[Federal Register Volume 71, Number 98 (Monday, May 22, 2006)]
[Proposed Rules]
[Pages 29396-29462]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 06-4508]



[[Page 29395]]

-----------------------------------------------------------------------

Part II





Department of Homeland Security





-----------------------------------------------------------------------



Coast Guard



-----------------------------------------------------------------------



Transportation Security Administration



-----------------------------------------------------------------------



33 CFR Parts 1, 20 et al.; 46 CFR Parts 10, 12, and 15

49 CFR Parts 1515, 1570, and 1572



Transportation Worker Identification Credential (TWIC) Implementation 
in the Maritime Sector; Proposed Rules

  Federal Register / Vol. 71, No. 98 / Monday, May 22, 2006 / Proposed 
Rules  

[[Page 29396]]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration

49 CFR Parts 1515, 1570, 1572

Coast Guard

33 CFR Parts 101, 103, 104, 105, 106, 125; 46 CFR Parts 10, 12, 15

[Docket Nos. TSA-2006-24191; USCG-2006-24196]
RIN 1652-AA41


Transportation Worker Identification Credential (TWIC) 
Implementation in the Maritime Sector; Hazardous Materials Endorsement 
for a Commercial Driver's License

AGENCY: Transportation Security Administration; United States Coast 
Guard, DHS.

ACTION: Notice of proposed rulemaking (NPRM).

-----------------------------------------------------------------------

SUMMARY: This is a notice of proposed rulemaking by the Department of 
Homeland Security, specifically by the Transportation Security 
Administration and the United States Coast Guard. If promulgated, this 
rule would implement the Transportation Worker Identification 
Credential program in the maritime sector. Under this program, merchant 
mariners holding an active License, Merchant Mariner Document, or 
Certificate of Registry and workers who require unescorted access to 
secure areas at maritime facilities or on vessels must undergo a 
security threat assessment, and, if found to not pose a security 
threat, obtain a Transportation Worker Identification Credential. 
Persons without Transportation Worker Identification Credentials will 
not be granted unescorted access to secure areas at affected maritime 
facilities or on vessels.
    Under this proposed rule, the Coast Guard seeks to amend its 
regulations on vessel and facility security to require the use of the 
Transportation Worker Identification Credential as an access control 
measure. It is also proposing to amend its regulations covering 
merchant mariners to incorporate the requirement to obtain a 
Transportation Worker Identification Credential. In a separate 
rulemaking action published elsewhere in this edition of the Federal 
Register, the Coast Guard also is proposing to consolidate existing 
licensing and documentation regulations to minimize duplicative or 
redundant identification or background check requirements.
    The Transportation Security Administration proposes amending its 
security threat assessment standards that currently apply to commercial 
drivers authorized to transport hazardous materials in commerce to also 
apply to merchant mariners and workers who require unescorted access to 
secure areas on vessels and at port facilities. These proposed 
amendments also relate to the notification an employer receives when an 
employee who holds a hazardous materials endorsement or a 
Transportation Worker Identification Credential is determined to pose a 
security threat. The Transportation Security Administration also is 
proposing regulations dealing with the enrollment of port workers into 
the Transportation Worker Identification Credential program.
    In addition, the Transportation Security Administration is 
proposing a fee, as authorized under the Department of Homeland 
Security Appropriations Act of 2004, to pay for the costs related to 
the issuance of the Transportation Worker Identification Credentials 
under this rule.
    This rulemaking would enhance the security of ports by requiring 
background checks on persons and establishing a biometric access 
control system to prevent those who pose a security threat from gaining 
unescorted access to secure areas of ports. This rulemaking implements 
the Maritime Transportation Security Act of 2002, which requires that 
credentialed merchant mariners and workers with unescorted access to 
secured areas of vessels and facilities be subject to a security threat 
assessment and receive a biometric credential needed to access secured 
areas.

DATES: Comments and related material must reach the Docket Management 
Facility on or before July 6, 2006. Comments sent to the Office of 
Management and Budget (OMB) on collection of information must reach OMB 
on or before July 6, 2006.
    Public Meetings: TSA and the Coast Guard will hold four public 
meetings as follows: Wednesday, May 31, 2006 in Newark, NJ; Thursday, 
June 1 in Tampa, FL; Wednesday, June 6 in St. Louis, MO; and Thursday, 
June 7 in Long Beach, CA. Interested individuals are invited to attend, 
provide comments and ask questions about the proposed rule. TSA and 
Coast Guard will provide exact locations and other additional 
information about the meetings in another document to be published in 
the Federal Register.

ADDRESSES: You may submit comments identified by TSA docket number TSA-
2006-24191 or Coast Guard docket number USCG-2006-24196 to the Docket 
Management Facility at the U.S. Department of Transportation. To avoid 
duplication, please use only one of the following methods:
    (1) Web site: http://dms.dot.gov.
    (2) Mail: Docket Management Facility, U.S. Department of 
Transportation, Room Plaza 401, 400 Seventh Street SW., Washington, DC 
20590-0001.
    (3) Fax: 202-493-2251.
    (4) Delivery: Room PL-401 on the Plaza level of the Nassif 
Building, 400 Seventh Street SW., Washington, DC, between 9 a.m. and 5 
p.m., Monday through Friday, except Federal holidays. The telephone 
number is 202-366-9329.
    (5) Federal eRulemaking Portal: http://www.regulations.gov.
    You must mail comments on collection of information to the Office 
of Information and Regulatory Affairs, Office of Management and Budget, 
725 17th Street NW, Washington, DC 20503, ATTN: Desk Officer, United 
States Coast Guard.
    See SUPPLEMENTARY INFORMATION for format and other information 
about comment submissions.

FOR FURTHER INFORMATION CONTACT: For questions related to TSA's 
proposed standards: Rick Collins, Transportation Security 
Administration, 601 South 12th Street, Arlington, VA 22202-4220, TWIC 
Program, 571-227-3515; e-mail: [email protected].
    For legal questions: Christine Beyer, TSA-2, Transportation 
Security Administration, 601 South 12th Street, Arlington, VA 22202-
4220; telephone (571) 227-2657; facsimile (571) 571 1380; e-mail 
[email protected].
    For questions concerning the Coast Guard provisions of this 
proposed rule: LCDR Jonathan Maiorine, Commandant (G-PCP-2), United 
States Coast Guard, 2100 Second Street, SW., Washington, DC 20593; 
telephone 1-877-687-2243.
    For questions concerning viewing or submitting material to the 
docket: Renee V. Wright, Program Manager, Docket Management System, 
U.S. Department of Transportation, Room Plaza 401, 400 Seventh Street, 
SW., Washington, DC 20590-0001; telephone (202) 493-0402.

SUPPLEMENTARY INFORMATION:

Public Participation and Request for Comments

    We encourage you to participate in this rulemaking by submitting 
comments and related materials. All comments received will be posted, 
without change, to http://dms.dot.gov

[[Page 29397]]

and will include any personal information you have provided. We have an 
agreement with the Department of Transportation (DOT) to use the Docket 
Management Facility. Please see DOT's ``Privacy Act'' paragraph below.
    Submitting comments: If you submit a comment, please include your 
name and address, identify the docket number for this rulemaking (TSA-
2006-24191 or USCG-2006-24196), indicate the specific section of this 
document to which each comment applies, and give the reason for each 
comment. Please send comments on the TSA portions of the proposed rule 
to the TSA docket (TSA-2006-24191), and send comments on the Coast 
Guard portions of the proposed rule to the Coast Guard docket (USCG-
2006-24196). You may submit your comments and material by electronic 
means, mail, fax, or delivery to the Docket Management Facility at the 
address under ADDRESSES; but please submit your comments and material 
by only one means. If you submit them by mail or delivery, submit them 
in an unbound format, no larger than 8\1/2\ by 11 inches, suitable for 
copying and electronic filing. If you submit them by mail and would 
like us to acknowledge receipt, please enclose a stamped, self-
addressed postcard or envelope. We will consider all comments and 
material received during the comment period. We may change this 
proposed rule in view of them.
    Handling of Confidential or Proprietary Information and Sensitive 
Security Information (SSI) Submitted in Public Comments: Do not submit 
comments that include trade secrets, confidential commercial or 
financial information, or sensitive security information (SSI) \1\ to 
the public regulatory docket. Please submit such comments separately 
from other comments on the rulemaking. Comments containing this type of 
information should be appropriately marked as containing such 
information and submitted by mail to the TSA legal point of contact 
listed in the FOR FURTHER INFORMATION CONTACT section.
---------------------------------------------------------------------------

    \1\ ``Sensitive Security Information'' or ``SSI'' is informaton 
obtained or developed int he conduct of security activities, the 
disclosure of which would constitute an unwarranted invasion of 
privacy, reveal trade secrets or privileged or confidential 
information, or be detrimental tot he security of transportation. 
The protection of SSI is governed by 49 CFR part 1520.
---------------------------------------------------------------------------

    Upon receipt of such comments, TSA will not place the comments in 
the public docket and will handle them in accordance with applicable 
safeguards and restrictions on access. TSA will hold them in a separate 
file to which the public does not have access, and place a note in the 
public docket that TSA has received such materials from the commenter. 
If TSA receives a request to examine or copy this information, TSA will 
treat it as any other request under the Freedom of Information Act 
(FOIA) (5 U.S.C. 552) and the Department of Homeland Security's FOIA 
regulation found in 6 CFR part 5.
    Viewing comments and documents: To view comments, as well as 
documents mentioned in this preamble as being available in the docket, 
go to http://dms.dot.gov at any time, click on ``Simple Search,'' enter 
the last five digits of the docket number for this rulemaking, and 
click on ``Search.'' You may also visit the Docket Management Facility 
in Room PL-401 on the Plaza level of the Nassif Building, 400 Seventh 
Street, SW., Washington, DC, between 9 a.m. and 5 p.m., Monday through 
Friday, except Federal holidays.
    Privacy Act: Anyone can search the electronic form of all comments 
received into any of our dockets by the name of the individual 
submitting the comment (or signing the comment, if submitted on behalf 
of an association, business, labor union, etc.). You may review the 
Department of Transportation's Privacy Act Statement in the Federal 
Register published on April 11, 2000 (65 FR 19477), or you may visit 
http://dms.dot.gov.

Abbreviations and Terms Used in This Document

AMS--Area Maritime Security
ASP--Alternative Security Program
ATSA--Aviation and Transportation Security Act
ATF--Bureau of Alcohol, Tobacco, Firearms, and Explosives
CDC--Certain Dangerous Cargo
CDL--Commercial drivers license
CDLIS--Commercial drivers license information system
CHRC--Criminal history records check
CJIS--Criminal Justice Information Services Division
COR--Certificate of Registry
COTP--Captain of the Port
DHS--Department of Homeland Security
DOJ--Department of Justice
DMV--Department of Motor Vehicles
DOT--Department of Transportation
FBI--Federal Bureau of Investigation
FIPS 201--Federal Information Processing Standards Publication 201
FMCSA--Federal Motor Carrier Safety Administration
FMSC--Federal Maritime Security Coordinator
FSP--Facility Security Plan
HME--Hazardous materials endorsement
HSA--Homeland Security Act
HSPD 12--Homeland Security Presidential Directive 12
ICC--Integrated Circuit Chip
MARSEC--Maritime Security
MMD--Merchant Mariner Document
MSC--Marine Safety Center
MTSA--Maritime Transportation Security Act
OCS--Outer Continental Shelf
REC--Regional Exam Center
SAFETEA-LU--Safe, Accountable, Flexible, Efficient Transportation 
Equity Act--A Legacy for Users
STCW--International Convention on Standards of Training, Certification, 
and Watchkeeping for Seafarers, 1978, as amended
TSA--Transportation Security Administration
TWIC--Transportation Worker Identification Credential
USA PATRIOT Act--Uniting and Strengthening America by Providing 
AppropriateTools Required to Intercept and Obstruct Terrorism Act
VSP--Vessel Security Plan

Table of Contents

I. Background and Purpose
II. Development of TWIC Process
III. Proposed Rule
    A. Coast Guard
    B. TSA
    1. TWIC Process
    a. Pre-Enrollment and Enrollment
    b. Adjudication of Security Threat Assessment
    c. Credential Production
    d. Credential Activation
    e. Using TWIC in an Access Control System
    f. Lost, Damaged or Stolen TWICs
    g. Renewal
    h. Call Center
    i. Notifying Employers of Threat Determination
    2. Fee
    3. TWIC in Other Modes of Transportation
IV. Advisory Committee Participation
V. Section-by-Section Analysis of United States Coast Guard Proposed 
Rule

General Introduction

33 CFR Part 101
    33 CFR 101.105 Definitions.
    33 CFR 101.121 Alternative Security Programs--TWIC Addendum.
    33 CFR 101.514 TWIC Requirement.
    33 CFR 101.515 Personal identification.
33 CFR Part 103
    33 CFR 103.305 Composition of an Area Maritime Security (AMS) 
Committee.
    33 CFR 103.505 Elements of the Area Maritime Security (AMS) Plan 
and 103.510 Area Maritime Security (AMS) Plan review and approval.
33 CFR Part 104
    33 CFR 104.105 Applicability.
    33 CFR 104.106 Passenger Access Area.
    33 CFR 104.115 Compliance dates.
    33 CFR 104.120 Compliance documentation.
    33 CFR 104.200 Owner or Operator/104.210 Company Security 
Officer

[[Page 29398]]

(CSO)/104.215 Vessel Security Officer (VSO)/104.220 Company or 
vessel personnel with security duties/104.225 Security training for 
all other personnel.
    33 CFR 104.235 Vessel recordkeeping requirements.
    33 CFR 104.265 Security measures for access control.
    33 CFR 104.290 Security incident procedures.
    33 CFR 104.295 Additional requirements--cruise ships.
    33 CFR 104.405 Format of the Vessel Security Plan (VSP).
    New Subpart E (33 CFR 104.500-104.510).
33 CFR Part 105
    33 CFR 105.115 Compliance dates.
    33 CFR 105.120 Compliance documentation.
    33 CFR 105.200 Owner or operator/105.205 Facility Security 
Officer (FSO)/105.210 Facility personnel with security duties/
105.215 Security training for all other facility personnel.
    33 CFR 105.225 Facility recordkeeping requirements.
    33 CFR 105.255 Security measures for access control.
    33 CFR 105.280 Security incident procedures.
    33 CFR 105.285 Additional requirements-passenger and ferry 
facilities.
    33 CFR 105.290 Additional requirements-cruise ship terminals.
    33 CFR 105.295 Additional requirements-Certain Dangerous Cargo 
(CDC) facilities.
    33 CFR 105.296 Additional requirements-barge fleeting 
facilities.
    33 CFR 105.405 Format and content of the Facility Security Plan 
(FSP).
    New Subpart E (33 CFR 105.500-105.510).
33 CFR Part 106
    33 CFR 106.110 Compliance dates.
    33 CFR 106.115 Compliance documentation.
    33 CFR 106.200 Owner or operator/106.205 Company Security 
Officer (CSO)/106.210 OCS Facility Security Officer (FSO)/106.215 
Company or OCS Facility personnel with security duties/106.220 
Security training for all other OCS facility personnel.
    33 CFR 106.230 OCS facility recordkeeping requirements.
    33 CFR 106.260 Security measures for access control.
    33 CFR 106.280 Security incident procedures.
    33 CFR 106.405 Format and content of the Facility Security Plan 
(FSP).
    New Subpart E (33 CFR 106.500-106.510).

Miscellaneous Items

    33 CFR 101.305 (Reporting requirements).
    33 CFR 101.400 (Enforcement)
    33 CFR 104.130, 105.130, and 106.125 (Waivers).
    33 CFR Subpart C Parts 104, 105, and 106 (Security Assessments).
46 CFR Parts 10, 12, and 15.
VI. Section-by-Section Analysis of TSA Proposed Rule
    49 CFR Part 1515 Appeal and Waiver Procedures for Security 
Threat Assessments for Individuals.
    49 CFR 1515.1 Scope.
    49 CFR 1515.3 Terms used in this part.
    49 CFR 1515.5 Appeal procedures.
    49 CFR 1515.7 Waiver Procedures.
    49 CFR Part 1570 Land Transportation Security: General Rules.
    49 CFR 1570.3 Terms used in this part.
    49 CFR Part 1572 Credentialing and Background Checks for Land 
Transportation Security.
    49 CFR 1572.5 Scope and standards for hazardous materials.
    49 CFR 1572.7 Waivers of security threat assessment standards.
    49 CFR 1572.9 Applicant information required for security threat 
assessment for a hazardous materials endorsement.
    49 CFR 1572.11 Applicant responsibilities for a security threat 
assessment for a hazardous materials endorsement.
    49 CFR 1572.13 State responsibilities for issuance of hazardous 
materials endorsement.
    49 CFR 1572.15 Procedures for security threat assessment for an 
HME.
    49 CFR 1572.17 Applicant information required for the security 
threat assessment for TWIC.
    49 CFR 1572.19 Applicant responsibilities for a security threat 
assessment for TWIC.
    49 CFR 1572.21 Procedures for security threat assessment for a 
TWIC.
    49 CFR 1572.23 Conforming Equipment; Incorporation by reference.
    49 CFR 1572.24-40 [Reserved]
    49 CFR 1572.41 Compliance, inspection and enforcement.
    49 CFR 1572.101 Scope.
    49 CFR 1572.103 Disqualifying Criminal Offenses.
    49 CFR 1572.105 Immigration status.
    49 CFR 1572.107 Other analyses.
    49 CFR 1572.109 Mental capacity.

Subpart E--Fees for Transportation Worker Identification Credential

    A. TWIC Maritime Population Estimation Methodology
    1. Recurring population
    2. Five-year population
    B. Proposed Fee
    1. Information Collection/Credential Issuance
    2. Threat Assessment/Credential Production
    3. FBI Fee
    4. Total Fees
    C. Section 1572.501 Fee Collection
VII. Rulemaking Analyses and Notices
    A. Executive Order 12866 (Regulatory Planning and Review)
    B. Small Entities
    C. Assistance for Small Entities
    D. Collection of Information
    E. Federalism
    F. Unfunded Mandates Reform Act
    G. Taking of Private Property
    H. Civil Justice Reform
    I. Protection of Children
    J. Indian Tribal Governments
    K. Energy Effects
    L. Technical Standards
    M. Environment

I. Background and Purpose

    Under this rule, the Department of Homeland Security (DHS), through 
the United States Coast Guard (Coast Guard) and the Transportation 
Security Administration (TSA), proposes to require that all merchant 
mariners holding an active License, Mechant Mariner Document, or 
Certificate of Registry and all persons who need unescorted access to 
secure areas of a regulated facility or vessel must obtain a 
Transportation Worker Identification Credential (TWIC). In order to 
obtain a TWIC, individuals will be required to undergo a security 
threat assessment conducted by TSA. TSA, in conducting those security 
threat assessments, will use the procedures and standards established 
by TSA for commercial motor vehicle drivers licensed to transport 
hazardous materials within the United States.
    The implementation of the TWIC program in the maritime sector 
builds upon existing Coast Guard credentialing requirements and 
security programs for port facilities and vessels. In a separate 
rulemaking action published in this issue of the Federal Register, 
Coast Guard also proposes consolidating existing merchant mariner 
licensing and documentation requirements to avoid duplicative 
credentials and background checks and to avoid interruption in commerce 
and reduce the burden on mariners.
    The TWIC program is a DHS initiative, with joint participation of 
the Coast Guard and TSA. The program is supported by several statutory 
and regulatory authorities and presidential directives. The principal 
statutory authority is the Maritime Transportation Security Act (MTSA), 
Pub. L. 107-295, 116 Stat. 2064 (November 25, 2002) (46 U.S.C. 70105). 
Section 102 of MTSA requires the Secretary of Homeland Security to 
issue a biometric transportation security credential to merchant 
mariners ``issued a license, certificate of registry, or merchant 
mariners document'' and individuals who require unescorted access to 
secure areas of vessels and facilities.\2\ These individuals also must 
undergo a security threat assessment to determine that they do not pose 
a security threat prior to receiving the biometric credential and 
authority to access the secure areas without escort. Id. The security 
threat assessment must include a review of criminal, immigration, and

[[Page 29399]]

pertinent intelligence records in determining whether the individual 
poses a threat, and individuals must have the opportunity to appeal an 
adverse determination or apply for a waiver of the standards. 
Specifically, an individual cannot be denied the transportation 
security credential required under MTSA unless the individual--
---------------------------------------------------------------------------

    \2\ 46 U.S.C. 70105. Section 102 of MTSA defines ``Secretary'' 
to mean ``the Secretary of the department in which the Coast Guard 
is operating.'' Under the Homeland Security Act of 2002, the Coast 
Guard became part of DHS, thus the Secretary of Homeland Security is 
authorized to implement the credential requirements for mariners and 
persons seeking access to secure port facilities under MTSA.
---------------------------------------------------------------------------

    (A) Has been convicted within the preceding 7-year period of a 
felony or found not guilty by reason of insanity of a felony--
    (i) that the Secretary believes could cause the individual to be a 
terrorism security risk to the United States; or
    (ii) for causing a severe transportation security incident;
    (B) Has been released from incarceration within the preceding 5-
year period for committing a felony described in subparagraph (A);
    (C) May be denied admission to the United States or removed from 
the United States under the Immigration and Nationality Act (8 U.S.C. 
1101 et seq.); or
    (D) Otherwise poses a terrorism security risk to the United 
States.46 U.S.C. 70105(c).
    Following the enactment of MTSA in November 2002, the Coast Guard 
issued a series of general regulations for maritime security. See, 33 
CFR parts 101-106. The MTSA regulations set out specific requirements 
for owners and operators (henceforth ``owners/operators'') of vessels, 
facilities, and Outer Continental Shelf (OCS) facilities that had been 
identified by the Secretary of Homeland Security as posing a high risk 
of being involved in a transportation security incident.
    Under MTSA and the Coast Guard's MTSA regulations, owners/operators 
of these vessels and facilities were required to conduct security 
assessments of their respective vessels and facilities, create security 
plans specific to their needs, and submit the plans for approval to the 
Coast Guard by December 31, 2003. All affected vessels and facilities 
are required to have been operating in accordance with their respective 
plans since July 1, 2004, and are required to resubmit plans every 5 
years.
    Each plan requires owners/operators to address specific 
vulnerabilities identified pursuant to their individual security 
assessments, including controlling access to their respective vessels 
and facilities. The MTSA regulations require owners/operators to 
implement security measures to ensure that an identification system was 
established for checking the identification of vessel and facility 
personnel or other persons seeking access to the vessel or facility.
    In establishing the system, owners/operators were directed to 
accept identification only if it: (1) Was laminated or otherwise secure 
against tampering; (2) contained the individual's full name; (3) 
contained a photo that accurately depicted that individual's current 
facial appearance; and (4) bore the name of the issuing authority. See, 
33 CFR 101.515. The issuing authority must be a government authority or 
organization authorized to act on behalf of the government authority, 
or the individual's employer, union, or trade association. There was no 
requirement that the identification be issued pursuant to a security 
threat assessment because there was no existing credential and 
supporting structure that could fulfill the needs specific to the 
maritime environment.
    In addition to the regulation of ports and facilities, the Coast 
Guard has a long history of regulating the merchant marine. Under the 
current Coast Guard regulatory scheme, the Coast Guard may issue a 
mariner any combination of 4 credentials: (1) Merchant Mariner Document 
(MMD); (2) License; (3) Certificate of Registry (COR); or (4) 
International Convention on Standards of Training, Certification, and 
Watchkeeping (STCW) Endorsement. An MMD serves as a mariner's 
identification credential and is issued to mariners who are employed on 
merchant vessels of 100 gross register tons or more, except for those 
vessels employed exclusively in trade on the navigable waters of the 
U.S. Licenses are qualification certificates that are issued to 
officers. CORs are qualification certificates that are issued to 
medical personnel and pursers. STCW Endorsements are qualification 
certificates issued to mariners who meet international standards and 
serve aboard vessels to which STCW applies. The License, COR, and STCW 
Endorsement are qualification credentials only. Only the MMD is an 
identity document, and none of the current mariner credentials contain 
the biometric information required under MTSA.
    TSA currently administers several programs involving security 
threat assessments of individuals engaged in the transportation 
industry, including certain airport and aircraft operator employees, 
and alien flight school students. Section 1012 of the Uniting and 
Strengthening America by Providing Appropriate Tools Required to 
Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act) Pub. L. 
107-56, 115 Stat. 272 (October 25, 2001) provides that a State cannot 
issue a hazardous materials endorsement (HME) to a commercial driver 
who poses a security threat. TSA implemented its security threat 
assessment processes under this provision.
    TSA first issued regulations to implement security threat 
assessment standards for HME applicants (TSA's hazmat rule) in May 2003 
and subsequently amended those regulations based on comments received 
from the States, employers and affected drivers. (A more detailed 
discussion and regulatory history of the hazmat regulations can be 
found at 68 FR 23852 (May 5, 2003); 68 FR 63033 (November 7, 2003); 69 
FR 17696 (April 6, 2004); and 69 FR 68720 (November 24, 2004). These 
standards are codified at 49 CFR part 1572, where many of the standards 
we propose for TWIC under this rule also will reside.
    TSA's hazmat regulations establish standards concerning criminal 
history, immigration status, mental capacity, and terrorist activity to 
determine whether a driver poses a security threat and is qualified to 
hold an HME.\3\ Drivers who have been convicted or found not guilty by 
reason of insanity for certain crimes in the preceding 7 years, or have 
been released from incarceration for those crimes in the preceding 5 
years, are deemed to pose a security threat and are not authorized to 
hold an HME. 49 CFR 1572.103. Drivers convicted of certain particularly 
heinous crimes, such as espionage, treason, terrorist-related offenses, 
or severe transportation security incidents, are permanently banned 
from holding an HME. Id. In addition, drivers who have been 
involuntarily committed to a mental institution or adjudicated as 
mentally incapacitated are considered to pose a security threat that 
warrants disqualification from holding an HME. 49 CFR 1572.109.
---------------------------------------------------------------------------

    \3\ In developing the hazmat regulations, TSA sought to 
harmonize, to the extent possible, the background check and 
eligibility criteria requirements of both MTSA and the USA PATRIOT 
Act and thus adopts privisions from both statutes where appropriate. 
See 68 FR at 23853.
---------------------------------------------------------------------------

    Aliens are not prohibited from obtaining an HME. The hazmat rule 
permits individuals who are in the United States lawfully and are 
authorized under applicable immigration laws to work in the United 
States to hold an HME upon completion of a satisfactory TSA security 
threat assessment. 49 CFR 1572.105. TSA reviews a driver's immigration 
status to determine if the applicant for an HME is authorized to be 
present and work in the United States under applicable

[[Page 29400]]

immigration laws. In addition, as set forth in the hazmat rules, TSA 
conducts a security check of international databases through Interpol 
or other appropriate means. 49 CFR 1572.107.
    TSA's hazmat regulations also include appeal and waiver procedures 
to ensure that no driver is wrongfully determined to pose a threat, to 
provide individuals who are disqualified from holding an HME the 
opportunity to show rehabilitation, where applicable, and to maintain 
consistency with other credentialing or background check requirements 
among transportation workers, such as those in the maritime industry 
covered by MTSA and this TWIC rulemaking. See e.g., 49 CFR parts 
1572.141 and 143.

II. Development of TWIC Process

    In 2002, TSA established the TWIC program in response to identity 
management shortcomings and vulnerabilities identified in the 
transportation system. In some segments of the transportation system, 
it is not possible to positively identify individuals entering secure 
areas or assess the threat they may pose due to a lack of pertinent 
background information. Also, existing identity credentials are often 
vulnerable to fraud. To mitigate these weaknesses, TSA determined that 
an integrated, credential-based, identity management system for all 
transportation workers who need unescorted access to secure areas of 
the nation's transportation system would be necessary.
    Homeland Security Presidential Directive 12 (HSPD 12) requires 
Federal agencies to improve secure identification processes for Federal 
employees and contractors. The objectives of the directive are to 
ensure that the credentialing processes are administered by accredited 
providers; are based on sound criteria for verifying an individual's 
identity; include a credential that is resistant to fraud, tampering, 
counterfeiting and terrorist exploitation, and can be authenticated 
quickly and electronically. As designed and proposed in this rule, TWIC 
does not contradict the control objectives of HSPD 12.
    The U.S. Department of Commerce published guidance on the standards 
and methods by which Agencies could reach compliance with HSPD 12. In 
February 2005, the Department of Commerce issued the Federal 
Information Processing Standards Publication 201 (FIPS 201), Personal 
Identification Verification of Federal Employees and Contractors in 
response to HSPD 12. FIPS 201 is divided into Personal Identification 
Verification (PIV) Parts I and II. Part I addresses the control and 
security objectives, particularly the personal identity proofing 
process. Part II provides detailed technical specifications that must 
be met to ensure interoperability of PIV-compliant credentials in 
personal authentication, access control, and credential management 
systems throughout the Federal government.
    The development of FIPS 201 occurred concurrently with the design 
of TWIC. TSA and its contractors closely monitored the development of 
FIPS 201 and individuals working on FIPS 201 followed the design of 
TWIC. TSA recognized that there are many benefits to designing TWIC in 
alignment with FIPS 201: Leveraging the TWIC infrastructure to support 
other DHS or government credentialing programs; avoiding obsolescence 
by using the latest technology; securing critical facilities with the 
same process used by Federal agencies; having interoperability during 
an emergency; and demonstrating the functionality of FIPS 201. All of 
the significant components of the TWIC system align with FIPS 201.
    As tested in the maritime environment and planned in this NPRM, 
TWIC is an identification credential containing numerous technologies 
to make it secure and tamper-proof. TWIC is a ``smart'' credential 
containing two electronic chips on which encoded data is stored to 
allow all subsequent TWIC functions to be performed. TWIC is designed 
to ensure that the identity of each TWIC holder has been verified; that 
a threat assessment has been completed on that identity; and that each 
credential issued is positively linked to the rightful holder through 
the use of biometric technology. Facility and vessel owners/operators 
subject to this rule will then determine which TWIC holders will be 
granted unescorted access to secure areas of their facility.

Prototype

    The TWIC program has been developed in three phases. Phases I, 
Planning, and II, Technology Evaluation, were completed in 2003, and 
Phase III, Prototype, was completed in 2005. In the technology 
evaluation, TSA tested and evaluated a range of credential-based 
systems in use at transportation facilities. In Prototype, TSA tested a 
comprehensive credentialing system, which included enrollment, threat 
assessments, biometric security, credential production, and credential 
issuance.
    Prototype was conducted at twenty-eight facilities beginning 
November 4, 2004 in various modes of the transportation system, 
including air, rail, and maritime. The Prototype Phase came to an end 
in the summer of 2005. During Prototype, the participating facilities 
and associated transportation workers voluntarily provided biographical 
and biometric identifiers. Participants provided appropriate identity 
verification documentation, such as a birth certificate, driver's 
license, government photo identification, or similar document. TSA 
conducted a name-based threat assessment using the biographic 
information provided, and utilized the biometric information to verify 
identity and determine whether an applicant had previously enrolled in 
the program. TSA did not use biometric information to complete a 
security threat assessment.\4\ TSA will be using both biographic and 
biometric information to conduct the security threat assessment once 
TSA implements the full program. To verify an individual's identity 
during Prototype, TSA followed the U.S. Citizenship and Immigration 
Services Employment Eligibility Verification (Form I-9) process, 
commonly used by the federal government and industry in the hiring 
process. TSA tested the TWIC as positive identification for access to 
secure areas of participating transportation facilities.
---------------------------------------------------------------------------

    \4\ Florida law requires persons seeking access to certain port 
facilities within that State to submit fingerprints and other 
information to obtain a State-issued credential. During Prototype 
conducted in Florida, therefore, participants submitted fingerprints 
as required under State law and the State completed a fingerprint-
based criminal history records check. TSA did not use biometric 
information collected from Florida participants to conduct a 
security threat assessment.
---------------------------------------------------------------------------

    By testing the integration of these components, TSA was able to 
assess the system's performance prior to deciding how the program 
should be implemented. Consequently, some processes that were tested in 
Prototype, such as ``employer sponsorship,'' are not being proposed in 
this rule based on TSA's determination that the process did not add 
sufficient value or created operational difficulties that could not be 
resolved.

III. Proposed Rule

A. Coast Guard

    In order to integrate TWIC into already existing security programs 
in the maritime environment, the Coast Guard must amend its maritime 
security regulations, found in 33 CFR Subchapter H. These changes will 
set performance standards for owners/operators of vessels, facilities, 
and Outer Continental Shelf facilities to meet

[[Page 29401]]

when incorporating TWIC into their existing security programs.
    The Coast Guard also must amend its regulations governing merchant 
mariners, found in 46 CFR parts 10, 12, and 15, in order to add the 
statutory mandate that they hold a TWIC. In a separate rulemaking, 
published in today's Federal Register, the Coast Guard is proposing to 
consolidate qualifications credentials and streamline its mariner 
regulations, which would ensure that no mariner is required to undergo 
(or pay for) more than one security threat assessment and identity 
verification.
    Coast Guard emphasizes that possession of the TWIC credential is 
not intended to constitute an automatic access right to any facility. 
The owner/operator continues to have the ultimate authority as to 
access control decisions, and although holding a duly-issued TWIC is 
required before an individual is eligible to be granted unescorted 
access, the individual must also have a need for access in accordance 
with the approved security plan. The owner/operator's right to refuse 
admittance to any individual, regardless of whether he or she holds an 
authenticated TWIC, remains unchanged.

B. TSA

    TSA's role in implementing the TWIC program in the maritime sector 
will be to conduct security threat assessments of credentialed merchant 
mariners and individuals with unescorted access to secure areas, 
providing an appeal and waiver process for applicants who receive an 
adverse determination, and performing related functions in the 
enrollment and credential issuance process. In this rule, TSA proposes 
changes to its regulations to extend the current processes for 
conducting security threat assessments for HMEs to persons seeking to 
obtain TWICs.
    On August 10, 2005, the Safe, Accountable, Flexible, Efficient 
Transportation Equity Act--A Legacy for Users (SAFETEA-LU), Pub. L. 
109-59, 119 Stat. 1144 (August 10, 2005) was enacted. Section 7105 of 
SAFETEA-LU (49 U.S.C. 5103a(g)(1)(B)(i)) requires TSA to initiate a 
rulemaking to determine which background checks required by Federal law 
and applicable to transportation workers are equivalent to or less 
stringent than the security threat assessment TSA requires for HME 
drivers. In addition, SAFETEA-LU requires TSA to develop a process for 
notifying employers of the results of a threat assessment conducted on 
an HME applicant.
    Under this rule, TSA is proposing a fee to cover the cost of the 
TWIC threat assessment, appeals of TSA decisions during the process, 
and the issuance of the credential as required under Section 520 of the 
Homeland Security Appropriations Act of 2004 (2004 DHS Appropriations 
Act), Pub. L. 108-90 (October 2003). TSA also is inviting comments from 
the transportation industry at large on the processes proposed under 
this rule as TSA and DHS are considering extending the TWIC program to 
other areas in the transportation industry outside of the maritime 
sector.
1. TWIC Process
    As proposed in this rule, the purpose of the TWIC program is to 
ensure that only authorized personnel who have successfully completed a 
security threat assessment have unescorted access to secure areas of 
maritime facilities and vessels. The credential will include a 
reference biometric--fingerprints--that positively links the credential 
holder to the identity of the individual who was issued the credential. 
TWIC holders may be asked to confirm, by providing a fingerprint, that 
they are the rightful owner of the credential at any time. Access 
control procedures and systems at facilities and vessels will recognize 
the credential and the information encrypted on it, so that the overall 
maritime network will be interoperable. In addition, an individual's 
credential can be deactivated or revoked by TSA if disqualifying 
information is discovered by or presented to TSA or other DHS entity, 
or the credential is lost or stolen, so that the credential can no 
longer be used to obtain unescorted access to secure areas.
    TSA has designed the TWIC process to maintain strict privacy 
controls so that a holder's biographic and biometric information cannot 
be compromised. The TWIC process proposed in this rule is described 
below from the perspective of an applicant.
a. Pre-Enrollment and Enrollment
    TWIC enrollment will be conducted by TSA (or TSA's agent operating 
under TSA's direction). All enrollment personnel must successfully 
complete a TSA security threat assessment and receive a TWIC before 
they will be authorized to access documents, systems, or secure areas.
    Facility and vessel owners/operators must notify workers of their 
responsibility to enroll, as well as the deadline for doing so. (The 
proposed implementation plan for enrollment is discussed in greater 
detail below.) Owners/operators must provide applicants enough lead 
time to enroll so that TSA has sufficient time to complete the security 
threat assessment and issue the credential before the access control 
procedures go into effect. Generally, owners/operators should give 
individuals at least 60 days notice to begin the process. TSA cannot 
guarantee that any threat assessment can be completed in less than 30 
days, and therefore, owners/operators and applicants should make every 
effort to initiate enrollment in a timely fashion to prevent workers 
being denied access for non-compliance. TSA will provide owners/
operators with locations for enrollment that they can then pass on to 
the workers (hereinafter referred to as applicants). For purposes of 
the NPRM, a list of potential enrollment center locations is provided 
on the TSA Web site (www.tsa.gov) to provide prospective owner/
operators and applicants a general idea of the enrollment plan. This 
list is subject to change and TSA invites comment from affected parties 
on the potential enrollment locations.
    Applicants will be able to ``pre-enroll'' online to reduce the time 
needed to complete the entire enrollment process at an enrollment 
center. For pre-enrollment, applicants need a computer with internet 
access. The applicant can access the TWIC Web site to provide personal 
information required for enrollment and select an enrollment center at 
which to complete enrollment. Data submitted by applicants via the 
Internet will be sent using Internet security protocols (i.e., SSL). 
All information provided is then stored in the TSA system, which 
encrypts and protects the data from unauthorized access. Applicants may 
schedule an appointment while on-line to complete the enrollment 
process, although appointments are not required at enrollment centers. 
The Web site will list the documents the applicant must bring to the 
enrollment center to verify identity. The convenience of pre-enrollment 
is a significant benefit for applicants and reduces strain on the 
enrollment centers. Applicants who pre-enroll must appear at enrollment 
centers to verify their identity, confirm that the information provided 
during pre-enrollment is correct, provide biometrics, and sign the 
enrollment documents.
    At the enrollment center, applicants will receive a privacy notice 
and consent form, by which they agree to provide personal information 
for the security threat assessment and credential. (For applicants who 
pre-enroll, the privacy notice is provided with the application online, 
but the applicants must acknowledge receipt of the notice in writing at 
the enrollment

[[Page 29402]]

center.) If an applicant fails to sign the consent form or does not 
have the required documents to authenticate identity, enrollment will 
not proceed. During Prototype, 96 percent of applicants appeared for 
enrollment with suitable identity verification documents. As TWIC is 
implemented, TSA and Coast Guard will make information available to 
affected workers in advance of enrollment so that all are aware of what 
to bring to the enrollment center. This information will also be posted 
on the TSA/TWIC Web site at www.tsa.gov. All information collected at 
the enrollment center or during the pre-enrollment process, including 
the signed privacy consent form and identity documents are scanned into 
the TSA system for storage. All information is encrypted or stored 
using methods that protect the information from unauthorized retrieval 
or use.
    At the enrollment centers, applicants must provide ten fingerprints 
and sit for a digital photograph. The fingerprints and photograph will 
be electronically captured at the enrollment center for use on the 
credential. Individuals must provide ten fingerprint images for use in 
completing the security threats assessment process. The credential 
itself will store two fingerprint templates, one of which is used as a 
reference biometric to verify identity. The entire enrollment record 
(including the 10 fingerprints) will be stored in the TSA system, 
encrypted and segmented to prevent unauthorized use. TSA will provide 
alternative procedures for enrollment centers to use for situations in 
which an applicant is unable to provide fingerprints.
    The TWIC fee, which covers the complete cost of enrollment, threat 
assessment, and credential production and delivery, must be collected 
from the applicant at the enrollment center prior to the enrollment 
record being transmitted to the TSA system. The TWIC enrollment fee 
will be non-refundable, even if the threat assessment results in a TWIC 
not being issued.
    Once all data and the fee are collected, the enrollment record is 
encrypted and electronically transmitted to the TSA system. The TSA 
system acknowledges receipt of the enrollment record, at which time all 
enrollment data is automatically deleted from the enrollment 
workstation. Once the enrollment record is transmitted to the TSA 
system, personal information is stored only in the TSA system, and 
personal data is encrypted to very high standards before it is 
transferred or stored. If an enrollment center temporarily loses its 
internet connection, the enrollment data is encrypted and stored on the 
enrollment workstation, but only until an internet connection is 
restored.
    During Prototype, the average time needed for an applicant who pre-
enrolled to complete enrollment was 10 minutes, 21 seconds. It is 
expected that it will take approximately fifteen minutes to complete 
enrollment of applicants who do not pre-enroll.
    TSA and Coast Guard currently envision a phased enrollment process 
based on risk assessment and cost/benefit analysis. Locations that are 
considered critical and provide the greatest number of individual 
applicants will be among the earliest enrollment sites. There are 
approximately 125 locations covering approximately 300 ports where TSA 
plans to enroll applicants, and we are in the process of rating each 
location against a variety of factors to assess criticality, 
population, and infrastructure. TSA and Coast Guard will work closely 
with the maritime industry to ensure that owners/operators and workers 
are given as much notice as is possible when a definitive enrollment 
schedule is selected. TSA and Coast Guard also are contemplating 
implementing a more flexible rollout, with anticipated dates to be 
announced by notices published in the Federal Register. (See the 
discussion of Sec.  1572.19 below for additional information on timing 
of enrollment.) TSA plans to use a combination of fixed and mobile 
enrollment stations to make the enrollment process as efficient as 
possible for applicants and owners/operators.
b. Adjudication of Security Threat Assessment
    Following enrollment, the TSA system sends pertinent parts of the 
record to various sources so that appropriate terrorist threat, 
criminal history, and immigration checks can be performed. When the 
checks are completed, TSA makes a determination on whether or not to 
issue a TWIC to the applicant and notifies the applicant.
    If disqualifying information is discovered, TSA issues an Initial 
Determination of Security Threat to the applicant with information on 
how the applicant can appeal an adverse decision or apply for a waiver 
of the standards. If the applicant does not respond to the Initial 
Determination within a specified period, it converts to a Final 
Determination of Security Threat and the applicant does not receive a 
TWIC. If the applicant proceeds with an appeal or application for 
waiver and is successful, the applicant is notified accordingly and the 
credential production process begins. (The appeal and waiver processes 
are discussed in greater detail below in the section-by-section 
analysis.)
    TSA may provide some of the notifications to applicants via email, 
if an applicant provides an email address on the application for the 
TWIC. We invite comment from prospective applicants about the 
substitution of email notification for a paper process.
c. Credential Production
    If the applicant is qualified to receive a TWIC, the TSA system 
generates an order to produce a credential. It is produced at a 
government credential production facility and securely shipped to the 
center at which the applicant enrolled. The applicant will be notified 
that the TWIC is ready to be retrieved and activated for use. The face 
of the TWIC credential contains the applicant's photograph, name, TWIC 
expiration date, and a unique credential number. In addition, the 
credential will store finger minutia templates of 2 fingers, finger 
pattern templates of 2 fingers, a personal identification number, and a 
Federal Agency Smart Credential number. The data is securely stored and 
protected in accordance with FIPS 201 in the various technologies used 
in the credential, such as magnetic stripe, contact chip, and 
contactless chip. The fingerprint data, the reference biometric, is 
used to match the credential to the person who enrolled.
    The TWIC system contains many feedback mechanisms to validate the 
transmission and receipt of data at key points in the process. The 
status of each transmission is recorded within the system.
    Credentials are electronically locked prior to shipment to the 
enrollment center so that the data cannot be accessed. Once the 
credentials are electronically locked, they cannot be used for access 
to any vessel or facility until they are activated by the TWIC 
enrollment station.
d. Credential Activation
    The applicant is notified when the enrollment center has received 
the credential. The applicant then returns to the enrollment site at 
his or her convenience to activate the credential.
    At the enrollment center, the applicant's credential is retrieved 
from secure storage and the photograph and name on it are compared to 
the applicant and the identity documents the applicant uses to 
authenticate identity. The applicant places a designated finger on a 
reader to generate a biometric match against the biometric stored on 
the credential and in the TSA

[[Page 29403]]

system. Upon successful biometric match, the TWIC is activated and the 
applicant selects a Personal Identification Number (PIN) that also is 
stored on the credential. The PIN can subsequently be used as an 
additional factor in proving one's identity and authorized use of the 
credential, or as the primary verification tool if the biometric is 
inoperative for some reason. The TWIC security threat assessment and 
credential are valid for five years, unless derogatory information is 
discovered and TSA revokes the credential.
    The process outlined above for credential activation is the same 
process TSA tested in Prototype, which worked well for owner/operators 
and employees who enroll. However, implementation of the program 
nationwide involving employees that are not stationary at one facility 
or port may impact applicants and owner/operators differently. TSA is 
concerned that requiring an applicant to return to the enrollment 
center to activate the credential may be onerous for workers who travel 
a great deal and may not know where they will be when the credential is 
ready for pick-up. TSA is considering the security and operational 
impacts of alternative procedures, on which we invite comment.
    TSA is considering an amendment to the process that would allow a 
worker to designate a specific enrollment center for credential pick up 
and activation. The card production facility would send the credential 
to that location rather than the location where the applicant enrolled. 
This is a change that can be accomplished, but this was not tested in 
Prototype and a variety of software changes may be needed, which could 
increase costs and affect the timing of implementation. Moreover, 
applicants will not know the exact date on which their credential will 
be ready and so those who work at a variety of ports across the country 
may not be able to designate a specific activation location on the 
enrollment application.
    During Prototype, the entire process from enrollment to card 
production was complete in fewer than 10 days. However, that process 
differed from the full program we plan to implement with this rule in a 
few significant ways. First, nearly all of the employees who 
volunteered for Prototype worked at the same location every day and the 
enrollment center was located on that site. Second, TSA did not 
complete fingerprint-based criminal history records checks, and so 
there was no time needed to adjudicate and provide redress for criminal 
activity. For threat assessment programs that are currently in place 
nationally in which applicants are not stationary and TSA conducts a 
fingerprint-based CHRC, the threat assessment is generally completed in 
less than 30 days. The time needed to complete the threat assessment 
varies depending on whether the database searches produce adverse 
information that must be investigated, and whether the applicant files 
an appeal or requests a waiver. These conditions will exist for the 
TWIC program and therefore, TSA will not be able to predict or 
establish a specific date on which the threat assessment and card 
production process will be complete.
    DHS invites comment on this option, and any other proposals that 
would make it easier logistically, without sacrificing security, for 
the public to receive and activate TWIC cards.
e. Using TWIC in an Access Control System
    Once the enrollment process is complete and the credential is 
activated, the credential is ready to be used as an access control 
tool. Possession of a TWIC does not guarantee access to secure areas 
because the owner/operator controls the individuals who are given 
unescorted access to the facility or vessel. Rather, TWIC is a secure, 
verified credential that can be used in conjunction with the owner/
operator's risk-based security plan and as required by the Coast Guard 
security regulations.
    As envisioned in this NPRM, owners/operators will determine an 
individual's need for unescorted access to secure areas and then grant 
access using a TWIC program. The access control administrator of the 
vessel or facility verifies that the individual holding the TWIC 
matches the biometric stored on the TWIC by conducting a 1-to-1 match 
with the individual's finger and the fingerprint template stored on the 
chip in the TWIC.
    The owner/operator verifies that an individual's TWIC is valid, 
either by directly interfacing with the TSA system or by using a list 
of invalid credentials downloaded from TSA. Either method provides 
owners/operators pertinent information concerning the validity of the 
credential. TSA will invalidate credentials that are reported as lost, 
stolen, damaged, retired, or issued to an applicant that TSA 
subsequently determines may pose a security threat. When the 
invalidation is for cause, that is, due to a security threat, TSA will 
revoke the credential. Invalidated credentials cannot be used or 
honored for unescorted access to secure areas. Cardholders who report 
the credential as lost, stolen, or damaged must go to the enrollment 
center for resolution, and/or re-issuance of a new credential.
    After the individual has been granted access to the facility, the 
owner/operator may opt to notify the TSA system that access privileges 
have been granted to this worker at that facility. If the owner/
operator invokes this option, the owner/operator also assumes 
responsibility for informing the TSA system if the owner/operator 
subsequently denies the individual access privileges.
f. Lost, Damaged, or Stolen TWICs
    Replacement TWICs are available if a credential is lost, stolen, or 
damaged. As soon as the applicant is aware that the credential is 
missing or damaged, he or she calls the Call Center and the Center 
follows a standard process to invalidate the credential. The applicant 
then travels to an enrollment center to receive a new credential. 
During Prototype, the card production facility printed and shipped the 
new credentials within 24 hours of receiving the information. 
Applicants must pay a fee of $36 to cover the cost of lost/damage/
stolen credential invalidation, new credential production, reissuance, 
shipping, and other appropriate program costs. No new TSA threat 
assessment-specific or enrollment costs are factored into this 
replacement fee.
g. Renewal
    TWICs issued under this rule will expire after five years unless 
renewed. TSA does not plan to notify TWIC holders when their credential 
is about to expire because the expiration date will be displayed on the 
face of the credential. To renew a TWIC, the holder must appear at any 
enrollment center, starting up to 90 days before the expiration date of 
the credential, to initiate the renewal process. However, mariners are 
allowed and encouraged to initiate renewal 180 days prior to expiration 
to allow sufficient time for TSA to conduct the security threat 
assessment and the Coast Guard to complete any review necessary to 
renew any required mariner credentials. During renewal, applicants must 
provide the same biographic and biometric information required in the 
initial enrollment and pay the associated fees. A new credential is 
issued upon renewal.
h. Call Center
    Upon publication of the final rule, TSA will refer the public to a 
Call Center to assist with questions about the TWIC program. An 
automated telephone line, listing options for the caller to select, 
will direct the caller to the TWIC Help Desk or the TSA/TWIC Web site.

[[Page 29404]]

Callers will be able to discuss questions about the program and final 
standard, the status of their security threat assessment, the location 
and time of operation of enrollment centers, and online applications 
and educational materials. TSA has used the Call Center when 
implementing other new programs and believes it will be very useful to 
owners/operators and applicants.
i. Notifying Employers of Threat Determinations
    TSA is proposing to modify the rule text applicable to HME 
applicants concerning employer notification and apply the proposed 
changes to the TWIC applicants.
    As discussed above, SAFETEA-LU established several mandates 
concerning the threat assessment process. One of the provisions 
requires TSA to invite comment on and develop a process to notify 
employers of HME applicants of the results of the threat assessment. 
Specifically, section 7105 states that--

    Within 90 days of enactment, TSA, after receiving comments from 
interested parties, must develop and implement a process for 
notifying employers designated by applicants for a HAZMAT license of 
the results of the applicant's background check if (1) such 
notification is appropriate considering the potential security 
implications and (2) the Director determines in a final notification 
of threat assessment served on the applicant that he or she does not 
meet the standards for granting a license.

    In the November 24, 2004 hazmat rule, TSA discussed employer 
notification, noting that actual criminal history or other dispositive 
records must be maintained confidentially by TSA. See 69 FR at 68726. 
TSA may inform an employer that an employee is disqualified from 
holding an HME, or has had an HME revoked, so that the employer knows 
that the employee is not authorized to transport hazardous materials. 
TSA, however, generally cannot disclose the basis for the determination 
result of the threat assessment due to prohibitions on disclosure of 
such information under the Privacy Act, or other pertinent privacy laws 
or law enforcement or security regulations. See e.g., 5 U.S.C. 552a (as 
amended); 46 U.S.C. 70105(e); 28 CFR 50.12. In the hazmat rule, TSA 
noted that if it believes an immediate threat exists, TSA may provide 
additional information to the employer to help prevent a security 
incident.
    In the November hazmat rule, TSA requested comment on methods to 
notify an employer that a particular driver's HME is revoked or the 
application for an HME is denied. TSA anticipated that it would be 
difficult to locate a driver's employer because drivers tend to change 
employers frequently and may work for several employers at one time. 
Also, many drivers are self-employed as owners/operators and 
notification in these cases would be unnecessary. TSA proposed 
requiring each employer to maintain a current list of hazmat-endorsed 
driver employees on a secure Web site that TSA could access for 
notification purposes and employers could amend as employees change 
jobs. This list would minimize the chance that TSA would erroneously 
notify a previous employer of a disqualification. Also, the list would 
prevent the loss of time and resources needed to locate an employer for 
notification. Similar procedures are in place with respect to aviation 
workers who have airport security identification display area 
authority. 49 CFR 1542.211. TSA received no comments on this proposal 
or suggestions for an alternative plan, although some employers stated 
that they would like notification of all employee disqualifications.
    Currently, when TSA determines that a driver is not qualified to 
hold an HME, TSA applies the following policy:
    (1) TSA notifies the employer only in cases where TSA determines 
that an imminent security threat may exist.
    (2) TSA notifies the employer listed in the driver's HME 
application.
    (3) TSA limits the information provided to the employer to the fact 
that the driver's HME is being revoked or denied, but does not provide 
the reason for the action.
    TSA developed this process to address two primary concerns. First, 
TSA is concerned about sharing disqualification information with 
incorrect employers and that the likelihood of such notifications would 
rise if TSA made notifications in all disqualification cases. For the 
many drivers who change employers frequently or are self-employed, TSA 
would expend considerable resources trying to determine with certainty 
an applicant's current employer(s).
    Second, for actions in which there is not an imminent threat, 
employers of hazmat drivers have other procedures in place to verify 
whether a driver has an HME. Carriers currently are required to 
determine if a driver employee has been issued an HME, by checking 
State driver records. The Federal Motor Carrier Safety Administration 
(FMCSA) requires carriers to check the driver's status in the first 30 
days of employment by contacting the licensing State. After that, the 
carrier must make an inquiry with the State at least once annually to 
ensure that the driver is authorized to transport hazardous materials. 
49 CFR 391.25. Additionally, FMCSA requires carriers to review an 
employee's driving record during the three years preceding employment 
with the carrier, in every State in which the driver was licensed. The 
carriers also must investigate the driver's employment record during 
the preceding three years. 49 CFR 391.23. These investigations reveal 
whether the driver's HME has been revoked.
    In light of the employer notification requirement in SAFETEA-LU, 
and upon further analysis, TSA proposes to amend the rule text 
concerning employer notification generally and apply the following 
proposed changes to HME and TWIC applicants. First, TSA proposes to add 
a statement to the application for an HME or TWIC acknowledging that 
TSA may notify the applicant's employer if TSA determines that the 
applicant poses a security threat. The applicant must acknowledge 
receipt of this statement. Second, TSA proposes to amend the rule text 
to state that TSA will notify an applicant's employer, where 
appropriate, when issuing final determinations of threat assessment or 
immediate revocations.
    Aside from the employer notification issue, with TWIC applicants, 
TSA also proposes to notify the Federal Maritime Security Coordinator 
(FMSC), the chief governmental security official at the port, of 
revocations. The FMSC also is the Captain of the Port (COTP). 33 CFR 
101.105. TSA will notify the Coast Guard concerning the outcome of 
threat assessments of merchant mariners because a mariner credential 
may not be issued by Coast Guard if TSA denies or revokes a TWIC for 
the mariner.
    TSA invites comment on these proposed requirements for notifying 
employers of employee disqualifications. TSA also invites suggestions 
for improving this system and methods by which a current employer/
employee list can be available to TSA when employer notification is 
necessary. TSA may change its requirements based on these comments.
2. Fee
    Section 520 of the 2004 DHS Appropriations Act requires TSA to 
collect reasonable fees for providing credentialing and background 
investigations in the field of transportation. Fees may be collected to 
pay for the costs of the: (1) Conducting or obtaining a criminal 
history records check (CHRC); (2) reviewing available law enforcement 
databases, commercial databases, and records of other

[[Page 29405]]

governmental and international agencies; (3) reviewing and adjudicating 
requests for waivers and appeals of TSA decisions; and (4) other costs 
related to performing the security threat assessment or providing the 
credential or performing the background records check. Section 520 
requires that any fee collected must be available only to pay for the 
costs incurred in providing services in connection with performing the 
security threat assessment or providing the credential or performing 
the background records check. The fee may remain available until 
expended. TSA establishes these fees in accordance with the criteria in 
31 U.S.C. 9701 (General User Fee Statute), which requires fees to be 
fair and based on: (1) Costs to the government, (2) the value of the 
service or thing to the recipient, (3) public policy or interest 
served, and (4) other relevant facts.
    In this rule, TSA proposes to establish new user fees: (1) The 
Information Collection and Credential Issuance fee, estimated to range 
from $45-$65; (2) the Threat Assessment and Credential Production fee, 
which will be $62, or $50 for applicants who have already received a 
comparable threat assessment from DHS, including those for a Merchant 
Mariner License (MML), Merchant Mariners Document (MMD), Hazardous 
Materials Endorsement (HME), and Free and Secure Trade (FAST) card 
holders; and (3) the fee for replacement of a lost, damaged, or stolen 
TWIC, which will be $36 for all TWIC holders. In addition, TSA will 
collect the FBI Fee for the criminal history records checks in the TWIC 
threat assessment process and forward the fee to the FBI. The current 
FBI Fee is $22.00. If the FBI increases that fee in the future, TSA 
will collect the increased fee. Therefore, total TWIC fees are expected 
to range from $95 (MML, HME, and FAST card holders already vetted by 
DHS) to $149 for all other applicants.
3. TWIC in Other Modes of Transportation
    This rule proposes standards for the maritime environment and 
consequently the security threat assessment standards primarily impact 
merchant mariners and port workers. However, there are a variety of 
individuals who work in other modes of transportation that may be 
subject to the security threat assessment requirement proposed here. 
For instance, many ports include railroad operations. Rail employees 
may be required to obtain a TWIC depending on whether the railroad 
operations are situated in the secure areas. Commercial truck drivers 
delivering or retrieving goods at the port typically have unescorted 
access to secure areas and so they would be required to have a TWIC. As 
envisioned and currently proposed in this rule, commercial drivers that 
hold an HME and have completed TSA's security threat assessment under 
49 CFR part 1572 would not be required to undergo a new threat 
assessment for TWIC until their HME threat assessment expires. These 
drivers would be required to provide a biometric for use on the TWIC 
and pay for enrollment services, credential costs, and appropriate 
program support costs.
    TSA is considering whether to incorporate the TWIC system into all 
modes of transportation. Therefore, TSA requests comments from all of 
the transportation industry--rail, mass transit, pipeline, and 
aviation--not just those affected immediately by these specific 
proposed maritime rules. TSA invites ideas on how this security threat 
assessment and credentialing system can be used to its full potential 
in each of these areas. Each mode of transportation brings its own set 
of challenges to the philosophy of creating secure areas and access 
control procedures that provide a high level of security, protect 
privacy, and do not interfere with commerce. TSA welcomes the views of 
all interested parties as we continue to improve transportation 
security with TWIC and other programs.

IV. Advisory Committee Participation

    In drafting the TWIC regulations, the Coast Guard drew upon the 
expertise of the National Maritime Security Advisory Committee (NMSAC), 
which is composed of a cross-section of maritime industries and port 
and waterway stakeholders; including, but not limited to: Shippers, 
carriers, port authorities, and facility operators. NMSAC advises, 
consults with, and makes recommendations to, the Secretary of Homeland 
Security via the Commandant of the Coast Guard on matters affecting 
maritime security.
    In response, NMSAC formed a Credentialing Work Group (CWG), which 
was comprised of a significant number of NMSAC members and 
approximately 25 other members from the public who represented various 
geographic cross-sections and different elements of the maritime 
industry. NMSAC provided the Coast Guard and TSA with specific industry 
sponsored comments and recommendations for consideration in developing 
this proposed rule. TSA and Coast Guard summarized these comments and 
provide their joint responses below.

A. Access Control

    Comment: NMSAC recommended that ``secure area'' be defined to 
coincide with the access control area determined by the facility 
operator in its security plan.
    Response: We agree with this recommendation and, for all of the 
reasons discussed in this NPRM, are including it in the Coast Guard's 
proposed definition of secure area.
    Comment: NMSAC also recommended that when vessels are moored at 
MTSA regulated facilities, they should be allowed to rely on the 
facility's TWIC procedures and not be required to read an individual's 
TWIC again when he or she required unescorted access to the vessel from 
the facility.
    Response: We agree with this recommendation in part. Nothing in the 
proposed rule prohibits vessels and facilities from agreeing to share 
the management of access control on a case-by-case or recurring basis 
to facilitate operations, subject to approval by the cognizant COTP. In 
keeping with the intent of MTSA, facilities and vessels will still 
retain ultimate responsibility for their own access control measures. 
In the interest of preserving layered security, we also anticipate 
there will be situations where persons seeking unescorted access should 
be required to follow access control procedures again--when moving from 
a vessel to a facility and vice versa--even if this requires repeating 
access control procedures.
    Comment: NMSAC believes that TWIC should serve as the baseline 
requirement for unescorted access to a facility or vessel, allowing 
owners or operators to adopt additional measures.
    Response: We agree with this recommendation. Nothing in this NPRM 
prevents an owner/operator from instituting additional requirements 
before granting access.
    Comment: NMSAC also felt that possession of a TWIC should not 
guarantee access to a facility or vessel, or to a specific location 
within the site.
    Response: We agree. Owners and operators decide who, among the TWIC 
holders, may have unescorted access to the facility or vessel.
    Comment: NMSAC also recommended that access to Outer Continental 
Shelf facilities as defined in part 106, where access is limited and 
can be controlled by having the TWIC credential read at the point of 
embarkation.
    Response: This arrangement is currently allowed under the existing 
regulations and could continue under the provisions of this NPRM.

[[Page 29406]]

B. Location of Reader Points

    Comment: NMSAC recommends that the regulation not stipulate 
specific reader locations.
    Response: We agree. Reader locations are not specified in the 
proposed rule. Owners/operators determine where readers are located, 
based on the security plan and the performance standards established in 
the NPRM.
    Comment: NMSAC recommends that screening points should be placed 
far from critical areas and placement should be determined by owners/
operators.
    Response: Screening locations are not specified in the proposed 
rule. Owners/operators determine where screening points are located, 
based on the security plan and the performance standards established in 
the NPRM.

C. Sponsorship

    Comment: A majority of NMSAC opposed employer sponsorship as a 
requirement of the TWIC application process. Many members believe 
sponsorship introduced several complex components, including privacy 
concerns, increased bureaucracy associated with approving and 
monitoring sponsors, and employer liability issues.
    Response: After careful consideration, we agree that sponsorship, 
as originally conceived, is a challenge for the maritime TWIC program. 
Many of the individuals who will require a TWIC, such as truck drivers 
and casual laborers entering the port, would not be able to list or 
obtain a sponsor. Making accommodations to the sponsorship process for 
these workers would greatly reduce its value. Under the NPRM, 
applicants are asked to provide information on their employer if 
applicable, and to certify that they have a need to obtain a TWIC.

D. Waiver Process/Alternative Security Arrangements

    Comment: NMSAC recommended that we use the list of disqualifying 
offenses currently used for hazmat drivers for establishing 
disqualifying offenses, with some qualifications and concerns. The 
primary concern centered on the waiver requirements found in MTSA, 
which require employer involvement. NMSAC believes that employer 
involvement in the waiver process is inconsistent with MTSA's 
prohibition against disclosure of details of why an applicant is denied 
a TWIC. NMSAC recommended that the TWIC regulations rely upon the 
existing waiver procedures that apply to hazmat drivers.
    Response: We agree. We have proposed using the same list of crimes 
currently in place under the hazmat regulations when making 
determinations regarding TWIC eligibility. Additionally, the NPRM 
contains the waiver procedures that currently apply to hazmat drivers.
    Comment: NMSAC also expressed concerns about individuals currently 
employed in the maritime industry who might be denied a TWIC due to 
previous criminal activity. NMSAC believes existing employees should 
not be denied a TWIC and possibly lose their jobs unless TSA determines 
the individual to pose a risk based on the entire threat assessment. 
NMSAC recommended a ``limited term waiver'' that would allow an 
individual who is employed on the date of TWIC implementation, and is 
not otherwise determined to be a security threat, to obtain a TWIC.
    Response: A ``limited term waiver'' is not being proposed. As in 
the hazmat rule, language in the waiver provisions of the NPRM allow 
individuals to request a waiver of all but four disqualifying offenses. 
These pertain to espionage, sedition, treason, and terrorism. In 
accordance with MTSA and the NPRM, individuals with immigration 
violations would also be ineligible for the TWIC. Under the hazmat 
program, the majority of workers with disqualifying offenses, other 
than those listed above, who have applied for a waiver have been 
successful in obtaining their endorsement through the existing waiver 
process. In addition, the time between publication of the final rule 
and the date an individual is required to obtain a TWIC will provide 
existing employees ample time to apply for a waiver.
    Comment: NMSAC believes that the fingerprint data provided by 
applicants should be used to search all relevant federal databases. In 
addition, NMSAC suggested that TSA check against criminal databases in 
the applicant's State of residence. NMSAC also recommended that a nolo 
contendere plea be treated as a conviction.
    Response: We intend to use an applicant's fingerprints to search 
the criminal databases that require fingerprints to gain access. 
However, there are some databases pertinent to security that are 
accessed by name and therefore, we must use name and other biographic 
information to use these databases. Currently, we do not plan to check 
each State criminal database in addition to the FBI criminal databases. 
The administrative cost and time associated with such an undertaking 
would greatly increase the user fee and make adjudication of all 
applicant records overwhelming. Under this proposal, a nolo contendere 
plea constitutes a conviction.
    Comment: NMSAC proposed that the regulations be consistent 
nationwide. NMSAC was concerned that if individual states are allowed 
to enact legislation that established standards different than the 
federal standard, it would result in additional costs and delays to the 
industry. NMSAC also believed that varied state background checks could 
result in venue shopping by applicants.
    Response: We agree that the TWIC should be nationally consistent 
and that states do not have the authority to modify the federal TWIC 
program. However, States, when acting in their capacity as an owner or 
operator, retain the right of any owner or operator to impose 
additional security measures at their ports and facilities, as they see 
fit, including additional measures for access control beyond the TWIC 
requirements. In addition, States retain their sovereign police powers 
to impose statutes and regulations to protect their citizens from all 
manner of threats, and ensure public welfare. In that capacity, a State 
may impose additional measures at ports, facilities and vessels within 
its jurisdiction that are directed against reducing all types of crime, 
so long as those measures do not conflict with any existing Federal 
regulatory program or frustrate a Federal purpose, including the TWIC. 
Therefore, while the process for obtaining and maintaining a TWIC will 
be uniform across the country, access control measures may vary across 
States, and even from facility to facility, which is in keeping with 
the recommendations of the NMSAC and the intent of this rulemaking.

E. Type of Biometric To Be Used, Other Than Fingerprints

    Comment: NMSAC recommended that the applicant's digital photograph 
be stored on the integrated circuit chip (ICC) on the TWIC. Its format 
and technological standards should conform to other national and 
international programs, such as US-VISIT and FAST. NMSAC recommended 
that we reevaluate the use of fingerprint biometrics for access control 
after completion of Prototype to address procedures for individuals who 
cannot provide fingerprints.
    Response: Regarding the first comment, we agree and are proposing 
that the applicant's digital photograph be stored within the TWIC's 
ICC. We agree with the second comment and are proposing a credential 
that meets or exceeds HSPD 12 and FIPS 201 technical standards, which 
are the baseline for all federal identification

[[Page 29407]]

credentials. We also agree with the third comment and are proposing 
that the digital photograph be used as the alternate biometric for 
individuals who are unable to provide fingerprints at the time of 
issuance.

F. Federally-Managed vs. Federally-Regulated

    Comment: NMSAC strongly supports a federally-managed approach to 
TWIC implementation, as opposed to a federally-regulated approach. 
NMSAC believes that a federally managed program would protect 
collective bargaining agreements, promote uniformity of process and 
technology, ensure appropriate auditing and oversight, protect the 
sensitivity of the biographic and biometric information required for 
application, and limit the potential for security compromises or other 
integrity issues. It also states that there would be significant cost 
savings if TWIC is implemented in a centralized, federally managed 
program.
    Response: We agree and the NPRM reflects this approach.

G. Enrollment

    Comment: In the interest of time, NMSAC recommended that TSA 
provide as many enrollment centers as practical during the initial 
enrollment period, staffed either by DHS personnel or trained trusted 
agents. NMSAC believes that enrollment personnel should be subject to a 
higher level of scrutiny than TWIC applicants, including financial and 
credit screening. NMSAC recommended that TSA streamline the enrollment 
process by allowing pre-enrollment through secure Internet connections, 
dedicated kiosks, or existing facilities. NMSAC had reservations about 
allowing non-safety related agencies or organizations becoming involved 
in this process. They also recommend DHS first look to its own 
agencies, such as Coast Guard License Issuing Centers, or other 
federal, state or local public safety offices to process enrollments 
before seeking partnerships with agencies with non-security missions.
    Response: We agree with most of the NMSAC recommendations. The 
current rollout strategy is phased enrollment over a period of time to 
accommodate the majority of the maritime population centers and then 
geographically expands to cover all ports/facilities with mobile 
enrollment centers. All enrollment centers will be staffed by trained 
trusted agents who will be subject to a thorough threat assessment. The 
NPRM allows for pre-enrollment through secure Internet connections and 
dedicated kiosks.

H. Costs

    Comment: NMSAC stated that the fee should be collected at the time 
of application from the applicant. Any potential employer 
reimbursements or other business relationships should not be defined in 
the regulation. Individuals who have already been screened to an equal 
or higher standard than the TWIC, such as the assessment done for a 
hazmat endorsement, should not have to pay for duplicate applications, 
credential issuance, and background records check. TSA should collect 
only the costs of the program, and the cost for TWIC should be 
standardized at all enrollment centers.
    Response: We agree. The NPRM states that the fee is collected from 
the applicant at the time of enrollment and does not require any 
reimbursement arrangements. Also, we propose comparability standards so 
that agencies with similar checks can apply to TSA for a comparability 
determination. As for hazmat drivers, the check they must complete to 
get a hazmat endorsement is the same as the standard for TWIC. 
Therefore, drivers are not required to complete both checks, but must 
pay a reduced fee for TWIC enrollment and credential production because 
it was not included in the hazmat fee or process.

I. Term of Validity

    Comment: The TWIC should be valid for a period of five years, 
unless revoked for cause. This recommendation assumes there is 
continual check on applicants.
    Response: We agree and propose a 5-year period of validity for the 
TWIC unless revoked for cause. TSA repeats portions of the check 
throughout the 5-year term.

J. Roll-Out Strategy

    Comment: NMSAC supported a phased in regional implementation. A 
timeline and deadline should be identified by TSA, and the final 
implementation/compliance date should be consistent across the country 
and provide sufficient advance lead time to allow stakeholders to 
prepare. To accommodate U.S. mariners, NMSAC proposed that DHS allow 
enrollment centers be set up at foreign facilities with a Coast Guard 
presence.
    Response: We agree and Sec.  1572.19 proposes the implementation 
timeline for applicants to enroll for a TWIC. Regarding oversees 
enrollment of U.S. mariners, we recognize that is an issue in need of 
resolution. As credentialed U.S. mariners pose less of a security risk 
due to the successful completion of security and safety background 
checks, they have been identified as a population who could potentially 
be lower on the priority list for receipt of the TWIC. In the meantime, 
options such as setting up TWIC enrollment stations within existing 
Coast Guard overseas facilities is being explored.

K. TWIC Requirement for Access to Sensitive Security Information

    Comment: NMSAC recommended that TWIC be used as identification 
credential alone, and not affect access to SSI.
    Response: The statute requires ``individuals with access to 
security sensitive information as determined by the Secretary'' to hold 
a TWIC. We agree that requiring all individuals with access to SSI to 
also hold a TWIC may be impractical. We have interpreted the language 
of the statute to allow that only certain individuals who will require 
access to SSI hold a TWIC, if they have not already been subject to an 
equivalent check. These individuals are clearly identified by position 
in the NPRM.

L. Miscellaneous Issues

    Comment: NMSAC strongly urges TSA and Coast Guard to gather 
industry input in the TWIC rulemaking.
    Response: In developing the TWIC program, we have benefited from 
the expertise and assistance of industry and government stakeholders. 
Our work with the NMSAC has produced several outstanding 
recommendations and solutions to potential challenges. Additionally, we 
are planning four public meetings on this NPRM, in order to engage 
industry and gather comments before a final rule is in place.
    Comment: NMSAC urged TSA and Coast Guard to coordinate TWIC with 
other federal programs to avoid duplication and conflicts. It also 
urged that Merchant Mariner Licenses and Documents be merged with TWIC 
to the greatest extent possible to minimize the number of credentials 
mariners are required to carry.
    Response: The Coast Guard National Maritime Center has expressed 
similar concerns over adding yet another credential to the list of 
those required for mariners. In a separate rulemaking published in 
today's Federal Register, the Coast Guard has proposed combining all 
merchant mariner credentials into a single form, in order to minimize 
the number of credentials a mariner must carry. That proposal would 
merge the existing mariner documents, consisting of the License, 
Merchant Mariner Document, STCW Endorsement, and Certificate of 
Registry, into one. The TWIC would

[[Page 29408]]

remain the identification credential and separate from these other 
credentials, at least for the time being. The consolidated mariner form 
would document the mariner's professional skills and capabilities and 
the TWIC would document the mariner's identity.

M. Procedures for Replacement of Lost or Stolen Credentials, and 
Penalties for Persons Who Fraudulently Obtain or Use/Attempt to Use a 
TWIC

    Comment: NMSAC expressed concerns about the procedures to address 
lost or stolen credentials, and the penalty for persons who 
fraudulently obtain or use/attempt to use a TWIC.
    Response: We agree that procedures for lost or stolen credentials 
are essential services. Applicants will be given an 800-number to call 
in the event they lose the TWIC or it is stolen. The applicant must 
return to an enrollment center to activate a new TWIC. This will not 
require a full enrollment process unless the biometric or biographic 
information has changed since the time of the initial enrollment and 
the period of validity of the TWIC will be the same as the lost or 
stolen credential it is replacing. As the NPRM states, applicants who 
fraudulently obtain or attempt to use a TWIC may be prosecuted 
criminally and/or through administrative action.

N. On-Site TWIC Implementation

    Comment: NMSAC expressed concern about the possibility for delay at 
points of entry due to implementation of theTWIC program.
    Response: During TSA's Prototype, possession of a TWIC ultimately 
accelerated access for individuals when they were entered into the 
local access control system. We anticipate similar results when TWIC is 
fully operational. As proposed, this rule would permit owners/operators 
to determine the details of the access control system, and so resolving 
access problems would largely be managed at the facility or vessel. 
However, we welcome industry feedback and insight on ways that we may 
be able to improve the proposed requirements without compromising 
either security or function.

V. Section-by-Section Analysis of United States Coast Guard Proposed 
Rule

General Introduction

    The following discussion highlights the changes being made to the 
Coast Guard regulations and address some miscellaneous effects that 
these changes will have on unamended sections of the regulations. The 
discussion is divided into parts and sections within those parts, which 
will enable the reader to skip to those regulations that affect him/
her. In order to allow for this, some explanations are repeated from 
part to part (for example, the explanation for proposed amendments to 
the recordkeeping requirement sections in parts 104, 105, and 106, are 
identical).

33 CFR Part 101

33 CFR 101.105
    Coast Guard proposes amending Sec.  101.105 by adding new 
definitions for escorting, personal identification number (PIN), 
recurring unescorted access, secure area, TWIC, TWIC program, and 
unescorted access. These terms would be introduced by the amendments 
discussed below, and their definitions are self-explanatory.
33 CFR 101.121
    Coast Guard proposes adding Sec.  101.121 to require those 
organizations that have approved Alternative Security Programs (ASPs) 
to submit a TWIC Addendum to their ASP. This TWIC Addendum should 
explain how the TWIC requirements proposed in parts 104, 105, and 106 
(as applicable) would be implemented in the ASP. The TWIC Addendum 
would be submitted to the Coast Guard for approval and, once approved, 
would be given the same expiration date as the overall ASP. When it is 
time for the overall ASP to be reapproved, the TWIC Addendum would be 
incorporated into the overall ASP, resulting in a single document. Any 
organization not submitting the TWIC Addendum by the given deadline 
would have their ASP declared invalid.
33 CFR 101.514
    Coast Guard proposes adding Sec.  101.514. This new section 
contains the requirement that all persons requiring unescorted access 
to secure areas of vessels, facilities, and OCS facilities regulated by 
parts 104, 105, or 106 of subchapter H possess a TWIC before such 
access is granted. Federal officials would not be required to use a 
TWIC, but rather would be required to use their HSPD 12-compliant 
agency credential. These HSPD 12-compliant, biometrically-enabled 
credentials will be built according to the same technical standards as 
the TWIC, ensuring comparable levels of security. Coast Guard has also 
included a provision allowing for State and local officials to 
voluntarily obtain a TWIC when their office or duty station falls 
within, or where they require recurring unescorted access to, a secure 
area of a vessel, facility, or an OCS facility. Coast Guard would not, 
at this time, require these officials to obtain a TWIC, but we may 
revisit this in the future.
    Coast Guard also would allow for voluntary compliance with TWIC for 
those maritime facilities and vessels that would otherwise not be 
required to comply. Any owner or operator who would like to voluntarily 
comply with TWIC requirements would first be required to contact their 
cognizent COTP, who will forward the request, along with the COTP's 
recommendation, to TSA. Once the Coast Guard and TSA determine that use 
of the TWIC by the facility or vessel would benefit and improve overall 
maritime security, the owner/operator would receive authorization to 
have employees enroll at TSA enrollment centers and establish a TWIC 
program at their facility. Coast Guard requests that those owner/
operators who would like to voluntarily comply under this provision 
please submit a comment.
33 CFR 101.515
    Coast Guard proposes amending Sec.  101.515 to limit its 
application only to those persons seeking escorted access to a secure 
area. This amendment would require that anyone, other than law 
enforcement officers in performance of their official duties, seeking 
access to a vessel, facility, or OCS facility provide personal 
identification meeting the standards listed in this section. It also 
would require that these individuals be escorted at all times in a 
secure area.

33 CFR Part 103

33 CFR 103.305
    Coast Guard proposes amending Sec.  103.305 to require that all 
Area Maritime Security (AMS) Committee members hold a TWIC or have 
passed a comparable security background investigation, as determined by 
the FMSC, with the exception of credentialed Federal, state and local 
officials. Coast Guard would omit credentialed Federal, state, and 
local officials from the requirement to hold a TWIC because the 
majority of these individuals undergo a security threat assessment 
prior to beginning their job, and because (as explained above) the 
Federal officials will all be issued HSPD 12-compliant, biometric 
identification credentials, and it is hoped that states and local 
entities will follow suit.
33 CFR 103.505 and 103.510
    Coast Guard proposes amending Sec. Sec.  103.505 and 103.510 to 
require that all AMS plans address biometric access programs within the 
port, and to require

[[Page 29409]]

that all AMS plans be updated to reflect this consideration.

33 CFR Part 104

33 CFR 104.105
    Coast Guard proposes amending Sec.  104.105 to exempt foreign 
vessels from the TWIC requirements. Currently foreign vessels entering 
U.S. ports that carry a valid International Ship and Port Facility 
(ISPS) certificate are deemed to be in compliance with part 104, except 
for Sec. Sec.  104.240, 104.255, 104.292, and 104.295. However, there 
are a small number of foreign vessels who are not required to comply 
with the International Convention for Safety of Life at Sea (SOLAS) or 
with the ISPS Code, and therefore must submit security plans in 
accordance with this part. Without the proposed language, these vessels 
would be required to comply with the TWIC provisions. The crew of these 
vessels would primarily consist of foreign mariners. While not 
explicitly exempt from the TWIC requirements by the language of 46 
U.S.C. 70105, the particular situation of foreign mariners makes it 
impractical to issue this population TWICs, and it has been determined 
that it is inappropriate to this rulemaking. Thus, the small number of 
foreign vessels who would otherwise be required to comply with part 
104, as well as all other foreign vessels, have been exempted from 
complying with the TWIC provisions of this part since none of their 
crew would hold a TWIC. Nothing in this proposed exemption should 
affect the existing requirements that owners or operators have 
procedures in place for allowing seafarers to traverse facilities for 
the purpose of completing crew changes or taking shore leave.
33 CFR 104.106
    Coast Guard proposes adding Sec.  104.106 to provide for passenger 
access areas on board passenger vessels, ferries, and cruise ships. 
Implementation of the TWIC credential would have a significant impact 
on the way that owners and operators make access control decisions. The 
proposed rule would introduce the concept of a ``secure area,'' defined 
as the area over which an owner or operator chooses to exercise access 
control as set forth in Sec.  104.265, essentially making the entire 
vessel a secure area. In non-passenger vessels, this is not 
problematic; for those that carry passengers, however, it presents 
difficulties. Since the law requires that no one be allowed unescorted 
access to secure areas unless they carry a TWIC, passenger vessels, 
ferries, and cruise ships would have had to either require passengers 
to obtain TWICs or ensure that passengers were ``escorted'' at all 
times while on the vessel. To avoid either outcome, Coast Guard 
proposes creating the ``passenger access area,'' which will allow 
vessel owners/operators to carve out areas within the secure areas 
aboard their vessels where passengers are free to move about 
unescorted. These passenger access areas would work in a manner similar 
to the already existing ``public access areas'' in part 105.
33 CFR 104.115
    In Sec.  104.115, Coast Guard proposes using the same roll-out and 
implementation model for TWIC as was used for vessel security plans. 
Vessels would have six (6) months from the date that the final rule is 
published to submit a TWIC addendum to the Marine Safety Center. They 
would be required to be operating according to the addendum between 
twelve (12) and eighteen (18) months following the date that the final 
rule is published, depending on whether enrollment for the port in 
which the vessel is operating has been completed.
33 CFR 104.120
    The proposed amendment to Sec.  104.120 would require that a copy 
of the approved TWIC addendum be kept on board the vessel, along with 
the already approved Vessel Security Plan (VSP) (already required to be 
on board). Coast Guard has included provisions for scenarios in which 
the TWIC addendum has been submitted to the Marine Safety Center (MSC) 
but not yet approved, and for vessels operating under an approved 
alternative security program.
33 CFR 104.200, 104.210, 104.215, 104.220, and 104.225
    Coast Guard proposes amending these sections to require that all 
individuals with security duties, including the company security 
officer (CSO), acquire and maintain a TWIC. Coast Guard requests 
comment on whether owners/operators should also be required to obtain a 
TWIC, based on their access to sensitive security information (SSI). 
Coast Guard also proposes amending these sections to add knowledge 
requirements and responsibilities pertaining to TWIC to those already 
assigned to owners/operators, company security officers, vessel 
security officers, vessel employees with security duties, and all 
vessel employees. At this time, there are no formal training 
requirements proposed in order to meet the TWIC knowledge requirements. 
It is important that owners/operators and those with security duties be 
familiar with the technologies on the credential that make it resistant 
to tampering and forgery. Persons who will be examining TWICs at access 
control points should be familiar enough with its physical appearance 
such that variations or alterations are easily recognized.
    It is important that security personnel at the access points to the 
vessel be familiar with alternate ways to reliably verify an 
individual's identity and his or her credential should the individual 
be unsuccessful using the primary means of verification (e.g., 
fingerprint match). Personnel who will be required to resolve an 
individual's failure to electronically verify his or her identity 
should be familiar with all the possible reasons for the failure. For 
example, an individual may not be able to verify his identity against 
the biometric stored on the credential due to wear on the integrated 
circuit chip (ICC) itself, problems with the reader, wear on the 
individual's fingerprints, or because the individual is an imposter. 
Alternate procedures for addressing failures of an individual to verify 
his fingerprint against the information stored on the credential should 
be reasonably designed to discern between a legitimate user and an 
imposter. All other employees should be familiar with the TWIC 
topology, as well as the steps to take should their own TWIC become 
lost or stolen.
    The heaviest burden has been placed on the owner/operator, who 
would be required to ensure that the TWIC program is implemented on 
board the vessel in accordance with the proposed regulations. This 
would include a new requirement that the owner/operator ensure that 
someone on the vessel know who is on the vessel at all times. It would 
also include a requirement that the owner/operator ensure that computer 
and access control systems and hardware are secure. The Coast Guard has 
placed a sample document in its docket (located at the places listed in 
the ADDRESSES section above) for this NPRM that outlines the proper 
standard of care to be used to protect these systems and hardware. We 
request comment on this standard of care, as well as on any associated 
costs to implement it.
33 CFR 104.235
    Coast Guard proposes adding a new record-keeping requirement, 
mandating that owners/operators maintain records for two years of all 
persons who are granted access to secure areas of the vessel, including 
when they disembark the vessel. The requirement does not distinguish 
between those who were granted unescorted access because they

[[Page 29410]]

carried a TWIC and those who were granted escorted access. For those 
who are granted recurring unescorted access, such as permanently 
attached crew or other employees, owners/operators would be required to 
record the span over which the individual's access privileges endured. 
For individuals who were granted escorted access, the owners/operators 
would be required to record each date that the individual is escorted, 
and identify his escort.
33 CFR 104.265
    Coast Guard proposes amending this section to require the use of 
TWIC in the vessel's access control measures. This section would show 
the greatest changes as a result of TWIC implementation, and reflects a 
difficult compromise of many competing concerns, including our desire 
to preserve as much of the performance-based standard as possible so 
that vessels could tailor implementation to suit their individual 
operational needs while preserving the security enhancements provided 
by the TWIC credential.
    TWIC provides for implementing graduated security measures by 
relying upon the three factor authentication process for establishing a 
person's identity. This process consists of identifying: (1) Something 
the person has--a TWIC credential; (2) something the person knows--a 
PIN, stored securely on the ICC in the credential; and (3) something 
the person is--in the case of the TWIC, that will be the individual's 
fingerprint, which also is stored on the ICC of the credential. By 
requiring one or all of these factors before allowing access, owners/
operators can make increasingly more secure decisions regarding 
individuals who are requesting to board the vessel.
    Currently, most access control decisions are made relying on a 
``flash pass.'' Individuals requesting entry are required to show 
identification that conforms to Sec.  101.515 of subchapter H, which 
currently encompasses a broad spectrum of credentials, including 
driver's licenses from all 50 states. Many of these credentials are 
easily forged or altered, and the sheer diversity of appearances 
hampers security personnel's ability to recognize a forged or altered 
credential when it is presented.
    Even when used as a flash pass, the TWIC provides greater 
reliability than the existing system because it presents a uniform 
appearance with embedded features on the face of the credential that 
make it difficult to forge or alter. When presented with a TWIC, 
security personnel familiar with its security features are immediately 
able to notice any absence or destruction of these features.
    Nevertheless, our intent was to discourage the use of the TWIC as a 
flash pass for several reasons. While security personnel can reliably 
detect changes to the appearance of the credential or missing features, 
he or she cannot know whether or not the credential has been revoked by 
TSA, or other competent authority, merely by examining the surface of 
the credential. Furthermore, comparing the individual to the photo on 
the credential requires focused examination that is likely to suffer 
when security personnel are distracted or during particularly busy 
periods. This is the time that an unauthorized individual is most 
likely to attempt entry, and is most likely to breach a system that 
relies solely on the flash pass system. Finally, allowing owners/
operators to rely solely on the flash pass system is unreasonable in 
light of the additional cost of the credential, and the available 
security enhancements that the increased cost represents.
    Thus, Coast Guard proposes to require owners/operators to use at 
least one of the technical enhancements on the credential to 
electronically verify a person's identity and also requires 
verification that the credential remains valid, and has not been 
altered or counterfeited.
    Implementation of the TWIC program will require that the owner/
operator use different processes for identifying persons, depending on 
whether or not the individual is requesting unescorted access. If the 
individual is requesting, or will require, unescorted access as part of 
his or her job responsibilities, the individual must have and maintain 
a TWIC.
    On an owner/operator's first encounter with an individual seeking 
or requiring unescorted access to the vessel, we would require that all 
of TWIC's security features be used to verify both the individual's 
claimed identity and that the credential remained valid. Thus, when 
presented with an individual's TWIC for the first time, an owner or 
operator would be required to electronically verify that the 
individual's fingerprint matches the data stored on the ICC, and that 
the individual can correctly enter the PIN that is also stored on the 
ICC. Both of these processes will require that the individual have the 
TWIC in his/her possession, thus satisfying all three factors of the 
authentication process. In addition, the owner or operator would have 
to confirm that the TWIC remains valid. In order to know that the TWIC 
has not been revoked, some regular contact with TSA will be necessary. 
Coast Guard has not specified how this contact should be made so as to 
provide as much flexibility as possible.
    These steps performed together will detect to the highest degree of 
certainty whether the individual is the rightful bearer of the TWIC he 
or she holds, and whether or not it was duly issued and remains valid. 
After the initial encounter, there is as much flexibility as possible 
for the owner/operator so that the TWIC would provide a valuable 
security enhancement without unnecessarily burdening daily operations. 
Coast Guard recognized that, particularly for smaller vessels such as 
towing vessels, the value by the daily validation of an individual's 
personal identity is less than for facilities, which generally interact 
with greater numbers of vendors, visitors, and facility employees. We 
assumed that the crew of most vessels, excluding cruise ships, would be 
a relatively small number of people who would quickly become familiar 
enough with one another so as to be able to readily identify fellow 
crew members and notice strangers. Thus, there is more emphasis on 
ensuring that the credential remains valid. Accordingly, Coast Guard 
has identified specific intervals, according to the Maritime Security 
(MARSEC) level, when a vessel owner/operator must routinely check that 
the credential remains valid.
    As a result of this desire to provide flexibility, we propose the 
concept of ``recurring unescorted access,'' which is intended to allow 
an individual to enter on a continual basis, without repeating the 
personal identity verification piece. The decision to grant recurring 
access privileges should be based on two considerations: (1) The 
relationship of the individual to the vessel, or how well ``known'' he 
or she is; and (2) the individual's need to have frequent and unimpeded 
access to the vessel.
    No vessel is required to grant any individual recurring unescorted 
access; it is intended as a tool by which owners/operators can allow 
persons who are well known to them to move in and out of secure areas 
on a repetitive basis without having to electronically verify the 
individual's identity each time. The credential verification 
requirement would remain, and owners/operators would be responsible to 
check the validity of the TWIC belonging to any person to whom is 
granted recurring unescorted access according to the identified 
specific interval, based on the MARSEC level.
    Frequent vendors and other visitors, such as union and seafarer 
representatives, could seek and, at the

[[Page 29411]]

owner/operator's discretion, be granted recurring unescorted access. If 
granted, it would allow these individuals, identified by the vessel 
security officer, or other qualified personnel, to be entered onto the 
vessel's rolls of TWIC holders whose TWIC must be checked on a regular 
basis to ensure it remains unrevoked by TSA.
    The infrequent visitor or vendor who bears a TWIC and seeks 
unescorted access, would be required to electronically verify his or 
her identity by matching the biometric information stored on the ICC. 
The credential's validity would also have to be verified to ensure that 
it has not been revoked since issuance by TSA. Coast Guard acknowledges 
that maintaining this connectivity with TSA will be a challenge for 
vessel owners and operators. However, TSA has indicated that it will be 
able to maintain an updated list of all invalid credentials which can 
be downloaded over a secure connection with the TSA Web site, and 
vessel owners/operators would be able to verify the validity of 
credentials from infrequent visitors against this list. Furthermore, 
Coast Guard has assumed that vessels which could not establish access 
to TSA via a secure Web site from time to time could obtain updated 
versions of the list from its agent or home office.
    Persons presenting for entry who do not hold a TWIC would still be 
required to show an acceptable form of identification, as set forth in 
Sec.  101.515 and 104.265(e)(3), and would be required to be escorted 
if they are granted access to secure areas. Owners/operators are not 
required by the proposed changes to use the TWIC as their primary 
badging system. As much as practical, Coast Guard has retained the 
performance-based standards from the existing regulations that allows 
owners/operators to establish identification systems that best suits 
their individual operational needs. If, however, owners/operators 
choose to rely solely on the TWIC as their badging system, the system 
should include a means for identifying non-TWIC holders. If owners/
operators choose to use a separate badging system, it must be 
coordinated with the TWIC requirements in this part such that 
notification to the owner/operator of changes in the individual's TWIC 
status are also reflected in the separate badging system.
    Other existing regulatory requirements that we thought were 
important to preserve related to coordinating access control measures 
and the TWIC implementation with facilities whenever possible, 
particularly as that would facilitate the ready access of frequent 
vendors, and union and seafarer representatives to the vessel, as 
appropriate. Coast Guard anticipates that these individuals will also 
obtain a TWIC. Any coordination must be outlined in the TWIC addendum.
    In keeping with the longstanding tradition that seafarers keep 
their mariner credentials and other important documents on the bridge, 
or stored in a secure place, this rule does not propose that vessel 
crew be required to display or maintain their TWIC on their person at 
all times. Instead, anyone granted unescorted access to the secure 
areas of the vessel under this proposed rule is expected to produce his 
or her TWIC for inspection if so required by a competent authority. 
Thus, persons assigned to the vessel can keep the credential stored 
securely on the vessel with their other important documents. However, 
mariners will have to take the TWIC with them when they leave the 
vessel in order to gain unescorted access through the facility.
    Owners/operators are required to devise backup processes for making 
access control decisions when any part of the TWIC system fails, with 
particular attention paid to not creating greater vulnerabilities that 
can be leveraged by a failure of the system due to deliberate efforts. 
Of particular concern is the occasion when an individual may not be 
able to match his or her biometric against the information stored on 
the ICC. While this could mean the person is not who he says he is, it 
is also possible that wear and tear on the reader, the ICC, or the 
person's fingerprint itself have caused the failure. In resolving these 
kinds of failures, security personnel should be well informed as to 
other reliable means of verifying identity, such as comparing the image 
of the individual that is electronically stored on the ICC to the 
person him or herself, or by having other authorized personnel vouch 
for his identity.
    In keeping with the graduated scheme of the MTSA regulations, this 
rule proposes requiring increased use of TWIC security features at 
higher MARSEC levels. At MARSEC level 1, the owner/operator would be 
required to ensure that the validity of TWIC credentials is verified 
against the latest information available from TSA on a weekly basis. At 
MARSEC level 2, the owner/operator would be required to ensure that the 
validity of TWIC credentials is verified against the latest information 
available from TSA on a daily basis. At MARSEC level 3, all personnel 
seeking unescorted access would be required to verify their identity 
biometrically and using their PIN at each entry to a secure area of the 
vessel.
    The requirements at each MARSEC level are laid out in the table 
that follows.

--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                         Vessels
                                    ------------------------------------------------                                                U.S. flagged cruise
                                      Recurring unescorted        Non-recurring            Facilities           OCS facilities             ships
                                             access             unescorted access
--------------------------------------------------------------------------------------------------------------------------------------------------------
MARSEC 1...........................  Facial recognition      1 to 1 biometric match  1 to 1 biometric       1 to 1 biometric       1 to 1 biometric
                                      minimum each entry;     at each entry; card     match at each entry;   match at each entry;   match at each entry;
                                      card validity checked   validity checked at     card validity          card validity          card validity
                                      weekly with             each entry with         checked at each        checked at each        checked at each
                                      information <=1 week    information <= 1 week   entry with             entry with             entry with most
                                      old.                    old.                    information <=1 week   information <=1 week   current information
                                                                                      old.                   old; recheck those     available from TSA.
                                                                                                             continuously aboard
                                                                                                             weekly with most
                                                                                                             current information
                                                                                                             available from TSA.
--------------------------------------------------------------------------------------------------------------------------------------------------------

[[Page 29412]]

 
MARSEC 2...........................  Facial recognition      1 to 1 biometric match  1 to 1 biometric       1 to 1 biometric       1 to 1 biometric
                                      minimum each entry;     at each entry; card     match at each entry;   match at each entry;   match + PIN at each
                                      card validity checked   validity checked at     card validity          card validity          entry; card validity
                                      daily with the most     each entry with         checked at each        checked at each        checked at each
                                      current information     information <=1 day     entry with             entry with             entry with most
                                      available from TSA.     old.                    information <=1 day    information <=1 day    current information
                                                                                      old.                   old; recheck those     available from TSA.
                                                                                                             continuously aboard
                                                                                                             daily with most
                                                                                                             current information
                                                                                                             available from TSA.
--------------------------------------------------------------------------------------------------------------------------------------------------------
MARSEC 3...........................    1 to 1 biometric match + PIN at each entry;   1 to 1 biometric       1 to 1 biometric       1 to 1 biometric
                                         card validity checked at each entry with     match + PIN at each    match + PIN at each    match + PIN at each
                                                 information <=1 day old.             entry; card validity   entry; card validity   entry; card validity
                                                                                      checked at each        checked at each        checked at each
                                                                                      entry with             entry with             entry with most
                                                                                      information <=1 day    information <=1 day    current information
                                                                                      old.                   old; recheck those     available from TSA.
                                                                                                             aboard continuously
                                                                                                             daily.
--------------------------------------------------------------------------------------------------------------------------------------------------------

33 CFR 104.290
    Coast Guard proposes amending this section to require owners/
operators to have the records of persons who have been granted access 
to the vessel (See, Sec.  104.235, discussed above) available after a 
security incident.
33 CFR 104.295
    Coast Guard proposes amending Sec.  104.295 to impose higher 
burdens on U.S. cruise ships. The same assumptions regarding crew size 
and connectivity (discussed in the proposed changes to Sec.  104.265 
above) do not apply to these large, sophisticated vessels whose 
potential to be the impetus of a transportation security incident (TSI) 
is much greater than other vessels. As a result, TWIC requirements more 
closely resemble those for facilities. Coast Guard proposes requiring 
that an individual's identity be checked against their TWIC at each 
entry to the vessel, and that the validity of the TWIC be verified with 
TSA at a higher rate than for other vessels.
33 CFR 104.405
    Coast Guard proposes amending this section to require that when 
each vessel security plan is reviewed and resubmitted for approval upon 
its 5 year anniversary date, it incorporates the TWIC Addendum into all 
appropriate sections of the VSP. Most of these changes should be 
reflected in the plan's section on access control.

New Subpart E (33 CFR 104.500-104.510)

    Proposed Sec.  104.500-104.510 are new and are intended to be 
temporary measures that will be phased out as existing plans are 
renewed according to their expiration date. Rather than require owners/
operators to resubmit their entire plan with the TWIC measures 
incorporated within, Coast Guard proposes requiring a temporary TWIC 
addendum to be submitted. The addendum should be drafted in conjunction 
with the existing plan, reflecting all modifications that the TWIC 
rules require. Once approved, it should be attached to and maintained 
as part of the entire plan, and will be given the same expiration date 
as the existing plan. Upon expiration, the TWIC addendum should be 
seamlessly incorporated into the full plan when it is renewed in 
accordance with the regulations in place at the time of renewal. 
Owners/operators may opt to resubmit their entire plan, with a list of 
sections amended, as their TWIC Addendum, but once approved it will 
carry the same expiration date as it had prior to amendment. Owners/
operators are encouraged to submit the addendum via Homeport (http://homeport.uscg.mil).

33 CFR Part 105

33 CFR 105.115
    In Sec.  105.115, Coast Guard proposes using the same roll-out and 
implementation model for TWIC as was used for MTSA security plans. 
Facilities would have six (6) months from the date that the final rule 
is effective to submit a TWIC addendum to their cognizant Captain of 
the Port (COTP) and would be required to be operating according to the 
addendum between twelve (12) and eighteen (18) months following the 
effective date, depending on whether enrollment has been completed at 
the port where the facility is located.
33 CFR 105.120
    In the proposed amendment to Sec.  105.120, Coast Guard would 
require that the facility keep a copy of the approved TWIC addendum on-
site, along with the already approved facility security plan (FSP) 
(already required to be on site). Coast Guard has included provisions 
for scenarios in which the TWIC addendum has been submitted to the COTP 
but not yet approved, and for facilities operating under an approved 
alternative security program.
33 CFR 105.200, 105.205, 105.210, and 105.215
    Coast Guard proposes amending these sections to require that all 
individuals with security duties acquire and maintain a TWIC. Coast 
Guard requests comment on whether owners/operators should also be 
required to obtain a TWIC, based on their access to sensitive security 
information (SSI). Coast Guard also proposes adding knowledge 
requirements and responsibilities pertaining to TWIC to those already 
assigned to owners/operators, facility security officers, facility 
employees with security duties, and all facility employees. There are 
no formal training requirements in order to meet the TWIC knowledge 
requirements proposed at this time. It is important that owners/
operators and those with security duties be familiar with the 
technologies on the credential, particularly the imbedded features that 
make the credential resistant to tampering and forgery. Persons who 
will be examining TWICs at access control points should be familiar 
enough with its physical

[[Page 29413]]

appearance such that variations or alterations are easily recognized.
    It is important that security personnel at the access points to the 
facility be familiar with alternate ways to reliably verify an 
individual's identity and his or her credential should the individual 
be unsuccessful using the primary means of verification (e.g., 
fingerprint match). For example, an individual may not be able to 
verify his identity against the biometric stored on the credential due 
to wear on the ICC itself, problems with the reader, wear on the 
individual's fingerprints, or because the individual is an imposter. 
Alternate procedures for addressing failures of an individual to verify 
his fingerprint against the information stored on the credential should 
be reasonably designed to discern between a legitimate user and an 
imposter. All other employees should be familiar with the TWIC 
topology, as well as the steps to take should their own TWIC become 
lost or stolen.
    The heaviest burden has been placed on the owner/operator, who 
would be required to ensure that the TWIC program is implemented on 
board the facility in accordance with the proposed regulations. This 
would include a new requirement that the owner/operator ensure that 
someone on the facility know who is on the facility at all times. It 
would also include a requirement that the owner/operator ensure that 
computer and access control systems and hardware are secure. The Coast 
Guard has placed a sample document in its docket (located at the places 
listed in the ADDRESSES section above) for this NPRM that outlines the 
proper standard of care to be used to protect these systems and 
hardware. We request comment on this standard of care, as well as on 
any associated costs to implement it.
33 CFR 105.225
    Coast Guard proposes adding a new record-keeping requirement, 
mandating that owners/operators maintain records for two years of all 
persons who are granted access to the facility. The requirement does 
not distinguish between those who were granted unescorted access 
because they carried a TWIC and those who were granted escorted access. 
For individuals who were granted escorted access, the owners/operators 
would be required to record each date that the individual is escorted, 
and identify his escort.
33 CFR 105.255
    Coast Guard proposes amending this section to require the use of 
TWIC in the facility's access control measures. This section would show 
the greatest changes as a result of TWIC implementation, and reflects a 
difficult compromise of many competing concerns, including our desire 
to preserve as much of the performance-based standard as possible so 
that facilities could tailor implementation to suit their individual 
operational needs while preserving the security enhancements provided 
by the TWIC credential. TWIC provides graduated increases in security 
by relying upon the three factor authentication process for 
establishing a person's identity. This process consists of identifying: 
(1) Something the person has--a TWIC credential; (2) something the 
person knows--a Personal Identification Number (PIN), stored on the 
integrated circuit chip (ICC) in the credential; and (3) something the 
person is--in the case of the TWIC, it will be the individual's 
fingerprint, which is also stored on the ICC of the credential. By 
requiring one or all of these factors before allowing access, owners/
operators can make increasingly more secure decisions regarding 
individuals who are requesting to enter the facility.
    Currently, most access control decisions are made relying on a 
``flash pass.'' Individuals requesting entry are required to show 
identification that conforms to Sec.  101.515 of subchapter H, which 
currently encompasses a broad spectrum of credentials, including 
driver's licenses from all 50 states. Many of these credentials are 
easily forged or altered, and the sheer diversity of appearances 
hampers security personnel's ability to recognize a forged or altered 
credential when it is presented.
    Even when used as a flash pass, the TWIC provides greater 
reliability than the existing system because it presents a uniform 
appearance with embedded features on the face of the credential that 
make it difficult to forge or alter. When presented with a TWIC, 
security personnel familiar with its security features are immediately 
able to notice any absence or destruction of these features.
    Nevertheless, our intent was to discourage the use of the TWIC as a 
flash pass for several reasons. While security personnel can reliably 
detect changes to the appearance of the credential or missing features, 
he or she cannot know whether or not the credential has been revoked by 
TSA, or other competent authority, merely by examining the surface of 
the credential. Furthermore, comparing the individual to the photo on 
the credential requires focused examination that is likely to suffer 
when security personnel are distracted or during particularly busy 
periods. This is the time that an unauthorized individual is most 
likely to attempt entry, and is most likely to breach a system that 
relies solely on the flash pass system. Finally, allowing owners/
operators to rely solely on the flash pass system is unreasonable in 
light of the additional cost of the credential, and the available 
security enhancements that the increased cost represents.
    Thus, Coast Guard proposes to require owners/operators to use at 
least one of the technical enhancements on the credential to 
electronically verify a person's identity and also requires 
verification that the credential remains valid, and has not been 
altered or counterfeited.
    Implementation of TWIC will require that the owner/operator use 
different processes for identifying persons depending on whether or not 
the individual is requesting unescorted access. If the individual is 
requesting unescorted access, or will require unescorted access as part 
of his or her job responsibilities, the individual must have and 
maintain a TWIC.
    Individuals requesting unescorted access to secure areas of the 
facility must present a valid TWIC prior to entry and electronically 
verify his or her identity by matching his or her biometric against the 
information stored on the credential.
    In addition, the owner or operator would have to confirm that the 
TWIC remains valid. In order to know that the TWIC has not been 
revoked, some regular contact with TSA will be necessary. (See, 
discussion of ``using TWIC in an access control system'' above.) No 
particular method has been prescribed for contacting TSA to verify the 
validity of credentials so as to provide as much flexibility to owners/
operators as possible.
    Persons presenting for entry who do not hold a TWIC would still be 
required to show an acceptable form of identification, as set forth in 
Sec. Sec.  101.515 and 104.265(e)(3), and will be required to be 
escorted if they are granted access to secure areas. Owners/operators 
are not required by the proposed changes to use the TWIC as their 
primary badging system. As much as practical, the rule proposed to 
retain the performance-based standards from the existing rule that 
allows owners/operators to establish identification systems that best 
suit their individual operational needs. If, however, owners/operators 
choose to rely solely on the TWIC as their badging system, the system 
should include a means for identifying non-TWIC holders. If owners/
operators choose to use a separate badging system, it must

[[Page 29414]]

be coordinated with the TWIC requirements in this part.
    Other provisions that are important to preserve are related to 
coordinating access control measures and the TWIC implementation with 
vessels whenever possible, particularly as that would facilitate the 
ready access of frequent vendors, and union and seafarer 
representatives to the vessel and crew as appropriate.
    Facility personnel are required to have their TWIC readily 
available for inspection if so required by a competent authority.
    Coast Guard proposes that owners/operators be required to devise 
backup processes for making access control decisions should any part of 
the TWIC system fail, with particular attention paid to not creating 
greater vulnerabilities that can be leveraged by deliberately causing a 
failure of the system. Of particular concern is the occasion when an 
individual may not be able to match his or her biometric against the 
information stored on the ICC. While this could mean the person is not 
who he says he is, it is also possible that wear and tear on the 
reader, the ICC, or the person's fingerprint itself have caused the 
failure. In resolving these kinds of failures, security personnel 
should be well informed as to other reliable means of verifying 
identity, such as comparing the image of the individual that is 
electronically stored on the ICC to the person him or herself, or by 
having other authorized personnel vouch for his identity.
    In keeping with the graduated scheme of the MTSA regulations, Coast 
Guard proposes requiring increased use of the TWIC at higher MARSEC 
levels. At MARSEC level 1, the owner/operator would be required to 
ensure the validity of the TWIC credentials is verified against the 
latest information available from TSA on a weekly basis. At MARSEC 
level 2, the owner/operator would be required to ensure that the 
validity of TWIC credentials is verified against the latest information 
available from TSA on a daily basis, as well as ensure all TWIC-enabled 
access gates are manned. At MARSEC level 3, Coast Guard would require 
verification of an individual's PIN at each entry to the secure area.
    The requirements at each MARSEC level are laid out in the table 
that follows.

--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                         Vessels
                                    ------------------------------------------------                                                U.S. flagged cruise
                                      Recurring unescorted        Non-recurring            Facilities           OCS facilities             ships
                                             access             unescorted access
--------------------------------------------------------------------------------------------------------------------------------------------------------
MARSEC 1...........................  Facial recognition      1 to 1 biometric match  1 to 1 biometric       1 to 1 biometric       1 to 1 biometric
                                      minimum each entry;     at each entry; card     match at each entry;   match at each entry;   match at each entry;
                                      card validity checked   validity checked at     card validity          card validity          card validity
                                      weekly with             each entry with         checked at each        checked at each        checked at each
                                      information <= 1 week   information <= 1 week   entry with             entry with             entry with most
                                      old.                    old.                    information <= 1       information <= 1       current information
                                                                                      week old.              week old; recheck      available from TSA.
                                                                                                             those continuously
                                                                                                             aboard weekly with
                                                                                                             most current
                                                                                                             information
                                                                                                             available from TSA.
--------------------------------------------------------------------------------------------------------------------------------------------------------
MARSEC 2...........................  Facial recognition      1 to 1 biometric match  1 to 1 biometric       1 to 1 biometric       1 to 1 biometric
                                      minimum each entry;     at each entry; card     match at each entry;   match at each entry;   match + PIN at each
                                      card validity checked   validity checked at     card validity          card validity          entry; card validity
                                      daily with most         each entry with         checked at each        checked at each        checked at each
                                      current information     information <= 1 day    entry with             entry with             entry with most
                                      available from TSA.     old.                    information <= 1 day   information <= 1 day   current information
                                                                                      old.                   old; recheck those     available from TSA.
                                                                                                             continuously aboard
                                                                                                             daily with most
                                                                                                             current information
                                                                                                             available from TSA.
--------------------------------------------------------------------------------------------------------------------------------------------------------
MARSEC 3...........................    1 to 1 biometric match + PIN at each entry;   1 to 1 biometric       1 to 1 biometric       1 to 1 biometric
                                         card validity checked at each entry with     match + PIN at each    match + PIN at each    match + PIN at each
                                                information <= 1 day old.             entry; card validity   entry; card validity   entry; card validity
                                                                                      checked at each        checked at each        checked at each
                                                                                      entry with             entry with             entry with
                                                                                      information <= 1 day   information <= 1 day   information
                                                                                      old.                   old; recheck those     available from TSA.
                                                                                                             aboard continuously
                                                                                                             daily.
--------------------------------------------------------------------------------------------------------------------------------------------------------

    This section would be amended to require owners/operators to have 
the records of persons who have been granted access to the facility 
(See Sec.  105.225, discussed above) available after a security 
incident.
33 CFR 105.285
    This section would be amended to clarify that passengers must be 
escorted within secure and restricted areas of the facility.
33 CFR 105.290
    This section would be amended to clarify which activities must be 
done within the facility's secure area, to clarify the identifications 
to be checked before granting individuals entry to the facility, and to 
clarify that passengers must be escorted within secure and restricted 
areas of the facility.
33 CFR 105.295
    Coast Guard proposes making a change to clarify that persons not 
holding TWICs must be escorted within Certain Dangerous Cargo (CDC) 
facilities. Coast Guard asks for comment as to whether there should be 
more stringent TWIC program requirements at these facilities, and what 
those requirements should be.

[[Page 29415]]

33 CFR 105.296
    Coast Guard proposes amending Sec.  105.296 to require that owners/
operators of barge fleeting facilities take responsibility for ensuring 
that anyone seeking unescorted access to barges within the fleeting 
facility hold a TWIC.
33 CFR 105.405
    This section would be amended to require that when each facility 
security plan is reviewed and resubmitted for approval upon its 5-year 
anniversary date, it incorporate the TWIC Addendum into all appropriate 
sections of the FSP. Most of these changes should be reflected in the 
plan's section on access control.

New Subpart E (33 CFR 105.500-105.510)

    Proposed Sec. Sec.  105.500-105.510 are new and are intended to be 
temporary measures that will be phased out as existing plans are 
renewed according to the existing plan's expiration date. Rather than 
require owners/operators to resubmit their entire plan with the TWIC 
measures incorporated within, we propose requiring a temporary TWIC 
addendum to be submitted. The addendum should be drafted in conjunction 
with the existing plan, reflecting all modifications that the TWIC 
rules require. Once approved, it should be attached to and maintained 
as part of the entire plan, and will be given the same expiration date 
as the existing plan. Upon expiration, the TWIC addendum should be 
seamlessly incorporated into the plan when it is renewed in accordance 
with the regulations in place at the time of renewal. Owners/operators 
may opt to resubmit their entire plan, with a list of sections amended, 
as their TWIC Addendum, but once approved it will carry the same 
expiration date as it had prior to amendment. Owners/operators are 
encouraged to submit the addendum via Homeport (http://homeport.uscg.mil).

33 CFR Part 106

33 CFR 106.110
    In Sec.  106.110, Coast Guard proposes using the same roll-out and 
implementation model for TWIC as was used for MTSA security plans. OCS 
facilities would have six (6) months from the date that the final rule 
is published to submit a TWIC addendum to their cognizant District 
Commander and would be required to be operating according to the 
addendum between twelve (12) and eighteen (18) months following the 
publication date, depending on whether enrollment has been completed at 
the port where the facility is located.
33 CFR 106.115
    The proposed amendment to Sec.  106.115 would require that the OCS 
facility keep a copy of the approved TWIC addendum on site, along with 
the already approved OCS FSP (already required to be on site). This 
proposed rule includes provisions for scenarios in which the TWIC 
addendum has been submitted to the District Commander but not yet 
approved, and for OCS facilities operating under an approved 
alternative security program.
33 CFR 106.200, 106.205, 106.210, 106.215, and 106.220
    These sections would be amended to require that all individuals 
with security duties, including the CSO, acquire and maintain a TWIC. 
Coast Guard requests comment on whether owners/operators should also be 
required to obtain a TWIC, based on their access to sensitive security 
information (SSI). This proposal would also amend these sections to add 
knowledge requirements and responsibilities pertaining to TWIC to those 
already assigned to owners/operators, company security officers, OCS 
facility security officers, OCS facility employees with security 
duties, and all OCS facility employees. There are no formal training 
requirements in order to meet the TWIC knowledge requirements at this 
time. It is important that owners/operators and those with security 
duties be familiar with the technologies on the credential, 
particularly the imbedded features that make the credential resistant 
to tampering and forgery. Persons who will be examining TWICs at access 
control points should be familiar enough with its physical appearance 
such that variations or alterations are easily recognized.
    It is important that security personnel at the access points to the 
OCS facility be familiar with alternate ways to reliably verify an 
individual's identity and his or her credential should the individual 
be unsuccessful using the primary means of verification (e.g., 
fingerprint match). Personnel who will be required to resolve an 
individual's failure to electronically verify his or her identity 
should be familiar with all the possible reasons for the failure. For 
example, an individual may not be able to verify his identity against 
the biometric stored on the credential due to wear on the ICC itself, 
problems with the reader, wear on the individual's fingerprints, or 
because the individual is an imposter. Alternate procedures for 
addressing failures of an individual to verify his fingerprint against 
the information stored on the credential should be reasonably designed 
to discern between a legitimate user and an imposter. All other 
employees should be familiar with the TWIC topology, as well as the 
steps to take should their own TWIC become lost or stolen.
    The heaviest burden has been placed on the owner/operator, who 
would be required to ensure that the TWIC program is implemented on 
board the OCS facility in accordance with the proposed regulations. 
This would include a new requirement that the owner/operator ensure 
that someone on the OCS facility know who is on the OCS facility at all 
times. It would also include a requirement that the owner/operator 
ensure that computer and access control systems and hardware are 
secure. The Coast Guard has placed a sample document in its docket 
(located at the places listed in the ADDRESSES section above) for this 
NPRM that outlines the proper standard of care to be used to protect 
these systems and hardware. We request comment on this standard of 
care, as well as on any associated costs to implement it.
33 CFR 106.230
    Coast Guard proposes adding a new record-keeping requirement, 
mandating that owners/operators maintain records for two years of all 
persons who are granted access to the OCS facility. The requirement 
does not distinguish between those who were granted unescorted access 
because they carried a TWIC and those who were granted escorted access.
33 CFR 106.260
    Coast Guard proposes amending this section to require the use of 
TWIC in the OCS facility's access control measures. This section would 
show the greatest changes as a result of TWIC implementation, and 
reflects a difficult compromise of many competing concerns, including 
our desire to preserve as much of the performance based standard as 
possible so that OCS facilities could tailor implementation to suit 
their individual operational needs while preserving the security 
enhancements provided by the TWIC credential.
    TWIC provides for implementing graduated security measures by 
relying upon the three factor identification process for establishing a 
person's identity. This process consists of identifying (1) something 
the person has--a TWIC credential; (2) something the person knows--a 
Personal Identification Number (PIN), stored on

[[Page 29416]]

the integrated circuit chip (ICC) in the credential; and (3) something 
the person is--in the case of the TWIC, it will be the individual's 
fingerprint, which is also stored on the ICC of the credential. By 
requiring one or all of these factors before allowing access, owners/
operators can make increasingly more secure decisions regarding 
individuals who are requesting access to the OCS facility.
    Currently, most access control decisions are made relying on a 
``flash pass.'' Individuals requesting entry are required to show 
identification that conforms to Sec.  101.515 of subchapter H, which 
currently encompasses a broad spectrum of credentials, including 
driver's licenses from all 50 states. Many of these credentials are 
easily forged or altered, and the sheer diversity of appearances 
hampers security personnel's ability to recognize a forged or altered 
credential when it is presented.
    Even when used as a flash pass, the TWIC provides greater 
reliability than the existing system because it presents a uniform 
appearance with embedded features on the face of the credential that 
make it difficult to forge or alter. When presented with a TWIC, 
security personnel familiar with its security features are immediately 
able to notice any absence or destruction of these features.
    Nevertheless, our intent was to discourage the use of the TWIC as a 
flash pass for several reasons. While security personnel can reliably 
detect changes to the appearance of the credential or missing features, 
he or she cannot know whether or not the credential has been revoked by 
TSA, or other competent authority, merely by examining the surface of 
the credential. Furthermore, comparing the individual to the photo on 
the credential requires focused examination that is likely to suffer 
when security personnel are distracted or during particularly busy 
periods. This is the time that an unauthorized individual is most 
likely to attempt entry, and is most likely to breach a system that 
relies solely on the flash pass system. Finally, allowing owners/
operators to rely solely on the flash pass system is unreasonable in 
light of the additional cost of the credential, and the available 
security enhancements that the increased cost represents.
    Thus, Coast Guard proposes to require owners/operators to use at 
least one of the technical enhancements on the credential to 
electronically verify a person's identity and also requires 
verification that the credential remains valid, and has not been 
altered or counterfeited.
    Implementation of TWIC will require that the owner/operator use 
different processes for identifying persons depending on whether or not 
the individual is requesting unescorted access. If the individual is 
requesting unescorted access, or will require it as part of their job 
responsibilities, the individual must have and maintain a TWIC.
    For OCS facilities, Coast Guard proposes requiring uniformly that 
all of TWIC's security features be used to verify both the individual's 
claimed identity and that the credential remains valid each time an 
individual seeks unescorted access to the OCS facility. Thus, an owner/
operator must ensure some means for completing an electronic 
verification that the individual's fingerprint is matched to the data 
stored on the ICC each time an individual seeks unescorted access to 
the OCS facility. This process will require that the individual have 
the TWIC in his/her possession, thus satisfying all three factors of 
the three factor authentication process.
    In addition, the owner/operator will have to confirm that the TWIC 
remains valid. In order to know that the TWIC has not been revoked, 
some regular contact with TSA is required. The rule would not specify, 
however, how this contact shall be made, so as to leave as many options 
open as possible. (See discussion of ``using TWIC in an access control 
system'' above.) These steps performed together will detect to the 
highest degree of certainty whether the individual is the rightful 
bearer of the TWIC he or she holds, and whether or not it was duly 
issued and remains valid.
    Persons presenting for entry who do not hold a TWIC would still be 
required to show an acceptable form of identification, as set forth in 
Sec. Sec.  101.515 and 106.260(d), and would be required to be escorted 
if they are granted access to secure areas. Owners/operators are not 
required by the proposed changes to use the TWIC as their primary 
badging system. As much as practical, the rule proposes to retain the 
performance-based standards from the existing rule that allows owners/
operators to establish identification systems that best suit their 
individual operational needs. If, however, owners/operators choose to 
rely solely on the TWIC as their badging system, the system should 
include a means for identifying non-TWIC holders. If owners and 
operators choose to use a separate badging system, it must be 
coordinated with the TWIC requirements in this part.
    Other provisions that we thought were important to preserve related 
to coordinating access control measures and the TWIC implementation 
with vessels whenever possible, particularly as that would facilitate 
the movement of OCS facility employees using offshore supply vessels to 
gain access to the OCS facility. Any coordination must be outlined in 
the TWIC addendum.
    Owners/operators are required to devise backup processes for making 
access control decisions when any part of the TWIC system fails, with 
particular attention paid to not creating greater vulnerabilities that 
can be leveraged by deliberately causing a failure of the system. Of 
particular concern is the occasion when an individual may not be able 
to match his or her biometric against the information stored on the 
ICC. While this could mean the person is not who he says he is, it is 
also possible that wear and tear on the reader, the ICC, or the 
person's fingerprint itself have caused the failure. In resolving these 
kinds of failures, security personnel should be well informed as to 
other reliable means of verifying identity, such as comparing the image 
of the individual that is electronically stored on the ICC to the 
person him or herself, or by having other authorized personnel vouch 
for his identity.
    In keeping with the graduated scheme of the MTSA regulations, this 
NPRM proposes requiring increased use of the TWIC at higher MARSEC 
levels. At MARSEC level 1, the owner/operator would be required to 
ensure that the validity of TWIC credentials is verified against the 
latest information available from TSA on a weekly basis. At MARSEC 
level 2, the owner/operator would be required to ensure that the 
validity of TWIC credentials is verified against the latest information 
available from TSA on a daily basis. At MARSEC level 3, Coast Guard 
would require verification of an individual's PIN at each entry to the 
secure area.
    The requirements at each MARSEC level are laid out in the table 
that follows.

[[Page 29417]]



--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                         Vessels
                                    ------------------------------------------------                                                U.S. flagged cruise
                                      Recurring unescorted        Non-recurring            Facilities           OCS facilities             ships
                                             access             unescorted access
--------------------------------------------------------------------------------------------------------------------------------------------------------
MARSEC 1...........................  Facial recognition      1 to 1 biometric match  1 to 1 biometric       1 to 1 biometric       1 to 1 biometric
                                      minimum each entry;     at each entry; card     match at each entry;   match at each entry;   match at each entry;
                                      card validity checked   validity checked at     card validity          card validity          card validity
                                      weekly with             each entry with         checked at each        checked at each        checked at each
                                      information <=1 week    information <=1 week    entry with             entry with             entry with most
                                      old.                    old.                    information <=1 week   information <=1 week   current information
                                                                                      old.                   old; recheck those     available from TSA.
                                                                                                             continuously aboard
                                                                                                             weekly with most
                                                                                                             current information
                                                                                                             available from TSA.
--------------------------------------------------------------------------------------------------------------------------------------------------------
MARSEC 2...........................  Facial recognition      1 to 1 biometric match  1 to 1 biometric       1 to 1 biometric       1 to 1 biometric
                                      minimum each entry;     at each entry; card     match at each entry;   match at each entry;   match + PIN at each
                                      card validity checked   validity checked at     card validity          card validity          entry; card validity
                                      daily with most         each entry with         checked at each        checked at each        checked at each
                                      current information     information <= 1 day    entry with             entry with             entry with most
                                      available from TSA.     old.                    information <= 1 day   information <= 1 day   current information
                                                                                      old.                   old; recheck those     available from TSA.
                                                                                                             continuously aboard
                                                                                                             daily with most
                                                                                                             current information
                                                                                                             available from TSA.
--------------------------------------------------------------------------------------------------------------------------------------------------------
MARSEC 3...........................    1 to 1 biometric match + PIN at each entry;   1 to 1 biometric       1 to 1 biometric       1 to 1 biometric
                                         card validity checked at each entry with     match + PIN at each    match + PIN at each    match + PIN at each
                                                information <= 1 day old.             entry; card validity   entry; card validity   entry; card validity
                                                                                      checked at each        checked at each        checked at each
                                                                                      entry with             entry with             entry with most
                                                                                      information <= 1 day   information <= 1 day   current information
                                                                                      old.                   old; recheck those     available from TSA.
                                                                                                             aboard continuously
                                                                                                             daily.
--------------------------------------------------------------------------------------------------------------------------------------------------------

33 CFR 106.280
    This section would be amended to require owners/operators to have 
the records of persons who have been granted access to the OCS facility 
(See Sec.  106.230, discussed above) available after a security 
incident.
33 CFR 106.405
    This section would be amended to require that when each OCS 
facility security plan (FSP) is reviewed and resubmitted for approval 
upon its 5-year anniversary date, it must incorporate the TWIC Addendum 
into all appropriate sections of the OCS FSP. Most of these changes 
should be reflected in the plan's section on access control.

New Subpart E (33 CFR 106.500-106.510)

    Proposed Sec. Sec.  106.500-106.510 are new and are intended to be 
temporary measures that will be phased out as existing plans are 
renewed according to the existing plan's expiration date. Rather than 
require owners/operators to resubmit their entire plan with the TWIC 
measures incorporated within, the rule would require a temporary TWIC 
addendum to be submitted. The addendum should be drafted in conjunction 
with the existing plan, reflecting all modifications that the TWIC 
rules require. Once approved, it should be attached to and maintained 
as part of the entire plan, and will be given the same expiration date 
as the existing plan. Upon expiration, the TWIC addendum should be 
seamlessly incorporated into the plan when it is renewed in accordance 
with the regulations in place at the time of renewal. Owners/operators 
may opt to resubmit their entire plan, with a list of sections amended, 
as their TWIC Addendum, but once approved it will carry the same 
expiration date as it had prior to amendment. Owners/operators are 
encouraged to submit the addendum via Homeport (http://homeport.uscg.mil).
Miscellaneous Items
    The proposed changes outlined above would affect other sections 
within 33 CFR subchapter H, even though these sections would not be 
changed. Some of the greatest impacts are summarized below:
33 CFR 101.305
    There are no proposed amendments to this section, but certain 
incidents involving TWICs would need to be reported as either a 
suspicious activity or breach of security. For example, under certain 
circumstances an individual's attempt to gain entry using an invalid 
TWIC (one that has been revoked or one that is counterfeit) may qualify 
as suspicious activity, even if that individual was denied access. 
Circumstance that trigger the reporting requirement in 101.305(a), are 
highly fact-specific and difficult to define comprehensively, but the 
general language found within that section (``activities that may 
result in a transportation security incident'') is a good guide.
    If an owner/operator, or any other individual holding a TWIC, knows 
of a reason that an individual who holds a TWIC should have that TWIC 
revoked, the owner/operator should treat this as suspicious activity 
and report it as required in 101.305(a). The owner/operator may also 
deny the TWIC-holder access in this situation. Additionally, finding an 
individual who does not have a valid TWIC within a secure area would 
qualify as a breach of security, and should be reported as such 
pursuant to 101.305(b).
33 CFR 101.400
    TSA, as the DHS entity responsible for conducting security threat 
assessments and issuing credentials under this rule, will have 
principal enforcement authority in regard to an individual's TWIC 
status for the misuse of a TWIC, including forgery,

[[Page 29418]]

counterfeiting, alteration or use of a TWIC by an unauthorized 
individual. The Coast Guard will work with TSA where abuses of the TWIC 
program are identified in the maritime sector. In addition, individuals 
who try to enter a facility or vessel using a stolen, forged, 
counterfeit, altered or otherwise unauthorized TWIC, and who are 
detected and turned away by the facility, may be subject to Coast Guard 
enforcement actions under 33 CFR 101.415 or other applicable Coast 
Guard authority, including, but not limited to, civil or criminal 
penalties.
    An owner/operator is required to deny unescorted access to an 
individual who attempts to access a facility with a TWIC that has been 
revoked by TSA. Coast Guard is not asking owners/operators to take any 
additional steps, beyond current requirements, with respect to 
individuals who attempt unauthorized access to a facility. In such 
circumstances (e.g., where an individual presents for entry at a 
facility with a TWIC that has been revoked by TSA or with a TWIC which 
the owner/operator has reason to believe is invalid due to forgery, 
adulteration, counterfeiting or possession by an unauthorized 
individual), however, the owner/operator is required to immediately 
report the matter to the Coast Guard and/or local law enforcement as 
required under 101.305.
33 CFR 104.130, 105.130, and 106.125
    There are no proposed amendments to these sections. However, note 
that owners/operators of vessels, facilities and OCS facilities, 
regulated under parts 104, 105, or 106, respectively, may use the 
above-cited provisions to apply for waivers from the TWIC requirements. 
They also may suggest equivalents, under Sec.  101.130. These requests 
should be made in accordance with the relevant provisions of parts 104, 
105, or 106. The Coast Guard, however, will not be responsible for 
making determinations of requests for waivers from individuals required 
to obtain a TWIC. TSA is the only agency that may waive the requirement 
that an individual pass a security threat assessment. No one will be 
waived from the requirement to actually obtain a TWIC.

33 CFR Subpart C, Parts 104, 105, and 106

    When it is time for a vessel, facility, or OCS facility to redo a 
security assessment, in concert with an update to a security plan, 
consideration of TWIC implementation must be part of the assessment. 
The TWIC program implemented by the vessel, facility, or OCS facility 
becomes part of the baseline security analyzed by the assessment.

46 CFR Parts 10, 12, and 15

    In order to implement the MTSA mandate that all credentialed 
merchant mariners hold a TWIC, the Coast Guard is proposing to amend 
parts 10, 12, and 15 of title 46 to the CFR to require that any 
individual holding or working under an MMD or a license also hold a 
TWIC. Coast Guard, in a separate rulemaking published in today's issue 
of the Federal Register, is proposing to consolidate merchant mariner 
credentials to minimize duplicate or redundant identification or 
background check requirements.

VI. Section-by-Section Analysis of TSA Proposed Rule

    TSA proposes to amend and redesignate its existing hazmat 
regulations to apply those processes to a person who is eligible to 
obtain a TWIC. TSA does not reiterate substantive analyses of the 
hazmat provisions below if the standard is not changing, but instead 
directs the public to the section-by-section analysis of those sections 
contained in the interim final rule implementing the hazmat regulations 
at 69 FR 68720. Where standards that formerly applied only to HME 
applicants now apply to TWIC applicants, however, TSA provides 
substantive analyses below for the convenience of potential TWIC 
applicants.
    The following is a discussion of the proposed changes to sections 
in title 49 of the CFR.

49 CFR Part 1515 Appeal and Waiver Procedures for Security Threat 
Assessments for Individuals

49 CFR 1515.1 Scope

    TSA is proposing to redesignate Sec. Sec.  49 CFR 1572.141 and 143 
as new part 1515, Appeal and Waiver Procedures for Land and Maritime 
Workers to Subchapter A--Administrative and Procedural Rules. TSA 
developed the appeal and waiver procedures in part 1572 that currently 
apply to commercial drivers applying for an HME for additional 
transportation workers who may be subject to the security threat 
assessment requirement. These are the procedures TSA proposes to apply 
to TWIC applicants. In addition, TSA may use these procedures for other 
security threat assessments. For instance, TSA published a proposed 
rule on air cargo security that included security threat assessment 
requirements for certain individuals and an appeal procedure that is 
used currently for HME applicants. 69 FR 65258 (November 10, 2004). It 
makes more sense, organizationally, to place the appeal rules in a 
general section of the regulations.
    The scope section states that the standards in part 1515 apply to 
an applicant who undergoes a security threat assessment and wishes to 
appeal an adverse decision or file a waiver request.

49 CFR 1515.3 Terms Used in This Part

    This section lists definitions of terms that apply specifically to 
the appeal and waiver process. The term ``applicant'' is amended to 
include individuals applying for a TWIC, as well as individuals 
applying for an HME. The terms ``date of service'' and ``day'' are 
currently listed in the definition section of part 1572, and TSA 
proposes to move them to Sec.  1515.3 without any change.
    ``Date of service'' means the date of personal delivery; the 
mailing date shown on a certificate of service; 10 days from the date 
of mailing, if there is no certificate of service; another mailing date 
shown by other evidence if there is no certificate of service or 
postmark; or the date of an electronic transmission showing when the 
document was sent.
    TSA created this definition with mobile workers in mind, to 
accommodate the use of email or facsimile, and to provide a 10-day 
period from the date of mailing, rather than 5 or 7 days. The mariners, 
commercial truck drivers, train crew members, and other workers subject 
to the threat assessment requirements may travel from the East Coast to 
the West Coast on a regular basis, or be stationed away from home for 
days, weeks, or months at a time. We believe this definition makes the 
appeal process more reasonable for the group of workers affected.
    The term ``day'' used in the NPRM means calendar day and is the 
same definition being used in part 1572 now.

49 CFR 1515.5 Appeal Procedures

    TSA is proposing to use the substantive appeal standards that 
currently appear in 49 CFR 1572.141 for HME applicants for TWIC 
applicants, and proposes to expand the suspense deadlines. TSA has 
found in implementing the HME program that individuals making a good 
faith effort to comply with the timelines set forth in 1572.141 have 
difficulty doing so. Thirty days may not be adequate for workers who 
travel for extended periods during the month. Therefore, TSA proposes 
to extend response deadlines

[[Page 29419]]

from 30 to 60 days in the appeal process.
    An individual may appeal an Initial Determination of Threat 
Assessment if he asserts that he meets all standards for the security 
threat assessment. For example, if the Initial Determination was based 
on information indicating the applicant is not lawfully present in the 
United States, but the applicant is a lawful permanent resident, he can 
appeal the Determination and provide TSA proof of lawful presence.
    Paragraph (b) of this section sets forth the basic mechanics of the 
appeal process. An applicant initiates an appeal by providing TSA with 
a written request for the releasable materials upon which the Initial 
Determination was based, or by serving TSA with a written reply to the 
Initial Determination. Currently, if an applicant wishes to receive 
copies of the releasable material upon which the Initial Determination 
was based, he must serve TSA with a written request within 30 days 
after the date of service of the Initial Determination. TSA proposes to 
change this to 60 days after the date of service of the Initial 
Determination. Under the current provisions, TSA's response is due 
within 30 days. We propose to change this requirement so that the 
response would be due in 60 days. In response, TSA cannot provide any 
classified information, as defined under 6 CFR part 7 (DHS Classified 
National Security Information), or under E.O.s 12958, as amended by 
E.O. 13292 (68 FR 15315(Mar. 28, 2003)), and 12968, or any other 
information or material protected from disclosure by law.
    If an applicant wishes to reply to the Initial Determination, we 
propose that he or she must provide TSA with a written reply within 60 
days after the date of service of the Initial Determination or the date 
of service of TSA's response to the applicant's request for materials. 
The applicant should explain why he or she is appealing the Initial 
Determination and provide evidence that the Initial Determination was 
incorrect. In an applicant's reply, TSA will consider only material 
that is relevant to whether he or she meets the standards for the 
security threat assessment. If an applicant does not dispute or reply 
to the Initial Determination, the Initial Determination becomes a Final 
Determination of Threat Assessment.
    Under paragraph (b)(3) of this section, an applicant has the 
opportunity to correct a record on which an adverse decision is based. 
As long as the record is not classified or protected by law from 
release, TSA will notify the applicant of the adverse information and 
provide a copy of the record. If the applicant wishes to correct the 
inaccurate information, he or she must provide written proof that the 
record is inaccurate. The applicant should contact the jurisdiction 
responsible for the inaccurate information to complete or correct the 
information contained in the record. The applicant must provide TSA 
with the revised record or a certified true copy of the information 
from the appropriate entity before TSA can reach a determination that 
the applicant does not pose a security threat.
    The Director makes the Final Determination on appeals that involve 
disqualifying criminal offenses, mental capacity, and immigration 
status. However, in a case where an Initial Determination of Threat 
Assessment is based on the applicant's connection to terrorist activity 
or similar threat under Sec.  1572.107, the Assistant Secretary of TSA 
reviews the appeal and makes the Final Determination. TSA has the 
Assistant Secretary review these cases to provide additional scrutiny 
because these cases will likely involve a review of classified 
information that the applicant cannot see. In addition, these 
applicants are not eligible for waivers if the Initial Determination 
stands. TSA believes that the review by the Assistant Secretary for 
these cases provides an additional protection that the agency's Final 
Determination of Threat is sound.
    In considering an appeal, the Director or Assistant Secretary 
reviews the Initial Determination, the materials upon which the Initial 
Determination is based, the applicant's reply and other materials or 
information available to TSA. The Director or Assistant Secretary may 
affirm the Initial Determination by concluding that an individual poses 
a security threat. If this occurs, TSA serves a Final Determination of 
Threat Assessment on the applicant. Also, for cases involving mariners 
applying for a TWIC, TSA would provide the Coast Guard with the Final 
Determination. In cases involving HME applicants, TSA serves the 
licensing State with the Final Determination. For all TWIC applicants, 
TSA serves FMSC (who is also the Captain of the Port) with Final 
Determinations of Threat Assessment. DHS believes that the FMSC, as the 
chief Federal security officer at the port, should be aware of 
individuals who are denied a TWIC.
    The Final Determination includes a statement that the Director or 
Assistant Secretary has reviewed the Initial Determination, the 
materials upon which the Initial Determination was based, the reply, if 
any, and other available information and has determined that the 
applicant poses a security threat.
    There is no administrative appeal of the Final Determination of 
Threat Assessment. However, as explained below, an applicant may apply 
for a waiver under certain circumstances. For purposes of judicial 
review, the Final Determination of Threat Assessment constitutes a 
final TSA order.
    Paragraph (e) sets forth the procedures to follow if TSA determines 
that the applicant does not pose a security threat. TSA serves a 
Withdrawal of the Initial Determination on the applicant and a 
Determination of No Security Threat on the issuing State for an HME 
applicant and on the Coast Guard when it involves a mariner applying 
for a TWIC.
    Paragraph (f) provides that TSA cannot disclose to the applicant 
classified information, as defined in section 1.1(c) of E.O. 12958, as 
amended by E.O. 13292, and section 1.1(d) of E.O. 12968. See also, 6 
CFR part 7. TSA reserves the right not to disclose any other 
information or material not warranting disclosure or protected from 
disclosure under law, such as Sensitive Security Information (SSI); 
sensitive law enforcement and intelligence information; sources, 
methods, means, and application of intelligence techniques; and 
identities of confidential informants, undercover operatives, and 
material witnesses.
    For determinations under Sec.  1572.107, the finding that an 
individual poses a security threat will be based, in large part, on 
classified national security information, unclassified information 
designated as SSI, or other information that is protected from 
disclosure by law.
    Classified national security information is information that the 
President or another authorized Federal official has determined, 
pursuant to E.O.s 12958, as amended, and 12968, must be protected 
against unauthorized disclosure to safeguard the security of American 
citizens, the country's democratic institutions, and America's 
participation within the community of nations. See 60 FR 19825 (April 
20, 1995). E.O.s 12958, as amended, and 12968 prohibit Federal 
employees from disclosing classified information to individuals who 
have not been cleared to have access to such information under the 
requirements of that E.O. See also, 6 CFR part 7. If the Director 
determines that an applicant who is appealing the intelligence-related 
check is requesting classified materials, the applicant will not be 
able to access classified national security information.
    The denial of access to classified information under these 
circumstances

[[Page 29420]]

is consistent with the treatment of classified information under the 
Freedom of Information Act (FOIA), which specifically exempts such 
information from the general requirement under FOIA that government 
documents are subject to public disclosure. 5 U.S.C. 552(b)(1).
    SSI is unclassified information that is subject to disclosure 
limitations under statute and TSA regulations. See 49 U.S.C. 114(s); 49 
CFR part 1520 as amended by 69 FR 28066 (May 18, 2004). Under 49 U.S.C. 
114(s), the Assistant Secretary of TSA may designate categories of 
information as SSI if release of the information would be detrimental 
to the security of transportation. Information that is designated as 
SSI must only be disclosed to people with a need to know, such as those 
needing to carry out regulatory security duties. 49 CFR 1520.11 as 
added by 69 FR 28084-5. The Assistant Secretary has defined information 
concerning threats against transportation as SSI by regulation. See 49 
CFR 1520.5. Thus, information that TSA obtains indicating that an 
applicant poses a security threat, including the source of such 
information and the methods through which the information was obtained, 
will commonly be designated SSI or classified information. The purpose 
of designating this information as SSI is to ensure that those who seek 
to do harm to the transportation system and their associates do not 
obtain access to information that will enable them to evade the 
government's efforts to detect and prevent their activities. Disclosure 
of this information, especially to an applicant specifically suspected 
of posing a threat to the transportation system, is precisely the type 
of harm that Congress sought to avoid by authorizing the Assistant 
Secretary to define and protect SSI.
    Other pieces of information also are protected from disclosure by 
law due to their sensitivity in law enforcement and intelligence. In 
some instances, the release of information about a particular 
individual or his or her supporters or associates could have a 
substantial adverse impact on security matters. The release by TSA of 
the identities or other information regarding individuals related to a 
security threat determination could jeopardize sources and methods of 
the intelligence community, the identities of confidential sources, and 
techniques and procedures for law enforcement investigations or 
prosecution. See 5 U.S.C. 552(b)(7)(D), (E). Release of such 
information also could have a substantial adverse impact on ongoing 
investigations being conducted by Federal law enforcement agencies, by 
revealing the course and progress of an investigation. In certain 
instances, release of information could alert co-conspirators to the 
extent of the Federal investigation and the imminence of their own 
detection, thus provoking flight.
    For the reasons discussed above, TSA will not provide any 
classified information to an applicant, and TSA reserves the right to 
withhold SSI or other sensitive material protected from disclosure 
under law. As noted above, TSA expects that information will be 
withheld only for determinations based on Sec.  1572.107, which involve 
databases that list indicators of potential terrorist activity or 
threats. When the determination is based on the individual's criminal 
records, TSA expects that appropriate supporting records most likely 
can be disclosed to the applicant upon a written request to TSA. With 
respect to disqualifications based on immigration status, TSA will 
provide the applicant with the reason for a denial, but may not be able 
to provide specific documentation on the applicant's alien status.
    TSA has the discretion to extend due dates both for an applicant 
and for the agency during the appeal process. An applicant must provide 
a written statement of good cause for extending the due date, within a 
reasonable time prior to the due date at issue. This is consistent with 
the rules of civil procedure. TSA anticipates that if an applicant is 
attempting to correct erroneous records or gather documents in support 
of a waiver request, the individual may need additional time for the 
appropriate governmental agency or entity to produce the documents. As 
long as the applicant provides a sufficient explanation of these 
problems, TSA will extend the time needed to complete the process. 
There are a variety of reasons or events that might require an 
extension of time, and TSA will review these requests liberally to give 
applicants as much time as is necessary to provide the correct 
information. Family needs and emergencies, business travel, extreme 
weather conditions, and lost documents are all considered legitimate 
reasons on which TSA would grant an extension of time to an applicant. 
In addition, an applicant's extension request does not have to be a 
formal document. A handwritten request for an extention of time in a 
letter to TSA is all that is required. The appeal process is designed 
for applicants to use without legal counsel and so informal written 
materials are always accepted.
    There are also reasons for which TSA may need to extend a response 
date, particularly where an applicant is the subject of an ongoing 
investigation by another agency. This has been a rare circumstance with 
the hazmat threat assessment process, but it has occurred and 
undoubtedly will occur with TWIC applicants. TSA is not required under 
the hazmat rule or in this proposed rule, to provide notice to an 
applicant that TSA's response may be late. However, applicants may 
contact TSA to determine the status of an appeal. In the hazmat threat 
assessment process, TSA has an 800-number for drivers to call to ask 
questions about the appeal procedures and the status of a particular 
threat assessment. Typically, TSA is able to provide the requested 
information within one business day. This process will also be 
available for TWIC applicants.
    Paragraph (i) of this section describes the procedure for appealing 
an immediate revocation of an HME under Sec.  1572.13(a) or immediate 
invalidation of a TWIC under Sec.  1572.21(d)(3). Immediate revocation 
occurs where TSA determines during the course of conducting a security 
threat assessment that sufficient factual and legal grounds exist to 
warrant immediate revocation of the HME. For a hazmat driver under 
these circumstances, the applicant must surrender the endorsement and 
cease transporting hazardous materials prior to initiating an appeal. 
For a TWIC, TSA would invalidate the TWIC in the TSA system. TSA 
understands that removing the individual from service without an 
opportunity to correct the record may have adverse consequences, but 
this mechanism will be used only in cases where the risk of imminent 
danger is significant and the adverse information is highly reliable. 
This procedure will also be used where an applicant should have 
surrendered the endorsement or TWIC and/or applied for a waiver, but 
failed to do so. The individual may appeal this decision, include all 
supporting documentation when he or she submits the appeal, and may 
request releasable documents from TSA.

49 CFR 1515.7 Waiver Procedures

    This section applies to applicants who have been disqualified from 
holding or obtaining an HME or TWIC due to a disqualifying criminal 
offense or mental incapacity. The current standard, Sec.  1572.143, 
applies to HME applicants and provides that an applicant with certain 
disqualifying offenses or issues of mental competence may apply for a 
waiver. In this NPRM, TSA proposes to use the same waiver procedures 
for TWIC applicants. We are

[[Page 29421]]

providing a discussion of this section to inform TWIC applicants, most 
of whom did not need to participate in the hazmat rulemaking where 
these sections were first discussed.
    Waivers are offered because an applicant may be rehabilitated to 
the point that he or she can be trusted in sensitive or potentially 
dangerous work or has been declared mentally competent. The existing 
standard and this NPRM provide criteria that TSA considers if the 
individual does not meet the criminal history standards. TSA believes 
that these factors are good indicators that an individual may be 
rehabilitated to the point that a waiver is advisable. The factors are: 
(1) The circumstances of the disqualifying act or offense; (2) 
restitution made by the individual; (3) Federal or State mitigation 
remedies; (4) court records indicating that the individual has been 
declared mentally competent; and (5) other factors TSA believes bear on 
the potential security threat posed by an individual. Many of these 
factors are set forth in MTSA, at 46 U.S.C. 70105(c)(2).
    TSA has concluded that some crimes, such as espionage, treason, 
sedition, a terrorist act, and a crime involving a transportation 
security incident, are so highly indicative of a security threat that 
individuals convicted of them pose an ongoing, unacceptable risk to 
transportation security. Most likely, these individuals will be 
incarcerated for a very long term, but the rule now makes clear that 
convictions for these crimes disqualify an individual for life, with no 
opportunity to apply for a waiver.
    Individuals who are disqualified due to mental incompetence are 
eligible for a waiver. To support the waiver request TSA will accept a 
court order or official medical declaration showing that an individual 
previously declared incompetent is now competent. Generally, TSA will 
not grant waivers on the basis of a letter from a treating physician 
stating that the individual is capable of maintaining a job, because 
these submissions tend to be very subjective and vague. The standard in 
the rule states that an applicant is mentally incompetent if a court 
declares it or he or she is involuntarily committed to a mental 
hospital. Official documents that reverse these findings are necessary 
for TSA to grant a waiver.
    TSA, however, does not grant waivers from the standards concerning 
immigration status or information discovered during a search under 
Sec.  1572.107. With respect to immigration violations and findings 
under Sec.  1572.107, individuals may appeal an Initial Determination 
based on assertions that the underlying records are incorrect, the 
applicant's identity is mistaken, or TSA's analysis of the records is 
not correct. However, if TSA finds that the Initial Determination is 
accurate, the individual is ineligible for a waiver.
    After reviewing an individual's application for a waiver, TSA sends 
a written decision to the individual. If the waiver is granted, TSA 
sends a Determination of No Security Threat to the licensing State or 
Coast Guard within 60 days after the date of the individual's waiver 
application.
    TSA proposes to add new requirements to paragraph (c) of this 
section to apply to HME and TWIC applicants. As originally conceived, 
HME applicants who know they have a disqualifying criminal conviction 
could apply to TSA for a waiver without initiaing the HME threat 
assessment process. Therefore, the applicants did not provide all of 
the biographic information or fingerprints required to conduct a full 
background check under Part 1572 or pay the full fee for the HME 
background check. However, in practice TSA would conduct a full 
background check in order to assess the waiver application properly. 
Under these conditions, TSA would not possess the best information 
about the applicant on which to base a waiver decision and did not 
recover the cost of completing the background check from the applicant. 
To ameliorate this situation, we propose to require all applicants who 
know they will be disqualified under the standards in Subpart B of part 
1572 and want to apply for a waiver to undergo a full threat assessment 
for the HME or TWIC and pay all fees associated with the complete 
security threat assessment. TSA will be able to review all available 
information in considering an application for a waiver. TSA reviews 
these materials to ensure that the waiver applicant is being truthful 
concerning past criminal history and other pertinent activity before 
determining whether a waiver request should be granted. By requiring 
the fee and critical biographical information in the waiver submission, 
TSA will complete waiver evaluations more quickly and effectively. 
Otherwise, TSA must contact the waiver applicant to request additional 
information, wait for the information to be submitted and run the risk 
of missing critical information.
    Finally, if legislation is enacted after publication of this 
proposed rule that would require TSA to adopt a program in which 
Administrative Law Judges may be used to review cases in which TSA has 
denied a waiver request, or other changes that would impact the waiver 
process, TSA will amend the final rule as appropriate to address such 
statutory mandates.

49 CFR Part 1570 Land Transportation Security: General Rules

49 CFR 1570.3 Terms Used in This Part

    TSA proposes to move the definitions of the terms used for the 
security threat assessment standards from part 1572, Credentialing and 
Background Checks for Land Transportation Security to part 1570, Land 
Transportation Security: General Rules. Most of the terms have been 
through notice and comment in the hazmat rulemaking. TSA proposes to 
add definitions for terms used in the TWIC standards and amend some of 
the terms first promulgated in the hazmat rule.
    We propose to change the definition of ``applicant'' to cover 
individuals who apply for any security threat assessment described in 
Subchapter D, rather than just individuals who apply for an HME.
    The term ``Determination of No Security Threat'' is amended to 
clarify that such determinations apply both to the authorization to 
transport hazardous materials and to unescorted access to secure areas 
of maritime facilities and vessels. Also, TSA is amending the 
definition to add that TSA will notify the Coast Guard when issuing a 
Determination of No Security Threat for a mariner applying for a TWIC.
    The definition for ``explosive or explosive device'' was published 
in the current hazmat rule at Sec.  1572.3. TSA proposes to move the 
definition to Sec.  1572.103 to make clear that the definition applies 
only to the term as it is used in the list of disqualifying criminal 
offenses. After publishing the hazmat rule in November 2004, TSA 
received comments asserting that the definition created confusion 
between the ``explosives'' that are hazardous materials under the 
federal hazardous material regulations and require placarding in 
transportation, and the crimes that involve explosives and are 
disqualifying. To resolve these questions, the definition now clearly 
applies only to Sec.  1572.103, disqualifying criminal offenses. The 
kind of explosives offenses that are disqualifying are in 18 U.S.C. 
232(5), 841(c)-(f), and 844(j), and a destructive device is defined in 
18 U.S.C. 921(a)(4) and 26 U.S.C. 5845(f). The explosive material that 
requires placarding and triggers the requirement to obtain an HME 
continues to be defined in regulations issued by the U.S. Department of 
Transportation. 49 CFR 172.101.

[[Page 29422]]

    TSA proposes to amend ``Final Determination of Threat Assessment'' 
to add that TSA will notify the Coast Guard when TSA determines that a 
mariner applying for a TWIC does not meet the security threat 
assessment standards. A Final Determination may not be administratively 
appealed.
    TSA proposes to amend ``Initial Determination of Threat 
Assessment'' to also apply to issuance of a TWIC. An Initial 
Determination may be administratively appealed.
    TSA proposes to amend ``Initial Determination of Threat Assessment 
and Immediate Revocation'' to extend it to the TWIC threat assessment 
process. This is an initial administrative determination that an 
applicant poses an imminent security threat and immediate revocation of 
an HME or TWIC is necessary. Applicants may appeal the determination 
after revocation has occurred. TSA issues an Immediate Revocation only 
where we believe the driver may pose an imminent threat to 
transportation, national security, or other individuals. This 
definition is provided to distinguish the notification documents used 
in an immediate revocation from the more common Initial Determination 
process.
    ``Invalidate'' means the action TSA takes when a TWIC is reported 
as lost, stolen, damaged, no longer necessary, or TSA determines the 
holder poses a security threat. This action makes the credential 
inoperative in access control systems.
    TSA proposes to definition for the term ``owner/operator'' to refer 
to the maritime facilities and vessels subject to MTSA.
    TSA proposes to delete the term ``pilot state'' from the 
definitions section because the process in which it was used is no 
longer in effect.
    The definition for ``revoke'' or ``revocation'' is being amended to 
apply to the TWIC process as well as the HME process. It is the action 
TSA or a State takes to cancel, rescind, suspend, or deactivate an HME 
or TWIC when TSA determines that an applicant does not meet the 
security threat assessment standards set forth in Sec.  1572.5.
    TSA proposes to add a new term, ``secure area,'' which means the 
area on a vessel, maritime facility, or outer continental shelf 
facility where security measures have been implemented in a security 
plan approved by the Coast Guard. For purposes of TWIC, the secure area 
is the area in which a TWIC is required, unless under escort.
    We propose to add a new term, ``sensitive security information'' to 
the definition section. This term means information that is described 
in and must be managed pursuant to the requirements codified at 49 CFR 
part 1520.
    TSA is adding language to the definition of ``transportation 
security incident'' to reflect a new requirement in SAFETEA-LU. The 
statute requires TSA to make clear that a transportation security 
incident does not include work stoppage or other nonviolent action 
taken in an employee/employer dispute. Therefore, employees or 
employers who participate in a strike or other labor/management 
activity cannot be deemed to have committed a disqualifying offense 
under Sec.  1572.103. TSA is also moving the definition to Sec.  
1572.103 to help clarify the kind of crime that is considered 
disqualifying.
    TSA proposes to add a new definition for ``transportation worker 
identification credential.'' The TWIC is a Federally-issued biometric 
credential that TSA issues to an individual who has successfully 
completed a security threat assessment.
    TSA proposes to add a new definition for ``TSA system'' to explain 
the electronic program used to sort, store, and send security threat 
assessment information to the appropriate database or enrollment 
center.

49 CFR 1572 Credentialing and Background Checks for Land and 
Transportation Security

49 CFR 1572.5 Scope and Standards for Hazardous Materials Endorsement 
Security Threat Assessment

    This section describes the individuals and entities subject to the 
requirements in Subpart A and the standards they must meet. In 
addition, the general standards TSA uses to assess an individual in a 
security threat assessment.
    Subpart A applies to State agencies responsible for issuing 
commercial drivers licenses and HMEs, applicants who hold or apply for 
an HME, and applicants who hold or apply for a TWIC.
    The security threat assessment standards TSA applies to HME 
applicants and proposes to apply to TWIC applicants are established by 
statute. The USA PATRIOT Act and MTSA require TSA to review relevant 
criminal history, immigration status, and other watch lists and 
databases that TSA believes appropriate to make an informed security 
assessment. An applicant poses a security threat if convicted of 
certain serious crimes, is not lawfully present in the United States, 
has a connection to terrorist activity, or has been adjudicated as 
lacking mental capacity. The specific criteria TSA reviews to determine 
whether an applicant poses a security threat is described in Subpart B 
and is discussed in detail below.
    We are proposing to add paragraph (d) to this section to establish 
a process by which TSA can determine if a security threat assessment 
completed by another government entity is comparable to the assessment 
required in part 1572. As noted above, SAFETEA-LU established several 
mandates for TSA concerning security threat assessment, one of which we 
address in this section. TSA must initiate a rulemaking to address the 
comparability of Federal background checks and eliminate redundant 
checks. TSA proposes to consider checks conducted by Federal, State, 
and local governmental bodies in the comparability assessment. TSA will 
evaluate all aspects of the agency threat assessment, including checks 
of relevant criminal history databases, immigration status, relevant 
intelligence and international databases, duration, identity 
verification and authentication, and the use of biometrics for 
credentialing.
    It is important to note that TSA must adhere to its own security 
standards in evaluating other threat assessments. TSA intends to make a 
determination of comparability only where it is clear that the threat 
assessment of the agency applying for the determination includes all of 
the critical components of TSA's check. Many governmental bodies focus 
on factors that relate specifically to the work done by the agency when 
conducting a background check and therefore would not necessarily 
include a check of intelligence data or immigration status. Similarly, 
local and State agencies might not have conducted terrorist database 
checks. TSA most likely cannot issue a positive comparability 
determination in these cases.
    The age of the threat assessment is another area that TSA will 
review carefully. For purposes of the threat assessment standards set 
forth in part 1572, a new threat assessment is required every five 
years. If TSA determines that another security threat assessment is 
comparable to part 1572 checks, then we must determine how long the 
check remains valid. For the most part, all checks would have to be 
renewed every five years. However, there may be circumstances under 
which the check would remain valid for a longer or shorter term, 
depending on other factors surrounding the breath of the threat 
assessment, such as whether perpetual checks are part of the 
assessment.

[[Page 29423]]

    TSA plans to establish a verification process between TSA and 
participating agencies to ensure that only employees who have 
successfully completed a threat assessment through another agency are 
approved under TSA's comparability determination. TSA will strive to 
automate the verification process to reduce costs and processing time. 
TSA will establish rules governing the exchange of information between 
TSA and the participating agency, including appropriate Interface 
Control Documents (ICD). TSA may enter into Memoranda of Understanding 
(MOU) with other agencies if necessary.
    TSA plans to notify the public of any determinations of 
comparability, unless otherwise prohibited by law or such a disclosure 
would reveal sensitive security information. TSA considered proposing 
that individuals, rather than agencies, could apply for a comparability 
determination, but has determined that the costs would increase 
substantially and the reliability of the information exchanged could be 
questionable. TSA proposes to notify the public when comparability 
determinations are made, to make certain that all individuals who are 
eligible are aware of the determination.
    An applicant who completes a threat assessment that TSA determines 
to be comparable to the assessment set forth in part 1572, and wishes 
to apply for a TWIC to gain unescorted access to a secure area of a 
facility or vessel, would have to complete the enrollment process 
required for a TWIC and pay the corresponding fee to cover the cost of 
information collection and issuance of the credential. However, because 
a duplicate threat assessment would not be required, the applicant 
would not have to pay a threat assessment fee.
    In making comparability determinations, TSA proposes to 
``grandfather'' the comparable threat assessment for the period of time 
remaining before that threat assessment would expire. For instance, if 
an HME holder completed the threat assessment under part 1572 in 
October 2005 and applies for a TWIC in October 2006, TSA would issue 
the TWIC for the period of time remaining before the HME threat 
assessment expires. Therefore, the TWIC would show an expiration date 
of October 2010--five years from the date of the HME threat assessment.
    TSA proposes to announce comparability determinations in this NPRM. 
First, an applicant who successfully completes the security threat 
assessment required for an HME would be deemed to have completed the 
threat assessment for a TWIC. The standards and period of validity are 
the same for an HME and a TWIC. However, if an HME holder wishes to 
apply for the TWIC credential to have unescorted access to secure areas 
of a facility or vessel, the applicant would complete the TWIC 
enrollment process and provide the biometric information for issuance 
of the credential.
    Second, TSA deems the security threat assessment required to obtain 
a FAST card, as part of the Free and Secure Trade program administered 
by U.S. Customs and Border Protection (CBP), an agency within DHS, to 
be comparable to the security threat assessment set forth in part 1572. 
FAST is a cooperative effort among CBP and the governments of Canada 
and Mexico. Applicants from Canada, Mexico, and the United States may 
volunteer to undergo a background records check and if they complete it 
successfully, may receive expedited entrance privileges at the northern 
and southern borders, subject to other requirements. CBP conducts a 
fingerprint-based criminal history records check, name-based checks of 
pertinent intelligence databases, and a personal interview. Canada 
conducts a similar check for Canadian citizens. The FAST card and 
background check are valid for five years.
    TSA invites comment on paragraph (d) from all interested parties. 
TSA invites other agencies and workers who may be affected by this 
section to propose different or additional standards to make this 
process as efficient and effective as possible. TSA urges all agencies 
interested in obtaining a comparability determination to contact TSA, 
not only with comments to the proposed rule, but also to inform TSA of 
the interest in seeking the determination. Please contact Assistant 
Program Manager, Attn: Federal Agency Comparability Check, Hazmat 
Threat Assessment Program, TSA-19, TSA, 611 South 12th Street, 
Arlington, VA 22202.

49 CFR 1572.7 Waivers of Security Threat Assessment Standards

    This section describes the TWIC applicants who TSA proposes may 
apply for a waiver of the threat assessment standards. As we do with 
HME applicants, TSA proposes that TWIC applicants who have been 
convicted of certain criminal offenses and those who have been declared 
mentally incompetent in the past may apply for a waiver. Individuals 
convicted of treason, sedition, espionage, a crime involving a 
transportation security incident, and a crime of terrorism are not 
eligible for a waiver from TSA. TSA believes this is appropriate given 
the severity and level of risk these crimes reflect. For applicants who 
do not meet the immigration standards in Sec.  1572.105, there is no 
circumstance or set of facts under which TSA would wish to suspend the 
application of the lawful immigration categories listed to issue a 
waiver. Additionally, if a TWIC applicant is disqualified under Sec.  
1572.107, the applicant should not be eligible for a waiver. Granting a 
waiver to an individual determined to pose a security threat would 
undermine the purpose of this rule and the statutes that gave rise to 
it.

49 CFR 1572.9 Applicant Information Required for Security Threat 
Assessment for a Hazardous Materials Endorsement

    This section describes all of the identifying information an HME 
applicant must provide in order for TSA to complete the fingerprint- 
and intelligence-related checks. TSA is proposing one change in 
paragraph (g) relating to employer notification of adverse threat 
determinations. TSA proposes to add a statement to the application 
process, informing the applicant that TSA may notify the applicant's 
employer if TSA determines that he or she poses a security threat. TSA 
believes that applicants should be fully aware of TSA's authority and 
responsibility to provide employer notifications at the time of the 
threat assessment application.

49 CFR 1572.11 Applicant Responsibilities for a Security Threat 
Assessment for a Hazardous Materials Endorsement

    This section describes the standards with which each HME applicant 
must comply and the actions the applicant must take in order to hold an 
HME. TSA is not proposing any changes to this section.

49 CFR 1572.13 State Responsibilities for Issuance of Hazardous 
Materials Endorsement

    This section lists all of the responsibilities that the States must 
perform in order to ensure that only individuals who meet the security 
threat assessment standards receive a hazmat endorsement. TSA is not 
proposing any substantive changes to this section, except to remove 
sunset provisions. Former paragraph (b) included compliance dates that 
have passed and so are not necessary to reference in rule text. Former 
paragraph (c) permitted a State to apply to be a ``Pilot State'' prior 
to January 31, 2005 and is no longer necessary. Former paragraph (f) 
required

[[Page 29424]]

States to submit a declaration by December 27, 2004 if the State wanted 
to conduct fingerprint collection, and is no longer necessary.

49 CFR 1572.15 Procedures for Security Threat Assessment for an HME

    TSA is not proposing to make any changes to this section. This 
section describes the security threat assessment process in detail, and 
provides that no State can issue an HME unless the steps outlined in 
this section have been completed.

49 CFR 1572.17 Applicant Information Required for the Security Threat 
Assessment for TWIC

    TSA is proposing this new section to require TWIC applicants to 
provide biographic and biometric information necessary for TSA to 
conduct a comprehensive security threat assessment. This proposed 
section is nearly identical to Sec.  1572.9, Applicant information 
required for the security threat assessment for an HME. However, in 
this section, TSA proposes to require the applicant to explain his or 
her need for a TWIC. Paragraph (a)(10) states that the applicant must 
provide his or her job description and the facility, vessel, or port 
where the applicant requires unescorted access, if it is known. 
Paragraph (a)(11) asks for information concerning the applicant's 
employer, if known. Paragraph (f) proposes to require each TWIC 
applicant to certify that he or she needs unescorted access to secure 
areas of maritime facilities as part of their employment duties, or 
that he or she is a merchant mariner.
    TSA is proposing these requirements to limit TWIC to individuals 
with a legitimate need to enter secure areas of maritime facilities. 
First, TSA has authority to conduct threat assessments on individuals 
only in furtherance of its transportation security authorities. We 
cannot conduct security threat assessments on persons who have no such 
nexus. This principle is consistent with security standards in other 
modes of transportation. For instance, in aviation, each airport 
operator determines which individuals need unescorted access to the 
secure area of the airport, and the airport conducts a background check 
and provides a credential to those individuals. TSA has no employment 
or business relationship with the TWIC applicant and so we propose to 
obtain a minimum level of information from the applicant to avoid 
conducting security threat assessments and providing a tool for 
accessing facilities to any individual who may have a criminal motive 
or casual interest in the facility. Ultimately, the facility owner 
controls the individuals that are given unescorted access through the 
access control system, but TSA believes some sort of minimal filter is 
advisable to restrict TWIC to those who have a need for it. TSA also 
believes this may prevent an unscrupulous employer who has no 
connection to a facility or vessel from using the TWIC threat 
assessment process as a free suitability assessment in making hiring 
decisions. TSA does not intend for this provision to adversely impact 
an employee who is seeking employment in the maritime industry and 
applies for a TWIC to increase his or her marketability. These 
applicants should be able to articulate the facility, vessel or port 
where they may seek employment, which would satisfy paragraph (a)(10).

49 CFR 1572.19 Applicant Responsibilities for a Security Threat 
Assessment for TWIC

    In this section, we propose the basic duties a TWIC applicant must 
comply with to satisfy the rule. Paragraphs (a) and (b) propose a 
timeline for enrollment for TWIC applicants. As currently envisioned, 
enrollment of the current population subject to this rule will be 
accomplished three phases:

------------------------------------------------------------------------
                  Start date                    End date
------------------------------------------------------------------------
Group 1        Effective date   Not later than 10 months after effective
                of rule.         date of rule.
Group 2        After Group 1..  Not later than 15 months after effective
                                 date of rule.
Group 3        After Group 2..  Not later than 18 months after effective
                                 date of rule.
------------------------------------------------------------------------

    We believe that a staggered rollout is the most efficient way to 
implement a program of this size and complexity. TSA and the Coast 
Guard plan to focus resources consistent with the schedule above and 
complete each grouping as quickly as possible. The length of the 
enrollment period at each port will vary depending on port population, 
with the requirement that enrollment at all regulated facilities and 
vessels must be completed within 18 months after the effective date of 
the final rule. TSA and Coast Guard also are contemplating implementing 
a more flexible rollout, with anticipated dates to be announced by 
notices published in the Federal Register. The timetable proposed in 
the rule does not include actual credential issuance. Once the 
enrollment process is complete for an applicant, the time required to 
complete the threat assessment and have the credential ready to issue 
will typically be 30 days.
    As proposed, each FMSC, with input from the AMS Committee, would 
establish his/her own plan for scheduling enrollment to ensure a steady 
flow of enrollees, prevent long lines, and avoid disrupting commerce. 
TSA plans to establish enrollment times that are consistent with normal 
port operations. To allow flexibility and service the maritime 
population effectively, TSA will deploy permanent and mobile enrollment 
centers. Enrollment workstations will be fielded at larger ports in 
sufficient quantity to complete the enrollments within the required 
timeframe, assuming reasonably steady enrollment rates. The strategic 
placement of the enrollment stations will accommodate port management 
and operational requirements, and satisfy new enrollments and 
replacement of lost or stolen credentials.
    Paragraph (b) of this section discusses the enrollment of mariners. 
Mariners who hold an MMD or License can enroll in TWIC pursuant to the 
schedule in paragraph (a). However, these applicants are not required 
to undergo the criminal history records portion of the TWIC security 
threat assessment if they received an MMD after February 3, 2003 or a 
License after February 13, 2006. These applicants must provide the 
information necessary for enrollment, including biometric information, 
and obtain the credential. These MMD and License applicants have 
completed a full security background check performed by the Coast 
Guard, including review of criminal records for all crimes listed in 46 
CFR 10.201 or 46 CFR 12.02-4. These include terrorism offenses, acts of 
sabotage, and espionage. In addition, the Coast Guard safety and 
security evaluation analyzes several data sources that contain 
intelligence information and includes a verification of immigration 
status.
    We have agreed to eliminate the requirement for a criminal history 
records check for this portion of the merchant mariner population to 
prevent redundancy and reduce costs for applicants and the government. 
Mariners who have already had their background fully vetted by the 
Coast

[[Page 29425]]

Guard are not required to undergo the full TWIC security threat 
assessment described in part 1572 for their first TWIC, as long as 
their MMD or License is current. TWICs issued in accordance with these 
procedures will expire five (5) years after the date of the Coast Guard 
security threat assessment, and align with the expiration date of the 
MMD or license, as applicable. Although a mariner may opt to undergo 
the full security vetting and be issued a TWIC that is valid for the 
full 5-year period, this is not required for the mariner population who 
have an MMD issued after February 3, 2003 or a License issued after 
January 13, 2006.
    In paragraphs (c)-(e) we propose the same standards that currently 
apply to HME applicants. TWIC holders would be required to surrender 
the TWIC to TSA if TSA determines that the holder poses a security 
threat, and have a continuing obligation to report a disqualifying 
event to TSA. In addition, TWIC applicants would be required to submit 
the biometric and biographic information required in Sec.  1572.17 and 
the security threat assessment fee to TSA once every five years.
    Paragraph (f) addresses lost, stolen, or damaged credentials. To 
minimize fraud and prevent unauthorized individuals from entering the 
secure areas, TWIC holders must report lost or stolen credentials to 
TSA as soon as the holder loses possession of the credential. TSA would 
then invalidate the credential number in the TSA system to prevent it 
from being used in an access control system. Employees will pay a fee 
for the cost of the replacement credential, but we do not currently 
plan to require a new threat assessment. The expiration date on the 
replacement credential will be the same as the expiration date on the 
original card.
    If a TWIC holder finds that the credential no longer operates as 
intended in the access control system, he or she should report it and 
go to an enrollment center to determine the cause of the malfunction. 
Unless there is an inherent defect in the credential, the holder will 
be charged a fee of $36 for a replacement credential.

49 CFR 1572.21 Procedures for Security Threat Assessment for a TWIC

    This section outlines the procedures TSA, applicants, and owners/
operators would follow in completing the security threat assessment. 
These procedures are nearly identical to the procedures followed in the 
HME process. However, where TSA notifies a State of a Final 
Determination of Threat Assessment, Determination of No Security 
Threat, or an Immediate Revocation in an action involving an HME, TSA 
would notify the Coast Guard with respect to a TWIC applicant who is a 
mariner. TSA provides this information to the Coast Guard because TSA's 
final determination bears on the mariner's credential. If the mariner 
is not eligible for a TWIC, the Coast Guard will not issue the mariner 
credential. Also, TSA will notify the FMSC of TWIC revocations and 
denials. As the chief governmental security officer at a port, the FMSC 
should be aware of an applicant who is denied a TWIC or has a TWIC that 
has been revoked.

49 CFR 1572.23 Conforming Equipment; Incorporation by Reference

    Each owner/operator required to have access control systems and 
equipment, including card readers, in conjunction with TWIC, must meet 
TSA-approved standards. These readers shall conform to referenced 
industry standards employed by TSA for secure identity credentials. TSA 
plans to incorporate these standards by reference in the final rule. 
These standards are listed in proposed Sec.  1572.23. Copies of these 
standards may be obtained through the Web sites and addresses listed in 
proposed Sec.  1572.23.

49 CFR 1572.24-40 [Reserved]

49 CFR 1572.41 Compliance, Inspection and Enforcement

    In this section, TSA proposes standards requiring owners/operators 
to permit TSA personnel to enter the secure areas of maritime 
facilities to evaluate, inspect, and test for compliance with the 
standards in part 1572.
    These proposals are standard and necessary for TSA to exercise its 
oversight and enforcement responsibilities over trusted agents, the 
enrollment process, and the performance of the credential in a variety 
of circumstances. TSA will be subject to audits and reporting 
requirements on the TWIC threat assessment and credentialing system 
that require visual and operational assessments that necessitate access 
to facilities and vessels. TSA will work cooperatively with owners/
operators to minimize adverse impacts on normal operations.

49 CFR 1572.101 Scope

    TSA is amending this section to add TWIC applicants to the group of 
individuals subject to the threat assessment standards. Also, TSA is 
adding paragraph (a) to this section to acknowledge that hazmat drivers 
are subject to additional standards issued by the Federal Motor Carrier 
Safety Administration and the State that issues the commercial driver's 
license, including safety requirements, immigration status and criminal 
history standards.

49 CFR 1572.103 Disqualifying Criminal Offenses

    TSA proposes to adopt the list of criminal acts that disqualify an 
applicant from holding an HME under 49 CFR 1572.103 for TWIC 
applicants. In addition, TSA proposes to make one substantive and 
several administrative changes to this section, as it applies to HME 
and TWIC applicants. TSA is moving the definitions of ``explosive,'' 
``firearm,'' and ``transportation security incident'' from Sec.  1572.3 
to Sec.  1572.103, where the terms are used. This should help to 
eliminate uncertainty about the crimes that are disqualifying. In 
addition, TSA is adding clarifying language concerning the kind of 
activity that constitutes a ``transportation security incident.'' As 
required in SAFETEA-LU, the definition now makes clear that nonviolent 
labor-management activity is not considered a disqualifying offense. 
TSA also adds paragraph (a)(1) to the scope of this section 
acknowledging that hazmat drivers are subject to other standards issued 
by the Federal Motor Carrier Safety Administration and the State that 
issues the driver's commercial license and hazmat endorsement.
    TSA is proposing a substantive change to this section concerning 
the crimes of treason, sedition, espionage, and terrorism listed in 
Sec.  1572.103(a), which are permanently disqualifying. Applicants 
convicted of these crimes are not eligible for a waiver. TSA is adding 
conspiracy to commit these crimes to the list of crimes that are not 
subject to a waiver request. TSA has determined that a conviction of 
conspiracy to commit espionage, treason, sedition, or terrorism are 
indicative of a serious, ongoing, unacceptable risk to security and 
should not be waived under any circumstances. This change applies to 
HME and TWIC applicants.
    Paragraph (d) describes how an arrest with no indication of a 
conviction, plea, sentence or other information indicative of a final 
disposition must be handled. TSA proposes to change the time allowed 
for an applicant to provide correct records from 30 days to 60 days. 
The individual must provide TSA with written proof that the arrest did 
not result in a conviction of a disqualifying criminal offense within 
60 days after the date TSA notifies the individual. If TSA does not 
receive such proof in 60 days, TSA notifies the applicant that the he 
or

[[Page 29426]]

she is disqualified from holding an HME or a TWIC.
    TSA is considering whether to change the list of disqualifying 
criminal offenses and invites comment on this matter. TSA received 
comments on this list following publication of the November 2004 hazmat 
rule, particularly concerning crimes with explosives. Commenters 
suggested that possession of explosives should not be disqualifying if 
the conviction results from previous criminal activity, perhaps 
nonviolent, that makes any subsequent possession of an explosive or 
firearm a felony. Also, commenters suggested that explosives 
convictions should be disqualifying only when the crime involves 
explosives in the amount and packaging that require placarding in 
transportation.
    Even assuming TSA agrees with these suggested changes, the current 
criminal recordation system does not include the level of detail these 
distinctions require. Often, criminal rap sheets list only the statute 
violated, which may or may not include ``explosives'' in the title. 
Rarely, if ever, would a rap sheet include specific facts about the 
amount or type of explosive involved, or whether the conviction is 
based on a previous underlying conviction that prohibits contact with 
explosives. These are the kind of facts TSA can and does evaluate 
during a request for a waiver, where the applicant provides background 
information surrounding the conviction and any mitigating information. 
TSA invites comment on this and any other issue related to 
disqualifying criminal offenses, in which the public believes TSA can 
improve the process.
    TSA may amend Sec.  1572.103 as it applies to TWIC and HME 
applicants. Any amendment to the list of disqualifying crimes will 
apply equally to TWIC and HME applicants.

49 CFR 1572.105 Immigration Status

    The immigration standards in this section currently apply to HME 
applicants, with the exception of paragraph (a)(2)(iv), which is a new 
proposal. TSA now proposes to apply the entire section to TWIC 
applicants.
    TSA proposes to add a new paragraph to permit certain drivers 
licensed in Canada or Mexico who frequently deliver goods to facilities 
and vessels to meet the immigration standards for holding a TWIC. These 
drivers are admitted to the United States under a North American Free 
Trade Agreement (NAFTA) implementation visa category. 8 CFR 
214.2(b)(4)(i)(E). These drivers are lawful non-immigrants, doing 
business in the United States, but are not ``working in'' the United 
States for purposes of the immigration laws. These individuals do not 
possess (nor are they required to possess under this particular visa 
category) specific documentation authorizing them to work in the United 
States for a specified time, as is required of other lawful 
nonimmigrants applying for a TWIC under paragraph 1572.105(a)(3)(i)-
(iii). This proposed paragraph is intended to cover the significant 
number of commercial drivers regularly entering the United States to 
deliver food and other products to a port or vessel. Requiring these 
drivers to enter the access control portion of the port under escort 
would interfere with normal port operations and could potentially 
adversely affect other businesses on the port. This proposal would not 
have any impact on existing requirements that must be met to receive a 
visa under 8 CFR 214.2(b)(4)(i)(E).
    TSA invites comment on this proposal from all interested parties.

49 CFR 1572.107 Other Analyses

    This section of TSA's HME rule currently applies to HME applicants 
and we are proposing to apply it to TWIC applicants. MTSA requires that 
TSA disqualify an individual that ``poses a terrorism security risk to 
the United States.'' For checks under this section for the HME process, 
TSA accesses relevant international databases, such as Interpol-U.S. 
National Central Bureau, and other appropriate sources of information 
on terrorists and terrorist activity, violent gangs, fugitives from 
justice, and international criminal records. These sources are also 
appropriate for TWIC applicants.
    Paragraph (c) states that TSA may determine that an individual 
poses a security threat if TSA's search reveals an extensive or very 
serious domestic or foreign criminal history, conviction for serious 
crimes not listed in Sec.  1572.103, or an extensive period of 
imprisonment, foreign or domestic, exceeding 365 consecutive days. TSA 
placed this language in the hazmat rule to clarify the full application 
of this section and to provide sufficient notice to the public that 
there may be cases in which an applicant's criminal record includes 
convictions for serious crimes that are not specifically listed in 
Sec.  1572.103, but may be disqualifying. Also, if an applicant has 
been imprisoned for more than a year, which is generally indicative of 
a serious offense or a long history of criminal activity, TSA may 
determine that the applicant poses an unacceptable security threat.
    As TSA noted in the hazmat rulemaking, we cannot possibly list all 
of the offenses or other information that may be relevant to 
determining whether an individual poses a security threat that warrants 
denial of an HME. TSA has discretion to carry out the intent of MTSA 
and the USA PATRIOT Act and assess threats to transportation and the 
Nation, where the intelligence and threats are so dynamic. TSA 
understands that the flexibility this language provides must be used 
cautiously and on the basis of compelling information that can 
withstand judicial review. TSA invites comment on this section.

49 CFR 1572.109 Mental Capacity

    The explosives laws prohibit individuals who have been adjudicated 
as lacking mental capacity from transporting explosives. The hazmat 
rule currently provides that any person who has been determined to lack 
mental capacity does not meet the standards for a security threat 
assessment. We propose to extend this qualification standard to TWIC 
applicants.
    An individual lacks mental capacity, for purposes of this NPRM, if 
he or she has been committed to a mental health facility or has been 
adjudicated as lacking mental capacity. An individual is adjudicated as 
lacking mental capacity if a court or other appropriate authority 
determines that the individual is a danger to himself or herself, or 
lacks the mental capacity to manage his or her affairs. An individual 
is ``committed to a mental health facility'' if formally committed by a 
court; this term does not refer to voluntary admissions to a mental 
institution or hospital.

Subpart E--Fees for Transportation Worker Identification Credential

A. TWIC Maritime Population Estimation Methodology

    TSA conducted an analysis of the maritime population to determine 
the necessary fee level for the TWIC threat assessment, including 
enrollment; adjudication, appeals and waivers; and issuance of the 
credential. TSA estimates that during initial rollout of the program, 
it will issue TWIC credentials to approximately 750,000 workers 
requiring regular, unescorted access to secure areas of MTSA-regulated 
facilities. This figure is the product of survey and analysis work by 
TSA and Coast Guard personnel, using information provided by individual 
ports, public and private-sector data sources, interviews with sector 
subject-matter experts, and extrapolation from survey responses.
    In developing this estimate, TSA first identified a wide array of 
worker categories at MTSA-regulated facilities

[[Page 29427]]

that would most likely to be required to carry a TWIC. This list 
evolved during the course of TSA's rulemaking process, both to reflect 
new information as well as consultations with Coast Guard and maritime 
industry representatives. The list of major port-related personnel 
subject to TWIC requirements is as follows:

 Cruise Workers (Land-Based Only)
 Liquid Bulk Refining/Processing Workers
 Longshoremen
 Merchant Mariner Document or License Holders
 Off-Shore Liquid Bulk Workers (i.e. MODUs)
 Rail Workers
 Shipyard Workers
 Site Management/Administration Workers
 Truck Drivers
 Vessel Operations/Port Support Workers
 Contractors/Other

    The 750,000 figure was derived from analyzing each of these 
employment segments using a number of approaches and resources. First, 
TSA and Coast Guard conducted a maritime population survey during late 
2004 and early 2005. TSA and Coast Guard interviewed management 
officials from 45 ports across the United States, covering many of the 
nation's largest cargo operations.\5\ We asked senior port managers and 
security officers to estimate the number of workers requiring regular 
unescorted access to their ports, subdivided into distinct employment 
categories. To enable comparisons between ports and estimate the range 
of labor required to load/unload/transport a specific volume of 
freight, port officials also estimated tonnage and twenty-foot 
equivalent units (TEU) statistics by cargo type for their ports, such 
as container, liquid bulk, dry bulk, and roll-on/roll-off (``ro-ro'').
---------------------------------------------------------------------------

    \5\ Ports surveyed (in whole or in part) include: Baltimore, 
Beaumont, Boston, Brownsville, Brunswick, Burns Harbor, Charleston, 
Cleveland, Duluth-Superior, Gulfport, Houston, Jacksonville, Lake 
Charles, Long Beach, Los Angeles, Miami, Milwaukee, Mobile, Morehead 
City, New Orleans, New York/New Jersey, Oakland, Palm Beach, Panama 
City, Pascagoula, Pensacola, Philadelphia, Port Arthur, Port 
Canaveral, Port Hueneme, Port Manatee, Portland (ME), San Diego, San 
Francisco, Savannah, Seattle, South Louisiana, Tampa, Texas City, 
Toledo, Virginia Ports (Newport News, Norfolk, Portsmouth), 
Wilmington (DE), and Wilmington (NC).
---------------------------------------------------------------------------

    This data was utilized to generate four geographically-diverse 
extrapolation scenarios, each approximating the nationwide distribution 
of different cargo types.\6\ TSA and Coast Guard used this approach to 
minimize the impact of the significant variation it found in labor 
intensiveness across ports, and to incorporate a broader array of port 
data in TSA's calculations. TSA and Coast Guard believe that this 
method yielded reliable port worker population estimates in the 
following categories:

    \6\ The TSA Office of Revenue and MARAD representatives jointly 
cooperated on a cargo type interpretation of U.S. Army Corps of 
Engineers Waterborne Commerce data, producing a single normalized 
basis for extrapolation projections: 49% liquid bulk, 9% container, 
41% dry bulk/break bulk, 1% ro-ro.
---------------------------------------------------------------------------

 Site Management/Administration (70,000)
 Vessel Operations/Port Support (50,000)
 Rail (10,000)
 Contractors/Other (70,000)

    TSA and Coast Guard also used industry-based employee research to 
complement the maritime population survey. The agencies believe that 
the survey did not produce sufficiently accurate worker counts for 
longshoremen and port truckers in particular, because employees in 
these classes sometimes work at multiple facilities and thus were 
likely double-counted in the TSA/Coast Guard survey data. For this 
reason, industry-wide estimates of port truckers and longshoremen were 
substituted for the agencies' initial survey data involving these 
sectors.
    The total longshoremen estimate (60,000) was reached by aggregating 
data from labor unions and port management organizations.\7\ The port 
trucker estimate (110,000) was developed using the 2002 (latest 
available) Vehicle Inventory and Use Survey (VIUS) of the U.S. Census 
Bureau, isolating respondent populations with common port container 
trucker characteristics. Additionally, an estimate for non-container 
drivers was based on a consensus percentage of the total VIUS survey 
data from trucking subject-matter expert interviews.\8\ \9\
---------------------------------------------------------------------------

    \7\ Sources consulted by TSA include the Pacific Maritime 
Association, United States Maritime Alliance, International 
Longshoreman's Association, and International Longshoremen and 
Warehouse Union.
    \8\ Sources consulted by TSA include (but are not limited to) 
the American Trucking Association, Owner-Operator Independent 
Drivers Association, International Brotherhood of Teamsters (Port 
Division), and academic subject-matter experts from the University 
of Michigan, University of Minnesota-Morris, and California State 
University at Long Beach.
    \9\ According to subject-matter experts consulted by TSA, the 
vast majority of port truckers (~80%) drive containers. Thus, TSA 
estimated non-container port truckers to be 20% of the total 
population. Common characteristics of this sector include: 
independent owner-operator status, for-hire employment basis, high 
proportion of short hauls (less than 100 miles).
---------------------------------------------------------------------------

    TSA and the Coast Guard also conducted employment category research 
with leading maritime associations and other relevant organizations to 
account for MTSA-regulated maritime population segments that the 
agencies believe were either not represented or under-represented in 
its maritime population survey. These segments include:

 Barge Operators (30,000) \10\
---------------------------------------------------------------------------

    \10\ Based on sector data provided by American Waterways 
Operators.
---------------------------------------------------------------------------

 Land-Based Cruise Personnel (15,000) \11\
---------------------------------------------------------------------------

    \11\ Extrapolation based on Maritime Population Survey 
population data and International Council on Cruise Lines (ICCL) 
market share information.
---------------------------------------------------------------------------

 Liquid Bulk Refining/Processing (80,000) \12\
---------------------------------------------------------------------------

    \12\ MTSA-regulated refinery estimate (35,000-40,000) reflects 
National Petrochemical and Refiners Association (NPRA) Injuries and 
Illness Survey data. Other liquid bulk numbers are extrapolations 
based on MTSA-regulated facility population data in the EPA Risk 
Management Database.
---------------------------------------------------------------------------

 MODU/Offshore Liquid Bulk (30,000)\13\
---------------------------------------------------------------------------

    \13\ Based on sector data provided by the Minerals Management 
Services of the U.S. Department of Interior. Only MTSA-regulated 
offshore facilities are included.
---------------------------------------------------------------------------

 Shipyard (55,000) \14\

    \14\ Based on data provided by MARAD's Office of Shipbuilding 
and Marine Technology. Sources consulted by TSA include (but are not 
limited to) the American Shipbuilding Association and Shipbuilders 
Council of America. Only MTSA-regulated shipyards are included.
---------------------------------------------------------------------------

    Finally, TSA and the Coast Guard integrated the Coast Guard's 
operational data for merchant mariners. The National Maritime Center 
(NMC)--which provides credentialing, training, and certification 
services to all merchant mariners--lists 204,835 domestic MMD and MML 
holders.\15\ While no reliable data exists on the overlap between MMD 
holders and active land-based port workers, representatives of NMC and 
TSA arrived at a rough estimate of 35,000. Thus, the net active 
estimate for MMDs who will require TWICs is ~170,000 (205,000-35,000 
overlapping MMDs counted among other categories).
---------------------------------------------------------------------------

    \15\ Date is as of June 2005. Includes both MMDs and other 
license holders to be covered by TWIC.
---------------------------------------------------------------------------

    The aggregate results of TSA/Coast Guard maritime employment 
population research are summarized in the table below:

[[Page 29428]]



------------------------------------------------------------------------
                                                             TSA/Coast
                                                               Guard
               Maritime employment sector                   population
                                                           estimate \1\
------------------------------------------------------------------------
MMD and License Holders.................................         205,000
MMD/License Overlap with Other Worker Categories........         -35,000
Port Truck Drivers......................................         110,000
Liquid Bulk Refining/Processing.........................          80,000
Site Management/Administration..........................          70,000
Contractors/Other.......................................          70,000
Longshoremen............................................          60,000
Shipyards...............................................          55,000
Vessel Operations/Port Support..........................          50,000
MODU/Offshore Liquid Bulk...............................          30,000
Barge Operators.........................................          30,000
Land-Based Cruise.......................................          15,000
Rail Workers............................................          10,000
                                                         ---------------
  Total TWIC Initial Maritime Population................        750,000
------------------------------------------------------------------------
\1\ Population estimate is for those persons requiring regular
  unescorted access to secure areas of MTSA-regulated facilities.

    TSA and Coast Guard have set an 18-month TWIC enrollment period for 
MTSA-regulated facilities and vessels beginning in the final month of 
FY06, with the majority of enrollments occurring in FY07 and completion 
by mid FY08. The enrollment plan assumes that workers at the largest 
U.S. ports are enrolled first, and those at small and rural locations 
will be completed toward the end of this cycle. TSA estimates a 1% 
population growth per year, not including worker turnover, in which 
individuals leave the port worker population and are replaced by new 
port workers.\16\ Accounting for this annual population growth net of 
turnover, (or ``net population growth''), results in an 18-month 
initial enrollment population of approximately 758,000.
---------------------------------------------------------------------------

    \16\ Population growth estimate derived from the Bureau of Labor 
Statistics' (BLS) National Employment Matrix, which estimates growth 
in the ``Transportation and Warehousing'' sector of the economy at 
1.1 percent
---------------------------------------------------------------------------

1. Recurring Population
    TSA estimates that approximately 12 percent of port workers will 
leave the port labor force every year and thus will be replaced by new 
workers who will require a TWIC. This estimate is derived from TSA and 
Coast Guard's informal port population survey efforts and related 
anecdotal evidence. Given that the port population segments discussed 
above are extremely diverse in operations and demographics, TSA expects 
this annual turnover will not be consistent across all categories or 
locations. Assuming a 12 percent annual rate and 1 percent net 
population growth per year, TSA estimates a five-year total turnover of 
approximately 410,000.
    TSA also estimates that 8 percent of port workers will lose or 
damage their TWIC credentials each year. This estimate is derived from 
anecdotal evidence from other Federal credentialing programs. Assuming 
an 8 percent annual rate and 1 percent net population growth per year, 
TSA estimates five-year lost/damaged credential totals of some 273,000.
2. Five-Year Enrollment Population
    Based on these calculations, TSA estimates total five-year TWIC 
enrollments (initial enrollments, including annual net population 
growth, plus job turnover enrollments), of approximately 1,168,000. 
This estimate does not include the lost/damaged card replacement 
estimate of 273,000 over five years.

B. Proposed Fee

    To comply with the mandates of Section 520 of the 2004 DHS 
Appropriations Act, TSA proposes to establish user fees for individuals 
who apply for or renew a TWIC, and thus are required to undergo a 
security threat assessment in accordance with 49 CFR part 1572. TSA 
proposes to establish a new user fee (with two components), separate 
from the fee the FBI charges to check its criminal history records 
databases.\17\
---------------------------------------------------------------------------

    \17\ The FBI is authorized to establish and collect fees to 
process fingerprint identification records and name checks for non-
criminal justice, non-law enforcement employment and licensing 
purposes that may be used for salaries and other expenses incurred 
in providing these services. See Title II of Pub. L. 101-515, 
November 5, 1990, 104 Stat. 2112, codified in a note to 28 U.S.C. 
534.
---------------------------------------------------------------------------

    First, TSA proposes an Information Collection/Credential Issuance 
Fee to cover the costs of collecting the biometric and biographic 
information, transmitting the information to the appropriate process or 
location, and issuing the credential. Second, TSA proposes a Threat 
Assessment/Credential Production Fee to cover TSA's costs to perform 
and adjudicate security threat assessments; administer the appeal and 
waiver process; conduct program oversight; and produce the credential. 
Third, TSA proposes a fee to cover the cost of creating a new 
credential to replace a lost, stolen, or damaged credential. Based on 
the information currently available to the agency, TSA proposes the 
following fees: an Information Collection/ Credential Issuance Fee 
ranging from $45-$65; a Threat Assessment/Credential Production Fee of 
$50-$62; and a Credential Replacement Fee of $36. The FBI currently 
charges a fee of $22 for the criminal history records check, which is 
also collected whenever a security threat assessment is required.
    Pursuant to the Chief Financial Officers Act of 1990, DHS/TSA is 
required to review these fees no less than every two years. 31 U.S.C. 
3512. Upon review, if it is found that the fees are either too high 
(i.e., total fees exceed the total cost to provide the services) or too 
low (i.e., total fees do not cover the total costs to provide the 
services), the fee will be adjusted. In addition, TSA may increase or 
decrease the fees described in this regulation for inflation following 
publication of the final rule. If TSA increases or decreases the fees 
for this reason, TSA will publish a Notice in the Federal Register 
notifying the public of the change.
1. Information Collection/Credential Issuance
    The security threat assessment process requires all applicants who 
apply for or renew a TWIC to submit their fingerprints and biographic

[[Page 29429]]

information at a TSA-approved enrollment facility. The same enrollment 
facility will handle credential issuance to the applicant after 
successful completion of the threat assessment process. TSA will hire a 
contractor agent to provide these services. Based on TSA's research of 
the costs of both commercial and Government fingerprint and information 
collection services, as well as a prior competitive bidding and 
acquisition process for similar (but less extensive) services in 
support of TSA's HME program, TSA estimates that the per applicant cost 
to collect and transmit fingerprints and other required data 
electronically is likely to be between $45 and $65. This fee also 
includes the costs for related administrative support, help desk 
services, quality control, credential distribution and related 
logistics.
2. Threat Assessment/Credential Production
    For the TSA security threat assessment and credential production 
process, each applicant's information will be checked against multiple 
databases and other information sources so that TSA can determine 
whether the applicant poses a security threat that warrants denial of a 
TWIC. The threat assessment includes an appeal process for individuals 
who believe the records upon which TSA bases its determination are 
incorrect. In addition, TSA will administer a waiver process for 
applicants denied a TWIC due to criminal activity or mental 
incompetence.
    TSA must implement and maintain the appropriate systems, resources, 
and personnel to ensure that fingerprints and applicant information are 
appropriately linked, and that TSA can receive and act on the results 
of the security threat assessment. TSA must have the necessary 
resources--including labor, equipment, database access, and overhead--
to complete the security threat assessment process.
    TSA estimates that the total cost of threat assessment services 
will be $24.1 million over five years. This estimate includes $4.6 
million for all information systems expenses, including the 
modification and sustainment of TSA's Screening Gateway. The Screening 
Gateway is an information system platform that allows TSA to submit, 
receive, and integrate security threat assessment information from a 
variety of Federal, State, and other sources in order to help make 
security threat assessment determinations.
    Upon successful completion of the threat assessment process, the 
applicant's enrollment record is sent to the TSA-approved credential 
production facility. The production facility initiates the TWIC 
credential personalization process, which includes printing and 
magnetic stripe and chip encoding. Before the credentials are shipped 
back to the enrollment center, the credential production facility 
employees perform quality control inspections. TWIC credentials are 
then securely packaged and shipped to the designated enrollment center.
    The credential production process will be administered by a TSA-
approved federal credential production facility. It will require 
expenditures for the following items: card stock, customization 
materials (i.e., contactless chips, laminates), biennial credential re-
design, production equipment and maintenance, production labor, and 
shipping costs. TSA estimates that the total cost of credentialing 
production and management will be $17.5 million over five years.
    TSA representatives will manage the operation and integration of 
the TWIC programs, including coordination of a nationwide credentialing 
rollout program. The Agency will also be responsible for ensuring 
compliance at all TWIC enrollment facilities. These tasks will require 
the assignment of permanent TSA personnel and temporary contract labor 
for program support. Contractors will also certify and accredit TWIC 
systems on a periodic basis. Support costs will include program travel 
and office supplies.
    TSA has also developed an electronic network (the TSA system) to 
facilitate applicant information collection, coordination, credential 
production, applicant notification and the extensive access control 
activities of all TWIC cardholders and regulated facilities over time. 
While the majority of the TSA system development costs were financed in 
prior years with funds appropriated to TSA, system modification costs 
and recurring operational costs are included in the five-year program 
costs.
    TSA estimates that the total for program support will be $36.1 
million over five years.
    Table Five details the major cost components TSA expects to incur 
over the next five years to implement the TWIC program.

              Table 5.--Year TSA Costs for Transportation Worker Identification Credential Program
----------------------------------------------------------------------------------------------------------------
         Operational year             Start-up     1st Year     2nd Year     3rd Year     4th Year     5th Year
----------------------------------------------------------------------------------------------------------------
Estimated Annual New Applicants          15,000      708,000      164,000       93,000       94,000       95,000
 and Turnover.....................
Estimated Annual Lost/Damaged                50       27,876       58,003       61,818       62,436       63,061
 Credential Replacement Applicants
         Cost Components*
Threat Assessment Costs:
    Personnel to conduct name-          $70,000   $1,687,000   $2,014,000   $2,200,000   $2,387,000   $2,576,000
     based threat assessments.....
    Personnel to conduct redress        $45,000     $537,000     $269,000     $269,000     $269,000     $269,000
     operations (waivers and
     appeals).....................
    Adjudication labor............     $136,000   $3,350,000   $1,208,000     $824,000     $828,000     $831,000
    Screening Gateway development.     $300,000  ...........  ...........  ...........  ...........  ...........
    Screening Gateway operations,      $247,000     $993,000     $513,000     $513,000     $513,000     $513,000
     maintenance & disaster
     recovery.....................
    Document management system....      $42,000     $504,000     $360,000     $240,000     $240,000     $240,000
                                   -----------------------------------------------------------------------------
        Threat Assessment Costs--      $840,000   $7,071,000   $4,364,000   $4,046,000   $4,237,000   $4,429,000
         Subtotal.................
Card Production Costs:
    Card materials................   $1,750,000   $5,250,000   $1,750,000   $1,750,000   $1,750,000   $1,750,000
    Card production equipment and      $909,000   $1,261,000     $937,000     $707,000     $707,000     $707,000
     labor........................
    Production system design......     $250,000  ...........  ...........     $100,000  ...........  ...........
    Card re-design................  ...........  ...........     $100,000  ...........     $100,000  ...........

[[Page 29430]]

 
    Shipping......................       $7,000     $331,000     $100,000      $70,000      $70,000      $71,000
                                   -----------------------------------------------------------------------------
        Card Production Costs--      $2,916,000   $6,842,000   $2,887,000   $2,627,000   $2,627,000   $2,528,000
         Subtotal.................
Identity Management System (IDMS)
 Costs:
    IDMS labor, O&M, and help desk   $2,850,000   $3,600,000   $1,800,000   $1,680,000   $1,680,000   $1,680,000
    IDMS hardware, software, and       $188,000     $945,000     $885,000     $825,000     $825,000     $825,000
     technology refresh...........
    IDMS disaster recovery........     $500,000     $100,000     $100,000     $100,000     $100,000     $100,000
                                   -----------------------------------------------------------------------------
        IDMS Costs--Subtotal......   $3,538,000   $4,645,000   $2,785,000   $2,605,000   $2,605,000   $2,605,000
Program Support:
    Personnel for program support--  $1,624,000   $2,584,000   $2,614,000   $2,614,000   $2,614,000   $2,614,000
     federal and contract.........
    Information systems security       $600,000     $250,000     $250,000     $500,000     $250,000     $500,000
     certification and
     accreditation................
    Program travel................      $48,000     $144,000     $112,000     $112,000     $112,000     $112,000
    Interagency systems and            $481,000   $1,085,000     $659,000     $633,000     $630,000     $647,000
     communications infrastructure
    Office supplies and                 $35,000      $60,000      $60,000      $60,000      $60,000      $60,000
     miscellaneous program costs..
    Fee processing & analysis.....      $17,000     $100,000     $100,000     $100,000     $100,000     $100,000
                                   -----------------------------------------------------------------------------
        Program Support--Subtotal.   $2,805,000   $4,223,000   $3,795,000   $4,019,000   $3,766,000   $4,033,000
Enrollment Management and
 Compliance:
    Personnel and operational           $12,000     $584,000     $135,000      $76,000      $77,000      $78,000
     expenses for enrollment
     compliance...................
                                   -----------------------------------------------------------------------------
    Enrollment Management and           $12,000     $584,000     $135,000      $76,000      $77,000      $78,000
     Compliance--Subtotal.........
                                   -----------------------------------------------------------------------------
        Grand Totals..............  $10,111,000  $23,365,000  $13,966,000  $13,373,000  $13,312,000  $13,673,000
----------------------------------------------------------------------------------------------------------------

Threat Assessment/Credential Production Calculation
    TSA will charge a fee to recover its threat assessment, 
credentialing, and other program management and oversight costs 
associated with the implementation of this rule. TSA notes that since 
it received appropriated funds for the development of the TWIC program 
prototype and start-up operations, these costs will not be recovered in 
the fee charges. Substantially all costs TSA will have incurred before 
the beginning of program operations are considered start-up costs for 
calculation of the Threat Assessment/Credential Production fee. Based 
on the estimated costs in Table Five, TSA has calculated the per 
applicant Threat Assessment/Credential Production fee as follows: 
threat assessment cost estimate of $24.1 million over five years is 
added to credentialing and program expenses of $53.6 million. These 
total costs are then divided by 1,441,000 total estimated applicants 
for a TWIC--both new and lost/damaged replacement card applicants--over 
the first five years.
    The resulting applicant charges will range from $50-$62 per 
applicant, as fees will vary based on the services provided to each 
population. Individuals requiring a complete security threat assessment 
will pay $62. Applicants who have completed a fingerprint-based 
criminal history records check that TSA deems equivalent to the TWIC 
check, such as MMD, MML, HME, and FAST credential holders, will not be 
charged for TSA's adjudication expenses associated with this portion of 
the threat assessment and will be assessed $50. Individuals who lose, 
damage, or have their credential stolen will not be assessed any threat 
assessment costs but will be charged $36 for a replacement credential. 
No new TSA threat assessment-specific or enrollment costs are factored 
into this replacement fee.
3. FBI Fee
    As part of the security threat assessment, TSA submits fingerprints 
to the FBI to obtain any criminal history records that correspond to 
the fingerprints. The FBI is authorized to establish and collect fees 
to process fingerprint identification records. See Title II of Pub. L. 
101-515, November 5, 1990, 104 Stat. 2112, codified in a note to 28 
U.S.C. 534. Pursuant to Criminal Justice Information Services (CJIS) 
Information Letter 93-3 (October 8, 1993), this fee is currently set at 
$22. If the FBI increases or decreases its fee to complete the criminal 
history records check, the increase or decrease will apply to this 
regulation on the date that the new FBI fee becomes effective.
4. Total Fees
    TSA proposes the following fees for TWIC applicants who submit 
fingerprints and applicant information to a TSA agent:
    (1) Information Collection/Credential Issuance: $45-$65.
    (2) Threat Assessment/Credential Production: $50-$62.
    (3) Credential Replacement: $36.
    (4) FBI: $22.
    The total fees for TWIC applicants would be between $95 and $149, 
depending on threat assessment services provided. TSA will continue to 
work to minimize all costs and will finalize final fee charges in the 
final rule. TSA may increase or decrease the fees described in this 
regulation for inflation following publication of the final rule. TSA 
will publish a notice in the Federal Register notifying the public of 
the change.

C. Section 1572.501 Fee Collection

    Section 1572.501 provides that when TSA collects fingerprints and 
applicant information under 49 CFR part 1572, TSA will collect fees for 
TWIC, in accordance with the procedures in Sec.  1572.503.
    Section 1572.503 describes the procedures that TSA and a TWIC 
applicant will follow. Paragraph 1572.503(a) list the specific fees: 
$45-65 for information collection/credential issuance; $50-62 for the 
threat assessment/credential production; $36

[[Page 29431]]

for a replacement credential; and $22 for the FBI.
    Paragraph 1572.503(b) states that the fees must be provided in U.S. 
currency, and in check, money order, wire, or another method approved 
by TSA. Paragraph 1572.503(c) states that TSA will not issue refunds 
and paragraph 1572.503(d) states that applications would be processed 
only upon receipt of all applicable fees.
    Paragraph 1572.503(e) states that TSA may adjust the fees annually 
after October 1, 2007 because of inflation, and any adjustment will be 
announced by notice in the Federal Register. Any increase would be a 
composite of the Federal civilian pay raise percentage and non-pay 
inflation factor for the current fiscal year. These figures are issued 
by the Office of Management and Budget.
    Paragraph (f) of this section relates to any amendments the FBI may 
make to its fee for the criminal history records check. The change to 
the fee for TWIC applicants will become effective on the date that the 
FBI fee increase or decrease became effective.

VII. Rulemaking Analyses and Notices

A. Executive Order 12866 (Regulatory Planning and Review)

    This proposed rule is a ``significant regulatory action'' under 
section 3(f) of E.O. 12866, Regulatory Planning and Review and 
therefore has been reviewed by the Office of Management and Budget. 
E.O. 12866 requires an assessment of potential costs and benefits under 
section 6(a)(3) of that Order. A draft Assessment is available in both 
the TSA and Coast Guard dockets where indicated under the ``Public 
Participation and Request for Comments'' section of this preamble. A 
summary of the Assessment follows:
Regulatory Evaluation Summary
    Proposed changes to Federal regulations must undergo several 
economic analyses. First, E.O. 12866 directs each Federal agency to 
propose or adopt a regulation only if the agency makes a reasoned 
determination that the benefits of the intended regulation justify its 
costs. Second, the Regulatory Flexibility Act of 1980 requires agencies 
to analyze the economic impact of regulatory changes on small entities. 
Third, the Trade Agreements Act (19 U.S.C. 2531-2533) prohibits 
agencies from setting standards that create unnecessary obstacles to 
the foreign commerce of the United States. In developing U.S. 
standards, this Trade Act requires agencies to consider international 
standards and where appropriate, as the basis of U.S. standards. 
Fourth, the Unfunded Mandates Reform Act of 1995 (Public Law 104-4) 
requires agencies to prepare a written assessment of the costs, 
benefits and other effects of proposed or final rules that include a 
Federal mandate likely to result in the expenditure by State, local or 
tribal governments, in the aggregate, or by the private sector, of $100 
million or more annually (adjusted for inflation). The mandatory OMB A-
4 Accounting Statement is located in the separate detailed regulatory 
evaluation.
    In conducting these preliminary analyses, TSA and the USCG are 
proposing that this rule:
    1. Is a ``significant regulatory action'' as defined in the E.O.
    2. Has a yet to be determined impact on small business. We have 
provided an Initial Regulatory Flexibility Analysis (IRFA) for comment.
    3. Imposes no significant barriers to international trade.
    4. Does not impose an unfunded mandate on State, local, or tribal 
governments, but does on the private sector as there are two years with 
undiscounted costs in excess of the inflation adjusted $100 million 
threshold.
    This regulatory evaluation is a joint effort of TSA and USCG. For 
ease of reading, the agencies decided to use the term ``we'' to 
represent both DHS components even for issues which might be directly 
related to proposed rule actions of only one agency. We believe this 
simplification will be less of a burden to the public in trying to 
understand and comment on the evaluation. The reader is cautioned that 
we did not attempt to replicate precisely the regulatory language in 
this discussion of the proposed rule; the regulatory text, not the text 
of this evaluation, is legally binding. A copy of the detailed 
regulatory evaluation document is available on the dockets for each 
agency. TSA and the USCG invite comments on all aspects of the economic 
analysis. We will attempt to evaluate and address all regulatory 
evaluation comments submitted by the public; however, those comments 
with specific data sources or detailed information will be more useful 
in improving the impact analysis. Comments may be placed on either 
docket as directed in the rule preamble; although there is no 
prohibition of submitting the evaluation comments to both dockets, 
duplicate submissions will be treated as a single issue submission. If 
possible, evaluation comments should be clearly identified with the 
evaluation issue or section. Including page numbers or figure 
references with your comments will expedite the process and insure the 
issue is addressed by the most appropriate agency experts.
Impact Summary
    Section 102 of the Maritime Transportation Security Act requires a 
regulation regarding the issue of a biometric security card to 
individuals with unescorted access to secure areas of vessels and 
facilities. Under this authority, DHS has developed this proposed rule, 
and this summary provides a synopsis of the costs and benefits of the 
proposed rule.
Benefits of the Proposed Rule
    The proposed rule would facilitate commerce and, most importantly, 
increase security at vessels, facilities, and OCS facilities regulated 
by 33 CFR chapter I, subchapter H.
Security
    The proposed rule would increase security at vessels, facilities, 
and OCS facilities regulated by 33 CFR chapter I, subchapter H. It 
would accomplish this by: (1) Reducing the number of high-risk 
individuals with unescorted access to secure areas of vessels, 
facilities, and OCS facilities through the use of robust background 
checks; (2) enhancing the security of the credential through the use of 
a highly tamper-resistant card and the implementation of a strong 
identity-verification process to guard against fraud; and (3) 
increasing the stringency of access control measures throughout the 
maritime transportation sector.
Commerce
    Although not the primary impetus for regulation, this NPRM would 
enhance the flow of commerce by streamlining the number of credentials 
and access control procedures, eliminating the need for several port 
credentialing offices and systems, and creating an interoperable 
credential recognizable across the maritime environment. During the 
TWIC Phase III Prototype, TSA learned that many individuals underwent 
multiple background checks, paid redundant fees, and endured long lines 
and short hours of operation at local credentialing offices. We 
anticipate this NPRM would eliminate some of these inefficient 
practices.
Economic Costs
    We conclude that the primary estimate of economic costs over a 10 
year period for this rule are $1,028 million undiscounted, $918.5 
million with a 3 percent discount rate, and

[[Page 29432]]

$802.8 million at a 7 percent discount rate. In preparing estimates, we 
considered ranges for some values. No statistical confidence interval 
is associated with this range. These ranges provide an upper estimate 
of $1,062 million undiscounted and a lower range of $995.0 million 
undiscounted. The full list of scenarios and discounted values are 
displayed in the following charts and figures.

                             Ten Year Costs
------------------------------------------------------------------------
 
------------------------------------------------------------------------
Minimum..........................  7% Discount Rate....     $777,040,010
                                   3% Discount Rate....      888,602,138
                                   Undiscounted........      994,986,264
Primary..........................  7% Discount Rate....      802,830,101
                                   3% Discount Rate....      918,517,801
                                   Undiscounted........    1,028,754,087
High.............................  7% Discount Rate....      828,620,192
                                   3% Discount Rate....      948,433,464
                                   Undiscounted........    1,062,521,911
------------------------------------------------------------------------

                                                         [GRAPHIC] [TIFF OMITTED] TP22MY06.000
                                                         
Timing of Costs
    The startup costs plus initial enrollments cause roughly 40 percent 
of expenses to occur in the first program year. Because credentials 
must be renewed after five years, there is another spike in enrollments 
and, therefore, expenses at year six. This spike is not as large as the 
initial enrollment because there is movement in and out of the labor 
force over those five years. This increase in enrollments in year six 
represents approximately 15 percent of the total costs. The other eight 
program years are similar in costs.

[[Page 29433]]

[GRAPHIC] [TIFF OMITTED] TP22MY06.001


                                                         Total Ten-Year Costs--Primary Estimate
                                                                      [$ millions]
--------------------------------------------------------------------------------------------------------------------------------------------------------
             Discount Rate/Yr                   1         2         3         4         5         6         7         8         9        10       Total
--------------------------------------------------------------------------------------------------------------------------------------------------------
7% Discount Rate..........................    $383.6     $74.0     $36.7     $34.2     $32.2    $105.7     $45.7     $32.2     $30.1     $28.4    $802.8
3% Discount Rate..........................     398.5      79.9      41.1      39.8      38.9     132.9      59.7      43.7      42.4      41.6     918.5
Undiscounted..............................     410.4      84.7      44.9      44.8      45.1     158.7      73.4      55.4      55.3      55.9   1,028.8
--------------------------------------------------------------------------------------------------------------------------------------------------------

Distribution of Costs
    The fee setting section of the NPRM and supporting documents in the 
docket provide details of the distribution of impacts. By category, 
almost 39 percent of the costs are facility costs, 11 percent 
enrollment contract costs, while the smallest category of costs is 
related to Outer Continental Shelf facilities at less than 0.1 percent 
of the total costs. The following series of figures summarizes the 11 
categories for the range of costs discounted at 7 percent, categorical 
percentage share of total costs, and share differences between the 
primary estimate and each of the other two scenarios.

              Costs by Category and Scenario, Discounted 7%
------------------------------------------------------------------------
               Component                    Low      Primary      High
------------------------------------------------------------------------
Enrollment Opportunity Costs...........      $71.8      $71.8      $71.8
Enrollment Contract Costs..............       91.9       91.9       91.9
Security Threat Assessments............       57.9       57.9       57.9
TSA System Costs.......................       27.4       27.4       27.4
Appeals and Waivers Opportu............        5.7        5.7        5.7
Card Production........................       29.5       29.5       29.5
Issuance Opportunity Costs.............       89.0       89.0       89.0
Program Office Support.................       41.0       41.0       41.0
Facilities.............................      299.0      312.1      325.1
Vessels................................       63.1       75.8       88.4
OCS Facilities.........................        0.6        0.7        0.8
                                        --------------------------------
    Total..............................      777.0      802.8      828.6
------------------------------------------------------------------------


[[Page 29434]]

[GRAPHIC] [TIFF OMITTED] TP22MY06.002


 
----------------------------------------------------------------------------------------------------------------
                        Percent cost share by category and scenario                            Difference from
-------------------------------------------------------------------------------------------   primary estimate
                                                                                           ---------------------
                        Component                             Low      Primary      High       Low        High
                                                           (percent)  (percent)  (percent)  (percent)  (percent)
----------------------------------------------------------------------------------------------------------------
Enrollment Opportunity Costs.............................        9.2        8.9        8.7        0.3       -0.3
Enrollment Contract Costs................................       11.8       11.4       11.1        0.4       -0.4
Security Threat Assessments..............................        7.5        7.2        7.0        0.2       -0.2
TSA System Costs.........................................        3.5        3.4        3.3        0.1       -0.1
Appeals and Waivers Opportunity..........................        0.7        0.7        0.7        0.0       -0.0
Card Production..........................................        3.8        3.7        3.6        0.1       -0.1
Issuance Opportunity Costs...............................       11.5       11.1       10.7        0.4       -0.3
Program Office Support...................................        5.3        5.1        5.0        0.2       -0.2
Facilities...............................................       38.5       38.9       39.2       -0.4        0.4
Vessels..................................................        8.1        9.4       10.7       -1.3        1.2
OCS Facilities...........................................        0.1        0.1        0.1        0.0        0.0
                                                          ------------------------------------------------------
    Total................................................      100.0      100.0      100.0  .........          -
----------------------------------------------------------------------------------------------------------------

B. Small Entities

    Under the Regulatory Flexibility Act (5 U.S.C. 601-612), we have 
considered whether this proposed rule would have a significant economic 
impact on a substantial number of small entities. The term ``small 
entities'' comprises small businesses, not-for-profit organizations 
that are independently owned and operated and are not dominant in their 
fields, and governmental jurisdictions with populations of less than 
50,000. Individuals are not considered small entities for the purposes 
of the Regulatory Flexibility Act.
    At this time, we have not determined if this proposed rule would 
have a significant economic impact on a substantial number of small 
entities. We request comment on the full Initial Regulatory Flexibility 
Analysis, which is located on the docket. A brief summary of this 
analysis appears below.
    With certain exceptions, the proposed rule would impact vessels, 
facilities, and OCS facilities presently regulated by 33 CFR chapter I, 
subchapter H. TSA and USCG estimated the proposed rule would cover 
10,785 vessels, 3,492 facilities, and 42 OCS facilities. TSA and USCG 
concluded that most vessels and some facilities may be owned by small 
businesses, but no small businesses, as defined by the Regulatory 
Flexibility Act, currently operate OCS facilities.
    The proposed rule would require affected vessels, facilities and 
OCS facilities to implement increased security measures. Because many 
of the proposed measures are based on performance standards, the 
proposed rule affords covered businesses

[[Page 29435]]

flexibility in complying with the requirements. Due to this 
flexibility, we foresee small entities complying with the proposed rule 
in a number of ways. We therefore used a range of estimates when 
characterizing the potential impacts to small entities. The following 
table displays this range.

----------------------------------------------------------------------------------------------------------------
                                                         Initial costs                   Recurring costs
                  Requirement                  -----------------------------------------------------------------
                                                   Low      Primary      High       Low      Primary      High
----------------------------------------------------------------------------------------------------------------
Smart Card Reader Purchase....................     $2,000     $3,500     $5,000  .........  .........  .........
Smart Card Reader Software....................      1,000      1,000      1,000  .........  .........  .........
Smart Card Reader Installation................        200        200        200  .........  .........  .........
Creating TWIC Addendum........................      1,693      1,691      1,691  .........  .........  .........
Knowledge Requirements........................      2,709      2,709      2,709  .........  .........  .........
Recordkeeping.................................      1,303      1,303      1,303  .........  .........  .........
TWIC Validation...............................  .........  .........  .........       $391       $391       $391
                                               -----------------------------------------------------------------
    Total.....................................      8,906     10,403     11,903        391        391        391
----------------------------------------------------------------------------------------------------------------

C. Assistance for Small Entities

    Under section 213(a) of the Small Business Regulatory Enforcement 
Fairness Act of 1996 (Pub. L. 104-121), we want to assist small 
entities in understanding this proposed rule so that they can better 
evaluate its effects on them and participate in the rulemaking. If the 
rule would affect your small business, organization, or governmental 
jurisdiction and you have questions concerning its provisions or 
options for compliance, please consult LCDR Jonathan Maiorine, 
Commandant (G-PCP-2), United States Coast Guard, 2100 Second Street, 
SW., Washington, DC 20593; telephone 1 (877) 687-2243. DHS will not 
retaliate against small entities that question or complain about this 
rule or any policy or action of DHS.
    Small businesses may send comments on the actions of Federal 
employees who enforce, or otherwise determine compliance with, Federal 
regulations to the Small Business and Agriculture Regulatory 
Enforcement Ombudsman and the Regional Small Business Regulatory 
Fairness Boards. The Ombudsman evaluates these actions annually and 
rates each agency's responsiveness to small business. If you wish to 
comment on actions by employees of TSA or of the Coast Guard, call 1-
888-REG-FAIR (1-888-734-3247).

D. Collection of Information

    This proposed rule would call for a collection of information under 
the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-3520). As defined 
in 5 CFR 1320.3(c), ``collection of information'' comprises reporting, 
recordkeeping, monitoring, posting, labeling, and other, similar 
actions. The title and description of the information collections, a 
description of those who must collect the information, and an estimate 
of the total annual burden follow. The estimate covers the time for 
reviewing instructions, searching existing sources of data, gathering 
and maintaining the data needed, and completing and reviewing the 
collection.
    Title: Transportation Worker Identification Credential (TWIC) 
Program.
    Summary of the Collection of Information:
    Need for Information: TSA has developed the Transportation Worker 
Identification Credential (TWIC) as an identification tool that 
encompasses the authorities of the Aviation and Transportation Security 
Act of 2001(ATSA) (Pub. L. 107-71, Sec.106), and the Maritime 
Transportation Security Act of 2002 (MTSA) (Pub. L. 107-295, Sec. 102) 
to perform background checks and issue credentials to workers within 
the national transportation system. The data to be collected is that 
biographic and biometric information necessary for TSA to complete the 
required security threat assessment on individuals who will seek 
unescorted access to secure areas of vessels and maritime facilities 
through the use of a TWIC. TWIC cards, when issued, will contain 
biographic and biometric data necessary to prove identity of the 
cardholder and to interoperate with access control systems on vessels 
and at facilities nationwide.
    Proposed Use of Information: TSA will use the information to verify 
the identity of the individual applying for a TWIC and to verify that 
the person poses no security threat that would preclude issuance of a 
TWIC.
    Description of the Respondents: The respondents to this collection 
of information will be workers within the national transportation 
system, specifically individuals who require unescorted access to 
secure areas of vessels or maritime facilities.
    Number of Respondents: Although the number of respondents will vary 
over three years, TSA estimates that the annualized number of total 
respondents will be approximately 317,400. Based on research conducted 
by TSA and the USCG, the total estimated base population that will be 
affected by TWIC is 750,000. However, TSA estimates that more than 
seventy percent of the base maritime worker population will enroll in 
the program in the first year, and the remainder will enroll in year 
two. Turnover and growth within the affected population is expected to 
result in another 202,257 respondents.
    Frequency of Response: Because renewals for the TWIC will be on a 
five year basis, for purposes of the Paperwork Reduction Act, to apply 
for a TWIC, each respondent will be required to respond once to the 
enrollment collection. TSA estimates an additional response from the 
estimated two percent of respondents who will appeal decisions made by 
the agency with respect to security threat assessments or ask for a 
waiver from disqualifying offenses. Thus, TSA estimates the number of 
total annual responses to be approximately 323,800.
    Burden of Response: TSA estimates the annual hour burden for 
enrollment to be 476,129, or one and one half hour per respondent. TSA 
estimates the annual hour burden for appeals and waiver to be 
approximately 38,100.
    TSA has determined that the information collection and card 
issuance portion of the TWIC fee will be between $45 and $65 per 
respondent. The exact fee will be determined in the final rulemaking. 
This portion of the fee accounts for more than the actual cost of the 
information collection as it includes cost of the enrollment process, 
system operations and maintenance, and TWIC card distribution.
    Estimate of Total Annual Burden: TSA estimates the total annual 
hour burden as a result of this collection of information to be 
approximately 514,200. Because the TWIC fee may

[[Page 29436]]

change over time as actual costs are determined and annualized, TSA 
estimates total annual fee for respondents to be between $14,283,855 
and $20,632,235.
    As required by the Paperwork Reduction Act of 1995 (44 U.S.C. 
3507(d)), we have submitted a copy of this proposed rule to the Office 
of Management and Budget (OMB) for its review of the collection of 
information.
    We ask for public comment on the proposed collection of information 
to help us determine how useful the information is; whether it can help 
us perform our functions better; whether it is readily available 
elsewhere; how accurate our estimate of the burden of collection is; 
how valid our methods for determining burden are; how we can improve 
the quality, usefulness, and clarity of the information; and how we can 
minimize the burden of collection.
    If you submit comments on the collection of information, submit 
them both to OMB and to the Docket Management Facility where indicated 
under ADDRESSES, by the date under DATES.
    You need not respond to a collection of information unless it 
displays a currently valid control number from OMB. Before the 
requirements for this collection of information become effective, we 
will publish notice in the Federal Register of OMB's decision to 
approve, modify, or disapprove the collection.

E. Federalism

    A rule has implications for federalism under E.O. 13132, 
Federalism, if it has a substantial direct effect on State or local 
governments and would either preempt State law or impose a substantial 
direct cost of compliance on them. TSA and Coast Guard have analyzed 
this proposed rule under that Order and have determined that it has 
implications for federalism, for the same reasons that we found 
Federalism impacts for the Coast Guard's previously published MTSA 
regulations. 68 FR at 60468-9. A summary of the impacts on federalism 
in this proposed rule follows.
    This proposed rule would have a substantial direct effect on 
States, local governments, or political subdivisions under section 1(a) 
of the Order when those states owning vessels/facilities are required 
to submit a TWIC Addendum and implement a TWIC program. It would also 
preempt State law under section 6(c) of the Order by: Continuing to 
prevent States from regulating mariners; and continuing to prevent the 
States from requiring security plans. It would impose substantial 
direct costs of compliance on States or local governments under section 
6(b) of the Order, by requiring the submission of a TWIC Addendum and 
the implementation of TWIC on State owned vessels or facilities.
    Regulations already issued by the Coast Guard under other sections 
of the MTSA of 2002 cited the need for national standards of security, 
claimed preemption, and received comments in support of such a scheme. 
See 68 FR 60448, 60468-60469. (October 23, 2003).
    The law is well-settled that States may not regulate in categories 
expressly reserved for regulation by the Coast Guard. The law also is 
well-settled that all of the categories covered in 46 U.S.C. 3306, 
3703, 7101, and 8101 (design, construction, alteration, repair, 
maintenance, operation, equipping, personnel qualification, and manning 
of vessels), as well as the reporting of casualties and any other 
category in which Congress intended the Coast Guard to be the sole 
source of a vessel's obligations, are within the field foreclosed from 
regulation by the States. See United States v. Locke and Intertanko v. 
Locke, 529 U.S. 89, 120 S.Ct. 1135 (Mar. 6, 2000). Since portions of 
this proposed rule involve the manning of U.S. vessels and the 
licensing of merchant mariners, it relates to personnel qualifications. 
Because the states may not regulate within this category, these 
portions of this proposed rule do not present new preemption issues 
under E.O. 13132.
    We are only asserting field preemption in those areas where federal 
regulations have historically dominated the field, such as merchant 
mariner regulations, or where we are amending regulations that we have 
previously asserted preempt state regulation, such as the Marine 
Transportation Security Act Regulations found in 33 CFR chapter I, 
subchapter H. States would not be preempted from instituting their own 
background checks or badging systems in addition to the TWIC.
    We are asking for comments specifically on the issue of preemption.

F. Unfunded Mandates Reform Act

    The Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1531-1538) 
requires Federal agencies to assess the effects of their discretionary 
regulatory actions. In particular, the Act addresses actions that may 
result in the expenditure by a State, local, or tribal government, in 
the aggregate, or by the private sector of $100,000,000 or more in any 
one year. This proposed rule would result in such an expenditure, and 
we discuss the effects of this rule in the Draft Regulatory Evaluation, 
which is summarized in the E.O. 12866 section above.

G. Taking of Private Property

    This proposed rule would not affect a taking of private property or 
otherwise have taking implications under E.O. 12630, Governmental 
Actions and Interference with Constitutionally Protected Property 
Rights.

H. Civil Justice Reform

    This proposed rule meets applicable standards in sections 3(a) and 
3(b)(2) of E.O. 12988, Civil Justice Reform, to minimize litigation, 
eliminate ambiguity, and reduce burden.

I. Protection of Children

    We have analyzed this proposed rule under E.O. 13045, Protection of 
Children from Environmental Health Risks and Safety Risks. While this 
rule is an economically significant rule, it would not create an 
environmental risk to health or risk to safety that might 
disproportionately affect children.

J. Indian Tribal Governments

    This proposed rule does not have tribal implications under E.O. 
13175, Consultation and Coordination with Indian Tribal Governments, 
because it would not have a substantial direct effect on one or more 
Indian tribes, on the relationship between the Federal Government and 
Indian tribes, or on the distribution of power and responsibilities 
between the Federal Government and Indian tribes.

K. Energy Effects

    We have analyzed this proposed rule under E.O. 13211, Actions 
Concerning Regulations That Significantly Affect Energy Supply, 
Distribution, or Use. We have determined that it is not a ``significant 
energy action'' under that order. While it is a ``significant 
regulatory action'' under E.O. 12866, it is not likely to have a 
significant adverse effect on the supply, distribution, or use of 
energy. The Administrator of the Office of Information and Regulatory 
Affairs has not designated it as a significant energy action. 
Therefore, a Statement of Energy Effects is not required for this rule 
under E.O. 13211.

L. Technical Standards

    The National Technology Transfer and Advancement Act (NTTAA) (15 
U.S.C. 272 note) directs agencies to use voluntary consensus standards 
in their regulatory activities unless the agency provides Congress, 
through the Office of Management and Budget, with an explanation of why 
using these

[[Page 29437]]

standards would be inconsistent with applicable law or otherwise 
impractical. Voluntary consensus standards are technical standards 
(e.g., specifications of materials, performance, design, or operation; 
test methods; sampling procedures; and related management systems 
practices) that are developed or adopted by voluntary consensus 
standards bodies.
    This rulemaking will incorporate standards for TWIC readers and 
card technology. These standards have been developed by the Federal 
government; there are no voluntary consensus standards that could be 
used in their place.

M. Environment

    This Transportation Worker Identification Credential (TWIC) 
proposal contains a program of activities to improve the safety and 
security of vessels, facilities, Outer Continental Shelf facilities, 
and U.S. ports. It proposes requirements for developing application 
forms, collecting and processing forms, application evaluation 
criteria, and issuing determinations on applications. It also updates 
the training, qualifying, licensing, and disciplining of maritime 
personnel and proposes amendments to security plans that will 
contribute to a higher level of marine safety and security for vessels, 
facilities, Outer Continental Shelf facilities, and U.S. ports.
    Implementation of this proposal will involve establishing 
``enrollment stations'' inside existing port facilities to collect TWIC 
applications. The enrollment stations will include a small office, 
using existing utilities, located in space made available in existing 
port facilities or other available space within a 25 mile radius of the 
port facility. If a location does not have a port facility, or enough 
space, a temporary unit will be provided until either sufficient 
permanent space is available or the need for the enrollment station no 
longer exists. To meet the initial surge of enrollments expected when 
the rule is final, 138 stations (permanent and mobile/temporary) are 
expected to be operating nationwide. The on-going/maintenance phase 
will involve approximately 134 stations.
    The provisions of this proposed rule have been analyzed under the 
Department of Homeland Security (DHS) Management Directive (MD) 5100.1, 
Environmental Planning Program, which is the DHS policy and procedures 
for implementing the National Environmental Policy Act (NEPA), and 
related E.O.s and requirements. The implementation of this rule is 
expected to be categorically excluded under the following categorical 
exclusions (CATEX) listed in MD 5100.1, Appendix A, Table 1: CATEX A1 
(personnel, fiscal, management and administrative activities); CATEX A3 
(promulgation of rules, issuance of rulings or interpretations); and 
CATEX A4 (information gathering, data analysis and processing, 
information dissemination, review, interpretation and development of 
documents). CATEX B3 (proposed activities and operations conducted in 
an existing structure that would be compatible with and similar in 
scope to ongoing functional uses) is also applicable. Additionally, we 
have determined that there are no extraordinary circumstances presented 
by this rule that would limit the use of a CATEX under MD 5100.1, 
Appendix A, paragraph 3.2.

List of Subjects

33 CFR Part 101

    Harbors, Maritime security, Reporting and recordkeeping 
requirements, Security measures, Vessels, Waterways.

33 CFR Part 103

    Facilities, Harbors, Maritime security, Ports, Reporting and 
recordkeeping requirements, Security measures, Vessels, Waterways.

33 CFR Part 104

    Incorporation by reference, Maritime security, Reporting and 
recordkeeping requirements, Security measures, Vessels.

33 CFR Part 105

    Facilities, Maritime security, Reporting and recordkeeping 
requirements, Security measures.

33 CFR Part 106

    Facilities, Maritime security, Outer Continental Shelf, Reporting 
and recordkeeping requirements, Security measures.

33 CFR Part 125

    Administrative practice and procedure, Harbors, Reporting and 
recordkeeping requirements, Security measures, Vessels.

46 CFR Part 10

    Penalties, Reporting and recordkeeping requirements, Schools, 
Seamen.

46 CFR Part 12

    Penalties, Reporting and recordkeeping requirements, Seamen.

46 CFR Part 15

    Reporting and recordkeeping requirements, Seamen, Vessels.

49 CFR Part 1515

    Appeals, Commercial drivers license, Criminal history background 
checks, Explosives, Facilities, Hazardous materials, Incorporation by 
reference, Maritime security, Motor carriers, Motor vehicle carriers, 
Ports, Seamen, Security measures, Security threat assessment, Vessels, 
Waivers.

49 CFR Part 1570

    Appeals, Commercial drivers license, Criminal history background 
checks, Explosives, Facilities, Hazardous materials, Incorporation by 
reference, Maritime security, Motor carriers, Motor vehicle carriers, 
Ports, Seamen, Security measures, Security threat assessment, Vessels, 
Waivers.

49 CFR Part 1572

    Appeals, Commercial drivers license, Criminal history background 
checks, Explosives, Facilities, Hazardous materials, Incorporation by 
reference, Maritime security, Motor carriers, Motor vehicle carriers, 
Ports, Seamen, Security measures, Security threat assessment, Vessels, 
Waivers.

The Amendments

    For the reasons listed in the preamble, the Coast Guard proposes to 
amend 33 CFR parts 101, 103, 104, 105, 106, 125; and 46 CFR parts 10, 
12, and 15 and the Transportation Security Administration proposes to 
add or amend 49 CFR parts 1515, 1570, and 1572 as follows:

Title 33--Navigation and Navigable Waters

Chapter I--Coast Guard

PART 101--MARITIME SECURITY: GENERAL

    1. The authority citation for part 101 continues to read as 
follows:

    Authority: 33 U.S.C. 1226, 1231; 46 U.S.C. Chapter 701; 50 
U.S.C. 191, 192; Executive Order 12656, 3 CFR 1988 Comp., p. 585; 33 
CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; Department of Homeland 
Security Delegation No. 0170.1.

    2. In Sec.  101.105 add, in alphabetical order, definitions for the 
terms escorting, personal identification number (PIN), recurring 
unescorted access, secure area, TWIC, TWIC program, and unescorted 
access, to read as follows:


Sec.  101.105  Definitions.

* * * * *
    Escorting means ensuring that the escorted individual is 
continuously

[[Page 29438]]

accompanied or monitored while within a secure area in a manner 
sufficient to identify whether the escorted individual is engaged in 
activities other than those for which escorted access was granted.
* * * * *
    Personal Identification Number (PIN) means a personally selected 
number stored electronically on the individual's TWIC.
* * * * *
    Recurring unescorted access means authorization to enter a vessel 
on a continual basis after an initial personal identity and credential 
verification, as outlined in the vessel security plan.
* * * * *
    Secure Area means the area on board a vessel or at a facility or 
outer continental shelf facility over which the owner/operator has 
implemented security measures for access control, as defined by a Coast 
Guard approved security plan. It does not include passenger access 
areas or public access areas, as those terms are defined in Sec. Sec.  
104.106 and 105.106 of this subchapter.
* * * * *
    TWIC means a valid, non-revoked transportation worker 
identification credential, as defined and explained in 49 CFR part 
1572.
    TWIC Program means those procedures and systems, detailed in an 
approved security plan, that a vessel, facility, or outer continental 
shelf facility must implement in order to assess and validate TWICs 
when maintaining access control.
* * * * *
    Unescorted access means having the authority to enter and move 
about a secure area without escort.
* * * * *
    3. From [effective date of the final rule] to [effective date of 
final rule + 5 years], add Sec.  101.121 to read as follows:


Sec.  101.121  Alternative Security Programs--TWIC Addendum.

    (a) Submitters of Alternative Security Programs that have been 
approved by the Commandant (G-PC) under section 101.120 of this part, 
must submit a TWIC Addendum by [date six months after date of 
publication of final rule], or else their Alternative Security Plan is 
invalid. The TWIC Addendum should include an explanation of how the ASP 
addresses the requirements for a TWIC program contained in parts 104, 
105 and 106 of this subchapter, as applicable.
    (b) The Commandant (G-PC) will examine each TWIC Addendum for 
compliance with this part and either:
    (1) Approve it and specify any conditions of approval, returning to 
the submitter a letter stating its approval and any conditions;
    (2) Return it for revision, returning a copy to the submitter with 
brief descriptions of the required revisions; or
    (3) Disapprove it, returning a copy to the submitter with a brief 
statement of the reasons for disapproval.
    (c) The ASP TWIC Addendum will be given the same expiration date as 
the ASP.
    (d) Upon gaining approval of the TWIC Addendum, the submitter of 
the ASP must incorporate the approved TWIC Addendum into their ASP when 
it is due for reapproval in accordance with Sec.  101.120 of this 
subpart.
    4. Add Sec.  101.514 to read as follows:


Sec.  101.514  TWIC requirement.

    (a) All persons requiring unescorted access to secure areas of 
vessels, facilities, and OCS facilities regulated by parts 104, 105 or 
106 of this subchapter must possess a TWIC before such access is 
granted, except as otherwise noted in this section. A TWIC must be 
obtained via the procedures established by TSA in 49 CFR part 1572.
    (b) Federal officials are not required to obtain or possess a TWIC. 
Except in cases of emergencies or other exigent circumstances, in order 
to gain unescorted access to a secure area of a vessel, facility, or 
OCS facility regulated by parts 104, 105 or 106 of this subchapter, he/
she must verify his identity at a TWIC reader using his/her agency 
issued, HSPD 12 compliant, credential. Until each agency issues its 
HSPD 12 compliant cards, Federal officials may gain unescorted access 
by using their agency's official credential. The COTP will advise 
facilities and vessels within his area of responsibility as agencies 
come into compliance with HSPD 12.
    (c) Law enforcement officials at the State or local level are not 
required to obtain or possess a TWIC to gain unescorted access to 
secure areas. They may, however, voluntarily obtain a TWIC where their 
offices fall within or where they desire recurring unescorted access to 
a secure area of a vessel, facility or OCS facility.
    (d) Owners and/or operators of any vessel or maritime facility that 
is not required to comply with parts 104, 105, or 106 of this 
subchapter, respectively, who would like to implement a TWIC Program 
for their vessel or facility must contact their cognizant COTP to gain 
authorization. If approved, the Coast Guard will contact TSA, who will 
provide the authorization to enroll the vessel or facility employees at 
a TWIC enrollment center.
    5. Revise Sec.  101.515 to read as follows:


Sec.  101.515  TWIC/Personal identification.

    (a) Persons not described in Sec.  101.514 of this part shall be 
required to present personal identification in order to gain entry to a 
vessel, facility, and OCS facility regulated by parts 104, 105 or 106 
of this subchapter. These individuals must be escorted at all times 
while in a secure area. This personal identification must, at a 
minimum, meet the following requirements:
    (1) Be laminated or otherwise secure against tampering;
    (2) Contain the individual's full name (full first and last names, 
middle initial is acceptable);
    (3) Contain a photo that accurately depicts that individual's 
current facial appearance; and
    (4) Bear the name of the issuing authority.
    (b) The issuing authority in paragraph (a)(4) of this section must 
be:
    (1) A government authority, or an organization authorized to act of 
behalf of a government authority; or
    (2) The individual's employer, union, or trade association.
    (c) Vessel, facility, and OCS facility owners and operators must 
permit law enforcement officials, in the performance of their official 
duties, who present proper identification in accordance with this 
section and Sec.  101.514 of this part to enter or board that vessel, 
facility, or OCS facility at any time, without delay or obstruction. 
Law enforcement officials, upon entering or boarding a vessel, 
facility, or OCS facility, will, as soon as practicable, explain their 
mission to the Master, owner, or operator, or their designated agent.

PART 103--MARITIME SECURITY: AREA MARITIME SECURITY

    6. The authority citation for part 103 continues to read as 
follows:

    Authority: 33 U.S.C. 1226, 1231; 46 U.S.C. 70102, 70103, 70104, 
70112; 50 U.S.C. 191; 33 CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; 
Department of Homeland Security Delegation No. 0170.1.

    7. Revise Sec.  103.305(c) to read as follows:


Sec.  103.305  Composition of an Area Maritime Security (AMS) 
Committee.

* * * * *
    (c) Members appointed under this section serve for a term of not 
more than 5 years. In appointing members, the FMSC should consider the 
skills required by Sec.  103.410 of this part. With the exception of 
credentialed Federal, state and local officials, all AMS Committee 
members shall hold a TWIC, or have passed a comparable security

[[Page 29439]]

threat assessment, as determined by the FMSC.
    8. In Sec.  103.505, revise paragraph (n) to read as follows:


Sec.  103.505  Elements of the Area Maritime Security (AMS) plan.

* * * * *
    (n) Security measures designed to ensure the effective security of 
infrastructure, special events, vessels, passengers, cargo, and cargo 
handling equipment at facilities within the port not otherwise covered 
by a Vessel or Security Plan, approved under part 104, 105, or 106 of 
this subchapter. This includes the use of a TWIC program.
* * * * *
    9. In Sec.  103.510, designate the existing text as paragraph (a) 
and add paragraph (b) to read as follows:


Sec.  103.510  Area Maritime Security (AMS) Plan review and approval.

* * * * *
    (b) From [effective date of the final rule] to [effective date of 
the final rule + 5 years], this paragraph (b) shall apply. Each AMS 
Plan shall be updated to include the implementation of the TWIC 
program.

PART 104--MARITIME SECURITY: VESSELS

    10. The authority citation for part 104 continues to read as 
follows:

    Authority: 33 U.S.C. 1226, 1231; 46 U.S.C. Chapter 701; 50 
U.S.C. 191; 33 CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; Department 
of Homeland Security Delegation No, 0170.1.

    11. Amend Sec.  104.105 by redesignating paragraph (d) as paragraph 
(e) and adding a new paragraph (d) to read as follows:


Sec.  104.105  Applicability.

* * * * *
    (d) The TWIC requirements found in this part do not apply to 
foreign vessels.
* * * * *
    12. Add Sec.  104.106 to read as follows:


Sec.  104.106  Passenger access area.

    (a) A ferry, passenger vessel, or cruise ship may designate areas 
within the vessel as passenger access areas. Any such areas must be 
specified in the VSP.
    (b) A passenger access area is a defined space within the access 
control area of a ferry or passenger vessel that is open to passengers. 
It is not a secure area and does not require a TWIC for unescorted 
access.
    13. From [effective date of the final rule] to [effective date of 
final rule + 5 years], amend Sec.  104.115 by adding paragraph (d) to 
read as follows:


Sec.  104.115  Compliance dates.

* * * * *
    (d) Vessel owners or operators subject to paragraph (b) of this 
section and not excluded by Sec.  104.105(d) or this part must:
    (1) Submit a TWIC Addendum to the Commanding Officer, Marine Safety 
Center, to cover each vessel they own or operate subject to this part 
on or before [date 6 months after publication of the final rule]; and
    (2) Be operating in accordance with the TWIC provisions found 
within this part, as outlined in their TWIC Addendum, between [date 1 
year after publication of the final rule] and [date 18 months after 
publication of the final rule], depending on whether enrollment has 
been completed in the port in which the vessel is operating, in 
accordance with 49 CFR 1572.19.
    14. From [effective date of the final rule] to [effective date of 
final rule + 5 years], amend Sec.  104.120 by adding paragraph (c) to 
read as follows:


Sec.  104.120  Compliance documentation.

* * * * *
    (c) Each vessel owner or operator subject to this part must ensure, 
before [date one year after publication of the final rule] that copies 
of the following documentation are carried on board the vessel and are 
made available to the Coast Guard upon request:
    (1) The approved TWIC addendum and any approved revisions or 
amendments thereto, and a letter of approval from the Commanding 
Officer, Marine Safety Center (MSC) dated within the last 5 years;
    (2) The TWIC Addendum submitted for approval and current written 
acknowledgment from the Commanding Officer, MSC, stating that the Coast 
Guard is currently reviewing the TWIC Addendum submitted for approval 
and that the vessel may continue to operate; or
    (3) For vessels operating under a Coast Guard-approved Alternative 
Security Program as provided in Sec.  104.140, a copy of the 
Alternative Security Program the vessel is using, including a vessel 
specific security assessment report generated under the Alternative 
Security Program, as specified in Sec.  101.120(b)(3) of this 
subchapter, and a letter signed by the vessel owner or operator, 
stating which Alternative Security Program the vessel is using and 
certifying that the vessel is in full compliance with that program, as 
it has been amended pursuant to Sec.  101.121 of this subchapter.

Subpart B--Vessel Security Requirements

    15. Revise Sec.  104.200(b) to read as follows:


Sec.  104.200  Owner or operator.

* * * * *
    (b) For each vessel, the vessel owner or operator must:
    (1) Define the security organizational structure for each vessel 
and provide all personnel exercising security duties or 
responsibilities within that structure with the support needed to 
fulfill security obligations;
    (2) Designate, in writing, by name or title, a Company Security 
Officer (CSO), a Vessel Security Officer (VSO) for each vessel, and 
identify how those officers can be contacted at any time;
    (3) Ensure personnel receive training, drills, and exercises 
enabling them to perform their assigned security duties;
    (4) Inform vessel personnel of their responsibility to apply for 
and maintain a TWIC, including the deadlines and methods for such 
applications, and of their obligation to inform TSA of any event that 
would render them ineligible for a TWIC, or which would invalidate 
their existing TWIC;
    (5) Ensure vessel security records are kept;
    (6) Ensure that adequate coordination of security issues takes 
place between vessels and facilities; this includes the execution of a 
Declaration of Security (DoS);
    (7) Ensure coordination of shore leave, transit, or crew change-out 
for vessel personnel, as well as access through the facility of 
visitors to the vessel (including representatives of seafarers' welfare 
and labor organizations), with facility operators in advance of a 
vessel's arrival. Vessel owners or operators may refer to treaties of 
friendship, commerce, and navigation between the U.S. and other nations 
in coordinating such leave. The text of these treaties can be found at 
http://www.marad.dot.gov/Programs/treaties.html;
    (8) Ensure security communication is readily available;
    (9) Ensure coordination with and implementation of changes in 
Maritime Security (MARSEC) Level;
    (10) Ensure that security systems and equipment are installed and 
maintained, including at least one TWIC reader that meets the standard 
incorporated by TSA at 49 CFR 1572.23, and that computer and access 
control systems and hardware are secure;
    (11) Ensure that vessel access, including the embarkation of 
persons and their effects, are controlled;

[[Page 29440]]

    (12) Ensure that TWIC procedures are implemented as set forth in 
this part, including;
    (i) Ensuring that only individuals who hold a TWIC and are 
authorized to be in secure areas in accordance with the VSP are 
permitted to escort; and
    (ii) Identifying what action is to be taken by an escort, or other 
authorized individual, should individuals under escort engage in 
activities other than those for which escorted access was granted.
    (13) Ensure that restricted areas are controlled and TWIC 
provisions are coordinated, if applied to such restricted areas;
    (14) Ensure that protocols are in place for responding to TWIC 
holders presenting for entry who cannot electronically verify a match 
between themselves and the information stored on the credential's ICC. 
These must include interim alternative security measures for an 
individual who cannot electronically verify his identity. Such 
provisions should take into account measures appropriate for occasional 
failures to verify and for persistent problems with verification such 
that a person may require a new credential;
    (15) Ensure that protocols are in place for responding to TWIC 
holders presenting for entry whose cards have been revoked by TSA, and 
provisions for individuals requiring access who report a lost or stolen 
TWIC;
    (16) Ensure there are alternate provisions in case of equipment or 
power failures that affect TWIC readers and other validation equipment.
    (17) Ensure that appropriate personnel know who is on the vessel at 
all times;
    (18) Ensure that cargo and vessel stores and bunkers are handled in 
compliance with this part;
    (19) Ensure restricted areas, deck areas, and areas surrounding the 
vessel are monitored;
    (20) Provide the Master, or for vessels on domestic routes only, 
the CSO, with the following information:
    (i) Parties responsible for appointing vessel personnel, such as 
vessel management companies, manning agents, contractors, 
concessionaires (for example, retail sales outlets, casinos, etc.);
    (ii) Parties responsible for deciding the employment of the vessel, 
including time or bareboat charters or any other entity acting in such 
capacity; and
    (iii) In cases when the vessel is employed under the terms of a 
charter party, the contract details of those documents, including time 
or voyage charters; and
    (21) Give particular consideration to the convenience, comfort, and 
personal privacy of vessel personnel and their ability to maintain 
their effectiveness over long periods.
    16. Amend Sec.  104.210 by adding paragraphs (a)(5), (b)(2)(xv) and 
(c)(15) to read as follows:


Sec.  104.210  Company Security Officer (CSO).

    (a) * * *
    (5) The CSO must maintain a valid TWIC.
    (b) * * *
    (2) * * *
    (xv) Knowledge of TWIC.
    (c) * * *
    (15) Ensure the TWIC program is being properly implemented.
    17. Amend Sec.  104.215 by adding paragraphs (a)(6), (b)(7) and 
(c)(12) to read as follows:


Sec.  104.215  Vessel Security Officer (VSO).

    (a) * * *
    (6) The VSO must maintain a valid TWIC.
    (b) * * *
    (7) TWIC.
    (c) * * *
    (12) Ensure TWIC programs are in place and implemented 
appropriately.
    18. Amend Sec.  104.220 by revising the introductory paragraph and 
adding paragraph (n) to read as follows:


Sec.  104.220  Company or vessel personnel with security duties.

    Company and vessel personnel responsible for security duties must 
maintain a valid TWIC, and must have knowledge, through training or 
equivalent job experience, in the following, as appropriate:
* * * * *
    (n) Relevant aspects of the TWIC program and how to carry them out.
    19. Amend Sec.  104.225 by adding paragraph (f) to read as follows:


Sec.  104.225  Security training for all other vessel personnel.

* * * * *
    (f) Relevant aspects of the TWIC program and how to carry them out.
    20. Amend Sec.  104.235 by redesignating paragraphs (b)(1) through 
(b)(8) as (b)(2) through (b)(9), respectively, and add new paragraph 
(b)(1) to read as follows:


Sec.  104.235  Vessel recordkeeping requirements.

* * * * *
    (b) * * *
    (1) Access. Records of those individuals who are granted access to 
secure areas of the vessel, including records of when these individuals 
disembark the vessel and, in the case of individuals who are escorted, 
the identification of the individual who escorted or the method by 
which the individual was escorted;
* * * * *
    21. Revise Sec.  104.265 to read as follows:


Sec.  104.265  Security measures for access control.

    (a) General. The vessel owner or operator must ensure the 
implementation of security measures to:
    (1) Deter the unauthorized introduction of dangerous substances and 
devices, including any device intended to damage or destroy persons, 
vessels, facilities, or ports;
    (2) Secure dangerous substances and devices that are authorized by 
the owner or operator to be on board;
    (3) Control access to the vessel; and
    (4) Prevent an unescorted individual from entering an area of the 
vessel that is designated as a secure area unless the individual holds 
a duly issued TWIC and is authorized to be in the area in accordance 
with the vessel security plan.
    (b) The vessel owner or operator must ensure that the following are 
specified:
    (1) The locations providing means of access to the vessel where 
access restrictions or prohibitions are applied for each Maritime 
Security (MARSEC) Level, including those points where a TWIC reader is 
or will be deployed. ``Means of access'' include, but are not limited, 
to all:
    (i) Access ladders;
    (ii) Access gangways;
    (iii) Access ramps;
    (iv) Access doors, side scuttles, windows, and ports;
    (v) Mooring lines and anchor chains; and
    (vi) Cranes and hoisting gear;
    (2) The identification of the types of restriction or prohibition 
to be applied and the means of enforcing them;
    (3) The means used to establish the identity of individuals not in 
possession of a TWIC and procedures for escorting, in accordance with 
Sec.  101.515 of this subchapter; and
    (4) Procedures for identifying authorized and unauthorized persons 
at any MARSEC level.
    (c) The vessel owner or operator must ensure that a TWIC program is 
implemented as follows:
    (1) Determine whether recurring unescorted access will be used and, 
prior to granting any individual recurring unescorted access (as 
defined in Sec.  101.105 of this subchapter) to secure areas of the 
vessel, ensure that the individual being granted recurring access 
privileges has a TWIC and verify the individual's identity. The 
identity

[[Page 29441]]

verification procedure must electronically verify a match between the 
individual and the biometric information stored on the TWIC's ICC, 
including a verification of the individual's personal identification 
number (PIN). The validity of the TWIC itself shall also be verified at 
this time;
    (2) After granting recurring unescorted access, verify the 
individual's identity at each entry to the secure area of the vessel. 
This identity verification procedure must be outlined in the approved 
VSP and should at a minimum include visual facial recognition;
    (3) Ensure that any individual granted unescorted access to secure 
areas of the vessel is able to produce his or her TWIC upon request;
    (4) Ensure that the identity of any individual not granted 
recurring unescorted access and seeking unescorted access to the vessel 
is verified by matching the individual to the biometric information 
stored on the TWIC's ICC at every entry. The validity of the TWIC 
itself shall also be verified at this time;
    (5) Includes disciplinary measures to prevent fraud and abuse;
    (6) Allows certain long-term, frequent vendor representatives and 
visitors, including seafarers' chaplains and union representatives who 
hold a TWIC to be eligible for recurring unescorted access;
    (7) Allows for temporary access if alternative security measures 
are implemented due to a failure of the TWIC system, and the individual 
can meet or pass those alternative security measures;
    (8) Is coordinated, when practicable, with identification and TWIC 
systems at facilities used by the vessel; and
    (9) Periodically verifies the validity of TWICs as outlined in 
paragraphs (f)(1), (g)(1) and (h)(1) of this section.
    (d) If the vessel owner or operator uses a separate identification 
system, ensure that it complies and is coordinated with TWIC provisions 
in this part.
    (e) The vessel owner or operator must establish in the approved 
Vessel Security Plan (VSP) the frequency of application of any security 
measures for access control, particularly if these security measures 
are applied on a random or occasional basis.
    (f) MARSEC Level 1. The vessel owner or operator must ensure 
security measures in this paragraph are implemented to:
    (1) Employ TWIC as set out in paragraph (c) of this section. The 
validity of a TWIC presented for unescorted access shall be verified 
using information that is no more than seven (7) days old. The validity 
of a TWIC held by a person previously granted recurring unescorted 
access shall be verified weekly, using the most current information 
available from TSA.
    (2) Screen persons, baggage (including carry-on items), personal 
effects, and vehicles for dangerous substances and devices at the rate 
specified in the approved Vessel Security Plan (VSP), except for 
government-owned vehicles on official business when government 
personnel present identification credentials for entry;
    (3) Conspicuously post signs that describe security measures 
currently in effect and clearly state that:
    (i) Boarding the vessel is deemed valid consent to screening or 
inspection; and
    (ii) Failure to consent or submit to screening or inspection will 
result in denial or revocation of authorization to board;
    (4) Check the identification of any person not holding a TWIC and 
seeking to board the vessel, including vessel passengers, vendors, 
personnel duly authorized by the cognizant government authorities, and 
visitors. This check includes confirming the reason for boarding by 
examining at least one of the following:
    (i) Joining instructions;
    (ii) Passenger tickets;
    (iii) Boarding passes;
    (iv) Work orders, pilot orders, or surveyor orders;
    (v) Government identification; or
    (vi) Visitor badges issued in accordance with an identification 
system implemented under paragraph (d) of this section.
    (5) Deny or revoke a person's authorization to be on board if the 
person is unable or unwilling, upon the request of vessel personnel, to 
establish his or her identity in accordance with this part or to 
account for his or her presence on board. Any such incident must be 
reported in compliance with this part;
    (6) Deter unauthorized access to the vessel;
    (7) Identify access points that must be secured or attended to 
deter unauthorized access;
    (8) Lock or otherwise prevent access to unattended spaces that 
adjoin areas to which passengers and visitors have access;
    (9) Provide a designated area on board, within the secure area, or 
in liaison with a facility, for conducting inspections and screening of 
people, baggage (including carry-on items), personal effects, vehicles 
and the vehicle's contents;
    (10) Ensure vessel personnel are not subjected to screening, of the 
person or of personal effects, by other vessel personnel, unless 
security clearly requires it. Any such screening must be conducted in a 
way that takes into full account individual human rights and preserves 
the individual's basic human dignity;
    (11) Ensure the screening of all unaccompanied baggage;
    (12) Ensure checked persons and their personal effects are 
segregated from unchecked persons and their personal effects;
    (13) Ensure embarking passengers are segregated from disembarking 
passengers;
    (14) Ensure, in liaison with the facility, a defined percentage of 
vehicles to be loaded aboard passenger vessels are screened prior to 
loading at the rate specified in the approved VSP;
    (15) Ensure, in liaison with the facility, all unaccompanied 
vehicles to be loaded on passenger vessels are screened prior to 
loading; and
    (16) Respond to the presence of unauthorized persons on board, 
including repelling unauthorized boarders.
    (g) MARSEC Level 2. In addition to the security measures required 
for MARSEC Level 1 in this section, at MARSEC Level 2, the vessel owner 
or operator must:
    (1) Verify the validity of a TWIC presented for unescorted access 
using information that is no more than one (1)day old, and verify the 
validity of TWIC credentials presented by persons granted recurring 
unescorted access to the vessel daily, using the most current 
information available from TSA; and
    (2) Ensure the implementation of additional security measures, as 
specified for MARSEC Level 2 in the approved VSP. These additional 
security measures may include:
    (i) Increasing the frequency and detail of screening of people, 
personal effects, and vehicles being embarked or loaded onto the vessel 
as specified for MARSEC Level 2 in the approved VSP, except for 
government-owned vehicles on official business when government 
personnel present identification credentials for entry;
    (ii) X-ray screening of all unaccompanied baggage;
    (iii) Assigning additional personnel to patrol deck areas during 
periods of reduced vessel operations to deter unauthorized access;
    (iv) Limiting the number of access points to the vessel by closing 
and securing some access points;
    (v) Denying access to visitors who do not have a verified 
destination;

[[Page 29442]]

    (vi) Deterring waterside access to the vessel, which may include, 
in liaison with the facility, providing boat patrols; and
    (vii) Establishing a restricted area on the shore side of the 
vessel, in close cooperation with the facility.
    (h) MARSEC Level 3. In addition to the security measures required 
for MARSEC Level 1 and MARSEC Level 2, the vessel owner or operator 
must:
    (1) Require all persons, including those granted recurring 
unescorted access to secure areas of the vessel in accordance with 
paragraph (c)(1) of this section, to verify their identity at each 
entry to a secure area by electronically matching the individual to the 
biometric information stored on the TWIC, including a verification of 
the individual's PIN;
    (2) Ensure the implementation of additional security measures, as 
specified for MARSEC Level 3 in the approved VSP. The additional 
security measures may include:
    (i) Screening all persons, baggage, and personal effects for 
dangerous substances and devices;
    (ii) Performing one or more of the following on unaccompanied 
baggage:
    (A) Screen unaccompanied baggage more extensively, for example, x-
raying from two or more angles;
    (B) Prepare to restrict or suspend handling unaccompanied baggage; 
or
    (C) Refuse to accept unaccompanied baggage on board;
    (iii) Being prepared to cooperate with responders and facilities;
    (iv) Limiting access to the vessel to a single, controlled access 
point;
    (v) Granting access to only those responding to the security 
incident or threat thereof;
    (vi) Suspending embarkation and/or disembarkation of personnel;
    (vii) Suspending cargo operations;
    (viii) Evacuating the vessel;
    (ix) Moving the vessel; or
    (x) Preparing for a full or partial search of the vessel.
    22. Amend Sec.  104.290 by redesignating paragraphs (a)(1) through 
(a)(5) as (a)(2) through (a)(6), respectively, and adding new paragraph 
(a)(1) to read as follows:


Sec.  104.290  Security incident procedures.

* * * * *
    (a) * * *
    (1) Providing a list of all individuals who have been granted 
access to the vessel, as maintained pursuant to Sec.  104.235 of this 
part;
* * * * *
    23. Revise Sec.  104.295 to read as follows:


Sec.  104.295  Additional requirements--cruise ships.

    (a) The owner or operator of a U.S.-flagged cruise ship must ensure 
the following:
    (1) At all MARSEC levels:
    (i) Each crewmember or employee's identity and TWIC must be 
verified prior to allowing the individual to board the vessel at each 
entry to the vessel. The TWIC validation procedure must rely upon the 
most current information available from TSA. The identity verification 
procedure must electronically verify a match between the individual and 
the biometric information stored on the TWIC's ICC.
    (ii) All persons, baggage, and personal effects must be screened 
for dangerous substances and devices;
    (iii) The identification of all persons seeking to board the vessel 
must be checked. Persons holding a TWIC shall be checked as set forth 
in paragraph (a)(1) of this section. For persons not holding a TWIC, 
this check includes confirming the reason for boarding by examining 
passenger tickets, boarding passes, government identification or 
visitor badges, or work orders;
    (iv) Security patrols must be performed; and
    (v) Selected areas must be searched prior to embarking passengers 
and prior to sailing.
    (2) At MARSEC Level 2, in addition to the requirements of paragraph 
(a)(1)(i), above the owner or operator of a U.S.-flagged cruise ship 
must ensure that each crewmember or employee seeking to board the 
vessel is required to enter his or her correct PIN prior to being 
allowed to board.
    (3) At MARSEC Level 3, the owner or operator of a U.S.-flagged 
cruise ship must ensure that security briefs to passengers about the 
specific threat are provided.
    (b) The owner or operator of a foreign-flagged cruise ship must 
ensure the following:
    (1) At all MARSEC Levels:
    (i) All persons, baggage, and personal effects must be screened for 
dangerous substances and devices;
    (ii) The identification of all persons seeking to board the vessel 
must be checked, and must include confirming the reason for boarding by 
examining joining instructions, passenger tickets, boarding passes, 
government identification or visitor badges, or work orders;
    (iii) Perform security patrols; and
    (iv) Search selected areas prior to embarking passengers and prior 
to sailing.
    (2) At MARSEC Level 3, the owner or operator of a foreign cruise 
ship must ensure that security briefs to passengers about the specific 
threat are provided.

Subpart D--Vessel Security Plan (VSP)

    24. Revise Sec.  104.405(a)(10) to read as follows:


Sec.  104.405  Format of the Vessel Security Plan (VSP).

    (a) * * *
    (10) Security measures for access control, including designated 
passenger access areas and TWIC implementation;
* * * * *
    25. From [effective date of the final rule] to [effective date of 
final rule + 5 years], add Subpart E--TWIC Addendum to read as follows:
Subpart E--TWIC Addendum
Sec.
104.500 General.
104.505 Submission and approval.
104.510 Integration of TWIC Addendum into full VSP.

Subpart E--TWIC Addendum


Sec.  104.500  General.

    A vessel owner or operator must ensure the completion of a TWIC 
Addendum. The TWIC Addendum must outline the security measures to be 
used on the vessel in order to implement a TWIC program as discussed in 
Sec.  104.265 of this part, including the alternate procedures to be 
used.


Sec.  104.505  Submission and approval.

    (a) In accordance with Sec.  104.115, on or before [date six months 
after publication of the final rule], each vessel owner or operator not 
operating under an ASP must submit one copy of their TWIC Addendum, in 
English, for review and approval to the Commanding Officer, Marine 
Safety Center (MSC) and a letter certifying that their TWIC Addendum 
meets applicable requirements of this part.
    (b) Owners or operators of vessels not in service on or before 
[date of publication of final rule] must comply with Sec.  104.510 and 
submit a complete VSP that includes details regarding the 
implementation of a TWIC program.
    (c) The Commanding Officer, MSC, will examine each submission for 
compliance with this subpart and either:
    (1) Approve it and specify any conditions of approval, returning to 
the submitter a letter stating its acceptance and any conditions;
    (2) Return it for revision, returning a letter to the submitter 
with brief descriptions of the required revisions; or
    (3) Disapprove it, returning a letter to the submitter with a brief 
statement of the reasons for disapproval.

[[Page 29443]]

    (d) A TWIC Addendum may be submitted and approved to cover more 
than one vessel where the vessel design and operations are similar.
    (e) Each company or vessel owner or operator that submits one TWIC 
Addendum to cover two or more vessels of similar design and operation 
must address vessel-specific information that includes the physical and 
operational characteristics of each vessel.
    (f) A TWIC Addendum will be given the same expiration date as the 
vessel's full VSP.


Sec.  104.510  Integration of TWIC Addendum into full VSP.

    Upon gaining approval for the TWIC Addendum, the vessel owner or 
operator must incorporate the approved TWIC Addendum into the VSP when 
the vessel's VSP is due for reapproval in accordance with Subpart D of 
this part.

PART 105--MARITIME SECURITY: FACILITIES

    26. The authority citation for part 105 continues to read as 
follows:

    Authority: 33 U.S.C. 1226, 1231; 46 U.S.C. 70103; 50 U.S.C. 191; 
33 CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; Department of Homeland 
Security Delegation No, 0170.1.

    27. From [effective date of the final rule] to [effective date of 
final rule + 5 years], amend Sec.  105.115 by adding paragraph (c) to 
read as follows:


Sec.  105.115  Compliance dates.

* * * * *
    (c) Facility owners or operators must:
    (1) Submit a TWIC Addendum to their COTP to cover each facility 
they own or operate subject to this part on or before [date 6 months 
after publication of final rule]; and
    (2) Be operating in accordance with the TWIC provisions found 
within this part, as outlined in their TWIC Addendum, between [date 1 
year after publication of the final rule] and [date 18 months after 
publication of the final rule], depending on whether enrollment has 
been completed in the port where the facility is operating, in 
accordance with 49 CFR 1572.19.
    28. Amend Sec.  105.120 by:
    a. Designating the undesignated text as paragraph (a);
    b. Redesignating paragraphs (a), (b), and (c) as (a)(1), (a)(2), 
and (a)(3), respectively; and
    c. Adding paragraph (b) to read as follows:


Sec.  105.120  Compliance documentation.

* * * * *
    (b) From [effective date of final rule] to [effective date of the 
final rule + 5 years], this paragraph (b) shall apply. Each facility 
owner or operator subject to this part must ensure, before [date one 
year after publication of final rule] that a copies of the following 
documentation are available at the facility and are made available to 
the Coast Guard upon request:
    (1) The approved TWIC addendum and any approved revisions or 
amendments thereto, and a letter of approval from the cognizant COTP 
dated within the last 5 years;
    (2) The TWIC Addendum submitted for approval and current written 
acknowledgment from the cognizant COTP, stating that the Coast Guard is 
currently reviewing the TWIC Addendum submitted for approval and that 
the facility may continue to operate; or
    (3) For facilities operating under a Coast Guard-approved 
Alternative Security Program as provided in Sec.  105.140, a copy of 
the Alternative Security Program the facility is using, including a 
facility specific security assessment report generated under the 
Alternative Security Program, as specified in Sec.  101.120(b)(3) of 
this subchapter, and a letter signed by the facility owner or operator, 
stating which Alternative Security Program the facility is using and 
certifying that the facility is in full compliance with that program, 
as it has been amended pursuant to Sec.  101.121 of this subchapter.

Subpart B--Facility Security Requirements

    29. Revise Sec.  105.200(b) to read as follows:


Sec.  105.200  Owner or operator.

* * * * *
    (b) For each facility, the facility owner or operator must:
    (1) Define the security organizational structure and provide each 
person exercising security duties and responsibilities within that 
structure the support needed to fulfill those obligations;
    (2) Designate, in writing, by name or by title, a Facility Security 
Officer (FSO) and identify how the officer can be contacted at any 
time;
    (3) Ensure that a Facility Security Assessment (FSA) is conducted;
    (4) Ensure the development and submission for approval of a 
Facility Security Plan (FSP);
    (5) Ensure that the facility operates in compliance with the 
approved FSP;
    (6) Ensure that the TWIC program is properly implemented as set 
forth in this part, including;
    (i) Ensuring that only individuals who hold a TWIC and are 
authorized to be in the area in accordance with the FSP are permitted 
to escort;
    (ii) Identifying what action is to be taken by an escort, or other 
authorized individual, should individuals under escort engage in 
activities other than those for which escorted access was granted; and
    (iii) Ensuring that security systems and equipment are installed 
and maintained, including at least one TWIC reader that meets the 
standard incorporated by TSA in 49 CFR 1572.23, and that computer and 
access control systems and hardware are secure;
    (7) Ensure that restricted areas are controlled and TWIC provisions 
are coordinated, if applied to such restricted areas;
    (8) Ensure that adequate coordination of security issues takes 
place between the facility and vessels that call on it, including the 
execution of a Declaration of Security (DoS) as required by this part;
    (9) Ensure coordination of shore leave for vessel personnel or crew 
change-out, as well as access through the facility for visitors to the 
vessel (including representatives of seafarers' welfare and labor 
organizations), with vessel operators in advance of a vessel's arrival. 
In coordinating such leave, facility owners or operators may refer to 
treaties of friendship, commerce, and navigation between the U.S. and 
other nations. The text of these treaties can be found at http://www.marad.dot.gov/Programs/treaties.html;
    (10) Ensure, within 12 hours of notification of an increase in 
MARSEC Level, implementation of the additional security measures 
required for the new MARSEC Level;
    (11) Ensure security for unattended vessels moored at the facility;
    (12) Ensure the report of all breaches of security and 
transportation security incidents to the National Response Center in 
accordance with part 101 of this chapter;
    (13) Ensure consistency between security requirements and safety 
requirements;
    (14) Inform facility personnel of their responsibility to apply for 
and maintain a TWIC, including the deadlines and methods for such 
applications, and of their obligation to inform TSA of any event that 
would render them ineligible for a TWIC, or which would invalidate 
their existing TWIC;
    (15) Ensure that protocols are in place for responding to TWIC 
holders presenting for entry who cannot electronically verify a match 
between themselves and the information stored on the credential's ICC. 
These must include interim alternative security

[[Page 29444]]

measures for an individual who cannot electronically verify his 
identity. Such provisions should take into account measures appropriate 
for occasional failures to verify and for persistent problems with 
verification such that a person may require a new credential;
    (16) Ensure that protocols are in place for responding to TWIC 
holders presenting for entry whose cards have been revoked by TSA, or 
other appropriate authority, or otherwise reported as invalid, and 
provisions for individuals requiring access who report a lost or stolen 
TWIC;
    (17) Ensure there are alternate provisions in case of equipment or 
power failures that affect TWIC readers and other validation equipment; 
and
    (18) Ensure that appropriate personnel know who is on the facility 
at all times.
    30. Amend Sec.  105.205 by adding paragraphs (a)(4), (b)(2)(xv) and 
(c)(19) to read as follows:


Sec.  105.205  Facility Security Officer (FSO).

    (a) * * *
    (4) The FSO must maintain a valid TWIC.
    (b) * * *
    (2) * * *
    (xv) Knowledge of TWIC.
    (c) * * *
    (19) Ensure the TWIC program is being properly implemented.
    31. Amend Sec.  105.210 by revising the introductory paragraph and 
adding paragraph (n) to read as follows:


Sec.  105.210  Facility personnel with security duties.

    Facility personnel responsible for security duties must maintain a 
valid TWIC, and must have knowledge, through training or equivalent job 
experience, in the following, as appropriate:
* * * * *
    (n) Familiar with all relevant aspects of the TWIC program and how 
to carry them out.
    32. Amend Sec.  105.215 by adding paragraph (f) to read as follows:


Sec.  105.215  Security training for all other facility personnel.

* * * * *
    (f) Familiar with all relevant aspects of the TWIC program and how 
to carry them out.
    33. Amend Sec.  105.225 by adding paragraph (b)(9) to read as 
follows:


Sec.  105.225  Facility recordkeeping requirements.

* * * * *
    (b) * * *
    (9) Records of those individuals who are granted access to the 
secure areas of the facility, including records of when these 
individuals exit the facility and, in the case of individuals who are 
escorted, the identification of the individual who escorted or the 
method by which the individual was escorted.
* * * * *
    34. Revise Sec.  105.255 to read as follows:


Sec.  105.255  Security measures for access control.

    (a) General. The facility owner or operator must ensure the 
implementation of security measures to:
    (1) Deter the unauthorized introduction of dangerous substances and 
devices, including any device intended to damage or destroy persons, 
vessels, facilities, or ports;
    (2) Secure dangerous substances and devices that are authorized by 
the owner or operator to be on the facility;
    (3) Control access to the facility; and
    (4) Prevent an unescorted individual from entering an area of the 
facility that is designated as a secure area unless the individual 
holds a duly issued TWIC and is authorized to be in the area in 
accordance with the facility security plan.
    (b) The facility owner or operator must ensure that the following 
are specified:
    (1) The locations where restrictions or prohibitions that prevent 
unauthorized access are applied for each MARSEC Level, including those 
points where a TWIC reader is or will be deployed. Each location 
allowing means of access to the facility must be addressed;
    (2) The types of restrictions or prohibitions to be applied and the 
means of enforcing them;
    (3) The means used to establish the identity of individuals not in 
possession of a TWIC, in accordance with Sec.  101.515 of this 
subchapter, and procedures for escorting them;
    (4) Procedures for identifying authorized and unauthorized persons 
at any MARSEC level; and
    (5) The locations where persons, personal effects and vehicle 
screenings are to be conducted. The designated screening areas should 
be covered to provide for continuous operations regardless of the 
weather conditions.
    (c) The facility owner or operator must ensure that a TWIC program 
is implemented as follows:
    (1) Prior to granting any individual unescorted access to secure 
areas of the facility, ensure that the individual being granted access 
privileges has a TWIC and verify the individual's identity. The 
identity verification procedure must electronically verify a match 
between the individual and the biometric information stored on the 
TWIC's ICC. The validity of the TWIC itself shall also be verified at 
this time;
    (2) Ensure that any individual granted unescorted access to secure 
areas of the facility is able to produce his or her TWIC upon request;
    (3) Uses disciplinary measures to prevent fraud and abuse;
    (4) Allows for temporary access if alternative security measures 
are implemented due to a failure of the TWIC system, and the individual 
can meet or pass those alternative security measures;
    (5) Is coordinated, when practicable, with identification and TWIC 
systems of vessels or other transportation conveyances that use the 
facility; and
    (6) Periodically verifies the validity of TWICs as outlined in 
paragraphs (f)(1), (g)(1) and (h)(1) of this section.
    (d) If the facility owner or operator uses a separate 
identification system, ensure that it complies and is coordinated with 
TWIC provisions in this part.
    (e) The facility owner or operator must establish in the approved 
Facility Security Plan (FSP) the frequency of application of any access 
controls, particularly if they are to be applied on a random or 
occasional basis.
    (f) MARSEC Level 1. The facility owner or operator must ensure the 
following security measures are implemented at the facility:
    (1) Implement TWIC as set out in paragraph (c) of this section. The 
validity of a TWIC presented for unescorted access shall be verified 
using information that is no more than seven (7) days old;
    (2) Screen persons, baggage (including carry-on items), personal 
effects, and vehicles, for dangerous substances and devices at the rate 
specified in the approved FSP, excluding government-owned vehicles on 
official business when government personnel present identification 
credentials for entry;
    (3) Conspicuously post signs that describe security measures 
currently in effect and clearly state that:
    (i) Entering the facility is deemed valid consent to screening or 
inspection; and
    (ii) Failure to consent or submit to screening or inspection will 
result in denial or revocation of authorization to enter;
    (4) Check the identification of any person not holding a TWIC and 
seeking entry to the facility, including vessel passengers, vendors, 
personnel duly authorized by the cognizant government authorities, and 
visitors. This check shall include confirming the reason for

[[Page 29445]]

boarding by examining at least one of the following:
    (i) Joining instructions;
    (ii) Passenger tickets;
    (iii) Boarding passes;
    (iv) Work orders, pilot orders, or surveyor orders;
    (v) Government identification; or
    (vi) Visitor badges issued in accordance with an identification 
system implemented under paragraph (d) of this section;
    (5) Deny or revoke a person's authorization to be on the facility 
if the person is unable or unwilling, upon the request of facility 
personnel, to establish his or her identity in accordance with this 
part or to account for his or her presence. Any such incident must be 
reported in compliance with this part;
    (6) Designate restricted areas and provide appropriate access 
controls for these areas;
    (7) Identify access points that must be secured or attended to 
deter unauthorized access;
    (8) Deter unauthorized access to the facility and to designated 
restricted areas within the facility;
    (9) Screen by hand or device, such as x-ray, all unaccompanied 
baggage prior to loading onto a vessel; and
    (10) Secure unaccompanied baggage after screening in a designated 
restricted area and maintain security control during transfers between 
the facility and a vessel.
    (g) MARSEC Level 2. In addition to the security measures required 
for MARSEC Level 1 in this section, at MARSEC Level 2, the facility 
owner or operator must:
    (1) Verify the validity of TWIC credentials presented by all 
persons, using information that is no more than one (1) day old, and 
ensure that all TWIC enabled gates are manned; and
    (2) Ensure the implementation of additional security measures, as 
specified for MARSEC Level 2 in their approved FSP. These additional 
security measures may include:
    (i) Increasing the frequency and detail of the screening of 
persons, baggage, and personal effects for dangerous substances and 
devices entering the facility;
    (ii) X-ray screening of all unaccompanied baggage;
    (iii) Assigning additional personnel to guard access points and 
patrol the perimeter of the facility to deter unauthorized access;
    (iv) Limiting the number of access points to the facility by 
closing and securing some access points and providing physical barriers 
to impede movement through the remaining access points;
    (v) Denying access to visitors who do not have a verified 
destination;
    (vi) Deterring waterside access to the facility, which may include, 
using waterborne patrols to enhance security around the facility; or
    (vii) Except for government-owned vehicles on official business 
when government personnel present identification credentials for entry, 
screening vehicles and their contents for dangerous substances and 
devices at the rate specified for MARSEC Level 2 in the approved FSP.
    (h) MARSEC Level 3. In addition to the security measures required 
for MARSEC Level 1 and MARSEC Level 2, at MARSEC level 3, the facility 
owner or operator must ensure that each person holding a TWIC and 
seeking unescorted access to a secure area is required to enter his or 
her correct PIN prior to being allowed to enter that area, and must 
ensure the implementation of additional security measures, as specified 
for MARSEC Level 3 in their approved FSP. These additional security 
measures may include:
    (1) Screening all persons, baggage, and personal effects for 
dangerous substances and devices;
    (2) Performing one or more of the following on unaccompanied 
baggage:
    (i) Screen unaccompanied baggage more extensively; for example, x-
raying from two or more angles;
    (ii) Prepare to restrict or suspend handling unaccompanied baggage; 
or
    (iii) Refuse to accept unaccompanied baggage;
    (3) Being prepared to cooperate with responders and facilities;
    (4) Granting access to only those responding to the security 
incident or threat thereof;
    (5) Suspending access to the facility;
    (6) Suspending cargo operations;
    (7) Evacuating the facility;
    (8) Restricting pedestrian or vehicular movement on the grounds of 
the facility; or
    (9) Increasing security patrols within the facility.
    35. Amend Sec.  105.280 by adding paragraph (f) to read as follows:


Sec.  105.280  Security incident procedures.

* * * * *
    (f) Provide a list of all persons granted access to the facility, 
as required to be maintained in Sec.  105.225.
    36. Amend Sec.  105.285 by revising paragraph (a)(4) to read as 
follows:


Sec.  105.285  Additional requirements-passenger and ferry facilities.

    (a) * * *
    (4) Deny passenger access to secure and restricted areas unless 
escorted by authorized facility security personnel; and
* * * * *
    37. Revise Sec.  105.290 to read as follows:


Sec.  105.290  Additional requirements-cruise ship terminals.

    At all MARSEC Levels, in coordination with a vessel moored at the 
facility, the facility owner or operator must ensure the following 
security measures:
    (a) Screen all persons, baggage, and personal effects for dangerous 
substances and devices;
    (b) Check the identification of all persons seeking to enter the 
facility. Persons holding a TWIC shall be checked as set forth in this 
part. For persons not holding a TWIC, this check includes confirming 
the reason for boarding by examining passenger tickets, boarding 
passes, government identification or visitor badges, or work orders;
    (c) Designate holding, waiting, or embarkation areas within the 
facility's secure area to segregate screened persons and their personal 
effects awaiting embarkation from unscreened persons and their personal 
effects;
    (d) Provide additional security personnel to designated holding, 
waiting, or embarkation areas within the facility's secure area; and
    (e) Deny individuals not holding a TWIC access to secure and 
restricted areas unless escorted.
    38. Amend Sec.  105.295 by revising paragraph (a)(1) to read as 
follows:


Sec.  105.295  Additional requirements-Certain Dangerous Cargo (CDC) 
facilities.

    (a) * * *
    (1) Escort all non-TWIC holders at all times while on the facility;
* * * * *
    39. Amend Sec.  105.296 by adding paragraph (a)(4) to read as 
follows:


Sec.  105.296  Additional requirements-barge fleeting facilities.

    (a) * * *
    (4) Control access to the barges once tied to the fleeting area by 
implementing TWIC as described in Sec.  105.255 of this part.
* * * * *

Subpart D--Facility Security Plan (FSP)

    40. Revise Sec.  105.405(a)(10) to read as follows:


Sec.  105.405  Format and content of the Facility Security Plan (FSP).

    (a) * * *

[[Page 29446]]

    (10) Security measures for access control, including designated 
public access areas and TWIC implementation;
* * * * *
    41. From [effective date of the final rule] to [effective date of 
final rule + 5 years], add Subpart E--TWIC Addendum to read as follows:
Subpart E--TWIC Addendum
Sec.
105.500 General.
105.505 Submission and approval.
105.510 Integration of TWIC Addendum into full FSP.

Subpart E--TWIC Addendum


Sec.  105.500  General.

    A facility owner or operator must ensure the completion of a TWIC 
Addendum. The TWIC Addendum must outline the security measures to be 
used on the facility in order to implement a TWIC program as discussed 
in Sec.  105.255 of this part, including the alternate procedures to be 
used.


Sec.  105.505  Submission and approval.

    (a) In accordance with Sec.  105.115, on or before [date six months 
after publication of the final rule], each facility owner or operator 
must either:
    (1) Submit one copy of their TWIC Addendum, in English, for review 
and approval to the cognizant COTP and a letter certifying that their 
TWIC Addendum meets applicable requirements of this part; or
    (2) If operating under a Coast Guard-approved Alternative Security 
Program (ASP), a letter signed by the facility owner or operator 
stating which approved ASP the owner or operator is using, and 
affirming that any new provisions of that ASP regarding TWIC have been 
implemented.
    (b) Owners or operators of facilities not in service on or before 
[date of publication of the final rule] must comply with Sec.  105.510 
and submit a complete FSP that includes details regarding the 
implementation of a TWIC program.
    (c) The cognizant COTP will examine each submission for compliance 
with this subpart and either:
    (1) Approve it and specify any conditions of approval, returning to 
the submitter a letter stating its acceptance and any conditions;
    (2) Return it for revision, returning a copy to the submitter with 
brief descriptions of the required revisions; or
    (3) Disapprove it, returning a copy to the submitter with a brief 
statement of the reasons for disapproval.
    (d) A TWIC Addendum may be submitted and approved to cover more 
than one facility where they share similarities in design and 
operations, if authorized and approved by each cognizant COTP.
    (e) Each facility owner or operator that submits one TWIC Addendum 
to cover two or more facilities of similar design and operation must 
address facility-specific information that includes the design and 
operational characteristics of each facility.
    (f) A TWIC Addendum will be given the same expiration date as the 
facility's full FSP.


Sec.  105.510  Integration of TWIC Addendum into full FSP.

* * * * *
    Upon gaining approval for the TWIC Addendum, the facility owner or 
operator must incorporate the approved TWIC Addendum into the FSP when 
the facility's FSP is due for reapproval in accordance with Subpart D 
of this part.

PART 106--MARITIME SECURITY: OUTER CONTINENTAL SHELF (OCS) 
FACILITIES

    42. The authority citation for part 106 continues to read as 
follows:

    Authority: 33 U.S.C. 1226, 1231; 46 U.S.C. Chapter 701; 50 
U.S.C. 191; 33 CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; Department 
of Homeland Security Delegation No, 0170.1.

    43. From [effective date of the final rule] to [effective date of 
final rule + 5 years] amend Sec.  106.110 by adding paragraph (d) to 
read as follows:


Sec.  106.110  Compliance dates.

    (d) OCS facility owners and operators must:
    (1) Submit a TWIC Addendum to the cognizant District Commander to 
cover each facility they own or operate subject to this part on or 
before [date 6 months after publication of final rule]; and
    (2) Be operating in accordance with the TWIC provisions found 
within this part, as outlined in their TWIC Addendum, between [date 1 
year after publication of the final rule] and [date 18 months after 
publication of the final rule], depending on whether enrollment has 
been completed in the port where the facility is operating, in 
accordance with 49 CFR 1572.19.
    44. Amend Sec.  106.115 by:
    a. Designating the undesignated text as paragraph (a);
    b. Redesignating paragraphs (a), (b), and (c) as (a)(1), (a)(2), 
and (a)(3), respectively; and
    c. Adding paragraph (b) to read as follows:


Sec.  106.115  Compliance documentation.

* * * * *
    (b) From [effective date of final rule] to [effective date of final 
rule + 5 years], this paragraph (b) shall apply. Each OCS facility 
owner or operator subject to this part must ensure, before [date one 
year after publication of final rule] that a copies of the following 
documentation are available at the OCS facility and are made available 
to the Coast Guard upon request:
    (1) The approved TWIC addendum and any approved revisions or 
amendments thereto, and a letter of approval from the cognizant 
District Commander dated within the last 5 years;
    (2) The TWIC Addendum submitted for approval and current written 
acknowledgment from the cognizant District Commander, stating that the 
Coast Guard is currently reviewing the TWIC Addendum submitted for 
approval and that the OCS facility may continue to operate; or
    (3) For OCS facilities operating under a Coast Guard-approved 
Alternative Security Program as provided in Sec.  106.135, a copy of 
the Alternative Security Program the OCS facility is using, including a 
facility specific security assessment report generated under the 
Alternative Security Program, as specified in Sec.  101.120(b)(3) of 
this subchapter, and a letter signed by the OCS facility owner or 
operator, stating which Alternative Security Program the OCS facility 
is using and certifying that the OCS facility is in full compliance 
with that program, as it has been amended pursuant to Sec.  101.121 of 
this subchapter.
    45. Revise Sec.  106.200(b) to read as follows:


Sec.  106.200  Owner or operator.

* * * * *
    (b) For each OCS facility, the OCS facility owner or operator must:
    (1) Define the security organizational structure for each OCS 
Facility and provide each person exercising security duties or 
responsibilities within that structure the support needed to fulfill 
those obligations;
    (2) Designate in writing, by name or title, a Company Security 
Officer (CSO) and a Facility Security Officer (FSO) for each OCS 
Facility and identify how those officers can be contacted at any time;
    (3) Ensure that a Facility Security Assessment (FSA) is conducted;
    (4) Ensure the development and submission for approval of a 
Facility Security Plan (FSP);
    (5) Ensure that the OCS facility operates in compliance with the 
approved FSP;
    (6) Ensure that the TWIC program is properly implemented as set 
forth in this part, including:

[[Page 29447]]

    (i) Ensuring that only individuals who hold a TWIC and are 
authorized to be in the area in accordance with the OCS FSP are 
permitted to escort;
    (ii) Identifying what action is to be taken by an escort, or other 
authorized individual, should individuals under escort engage in 
activities other than those for which escorted access was granted; and
    (iii) Ensuring that security systems and equipment are installed 
and maintained, including at least one TWIC reader that meets the 
standard incorporated by TSA in 49 CFR 1572.23, and that computer and 
access control systems and hardware are secure;
    (7) Ensure that adequate coordination of security issues takes 
place between OCS facilities and vessels, including the execution of a 
Declaration of Security (DoS) as required by this part;
    (8) Ensure, within 12 hours of notification of an increase in 
MARSEC Level, implementation of the additional security measures 
required by the FSP for the new MARSEC Level;
    (9) Ensure all breaches of security and security incidents are 
reported in accordance with part 101 of this subchapter;
    (10) Ensure consistency between security requirements and safety 
requirements;
    (11) Inform OCS facility personnel of their responsibility to apply 
for and maintain a TWIC, including the deadlines and methods for such 
applications, and of their obligation to inform TSA of any event that 
would render them ineligible for a TWIC, or which would invalidate 
their existing TWIC;
    (12) Ensure that protocols are in place for responding to TWIC 
holders presenting for entry who cannot electronically verify a match 
between themselves and the biometric information stored on the 
credential's ICC. These must include interim alternative security 
measures for an individual who cannot electronically identify his 
identity. Such provisions should take into account measures appropriate 
for occasional failures to verify and for persistent problems with 
verification such that a person may require a new credential;
    (13) Ensure that protocols are in place for responding to TWIC 
holders presenting for entry whose cards have been revoked by TSA, or 
other appropriate authority, or otherwise reported as invalid, and 
provisions for individuals requiring access who report a lost or stolen 
TWIC;
    (14) Ensure there are alternate provisions in case of equipment or 
power failures that affect TWIC readers and other validation equipment; 
and
    (15) Ensure that appropriate personnel know who is on the OCS 
facility at all times.
    46. Amend Sec.  106.205 by adding paragraphs (a)(4), (c)(13) and 
(d)(13) to read as follows:


Sec.  106.205  Company Security Officer (CSO).

    (a) * * *
    (4) The CSO must maintain a valid TWIC.
* * * * *
    (c) * * *
    (13) Knowledge of TWIC.
    (d) * * *
    (13) Ensure the TWIC program is being properly implemented.
    47. Amend Sec.  106.210 by adding paragraphs (a)(4) and (c)(15) to 
read as follows:


Sec.  106.210  OCS Facility Security Officer (FSO).

    (a) * * *
    (4) The FSO must maintain a valid TWIC.
* * * * *
    (c) * * *
    (15) Ensure the TWIC programs is properly implemented.
    48. Amend Sec.  106.215 by revising the introductory paragraph and 
redesignating paragraphs (k) and (l) as (l) and (m), respectively, and 
adding new paragraph (k) to read as follows:


Sec.  106.215  Company of OCS facility personnel with security duties.

    Company and OCS facility personnel responsible for security duties 
must maintain a valid TWIC, and must have knowledge, through training 
or equivalent job experience, in the following, as appropriate:
* * * * *
    (k) Familiarity with all relevant aspects of the TWIC program and 
how to carry them out;
* * * * *
    49. Amend Sec.  106.220 by adding paragraph (f) to read as follows:


Sec.  106.220  Security training for all other OCS personnel.

* * * * *
    (f) Familiarity with all relevant aspects of the TWIC program and 
how to carry them out.
    50. Revise Sec.  106.230 by adding paragraph (b)(9) to read as 
follows:


Sec.  106.230  OCS facility recordkeeping requirements.

* * * * *
    (b) * * *
    (9) Records of those individuals who are granted access to the 
secure area of the OCS facility, including records of when these 
individuals exit the OCS facility and, in the case of individuals who 
are escorted, the identification of the individual who escorted or the 
method by which the individual was escorted.
    51. Revise Sec.  106.260 to read as follows:


Sec.  106.260  Security measures for access control.

    (a) General. The OCS facility owner or operator must ensure the 
implementation of security measures to:
    (1) Deter the unauthorized introduction of dangerous substances and 
devices, including any device intended to damage or destroy persons, 
vessels, or the OCS facility;
    (2) Secure dangerous substances and devices that are authorized by 
the OCS facility owner or operator to be on board;
    (3) Control access to the OCS facility; and
    (4) Prevent an unescorted individual from entering the OCS facility 
unless the individual holds a duly issued TWIC and is authorized to be 
on the OCS facility in accordance with the OCS facility security plan.
    (b) The OCS facility owner or operator must ensure that the 
following are specified:
    (1) All locations providing means of access to the OCS facility 
where access restrictions or prohibitions are applied for each security 
level to prevent unauthorized access, including those points where a 
TWIC reader is or will be deployed;
    (2) The identification of the types of restriction or prohibition 
to be applied and the means of enforcing them;
    (3) The means used to establish the identity of individuals not in 
possession of a TWIC and the means by which they will be allowed access 
to the OCS facility; and
    (4) Procedures for identifying authorized and unauthorized persons 
at any MARSEC level.
    (c) The OCS facility owner or operator must ensure that a TWIC 
program is implemented as follows:
    (1) Prior to granting any individual unescorted access to the OCS 
facility, ensure that the individual has a TWIC and verify the 
individual's identity. The identity verification procedure must 
electronically verify a match between the individual and the biometric 
information stored on the TWIC's ICC. The validity of the TWIC itself 
must also be verified at this time;
    (2) Ensure that any individual granted unescorted access to the OCS 
facility is able to produce his or her TWIC upon request;

[[Page 29448]]

    (3) Uses disciplinary measures to prevent fraud and abuse;
    (4) Allows for temporary access if alternative security measures 
are implemented due to a failure of the TWIC system, and the individual 
can meet or pass those alternative security measures; and
    (5) Periodically verifies the validity of TWICs, using the latest 
information available from TSA, as outlined in paragraphs (f)(1), 
(g)(1) and (h)(1) of this section.
    (d) If the OCS facility owner or operator uses a separate 
identification system, ensure that it is coordinated with 
identification and TWIC systems in place on vessels conducting 
operations with the OCS facility.
    (e) The OCS facility owner or operator must establish in the 
approved Facility Security Plan (FSP) the frequency of application of 
any access controls, particularly if they are to be applied on a random 
or occasional basis.
    (f) MARSEC Level 1. The OCS facility owner or operator must ensure 
the following security measures are implemented at the facility:
    (1) Implement TWIC as set out in paragraph (c) of this section. The 
validity of a TWIC presented for unescorted access shall be verified 
using information that is no more than seven (7) days old. The validity 
of a TWIC held by a person already granted access to the OCS facility 
shall be verified weekly, using the most current information available 
from TSA;
    (2) Screen persons and personal effects going aboard the OCS 
facility for dangerous substances and devices at the rate specified in 
the approved FSP;
    (3) Conspicuously post signs that describe security measures 
currently in effect and clearly stating that:
    (i) Boarding an OCS facility is deemed valid consent to screening 
or inspection; and
    (ii) Failure to consent or submit to screening or inspection will 
result in denial or revocation of authorization to be on board;
    (4) Check the identification of any person seeking to board the OCS 
facility, including OCS facility employees, passengers and crews of 
vessels interfacing with the OCS facility, vendors, and visitors and 
ensure that non-TWIC holders are denied unescorted access to the OCS 
facility;
    (5) Deny or revoke a person's authorization to be on board if the 
person is unable or unwilling, upon the request of OCS facility 
personnel, to establish his or her identity in accordance with this 
part or to account for his or her presence on board. Any such incident 
must be reported in compliance with this part;
    (6) Deter unauthorized access to the OCS facility;
    (7) Identify access points that must be secured or attended to 
deter unauthorized access;
    (8) Lock or otherwise prevent access to unattended spaces that 
adjoin areas to which OCS facility personnel and visitors have access;
    (9) Ensure OCS facility personnel are not required to engage in or 
be subjected to screening, of the person or of personal effects, by 
other OCS facility personnel, unless security clearly requires it;
    (10) Provide a designated secure area on board, or in liaison with 
a vessel interfacing with the OCS facility, for conducting inspections 
and screening of people and their personal effects; and
    (11) Respond to the presence of unauthorized persons on board.
    (g) MARSEC Level 2. In addition to the security measures required 
for MARSEC Level 1 in this section, at MARSEC Level 2, the OCS facility 
owner or operator must:
    (1) Verify the validity of a TWIC presented for unescorted access 
shall be verified using information that is no more than one (1) day 
old, and verify the validity of a TWIC held by a person already granted 
access to the OCS facility daily, using the most current information 
available from TSA;
    (2) Ensure the implementation of additional security measures, as 
specified for MARSEC Level 2 in the approved FSP. These additional 
security measures may include:
    (i) Increasing the frequency and detail of screening of people and 
personal effects embarking onto the OCS facility as specified for 
MARSEC Level 2 in the approved FSP;
    (ii) Assigning additional personnel to patrol deck areas during 
periods of reduced OCS facility operations to deter unauthorized 
access;
    (iii) Limiting the number of access points to the OCS facility by 
closing and securing some access points; or
    (iv) Deterring waterside access to the OCS facility, which may 
include, providing boat patrols.
    (h) MARSEC Level 3. In addition to the security measures required 
for MARSEC Level 1 and MARSEC Level 2, at MARSEC level 3, the facility 
owner or operator must ensure that each person holding a TWIC and 
seeking unescorted access to a secure area is required to enter his or 
her correct PIN prior to being allowed to enter that area, and must 
ensure the implementation of additional security measures, as specified 
for MARSEC Level 3 in their approved FSP. The additional security 
measures may include:
    (1) Screening all persons and personal effects for dangerous 
substances and devices;
    (2) Being prepared to cooperate with responders;
    (3) Limiting access to the OCS facility to a single, controlled 
access point;
    (4) Granting access to only those responding to the security 
incident or threat thereof;
    (5) Suspending embarkation and/or disembarkation of personnel;
    (6) Suspending the loading of stores or industrial supplies;
    (7) Evacuating the OCS facility; or
    (8) Preparing for a full or partial search of the OCS facility.
    52. Amend Sec.  106.280 by adding paragraph (g) to read as follows:


Sec.  106.280  Security incident procedures.

* * * * *
    (g) Provide a list of all persons granted access to the OCS 
facility, as required to be maintained in Sec.  106.230.

Subpart D--Outer Continental Shelf (OCS) Facility Security Plan 
(FSP)

    53. Revise Sec.  106.405(a)(10) to read as follows:


Sec.  106.405  Format of the Facility Security Plan (FSP).

    (a) * * *
    (10) Security measures for access control, including TWIC 
implementation;
* * * * *
    54. From [effective date of the final rule] to [effective date of 
final rule + 5 years], add Subpart E--TWIC Addendum to read as follows:
Subpart E--TWIC Addendum
Sec.
106.500 General.
106.505 Submission and approval.
106.510 Integration of TWIC Addendum into full FSP.

Subpart E--TWIC Addendum


Sec.  106.500  General.

    An OCS facility owner or operator must ensure the completion of a 
TWIC Addendum. The TWIC Addendum must outline the security measures to 
be used on the OCS facility in order to implement a TWIC program as 
discussed in Sec.  106.260 of this part, including the alternate 
procedures to be used.


Sec.  106.505  Submission and approval.

    (a) In accordance with Sec.  106.115, on or before [date six months 
after date of publication of final rule], each OCS facility owner or 
operator must either:

[[Page 29449]]

    (1) Submit one copy of their TWIC Addendum, in English, for review 
and approval to the cognizant District Commander and a letter 
certifying that their TWIC Addendum meets applicable requirements of 
this part; or
    (2) If operating under a Coast Guard-approved Alternative Security 
Program (ASP), a letter signed by the OCS facility owner or operator 
stating which approved ASP the owner or operator is using, and 
affirming that any new provisions of that ASP regarding TWIC have been 
implemented.
    (b) Owners or operators of OCS facilities not in service on or 
before [date of publication of final rule] must comply with Sec.  
106.510 and submit a complete FSP that includes details regarding the 
implementation of a TWIC program.
    (c) The cognizant District Commander will examine each submission 
for compliance with this subpart and either:
    (1) Approve it and specify any conditions of approval, returning to 
the submitter a letter stating its acceptance and any conditions;
    (2) Return it for revision, returning a copy to the submitter with 
brief descriptions of the required revisions; or
    (3) Disapprove it, returning a copy to the submitter with a brief 
statement of the reasons for disapproval.
    (d) A TWIC Addendum may be submitted and approved to cover more 
than one facility where they share similarities in physical 
characteristics, location, and operations.
    (e) Each OCS facility owner or operator that submits one TWIC 
Addendum to cover two or more OCS facilities of similar design, 
location, and operation must address OCS facility-specific information 
that includes the physical and operational characteristics of each OCS 
facility.
    (f) A TWIC Addendum will be given the same expiration date as the 
OCS facility's full FSP.


Sec.  106.510  Integration of TWIC Addendum into full FSP.

    Upon gaining approval for the TWIC Addendum, the OCS facility owner 
or operator must incorporate the approved TWIC Addendum into the FSP 
when the OCS facility's FSP is due for reapproval in accordance with 
Subpart D of this part.

PART 125--IDENTIFICATION CREDENTIALS FOR PERSONS REQUIRING ACCESS 
TO WATERFRONT FACILITIES OR VESSELS

    55. The authority citation for part 125 is revised to read as 
follows:

    Authority: R.S. 4517, 4518, secs. 19, 2, 23 Stat. 58, 118, sec. 
7, 49 Stat. 1936, sec. 1, 40 Stat. 220; 46 U.S.C. 570'572, 2, 689, 
and 70105; 50 U.S.C. 191, EO 10173, EO 10277, EO 10352, 3 CFR, 
1949--1953 Comp. pp. 356, 778, 873.

    56. In Sec.  125.09, revise paragraph (f) and add paragraph (g) to 
read as follows:


Sec.  125.09  Identification credentials.

* * * * *
    (f) Transportation Worker Identification Credential.
    (g) Such other identification as may be approved by the Commandant 
from time to time.

Title 46--Shipping

Chapter I--Coast Guard

PART 10--LICENSING OF MARITIME PERSONEL

    57. The authority citation for part 10 continues to read as 
follows:

    Authority: 14 U.S.C. 633; 31 U.S.C. 9701; 46 U.S.C. 2101, 2103, 
and 2110; 46 U.S.C. chapter 71; 46 U.S.C. 7502, 7505, 7701, and 
8906; Executive Order 10173; Department of Homeland Security 
Delegation No. 0170.1. Section 11.107 is also issued under the 
authority of 44 U.S.C. 3507.

    58. Add new Sec.  10.113 to read as follows:


Sec.  10.113  Transportation Worker Identification Credential

    In accordance with the implementation schedule contained in 49 CFR 
1572.19, all mariners holding an active License, Certificate of 
Registry or STCW endorsement issued under this Part must hold a valid 
Transportation Worker Identification Credential (TWIC) issued by the 
Transportation Security Administration under title 49 CFR part 1572.

PART 12--CERTIFICATION OF SEAMEN

    59. The authority citation for part 12 is revised to read as 
follows:

    Authority: 31 U.S.C. 9701; 46 U.S.C. 2101, 2103, 2110, 7301, 
7302, 7503, 7505, 7701, and 70105; Department of Homeland Security 
Delegation No. 0170.1.

    60. Add new Sec.  12.01-11 to read as follows:


Sec.  12.01-11  Transportation Worker Identification Credential.

    In accordance with the implementation schedule contained in 49 CFR 
1572.19, all mariners holding a Merchant Mariner's Document or STCW 
endorsement issued under this Part must hold a valid Transportation 
Worker Identification Credential (TWIC) issued by the Transportation 
Security Administration under 49 CFR part 1572.

PART 15--MANNING REQUIREMENTS

    61. The authority citation for part 15 is revised to read as 
follows:

    Authority: 46 U.S.C. 2101, 2103, 3306, 3703, 8101, 8102, 8104, 
8105, 8301, 8304, 8502, 8503, 8701, 8702, 8901, 8902, 8903, 8904, 
8905(b), 8906, 9102, and 70105; and Department of Homeland Security 
Delegation No. 0170.1.

    62. Add new Sec.  15.415 to read as follows:


Sec.  15.415  Transportation Worker Identification Credential.

    In accordance with the implementation schedule contained in 49 CFR 
1572.19, a person may not employ or engage an individual, and an 
individual may not serve in a position in which an individual is 
required by law or regulation to hold an active License, Merchant 
Mariner Document, Certificate of Registry or STCW endorsement, unless 
the individual holds a valid Transportation Security Identification 
Credential (TWIC). All mariners holding an active License, Merchant 
Mariner Document, Certificate of Registry or STCW endorsement issued by 
the Coast Guard must hold a valid TWIC issued by the Transportation 
Security Administration under 49 CFR part 1572.

Title 49--Transportation

Chapter XII--Transportation Security Administration

Subchapter A--Administrative and Procedural Rules

    63. Add a new part 1515 to subchapter A to read as follows:

PART 1515--APPEAL AND WAIVER PROCEDURES FOR SECURITY THREAT 
ASSESSMENTS FOR INDIVIDUALS

Sec.
1515.1 Scope.
1515.3 Terms used in this part.
1515.5 Appeal procedures.
1515.7 Waiver procedures.

    Authority: 46 U.S.C. 70105; 49 U.S.C. 114, 5103a, 40113, and 
46105; 18 U.S.C. 842, 845; 6 U.S.C. 469.


Sec.  1515.1  Scope.

    This part applies to applicants who undergo one of the following 
security threat assessments and wish to appeal an Initial Determination 
of Threat Assessment or an Initial Determination of Threat Assessment 
and Immediate Revocation or apply for a waiver:
    (a) For a hazardous materials endorsement (HME) as described in 49 
CFR part 1572.

[[Page 29450]]

    (b) For a Transportation Worker Identification Credential (TWIC) as 
described in 49 CFR part 1572.


Sec.  1515.3  Terms used in this part.

    The terms used in 49 CFR parts 1500, 1540, 1570, and 1572 also 
apply in this part. In addition, the following terms are used in this 
part:
    Applicant means a person who has applied for one of the security 
threat assessments identified in Sec.  1515.1.
    Date of service means--
    (1) In the case of personal service, the date of personal delivery 
to the residential address listed on the application;
    (2) In the case of mailing with a certificate of service, the date 
shown on the certificate of service;
    (3) In the case of mailing and there is no certificate of service, 
10 days from the date mailed to the address designated on the 
application as the mailing address;
    (4) In the case of mailing with no certificate of service or 
postmark, the date mailed to the address designated on the application 
as the mailing address shown by other evidence; or
    (5) The date on which an electronic transmission occurs.
    Day means calendar day.
    Security threat assessment means the threat assessment for which 
the applicant has applied, as described in Sec.  1515.1.


Sec.  1515.5  Appeal procedures.

    (a) Scope. This section applies to appeals from an Initial 
Determination of Threat--
    (1) For a hazardous materials endorsement (HME) as described in 49 
CFR 1572.15.
    (2) For a Transportation Worker Identification Credential (TWIC) as 
described in 49 CFR 1572.15.
    (b) Grounds for appeal. An applicant may appeal an Initial 
Determination of Threat Assessment if the applicant is asserting that 
he or she meets the standards for the security threat assessment for 
which he or she is applying.
    (c) Appeal--(1) Initiating an appeal. An applicant initiates an 
appeal by submitting a written reply to TSA or written request for 
materials from TSA. If the applicant does not initiate an appeal within 
60 days of receipt, the Initial Determination of Threat Assessment 
becomes final. TSA then serves a Final Determination of Threat 
Assessment on the applicant.
    (i) In the case of an HME, TSA also serves a Final Determination of 
Threat Assessment on the licensing State.
    (ii) In the case of a mariner applying for TWIC, TSA also serves a 
Final Determination of Threat Assessment on the Coast Guard.
    (2) Request for materials. Within 60 days of the date of service of 
the Initial Determination of Threat Assessment, the applicant may serve 
upon TSA a written request for copies of the materials upon which the 
Initial Determination was based.
    (3) TSA response. (i) Within 60 days of receiving the applicant's 
request for materials, TSA serves copies of the releasable materials 
upon the applicant on which the Initial Determination was based. TSA 
will not include any classified information or other protected 
information described in paragraph (f) of this section.
    (ii) Within 60 days of receiving the applicant's request for 
materials or written reply, TSA may request additional information or 
documents from the applicant that TSA believes are necessary to make a 
Final Determination.
    (4) Correction of records. If the Initial Determination of Threat 
Assessment was based on a record that the applicant believes is 
erroneous, the applicant may correct the record, as follows:
    (i) The applicant contacts the jurisdiction or entity responsible 
for the information and attempts to correct or complete information 
contained in his or her record.
    (ii) The applicant provides TSA with the revised record, or a 
certified true copy of the information from the appropriate entity, 
before TSA determines that the applicant meets the standards for the 
security threat assessment.
    (5) Reply. (i) The applicant may serve upon TSA a written reply to 
the Initial Determination of Threat Assessment within 60 days of 
service of the Initial Determination, or 60 days after the date of 
service of TSA's response to the applicant's request for materials 
under paragraph (b)(1) of this section, if the applicant served such 
request. The reply must include the rationale and information on which 
the applicant disputes TSA's Initial Determination.
    (ii) In an applicant's reply, TSA will consider only material that 
is relevant to whether the applicant meets the standards described in 
49 CFR 1572.5(a).
    (6) Final determination. Within 60 days after TSA receives the 
applicant's reply, TSA serves a Final Determination of Threat 
Assessment or a Withdrawal of the Initial Determination as provided in 
paragraphs (c) or (d) of this section.
    (d) Final Determination of Threat Assessment. (1) If the Director 
concludes that the applicant does not meet the standards described in 
49 CFR 1572.5(a)(1), (a)(2), or (a)(4) following an appeal, TSA serves 
a Final Determination of Threat Assessment upon the applicant. In 
addition--
    (i) In the case of an HME, TSA serves a Final Determination of 
Threat Assessment on the licensing State.
    (ii) In the case of a mariner applying for TWIC, TSA serves a Final 
Determination of Threat Assessment on the Coast Guard.
    (iii) In the case of a TWIC, TSA serves a Final Determination of 
Threat Assessment on the Federal Maritime Security Coordinator (FMSC).
    (2) If the Assistant Secretary concludes that the applicant does 
not meet the security threat assessment standards described in 49 CFR 
1572.5(a)(3) following an appeal, TSA serves a Final Determination of 
Threat Assessment upon the applicant. In addition--
    (i) In the case of an HME, TSA serves a Final Determination of 
Threat Assessment on the licensing State.
    (ii) In the case of a mariner applying for TWIC, TSA serves a Final 
Determination of Threat Assessment on the Coast Guard.
    (iii) In the case of a TWIC, TSA serves a Final Determination of 
Threat Assessment on the FMSC.
    (3) The Final Determination includes a statement that the Director 
or Assistant Secretary has reviewed the Initial Determination, the 
applicant's reply and any accompanying information, and any other 
materials or information available to him or her, and has determined 
that the applicant poses a security threat warranting denial of the 
security threat assessment for which the applicant has applied.
    (e) Withdrawal of Initial Determination. If the Director or 
Assistant Secretary concludes that the applicant does not pose a 
security threat, TSA serves a Withdrawal of the Initial Determination 
upon the applicant.
    (f) Nondisclosure of certain information. In connection with the 
procedures under this section, TSA does not disclose classified 
information to the applicant, as defined in Executive Order 12968 
section 1.1(d), and reserves the right not to disclose any other 
information or material not warranting disclosure or protected from 
disclosure under law.
    (g) Extension of time. TSA may grant an applicant an extension of 
time of the limits described in this section for good cause shown. An 
applicant's request for an extension of time must be in writing and be 
received by TSA within a reasonable time before the due date to

[[Page 29451]]

be extended. TSA may grant itself an extension of time for good cause.
    (h) Judicial review. For purposes of judicial review, the Final 
Determination of Threat Assessment constitutes a final TSA order in 
accordance with 49 U.S.C. 46110.
    (i) Appeal of immediate revocation. If TSA directs an immediate 
revocation, the applicant may appeal this determination by following 
the appeal procedures described in paragraph (b) of this section. This 
applies to--
    (1) If TSA directs a State to revoke an HME pursuant to 49 CFR 
1572.13(a).
    (2) If TSA invalidates a TWIC by issuing an Initial Determination 
of Threat Assessment and Immediate Revocation pursuant to 49 CFR 
1572.21(d)(3).


Sec.  1515.7  Waiver procedures.

    (a) Scope. This section applies if an applicant does not meet 
certain standards for a security threat assessment but wishes to obtain 
a waiver of those standards, for--
    (1) For a hazardous materials endorsement (HME) as described in 49 
CFR part 1572.
    (2) For a Transportation Worker Identification Credential (TWIC) as 
described in 49 CFR part 1572.
    (b) Grounds for waiver. TSA may issue a waiver of certain standards 
and grant an HME or TWIC, if TSA determines that an applicant no longer 
poses a security threat based on a review of information described in 
paragraph (c) of this section. An applicant disqualified for the 
reasons described in paragraphs (b)(1) through (b)(3) of this section 
may apply for a waiver of the standards.
    (1) A disqualifying criminal offense described in 49 CFR 
1572.103(a)(5) through (a)(9), and Sec.  1572.103(a)(10), if the 
underlying criminal offense is in Sec. Sec.  1572.103 (a)(5) through 
(a)(9); or
    (2) A disqualifying criminal offense described in 49 CFR 
1572.103(b); or
    (3) Mental incapacity as described in 49 CFR 1572.109.
    (c) Initiating waiver. (1) An applicant initiates a waiver request 
by--
    (i) Providing the information required in 49 CFR 1572.9 for an HME 
or 49 CFR 1572.17 for a TWIC;
    (ii) Paying the fees required in 49 CFR 1572.405 (a)(1) through 
(a)(3) for an HME or in 49 CFR 1572.503(a)(1)(i) through (a)(1)(iii) 
for a TWIC; and
    (iii) Sending a written request to TSA for a waiver at any time, 
but not later than 60 days after the date of service of the Final 
Determination of Threat Assessment.
    (2) In determining whether to grant a waiver, TSA will consider the 
following factors:
    (i) The circumstances of the disqualifying act or offense.
    (ii) Restitution made by the applicant.
    (iii) Any Federal or State mitigation remedies.
    (iv) Court records or official medical release documents indicating 
that the individual no longer lacks mental capacity.
    (v) Other factors that indicate the applicant does not pose a 
security threat warranting denial of the HME or TWIC.
    (d) Grant or denial of waivers. (1) The Director will send a 
written decision granting or denying the waiver to the applicant within 
60 days of service the applicant's request for a waiver, or longer 
period as TSA may determine for good cause.
    (2) In the case of an HME, if the Director grants the waiver, the 
Director will send a Determination of No Security Threat to the 
licensing State within 60 days of service the applicant's request for a 
waiver, or longer period as TSA may determine for good cause.
    (3) In the case of a mariner applying for TWIC, if the Director 
grants the waiver, the Director will send a Determination of No 
Security Threat to the Coast Guard within 60 days of service the 
applicant's request for a waiver, or longer period as TSA may determine 
for good cause.
    (e) Extension of time. TSA may grant an applicant an extension of 
time of the limits described in paragraph (b) and (c) of this section 
for good cause shown. An applicant's request for an extension of time 
must be in writing and be received by TSA within a reasonable time 
before the due date to be extended. TSA may grant itself an extension 
of time for good cause.

Subchapter D--Maritime and Land Transportation Security

    64. Revise part 1570 to read as follows:

PART 1570--GENERAL RULES

Sec.
1570.1 Scope.
1570.3 Terms used in this subchapter.
1570.5 Fraud and intentional falsification of records.

    Authority: 46 U.S.C. 70105; 49 U.S.C. 114, 5103a, 40113, and 
46105; 18 U.S.C. 842, 845; 6 U.S.C. 469.


Sec.  1570.1  Scope.

    This part applies to any person involved in land or maritime 
transportation as specified in this part.


Sec.  1570.3  Terms used in this subchapter.

    For purposes of this subchapter:
    Adjudicate means to make an administrative determination of whether 
an applicant meets the standards in this subchapter, based on the 
merits of the issues raised.
    Alien means any person not a citizen or national of the United 
States.
    Alien registration number means the number issued by the U.S. 
Department of Homeland Security to an individual when he or she becomes 
a lawful permanent resident of the United States or attains other 
lawful, non-citizen status.
    Applicant means a person who has applied for one of the security 
threat assessments identified in this subchapter.
    Assistant Secretary means Assistant Secretary for Homeland 
Security, Transportation Security Administration (Assistant Secretary), 
the highest ranking TSA official, or his or her designee, and who is 
responsible for making the final determination on the appeal of an 
intelligence-related check under this part.
    Commercial drivers license (CDL) is used as defined in 49 CFR 
383.5.
    Convicted means any plea of guilty or nolo contendere, or any 
finding of guilt, except when the finding of guilt is subsequently 
overturned on appeal, pardoned, or expunged. For purposes of this 
subchapter, a conviction is expunged when the conviction is removed 
from the individual's criminal history record and there are no legal 
disabilities or restrictions associated with the expunged conviction, 
other than the fact that the conviction may be used for sentencing 
purposes for subsequent convictions. In addition, where an individual 
is allowed to withdraw an original plea of guilty or nolo contendere 
and enter a plea of not guilty and the case is subsequently dismissed, 
the individual is no longer considered to have a conviction for 
purposes of this subchapter.
    Determination of No Security Threat means an administrative 
determination by TSA that an individual does not pose a security threat 
warranting denial of an HME or a TWIC.
    Director means the officer designated by the Assistant Secretary to 
administer the appeal and waiver programs described in this part, 
except where the Assistant Secretary is specifically designated in this 
part to administer the appeal or waiver program. The Director may 
appoint a designee to assume his or her duties.
    Federal Maritime Security Coordinator (FMSC) has the same meaning 
as defined in 46 U.S.C. 70103(a)(2)(G); is the Captain of the Port 
(COTP) exercising authority for the COTP zones described in 33 CFR part 
3, and is the Port Facility Security Officer

[[Page 29452]]

as described in the International Ship and Port Facility Security 
(ISPS) Code, part A.
    Final Determination of Threat Assessment means a final 
administrative determination by TSA, including the resolution of 
related appeals, that an individual poses a security threat warranting 
denial of an HME or a TWIC.
    Hazardous materials endorsement (HME) means the authorization for 
an individual to transport hazardous materials in commerce, an 
indication of which must be on the individual's commercial driver's 
license, as provided in the Federal Motor Carrier Safety Administration 
(FMCSA) regulations in 49 CFR part 383.
    Imprisoned or imprisonment means confined to a prison, jail, or 
institution for the criminally insane, on a full-time basis, pursuant 
to a sentence imposed as the result of a criminal conviction or finding 
of not guilty by reason of insanity. Time spent confined or restricted 
to a half-way house, treatment facility, or similar institution, 
pursuant to a sentence imposed as the result of a criminal conviction 
or finding of not guilty by reason of insanity, does not constitute 
imprisonment for purposes of this rule.
    Incarceration means confined or otherwise restricted to a jail-type 
institution, half-way house, treatment facility, or another 
institution, on a full or part-time basis, pursuant to a sentence 
imposed as the result of a criminal conviction or finding of not guilty 
by reason of insanity.
    Initial Determination of Threat Assessment means an initial 
administrative determination by TSA that an individual poses a security 
threat warranting denial of an HME or a TWIC.
    Initial Determination of Threat Assessment and Immediate Revocation 
means an initial administrative determination that an individual poses 
a security threat that warrants immediate revocation of an HME or 
invalidation of a TWIC. In the case of an HME, the State must 
immediately revoke the HME if TSA issues an Initial Determination of 
Threat Assessment and Immediate Revocation. In the case of a TWIC, TSA 
invalidates the TWIC when TSA issues an Initial Determination of Threat 
Assessment and Immediate Revocation.
    Invalidate means the action TSA takes to make a credential 
inoperative when it is reported as lost, stolen, damaged, no longer 
needed, or when TSA determines an applicant does not meet the security 
threat assessment standards of 49 CFR part 1572.
    Lawful permanent resident means an individual, lawfully admitted to 
the United States for permanent residence, as defined in 8 U.S.C. 1101.
    Maritime facility has the same meaning as ``facility'' together 
with ``OCS facility'' (Outer Continental Shelf facility), as defined in 
33 CFR 101.105.
    Mental health facility means a mental institution, mental hospital, 
sanitarium, psychiatric facility, and any other facility that provides 
diagnoses by licensed professionals of mental retardation or mental 
illness, including a psychiatric ward in a general hospital.
    Owner/operator with respect to a maritime facility or a vessel has 
the same meaning as defined in 33 CFR 101.105.
    Revocation means the termination, deactivation, rescission, 
invalidation, cancellation, or withdrawal of the privileges and duties 
conferred by an HME or TWIC, when TSA determines an applicant does not 
meet the security threat assessment standards of 49 CFR part 1572.
    Secure area means the area on board a vessel or at a facility or 
outer continental shelf facility, over which the owner/operator has 
implemented security measures for access control, as defined by a Coast 
Guard approved security plan. It does not include passenger access 
areas or public access areas, as those terms are defined in 33 CFR 
104.106 and 105.106 respectively.
    Security threat means an individual whom TSA determines or suspects 
of posing a threat to national security; to transportation security; or 
of terrorism.
    Sensitive security information (SSI) means information that is 
described in, and must be managed in accordance with, 49 CFR part 1520.
    State means a State of the United States and the District of 
Columbia.
    Transportation Worker Identification Credential (TWIC) means a 
Federal biometric credential, issued to an individual, when TSA 
determines that the individual does not pose security threat.
    Withdrawal of Initial Determination of Threat Assessment is the 
document that TSA issues after issuing an Initial Determination of 
Security Threat, when TSA determines that an individual does not pose a 
security threat, warranting denial of an HME or TWIC.


Sec.  1570.5  Fraud and intentional falsification of records.

    No person may make, or cause to be made, any of the following:
    (a) Any fraudulent or intentionally false statement in any record 
or report that is kept, made, or used to show compliance with the 
subchapter, or exercise any privileges under this subchapter.
    (b) Any reproduction or alteration, for fraudulent purpose, of any 
record, report, security program, access medium, or identification 
medium issued under this subchapter or pursuant to standards in this 
subchapter.
    65. Revise part 1572 to read as follows:

PART 1572--CREDENTIALING AND SECURITY THREAT ASSESSMENTS

Subpart A--Procedures and General Standards
Sec.
1572.1 Applicability.
1572.3 Scope.
1572.5 Standards for security threat assessments.
1572.7 Waiver of security threat assessment standards.
1572.9 Applicant information required for HME security threat 
assessment.
1572.11 Applicant responsibilities for HME security threat 
assessment.
1572.13 State responsibilities for issuance of hazardous materials 
endorsement.
1572.15 Procedures for HME security threat assessment.
1572.17 Applicant information required for TWIC security threat 
assessment.
1572.19 Applicant responsibilities for a TWIC security threat 
assessment.
1572.21 Procedures for TWIC security threat assessment.
1572.23 Conforming equipment; Incorporation by reference.
1572.24-1572.40 [Reserved]
1572.41 Compliance, inspection, and enforcement.
Subpart B--Qualification Standards for Security Threat Assessments
1572.101 Scope.
1572.103 Disqualifying criminal offenses.
1572.105 Immigration status.
1572.107 Other analyses.
1572.109 Mental incapacity.
1572.111-1572.139 [Reserved]
Subpart C--Transportation of Explosives From Canada to the United 
States
1572.201 Via commercial motor vehicle.
1572.203 Via railroad carrier.
Subpart D--[Reserved]
Subpart E--Fees for Security Threat Assessments for Hazmat Drivers
1572.400 Scope and definitions.
1572.401 Fee collection options.
1572.403 Procedures for collection by States.
1572.405 Procedures for collection by TSA.
Subpart F--Fees for Security Threat Assessments for Transportation 
Worker Identification Credential (TWIC)
1572.500 Scope.
1572.501 Fee collection.
1572.503 Fee procedures for collection by TSA or its agent.


[[Page 29453]]


    Authority: 46 U.S.C. 70105; 49 U.S.C. 114, 5103a, 40113, and 
46105; 18 U.S.C. 842, 845; 6 U.S.C. 469.

Subpart A--Procedures and General Standards


Sec.  1572.1  Applicability.

    This part establishes regulations for credentialing and security 
threat assessments for certain maritime and land transportation 
workers.


Sec.  1572.3  Scope.

    This part applies to--
    (a) State agencies responsible for issuing a hazardous materials 
endorsement (HME); and
    (b) An applicant who--
    (1) Is qualified to hold a commercial driver's license under 49 CFR 
parts 383 and 384, and is applying to obtain, renew, or transfer an 
HME; or
    (2) Is applying to obtain or renew a TWIC in accordance with 33 CFR 
parts 104 through 106 or 46 CFR part 10;


Sec.  1572.5  Standards for security threat assessments.

    (a) Standards. TSA determines that an applicant poses a security 
threat warranting denial of an HME or TWIC, if--
    (1) The applicant has a disqualifying criminal offense described in 
Sec.  1572.103;
    (2) The applicant does not meet the immigration status requirements 
described in Sec.  1572.105;
    (3) TSA conducts the analyses described in Sec.  1572.107 and 
determines that the applicant poses a security threat; or
    (4) The applicant has been adjudicated as lacking mental capacity 
or committed to a mental health facility, as described in Sec.  
1572.109.
    (b) Immediate revocation/invalidation. TSA may invalidate a TWIC or 
direct a State to revoke an HME immediately, if TSA determines during 
the security threat assessment that an applicant poses an immediate 
threat to transportation security, national security, or of terrorism.
    (c) Violation of FMCSA standards. The regulations of the Federal 
Motor Carrier Safety Administration (FMCSA) provide that an applicant 
is disqualified from operating a commercial motor vehicle for specified 
periods, if he or she has an offense that is listed in the FMCSA rules 
at 49 CFR 383.51. If records indicate that an applicant has committed 
an offense that would disqualify the applicant from operating a 
commercial motor vehicle under 49 CFR 383.51, TSA will not issue a 
Determination of No Security Threat until the State or the FMCSA 
determine that the applicant is not disqualified under that section.
    (d) Comparability of other security threat assessment standards. 
TSA may determine that security threat assessments conducted by other 
governmental agencies are comparable to the threat assessment described 
in this part, which TSA conducts for HME and TWIC applicants.
    (1) In making a comparability determination, TSA will consider--
    (i) The minimum standards used for the security threat assessment;
    (ii) The frequency of the threat assessment;
    (iii) The date of the most recent threat assessment; and
    (iv) Whether the threat assessment includes biometric 
identification and a biometric credential.
    (2) To apply for a comparability determination, the agency seeking 
the determination must contact the Assistant Program Manager, Attn: 
Federal Agency Comparability Check, Hazmat Threat Assessment Program, 
Transportation Security Administration, 601 South 12th Street, 
Arlington, VA 22202-4220.
    (3) TSA will notify the public when a comparability determination 
is made.
    (4) An applicant, who has completed a security threat assessment 
that is determined to be comparable under this section to the threat 
assessment described in this part, must complete the enrollment process 
and provide biometric information to obtain a TWIC, if the applicant 
seeks unescorted access to a secure area of a vessel or facility. The 
applicant must pay the fee listed in Sec.  1572.503 for information 
collection/credential issuance.
    (5) TSA has determined that the security threat assessment for an 
HME under this part is comparable to the security threat assessment for 
TWIC.
    (6) TSA has determined that the security threat assessment for a 
FAST card, under the Free and Secure Trade program administered by the 
U.S. Customs and Border Protection, is comparable to the security 
threat assessment described in this part.


Sec.  1572.7  Waiver of security threat assessment standards.

    (a) An applicant may apply to TSA for a waiver of the standards 
described in Sec.  1572.5, if the applicant--
    (1) Has a disqualifying criminal offense described in Sec.  
1572.103(a)(5) through (a)(9), and Sec.  1572.103 (a)(10), if the 
underlying criminal offense is in Sec.  1572.103 (a)(5) through (a)(9); 
or
    (2) Has a disqualifying criminal offense described in Sec.  
1572.103(b); or
    (3) Has a history of mental incapacity described in Sec.  1572.109.
    (b) HME and TWIC applicants must follow the procedures described in 
49 CFR 1515.7 when applying for a waiver.


Sec.  1572.9  Applicant information required for HME security threat 
assessment.

    An applicant must supply the information required in this section, 
in a form acceptable to TSA, when applying to obtain or renew an HME. 
When applying to transfer an HME from one State to another, Sec.  
1572.13(e) applies.
    (a) The applicant must provide the following identifying 
information:
    (1) Legal name, including first, middle, and last; any applicable 
suffix; and any other name used previously.
    (2) Current and previous mailing address, current residential 
address if it differs from the current mailing address, and email 
address.
    (3) Date of birth.
    (4) Social security number. Providing the social security number is 
voluntary; however, failure to provide it will delay and may prevent 
completion of the threat assessment.
    (5) Gender.
    (6) Height, weight, hair color, and eye color.
    (7) City, state, and country of birth.
    (8) Immigration status and, if the applicant is a naturalized 
citizen of the United States, the date of naturalization.
    (9) Alien registration number, if applicable.
    (10) The State of application, CDL number, and type of HME(s) held.
    (11) Name, telephone number, facsimile number, and address of the 
applicant's current employer(s), if the applicant's work for the 
employer(s) requires an HME.
    (b) The applicant must provide a statement, signature, and date of 
signature that he or she--
    (1) Was not convicted, or found not guilty by reason of insanity, 
of a disqualifying crime listed in Sec.  1572.103(b), in a civilian or 
military jurisdiction, during the seven years before the date of the 
application;
    (2) Was not released from incarceration, in a civilian or military 
jurisdiction, for committing a disqualifying crime listed in Sec.  
1572.103(b), during the five years before the date of the application;
    (3) Is not wanted, or under indictment, in a civilian or military 
jurisdiction, for a disqualifying criminal offense identified in Sec.  
1572.103;
    (4) Was not convicted, or found not guilty by reason of insanity, 
of a disqualifying criminal offense identified in Sec.  1572.103(a), in 
a civilian or military jurisdiction;

[[Page 29454]]

    (5) Has not been adjudicated as lacking mental capacity or 
committed to a mental health facility involuntarily;
    (6) Meets the immigration status requirements described in Sec.  
1572.105;
    (7) Has or has not served in the military, and if so, the branch in 
which he or she served, the date of discharge, and the type of 
discharge; and
    (8) Has been informed that Federal regulations, under Sec.  
1572.11, impose a continuing obligation on the HME holder to disclose 
to the State if he or she is convicted, or found not guilty by reason 
of insanity, of a disqualifying crime, adjudicated as lacking mental 
capacity, or committed to a mental health facility.
    (c) The applicant must certify and date receipt the following 
statement:

    Privacy Act Notice: Authority: The authority for collecting this 
information is 49 U.S.C. 114, 40113, and 5103a. Purpose: This 
information is needed to verify your identity and to conduct a 
security threat assessment to evaluate your suitability for a 
hazardous materials endorsement for a commercial driver's license. 
Furnishing this information, including your SSN or alien 
registration number, is voluntary; however, failure to provide it 
will delay and may prevent completion of your security threat 
assessment. Routine Uses: Routine uses of this information include 
disclosure to the FBI to retrieve your criminal history record; to 
TSA contractors or other agents who are providing services relating 
to the security threat assessments; to appropriate governmental 
agencies for licensing, law enforcement, or security purposes, or in 
the interests of national security; and to foreign and international 
governmental authorities in accordance with law and international 
agreement.

    (d) The applicant must certify and date receipt the following 
statement, immediately before the signature line:

    The information I have provided on this application is true, 
complete, and correct, to the best of my knowledge and belief, and 
is provided in good faith. I understand that a knowing and willful 
false statement, or an omission of a material fact on this 
application can be punished by fine or imprisonment or both (See 
section 1001 of Title 18 United States Code), and may be grounds for 
denial of a hazardous materials endorsement.

    (e) The applicant must certify the following statement in writing:

    I acknowledge that if the Transportation Security Administration 
determines that I pose a security threat, my employer, as listed on 
this application, may be notified.


Sec.  1572.11  Applicant responsibilities for HME security threat 
assessment.

    (a) Surrender of HME. If an individual is disqualified from holding 
an HME under Sec.  1572.5(c), he or she must surrender the HME to the 
licensing State. Failure to surrender the HME to the State may result 
in immediate revocation under Sec.  1572.13(a) and/or civil penalties.
    (b) Continuing responsibilities. An individual who holds an HME 
must surrender the HME as required in paragraph (a) of this section 
within 24 hours, if the individual--
    (1) Is convicted of, wanted, under indictment or complaint, or 
found not guilty by reason of insanity, in a civilian or military 
jurisdiction, for a disqualifying criminal offense identified in Sec.  
1572.103; or
    (2) Is adjudicated as lacking mental capacity, or committed to a 
mental health facility, as described in Sec.  1572.109; or
    (3) Renounces or loses U.S. citizenship or status as a lawful 
permanent resident; or
    (4) Violates his or her immigration status, and/or is ordered 
removed from the United States.
    (c) Submission of fingerprints and information. (1) An HME 
applicant must submit fingerprints and the information required in 
Sec.  1572.9, in a form acceptable to TSA, when so notified by the 
State, or when the applicant applies to obtain or renew an HME. The 
procedures outlined in Sec.  1572.13(e) apply to HME transfers.
    (2) When submitting fingerprints and the information required in 
Sec.  1572.9, the fee described in Sec.  1572.503 must be remitted to 
TSA.


Sec.  1572.13  State responsibilities for issuance of hazardous 
materials endorsement.

    Each State must revoke an individual's HME immediately, if TSA 
informs the State that the individual does not meet the standards for 
security threat assessment in Sec.  1572.5 and issues an Initial 
Determination of Threat Assessment and Immediate Revocation.
    (a) No State may issue or renew an HME for a CDL, unless the State 
receives a Determination of No Security Threat from TSA.
    (b) Each State must notify each individual holding an HME issued by 
that State that he or she will be subject to the security threat 
assessment described in this part as part of an application for renewal 
of the HME, at least 60 days prior to the expiration date of the 
individual's HME. The notice must inform the individual that he or she 
may initiate the security threat assessment required by this section at 
any time after receiving the notice, but no later than 60 days before 
the expiration date of the individual's HME.
    (c) The State that issued an HME may extend the expiration date of 
the HME for 90 days, if TSA has not provided a Determination of No 
Security Threat or a Final Determination of Threat Assessment before 
the expiration date. Any additional extension must be approved in 
advance by TSA.
    (d) Within 15 days of receipt of a Determination of No Security 
Threat or Final Determination of Threat Assessment from TSA, the State 
must--
    (1) Update the applicant's permanent record to reflect:
    (i) The results of the security threat assessment;
    (ii) The issuance or denial of an HME; and
    (iii) The new expiration date of the HME.
    (2) Notify the Commercial Drivers License Information System 
operator of the results of the security threat assessment.
    (3) Revoke or deny the applicant's HME if TSA serves the State with 
a Final Determination of Threat Assessment.
    (e) For applicants who apply to transfer an existing HME from one 
State to another, the second State will not require the applicant to 
undergo a new security threat assessment until the security threat 
assessment renewal period established in the preceding issuing State, 
not to exceed five years, expires.
    (f) Each State must retain the application and information required 
in Sec.  1572.9, for at least one year, in paper or electronic form.


Sec.  1572.15  Procedures for HME security threat assessment.

    (a) Contents of security threat assessment. The security threat 
assessment TSA completes includes a fingerprint-based criminal history 
records check, an intelligence-related background check, and a final 
disposition.
    (b) Fingerprint-based check. In order to conduct a fingerprint-
based criminal history records check, the following procedures must be 
completed:
    (1) The State notifies the applicant that he or she will be subject 
to the security threat assessment at least 60 days prior to the 
expiration of the applicant's HME, and that the applicant must begin 
the security threat assessment no later than 30 days before the date of 
the expiration of the HME.
    (2) Where the State elects to collect fingerprints and applicant 
information, the State--
    (i) Collects fingerprints and applicant information required in 
Sec.  1572.9;
    (ii) Provides the applicant information to TSA electronically, 
unless otherwise authorized by TSA;

[[Page 29455]]

    (iii) Transmits the fingerprints to the FBI/Criminal Justice 
Information Services (CJIS), in accordance with the FBI/CJIS 
fingerprint submission standards; and
    (iv) Retains the signed application, in paper or electronic form, 
for one year and provides it to TSA, if requested.
    (3) Where the State elects to have a TSA agent collect fingerprints 
and applicant information--
    (i) TSA provides a copy of the signed application to the State;
    (ii) The State retains the signed application, in paper or 
electronic form, for one year and provides it to TSA, if requested; and
    (iii) TSA transmits the fingerprints to the FBI/CJIS, in accordance 
with the FBI/CJIS fingerprint submission standards.
    (4) TSA receives the results from the FBI/CJIS and adjudicates the 
results of the check, in accordance with Sec.  1572.103 and, if 
applicable, Sec.  1572.107.
    (c) Intelligence-related check. To conduct an intelligence-related 
check, TSA completes the following procedures:
    (1) Reviews the applicant information required in Sec.  1572.9.
    (2) Searches domestic and international Government databases 
described in Sec. Sec.  1572.105, 1572.107, and 1572.109.
    (3) Adjudicates the results of the check in accordance with 
Sec. Sec.  1572.103, 1572.105, 1572.107, and 1572.109.
    (d) Final disposition. Following completion of the procedures 
described in paragraphs (b) and/or (c) of this section, the following 
procedures apply, as appropriate:
    (1) TSA serves a Determination of No Security Threat on the State 
in which the applicant is authorized to hold an HME, if TSA determines 
that an applicant meets the security threat assessment standards 
described in Sec.  1572.5.
    (2) TSA serves an Initial Determination of Threat Assessment on the 
applicant, if TSA determines that the applicant does not meet the 
security threat assessment standards described in Sec.  1572.5. The 
Initial Determination of Threat Assessment includes--
    (i) A statement that TSA has determined that the applicant poses a 
security threat warranting denial of the HME;
    (ii) The basis for the determination;
    (iii) Information about how the applicant may appeal the 
determination, as described in 49 CFR 1515.5; and
    (iv) A statement that if the applicant chooses not to appeal TSA's 
determination within 60 days of receipt of the Initial Determination, 
or does not request an extension of time within 60 days of receipt of 
the Initial Determination in order to file an appeal, the Initial 
Determination becomes a Final Determination of Security Threat 
Assessment.
    (3) TSA serves an Initial Determination of Threat Assessment and 
Immediate Revocation on the applicant, the applicant's employer where 
appropriate, and the State, if TSA determines that the applicant does 
not meet the security threat assessment standards described in Sec.  
1572.5 and may pose an imminent threat to transportation or national 
security, or of terrorism. The Initial Determination of Threat 
Assessment and Immediate Revocation includes--
    (i) A statement that TSA has determined that the applicant poses a 
security threat warranting immediate revocation of an HME;
    (ii) The basis for the determination;
    (iii) Information about how the applicant may appeal the 
determination, as described in 49 CFR 1515.5(h); and
    (iv) A statement that if the applicant chooses not to appeal TSA's 
determination within 60 days of receipt of the Initial Determination 
and Immediate Revocation, the Initial Determination and Immediate 
Revocation becomes a Final Determination of Threat Assessment.
    (4) TSA serves a Final Determination of Threat Assessment on the 
State in which the applicant applied for the HME, the applicant's 
employer where appropriate, and on the applicant, if the appeal of the 
Initial Determination results in a finding that the applicant poses a 
security threat.
    (5) TSA serves a Withdrawal of the Initial Determination of Threat 
Assessment or a Withdrawal of Final Determination of Threat Assessment 
on the applicant, and a Determination of No Security Threat on the 
State and the employer if appropriate, if the appeal results in a 
finding that the applicant does not pose a security threat, or if TSA 
grants the applicant a waiver pursuant to 49 CFR 1515.7.


Sec.  1572.17  Applicant information required for TWIC security threat 
assessment.

    An applicant must supply the information required in this section, 
in a form acceptable to TSA, when applying to obtain or renew a TWIC.
    (a) The applicant must provide the following identifying 
information:
    (1) Legal name, including first, middle, and last; any applicable 
suffix; and any other name used previously.
    (2) Current and previous mailing address, current residential 
address if it differs from the current mailing address, and email 
address if available.
    (3) Date of birth.
    (4) Social security number. Providing the social security number is 
voluntary; however, failure to provide it will delay and may prevent 
completion of the threat assessment.
    (5) Gender.
    (6) Height, weight, hair color, and eye color.
    (7) City, state, and country of birth.
    (8) Immigration status and, if the applicant is a naturalized 
citizen of the United States, the date of naturalization.
    (9) Alien registration number, if applicable.
    (10) The reason that the applicant requires a TWIC, including the 
applicant's job description and the primary facility, vessel, or port 
location(s) where the applicant will most likely require unescorted 
access, if known. This statement does not limit access to other 
facilities, vessels, or ports, but establishes eligibility for a TWIC.
    (11) The name, telephone number, and address of the applicant's 
current employer(s), if working for the employer requires a TWIC. An 
applicant whose current employer does not require possession of a TWIC, 
does not have a single employer, or is self-employed, must provide the 
primary vessel or port location(s) where the applicant requires 
unescorted access, if known. This statement does not limit access to 
other facilities, vessels, or ports, but establishes eligibility for a 
TWIC.
    (b) The applicant must provide a statement, signature, and date of 
signature that he or she--
    (1) Was not convicted, or found not guilty by reason of insanity, 
of a disqualifying crime listed in Sec.  1572.103(b), in a civilian or 
military jurisdiction, during the seven years before the date of the 
application;
    (2) Was not released from incarceration, in a civilian or military 
jurisdiction, for committing a disqualifying crime listed in Sec.  
1572.103(b), during the five years before the date of the application;
    (3) Is not wanted, or under indictment, in a civilian or military 
jurisdiction, for a disqualifying criminal offense identified in Sec.  
1572.103;
    (4) Was not convicted, or found not guilty by reason of insanity, 
of a disqualifying criminal offense identified in Sec.  1572.103(a), in 
a civilian or military jurisdiction;
    (5) Has not been adjudicated as lacking mental capacity, or 
committed to a mental health facility involuntarily;
    (6) Meets the immigration status requirements described in Sec.  
1572.105;

[[Page 29456]]

    (7) Has, or has not, served in the military, and if so, the branch 
in which he or she served, the date of discharge, and the type of 
discharge; and
    (8) Has been informed that Federal regulations under Sec.  1572.19 
impose a continuing obligation on the TWIC holder to disclose to TSA if 
he or she is convicted, or found not guilty by reason of insanity, of a 
disqualifying crime, adjudicated as lacking mental capacity, or 
committed to a mental health facility.
    (c) Applicants, applying to obtain or renew a TWIC, must submit 
biometric information to be used for identity verification purposes. If 
an individual cannot provide the selected biometric, TSA will collect 
an alternative biometric identifier.
    (d) The applicant must certify and date receipt the following 
statement:

    Privacy Act Notice: Authority: The authority for collecting this 
information is 49 U.S.C. 114, 40113, and 5103a. Purpose: This 
information is needed to verify your identity and to conduct a 
security threat assessment to evaluate your suitability for a 
Transportation Worker Identification Credential. Furnishing this 
information, including your SSN or alien registration number, is 
voluntary; however, failure to provide it will delay and may prevent 
completion of your security threat assessment. Routine Uses: Routine 
uses of this information include disclosure to the FBI to retrieve 
your criminal history record; to TSA contractors or other agents who 
are providing services relating to the security threat assessments; 
to appropriate governmental agencies for licensing, law enforcement, 
or security purposes, or in the interests of national security; and 
to foreign and international governmental authorities in accordance 
with law and international agreement.

    (e) The applicant must certify the following statement in writing:

    As part of my employment duties, I am required to have 
unescorted access to secure areas of maritime facilities or vessels 
in which a Transportation Worker Identification Credential is 
required; or I am now, or I am applying to be, a credentialed 
merchant mariner.

    (f) The applicant must certify and date receipt the following 
statement, immediately before the signature line:

    The information I have provided on this application is true, 
complete, and correct, to the best of my knowledge and belief, and 
is provided in good faith. I understand that a knowing and willful 
false statement, or an omission of a material fact on this 
application, can be punished by fine or imprisonment or both (see 
section 1001 of Title 18 United States Code), and may be grounds for 
denial of a Transportation Worker Identification Credential.

    (g) The applicant must certify the following statement in writing:

    I acknowledge that if the Transportation Security Administration 
determines that I pose a security threat, my employer, as listed on 
this application, may be notified.

Sec.  1572.19  Applicant responsibilities for a TWIC security threat 
assessment.

    (a) Implementation schedule. Except as provided in paragraph (b) of 
this section, applicants must provide the information required in Sec.  
1572.17, when so directed by the owner/operator and consistent with 
table 1 to this paragraph. The Group Numbers are listed in table 1.

            Table 1 to Paragraph (a)--Implementation Schedule
------------------------------------------------------------------------
                  Start date                    End date
------------------------------------------------------------------------
Group 1        Effective Date   Not later than 10 months after effective
                of rule.         date of rule, unless otherwise
                                 authorized by TSA.
Group 2        After Group 1..  Not later than 15 months after effective
                                 date of rule, unless otherwise
                                 authorized by TSA.
Group 3        After Group 2..  Not later than 18 months after effective
                                 date of rule, unless otherwise
                                 authorized by TSA.
------------------------------------------------------------------------

    (b) Implementation schedule for certain mariners. An applicant, who 
holds a Merchant Mariner Document (MMD) issued after February 3, 2003, 
and before [the effective date of this rule], or a Merchant Marine 
License (License) issued after January 13, 2006, and before [the 
effective date of this rule], must submit the information required in 
this section, but is not required to undergo the security threat 
assessment described in this part.
    (c) Surrender of TWIC. If an individual is disqualified from 
holding a TWIC under Sec.  1572.5, he or she must surrender the TWIC to 
TSA. Failure to surrender the TWIC to TSA may result in immediate 
revocation under Sec.  1572.5(b) and/or civil penalties.
    (d) Continuing responsibilities. An individual who holds a TWIC 
must surrender the TWIC, as required in paragraph (a) of this section, 
within 24 hours if the individual--
    (1) Is convicted of, wanted, under indictment or complaint, or 
found not guilty by reason of insanity, in a civilian or military 
jurisdiction, for a disqualifying criminal offense identified in Sec.  
1572.103; or
    (2) Is adjudicated as lacking mental capacity or committed to a 
mental health facility, as described in Sec.  1572.109; or
    (3) Renounces or loses U.S. citizenship or status as a lawful 
permanent resident; or
    (4) Violates his or her immigration status and/or is ordered 
removed from the United States.
    (e) Submission of fingerprints and information. (1) TWIC applicants 
must submit fingerprints and the information required in Sec.  1572.17, 
in a form acceptable to TSA, to obtain or renew a TWIC.
    (2) When submitting fingerprints and the information required in 
Sec.  1572.17, the fee required in Sec.  1572.503 must be remitted to 
TSA.
    (f) Lost or stolen credentials. If a TWIC holder loses possession 
of the credential, he or she must notify TSA immediately.


Sec.  1572.21  Procedures for TWIC security threat assessment.

    (a) Contents of security threat assessment. The security threat 
assessment TSA conducts includes a fingerprint-based criminal history 
records check, an intelligence-related check, and a final disposition.
    (b) Fingerprint-based check. The following procedures must be 
completed to conduct a fingerprint-based criminal history records 
check:
    (1) Consistent with the implementation schedule described in Sec.  
1572.19(a) and (b), and as required in 33 CFR 104.200, 105.200, or 
106.200, applicants are notified
    (2) During enrollment, TSA--
    (i) Collects fingerprints, applicant information, and the fee 
required in Sec.  1572.17;
    (ii) Transmits the fingerprints to the FBI/CJIS in accordance with 
the FBI/CJIS fingerprint submission standards.
    (iii) Receives and adjudicates the results of the check from FBI/
CJIS, in accordance with Sec.  1572.103 and, if applicable, Sec.  
1572.107.
    (c) Intelligence-related check. To conduct an intelligence-related 
check, TSA completes the following procedures:
    (1) Reviews the applicant information required in Sec.  1572.17;
    (2) Searches domestic and international Government databases 
required to determine if the applicant

[[Page 29457]]

meets the requirements of Sec. Sec.  1572.105, 1572.107, and 1572.109;
    (3) Adjudicates the results of the check in accordance with 
Sec. Sec.  1572.103, 1572.105, 1572.107, and 1572.109.
    (d) Final disposition. Following completion of the procedures 
described in paragraphs (b) and/or (c) of this section, the following 
procedures apply, as appropriate:
    (1) TSA serves a Determination of No Security Threat on the 
applicant if TSA determines that the applicant meets the security 
threat assessment standards described in Sec.  1572.5. In the case of a 
mariner, TSA also serves a Determination of No Security Threat on the 
Coast Guard.
    (2) TSA serves an Initial Determination of Threat Assessment on the 
applicant if TSA determines that the applicant does not meet the 
security threat assessment standards described in Sec.  1572.5. The 
Initial Determination of Threat Assessment includes--
    (i) A statement that TSA has determined that the applicant poses a 
security threat warranting denial of the TWIC;
    (ii) The basis for the determination;
    (iii) Information about how the applicant may appeal the 
determination, as described in 49 CFR 1515.5; and
    (iv) A statement that if the applicant chooses not to appeal TSA's 
determination within 60 days of receipt of the Initial Determination, 
or does not request an extension of time within 60 days of receipt of 
the Initial Determination in order to file an appeal, the Initial 
Determination becomes a Final Determination of Security Threat 
Assessment.
    (3) TSA serves an Initial Determination of Threat Assessment and 
Immediate Revocation on the applicant, the applicant's employer where 
appropriate, the FMSC, and in the case of a mariner applying for a 
TWIC, on the Coast Guard, if TSA determines that the applicant does not 
meet the security threat assessment standards described in Sec.  1572.5 
and may pose an imminent security threat. The Initial Determination of 
Threat Assessment and Immediate Revocation includes--
    (i) A statement that TSA has determined that the applicant poses a 
security threat warranting immediate revocation of a TWIC and 
unescorted access to secure areas;
    (ii) The basis for the determination;
    (iii) Information about how the applicant may appeal the 
determination, as described in 49 CFR 1515.5(h); and
    (iv) A statement that if the applicant chooses not to appeal TSA's 
determination within 60 days of receipt of the Initial Determination 
and Immediate Revocation, the Initial Determination and Immediate 
Revocation becomes a Final Determination of Threat Assessment.
    (4) TSA serves a Final Determination of Threat Assessment on the 
applicant, the applicant's employer where appropriate, the FMSC, and in 
the case of a mariner applying for a TWIC, on the Coast Guard, if the 
appeal of the Initial Determination results in a finding that the 
applicant poses a security threat.
    (5) TSA serves a Withdrawal of the Initial Determination of Threat 
Assessment on the applicant. TSA serves a Withdrawal of Final 
Determination of Threat Assessment or a Determination of No Security 
Threat on the applicant, the applicant's employer where appropriate, 
and in the case of a mariner applying for a TWIC, the Coast Guard, if 
the appeal results in a finding that the applicant does not pose a 
security threat, or if TSA grants the applicant a waiver pursuant to 49 
CFR 1515.7.
    (e) Expiration date for a TWIC. A TWIC expires five years after it 
was issued, at the end of the month in which it was issued.


Sec.  1572.23  Conforming equipment; Incorporation by reference.

    Each owner/operator required to have access control systems and 
equipment, including card readers, in conjunction with TWIC, must meet 
TSA-approved standards. The standards are set forth in FIPS-201-1 
Personal Identity Verification (PIV) of Federal Employees and 
Contractors, March, 2006, by the National Institute of Standards and 
Technology, U.S. Department of Commerce; Technical Implementation 
Guidance: Smart Card Enabled Physical Access Control Systems, Version 
2.3, 2006, by the Physical Access Interagency Interoperability Working 
Group, approved by the Government Smart Card Interagency Advisory 
Board; and the TWIC Smart Card Reader Specification, Version 0.6, 
August 25, 2005. TSA plans to incorporate these standards by reference 
in the final rule. The Director of the Federal Register approves this 
incorporation by reference in accordance with 5 U.S.C. 552(a) and 1 CFR 
part 51. You may obtain copies from the Credentialing Program Office 
(Attn: TWIC Program), TSA-19, Transportation Security Administration, 
601 South 12th Street, Arlington, VA 22202-4220; e-mail: 
[email protected]. You may inspect or make copies at: TSA's Docket 
No. TSA-2006-24191, at http://dms.dot.gov, or by visiting the Docket 
Management Facility, U.S. Department of Transportation, Room Plaza 401, 
400 Seventh Street SW., Washington, DC 20590-0001; accessing the 
``Industry Standards of TWIC'' portion of the Industry Partners/TSA 
Pilots & Programs section of TSA's Web site at http://www.tsa.gov/public/; or at the National Archives and Records Administration (NARA). 
For information on the availability of this material at NARA, call 202-
741-6030, or go to http://www.archives.gov/federal_register/code_of_federal_regulations/ibr_locations.html.


Sec.  1572.24-1572.40  [Reserved]


Sec.  1572.41  Compliance, inspection, and enforcement.

    (a) Each owner/operator must allow TSA, at any time or place, to 
make any inspections or tests, including copying records, to determine 
compliance of an owner/operator with--
    (1) This subchapter and part 1520 of this chapter; and
    (2) 46 U.S.C. 70105 and 49 U.S.C. 114.
    (b) At the request of TSA, each owner/operator must provide 
evidence of compliance with this part, including copies of records.

Subpart B--Qualification Standards for Security Threat Assessments


Sec.  1572.101  Scope.

    This subpart applies to applicants who hold or are applying to 
obtain, renew, or transfer an HME or TWIC. Applicants for an HME are 
subject to safety requirements issued by the Federal Motor Carrier 
Safety Administration under 49 CFR part 383 and by the State issuing 
the HME, including additional immigration status and criminal history 
standards.


Sec.  1572.103  Disqualifying criminal offenses.

    (a) Permanent disqualifying criminal offenses. An applicant has a 
permanent disqualifying offense, if convicted, or found not guilty by 
reason of insanity, in a civilian or military jurisdiction of any of 
the following felonies:
    (1) Espionage or conspiracy to commit espionage.
    (2) Sedition, or conspiracy to commit sedition.
    (3) Treason, or conspiracy to commit treason.
    (4) A crime listed in 18 U.S.C. Chapter 113B--Terrorism, or a State 
law that is comparable, or conspiracy to commit such crime.
    (5) A crime involving a transportation security incident. A 
transportation security incident is a security incident resulting in a 
significant loss of life, environmental damage, transportation

[[Page 29458]]

system disruption, or economic disruption in a particular area, as 
defined in 46 U.S.C. 70101. A work stoppage, or other nonviolent 
employee-related action, resulting from an employer-employee dispute is 
not a transportation security incident.
    (6) Improper transportation of a hazardous material under 49 U.S.C. 
5124, or a State law that is comparable.
    (7) Unlawful possession, use, sale, distribution, manufacture, 
purchase, receipt, transfer, shipping, transporting, import, export, 
storage of, or dealing in an explosive or explosive device. An 
explosive or explosive device includes, but is not limited to, an 
explosive or explosive material as defined in 18 U.S.C. 232(5), 841(c) 
through 841(f), and 844(j); and a destructive device, as defined in 18 
U.S.C. 921(a)(4) and 26 U.S.C. 5845(f).
    (8) Murder.
    (9) Conspiracy or attempt to commit the crimes in paragraphs (a)(5) 
through (a)(8).
    (10) Violations of the Racketeer Influenced and Corrupt 
Organizations Act, 18 U.S.C. 1961, et seq., or a State law that is 
comparable, where one of the predicate acts found by a jury or admitted 
by the defendant, consists of one of the offenses listed in paragraphs 
(a)(4) or (a)(8) of this section.
    (b) Interim disqualifying criminal offenses. The felonies listed in 
paragraphs (b)(1) through (b)(14) of this section are disqualifying, if 
either the applicant was convicted, or found not guilty by reason of 
insanity, of the crime in a civilian or military jurisdiction, within 
the seven years preceding the date of application; or the applicant was 
released from incarceration for the crime, within the five years 
preceding the date of application.
    (1) Assault with intent to murder.
    (2) Kidnapping or hostage taking.
    (3) Rape or aggravated sexual abuse.
    (4) Unlawful possession, use, sale, manufacture, purchase, 
distribution, receipt, transfer, shipping, transporting, delivery, 
import, export of, or dealing in a firearm or other weapon. A firearm 
or other weapon includes, but is not limited to, firearms as defined in 
18 U.S.C. 921(a)(3) or 26 U.S.C.5 845(a), or items contained on the 
U.S. Munitions Import List at 27 CFR 447.21.
    (5) Extortion.
    (6) Dishonesty, fraud, or misrepresentation, including identity 
fraud.
    (7) Bribery.
    (8) Smuggling.
    (9) Immigration violations.
    (10) Violations of the Racketeer Influenced and Corrupt 
Organizations Act, 18 U.S.C. 1961, et seq., or a State law that is 
comparable, other than the violations listed in paragraph (a)(10) of 
this section.
    (11) Robbery.
    (12) Distribution of, possession with intent to distribute, or 
importation of a controlled substance.
    (13) Arson.
    (14) Conspiracy or attempt to commit the crimes in this paragraph 
(b).
    (c) Under want or warrant. An applicant who is wanted, or under 
indictment in any civilian or military jurisdiction for a felony listed 
in this section, is disqualified until the want or warrant is released.
    (d) Determination of arrest status. (1) When a fingerprint-based 
check discloses an arrest for a disqualifying crime listed in this 
section without indicating a disposition, TSA will so notify the 
applicant and provide instructions on how the applicant must clear the 
disposition, in accordance with paragraph (d)(2) of this section.
    (2) The applicant must provide TSA with written proof that the 
arrest did not result in a disqualifying criminal offense, within 60 
days after the service date of the notification in paragraph (d)(1) of 
this section. If TSA does not receive proof in that time, TSA will 
notify the applicant that he or she is disqualified. In the case of an 
HME, TSA will notify the State that the applicant is disqualified, and 
in the case of a mariner applying for TWIC, TSA will notify the Coast 
Guard that the applicant is disqualified.


Sec.  1572.105  Immigration status.

    (a) An applicant applying for a security threat assessment for a 
TWIC or HME must be--
    (1) A citizen of the United States who has not renounced or lost 
his or her U.S. citizenship;
    (2) A lawful permanent resident of the United States, as defined in 
Sec.  101(a)(20) of the Immigration and Nationality Act (8 U.S.C. 
1101); or
    (3) An individual who is--
    (i) In lawful nonimmigrant status, and possesses valid evidence of 
unrestricted employment authorization;
    (ii) A refugee admitted under 8 U.S.C. 1157, and possessing valid 
evidence of unrestricted employment authorization;
    (iii) An alien granted asylum under 8 U.S.C. 1158, and possessing 
valid evidence of unrestricted employment authorization; or
    (iv) A commercial driver licensed by Canada or Mexico, who is 
admitted to the United States, under 8 CFR 214.2(b)(4)(i)(E), to 
conduct business in the United States.
    (b) To determine an applicant's immigration status, TSA checks 
relevant Federal databases and may perform other checks, including 
verifying the validity of the applicant's social security number or 
alien registration number.


Sec.  1572.107  Other analyses.

    (a) TSA checks the following databases, and analyzes the resulting 
information, to determine whether applicant poses a security threat:
    (1) Interpol and other international databases, as appropriate.
    (2) Terrorist watchlists and related databases.
    (3) Any other databases relevant to determining whether an 
applicant poses, or is suspected of posing, a security threat, or that 
confirm an applicant's identity.
    (b) TSA may determine that an applicant poses a security threat, if 
the search conducted under this part reveals extensive foreign or 
domestic criminal convictions, a conviction for a serious crime not 
listed in Sec.  1572.103, or a period of foreign or domestic 
imprisonment that exceeds 365 consecutive days.


Sec.  1572.109  Mental incapacity.

    (a) An applicant has mental incapacity, if he or she has been--
    (1) Adjudicated as lacking mental capacity; or
    (2) Committed to a mental health facility.
    (b) An applicant is adjudicated as lacking mental capacity, if--
    (1) A court, board, commission, or other lawful authority has 
determined that the applicant, as a result of marked subnormal 
intelligence, mental illness, incompetence, condition, or disease, is a 
danger to him- or herself or others, or lacks the mental capacity to 
conduct or manage his or her own affairs.
    (2) This includes a finding of insanity by a court in a criminal 
case and a finding of incompetence to stand trial; or a finding of not 
guilty by reason of lack of mental responsibility, by any court, or 
pursuant to articles 50a and 76b of the Uniform Code of Military 
Justice (10 U.S.C. 850a and 876b).
    (c) An applicant is committed to a mental health facility, if he or 
she is formally committed to a mental health facility by a court, 
board, commission, or other lawful authority, including involuntary 
commitment and commitment for lacking mental capacity, mental illness, 
and drug use. This does not include commitment to a mental health 
facility for observation or voluntary admission to a mental health 
facility.

[[Page 29459]]

Sec. Sec.  1572.111-1572.139  [Reserved]

Subpart C--Transportation of Explosives From Canada to the United 
States


Sec.  1572.201  Via commercial motor vehicle.

    (a) Applicability. This section applies to carriers that carry 
explosives from Canada to the United States, using a driver who is not 
a U.S. citizen or lawful permanent resident alien of the United States.
    (b) Terms used in this section. For purposes of this section:
    Carrier means any ``motor carrier'' or ``motor private carrier'', 
as defined in 49 U.S.C. 13102(12) and (13), respectively.
    Customs Service means the U.S. Customs Service.
    Explosive means a material that has been examined by the Associate 
Administrator for Hazardous Materials Safety, Research and Special 
Programs Administration, in accordance with 49 CFR 173.56, and 
determined to meet the definition for a Class 1 material in 49 CFR 
173.50.
    Known carrier means a person that has been determined by the 
Governments of Canada and the United States to be a legitimate 
business, operating in accordance with all applicable laws and 
regulations governing the transportation of explosives.
    Known driver means a driver of a motor vehicle who has been 
determined by the Governments of Canada and the United States to 
present no known security concern.
    Known offeror means an offeror that has been determined by the 
Governments of Canada and the United States to be a legitimate 
business, operating in accordance with all applicable laws and 
regulations governing the transportation of explosives.
    Lawful permanent resident alien means a lawful permanent resident 
alien of the United States, as defined by 8 U.S.C. 1101(a)(2).
    Offeror means the person offering a shipment to the carrier for 
transportation from Canada to the United States, and may also be known 
as the ``consignor'' in Canada.
    (c) Prior approval of carrier, offeror, and driver. (1) No carrier 
may transport in commerce any explosive into the United States from 
Canada via motor vehicle, if the driver of the vehicle is a not a U. S. 
citizen or lawful permanent resident alien, unless the carrier, 
offeror, and driver are identified on a TSA list as a known carrier, 
known offeror, and known driver, respectively.
    (2) The carrier must ensure that it, its offeror, and its driver 
have been determined to be a known carrier, known offeror, and known 
driver, respectively. If any has not been so determined, the carrier 
must submit the following information to Transport Canada:
    (i) The carrier must provide its--
    (A) Official name;
    (B) Business number;
    (C) Any trade names; and
    (D) Address.
    (ii) The following information about any offeror of explosives 
whose shipments it will carry:
    (A) Official name.
    (B) Business number.
    (C) Address.
    (iii) The following information about any driver the carrier may 
use to transport explosives into the United States from Canada, who is 
neither a U.S. citizen nor lawful permanent resident alien of the 
United States:
    (A) Full name.
    (B) Canada Commercial Driver's License number.
    (C) Both current and most recent prior residential addresses.
    (3) Transport Canada will determine that the carrier and offeror 
are legitimately doing business in Canada, and will also determine that 
the drivers are properly licensed and present no known problems for 
purposes of this section. Transport Canada will notify TSA of these 
determinations by forwarding to TSA lists of known carriers, offerors, 
and drivers and their identifying information.
    (4) TSA will update and maintain the list of known carriers, 
offerors, and drivers and forward the list to the Customs Service.
    (5) Once included on the list, the carriers, offerors, and drivers 
need not obtain prior approval for future transport of explosives under 
this section.
    (d) TSA checks. TSA may periodically check the data on the 
carriers, offerors, and drivers to confirm their continued eligibility, 
and may remove from the list any that TSA determines is not known or is 
a threat to security.
    (e) At the border--(1) Driver who is not a U.S. citizen or lawful 
permanent resident alien. Upon arrival at the border, and prior to 
entry into the United States, the driver must provide a valid Canadian 
commercial driver's license to the Customs Service.
    (2) Driver who is a U.S. citizen or lawful permanent resident 
alien. If the Customs Service cannot verify that the driver is on the 
list, and if the driver is a U.S. citizen or lawful permanent resident 
alien, the driver may be cleared by the Customs Service upon 
providing--
    (i) A valid U.S. passport; or
    (ii) One or more other document(s), including a form of U.S. 
Federal or State Government-issued identification with photograph, 
acceptable to the Customs Service.
    (3) Compliance. If a carrier attempts to enter the United States 
without having complied with this section, the Customs Service will 
deny entry of the explosives and may take other appropriate action.


Sec.  1572.203  Via railroad carrier.

    (a) Applicability. This section applies to railroad carriers that 
carry explosives from Canada to the United States, using a train crew 
member who is not a U.S. citizen or lawful permanent resident alien of 
the United States.
    (b) Terms under this section. For purposes of this section:
    Customs Service means the U.S. Customs Service.
    Explosive means a material that has been examined by the Associate 
Administrator for Hazardous Materials Safety, Research and Special 
Programs Administration, in accordance with 49 CFR 173.56, and 
determined to meet the definition for a Class 1 material in 49 CFR 
173.50.
    Known railroad carrier means a person that has been determined by 
the Governments of Canada and the United States to be a legitimate 
business, operating in accordance with all applicable laws and 
regulations governing the transportation of explosives.
    Known offeror means an offeror that has been determined by the 
Governments of Canada and the United States to be a legitimate 
business, operating in accordance with all applicable laws and 
regulations governing the transportation of explosives.
    Known train crew member means an individual used to transport 
explosives from Canada to the United States, who has been determined by 
the Governments of Canada and the United States to present no known 
security concern.
    Lawful permanent resident alien means a lawful permanent resident 
alien of the United States, as defined by 8 U.S.C. 1101(a)(2).
    Offeror means the person offering a shipment to the railroad 
carrier for transportation from Canada to the United States, and may 
also be known as the ``consignor'' in Canada.
    Railroad carrier means ``railroad carrier'', as defined in 49 
U.S.C. 20102.
    (c) Prior approval of railroad carrier, offeror, and train crew 
member. (1) No railroad carrier may transport in

[[Page 29460]]

commerce any explosive into the United States from Canada, via a train 
operated by a crew member who is not a U.S. citizen or lawful permanent 
resident alien, unless the railroad carrier, offeror, and train crew 
member are identified on a TSA list as a known railroad carrier, known 
offeror, and known train crew member, respectively.
    (2) The railroad carrier must ensure that it, its offeror, and each 
of its crew members have been determined to be a known railroad 
carrier, known offeror, and known train crew member, respectively. If 
any has not been so determined, the railroad carrier must submit the 
following information to Transport Canada:
    (i) The railroad carrier must provide its--
    (A) Official name;
    (B) Business number;
    (C) Any trade names; and
    (D) Address.
    (ii) The following information about any offeror of explosives 
whose shipments it will carry:
    (A) Official name.
    (B) Business number.
    (C) Address.
    (iii) The following information about any train crew member the 
railroad carrier may use to transport explosives into the United States 
from Canada, who is neither a U.S. citizen nor lawful permanent 
resident alien:
    (A) Full name.
    (B) Both current and most recent prior residential addresses.
    (3) Transport Canada will determine that the railroad carrier and 
offeror are legitimately doing business in Canada and will also 
determine that the train crew members present no known problems for 
purposes of this section. Transport Canada will notify TSA of these 
determinations by forwarding to TSA lists of known railroad carriers, 
offerors, and train crew members and their identifying information.
    (4) TSA will update and maintain the list of known railroad 
carriers, offerors, and train crew members and forward the list to the 
Customs Service.
    (5) Once included on the list, the railroad carriers, offerors, and 
train crew members need not obtain prior approval for future transport 
of explosives under this section.
    (d) TSA checks. TSA may periodically check the data on the railroad 
carriers, offerors, and train crew members to confirm their continued 
eligibility, and may remove from the list any that TSA determines is 
not known or is a threat to security.
    (e) At the border--(1) Train crew members who are not U.S. citizens 
or lawful permanent resident aliens. Upon arrival at a point designated 
by the Customs Service for inspection of trains crossing into the 
United States, the train crew members of a train transporting 
explosives must provide sufficient identification to the Customs 
Service to enable that agency to determine if each crew member is on 
the list of known train crew members maintained by TSA.
    (2) Train crew members who are U.S. citizens or lawful permanent 
resident aliens. If the Customs Service cannot verify that the crew 
member is on the list and the crew member is a U.S. citizen or lawful 
permanent resident alien, the crew member may be cleared by the Customs 
Service upon providing--
    (i) A valid U.S. passport; or
    (ii) One or more other document(s), including a form of U.S. 
Federal or state Government-issued identification with photograph, 
acceptable to the Customs Service.
    (3) Compliance. If a carrier attempts to enter the U.S. without 
having complied with this section, the Customs Service will deny entry 
of the explosives and may take other appropriate action.

Subpart D--[Reserved]

Subpart E--Fees for Security Threat Assessments for Hazmat Drivers


Sec.  1572.400  Scope and definitions.

    (a) Scope. This part applies to--
    (1) States that issue an HME for a commercial driver's license;
    (2) Individuals who apply to obtain or renew an HME for a 
commercial driver's license and must undergo a security threat 
assessment under 49 CFR part 1572; and
    (3) Entities who collect fees from such individuals on behalf of 
TSA.
    (b) Terms. As used in this part:
    Commercial driver's license (CDL) is used as defined in 49 CFR 
383.5.
    Day means calendar day.
    FBI Fee means the fee required for the cost of the Federal Bureau 
of Investigation (FBI) to process fingerprint identification records 
and name checks.
    Information Collection Fee means the fee required, in this part, 
for the cost of collecting and transmitting fingerprints and other 
applicant information under 49 CFR part 1572.
    Threat Assessment Fee means the fee required, in this part, for the 
cost of TSA adjudicating security threat assessments, appeals, and 
waivers under 49 CFR part 1572.
    TSA agent means an entity approved by TSA to collect and transmit 
fingerprints and applicant information, in accordance with 49 CFR part 
1572, and fees in accordance with this part.


Sec.  1572.401  Fee collection options.

    (a) State collection and transmission. If a State collects 
fingerprints and applicant information under 49 CFR part 1572, the 
State must collect and transmit to TSA the Threat Assessment Fee, in 
accordance with the requirements of Sec.  1572.403. The State also must 
collect and remit the FBI Fee, in accordance with established 
procedures.
    (b) TSA agent collection and transmission. If a TSA agent collects 
fingerprints and applicant information under 49 CFR part 1572, the 
agent must--
    (1) Collect the Information Collection Fee, Threat Assessment Fee, 
and FBI Fee, in accordance with procedures approved by TSA;
    (2) Transmit to TSA the Threat Assessment Fee, in accordance with 
procedures approved by TSA; and
    (3) Transmit to TSA the FBI Fee, in accordance with procedures 
approved by TSA and the FBI.


Sec.  1572.403  Procedures for collection by States.

    This section describes the procedures that a State, which collects 
fingerprints and applicant information under 49 CFR part 1572; and the 
procedures an individual who applies to obtain or renew an HME, for a 
CDL in that State, must follow for collection and transmission of the 
Threat Assessment Fee and the FBI Fee.
    (a) Imposition of fees. (1) The following Threat Assessment Fee is 
required for TSA to conduct a security threat assessment, under 49 CFR 
part 1572, for an individual who applies to obtain or renew an HME: 
$34.
    (2) The following FBI Fee is required for the FBI to process 
fingerprint identification records and name checks required under 49 
CFR part 1572: the fee collected by the FBI under 28 U.S.C. 534.
    (3) An individual who applies to obtain or renew an HME, or the 
individual's employer, must remit to the State the Threat Assessment 
Fee and the FBI Fee, in a form and manner approved by TSA and the 
State, when the individual submits the application for the HME to the 
State.
    (b) Collection of fees. (1) A State must collect the Threat 
Assessment Fee and FBI Fee, when an individual submits an application 
to the State to obtain or renew an HME.
    (2) Once TSA receives an application from a State for a security 
threat assessment under 49 CFR part 1572, the State is liable for the 
Threat Assessment Fee.

[[Page 29461]]

    (3) Nothing in this subpart prevents a State from collecting any 
other fees that a State may impose on an individual who applies to 
obtain or renew an HME.
    (c) Handling of fees. (1) A State must safeguard all Threat 
Assessment Fees, from the time of collection until remittance to TSA.
    (2) All Threat Assessment Fees are held in trust by a State for the 
beneficial interest of the United States in paying for the costs of 
conducting the security threat assessment, required by 49 U.S.C. 5103a 
and 49 CFR part 1572. A State holds neither legal nor equitable 
interest in the Threat Assessment Fees, except for the right to retain 
any accrued interest on the principal amounts collected pursuant to 
this section.
    (3) A State must account for Threat Assessment Fees separately, but 
may commingle such fees with other sources of revenue.
    (d) Remittance of fees. (1) TSA will generate and provide an 
invoice to a State on a monthly basis. The invoice will indicate the 
total fee dollars (number of applicants times the Threat Assessment 
Fee) that are due for the month.
    (2) A State must remit to TSA full payment for the invoice, within 
30 days after TSA sends the invoice.
    (3) TSA accepts Threat Assessment Fees only from a State, not from 
an individual applicant for an HME.
    (4) A State may retain any interest that accrues on the principal 
amounts collected between the date of collection and the date the 
Threat Assessment Fee is remitted to TSA, in accordance with paragraph 
(d)(2) of this section.
    (5) A State may not retain any portion of the Threat Assessment Fee 
to offset the costs of collecting, handling, or remitting Threat 
Assessment Fees.
    (6) Threat Assessment Fees, remitted to TSA by a State, must be in 
U.S. currency and made payable to the ``Transportation Security 
Administration.''
    (7) Threat Assessment Fees must be remitted by check, money order, 
wire, or any other payment method acceptable to TSA.
    (8) TSA will not issue any refunds of Threat Assessment Fees.
    (9) If a State does not remit the Threat Assessment Fees for any 
month, TSA may decline to process any HME applications from that State.


Sec.  1572.405  Procedures for collection by TSA.

    This section describes the procedures that an individual, who 
applies to obtain or renew an HME for a CDL, must follow if a TSA agent 
collects and transmits the Information Collection Fee, Threat 
Assessment Fee, and FBI Fee.
    (a) Imposition of fees. (1) The following Information Collection 
Fee is required for a TSA agent to collect and transmit fingerprints 
and applicant information, in accordance with 49 CFR part 1572: $38.
    (2) The following Threat Assessment Fee is required for TSA to 
conduct a security threat assessment, under 49 CFR part 1572, for an 
individual who applies to obtain or renew an HME: $34.
    (3) The following FBI Fee is required for the FBI to process 
fingerprint identification records and name checks required under 49 
CFR part 1572: The fee collected by the FBI under 28 U.S.C. 534.
    (4) An individual who applies to obtain or renew an HME, or the 
individual's employer, must remit to the TSA agent the Information 
Collection Fee, Threat Assessment Fee, and FBI Fee, in a form and 
manner approved by TSA, when the individual submits the application 
required under 49 CFR part 1572.
    (b) Collection of fees. A TSA agent will collect the fees required 
under this section, when an individual submits an application to the 
TSA agent, in accordance with 49 CFR part 1572.
    (c) Remittance of fees. (1) Fees required under this section, which 
are remitted to a TSA agent, must be made in U.S. currency and made 
payable to the ``Transportation Security Administration.''
    (2) Fees required under this section must be remitted by check, 
money order, wire, or any other payment method acceptable to TSA.
    (3) TSA will not issue any refunds of fees required under this 
section.
    (4) Applications, submitted in accordance with 49 CFR part 1572, 
will be processed only upon receipt of all applicable fees under this 
section.

Subpart F--Fees for Security Threat Assessments for Transportation 
Worker Identification Credential (TWIC)


Sec.  1572.500  Scope.

    This subpart applies to individuals who apply for, or renew, a 
Transportation Worker Identification Credential and must undergo a 
security threat assessment under 49 CFR part 1572.


Sec.  1572.501  Fee collection.

    When TSA collects fingerprints and applicant information under 49 
CFR 1572.17, TSA will collect the Information Collection Fee, Threat 
Assessment Fee, and FBI Fee, in accordance with procedures approved by 
TSA.


Sec.  1572.503  Fee procedures for collection by TSA or its agent.

    (a) When an individual submits the application, required under 49 
CFR 1572.17, to obtain or renew a TWIC, the fee must be remitted to TSA 
or its approved agent in a form and manner approved by TSA.
    (1) The fee to obtain or renew a TWIC, other than for those 
identified in paragraph (a)(2) of this section, is $95-149, depending 
on the services provided to the regulated party, plus any increase in 
the FBI Fee that may be made. This fee is made up of the total of the 
following component fees:
    (i) The Information Collection/Credential Issuance Fee covers the 
cost for TSA or its agent to enroll applicants and is $45-$65.
    (ii) The Threat Assessment/Credential Production Fee covers the 
cost for TSA or its agent to conduct a security threat assessment and 
is $50-$62.
    (iii) The FBI Fee is collected by the FBI under 28 U.S.C. 534 to 
process fingerprint identification records and name checks, which is 
$22, plus any increase that the FBI may make.
    (2) The fee to obtain a TWIC when the applicant has undergone a 
comparable threat assessment in connection with an HME, a FAST card, or 
other threat assessment, as provided in Sec.  1572.5(d); or holds an 
MMD or License as provided in Sec.  1572.19(b), is $50. This fee is 
made up of the Information Collection/Credential Issuance Fee and a 
reduced fee for the Threat Assessment/Credential Production Fee. Such 
applicants are not charged the FBI Fee.
    (3) The fee to replace a credential that has been lost, stolen, or 
damaged is $36.
    (b) Form of fees. (1) Fees, required under this section, must be 
made in U.S. currency, and made payable to the ``Transportation 
Security Administration.''
    (2) Fees, required under this section, must be remitted by check, 
money order, wire, or any other payment method acceptable to TSA.
    (c) TSA will not issue any refunds of fees required under this 
section.
    (d) Applications, submitted in accordance with 49 CFR 1572.17, will 
be processed only upon receipt of all applicable fees.
    (e) The fees prescribed in paragraphs (a)(1)(i) and (a)(1)(ii) of 
this section may be adjusted annually on or after October 1, 2007, by 
publication of an inflation adjustment. A final rule in the Federal 
Register will announce the inflation adjustment. The adjustment shall 
be a composite of the Federal civilian pay raise assumption and non-pay 
inflation factor for that fiscal year issued by the

[[Page 29462]]

Office of Management and Budget for agency use in implementing OMB 
Circular A-76, weighted by the pay and non-pay proportions of total 
funding for that fiscal year. If Congress enacts a different Federal 
civilian pay raise percentage than the percentage issued by OMB for 
Circular A-76, the Department of Homeland Security may adjust the fees 
to reflect the enacted level. The required fee shall be the amount 
prescribed in paragraphs (a)(1)(i) and (a)(1)(ii), plus the latest 
inflation adjustment.
    (f) Any FBI Fee amendment that increases or decreases its fees to 
process fingerprint identification records and name checks will apply 
to the FBI fees identified in this regulation effective on the date of 
the FBI increase or decrease.

    Dated: May 10, 2006.
Thomas H. Collins,
Commandant, United States Coast Guard.
Kip Hawley,
 Assistant Secretary, Transportation Security Administration.
[FR Doc. 06-4508 Filed 5-12-06; 12:25 pm]
BILLING CODE 4910-15-P