[Federal Register Volume 73, Number 211 (Thursday, October 30, 2008)]
[Proposed Rules]
[Pages 64790-64855]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-23685]



[[Page 64789]]

-----------------------------------------------------------------------

Part III





Department of Homeland Security





-----------------------------------------------------------------------



Transportation Security Administration



-----------------------------------------------------------------------



49 CFR Parts 1515, 1520, et al.



 Large Aircraft Security Program, Other Aircraft Operator Security 
Program, and Airport Operator Security Program; Proposed Rule

  Federal Register / Vol. 73, No. 211 / Thursday, October 30, 2008 / 
Proposed Rules  

[[Page 64790]]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration

49 CFR Parts 1515, 1520, 1522, 1540, 1542, 1544, and 1550

[Docket No. TSA-2008-0021]
RIN 1652-AA53


Large Aircraft Security Program, Other Aircraft Operator Security 
Program, and Airport Operator Security Program

AGENCY: Transportation Security Administration, DHS.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Transportation Security Administration (TSA) proposes to 
amend current aviation transportation security regulations to enhance 
the security of general aviation by expanding the scope of current 
requirements and by adding new requirements for certain large aircraft 
operators and airports serving those aircraft. TSA is proposing to 
require that all aircraft operations, including corporate and private 
operations, with aircraft with a maximum certificated takeoff weight 
(MTOW) above 12,500 pounds (``large aircraft'') adopt a large aircraft 
security program (LASP). This security program would be based on the 
current security program that applies to operators providing scheduled 
or charter services.
    TSA also proposes to require large aircraft operators to contract 
with TSA-approved auditors to conduct audits of the operators' 
compliance with their security programs and with TSA-approved watch-
list service providers to verify that their passengers are not on the 
No Fly and/or Selectee portions of the consolidated terrorist watch-
list maintained by the Federal Government. This proposed rule describes 
the process and criteria under which auditors and companies that 
perform watch-list matching would obtain TSA approval.
    TSA also proposes further security measures for large aircraft 
operators in all-cargo operations and for operators of passenger 
aircraft with a MTOW of over 45,500 kilograms (100,309.3 pounds), 
operated for compensation or hire. TSA also proposes to require that 
certain airports that serve large aircraft adopt security programs and 
amend the security program for full program and full all-cargo 
operators.

DATES: Submit comments by December 29, 2008.

ADDRESSES: You may submit comments, identified by the TSA docket number 
to this rulemaking, to the Federal Docket Management System (FDMS), a 
government-wide, electronic docket management system, using any one of 
the following methods:
    Electronically: You may submit comments through the Federal 
eRulemaking portal at http://www.regulations.gov. Follow the online 
instructions for submitting comments.
    Mail, In Person, or Fax: Address, hand-deliver, or fax your written 
comments to the Docket Management Facility, U.S. Department of 
Transportation, 1200 New Jersey Avenue, SE., West Building Ground 
Floor, Room W12-140, Washington, DC 20590-0001; Fax 202-493-2251. The 
Department of Transportation (DOT), which maintains and processes TSA's 
official regulatory dockets, will scan the submission and post it to 
FDMS.
    See SUPPLEMENTARY INFORMATION for format and other information 
about comment submissions.

FOR FURTHER INFORMATION CONTACT: For program questions: Erik Jensen, 
Branch Chief--Policy, Plans & Stakeholder Affairs, Office of General 
Aviation, TSNM, TSA-28, Transportation Security Administration, 601 
South 12th Street, Arlington, VA 22202-4220; telephone (571) 227-2401; 
facsimile (571) 227-2920; e-mail [email protected].
    For questions regarding Sensitive Security Information (SSI): 
Andrew Colsky, Director, SSI Office, Office of the Special Counselor 
(OSC), TSA-31, Transportation Security Administration, 601 South 12th 
Street, Arlington, VA 22202-4220; telephone (571) 227-3513; facsimile 
(571) 227-2945; e-mail [email protected].

SUPPLEMENTARY INFORMATION:

Comments Invited

    TSA invites interested persons to participate in this rulemaking by 
submitting written comments, data, or views. We also invite comments 
relating to the economic, environmental, energy, or federalism impacts 
that might result from this rulemaking action. See ADDRESSES above for 
information on where to submit comments.
    With each comment, please identify the docket number at the 
beginning of your comments. TSA encourages commenters to provide their 
names and addresses. The most helpful comments reference a specific 
portion of the rulemaking, explain the reason for any recommended 
change, and include supporting data. You may submit comments and 
material electronically, in person, by mail, or fax as provided under 
ADDRESSES, but please submit your comments and material by only one 
means. If you submit comments by mail or delivery, submit them in an 
unbound format, no larger than 8.5 by 11 inches, suitable for copying 
and electronic filing.
    If you want TSA to acknowledge receipt of comments submitted by 
mail, include with your comments a self-addressed, stamped postcard on 
which the docket number appears. We will stamp the date on the postcard 
and mail it to you.
    TSA will file in the public docket all comments received by TSA, 
except for comments containing confidential information and Sensitive 
Security Information (SSI).\1\ TSA will consider all comments received 
on or before the closing date for comments and will consider comments 
filed late to the extent practicable. The docket is available for 
public inspection before and after the comment closing date.
---------------------------------------------------------------------------

    \1\ ``Sensitive Security Information'' or ``SSI'' is information 
obtained or developed in the conduct of security activities, the 
disclosure of which would constitute an unwarranted invasion of 
privacy, reveal trade secrets or privileged or confidential 
information, or be detrimental to the security of transportation. 
The protection of SSI is governed by 49 CFR part 1520.
---------------------------------------------------------------------------

Handling of Confidential or Proprietary Information and Sensitive 
Security Information (SSI) Submitted in Public Comments

    Do not submit comments that include trade secrets, confidential 
commercial, or financial information, or SSI to the public regulatory 
docket. Please submit such comments separately from other comments on 
the rulemaking. Comments containing this type of information should be 
appropriately marked as containing such information and submitted by 
mail to the address listed in FOR FURTHER INFORMATION CONTACT section.
    Upon receipt of such comments, TSA will not place the comments in 
the public docket and will handle them in accordance with applicable 
safeguards and restrictions on access. TSA will hold them in a separate 
file to which the public does not have access, and place a note in the 
public docket that TSA has received such materials from the commenter. 
If TSA receives a request to examine or copy this information, TSA will 
treat it as any other request under the Freedom of Information Act 
(FOIA) (5 U.S.C. 552) and the Department of Homeland Security's (DHS) 
FOIA regulation found in 6 CFR part 5.

Reviewing Comments in the Docket

    Please be aware that anyone is able to search the electronic form 
of all comments received into any of our

[[Page 64791]]

dockets by the name of the individual submitting the comment (or 
signing the comment, if submitted on behalf of an association, 
business, labor union, etc.). You may review the applicable Privacy Act 
Statement published in the Federal Register on April 11, 2000 (65 FR 
19477), or you may visit http://docketinfo.gov.
    You may review TSA's electronic public docket on the Internet at 
http://www.regulations.gov. In addition, DOT's Docket Management 
Facility provides a physical facility, staff, equipment, and assistance 
to the public. To obtain assistance or to review comments in TSA's 
public docket, you may visit this facility between 9 a.m. 5 p.m., 
Monday through Friday, excluding legal holidays, or call (202) 366-
9826. This docket operations facility is located in the West Building 
Ground Floor, Room W12-140 at 1200 New Jersey Avenue, SE., Washington, 
DC 20590.

Availability of Rulemaking Document

    You can get an electronic copy using the Internet by--
    (1) Searching the electronic Federal Docket Management System 
(FDMS) Web page at http://www.regulations.gov;
    (2) Accessing the Government Printing Office's web page at http://www.gpoaccess.gov/fr/index.html; or
    (3) Visiting TSA's Security Regulations web page at http://www.tsa.gov and accessing the link for ``Research Center'' at the top 
of the page.
    In addition, copies are available by writing or calling the 
individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to 
identify the docket number of this rulemaking.

Abbreviations and Terms Used in This Document

AICPA--American Institute of Certified Public Accountants
ALJ--Administrative Law Judge
AOSC--Aircraft Operator Security Coordinator
AOSSP--Aircraft Operator Standard Security Program
ATSA--Aviation and Transportation Security Act
CFR--Code of Federal Regulations
CHRC--Criminal History Records Check
CJIS--Criminal Justice Information Services
CBP--U.S. Customs and Border Protection
DHS--U.S. Department of Homeland Security
FAMs--Federal Air Marshals
FAA--Federal Aviation Administration
FACAOSSP--Full All-Cargo Aircraft Operator Standard Security Program
FBI--Federal Bureau of Investigation
FISMA--Federal Information Security Management Act
GA--General Aviation
HME--Hazardous Materials Endorsement
IPA--Independent Public Accounting firm
IT--Information Technology
LASP--Large Aircraft Security Program
LEO--Law Enforcement Officer
MTOW--Maximum Certificated Take-Off Weight
NIST--National Institute of Standards and Technology
PPSSP--Partial Program Standard Security Program
PCSSP--Private Charter Standard Security Program
SSI--Sensitive Security Information
STA--Security Threat Assessment
TSC--Terrorist Screening Center
TSA--Transportation Security Administration
TWIC--Transportation Worker Identification Credential
TFSSP--Twelve-Five Standard Security Program

Outline of the Notice of Proposed Rulemaking

I. Introduction
    A. Current Standard Security Programs
    B. Current Security Programs for Large Aircraft
    C. Implementation and Compliance Schedule
II. Major Proposed Elements in This NPRM
    A. Major Requirements in the Proposed Large Aircraft Security 
Program
    B. Proposed Requirements for Certain Airports
    C. Passenger Checking Against the Watch-list
    D. Third-Party Audits for Large Aircraft Operators
    E. Proposed Amendments to the Full Program and the Full All-
Cargo Program
III. Section-by-Section Analysis
IV. Regulatory Requirements
    A. Paperwork Reduction Act
    B. Regulatory Impact Analyses
    1. Regulatory Evaluation Summary
    2. Executive Order 12866 Assessment
    3. Regulatory Flexibility Act Assessment
    4. International Trade Impact Assessment
    5. Unfunded Mandates Assessment
    C. Executive Order 13132, Federalism
    D. Environmental Analysis
    E. Energy Impact Analysis
List of Subjects
The Proposed Amendments

I. Introduction

    The aviation industry is composed of thousands of operators that 
conduct different types of operations in numerous different types of 
aircraft. Many aircraft operators are air carriers or commercial 
operators that offer transportation to the public for compensation or 
hire. Others are general aviation (GA) operators that do not offer 
transportation to the public. These operators often are corporate or 
private owners of aircraft that operate their aircraft for their own 
use or provide transportation for compensation or hire only to certain 
customers without offering transportation to the public in general.\2\
---------------------------------------------------------------------------

    \2\ There is no statutory or regulatory definition of ``general 
aviation.'' For the purposes of this NPRM, we use the term to refer 
to aircraft operations that are not air carriers or commercial, 
governmental or military operators.
---------------------------------------------------------------------------

    To date, the Federal Government's primary focus with regard to 
aviation security has been on air carriers and commercial operators 
that offer transportation for compensation or hire to the public. TSA 
requires these carriers and operators to develop and operate under a 
particular security program depending on the precise nature of their 
operations. A security program is a set of security procedures that 
will meet the requirements of applicable TSA regulations. For example, 
a security program would include specific measures to screen cargo, to 
transport Federal Air Marshals, to use personnel identification 
systems, and to provide training to employees, if the operator were 
subject to those requirements in TSA's regulation.
    With few exceptions, TSA does not currently require security 
programs for GA aircraft operators. As vulnerabilities and risks 
associated with air carriers and commercial operators have been reduced 
or mitigated, terrorists may view general aviation aircraft as more 
vulnerable and thus attractive targets. If hijacked and used as a 
missile, these aircraft would be capable of inflicting significant 
damage.
    The Federal Aviation Administration's (FAA) long-standing 
definition of ``large aircraft'' is an aircraft with a maximum 
certificated takeoff weight (MTOW) of over 12,500 pounds. See 14 CFR 
1.1. Based on the aviation industry's familiarity with this definition 
and TSA's belief that aircraft of this size pose a potential risk, TSA 
is proposing to require security programs for all operators of 
aircraft--GA or otherwise--that have a MTOW of over 12,500 pounds, 
excluding certain governmental operations (collectively, ``large 
aircraft operators'').\3\
---------------------------------------------------------------------------

    \3\ In general, aircraft that weigh over 12,500 pounds MTOW are 
those aircraft equipped with twin turboprop or turbojet engines. 
Typically corporate and charter aircraft have a seating 
configuration for 6-8 passengers, while similar aircraft used in 
scheduled passenger service would likely have 18 or more seats.
---------------------------------------------------------------------------

    Currently, TSA requires many large aircraft operators that are air 
carriers or commercial operators to implement security programs such as 
the Twelve-Five Security Program or the Private Charter Security 
Program.\4\ TSA is

[[Page 64792]]

proposing to expand this requirement to include previously unregulated 
large aircraft operators--namely, GA with a MTOW of over 12,500 pounds. 
Doing so will expand the large aircraft operator population required to 
have a TSA-approved security program to approximately 10,000 operators 
from the approximately 650 operators today. In addition, TSA is 
proposing to establish a single large aircraft security program (LASP) 
to replace the various security programs used by currently regulated 
large aircraft operators, such as air carriers and commercial 
operators. It is TSA's view that the proposed rule would enhance 
security significantly.
---------------------------------------------------------------------------

    \4\ Although aircraft operators that are subject to the full 
program under 49 CFR 1544.101(a), or the full all-cargo program 
under Sec.  1544.101(h), operate large aircraft, TSA does not 
include them in references to operators of large aircraft and large 
aircraft operators for purposes of this NPRM. Full program operators 
are generally known as the commercial airlines.
---------------------------------------------------------------------------

    TSA recognizes that this would greatly increase the number and type 
of operators subject to a TSA-approved security program. TSA invites 
comments on the weight threshold of aircraft covered by this proposed 
rule. For instance, parties may choose to comment on whether the 
security goals discussed herein would be met if security programs were 
required for GA aircraft only over some greater weight threshold. For 
example, we explain below that aircraft over 45,500 kg (100,309.3 
pounds) MTOW are currently covered by the ``private charter'' security 
program, which includes security measures in addition to those outlined 
in the ``twelve-five'' security program. Since incidents involving 
heavier aircraft have the potential to lead to greater damages and loss 
of life under one of the scenarios studied in our regulatory impact 
analysis, we specifically solicit comment on whether this would be a 
logical alternative weight threshold to consider for the increased 
security requirements for general aviation. Although TSA has concluded 
in this NPRM that the security benefits of the lower weight threshold 
of 12,500 lbs are justified by the risk and therefore justify the 
additional cost of the lower threshold, we welcome commenters' views on 
that topic, as well as on the cost-benefit impact of alternate weight 
thresholds.
    Below is a list of the major requirements GA aircraft operators 
would be required to adopt under the LASP; a more detailed discussion 
of the LASP and the individual requirements is in sections II and III 
of this preamble:
     Ensure that their flight crew members have undergone a 
fingerprint-based criminal history records check (CHRC).
     Conduct watch-list matching of their passengers through 
TSA-approved watch-list matching service providers.
     Undergo a biennial audit of their compliance by a TSA-
approved third party auditor.
     Comply with the current cargo requirements for the twelve-
five all-cargo program if conducting an all-cargo operation.
     For aircraft with a MTOW of over 45,500 kilograms operated 
for compensation or hire, screen passengers and their accessible 
property.
     Check property on board for unauthorized persons.
    In addition, TSA is proposing amendments to its regulations 
regarding airport security programs.\5\ TSA is proposing to require 
additional airports to adopt security programs, because these airports 
serve aircraft operators that either currently must carry out a 
security program or would be required to have a security program under 
the proposed rule. TSA proposes to require the following airports to 
adopt a security program:
---------------------------------------------------------------------------

    \5\ The regulations are in 49 CFR 1542.101.
---------------------------------------------------------------------------

     Reliever airports, which perform the function of relieving 
congestion at commercial service airports and provide more GA access to 
the overall community.
     Airports that regularly serve large aircraft with 
scheduled or public charter service.

A. Current Aircraft Operator Security Programs

    TSA requires security programs for air carriers and commercial 
operators that require security measures for individuals, property, and 
cargo aboard aircraft. Currently TSA requires security programs for 
full program, full all-cargo, partial, private charter, and twelve-five 
program operators. For full program operators,\6\ the standard security 
program \7\ is called an aircraft operator standard security program 
(AOSSP). For the full all-cargo program operators \8\ operating all-
cargo aircraft over 45,500 kg MTOW, the standard security program is 
the full all-cargo aircraft operator standard security program 
(FACAOSSP). The partial program \9\ applies to scheduled passenger or 
public charter operations in an aircraft with 31 or more, but 60 or 
fewer passenger seats that does not enplane from or deplane into a 
sterile area. The standard security program for private charters is the 
private charter standard security program.\10\ For other scheduled or 
charter flights, or all-cargo operations, in an aircraft with a MTOW of 
over 12,500 pounds, the standard security program is the twelve-five 
standard security program.\11\
---------------------------------------------------------------------------

    \6\ 49 CFR 1544.101(a).
    \7\ A standard security program is a security program issued by 
TSA that serves as the baseline for a particular type of operator. 
An aircraft operator's security program consists of the appropriate 
standard security program, together with any amendments and 
alternative procedures to the security program, if approved by TSA.
    \8\ 49 CFR 1544.101(h).
    \9\ 49 CFR 1544.101(b).
    \10\ 49 CFR 1544.101(f).
    \11\ 49 CFR 1544.101(d).
---------------------------------------------------------------------------

    The full program, the full all-cargo program, the partial program, 
the private charter program, and the twelve-five program aircraft 
operators all are covered under TSA regulations in 49 CFR part 1544. 
They all must hold FAA air carrier operating certificates or FAA 
operating certificates in accordance with the Federal Aviation 
Administration (FAA) regulations in 14 CFR part 119.\12\ They all 
engage in interstate common carriage or intrastate common carriage.\13\ 
TSA has also required certain operators not engaged in common carriage 
to hold and carry out security programs. Operators of aircraft with a 
MTOW of over 12,500 pounds must conduct operations in accordance with 
the FAA rules in 14 CFR part 125 (part 125 operators).\14\ By notice 
published in the Federal Register, TSA required these operators to 
carry out the twelve-five standard security program for operations in 
aircraft over 12,500 pounds but not over 45,500 kg, and to carry out 
the private charter standard security program for operations in 
aircraft over 45,500 kg.\15\ These part 125 operators conduct 
operations when common carriage is not involved. They may conduct 
operations for compensation or hire, however, and they may also conduct 
operations not for compensation or hire.\16\
---------------------------------------------------------------------------

    \12\ 49 CFR 1544.1.
    \13\ 49 U.S.C. 40102 and 14 CFR 119.21.
    \14\ 14 CFR 119.23.
    \15\ 69 FR 61516 (Oct. 19, 2004).
    \16\ 14 CFR 119.3 and 119.23. After TSA adopted the full all-
cargo program, it required part 125 operators in all-cargo 
operations using aircraft over 45,500 kg to have and carry out a 
full all-cargo program. See 71 FR 30478 (May 26, 2006).
---------------------------------------------------------------------------

    Finally, all civil aircraft must operate under FAA regulations 14 
CFR part 91, Air Traffic and General Operating Rules. These operators, 
when not also subject to another FAA regulation, such as part 119 or 
part 125, are often referred to in the industry as part 91 operators. 
TSA generally has not required such operators to carry out security 
measures.
    The main objectives of the proposed rule are: (1) To merge the 
partial, private charter and twelve-five programs into a large aircraft 
security program and to

[[Page 64793]]

expand its scope to include general aviation operators using aircraft 
with a MTOW of over 12,500 pounds; and (2) to enhance the security of 
these operations.

B. Current Security Programs for Large Aircraft

    Large aircraft are operated by a diverse group of air carriers, 
commercial operators, and GA operators. As stated above, to date, TSA 
has mandated security programs for the air carrier and commercial 
operator segments of the aviation industry including scheduled 
passenger operations, private charters, public charters, and all-cargo 
operations in large aircraft through the twelve-five program, the 
partial program, and the private charter program. With limited 
exceptions, TSA has not required security programs for large aircraft 
in general aviation.
    Large GA aircraft are most often operated by corporate entities, 
though some large GA aircraft are operated by individuals. Corporate 
aviation, with a population of approximately 10,000 operators flying 
15,000 aircraft, is largely unregulated for security purposes. Yet many 
of these aircraft are of the same size and weight of the air carriers 
and commercial operators that TSA regulates, and they could be used 
effectively to commit a terrorist act. Complicating the situation is 
the fact that many GA operators have the authorization to function 
under several different FAA regulations and operating certificates, 
which may require different TSA security programs or no TSA security 
program at all.
    TSA considered developing a new regulatory program to be used 
solely on GA aircraft and their potential security risks. This decision 
would have created yet another security program applicable to large 
aircraft operators. Instead of five separate security programs that 
would apply to large aircraft operators depending on the type of 
service they provide, TSA is proposing one security program that would 
apply to all large aircraft operators (except certain government 
operations) and would replace the current security programs for partial 
program operators, twelve-five program operators, and private charter 
operators. The LASP would establish a consistent set of regulations for 
air carriers and commercial operators, as well as GA operators using 
large aircraft. Indeed, LASP would provide large aircraft operators not 
covered under the full program, or the full all-cargo security program, 
with one set of regulations that would form the core of their security 
programs distinct to their operational and security needs.
    Table 1 below identifies the different types of large aircraft 
operators that currently are required to have a security program and 
the major security requirements for these operators. It also identifies 
the types of operators that would be subject to the new proposed LASP.

                                          Table 1--Standard Security Programs Applicable to Aircraft Operators
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                                                                    Would be using this
 An aircraft operator that operates                                                      Must have this      Currently using this    standard security
  this type of service, other than    In this size aircraft            And             program       standard security      program under the
             all-cargo                                                                                             program                  NPRM
--------------------------------------------------------------------------------------------------------------------------------------------------------
Scheduled passenger or public        61 or more passenger    ......................  Full Program Sec.      AOSSP................  No change.
 charter passenger *.                 seats.                                          1544.101(a)(1).
Scheduled passenger or public        60 or fewer passenger   It enplanes from, or    Full Program Sec.      AOSSP................  No change.
 charter passenger *.                 seats.                  deplanes into, an       1544.101(a)(2).
                                                              existing sterile area.
Scheduled passenger or public        31 or more but 60 or    It does not enplane     Partial Program Sec.   Partial Program        Proposed LASSP ****
 charter passenger *.                 fewer passenger seats.  from, or deplane         1544.101(b)(1).       Standard Security      with component for
                                                              into, an existing                              Program (PPSSP).       aircraft greater
                                                              sterile area.                                                         than 45,500 kg (if
                                                                                                                                    applicable).
Scheduled, public charter, or        More than 12,500        It does not enplane     Twelve-Five Program    Twelve-Five Standard   Proposed LASSP.
 private charter; passenger *.        pounds MTOW.            from, or deplane        Sec.   1544.101(d).    Security Program
                                                              into, an existing                              (TFSSP).
                                                              sterile area, and it
                                                              is not under a Full
                                                              Program or a Partial
                                                              Program.
Private charter *..................  Any size..............  It enplanes from, or    Private Charter        Private Charter        Proposed LASSP with
                                                              deplanes into, an       Program Sec.           Standard Security      component for
                                                              existing sterile area.  1544.101(f)(1)(i).     Program (PCSSP).       aircraft greater
                                                                                                                                    than 45,500 kg (if
                                                                                                                                    applicable) and
                                                                                                                                    alternative
                                                                                                                                    procedures for
                                                                                                                                    enplaning from or
                                                                                                                                    deplaning into an
                                                                                                                                    existing sterile
                                                                                                                                    area.
Private charter *..................  More than 45,500 kg,    It does not enplane     Private Charter        PCSSP................  Proposed LASSP with
                                      OR 61 or more           from, or deplane        Program Sec.                                  component for
                                      passenger seats.        into, an existing       1544.101(f)(1)(ii).                           aircraft greater
                                                              sterile area, and it                                                  than 45,500 kg.
                                                              is not a government
                                                              charter.
Under an FAA certificate issued      More than 45,500 kg     It is carrying          Sec.   1550.7; (69 FR  PCSSP................  Proposed LASSP with
 under 14 CFR part 125 **.            MTOW.                   passengers or           61516, 10/19/2004).                           component for
                                                              property for                                                          aircraft greater
                                                              compensation or hire                                                  than 45,500 kg or 61
                                                              and is not under                                                      or more seats.
                                                              another TSA security
                                                              program.

[[Page 64794]]

 
Under an FAA certificate issued      61 or more passenger    It is carrying          Sec.   1550.7; (69 FR  PCSSP................  Proposed LASSP with
 under 14 CFR part 125 **.            seats.                  passengers or           61516, 10/19/2004).                           component for
                                                              property for                                                          aircraft greater
                                                              compensation or hire                                                  than 45,500 kg or 61
                                                              and is not under                                                      or more seats.
                                                              another TSA security
                                                              program.
Under an FAA certificate issued      More than 45,500 kg     It is not carrying      Sec.   1550.7; (69 FR  PCSSP................  Proposed LASSP.
 under 14 CFR part 125 **.            MTOW.                   passengers or           61516, 10/19/2004).
                                                              property for
                                                              compensation or hire
                                                              and not under another
                                                              TSA security program.
Under an FAA certificate issued      61 or more passenger    It is not carrying      Sec.   1550.7; (69 FR  PCSSP................  Proposed LASSP.
 under 14 CFR part 125 **.            seats.                  passengers or           61516, 10/19/2004).
                                                              property for
                                                              compensation or hire
                                                              and not under another
                                                              TSA security program.
Under an FAA certificate issued      More than 12,500        It is not under         Sec.   1550.7........  TFSSP................  Proposed LASSP.
 under 14 CFR part 125 **.            pounds MTOW.            another TSA security
                                                              program.
Operating under 14 CFR part 91 only  More than 12,500        It enplanes from, or    General Aviation       No standard program..  Proposed LASSP with
 **.                                  pounds.                 deplanes into, an       Operations using a                            alternative
                                                              existing sterile area.  sterile area Sec.                             procedures for
                                                                                      1550.5.                                       enplaning from or
                                                                                                                                    deplaning into an
                                                                                                                                    existing sterile
                                                                                                                                    area.
Operating under 14 CFR part 91 only  12,500 pounds or less.  It enplanes from, or    General Aviation       No standard program..  No change.
 **.                                                          deplanes into, an       Operations using a
                                                              existing sterile area.  sterile area Sec.
                                                                                      1550.5.
Operating under 14 CFR part 91 only  More than 12,500        It is not under         Not required to have   Not required to have   Proposed LASSP.
 **.                                  pounds.                 another TSA security    a security program.    a security program.
                                                              program, and does not
                                                              enplane from or
                                                              deplane to an
                                                              existing sterile area.
Operating under 14 CFR part 91 only  12,500 pounds or less.  It is not under         Not required to have   Not required to have   No change.
 **.                                                          another TSA security    a security program.    a security program.
                                                              program, and does not
                                                              enplane from or
                                                              deplane to an
                                                              existing sterile area.
Passenger operations into and out    Any size..............  It is not under a Full  DCA Access Program     DCA Access Standard    No change.
 of Ronald Reagan Washington                                  Program.                part 1562.             Security Program
 National Airport (DCA) ***.                                                                                 (DASSP).
Other operations **................  Any size..............  Is not under any other  Limited program Sec.   No standard program..  No change.
                                                              required program but     1544.101(g).
                                                              aircraft operator
                                                              requests a security
                                                              program.
--------------------------------------------------------------------------------------------------------------------------------------------------------
* These aircraft operators are considered air carriers or commercial operators.
** These aircraft operators are considered general aviation.
*** May be air carriers, commercial operators, or general aviation operators.
**** After issuing the LASP final rule, TSA would develop and issue a standard security program to implement the LASP called the Large Aircraft Standard
  Security Program (LASSP).
 Cites in this column are to 49 CFR.


--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                                                                    Would be using this
An all-cargo aircraft operator that                                                      Must have this      Currently using this    standard security
   operates this type of service:     In this size aircraft            And             program       standard  security     program under the
                                                                                                 program                  NPRM
--------------------------------------------------------------------------------------------------------------------------------------------------------
All-cargo..........................  Greater than 45,500     Operating under a FAA   Full All-Cargo         Full All-Cargo         No change.
                                      kg, OR 61 or more       certificate issued      Program.               Aircraft Operator
                                      passenger seats.        under 14 CFR part 119  Sec.   1544.101(h)...   Standard Security
                                                              or 125.                                        Program (FACAOSSP).
 All-cargo.........................   Over 12,500 lbs but    ......................  Twelve-Five Program     TFSSP in all-cargo     LASSP with all-cargo
                                      not over 45,500 kg.                             in all-cargo           operations.            component.
                                                                                      operations.
                                                                                     Sec.   1544.101(d)...

[[Page 64795]]

 
 All-cargo under an FAA certificate   More than 45,500 kg..  ......................   FACAOSSP............   FACAOSSP +..........   No change.
 issued under 14 CFR part 125.
--------------------------------------------------------------------------------------------------------------------------------------------------------
 Cites in this column are to 49 CFR.
 All-cargo operations carry cargo and authorized persons, but no passengers.

    In developing the proposed rule, TSA analyzed the existing security 
programs to determine which security measures have been effective and 
would be appropriate for inclusion in the proposed LASP. The LASP would 
combine the essential elements of some of the current security programs 
into one consolidated and comprehensive program.
    In this rulemaking, TSA is also proposing to reorganize certain 
existing regulations in 49 CFR part 1544. Specifically, TSA has 
clarified the meaning of the rule, simplified the text, and harmonized 
regulations between the different industry populations. This 
reorganization may affect the currently regulated population in 
addition to the proposed newly regulated population. TSA is also 
proposing to reorganize certain sections in 49 CFR part 1544 to account 
for the proposed addition of the LASP. The reorganization would not 
make any substantive changes to the regulations.

C. Implementation and Compliance Schedule

    Based on industry data, TSA anticipates that this proposed rule 
would require approximately 10,000 aircraft operators and 315 airport 
operators, most of whom are not currently required to do so, to 
implement security programs. Due to the large number of aircraft 
operators and airport operators that would be required to implement 
security programs, TSA proposes using a phased approach in the 
implementation of the proposed rule. The proposed compliance schedule 
would allow for proper and adequate support and staffing within TSA and 
also would allow sufficient time for compliance on the part of the 
newly regulated aircraft operators and airport operators. Following 
issuance of a final rule, TSA would implement a communication plan 
commencing with a wide distribution of press releases, web-site 
postings, and industry association briefings and meetings. These 
briefings and meetings would communicate, educate, and confirm which 
operators would be affected by the final rule, what actions the 
aircraft operators and airport operators would be required to take to 
comply with the rule, and the time period within which the aircraft 
operator and airport operators would be required to submit their 
applications and other supporting documents. At that time, TSA would 
provide the process, procedures, and necessary forms to the aircraft 
operators and airport operators to enable the operators to apply for 
the large aircraft program, or the airport partial program, via a 
secure web-board.
    TSA's implementation schedule would divide the country into five 
areas, taking into account which areas of the country contain the 
largest affected populations of aircraft operators and airport 
operators. TSA anticipates six phases of compliance, targeting 
approximately 20 percent of the large aircraft operator and airport 
operators population that currently do not hold security programs in 
each of the first five phases. The sixth and final phase would include 
aircraft operators that currently hold a security program.\17\ The 
following timeline for compliance would start upon the effective date 
of the final rule, which would be 60 days after publication of the 
final rule in the Federal Register:
---------------------------------------------------------------------------

    \17\ There are no airport operators that currently hold a 
partial program.

Phase 1, Mid-Atlantic region--months 1-4 after the effective date of 
the final rule.
Phase 2, North-East region--months 5-8 after the effective date of the 
final rule.
Phase 3, Southern region--months 9-12 after the effective date of the 
final rule.
Phase 4, Mid-West region--months 13-16 after the effective date of the 
final rule.
Phase 5, Western region--months 17-20 after the effective date of the 
final rule.
Phase 6, Existing security program holders--months 21-24 after the 
effective date of the final rule.

    The phase in which a large aircraft operator would fall would be 
determined by where the aircraft is based. For large aircraft operators 
that have multiple bases for their aircraft, the phase would be 
determined by the location of the large aircraft operator's 
headquarters. We seek comment on this phased approach and on 
determining which phase would be applicable to each large aircraft 
operator based on the location of the aircraft or headquarters.

II. Major Elements in This NPRM

A. Major Requirements in the Proposed Large Aircraft Security Program

    To provide greater consistency across all large aircraft 
operations, the proposed regulation would create the Large Aircraft 
Standard Security Program (LASSP) to replace the current security 
programs for partial program operators, twelve-five program operators, 
and private charter program operators. The major requirements in this 
proposed rule are based on the requirements in the Twelve-Five and the 
Private Charter Security Programs.
    The proposed LASP provides a core security program for all large 
aircraft, irrespective of the FAA regulations under which they operate, 
whether they are air carriers, commercial operators, or GA. Beyond the 
core requirements for large aircraft with a MTOW of over 12,500 pounds, 
the proposed LASP would include a component for large aircraft with a 
MTOW of over 45,500 kilograms operated for compensation or hire. The 
following is a summary of the major security measures in the proposed 
LASP.
1. Proposed Core Requirements of the Large Aircraft Security Program in 
Sec.  1544.103(e)
    In TSA's experience, the current Twelve-Five Security Program has 
proven to be effective in safeguarding the operations of scheduled and 
charter operations in aircraft with MTOW of over 12,500 pounds without 
unduly burdening the aircraft operators. Accordingly, TSA would base 
the core requirements of the LASP on the Twelve-Five Security Program. 
The LASP, however, would include additional requirements that would

[[Page 64796]]

strengthen the existing security measures. Below is a discussion of the 
major requirements of the LASP.
Security Threat Assessment With Criminal History Records Check for 
Flight Crew Members
    Under the current security programs that apply to large aircraft 
operators, TSA requires aircraft operators to ensure that their flight 
crew members have undergone a fingerprint-based criminal history 
records check (CHRC). TSA views this as an important security measure 
that should apply to flight crew members of all large aircraft. Pilots 
are in control of the aircraft and other flight crew members are in the 
cockpit and could obtain control of the aircraft. Consequently, TSA 
proposes to require that large aircraft operators ensure that all of 
their flight crew members undergo a security threat assessment (STA) 
that includes a CHRC and other analyses, including checks of 
appropriate terrorist watch-lists and other databases. The list of 
disqualifying crimes of the CHRC would be the same as for the full and 
full all-cargo operations. 49 CFR 1544.229 and 1544.230.
    After TSA adopted the Twelve-Five Security Program requirements, it 
became clear that most operators of that size were not well-prepared to 
conduct adjudication of the CHRCs. Accordingly, while the twelve-five 
operators have been ensuring that their flight crew members submit 
their fingerprints, TSA has been adjudicating the criminal histories; 
that is, TSA reviews the history to determine whether the flight crew 
member has a disqualifying criminal offense. TSA is proposing to codify 
that practice and to charge a fee for the services. See the section-by-
section analysis for proposed part 1544, subpart G.
    TSA recognizes that a flight crew member may be contracted to work 
for more than one large aircraft operator. We seek comment on whether 
the STA should be transferable so that the flight crew member would 
need to undergo only one STA every five years, regardless of the number 
of employers the flight crew members may have within the five-year 
period. Potential employers would check the status of the flight crew 
member's STA through a mechanism required by TSA.
    TSA also is considering ways to positively identify pilots 
conducting both domestic and international flight operations and 
effectively link them to the aircraft they are operating. We seek 
comment and recommended methods for positively identifying pilots and 
effectively linking them to the aircraft they are operating.
Watch-List Matching of Passengers
    The Federal Government maintains a terrorist watch-list. The watch-
list, which includes the No Fly List and the Selectee List components 
of the Terrorist Screening Database maintained by the Terrorist 
Screening Center (TSC), is the basis for the pre-flight passenger 
watch-list matching currently conducted by certain aircraft operators. 
Watch-list matching of passengers on large aircraft is an important 
security measure, because it can prevent individuals who are believed 
to pose a risk from boarding a large aircraft and, potentially, gaining 
control of the aircraft, to use it as a weapon. TSA studies have shown 
that significant loss of lives and other damage could result from such 
an incident. Matching passenger information against the No Fly List 
component of the terrorist watch-list would identify individuals who, 
if permitted to board aircraft, may pose a threat to the aircraft and/
or persons on board. Matching passenger information against the 
Selectee List component of the terrorist watch-list also would identify 
individuals who may be potential threats and would allow TSA and/or the 
aircraft operators to take appropriate action, if necessary.
    Under the current watch-list matching process, TSA provides the No 
Fly and Selectee List to twelve-five, partial program, and private 
charter aircraft operators to enable them to conduct the watch-list 
matching. When an aircraft operator receives passenger information that 
is similar to, or the same as, a name on the No Fly or Selectee List, 
the aircraft operator is required to notify law enforcement personnel 
and TSA in order to determine whether that passenger is in fact the 
individual listed on the No Fly or Selectee List. The aircraft operator 
may not board a passenger until TSA has instructed the aircraft 
operator that the passenger is clear to board the aircraft.
    a. Removing watch-list from aircraft operators. Per Homeland 
Security Presidential Directive-16/National Security Presidential 
Directive-47, section 4012(a) of the Intelligence Reform and Terrorism 
Prevention Act,\18\ and in support of 9/11 commission recommendations, 
the U.S. government is in the process of assuming control over watch-
list matching in the aviation environment. TSA is concerned that 
providing the watch-list to approximately 10,000 large aircraft 
operators as part of the LASP program would increase the risk that the 
watch-list would be disseminated to unauthorized persons and that the 
watch-list would be misused and/or compromised. Since it is not 
possible to bring the watch-list matching function into the federal 
government in one step, TSA is considering ways to provide this list to 
a more limited set of holders while TSA considers the most effective 
method to assume the watch-list matching responsibility from all 
aircraft operators required to conduct watch-list matching through the 
Secure Flight program.
---------------------------------------------------------------------------

    \18\ Public Law 108-458, 118 Stat. 3638, Dec. 17, 2004; 49 
U.S.C. 44903 (j)(2).
---------------------------------------------------------------------------

    TSA recognizes that the Secure Flight program has not yet achieved 
the operational capability to conduct watch-list matching for general 
aviation, nor is such capability anticipated by the time TSA would 
require large general aviation and charter aircraft operators to 
implement the LASP. Therefore, TSA is proposing a solution for watch-
list matching in this NPRM for the time period in which the Secure 
Flight program does not have the capability to conduct watch-list 
matching for large aircraft passengers. If TSA is able to develop the 
capability for the Secure Flight program to conduct watch-list matching 
for large aircraft passengers, TSA may amend the scope of the Secure 
Flight program to include large aircraft operators in the final rule 
for this NPRM.\19\
---------------------------------------------------------------------------

    \19\ For example, proposed Sec.  1560.1(a) may be amended to 
include large aircraft operators. See Secure Flight NPRM, 72 FR at 
48387.
---------------------------------------------------------------------------

    b. Watch-list Service Providers. Under the proposed rule, TSA would 
not provide the No Fly List to large aircraft operators, which means 
that TSA would no longer provide the watch-list to the approximately 
800 aircraft operators now receiving it under the twelve-five program, 
partial program and private charter operators and would not begin 
providing it to the additional approximately 9,300 general aviation 
operators that would be under the LASP. Instead, TSA would provide the 
watch-list to watch-list service providers approved by TSA. Large 
aircraft operators would transmit their passenger information to these 
watch-list service providers, who would conduct the automated watch-
list matching function and transmit the results back to the large 
aircraft operators.
    TSA is proposing this approach for two reasons. First, this would 
greatly reduce the number of entities receiving the watch-list, thus 
reducing the risk that it would be disseminated to unauthorized persons 
or misused. Second, having a small number of watch-list service 
providers conduct watch-list matching in accordance with

[[Page 64797]]

TSA standards would result in greater consistency in the application of 
the watch-list matching function. These watch-list service providers 
will have been determined to have appropriate security, including 
Information Technology (IT) security and performance capabilities, to 
perform this important function in the interim. TSA invites comments on 
the role that watch-list service providers may continue to have if the 
responsibility for watch-list matching shifts to the U.S. Government in 
the future. For example, would watch-list service providers offer their 
services to consolidate passenger information from large aircraft 
operators and to transmit the passenger information to Secure Flight?
    While the watch-list service providers would perform the watch-list 
matching function, large aircraft operators would have several 
responsibilities under the proposed rule. Large aircraft operators 
would be responsible for all costs associated with watch-list matching, 
including any fee charged by the watch-list service providers.
    c. Compliance with CBP programs. Large aircraft operators would not 
be required to transmit passenger information to their watch-list 
service providers for any flight for which the large aircraft operator 
has submitted advance passenger information to U.S. Customs and Border 
Protection (CBP) under 19 CFR part 122. For passengers on flights in 
commercial aircraft, as defined in 19 CFR 122.1, the large aircraft 
operator are required to submit advance passenger information under 19 
CFR 122.49a and 122.75a and comply with the CBP boarding instruction 
regarding each passenger.
    TSA notes that CBP published a notice of proposed rulemaking, 
``Advance Information on Private Aircraft Arriving in and Departing 
from the United States,'' proposing to implement certain passenger 
manifest and advance passenger screening requirements for private 
aircraft departing foreign ports for U.S. destinations or departing the 
United States for foreign ports. Under the CBP proposed rule, a private 
aircraft, in contrast to a commercial aircraft,\20\ is generally any 
aircraft engaged in a personal or business flight to or from the United 
States that is not carrying passengers and/or cargo for commercial 
purposes.\21\ See 19 CFR 122.1(h). CBP's Advance Passenger Information 
System (APIS) requirements and proposed eAPIS requirements apply to 
both U.S.-operated and foreign-operated aircraft.
---------------------------------------------------------------------------

    \20\ 19 CFR 122.1(d) defines ``commercial aircraft'' as any 
aircraft transporting passengers and/or cargo for some payment or 
other consideration, including money or services rendered.
    \21\ 19 CFR 122.1(h) also defines a private aircraft as any 
aircraft leaving the United States carrying neither passengers nor 
cargo in order to lade passengers and/or cargo in a foreign area for 
commercial purposes; or returning to the United States carrying 
neither passengers nor cargo in ballast after leaving with 
passengers and/or cargo for commercial purposes.
---------------------------------------------------------------------------

    To avoid process redundancies, DHS would require operators and 
pilots of private large aircraft that would be subject to this TSA 
proposed rule and CBP's eAPIS private aircraft regulations to submit 
their passenger manifest to CBP only and not to watch-list service 
providers. TSA would deem U.S. operators of private large aircraft to 
be in compliance with the proposed rule's requirements to submit 
passenger information for watch-list matching for international flights 
if the pilot submits passenger information required under the proposed 
eAPIS regulations. See proposed 19 CFR 122.22.
    The TSA and CBP screening processes work in tandem for flights 
departing foreign ports destined for the United States and flights 
departing the United States for foreign destinations. If CBP grants the 
pilot landing rights under 19 CFR 122.49a, 122.75a, or 122.22, TSA 
would allow the large aircraft operator to permit all passengers, for 
whom the aircraft operator submitted advance passenger information to 
CBP, to board the aircraft. If CBP identifies a passenger as a selectee 
under 19 CFR 122.49a, 122.75a, or 122.22, TSA would allow the large 
aircraft operator to permit the passenger to board the aircraft, and 
TSA would require the large aircraft operator to comply with the 
procedures in its security program pertaining to passengers that are 
identified as selectees, as discussed in further detail below. If CBP 
identifies a passenger as ``not cleared'' under 19 CFR 122.49a, 
122.75a, or 122.22, TSA would not allow the large aircraft operator to 
permit the passenger to board the aircraft. CBP would instruct the 
large aircraft operator to contact TSA regarding the passenger who has 
been identified as ``not cleared'' for further resolution.
    d. Passenger information. This proposed rule would require large 
aircraft operators to request full name, gender, date of birth, and 
redress number \22\ (if available) from all passengers. TSA has 
determined that an individual's full name, gender, and date of birth 
are critically important for effective automated watch-list matching of 
that individual against those individuals on the watch-list.\23\ The 
full name is the primary attribute used to conduct watch-list matching 
and would be required for all passengers. Partial names would increase 
the likelihood of false positive matches, because partial names are 
more likely to match a number of different entries on the watch-list. 
As a result, this proposed rule would require individuals to provide 
their full names and would prohibit aircraft operators from boarding a 
passenger who does not provide a full name. Date of birth and gender 
would be optional for the passenger. This proposed requirement on 
passengers to provide the full name is consistent with TSA's proposal 
in the Secure Flight NPRM. In the Secure Flight NPRM, TSA proposes to 
require passengers on commercial flights operated by full program 
operators and foreign air carriers to provide their full name when they 
make a reservation for a flight. See proposed Sec.  1540.107(b) in the 
Secure Flight NPRM, 72 FR at 48386.
---------------------------------------------------------------------------

    \22\ The redress number is the number assigned by DHS to an 
individual processed through the redress procedures described in 49 
CFR part 1560, subpart C, as proposed in the Secure Flight NPRM.
    \23\ See Secure Flight NPRM, 72 FR at 48364.
---------------------------------------------------------------------------

    Many names do not indicate gender, because they can be used by 
either gender. Additionally, names not derived from the Latin alphabet, 
when transliterated into English, often do not denote gender. Providing 
information on gender will reduce the number of false positive watch-
list matches, because the information will distinguish persons who have 
the same or similar names but who are of a different gender. The date 
of birth is also helpful in distinguishing a passenger from an 
individual on a watch-list with the same or similar name, thereby 
reducing the number of false positive watch-list matches.
    This proposed rule would also require aircraft operators to request 
an individual's redress number, if available. DHS will assign this 
unique number to individuals who use the DHS Traveler Redress Inquiry 
Program (DHS TRIP), because they believe they have been incorrectly 
delayed or denied boarding. Individuals may be less likely to be 
delayed by false positive matches to the watch-list if they provide 
their redress number, if available.
    Under the proposed rule, individuals would not be compelled to 
provide their gender, date of birth, or redress number when requested 
by the aircraft operators. However, without this information, the 
watch-list service provider may be unable to perform effective 
automated watch-list matching and, as a result, the individuals may be 
more likely to be denied boarding, or under certain circumstances, be 
subject

[[Page 64798]]

to additional screening. TSA is considering whether to require all 
individuals to provide their gender and date of birth to assist in the 
watch-list matching and resolution process.
    The proposed rule would require large aircraft operators to 
transmit to the watch-list service provider the passengers' full names 
and also transmit the passengers' genders, dates of birth, and redress 
numbers, to the extent they are available. In addition, the proposed 
rule would require large aircraft operators to transmit certain 
information from an individual's passport (full name, passport number, 
country of issuance, expiration date, gender, and date of birth), if it 
is available and was provided to the aircraft operator. Based on TSA's 
experience in conducting security threat assessments that include 
watch-list matching, TSA has determined that passport information would 
help resolve possible false positive matches and make the watch-list 
matching process more accurate.
    TSA is not proposing a minimum time in advance of the flight that 
large aircraft operators would be required to submit passenger 
information to the watch-list service provider. TSA anticipates that 
the large aircraft operators would work with their service providers to 
establish a minimum time that the service provider would need to 
complete watch-list matching in advance of a flight. Nevertheless, TSA 
seeks comment on whether it should establish a minimum time for 
submission of passenger information to the service providers, what that 
minimum time should be, and the reasons supporting the suggested 
minimum time.
    Upon submission of the passenger information by the aircraft 
operator to the watch-list service provider, the service provider would 
conduct the automated vetting of the passenger information provided 
against the watch-list which is comprised of the No Fly and Selectee 
List components of the Terrorist Screening Database. The watch-list 
service provider would inform the aircraft operator of the results of 
the watch-list matching by transmitting instructions to the large 
aircraft operator for each passenger. The large aircraft operator would 
not be able to permit a passenger aboard an aircraft until the large 
aircraft operator receives the instructions from the watch-list service 
provider that would allow the aircraft operator to board the passenger. 
The large aircraft operator would be required to comply with the 
instructions.
    Upon submission of the passenger information by the aircraft 
operator to the watch-list service provider, the service provider would 
conduct the automated comparison using the passenger information 
provided. If an automated comparison indicates that the passenger is 
not a match to the watch-list, the service provider would instruct the 
aircraft operator that the passenger is cleared to board the aircraft. 
If the automated comparison using the passenger information identifies 
a potential match to the watch-list, the watch-list service provider 
would contact TSA for resolution of the potential match. TSA would 
coordinate with the TSC for resolution if necessary and would provide 
further instructions concerning the passenger to the service provider.
    If TSA cannot determine from the information provided by the watch-
list service provider whether the individual is a match to the watch-
list, it may be necessary for the passenger to provide additional 
information to resolve the possible match. In these instances, TSA 
would inform the watch-list service provider to instruct the large 
aircraft operator to contact TSA directly to resolve the possible match 
between the passenger and the watch-list record, and TSA would provide 
final instructions concerning the possible match and the passenger's 
status to the large aircraft operator.
    e. Aircraft operator procedures. TSA believes that it is important 
for large aircraft operators and their pilots, as the in-flight 
security coordinators, to know whether a passenger is identified as a 
selectee so they can make appropriate security decisions. If the 
passenger is identified as a selectee, TSA would allow the large 
aircraft operator to permit the passenger to board the aircraft. 
However, TSA would require the aircraft operator to comply with the 
procedures described in its security program pertaining to passengers 
identified as selectees. Although TSA would not require large aircraft 
operators to conduct screening of selectees and their accessible 
property on a normal basis, if warranted by security considerations, 
TSA may require some or all large aircraft operators to screen 
selectees and their accessible property. In this circumstance, TSA 
would coordinate with the large aircraft operators on the appropriate 
screening protocols.
    If the watch-list service provider instructs the large aircraft 
operator that a passenger must be denied boarding, the large aircraft 
operator would not be able to permit the passenger to board unless 
explicitly authorized by TSA.
    Additionally, if the aircraft operator becomes aware that any data 
element in the passenger information has changed, the large aircraft 
operator would be required to transmit to the watch-list service 
provider updated passenger information, which includes the full name, 
and if available, gender, date of birth, redress number, and passport 
information. If the large aircraft operator sends updated passenger 
information to the watch-list service provider for a passenger for whom 
the service provider has already transmitted instruction, the large 
aircraft operator would not be able to permit the passenger on board 
until the large aircraft operator receives updated instructions from 
the watch-list service provider. Any previous instruction regarding the 
passenger would be void; the large aircraft operator would be required 
to comply with any updated instruction from the service provider.
    f. Master passenger list. TSA recognizes that many large aircraft 
operators carry the same passengers on most or all of their flights and 
that it would be burdensome for the large aircraft operators to send 
the required information for the same individuals on each flight. 
Consequently, the proposed rule includes a provision for a master 
passenger list. Under this optional proposed provision, individuals on 
a master passenger list would be subject to continuous vetting of their 
names against the watch-list.\24\ TSA would not require large aircraft 
operators to transmit information on these passengers every time they 
are on a flight operated by the large aircraft operator. This master 
list would be applied for domestic flights only; CBP would require 
aircraft operators and their pilots to transmit advance passenger 
information to CBP for international flights departing from or arriving 
in the United States under CBP's eAPIS NPRM, and passengers would need 
to present their passports pursuant to CBP regulations.
---------------------------------------------------------------------------

    \24\ The proposed rule would define ``continuous vetting'' as 
the process in which the passenger's information is continuously 
matched against the most current watch-list.
---------------------------------------------------------------------------

    Prior to collecting passenger information from an individual to 
place that individual on a master passenger list, the large aircraft 
operator would be required to inform the individual that he or she 
would have the option of being placed on the master passenger list, to 
provide the individual with notice of the purpose and procedures 
related to a master passenger list, and to obtain from the individual a 
signed, written statement affirmatively

[[Page 64799]]

requesting that he or she be placed on a master passenger list. These 
requirements would ensure that individuals would be informed that their 
inclusion in a master passenger list would be voluntary and contingent 
upon their providing written consent and that a watch-list service 
provider would continuously maintain their passenger information and 
compare the information against the watch-list.
    In order to place an individual on the master passenger list, the 
large aircraft operator would be required to comply with the following: 
(1) Request and obtain the full name, gender, date of birth, redress 
number, and passport information of the individual; (2) transmit the 
passenger information and any updated passenger information to a watch-
list service provider and designate the individual for continuous 
vetting; (3) ensure that the watch-list service provider is responsible 
for continuous vetting for that individual at the time the individual 
boards an aircraft; (4) receive an instruction that the individual is 
cleared in response to the initial transmission of passenger 
information or transmission of updated passenger information; and (5) 
receive any instruction to prohibit the individual from boarding an 
aircraft.
    g. Aircraft operators under a full program. Under 49 CFR 
1544.101(a), TSA requires full program aircraft operators to conduct 
watch-list matching of their passengers under their security program. 
Some of the full program aircraft operators also operate flights under 
the other security programs in 49 CFR 1544.101. Many of these aircraft 
operators use the same system or process to conduct watch-list matching 
for their flights operated under their full security program, as well 
as flights operated under their other security programs. Under the 
proposed rule, TSA would require full program aircraft operators to 
transmit the passenger information for passengers on their flights 
operated under the LASP to watch-list service providers approved by TSA 
to conduct the watch-list matching on their behalf. TSA requests 
comment on whether full program aircraft operators should be permitted 
to conduct watch-list matching for passengers on flights operated under 
their LASP using the system or process that they use for flights 
operated under their full security program, including TSA's Secure 
Flight Program when it is available.
    h. Privacy notice and data retention. TSA would only receive 
passenger information if the watch-list service provider's automated 
vetting system identifies an individual as a potential match to the 
watch-list; this is much like the current practice where aircraft 
operators conduct watch-list matching pursuant to their security 
programs. TSA is considering requiring aircraft operators to provide a 
privacy notice to passengers in the LASP. Most LASP aircraft operators 
do not have a reservation system and are on-demand operations, such as 
charter, corporate, fractional, and recreational (friends and family) 
operations. LASP aircraft operators may find it challenging and 
burdensome to provide a privacy notice to their passengers when 
collecting the information. TSA is seeking comments on how a privacy 
notice could be provided during the collection of information while 
considering the feasibility, costs, and effectiveness of providing such 
notice. Should TSA require large aircraft operators to provide a 
privacy notice on web sites through which passenger service is offered, 
either on their own web site or through an internet travel web site 
that offers seats on charter flights, or via other means that would 
provide notice to passengers on aircraft operated by LASP operators?
    TSA is considering data and record retention requirements for 
records for watch-list service providers and large aircraft operators. 
TSA seeks comment on whether the proposed record retention for the 
Secure Flight Program should be applied to large aircraft operators and 
watch-list service providers to ensure that personally identifiable 
information is not retained for longer than necessary. As explained in 
the Secure Flight NPRM, TSA would retain passenger information for 
seven days for passengers that are cleared, seven years for passengers 
that have been identified as potential matches to the watch-list, and 
99 years for passengers who are confirmed matches to the watch-list 
under the Secure Flight Program.\25\ If TSA were to require a similar 
record retention schedule for records collected, transmitted, and 
received under proposed Sec.  1544.245 and part 1544, subpart F, large 
aircraft operators' watch-list service providers would retain and 
destroy passenger information and watch-list matching results in 
accordance to this schedule. TSA is also considering requiring large 
aircraft operators and watch-list service providers to retain passenger 
information for passengers who are cleared, for three years, to 
facilitate the audit that large aircraft operators would undergo every 
two years under proposed Sec.  1544.243 and compliance oversight.
---------------------------------------------------------------------------

    \25\ See Secure Flight NPRM, 72 FR at 48363.
---------------------------------------------------------------------------

    i. Secure Flight. As noted above, the long-term plan is for TSA to 
assume the watch-list matching responsibility from all aircraft 
operators required to conduct watch-list matching and to conduct the 
watch-list matching through the Secure Flight Program. Under the 
current stage of Secure Flight development, Secure Flight will not have 
the capability to conduct watch-list matching for large aircraft 
operators for several years.
    Under the Secure Flight NPRM, TSA would assume the watch-list 
matching only for full program operators and certain foreign air 
carriers. If the Secure Flight Program is capable of assuming the 
watch-list matching responsibility from large aircraft operators when 
TSA would require implementation of the LASP, TSA may amend the scope 
of the Secure Flight regulations to include large aircraft operators in 
the final rule for this NPRM.
    Under the Secure Flight Program, TSA may require large aircraft 
operators to collect and transmit the same data elements, called Secure 
Flight Passenger Data (SFPD), to TSA for all passengers that full 
program operators must collect and transmit for their passengers. 
Although, in the Secure Flight NPRM, TSA did not propose to cover the 
large aircraft population in the Secure Flight Program, TSA is 
proposing, in this LASP NPRM, to align the LASP passenger information 
requirements with those of the Secure Flight Program. Consequently, the 
passenger information requirement in proposed Sec.  1544.245 of this 
LASP NPRM is similar to proposed Sec.  1560.101 in the Secure Flight 
NPRM.\26\ TSA's intent is to align the data requirements of LASP and 
the Secure Flight Program, so that they match when the final rules are 
implemented.
---------------------------------------------------------------------------

    \26\ 72 FR at 48388.
---------------------------------------------------------------------------

    The methods for transmitting SFPD to TSA would be described in the 
standard security program for large aircraft operators. Possible 
methods of transmission may include a direct connection to TSA, similar 
to the connection that some full program operators will establish, and 
an internet-based application. Similar to the requirements proposed for 
the watch-list service provider, large aircraft operators would not be 
able to board passengers until they received boarding instructions from 
TSA. TSA would also require large aircraft operators to comply with the 
boarding instructions. TSA would transmit the boarding instructions 
after conducting the watch-list matching of the passengers.

[[Page 64800]]

    TSA has determined that watch-list matching of passengers on large 
aircraft is an important security measure, because it can prevent 
individuals who are believed to pose a risk from boarding a large 
aircraft and, potentially, gaining control of the aircraft, to use it 
as a weapon or to cause harm to aviation or national security. Such 
considerations extend beyond the simple use of aircraft as missiles, 
but also include aircraft as delivery vectors for other catastrophic 
payloads (e.g., chemical, biological, radiological or nuclear 
materials). Given the security concerns, TSA believes a reliable 
mechanism for watch-list matching for large aircraft must be 
operational without undue delay. The watch-list matching service 
providers would provide the needed security and do so in a timely 
fashion. While the Secure Flight Program would also provide a reliable 
mechanism, its ability to absorb the watch-list matching function for 
the large aircraft population is likely to be several years away, and 
it is likely that it would not be available to address this important 
security need when TSA would be ready to implement the LASP. Thus, TSA 
believes that the using the watch-list service providers will be the 
more viable security solution for watch-list matching when TSA is ready 
to implement the LASP.
    While TSA anticipates that Secure Flight would be the long-term 
mechanism for conducting watch-list matching of passengers, TSA seeks 
comments on whether the watch-list matching service providers should 
serve as part of the long-term solution to large aircraft watch-list 
matching, such as by gathering the passenger information from the 
aircraft operators and submitting it to TSA for watch-list matching, 
then receiving the results from TSA. One possible advantage of the 
watch-list service providers may be that the master passenger list 
system developed by these providers would remain undisturbed, a 
convenience for passengers on those lists and the large aircraft 
operators. Additionally, TSA seeks comment on whether maintaining the 
watch-list matching service providers may reduce the costs associated 
with a transition to the Secure Flight Program. There may also be 
benefit to TSA in limiting the number of different entities to which 
the Secure Flight program would maintain direct links, requiring only 
links with the watch-list service providers, not all large aircraft 
operators.
Audit Requirement
    Due to the large size and widely-dispersed geographical locations 
of the aircraft operator population that would be subject to this 
proposed rule, TSA would need an effective mechanism to verify large 
aircraft operators' compliance with the large aircraft program. While 
TSA intends to develop a compliance program for, and conduct 
inspections of, large aircraft operators, it is not possible for TSA to 
visit approximately 10,000 large aircraft operators on a regular basis.
    TSA proposes the use of TSA-approved third-party auditors. These 
TSA-approved third-party auditors would support existing TSA resources 
and would enhance compliance with TSA regulations and the aircraft 
operator's security program. Auditors would conduct audits of large 
aircraft operators for their compliance with their security program and 
TSA regulations. The auditors would submit their findings in the manner 
and form prescribed by TSA. Auditors' reports would assist TSA 
inspectors in the conduct of compliance inspections as necessary. TSA 
would use the third-party auditors' reports as one tool in establishing 
inspection priorities. The audits would also assist large aircraft 
operators in assessing the security measures in place for their own 
aircraft.
    TSA proposes to require large aircraft operators to contract with 
TSA-approved auditors to conduct a biennial audit of their compliance 
with TSA regulations and their security programs. Large aircraft 
operators would initially undergo an audit within 60 days of TSA's 
approval of the large aircraft operators' security program and then 
every two years thereafter. Large aircraft operators would also be 
required to provide auditors access to their records, equipment, and 
facilities necessary for the auditor to conduct an audit. The aircraft 
operators would receive a copy of the audit report and would be 
provided an opportunity to submit comments on the audit report to TSA.
    In this NPRM, TSA is proposing that large aircraft operators may 
select any TSA-approved auditor to perform the audit function. However, 
TSA is considering instituting a system that would assign auditors to 
large aircraft operators on a random basis in order to assure overall 
consistency of the auditing program, thereby enhancing security. TSA 
seeks comment on whether to include a system of assigning auditors in 
the final rule and on methods of doing so.
    As stated above, many full program aircraft operators also operate 
flights under the private charter program. TSA routinely conducts 
inspections of full program aircraft operators, and these inspections 
include any private charter operations the aircraft operators may have. 
Given these TSA inspections, TSA requests comment on whether it is 
necessary to require full program aircraft operators that also operate 
flights under a LASP to contract with a third party auditor to conduct 
a biennial audit of their operations for compliance with their security 
program and TSA regulations.
Unauthorized Persons and Accessible Weapons on Board Large Aircraft
    TSA would require large aircraft operators to apply security 
measures in their security program to prevent or deter the carriage of 
unauthorized persons and unauthorized weapons, explosives, 
incendiaries, and other destructive substances or items on board a 
large aircraft. This proposed security measure is designed to prevent 
unauthorized persons, such as a stowaway, or accessible weapons, from 
being placed in a large aircraft. Under the proposed security measure, 
the large aircraft operator would check for weapons and check any 
container, cargo, or company material that may be used to hide a 
stowaway, or explosives, incendiaries, or other destructive substances 
or items. The security program would describe the method for conducting 
the checks, such as visual inspection of the exterior of the persons or 
containers of certain sizes and weights, with further evaluation if 
necessary. This proposed rule would only apply to property that may be 
accessible to the cabin of the aircraft. For example, if the property 
is stowed in a cargo hold that would not allow access to the cabin of 
the aircraft, then that property would be exempt from inspection.
    For purposes of screening passengers on air carrier flights under a 
full program, TSA considers weapons to include items on its prohibited 
items list, which is posted on TSA's Web site at http://www.tsa.gov. 
This list includes, among other things, guns, firearms, and certain 
sharp objects or tools such as knives, including steak knives and 
pocket knives. TSA is proposing to require large aircraft operators to 
adopt and carry out procedures to prevent passengers from carrying 
prohibited items onto the aircraft. We understand, however, that large 
aircraft operators currently not subject to a TSA security program \27\ 
may have special circumstances that should be considered. TSA seeks 
comment on the following issues: First, for large aircraft

[[Page 64801]]

operators that are not carrying persons or property for compensation or 
hire, should ``weapons'' be limited to guns and firearms? Further, 
should there be a different requirement depending on whether the 
aircraft has a MTOW of 45,500 kg or less or more than 45,500 kg?
---------------------------------------------------------------------------

    \27\ Private charters and twelve-five operators currently must 
ensure there are no prohibited items accessible in the cabin.
---------------------------------------------------------------------------

    TSA understands that a significant portion of the large aircraft 
population may not have inaccessible cargo hold compartments, but may 
have a need to transport weapons, such as when transporting hunters. 
Therefore, TSA proposes that weapons may be stored in a cargo hold, if 
the aircraft has such a cargo hold, or may be stored in a locked box in 
the cabin under the direct control of the in-flight security 
coordinator. In these instances, the weapons would be considered 
inaccessible to the persons on board.
Additional Requirements
    The LASP would also include the following requirements: designation 
of Aircraft Operator Security Coordinators, Ground Security 
Coordinators, and In-Flight Security Coordinators; regulations 
concerning law enforcement personnel; the carriage of TSA Federal Air 
Marshals (FAMs) onboard an aircraft; the aviation security contingency 
plan; and procedures for handling bomb and air piracy threats. These 
proposed requirements are discussed in further detail in the Section-
by-Section Analysis portion of the preamble.
    The economic analysis for this NPRM suggests that the aircraft 
operator security coordinator requirement is the highest-cost measure 
in this proposed rule, and TSA invites comment on whether there is a 
more cost-effective means of meeting the same or substantially similar 
security goals as detailed herein. Although our preliminary view is 
that the benefits of the security coordinator requirements as proposed 
justify their costs, we are interested in comment on alternatives. Is 
there a current industry practice that could provide a suitable 
alternative? Should certain general aviation operators be exempted from 
the requirements or portions of the requirements? Are there operational 
limitations that prevent aircraft operators from designating security 
coordinators for multiple flight segments? TSA also invites comments on 
the use of a single individual for multiple security coordinator roles. 
Comments that specifically address the costs and benefits of 
alternatives to the security coordinator requirements would be welcome.
2. Aircraft of MTOW Over 45,500 kg or With a Passenger Seating 
Configuration of 61 Seats or More Operated for Compensation or Hire
    TSA has determined that aircraft over 45,500 kilograms or with a 
passenger seating configuration of 61 seats or more operated for 
compensation or hire should be subject to increased security 
requirements. The current private charter program, which applies to 
aircraft of this size and weight, includes more security measures than 
the current twelve-five program. Part 125 (14 CFR) operators using this 
size aircraft also currently must comply with the private charter 
program. This approach is supported by the International Civil Aviation 
Organization (ICAO), which requires that aircraft of more than 60 
passengers, or with a MTOW of over 45,500 kilograms, be regulated and 
protected from intrusion and ballistic threats.
    Although the private charter program would be merged into the large 
aircraft program, TSA believes that maintaining a higher level of 
security for aircraft over 45,500 kilograms, or with a passenger 
seating configuration of 61 seats or more, operated for compensation or 
hire would be an important security measure. Thus, for these aircraft, 
the proposed rule would continue the requirements now in the Private 
Charter Program for the operators to inspect passengers and their 
property and to perform CHRCs on their employees who conduct screening.
3. All-Cargo Operations
    TSA recently issued a final rule regarding air cargo security, 
including all-cargo operations in an aircraft with a MTOW over 12,500 
pounds. See Final Rule for Air Cargo Security Requirements, 71 FR 30478 
(May 26, 2006).\28\ Because cargo security remains an important part of 
aviation security, TSA proposes to retain the requirements for all-
cargo operations in the LASP. Consequently, large aircraft all-cargo 
operations would be required to comply with the cargo requirements in 
49 CFR 1544.202 and 1544.205(a), (b), (d), and (f) in addition to the 
core requirements of the LASP.
---------------------------------------------------------------------------

    \28\ The effective date of the final rule was Oct. 23, 2006.
---------------------------------------------------------------------------

    The large aircraft all-cargo program would replace the existing 
Twelve-Five All-Cargo Program. Current aircraft operators that are 
subject to the Twelve-Five All-Cargo Program would be subject to the 
proposed requirements for large aircraft in all-cargo operations. 
Additionally, 14 CFR part 125 operators in all-cargo operations, which 
currently are required to comply with the Twelve-Five All-Cargo 
Program, would also be subject to Sec.  1544.202.
    All-cargo operations with an aircraft with an MTOW of over 45,500 
kilograms currently must use the full all-cargo program and this would 
be reflected in the rule.
4. Sensitive Security Information
    Protection of Sensitive Security Information (SSI), as codified at 
49 CFR part 1520, would apply to each aircraft operator operating under 
the large aircraft program. Airport and aircraft operator security 
programs and related amendments, Security Directives and Information 
Circulars, technical specifications of security screening and detection 
systems and devices, among other types of information, constitute SSI 
under current 1520.5 and are prohibited from public disclosure. Watch-
list service providers' instructions to the large aircraft operators 
would also be SSI. The SSI regulations would apply to LASPs as well.
    Access to SSI is strictly limited to those covered persons with a 
need to know, as defined in 49 CFR 1520.7 and 1520.11. In general, a 
person has a need to know specific SSI when he or she requires access 
to the information to carry out transportation security activities that 
are government-approved, -accepted, -funded, -recommended, or -
directed, including for purposes of training on, and supervision of, 
such activities or to provide legal or technical advice to airport 
operators, aircraft operators or their employees regarding security-
related requirements. Accordingly, the protection of SSI would apply to 
each large aircraft operator operating under a security program 
pursuant to 1544.101(b).
5. Existing and Proposed Requirements for Large Aircraft
    Table 2 below illustrates the requirements for large aircraft 
operators and whether these requirements would be new or modified for 
current holders of security programs. The table indicates how the 
proposed rule would affect the current large aircraft operators. The 
first column describes the proposed content requirements for the LASP. 
The remaining five columns list five types of aircraft operators that 
would be required to adopt and implement the large aircraft security 
program under the proposed rule. The table indicates whether each type 
of aircraft operator is currently required to comply with each content 
requirement of the proposed LASP or whether the proposed content 
requirement is a new requirement for

[[Page 64802]]

the aircraft operator. Additionally, as part of this rule, TSA would 
modify some of the content requirements for the current Twelve-Five 
Security Program and the Private Charter Security Program. The table 
also indicates existing requirements that would be modified under the 
proposed rule.
    Table 3 compares the proposed large aircraft program with the Full 
Program and the Full All-Cargo Program.

                                                   Table 2--Regulatory Requirements for Large Aircraft
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                                             Scheduled or charter
                                      Scheduled or charter                              Private charters        operations in          Large aircraft
    Description of proposed LASP     operations required to   All-cargo operations     required to have a    aircraft with 31-60       operators not
            requirement                have a twelve-five      required to have a       private charter       seats required to    currently required to
                                             program           twelve-five program          program             have a partial        have a security
                                                                                                                   program                program
--------------------------------------------------------------------------------------------------------------------------------------------------------
Acceptance & screening of            Does not apply........  Does not apply........  Currently applies and  Does not apply.......  Does not apply.
 individuals and accessible                                                           would continue.
 property (Sec.   1544.201).
Acceptance and screening of cargo    Does not apply........  Currently applies and   Does not apply.......  Does not apply.......  Does not apply.
 (Sec.   1544.205).                                           would continue.
Persons and property on board a      New requirement.......  Does not apply........  New requirement......  New requirement......  New requirement.
 large aircraft (Sec.   1544.206).
Screening of individuals and         Does not apply........  Does not apply........  Currently applies and  Does not apply.......  Does not apply.
 property (Sec.   1544.207).                                                          would continue.
Required to have security            Currently applies and   Currently applies and   Currently applies and  Currently applies and  New requirement.
 coordinators (Sec.   1544.215).      would continue.         would continue.         would continue.        would continue.
Provision of law enforcement         Currently applies and   Currently applies and   Currently applies and  Currently applies and  New requirement.
 personnel at airports serving the    would continue.         would continue.         would continue.        would continue.
 aircraft operators (Sec.
 1544.217).
Carriage of accessible weapons on    Currently applies and   Currently applies and   Currently applies and  Currently applies and  New requirement.
 board aircraft (Sec.   1544.219).    would continue.         would continue.         would continue.        would continue.
Requirement to transport FAMs (Sec.  Currently applies;      Currently applies;      New requirement......  Currently applies;     New requirement.
   1544.223).                         would be modified.      would be modified.                             would be modified.
Provide for security of aircraft     New requirement.......  New requirement.......  Currently applies and  New requirement......  New requirement.
 and facilities (Sec.   1544.225).                                                    would continue.
Security training for security       New requirement.......  New requirement.......  Currently applies and  New requirement......  New requirement.
 coordinators and crew (Sec.                                                          would continue.
 1544.233).
Training Program--Individual         Currently applies and   Currently applies and   Currently applies and  Currently applies and  New requirement.
 security-related duties (Sec.        would continue.         would continue.         would continue.        would continue.
 1544.235).
Program to permit passengers to      New requirement.......  New requirement.......  New requirement......  New requirement......  New requirement.
 provide volunteer emergency
 services (Sec.   1544.241).
Required to undergo third-party      New requirement.......  New requirement.......  New requirement......  New requirement......  New requirement.
 audits (Sec.   1544.243).
Required to send flight manifest to  New requirement.......  New requirement.......  New requirement......  New requirement......  New requirement.
 approved vendor for watch-list
 matching of passengers (Sec.
 1544.245).
Security threat assessment with      New requirement.......  New requirement.......  New requirement......  New requirement......  New requirement.
 criminal history records check for
 flight crew (part 1544, subpart G).
Develop and implement contingency    Currently applies and   Currently applies and   Currently applies and  Currently applies and  New requirement.
 plan in response to threats (Sec.    would continue.         would continue.         would continue.        would continue.
 Sec.   1544.301(a) & (b)).
Bomb and hijacking threats (Sec.     Currently applies and   Currently applies and   Currently applies and  Currently applies and  New requirement.
 1544.303).                           would continue.         would continue.         would continue.        would continue.
Comply with security directives and  Currently applies and   Currently applies and   Currently applies and  Currently applies and  New requirement.
 information circulars (Sec.          would continue.         would continue.         would continue.        would continue.
 1544.305).
--------------------------------------------------------------------------------------------------------------------------------------------------------


[[Page 64803]]


                           Table 3--Comparison of Aircraft Operator Security Programs
----------------------------------------------------------------------------------------------------------------
                                                                                                  Proposed large
                                                                 Full program    Full all-cargo      aircraft
             Description of security requirement                  operators         program          program
                                                                                   operators        operators
----------------------------------------------------------------------------------------------------------------
Acceptance & screening of individuals and accessible property               X   ...............               X
 (Sec.   1544.201)...........................................
Screening of individuals and property (watch-list &            ...............               X                X
 accessible weapons) (Sec.   1544.202).......................
Acceptance and screening of checked baggage (Sec.   1544.203)               X   ...............  ...............
Acceptance and screening of cargo and accessible property                   X                X                X
 (Sec.   1544.205)...........................................
Check property on board (Sec.   1544.206)....................  ...............  ...............               X
Screening of individuals and property (Sec.   1544.207)......               X                X                X
Use of metal detection devices (Sec.   1544.209).............               X                X   ...............
Use of X-ray systems (Sec.   1544.211).......................               X                X   ...............
Use of explosives detection systems (Sec.   1544.213)........               X   ...............  ...............
Required to have security coordinators (Sec.   1544.215).....               X                X                X
Provision for law enforcement personnel at airports serving                 X                X                X
 the aircraft operators (Sec.   1544.217)....................
Carriage of accessible weapons on board aircraft (Sec.                      X                X                X
 1544.219)...................................................
Carriage of prisoners under the control of armed law                        X   ...............  ...............
 enforcement officers (Sec.   1544.221)......................
Requirement to transport FAMs (Sec.   1544.223)..............               X                X                X
Provide for security of aircraft and facilities (Sec.                       X                X                X
 1544.225)...................................................
Exclusive area agreements (Sec.   1544.227)..................               X                X   ...............
Access to cargo and security threat assessments for cargo                   X                X   ...............
 personnel in the United States (Sec.   1544.228)............
CHRC: Unescorted access to SIDA, screening, baggage/cargo                   X                X   ...............
 checks (Sec.   1544.229)....................................
CHRC: Flight crew members (Sec.   1544.230)..................               X                X   ...............
Airport-approved and exclusive area personnel identification                X                X   ...............
 systems (Sec.   1544.231)...................................
Security training for security coordinators and crew (Sec.                  X                X                X
 1544.233)...................................................
Training Program--Individual security-related duties (Sec.                  X                X                X
 1544.235)...................................................
Flight deck privileges (Sec.   1544.237).....................               X                X   ...............
Program to permit passengers to provide volunteer emergency                 X   ...............               X
 services (Sec.   1544.241)..................................
Required to undergo third-party audits (Sec.   1544.243).....  ...............  ...............               X
Required to send flight manifest to approved vendor for watch- ...............  ...............               X
 list matching of passengers (Sec.   1544.245)...............
Security threat assessment with criminal history records       ...............  ...............               X
 check for flight crew, individuals authorized to perform
 screening functions, applicants to become TSA-approved
 auditors, and watch-list service provider cover personnel
 (Part 1544, subpart G)......................................
Develop and implement contingency plan in response to threats               X                X                X
 (Sec.   1544.301)...........................................
Bomb and hijacking threats (Sec.   1544.303).................               X                X                X
Comply with security directives and information circulars                   X                X                X
 (Sec.   1544.305)...........................................
----------------------------------------------------------------------------------------------------------------

B. Proposed Requirements for Certain Airports

    Currently, the regulations extend airport security program 
requirements to airports that regularly serve aircraft operations using 
full programs, partial programs, private charter programs, and 
corresponding foreign air carriers.\29\ These regulations for airport 
operators provide for the safety and security of persons and property 
on an aircraft operating in air transportation against an act of 
criminal violence and aircraft piracy. An enhanced security environment 
at the airports where large aircraft operate would support enhanced 
security for the large aircraft. Thus, as part of the proposal to 
provide security for large aircraft through a large aircraft program 
for aircraft operators, TSA also proposes to require certain airports 
that serve large aircraft to adopt a security program.
---------------------------------------------------------------------------

    \29\ 49 CFR 1544.101(a), (b), and (f), and 1546.101(a), (b), 
(c), and (d). However, there are no airports that currently hold a 
security program because they regularly serve an aircraft operator 
holding a partial program or a private charter program, or their 
foreign air carrier equivalent.
---------------------------------------------------------------------------

    There are thousands of GA airports that serve large aircraft. TSA 
considered the heavy burden involved for all these airports to adopt a 
security program. Many are very small and may have limited resources 
and limited large aircraft activity. TSA proposes to require two types 
of airports to hold a security program because of the type of service 
they provide.
    The first type of airport that would be required to hold a partial 
program is a GA airport that is designated as a ``reliever'' airport by 
the Secretary of Transportation, as defined in 49 U.S.C. 47102(22). 
These airports perform the function of relieving congestion at a 
commercial service airport by diverting GA from the commercial services 
airport to the reliever airport and provide more GA access to the 
overall community. Reliever airports are generally near metropolitan 
areas and thus serve and are close to large populations--thus the need 
for greater security at these airports.
    The second type of airport is an airport that regularly serves 
scheduled or public charter operations in large aircraft. These 
operations have fare-paying passengers on a regular basis. TSA proposes 
to require these airports to adopt the partial program. This program 
would provide a basic level of security enhancement to compliment and 
support the security measures that TSA would require large aircraft 
operators to adopt and implement.
    Table 4 below illustrates how the proposed rule would affect the 
various types of airports. Table 5 compares the three types of airport 
security programs--complete program, supporting program, and partial 
program. TSA believes that the requirements of the partial program for 
airport operators would not be burdensome for reliever airports, and 
airports that regularly serve scheduled or public charter operations, 
to adopt and carry out. TSA also believes that the requirement for 
these airports to implement security programs will not place a 
significant burden on local law

[[Page 64804]]

enforcement agencies, because TSA expects that there will be few 
incidents requiring law enforcement response at these airports.

                                   Table 4--Airport Operator Security Programs
----------------------------------------------------------------------------------------------------------------
                                        Current: If it regularly serves
 An airport operator must have this     aircraft operations under these      Proposed: If it meets the following
              program                     security programs in 49 CFR                     criteria:
----------------------------------------------------------------------------------------------------------------
Complete program Sec.   1542.101(a)  full program under Sec.                No change.
                                      1544.101(a)(1); or foreign air
                                      carrier program under Sec.
                                      1546.101(a).
Supporting program Sec.              full program under Sec.                Regularly serves full program
 1542.101(b).                         1544.101(a)(2); or.                    aircraft operator under Sec.
                                                                             1544.101(a)(2) (no change); or
                                     private charter program under Sec.     Regularly serves foreign air carrier
                                      1544.101(f); or.                       aircraft operator program under
                                                                             Sec.   1546.101(b) (no change); or
                                     foreign air carrier program under      Regularly serves foreign air carrier
                                      Sec.   1546.101(c).                    under Sec.   1546.101(c) (no
                                                                             change).
Partial program Sec.   1542.101(c).  partial program under Sec.             Regularly serves large aircraft
                                      1544.101(b); or.                       operator in scheduled or public
                                                                             charter passenger operations under
                                                                             Sec.   1544.101(b); or
                                     foreign air carrier program under      Is a reliever airport.
                                      Sec.   1546.101(d).
None required *....................  twelve-five program under Sec.         Large aircraft not described above.
                                      1544.101(d).
None required *....................  limited program under Sec.             No change.
                                      1544.101(g).
None required *....................  full all-cargo program under Sec.      No change.
                                      1544.101(h).
----------------------------------------------------------------------------------------------------------------
* TSA may enter airports to inspect an aircraft operator that is operating under a part 1544 or 1546 security
  program. 49 CFR 1542.5(e).


            Table 5--Comparison of Airport Security Programs
------------------------------------------------------------------------
    Description of security       Complete     Supporting      Partial
          requirement              program       program       program
------------------------------------------------------------------------
Designate Airport Security                X             X             X
 Coordinator (Sec.   1542.3)..
Description of secured areas              X   ............  ............
 of the airport...............
Description of the Airport                X   ............  ............
 Operations Area..............
Description of the Security               X   ............  ............
 Identification Display Area
 (SIDA).......................
Description of the sterile                X   ............  ............
 area.........................
Criminal history records check            X   ............  ............
 of airport operator, airport
 user, individuals with
 unescorted access to a SIDA,
 and individuals seeking
 unescorted access authority..
Description of personnel                  X   ............  ............
 identification systems (Sec.
  1542.211)...................
Escort procedures (Sec.                   X   ............  ............
 1542.211(e)).................
Challenge procedures (Sec.                X   ............  ............
 1542.211(d)).................
Training program for                      X   ............  ............
 individuals performing
 security-related functions
 for the airport operator
 (Sec.   1542.213)............
Training program for law                  X             X             X
 enforcement personnel (Sec.
 1542.217(c)(2)...............
Description of law enforcement            X             X             X
 support......................
System for maintaining records            X             X             X
 (Sec.   1542.221)............
Procedures and description of             X   ............  ............
 facilities and equipment used
 to support TSA inspection of
 individuals, property, and
 aircraft operator and foreign
 air carrier screening
 functions....................
Contingency plan (Sec.                    X             X   ............
 1542.301)....................
Procedures for the                        X             X             X
 distribution, storage, and
 disposal of Sensitive
 Security Information
 (including security program,
 Security Directives,
 Information Circulars, and
 implementing instructions),
 and, as appropriate,
 classified information.......
Procedures for posting of                 X             X             X
 public advisories (Sec.
 1542.305))...................
Incident management procedures            X             X             X
 (Sec.   1542.307)............
Alternate security procedures,            X   ............  ............
 if any, that the airport
 intends to use in the event
 of natural disasters, and
 other emergency and unusual
 conditions...................
Exclusive area agreement (Sec.            X   ............  ............
   1542.111)..................
Airport tenant security                   X   ............  ............
 program (Sec.   1542.113)....
------------------------------------------------------------------------

    In addition to the two types of airports in the proposed rule text, 
TSA requests comments on whether other types of airports should also be 
required to adopt a security program, such as the partial program. For 
example, should TSA require airports that regularly serve aircraft used 
in private charter operations-aircraft with MTOW of over 45,500 
kilograms or a passenger seating configuration of 61 or more seats--to 
adopt a partial program? If TSA were to adopt such an approach, how 
should TSA determine whether an airport ``regularly serves'' a large 
aircraft with MTOW of over 45,500 kilograms or a passenger seat 
configuration of 61 or more seats? Should TSA require airports that 
serve any large aircraft with MTOW of over 45,500 kilograms or a 
passenger seat configuration of 61 or more seats to adopt a partial 
program, regardless of frequency?
    In addition to the proposed amendments to Sec.  1542.101(b) and 
(c), TSA is seeking comments on whether the content requirements of the 
partial program and the supporting program should be amended. For 
example, TSA is considering whether it should require airport security 
coordinators at locations with partial programs to undergo the same 
security training that airport security coordinators at locations with 
a supporting or complete program under Sec.  1542.3 undergo or whether 
a shorter training program would be appropriate.
    TSA is also considering whether airport operators should be 
required to

[[Page 64805]]

undertake a risk-based self assessment of their security programs. The 
``TSA Information Publication (A-001), Security Guidelines for General 
Aviation,'' includes the Airport Characteristic Measurement Tool, which 
lists the most significant airport characteristics that can potentially 
affect a facility's security posture.
    TSA may develop a computer based training, available online or in a 
DVD format, which incorporates GA security awareness, elements of the 
existing ``TSA Information Publication (A-001), Security Guidelines for 
General Aviation Airports,'' and industry best practices. Airport 
operators may be able to use this training and accompanying self-
assessment tool to fulfill a risk-based self assessment should TSA 
decide to include it as part of the partial program.

C. Passenger Checking Against the Watch-List

    As discussed above in section II.A of the preamble, the proposed 
rule would require large aircraft operators to transmit passenger 
information to third-party entities called watch-list service providers 
to conduct watch-list matching of their passengers. Because watch-list 
service providers would perform an important security function, TSA is 
proposing to require potential watch-list service providers to obtain 
approval from TSA prior to conducting watch-list matching for any large 
aircraft operator. The proposed approval process would ensure that the 
watch-list service provider has the appropriate personnel and systems 
to process and keep secure sensitive and personally identifiable 
information.
    The following are the major requirements that potential watch-list 
matching service providers would have to satisfy to obtain approval 
from TSA. The individual requirements are described and discussed in 
further detail in the section-by-section analysis of proposed Sec.  
1544.503.
     Demonstrate ability to conduct automated watch-list 
matching and continuous vetting.
     Adopt and implement a system security plan for the system 
that contains personally identifiable information or is used to conduct 
watch-list matching.
     Demonstrate ability to receive passenger information from 
large aircraft operators and transmit watch-list matching results back 
to large aircraft operators.
     Successfully undergo a suitability assessment by TSA.
     Watch-list service provider's covered personnel would be 
required to successfully complete security threat assessments.
     Adopt a security program that complies with TSA 
requirements.
    The proposed rule describes the approval process that would apply 
and includes a provision allowing prospective watch-list service 
providers to seek reconsideration of an initial disapproval.
    Once TSA approves a watch-list service provider, the provider would 
have several responsibilities. TSA lists the major responsibilities 
below and then describes them in greater detail in the section-by-
section analysis of proposed Sec. Sec.  1544.513 and 1544.515.
     Carry out its security program, which details the 
requirements for conducting watch-list matching, security of the 
systems and physical property used to conduct watch-list matching, and 
training of personnel.
     Develop and execute procedures to identify, handle, and 
protect Sensitive Security Information and maintain the confidentiality 
of other information provided by TSA and aircraft operators.
     Submit to inspection by TSA.
    Under the proposed rule, TSA would retain the authority to withdraw 
a watch-list service provider's approval to conduct watch-list matching 
if the watch-list service provider failed to meet the qualification 
requirements or its responsibilities under the rule or if it were in 
the interest of transportation or national security. Watch-list service 
providers would be able to seek reconsideration of the withdrawal of 
approval to conduct watch-list matching from the Assistant Secretary or 
designee.

D. Third-Party Audits for Large Aircraft Operators

    As described in section II.A of this NPRM, TSA would require large 
aircraft operators to contract with TSA-approved auditors to conduct 
audits of their compliance with TSA regulations and their security 
programs. To ensure that auditors have the qualification and 
responsibilities to produce audits that would be useful to TSA and the 
large aircraft operators and to identify, handle, and protect Sensitive 
Security Information and other sensitive information, TSA proposes the 
following major qualifications and responsibilities that would apply to 
auditors. These qualifications and responsibilities, as well as other 
requirements, are described and discussed in further detail in the 
section-by-section analysis of proposed part 1522.
     Successfully undergo a TSA security threat assessment.
     Currently hold or be able to obtain a certification or 
accreditation from an organization recognized by TSA.
     Have sufficient knowledge and skills to conduct a security 
audit of an aircraft operator.
     Receive initial and biennial training.
     Conduct independent and impartial audits, submit audit 
reports to TSA, and retain audit reports for 36 months.
     Identify, handle, and protect Sensitive Security 
Information and keep confidential other information provided by TSA and 
large aircraft operators.
     Submit to inspection by TSA.
    The proposed rule describes the approval process that would apply 
to auditors. Auditors would be able to seek reconsideration of the 
disapproval to be a TSA-approved auditor from the Assistant Secretary 
or designee.
    Under the proposed rule, TSA would be able to withdraw approval of 
an auditor or responsibilities under the proposed rule or in the 
interest of transportation or national security. Auditors would be able 
to seek reconsideration of the withdrawal of approval to conduct audits 
from the Assistant Secretary or designee.

E. Proposed Amendments to the Full Program and the Full All-Cargo 
Program

    As part of this NPRM, TSA is also proposing a few minor amendments 
to the full program and the full all-cargo program. TSA proposes to 
require these aircraft operators to provide the following information 
when they submit their security program for approval under Sec.  
1544.105: business name; other names including ``doing business as''; 
state of incorporation; tax identification number; and the address of 
the aircraft operator's primary place of business or headquarters. This 
information would provide TSA the means to identify the aircraft 
operators and to obtain basic information about the aircraft operator 
in the course of reviewing a new security program for approval.
    Additionally, TSA proposes to add a provision of voluntary services 
to the full program and the full all-cargo program, as explained in 
further detail in the section-by-section analysis of proposed Sec.  
1544.241. Finally, as explained in the section-by-section analysis of 
Sec.  1544.101, TSA proposes to clarify that the full program applies 
to operators holding FAA operating certificates under 14 CFR part 119 
and that the full all-cargo program applies to operators holding FAA 
operating certificates under 14 CFR part 119 or part 125.

[[Page 64806]]

III. Section-By-Section Analysis

    The proposed rule sets forth the security regulations that would 
apply to large aircraft operators, including the requirements for the 
security program. TSA is also proposing to amend several other sections 
of part 1544 and adding new subparts F and G to set forth the 
procedures for watch-list service providers to obtain TSA approval and 
for large aircraft flight crews, auditors, and watch-list service 
providers' covered personnel to obtain security threat assessments, 
respectively. TSA is proposing to add a new provision in part 1540 to 
govern withdrawals of approved security programs. In addition, TSA is 
proposing to add a new part 1522, which establishes procedures for 
accrediting third-party auditors and for prescribing their functions in 
the LASP program. With respect to airports serving large aircraft, TSA 
is proposing to amend portions of part 1542 by regulating reliever 
airports, as designated by the Secretary of Transportation. TSA is also 
proposing changes to part 1520 to include the proposed LASP in the 
coverage of the regulations regarding Sensitive Security Information 
and minor changes to part 1550 to maintain consistency between 
regulations.

Part 1520--Protection of Sensitive Security Information

Section 1520.5 Sensitive Security Information

    TSA proposes to amend Sec.  1520.5(b)(1)(i) to protect watch-list 
service provider security programs as Sensitive Security Information. 
The watch-list service provider would have access to, and handle 
information on, the No Fly and Selectee Lists, which are SSI. The 
proposed change to this section would protect this SSI from 
unauthorized disclosure by the TSA-approved auditor, the watch-list 
service provider, the aircraft operator, or any other covered person.

Section 1520.7--Covered Persons

    As explained in the section-by-section analysis of proposed part 
1522 and Sec.  1544.243, TSA would require large aircraft operators to 
engage independent TSA-approved auditors to audit their compliance with 
their security programs and TSA regulations. TSA-approved auditors 
would have access to and handle SSI regarding the aircraft operator and 
TSA security standards as they relate to large aircraft operators. 
Similarly, the watch-list service provider would have access to and 
handle the No Fly and Selectee Lists, which are SSI. Accordingly, TSA 
would amend Sec.  1520.7(a) to include TSA-approved auditors and watch-
list service providers as covered persons that are subject to the 
requirements of part 1520 as they apply to SSI.

Part 1522--TSA Approved Auditors

    As described in section II.D, aircraft operators subject to this 
rule would need to engage independent TSA-approved auditors to audit 
their compliance with their security programs. TSA is proposing a new 
part 1522 to establish a framework for this new third-party auditor 
program. This third-party auditor program would initially apply only to 
aircraft operators under the LASP. TSA may expand its use to other 
programs in the future. The broad scope of part 1522 would allow TSA to 
use the process set forth in part 1522 for other programs that it may 
determine may benefit from an audit program.
    Part 1522 would have two components: (1) qualifications and 
procedures for individuals who seek TSA's approval for conducting 
audits; and (2) specific qualifications and required content of audit 
reports for the LASP. The first of these components would apply to all 
programs in which TSA would require third-party auditors. The second 
component would apply to the LASP.

Subpart A--General

Section 1522.1 Scope and Terms Used in This Part

    Proposed Sec.  1522.1 explains that individuals who wish to conduct 
audits of operators' compliance with security programs must obtain 
TSA's approval in accordance with part 1522. Section 1522.1 also 
defines terms used in the subpart. Proposed Sec.  1522.1 defines 
``applicant'' to mean the individual who is seeking to become a TSA-
approved auditor.
    Section 1522.1 defines ``conflict of interest'' as a situation when 
the TSA-approved auditor has a personal impairment that might affect 
their ability to do their work and report their findings impartially. 
This definition is derived from the Government Auditing Standards 
established by the Government Accountability Office (GAO) for ensuring 
that auditors do not have personal impairments that would interfere 
with their ability to maintain their independence. The proposed 
definition includes examples of conflict of interest situations, such 
as family or employment relationships. Relationships with family 
members that may be a conflict of interest would include relationships 
with parents, children, and siblings.
    Other proposed examples of conflict of interest include financial 
relationships and business relationships between the auditor and the 
operators to be audited. Financial interest would include, for example, 
the auditor owning stocks or bonds of the operator or the auditor 
having an employment, rather than a contractual, relationship with the 
operator. Examples of business relationships that would give rise to a 
conflict of interest would be where the auditor had previous decision-
making or managerial authority that would affect current operations or 
program being audited. Additionally, an auditor or the company that 
employs the auditor would not be able to provide non-audit services to 
the operator if the non-audit services relate to the operator's 
security program. TSA seeks comments on these examples as well as 
suggestions for other examples that TSA should consider. TSA is also 
considering expressing the conflict of interest concept as auditor 
independence. Rather than defining and prohibiting conflicts of 
interest, TSA would define independence and would require an auditor to 
have independence from the entity the auditor would audit. If TSA were 
to adopt a definition of ``independence'' in the final rule, the 
definition of ``independence'' would describe circumstances similar to 
those described in the proposed definition of ``conflict of interest.'' 
This approach would be consistent with the GAO's Government Auditing 
Standards and the Securities and Exchange Commissions regulations at 17 
CFR 210.2-01 concerning audits by certified public accountants.
    The final definition in proposed Sec.  1522.1 is ``TSA-approved 
auditor'' or ``auditor.'' These terms would mean an individual who has 
been approved under proposed part 1522 to conduct an audit under 49 CFR 
chapter XII.

Section 1522.3 Qualifications

    Section 1522.3 would establish qualifications for third-party 
auditors that would apply to such auditors in any program in which TSA 
would require their use. These qualifications are designed to ensure 
that auditors have the resources and expertise required to conduct an 
audit and to prepare the required reports. With respect to 
qualifications, TSA is proposing that auditors have experience with 
Federal statutes and regulations and have a certification or 
accreditation from a highly-regarded organization in the appropriate 
field. Such an organization might include, for

[[Page 64807]]

example, the International Standards Organization. For auditors that 
would be involved with the large aircraft program, the International 
Civil Aviation Organization or the International Business Aviation 
Council would also be acceptable. TSA would make publicly available a 
list of acceptable accreditation or certification organizations. TSA 
requests comments on whether this qualification is appropriate and on 
other organizations that might have the stature to provide the 
necessary certification or accreditation.
    Finally, applicants would be required to undergo a successful 
security threat assessment that includes a criminal history records 
check.
    The proposed rule text does not require auditors to be U.S. 
citizens, U.S. nationals, or lawful permanent residents of the United 
States. We invite comments on whether individuals with these important 
duties should be subject to such a qualification.

Section 1522.5 Application

    Proposed Sec.  1522.5 describes the information and documentation 
that applicants would be required to submit to TSA. The information 
would include the applicant's name, business address, business phone 
number, and business e-mail address. TSA would also require the 
applicant to submit a copy of his or her accreditation or certification 
from one of the organizations TSA determines are acceptable for this 
purpose and a statement of how he or she meets the requirements in 
proposed Sec.  1522.3.

Section 1522.7 TSA Review and Approval

    Proposed Sec.  1522.7 describes the review and approval process 
which TSA would carry out upon receipt of the auditor's application. 
The procedures by which TSA would review applications for the third-
party auditor program may involve several steps. After TSA receives an 
application, TSA would decide whether to approve or disapprove the 
application and would send a written notice of approval or disapproval 
to the applicant. If the application is disapproved, the applicant 
would be able to seek reconsideration under proposed Sec.  1522.9.

Section 1522.9 Reconsideration of Disapproval of an Application

    Proposed Sec.  1522.9 describes the review and petition process for 
reconsideration of disapproval of the auditor's application. If an 
applicant seeks to challenge the disapproval of his or her application, 
the applicant would be required to submit a written petition for 
reconsideration within 30 days of receipt of the notice of disapproval. 
The petition would include a statement explaining why the applicant 
believes he or she meets the criteria in Sec.  1522.3 with any 
supporting documentation. Reconsideration may result in confirmation of 
the disapproval or in a determination that the application should be 
approved.

Section 1522.11 Withdrawal of Approval

    Under proposed Sec.  1522.11, TSA would be able to withdraw the 
approval of an auditor if the auditor ceased to meet the qualification 
standards, the auditor failed to meet his or her responsibilities, or 
it is in the interest of security or the public. If TSA withdraws an 
auditor's approval, the auditor would no longer be able to perform an 
audit under TSA regulations.
    Under proposed Sec.  1522.11, before revoking an auditor's 
authority, TSA would provide the auditor with a proposed notice of 
withdrawal of approval that would include the basis for the withdrawal 
of approval. The auditor would be able to file a written petition for 
reconsideration to challenge the proposed notice. To challenge the 
proposed notice of withdrawal of approval, an auditor would be required 
to submit the petition for reconsideration within 30 days of receipt of 
the proposed notice. Reconsideration may result in confirmation of the 
disapproval or in a determination that the application should be 
approved. If the auditor does not file a petition for reconsideration, 
the proposed notice of withdrawal of approval would become a final 
notice 31 days after the auditor receives the proposed notice.
    In emergency situations, proposed Sec.  1522.11 would allow TSA to 
issue an emergency notice of withdrawal of approval that would be 
effective upon receipt by the auditor. The auditor would be able to 
challenge the emergency notice of withdrawal of approval by submitting 
a written petition for reconsideration but submission of the petition 
would not stay the withdrawal of approval.

Section 1522.13 Responsibilities of TSA-Approved Auditors

    Proposed Sec.  1522.13 prescribes the responsibilities of TSA-
approved auditors. Auditors would not be allowed to undertake an audit 
where the auditor had a conflict of interest as defined in proposed 
Sec.  1522.1. Auditors would be required to submit reports to TSA that 
meet TSA standards for the particular program. Auditors would be 
required to comply with TSA's regulations for identifying, handling, 
and protecting SSI. Under this section, auditors would also be 
prohibited from disclosure of any proprietary information. Importantly, 
if an auditor conducting an audit believes that there is an instance of 
noncompliance that presents an imminent threat to transportation 
security or public safety, the auditor would be required to notify TSA 
immediately. The auditor would not be authorized to require any 
remedial action.

Section 1522.15 Fraud and Intentional Falsification of Records

    Proposed Sec.  1522.15 includes provisions that would prohibit any 
person from making or providing any fraudulent statements, reports, 
records, access mediums, or identification. Any falsification of 
records or fraudulent actions would be a violation of the regulations 
and 18 U.S.C. 1001, and it would be a basis for TSA to withdraw the 
auditor's approval under proposed Sec.  1522.13.

Section 1522.17 Inspections

    Under proposed Sec.  1522.17, auditors would be required to permit 
TSA to inspect their facilities and copy records. This section would 
allow TSA to evaluate the auditor's performance and an operator's 
compliance with TSA regulations and its security program.

Subpart C--Auditors for the Large Aircraft Security Program

Section 1522.201 Applicability

    Proposed Sec.  1522.201 states that subpart C would apply to 
auditors seeking to obtain TSA's approval to conduct audits for the 
large aircraft program.

Section 1522.203 Additional Qualification Requirements

    Proposed Sec.  1522.203 describes the additional requirements that 
auditors for the LASP would be required to meet to be considered for 
approval. These requirements would include:
     At least five years of experience in inspection or 
auditing relating to governmental programs in security or aviation;
     Three professional references;
     Accreditation from an outside organization within the last 
ten years; and
     Knowledge and ability to assess compliance with Federal 
statutes and regulations.
    These additional requirements would demonstrate that the auditor 
possesses

[[Page 64808]]

sufficient experience and knowledge in auditing compliance with 
governmental programs and that the auditor has credentials that reflect 
knowledge of the aviation industry. Auditors would be able to satisfy 
the five-year experience requirement as a government employee or 
private consultant or contractor. TSA requests comments on these 
requirements as well as other requirements that TSA should consider for 
auditors of LASPs.

Section 1522.205 Audit Report

    Section 1522.205 would require an auditor to prepare an audit 
report that would include information about the audit process and the 
auditor's findings and conclusions of the audit. TSA would require the 
auditor to submit the audit report within 30 days after the audit was 
conducted. TSA would also require the auditor to sign an attestation 
that the audit was performed professionally and impartially. The audit 
report would be an important tool in TSA's compliance program by 
enabling TSA to evaluate a large aircraft operator's compliance with 
TSA regulations and the operator's security program and to ascertain if 
additional TSA action is required.

Section 1522.207 Training

    Under proposed Sec.  1522.207, TSA would require auditors to 
undergo initial and recurrent training. Through the initial training, 
auditors would acquire the necessary information on the process, 
procedures, and forms associated with the TSA-required audit. Recurrent 
TSA prescribed training would provide auditors with up-to-date 
information and would ensure that the auditor has maintained the 
necessary expertise to continue to perform audits. Recurrent training 
would be required every 24 months.

Section 1522.209 Biennial Review

    To ensure that a TSA-approved auditor continues to possess the 
requisite qualification and expertise to conduct audits, TSA would 
require the auditor to submit to a biennial review. The review would 
consist of submitting evidence that an auditor's training has been 
successfully completed and is current and that an auditor continues to 
hold the necessary accreditation or certification.

Part 1540--Civil Aviation Security: General Rules

Section 1540.107 Submission to Screening and Inspection

    As discussed in section II.A, TSA would require large aircraft 
operators to contract with a watch-list service provider to determine 
whether their passengers may board the aircraft. Watch-list service 
providers, who must be approved by TSA, would compare passenger names 
against the watch-list.
    Under proposed Sec.  1544.245(b), large aircraft operators would be 
required to request and obtain the full name of their passengers to 
transmit their passengers' information to a watch-list service provider 
to conduct watch-list matching prior to the passengers boarding the 
aircraft. Because full name is essential in conducting effective watch-
list matching, TSA proposes to require passengers to provide their full 
name when the large aircraft operator requests their full name.
    TSA has published the Secure Flight NPRM, which also includes a 
proposal to require individuals who make reservations for a covered 
flight to provide their full names.\30\ Under the proposed Secure 
Flight Program, full name would be the full name that appears on the 
individual's verifying identity document. A verifying identity document 
would be an unexpired photo identification issued by a government 
(Federal, State, or tribal) bearing the individual's full name and date 
of birth or an unexpired foreign passport. Examples of verifying 
identity documents are driver's licenses and passports. Accordingly, 
proposed Sec.  1540.107(c) would apply the same requirements to 
passengers of large aircraft operators.
---------------------------------------------------------------------------

    \30\ ``Covered flight'' is defined as a flight operated by an 
aircraft operator subject to a full program under 49 CFR 1544.101(a) 
or by a foreign air carrier subject to 49 CFR 1546.101(a) or (b). 
Proposed Sec.  1560.3, 72 FR at 48387.
---------------------------------------------------------------------------

Section 1540.301 Withdrawal of Approval of a Security Program

    Various entities, such as airport operators and aircraft operators, 
must submit their security programs to TSA for approval. Once TSA 
approves a security program, the operator must implement and operate 
under its approved security program. The regulations, however, do not 
specifically address the process through which TSA may withdraw its 
approval of a security program, when appropriate.
    TSA currently has withdrawal procedures only for indirect air 
carriers in 49 CFR 1548.7(f). To standardize the regulations, TSA 
proposes a new Sec.  1540.301 to codify procedures for TSA to withdraw 
approval of any operator's security program held under subchapter C. 
The proposed standard for withdrawal would be a TSA determination that 
the operation is contrary to security and the public interest. Proposed 
Sec.  1540.301 provides procedures for notice, response, and appeal of 
a TSA decision to withdraw approval. The affected airport operator, 
aircraft operator, or large aircraft operator would also be able to 
request a stay of the withdrawal pending appeal of the notice.
    TSA further proposes the codification of emergency withdrawal 
procedures. This proposal would create procedural guidelines to 
implement withdrawal of a security program and affords due process to 
the airport operator, aircraft operator, and large aircraft operator. 
The emergency procedures would allow the operator to appeal the 
withdrawal, but the filing of the appeal would not stay the effective 
date of withdrawal because of the extant circumstances giving rise to 
the emergency.

Part 1542--Airport Security

Section 1542.103 Content

    Section 1542.103 describes the airports that TSA requires to adopt 
a security program. TSA requires airports that regularly serve full 
program aircraft operators described in Sec.  1544.101(a)(1) or foreign 
air carriers described in Sec.  1546.101(a) to adopt a complete 
program. 49 CFR 1542.103(a). TSA also requires airports that regularly 
serve full program aircraft operators described in Sec.  
1544.101(a)(2), private charter aircraft operators described in Sec.  
1544.101(f), or a foreign air carrier described in Sec.  1546.101(b) or 
(c) to adopt a supporting program. 49 CFR 1542.103(b). Additionally, 
TSA requires airports regularly serving operations of an aircraft 
operator or foreign air carrier described in Sec.  1544.101(b) or Sec.  
1546.101(d) to adopt a partial program. 49 CFR 1542.103(c).
    As explained in section II.B of this NPRM, TSA proposes to expand 
the types of airports that would be required to adopt a partial program 
to include reliever airports and airports that regularly serve large 
aircraft with scheduled or public charter service. Furthermore, TSA 
would amend Sec.  1542.103(b) to remove airports regularly serving 
aircraft operators that are subject to the private charter program 
under Sec.  1544.101(f) from among the airport operators that are 
subject to the supporting program.
    An airport that would not be required to adopt a security program 
under Sec.  1542.101(a), (b), or (c) may nevertheless seek TSA approval 
for its security program. To address this situation, TSA proposes to 
adopt Sec.  1542.101(e), which would allow TSA to approve a security 
program for this type of airport, if the airport makes a request to 
TSA.

[[Page 64809]]

Part 1544--Aircraft Operator Security

Section 1544.1 Applicability of This Part

    Currently, Sec.  1544.1(a)(1) limits part 1544 to aircraft 
operators that hold a FAA operating certificate under 14 CFR part 119. 
Because part 1544 would apply to other aircraft operators under this 
NPRM, TSA would amend Sec.  1544.1(a)(1) to clarify that part 1544 
applies to all aircraft operators engaged in civil aviation in an 
aircraft with a MTOW of more than 12,500 pounds, not just those that 
hold a operating certificate under 14 CFR part 119.

Section 1544.101 Adoption and Implementation

    TSA is proposing this rulemaking to regulate any civil aviation 
operations. To ensure consistent treatment of similar aircraft 
operators, TSA proposes, in Sec.  1544.101(b), to apply the same 
threshold by requiring that the existing partial program, twelve-five 
program, and private charter program operations be consolidated and 
covered under a single LASP. Note that the LASP would replace the above 
stated programs in Sec. Sec.  1544.101(b) through (f).
    Operations under the LASP would include civil operations of 
aircraft, including passenger and all-cargo operations, and scheduled, 
charter, or other service, with a MTOW over 12,500 pounds, that do not 
operate under the full program (Sec.  1544.101(a)) or the full all-
cargo program (Sec.  1544.101(h)), and do not operate as a public 
aircraft as described in 49 U.S.C. Sec.  40102 or as a government 
charter under the definition of private charter in Sec.  1540.5 of this 
chapter. ``Public aircraft'' is defined in 49 U.S.C. 40102(37) as 
follows:


``public aircraft'' means any of the following:
    (A) Except with respect to an aircraft described in subparagraph 
(E), an aircraft used only for the United States Government, except 
as provided in section 40125(b).
    (B) An aircraft owned by the Government and operated by any 
person for purposes related to crew training, equipment development, 
or demonstration, except as provided in section 40125(b).
    (C) An aircraft owned and operated by the government of a State, 
the District of Columbia, or a territory or possession of the United 
States or a political subdivision of one of these governments, 
except as provided in section 40125(b).
    (D) An aircraft exclusively leased for at least 90 continuous 
days by the government of a State, the District of Columbia, or a 
territory or possession of the United States or a political 
subdivision of one of these governments, except as provided in 
section 40125(b).
    (E) An aircraft owned or operated by the armed forces or 
chartered to provide transportation to the armed forces under the 
conditions specified by section 40125(c).

The government maintains direct responsibility for the operation of 
public aircraft. Public aircraft are not subject to many of the safety 
regulations that cover other aircraft operations.\31\ They are not 
included in the statutory definition of ``civil aircraft'' and thus are 
not subject to many of the same requirements that apply to civil 
aircraft. See 49 U.S.C. 40102(16). There are strict limitations on how 
such aircraft may be used. See 49 U.S.C. 40124. Many of the operations 
are highly specialized and require unique procedures, including 
security procedures. TSA is proposing to make clear that public 
aircraft would not be subject to the LASP.
---------------------------------------------------------------------------

    \31\ FAA limits many of its regulations to operation of civil 
aircraft, which do not include public aircraft. For example, see 14 
CFR part 91, subpart E--Maintenance, Preventive Maintenance, and 
Alterations.
---------------------------------------------------------------------------

    A government private charter under TSA regulations means any 
aircraft operator flight--

    (2) For which the total passenger capacity of the aircraft is 
used for the purpose of civilian or military air movement conducted 
under contract with the Government of the United States or the 
government of a foreign country.

See 49 CFR 1540.5. Currently TSA regulations exempt most such 
operations from the Private Charter Security Program. See 49 CFR 
1544.101(f)(1)(ii). The rationale has been that such charters can, and 
do, carry out procedures on a regular basis to address the security 
concerns at issue. The U.S. Department of Defense (DOD) and Federal 
agencies use private charter operations to transport persons and 
property in furtherance of their government missions. See 67 FR 41635 
(June 19, 2002). TSA is concerned, however, that the chartering 
government agency may not always understand that it would be 
responsible for security of the operation. Unlike with public aircraft 
discussed above, a government charter may be for a short duration, even 
one flight at a time, and thus normal safety regulations continue to 
apply. Accordingly, the rule would make clear that TSA would exempt 
government charter operations from complying with the LASP, only if the 
government takes security responsibility for the following:
    (A) The aircraft;
    (B) Persons onboard; and
    (C) Property onboard.

See proposed Sec.  1544.101(b)(3)(iv). If the chartering government 
agency does not take responsibility for the security of the operation, 
the normal TSA requirements would apply.
    Note, however, that under the current rule, government charters 
must comply with the Private Charter Program if the charter enplanes 
passengers from, or deplanes passengers into, a sterile area at an 
airport. This minimizes the risk that any weapon or other prohibited 
item the government personnel may be carrying could inadvertently or 
purposefully be used to taint the sterile area. This requirement would 
continue under the proposed rule. TSA would require government charters 
that deplane into, or enplane from, sterile areas to comply with the 
LASP, including obtaining an alternate procedure for deplaning into, or 
enplaning from, a sterile area.
    The full program, the limited program, and the full all-cargo 
program would not be included in the large aircraft regulations. 
However, because TSA proposes to amend Sec.  1544.1(a) to make part 
1544 applicable to operators of aircraft with MTOW of over 12,500 
pounds, TSA would also need to amend Sec. Sec.  1544.101(a) and (h) to 
maintain the status quo as to which aircraft operators are subject to 
the full program. Consequently, TSA would amend Sec.  1544.101(a) to 
state that aircraft operators that hold a FAA certificate under 14 CFR 
part 119 would have to adopt and carry out a full program if they meet 
the conditions described in Sec.  1544.101(a)(1) or (a)(2). Similarly, 
TSA would amend Sec.  1544.101(h) to state that the full all-cargo 
program applies to aircraft operators that hold a FAA certificate under 
14 CFR part 119 or part 125. The limited program is for aircraft 
operators that have unique operations that do not fall within any other 
category of operations requiring a security program under other 
sections of part 1544. Nevertheless, the aircraft operator adopts a 
security program for its operations and TSA approves the security 
program and classifies it as a limited program.

Section 1544.103 Form, Content, and Availability

    Proposed Sec.  1544.103 sets forth the form, content, and 
availability requirements for the security programs required under 
Sec.  1544.101. There have been standard security programs for certain 
aircraft operators since 1976. TSA is proposing to recognize the use of 
standard security programs by TSA and aircraft operators in current 
requirements for aircraft operators and proposed under part 1544. This 
proposed rule would clarify that each particular operator's security 
program would be the standard security program issued by TSA, together 
with any amendments and alternate procedures

[[Page 64810]]

approved or accepted by TSA for that aircraft operator.
    Currently, Sec.  1544.103(c) lists the content requirements of a 
security program for a full program aircraft operator. The specific 
security regulations are set forth in part 1544, subpart C--Operations. 
TSA proposes to add new paragraphs (d), (e), and (f) to describe the 
content requirements for full all-cargo and LASPs, respectively. Also, 
TSA would amend paragraph (c) to add the new requirements of proposed 
Sec.  1544.241 regarding volunteer emergency services for full program 
operators.
    The content requirements for the full all-cargo security programs 
in proposed paragraph (d) are essentially the same requirements in the 
current Sec.  1544.101(i), except for the addition of proposed Sec.  
1544.241 concerning volunteer emergency services. The content 
requirements for the LASP are described in section II.A of the 
preamble. The individual elements, not discussed in this section of the 
preamble, are discussed in further detail in the section-by-section 
analysis of Sec. Sec.  1544.202, 1544.205, 1544.206, 1544.207, 
1544.215, 1544.217, 1544.223, 1544.225, 1544.233, 1544.235, 1544.241, 
1544.245, and subpart G.
    The existing partial program and private charter program include a 
few security measures that would not be part of the LASP, because these 
measures would be unnecessary under the LASP. First, the partial 
program requires that aircraft operators under that program participate 
in any airport-sponsored exercise of the airport contingency plan in 
Sec.  1544.301(c). Currently, there are very few aircraft operators 
that hold a partial program and are subject to Sec.  1544.301(c). Also, 
most large aircraft operators operate out of GA airports that are not 
required to have a contingency plan, including those that TSA proposed 
to require to adopt and carry out a partial program under proposed 
Sec.  1542.103(c). Thus it would be unnecessary to require large 
aircraft operators to participate in an airport-sponsored exercise of 
the airport contingency plan and to include this security measure in 
the LASP.
    TSA is also proposing not to include the requirements in Sec. Sec.  
1544.209 and 1544.211 regarding the use of metal detection devices and 
X-ray systems that are in the current private charter program. Because 
private charter operators currently do not use these devices or systems 
in their screening processes, it would be unnecessary to include those 
requirements in the LASP. If a large aircraft operator plans to use a 
metal detection device or an X-ray system, the operator would apply for 
an amendment or alternate procedure to its security program, which 
would describe the requirements and procedures for using such devices 
or systems.

Section 1544.105 Approval and Amendments to the Security Program

    Aircraft operators that are required to adopt a security program 
under Sec.  1544.101 must apply for a security program from TSA. TSA 
provides the standard security program and may amend the program on its 
own initiative, or as requested by the aircraft operator and approved 
by TSA. Similarly, TSA would provide large aircraft operators with a 
standard security program. At that time, the aircraft operator would be 
able to submit any amendment to their security program to TSA for 
approval. If the aircraft operator fully accepts the standard TSA 
security program, they would not be required to submit any amendments 
to TSA. Accordingly, TSA proposes to amend Sec.  1544.105 to apply to 
large aircraft operators.
    Unlike the full program and full all-cargo program operators, a 
large aircraft operator would need to submit additional information, 
such as the names, addresses, and phone numbers of the owners and 
aircraft operator security coordinator of the large aircraft, and the 
FAA certificate number if the aircraft operator holds an FAA 
certificate, when it submits its application for approval of its 
security program. Full program and full all-cargo program operators 
hold certificates from the FAA and DOT, and the Federal Government has 
reviewed the operators, including their key personnel, in connection 
with the certification processes; thus the operators are known to the 
Federal Government. Large aircraft operators, however, are a diverse 
group of operators that range from individuals who own and operate 
their aircraft to large corporations that operate aircraft using owned 
and/or leased aircraft. As a result, TSA would need the additional 
information to identify the owners and operators of large aircraft and 
to evaluate their security programs for approval.
    TSA believes that aviation security will be enhanced if TSA 
conducts an analysis to determine whether operators of aircraft subject 
to this proposed regulation are legitimate business entities and 
whether their owners are individuals who appear to pose a risk to 
aviation security. Accordingly, TSA is considering various options to 
achieve the objective. For checking on whether the aircraft operator is 
a legitimate business entity, TSA may rely on a check against Dun & 
Bradstreet or a similar commercial database and/or governmental 
databases, such as the FAA's Aircraft Registration Database. For 
individuals who would be identified as a proprietor, general partner, 
officer, director, or owner in proposed section 1544.105(a)(1)(ii)(B), 
TSA does not intend to use commercial or publicly available data to 
determine whether the individuals pose or may pose a threat to 
transportation or national security. For these individuals, TSA seeks 
comment on whether it should require these individuals to undergo the 
security threat assessment (STA) described in proposed part 1544, 
subpart G. TSA requests public comment on these options and on other 
approaches that would achieve the desired result.
    TSA would also use the information to identify and contact aircraft 
and their respective operators for operational or security reasons.
    The proposed rule would not change the process for amending a 
security program, either by the aircraft operator or TSA. Proposed 
Sec.  1544.105(f) would provide TSA with a mechanism to withdraw its 
approval of an aircraft operator's security program pursuant to the 
procedures set forth in proposed Sec.  1540.301.

Section 1544.107 Fractional Ownership of Large Aircraft

    Proposed Sec.  1544.107 addresses situations in which a large 
aircraft is under fractional ownership program under the FAA rules in 
14 CFR part 91, subpart K, for purposes of determining who would be the 
aircraft operator under proposed Sec.  1544.101(b). We propose to use 
essentially the same requirements that apply in the FAA rules for this 
purpose. See 14 CFR 91.1011. Each owner in operational control of a 
program flight would be ultimately responsible for safe operations and 
for complying with all applicable requirements, including those related 
to security issues. An owner would be considered in operational control 
when the owner has the legal rights to the aircraft, has directed that 
the aircraft carry passengers or property designated by the owner, and 
the aircraft is carrying those passengers or property.
    Although TSA would consider each owner as the aircraft operator, 
the owner would be able to delegate some or all of the performance of 
the tasks associated with carrying out this security responsibility to 
the program manager. For operations where the owner in operational 
control delegates performance of security tasks to the

[[Page 64811]]

program manager, the TSA would consider the owner and the program 
manager to be holding the security program jointly, and the owner and 
the program manager would be jointly and individually responsible for 
compliance. In the event that a program manager manages multiple 
aircraft, the program manager would have one large aircraft program 
that applies to all its operations.
    An owner would be considered not in operational control when an 
aircraft is used for a flight for administrative purposes, such as 
demonstration, positioning, ferrying, maintenance, or crew training, 
and no passengers or property that were designated by the owner are 
being carried. Further, if the aircraft is operated under 14 CFR part 
121 or 135, then the owner would be considered not to be in operational 
control.
    This approach to determining the party that would be considered the 
aircraft operator for purposes of the LASP is based on the FAA 
regulations found in 14 CFR part 91, subpart K, regarding fractional 
ownership operations. TSA invites comments on whether we should provide 
additional features of subpart K in these regulations, such as the 
requirement in 14 CFR 91.1013 that the program manager brief the 
fractional owner.

Section 1544.202 Persons and Property Onboard All-Cargo Aircraft

    Current Sec.  1544.202 requires each aircraft operator operating 
under the full all-cargo program and the twelve-five program in all-
cargo operations to apply the security measures in their security 
programs to persons who board the aircraft and their property. 
``Cargo'' is defined as property tendered for air transportation 
accounted for on an air waybill. Company materials and other property 
not under an air waybill are not cargo; Rather, they are property that 
would be subject to proposed Sec.  1544.206, as discussed in section 
II.A of this preamble and below.
    Section 1544.202 is intended to prevent persons who may pose a 
security threat from boarding and to prevent or deter the carriage of 
any unauthorized persons and unauthorized explosives, incendiaries, and 
other destructive substances or items. This provides the opportunity 
for aircraft operators to conduct an on-site check of persons and 
property for compliance, and provides TSA with the means to perform 
security database checks. Section 1544.202 remains an important 
security measure for aircraft with MTOW of over 12,500 pounds in all-
cargo operation. Consequently, we propose to revise Sec.  1544.202 to 
apply to aircraft operated under the LASP in an all-cargo operation and 
to remove the references to the twelve-five program in all-cargo 
operations.

Section 1544.205 Acceptance and Screening of Cargo

    Section 1544.205 sets forth the requirements for screening cargo on 
full program operations that carry cargo, full all-cargo operations, 
and twelve-five all-cargo operations. As with Sec.  1544.202, cargo 
under Sec.  1544.205 is property tendered for air transportation 
accounted for on an air waybill. As discussed above, TSA would require 
operators of large aircraft that are all-cargo operations to screen 
persons, accessible property, and cargo onboard the aircraft to prevent 
and deter the carriage of any unauthorized persons or the unauthorized 
carriage of weapons or explosives. Sections 1544.205(a), (b), (d), and 
(f) would apply to all large aircraft with an MTOW of over 12,500 
pounds in all-cargo operations.

Section 1544.206 Persons and Property on Board a Large Aircraft

    As discussed in section II.A of the preamble, TSA proposes Sec.  
1544.206, which would require aircraft operators operating under a 
large aircraft program under Sec.  1544.101(b) to apply security 
measures in its security program to prevent or deter the carriage of 
unauthorized persons or unauthorized weapons, explosives, incendiaries, 
and other destructive substances or items. TSA also notes that 18 
U.S.C. 922(e) and (f) impose criminal penalties for the unlawful 
transport or delivery of firearms or ammunition by any person or by 
common or contract carriers, respectively.

Section 1544.207 Inspection of Individuals and Property

    Current Sec.  1544.207 describes which entities conduct screening 
under which circumstances: TSA, a foreign government, or the aircraft 
operator. TSA is proposing to amend Sec.  1544.207 to clarify which 
aircraft operator is subject to this section and which entity is 
responsible for conducting the required screening.
    TSA would amend Sec.  1544.207(a) to state clearly that this 
section applies to full program operators, full all-cargo program 
operators, and operations in a large aircraft with a MTOW over 45,500 
kilograms operated for compensation or hire, as described in proposed 
Sec.  1544.103(f)(1).
    Proposed Sec.  1544.207(b) applies to full program operators and is 
substantively the same as the current requirements for these operators. 
This section originally was written before TSA assumed the 
responsibility for all passenger and checked baggage screening in the 
United States and does not currently clearly state where TSA conducts 
the screening. TSA proposes to clarify this section. For locations in 
the United States, each full program operator must not board a 
passenger, or load his or her accessible or checked property, unless 
TSA or a TSA contractor has conducted the necessary inspection. In 
locations outside of the United States where the foreign country 
conducts the screening, each full program operator must not board a 
passenger, or load his or her accessible or checked property, unless 
the foreign country has conducted the necessary screening. TSA may 
require supplemental screening of some passengers. In locations outside 
of the United States where the foreign country does not conduct part or 
all of the required screening, each full program operator must not 
board a passenger, or load his or her accessible or checked property, 
unless the operator or its authorized representative has conducted the 
required screening.
    Proposed Sec.  1544.207(c) applies to full all-cargo programs and 
to operations in a large aircraft with a MTOW over 45,500 kilograms 
operated for compensation or hire, which currently are referred to as 
private charters. These aircraft operators are generally required to 
conduct their own screening. They would be required to follow the 
security procedures in their security programs and the requirements in 
49 CFR part 1544, subpart E, regarding screener qualifications when the 
aircraft operator conducts the screening.
    In the event that the aircraft enplanes or deplanes from a sterile 
area, the large aircraft operator would be required to obtain an 
alternate procedure for its security program.

Section 1544.217 Law Enforcement Personnel

    Section 1544.217 currently requires aircraft operators under the 
partial program, the twelve-five program, the private charter program, 
and the full all-cargo program to provide for law enforcement personnel 
that meet TSA's requirements. TSA proposes to replace the referenced 
partial program, the twelve-five program, and the private charter 
program, with the LASP, requiring large aircraft operators to perform 
the same duties required under Sec.  1544.217. TSA proposes that large 
aircraft operators must provide their employees, including crewmembers, 
current information regarding procedures for obtaining law

[[Page 64812]]

enforcement assistance, to enable them to contact local law enforcement 
personnel expeditiously in the event of a security need.

Section 1544.223 Transportation of Federal Air Marshals

    Current Sec.  1544.223 requires that full program operators and 
large aircraft over 45,500 kilograms that operate for compensation or 
hire under Sec.  1544.103(f) carry Federal Air Marshals (FAMs). In this 
NPRM, TSA proposes to add Sec.  1544.223(g) to require other large 
aircraft operators not covered by Sec.  1544.103(f)(1) to carry FAMs 
only upon notification by TSA. This would affect mostly private/
corporate aircraft owners. The regulation change would provide TSA with 
the ability to require these operators to put a FAM on board a large 
aircraft, pursuant to prior notification, if the need arises. TSA 
understands that maintaining the confidentiality of the FAM onboard a 
large aircraft may not be possible, and therefore TSA proposes to limit 
Sec.  1544.223(g) to those operating under a full program or a LASP in 
an aircraft with MTOW over 45,500 kilograms.

Section 1544.237 Flight Deck Privileges

    Section 1544.237(b) currently allows for access to the flight deck 
by FAA air carrier inspectors, authorized representatives of the 
National Transportation Safety Board, and U.S. Secret Service agents. 
This NPRM proposes to amend Sec.  1544.237(b) to include Department of 
Defense (DOD) commercial air carrier evaluators who may seek admittance 
to the aircraft flight deck. TSA proposes to amend Sec.  1544.237 to 
harmonize with FAA regulations at 14 CFR 121.547. DOD commercial air 
carrier evaluators will assess the effectiveness of a carrier's 
operations department, including crew coordination and safety 
awareness. DOD evaluators are required to pre-arrange all flight deck 
evaluations.

Section 1544.241 Voluntary Provision of Emergency Services

    Congress has enacted statutory provisions that provide certain 
exemptions from liability for qualified law enforcement officers, 
firefighters, and emergency medical technicians who provide emergency 
services during emergencies; and that directs TSA to establish a 
program to allow such individuals to volunteer to provide such 
emergency services. 49 U.S.C. 44944. TSA has already incorporated this 
program into the AOSSP for full program operators and now proposes to 
codify the provisions in new Sec.  1544.241. Because the statute limits 
these provisions to air carriers, TSA proposes to limit the application 
of Sec.  1544.241 to aircraft operators that hold an air carrier 
operating certificate under 14 CFR part 119.
    The statute provides that a qualified individual shall not be 
liable for damages in any action brought in Federal or State court 
which arises from the act or omission of that individual in providing 
or attempting to provide assistance in an in-flight emergency, absent 
gross negligence or willful misconduct. TSA must establish the 
requirements for qualifications of these individuals. Consistent with 
the statute, TSA's proposed regulation requires air carriers operating 
under a full program to implement a method or a program for qualified 
individuals who are law enforcement officers, firefighters, or 
emergency medical technicians to present their credentials to the 
carrier and to give their consent to be called upon during an in-flight 
emergency.
    As required in the statute, Sec.  1544.241(b) sets out proposed 
qualifications for the law enforcement officers, firefighters, and 
emergency medical technicians who would be exempted from liability 
under the statute and who would be able to volunteer under this 
section. TSA proposes that an individual is qualified for purposes of 
this section if the individual is qualified under Federal, State, 
local, or tribal law, or under the law of a foreign government, has 
valid standing with the licensing or employing agency that produced the 
credentials, and is a scheduled, on-call, paid, or volunteer employee, 
as one of the following:
    1. A law enforcement officer who is an employee or authorized by 
the Federal, state, local or tribal government or under the law of a 
foreign government, with the primary purpose of the prevention, 
investigation, apprehension, or detention of individuals suspected or 
convicted of Government offenses.
    2. A firefighter who is an employee, whether paid or a volunteer, 
of a fire department of any Federal, state, local, or tribe who is 
certified as a firefighter as a condition of employment and whose duty 
it is to extinguish fires, to protect life, and to protect property.
    3. An emergency medical technician who is trained and certified to 
appraise and initiate the administration of emergency care for victims 
of trauma or acute illness. We request comments on whether these are 
the appropriate qualifications to carry out the purposes of the 
statute.
    This exemption from liability provided in the statute is stated for 
information in proposed Sec.  1544.241(b)(1). The statutory exemption 
from liability applies only to the three named groups above. The 
proposed rule in Sec.  1544.241(b)(2) includes the statutory provision 
that the exemption shall not apply in any case where an individual 
provides or attempts to provide assistance in a manner that constitutes 
gross negligence or willful misconduct. The statute does not require 
the individual volunteer to identify himself or herself before 
departure to be subject to this exemption. Proposed Sec.  
1544.241(b)(3) states expressly that the exemption would apply 
regardless of whether the individuals identify themselves in advance of 
departure. The proposed rule also makes clear that an individual need 
not have his or her credentials with himself or herself at the time of 
providing assistance for the exemption from liability to apply. For 
instance, if a firefighter who did not volunteer before the flight as 
provided in paragraph (c), and who did not have his credentials with 
him, were to provide assistance in the case of an in-flight emergency, 
the statutory exemption from liability would apply. After the incident, 
to show that the exemption applied, the firefighter may have to 
establish that he was qualified as provided in paragraph (a), but the 
lack of credentials present at the time of the emergency would not 
preclude the application of the exemption.
    Proposed Sec.  1544.241(c) contains the requirement for aircraft 
operators to implement a program for individuals who meet the 
qualifications in paragraph (a) to volunteer, prior to departure, to be 
called on by a crewmember or flight attendant to provide emergency 
services in the event of an in-flight emergency. The required 
procedures would include a check of the credentials of individuals 
identifying themselves pre-departure.
    Under this program, TSA would not expect FAMs and LEOs who are 
flying armed under Sec.  1544.219 to volunteer to assist in an 
emergency situation prior to departure. Since the FAMs and LEOs must 
identify themselves to the aircraft operator prior to departure and 
must have taken appropriate training to fly armed, it is not necessary 
for the aircraft operator or the FAM or LEO to carry out Sec.  
1544.241. The flight crew knows where each FAM and armed LEO is seated 
and is able to request their assistance if the need arises. The 
statutory exemption from liability would apply if a FAM or LEO were to 
assist during an emergency.

[[Page 64813]]

    Proposed Sec.  1544.241 would not preclude passengers from 
assisting in an emergency, even if they did not meet the qualifications 
in paragraph (a). We note that any passenger may assist in an 
emergency, and in the past, physicians, nurses, and others have 
provided vital help when needed, and they will continue to be able to 
do so.
    Generally, the aircraft operator will determine whether to request 
assistance and from whom to request it based on all the circumstances 
and information available to the aircraft operator. For instance, while 
the statute does not apply to doctors or nurses, if there is a medical 
emergency and the aircraft operator is aware that a doctor or a nurse 
is on board, the aircraft operator may request assistance of them 
instead of other individuals who may have volunteered under this 
program. However, the statute limits liability protection to qualified 
law enforcement officers, firefighters, and emergency medical 
technicians. State Good Samaritan Laws and other protections may apply 
to other individuals, not mentioned in the statute, who assist in an 
emergency.
    Additionally, in accordance with 49 U.S.C. 44944(a), the aircraft 
operator must keep all information of the identity or personal 
information of the qualified individual confidential and must not 
provide such information to any individual, other than the appropriate 
aircraft operator personnel.

Section 1544.243 Third Party Audit

    As discussed in section II.A of the preamble, proposed Sec.  
1544.243 would require a large aircraft operator to contract with a 
TSA-approved auditor to audit its compliance with the requirements of 
49 CFR chapter XXII and its security program. The regulations include 
procedures for obtaining TSA approval and for conducting audits.

Section 1544.245 Passenger Vetting for Large Aircraft Operators

    TSA would require large aircraft operators to contract with watch-
list service providers to conduct watch-list matching of their 
passengers before allowing them to board. Passengers determined to be 
on the No Fly list would not be able to board an aircraft. Proposed 
Sec.  1544.245 establishes the procedures that large aircraft operators 
would be required to follow in order to comply with the requirements 
for watch-list matching. Section II.A of this preamble provides a 
detailed discussion of the requirements and process.

Subpart F--Watch-List Service Providers

    Under proposed Sec.  1544.245, large aircraft operators would 
submit passenger information to watch-list service providers approved 
by TSA to conduct watch-list matching. Proposed part 1544, subpart F, 
sets forth the proposed requirements and procedures for entities to 
obtain and maintain TSA approval to conduct watch-list matching. TSA 
would require watch-list service providers to maintain high IT system 
security, to develop and implement a robust system capable of 
conducting automated watch-list matching quickly and continuous vetting 
of master passenger lists, to protect personally identifiable 
information and sensitive security information, and to adopt and 
implement a security program. Because of these requirements, TSA 
expects that limited number of entities would be approved to be watch-
list service providers. TSA is also considering whether to limit in the 
final rule the number of watch-list service providers that it would 
approve. This would preserve the security of the watch-list by 
restricting the distribution of the watch-list to a small number of 
entities that would have access to the watch-list. TSA seeks comment on 
limiting the number of entities that would be approved watch-list 
service providers, including what criteria would be used to determine 
which applicants would be approved and how many watch-list service 
providers should be approved. For instance, TSA is considering criteria 
such as the level of IT system security, the type of watch-list 
matching system, and the ability of the service provider to quickly 
conduct the service.

Section 1544.501 Scope and Terms Used in This Subpart

    Subpart F would apply to watch-list service providers who conduct 
watch-list matching on behalf of large aircraft operators. The 
definition of ``applicant'' would mean the entity that is seeking 
approval from TSA to conduct watch-list matching for large aircraft 
operators. ``Large aircraft operators'' are defined as those operators 
described in Sec. Sec.  1544.101(b) or 1544.107. The final definition 
in proposed Sec.  1544.501 is ``covered personnel.'' This term would 
mean an employee, officer, principal, or program manager of the watch-
list service provider who collects, handles or uses passenger 
information or watch-list matching results or who conducts watch-list 
matching.

Section 1544.503 Qualification Standards for Approval

    Proposed Sec.  1544.503 would establish qualification standards for 
approval of applicants to conduct watch-list matching. The applicant 
would need to demonstrate the ability to receive passenger information 
from large aircraft operators and to conduct automated watch-list 
matching, including using continuously updated information from TSA, 
and to transmit the watch-list matching results to the large aircraft 
operator in a secure manner. The applicant would be required to obtain 
an attestation from an independent public accounting (IPA) firm that 
the system that the applicant would use to contain SSI and personally 
identifiable information collected as part of the watch-list matching 
process and to perform the necessary transmissions and matching are in 
compliance with the applicant's approved system security plan and TSA 
standards. In addition, TSA would require the applicant to successfully 
undergo a suitability assessment by TSA, and the applicant's covered 
personnel to successfully undergo a security threat assessment by TSA.
    Finally, TSA would require the applicant to be incorporated within 
the United States, and the applicant's operations and systems for 
conducting the watch-list matching to be located in the United States. 
Under this proposal, eligibility to be a watch-list service provider 
would be limited to U.S. companies and U.S. subsidiaries of foreign 
corporations that are incorporated and located in the United States. 
This requirement would lessen the possibility that the SSI and the 
personally identifiable information that would be part of the watch-
list matching process would be exported to a foreign country, which 
would limit the U.S. Government's ability to protect that information. 
The requirement would also allow for better TSA oversight and control 
over this watch-list matching process. Because the watch-list matching 
process involves personally identifiable information and SSI, TSA seeks 
comments on whether to require covered personnel to be U.S. citizens, 
U.S. nationals, or lawful permanent residents of the United States.

Section 1544.505 Application

    Proposed Sec.  1544.505 would require every applicant to submit an 
application in a form and manner prescribed by TSA. The application 
would include the following: (1) Applicant's full name, business 
address, business phone, and business email address; (2) a statement

[[Page 64814]]

and other supporting documentation providing evidence of the 
applicants' abilities and satisfaction of the required qualifications; 
(3) a system security plan that would satisfy standards set forth by 
TSA; and (4) a security program that meets the requirements set out in 
Sec.  1544.515.
    TSA proposes to require watch-list service providers to adopt a 
system security plan that satisfies TSA standards to ensure that watch-
list service providers protect personally identifiable information and 
SSI. TSA standards would be based on the National Institute of 
Standards and Technology (NIST) Special Publication 800-53, 
``Recommended Security Control for Federal Information Systems,'' (NIST 
Special Publication 800-53). The objective of NIST Special Publication 
800-53 is to provide security controls that are consistent with and 
complementary to other established security standards. The catalog of 
security controls provided in NIST Special Publication 800-53 can be 
effectively used to demonstrate compliance with a variety of 
governmental, organizational, or institutional security standards. NIST 
Special Publication 800-53 is a widely recognized body of security 
criteria for Federal systems.
    TSA standards for the systems security plan would likely be 
organized into three classes: Management, Operational, and Technical. 
Management controls would focus on security systems program risk. 
Operational controls would address security methods of mechanisms that 
people (as opposed to systems) would implement and execute. Technical 
controls would manage security controls that the watch-list service 
provider's systems would execute. These controls would provide 
automated protection from unauthorized access or misuse, facilitate 
detection of security violations, and support security requirements for 
applications and data.
    Furthermore, the NIST Federal Information Processing Standards 
Publication 199, ``Standards for Security Categorization of Federal 
Information and Information Systems,'' February 2004, establishes 
security categories for both Federal information and information 
systems. The security categories are based on potential impact should 
certain events occur. Based on analysis of potential impacts, TSA 
believes that security categorization for confidentiality, integrity, 
and availability would be ``High.'' Consequently, security controls 
that should be applied are those that are commensurate with a High 
security category system. NIST Special Publication 800-53 contains 
implementation requirements for this categorization.
    Under proposed Sec. Sec.  1544.505 and 1544.515, TSA would require 
watch-list service providers to submit a system security plan as part 
of their application for TSA approval, and that system security plan 
would be part of the watch-list service providers' security program. 
TSA requests comments on which standards and controls in the NIST 
Special Publication 800-53 should apply to watch-list service 
providers' systems. TSA would develop the specific standards for the 
system security by reviewing all of the standards and controls in NIST 
Special Publication 800-53 and the comments received in response to 
this NPRM. Based on its review, TSA would issue a system security plan 
template that would incorporate the standards and controls that TSA 
determines would be appropriate to require of the watch-list service 
providers for their systems, similar to the process that TSA used to 
develop the information systems security standards for the Registered 
Traveler Interoperability Pilot.\32\ Watch-list service providers would 
have an opportunity to comment on the template including the standards.
---------------------------------------------------------------------------

    \32\ ``The Registered Traveler Security, Privacy and Compliance 
Standards for Sponsoring Entities and Service Providers,'' including 
all appendices, is available on TSA's Web site at www.tsa.gov.
---------------------------------------------------------------------------

Section 1544.507 TSA Review and Approval

    Section 1544.507 proposes procedures for TSA's review and approval 
of applications to perform watch-list matching. Upon receipt of the 
application, TSA would review the application and might conduct a site 
visit of the applicant's place of business to determine whether the 
applicant meets TSA's qualifications. Upon final review of the 
application by TSA, TSA would notify the applicant of approval or 
disapproval by written notice. After TSA approves an application and 
receives an attestation report for an IPA firm opining that the watch-
list service provider's system is in compliance with its system 
security plan and TSA standards, the watch-list service provider would 
be able to begin passenger vetting pursuant to the regulations.

Section 1544.509 Reconsideration of Disapproval of an Application

    Proposed Sec.  1544.509 would allow an applicant whose application 
has been disapproved to petition for reconsideration of TSA's decision 
by submitting a written petition to the Assistant Secretary or designee 
within 30 days of the notice of disapproval. The petition for 
reconsideration would need to include the applicant's contact 
information and any documentation that the applicant believes may 
assist the Assistant Secretary in making a final decision. The 
Assistant Secretary or designee would also be able to request 
additional information from the applicant that may assist in disposing 
of the petition.

Section 1544.511 Withdrawal of Approval

    Proposed Sec.  1544.511 would state the procedure for TSA to 
withdraw the approval of the watch-list service provider if it ceases 
to meet the standards for approval, fails to fulfill its 
responsibilities, or if it is in the interest of security or the 
public. If TSA decides to withdraw the approval of a service provider, 
TSA would provide the service provider with a written notice of 
proposed withdrawal of approval, which would include the basis of the 
withdrawal of approval. The initial notice would become a final notice 
of withdrawal of approval if TSA does not receive a written petition of 
reconsideration within 31 days after the service provider's receipt of 
TSA's notice of proposed withdrawal of approval. Except in an 
emergency, during the 31 days prior to the TSA's receipt of the written 
petition, the service provider would be able to continue conducting 
watch-list matching. Additionally, if the watch-list service provider 
did file a timely written petition for reconsideration, the service 
provider would be able to continue conducting watch-list matching, 
unless and until the service provider receives a final notice of 
withdrawal of approval. Once the watch-list service provider received a 
final notice of withdrawal of approval, the service provider would not 
be able to continue conducting watch-list matching.
    If TSA found an emergency situation requiring immediate withdrawal 
of the service provider's approval, the proposed rule would allow TSA 
to withdraw the approval without prior notice. The emergency notice 
would include the basis of the emergency withdrawal of approval and 
would be effective upon receipt by the watch-list service provider. As 
above, the service provider would be able to file a written petition 
for reconsideration within 30 days of receipt of the emergency notice; 
however, this would not stay the effective date of the emergency notice 
of withdrawal of approval.

[[Page 64815]]

Section 1544.513 Responsibilities of Watch-List Service Providers

    Proposed Sec.  1544.513 describes the responsibilities of watch-
list service providers under this part. These responsibilities would 
ensure that the watch-list service providers are conducting watch-list 
matching in a manner that is consistent with TSA standards and that 
protects personally identifiable information and SSI. Under proposed 
Sec.  1544.513, watch-list service providers would have the following 
responsibilities: (1) Adopt and carry out a security program that meets 
the requirements of proposed Sec.  1544.515; (2) comply with the system 
security plan; (3) contract with an IPA firm to perform periodic 
attestation of their compliance with their systems security plan and 
TSA standards, as explained in further detail below; (4) identify, 
handle, and protect SSI in accordance with 49 CFR part 1520; (5) not 
disclose information received from or sent to the aircraft operator or 
to TSA, unless otherwise authorized by TSA; (6) allow TSA to inspect 
watch-list service providers to determine their compliance with TSA 
regulations and their security programs; (7) adopt and make public a 
privacy policy; (8) provide documentation establishing compliance if 
requested by TSA; and (9) only use the watch-list for watch-list 
matching under proposed part 1544, subpart F.
    Because watch-list matching involves security and privacy issues, 
TSA proposes to require watch-list service providers to contract with a 
qualified IPA firm to perform an attestation of their compliance with 
their system security plan and TSA standards. TSA would consider an IPA 
firm qualified if their selection is consistent with the American 
Institute of Certified Public Accountants' (AICPA) guidance regarding 
independence, and the firm demonstrates the capability to assess 
information system security and process controls. TSA would reserve the 
right to reject the IPA firm's attestation if, in TSA's judgment, the 
IPA firm is not sufficiently qualified to perform these services.
    TSA proposes to require that the IPA firm conduct the attestation 
in accordance with AICPA ``Statement for Standards on Attestation 
Engagements'' No. 10 and TSA standards. TSA would also require the IPA 
firm to prepare and submit a report, in a form and manner prescribed by 
TSA.
    As stated above, TSA would require watch-list service providers to 
obtain an attestation report prior to commencement of operations to 
conduct watch-list matching. Additionally, TSA would require watch-list 
service providers to obtain periodic attestation reports for the 
duration of their watch-list matching. TSA would require watch-list 
service providers to undergo an attestation every year and the IPA firm 
would submit an attestation report to TSA approximately 12 months after 
submission of the previous attestation report.

Section 1544.515 Security Program

    Proposed Sec.  1544.515 would set forth the content requirements 
for a security program. These requirements would ensure that watch-list 
service providers have the capability and proper procedures to conduct 
watch-list matching under this subpart. Watch-list service providers 
would be required to adopt and carry out security programs that include 
the procedures for receiving passenger information from the aircraft 
operators, conducting watch-list matching of the passengers, including 
continuous vetting of passengers, and transmitting the watch-list 
matching results to the operator. The security program would also 
contain procedures for the service provider to contact TSA for 
resolution of passengers who are potential matches to the watch-list.
    Because a watch-list service provider's system would contain 
personally identifiable information about passengers and SSI, the 
security program would include various security requirements to protect 
this information. These requirements include procedures for compliance 
with the watch-list service provider's system security plan, and 
procedures for the physical security of the system used to conduct 
watch-list matching.
    Under proposed Sec.  1544.515, TSA would require service providers 
to provide personnel who are available to TSA 24-hours a day, 7-days a 
week. TSA would operate on a 24-hour basis, and therefore TSA would 
require the service providers to be available at all times for 
resolution of potential watch-list matches.
    The service provider would also be responsible for training its 
covered personnel on the requirements in the TSA regulations and the 
security program. TSA training requirements would also include topics 
related to identifying, handling, and protecting SSI and personally 
identifiable information, and the procedures used to perform the watch-
list matching and to resolve any potential matches.

Subpart G--Security Threat Assessments for Large Aircraft Flight Crew, 
Applicants to Become TSA-Approved Auditors, and Watch-List Service 
Providers Covered Personnel

    As stated in section II of the preamble, TSA proposes to require 
that flight crews for large aircraft operators, individuals authorized 
to perform screening functions, applicants to become TSA-approved 
auditors, and key employees to watch-list service providers undergo a 
TSA security threat assessment (STA). The STA would include 
fingerprint-based criminal history records checks and other analyses, 
including checks of appropriate terrorist watch-lists and other 
databases. The proposed information required and the procedures used 
for the STA are very similar to the procedures that apply to applicants 
for a hazardous materials endorsement (HME) on their commercial 
driver's licenses, or a Transportation Worker Identification Credential 
(TWIC) under 49 CFR part 1572. The proposed rule would add subpart G to 
part 1544 to set forth the requirements and procedures that would apply 
to these individuals.

Section 1544.601 Scope and Expiration

    Subpart G would apply to flight crews of large aircraft operators, 
individuals authorized to perform screening functions, applicants to 
become TSA-approved auditors, and key employees of watch-list service 
providers that TSA would require to undergo security threat 
assessments. The same requirements and procedures would apply to all of 
these individuals. However, flight crew members or individuals 
authorized to perform screening functions who have undergone a criminal 
history records check under Sec.  1544.229 or 1544.230 would be 
grandfathered on a limited basis, such that they would not be required 
to undergo a STA until five years after TSA provided the results of 
their original CHRC.
    A Determination of No Security Threat would be valid for five years 
unless TSA withdraws the determination. Prior to the expiration of the 
five years, TSA would require flight crew members, applicants to become 
TSA-approved auditors, and watch-list service providers' key employees 
to reapply for a new STA to continue with their No Security Threat 
status.

Section 1544.603 Enrollment for Security Threat Assessments

    For TSA to conduct a comprehensive STA, individuals would need to 
provide

[[Page 64816]]

TSA with biographic information and their fingerprints. TSA is 
proposing Sec.  1544.603 to require individuals to provide biographic 
and biometric information necessary for TSA to complete the 
fingerprint-based checks and other analyses. These applicants would 
provide the information necessary for enrollment, including personal 
information such as gender and date of birth.
    To ensure that correct and accurate information is provided to TSA, 
the application would include, and the individual would sign, a 
statement providing that the statements made on the application are 
true, complete, and correct pursuant to penalty of law. TSA would also 
require the individual to include a statement that he or she has not 
been convicted, or found not guilty by reason of insanity, of any of 
the disqualifying crimes listed in Sec.  1544.229(d) during the 10 
years before submission of the individual's application. These are the 
same disqualifying criminal offenses that currently apply to flight 
crew members under Sec.  1544.230 and to many persons at airports under 
Sec.  1542.209. The statement would also include language that the 
individual understands that he or she must immediately inform TSA of 
any conviction of a disqualifying offense that occurs while he or she 
is a TSA-approved auditor or a watch-list service provider.
    TSA anticipates that the individuals would provide their 
information though an enrollment provider under contract with TSA. The 
enrollment provider would verify the identity of the individual, advise 
the individual that a copy of the criminal record would be provided if 
requested, and identify a point of contact for any questions the 
individual may have, prior to fingerprinting. The enrollment provider 
would then collect, control, and process the fingerprints of the 
individual and submit the data and the application to TSA.

Section 1544.605 Content of Security Threat Assessment

    TSA proposes that the STA would include a criminal history records 
check, other analyses, and a final disposition.

Section 1544.607 Criminal History Records Check

    As part of the security threat assessment, TSA proposes to perform 
a CHRC. TSA would submit the fingerprints provided by the individuals 
as part of the enrollment process to the Federal Bureau of 
Investigation's (FBI) Criminal Justice Information Services (CJIS) to 
obtain any criminal history records that correspond to the 
fingerprints. Upon receipt of the results from FBI/CJIS, TSA would 
adjudicate the results based on the disqualifying criminal offenses in 
Sec.  1544.229(d).
    At times, a CHRC may result in data that discloses an arrest for a 
disqualifying offense, but does not provide a disposition for the 
offense. The individual would be required to provide further 
documentation that the arrest did not result in a disqualifying 
offense. A conviction of a disqualifying offense would be reason to 
disqualify the individual. However, if the disposition did not result 
in a conviction, or in a finding of not guilty by reason of insanity, 
of a disqualifying offense, the individual would then not be 
disqualified under this section, provided that the applicant explains 
how the arrest was resolved.
    If the results received from the FBI provide a reason for 
disqualifying the individual, TSA would notify the individual of the 
disqualifying reasons. The individual may request a copy of the record 
on which TSA's determination is based. The individual would be able to 
contact the FBI in order to complete or correct his or her record, if 
the individual contacts TSA within 30 days of being notified that the 
FBI record disclosed a disqualifying offense. Otherwise, TSA would make 
a Final Determination of Threat Assessment.
    TSA also proposes to require a continuing obligation of individuals 
who receive a Determination of No Security Threat, by requiring 
immediate notice (within 24 hours) to TSA of any conviction of a 
disqualifying offense that occurs while he or she holds a determination 
of no security threat that has not expired.

Section 1544.609 Other Analyses

    TSA proposes to conduct other analyses through domestic and 
international government databases to confirm the individual's identity 
and whether he or she poses a security threat. These would include 
checks against terrorist-related and immigration databases, as well as 
other governmental information sources such as those that identify open 
wants and warrants. TSA would adjudicate the results of all searches 
conducted including searches that reveal extensive foreign or domestic 
criminal convictions, convictions for a serious crime not listed in 49 
CFR 1572.103, or periods of foreign or domestic imprisonment that 
exceeds 365 consecutive days.
    If an individual who has successfully undergone an initial security 
threat is subsequently found not to meet TSA's criteria, TSA may 
withdraw its Determination of No Security Threat under proposed Sec.  
1544.613.

Section 1544.611 Final Disposition

    TSA proposes that after conducting a CHRC and other analyses, it 
would serve a Determination of No Security Threat if TSA determines 
that an individual meets the STA standards. TSA also proposes to serve 
an Initial Determination of Threat Assessment on the individual if TSA 
determines that the individual does not meet the STA standards. The 
Initial Determination of Threat Assessment would include the following:
    1. A statement that TSA has determined that the individual poses, 
or is suspected of posing, a security threat warranting disapproval of 
the application for which a STA is required;
    2. The basis for the determination;
    3. Information about how the individual may appeal the 
determination, as described in Sec.  1544.615; and
    4. A statement that if the individual chooses not to appeal TSA's 
Initial Determination within 30 days after receipt of the Initial 
Determination, or does not request an extension of time within 30 days 
after receipt of the Initial Determination in order to file an appeal, 
the Initial Determination becomes a Final Determination of Security 
Threat Assessment.
    TSA also proposes to serve a Withdrawal of the Initial 
Determination of Threat Assessment or a Withdrawal of Final 
Determination of Threat Assessment on the individual, if the appeal 
results in a finding that the individual does not pose a threat to 
security.

Section 1544.613 Withdrawal of Determination of No Security Threat

    TSA would be able to withdraw a Determination of No Security Threat 
at any time under proposed Sec.  1544.613, if it determines that a TSA-
auditor or watch-list service provider poses, or is suspected of 
posing, a security threat warranting withdrawal of the Determination of 
No Security Threat. If TSA determines that the individual does not meet 
the STA standards, TSA would serve a withdrawal of the Determination of 
No Security Threat on the individual. The notice would include the 
following:
    1. A statement that TSA has determined that the individual poses, 
or is suspected of posing, a security threat warranting disapproval of 
the application for which a STA is required;
    2. The basis for the determination;

[[Page 64817]]

    3. Information about how the individual may appeal the 
determination; and
    4. A statement that if the individual chooses not to appeal TSA's 
Initial Determination within 30 days after receipt of the withdrawal of 
the Determination of No Security Threat, or does not request an 
extension of time within 30 days after receipt of the withdrawal of the 
Determination of No Security Threat to file an appeal, the withdrawal 
of the Determination of No Security Threat becomes a Final 
Determination of Security Threat Assessment.
    TSA also proposes to serve a Withdrawal of Final Determination of 
Threat Assessment on the individual, if the appeal results in a finding 
that the individual does not pose a threat to security.

Section 1544.615 Appeals

    If the individual appeals the Initial Determination of Threat 
Assessment or a Withdrawal of the Determination of No Security Threat 
as discussed above, the procedures in 49 CFR part 1515 would apply. The 
section-by-section analysis of part 1515 discusses which provisions of 
part 1515 would apply.

Section 1544.617 Fees

    To comply with the mandates of sec. 520 of the 2004 DHS 
Appropriations Act, 2004 (Pub. L. 108-90, 117 Stat. 1137, 1156, Oct. 1, 
2003), TSA proposes to establish fees for individuals who are required 
to complete background investigations under this program.
Costs
    TSA proposes that individuals required to undergo a STA would be 
required to pay a fee to cover the following costs:

----------------------------------------------------------------------------------------------------------------
         Operational year             1st year     2nd year     3rd year     4th year     5th year      Total
----------------------------------------------------------------------------------------------------------------
Estimated Annual Applicants.......       27,918       21,034       10,074        9,975       10,115       79,116
 
          Cost Components
Enrollment Costs..................     $418,776     $315,507     $151,108     $149,626     $151,728   $1,186,745
Security Threat Assessment Cost
    FBI Criminal History Records        481,592      362,833      173,774      172,070      174,488    1,364,757
     Check........................
    Other analyses................      139,592      105,169       50,369       49,875       50,576      395,582
    System Costs..................            0            0            0            0            0            0
    Personnel Costs...............      579,593      579,593      579,593      579,593      579,593    2,897,965
                                   -----------------------------------------------------------------------------
    Security Threat Assessment        1,200,777    1,047,594      803,736      801,539      804,657    4,658,303
     Cost-Subtotal................
                                   -----------------------------------------------------------------------------
        Grand Totals..............    1,619,553    1,363,102      954,844      951,164      956,385    5,845,049
----------------------------------------------------------------------------------------------------------------

    1. Enrollment. Part of the fee for the STA covers the cost for TSA 
or its agent to enroll applicants, collect, format, and process the 
required information and to submit the information accordingly. The STA 
process would require individuals who apply for a STA to submit their 
fingerprints and biographic information to TSA or its agent. Based on 
TSA's research of the costs of both commercial and government 
fingerprint and information collection services, as well as a prior 
competitive bidding and acquisition process for similar services, TSA 
preliminarily estimates that the per applicant cost to collect and 
transmit fingerprints and other required data electronically is likely 
to be $15. TSA may adjust this estimated amount upwards or downwards in 
the final rule based on its final calculations of its costs. This cost 
would also cover related administrative support, help desk services, 
quality control, and related logistics.
    2. Security Threat Assessment. Part of the fee for the STA covers 
the cost for TSA to conduct a STA. For the STA, each applicant's 
information would be checked against multiple databases and other 
information sources so that TSA would be able to determine whether the 
applicant poses a security threat that warrants denial of approval. The 
threat assessment would include an appeals process for individuals who 
believe that the records upon which TSA bases its determination are 
incorrect.
    As part of the STA, TSA would submit fingerprints to the FBI to 
obtain any criminal history records that correspond to the 
fingerprints. The FBI is authorized to establish and collect fees to 
process fingerprint identification records. See Title II of the 
Judiciary Appropriations Act, 1991 (Pub. L. 101-515, Nov. 5, 1990, 104 
Stat. 2112), codified in a note to 28 U.S.C. 534. Pursuant to Criminal 
Justice Information Services Information Letter 07-3 (Jun. 1, 2007), 
this fee is currently set at $17.25, effective October 1, 2007. If the 
FBI increases or decreases its fee to complete the criminal history 
records check, the increase or decrease would apply to this regulation 
on the date that the new FBI fee becomes effective.
    TSA would need to implement and maintain the appropriate systems, 
resources, and personnel to ensure that fingerprints and applicant 
information are appropriately linked and that TSA would be able to 
receive and act on the results of the STA. TSA would need to have the 
necessary resources--including labor, equipment, database access, and 
overhead--to complete the STA process.
    TSA estimates that the total cost of threat assessment services 
will be $4,658,303 over five years. This estimate includes $1,364,757 
for FBI criminal history records checks, $395,582 for other analyses, 
and $2,897,965 for personnel necessary to facilitate the STA 
processing. These estimates are initial estimates and the final costs 
may be higher or lower depending on the final calculations which would 
be discussed in the final rule.
Population
    TSA estimates that approximately 79,116 applicants would be 
required to complete a STA during the first five years of the program. 
This estimate is derived from the following population figures that 
have been gathered for specific segments of the regulated population.

[[Page 64818]]



----------------------------------------------------------------------------------------------------------------
               Operational year                  1st year   2nd year   3rd year   4th year   5th year    Total
----------------------------------------------------------------------------------------------------------------
Flight Crew Estimate*
    Part 91s..................................     19,440     16,189      5,427      5,503      5,580     52,139
    Part 125s.................................        293        244         82         83         84        785
    Part 135s.................................      7,886      4,586      4,550      4,374      4,436     25,831
                                               -----------------------------------------------------------------
Flight Crew Estimate-Subtotal.................     27,618     21,018     10,058      9,960     10,100     78,755
Third-Party Auditor Estimate..................        150          8          8          8          8        180
Watch-list Service Provider Estimate..........        150          8          8          8          8        182
                                               -----------------------------------------------------------------
    Grand Total...............................     27,918     21,034     10,074      9,975     10,115    79,116
----------------------------------------------------------------------------------------------------------------
* Cites are to FAA regulations, 14 CFR.

Total Fee
    TSA would charge a fee to recover its STA and other program 
management and oversight costs associated with the implementation of 
this rule. TSA estimates that applicant charge would be $74 per 
applicant. The estimate is based on the following preliminary 
calculations by TSA: the cost of services provided ($5,845,049) divided 
by the estimated population (79,116) receiving the service would equal 
$74 per applicant. As TSA continues to review and develop the STA 
program for the large aircraft program and to work to minimize all 
costs, some or all of its preliminary calculations may change resulting 
in an increase or decrease of the per applicant cost. In the final 
rule, TSA will publish the fee based on its final calculations, and the 
fee may remain $74 or it may be more or less.
    TSA proposes to establish the $74 fee to recover all enrollment 
costs and STA costs. As part of the $74 fee, TSA would collect the 
current FBI Fingerprinting Fee of $17.25 for the criminal history 
records checks in the STA process and forward the fee to the FBI. If 
the FBI increases or decreases that fee in the future, TSA would 
collect the increased or decreased fee.
    Additionally, pursuant to the Chief Financial Officers Act of 1990 
(Pub. L. 101-576, Nov. 15, 1990, 104 Stat. 2838), DHS is required to 
review fees no less than every two years. 31 U.S.C. 3512. Upon review, 
if it is found that the fees are either too high (i.e., total fees 
exceed the total cost to provide the services) or too low (i.e., total 
fees do not cover the total costs to provide the services), the fee 
would be adjusted. Finally, TSA would be able to adjust the fees for 
inflation following publication of the final rule. If TSA were to 
adjust the fees for this reason, TSA would publish a Notice in the 
Federal Register notifying the public of the change.

Section 1544.619 Notice to Employers

    TSA would notify employers of flight crew members, individuals 
authorized to perform screening functions, and watch-list service 
provider covered personnel of the results of the security threat 
assessment under proposed Sec.  1544.619. This notification would allow 
aircraft operators or watch-list service providers to know whether an 
individual may be employed to perform the functions that would require 
a successful STA. Although TSA would notify an aircraft operator or a 
watch-list service provider that an individual received a Final 
Determination of Threat Assessment, TSA would not inform the aircraft 
operator or watch-list service provider of the basis of that 
determination to protect the privacy of that individual.
    TSA proposes to require aircraft operators and watch-list service 
providers to retain the notification of the results of the STA for five 
years. The notification would serve as documentation that an individual 
has undergone a STA if the aircraft operator or watch-list service 
provider is asked to produce such documentation as part of an audit or 
inspection.

Part 1515--Appeals and Waiver Procedures for Security Threat Assessment 
for Individuals

    For individuals who may want to appeal an Initial Determination of 
Threat Assessment, a Final Determination of Threat Assessment, or a 
Withdrawal of an Initial or Final Determination of Threat Assessment, 
TSA proposes to apply the appeals procedures in current part 1515. 
These are the same procedures that apply to applicants for a hazardous 
materials endorsement on their commercial driver's license or a 
Transportation Worker Identification Credential under 49 CFR part 1572, 
or for certain air cargo workers under 49 CFR part 1540, subpart C.

Section 1515.1 Scope

    TSA proposes to add individuals subject to proposed part 1544, 
subpart G to the scope of part 1515 to provide these individuals with a 
process to appeal an Initial Determination of Threat Assessment, a 
Final Determination of Threat Assessment, or a Withdrawal of an Initial 
or Final Determination of No Security Threat.

Section 1515.5 Appeal of Initial Determination of Threat Assessment 
Based on Criminal Conviction, Immigration Status, or Mental Capacity

    Because the STAs for flight crew members, individuals authorized to 
perform screening functions, auditors, and watch-list service provider 
covered personnel involve criminal history records checks, TSA proposes 
to apply the procedures in Sec.  1515.5 for these individuals to appeal 
an Initial Determination of Threat Assessment based on a disqualifying 
criminal offense.
    An individual would be able to appeal an Initial Determination of 
Threat Assessment under Sec.  1515.5 if he asserts that he does not 
have a disqualifying criminal offense. These procedures would also 
apply to appeals of a Withdrawal of Determination of No Security Threat 
based on a disqualifying criminal offense. An individual would initiate 
an appeal by providing TSA with a written request for the releasable 
materials upon which the Initial Determination was based, or by serving 
TSA with a written reply to the Initial Determination. The individual 
would be required to serve TSA with the written request for the 
releasable material or the written reply with 60 days after the date of 
service of the Initial Determination. TSA's response would be due no 
later than 60 days after the individual is served with a written 
request or the written reply.
    In response, TSA cannot provide any classified information, as 
defined under 6 CFR part 7 (DHS Classified National Security 
Information); or under E.O. 12958, Classified National Security 
Information, as amended by E.O. 13292 (68 FR 15315, Mar. 28, 2003); and 
E.O. 12968, Access to Classified Information, (60 FR 40245, Aug, 7, 
1995); or any other information or material protected from disclosure 
by law. Classified national security information is

[[Page 64819]]

information that the President or another authorized Federal official 
has determined, pursuant to E.O. 12958, as amended, and E.O. 12968, 
must be protected against unauthorized disclosure to safeguard the 
security of American citizens, the country's democratic institutions, 
and America's participation within the community of nations. See 60 FR 
19825 (Apr. 20, 1995). E.O. 12958, as amended, and E.O. 12968 prohibit 
Federal employees from disclosing classified information to individuals 
who have not been cleared to have access to such information under the 
requirements of that E.O. See also 6 CFR part 7. If TSA determines that 
an applicant is requesting classified materials, TSA would deny the 
request for classified information.
    In the written reply to the Initial Determination, the individual 
should explain why he or she is appealing the Initial Determination and 
provide evidence that the Initial Determination was incorrect. In an 
applicant's reply, TSA would consider only material that is relevant to 
whether he or she meets the standards for the STA. If an individual 
does not dispute or reply to the Initial Determination, the Initial 
Determination would become a Final Determination of Threat Assessment.
    An individual would have the opportunity to correct a record on 
which an adverse decision is based. As long as the record is not 
classified or protected by law from release, TSA would notify the 
applicant of the adverse information and provide a copy of the record. 
If the individual wishes to correct the inaccurate information, he or 
she would need to provide written proof that the record is inaccurate. 
The individual should contact the jurisdiction responsible for the 
inaccurate information to complete or correct the information contained 
in the record. The individual would be required to provide TSA with the 
revised record or a certified true copy of the information from the 
appropriate entity before TSA can reach a determination that the 
applicant does not pose a security threat.
    In considering an appeal, the Assistant Secretary would review the 
Initial Determination, the materials upon which the Initial 
Determination is based, the applicant's reply and other materials or 
information available to TSA. The Assistant Secretary would be able to 
affirm the Initial Determination by concluding that an individual poses 
a security threat. If this occurs, TSA would serve a Final 
Determination of Threat Assessment on the applicant. The Final 
Determination would include a statement that the Assistant Secretary 
has reviewed the Initial Determination, the materials upon which the 
Initial Determination was based, the reply, if any, and other available 
information and has determined that the individual has a disqualifying 
criminal offense. For purposes of judicial review, a Final 
Determination based on a disqualifying criminal offense is a final TSA 
order.
    If TSA determines that the individual does not have a disqualifying 
criminal offense, TSA would serve a Withdrawal of the Initial 
Determination on the individual and a Determination of No Security 
Threat on the individual's employer if the individual is a flight crew 
member, an individual authorized to perform screening functions, or a 
watch-list service provider covered personnel.
    As noted above, TSA is proposing to apply to flight crew members, 
individuals authorized to perform screening functions, auditors, and 
watch-list service provider covered personnel the same disqualifying 
criminal offenses that now apply to certain other aviation workers 
under 49 CFR 1542.209 and 1544.229. These sections are based on a 
statutory provision, 49 U.S.C. 44936. The appeal process in Sec.  
1515.5 addresses whether or not the applicant has a disqualifying 
criminal offense, that is, whether the applicant has a conviction or a 
finding of not guilty by reason of insanity of one or more of the 
crimes listed in the rule within the time specified in the rule. If the 
individual does have a disqualifying criminal offense, there is no 
waiver. Accordingly, the waiver provisions that apply to applicants for 
an HME or a TWIC in Sec.  1515.7 would not apply.

Section 1515.9 Appeal of Security Threat Assessment Based on Other 
Analyses

    The STA for flight crew members, individuals authorized to perform 
screening functions, auditors, and key employees of watch-list service 
providers would also include other analyses, including checks of 
appropriate terrorist watch-lists and related databases under proposed 
Sec.  1544.609. TSA proposes to use the appeals procedures in Sec.  
1515.9 for individuals who wish to appeal an Initial Determination of 
Threat Assessment or a withdrawal of a Determination of No Security 
Threat based on the other analyses.
    The procedures in Sec.  1515.9 are similar to the procedures in 
Sec.  1515.5. However, unlike a Final Determination of Security Threat 
Assessment based on a disqualifying criminal offense, a Final 
Determination based on other analyses would not be a final TSA order 
unless the individual fails to file an appeal to an administrative law 
judge (ALJ) under Sec.  1515.11.
    Further, because other analyses are often based on classified and 
other sensitive information, there would be limits on what TSA would 
release in response to a request for materials. If TSA determines that 
an applicant who is appealing the other analyses is requesting 
classified materials, TSA would deny the request for classified 
information.
    The denial of access to classified information under these 
circumstances is also consistent with the treatment of classified 
information under the Freedom of Information Act (FOIA), which 
specifically exempts such information from the general requirement 
under FOIA that government documents are subject to public disclosure. 
5 U.S.C. 552(b)(1).
    Similarly, under 49 U.S.C. 114(s), the Assistant Secretary of TSA 
shall, notwithstanding the FOIA statute, prescribe regulations 
prohibiting the public disclosure of information that would be 
detrimental to the security of transportation. Information that is 
designated as SSI must only be disclosed to people with a need to know, 
such as those needing to carry out regulatory security duties. 49 CFR 
1520.11. The Assistant Secretary has defined information concerning 
threats against transportation as SSI by regulation. See 49 CFR 1520.5. 
Thus, information that TSA obtains indicating that an applicant poses a 
security threat, including the source of such information and the 
methods through which the information was obtained, will commonly be at 
least SSI and may be classified information. The purpose of designating 
such information as SSI is to ensure that persons who seek to harm the 
transportation system do not obtain access to information that will 
enable them to evade the government's efforts to detect and prevent 
their activities. Disclosure of this information, especially to an 
individual specifically suspected of posing a threat to the 
transportation system, is precisely the type of harm that Congress 
sought to avoid by authorizing the Assistant Secretary to define and 
protect SSI.
    Other pieces of information also are protected from disclosure by 
law due to their sensitivity in law enforcement and intelligence. In 
some instances, the release of information about a particular 
individual or his or her supporters or associates could have a 
substantial adverse impact on security matters. The release by TSA of 
the identities or other information regarding individuals related to a 
security threat

[[Page 64820]]

determination could jeopardize sources and methods of the intelligence 
community, the identities of confidential sources, and techniques and 
procedures for law enforcement investigations or prosecution. See 5 
U.S.C. 552(b)(7)(D) and (E). Release of such information also could 
have a substantial adverse impact on ongoing investigations being 
conducted by Federal law enforcement agencies, by revealing the course 
and progress of an investigation. In certain instances, release of 
information could alert co-conspirators to the extent of the Federal 
investigation and the imminence of their own detection, thus provoking 
flight.
    For the reasons discussed above, TSA would not provide classified 
information or SSI to an individual, and TSA reserves the right to 
withhold SSI or other sensitive material protected from disclosure 
under law. As noted above, TSA expects that information would be 
withheld only for determinations based on Sec.  1572.107, which list 
databases that indicate potential terrorist activity or threats.
    The procedures for appeals of Initial Determination of Threat 
Assessment would also apply to appeals of a Withdrawal of Determination 
of No Security Threat.

Section 1515.11 Review by Administrative Law Judge and TSA Final 
Decision Maker

    An individual who has received an Initial Determination of Threat 
Assessment or a withdrawal of Determination of No Security Threat based 
on the other analyses under Sec.  1544.609 would first appeal that 
determination using the procedures in Sec.  1515.9. If after that 
appeal TSA continues its determination that the applicant is not 
qualified, the applicant would be able to seek review by an ALJ under 
Sec.  1515.11.
    The procedures would provide an individual with 30 calendar days 
from the date of service of the determination to request a review. An 
ALJ who possesses the appropriate security clearances to review 
classified information would conduct the review. Section 1515.11 
provides detailed requirements for the conduct of the review, such as 
information that individuals must submit, requests for extension of 
time, and the duties of the ALJ.
    Within 30 calendar days after the conclusion of the hearing, the 
ALJ would issue an unclassified decision to the parties. The ALJ may 
issue a classified decision to TSA. The ALJ may decide that the 
decision was supported by substantial evidence on the record or that 
the decision was not supported by substantial evidence on the record. 
If neither party requests a review of the ALJ's decision, TSA would 
issue a final order either granting or denying the waiver or the 
appeal.
    Either TSA or the individual would be able to petition for review 
of the ALJ's decision to the TSA Final Decision Maker. The TSA Final 
Decision Maker would issue a written decision within 60 calendar days 
after receipt of the petition or within 30 days of receipt of the other 
party's response, if a response is filed, unless a longer period is 
required. The TSA Final Decision Maker may issue an unclassified 
opinion to the parties and a classified opinion to TSA. For purposes of 
judicial review, the decision of the TSA Final Decision Maker would be 
a final agency order.

Part 1550--Aircraft Security Under General Operating and Flight Rules

Section 1550.5 Operations Using a Sterile Area

    TSA proposes to remove the reference to scheduled passenger 
operations, public charter passenger operations, and private charter 
passenger operations, and replace the language with ``aircraft 
operators that have a security program'' to maintain consistency 
between regulations. TSA also proposes to delete the compliance date 
section since the date has passed. Operators that must follow this 
section should currently be adhering to the applicable regulations.

Section 1550.7 Operations in Aircraft Over 12,500 Pounds

    TSA proposes to amend references to ``12,500 pounds or more,'' and 
replace the language with ``over 12,500 pounds'' to maintain 
consistency between regulations. The proposed changes would provide 
that Sec.  1550.7 only applies to aircraft over 12,500 pounds, 
excluding operations specified in Sec.  1550.5 and operations under a 
security program under part 1544 and 1546. The aircraft that remain 
subject to this regulation are the foreign aircraft with an MTOW of 
over 12,500 pounds that are not an all-cargo operation or are under a 
security program under part 1546.

IV. Regulatory Requirements

A. Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501, et seq.) 
requires that TSA consider the impact of paperwork and other 
information collection burdens imposed on the public and, under the 
provisions of PRA section 3507(d), obtain approval from the Office of 
Management and Budget (OMB) for each collection of information it 
conducts, sponsors, or requires through regulations.
    This proposed rule contains amended information collection 
activities subject to the PRA. TSA is revising a collection that OMB 
has previously approved and assigned OMB Control Number 1652-0003 
(Aircraft Operator Security). Accordingly, TSA has submitted the 
following information requirements to OMB for its review.
    Title: Large Aircraft Security Program.
    Summary: TSA proposes to amend current aviation transportation 
security regulations (49 CFR part 1544) to enhance and improve the 
security of GA by issuing this NPRM that would require revisions to a 
currently approved information collection. Through this NPRM, TSA is 
proposing the following seven required information collections in 
addition to those already approved under this OMB control number: (1) 
Require security programs for all operators of aircraft that have a 
maximum certificated takeoff weight of over 12,500 pounds, except for 
aircraft operators under a full program, full all-cargo program, 
limited program, or certain government aircraft (``large aircraft''); 
(2) require that aircraft operator flight crews, individuals authorized 
to perform screening functions, TSA-approved auditors, and TSA-approved 
watch-list service providers' key personnel undergo STAs that include a 
fingerprint-based criminal history records check; (3) require large 
aircraft operators to submit to an independent, third-party audit 
conducted by TSA-approved auditors (i.e., large aircraft operators 
would be required to maintain records, and provide auditors access to 
their records, equipment, and facilities necessary for the auditor to 
conduct an audit); (4) require TSA oversight of auditors (i.e., TSA-
approved auditors would submit to any TSA inspection, include copying 
of their records, to determine their compliance with TSA regulations); 
(5) require large aircraft operators to transmit passenger information 
to TSA-approved watch-list service providers to conduct watch-list 
matching against the No-Fly and Selectee Lists; (6) require auditors 
and watch-list service providers to submit applications to become TSA-
approved; and (7) require watch-list service providers to submit 
security programs for approval.
    Use of: The LASP requirement would replace some existing security 
programs for large aircraft operators and would include additional GA 
operators, such that TSA would apply consistent

[[Page 64821]]

security procedures to operators of large aircraft. TSA would use the 
identifying information and fingerprints collected from flight crew 
members, auditors, and key employees of TSA-approved watch-list service 
providers to conduct STAs that include a criminal history records 
check. The TSA-approved auditors would review and inspect the records 
aircraft operators would be required to maintain to demonstrate 
compliance with TSA requirements during their audits. TSA would inspect 
the records maintained by the auditors to determine their compliance 
with TSA regulations and to ensure that auditors have the qualification 
to produce useful audits to TSA and the aircraft operators. The watch-
list service providers would use the passenger information transmitted 
by the aircraft operators to conduct watch-list matching against the No 
Fly and Selectee Lists. TSA would use the applications submitted by 
auditors and watch-list service providers to ensure the entities are 
eligible and qualified. TSA would require watch-list service providers 
to adopt and carry out a security program to ensure that they are 
taking appropriate security measures and are consistent and accurate in 
performance of their duties.
    Respondents (including number of): The likely respondents to this 
proposed information requirement are: operators of aircraft that have a 
maximum certificated takeoff weight of over 12,500 pounds, except for 
aircraft operators under a full program, full all-cargo program, 
limited program, or certain government aircraft (``large aircraft''); 
individuals authorized to perform screening functions; entities seeking 
to become TSA-approved auditors; and entities seeking to become TSA-
approved watch-list matching service providers and key personnel.
    Frequency: The proposed recordkeeping requirements would be ongoing 
and continuous. The requirement that operators ensure their flight 
crewmembers, other employees, and individuals authorized to perform 
screening functions undergo a security threat assessment, which 
includes a criminal history records check, would be a frequency of 
every five years. The aircraft operators would be required to transmit 
passenger information to watch-list service providers to conduct watch-
list matching on a per flight basis. The watch-list service providers 
would be required to report matches to the Federal watch-list as 
matches occur. Individuals and firms desiring to become TSA-approved 
auditors as well as firms seeking approval to become watch-list service 
providers would be required to send TSA an application only once. 
Watch-list service providers also would be required to submit a 
security program to TSA once, and would be required to ensure their 
covered personnel undergo a STA conducted by TSA once every five years. 
Auditors would be required to submit an audit report to the aircraft 
operator and to TSA for every audit that they perform.
    Annual Burden Estimate: TSA is amending this information collection 
to reflect the addition of approximately 9,544 new respondents, as well 
as new collection burdens, for an estimated total 10,374 respondents. 
Over three years, the new population includes 9,363 new large aircraft 
operators, 166 TSA-approved auditors, and 15 watch-list service 
providers. TSA estimates that the large aircraft operators would spend 
approximately 1 million hours annually establishing and/or maintaining 
appropriate security programs, completing passenger watch-list matching 
in the prescribed manner, completing STAs on flight crewmembers, and 
completing third party audits of established security programs.
    TSA estimates that the TSA-approved auditors would spend 
approximately 19,660 hours annually, with an annual 4,990 responses, 
submitting application materials and profiles, completing STAs on their 
employees, and writing up their findings and submitting copies to the 
aircraft operator and TSA. TSA estimates that the total annual hour 
burden for watch-list service providers would be approximately 88 
hours, which includes submitting application materials (including a 
security program and profile information) and conducting STAs on their 
employees in order to receive TSA approval.
    TSA is also amending the cost burden for this information 
collection to reflect an expanded respondent population and new 
information collection costs. As a result of the LASP, non-AOSSP 
operators would be required to pay fees to submit passenger information 
to watch-list service providers, conduct security threat assessments on 
their flight crew members and individuals authorized to perform 
screening functions, and contract with TSA-approved auditors. TSA-
approved auditors and watch-list service providers would also pay fees 
to conduct STAs on their employees. In total, these requirements would 
add $10.5 million to the average annual cost of this information 
collection, bringing the total annual cost of the information 
collection (which includes costs to AOSSP aircraft operators) to $12.9 
million.
    TSA is soliciting comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.
    Individuals and organizations may submit comments on the 
information collection requirements by December 29, 2008. Direct the 
comments to the address listed in the ADDRESSES section of this 
document, and fax a copy of them to the Office of Information and 
Regulatory Affairs, Office of Management and Budget, Attention: DHS-TSA 
Desk Officer, at (202) 395-5806. A comment to OMB is most effective if 
OMB receives it within 30 days of publication. TSA will publish the OMB 
control number for this information collection in the Federal Register 
after OMB approves it.
    As protection provided by the Paperwork Reduction Act, as amended, 
an agency may not conduct or sponsor, and a person is not required to 
respond to, a collection of information unless it displays a currently 
valid OMB control number.

B. Regulatory Impact Analyses

1. Regulatory Evaluation Summary
    Changes to Federal regulations must undergo several economic 
analyses. First, Executive Order 12866, Regulatory Planning and Review 
(58 FR 51735, October 4, 1993), directs each Federal agency to propose 
or adopt a regulation only upon a reasoned determination that the 
benefits of the intended regulation justify its costs. Second, the 
Regulatory Flexibility Act of 1980 (5 U.S.C. 601, et seq., as amended 
by the Small Business Regulatory Enforcement Fairness Act (SBREFA) of 
1996) requires agencies to analyze the economic impact of regulatory 
changes on small entities. Third, OMB directs agencies to assess the 
effect of regulatory changes on international trade. Fourth, the 
Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1531-1538) requires 
agencies to prepare a written assessment of the costs, benefits, and 
other effects of proposed or final rules that include a Federal mandate 
likely to result in the

[[Page 64822]]

expenditure by State, local, or tribal governments, in the aggregate, 
or by the private sector, of $100 million or more annually (adjusted 
for inflation).
    TSA has prepared a separate detailed analysis document, which is 
available to the public in the docket. With respect to these analyses, 
TSA provides the following conclusions and summary information.
     TSA has determined that this is an economically 
significant rule within the definition of E.O. 12866, as estimated 
annual costs or benefits exceed $100 million in any year. The mandatory 
OMB Circular A-4, Regulatory Analysis, accounting statement is included 
in the separate complete analysis and is not repeated here.
     As a normal practice, we provide the Initial Regulatory 
Flexibility Analysis (IRFA) to the public, but withhold the final 
formal certification of determination as required by the RFA until 
after we receive public comments and publish the Final Regulatory 
Flexibility Analysis. The IRFA reflects substantial gaps in data where 
TSA was unable to identify either impacted entities or revenues for 
those that are businesses. TSA has provided the analysis based upon 
available data and requests public comment on all aspects of the 
analysis. As a result, TSA makes no preliminary finding as to whether 
there is or is not a significant impact on a substantial number of 
small businesses.
     The Trade Agreement Act of 1979 prohibits Federal agencies 
from establishing any standards or engaging in related activities that 
create unnecessary obstacles to the foreign commerce of the United 
States. Legitimate domestic objectives, such as safety, are not 
considered unnecessary obstacles. The statute also requires 
consideration of international standards and, where appropriate, that 
they be the basis for U.S. standards. TSA has assessed the potential 
effect of this notice of proposed rulemaking and has determined this 
rule would not have an adverse impact on international trade.
     The regulatory evaluation provides the required written 
assessment of Unfunded Mandates. The proposed rule is not likely to 
result in the expenditure by State, local, or tribal governments, in 
the aggregate, of $100 million or more annually (adjusted for 
inflation). However, because the rule is economically significant as 
defined by E.O. 12866, it does have an unfunded mandate impact on the 
economy as a whole.
2. Executive Order 12866 Assessment Benefits
    The proposed rule would yield benefits in the areas of security and 
quality governance. The security and governance benefits are four-fold. 
First, the rule would enhance security by expanding the mandatory use 
of security measures to certain operators of large aircraft that are 
not currently required to have a security plan. These measures would 
deter malicious individuals from perpetrating acts that might 
compromise transportation or national security by using large aircraft 
for these purposes. Second, it would harmonize, as appropriate, 
security measures used by a single operator in its various operations 
and between different operators. Third, the new periodic audits of 
security programs would augment TSA's efforts to ensure that large 
aircraft operators are in compliance with their security programs. 
Finally, it would consolidate the regulatory framework for large 
aircraft operators that currently operate under a variety of security 
programs, thus simplifying the regulations and allowing for better 
governance. When taken together, the security-related benefits would 
act as part of the larger benefits yielded by TSA's layered security 
approach.
    At this time, TSA cannot quantify these benefits; however, TSA 
conducted a ``break-even'' analysis to determine what reduction of 
overall risk of a terror attack and resulting reduction in the expected 
losses for the nation due to a terror attack would be necessary in 
order for the expected benefits of the rule to exceed the costs. 
Because the types of attacks that would be prevented by this regulation 
vary widely in their intensity and effects, depending both on the 
intent of those undertaking the attack and their effectiveness in 
completing it, TSA considered three example attack scenarios and the 
monetized losses associated with each. Similar break-even analyses have 
been undertaken in support of other DHS rules, and TSA has coordinated 
the current analysis with these earlier ones, with the aim of 
maintaining consistency in DHS analyses and results. In the case of the 
LASP proposed rule, some of the types of terror attacks that might be 
undertaken using aircraft operated by those covered under the proposed 
rule are similar to those that were considered by U.S. Customs and 
Border Protection (CBP), and this similarity has informed the current 
analysis and examples. For one scenario, however, TSA has relied on DHS 
research into the effects of successful delivery of a weapon of mass 
destruction (WMD) by an aircraft of the type affected by the proposed 
rule. The conclusions of this DHS research are consistent with results 
from existing academic and think tank research into similar issues.
    In order to compare the losses associated with each scenario to the 
cost of the proposed rule, TSA converted casualties into a monetary 
total. TSA used the Value of a Statistical Life (VSL) of $5.8 million 
that is used by the Department of Transportation (DOT), and which was 
recently revised to reflect current academic and other research into 
this quantity.\33\ The VSL represents an individual's willingness to 
pay to avoid a fatality onboard an aircraft, based on economic studies 
of the value individuals place on small changes in risk. Similarly, 
based on the same DOT guidance, TSA valued moderate injuries at 1.55 
percent of the VSL and severe injuries at 18.75 percent of the VSL. TSA 
emphasizes that the VSL is a statistical value of a unit decrease in 
expected fatalities to be used for regulatory comparison, and does not 
suggest that the actual value of a particular individual's life can be 
stated in dollar terms.
---------------------------------------------------------------------------

    \33\ U.S. Department of Transportation memorandum, Treatment of 
the Economic Value of a Statistical Life in Departmental Analyses. 
Office of the Secretary of Transportation, February 5, 2008.
---------------------------------------------------------------------------

    The following paragraphs present a description of the four 
scenarios considered by TSA with corresponding estimates of their 
monetary consequences. These scenarios make up a wide range of possible 
consequences, which reflects the varied opportunities for attack and 
targeting that may exist for those intent on doing the nation harm. In 
order to compare direct costs to direct benefits, TSA presents only the 
direct economic losses estimated to result from the attack scenarios 
and has omitted economic ``ripple effects'' and economic transfers from 
its calculations.
    Scenario 1 contemplates a situation where a large aircraft is used 
as a missile to attack an unpopulated or lightly populated area, 
resulting in minimal loss of life, moderate injuries and destruction of 
the aircraft. Of the scenarios considered, this is the most restrained 
in its level of envisioned harm. It is assumed that a loss of 3 lives 
occurs, along with 10 moderate injuries and the complete hull loss of 
the aircraft. Using the DOT VSL of $5.8 million, the monetary estimate 
associated with the loss of life is $17.4 million. Again using DOT 
guidance, moderate injuries to those affected are valued at 1.55% of 
the VSL, or $89,900. To estimate the value of the lost aircraft,

[[Page 64823]]

TSA used $9.3 million, which is the 2008 average market value of a 
General Aviation jet aircraft weighing between 12,500 and 65,000 
pounds.\34\ Taken together, the monetary consequence of this scenario 
totals $32 million, or $0.032 billion.
---------------------------------------------------------------------------

    \34\ Federal Aviation Administration. 2007. Economic Values for 
FAA Investment and Regulatory Decisions, A Guide. Prepared by GRA, 
Inc. December 31, 2004 (updated). Table 5-7. This table reports 2003 
value estimates, and the 2003 estimate of $7.2 million was brought 
to the 2008 value of $9.3 million using the FAA recommended method 
described in the document in Section 9.6 (page 9-9), which relies on 
the BLS producer price index series for civil aircraft, available in 
the producer price index values for commodities at http://stats.bls.gov/ppi/home.htm.
---------------------------------------------------------------------------

    Scenario 2 also contemplates a situation where a large aircraft is 
used as a missile to attack a populated area, resulting in 
significantly greater loss of life and injuries, and destruction of the 
aircraft. It is assumed that a loss of 250 lives occurs, along with 250 
severe injuries and the complete hull loss of the aircraft. Using the 
DOT VSL of $5.8 million, the monetary estimate associated with the loss 
of life is $1.45 billion. Again using DOT guidance, severe injuries to 
those affected are valued at 18.75% of the VSL, or $1.1 million, the 
monetary impact of these injuries total $272 million. To estimate the 
value of the lost aircraft, TSA used $9.3 million, which is the 2008 
average market value of a General Aviation jet aircraft weighing 
between 12,500 and 65,000 pounds. Taken together, the monetary 
consequence of this scenario totals $1.73 billion. The level of damage 
in this type of scenario is consistent with the scenarios considered 
for the CBP APIS Final Rule analysis, although the current analysis 
also includes a component of severe injuries.\35\
---------------------------------------------------------------------------

    \35\ Regulatory Assessment & Final Regulatory Flexibility 
Analysis for the Final Rule, Passenger Manifests for Commercial 
Aircraft Arriving in and Departing from the United States; Passenger 
and Crew Manifests for Commercial Vessels Departing from the United 
States. Table 12, page 35.
---------------------------------------------------------------------------

    Scenario 3 contemplates a situation where a large aircraft is used 
as a missile to carry out a direct attack on a building in a densely 
populated urban area. Because of these locational details, a successful 
attack would result in much more severe consequences, including 
significantly increased loss of life and widespread real property 
damage, compared to Scenario 1. For valuation purposes for this 
scenario, TSA assumes 3,000 fatalities, valued at $17.4 billion using 
the DOT VSL of $5.8 million. To maintain consistency with existing DHS 
analyses, in particular the APIS analysis,\36\ TSA assumes property 
losses totaling $21.8 billion; this total is motivated by comparison to 
the City of New York Comptroller's estimate of direct losses to the 
city due to the September 11 attacks.\37\ However, TSA also assumes 
that 9,000 severe injuries would also result from such an attack. These 
severe injuries, valued at 18.75% of the VSL based on the DOT guidance, 
have a monetary valuation of $9.79 billion. Finally, based on the FAA 
estimate of aircraft value, losses in Scenario 3 include $9.3 million 
due to complete hull loss of the aircraft used in the attack. The 
scenario elements aggregate to a total consequence of $49.0 billion.
---------------------------------------------------------------------------

    \36\ Regulatory Assessment & Final Regulatory Flexibility 
Analysis for the Final Rule, Passenger Manifests for commercial 
Aircraft Arriving in and Departing from the United States; Passenger 
and Crew Manifests for Commercial Vessels Departing from the United 
States. Table 13, page 36.
    \37\ Thompson, Jr., William C. Comptroller, City of New York. 
``One Year Later: The Fiscal Impact of 9/11 on New York City.'' 
September 4, 2002.
---------------------------------------------------------------------------

    Finally, Scenario 4 contemplates a catastrophic situation in which 
a large aircraft is used to deliver a nuclear or biohazard device to an 
urban center. The costs associated with a scenario such as this have 
been examined by DHS in detail for a nuclear device.\38\ This research 
concludes that the consequences of such an event would be immense, with 
a wide range of uncertainty. For the present analysis, TSA is using a 
value of $1 trillion for the direct consequences of an attack of this 
severity. This value falls in the midrange of the values developed in 
the DHS research, and is consistent with results obtained from a review 
of academic and think tank research into the consequences of nuclear 
and bioterror attacks on urban areas. The value of $1 trillion results 
from loss of life in an attacked urban area in the hundreds of 
thousands and enormous loss of property and productive assets.
---------------------------------------------------------------------------

    \38\ ``Economic Consequences of a Nuclear Detonation in an Urban 
Area'' undated DHS draft.
---------------------------------------------------------------------------

    Figure 1 below displays the impacts and monetary consequences 
identified for each of these scenarios. TSA compared the monetary 
consequence from a successful attack with the cost of the proposed 
LASP. To judge the value or effectiveness of the LASP proposed rule in 
the context of these scenarios, it is necessary to compare the extent 
of monetary consequence from a successful attack with the cost of a 
program like LASP that would be deployed to reduce the risk or 
likelihood of such an attack being successfully undertaken. The annual 
risk reductions required for the proposed rule to break even under each 
of the four scenarios are presented below. In this analysis the 
comparison is made between the estimated scenario consequence and the 
LASP discounted annualized cost of $194.1 million, using a discount 
rate of 7%; the ``required risk reduction'' for breakeven is simply the 
ratio between this annualized program cost and the scenario consequence 
total. As shown, depending on the attack scenario, underlying baseline 
risk of terror attack would have to be reduced less than 1 percent 
(Scenarios 3 and 4) to 11 percent (Scenario 2) in order for the rule to 
break even. If only avoidance of quantified direct losses is 
considered, preventing the impact characterized in Scenario 1 is not 
sufficient to offset the LASP program's annualized costs, even if a 
Scenario 1 outcome were a certainty, expressed as a baseline risk of 
100%, and the chance of this were eliminated entirely (100 percent risk 
reduction).

[[Page 64824]]



Figure 1--Required Reduction in Annual Risk Necessary (%) for LASP Annualized Discounted Costs ($194.1 M) To Equal Expected Benefits, by Attack Scenario
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                             Valuation                                                         Required
                                                                 Loss of     at VSL of    Hull loss     Property     Injuries                    risk
           Scenario                         Scale                  life      $5.8 M ($      ($ B)      loss ($ B)     ($ B)     Total ($ B)   reduction
                                                                                 B)                                                          by LASP (%)
--------------------------------------------------------------------------------------------------------------------------------------------------------
1.............................  Minimal......................            3        $0.02       $0.009         None       $0.005        $0.03          N/A
2.............................  Moderate.....................          250         1.45        0.009         None         0.27          173         11.0
3.............................  Major........................         3000         17.4        0.009         21.8         9.79         49.0          0.7
                                                              -----------------------------------------------------------------
4.............................  Catastrophic.................                 Large and Variable across Studies                       1,000        0.019
--------------------------------------------------------------------------------------------------------------------------------------------------------

Costs
    The following summarizes the estimated costs of this rulemaking by 
general category of who pays. A summary table provides an overview of 
the cost items and a brief description of cost elements. Both in this 
summary and the economic evaluation, descriptive language is used to 
try and relate the consequences of the regulation. Although the 
regulatory evaluation attempts to mirror the terms and wording of the 
proposed rule text, no attempt is made to precisely replicate the 
regulatory language and readers are cautioned that the actual 
regulatory text, not the text of the evaluation, would be binding. 
Throughout the evaluation rounding in displayed values may result in 
minor differences in displayed totals.
    Aircraft operators, airport operators, and TSA would incur costs to 
comply with the requirements of the proposed LASP rule. TSA estimated 
the total 10-year cost of the program at $1.4 billion, discounted at 
7%. At this rate, the annualized total rule cost per flight is 
estimated at $44. Aircraft operator costs comprise 85 percent of all 
estimated costs. This is due to the large number of newly regulated 
aircraft operators and the amount of time security coordinators are 
anticipated to spend on their duties.
    TSA estimated approximately 9,000 GA aircraft operators use 
aircraft with a maximum takeoff weight exceeding 12,500 pounds and 
would thus be subject to the proposed rule. These aircraft operators 
are currently not required to operate under any existing TSA security 
programs. Costs to these newly regulated aircraft operators represent 
84 percent of total estimated costs, with security coordinator duties 
and training making up 89.5 percent of those new aircraft operator 
costs. Security coordinator duties and training for these operators are 
estimated at $1.0 billion over 10 years, discounted at 7 percent. The 
following figure provides the total 10-year costs as well as annualized 
costs at the 0, 7, and 3 percent discount rates for the principal 
populations affected by the proposed rule.

                                  Total and Annualized Costs by Affected Entity
----------------------------------------------------------------------------------------------------------------
                                                      10-year total costs                Annualized costs
                Affected entity                -----------------------------------------------------------------
                                                    0%         3%         7%         0%         3%         7%
----------------------------------------------------------------------------------------------------------------
New Aircraft Operators........................   $1,655.8   $1,402.3   $1,143.5     $165.6     $164.4     $162.8
Existing Aircraft Operators...................       19.6       16.7       13.6        2.0        2.0        1.9
Airport Operators.............................        7.5        6.5        5.5        0.8        0.8        0.8
TSA...........................................      194.4      165.9      136.6       19.4       19.4       19.5
Passengers (Opportunity)......................       91.9       78.2       64.1        9.2        9.2        9.1
                                               -----------------------------------------------------------------
    Total, Primary............................    1,969.3    1,669.5    1,363.4      196.9      195.7      194.1
                                               =================================================================
    Total, High...............................    2,720.7    2,305.9    1,882.3      272.1      270.3      268.0
                                               =================================================================
    Total, Low................................    1,239.1    1,051.2      859.2      123.9      123.2      122.3
----------------------------------------------------------------------------------------------------------------


[[Page 64825]]

[GRAPHIC] [TIFF OMITTED] TP30OC08.000

    Given several areas of uncertainty in the cost estimates, TSA 
estimates of the total cost of the rule range from $859 million to $1.9 
bilion, discounted at 7 percent. TSA was unable to model some 
requirements, such as aircraft operator expenses to collect and submit 
passenger information for watch-list matching. TSA is requesting 
detailed comments to enable quantification of this impact for new and 
existing operators. The figure below displays the cost segments of the 
proposed rule grouped into four major cost categories: Security 
coordinator duties and training; audits and inspections; STAs; and 
security programs.
[GRAPHIC] [TIFF OMITTED] TP30OC08.001


[[Page 64826]]


    TSA estimated covered aircraft operators would expend $1.1 billion 
over 10 years to comply with the proposed LASP, discounted at 7 
percent. All covered aircraft operators would incur costs to develop 
and submit security programs and profiles. Newly regulated aircraft 
operators would be required to designate security coordinators who 
would perform a variety of security-related duties and complete annual 
security training. These aircraft operators also would be required to 
ensure that their flight crewmembers successfully undergo STAs 
conducted by TSA. All aircraft operators would need to control access 
to any weapons and check property in the cabin for possible stowaways. 
Further, aircraft operators would be required to submit names of 
passengers aboard their flights to TSA-approved service providers for 
purposes of matching names against terrorist watch-lists. Finally 
aircraft operators would contract with TSA-approved auditors to undergo 
biennial reviews demonstrating compliance with their security programs.
    Since TSA views security programs as a package, this rule would 
also require a partial airport security program for non-federalized 
airports regularly serving large aircraft, in scheduled or public 
charter operations and airports designated by the Secretary of 
Transportation as ``Reliever Airports.'' TSA has determined these 
airports frequently serve as a base for aircraft operators covered by 
the LASP. Covered airports would be required to develop and submit 
security programs to TSA and comply with program requirements. This 
would include the designation of airport security coordinators and 
completion of attendant training. TSA estimated airport operators would 
expend $5.5 million over 10 years, discounted at 7 percent.
    To implement and oversee this new security program regime, TSA 
would expend monies to conduct outreach to covered aircraft and airport 
operators and process security programs and profiles, enforce 
compliance with the proposed requirements, and enroll auditors and 
watch-list service providers. TSA estimated its 10-year costs to 
implement the proposed regulation would range from $133.5 million to 
$139.8 million, discounted at 7 percent, with a primary estimate of 
$136.6 million.
    Entities wishing to participate as auditors or watch-list service 
providers would incur voluntary costs to apply to TSA for authorization 
to provide those services. These service entities would likely pass 
their enrollment expenses to subscribing aircraft operators; thus, in 
the regulatory evaluation TSA assesses the costs directly to the 
affected aircraft operators. To avoid double-counting, the analysis 
does not provide a separate estimate of auditor and watch-list service 
provider enrollment costs. However, TSA has included a description of 
the enrollment process and anticipated unit costs within the discussion 
of TSA's costs to process auditor and watch-list service provider 
applications.
    Passengers on covered aircraft would incur opportunity costs from 
the time spent providing personal information to aircraft operators, 
for use in Watch List Matching, and, to a much more modest degree, from 
time spent delayed when pre-flight Watch List Matching issues need to 
be resolved in real time. TSA estimated that these passenger 
opportunity costs total $64 million, discounted at 7 percent.
    As previously noted, TSA estimates that the total 10-year cost of 
the program would be $1.4 billion, discounted at 7 percent; the 
annualized cost (at a 7 percent discount rate) per flight would be $44.
3. Initial Regulatory Flexibility Assessment (IRFA)
    The Regulatory Flexibility Act of 1980 establishes ``as a principle 
of regulatory issuance that agencies shall endeavor, consistent with 
the objective of the rule and of applicable statutes, to fit regulatory 
and informational requirements to the scale of the business, 
organizations, and governmental jurisdictions subject to regulation.'' 
To achieve that principle, the RFA requires agencies to solicit and 
consider flexible regulatory proposals and to explain the rationale for 
their actions. The RFA covers a wide range of small entities, including 
small businesses, not-for-profit organizations, and small governmental 
jurisdictions.
    When issuing a rulemaking, agencies must perform a review to 
determine whether a proposed or final rule will have a significant 
economic impact on a substantial number of small entities. If the 
determination is that it will, the agency must prepare a regulatory 
flexibility analysis as described in the RFA. However, if an agency 
determines that a proposed or final rule is not expected to have a 
significant economic impact on a substantial number of small entities, 
section 605(b) of the RFA provides that the head of the agency may so 
certify and a regulatory flexibility analysis is not required. The 
certification must include a statement providing the factual basis for 
this determination, and the reasoning should be clear.
    As part of implementing this NPRM, TSA conducted this Initial 
Regulatory Flexibility Analysis. The IRFA describes the reasons for and 
objectives of the proposed rule; includes a description and estimate of 
the number of small entities that would be impacted by the proposed 
rule; estimates the cost of complying with requirements for small 
entities; addresses significant alternatives to the rulemaking 
considered by TSA; and, identifies duplicative, overlapping, and 
conflicting rules.
Reason for the Proposed Rule
    The Aviation and Transportation Security Act (ATSA) (Pub. L. 107-
71, 115 Stat. 597, Nov. 19, 2001) granted TSA broad statutory authority 
to take measures to increase the security of civil aviation in the 
United States. Since the passage of ATSA, TSA has used its authority to 
implement an array of aviation security programs, focusing mainly on 
the commercial aviation segment of the industry.
    TSA is aware that as vulnerabilities within the air carrier and 
commercial operator segment of the aviation industry are reduced, GA 
operations may become more attractive targets. With thousands of 
operators flying over 100,000 aircraft, firms operating in the GA 
market--including some smaller airports--are largely unregulated with 
respect to security. Many GA aircraft, however, are of the same size 
and weight of the commercial operators that TSA regulates, meaning that 
they potentially and effectively could be used to commit a terrorist 
act.
    Consequently, this portion of the aviation industry may be 
vulnerable to exploitation by terrorists. Except for limited security 
requirements for certain classes of GA aircraft, TSA does not currently 
require security programs for many GA aircraft operators. This 
situation presents a security risk.
    The proposed rule would mitigate this risk by requiring GA aircraft 
operators and certain airports to enact an assortment of security 
measures.
Objectives of the Proposed Rule
    The objective of the proposed rule is to strengthen the security of 
civil aviation.
Description and Estimate of the Number of Small Entities
    The proposed rule would impact certain firms flying aircraft with a 
maximum take-off weight greater than 12,500 pounds in the civil 
aviation market. It would also impact certain

[[Page 64827]]

publicly- and privately-owned airports. This section of the IRFA 
attempts to describe and identify all small entities within the 
aforementioned industries, including those operating under existing 
security regulations and those that are currently not regulated.
Currently Regulated Aircraft Operators
    The proposed rule would affect aircraft operators currently 
offering services under existing security regulations. Aircraft 
operators utilizing TSA-required security programs, including the 
Twelve-Five Standard Security Program (TFSSP), the All Cargo Twelve-
Five Standard Security Program (TFSSP-AC), the Partial Program Standard 
Security Program (PPSSP), and the Private Charter Standard Security 
Program (PCSSP) would be covered by the proposed rule.
    Aircraft operators offering services under the TFSSP and the TFSSP-
AC utilize aircraft with a maximum takeoff weight of more than 12,500 
pounds; offer scheduled or charter service; carry passengers or cargo 
or both; and do not operate under a PPSSP or PCSSP.
    The PPSSP is used by scheduled passenger or public charter 
passenger operations using aircraft with seating configurations of 31 
or more, but 60 or fewer seats that do not enplane from or deplane into 
a sterile area, and by scheduled passenger or public charter passenger 
operations using aircraft with seating configurations of 60 or fewer 
seats engaged in operations to, from, or outside the United States that 
do not enplane from or deplane into a sterile area.
    The requirements of the PPSSP are identical to those of the TFSSP, 
with the exception that the PPSSP requires operators to participate in 
airport operator-sponsored exercises of airport contingency plans. TSA 
estimated that approximately 649 operators, utilizing 4,540 large 
aircraft, were conducting operations either solely or primarily under 
the TFSSP or PPSSP at the time of writing. (Within the text of this 
IRFA, Twelve-Five and Partial Program operators may be referred to 
collectively as TFSSP operators due to the extremely small number of 
Partial Program operators, the similarities between the two groups, and 
the fact that they would be merged under the proposed regulation.)
    Conversely, aircraft operators using privately chartered aircraft 
(aircraft hired by, and for, one specific group of people), having a 
MTOW greater than 45,500 kg (100,309.3 pounds); or, a passenger seating 
configuration of 61 or more seats, or, that enplane from or deplane 
into a sterile area, operate under the PCSSP. To be considered a 
private charter, the charterer must have engaged the total passenger 
capacity of the aircraft, invited all of the passengers, borne all of 
the costs of the charter, and must not have advertised to the public, 
in any way, to solicit passengers.
    In conducting research for the Regulatory Evaluation, TSA generated 
estimates of the number of operators offering services under each 
security program described above. The estimates are shown in the figure 
below.

LASP Aircraft Operators Currently Operating Under a TSA Security Program
------------------------------------------------------------------------
                                                             Number of
   Existing security program or operating certificate        aircraft
                                                             operators
------------------------------------------------------------------------
Twelve-Five Standard Security Program...................             649
All Cargo Twelve-Five Standard Security Program.........              48
Private Charter Standard Security Program...............              77
                                                         ---------------
    Total...............................................             774
------------------------------------------------------------------------

    To determine if the firms identified in the figure above qualify as 
small entities as defined by the RFA and the Small Business 
Administration (SBA), TSA first attempted to classify each firm using 
North American Industry Classification System (NAICS) codes maintained 
by the U.S. Census Bureau. After analyzing the various operators' 
characteristics and the NAICS codes, TSA determined that the aircraft 
operators described above would broadly fall into the nonscheduled air 
transportation market. Firms in NAICS code 481211, Nonscheduled 
Chartered Passenger Air Transportation, and code 481212, Nonscheduled 
Charter Freight Air Transportation, are classified as large or small 
based on employee measures. Firms in these markets with less than 1,500 
employees are considered small by the SBA.
    Unfortunately, TSA could not obtain current, detailed employee data 
for the respective firms, making it difficult to discern whether the 
firms are small or large according to standards set by the SBA. In 
light of the lack of current employee data on these firms, TSA turned 
to U.S. Census Bureau information to gauge the number of currently 
regulated entities affected by the proposed rule that may be considered 
small.
NAICS 481211--Nonscheduled Chartered Passenger Air Transportation
    As stated above, the SBA defines any firm in the Nonscheduled 
Chartered Passenger Air Transportation industry with less than 1,500 
employees as small. Using 2002 data maintained by the U.S. Census 
Bureau, TSA determined that there are 1,400 firms in the industry, and 
at least 1,178 of these firms are small entities. The average annual 
revenue for firms in this industry in 2002 was approximately $3.9 
million. The data that TSA accessed from the Census Bureau to make this 
determination did not have enough detail for the Agency to draw a 
conclusion on the remaining 222 firms. See the figure below.

[[Page 64828]]

[GRAPHIC] [TIFF OMITTED] TP30OC08.002

NAICS 481212--Nonscheduled Chartered Freight Air Transportation
    As previously stated, the SBA defines any firm in the Nonscheduled 
Chartered Freight Air Transportation industry with less than 1,500 
employees as small. Again using Census Bureau data, TSA determined that 
there are 231 firms in the overall industry, and at least 162 of these 
firms are small entities. The average annual revenue for firms in this 
industry in 2002 was approximately $5.0 million. The data that TSA 
accessed from the Census Bureau to make this determination did not have 
enough detail for the Agency to draw a conclusion on the remaining 69 
firms.
[GRAPHIC] [TIFF OMITTED] TP30OC08.003

    Firms operating aircraft under the TFSSP and the PCSSP likely fall 
into NAICS code 481211, Nonscheduled Chartered Passenger Air 
Transportation, described above. As previously stated, TSA estimated 
that there are 649 and 77 TFSSP and PCSSP operators, respectively, that 
would be affected by the NPRM. In all likelihood, these

[[Page 64829]]

operators represent a subset of the firms TSA identified using the 
Census data. So while TSA identified 1,178 small entities (and 222 
potentially small entities) in the overall Nonscheduled Chartered 
Passenger Air Transportation market, it is not likely that all of those 
firms would be impacted by the proposed rule.
    Firms operating under the TFSSP-AC most likely are classified by 
the Census Bureau by NAICS code 481212, Nonscheduled Chartered Freight 
Air Transportation. As stated above, TSA estimated that the proposed 
rule would only affect 48 of these operators. It is likely that the 48 
operators represent a subset of the firms TSA identified in the Census 
data described above.
    By adding the estimated number of TFSSP, PCSSP, and TFSSP-AC 
operators together, TSA was able to conclude that the proposed rule 
would affect a total of 774 currently regulated operators. In 2003, 
pursuant to another rulemaking, TSA estimated that of 767 TFSSP, TFSSP-
AC, and PCSSP operators, all but 15 were small entities. Typically, 
these types of operators are independently owned and operated, and 
rarely employ more than 1,500 employees, making them small entities 
according to the SBA. Given that TSA has not received any new data on 
these operators since 2003, and given the lack of detail in the Census 
Bureau data, the Agency assumed for the purposes of this analysis that 
all but 15 of the 774 operators that would be affected by this NPRM are 
small entities. The Agency seeks comment on this preliminary 
conclusion.
Newly Regulated Aircraft Operators
    The proposed rule would also cover any aircraft operator using an 
aircraft having a MTOW greater than 12,500 pounds. Such operators 
primarily conduct operations under 14 CFR part 91 and 14 CFR part 125. 
Currently, these types of operators are generally not covered by 
existing security regulations.
    Part 91 operations, commonly referred to as GA operations, can be 
undertaken for a wide range of purposes, but a basic distinction is 
drawn between flight activity used to provide ``common carriage'' and 
other flight activity. Common carriage means any operation for 
compensation or hire where the operator holds itself out as willing to 
furnish transportation to any member of the public seeking the services 
offered. The operator openly offers a service for a fee (by advertising 
or any other means) to members of the public.
    In contrast, ``private'' or ``non-common carriage'' does not 
involve offering or holding out by the operator through advertising or 
any other means. Non-common carriage includes the following:
     Carriage of operator's own employees or property.
     Carriage of participating members of a club.
     Carriage of persons and property, which is only incidental 
to the operator's primary business.
     Carriage of persons or property for compensation or hire 
under a contractual business arrangement that did not result from the 
operator's holding out or offering. In this situation, the customer 
seeks out an operator to perform the desired service and enters into an 
exclusive mutual agreement; the operator does not seek out the 
customer.
    Under the proposed rule, both common carriage and non-common 
carriage large aircraft operators would be required to establish and 
implement the security requirements of the LASP. Those firms operating 
under common carriage have been discussed in the currently regulated 
section of this IRFA; the following discussion relates to non-common 
carrier operations.
    Part 125 of 14 CFR applies to some large aircraft operations that 
may provide private carriage (but not common carriage). Part 125 
governs the operation of large aircraft that are able to carry 6,000 
pounds or more of payload capacity and 20 or more passenger seats.
    In conducting research for the Regulatory Evaluation, TSA subject 
matter experts determined that the proposed rule would affect 9,000 
aircraft operators regulated by 14 CFR part 91, and 61 aircraft 
operators regulated by 14 CFR part 125. Due to the unique conditions 
under which these firms conduct operations, TSA could not identify the 
respective NAICS codes for these operators. Consequently, TSA could not 
determine the small entity size standards for these businesses. Without 
this information, TSA could not reliably estimate the number of small 
entities operating aircraft in these operating categories. Moreover, 
TSA could not find reliable revenue and employee data for these firms, 
further complicating the effort.
    Given the constraints discussed above, TSA could only conclude that 
the proposed rule would affect between 0 and 9,000 small entities 
currently regulated by 14 CFR part 91, and between 0 and 61 small 
entities currently regulated by 14 CFR part 125. TSA seeks comment on 
information that would allow it to refine its estimate of small 
entities as defined by the RFA.
Airport Operators
    Airports that would be affected by the proposed rule include 
airports regularly serving scheduled or public charter operations in 
large aircraft and ``reliever airports,'' as designated by the 
Secretary of Transportation. TSA determined approximately 42 airports 
regularly serving scheduled or public charter operations and 273 
reliever airports would be subject to the proposed rule, a total of 315 
airports.
    The 42 affected airports TSA has identified that regularly serve 
scheduled or public charter operations and do not already have a TSA 
security program are all owned by public entities. Because the airports 
are publicly owned, the Census Bureau classifies them using NAICS Code 
926120, Regulation and Administration of Transportation Programs.
    Reliever airports are airports designated by the FAA to relieve 
congestion at commercial service airports and to provide improved GA 
access to members of the local community.\39\ The 273 reliever airports 
that would be impacted by the rule are owned by public entities--such 
as State and local governments--and private, for-profit concerns. The 
publicly--and privately-owned airports, due to their different 
ownership characteristics, are classified by different NAICS codes by 
the U.S. Census Bureau. Privately-owned airports are classified by 
NAICS code 48811, Airport Operations, while publicly owned airports are 
classified by NAICS code 926120, Regulation and Administration of 
Transportation Programs.
---------------------------------------------------------------------------

    \39\ U.S. Department of Transportation, Federal Aviation 
Administration, ``Categories of Airports,'' Available from: http://www.faa.gov/airports_airtraffic/airports/planning_capacity/passenger_allcargo_stats/categories/. Accessed on February 28, 
2007.
---------------------------------------------------------------------------

NAICS 48811--Airport Operations
    Private firms operating reliever airports fall into NAICS code 
48811, Airport Operations. The SBA defines firms in this industry with 
less than $6.5 million in annual revenues as small. To discern the 
number of small firms likely to be impacted by the proposed rule, TSA 
first obtained data on the total number affected reliever airports from 
FAA. From the FAA information, which identified 273 total reliever 
airports that would be subject to the rule, TSA was able to identify 46 
privately-held reliever airports.
    Unfortunately, TSA could not find any revenue information on the 46 
privately-owned reliever airports, making it impossible to determine if

[[Page 64830]]

they are classified as small entities. However, given that the average 
annual revenues in the industry were $3.8 million in 2002, well below 
the $6.5 million threshold set by SBA, it is likely that some of the 
affected firms are small entities. Due to the lack of available revenue 
data, TSA assumed for the purposes of this analysis that there are 
between 0 and 46 small entities in this industry that would be impacted 
by the rule. TSA seeks comment on this assumption.
NAICS 926120--Regulation and Administration of Transportation Programs
    As previously stated, publicly owned reliever airports likely fall 
into NAICS code 926120, Regulation and Administration of Transportation 
Programs. Because firms in this industry are not privately held, for-
profit companies, the SBA does not use revenue or employment measures 
to determine if they are small entities.
    Instead, the SBA uses the population of the government jurisdiction 
that owns the firm to determine if it is a small governmental 
jurisdiction. Specifically, sec. 601(5) of the RFA defines small 
governmental jurisdictions as governments of cities, counties, towns, 
townships, villages, school districts, or special districts with a 
population of less than 50,000.\40\
---------------------------------------------------------------------------

    \40\ Regulatory Flexibility Act, Public Law 96-354, Sep. 19, 
1980, 94 Stat. 1164 (codified at 5 U.S.C. 601).
---------------------------------------------------------------------------

    To determine if the proposed rule would have an impact on any small 
governmental jurisdictions, TSA again accessed the FAA airport data. Of 
the 315 affected airports, TSA discerned that 269 are owned by 
governments. After researching the population of all the affected 
governments using U.S. Census Bureau population data, TSA concluded 
that between 68 and 74 small governmental jurisdictions would be 
impacted by the proposed rule. See the figure below.
[GRAPHIC] [TIFF OMITTED] TP30OC08.004

Summary of Number of Small Entities
    Using the data discussed above, TSA concluded that the NPRM would 
impact between 827 and 9,955 small entities. The ambiguous nature of 
the revenue and employee data for the firms in some of the affected 
industries, coupled with the lack of information on operators covered 
by 14 CFR part 91 and 14 CFR part 125, prevented TSA from making a more 
refined estimate. See the figure below.

                      Total Estimate of Small Entities Potentially Affected by the LASP \*\
----------------------------------------------------------------------------------------------------------------
                                       NAICS                                                     Low      High
      Operator  classification         code           Industry           SBA size standard    estimate  estimate
----------------------------------------------------------------------------------------------------------------
Currently Regulated Aircraft           481211  Nonscheduled Chartered  1,500 employees......       759       774
 Operators (TFSSP, PCSSP, TFSSP-AC).            Passenger Air
                                                Transportation.
                                       481212  Nonscheduled Chartered  .....................  ........  ........
                                                Freight Air
                                                Transportation.
Newly Regulated Aircraft Operators          U  U.....................  U....................         0     9,061
 (14 CFR part 91, 14 CFR part 125).
Privately-Owned Airports...........     48811  Airport Operations....  $6.5 million in               0        46
                                                                        annual revenue.

[[Page 64831]]

 
Public Airports....................    926120  Regulation and          50,000 population of         68        74
                                                Administration of       governmental
                                                Transportation          jurisdiction.
                                                Programs.
                                                                                             -------------------
    Total..........................  ........  ......................  .....................       827     9,955
----------------------------------------------------------------------------------------------------------------
* Total Small Entities Impacted: The NPRM would impact between 827 and 9,957 small entities.
Source: 2002 Economic Census, FAA, SBA, TSA calculations.
Notes: U means data unavailable.

    The data used to determine the number of impacted small entities in 
this analysis exhibit some critical shortcomings. First, TSA did not 
have access to any comprehensive employment data for some of the 
affected aircraft operators in the nonscheduled air transportation 
industry.
    Second, TSA was unable to access comprehensive revenue or 
employment data for the aircraft operators offering services under 14 
CFR part 91 and 14 CFR part 125. Additionally, TSA could not identify 
the appropriate NAICS codes for these operators, making it impossible 
to identify the size standard that would be necessary to determine if 
the firms are large or small.
    Third, TSA could not obtain revenue data for firms operating 
privately-owned reliever airports, making it impossible to generate an 
accurate estimate of the number of small entities in that industry.
    Finally, TSA was unable to find reliable information on some of the 
governmental jurisdictions operating covered airports. This situation 
prevented TSA from making a more accurate estimate of the number of 
small governmental jurisdictions that would be subject to the proposed 
rule.
    Due to the reasons described above, TSA may have under- or over-
estimated the number of affected small entities. TSA seeks comment on 
this possibility.
Description and Estimate of Compliance Requirements
    The proposed rule would require firms operating certain classes of 
aircraft and airports to undertake a number of measures aimed at 
increasing civil aviation security. This section of the analysis 
provides a brief description of each requirement, followed by an 
estimate of the unit cost per operator to comply with each requirement. 
This part of the analysis also attempts to make an initial 
determination on whether the proposed rule would have a significant 
economic impact on a substantial number of small entities.
    Given the operational and regulatory differences between the 
various firms that would be affected by the proposed rule, compliance 
requirements and their attendant costs are described separately for 
currently regulated aircraft operators, newly regulated aircraft 
operators, and airport operators. Furthermore, costs are estimated as 
ranges rather than absolute values in order to reflect the uncertainty 
surrounding different estimates.
Currently Regulated Aircraft Operators
Security Programs and Profiles
    Currently regulated aircraft operators affected by the proposed 
rule would be required to submit a profile containing several pieces of 
information and to develop and submit a security program. TSA would 
make available to all covered aircraft operators a template Large 
Aircraft Standard Security Program that operators would have the option 
to either accept without modification or use as the basis of developing 
their own security program. In estimating costs for this requirement, 
TSA assumed that nearly all covered operators would choose to adopt the 
template security program. These requirements would impose costs on 
currently regulated aircraft operators, which are shown in the figure 
below. For a more robust discussion on how TSA estimated these costs, 
see the section on security programs and profiles located above in the 
Regulatory Evaluation.

                  Unit Cost: Security Programs/Profiles, Currently Regulated Aircraft Operators
----------------------------------------------------------------------------------------------------------------
                                                             Hours                       Total unit cost
              Hourly compensation              -----------------------------------------------------------------
                                                   Low      Primary      High       Low      Primary      High
a                                                      b          c          d   (a) x (b)  (a) x (c)  (a) x (d)
----------------------------------------------------------------------------------------------------------------
$62.43........................................         2          4          6       $125       $250       $375
----------------------------------------------------------------------------------------------------------------

Security Coordinator Duties
    Currently regulated aircraft operators have existing security 
coordinators and would not incur new costs as a result of this 
requirement.
Security Threat Assessments for Flight Crews
    Aircraft operators offering services under existing security 
regulations must utilize flight crew personnel that have undergone a 
criminal history records check. The proposed rule would require LASP 
aircraft operators to begin ensuring that their flight crewmembers 
undergo STAs and would limit the validity of a STA to five years. As 
proposed, the STA would consist of a CHRC and a check against 
government terrorism watch-lists and related databases. Existing 
aircraft operators currently pay an estimated $30 to $35 for CHRCs; 
however, the collection system used by these operators does not include 
the terrorism check component of the proposed STA. As a result, TSA 
intends to establish a new system to enable it to process STA 
applications from covered aircraft operators. TSA is thus proposing a 
fee of $74 to recover its costs associated with this new system and the 
processing of STAs.
    Flight crewmembers of currently regulated aircraft operators would 
be required to submit a new STA application upon publication of a final

[[Page 64832]]

rule if their most recent CHRC had been completed five or more years 
prior to the compliance date of the final rule. Flight crewmembers 
having CHRCs completed within five years prior to the compliance date 
in a final rule would be required to submit a STA application once five 
years had passed since their CHRC. Since TSA instituted the existing 
operator security programs in early 2003, several existing operators 
may need to conduct a STA on their flight crewmembers in the first year 
of the LASP.
    Because this represents a new requirement, TSA used the full 
proposed fee, plus opportunity costs, to estimate a unit cost to 
existing operator small entities. As noted above, the proposed fee is 
$74. TSA estimated opportunity costs would consist of 0.5 hours of 
flight crewmember time to provide the information required for the STA 
application and to have fingerprints taken. Using an average wage rate 
of $51.40 for aircraft operator flight crews,\41\ 30 minutes represents 
an opportunity cost of $25.70 per STA, for a total STA unit cost of 
$99.70. TSA estimated existing operators each employ an average of 18 
flight crewmembers based on data provided by TSA subject matter experts 
and the American Association of Airport Executives, the entity that 
processes existing operator CHRCs. Based on an assumed turnover rate of 
15 percent, however, TSA estimated that on average an existing operator 
would have only about eight crewmembers whose CHRCs would be expired 
under the proposed rule. Thus, the maximum per-operator cost for STAs 
would be approximately $800.
---------------------------------------------------------------------------

    \41\ The flight crew wage reported here is a weighted average of 
the following occupations from the 2006 NBAA Salary Survey: Aviation 
Department Manager II (does some flying), Chief Pilot, Senior 
Captain, and Copilot.

  Unit Cost: Security Threat Assessments, Currently Regulated Aircraft
                                Operators
------------------------------------------------------------------------
                                                 Flight      Total unit
      Unit fee (inc. opportunity costs)        crewmember     cost per
                                                  STAs        operator
a                                                       b       (a x b)
------------------------------------------------------------------------
$99.70......................................            8          $800
------------------------------------------------------------------------

Control of Access to Weapons
    Aircraft operators utilizing the TFSSP-All Cargo would be required 
to control access to weapons. Presently, these operators are required 
to ``apply the security measures in its security program for persons 
who board the aircraft for transportation, and for their property, to 
prevent or deter the carriage of any unauthorized persons, and any 
unauthorized weapons, explosives, incendiaries, and other destructive 
devices, items, or substances.'' \42\ The proposed rule modifies 
current law by inserting between ``unauthorized weapons'' the words 
``or accessible.'' TSA has determined this requirement would have a de 
minimis impact, because few passengers are carried aboard such flights 
and operators are already required to screen them. Further, operators 
would have a variety of means of rendering weapons inaccessible to 
passengers.
---------------------------------------------------------------------------

    \42\ 49 CFR 1544.202.
---------------------------------------------------------------------------

Check of Accessible Property

    The proposed rule would require an aircraft operator to inspect, 
pursuant to the terms and method in its security program, any property 
brought on board that would be accessible to the cabin. Property, for 
this section, is defined as any container, cargo, or company material 
that may be used to hide a stowaway or explosives, incendiaries or 
other destructive devices.
    TSA has determined that in most cases affected operators already 
comply with the anticipated inspection requirements during the normal 
course of the pre-flight check. Costs associated with this 
responsibility are captured in the security coordinator duties above. 
Because currently regulated aircraft operators are not expected to 
incur any marginal costs for security coordinators, this requirement 
also would not add any additional costs for these operators.

Watch-List Matching

    The proposed regulation would require each aircraft operator to 
request and obtain certain passenger information from every passenger 
on each flight operated by the aircraft operator, and transmit the 
information to an entity approved by TSA to conduct watch-list matching 
(known as a watch-list service provider). Any changes to the passenger 
information prior to boarding would be required to be resent to the 
watch-list service provider.
    TSA has estimated the compliance costs for this requirement as the 
10-year undiscounted cost of WLSP averaged over the forecast number of 
flights. This average cost per flight multiplied by the average flights 
per operator produces an estimated annual cost per operator for WLSP. 
TSA estimates the cost for compliance would range from $245 to $736 per 
operator with a primary cost estimate of $491 per operator. To the 
extent that small entities may make fewer flights per year than large 
entities, the actual impact to small entities may be lower. However, 
TSA believes these costs provide a conservative estimate of the impact 
to small operators. For more discussion on the costs of this 
requirement, see the section on watch-list matching above, located in 
the Regulatory Evaluation.

----------------------------------------------------------------------------------------------------------------
                                                                                 Cost estimates
                          Components                          --------------------------------------------------
                                                                     Low            Primary            High
----------------------------------------------------------------------------------------------------------------
WLSP Costs...................................................      $22,787,364      $45,574,727      $68,362,091
Flight Forecast..............................................       87,932,347       87,932,347       87,932,347
Cost per Flight..............................................            $0.26            $0.52            $0.78
Flights per Operator.........................................              946              946              946
Cost per Operator............................................             $245             $491             $736
----------------------------------------------------------------------------------------------------------------

Audits of Aircraft Operators
    Under the proposed rule, each aircraft operator must contract with 
an auditor approved by TSA to conduct an audit of the aircraft 
operator's compliance with its security program.
    Based on similar audits undertaken relative to other federal 
aviation programs, TSA estimated the cost for these audits to be 
approximately $2,257 per audit, on average. Currently, audits are 
performed to review safety, operations, and maintenance. TSA 
anticipates that many of these firms will

[[Page 64833]]

offer the ``security'' audit as part of their offerings to their 
current customers and, perhaps, where feasible, bundle the security 
audit with already scheduled audits.
    Based on interviews with 3 International Standard for Business 
Aircraft Operations auditors, TSA estimated costs for audits could 
range from $1,464 to $3,050. As stated above, TSA adopted the average 
of $2,257 as its primary estimate. For more discussion on these costs, 
see the section in the Regulatory Evaluation that describes this 
requirement.
Total Cost per Currently Regulated Aircraft Operator
    The following figure is a summary of the requirements and 
compliance costs of the proposed rule for currently regulated aircraft 
operators. As described above, TSA estimated that between 759 and 774 
currently regulated small entities would be impacted by the proposed 
rule.

   Total Compliance Unit Cost, Currently Regulated Aircraft Operators
------------------------------------------------------------------------
                                                      Unit cost
                Requirement                -----------------------------
                                               Low     Primary    High
------------------------------------------------------------------------
 Security Programs and Profiles...........      $125      $250      $375
 Security Coordinator Duties..............  ........  ........  ........
 STAs for Flight Crew.....................       800       800       800
 Control Access to Weapons................  ........  ........  ........
 Screening of Accessible Property.........  ........  ........  ........
 Watch-list Matching......................       245       491       736
 Audits...................................     1,464     2,257     3,050
                                           -----------------------------
     Total................................     2,634     3,797     4,960
------------------------------------------------------------------------

    Given the uncertainty in this analysis, it was difficult for TSA to 
conclusively determine if the proposed rule would have a significant 
economic impact on a substantial number of currently regulated aircraft 
operators. Although neither the RFA nor the SBA define the term 
``significant economic impact,'' TSA attempted to compare compliance 
costs to average firm revenues to determine if the rule would have a 
considerable economic impact on covered small entities. Unfortunately, 
this review proved difficult due to the lack of revenue data on covered 
firms.
    As previously stated, currently regulated aircraft operators are 
likely categorized by the Census Bureau using NAICS codes 481211, 
Nonscheduled Chartered Passenger Air Transportation, and 481212, 
Nonscheduled Chartered Freight Air Transportation. In 2002, according 
to the Economic Census, firms in these industries earned annual 
revenues of approximately $3.9 million and $5.0 million, respectively. 
For a firm with average annual revenues in either of these industries, 
a compliance cost of approximately $2,634 to $4,960 would not likely 
constitute a significant economic impact, given that the cost would 
equal less than 1 percent of annual revenues.
    For the proposed rule to have a significant economic impact on a 
currently regulated aircraft operator, the aircraft operator would 
likely have to earn annual revenues of approximately $367,000 or less. 
In this scenario, the highest estimated compliance costs associated 
with the proposed rule would represent approximately 1 percent of the 
firm's annual revenue.
    While conducting research for this analysis, TSA was unable to 
acquire comprehensive revenue data on currently regulated aircraft 
operators, and therefore could not make a conclusive determination on 
whether these firms would experience a significant economic impact 
under the proposed rule. However, in light of the average annual 
revenues of firms in the respective industries in 2002, TSA does not 
believe the proposed rule would represent a significant economic impact 
on a substantial number of currently regulated aircraft operators. TSA 
requests comment on this preliminary determination.
Newly Regulated Aircraft Operators
Security Programs and Profiles
    As described above, covered aircraft operators would be required to 
submit a profile to TSA and to develop and submit a security program. 
TSA estimated it would take newly regulated aircraft operators between 
8 and 16 hours to review the template security program, assemble the 
requisite profile information, and submit the requisite documents to 
TSA for review. TSA assumed an average of 12 hours for its primary 
estimate. To calculate costs for newly regulated aircraft operators to 
review security programs and submit the required profile information, 
TSA again multiplied the estimated hourly range by the hourly wage of 
$62.43.

                    Unit Cost: Security Programs/Profiles, Newly Regulated Aircraft Operators
----------------------------------------------------------------------------------------------------------------
                                                             Hours                       Total unit cost
              Hourly compensation              -----------------------------------------------------------------
                                                   Low      Primary      High       Low      Primary      High
----------------------------------------------------------------------------------------------------------------
a                                                      b          c          d    (a x b)    (a x c)    (a x d)
----------------------------------------------------------------------------------------------------------------
 $62.43.......................................         8         12         16       $500       $750     $1,000
----------------------------------------------------------------------------------------------------------------

Security Coordinator Duties
    Newly regulated large aircraft operators would be required to 
designate Aircraft Operator Security Coordinators (AOSC), Ground 
Security Coordinators (GSC), and In-Flight Security Coordinators (ISC), 
and ensure they are properly trained. Each security coordinator 
position would have unique responsibilities; however, aircraft operator 
employees could be trained to

[[Page 64834]]

serve as one or all three of these positions.
    The principal AOSC or an alternate, if applicable, must be 
available for contact by TSA 24 hours a day, seven days a week to 
ensure TSA is able to quickly disseminate any intelligence of a threat 
to a specific aircraft operator or industry segment. The AOSC bears the 
further responsibility for maintaining any and all records necessary to 
demonstrate to an auditor or TSA inspector the aircraft operator's 
compliance with its security program. In addition to these AOSC duties, 
security coordinators are responsible for the enforcement of policies 
and procedures relative to the security of the aircraft, including the 
vetting of crew (where required) and passengers which must be carried 
out in accordance with the operator's security program. Many of the 
aircraft operator requirements discussed in the following cost sections 
fall under the responsibility of the security coordinators.
    TSA estimated the amount of time security coordinators of newly 
regulated aircraft operators would spend on their duties. For a 
detailed discussion of these estimates, see the section on security 
coordinator duties in the Regulatory Evaluation. The figure below 
displays the annual cost per operator of having an AOSC.

                   Unit Cost: Security Coordinator Duties, Newly Regulated Aircraft Operators
----------------------------------------------------------------------------------------------------------------
                                                             Hours                       Total unit cost
             Hourly  compensation              -----------------------------------------------------------------
                                                   Low      Primary      High       Low      Primary      High
----------------------------------------------------------------------------------------------------------------
a                                                      b          c          d    (a x b)    (a x c)    (a x d)
----------------------------------------------------------------------------------------------------------------
$53.59........................................       164        284        404     $8,780    $15,210    $21,650
----------------------------------------------------------------------------------------------------------------

    Newly regulated aircraft operators would also need to ensure that 
security coordinators underwent appropriate security training in order 
to carry out their required functions. The AOSC would thus coordinate 
with TSA to provide training to GSCs and ISCs. Training would cover 
topics such as procedures to notify authorities when dealing with 
suspect items, unauthorized access to the aircraft, threat notification 
and response, implementation of security directives, and other security 
related topics. Security coordinators would be required to complete 
both an initial training course and annual recurring training. TSA 
again provided a range of estimates of the amount of time newly 
regulated operators would spend conducting new and recurring training.
    For the purposes of estimating costs for this IRFA, TSA assumed 
that an operator would need to conduct an initial and recurring 
training of GSCs and ISCs in one year. Although this timeframe is 
unlikely, TSA feels that it is a conservative assumption that accounts 
for the maximum potential cost of this requirement.

   Unit Cost: Security Coordinator Training, Newly Regulated Aircraft
                                Operators
------------------------------------------------------------------------
                                                      Unit cost
                Requirement                -----------------------------
                                               Low     Primary    High
------------------------------------------------------------------------
New Training..............................      $460      $680      $890
Recurring Training........................       230       340       440
                                           -----------------------------
    Total.................................       690     1,020     1,330
------------------------------------------------------------------------

Security Threat Assessments for Flight Crews
    The proposed rule would also require newly regulated aircraft 
operators to ensure that their flight crewmembers undergo security 
threat assessments. The STA process would require each flight 
crewmember to submit fingerprints, along with information such as name, 
date and place of birth, Social Security Number (voluntary), and other 
information necessary for TSA to determine whether an applicant has 
committed a disqualifying crime or poses a threat to transportation or 
national security. For a comprehensive discussion of how TSA derived 
the total cost of this provision, see the section of the Regulatory 
Evaluation that describes this requirement.
    For the purposes of estimating costs for this IRFA, TSA estimated 
the cost of flight crews obtaining STAs on a per operator basis. Based 
on input from TSA subject matter experts, TSA assumed 1.5 flight 
crewmembers per aircraft, and 1.8 aircraft per Part 91 operator and 4 
aircraft per part 125 operator. The figure below displays the average 
cost that each newly regulated operator would incur as a result of this 
NPRM.

    Unit Cost: Security Threat Assessments, Newly Regulated Aircraft
                                Operators
------------------------------------------------------------------------
                                                   Total unit cost
                Requirement                -----------------------------
                                               Low     Primary    High
------------------------------------------------------------------------
Security Threat Assessment................      $580      $580      $580
------------------------------------------------------------------------


[[Page 64835]]

Control of Access to Weapons
    As described in the more comprehensive Regulatory Evaluation and in 
the section on currently regulated aircraft operators of this IRFA, 
this requirement is anticipated to have a de minimis impact on covered 
operators.
Check of Accessible Property
    As previously stated, TSA determined that in most cases affected 
operators already comply with the anticipated inspection requirements 
during the normal course of the pre-flight check. Costs associated with 
this responsibility are captured in the security coordinator duties 
above.
Watch-List Matching
    The estimated cost for WLSP compliance is the same for the newly 
covered and existing operators. TSA utilizes the same methodology as 
above to estimate the total unit compliance cost for newly regulated 
aircraft operators. TSA estimates the cost for compliance would range 
from $245 to $736 with a primary cost of $491 per operator.
Audits of Aircraft Operators
    Under the proposed rule, each aircraft operator must contract with 
an auditor approved by TSA to conduct an audit of the aircraft 
operator's compliance with its security program. The cost of this 
requirement for newly regulated aircraft operators would be identical 
to the cost for currently regulated operators. TSA estimated that the 
unit cost of an audit would range from $1,464 to $3,050, with $2,257 
being TSA's primary estimate for the cost of this requirement.
Total Cost per Newly Regulated Aircraft Operator
    The following figure is a summary of the requirements and 
compliance costs of the proposed rule for newly regulated aircraft 
operators. TSA estimated that the cost of complying with the proposed 
rule would range from $12,259 to $28,356 for newly regulated aircraft 
operators. As described above, TSA estimated that between 0 and 9,061 
small entities in this operator category would be impacted by the 
proposed rule.

     Total Compliance Unit Cost, Newly Regulated Aircraft Operators
------------------------------------------------------------------------
                                                 Unit cost
           Requirement            --------------------------------------
                                       Low        Primary        High
------------------------------------------------------------------------
Security Programs and Profiles...        $500         $750       $1,000
Security Coordinator Duties......       9,470       16,230       22,990
STAs for Flight Crew.............         580          580          580
Control Access to Weapons........  ...........  ...........  ...........
Screening of Accessible Property.  ...........  ...........  ...........
Watch-list Matching..............         245          491          736
Audits...........................       1,464        2,257        3,050
                                  --------------------------------------
    Total........................     $12,259      $20,308      $28,356
------------------------------------------------------------------------

    TSA again encountered analytical difficulties when attempting to 
determine if the proposed rule would have a significant economic impact 
on a substantial number of newly regulated aircraft operators. As 
previously stated, TSA was unable to acquire annual revenue data for 
these operators. This lack of information prevented TSA from making a 
conclusive determination of the rule's impact on small entities in this 
operator category.
    For the proposed rule to have a significant economic impact on a 
newly regulated aircraft operator, the aircraft operator would likely 
have to earn annual revenues of $2.7 million or less. If a firm with 
this level of annual revenues incurred compliance costs of $28,356 (the 
high estimate in the figure above), it would represent 1 percent of 
annual revenue. Given the uncertainty in its estimates, TSA requests 
comment on whether the proposed rule would have a significant economic 
impact on a substantial number of newly regulated aircraft operators.
Airport Operators
Security Programs and Profiles
    The proposed rule would require certain privately-owned airports to 
develop security programs and submit security profiles to TSA. TSA 
would make available a template partial airport security program that 
operators would have the option to either accept without modification 
or use as the basis of developing their own security program.
    To calculate the unit cost for airports to comply with this 
requirement, TSA assumed that nearly all covered airport operators 
would choose to adopt the template security program, thereby minimizing 
the cost of implementing this requirement. Second, TSA estimated it 
would take these newly regulated private airport operators between 8 
and 16 hours to review and implement the template security program and 
assemble the requisite profile information. TSA adopted an average of 
12 hours as its primary estimate. Finally, TSA multiplied each hour 
estimate by a middle management wage rate of $31.24 per hour to 
generate a unit cost between $250 and $500, with a primary estimate of 
$375. The requirement to adopt and submit security programs and 
profiles is not recurring; therefore, airport operators would only 
incur this cost once over the ten-year period of analysis. This 
estimate does not include completion of a risk-based self-assessment 
tool that may complement the security program. TSA has requested 
comments on whether such a tool should be mandatory but has not set it 
forth as a requirement in the proposed rule.

[[Page 64836]]



                            Unit Cost: Security Programs/Profiles, Airport Operators
----------------------------------------------------------------------------------------------------------------
                                                             Hours                       Total unit cost
              Hourly compensation              -----------------------------------------------------------------
                                                   Low      Primary      High       Low      Primary      High
a                                                      b          c          d    (a x b)    (a x c)    (a x d)
----------------------------------------------------------------------------------------------------------------
$31.24........................................         8         12         16       $250       $375       $500
----------------------------------------------------------------------------------------------------------------

Airport Security Coordinators
    The proposed rule would also require airport operators to maintain 
airport security coordinators (ASC). For a more in-depth discussion of 
this requirement, see the airport security coordinator section of the 
Regulatory Evaluation.
    TSA estimated airport security coordinators would spend an average 
of between 0.5 and 1 hour per week on their duties, adopting 0.75 hours 
per week as its primary estimate. To calculate the cost on an annual 
basis, TSA translated the weekly hour estimates into annual estimates 
of 26, 39, and 52 hours, respectively. Finally, to calculate the unit 
cost associated with this requirement, TSA multiplied the anticipated 
number annual hours by the ASC average hourly cost of compensation. See 
the figure below.

                            Unit Cost: Security Coordinator Duties, Airport Operators
----------------------------------------------------------------------------------------------------------------
                                                             Hours                       Total unit cost
              Hourly compensation              -----------------------------------------------------------------
                                                   Low      Primary      High       Low      Primary      High
a                                                      b          c          d    (a x b)    (a x c)    (a x d)
----------------------------------------------------------------------------------------------------------------
$31.24........................................        26         39         52       $810     $1,220     $1,620
----------------------------------------------------------------------------------------------------------------

    Airport security coordinators would need to undergo training to 
comply with the proposed rule. TSA training requirements for airport 
security coordinators differ from those for aircraft operator security 
coordinators. ASC training is only offered twice per year by the 
American Association of Airport Executives. This 8-hour training course 
is taught by professional trainers and requires payment of a $350 
registration fee. Since this training is offered at a single location, 
TSA estimated ASCs would need to expend an additional $450 to cover 
travel and other incidental expenses. TSA assumed the need to travel to 
and from the training would effectively add an additional eight hours 
to the training.
    To estimate the cost of this requirement, the eight hours of class 
time are added to the eight hours of assumed travel time for a total of 
16 hours of compensated ASC time. TSA estimated airports would need to 
train between one and three ASCs in order to meet the requirements that 
an ASC be available 24-hours per day. Without more detailed 
information, TSA adopted the average for its primary estimate. See the 
figure below for a summary of the costs of complying with this 
requirement. TSA has requested comments on whether it should adopt a 
self-paced training program for these airports that would reduce the 
impact of this requirement. For the purposes of the RFA, however, TSA 
estimated costs for this requirement as it is proposed in the NPRM.

       Unit Cost: Security Coordinator Training, Airport Operators
------------------------------------------------------------------------
                                                    Unit cost
           Training cost item           --------------------------------
                                            Low      Primary      High
------------------------------------------------------------------------
Training Course Fee....................  .........       $350  .........
Travel Expenses........................  .........        450  .........
ASC Compensation.......................       $500      1,000     $1,500
                                        --------------------------------
    Total..............................      1,300      1,800      2,300
------------------------------------------------------------------------

Total Cost per Airport Operator
    Using the estimates described above, TSA concluded that the 
proposed rule would impose a compliance cost of between approximately 
$2,360 and $4,420 per airport operator. The range of compliance costs 
reflects the uncertainty surrounding many of the variables used to 
generate the estimates. See the figure below.

              Total Compliance Unit Cost, Airport Operators
------------------------------------------------------------------------
                                                      Unit cost
                Requirement                -----------------------------
                                               Low     Primary    High
------------------------------------------------------------------------
Security Program and Profile..............      $250      $375      $500
ASC Duties................................       810     1,220     1,620

[[Page 64837]]

 
ASC Training..............................     1,300     1,800     2,300
                                           -----------------------------
    Total.................................     2,360     3,395     4,420
------------------------------------------------------------------------

    After making the estimates described above, TSA has initially 
concluded that the proposed rule would not impose a significant 
economic impact on a substantial number of privately-owned airport 
operators. In 2002, the latest year for which data are available, firms 
in this industry earned on average approximately $3.8 million in annual 
revenue according to the U.S. Census Bureau. The cost of complying with 
the proposed rule, as calculated above, would therefore represent less 
than 1 percent of revenue for a firm with average industry revenues. 
Alternatively, if an airport operator incurred the highest estimated 
compliance cost described above ($4,420), it would need annual revenues 
of less than $442,000 for the proposed rule to impose costs of 1 
percent of firm revenue. Consequently, TSA has initially determined 
that the rule would not impose a significant economic impact on these 
types of firms. TSA seeks comment on this preliminary conclusion.
    As stated above, the proposed rule would also affect publicly owned 
airports. These airport operators would have to follow the same 
requirements as privately-held airport operators: adopt security 
programs, submit security profiles to TSA, and designate and maintain 
airport security coordinators.
    Because the requirements for these airports are the same as for the 
privately-owned airports, TSA estimated the unit compliance costs using 
the same methodology. As stated above, TSA calculated that the proposed 
rule would impose a cost of between $2,360 and $4,420 per airport 
operator. Although these airports are publicly owned, TSA was unable to 
locate revenue information for them. The Agency was thus unable to 
compare compliance costs to revenue in order to make a judgment on 
whether the costs represent a significant economic impact to these 
firms.
    TSA therefore requests comment on whether the proposed rule would 
have a significant economic impact on the 68 to 74 publicly owned small 
airport operators that TSA identified in its research. Specifically, 
TSA requests any information that would allow it to compare estimated 
compliance costs to revenues typically earned by these types of airport 
operators.
Significant Alternatives Considered
    TSA considered four substantive alternatives to the proposed 
regulation that would have reduced compliance costs for small 
businesses. First, TSA considered using the current method of watch-
list matching employed by aircraft operators under the TFSSP and PCSSP 
rules. Second, TSA considered using TSA inspectors to conduct audits 
instead of TSA approved third party auditors. Third, TSA considered 
leveraging the Secure Flight program currently under development, which 
would use a web-based application for transmission of passenger 
information to the Secure Flight vetting engine. Fourth, TSA evaluated 
the incremental impact of raising the aircraft weight threshold from 
12,500 pounds MTOW to 16,500 pounds MTOW and the incremental impact of 
lowering the aircraft weight threshold to 10,500 pounds MTOW. This 
section describes those alternatives relative to the proposed 
regulation. TSA invites comments on these or other substantive 
alternatives to the proposed rule.
TSA Inspectors
    TSA considered using TSA inspectors instead of approved third-party 
auditors to complete the audits proposed in the rule. Under such a 
scenario, TSA would need to hire several new employees to complete the 
inspections. Each operator would complete a TSA inspection every other 
year. Because TSA would conduct all of the inspections, aircraft 
operators would no longer pay a biennial fee for audits. This 
arrangement would reduce the primary unit cost estimate for newly 
regulated small aircraft operators from $20,308 to $18,051. Assuming a 
``significant impact'' is 1 percent of an operator's revenues, this 
change would reduce the number of affected small entities to those 
having annual revenues less than $2.5 million. Unfortunately, TSA was 
unable to estimate how many operators would be affected by this change 
and, as noted in the alternatives analysis in the Regulatory 
Evaluation, TSA requests comments that would enable it to quantify 
these impacts.
Watch-List Matching
    TSA considered requiring all large aircraft operators to conduct 
watch-list matching as currently done under the Twelve-Five and Private 
Charter Rules. These aircraft operators currently run their passengers 
against the No Fly List, which they retrieve from TSA. The proposed 
rule would require aircraft operators to send passenger information to 
a TSA-approved watch-list service provider. The alternative to the 
proposed rule is to extend the current method of watch-list matching 
under the Twelve-Five and Private Charter Rules to large aircraft 
operators that are not currently required to have a security program. 
Operationally, this would require that a total of approximately 9,835 
aircraft operators have direct access to the watch-list from TSA.
    TSA has rejected this alternative based on security grounds. 
Expanding direct access to the watch-list from 750 aircraft operators 
today to 9,835 under this alternative increases the opportunity for the 
list to be compromised and would contradict other TSA initiatives to 
limit distribution of the watch-lists. To limit the number of entities 
that have access to the watch-list, TSA proposes to require large 
aircraft operators to submit passenger information to a TSA-approved 
watch-list service provider. The proposal would reduce the number of 
entities with direct access to the watch-list, thus improving security.
Secure Flight Web-Based Application
    TSA has indicated the use of a web-based application for some 
transmissions of passenger information to the Secure Flight vetting 
engine. While the design and development of the Secure Flight web-based 
application is in its early stages, TSA subject matter experts have 
provided two approaches to extending an already established web-based 
application. These costs reflect an early stage of development and 
cannot, given this early stage, include costs that may be identified as 
TSA proceeds with system development. The first approach would

[[Page 64838]]

be developed and implemented with the absence of an implemented LASP 
and would amount to $23.2 million undiscounted over ten years. This 
approach posits that without an implemented LASP, Secure Flight would 
be required to establish a relationship with each of the aircraft 
operators. TSA would work with aircraft operators to develop the 
formatting and transmission procedures for not only for the upload of 
passenger information but also the download of passenger vetting 
results. These out-reach or ramp-up activities will be borne by the 
Secure Flight process. The second approach would be developed and 
implemented with the ability to leverage activities associated with a 
fully implemented LASP and would amount to $24.2 million undiscounted 
over ten years. This approach posits that an implemented LASP would 
establish a relationship with each of the aircraft operators during the 
initial deployment of the watch-list service provider process. During 
this period both TSA and the watch-list service providers would work 
with aircraft operators to develop the formatting and transmission 
procedures for not only for the upload of passenger information but 
also the download of passenger vetting results. As a result, Secure 
Flight would assume a relatively mature process.
Comparison of the First Three Alternatives
    TSA opted for the proposed plan as the more efficient and effective 
way of applying its limited compliance and enforcement resources 
towards the objective of increasing security. The use of third-parties 
would allow TSA to meet its security mission into four important ways.
    First, third-party auditors would increase effective TSA oversight 
by reviewing each aircraft operator's compliance with its security 
program six months after TSA approves its security program and every 
two years thereafter.
    Second, given the number of large aircraft operators (approximately 
10,000), the third-party auditor program would allow TSA to ramp up 
more quickly thereby obtaining the assessment of all large aircraft 
operators more quickly relative to a program that relied solely on TSA 
inspectors, given the associated hiring and training associated with 
new hires.
    Third, the third-party auditor program would allow TSA to focus 
more of its compliance and enforcement resources on aircraft operators 
that are experiencing problems with implementing and complying with 
their security programs.
    Fourth, the watch-list matching service providers would provide the 
needed security and do so in a timely fashion. Given the security 
concerns, TSA believes a reliable mechanism for watch-list matching for 
large aircraft must be operational without undue delay. While the 
Secure Flight Program would also provide a reliable mechanism, its 
development is likely to be several years away and it is likely that it 
would not be available to address this important security need when TSA 
would be ready to implement the LASP.
    This proposal is consistent with current practices in the aviation 
industry, which frequently rely on the Federal Aviation 
Administration's designee program. This type of program has been 
successfully implemented in other related aviation requirements.
    Additionally, the GA industry is very familiar with the third party 
auditor concept as it relates to safety inspections. Many GA operators 
undergo third party audits each year to comply with customer 
requirements. The proposal should be easily integrated into most GA 
operator's existing audit schedules.
Evaluating Different Aircraft Weight Thresholds
    The determination of weight must take into account a number of 
factors such as the effect on international harmonization, existing 
policies and programs, and the economic effect on the GA community. 
Discussed below are two alternatives to the threshold weight issue.
    Alternative 1: Lower threshold weight to 10,500 pounds MTOW. This 
solution will reduce the associated risk and number of unknown aircraft 
operators by incorporating an additional 3,000-5,000 aircraft into a 
mandatory security program. This alternative would also include a 
portion of currently unregulated types of aircraft, including large 
turboprops and smaller jet aircraft. However, in order to successfully 
implement this threshold weight, significant modifications to existing 
security programs and new rulemaking would be required, which would 
result in delayed program/rule timelines. These additional aircraft 
require TSA oversight and place an additional strain on existing TSA 
resources. Furthermore, this change would require additional 
international coordination, since TSA would be moving away from the 
globally accepted International Civil Aviation Organization standards.
    TSA estimates the cost impact of option one, in terms of 
undiscounted annualized dollars would add $23.7 million to the 
undiscounted annualized cost of the rule as proposed.
    Alternative 2: Raise threshold weight to 16,000 pounds MTOW. This 
option would reduce the number of regulated aircraft and parties by 
approximately 9,000 aircraft which would ultimately decrease the 
inspection requirements on TSA resources. However, excluding these 
aircraft would increase the potential risk and could result in higher 
damage potential. TSA believes that this increased risk and damage 
potential of aircraft between greater than 12,500 pounds MTOW and 
16,000 pounds MTOW are not justified by the reduction in cost. 
Furthermore, moving away from the common greater than 12,500 pounds 
MTOW threshold will yield the same concerns discussed in alternative 
one.
    TSA estimates the cost impact of option two, in terms of 
undiscounted annualized dollars would subtract $26.4 million from the 
undiscounted annualized cost of the rule as proposed.
    Based on the above discussion and analysis by TSNM-GA technical 
experts, the program office recommends that the threshold of greater 
than 12,500 pounds MTOW be maintained as the recognized security 
threshold weight standard for current and future GA security programs 
and policies. Selecting a lower threshold weight would improve security 
because more aircraft would be subject to the LASP but would also 
increase the burden to industry to the point where the burden may not 
be fully supported by increased security. Selecting a higher threshold 
weight would lower the burden on the industry because a lower number of 
aircraft would be subject to the LASP. However, with this higher 
threshold weight, the proposed LASP would not cover many aircraft that 
can cause significant damage if used as a missile or to deliver a 
biological, chemical, or nuclear weapon. TSA believes that mitigating 
the potential security risk and damage potential of large aircraft 
16,000 pounds MTOW or under outweighs the cost difference. 
Consequently, TSA believes that the weight threshold of greater than 
12,500 pounds MTOW is the appropriate balance of risk and burden.
Identification of Duplication, Overlap, and Conflict With Other Federal 
Rules
    TSA has identified an overlap between the proposed LASP and U.S. 
Customs and Border Protection's (CBP) regulations governing its Advance 
Passenger Information System (APIS). CBP requires certain aircraft 
flying to or from the United States to submit passenger manifests to 
APIS for

[[Page 64839]]

comparison to the watch-lists. CBP's watch-list comparison would thus 
duplicate TSA's proposed requirement that large aircraft operators 
submit passenger information to watch-list service providers for 
comparison to the watch-lists.
    In recognition of this overlap, TSA would exempt a flight from its 
watch-list requirement flights covered by its NPRM that also are 
subject to APIS regulations.
Preliminary Conclusion
    Based on this preliminary analysis, TSA has made no determination 
whether the proposed rule would have a significant economic impact on a 
substantial number of small entities under section 605(b) of the RFA. 
TSA requests comment on all aspects of this analysis. TSA will make a 
final determination in the Final Regulatory Flexibility Analysis for 
the Final Rule.
3. International Trade Impact Assessment
    The Trade Agreement Act of 1979 prohibits Federal agencies from 
establishing any standards or engaging in related activities that 
create unnecessary obstacles to the foreign commerce of the United 
States. Legitimate domestic objectives, such as safety, are not 
considered unnecessary obstacles. The statute also requires 
consideration of international standards and, where appropriate, that 
they be the basis for U.S. standards. TSA has assessed the potential 
effect of this notice of proposed rulemaking and has determined this 
rule would not have an adverse impact on international trade.
4. Unfunded Mandates Assessment
    The Unfunded Mandates Reform Act of 1995 is intended, among other 
things, to curb the practice of imposing unfunded Federal mandates on 
State, local, and tribal governments. Title II requires each Federal 
agency to prepare a written statement assessing the effects of any 
Federal mandate in a proposed or final agency rule that may result in 
an expenditure of $100 million or more (adjusted annually for 
inflation) in any one year by State, local, and tribal governments, in 
the aggregate, or by the private sector; such a mandate is deemed to be 
a ``significant regulatory action.'' This notice of proposed rulemaking 
does not exceed this threshold for State, local, and tribal 
governments; however, proposed security measures for city- or county-
owned airports may nevertheless impose a burden on some small 
municipalities. The impact on the overall economy does exceed the 
threshold, resulting in an unfunded mandate on the private sector. This 
regulatory evaluation documents costs and alternatives. TSA will 
publish a final analysis, including its response to public comments, 
when it publishes a final rule.

A. Executive Order 13132, Federalism

    TSA has analyzed this notice of proposed rulemaking under the 
principles and criteria of E.O. 13132, Federalism. We determined that 
this action will not have a substantial direct effect on the States, or 
the relationship between the National Government and the States, or on 
the distribution of power and responsibilities among the various levels 
of government, and therefore, does not have federalism implications.

B. Environmental Analysis

    TSA has reviewed this action for purposes of the National 
Environmental Policy Act of 1969 (42 U.S.C. 4321-4347) and has 
determined that this action will not have a significant effect on the 
human environment.

C. Energy Impact Analysis

    TSA has assessed the energy impact of the action in accordance with 
the Energy Policy and Conservation Act (EPCA), Public Law 94-163, as 
amended (42 U.S.C. 6362). We have determined that this rulemaking is 
not a major regulatory action under the provisions of the EPCA.

List of Subjects

49 CFR Part 1515

    Appeals, Commercial drivers license, Criminal history background 
checks, Explosives, Facilities, Hazardous materials, Incorporation by 
reference, Maritime security, Motor carriers, Motor vehicle carriers, 
Ports, Seamen, Security measures, Security threat assessment, Vessels, 
Waivers.

49 CFR Part 1520

    Air transportation, Law enforcement officers, Reporting and 
recordkeeping requirements, Security measures.

49 CFR Part 1522

    Accounting, Aircraft operators, Aviation safety, Reporting and 
recordkeeping requirements, Security measures.

49 CFR Part 1540

    Aircraft operators, Airports, Aviation safety, Law enforcement 
officers, Reporting and recordkeeping requirements, Security measures.

49 CFR Part 1542

    Airports, Arms and munitions, Aviation safety, Law enforcement 
officers, Reporting and recordkeeping requirements, Security measures.

49 CFR Part 1544

    Aircraft, Aircraft operators, Airmen, Airports, Arms and munitions, 
Aviation safety, Explosives, Freight forwarders, Law enforcement 
officers, Reporting and recordkeeping requirements, Security measures.

49 CFR Part 1550

    Aircraft, Aviation safety, Security measures.

The Proposed Amendments

    In consideration of the foregoing, the Transportation Security 
Administration proposes to amend Chapter XII of Title 49, Code of 
Federal Regulations, as follows:

SUBCHAPTER A--ADMINISTRATIVE AND PROCEDURAL RULES

PART 1515--APPEAL AND WAIVER PROCEDURES FOR SECURITY THREAT 
ASSESSMENTS FOR INDIVIDUALS

    1. The authority for part 1515 continues to read as follows:

    Authority:  46 U.S.C. 70105; 49 U.S.C. 114, 5103a, 40113, and 
46105; 18 U.S.C. 842, 845; 6 U.S.C. 469.

    2. Amend Sec.  1515.1 by revising paragraph (a) to read as follows:


Sec.  1515.1  Scope.

    (a) Appeal. This part applies to applicants who are appealing an 
Initial Determination of Threat Assessment or an Initial Determination 
of Threat Assessment and Immediate Revocation in a security threat 
assessment as described in:
    (1) 49 CFR part 1572 for a hazardous materials endorsement (HME) or 
a Transportation Worker Identification Credential (TWIC);
    (2) 49 CFR part 1540, subpart C, for air cargo workers; or
    (3) 49 CFR part 1544, subpart G, for large aircraft flight crew 
members, individuals authorized to perform screening functions, TSA-
approved auditors and watch-list service provider covered personnel.
* * * * *
    3. Amend Sec.  1515.5 by revising introductory text in paragraphs 
(a), (c), and (h), and adding paragraphs (a)(4) and (h)(3) to read as 
follows:

[[Page 64840]]

Sec.  1515.5  Appeal of Initial Determination of Threat Assessment 
based on criminal conviction, immigration status, or mental capacity.

    (a) Scope. This section applies to applicants appealing from an 
Initial Determination of Threat Assessment that was based on one or 
more of the following:
* * * * *
    (4) TSA has determined that a large aircraft flight crew member, an 
individual authorized to perform screening functions, an applicant to 
become a TSA-approved auditor, or a watch-list service provider covered 
personnel has a disqualifying criminal offense described in 49 CFR 
1544.229(d).
* * * * *
    (c) Final Determination of Threat Assessment. (1) If the Assistant 
Administrator concludes that an HME or TWIC applicant does not meet the 
standards described in 49 CFR 1572.103, 1572.105, or 1572.109, or that 
a large aircraft flight crew member, an individual authorized to 
perform screening functions, an applicant to become a TSA-approved 
auditor, or a service provider covered personnel does not meet the 
requirements in 49 CFR 607, TSA serves a Final Determination of Threat 
Assessment upon the applicant. In addition--
* * * * *
    (h) Appeal of immediate revocation. If TSA directs an immediate 
revocation, the applicant may appeal this determination by following 
the appeal procedures described in paragraph (b) of this section. This 
applies--
* * * * *
    (3) If TSA withdraws a Determination of No Security Threat issued 
to a large aircraft flight crew member, an individual authorized to 
perform screening functions, a TSA-approved auditor, or a service 
provider covered personnel.
    4. Amend Sec.  1515.9 by revising the introductory text in 
paragraphs (a) and (f), and adding paragraphs (a)(3) and (f)(4) to read 
as follows:


Sec.  1515.9  Appeal of security threat assessment based on other 
analyses.

    (a) Scope. This section applies to an applicant appealing an 
Initial Determination of Threat Assessment as follows:
* * * * *
    (3) TSA had determined that a large aircraft flight crew member, an 
individual authorized to perform screening functions, an applicant to 
become a TSA-approved auditor, or a watch-list service provider covered 
personnel poses a security threat as provided in 49 CFR 1544.609.
* * * * *
    (f) Appeal of immediate revocation. If TSA directs an immediate 
revocation, the applicant may appeal this determination by following 
the appeal procedures described in paragraph (b) of this section. This 
applies--
* * * * *
    (4) If TSA withdraws a Determination of No Security Threat issued 
to a large aircraft flight crew member, an individual authorized to 
perform screening functions, a TSA-approved auditor, or a service 
provider covered personnel.
    5. Amend Sec.  1515.11 by revising the introductory text in 
paragraph (a) and adding paragraph (a)(4) to read as follows:


Sec.  1515.11  Review by administrative law judge and TSA Final 
Decision Maker.

    (a) Scope. This section applies to the following applicants:
* * * * *
    (4) A large aircraft flight crew member, an individual authorized 
to perform screening functions, a TSA-approved auditor, or a service 
provider covered personnel, or an applicant to become one, who has been 
issued a Final Determination of Threat Assessment after an appeal as 
described in 49 CFR 1515.5 or 1515.9.
* * * * *

SUBCHAPTER B--SECURITY RULES FOR ALL MODES OF TRANSPORTATION

PART 1520--PROTECTION OF SENSITIVE SECURITY INFORMATION

    6. The authority citation for part 1520 continues to read as 
follows:

    Authority:  46 U.S.C. 70102-70106, 70117; 49 U.S.C. 114, 40113, 
44901-44907, 44913-44914, 44916-44918, 44935-44936, 44942, 46105.
    7. Amend Sec.  1520.5 by revising paragraph (b)(1)(i) to read as 
follows:

Sec.  1520.5  Sensitive security information.

* * * * *
    (b) * * *
    (1) * * *
    (i) Any aircraft operator, airport operator, watch-list service 
provider, or fixed base operator security program, or security 
contingency plan under this chapter;
* * * * *
    8. Amend Sec.  1520.7 by revising the introductory text and 
paragraph (a) to read as follows:


Sec.  1520.7  Covered persons.

    Persons subject to the requirements of part 1520 are:
    (a) Each airport operator, aircraft operator, TSA-approved auditor, 
independent public accounting firm attesting to compliance under part 
1544, subpart F, watch-list service provider, and fixed base operator 
subject to the requirements of subchapter C of this chapter, and each 
armed security officer under subpart B of part 1562.
* * * * *
    9. Add new part 1522 to subchapter B to read as follows:

PART 1522--TSA-APPROVED AUDITORS

Subpart A--General
Sec.
1522.1 Scope and terms used in this part.
1522.3 Qualifications.
1522.5 Application.
1522.7 TSA review and approval.
1522.9 Reconsideration of disapproval of an application.
1522.11 Withdrawal of approval.
1522.13 Responsibilities of TSA-approved auditors.
1522.15 Fraud and intentional falsification of records.
1522.17 TSA Inspection authority.
Subpart B [Reserved]
Subpart C--Auditors for the Large Aircraft Security Program.
Sec.
1522.201 Applicability.
1522.203 Additional qualification requirements.
1522.205 Audit report.
1522.207 Training.
1522.209 Biennial Review.

    Authority: 49 U.S.C. 114, 5103, 40113, 44901-44907, 44913-44914, 
44916-44918, 44932, 44935-44936, 44942, 46105.

PART 1522--TSA-APPROVED AUDITORS

Subpart A--General


Sec.  1522.1  Scope and terms used in this part.

    (a) This part governs the approval and responsibilities of persons 
conducting security audits of large aircraft operators that are 
required to have a security program under part 1544.
    (b) In addition to the terms in Sec. Sec.  1500.3 and 1540.5 of 
this chapter, the following terms apply in this part:
    Applicant means an individual who seeks to become a TSA-approved 
auditor under this part.
    Conflict of interest means a situation when the TSA-approved 
auditor has impairments that might affect their ability to do their 
work and report their findings impartially. Examples of situations 
where a TSA-auditor would have a conflict of interest include but are 
not limited to any of the following:
    (1) The TSA-approved auditor has official, professional, personal, 
or

[[Page 64841]]

financial relationships that might cause an auditor to limit the extent 
of the inquiry, to limit disclosure, or to weaken or distort audit 
findings in any way.
    (2) The TSA-approved auditor had previous responsibility for 
decision-making or managing an entity that would affect current 
operations of the entity or program being audited.
    (3) The TSA-approved auditor currently or previously maintained the 
official records that are the subject of the audit.
    (4) The TSA-approved auditor has financial interest that is direct, 
or is substantial though indirect, in the audited entity or program.
    (5) An immediate family member of the TSA-approved auditor is an 
officer of the operator that is the subject of the audit.
    (6) The TSA-approved auditor or an entity with which the TSA-
approved auditor has an employment relationship provides to the 
operator being audited non-audit services that relate to the operator's 
security program.
    TSA-approved auditor or auditor means any individual who has been 
approved under this part to conduct an audit required under this 
chapter.


Sec.  1522.3  Qualifications.

    To be considered for approval as an auditor, the applicant must--
    (a) Have sufficient facilities, resources, and personnel to perform 
the required audit responsibilities;
    (b) Have knowledge of the Federal statutory and regulatory 
requirements and experience understanding and interpreting Federal 
statutes and regulations;
    (c) Have sufficient, relevant experience to perform the required 
audit responsibilities;
    (d) Obtain a certification or accreditation from an organization 
that TSA recognizes as qualified to certify or accredit an auditor for 
the type of audit that the applicant seeks to perform; and
    (e) Demonstrate the ability to prepare clear and thorough written 
reports and other documents required for the auditing function they 
will perform and demonstrate excellent oral communication skills.


Sec.  1522.5  Application.

    (a) Each applicant must submit an application in a form and manner 
prescribed by TSA.
    (b) An application must include the following information:
    (1) The applicant's full name, business address, business phone 
number, and business email address;
    (2) A copy of the applicant's certification from an organization 
that TSA recognizes as qualified to certify or accredit an auditor for 
the type of audit that the applicant seeks to perform; and
    (3) A statement of how the applicant meets the qualifications set 
forth on Sec.  1522.3.


Sec.  1522.7  TSA review and approval.

    (a) Review. Upon receiving an application, TSA will review the 
application. TSA will approve the application if the applicant meets 
the qualifications described in Sec.  1522.3 and other applicable 
qualifications described in this part and TSA determines that approval 
is in the interest of safety and the public.
    (b) Approval. If an application is approved, TSA will send the 
applicant a written notice of approval. Once approved, an auditor may 
conduct audits in which he or she does not have a conflict of interest.
    (c) Disapproval. TSA will send a written notice of disapproval to 
an applicant whose application is disapproved. The notice of 
disapproval will include the basis of the disapproval of the 
application.


Sec.  1522.9  Reconsideration of disapproval of an application.

    (a) Petition for reconsideration. If an application is disapproved, 
the applicant may seek reconsideration of the decision by submitting a 
written petition for reconsideration to the Assistant Secretary or 
designee within 30 days of receiving the notice of disapproval. The 
written petition for reconsideration must include a statement and any 
supporting documentation explaining why the applicant believes the 
reason for disapproval is incorrect.
    (b) Review of petition. Upon review of the petition for 
reconsideration, the Assistant Secretary or designee disposes of the 
petition by either affirming the disapproval of the application or 
approving the application. The Assistant Secretary or designee may 
request additional information from the applicant prior to rendering a 
decision.


Sec.  1522.11  Withdrawal of approval.

    (a) Basis for withdrawal of approval. TSA may withdraw approval of 
a TSA-approved auditor if the auditor ceases to meet the standards for 
approval, fails to fulfill his or her responsibilities under Sec.  
1522.11, or it is in the interest of security or the public, such as 
failure to report an imminent threat under Sec.  1522.11(c).
    (b) Notice of withdrawal of approval. (1) Except as provided in 
paragraph (c) of this section, TSA will provide a written notice of 
proposed withdrawal of approval to the auditor.
    (2) The notice of proposed withdrawal of approval will include the 
basis of the withdrawal of approval.
    (3) Unless the auditor files a written petition for reconsideration 
under paragraph (d) of this section, the notice of proposed withdrawal 
of approval will become a final notice of withdrawal of approval 31 
days after the auditor's receipt of the notice of proposed withdrawal 
of approval.
    (c) Emergency notice of withdrawal of approval. (1) If TSA finds 
that there is an emergency requiring immediate action with respect to a 
TSA-approved auditor's ability to perform audits, TSA may withdraw 
approval of that auditor without prior notice.
    (2) TSA will incorporate in the emergency notice of withdrawal of 
approval a brief statement of the reasons and findings for the 
withdrawal of approval.
    (3) The emergency notice of withdrawal of approval is effective 
upon the TSA-approved auditor's receipt of the notice. The auditor may 
file a written petition for reconsideration under paragraph (d) of this 
section; however, this petition does not stay the effective date of the 
emergency notice of withdrawal of approval.
    (d) Petition for reconsideration. An auditor may seek 
reconsideration of the withdrawal of approval by submitting a written 
petition for reconsideration to the Assistant Secretary or designee 
within 30 days of receiving the notice of withdrawal of approval.
    (e) Review of petition. Upon review of the written petition for 
reconsideration, the Assistant Secretary or designee disposes of the 
petition by either affirming or withdrawing the notice of withdrawal of 
approval. The Assistant Secretary or designee may request additional 
information from the auditor prior to rendering a decision.


Sec.  1522.13  Responsibilities of TSA-approved auditors.

    (a) Standards for audit. Each auditor must perform an audit, in a 
form and manner prescribed by TSA, to determine whether the operator is 
in compliance with applicable TSA requirements.
    (b) Conflict of interest. No auditor may undertake an audit in 
which he or she has a conflict of interest as defined in Sec.  1552.1.
    (c) Audit report. Each auditor must prepare and submit a report, in 
a form and manner prescribed by TSA, for each audit that he or she 
performs.
    (d) Immediate notification to TSA. If during the course of an audit 
the auditor believes that there is or may be an instance of 
noncompliance with TSA

[[Page 64842]]

requirements that presents an imminent threat to transportation 
security or public safety, the auditor must report the instance 
immediately to TSA.
    (e) Change in information. Each auditor must inform TSA of any 
change in the information described in Sec.  1522.3 and 1522.5.
    (f) No authorization to take remedial or disciplinary action. The 
auditor is not authorized to require any remedial or disciplinary 
action against the person subject to the audit.
    (g) Sensitive Security Information. Each TSA-approved auditor must 
comply with the requirements in 49 CFR part 1520 regarding the handling 
and protection of Sensitive Security Information.
    (h) Non-disclosure of proprietary information. Unless explicitly 
authorized by TSA, each auditor may not make an unauthorized release or 
dissemination of any information that TSA or a large aircraft operator 
indicates as proprietary information and provides to the auditor.


Sec.  1522.15  Fraud and intentional falsification of records.

    No auditor may make, or cause to be made, any of the following:
    (a) Any fraudulent or intentionally false statement in any 
application under this part.
    (b) Any fraudulent or intentionally false entry in any record or 
report that is kept, made, or used to show compliance with this 
subchapter, or exercise any privileges under this part.
    (c) Any reproduction or alteration, for fraudulent purpose, of any 
report, record, security program, access medium, or identification 
medium issued or submitted under this part.


Sec.  1522.17  TSA inspection authority.

    (a) Each TSA-approved auditor must allow TSA, at any time or place, 
to make any inspections, including copying records, to determine 
compliance of a TSA-approved auditor or an operator required to submit 
to an audit under this subchapter with:
    (1) This subchapter and any security program under this subchapter, 
and part 1520 of this chapter; and
    (2) 49 U.S.C. Subtitle VII, as amended.
    (b) At the request of TSA, each TSA-approved auditor must provide 
evidence of compliance with this part.

Subpart B [Reserved]

Subpart C--Auditors for the Large Aircraft Security Program


Sec.  1522.201  Applicability.

    This subpart applies to auditors who seek to obtain approval from 
TSA to conduct audits of operators of large aircraft that are required 
to have a security program under 49 CFR 1544.101(b).


Sec.  1522.203  Additional qualification requirements.

    In addition to the requirements set forth in Sec.  1522.3, an 
applicant seeking to obtain approval to audit aircraft operators that 
are required to have a security program under 49 CFR 1544.101(b) must 
have the following qualifications:
    (a) The applicant must have at least five years of experience in 
inspection or auditing compliance with State or Federal regulations in 
the security industry, the aviation industry, or government programs. 
The five years of experience must have been obtained within 10 years of 
the date of the application.
    (b) The applicant must present three professional references that 
address the applicant's abilities in inspection or auditing and written 
communications.
    (c) Maintain a current accreditation or certification required in 
Sec.  1522.3(d).
    (d) The applicant must have sufficient knowledge of, and ability to 
determine compliance with, regulations, policies, directives, rules, 
and regulations, pertaining to the large aircraft security program.
    (e) The applicant must have sufficient knowledge of and ability to 
apply the concepts, principles, and methods of compliance with the 
requirements of the large aircraft security program to include 
assessment, inspection, investigation, and reporting of compliance with 
the large aircraft security program.
    (f) The applicant must successfully undergo a security threat 
assessment under 49 CFR part 1544, subpart G, and have a valid 
Determination of No Security Threat.


Sec.  1522.205  Audit report.

    (a) Each TSA-approved auditor must prepare and submit a written 
audit report to TSA in a manner and form prescribed by TSA within 30 
days of completing an audit.
    (b) The audit report must include the following information:
    (1) A description of the facilities, equipment, systems, processes, 
and/or procedures that were audited.
    (2) The auditor's findings regarding the operator's compliance with 
TSA requirements.
    (3) Conclusions on the systems, processes, and/or procedures that 
were audited.
    (4) Signed attestation by the auditor that he or she did not have 
any conflicts of interest in conducting the audit and that the audit 
was conducted impartially, professionally, and consistent with the 
standards set forth by TSA.
    (5) The third party auditor must retain copies of completed audit 
reports for 36 calendar months.


Sec.  1522.207  Training.

    (a) Initial training. Each TSA-approved auditor must complete the 
initial training prescribed by TSA before conducting any audit under 
this subchapter.
    (b) Recurrent training. Each TSA-approved auditor must complete 
recurrent training prescribed by TSA 24 months after his or her most 
recent TSA-prescribed training. If the TSA-approved auditor completes 
the recurrent training in the month before or the month after it is 
due, the TSA-approved auditor is considered to have taken it in the 
month it is due.


Sec.  1522.209  Biennial review.

    (a) Initial review. Except as otherwise required by TSA, each TSA-
approved auditor must submit the following information within 24 months 
after the auditor is approved under Sec.  1522.5. If the TSA-approved 
auditor submits the following information in the month before or the 
month after it is due, the TSA-approved auditor is considered to have 
submitted the information in the month it is due:
    (1) Evidence that the auditor successfully completed the initial 
training under Sec.  1522.207(a) and any recurrent training described 
Sec.  1522.207(b); and
    (2) Evidence that the auditor continues to be certified or 
accredited by an organization that TSA recognizes as qualified to 
certify or accredit an auditor for the large aircraft security program.
    (b) Recurrent review. Except as otherwise required by TSA, each 
TSA-approved auditor must submit the following information 24 months 
after the auditor submitted the information required under paragraph 
(a) or (b) of this section. If the TSA-approved auditor submits the 
following information in the month before or the month after it is due, 
the TSA-approved auditor is considered to have submitted the 
information in the month it is due:
    (1) Evidence that the auditor successfully completed the initial 
training under Sec.  1522.207(a) and any recurrent training described 
Sec.  1522.207(b); and
    (2) Evidence that the auditor continues to be certified or 
accredited by an organization that TSA recognizes

[[Page 64843]]

as qualified to certify or accredit an auditor for the large aircraft 
security program.

SUBCHAPTER C--CIVIL AVIATION SECURITY

PART 1540--CIVIL AVIATION SECURITY: GENERAL RULES

    10. The authority citation for part 1540 continues to read as 
follows:

    Authority: 49 U.S.C. 114, 5103, 40113, 44901-44907, 44913-44914, 
44916-44918, 44935-44936, 44942, 46105.

Subpart A--General

    11. Amend Sec.  1540.5 by adding the definition of ``Standard 
security program'' in alphabetical order to read as follows:


Sec.  1540.5  Terms used in this subchapter.

* * * * *
    Standard security program means a security program issued by TSA 
that serves as a baseline for a particular type of operator. If TSA has 
issued a standard security program for a particular type of operator, 
unless otherwise authorized by TSA, each operator's security program 
consists of the standard security program together with any amendments 
and alternative procedures approved or accepted by TSA.
* * * * *

Subpart B--Responsibilities of Passengers and Other Individuals and 
Persons

    12. Revise Sec.  1540.107(c) to read as follows:


Sec.  1540.107  Submission to screening and inspection.

* * * * *
    (c) An individual must provide his or her full name, as defined in 
Sec.  1560.3, when--
    (1) The individual makes a reservation for a covered flight, as 
defined in Sec.  1560.3.
    (2) The individual makes a request for authorization to enter a 
sterile area.
    (3) An aircraft operator described in Sec.  1544.101(b) requests 
the individual's full name under Sec.  1544.245(b).
    13. Add new subpart D to part 1540 to read as follows:

Subpart D--Responsibilities of Holders of TSA-Approved Security 
Programs


Sec.  1540.301  Withdrawal of approval of a security program.

    (a) Applicability. This section applies to holders of a security 
program approved or accepted by TSA under 49 CFR chapter XII, 
subchapter C.
    (b) Withdrawal of security program approval. TSA may withdraw the 
approval of a security program, if TSA determines continued operation 
is contrary to security and the public interest, as follows:
    (1) Notice of proposed withdrawal of approval. TSA will serve a 
Notice of Proposed Withdrawal of Approval, which notifies the holder of 
the security program, in writing, of the facts, charges, applicable 
law, regulation, or order that form the basis of the determination.
    (2) Security program holder's reply. The holder of the security 
program may respond to the Notice of Proposed Withdrawal of Approval no 
later than 15 calendar days after receipt of the withdrawal by 
providing the designated official, in writing, with any material facts, 
arguments, applicable law, and regulation.
    (3) TSA review. The designated official will consider all 
information available, including any relevant material or information 
submitted by the holder of the security program, before either issuing 
a Withdrawal of Approval of the security program or rescinding the 
Notice of Proposed Withdrawal of Approval. If TSA issues a Withdrawal 
of Approval, it becomes effective upon receipt by the holder of the 
security program, or 15 calendar days after service, whichever occurs 
first.
    (4) Petition for reconsideration. The holder of the security 
program may petition TSA to reconsider its Withdrawal of Approval by 
serving a petition for consideration no later than 15 calendar days 
after the holder of the security program receives the Withdrawal of 
Approval. The holder of the security program must serve the Petition 
for Reconsideration on the designated official. Submission of a 
Petition for Reconsideration will not stay the Withdrawal of Approval. 
The holder of the security program may request the designated official 
to stay the Withdrawal of Approval pending review of and decision on 
the Petition.
    (5) Assistant Secretary's review. The designated official transmits 
the Petition together with all pertinent information to the Assistant 
Secretary for reconsideration. The Assistant Secretary will dispose of 
the Petition within 15 calendar days of receipt by either directing the 
designated official to rescind the Withdrawal of Approval or by 
affirming the Withdrawal of Approval. The decision of the Assistant 
Secretary constitutes a final agency order subject to judicial review 
in accordance with 49 U.S.C. 46110.
    (6) Emergency withdrawal. If TSA finds that there is an emergency 
with respect to aviation security requiring immediate action that makes 
the procedures in this section contrary to the public interest, the 
designated official may issue an Emergency Withdrawal of Approval of a 
security program without first issuing a Notice of Proposed Withdrawal 
of Approval. The Emergency Withdrawal would be effective on the date 
that the holder of the security program receives the emergency 
withdrawal. In such a case, the designated official will send the 
holder of the security program a brief statement of the facts, charges, 
applicable law, regulation, or order that forms the basis for the 
Emergency Withdrawal. The holder of the security program may submit a 
Petition for Reconsideration under the procedures in paragraphs (b)(4) 
through (b)(5) of this section; however, this petition will not stay 
the effective date of the Emergency Withdrawal.
    (c) Service of documents for withdrawal of approval of security 
program proceedings. Service may be accomplished by personal delivery, 
certified mail, or express courier. Documents served on the holder of a 
security program will be served at its official place of business as 
designated in its application for approval or its security program. 
Documents served on TSA must be served to the address noted in the 
Notice of Withdrawal of Approval or Withdrawal of Approval, whichever 
is applicable.
    (1) Certificate of service. An individual may attach a certificate 
of service to a document tendered for filing. A certificate of service 
must consist of a statement, dated and signed by the person filing the 
document, that the document was personally delivered, served by 
certified mail on a specific date, or served by express courier on a 
specific date.
    (2) Date of service. The date of service is--
    (i) The date of personal delivery;
    (ii) If served by certified mail, the mailing date shown on the 
certificate of service, the date shown on the postmark if there is no 
certificate of service, or other mailing date shown by other evidence 
if there is no certificate of service or postmark; or
    (iii) If served by express courier, the service date shown on the 
certificate of service, or by other evidence if there is no certificate 
of service.
    (d) Extension of time. TSA may grant an extension of time to the 
limits set forth in this section for good cause shown. A security 
program holder's request for an extension of time must be in writing 
and be received by TSA at least two days before the due date in order 
to be considered. TSA may grant

[[Page 64844]]

itself an extension of time for good cause.

PART 1542--AIRPORT SECURITY

    14. The authority citation for part 1542 continues to read as 
follows:

    Authority: 49 U.S.C. 114, 5103, 40113, 44901-44907, 44913-44914, 
44916-44918, 44935-44936, 44942, 46105.

    15. Amend Sec.  1542.103 by revising introductory text of 
paragraphs (a) and (b), revising paragraphs (c) and (d), and adding new 
paragraphs (e) and (f) to read as follows:

Subpart B--Airport Security Program


Sec.  1542.103  Content.

    (a) Complete program. Except as otherwise approved by TSA, each 
airport operator regularly serving operations of an aircraft operator 
or foreign air carrier described in Sec.  1544.101(a)(1) or Sec.  
1546.101(a) of this chapter, must adopt and carry out a complete 
program, and include in its security program the following:
* * * * *
    (b) Supporting program. Except as otherwise approved by TSA and 
except for airports that are required to adopt a complete program under 
paragraph (a) of this section, each airport regularly serving 
operations of an aircraft operator or foreign air carrier described in 
Sec.  1544.101(a)(2) or Sec.  1546.101(b) or (c) of this chapter, must 
adopt and carry out a supporting program, and include in its security 
program a description of the following:
* * * * *
    (c) Partial program. Except as otherwise approved by TSA and except 
for airports that are required to adopt a complete program under 
paragraph (a) of this section or a supporting program under paragraph 
(b) of this section, each of the following airports must adopt and 
carry out a partial program, and must include in its security program 
the requirements in paragraph (d) of this section.
    (1) Each airport regularly serving large aircraft operations of an 
aircraft operator described in Sec.  1544.101(b) with scheduled or 
public charter operations.
    (2) Each reliever airport as defined in 49 U.S.C. 47102(22).
    (d) Partial program content. Except as otherwise approved by TSA, 
each airport described in paragraph (c) of this section must include in 
its security program a description of the following:
    (1) Name, means of contact, duties, and training requirements of 
the airport security coordinator as required under Sec.  1542.3.
    (2) A description of the law enforcement support used to comply 
with Sec.  1542.215(b).
    (3) Training program for law enforcement personnel required under 
Sec.  1542.217(c)(2), if applicable.
    (4) A system for maintaining the records described in Sec.  
1542.221.
    (5) Procedures for the distribution, storage, and disposal of 
Sensitive Security Information (which, as defined in Sec.  1520.5, 
includes security programs, Security Directives, Information Circulars, 
and implementing instructions), and, as appropriate, classified 
information.
    (6) Procedures for public advisories as specified in Sec.  
1542.305.
    (7) Incident management procedures used to comply with Sec.  
1542.307.
    (e) Provisional program. (1) An airport operator that is not 
subject to paragraph (a), (b), or (c) of this section may request TSA 
to review and approve its security program.
    (2) TSA may approve the security program if it determines that 
approval is in the interest of safety and the public using the 
procedures described in Sec.  1544.105(a).
    (3) The airport operator must comply with the security program 
approved under this paragraph (e).
    (4) An airport operator or TSA may amend an approved security 
program using the procedures described in Sec.  1544.105.
    (5) TSA may withdrawal approval of a security program using the 
procedures described in Sec.  1540.301 if it determines that withdrawal 
of approval is in the interest of safety and the public.
    (f) Use of appendices. The airport operator may comply with 
paragraphs (a), (b), (c), and (d) of this section by including in its 
security program, as an appendix, any document that contains the 
information required by paragraphs (a), (b), (c), and (d) of this 
section. The appendix must be referenced in the corresponding 
section(s) of the security program.

PART 1544--AIRCRAFT OPERATOR SECURITY

    16. The authority citation for part 1544 continues to read as 
follows:

    Authority: 49 U.S.C. 114, 5103, 40113, 44901-44905, 44907, 
44913-44914, 44916-44918, 44932, 44935-44936, 44942, 46105.

Subpart A--General

    17. Amend Sec.  1544.1 by revising paragraph (a)(1) to read as 
follows:


Sec.  1544.1  Applicability of this part.

    (a) * * *
    (1) The operations of aircraft operators engaged in any civil 
operation in an aircraft with a maximum certificated takeoff weight of 
over 12,500 pounds.
* * * * *

Subpart B--Security Program


Sec.  1544.101  [Amended]

    18. Amend Sec.  1544.101 as follows:
    a. Revise paragraph (a) introductory text;
    b. Revise paragraph (b);
    c. Remove and reserve paragraphs (c), (d), (e), and (f);
    d. Revise paragraph (g) to read as follows;
    e. Revise paragraph (h) introductory text; and
    f. Remove paragraph (i).
    The revisions read as follows:


Sec.  1544.101  Adoption and implementation.

    (a) Full program. Each aircraft operator holding an operating 
certificate under 14 CFR part 119 must carry out the requirements in 
subparts C, D, and E of this part specified in Sec.  1544.103 (c) and 
must adopt and carry out a security program that meets the requirements 
of Sec. Sec.  1544.103(a), (b), and (c) for each of the following 
operations:
* * * * *
    (b) Large aircraft program. Each aircraft operator must carry out 
the requirements in subparts C, D, and E of this part specified in 
Sec. Sec.  1544.103(e) and (f) and must adopt and carry out a security 
program that meets the requirements of Sec. Sec.  1544.103(a), (b), 
(e), and (f) for each operation that meets all of the following:
    (1) Is an aircraft with a maximum certificated takeoff weight of 
over 12,500 pounds.
    (2) Is in any civil operation.
    (3) Is not one of the following:
    (i) Operating under a full program under paragraph (a) of this 
section;
    (ii) Operating under a full all-cargo program under paragraph (h) 
of this section;
    (iii) A public aircraft as described in 49 U.S.C. 40102, provided 
that the aircraft operator obtains security procedures from TSA if the 
aircraft deplanes into or enplanes from a sterile area; or
    (iv) A government charter under paragraph (2) of the definition of 
private charter in Sec.  1540.5 of this chapter, provided that aircraft 
does not deplane into or enplane from a sterile area and the government 
takes security responsibility for the following:
    (A) The aircraft;
    (B) Persons onboard; and
    (C) Property onboard.
* * * * *
    (g) Limited program. Each aircraft operator that is not required to 
have a

[[Page 64845]]

full program, a large aircraft program or a full all-cargo program, as 
identified in paragraphs (a), (b), and (h) of this section 
respectively, may request a security program from TSA. Each aircraft 
operator with a limited program must carry out selected provisions of 
subparts C, D, and E of this part, as provided by TSA and must adopt 
and carry out the provisions of Sec.  1544.305, as specified in its 
security program.
    (h) Full all-cargo program. Each aircraft operator holding an 
operating certificate under 14 CFR part 119 or 14 CFR part 125 must 
carry out the requirements in subparts C, D, and E of this part 
specified in Sec.  1544.103(d) and must adopt and carry out a security 
program that meets the requirements of Sec. Sec.  1544.103(a), (b), and 
(d) for each operation that is--
* * * * *
    19. Amend Sec.  1544.103 by adding paragraph (a)(4), revising 
paragraph (c), and adding paragraphs (d), (e), and (f) to read as 
follows:


Sec.  1544.103   Form, content, and availability.

    (a) * * *
    (4) Includes the standard security program issued by TSA, together 
with any amendments and alternate procedures approved or accepted by 
TSA for the aircraft operator.
* * * * *
    (c) Content of a security program for a full program aircraft 
operator. The standard security program for a full program aircraft 
operator described in Sec.  1544.101(a) is the Aircraft Operator 
Standard Security Program (AOSSP). The security program must include 
the following:
    (1) Section 1544.201, Acceptance and screening of individuals and 
accessible property.
    (2) Section 1544.203, Acceptance and screening of checked baggage.
    (3) Section 1544.205, Acceptance and screening of cargo.
    (4) Section 1544.207, Inspection of individuals and property.
    (5) Section 1544.209, Use of metal detection devices.
    (6) Section 1544.211, Use of X-ray systems.
    (7) Section 1544.213, Use of explosives detection systems.
    (8) Section 1544.215, Security coordinators.
    (9) Section 1544.217, Law enforcement personnel.
    (10) Section 1544.219, Carriage of accessible weapons.
    (11) Section 1544.221, Carriage of prisoners under the control of 
armed law enforcement officers.
    (12) Section 1544.223(a) through (h), Transportation of Federal Air 
Marshals.
    (13) Section 1544.225, Security of the aircraft and facilities.
    (14) Section 1544.227, Exclusive area agreements.
    (15) Section 1544.228, Access to cargo and security threat 
assessments for cargo personnel in the United States.
    (16) Sections 1544.229 and 1544.230, Fingerprint-based criminal 
history records checks.
    (17) Section 1544.231, Airport-approved and exclusive area 
personnel identification systems.
    (18) Sections 1544.233 and 1544.235, Security coordinators and 
crewmember training and training for individuals with security-related 
duties.
    (19) Section 1544.237, Flight deck privileges.
    (20) Section 1544.241, Regarding voluntary provision of emergency 
services.
    (21) Section 1544.301, Contingency plan.
    (22) Section 1544.303, Bomb or air piracy threats.
    (23) Section 1544.305, Security directives and information 
circulars.
    (d) Content of a security program for a full all-cargo program. The 
standard security program for a full all-cargo aircraft operator 
described in Sec.  1544.101(h) is the Full All-Cargo Aircraft Operator 
Standard Security Program (FACAOSSP). The security program must include 
the following:
    (1) Section 1544.202, Persons and property onboard an all-cargo 
aircraft.
    (2) Section 1544.205, Acceptance and screening of cargo.
    (3) Section 1544.207, Inspection of individuals and property.
    (4) Section 1544.209, Use of metal detection devices.
    (5) Section 1544.211, Use of x-ray systems.
    (6) Section 1544.215, Security coordinators.
    (7) Section 1544.217, Law enforcement personnel.
    (8) Section 1544.219, Carriage of accessible weapons.
    (9) Section 1544.223(a) through (h), Transportation of Federal Air 
Marshals.
    (10) Section 1544.225, Security of the aircraft and facilities.
    (11) Section 1544.227, Exclusive area agreements.
    (12) Section 1544.228, Access to cargo and security threat 
assessments for cargo personnel in the United States.
    (13) Sections 1544.229 and 1544.230, Fingerprint-based criminal 
history records checks.
    (14) Section 1544.231, Airport-approved and exclusive area 
personnel identification systems.
    (15) Sections 1544.233 and 1544.235, Security coordinators and 
crewmember training and training for individuals with security-related 
duties.
    (16) Section 1544.237, Flight deck privileges.
    (17) Section 1544.301, Contingency plan.
    (18) Section 1544.303, Bomb or air piracy threats.
    (19) Section 1544.305, Security directives and information 
circulars.
    (20) Other provisions of subpart C of this part that TSA has 
approved upon request.
    (21) The remaining requirements of subpart C of this part when TSA 
notifies the aircraft operator in writing that a security threat exists 
concerning that operation.
    (e) Content of a security program for a large aircraft operator. 
The standard security program for large aircraft operators described in 
Sec.  1544.101(b) is the large aircraft security program (LASP). The 
security program must include the following and any applicable 
requirements in paragraph (f) of this section:
    (1) Section 1544.206, Person and property onboard a large aircraft.
    (2) Section 1544.215, Security coordinators.
    (3) Section 1544.217, Law enforcement personnel.
    (4) Section 1544.219, Carriage of accessible weapons.
    (5) Section 1544.223(i), Transportation of Federal Air Marshals.
    (6) Section 1544.225, Security of the aircraft and facilities.
    (7) Sections 1544.233 and 1544.235, Security coordinators and 
crewmember training.
    (8) Section 1544.241, Voluntary provision of emergency services if 
the large aircraft operator holds an Air Carrier Certificate under 14 
CFR part 119.
    (9) Section 1544.243, Third party audit.
    (10) Section 1544.245, Passenger vetting for large aircraft 
operators.
    (11) Sections 1544.301(a) and (b), Contingency plan.
    (12) Section 1544.303, Bomb or air piracy threats.
    (13) Section 1544.305, Security directives and information 
circulars.
    (14) Part 1544, subpart G, Security threat assessment for flight 
crew.
    (15) Except as provided in paragraph (f)(1) of this section, an 
aircraft operator must seek alternative procedures from TSA for the 
screening of individuals and property for an aircraft that enplanes 
from or deplanes into a sterile area.
    (16) Other provisions of subparts C, D, and E of this part that TSA 
has approved upon request.

[[Page 64846]]

    (17) The remaining requirements of subparts C, D, and E of this 
part when TSA notifies the aircraft operator that a security threat 
exists concerning that operation.
    (f) Additional requirements for large aircraft operators. In 
addition to the requirements in paragraph (e) of this section each 
aircraft operator described in Sec.  1544.101(b) must include in its 
security program, the applicable requirements of this paragraph (f).
    (1) Large aircraft over 45,500 kilograms (100,309.3 pounds) or with 
a passenger-seating configuration of 61 or more. For large aircraft 
operated for compensation or hire with a maximum certificated take-off 
weight of over 45,500 kilograms (100,309.3 pounds), or a passenger-
seating configuration of 61 or more, each aircraft operator must 
include in its security program the following:
    (i) Section 1544.201, Acceptance and screening of individuals and 
their accessible property.
    (ii) Section 1544.207(c), Inspection of individuals and property.
    (iii) Section 1544.223(a) through (h), Transportation of Federal 
Air Marshals.
    (iv) Procedures for ensuring that each of the following individuals 
have successfully undergone a security threat assessment under subpart 
G of this part before granting the individual authority to perform 
screening functions:
    (A) Individuals who screen passengers or property that will be 
carried in a cabin of the aircraft.
    (B) Individuals who serve as immediate supervisors or the next 
supervisory level to those individuals described in paragraph 
(a)(1)(iv)(A) of this section.
    (2) All-Cargo operations for aircraft with an MTOW of over 12,500 
pounds. A large aircraft operator in an all-cargo operation must 
include the following in its security program:
    (i) Section 1544.202, Persons and property onboard an all-cargo 
aircraft.
    (ii) Sections 1544.205(a), (b), (d), and (f), Acceptance and 
screening of cargo.
    20. Revise Sec.  1544.105 to read as follows:


Sec.  1544.105  Approval and amendments to the security program.

    (a) Initial approval of security program. (1) Application. Unless 
otherwise authorized by TSA, each aircraft operator required to have a 
security program under this part must apply for a security program in a 
form and a manner prescribed by TSA at least 90 days before the 
intended date of operations. The application must be in writing.
    (i) Each aircraft operator must include in its application the 
following:
    (A) The aircraft operator's business name and other names, 
including ``doing business as'';
    (B) Address of the aircraft operator's primary place of business or 
headquarters;
    (C) The aircraft operator's state of incorporation, if applicable; 
and
    (D) The aircraft operator's tax identification number.
    (ii) Each aircraft operator under the large aircraft program as 
described in Sec.  1544.101(b) must include the following in its 
application:
    (A) The business name and other names, including ``doing business 
as.'' If the applicant holds or is applying for a FAA operating 
certificate, the business name must be the same as the name on the FAA 
operating certificate.
    (B) The names and addresses of each proprietor, general partner, 
officer, director, and owner of an aircraft identified under Sec.  
1544.101(b).
    (C) A signed statement from each person listed in paragraph 
(a)(1)(ii) of this section stating whether he or she has been a 
proprietor, general partner, officer, director, or owner of a large 
aircraft that had its security program withdrawn or suspended by TSA.
    (D) If the applicant holds a FAA operating certificate, the FAA 
operating certificate number.
    (E) If the applicant does not have a FAA operating certificate, the 
type of operation under which the applicant operates, for example 
operating under 14 CFR part 91.
    (F) The name, title, address, phone number, and electronic mail 
address of the Aircraft Operator Security Coordinator (AOSC) and any 
alternates. The telephone number provided must be a number where at 
least one AOSC may be reached.
    (G) A statement acknowledging and ensuring that each employee and 
agent of the aircraft operator, who is subject to training under Sec.  
1544.233 and 235, will have successfully completed the training 
outlined in its security program before performing security-related 
duties.
    (2) Standard security program. TSA will provide to the aircraft 
operator security coordinator the appropriate standard security 
program, any security directives, and amendments to the security 
program and other alternative procedures that apply to the aircraft 
operator. The aircraft operator may either accept the standard security 
program or submit a proposed modified security program to the 
designated official for approval. TSA will approve the security program 
under paragraph (a)(3) of the section or issue a written notice to 
modify under paragraph (a)(4) of this section.
    (3) Approval. TSA will approve the security program upon 
determining that--
    (i) The aircraft operator has met the requirements of this part, 
its security program, and any applicable Security Directives;
    (ii) The aircraft operator is able and willing to carry out the 
requirements of its security program;
    (iii) The approval of the security program is not contrary to the 
interests of security and the public interest; and
    (iv) The aircraft operator has not held a security program that was 
withdrawn, unless otherwise authorized by TSA.
    (4) Modification. (i) If a security program does not satisfy the 
requirements in paragraph (a)(3) of this section, TSA will provide the 
aircraft operator written Notice to Modify the security program to 
comply with the applicable requirements of this part.
    (ii) The aircraft operator may either submit a modified security 
program to TSA for approval, or a petition for Reconsideration of 
Notice to Modify within 30 days of receipt of the Notice to modify. A 
Petition for Reconsideration must be filed with the designated 
official.
    (iii) The designated official, upon receipt of a Petition for 
Reconsideration, either amends or withdraws the Notice, or transmits 
the Petition, together with any pertinent information, to the Assistant 
Secretary for reconsideration. The Assistant Secretary may dispose of 
the Petition within 30 days of receipt by either directing the 
designated official to withdraw or amend the Notice to Modify, or by 
denying the Petition and affirming the Notice to Modify.
    (5) Commencement of operations. The aircraft operator may operate 
under an approved security program when it meets all requirements, 
including but not limited to successful completion of training and 
Security Threat Assessments by relevant personnel, if applicable.
    (b) Amendment requested by an aircraft operator. An aircraft 
operator may submit a request to TSA to amend its security program as 
follows:
    (1) The request for an amendment must be filed in writing, with the 
designated official at least 45 days before the date the aircraft 
operator proposes for the amendment to become effective, unless a 
shorter period is allowed by the designated official.
    (2) Within 30 days after receiving a proposed amendment, the 
designated official, in writing, either approves or denies the request 
to amend.

[[Page 64847]]

    (3) An amendment to an aircraft operator security program may be 
approved if the designated official determines that security and the 
public interest will allow it, and the proposed amendment provides the 
level of security required under this part.
    (4) If the proposed amendment is denied, within 30 days after 
receiving a denial, the aircraft operator may petition the Assistant 
Secretary to reconsider the denial. A Petition for Reconsideration must 
be filed with the designated official.
    (5) Upon receipt of a petition for reconsideration, the designated 
official either approves the request to amend or transmits the 
petition, together with any pertinent information, to the Assistant 
Secretary for reconsideration. The Assistant Secretary disposes of the 
petition within 30 days of receipt by either directing the designated 
official to approve the amendment, or denying the Petition and 
affirming the denial.
    (6) Any aircraft operator may submit a group proposal for an 
amendment that is on behalf of it and other aircraft operators that co-
sign the proposal.
    (c) Amendment by TSA. If security and the public interest require 
an amendment, TSA may amend a security program as follows:
    (1) The designated official notifies the aircraft operator, in 
writing, of the proposed amendment, fixing a period of not less than 30 
days within which the aircraft operator may submit written information, 
views, and arguments on the amendment.
    (2) After considering all relevant material, the designated 
official notifies the aircraft operator of any amendment adopted or 
rescinds the notice. If the amendment is adopted, it becomes effective 
not less than 30 days after the aircraft operator receives the notice 
of amendment, unless the aircraft operator petitions the Assistant 
Secretary, in writing, to reconsider no later than 15 days before the 
effective date of the amendment. The aircraft operator must send the 
written Petition for Reconsideration to the designated official. A 
timely Petition for Reconsideration stays the effective date of the 
amendment.
    (3) Upon receipt of a Petition for Reconsideration, the designated 
official either amends or withdraws the notice or transmits the 
Petition, together with any pertinent information, to the Assistant 
Secretary for reconsideration. The Assistant Secretary disposes of the 
Petition within 30 days of receipt by either directing the designated 
official to withdraw or amend the amendment, or by denying the Petition 
and affirming the amendment.
    (d) Emergency amendments. If the designated official finds that 
there is an emergency requiring immediate action with respect to 
security in air transportation or in air commerce that makes procedures 
in this section contrary to the public interest, the designated 
official may issue an emergency amendment, without the prior notice and 
comment procedures in paragraph (c) of this section, effective without 
stay on the date the aircraft operator receives notice of it. In such a 
case, the designated official will incorporate in the notice a brief 
statement of the reasons and findings for the amendment to be adopted. 
The aircraft operator may file a written Petition for Reconsideration 
under paragraph (c) of this section; however, this does not stay the 
effective date of the Emergency Amendment.
    (e) Requirement to report changes in information. Each aircraft 
operator with an approved security program under this part must notify 
TSA, in a form and manner approved by TSA, of any changes to the 
information submitted during its initial application under paragraph 
(a)(1) of this section.
    (1) This notification must be submitted in writing to the 
designated official not later than 30 days after the date the change 
occurred.
    (2) Changes included in the requirement of this paragraph include, 
but are not limited to, changes in the holder of a security program's 
contact information, owners, business addresses and locations, and form 
of business entity.
    (f) TSA may withdraw its approval of an aircraft operator's 
security program under Sec.  1540.301.
    21. Add new Sec.  1544.107 to subpart B to read as follows:


Sec.  1544.107  Fractional ownership of large aircraft.

    (a) This section applies to aircraft operators operating aircraft 
under a large aircraft program under Sec.  1544.101(b) that are under a 
fractional ownership program under 14 CFR part 91, subpart K. For 
operations where the owner in operational control delegates performance 
of security tasks to the program manager, the security program is 
considered to be held jointly by the owner and the program manager, and 
the owner and the program manager are jointly and individually 
responsible for compliance.
    (b) A fractional program manager that manages multiple aircraft may 
have one large aircraft program that applies to all its operations.

Subpart C--Operations

    22. Amend Sec.  1544.201 by adding introductory text to read as 
follows:


Sec.  1544.201  Acceptance and screening of individuals and accessible 
property.

    This section applies to each aircraft operator required to comply 
with this section under 49 CFR 1544.103.
* * * * *
    23. Revise Sec.  1544.202 to read as follows:


Sec.  1544.202  Persons and property onboard all-cargo aircraft.

    Each aircraft operator operating under a full all-cargo program or 
a large aircraft program in an all-cargo operation as described in 
Sec.  1544.103(f)(2) must apply the security measures in its security 
program for persons who are carried on the aircraft, and for their 
property, to prevent or deter the carriage of any unauthorized persons, 
and any unauthorized or accessible weapons, explosives, incendiaries, 
and other destructive substances or items.
    24. Amend Sec.  1544.205 by revising paragraphs (a), (b), and (d) 
to read as follows:


Sec.  1544.205  Acceptance and screening of cargo.

    (a) Preventing or deterring the carriage of any explosive or 
incendiary. Each aircraft operator operating under a full program, a 
full all-cargo program, or a large aircraft program in an all-cargo 
operation as described in Sec.  1544.103(f)(2) must use the procedures, 
facilities, and equipment described in its security program to prevent 
or deter the carriage of any unauthorized persons, and any unauthorized 
explosives, incendiaries, and other destructive devices, substances or 
items in cargo onboard an aircraft.
    (b) Screening and inspection of cargo. Each aircraft operator 
operating under a full program or a full all-cargo program, or a large 
aircraft program in an all-cargo operation, as described in Sec.  
1544.103(f)(2), must ensure that cargo is screened and inspected for 
any unauthorized person, and any unauthorized explosive, incendiary, 
and other destructive substance or item as provided in the aircraft 
operator's security program and Sec.  1544.207, and as provided in 
Sec.  1544.239 for operations under a full program, before loading it 
on its aircraft.
* * * * *
    (d) Refusal to transport. Except as otherwise provided in its 
program, each aircraft operator operating under a full

[[Page 64848]]

program, a full all-cargo program, or a large aircraft program in an 
all-cargo operation as described in Sec.  1544.103(f)(2) must refuse to 
transport any cargo if the shipper does not consent to a search or 
inspection of that cargo in accordance with the system prescribed by 
this part.
* * * * *
    25. Add new Sec.  1544.206 to subpart C to read as follows:


Sec.  1544.206  Persons and property on board a large aircraft.

    Each aircraft operator operating under a large aircraft program 
under Sec.  1544.101(b), except for a large aircraft operator in an 
all-cargo operation as described in Sec.  1544.103(f)(2), must apply 
the security measures in its security program for any persons and 
accessible property onboard the aircraft, including company materials 
(COMAT), to prevent or deter the carriage of any unauthorized persons, 
and any unauthorized or accessible weapons, explosives, incendiaries, 
and other destructive devices, substances or items.
    26. Revise Sec.  1544.207 to read as follows:


Sec.  1544.207  Inspection of individuals and property.

    (a) Applicability of this section. This section applies to the 
inspection of individuals, accessible property, checked baggage, and 
cargo by each full program operator under Sec.  1544.101(a); the 
inspection of individuals, accessible property and cargo by each full 
all-cargo program operator under Sec.  1544.101(h); and the inspection 
of individuals and accessible property by a large aircraft program 
operator under Sec.  1544.103(f)(1), as required under this part.
    (b) Full program aircraft operators. Each aircraft operator must 
ensure that passengers and their accessible property do not board an 
aircraft and that checked baggage is not loaded onto an aircraft unless 
inspection is conducted as follows:
    (1) Locations within the United States. The inspection of 
passengers, accessible property, and checked baggage is conducted by 
TSA.
    (2) Locations outside the United States. (i) In non-U.S. locations 
where the foreign country conducts inspection of passengers, accessible 
property, and checked baggage, the aircraft operator must ensure that 
the foreign country or its designee conducts such inspection. TSA may 
require aircraft operators to conduct supplemental inspection 
operations.
    (ii) In non-U.S. locations where the foreign country does not 
conduct inspection of passengers, accessible property, and/or checked 
baggage, an aircraft operator must conduct any inspection not conducted 
by the foreign country or must not permit non-inspected individuals on 
the aircraft. The aircraft operator's personnel must be trained and 
authorized to inspect individuals, accessible property, and checked 
baggage, as provided in subpart E.
    (3) All locations. Each aircraft operator must ensure the 
inspection of all cargo prior to loading on the aircraft. The cargo 
must be inspected as provided in each aircraft operator's security 
program or by TSA, or by the foreign country. Where the foreign country 
does not conduct inspection of cargo, the aircraft operator must 
conduct the inspection or must not permit non-inspected cargo on the 
aircraft.
    (c) Full all-cargo aircraft operators and large aircraft operators. 
Each aircraft operator must use the measures in its security program 
and in subpart E of this part to inspect individuals and property.
    27. Amend Sec.  1544.217 by revising the introductory text of 
paragraphs (a)(2) and (b) to read as follows:


Sec.  1544.217  Law enforcement personnel.

    (a) * * *
    (2) For operations under a large aircraft program under Sec.  
1544.101(b) or a full all-cargo program under Sec.  1544.101(h), each 
aircraft operator must--
* * * * *
    (b) This paragraph (b) applies to operations at airports required 
to hold security programs under part 1542 of this chapter. For 
operations under a large aircraft program under Sec.  1544.101(b), or a 
full all-cargo program under Sec.  1544.101(h), each aircraft operator 
must--
* * * * *
    28. Amend Sec.  1544.219 by adding introductory text, and revising 
the introductory text of paragraphs (a) and (b) to read as follows:


Sec.  1544.219  Carriage of accessible weapons.

    This section applies to each aircraft operator required to comply 
with this section under 49 CFR 1544.103.
    (a) Flights for which screening is conducted. The provisions of 
Sec. Sec.  1544.201(d) and 1544.202, with respect to accessible 
weapons, do not apply to a law enforcement officer (LEO) traveling 
armed aboard a flight for which screening is required, if the 
requirements of this section are met.
* * * * *
    (b) Flights for which screening is not conducted. The provisions of 
Sec. Sec.  1544.201(d) and 1544.202, with respect to accessible 
weapons, do not apply to a LEO aboard a flight for which screening is 
not required if the requirements of paragraphs (a)(1), (3), and (4) of 
this section are met.
* * * * *
    29. Amend Sec.  1544.223 by adding introductory text and a new 
paragraph (i), and revising paragraphs (b), (f), and (g) to read as 
follows:


Sec.  1544.223   Transportation of Federal Air Marshals.

    Each aircraft operator under the full program as described in Sec.  
1544.101(a), full all-cargo program as described in Sec.  1544.101(h), 
or the large aircraft program and required to comply with Sec.  
1544.103(f)(1), must comply with paragraphs (a) through (h) of this 
section. Each aircraft operator under the large aircraft program as 
described in Sec.  1544.101(b), other than large aircraft operators 
described in Sec.  1544.103(f)(1), must comply with paragraph (i) of 
this section.
* * * * *
    (b) Each aircraft operator must carry Federal Air Marshals, in the 
number and manner specified by TSA.
* * * * *
    (f) The requirements of Sec. Sec.  1544.219(a) and 1544.241 do not 
apply for a Federal Air Marshal on duty status.
    (g) Each aircraft operator operating under a security program 
pursuant to Sec. Sec.  1544.101(a), (b) and (h), must restrict any 
information concerning the presence, seating, names, and purpose of 
Federal Air Marshals at any station or on any flight to those persons 
with an operational need to know.
* * * * *
    (i) Upon prior notification from TSA, large aircraft operators must 
carry Federal Air Marshals, in the number and manner specified by TSA.
    30. Amend Sec.  1544.237 by adding introductory text and revising 
paragraph (b) to read as follows:


Sec.  1544.237  Flight deck privileges.

    This section applies to each aircraft operator required to comply 
with this section under 49 CFR 1544.103:
* * * * *
    (b) This section does not restrict access for an FAA air carrier 
inspector, a DOD commercial air carrier evaluator, an authorized 
representative of the National Transportation Safety Board, or an Agent 
of the U.S. Secret Service, under 14 CFR parts 121, 125, or 135, or a 
Federal Air Marshal under this part.
    31. Add new Sec.  1544.241 to subpart C to read as follows:

[[Page 64849]]

Sec.  1544.241   Voluntary provision of emergency services.

    This section applies to each aircraft operator that is required to 
comply with this section under 49 CFR 1544.103 and that is an air 
carrier.
    (a) Qualification under this section. An individual is qualified 
for purposes of this section if the individual is qualified under 
Federal, State, local, or tribal law, or under the law of a foreign 
government, has valid standing with the licensing or employing agency 
that issued the credentials, and is a scheduled, on-call, paid, or 
volunteer employee, as one of the following:
    (1) A law enforcement officer who is an employee or authorized by 
the Federal, state, local, or tribal government or under the law of a 
foreign government, with the primary purpose of the prevention, 
investigation, apprehension, or detention of individuals suspected or 
convicted of government offenses.
    (2) A firefighter who is an employee, whether paid or a volunteer, 
of a fire department of any Federal, state, local, or tribal government 
who is certified as a firefighter as a condition of employment and 
whose duty it is to extinguish fires, to protect life, and to protect 
property.
    (3) An emergency medical technician who is trained and certified to 
appraise and initiate the administration of emergency care for victims 
of trauma or acute illness.
    (b) Exemption from liability. (1) Under 49 U.S.C. 44944(b), an 
individual shall not be liable for damages in any action brought in a 
Federal or State court that arises from an act or omission of the 
individual in providing or attempting to provide assistance in the case 
of an in-flight emergency in an aircraft of an air carrier if the 
individual meets the qualifications described in paragraph (a) of this 
section.
    (2) Under 49 U.S.C. 44944(c), exemption described in paragraph 
(b)(1) of this section shall not apply in any case in which an 
individual provides, or attempts to provide, assistance in a manner 
that constitutes gross negligence or willful misconduct.
    (3) The exemption described in paragraph (b)(1) of this section 
applies whether or not the individual has volunteered prior to 
departure under the program described in paragraph (c) of this section.
    (4) For purposes of this paragraph (b), the qualified individual 
need not have his or her credentials present at the time of providing 
or attempting to provide assistance.
    (c) Program for pre-departure volunteers. Each aircraft operator 
must adopt and carry out a program for qualified individuals to 
volunteer, prior to departure, to be called upon by a crew member or 
flight attendant to provide emergency services in the event of an in-
flight emergency. Prior to accepting an offer of voluntary emergency 
services from a qualified individual prior to departure, the aircraft 
operator must request and review any credential, document, and 
identification offered by the individual to determine whether he or she 
meets the definition of a qualified individual.
    (1) The credential, document, or identification must identify the 
service category and bear the individual's name, clear full-face 
picture, and signature and must not have expired, except as provided in 
paragraph (c)(3) of this section.
    (2) If the credential does not bear an expiration date, the 
qualified individual must also present an official letter identifying 
current employment in the relevant service category.
    (3) If the credential does not bear a full-face image of the 
individual, the individual must also present a photo identification 
issued by a government authority.
    (4) An individual whose credential bears an expiration date that 
has passed on the date of the intended flight is not considered a 
qualified individual for purposes of paragraph (c) of this section.
    (d) Law enforcement officers flying armed and federal air marshals. 
The aircraft operator need not apply the requirements of paragraph (c) 
to a law enforcement officer traveling armed pursuant to Sec.  1544.219 
or to a Federal Air Marshal on duty status pursuant to Sec. Sec.  
1544.219 and 1544.223.
    (e) Discretion of the aircraft operator. The aircraft operator has 
full discretion to request, accept, or reject a qualified individual's 
offer of assistance. Nothing in this section prohibits or requires any 
passenger's assistance in an emergency.
    (f) Confidentiality. The aircraft operator must not provide any 
individual, other than the appropriate aircraft operator personnel who 
need to know, the identity or any other personal or professional 
information of any qualified individual offering to provide emergency 
services.
    32. Add new Sec.  1544.243 to subpart C to read as follows:


Sec.  1544.243  Third party audit.

    (a) Applicability. This section applies to aircraft operators 
operating under a large aircraft program under Sec.  1544.101(b).
    (b) General. Each aircraft operator must contract with an auditor 
approved under 49 CFR part 1522 to conduct an audit of the aircraft 
operator's compliance with this chapter and its security program in 
accordance with this section.
    (c) Timing. (1) Initial audit. Except as approved by TSA, each 
aircraft operator must cause the initial audit to be conducted within 
sixty days of the approval of the aircraft operator's security program 
under Sec.  1544.105.
    (2) Biennial audit. Each aircraft operator must cause an audit to 
be conducted 24 months after the aircraft operator's most recent audit 
conducted to meet the requirements in paragraph (c)(1) of this section 
or this paragraph (c)(2). If the aircraft operator completes the audit 
in the month before or the month after it is due, the aircraft operator 
is considered to have completed the audit in the month it is due.
    (d) Auditor's access. Each aircraft operator must provide the 
auditor access to all records, equipment, and facilities necessary for 
the auditor to conduct an audit of the aircraft operator's compliance 
with this chapter and its security program.
    (e) Audit report. Each aircraft operator will receive a copy of the 
audit report from its auditor.
    (f) Comments on audit report. Within 30 days of receiving a copy of 
an audit report from the auditor, an aircraft operator may submit 
written comments on the report to TSA.
    33. Add new Sec.  1544.245 to subpart C to read as follows:


Sec.  1544.245   Passenger vetting for large aircraft operators.

    (a) Applicability and terms used in this section. (1) 
Applicability. (i) Except as provided in paragraph (a)(1)(ii) of this 
section, this section applies to aircraft operators operating under a 
large aircraft program described in Sec.  1544.101(b).
    (ii) This section does not apply to any flight operated by a large 
aircraft operator for which the large aircraft operator has submitted 
advance passenger information to U.S. Custom and Border Protection 
(CBP) under 19 CFR 122.49a, 122.75a, or 122.22 and has complied with 
CBP's instructions. If CBP grants the pilot landing rights under 19 CFR 
122.49a, 122.75a, or 122.22, the large aircraft operator may permit all 
passengers for whom the aircraft operator submitted advance passenger 
information to CBP to board the aircraft. If CBP identifies a passenger 
as a selectee under 19 CFR 122.49a, 122.75a, or 122.22, the large 
aircraft operator may permit the passenger to board the aircraft and 
the large aircraft operator must comply with the

[[Page 64850]]

procedures in its security program pertaining to passengers that are 
identified as selectees. If CBP identifies a passenger as ``not 
cleared'' under 19 CFR 122.49a, 122.75a, or 122.22, the large aircraft 
operator must not permit the passenger to board the aircraft.
    (2) Terms used in this section. In addition to the terms in 
Sec. Sec.  1500.3 and 1540.5 of this chapter, the following terms apply 
in this section:
    Continuous vetting means the process in which an individual's full 
name, date of birth, gender, passport information, and Redress Number 
(if available) are continuously matched against the most current watch-
list in a manner prescribed by TSA.
    Passenger information means:
    (1) Full name of the passenger.
    (2) Date of birth of the passenger, if available.
    (3) Gender of the passenger, if available.
    (4) Passport information, if available.
    (5) Redress Number of the passenger, if available.
    Passport information means the following information from an 
individual's passport:
    (1) Passport number.
    (2) Country of issuance.
    (3) Expiration date.
    (4) Gender.
    (5) Full name.
    Redress Number means the number assigned by DHS to an individual 
processed through the redress procedures described in 49 CFR part 1560, 
subpart C.
    Watch-list refers to the No Fly List and Selectee List components 
of the Terrorist Screening Database maintained by the Terrorist 
Screening Center.
    Watch-list service provider is an entity that TSA has approved 
under 49 CFR part 1544, subpart F, to conduct watch-list matching for 
large aircraft operators required under this section.
    (b) Request for and transmission of passenger information. (1) 
Passenger information list. Except as provided in paragraph (b)(2) of 
this section, each aircraft operator must:
    (i) Request and obtain the full name of every passenger on each 
flight operated by the aircraft operator;
    (ii) Request the gender, date of birth, and Redress Number for 
every passenger on each flight operated by the aircraft operator;
    (iii) Transmit the full name and other available passenger 
information, and any available passport information, to an entity 
approved to conduct watch-list matching under 49 CFR part 1544, subpart 
F (``Watch-list service provider''); and
    (iv) Transmit updated passenger information to its watch-list 
service provider if there are revisions to the passenger's full name, 
date of birth, gender, passport information, or Redress Number.
    (2) Master passenger list. An aircraft operator does not need to 
transmit passenger information required under paragraph (b)(1) of this 
section or await boarding instructions required under paragraph (c) of 
this section for individuals who satisfy all of the following:
    (i) Prior to obtaining and transmitting passenger information under 
paragraphs (b)(2)(ii) and (iii) of this section, the aircraft operator 
must inform the individual that inclusion in the master passenger list 
is voluntary, provide the individual with notice of the purpose and 
procedures related to a master passenger list, and obtain from the 
individual a signed, written statement affirmatively requesting that he 
or she be placed on the master passenger list.
    (ii) The aircraft operator has obtained the full name, gender, date 
of birth, and Redress Number (if available) of the individuals.
    (iii) The aircraft operator has transmitted the full name, gender, 
date of birth, passport information, and Redress Number (if available) 
of the individual and any updated passenger information to a watch-list 
service provider and identified the individual as an individual that 
should be subject to continuous vetting.
    (iv) The aircraft operator ensures that the watch-list service 
provider has responsibility for conducting continuous vetting of the 
individual at the time that the individual boards a flight operated by 
the aircraft operator.
    (v) The watch-list service provider that conducts the continuous 
vetting of the individual has informed the aircraft operator that the 
individual is cleared to board an aircraft after the aircraft operators 
transmits the initial passenger information to the watch-list service 
provider. If the aircraft operator transmits updated passenger 
information, the aircraft operator must wait until the watch-list 
service provider informs the aircraft operator that the individual is 
cleared to board an aircraft.
    (vi) The watch-list service provider that conducts the continuous 
vetting of the individual has not informed the aircraft operator that 
the individual must be inhibited from boarding the aircraft, unless 
explicitly authorized by TSA to permit boarding of the individual.
    (c) Watch-list matching results.  An operator must not permit a 
passenger to board an aircraft until the aircraft operator's watch-list 
service provider informs the aircraft operator of the results of watch-
list matching for that passenger in response to the aircraft operator's 
most recent submission of passenger information for that passenger. The 
aircraft operator must comply with instructions transmitted by the 
watch-list service provider under this paragraph (c), unless explicitly 
instructed otherwise by TSA.
    (1) Cleared to board an aircraft.  If the aircraft operator's 
watch-list service provider instructs the aircraft operator that a 
passenger is cleared, the aircraft operator may permit the passenger to 
board an aircraft.
    (2) Passenger identified as a selectee.  If the aircraft operator's 
watch-list service provider instructs the aircraft operator that a 
passenger is a selectee, the aircraft operator may permit the passenger 
to board an aircraft. The aircraft operator must comply with the 
procedures in its security program pertaining to passengers that are 
identified as selectees.
    (3) Denial to board an aircraft.  If the aircraft operator's watch-
list service provider instructs the aircraft operator that the 
passenger must be inhibited from boarding an aircraft, the aircraft 
operator must not permit the passenger to board an aircraft. If the 
aircraft operator's watch-list service provider instructs the aircraft 
operator to contact TSA for further resolution of the watch-list 
matching results, the aircraft operator must contact TSA in accordance 
with procedures set forth in its security program.
    (4) Override by an aircraft operator. No aircraft operator may 
override an instruction to inhibit a passenger from boarding an 
aircraft, unless explicitly authorized by TSA to do so.
    (5) Updated passenger information from an aircraft operator. When 
an aircraft operator sends updated passenger information to its watch-
list service provider under paragraph (b)(1)(iv) of this section for a 
passenger for whom the watch-list service provider has already 
transmitted an instruction, all previous instructions concerning that 
passenger are voided. The aircraft operator may not permit the 
passenger to board an aircraft until it receives an updated instruction 
concerning the passenger from its watch-list service provider. Upon 
receiving an updated instruction from its watch-list service provider, 
the aircraft operator must comply with the updated instruction and 
disregard all previous instruction.
    (d) Use of the watch-list matching results. An aircraft operator 
must not use any watch-list matching results provided by the watch-list 
service

[[Page 64851]]

provider or TSA for purposes other than those provided in paragraph (c) 
of this section and security purposes.
    34. Add new subparts F and G to part 1544 to read as follows:
Subpart F--Watch-List Service Providers
Sec.
1544.501 Scope and terms used in this subpart.
1544.503 Qualification standards for approval.
1544.505 Application.
1544.507 TSA review and approval.
1544.509 Reconsideration of disapproval of an application.
1544.511 Withdrawal of approval.
1544.513 Responsibilities of watch-list service providers.
1544.515 Security program.

Subpart F--Watch-List Service Providers


Sec.  1544.501  Scope and terms used in this subpart.

    (a) This subpart applies to entities that conduct watch-list 
matching for large aircraft operators under Sec. 1544.245.
    (b) In addition to the terms in Sec. Sec.  1500.3 and 1540.5 of 
this chapter, the following terms apply in this part:
    Applicant means an entity that seeks approval from TSA to conduct 
watch-list matching for large aircraft operators under Sec.  1544.245.
    Covered personnel means:
    (1) Employees who have access to passenger information, the watch-
list, or watch-list matching results; and
    (2) Officers, principals, and program managers responsible for 
access of passenger information, the watch-list, or watch-list matching 
results.
    Large aircraft operator means an aircraft operator described in 
Sec. Sec.  1544.101(b) or 1544.107.
    Passenger information means--
    (1) Full name of the passenger.
    (2) Date of birth of the passenger, if available.
    (3) Gender of the passenger, if available.
    (4) Passport information, if available.
    (4) Redress Number of the passenger, if available.
    Passport information means the following information from an 
individual's passport:
    (1) Passport number.
    (2) Country of issuance.
    (3) Expiration date.
    (4) Gender.
    (5) Full name.
    Continuous vetting means the process in which an individual's full 
name, date of birth, gender, passport information, and Redress Number 
(if available) is continuously matched against the most current watch-
list in a manner prescribed by TSA.
    Redress Number means the number assigned by DHS to an individual 
processed through the redress procedures described in 49 CFR part 1560, 
subpart C.
    Watch-list refers to the No Fly List and Selectee List components 
of the Terrorist Screening Database maintained by the Terrorist 
Screening Center.
    Watch-list service provider is an entity that TSA has approved 
under this subpart to conduct watch-list matching for large aircraft 
operators under Sec.  1544.507.


Sec.  1544.503  Qualification standards for approval.

    To be considered for approval to conduct watch-list matching under 
Sec.  1544.245, the applicant must satisfy all of the following 
requirements.
    (a) The applicant must demonstrate the capability to receive 
passenger information from large aircraft operators described in Sec.  
1544.101(b).
    (b) The applicant must demonstrate the capability to conduct 
automated watch-list matching and continuous vetting of individuals in 
a system that satisfies standards set forth by TSA for the protection 
of personally identifiable information and the security of the system.
    (c) The applicant must demonstrate the capability to transmit 
watch-list matching results to the large aircraft operator.
    (d) The applicant must successfully undergo a suitability 
assessment conducted by TSA including a determination that it does not 
pose or is suspected of posing a threat to transportation or national 
security.
    (e) Every covered personnel of the applicant must successfully 
undergo a security threat assessment under 49 CFR part 1544, subpart G 
and have a valid Determination of No Security Threat.
    (f) The applicant is incorporated within the United States. The 
applicant's operations and systems for conducting watch-list matching 
under this subpart must be located in the United States.


Sec.  1544.505  Application.

    (a) Each applicant must submit an application in a form and manner 
prescribed by TSA.
    (b) An application must include the following information:
    (1) The applicant's full name, business address, business phone 
number, and business email address.
    (2) A statement and other documentary evidence of how the applicant 
meets the qualification standards set forth on Sec.  1544.503.
    (3) A system security plan for its information technology system 
that contains personally identifiable information collected under this 
part and Sec.  1544.245 or is used to conduct watch-list matching. The 
system security plan must comply with standards established by TSA.
    (4) An attestation report of the attestation conducted under Sec.  
1544.513(c)(1)(i).
    (5) A security program that meets requirements in Sec.  1544.515.


Sec.  1544.507  TSA review and approval.

    (a) Review. Upon receiving an application, TSA will review the 
application including the system security plan as described in Sec.  
1544.505(b)(3). TSA may conduct a site visit as part of its review 
process. At its discretion, TSA may approve or disapprove the 
application.
    (b) Approval. If an application is approved, TSA will send the 
applicant a written notice of approval. Once approved, the watch-list 
service provider may perform passenger vetting in accordance with this 
subpart after TSA receives an attestation report for an attestation 
conducted under Sec.  1544.513(c)(1)(i) in which the independent public 
accounting (IPA) firm opines that the watch-list service provider's 
system is in compliance with its system security plan and TSA 
standards.
    (c) Disapproval. TSA will send a written notice of disapproval to 
an applicant whose application is disapproved.


Sec.  1544.509  Reconsideration of disapproval of an application.

    (a) Petition for reconsideration. If an application is disapproved, 
the applicant may seek reconsideration of the decision by submitting a 
written petition for reconsideration to the Assistant Secretary or 
designee within 30 days of receiving the notice of disapproval.
    (b) Review of petition. Upon review of the petition for 
reconsideration, the Assistant Secretary or designee disposes of the 
petition by either affirming the disapproval of the application or 
approving the application. The Assistant Secretary or designee may 
request additional information from the applicant prior to rendering a 
decision.


Sec.  1544.511  Withdrawal of approval.

    (a) Basis for withdrawal of approval. TSA may withdraw approval to 
conduct watch-list matching if a watch-list service provider ceases to 
meet the qualification standards for approval, fails to fulfill its 
responsibilities, or in the interest of security or the public.
    (b) Notice of withdrawal. (1) Except as provided in paragraph (c) 
of this

[[Page 64852]]

section, TSA will provide a written notice of proposed withdrawal of 
approval to the watch-list service provider.
    (2) The notice of withdrawal of approval will include the basis of 
the withdrawal of approval.
    (3) Unless the watch-list service provider files a written petition 
for reconsideration under paragraph (d) of this section, the notice of 
proposed withdrawal of approval will become a final notice of 
withdrawal of approval 31 days after the watch-list service provider's 
receipt of the notice of proposed withdrawal of approval.
    (c) Emergency notice of withdrawal of approval. (1) If TSA finds 
that there is an emergency requiring immediate action with respect to a 
watch-list service provider's ability to conduct watch-list matching, 
TSA may withdraw approval of that watch-list service provider without 
prior notice.
    (2) TSA will incorporate in the emergency notice of withdrawal of 
approval a brief statement of the reasons and findings for the 
withdrawal of approval.
    (3) The emergency notice of withdrawal of approval is effective 
upon the watch-list service provider's receipt of the notice. The 
watch-list service provider may file a written petition for 
reconsideration under paragraph (d) of this section; however, this does 
not stay the effective date of the emergency notice of withdrawal of 
approval.
    (d) Petition for reconsideration. A watch-list service provider may 
seek reconsideration of the withdrawal of approval of approval by 
submitting a written petition for reconsideration to the Assistant 
Secretary or designee within 30 days of receiving the notice of 
withdrawal of approval.
    (e) Review of petition. Upon review of the petition for 
reconsideration, the Assistant Secretary or designee disposes of the 
petition by either affirming or withdrawing the withdrawal of approval. 
The Assistant Secretary or designee may request additional information 
from the watch-list service provider prior to rendering a decision.


Sec.  1544.513  Responsibilities of watch-list service providers.

    (a) Security program. Each watch-list service provider must adopt 
and carry out a security program that meets the requirements of Sec.  
1544.515.
    (b) System security plan. Each watch-list provider must comply with 
its approved system security plan.
    (c) Authorized watch-list matching. Each watch-list service 
provider may only conduct watch-list matching for aircraft operators 
that hold a large aircraft program, as described in Sec.  1544.101(b), 
that is approved by TSA under Sec.  1544.105. Each watch-list service 
provider must confirm with TSA that an aircraft operator holds an 
approved large aircraft program prior to commencement of watch-list 
matching for that aircraft operator.
    (d) Attestation of compliance. (1) Each watch-list service provider 
must contract with a qualified IPA firm to conduct an attestation of 
the watch-list service provider's compliance with its system security 
plan and TSA standards for systems that are used to conduct watch-list 
matching as follows:
    (i) An attestation must be conducted prior to commencement of 
watch-list matching operations;
    (ii) An attestation must be conducted 6 months after commencement 
of watch-list matching operations; and
    (iii) An attestation must be conducted 12 months after the watch-
list service provider's most recent attestation conducted to meet the 
requirements in paragraph (c)(1)(ii) of this section or this paragraph 
(c)(1)(iii). If the watch-list service provider completes the 
attestation in the month before or the month after it is due, the 
watch-list service provider is considered to have completed the 
attestation in the month it is due.
    (2) The IPA firm conducts the attestation in accordance with the 
American Institute of Certified Public Accountants' (AICPA) Statement 
for Standards on Attestation Engagements 10 and TSA standards;
    (3) The IPA firm must prepare and submit a report, in a form and 
manner prescribed by TSA, for each audit conducted under paragraph 
(c)(1) of this section.
    (4) An IPA firm is qualified for purposes of paragraph (c)(1) of 
this section if:
    (i) The selection of the IPA firm was in accordance with the 
relevant AICPA guidance regarding independence; and
    (ii) The IPA firm demonstrates the capability to assess information 
system security and process controls. TSA reserves the right to reject 
the IPA firm's attestation if, in TSA's judgment, the IPA firm is not 
sufficiently qualified to perform these services.
    (e) Sensitive Security Information. Each watch-list service 
provider must comply with the requirements in 49 CFR part 1520 
regarding the handling and protection of Sensitive Security 
Information.
    (f) Non-disclosure of proprietary information. Unless explicitly 
authorized by TSA, each watch-list service provider may not further 
release or disseminate any information that TSA or a large aircraft 
operator indicates as proprietary information and provides to the 
watch-list service provider.
    (g) Privacy policy. Each watch-list service provider must adopt and 
make public a privacy policy.
    (h) TSA inspection authority. (1) Each watch-list service provider 
must allow TSA, at any time or place, to make any inspections or tests, 
including copying records, to determine compliance of a watch-list 
service provider or a large aircraft operator with--
    (i) This subpart, 49 CFR 1544.245, and part 1520 of this chapter; 
and
    (ii) 49 U.S.C. Subtitle VII, as amended.
    (2) At the request of TSA, each watch-list service provider must 
provide evidence of compliance with this subpart.
    (i) Use of watch-list. Watch-list service providers may not use the 
passenger information transmitted under Sec.  1544.245 and obtained 
under this subpart, the watch-list, or the watch-list matching results 
for any purpose other than to conduct watch-list matching under this 
part in accordance with their security programs.


Sec.  1544.515  Security program.

    (a) Each watch-list service provider must adopt and carry out a 
security program that includes all of the following requirements:
    (1) Procedures for conducting watch-list matching in a manner 
prescribed by TSA.
    (2) Procedures for sending instructions back to aircraft operators 
based on the results of the watch-list matching.
    (3) Procedures for contacting TSA for resolution of passengers that 
are potential matches to the watch-list.
    (4) Procedures for identifying passengers about whom a large 
aircraft operator must contact TSA for resolution of a potential match 
to the watch-list.
    (5) Procedures for complying with its system security plan.
    (6) Procedures for ensuring the physical security of the system 
used to conduct watch-list matching and the space and furniture used to 
receive passenger information from aircraft operators, to conduct 
watch-list matching, to transmit watch-list results to aircraft 
operators, and to store documents related to watch-list matching.
    (7) Procedures for training covered personnel on the requirements 
of this subpart.
    (8) Procedures for conducting continuous vetting of individuals.

[[Page 64853]]

    (9) Procedures for providing personnel that is available to TSA 24 
hours a day, 7 days a week.
    (10) Procedures to identify, handle, and protect Sensitive Security 
Information.
    (11) Procedures to maintain confidentiality of proprietary 
information.
    (b) A watch-list service provider or TSA may amend an approved 
security program using the procedures in Sec.  1544.105.
    (c) TSA may withdraw approval of a security program using 
procedures in Sec.  1540.301.
Subpart G--Security Threat Assessments for Large Aircraft Flight Crew, 
Applicants To Become TSA-Approved Auditors and Watch-List Service 
Providers Covered Personnel
Sec.
1544.601 Scope and expiration.
1544.603 Enrollment for security threat assessments.
1544.605 Content of security threat assessment.
1544.607 Criminal history records check (CHRC).
1544.609 Other analyses.
1544.611 Final disposition.
1544.613 Withdrawal of Determination of No Security Threat.
1544.615 Appeals.
1544.617 Fees.
1544.619 Notice to employers.

Subpart G--Security Threat Assessments for Large Aircraft Flight 
Crew, Applicants To Become TSA-Approved Auditors and Watch-List 
Service Providers Covered Personnel


Sec.  1544.601  Scope and expiration.

    (a) Scope. This subpart applies to the following individuals who 
must undergo a security threat assessment:
    (1) Flight crew member for aircraft operators required to hold a 
large aircraft security program under Sec.  1544.101(b);
    (2) Individuals authorized to perform screening functions under 
Sec.  1544.103(f)(1);
    (3) Applicant to become a TSA-approved auditor under Sec.  
1522.203; and
    (4) Watch-list service provider covered personnel under Sec.  
1544.503.
    (b) Expiration. A Determination of No Security Threat issued under 
Sec.  1544.611(a) is valid for five years from the date that the 
individual receives the determination unless TSA issues a withdrawal of 
Determination of No Security Threat under Sec.  1544.613 that results 
in a Final Determination of Security Threat Assessment. An individual 
may renew a Determination of No Security Threat using the procedures 
set forth in this subpart.
    (c) Individuals who have undergone a CHRC under Sec.  1544.229 or 
1544.230. Flight crew members or employees or contract employees 
authorized to perform screening functions who have undergone a 
fingerprint-based criminal history records check under Sec. Sec.  
1544.229 or 1544.230 within five years of the effective date of this 
rule are not required to undergo a security threat assessment under 
this part until 5 years after the date of their notification of the 
results of their criminal history records check.


Sec. Sec.  1544.603  Enrollment for security threat assessments.

    (a) Except for paragraphs (a)(4) and (a)(12)-(16) of this section, 
an individual who is required to undergo a security threat assessment 
under this subpart must provide the following information to TSA in a 
manner and time prescribed by TSA:
    (1) Legal name, including first, middle, and last; any applicable 
suffix; and any other name used previously.
    (2) Current mailing address and residential address if it differs 
from the mailing address; and the previous residential address.
    (3) Date of birth.
    (4) Social security number. Providing the social security number is 
voluntary; however, failure to provide it will delay and may prevent 
completion of the threat assessment.
    (5) Gender.
    (6) Height, weight, hair and eye color.
    (7) City, state, and country of birth.
    (8) Immigration status and date of naturalization if the individual 
is a naturalized citizen of the United States.
    (9) Alien registration number, if applicable.
    (10) The name, telephone number, and address of the individual's 
current employer(s). If the individual's current employer is the U.S. 
military service, include the branch of the service.
    (11) Fingerprints in a manner prescribed by TSA.
    (12) Passport number, city of issuance, date of issuance, and date 
of expiration. This information is voluntary and may expedite the 
adjudication process for individuals who are U.S. citizens born abroad.
    (13) Department of State Consular Report of Birth Abroad. This 
information is voluntary and may expedite the adjudication process for 
individuals who are U.S. citizens born abroad.
    (14) If the individual is not a national or citizen of the United 
States, the alien registration number and/or the number assigned to the 
applicant on the U.S. Customs and Border Protection Arrival-Departure 
Record, Form I-94. This information is voluntary and may expedite the 
adjudication process for individuals who are not U.S. citizens.
    (15) Whether the applicant has previously completed a TSA threat 
assessment, and if so the date and program for which it was completed. 
This information is voluntary and may expedite the adjudication process 
for applicants who have completed a TSA security threat assessment.
    (16) Whether the applicant currently holds a federal security 
clearance, and if so, the date of and agency for which the clearance 
was performed. This information is voluntary and may expedite the 
adjudication process for applicants who have completed a federal 
security threat assessment.
    (b) The individual must certify and date receipt of the following 
statement:

    Privacy Act Statement: Authority: 49 U.S.C. 114, 40113. Purpose: 
This information will be used to verify your identity and to conduct 
a security threat assessment to evaluate your suitability for a 
position for which this security threat assessment is required. 
Furnishing this information, including your SSN, is voluntary; 
however, failure to provide it will delay and may prevent the 
completion of your security threat assessment. Routine Uses: 
Includes disclosure to the FBI to retrieve your criminal history 
record; to appropriate governmental agencies for licensing, law 
enforcement, or security purposes, or in the interests of national 
security; and to foreign and international governmental authorities 
in accordance with law and international agreement. For further 
information, see TSA 002 System of Records Notice.

    (c) The individual must provide a statement, signature, and date of 
signature that he or she--
    (1) Was not convicted, or found not guilty by reason of insanity, 
of a disqualifying criminal offense identified in Sec.  1544.229(d) in 
any jurisdiction during the 10 years before the date of the 
individual's application for a security threat assessment under this 
subpart.
    (2) Is not wanted, or under indictment, in a civilian or military 
jurisdiction, for a disqualifying criminal offense identified in Sec.  
1544.229(d);
    (3) Has, or has not, served in the military, and if so, the branch 
in which he or she served, the date of discharge, and the type of 
discharge; and
    (4) Has been informed that Federal regulations under 49 CFR 
1544.607 impose a continuing obligation on the individual to disclose 
to TSA if he or she is convicted, or found not guilty by reason of 
insanity of a disqualifying crime.

[[Page 64854]]

    (d) Each individual must complete and sign the application prior to 
submitting his or her fingerprints.
    (e) The individual must certify and date receipt of the following 
statement, immediately before the signature line:

    The information I have provided on this application is true, 
complete, and correct, to the best of my knowledge and belief, and 
is provided in good faith. I understand that a knowing and willful 
false statement, or an omission of a material fact on this 
application, can be punished by fine or imprisonment or both (see 
section 1001 of Title 18 United States Code), and may be grounds for 
denial of approval for the position or privilege for which this 
security threat assessment is required.

    (f) A flight crew member for a large aircraft, an individual 
authorized to perform screening functions, or a watch-list service 
provider covered personnel must certify the following statement in 
writing:

    I acknowledge that if the Transportation Security Administration 
determines that I pose a security threat, my employer may be 
notified.

    (g) If an Enrollment Provider enrolls an individual, the Enrollment 
Provider must:
    (1) Verify the identity of the individual through two forms of 
identification prior to fingerprinting, and ensure that the printed 
name on the fingerprint application is legible. At least one of the two 
forms of identification must have been issued by a government 
authority, and at least one must include a photo.
    (2) Advise the individual that a copy of the criminal record 
received from the FBI will be provided to the individual, if requested 
by the individual in writing;
    (3) Identify a point of contact if the individual has questions 
about the results of the CHRC; and
    (4) Collect, control, and process one set of legible and 
classifiable fingerprints under direct observation by the enrollment 
provider or a law enforcement officer.
    (5) Submit the biographic or biometric data and the application to 
TSA in the manner specified by TSA.


Sec.  1544.605  Content of the security threat assessment.

    The security threat assessment TSA conducts under this subpart 
includes a criminal history records check, other analyses, and a final 
disposition.


Sec.  1544.607  Criminal history records check (CHRC).

    (a) Fingerprints and other information used. In conducting criminal 
history record checks under this subpart, TSA uses fingerprints and may 
use other identifying information.
    (b) Submission of fingerprints to FBI/CJIS. In order to conduct a 
fingerprint-based criminal history records check, TSA transmits the 
fingerprints to the FBI/CJIS in accordance with the FBI/CJIS 
fingerprint submission standards, receives the results from the FBI/
CJIS, and adjudicates the results of the check in accordance with this 
section.
    (c) Adjudication of results. (1) TSA determines that an individual 
does not pose a security threat warranting denial of approval based on 
a disqualifying criminal offense if the individual does not have a 
disqualifying criminal offense described in Sec.  1544.229(d).
    (2) An applicant who is wanted, or under indictment in any civilian 
or military jurisdiction for a felony listed in this section, is 
disqualified until the want or warrant is released or the indictment is 
dismissed.
    (d) Determination of arrest status. When a CHRC on an individual 
described in this subpart discloses an arrest for any disqualifying 
criminal offense listed in Sec.  1544.229(d) without indicating a 
disposition, the individual must provide documentation demonstrating 
that the arrest did not result in a disqualifying offense before the 
individual may assume a position or perform a function for which a 
criminal history records check under this Subpart is required. If the 
disposition did not result in a conviction or in a finding of not 
guilty by reason of insanity of one of the offenses listed in Sec.  
1544.229(d), the individual is not disqualified under this section.
    (e) Limits on dissemination of results. Criminal record information 
provided by the FBI may be used only to carry out this section and 
Sec.  1544.229. No person may disseminate the results of a CHRC to 
anyone other than:
    (1) The individual to whom the record pertains, or that 
individual's authorized representative.
    (2) Entities who are determining whether to grant the individual a 
position or function for which the criminal history records check in 
this subpart is required.
    (3) Others designated by TSA.
    (f) Correction of FBI records and notification of disqualification. 
(1) Before making a final decision to deny a position or privilege to 
an individual required to undergo a criminal history records check 
prescribed by this section, TSA will serve an Initial Determination of 
Threat Assessment and advise him or her that the FBI criminal record 
discloses information that would disqualify him or her from the 
position or privilege and will provide the individual a copy of the FBI 
record if he or she requests it.
    (2) The individual may contact the local jurisdiction responsible 
for the information and the FBI to complete or correct the information 
contained in his or her record, subject to the following conditions--
    (i) Within 30 days after being advised that the criminal record 
received from the FBI discloses a disqualifying criminal offense, the 
individual must notify TSA of his or her intent to correct any 
information he or she believes to be inaccurate.
    (ii) If no notification, as described in paragraph (f)(3)(1) of 
this section, is received within 30 days, TSA will make a final 
determination to deny the individual the position or privilege.
    (g) Continuing obligations to disclose. An individual who received 
a Determination of No Security Threat under this subpart must disclose 
to TSA or to another entity identified by TSA within 24 hours if he or 
she is convicted of any disqualifying criminal offense that occurs 
while he or she is has a Determination of No Security Threat that has 
not expired.


Sec.  1544.609  Other analyses.

    To conduct other analyses, TSA completes the following procedures:
    (a) Reviews the individual information required in 49 CFR 1544.603.
    (b) TSA may search domestic and international Government databases 
to determine if an individual meets the requirements of 49 CFR 1572.107 
or to confirm an individual's identity. TSA may determine that an 
applicant poses a security threat based on a search of the following 
databases:
    (1) Interpol and other international databases, as appropriate.
    (2) Terrorist watch-lists and related databases.
    (3) Any other databases relevant to determining whether an 
applicant poses, or is suspected of posing, a security threat, or that 
confirm an applicant's identity.


Sec.  1544.611  Final disposition.

    Following completion of the procedures described in Sec. Sec.  
1544.607 and 1544.609, the following procedures apply, as appropriate:
    (a) TSA serves a Determination of No Security Threat to the 
individual if TSA determines that an individual meets the security 
threat assessment standards described in Sec. Sec.  1544.607 and 
1544.609.
    (b) TSA serves an Initial Determination of Threat Assessment on the 
individual if TSA determines that the individual does not meet the

[[Page 64855]]

security threat assessment standards described in Sec. Sec.  1544.607 
and 1544.609. The Initial Determination of Threat Assessment includes--
    (1) A statement that TSA has determined that the individual poses 
or is suspected of posing a security threat warranting disapproval of 
the application to assume a position or perform a function for which a 
security threat assessment under this subpart is required;
    (2) The basis for the determination;
    (3) Information about how the individual may appeal the 
determination, as described in Sec.  1544.615; and
    (4) A statement that if the individual chooses not to appeal TSA's 
determination within 30 days after receipt of the Initial 
Determination, or does not request an extension of time within 30 days 
after receipt of the Initial Determination in order to file an appeal, 
the Initial Determination becomes a Final Determination of Threat 
Assessment.
    (5) TSA serves a Withdrawal of the Initial Determination of Threat 
Assessment or a Withdrawal of Final Determination of Threat Assessment 
on the individual, if the appeal results in a finding that the 
individual does not pose a threat to security.


Sec.  1544.613  Withdrawal of Determination of No Security Threat.

    (a) TSA may withdraw a Determination of No Security Threat issued 
under Sec.  1544.611(a) at any time it determines that a flight crew 
member, an individual authorized to perform screening functions, a TSA-
approved auditor, or a watch-list service provider poses or is 
suspected of posing a security threat warranting withdrawal of the 
Determination of No Security Threat.
    (b) TSA serves withdrawal of the Determination of No Security 
Threat on the individual if TSA determines that the individual does not 
meet the security threat assessment standards described in Sec. Sec.  
1544.607 and 1544.609. The withdrawal of the Determination of No 
Security Threat includes--
    (1) A statement that TSA has determined that the individual poses 
or is suspected of posing a security threat warranting disapproval of 
the application to assume a position or perform a function for which a 
security threat assessment under this subpart is required;
    (2) The basis for the determination;
    (3) Information about how the individual may appeal the 
determination, as described in Sec.  1544.615; and
    (4) A statement that if the individual chooses not to appeal TSA's 
Initial Determination within 30 days after receipt of the withdrawal of 
the Determination of No Security Threat, or does not request an 
extension of time within 30 days after receipt of the withdrawal of the 
Determination of No Security Threat in order to file an appeal, the 
withdrawal of the Determination of No Security Threat becomes a Final 
Determination of Threat Assessment.
    (5) TSA serves a Final Determination of Threat Assessment on the 
individual, if the appeal results in a finding that the individual does 
not pose a threat to security.


Sec.  1544.615  Appeals.

    If the individual appeals the Initial Determination of Threat 
Assessment or a withdrawal of the Determination of No Security Threat, 
the procedures in 49 CFR part 1515 apply.


Sec.  1544.617  Fees.

    (a) Individuals required to undergo a security threat assessment 
must pay the Security Threat Assessment fee of $56.75 and the cost for 
the FBI to process fingerprint identification records under Public Law 
101-515.
    (b) The Security Threat Assessment fee described in paragraph (a) 
of this section may be adjusted annually on or after October 1, 2007, 
by publication of an inflation adjustment. A final rule in the Federal 
Register will announce the inflation adjustment. The adjustment shall 
be a composite of the Federal civilian pay raise assumption and non-pay 
inflation factor for that fiscal year issued by the Office of 
Management and Budget for agency use in implementing OMB Circular A-76, 
weighted by the pay and non-pay proportions of total funding for that 
fiscal year. If Congress enacts a different Federal civilian pay raise 
percentage than the percentage issued by OMB for Circular A-76, the 
Department of Homeland Security may adjust the fees to reflect the 
enacted level.
    (c) If the FBI amends its fee to process fingerprint identification 
records under Public Law 101-515, TSA or its agent will collect the 
amended fee.
    (d) When an individual submits the enrollment information, as 
required under 1544.603, to obtain or renew a security threat 
assessment, the fee must be remitted to TSA or its approved agent in a 
form and manner approved by TSA.
    (e) TSA will not issue any refunds of fees required under this 
section.
    (f) Information about payment options is available though the 
designated TSA headquarters point of contact. Individual personal 
checks are not acceptable.


Sec.  1544.619  Notice to employers.

    (a) If the individual is a large aircraft flight crew member, an 
individual authorized to perform screening functions, or a watch-list 
service provider covered personnel, TSA will notify the individual's 
employer that it has served a Determination of No Security Threat, a 
Final Determination of Threat Assessment, or a Withdrawal of Final 
Determination of Threat Assessment, as applicable, to the individual.
    (b) Each employer must retain a copy of the notification described 
in paragraph (a) of this section for five years.

PART 1550--AIRCRAFT SECURITY UNDER GENERAL OPERATING AND FLIGHT 
RULES

    35. The authority citation for part 1550 continues to read as 
follows:

    Authority: 49 U.S.C. 114, 5103, 40113, 44901-44907, 44913-44914, 
44916-44918, 44935-44936, 44942, 46105.

    36. Amend Sec.  1550.5 by revising paragraph (a), and removing and 
reserving paragraph (d) to read as follows:


Sec.  1550.5  Operations using a sterile area.

    (a) Applicability of this section. This section applies to all 
aircraft operations in which passengers, crewmembers, or other 
individuals are enplaned from or deplaned into a sterile area, except 
for aircraft operators that have a security program accepted or 
approved under part 1544 or 1546 of this chapter.
* * * * *
    (d) [Reserved]
* * * * *
    37. Amend Sec.  1550.7 by revising paragraph (a) to read as 
follows:


Sec.  1550.7  Operations in aircraft over 12,500 pounds.

    (a) Applicability of this section. This section applies to each 
aircraft operation conducted in an aircraft with a maximum certificated 
takeoff weight of over 12,500 pounds except for those operations 
specified in Sec.  1550.5 and those operations conducted under a 
security program under part 1544 or 1546 of this chapter.
* * * * *

    Issued in Arlington, Virginia, on October 2, 2008.
Kip Hawley,
Assistant Secretary.
[FR Doc. E8-23685 Filed 10-29-08; 8:45 am]
BILLING CODE 4910-52-P