regarding field preemption of certain State vessel 
safety, equipment, and operating requirements extends equally to this 
final rule, especially regarding the longstanding history of 
significant Coast Guard maritime security regulation and control of 
vessels for security purposes. But, the same considerations apply to 
facilities, at least insofar as a State law or regulation applicable to 
the same subject for the purpose of protecting the security of the 
facility would conflict with a Federal regulation; in other words, it 
would either actually conflict or would frustrate an overriding Federal 
need for uniformity.
    Finally, it is important to note that the regulations implemented 
by this final rule bear on national and international commerce where 
there is no constitutional presumption of concurrent State regulation. 
Many aspects of these regulations are based on the U.S. international 
treaty obligations regarding vessel and port facility security 
contained in SOLAS and the complementary ISPS Code. These international 
obligations reinforce the need for uniformity regarding maritime 
commerce.
    Notwithstanding the foregoing preemption determinations and 
findings, the Coast Guard has consulted extensively with appropriate 
State officials, as well as private stakeholders during the development 
of this final rule. For these final rules, we met with the National 
Conference of State Legislatures (NCSL) Taskforce on Protecting 
Democracy on July 21, 2003, and presented briefings on the temporary 
interim rules to the NCSL's Transportation Committee on July 23, 2003. 
We also briefed several hundred State legislators at the American 
Legislative Exchange Council on August 1, 2003. We held a public 
meeting on July 23, 2003, with invitation letters to all State homeland 
security representatives. A few State representatives attended this 
meeting and submitted comments to a public docket prior to the close of 
the comment period. The State comments to the docket focused on a wide 
range of concerns including consistency with international requirements 
and the protection of sensitive security information.
    One commenter stated that there is a ``real cost'' to implementing 
security measures, and it is significant. The commenter stated that 
there is a disparity between Federal funding dedicated to air 
transportation and maritime transportation and that the Federal 
government should fund maritime security at a level commensurate with 
the relative security risk assigned to the maritime transportation 
mode. Further, the commenter stated that, in 2002, some State-owned 
ferries carried as many passengers as one of the State's busiest 
international airports and provided unique mass transit services; 
therefore, the commenter supported the Alternative Security Program 
provisions of the temporary interim rule to enable a tailored approach 
to security.
    The viability of a ferry system to provide mass transit to a large 
population is undeniable and easily rivals other transportation modes. 
We developed the Alternative Security Program to encompass operations 
such as ferry systems. We recognize the concern about the Federal 
funding

[[Page 60539]]

disparity between the maritime transportation mode and other modes; 
however, this disparity is beyond the scope of this rule.
    One commenter stated that while he appreciated the urgency of 
developing and implementing maritime security plans, the State would 
find it difficult to complete them based on budget cycles and building 
permit requirements. At the briefings discussed above, several NCSL 
representatives also voiced concerns over the short implementation 
period. In contrast, other NCSL representatives were concerned that 
security requirements were not being implemented soon enough.
    The implementation timeline of these final rules follows the 
mandates of the MTSA and aligns with international implementation 
requirements. While budget-cycle and permit considerations are beyond 
the scope of this rule, the flexibility of these performance-based 
regulations should enable the majority of owners and operators to 
implement the requirements using operational controls, rather than more 
costly physical improvement alternatives.
    One commenter stated that there should be national uniformity in 
implementing security regulations on international shipping.
    As stated in the temporary interim rule (68 FR 39277), we believe 
that the federalism principles enumerated by the Supreme Court in U.S. 
v. Locke, 529 U.S. 89 (2000), regarding field preemption of certain 
State vessel safety, equipment, and operating requirements extends 
equally to this final rule, especially regarding the longstanding 
history of significant Coast Guard maritime security regulations and 
control of vessels for security purposes. It would be inconsistent with 
the federalism principles stated in Executive Order 13132 to construe 
the MTSA as not preempting State regulations that conflict with this 
regulation. Vessels and shipping companies, particularly, would be 
confronted with an unreasonable burden if they had to comply with 
varying requirements as they move from state to state.
    Other concerns raised by the NCSL at the briefings mentioned above 
included questions on how the Coast Guard will enforce security 
standards on foreign flag vessels and how multinational crewmember 
credentials will be checked.
    We are using the same cooperative arrangement that we have used 
with success in the safety realm by accepting SOLAS certificates 
documenting flag-state approval of foreign SOLAS Vessel Security Plans 
that comply with the comprehensive requirements of the ISPS Code. The 
consistency of the international and domestic security regimes, to the 
extent possible, was always a central part of the negotiations for the 
MTSA and the ISPS Code. In the MTSA, Congress explicitly found that 
``it is in the best interests of the U.S. to implement new 
international instruments that establish'' a maritime security system. 
We agree and will exercise Port State Control to ensure that foreign 
vessels have approved plans and have implemented adequate security 
standards on which these rules are based. If vessels do not meet our 
security requirements, the Coast Guard may prevent those vessels from 
entering the U.S. or take other necessary measures that may result in 
vessel delays or detentions. The Coast Guard will not hesitate to 
exercise this authority in appropriate cases. We discuss the ongoing 
initiatives of ILO and the requirements under the MTSA to develop 
seafarers' identification criteria in the temporary interim rule titled 
``Implementation of National maritime Security Initiatives'' (68 FR 
39264) (part 101). We will continue to work with other agencies to 
coordinate seafarer access and credentialing issues. These final rules 
will also ensure that vessel and facility owners and operators take an 
active role in deterring unauthorized access.
    One commenter, as well as participants of the NCSL, noted that some 
State constitutions afford greater privacy protections than the U.S. 
Constitution and that, because State officers may conduct vehicle 
screenings, State constitutions will govern the legality of the 
screening. The commenter also noted that the regulations provide little 
guidance on the scope of vehicle screening required under the 
regulations.
    The MTSA and this final rule are consistent with the liberties 
provided by the U.S. Constitution. If a State constitutional provision 
frustrates the implementation of any requirement in the final rule, 
then the provision is preempted pursuant to Article 6, Section 2, of 
the U.S. Constitution. The Coast Guard intends to coordinate with TSA 
and BCBP in publishing guidance on screening.

Unfunded Mandates Reform Act

    The Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1531-1538) 
requires Federal agencies to assess the effects of their discretionary 
regulatory actions. In particular, the Act addresses actions that may 
result in the expenditure by a State, local, or Indian Tribal 
government, in the aggregate, or by the private sector of $100,000,000 
or more in any one year. This final rule is exempted from assessing the 
effects of the regulatory action as required by the Act because it is 
necessary for the national security of the U.S. (2 U.S.C. 1503(5)).
    We did not receive comments regarding the Unfunded Mandates Reform 
Act.

Taking of Private Property

    This final rule will not effect a taking of private property or 
otherwise have taking implications under Executive Order 12630, 
Governmental Actions and Interference with Constitutionally Protected 
Property Rights. We received comments regarding the taking of private 
property; these comments are discussed within the ``Discussion of 
Comments and Changes'' section of this preamble.

Civil Justice Reform

    This final rule meets applicable standards in sections 3(a) and 
3(b)(2) of Executive Order 12988, Civil Justice Reform, to minimize 
litigation, eliminate ambiguity, and reduce burden. We did not receive 
comments regarding Civil Justice Reform.

Protection of Children

    We have analyzed this final rule under Executive Order 13045, 
Protection of Children from Environmental Health Risks and Safety 
Risks. While this final rule is an economically significant rule, it 
does not create an environmental risk to health or risk to safety that 
may disproportionately affect children. We did not receive comments 
regarding the protection of children.

Indian Tribal Governments

    This final rule does not have tribal implications under Executive 
Order 13175, Consultation and Coordination with Indian Tribal 
Governments, because it does not have a substantial direct effect on 
one or more Indian tribes, on the relationship between the Federal 
Government and Indian tribes, or on the distribution of power and 
responsibilities between the Federal Government and Indian tribes. We 
did not receive comments regarding Indian Tribal Governments.

Energy Effects

    We have analyzed this final rule under Executive Order 13211, 
Actions Concerning Regulations That Significantly Affect Energy Supply, 
Distribution, or Use. We have determined that it is not a ``significant

[[Page 60540]]

energy action'' under that order. Although it is a ``significant 
regulatory action'' under Executive Order 12866, it is not likely to 
have a significant adverse effect on the supply, distribution, or use 
of energy. The Administrator of the Office of Information and 
Regulatory Affairs has not designated it as a significant energy 
action. Therefore, it does not require a Statement of Energy Effects 
under Executive Order 13211.
    This final rule has a positive effect on the supply, distribution, 
and use of energy. The final rule provides for security assessments, 
plans, procedures, and standards, which will prove beneficial for the 
supply, distribution, and use of energy at increased levels of maritime 
security.
    We did not receive comments regarding energy effects.

Environment

    We have considered the environmental impact of this final rule and 
concluded that under figure 2-1, paragraphs (34)(a) and (34)(c), of 
Commandant Instruction M16475.lD, this rule is categorically excluded 
from further environmental documentation. This final rule concerns 
security assessments, plans, training, and the establishment of 
security positions that will contribute to a higher level of marine 
safety and security for U.S. ports. A ``Categorical Exclusion 
Determination'' is available in the docket where indicated under 
ADDRESSES or SUPPLEMENTARY INFORMATION.
    This final rule will not significantly impact the coastal zone. 
Further, the execution of this final rule will be done in conjunction 
with appropriate State coastal authorities. The Coast Guard will, 
therefore, comply with the requirements of the Coastal Zone Management 
Act while furthering its intent to protect the coastal zone.

List of Subjects in 33 CFR Part 105

    Facilities, Maritime security, Reporting and recordkeeping 
requirements, Security measures.

    Dated: October 8, 2003.
Thomas H. Collins
Admiral, Coast Guard, Commandant.

0
Accordingly, the interim rule adding 33 CFR part 105 that was published 
at 68 FR 39315 on July 1, 2003, and amended at 68 FR 41916 on July 16, 
2003, is adopted as a final rule with the following changes:

PART 105--MARITIME SECURITY: FACILITIES

0
1. The authority citation for part 105 continues to read as follows:

    Authority: 33 U.S.C. 1226, 1231; 46 U.S.C. 70103; 50 U.S.C. 191; 
33 CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; Department of Homeland 
Security Delegation No. 0170.1.


0
2. Revise the heading to part 105 to read as shown above.

0
3. In Sec.  105.105--
0
a. Revise paragraphs (a)(2), (a)(3), and (a)(4) to read as set out 
below;
0
b. Add paragraphs (a)(5) and (a)(6) to read as set out below;
0
c. Revise paragraphs (c)(1) and (c)(3)(i) to read as set out below;
0
d. Remove paragraph (c)(3)(ii);
0
e. Redesignate paragraph (c)(3)(iii) as paragraph (c)(3)(ii):


Sec.  105.105  Applicability.

    (a) * * *
    (2) Facility that receives vessels certificated to carry more than 
150 passengers, except those vessels not carrying and not embarking or 
disembarking passengers at the facility;
    (3) Facility that receives vessels subject to the International 
Convention for Safety of Life at Sea, 1974, chapter XI;
    (4) Facility that receives foreign cargo vessels greater than 100 
gross register tons;
    (5) Facility that receives U.S. cargo vessels, greater than 100 
gross register tons, subject to 46 CFR chapter I, subchapter I, except 
for those facilities that receive only commercial fishing vessels 
inspected under 46 CFR part 105; or
    (6) Barge fleeting facility that receives barges carrying, in bulk, 
cargoes regulated by 46 CFR chapter I, subchapters D or O, or Certain 
Dangerous Cargoes.
* * * * *
    (c) * * *
    (1) A facility owned or operated by the U.S. that is used primarily 
for military purposes.
* * * * *
    (3) * * *
    (i) The facility is engaged solely in the support of exploration, 
development, or production of oil and natural gas and transports or 
stores quantities of hazardous materials that do not meet or exceed 
those specified in 49 CFR 172.800(b)(1) through (b)(6); or
* * * * *

0
4. In Sec.  105.106--
0
a. Revise paragraph (a), to read as set out below; and
0
b. In paragraph (b), after the word ``provides'', add the word 
``pedestrian''.


Sec.  105.106  Public access areas.

    (a) A facility serving ferries or passenger vessels certificated to 
carry more than 150 passengers, other than cruise ships, may designate 
an area within the facility as a public access area.
* * * * *

0
5. In Sec.  105.110, revise paragraph (b) and add paragraphs (c), (d), 
and (e) to read as follows:


Sec.  105.110  Exemptions.

* * * * *
    (b) A public access area designated under Sec.  105.106 is exempt 
from the requirements for screening of persons, baggage, and personal 
effects and identification of persons in Sec.  105.255(c), (e)(1), 
(e)(3), (f)(1), and (g)(1) and Sec.  105.285(a)(1).
    (c) An owner or operator of any general shipyard facility as 
defined in Sec.  101.105 is exempt from the requirements of this part 
unless the facility:
    (1) Is subject to parts 126, 127, or 154 of this chapter; or
    (2) Provides any other service to vessels subject to part 104 of 
this subchapter not related to construction, repair, rehabilitation, 
refurbishment, or rebuilding.
    (d) Public access facility. (1) The COTP may exempt a public access 
facility from the requirements of this part, including establishing 
conditions for which such an exemption is granted, to ensure that 
adequate security is maintained.
    (2) The owner or operator of any public access facility exempted 
under this section must:
    (i) Comply with any COTP conditions for the exemption; and
    (ii) Ensure that the cognizant COTP has the appropriate information 
for contacting the individual with security responsibilities for the 
public access facility at all times.
    (3) The cognizant COTP may withdraw the exemption for a public 
access facility at any time the owner or operator fails to comply with 
any requirement of the COTP as a condition of the exemption or any 
measure ordered by the COTP pursuant to existing COTP authority.
    (e) An owner or operator of a facility is not subject to this part 
if the facility receives only vessels to be laid-up, dismantled, or 
otherwise placed out of commission provided that the vessels are not 
carrying and do not receive cargo or passengers at that facility.

0
6. In Sec.  105.115--
0
a. Revise paragraph (a) to read as set out below; and

[[Page 60541]]

0
b. In paragraph (b), remove the date ``June 30, 2004'' and add, in its 
place, the date ``July 1, 2004'':


Sec.  105.115  Compliance dates.

    (a) On or before December 31, 2003, facility owners or operators 
must submit to the cognizant COTP for each facility--
    (1) The Facility Security Plan described in subpart D of this part 
for review and approval; or
    (2) If intending to operate under an approved Alternative Security 
Program, a letter signed by the facility owner or operator stating 
which approved Alternative Security Program the owner or operator 
intends to use.
* * * * *


Sec.  105.120  [Amended]

0
7. In Sec.  105.120--
0
a. In the introductory text, remove the words ``no later than'' and 
add, in their place, the words ``on or before''; and
0
b. In paragraph (c), after the words ``a copy of the Alternative 
Security Program the facility is using'', add the words[chyph] ``, 
including a facility specific security assessment report generated 
under the Alternative Security Program, as specified in Sec.  
101.120(b)(3) of this subchapter,''.

0
8. Revise Sec.  105.125 to read as follows:


Sec.  105.125  Noncompliance.

    When a facility must temporarily deviate from the requirements of 
this part, the facility owner or operator must notify the cognizant 
COTP, and either suspend operations or request and receive permission 
from the COTP to continue operating.

0
9. In Sec.  105.200--
0
a. Revise paragraph (b)(7) to read as set out below;
0
b. In paragraph (b)(8), remove the word ``and'';
0
c. Revise paragraph (b)(9) to read as set out below; and
0
d. Add paragraphs (b)(10) and (b)(11) to read as follows:


Sec.  105.200  Owner or operator.

* * * * *
    (b) * * *
    (7) Ensure coordination of shore leave for vessel personnel or crew 
change-out, as well as access through the facility for visitors to the 
vessel (including representatives of seafarers' welfare and labor 
organizations), with vessel operators in advance of a vessel's arrival. 
In coordinating such leave, facility owners or operators may refer to 
treaties of friendship, commerce, and navigation between the U.S. and 
other nations. The text of these treaties can be found on the U.S. 
Department of State's website at http://www.state.gov/s/l/24224.htm;
* * * * *
    (9) Ensure security for unattended vessels moored at the facility;
    (10) Ensure the report of all breaches of security and 
transportation security incidents to the National Response Center in 
accordance with part 101 of this chapter; and
    (11) Ensure consistency between security requirements and safety 
requirements.


Sec.  105.205  [Amended]

0
10. In Sec.  105.205--
0
a. In paragraph (b)(2)(iv), remove the word ``Risk'' and add, in its 
place, the word ``Security'';
0
b. In paragraph (c)(3), after the words ``if necessary'', remove the 
word ``if'' and add, in its place, the word ``that''; and
0
c. In paragraph (c)(11), remove the words ``Vessel Security Officers'' 
and add, in their place, the words ``Masters, Vessel Security Officers 
or their designated representatives''.


Sec.  105.215  [Amended]

0
11. In Sec.  105.215, in the introductory paragraph, after the words 
``in the following'', add the words ``, as appropriate''.

0
12. In Sec.  105.220, revise paragraph (a) to read as follows:


Sec.  105.220  Drill and exercise requirements.

    (a) General. (1) Drills and exercises must test the proficiency of 
facility personnel in assigned security duties at all MARSEC Levels and 
the effective implementation of the Facility Security Plan (FSP). They 
must enable the Facility Security Officer (FSO) to identify any related 
security deficiencies that need to be addressed.
    (2) A drill or exercise required by this section may be satisfied 
with the implementation of security measures required by the FSP as the 
result of an increase in the MARSEC Level, provided the facility 
reports attainment to the cognizant COTP.
* * * * *


Sec.  105.225  [Amended]

0
13. In Sec.  105.225(b)(1), remove the words ``each security training 
session'' and add, in their place, the words ``training under Sec.  
105.210''.

0
14. Revise Sec.  105.245(d) to read as follows:


Sec.  105.245  Declaration of Security (DoS).

* * * * *
    (d) At MARSEC Levels 2 and 3, the FSOs, or their designated 
representatives, of facilities interfacing with manned vessels subject 
to part 104, of this subchapter must sign and implement DoSs as 
required in (b)(1) and (2) of this section.
* * * * *


Sec.  105.255  [Amended]

0
15. In Sec.  105.255--
0
a. In paragraph (b), after the words ``ensure that'', add the words 
``the following are specified'';
0
b. In paragraph (b)(3), remove the words ``are established'';
0
c. In paragraph (c)(2), after the word ``vessels'', add the words ``or 
other transportation conveyances'';
0
d. In paragraph (e)(1), remove the words ``including delivery 
vehicles'' and, after the words ``approved FSP'' add the words ``, 
excluding government-owned vehicles on official business when 
government personnel present identification credentials for entry''; 
and
0
e. In paragraph (f)(7), remove the word ``Screening'' and add, in its 
place, the words ``Except for government-owned vehicles on official 
business when government personnel present identification credentials 
for entry, screening''.

0
16. In Sec.  105.265--
0
a. In paragraph (a)(2), after the words ``stored at the facility'', add 
the words ``without the knowing consent of the facility owner or 
operator'';
0
b. Revise paragraphs (a)(8) and (a)(9) to read as set out below;
0
c. Remove paragraph (a)(10);
0
d. In paragraph (b)(1), remove the word ``Routinely'', and add, in its 
place, the words ``Unless unsafe to do so, routinely'' and remove the 
words ``to deter'' and add, in their place, the words ``for evidence 
of'';
0
e. In paragraph (c)(1), remove the word ``port'' and remove the words 
``dangerous substances and devices to the facility and vessel'' and 
add, in their place, the words ``evidence of tampering''; and
0
f. Revise paragraph (c)(5) to read as follows:


Sec.  105.265  Security measures for handling cargo.

    (a) * * *
    (8) When there are regular or repeated cargo operations with the 
same shipper, coordinate security measures with the shipper or other 
responsible party in accordance with an established agreement and 
procedure; and
    (9) Create, update, and maintain a continuous inventory of all 
dangerous goods and hazardous substances from receipt to delivery 
within the facility, giving the location of those dangerous goods and 
hazardous substances.
* * * * *

[[Page 60542]]

    (c) * * *
    (5) Coordinating enhanced security measures with the shipper or 
other responsible party in accordance with an established agreement and 
procedures;
* * * * *


Sec.  105.275  [Amended]

0
17. In Sec.  105.275(a) introductory text, after the word ``patrols,'', 
remove the word ``and''.
0
18. In Sec.  105.285--
0
a. In paragraph (a) introductory text, remove the words ``At MARSEC 
Level 1'' and add, in their place, the words ``At all MARSEC Levels'';
0
b. In paragraph (a)(1), remove the words ``In a facility with no public 
access area designated under Sec.  105.106, establish'' and, add in 
their place, the word ``Establish'';
0
c. In paragraph (a)(5), remove the words ``and conduct screening of 
persons and personal effects, as needed''; and
0
d. Revise paragraphs (b) and (c) to read as follows:


Sec.  105.285  Additional requirements--passenger and ferry facilities.

* * * * *
    (b) At MARSEC Level 2, in addition to the requirements in paragraph 
(a) of this section, the owner or operator of a passenger or ferry 
facility with a public access area designated under Sec.  105.106 must 
increase the intensity of monitoring of the public access area.
    (c) At MARSEC Level 3, in addition to the requirements in paragraph 
(a) of this section, the owner or operator of a passenger or ferry 
facility with a public access area designated under Sec.  105.106 must 
increase the intensity of monitoring and assign additional security 
personnel to monitor the public access area.


Sec.  105.295  [Amended]

0
19. In Sec.  105.295(b)(2), remove the words ``guard or''.

0
20. Revise Sec.  105.296(a)(1) to read as follows:


Sec.  105.296  Additional requirements-barge facilities.

    (a) * * *
    (1) Designate one or more restricted areas within the barge 
fleeting facility to handle those barges carrying, in bulk, cargoes 
regulated by 46 CFR chapter I, subchapters D or O, or Certain Dangerous 
Cargoes;
* * * * *

0
21. In Sec.  105.305--
0
a. In paragraph (c)(2)(viii) remove the word ``Blockage'' and add, in 
its place, the words ``Impact on the facility and its operations due to 
a blockage'';
0
b. Revise paragraph (c)(2)(ix) to read as set out below; and
0
c. Add paragraphs (d)(3), (d)(4), (d)(5), and (e) to read as follows:


Sec.  105.305  Facility Security Assessment (FSA) requirements.

* * * * *
    (c) * * *
    (2) * * *
    (ix) Use of the facility as a transfer point for nuclear, 
biological, radiological, explosive, or chemical weapons;
* * * * *
    (d) * * *
    (3) The FSA report must list the persons, activities, services, and 
operations that are important to protect, in each of the following 
categories:
    (i) Facility personnel;
    (ii) Passengers, visitors, vendors, repair technicians, vessel 
personnel, etc.;
    (iii) Capacity to maintain emergency response;
    (iv) Cargo, particularly dangerous goods and hazardous substances;
    (v) Delivery of vessel stores;
    (vi) Any facility security communication and surveillance systems; 
and
    (vii) Any other facility security systems, if any.
    (4) The FSA report must account for any vulnerabilities in the 
following areas:
    (i) Conflicts between safety and security measures;
    (ii) Conflicts between duties and security assignments;
    (iii) The impact of watch-keeping duties and risk of fatigue on 
facility personnel alertness and performance;
    (iv) Security training deficiencies; and
    (v) Security equipment and systems, including communication 
systems.
    (5) The FSA report must discuss and evaluate key facility measures 
and operations, including:
    (i) Ensuring performance of all security duties;
    (ii) Controlling access to the facility, through the use of 
identification systems or otherwise;
    (iii) Controlling the embarkation of vessel personnel and other 
persons and their effects (including personal effects and baggage 
whether accompanied or unaccompanied);
    (iv) Procedures for the handling of cargo and the delivery of 
vessel stores;
    (v) Monitoring restricted areas to ensure that only authorized 
persons have access;
    (vi) Monitoring the facility and areas adjacent to the pier; and
    (vii) The ready availability of security communications, 
information, and equipment.
    (e) The FSA, FSA report, and FSP must be protected from 
unauthorized access or disclosure.

0
22. In Sec.  105.310--
0
a. In paragraph (a), remove the words ``Sec.  105.415 of this part'' 
and add, in its place, the text ``Sec.  105.410 of this part''; and
0
b. Add paragraph (c) to read as follows:


Sec.  105.310  Submission requirements.

* * * * *
    (c) The FSA must be reviewed and validated, and the FSA report must 
be updated each time the FSP is submitted for reapproval or revisions.


Sec.  105.400  [Amended]

0
23. In Sec.  105.400(b), in the second sentence remove the word 
``Format'', and add, in its place, the word ``Information''.

0
24. In Sec.  105.410--
0
a. Revise paragraphs (a) and (b) to read as set out below;
0
b. In paragraph (c)(1), remove the text ``, or'' and add, in its place, 
a semicolon;
0
c. Redesignate paragraph (c)(2) as paragraph (c)(3);
0
d. Add new paragraph (c)(2) to read as follows:


Sec.  105.410  Submission and approval.

    (a) On or before December 31, 2003, the owner or operator of each 
facility currently in operation must either:
    (1) Submit one copy of their Facility Security Plan (FSP) for 
review and approval to the cognizant COTP and a letter certifying that 
the FSP meets applicable requirements of this part; or
    (2) If intending to operate under an Approved Security Program, a 
letter signed by the facility owner or operator stating which approved 
Alternative Security Program the owner or operator intends to use.
    (b) Owners or operators of facilities not in service on or before 
December 31, 2003, must comply with the requirements in paragraph (a) 
of this section 60 days prior to beginning operations or by December 
31, 2003, whichever is later.
    (c) * * *
    (2) Return it for revision, returning a copy to the submitter with 
brief descriptions of the required revisions; or
* * * * *

0
25. In Sec.  105.415--
0
a. In paragraph (a)(1), remove the word ``FSP'' and add, in its place, 
the words ``Facility Security Plan (FSP)'';
0
b. In paragraph (a)(2), remove the words ``Sec.  105.415 of this 
subpart'' and add, in their place, the words ``Sec.  105.410 of this 
subpart'';
0
c. Redesignate paragraph (a)(3) as (a)(4);

[[Page 60543]]

0
d. Add new paragraph (a)(3) to read as set out below;
0
e. In newly redesignated paragraph (a)(4), remove the words ``Facility 
Security Plan (FSP)'' and add, in their place, the word ``FSP'', and 
remove the words ``Sec.  105.415 if this subpart'' and add, in their 
place, the words ``Sec.  105.410 of this subpart''; and
0
f. In paragraph (b)(5), remove the words ``Sec.  105.415 of this 
subpart'' and add, in their place, the word ``Sec.  105.410 of this 
subpart'';


Sec.  105.415  Amendment and audit.

    (a) * * *
    (3) Nothing in this section should be construed as limiting the 
facility owner or operator from the timely implementation of such 
additional security measures not enumerated in the approved FSP as 
necessary to address exigent security situations. In such cases, the 
owner or operator must notify the cognizant COTP by the most rapid 
means practicable as to the nature of the additional measures, the 
circumstances that prompted these additional measures, and the period 
of time these additional measures are expected to be in place.
* * * * *

0
26. In Appendix A to Part 105, revise the first page to Form CG-6025 to 
read as follows:
BILLING CODE 4910-15-U

[[Page 60544]]

Appendix A to Part 105--Facility Vulnerability and Security Measures 
Summary (Form CG-6025)
[GRAPHIC] [TIFF OMITTED] TR22OC03.000

[FR Doc. 03-26348 Filed 10-20-03; 8:45 am]
BILLING CODE 4910-15-C?