[Federal Register Volume 68, Number 204 (Wednesday, October 22, 2003)]
[Rules and Regulations]
[Pages 60545-60559]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 03-26349]



[[Page 60545]]

-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Coast Guard

33 CFR Part 106

[USCG-2003-14759]
RIN 1625-AA68


Outer Continental Shelf Facility Security

AGENCY: Coast Guard, DHS.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This final rule adopts, with changes, the temporary interim 
rule published on July 1, 2003, that provides security measures for 
mobile offshore drilling units (MODUs) not subject to the International 
Convention for the Safety of Life at Sea, 1974, and certain fixed and 
floating facilities on the Outer Continental Shelf (OCS) other than 
deepwater ports. This rule also requires the owners or operators of OCS 
facilities to designate security officers for OCS facilities, develop 
security plans based on security assessments and surveys, implement 
security measures specific to the OCS facility's operation, and comply 
with Maritime Security Levels. This rule is one in a series of final 
rules on maritime security in today's Federal Register. To best 
understand this rule, first read the final rule titled ``Implementation 
of National Maritime Security Initiatives'' (USCG-2003-14792), 
published elsewhere in today's Federal Register.

DATES: This final rule is effective November 21, 2003. On July 1, 2003, 
the Director of the Federal Register approved the incorporation by 
reference of certain publications listed in this final rule.

ADDRESSES: Comments and material received from the public, as well as 
documents mentioned in this preamble as being available in the docket, 
are part of docket USCG-2003-14759 and are available for inspection or 
copying at the Docket Management Facility, U.S. Department of 
Transportation, room PL-401, 400 Seventh Street SW., Washington, DC, 
between 9 a.m. and 5 p.m., Monday through Friday, except Federal 
holidays. You may also find this docket on the Internet at http://dms.dot.gov.

FOR FURTHER INFORMATION CONTACT: If you have questions on this final 
rule, call Lieutenant Greg Versaw (G-MPS-2), U.S. Coast Guard by 
telephone 202-267-4144 or by electronic mail [email protected]. If 
you have questions on viewing the docket, call Andrea M. Jenkins, 
Program Manager, Docket Operations, Department of Transportation, at 
telephone 202-366-0271.

SUPPLEMENTARY INFORMATION:

Regulatory Information

    On July 1, 2003, we published a temporary interim rule with request 
for comments and notice of public meeting titled ``Outer Continental 
Shelf Facility Security'' in the Federal Register (68 FR 39338). This 
temporary interim rule was one of a series of temporary interim rules 
on maritime security published in the July 1, 2003, issue of the 
Federal Register. On July 16, 2003, we published a document correcting 
typographical errors and omissions in that rule (68 FR 41916).
    We received a total of 438 letters in response to the six temporary 
interim rules by July 31, 2003. The majority of these letters contained 
multiple comments, some of which applied to the docket to which the 
letter was submitted, and some of which applied to a different docket. 
For example, we received several letters in the docket for the 
temporary interim rule titled ``Implementation of National Maritime 
Security Initiatives'' that contained comments in that temporary 
interim rule, plus comments on the ``Outer Continental Shelf Facility 
Security'' temporary interim rule. We have addressed individual 
comments in the preamble to the appropriate final rule. Additionally, 
we had several commenters submit the same letter to all six dockets. We 
counted these duplicate submissions as only one letter, and we 
addressed each comment within that letter in the preamble for the 
appropriate final rule. Because of statutorily imposed time constraints 
for publishing these regulations, we were unable to consider comments 
received after the period for receipt of comments closed on July 31, 
2003.
    A public meeting was held in Washington, DC, on July 23, 2003, and 
approximately 500 people attended. Comments from the public meeting are 
also included in the ``Discussion of Comments and Changes'' section of 
this preamble.
    In order to focus on the changes made to the regulatory text since 
the temporary interim rule was published, we have adopted the temporary 
interim rule and set out, in this final rule, only the changes made to 
the temporary interim rule. To view a copy of the complete regulatory 
text with the changes shown in this final rule, see http://www.uscg.mil/hq/g-m/mp/index.htm.

Background and Purpose

    A summary of the Coast Guard's regulatory initiatives for maritime 
security can be found under the ``Background and Purpose'' section in 
the preamble to the final rule titled ``Implementation of National 
Maritime Security Initiatives'' (USCG-2003-14792), published elsewhere 
in this issue of the Federal Register.

Discussion of Comments and Changes

    Comments from each of the temporary interim rules and from the 
public meeting held on July 23, 2003, have been grouped by topic and 
addressed within the preambles to the applicable final rules. If a 
comment applied to more than one of the six rules, we discussed it in 
the preamble to each of the final rules that it concerned. For example, 
discussions of comments that requested clarification or changes to the 
Declaration of Security procedures are duplicated in the preambles to 
parts 104, 105, and 106. Several comments were submitted to a docket 
that included topics not addressed in that particular rule, but were 
addressed in one or more of the other rules. This was especially true 
for several comments submitted to the docket of part 101 (USCG-2003-
14792). In such cases, we discussed the comments only in the preamble 
to each of the final rules that concerned the topic addressed.

Subpart A--General

    This subpart contains provisions concerning applicability, waivers, 
and other subjects of a general nature applicable to part 106.
    Two commenters proposed language to clarify the definition of ``OCS 
facility'' to make clear that the term includes Mobile Offshore 
Drilling Units (MODUs) when attached to the subsoil or seabed for the 
exploration, development, or production of oil or natural gas. One 
commenter suggested that this additional language would ``provide 
clarification regarding the applicability of'' part 106.
    The purpose of the broad definition of ``OCS facility'' in Sec.  
101.105 is to ensure that OCS facilities that are not regulated under 
part 106 will be covered by parts 101 through 103. The proposed 
additional language would not add clarity to part 106 because the 
applicability in Sec.  106.105 states that the section applies only to 
those MODUs that are operating for the purposes of engaging in the 
exploration, development, or production of oil, natural gas, or mineral 
resources.
    Two commenters suggested amending the definition of ``owner or 
operator'' so

[[Page 60546]]

that the definition includes, for OCS facilities: ``the lessee or the 
operator designated to act on behalf of the lessee in accordance with 
30 CFR part 250.'' One commenter sought clarification of the terms 
``owner or operator'' and suggested adding ``operational control is the 
ability to influence or control the physical or commercial activities 
pertaining to that facility for any period of time.''
    We disagree with adding the suggested language of the first 
commenter because we have concluded that the person with operational 
control is the best person to implement these regulations and, 
therefore, should be responsible for implementation. The language 
proposed would include a lessee regardless of whether or not that 
lessee maintains such operational control. We also disagree with adding 
the suggested language of the second comment because it would be 
unnecessarily limiting.
    Five commenters recommended changes to the definitions of 
``facility'' and ``OCS facility'' in Sec.  101.105 in order to clarify 
the applicability of parts 104, 105, and 106 to MODUs. Two commenters 
suggested adding language to the facility definition to specifically 
include MODUs that are not regulated under part 104, consistent with 
the definition of OCS facility. Another commenter stated that if we 
change the definition to include MODUs not regulated under part 104, 
then we also should add an explicit exemption for these MODUs from part 
105. Three commenters suggested deleting the words ``fixed or 
floating'' and the words ``including MODUs not subject to part 104 of 
this subchapter'' in Sec.  106.105 and adding a paragraph to read, 
``the requirements of this part do not apply to a vessel subject to 
part 104 of this subchapter.''
    With regard to the definition of ``facility'' and the suggested 
additional language regarding MODUs, the definition clearly 
incorporates MODUs that are not covered under part 104 and MODUs that 
are sufficiently covered under parts 101 through 103 and 106. 
Therefore, we are not amending our definition of facility nor 
incorporating the suggested explicit exemption from part 105 because 
these MODUs are excluded. We have, however, amended the applicability 
section of part 104 (Sec.  104.105) so that foreign flag, non-self 
propelled MODUs that meet the threshold characteristics set for OCS 
facilities are regulated by 33 CFR part 106, rather than 33 CFR part 
104. We have done so because MODUs act and function more like OCS 
facilities, have limited interface activities with foreign and U.S. 
ports, and their personnel undergo a higher level of scrutiny to obtain 
visas to work on the Outer Continental Shelf. These amendments to Sec.  
104.105 required us to add a definition for ``cargo vessel'' in Sec.  
101.105. With these changes, we believe the existing definitions of 
``facility'' and ``OCS facility'' in Sec.  101.105 are sufficient to 
conclusively identify those entities that are subject to parts 104, 
105, and 106. In addition, the definition of ``OCS facility,'' as 
written, ensures that these entities will be subject to relevant 
elements of an OCS Area Maritime Security (AMS) Plan. We believe the 
language in Sec.  106.105, read in concert with the amended Sec.  
104.105(a)(1), and the existing definitions in part 101, is sufficient 
to preclude MODUs that are in compliance with part 104 from being 
subject to part 106.
    We received four comments on the applicability of part 106 to 
certain OCS facilities. Three commenters stated that the operating 
conditions referenced in Sec.  106.105 should remain as written. A 
fourth commenter stated that the size criteria used in Sec.  106.105 
contains no support; that the regulations are a duplication of existing 
informal security measures; that the regulations do not define 
``adequate level of security'' and offer no support that scrutiny of 
personnel and cargo will, or has in the past, prevented terrorist 
attacks; that the rule imposes a huge paperwork and formal reporting 
burden; that training of employees to detect dangerous situations and 
devices on facilities located more than 100 miles from shore is 
unreasonable; that the security provided by the Declaration of Security 
is minimal; that there is no need for the OCS Facility Security 
Assessment; and that the OCS Facility Security Plan will offer no 
security from exterior threats.
    As discussed in the temporary interim rule titled ``Implementation 
of National Maritime Security Initiatives'' (68 FR 39250), we 
determined the applicability of part 106 for those facilities that may 
be involved in a transportation security incident. In developing part 
106 and the security measures in it, we deliberately reviewed and 
incorporated much of the pre-existing informal security measures to 
ensure standardization and minimize the burden to those in industry 
that have already voluntarily adopted standards. We have determined 
that the security measures in part 106 will reduce the likelihood of a 
transportation security incident by increasing the awareness of 
security threats to the OCS facility. We believe that the best means of 
deterring incidents is to reduce the vulnerabilities of the OCS 
facility to a security threat by ensuring that the owner or operator of 
that OCS facility increases their vigilance, awareness, and control 
over the vessels and persons that interact with the OCS facility. The 
OCS Facility Security Assessment and Plan are not envisioned to be the 
sole means of deterrence against security incidents. All of the 
security plans of the National Maritime Security Initiatives work in 
conjunction to reduce the vulnerability of the Marine Transportation 
System from various types of attacks originating from air, land, and 
sea. We recognize that we impose a requirement for the submission of 
assessments and plans to ensure compliance. To reduce the overall 
paperwork burden, we allow a single plan to cover multiple OCS 
facilities.
    After further review of Sec.  106.105 and discussion with the 
Minerals Management Service (MMS), we have determined that there may be 
OCS facilities acting as ``hubs'' for oil transportation that do not 
meet the production characteristics that are regulated under this part. 
However, due to unique local conditions, specific intelligence 
information, or other identifiable and articulable risk factors, these 
``hub'' facilities may be involved in a transportation security 
incident. Therefore, on a case-by-case basis, these ``hub'' facility 
operations will be reviewed and, if appropriate, a MARSEC Directive 
will be issued to address these circumstances.
    One commenter asked how OCS facilities not directly regulated under 
part 106 would be regulated.
    As indicated in Sec.  103.100, all facilities located in waters 
subject to the jurisdiction of the U.S. are covered by part 103 and 
must comply with the requirements in the AMS Plan, as developed by the 
AMS Committee.
    Six commenters requested that the Coast Guard establish, without 
delay, an AMS Committee for the OCS portion of the Gulf of Mexico as an 
essential step in moving the various Federal law enforcement agencies 
and industry toward a mutual understanding of the response to a 
transportation security incident on the OCS.
    We intend to cover the OCS facilities in the Gulf of Mexico by a 
single, District-wide AMS Plan. The establishment of an AMS Committee 
for the OCS facilities in the Gulf of Mexico was discussed at recent 
Gulf Safety Committee and National Offshore Safety Advisory Committee 
(NOSAC) meetings. We intend to form an AMS Committee for this area in 
the near future. Additionally, owners and operators of OCS facilities 
are encouraged to participate on the AMS

[[Page 60547]]

Committee of the COTP zone that is most relevant to their operations.
    Twelve commenters questioned our compliance dates. One commenter 
stated that because the June 2004 compliance date might not be easily 
achieved, the Coast Guard should consider a ``phased in approach'' to 
implementation. Four commenters asked us to verify our compliance date 
expectations and asked if a facility can ``gain relief'' from these 
deadlines for good reasons.
    The Maritime Transportation Security Act of 2002 (MTSA) requires 
full compliance with these regulations 1 year after the publication of 
the temporary interim rules, which were published on July 1, 2003. 
Therefore, a ``phased in approach'' will not be allowed. While 
compliance dates are mandatory, a vessel or facility owner or operator 
could ``gain relief'' from making physical improvements, such as 
installing equipment or fencing, by addressing the intended 
improvements in the Vessel or Facility Security Plan and explaining the 
equivalent security measures that will be put into place until 
improvements have been made.
    We are amending the dates of compliance in Sec.  106.110(a) and 
(b), Sec.  106.115, and Sec.  106.410(a) to align with the MTSA and the 
International Ship and Port Facility Security Code (ISPS Code) 
compliance dates.
    One commenter requested that we clarify Sec.  105.125, 
Noncompliance, to ``focus on only those areas of noncompliance that are 
the core building blocks of the facility security program'' stating 
that the section requires a ``self-report of every minor glitch in 
implementation.''
    We did not intend for Sec.  105.125 to not require self-reporting 
for minor deviations from these regulations if they are corrected 
immediately. We have clarified Sec. Sec.  104.125, 105.125, and 106.120 
to make it clear that owners or operators are required to request 
permission from the Coast Guard to continue operations when temporarily 
unable to comply with the regulations.
    Two commenters stated that in its control and compliance measures, 
the Coast Guard should clarify its legal authority to establish a 
security zone beyond its territorial sea.
    One basis for the Coast Guard to establish security zones in the 
Exclusive Economic Zone (EEZ) is pursuant to the Ports and Waterways 
Safety Act, 33 U.S.C. 1221 et seq. For example, consistent with 
customary international law, 33 U.S.C. 1226 provides the Coast Guard 
with authority to carry out or require measures, including the 
establishment of safety and security zones, to prevent or respond to an 
act of terrorism against a vessel or public or commercial structure 
that is located within the marine environment. 33 U.S.C. 1222 defines 
``marine environment'' broadly to include the waters and fishery 
resources of any area over which the United States asserts exclusive 
fishery management authority. The United States asserts exclusive 
fishery management authority in the EEZ.
    We received seven comments regarding waivers, equivalencies, and 
alternatives. Three commenters appreciated the flexibility of the Coast 
Guard in extending the opportunity to apply for a waiver or propose an 
equivalent security measure to satisfy a specific requirement. Four 
commenters requested detailed information regarding the factors the 
Coast Guard will focus on when evaluating applications for waivers, 
equivalencies, and alternatives.
    The Coast Guard believes that equivalencies and waivers provide 
flexibility for vessel and facility owners and operators with unique 
operations. Sections 104.130, 105.130, and 106.125 state that vessel or 
facility owners or operators requesting waivers for any requirement of 
part 104, 105, or 106 must include justification for why the specific 
requirement is unnecessary for that particular owner's or operator's 
vessel or facility or its operating conditions. Section 101.120 
addresses Alternative Security Programs and Sec.  101.130 provides for 
equivalencies to security measures. We intend to issue guidance that 
will provide more detailed information about the application procedures 
and requirements for waivers, equivalencies, and the Alternative 
Security Program.
    After further review of parts 101 and 104 through 106, we have 
amended Sec. Sec.  101.120(b)(3), 104.120(a)(3), 105.120(c), and 
106.115(c) to clarify that a vessel or facility that is participating 
in the Alternative Security Program must complete a vessel or facility 
specific security assessment report in accordance with the Alternative 
Security Program, and it must be readily available.

Subpart B--Outer Continental Shelf (OCS) Facility Security Requirements

    This subpart describes the responsibilities of the facility owner 
or operator and personnel relative to OCS facility security. It 
includes requirements for training, drills, recordkeeping, and 
Declarations of Security. It identifies specific security measures, 
such as those for access control, restricted areas, and monitoring.
    Two commenters suggested that the Coast Guard should not regulate 
security measures but should establish security guidelines based on 
facility type, in essence creating a matrix with ``risk-levels'' and 
suggested measures for facility security.
    We cannot establish only guidelines because the MTSA and the 
International Convention for Safety of Life at Sea, 1974 (SOLAS) 
require us to issue regulations. We have provided performance-based, 
rather than prescriptive, requirements in these regulations to give 
owners or operators flexibility in developing security plans tailored 
to vessels' or facilities' unique operations.
    One commenter asked who would be ensuring the integrity of security 
training and exercise programs.
    Since the events of September 11, 2001, the Coast Guard has 
developed a directorate responsible for port, vessel, and facility 
security. This directorate oversees implementation and enforcement of 
the regulations found in parts 101 through 106. Additionally, owners 
and operators of vessels and facilities will be responsible for 
recordkeeping regarding training, drills, and exercises, and the Coast 
Guard will review these records during periodic inspections.
    Five commenters supported the Coast Guard in not specifically 
defining training methods. Another commenter agrees with the Coast 
Guard's position that the owner or operator may certify that the 
personnel with security responsibilities are capable of performing the 
required functions based upon the competencies listed in the 
regulations. Two commenters stated that formal security training for 
Facility Security Officers and personnel with security related duties 
become mandatory as soon as possible. One commenter stated that they 
were concerned with the lack of formal training for Facility Security 
Officers.
    As we explained in the temporary interim rule (68 FR 39263) (part 
101), there are no approved courses for facility personnel and 
therefore, we intend to allow Facility Security Officers to certify 
that personnel holding a security position have received the training 
required to fulfill their security duties. Section 109 of the MTSA 
required the Secretary of Transportation to develop standards and 
curricula for the education, training, and certification of maritime 
security personnel, including Facility Security Officers. The Secretary 
delegated that authority to the Maritime

[[Page 60548]]

Administration (MARAD). MARAD has developed model training standards 
and curricula for maritime security personnel, including the Facility 
Security Officer. In addition, MARAD intends to develop course approval 
and certification requirements in the near future.
    In the final rule for ``Vessel Security'' published elsewhere in 
today's Federal Register we made amendments to the responsibilities of 
the Company Security Officer. In this final rule, we are making 
conforming amendments to Sec.  106.205(a)(2) to clarify that the 
Company Security Officer may also perform the duties of a Facility 
Security Officer.
    Nine commenters requested formal alternatives to Facility Security 
Officers, Company Security Officers, and Vessel Security Officers much 
like the requirements of the Oil Pollution Act of 1990, that allow for 
alternate qualified individuals.
    Parts 104, 105, and 106 provide flexibility for a Company, Vessel, 
or Facility Security Officer to assign security duties to other vessel 
or facility personnel under Sec. Sec.  104.210(a)(4), 104.215(a)(5), 
105.205(a)(3), and 106.210(a)(3). An owner or operator is also allowed 
to designate more than one Company, Vessel, or Facility Security 
Officer. Because Company, Vessel, or Facility Security Officer 
responsibilities are key to security implementation, vessel and 
facility owners and operators are encouraged to assign an alternate 
Company, Vessel, or Facility Security Officer to coordinate vessel or 
facility security in the absence of the primary Company, Vessel, or 
Facility Security Officer.
    One commenter stated that allowing the Vessel Security Officer and 
Facility Security Officer to perform collateral non-security duties is 
not an adequate response to risk.
    Security responsibilities for the Company, Vessel, and Facility 
Security Officers in parts 104, 105, and 106 may be assigned to a 
dedicated individual if the owners or operators believe that the 
responsibilities and duties are best served by a person with no other 
duties.
    Forty-one commenters requested that Sec. Sec.  104.225, 105.215, 
and 106.220 be either reworded or eliminated because the requirement to 
provide detailed security training to all contractors who work in a 
vessel or facility or to facility employees, even those with no 
security responsibilities such as a secretary or clerk, is impractical, 
if not impossible. The commenters stated that, unless a contractor has 
specific security duties, a contractor should only need to know how, 
when, and to whom to report anything unusual as well as how to react 
during an emergency. One commenter suggested adding a new section that 
listed specific training requirements for contractors and venders.
    The requirements in Sec. Sec.  104.225, 105.215, and 106.220 are 
meant to be basic security and emergency procedure training 
requirements for all personnel working in a vessel or facility. In most 
cases, the requirement is similar to the basic safety training given to 
visitors to ensure they do not enter areas that could be harmful. To 
reduce the burden of these general training requirements, we allowed 
vessel and facility owners and operators to recognize equivalent job 
experience in meeting this requirement. However, we believe contractors 
need basic security training as much as any other personnel working on 
the vessel or facility. Depending on the vessel or facility, providing 
basic security training (e.g., how and when to report information, to 
whom to report unusual behaviors, how to react during a facility 
emergency) could be sufficient. To emphasize this, we have amended 
Sec. Sec.  104.225, 105.215, and 106.220 to clarify that the owners or 
operators of vessels and facilities must determine what basic security 
training requirements are appropriate for their operations.
    One commenter agreed with our inclusion of tabletop exercises as a 
cost-effective means of exercising the security plan.
    Nine commenters stated that companies should be able to take credit 
toward fulfilling the drill and exercise requirements for actual 
incidents or threats, as under Sec.  103.515.
    We agree that, during an increased MARSEC Level, vessel and 
facility owners and operators may be able to take credit for 
implementing the higher security measures in their security plans. 
However, there are cases where a vessel or facility implementing a 
Vessel or Facility Security Plan may not attain the higher MARSEC Level 
or otherwise not be required to implement sufficient provisions of the 
plan to qualify as an exercise. Therefore, we have amended parts 104, 
105, and 106 to allow an actual increase in MARSEC Level to be credited 
as a drill or an exercise if the increase in MARSEC Level meets certain 
parameters. In the case of OCS facilities, this type of credit must be 
approved by the Coast Guard in a manner similar to the provision found 
in Sec.  103.515 for the AMS Plan requirements.
    Two commenters recommended that a sentence be added to the end of 
Sec.  105.225(b)(1) that reads: ``Short domain awareness and other 
orientation type training that may be given to contractor and other 
personnel temporarily at the facility and not involved in security 
functions need not be recorded.'' The commenters stated that this 
change would eliminate the unnecessary recordkeeping for this general 
``domain awareness'' training.
    We agree that the recordkeeping requirements in Sec.  105.225 for 
training are broad and may capture training that, while necessary, does 
not need to be formally recorded. Therefore, we have amended the 
requirements in Sec.  105.225(b)(1) to only record training held to 
meet Sec.  105.210. We have also made corresponding changes to Sec.  
104.235(b)(1) and 106.230(b)(1).
    We received 28 comments regarding communication of changes in the 
MARSEC Levels. Most commenters were concerned about the Coast Guard's 
capability to communicate timely changes in MARSEC Levels to facilities 
and vessels. Some stressed the importance of MARSEC Level information 
reaching each port area in the COTP's zone and the entire maritime 
industry. Some stated that local Broadcast Notice to Mariners and 
MARSEC Directives are flawed methods of communication and stated that 
the only acceptable means to communicate changes in MARSEC Levels, from 
a timing standpoint, are via email, phone, or fax as established by 
each COTP.
    MARSEC Level changes are generally issued at the Commandant level 
and each Marine Safety Office (MSO) will be able to disseminate them to 
vessel and facility owners or operators, or their designees, by various 
means. Communication of MARSEC Levels will be done in the most 
expeditious means available, given the characteristics of the port and 
its operations. These means will be outlined in the AMS Plan and 
exercised to ensure vessel and facility owners and operators, or their 
designees, are able to quickly communicate with us and vice-versa. 
Because MARSEC Directives will not be as expeditiously communicated as 
other COTP Orders and are not meant to communicate changes in MARSEC 
Levels, we have amended Sec.  101.300 to remove the reference to MARSEC 
Directives.
    Two commenters requested that Sec.  104.240(a) and (b)(1) be 
amended to specify that vessels must implement appropriate security 
measures before interfacing with facilities that are not located in a 
port. We agree that the vessel owner or operator, once notified of a 
change in MARSEC Level, must implement appropriate security measures 
before interfacing with a

[[Page 60549]]

facility that is not located in a port area. Facilities covered under 
part 105 will be within a port; facilities located on the Outer 
Continental Shelf, however, may not be included in a port. These OCS 
facilities should have similar security provisions to ensure their 
security. Therefore, we are amending Sec.  104.240 to ensure that the 
vessel owner or operator is required to implement appropriate security 
measures in accordance with its Vessel Security Plan before interfacing 
with an OCS facility.
    We received 14 comments about the length of the effective period of 
a continuing Declaration of Security for each MARSEC Level. Five 
commenters stated that there is little need to renew a Declaration of 
Security every 90 days and that it should instead be part of an annual 
review of the Vessel Security Plan. Three commenters stated that the 
effective period of MARSEC Level 1 should not exceed 180 days while the 
effective period for MARSEC Level 2 should not exceed 90 days. One 
commenter noted that a vessel may execute a continuing Declaration of 
Security and assumed that this means that a Declaration of Security for 
a regular operating public transit system that operates regularly is 
good for the duration of the service route. Three commenters 
recommended that the effective period for a Declaration of Security be 
either 90 days or the term for which a vessel's service to an OCS 
facility is contracted, whichever is greater. Two commenters 
recommended allowing ferry service operators and facility operators to 
enact pre-executed MARSEC Level 2 condition agreements rather than 
initiating a new Declaration of Security at every MARSEC Level change.
    We disagree with these comments and believe that continuing 
Declaration of Security agreements between vessel and facility owners 
and operators should be periodically reviewed to respond to the 
frequent changes in operations, personnel, and other conditions. We 
believe that the Declaration of Security ensures essential security-
related coordination and communication among vessels and facilities. 
Renewing a continuing Declaration of Security agreement requires only a 
brief interaction between vessel and facility owners and operators to 
review the essential elements of the agreement. Additionally, at a 
heightened MARSEC Level, that threat must be assessed and a new 
Declaration of Security completed. Less frequent review, such as during 
an annual or biannual review of the Vessel Security Plan, does not 
provide adequate oversight of the Declaration of Security agreement to 
ensure all parties are aware of their security responsibilities.
    Five commenters requested that Sec.  104.255(c) and (d) be amended 
so that a Declaration of Security need not be exchanged when conditions 
(e.g., adverse weather) would preclude the exchange of the Declaration 
of Security.
    We are not amending Sec.  104.255(c) and (d) because as stated in 
Sec.  104.205(b), if, in the professional judgment of the Master, a 
conflict between any safety and security requirements applicable to the 
vessel arises during its operations, the Master may give precedence to 
measures intended to maintain the safety of the vessel and take such 
temporary security measures as deemed best under all circumstances. 
Therefore, if the Declaration of Security between a vessel and facility 
could not be safely exchanged, the Master would not need to exchange 
the Declaration of Security before the interface. However, under Sec.  
104.205(b)(1), (b)(2), and (b)(3), the Master would have to inform the 
nearest COTP of the delay in exchanging the Declaration of Security, 
meet alternative security measures considered commensurate with the 
prevailing MARSEC Level, and ensure that the COTP was satisfied with 
the ultimate resolution. In reviewing this provision, we realized that 
a similar provision to balance safety and security was not included in 
parts 105 or 106. We have amended these parts to give the owners or 
operators of facilities the responsibility of resolving conflicts 
between safety and security.
    Five commenters asked whether a company could have an agreement 
with a facility that outlines the responsibilities of all the company's 
vessels instead of a separate Declaration of Security for each vessel. 
The commenters stated that this would make the Declaration of Security 
more manageable for companies, vessels, and facilities that frequently 
interface with each other. One commenter raised a similar concern 
regarding barges and tugs conducting bunkering operations. One 
commenter suggested that Declarations of Security not be required when 
the vessels and ``their docking facilities'' share a common owner.
    As stated in Sec. Sec.  104.255(e), 105.245(e), and 106.250(e), at 
MARSEC Levels 1 and 2, owners or operators may establish continuing 
Declaration of Security procedures for vessels and facilities that 
frequently interface with each other. These sections do not preclude 
owners and operators from developing Declaration of Security procedures 
that could apply to vessels and facilities that frequently interface. 
However, as stated in Sec. Sec.  104.255(c) and (d) and 106.250(d), at 
MARSEC Level 3, all vessels and facilities required to comply with 
parts 104, 105, and 106 must enact a Declaration of Security agreement 
each time they interface. We believe that, even when under common 
ownership, vessels and facilities must coordinate security measures at 
higher MARSEC Levels and therefore should execute Declarations of 
Security. For MARSEC Level 1, only cruise ships and vessels carrying 
Certain Dangerous Cargoes (CDC) in bulk, and facilities that receive 
them, even when under common ownership, are required to complete a 
Declaration of Security each time they interface.
    Two commenters did not support the restriction on the Facility 
Security Officer being able to delegate authority to other security 
personnel in periods of MARSEC Levels 2 and 3. The commenters suggested 
that the Coast Guard use the same language in Sec.  105.245(b), which 
allows the Facility Security Officer to delegate authority to a 
designated representative to sign and implement a Declaration of 
Security at MARSEC Levels 2 and 3.
    Section 105.205 allows the Facility Security Officer to delegate 
security duties to other facility personnel. This delegation applies to 
the authority of the Facility Security Officer to sign and implement a 
Declaration of Security at MARSEC Levels 2 and 3. In order to clarify 
the regulations, however, we will amend Sec.  105.245(d) to include the 
language found in Sec.  105.245(b), allowing the Facility Security 
Officer to delegate this authority. We have also made the same change 
in Sec.  106.250(d).
    Eight commenters stated that there is significant confusion 
regarding the requirements to complete Declarations of Security, 
especially when dealing with unmanned barges. One commenter asked if a 
Declaration of Security is required when an unmanned barge is ``being 
dropped'' at a facility or when ``changing tows.''
    We agree with the commenter and are amending Sec. Sec.  104.255(c) 
and (d), and 106.250(d) to clarify that unmanned barges are not 
required to complete a Declaration of Security at any MARSEC Level. 
This aligns these requirements with those of Sec.  105.245(d). At 
MARSEC Levels 2 and 3, a Declaration of Security must be completed 
whenever a manned vessel that must comply with this part is moored to a 
facility or for the duration of any vessel-to-vessel activity.
    One commenter wanted to know who will become the arbiter in the 
event of a disagreement between a vessel and a facility, or between two 
vessels, in regards to the Declaration of Security.

[[Page 60550]]

    We do not anticipate this will be a frequent problem. The 
regulations do not provide for or specify an arbiter in the event that 
an agreement cannot be reached for a Declaration of Security. It is 
important to note that failure to resolve any such disagreement prior 
to the vessel-to-facility interface may result in civil penalties or 
other sanctions.
    Five commenters suggested that we add language to the requirements 
for security systems and equipment maintenance in Sec. Sec.  105.250 
and 106.255 to allow facility and OCS facility owners or operators to 
develop and follow other procedures which the owner or operator has 
found to be more appropriate through experience or other means.
    The intent of the security systems and equipment maintenance 
requirement is to require the use of the manufacturer's approved 
procedures for maintenance. If owners or operators have found other 
methods to be more appropriate, they may apply for equivalents 
following the procedures in Sec. Sec.  105.135 or 106.130.
    Five commenters urged us to exempt OSVs and the facilities or OCS 
facilities they interact with from the Declaration of Security 
requirements because they do not pose a higher risk to persons, 
property, or the environment.
    We disagree with the commenters, and we believe that the regulated 
vessels and the facilities that they interface with may be involved in 
a transportation security incident. In addition, Declarations of 
Security ensure essential security-related coordination and 
communication among vessels and facilities.
    Two commenters asked us to amend Sec.  106.250(f) to clarify that 
an expired Declaration of Security (Sec.  106.250(e)(2) or (e)(3)) must 
be replaced by a new Declaration of Security, in order for there to be 
a valid Declaration of Security.
    Although we agree that an expired Declaration of Security must be 
replaced by a new Declaration of Security, in order for there to be a 
valid Declaration of Security, we believe that Sec.  106.250 needs no 
further clarification. We do not preclude an OCS facility from 
executing a new Declaration of Security in accordance with Sec.  
106.250.
    Seven commenters suggested that, instead of requiring disciplinary 
measures to discourage abuse of identification systems, the Coast Guard 
should merely require companies to develop policies and procedures that 
discourage abuse. One commenter opposed provisions of these rules 
relating to identification checks of passengers and workers. The 
commenter stated that these provisions threaten constitutional rights 
to privacy, travel, and association, and are too broad for their 
purpose. The commenter argued that identification methods are 
inaccurate or unproven and can be abused, and that the costs of 
requiring identification checks outweigh the proven benefit.
    We recognize the seriousness of the commenters' concerns, but 
disagree that provisions for checking passenger and worker 
identification should be withdrawn. Identification checks, by 
themselves, may not ensure effective access control, but they can be 
critically important in attaining access control. Our rules implement 
the MTSA and the ISPS Code by requiring vessel and facility owners and 
operators to include access control measures in their security plans. 
However, instead of mandating uniform national measures, we leave 
owners and operators free to choose their own access control measures. 
In addition, our rules contain several provisions that work in favor of 
privacy. Identification systems must use disciplinary measures to 
discourage abuse. Owners and operators can take advantage of rules 
allowing for the use of alternatives, equivalents, and waivers. 
Passenger and ferry vessel owners or operators are specifically 
authorized to develop alternatives to passenger identification checks 
and screening. Signage requirements ensure that passengers and workers 
will have advance notice of their liability for screening or 
inspection. Vessel owners and operators are required to give particular 
consideration to the convenience, comfort, and personal privacy of 
vessel personnel. Taken as a whole, these rules strike the proper 
balance between implementing the MTSA's provisions for deterring 
transportation security incidents and preserving constitutional rights 
to privacy, travel, and association.
    Four commenters asked for amendments to Sec. Sec.  105.255(c)(2) 
and 106.260(c)(2) to include coordination with aircraft identification 
systems, when practicable, in addition to coordination with vessel 
identification systems as a required access control measure.
    We agree with the commenters, and have amended Sec. Sec.  
105.255(c)(2) and 106.260(c)(2) to reflect this clarification. Most 
facilities, including OCS facilities, are accessible by multiple forms 
of transportation; therefore, coordination with identification systems 
used by those forms of transportation should enhance security.
    One commenter asked if the Coast Guard would issue guidelines on 
screening.
    The Coast Guard intends to coordinate with the Transportation 
Security Administration (TSA) and the Bureau of Customs and Border 
Protection (BCBP) in publishing guidance on screening to ensure that 
such guidance is consistent with intermodal policies and standards of 
TSA, and the standards and programs of BCBP for the screening of 
international passengers and cargo. Additionally, TSA is developing a 
list of items prohibited from being carried on board passenger vessels.
    One commenter asked if there is a difference between the terms 
``screening'' and ``inspection'' as used in Sec.  104.265(e)(2), 
requiring conspicuously posted signs.
    In 33 CFR subchapter H, the terms ``screening'' and ``inspection'' 
fully reflect the types of examinations that may be conducted under 
Sec. Sec.  104.265, 105.255, and 106.260. Therefore, both terms are 
included to maximize clarity.
    Eight commenters suggested that access control on board OCS 
facilities only be required when an unscheduled vessel is forced to 
discharge passengers for emergency reasons, and that the provisions of 
Sec.  105.255 and Sec.  106.260 be the responsibility of the shoreside 
facility and the vessel owner. The commenter stated that the need to 
duplicate the process at the facility is wasteful. The commenters asked 
for amendments to Sec.  105.255 and Sec.  106.260 in order to make 
clear that security controls should be established shoreside.
    The Coast Guard believes that access control must be established to 
ensure that the people on board any vessel or facility are identified 
and permitted to be there. We recognize that access control and 
personal identification checks at both the shoreside and OCS facility 
could be duplicative, and did not intend to require this duplication, 
unless needed. Our regulations provide the flexibility to integrate 
shoreside screening into OCS facility security measures. We note, 
however, that the OCS facility owner or operator retains ultimate 
responsibility for ensuring that access control measures are 
implemented. This means that where integrated shoreside screening is 
implemented, the OCS facility owner or operator should have a means to 
verify that the shoreside screening is being done in accordance with 
the Facility Security Plan and these regulations. Even if integrated 
shoreside screening is arranged, the OCS Facility Security Plan must 
also contain access control provisions for vessels or other types of 
transportation conveyances that do not regularly call on the OCS 
facility or

[[Page 60551]]

might not use the designated shoreside screening process.
    We are amending Sec.  104.265(b) to include a verb in the sentence 
for clarity. We are also mirroring this clarification in Sec. Sec.  
105.255(b) and 106.260(b).
    We are amending Sec.  106.265(c) to clarify the requirement by 
removing an extraneous word.
    Nine commenters were concerned about the designation of restricted 
areas. Six commenters requested that the Coast Guard clarify the 
wording in Sec. Sec.  104.270(b) and 105.260(b) which states 
``Restricted areas must include, as appropriate:'' because it is 
contradictory to impose a requirement with the word ``must,'' while 
offering the flexibility by stating ``as appropriate.'' One commenter 
stated that the provision that allows owners or operators to designate 
their entire facility as a restricted area could result in areas being 
designated as restricted without any legitimate security reason.
    We believe that the current wording of Sec. Sec.  104.270(b), 
105.260(b), and 106.265(b) is acceptable. While the word ``must'' 
requires owners or operators to designate restricted areas, the word 
``appropriate'' allows flexibility for owners or operators to restrict 
areas that are significant to their operations. The regulations provide 
for the entire facility to be designated as a restricted area, whereby 
a facility owner or operator would then be required to provide 
appropriate security measures to prevent unauthorized access into the 
entire facility.
    We received ten comments questioning our use of the words 
``continuous'' or ``continuously'' in the regulations. Four commenters 
requested that we amend language in Sec.  104.245(b) by replacing the 
word ``continuous'' with the word ``continual,'' stating that 
``continuous'' implies that there must be constant and uninterrupted 
communications. One commenter requested that we amend language in Sec.  
104.285(a)(1) by replacing the word ``continuously'' with the word 
``continually,'' stating that ``continuously'' implies that there must 
be constant and uninterrupted application of the security measure. One 
commenter requested that we amend language in Sec.  106.275 to replace 
the word ``continuously'' with the word ``frequently.'' One commenter 
recommended that instead of using the word ``continuously'' in Sec.  
105.275, the Coast Guard revise the definition of monitor to mean a 
``systematic process for providing surveillance for a facility.'' One 
commenter stated that the continuous monitoring requirements in Sec.  
106.275 place a significant burden on the owners and operators of OCS 
facilities because increased staff levels would be necessary to keep 
watch not only in the facility, but also in the surrounding area.
    We did not amend the language in Sec. Sec.  104.245(b), 105.235(b), 
or 106.240(b) because the sections require that communications systems 
and procedures must allow for ``effective and continuous 
communications.'' This means that vessel owners or operators must 
always be able to communicate, not that they must always be 
communicating. Similarly, Sec. Sec.  104.285, 105.275, and 106.275, as 
a general requirement, require vessel and facility owners or operators 
to have the capability to ``continuously monitor.'' This means that 
vessel and facility owners or operators must always be able to monitor. 
We have amended Sec. Sec.  104.285(b)(4) and 106.275(b)(4) to use the 
word ``continuously'' instead of ``continually'' to be consistent with 
Sec.  105.275(b)(1). This general requirement is further refined in 
Sec. Sec.  104.285, 105.275, and 106.275, in that the Vessel and 
Facility Security Plans must detail the measures sufficient to meet the 
monitoring requirements at the three MARSEC Levels.
    One commenter stated that the provision to mandate restricted areas 
on board OCS facilities should be removed from the rule, arguing that 
limiting access during an emergency should not be tolerated.
    If the security assessment and plan for the OCS facility does not 
take into account access to restricted areas during an emergency 
situation, it may hinder effective response. Therefore, we have 
included several provisions to ensure that the security assessment and 
plan for the OCS facility address this issue, such as in Sec. Sec.  
106.205(d)(10), 106.280(b), and 106.305(c)(1)(vii).
    One commenter suggested that this regulation contain provisions to 
allow vessels to continue fishing in or around OCS facilities. The 
commenter was concerned that any effort to prevent access to areas 
around these facilities would cause severe economic hardship to a large 
number of charterboat businesses.
    The security regulations do not contain any provisions that 
specifically restrict fishing around OCS facilities. The OCS facility 
owner or operator may, however, restrict some areas as part of the 
facility's security measures. We do not believe that part 106 will 
cause a hardship for vessels that fish around OCS facilities because 
part 106 regulates only approximately 1 percent of all those facilities 
and because such restricted areas will likely be designated only during 
periods of heightened security.
    Two commenters encouraged the formal training of Coast Guard Port 
State Control officers in enforcing these regulations to include the 
details of security systems and procedures, security equipment, and the 
elements of knowledge required of the Vessel Security Officer and 
Facility Security Officer.
    The Coast Guard conducts comprehensive training of its personnel 
involved in ensuring the safety and security of facilities and 
commercial vessels. We continually update our curriculum to encompass 
new requirements, such as the Port State Control provisions of the ISPS 
Code. This training, however, is beyond the scope of this final rule.

Subpart C--Outer Continental Shelf (OCS) Facility Security Assessment 
(FSA)

    This subpart describes the content and procedures for Facility 
Security Assessments.
    We received 22 comments pertaining to sensitive security 
information and its disclosure. Twelve commenters requested that the 
Coast Guard delete the requirements that the Facility Security 
Assessment or Vessel Security Assessment be included in the submission 
of the Facility Security Plan or Vessel Security Plan respectively, 
stating that the security assessments are of such a sensitive nature 
that risk of disclosure is too great. Four commenters stated that the 
form CG-6025 ``Facility Vulnerability and Security Measures Summary'' 
should be sufficient for the needs of the Coast Guard and would promote 
facility security. Two commenters stated that there are too many ways 
for the general public to gain access to sensitive security 
information. One commenter stated that it was not clear how the Coast 
Guard would safeguard sensitive security information. One commenter 
stated that training for personnel in parts of the Facility Security 
Plan should not require access to the Facility Security Assessment.
    Sections 104.405, 105.405, and 106.405 require that the security 
assessment report be submitted with the respective security plans. We 
believe that the security assessment report must be submitted as part 
of the security plan approval process because it is used to determine 
if the security plan adequately addresses the security requirements of 
the regulations. The information provided in form CG-6025 will be used 
to assist in the

[[Page 60552]]

development of AMS Plans. The security assessments are not required to 
be submitted. To clarify that the report, not the assessment, is what 
must be submitted with the Vessel or Facility Security Plan, we are 
amending Sec.  104.305 to add the word ``report'' where appropriate. We 
have also amended Sec. Sec.  105.305 and 106.305 for facilities and OCS 
facilities, respectively. Additionally we have amended these sections 
so that the Facility Security Assessment report requirements mirror the 
Vessel Security Assessment report requirements. All of these 
requirements were included in our original submission to OMB for 
``Collection of Information'' approval, and there is no associated 
increase in burden in our collection of information summary. We also 
acknowledge that security assessments and security assessment reports 
have sensitive security information within them, and that they should 
be protected under Sec. Sec.  104.400(c), 105.400(c), and 106.400(c). 
We are also amending Sec. Sec.  104.305, 105.305, and 106.305 to 
clarify that all security assessments, security assessment reports, and 
security plans need to be protected from unauthorized disclosure. The 
Coast Guard has already instituted measures to protect sensitive 
security information, such as security assessment reports and security 
plans, from disclosure.
    Ten commenters addressed the disclosure of security plan 
information. One commenter seemed to advocate making security plans 
public. One commenter was concerned that plans will be disclosed under 
the Freedom of Information Act (FOIA). One commenter requested that 
mariners and other employees whose normal working conditions are 
altered by a Vessel or Facility Security Plan be granted access to 
sensitive security information contained in that plan on a need-to-know 
basis. One commenter stated that Company Security Officers and Facility 
Security Officers should have reasonable access to AMS Plan information 
on a need-to-know basis. One commenter stated that the Federal 
government must preempt State law in instances of sensitive security 
information because of past experience with State laws that require 
full disclosure of public documents. Three commenters supported our 
conclusion that the MTSA and our regulations preempt any conflicting 
State requirements. Another commenter is particularly pleased to 
observe the strong position taken by the Coast Guard in support of 
Federal preemption of possible State and local security regimes. One 
commenter supported our decision to designate security assessments and 
plans as sensitive security information.
    Portions of security plans are sensitive security information and 
must be protected in accordance with 49 CFR part 1520. Only those 
persons specified in 49 CFR part 1520 will be given access to sensitive 
security information portions of the security plans. In accordance with 
49 CFR part 1520 and pursuant to 5 U.S.C. 552(b)(3), sensitive security 
information is exempt from disclosure under FOIA. However, Sec. Sec.  
104.220, 104.225, 105.210, 105.215, 106.215, and 106.220 of these rules 
state that vessel and facility personnel must have knowledge of 
relevant provisions of the security plan. Therefore, vessel and 
facility owners or operators will determine which provisions of the 
security plans are accessible to crewmembers and other personnel. 
Additionally, COTPs will determine what portions of the AMS Plan are 
accessible to Company or Facility Security Officers.
    Information designated as sensitive security information is 
generally exempt under FOIA, and TSA has concluded that State 
disclosure laws that conflict with 49 CFR part 1520 are preempted by 
that regulation. 46 U.S.C. 70103(d) also provides that the information 
developed under this regulation is not required to be disclosed to the 
public.
    Two commenters stated that our regulations suggest that information 
designated as sensitive security information is exempt from FOIA. One 
commenter suggested that all documentation submitted under this rule be 
done pursuant to the Homeland Security Act of 2002, to afford a more 
legally definite protection against disclosure.
    ``Sensitive security information'' is a designation mandated by 
regulations promulgated by TSA and may be found in 49 CFR part 1520. 
These regulations state that information designated as sensitive 
security information may not be shared with the general public. FOIA 
exempts from its mandatory release provisions those items that other 
laws forbid from public release. Thus, security assessments, security 
assessment reports, and security plans, which should be designated as 
sensitive security information, are all exempt from release under FOIA.
    Four commenters requested that the Company and the Facility 
Security Officers be given access to the ``vulnerability assessment'' 
done by the COTP to facilitate the development of the Facility Security 
Plan and ensure that the Facility Security Plan does not conflict with 
the AMS Plan.
    The AMS Assessments directed by the Coast Guard are broader in 
scope than the required Facility Security Assessments. The AMS 
Assessment is used in the development of the AMS Plan, and it is a 
collaborative effort between Federal, State, Indian Tribal and local 
agencies as well as vessel and facility owners and other interested 
stakeholders. The AMS Assessments are sensitive security information. 
Access to these assessments, therefore, is limited under 49 CFR part 
1520 to those persons with a legitimate need-to-know (e.g., Facility 
Security Officers who need to align Facility Security Plans with the 
AMS Plan, may be deemed to have need to know sensitive security 
information). In addition, the potential conflicts between security 
plans and the AMS Plan will be identified during the Facility Security 
Plan approval process.
    Six commenters suggested that a template for security assessments 
and plans be provided for affected entities. One commenter specifically 
asked for guidance templates for barge fleeting facilities.
    We intend to develop guidelines for the development of security 
assessments and plans. Additionally, the regulations allow owners and 
operators of facilities and vessels to implement Alternative Security 
Programs. This would allow owners and operators to participate in a 
development process with other industry groups, associations, or 
organizations. We anticipate that one such Alternative Security Program 
will include a template for barge fleeting facilities.
    One commenter asked for clarification of the terms ``self 
assessments,'' ``security assessments,'' ``risk/threat assessments,'' 
and ``on-scene surveys.''
    Risk/threat assessments and self assessments are not specifically 
defined in the regulations, but refer to the general practices of 
assessing where a vessel or facility is at risk. The assessments 
required in parts 104 through 106 must take into account threats, 
consequences, and vulnerabilities; therefore, they are most 
appropriately titled ``security assessments.'' This title also aligns 
with the ISPS Code. To clarify that Sec. Sec.  101.510 and 105.205 
address security assessments required by subchapter H, we have amended 
these sections to change the term ``risk'' to the more accurate term 
``security.'' ``On-scene surveys'' are explained in the security 
assessment requirements of parts 104, 105, and 106. As explained in 
Sec.  104.305(b), for example, the purpose of an on-scene survey is to 
``verify or

[[Page 60553]]

collect information'' required to compile background information and 
``consists of an actual survey that examines and evaluates existing 
vessel protective measures, procedures, and operations.'' An on-scene 
survey is part of a security assessment.
    One commenter stated that if a Facility Security Assessment 
determines a threat that is outside the scope of what is appropriate to 
include in the Facility Security Plan, the threat should be included as 
part of the AMS Plan.
    We agree with the commenter. The AMS Plan is more general in nature 
and takes into account those threats that may affect the entire port, 
or a segment of the port. As such, the AMS Plan should be designed to 
take into account those threats that are larger in scope than those 
threats that should be considered for individual facilities. To focus 
the Facility Security Assessments on their port interface rather than 
the broader requirement, we have amended Sec. Sec.  
105.305(c)(2)(viii), (ix) and 106.305 (c)(2)(v) to reflect that the 
assessment of the facility should take into consideration the use of 
the facility as a transfer point for a weapon of mass destruction and 
the impact of a vessel blocking the entrance to or area surrounding a 
facility.
    We received four comments regarding the use of third party 
companies to conduct security assessments. Two commenters asked if we 
will provide a list of acceptable assessment companies because of the 
concern that the vulnerability assessment could ``fall into the wrong 
hands.'' One commenter requested that the regulations define 
``appropriate skills'' that a third party must have in order to aid in 
the development of security assessments. One commenter stated that the 
person or company conducting the assessment might not be reliable.
    We will not be providing a list of acceptable assessment companies, 
nor will we define ``appropriate skills.'' It is the responsibility of 
the vessel or facility owner or operator to vet companies that assist 
them in their security assessments. In the temporary interim rule (68 
FR 39254) (part 101), we stated, ``we reference ISPS Code, part B, 
paragraph 4.5, as a list of competencies all owners and operators 
should use to guide their decision on hiring a company to assist with 
meeting the regulations. We may provide further guidance on 
competencies for maritime security organizations, as necessary, but do 
not intend to list organizations, provide standards within the 
regulations, or certify organizations.'' We require security 
assessments to be protected from unauthorized disclosures and will 
enforce this requirement, including through the penalties provision 
under Sec.  101.415.
    After further review of subpart C of parts 104, 105, and 106, we 
are amending Sec. Sec.  104.310, 105.310, and 106.310 to state that the 
security assessment must be reviewed and updated each time the security 
plan is revised and when the security plan is submitted for reapproval.
    Two commenters asked for clarification regarding the reference to 
Sec.  105.415, ``Amendment and audit,'' found in Sec.  105.310(a).
    We reviewed Sec.  105.310(a) and have corrected the reference to 
read ``Sec.  105.410.'' We meant for the Facility Security Assessment 
report to be included with the Facility Security Plan when that plan is 
submitted to the Coast Guard for approval under Sec.  105.410. We are 
also amending Sec. Sec.  105.415 and 106.310 to make similar 
corrections to references.

Subpart D--Outer Continental Shelf (OCS) Facility Security Plan (FSP)

    This subpart describes the content, format, and processing for 
Facility Security Plans.
    One commenter recommended that the interval for audits of the OCS 
Facility Security Plan be changed to biennial to be consistent with the 
audit requirements for emergency response plans.
    The annual audit certifies that the OCS Facility Security Plan 
continues to meet the applicable requirements of part 106. We believe 
that annual audits are necessary because the OCS Facility Security 
Plan, as a living document, should be continuously updated to 
incorporate changes or lessons learned from drills and exercises.
    Three commenters recommended that this rule be amended to close 
``the gap'' in the plan-approval process to address the period of time 
between December 29, 2003, and July 1, 2004. Another commenter 
suggested submitting the Facility Security Plan for review and approval 
for a new facility ``within six months of the facility owner or 
operator's intent of operating it.''
    We agree that the regulations do not specify plan-submission lead 
time for vessels, facilities, and OCS facilities that come into 
operation after December 29, 2003, and before July 1, 2004. The owners 
or operators of such vessels, facilities, and OCS facilities are 
responsible for ensuring they have the necessary security plans 
submitted and approved by July 1, 2004, if they intend to operate. We 
have amended Sec. Sec.  104.410, 105.410, and 106.410 to clarify the 
plan-submission requirements for the various dates before July 1, 2004, 
and after this date.
    Thirty commenters commended the Coast Guard for providing an option 
for an Alternative Security Program as described in Sec.  101.120(b) 
and urged the Coast Guard to approve these programs as soon as 
possible.
    We believe the provisions in Sec.  101.120(b) will provide greater 
flexibility and will help owners and operators meet the requirements of 
these rules. We will review Alternative Security Program submissions in 
a timely manner to determine if they comply with the security 
regulations for their particular segment. Additionally, we have amended 
Sec. Sec.  104.410(a)(2), 105.115(a), 105.410(a)(2), 106.110(a), and 
106.410(a)(2), to clarify the submission requirements for the 
Alternative Security Program.
    After further review of the ``Submission and approval'' 
requirements in Sec. Sec.  101.120, 104.410, 105.410, and 106.410, we 
have amended the requirements to clarify that security plan submissions 
can be returned for revision during the approval process.
    We received 15 comments about the process of amending and updating 
the security plans. Five commenters requested that they be exempted 
from auditing whenever they make minimal changes to the security plans. 
Two commenters stated that it should not be necessary to conduct both 
an amendment review and a full audit of security plans upon a change in 
ownership or operational control. Three commenters requested a de 
minimis exemption to the requirement that security plans be audited 
whenever there are modifications to the vessel or facility. Seven 
commenters stated that the rule should be revised to allow the 
immediate implementation of security measures without having to propose 
an amendment to the security plans at least 30 days before the change 
is to become effective. The commenters stated that there is something 
``conceptually wrong'' with an owner or operator having to submit 
proposed amendments to security plans for approval when the amendments 
are deemed necessary to protect vessels or facilities.
    The regulations require that upon a change in ownership of a vessel 
or facility, the security plan must be audited and include the name and 
contact information of the new owner or operator. This will enable the 
Coast Guard to have the most current contact information. Auditing the 
security plan is required to ensure that any changes in personnel or 
operations made by the new owner or operator do not conflict with the 
approved security plan. The

[[Page 60554]]

regulations state that the security plan must be audited if there have 
been significant modifications to the vessel or facility, including, 
but not limited to, their physical structure, emergency response 
procedures, security measures, or operations. These all represent 
significant modifications. Therefore, we are not going to create an 
exception in the regulation. We recognize that the regulations 
requiring that proposed amendments to security plans be submitted for 
approval 30 days before implementation could be construed as an 
impediment to taking necessary security measures in a timely manner. 
The intent of this requirement is to ensure that amendments to the 
security plans are reviewed to ensure they are consistent with and 
supportable by the security assessments. It is not intended to be, nor 
should it be, interpreted as precluding the owner or operator from the 
timely implementation of additional security measures above and beyond 
those enumerated in the approved security plan to address exigent 
security situations. Accordingly we have amended Sec. Sec.  104.415, 
105.415, and 106.415 to add a clause that allows for the immediate 
implementation of additional security measures to address exigent 
security situations.

Additional Changes

    During our review of this part, we noted that a section required a 
non-substantive editorial change, such as accurately completing a list. 
The section is Sec.  106.275(a)(1). In addition, the part heading in 
this part has been amended to align with all the part headings within 
this subchapter.

Regulatory Assessment

    This final rule is a ``significant regulatory action'' under 
section 3(f) of Executive Order 12866, Regulatory Planning and Review. 
The Office of Management and Budget has reviewed it under that Order. 
It requires an assessment of potential costs and benefits under section 
6(a)(3) of that Order. It is significant under the regulatory policies 
and procedures of the Department of Homeland Security. A final 
assessment is available in the docket as indicated under ADDRESSES. A 
summary of the comments on the assessment, our responses, and a summary 
of the assessment follow.
    One commenter suggested taking into greater account the risk 
factors of the facility and vessel as a whole, rather than simply 
relying on one factor, such as the capacity of a vessel as well as the 
cost-benefit of facility security to all of the business entities that 
make up a facility.
    The Coast Guard considered an extensive list of risk factors when 
developing these regulations including, but not limited to, vessel and 
facility type, the nature of the commerce in which the entity is 
engaged, potential trade routes, accessibility of facilities, gross 
tonnage, and passenger capacity. Our Cost Assessments and Regulatory 
Flexibility Act Analyses for both the temporary interim rules and the 
final rules are available in the docket, and they account for companies 
as whole business entities, not individual vessels or facilities.

Cost Assessment

    For the purposes of good business practice or pursuant to 
regulations promulgated by other Federal and State agencies, many 
companies already have spent a substantial amount of money and 
resources to upgrade and improve security. The costs shown in this 
assessment do not include security measures these companies have 
already taken to enhance security. Because the changes in this final 
rule do not affect the original cost estimates presented in the 
temporary interim rule (68 FR 39341) (part 106), the costs remain 
unchanged.
    The Coast Guard realizes that every company engaged in maritime 
commerce will not implement this final rule exactly as presented in the 
assessment. Depending on each company's choices, some companies could 
spend much less than what is estimated herein while others could spend 
significantly more. In general, the Coast Guard assumes that each 
company will implement this final rule differently based on the types 
of OCS facilities it owns or operates and whether it engages in 
international or domestic trade.
    This final rule will affect about 40 OCS facilities under U.S. 
jurisdiction, (current and future OCS facilities). These OCS facilities 
engage in exploring for, developing, or producing oil, natural gas, or 
mineral resources. To determine the number of OCS facilities, we used 
data that the Mineral Management Service (MMS) has identified as 
nationally critical OCS oil and gas infrastructure. These OCS 
facilities meet or exceed any of the following operational threshold 
characteristics:
    (1) OCS facility hosts more than 150 persons for 12 hours or more 
in each 24-hour period continuously for 30 days or more;
    (2) Production greater than 100,000 (one hundred thousand) barrels 
of oil per day; or
    (3) Production greater than 200,000,000 (two hundred million) cubic 
feet of natural gas per day.
    The estimated cost of complying with the final rule is present 
value $37 million (2003-2012, 7 percent discount rate). In the first 
year of compliance, the cost of security assessments and plans, 
training, personnel, and paperwork is an estimated $3 million (non-
discounted). Following initial implementation, the annual cost of 
compliance is an estimated $5 million (non-discounted).
    Approximately 80 percent of the initial cost of the final rule is 
for assigning and establishing Company Security Officers and Facility 
Security Officers, 12 percent is associated with paperwork creating 
Facility Security Assessments and Facility Security Plans, and 8 
percent of the cost is associated with initial training (not including 
quarterly drills). Following the first year, approximately 58 percent 
of the cost is training (including quarterly drills), 42 percent is for 
Company Security Officers and Facility Security Officers, and less than 
1 percent is associated with paperwork. Annual training (including 
quarterly drills) is the primary cost driver of OCS facility security.
    We estimated approximately 3,200 burden hours for paperwork during 
the first year of compliance (40 hours for each Facility Security 
Assessment and each Facility Security Plan). We estimated approximately 
160 burden hours annually following full implementation of the final 
rule to update Facility Security Assessments and Facility Security 
Plans.
    We estimated the cost of this final rule to be minimal in 
comparison to vessel and non-OCS facility security implementation. This 
final rule includes only personnel, training, and paperwork costs for 
the affected OCS facility population. We assume the industry is 
adequately prepared with equipment suited to be used for security 
purposes (lights, radios, communications), therefore no security 
equipment installation, upgrades, or maintenance will be required for 
this final rule.

Benefit Assessment

    This final rule is one of six final rules that implement national 
maritime security initiatives concerning General Provisions, Area 
Maritime Security, Vessels, Facilities, OCS Facilities, and AIS. The 
Coast Guard used the National Risk Assessment Tool (N-RAT) to assess 
benefits that would result from increased security for vessels, 
facilities, OCS facilities, and areas. The N-RAT considers threat, 
vulnerability, and consequences for several maritime

[[Page 60555]]

entities in various security-related scenarios. For a more detailed 
discussion on the N-RAT and how we employed this tool, refer to 
``Applicability of National Maritime Security Initiatives'' in the 
temporary interim rule titled ``Implementation of National Maritime 
Security Initiatives'' (68 FR 39243) (part 101). For this benefit 
assessment, the Coast Guard used a team to calculate a risk score for 
each entity and scenario before and after the implementation of 
required security measures. The difference in before and after scores 
indicated the benefit of the proposed action.
    We recognized that the final rules are a ``family'' of rules that 
will reinforce and support one another in their implementation. We have 
ensured, however, that risk reduction that is credited in one rule is 
not also credited in another. For a more detailed discussion on the 
benefit assessment and how we addressed the potential to double-count 
the risk reduced, refer to ``Benefit Assessment'' in the temporary 
interim rule titled ``Implementation of National Maritime Security 
Initiatives'' (68 FR 39274) (part 101).
    The Coast Guard determined annual risk points reduced for each of 
the final rules using the N-RAT. The benefits are apportioned among the 
Vessel, Facility, OCS Facility, AMS, and AIS requirements. As shown in 
Table 1, the implementation of OCS facility security for the affected 
population reduces 13,288 risk points annually through 2012. The 
benefits attributable for part 101, General Provisions, were not 
considered separately because it is an overarching section for all the 
parts.

                             Table 1.--Annual Risk Points Reduced by the Final Rules
----------------------------------------------------------------------------------------------------------------
                                                     Annual risk points reduced by final rule
                                 -------------------------------------------------------------------------------
         Maritime entity              Vessel         Facility      OCS facility
                                     security        security        security           AMS             AIS
----------------------------------------------------------------------------------------------------------------
Vessels.........................         778,633           3,385           3,385           3,385           1,317
Facilities......................           2,025         469,686  ..............           2,025  ..............
OCS Facilities..................              41  ..............           9,903  ..............  ..............
Port Areas......................             587             587  ..............         129,792             105
                                 -----------------
    Total.......................         781,285         473,659          13,288         135,202           1,422
----------------------------------------------------------------------------------------------------------------

    Once we determined the annual risk points reduced, we discounted 
these estimates to their present value (7 percent discount rate, 2003-
2012) so that they could be compared to the costs. We presented the 
cost effectiveness, or dollars per risk point reduced, in two ways: 
First, we compared the first-year cost and first-year benefit because 
first-year cost is the highest in our assessment as companies develop 
security plans and purchase equipment. Second, we compared the 10-year 
present value cost and the 10-year present value benefit. The results 
of our assessment are presented in Table 2.

               Table 2.--First-Year and 10-Year Present Value Cost and Benefit of the Final Rules
----------------------------------------------------------------------------------------------------------------
                                                                    Final rule
                                 -------------------------------------------------------------------------------
              Item                    Vessel         Facility      OCS facility
                                     security        security        security           AMS           AIS\*\
----------------------------------------------------------------------------------------------------------------
First-year cost (millions)......            $218          $1,125              $3            $120             $30
First-year benefit..............         781,285         473,659          13,288         135,202           1,422
First-year cost effectiveness ($/            279           2,375             205             890          21,224
 risk point reduced)............
10-Year present value cost                 1,368           5,399              37             477              26
 (millions).....................
10-Year present value benefit...       5,871,540       3,559,655          99,863       1,016,074          10,687
10-Year present value cost                   233           1,517             368             469          2,427
 effectiveness ($/risk point
 reduced).......................
----------------------------------------------------------------------------------------------------------------
\*\Cost less monetized safety benefit.

Small Entities

    Under the Regulatory Flexibility Act (5 U.S.C. 601-612), the Coast 
Guard has considered whether this final rule would have a significant 
economic impact on a substantial number of small entities. The term 
``small entities'' comprises small businesses, not-for-profit 
organizations that are independently owned and operated and are not 
dominant in their fields, and governmental jurisdictions with 
populations of less than 50,000. The Coast Guard has reviewed this 
final rule for potential economic impacts on small entities. A Final 
Regulatory Flexibility Analysis discussing the impact of this final 
rule on small entities is available in the docket where indicated under 
ADDRESSES.
    There are approximately 40 total current and future OCS facilities 
owned by five large companies that will be affected by this final rule. 
Depending on how the corporate headquarters' operation is classified 
and whether it is oil or gas specific, these companies are generally 
classified under the North American Industry Classification System 
(NAICS) code 211111 or 221210. According to the Small Business 
Administration guidelines for these industries, a company with less 
than 500 total corporate employees is considered a small entity. The 
entities affected by this final rule do not qualify as small entities 
because all of them have more than 500 employees.
    Therefore, the Coast Guard certifies under 5 U.S.C. 605(b) that 
this final rule will not have a significant economic impact on a 
substantial number of small entities.

Assistance for Small Entities

    Under section 213(a) of the Small Business Regulatory Enforcement 
Fairness Act of 1996 (Pub. L. 104-121),

[[Page 60556]]

we offered to assist small entities in understanding the rule so that 
they could better evaluate its effects on them and participate in the 
rulemaking. We provided small entities with a name, phone number, and 
e-mail address to contact if they had questions concerning the 
provisions of the final rules or options for compliance.
    We have placed Small Business Compliance Guides in the dockets for 
the Area Maritime, Vessel, and Facility Security and the AIS rules. 
These Compliance Guides will explain the applicability of the 
regulations, as well as the actions small businesses will be required 
to take in order to comply with each respective final rule. We have not 
created Compliance Guides for part 101 or for the OCS Facility Security 
final rule, as neither will affect a substantial number of small 
entities.
    Small businesses may send comments on the actions of Federal 
employees who enforce, or otherwise determine compliance with, Federal 
regulations to the Small Business and Agriculture Regulatory 
Enforcement Ombudsman and the Regional Small Business Regulatory 
Fairness Boards. The Ombudsman evaluates these actions annually and 
rates each agency's responsiveness to small business. If you wish to 
comment on actions by employees of the Coast Guard, call 1-888-REG-FAIR 
(1-888-734-3247).

Collection of Information

    This final rule contains no new collection of information 
requirements under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-
3520). As defined in 5 CFR 1320.3(c), ``collection of information'' 
comprises reporting, recordkeeping, monitoring, posting, labeling, and 
other similar actions. The final rules are covered by two existing OMB-
approved collections--1625-0100 [formerly 2115-0557] and 1625-0077 
[formerly 2115-0622].
    We received comments regarding collection of information; these 
comments are discussed within the ``Discussion of Comments and 
Changes'' section of this preamble. You are not required to respond to 
a collection of information unless it displays a currently valid OMB 
control number. We received OMB approval for these collections of 
information on June 16, 2003. They are valid until December 31, 2003.

Federalism

    Executive Order 13132 requires the Coast Guard to develop an 
accountable process to ensure ``meaningful and timely input by State 
and local officials in the development of regulatory policies that have 
federalism implications.'' ``Policies that have federalism 
implications'' is defined in the Executive Order to include regulations 
that have ``substantial direct effects on the States, on the 
relationship between the national government and the States, or on the 
distribution of power and responsibilities among the various levels of 
government.'' Under the Executive Order, the Coast Guard may construe a 
Federal statute to preempt State law only where, among other things, 
the exercise of State authority conflicts with the exercise of Federal 
authority under the Federal statute.
    This action has been analyzed in accordance with the principles and 
criteria in the Executive Order, and it has been determined that this 
final rule does have Federalism implications and a substantial direct 
effect on the States. This final rule requires those States that own or 
operate vessels or facilities that may be involved in a transportation 
security incident to conduct security assessments of their vessels and 
facilities and to develop security plans for their protection. These 
plans must contain measures that will be implemented at each of the 
three MARSEC Levels and must be reviewed and approved by the Coast 
Guard.
    Additionally, the Coast Guard has reviewed the MTSA with a view to 
whether we may construe it as non-preemptive of State authority over 
the same subject matter. We have determined that it would be 
inconsistent with the federalism principles stated in the Executive 
Order to construe the MTSA as not preempting State regulations that 
conflict with the regulations in this final rule. This is because 
owners or operators of facilities and vessels-that are subject to the 
requirements for conducting security assessments, planning to secure 
their facilities and vessels against threats revealed by those 
assessments, and complying with the standards, both performance and 
specific construction, design, equipment, and operating requirements--
must have one uniform, national standard that they must meet. Vessels 
and shipping companies, particularly, would be confronted with an 
unreasonable burden if they had to comply with varying requirements as 
they moved from State to State. Therefore, we believe that the 
federalism principles enumerated by the Supreme Court in U.S. v. Locke, 
529 U.S. 89 (2000) regarding field preemption of certain State vessel 
safety, equipment, and operating requirements extends equally to this 
final rule, especially regarding the longstanding history of 
significant Coast Guard maritime security regulation and control of 
vessels for security purposes. But, the same considerations apply to 
facilities, at least insofar as a State law or regulation applicable to 
the same subject for the purpose of protecting the security of the 
facility would conflict with a Federal regulation; in other words, it 
would either actually conflict or would frustrate an overriding Federal 
need for uniformity.
    Finally, it is important to note that the regulations implemented 
by this final rule bear on national and international commerce where 
there is no constitutional presumption of concurrent State regulation. 
Many aspects of these regulations are based on the U.S. international 
treaty obligations regarding vessel and port facility security 
contained in SOLAS and the complementary ISPS Code. These international 
obligations reinforce the need for uniformity regarding maritime 
commerce.
    Notwithstanding the foregoing preemption determinations and 
findings, the Coast Guard has consulted extensively with appropriate 
State officials, as well as private stakeholders during the development 
of this final rule. For these final rules, we met with the National 
Conference of State Legislatures (NCSL) Taskforce on Protecting 
Democracy on July 21, 2003, and presented briefings on the temporary 
interim rules to the NCSL's Transportation Committee on July 23, 2003. 
We also briefed several hundred State legislators at the American 
Legislative Exchange Council on August 1, 2003. We held a public 
meeting on July 23, 2003, with invitation letters to all State homeland 
security representatives. A few State representatives attended this 
meeting and submitted comments to a public docket prior to the close of 
the comment period. The State comments to the docket focused on a wide 
range of concerns including consistency with international requirements 
and the protection of sensitive security information.
    Other concerns raised by the NCSL at the briefings mentioned above 
included questions on how the Coast Guard will enforce security 
standards on foreign flag vessels and how multinational crewmember 
credentials will be checked.
    We are using the same cooperative arrangement that we have used 
with success in the safety realm by accepting SOLAS certificates 
documenting flag-state approval of foreign SOLAS Vessel Security Plans 
that comply with the comprehensive requirements of the ISPS

[[Page 60557]]

Code. The consistency of the international and domestic security 
regimes, to the extent possible, was always a central part of the 
negotiations for the MTSA and the ISPS Code. In the MTSA, Congress 
explicitly found that ``it is in the best interests of the U.S. to 
implement new international instruments that establish'' a maritime 
security system. We agree and will exercise Port State Control to 
ensure that foreign vessels have approved plans and have implemented 
adequate security standards on which these rules are based. If vessels 
do not meet our security requirements, the Coast Guard may prevent 
those vessels from entering the U.S. or take other necessary measures 
that may result in vessel delays or detentions. The Coast Guard will 
not hesitate to exercise this authority in appropriate cases. We 
discuss the ongoing initiatives of ILO and the requirements under the 
MTSA to develop seafarers' identification criteria in the temporary 
interim rule titled ``Implementation of National Maritime Security 
Initiatives'' (68 FR 39264) (part 101). We will continue to work with 
other agencies to coordinate seafarer access and credentialing issues. 
These final rules will also ensure that vessel and facility owners and 
operators take an active role in deterring unauthorized access.

Unfunded Mandates Reform Act

    The Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1531-1538) 
requires Federal agencies to assess the effects of their discretionary 
regulatory actions. In particular, the Act addresses actions that may 
result in the expenditure by a State, local, or Indian Tribal 
government, in the aggregate, or by the private sector of $100,000,000 
or more in any one year. This final rule is exempted from assessing the 
effects of the regulatory action as required by the Act because it is 
necessary for the national security of the United States (2 U.S.C. 
1503(5)).
    We did not receive comments regarding the Unfunded Mandates Reform 
Act.

Taking of Private Property

    This final rule will not effect a taking of private property or 
otherwise have taking implications under Executive Order 12630, 
Governmental Actions and Interference with Constitutionally Protected 
Property Rights. We did not receive comments regarding the taking of 
private property.

Civil Justice Reform

    This final rule meets applicable standards in sections 3(a) and 
3(b)(2) of Executive Order 12988, Civil Justice Reform, to minimize 
litigation, eliminate ambiguity, and reduce burden. We did not receive 
comments regarding Civil Justice Reform.

Protection of Children

    We have analyzed this final rule under Executive Order 13045, 
Protection of Children from Environmental Health Risks and Safety 
Risks. While this final rule is an economically significant rule, it 
does not create an environmental risk to health or risk to safety that 
may disproportionately affect children. We did not receive comments 
regarding the protection of children.

Indian Tribal Governments

    This final rule does not have tribal implications under Executive 
Order 13175, Consultation and Coordination with Indian Tribal 
Governments, because it does not have a substantial direct effect on 
one or more Indian tribes, on the relationship between the Federal 
Government and Indian tribes, or on the distribution of power and 
responsibilities between the Federal Government and Indian tribes. We 
did not receive comments regarding Indian Tribal Governments.

Energy Effects

    We have analyzed this final rule under Executive Order 13211, 
Actions Concerning Regulations That Significantly Affect Energy Supply, 
Distribution, or Use. We have determined that it is not a ``significant 
energy action'' under that order. Although it is a ``significant 
regulatory action'' under Executive Order 12866, it is not likely to 
have a significant adverse effect on the supply, distribution, or use 
of energy. The Administrator of the Office of Information and 
Regulatory Affairs has not designated it as a significant energy 
action. Therefore, it does not require a Statement of Energy Effects 
under Executive Order 13211.
    This final rule has a positive effect on the supply, distribution, 
and use of energy. The final rule provides for security assessments, 
plans, procedures, and standards, which will prove beneficial for the 
supply, distribution, and use of energy at increased levels of maritime 
security.
    We did not receive comments regarding energy effects.

Environment

    We have considered the environmental impact of this final rule and 
concluded that under figure 2-1, paragraph (34)(a) and (34)(c), of 
Commandant Instruction M16475.lD, this final rule is categorically 
excluded from further environmental documentation. This final rule 
concerns security assessments, plans, training for personnel, and the 
establishment of security positions that will contribute to a higher 
level of marine safety and security for OCS facilities extracting oil 
or gas. A ``Categorical Exclusion Determination'' is available in the 
docket where indicated under ADDRESSES or SUPPLEMENTARY INFORMATION.
    This final rule will not significantly impact the coastal zone. 
Further, the execution of this final rule will be done in conjunction 
with appropriate State coastal authorities. The Coast Guard will, 
therefore, comply with the requirements of the Coastal Zone Management 
Act while furthering its intent to protect the coastal zone.

List of Subjects in 33 CFR Part 106

    Facilities, Maritime security, Outer Continental Shelf, Reporting 
and recordkeeping requirements, Security measures.

0
Accordingly, the interim rule adding 33 CFR part 106, that was 
published at 68 FR 39338 on July 1, 2003, and amended at 68 FR 41916 on 
July 16, 2003, is adopted as a final rule with the following changes:

PART 106--MARITIME SECURITY: OUTER CONTINENTAL SHELF (OCS) 
FACILITIES

0
1. The authority citation for part 106 continues to read as follows:

    Authority: 33 U.S.C. 1226, 1231; 46 U.S.C. Chapter 701; 50 
U.S.C. 191; 33 CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; Department 
of Homeland Security Delegation No. 0170.1.


0
2. Revise the heading to part 106 to read as shown above.

0
3. In Sec.  106.110--
0
a. Revise paragraph (a) to read as set out below; and
0
b. In paragraph (b), remove the date ``June 25, 2004'' and add, in its 
place, the date ``July 1, 2004'':


Sec.  106.110  Compliance dates.

    (a) On or before December 31, 2003, OCS facility owners or 
operators must submit to the cognizant District Commander for each OCS 
facility--
    (1) The Facility Security Plan described in subpart D of this part 
for review and approval; or
    (2) If intending to operate under an approved Alternative Security 
Program, a letter signed by the OCS facility owner or operator stating 
which approved

[[Page 60558]]

Alternative Security Program the owner or operator intends to use.
* * * * *


Sec.  106.115  [Amended]

0
4. In Sec.  106.115--
0
a. In the introductory text, remove the words ``that no later than'' 
and add, in their place, the word ``before''; and
0
b. In paragraph (c), after the words ``a copy of the Alternative 
Security Program the OCS facility is using'', add the words ``, 
including a facility specific security assessment report generated 
under the Alternative Security Program, as specified in Sec.  
101.120(b)(3) of this subchapter,''.

0
5. Revise Sec.  106.120 to read as follows:


Sec.  106.120  Noncompliance.

    When an OCS facility must temporarily deviate from the requirements 
of this part, the OCS facility owner or operator must notify the 
cognizant District Commander, and either suspend operations or request 
and receive permission from the District Commander to continue 
operating.

0
6. In Sec.  106.200--
0
a. In paragraph (b)(7), remove the word ``and'';
0
b. In paragraph (b)(8), remove the period and add, in its place, the 
words ``; and''; and
0
c. Add paragraph (b)(9) to read as follows:


Sec.  106.200  Owner or operator.

* * * * *
    (b) * * *
    (9) Ensure consistency between security requirements and safety 
requirements.


Sec.  106.205  [Amended]

0
7. In Sec.  106.205(a)(2), after the word ``organization'', add the 
words ``, including the duties of a Facility Security Officer''.


Sec.  106.220  [Amended]

0
8. In Sec.  106.220, in the introductory paragraph, after the words 
``of the following'', add the words ``, as appropriate''.


0
9. Revise Sec.  106.225(a) to read as follows:


Sec.  106.225  Drill and exercise requirements.

    (a) General. (1) Drills and exercises must test the proficiency of 
facility personnel in assigned security duties at all MARSEC Levels and 
the effective implementation of the Facility Security Plan (FSP). They 
must enable the Facility Security Officer (FSO) to identify any related 
security deficiencies that need to be addressed.
    (2) A drill or exercise required by this section may be satisfied 
with the implementation of security measures required by the FSP as the 
result of an increase in the MARSEC Level, provided the FSO reports 
attainment to the cognizant District Commander.
* * * * *


Sec.  106.230  [Amended]

0
10. In Sec.  106.230(b)(1), remove the words ``each security training 
session'' and add, in their place, the words ``training under Sec.  
106.215''.

Sec.  106.250  [Amended]

0
11. In Sec.  106.250, in paragraph (d)--
0
a. After the words ``part 104'', add the words ``of this chapter, or 
their designated representatives,''; and
0
b. After the word ``DoSs'', add the words ``as required in paragraphs 
(b)(1) and (b)(2) of this section''.

Sec.  106.260  [Amended]

0
12. In Sec.  106.260--
0
a. In paragraph (b) introductory text, after the words ``ensure that'', 
add the words ``the following are specified'';
0
b. In paragraph (b)(3), remove the words ``are established''; and
0
c. In paragraph (c)(2), after the word ``vessels'', add the words ``or 
other transportation conveyances''.

Sec.  106.265  [Amended]

0
13. In Sec.  106.265(c), remove the words ``should include'' and add, 
in their place, the word ``includes''.

Sec.  106.275  [Amended]

0
14. In Sec.  106.275--
0
a. In paragraph (a)(1), after the word ``patrols'', remove the word 
``and'' and add, in its place, a comma; and
0
b. In paragraph (b)(4), remove the word ``continually'' and add, in its 
place, the word ``continuously''.


0
15. In Sec.  106.305--
0
a. Revise paragraph (c)(2)(v) to read as set out below; and
0
b. Add paragraphs (d)(3), (d)(4), (d)(5), and (e) to read as follows:


Sec.  106.305  Facility Security Assessment (FSA) requirements.

* * * * *
    (c) * * *
    (2) * * *
    (v) Effects of a nuclear, biological, radiological, explosive, or 
chemical attack to the OCS facility's shoreside support system;
* * * * *
    (d) * * *
    (3) The FSA report must list the persons, activities, services, and 
operations that are important to protect, in each of the following 
categories:
    (i) OCS facility personnel;
    (ii) Visitors, vendors, repair technicians, vessel personnel, etc.;
    (iii) OCS facility stores;
    (iv) Any security communication and surveillance systems; and
    (v) Any other security systems, if any.
    (4) The FSA report must account for any vulnerabilities in the 
following areas:
    (i) Conflicts between safety and security measures;
    (ii) Conflicts between personnel duties and security assignments;
    (iii) The impact of watch-keeping duties and risk of fatigue on 
personnel alertness and performance;
    (iv) Security training deficiencies; and
    (v) Security equipment and systems, including communication 
systems.
    (5) The FSA report must discuss and evaluate key OCS facility 
measures and operations, including--
    (i) Ensuring performance of all security duties;
    (ii) Controlling access to the OCS facility through the use of 
identification systems or otherwise;
    (iii) Controlling the embarkation of OCS facility personnel and 
other persons and their effects (including personal effects and 
baggage, whether accompanied or unaccompanied);
    (iv) Supervising the delivery of stores and industrial supplies;
    (v) Monitoring restricted areas to ensure that only authorized 
persons have access;
    (vi) Monitoring deck areas and areas surrounding the OCS facility; 
and
    (vii) The ready availability of security communications, 
information, and equipment.
    (e) The FSA, FSA report, and FSP must be protected from 
unauthorized access or disclosure.


0
16. In Sec.  106.310--
0
a. In paragraph (a), remove the words ``Sec.  106.405 of this part'' 
and add, in their place, the words ``Sec.  106.410 of this part''; and
0
b. Add paragraph (c) to read as follows:


Sec.  106.310  Submission requirements.

* * * * *
    (c) The FSA must be reviewed and validated, and the FSA report must 
be updated each time the FSP is submitted for reapproval or revisions.


0
17. In Sec.  106.410, revise paragraph (a), introductory text, and 
paragraphs (a)(2), (b), and (c) to read as follows:


Sec.  106.410  Submission and approval.

    (a) On or before December 31, 2003, the owner or operator of each 
OCS facility currently in operation must either:
* * * * *
    (2) If intending to operate under an Approved Security Program, 
submit a

[[Page 60559]]

letter signed by the OCS facility owner or operator stating which 
approved Alternative Security Program the owner or operator intends to 
use.
    (b) Owners or operators of OCS facilities not in service on or 
before December 31, 2003, must comply with the requirements in 
paragraph (a) of this section 60 days prior to beginning operations or 
by December 31, 2003, whichever is later.
    (c) The cognizant District Commander will examine each submission 
for compliance with this part and either:
    (1) Approve it and specify any conditions of approval, returning to 
the submitter a letter stating its acceptance and any conditions;
    (2) Return it for revision, returning a copy to the submitter with 
brief descriptions of the required revisions; or
    (3) Disapprove it, returning a copy to the submitter with a brief 
statement of the reasons for disapproval.
* * * * *


0
18. In Sec.  106.415, redesignate paragraph (a)(3) as paragraph (a)(4) 
and add new paragraph (a)(3) to read as follows:


Sec.  106.415  Amendment and audit.

    (a) * * *
    (3) Nothing in this section should be construed as limiting the OCS 
facility owner or operator from the timely implementation of such 
additional security measures not enumerated in the approved FSP as 
necessary to address exigent security situations. In such cases, the 
owner or operator must notify the cognizant District Commander by the 
most rapid means practicable as to the nature of the additional 
measures, the circumstances that prompted these additional measures, 
and the period of time these additional measures are expected to be in 
place.
* * * * *

    Dated: October 8, 2003.
Thomas H. Collins,
Admiral, Coast Guard, Commandant.
[FR Doc. 03-26349 Filed 10-20-03; 8:45 am]
BILLING CODE 4910-15-U