[Federal Register Volume 80, Number 243 (Friday, December 18, 2015)]
[Notices]
[Pages 79058-79066]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-31625]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. DHS-2015-0052]


Chemical Facility Anti-Terrorism Standards Personnel Surety 
Program

AGENCY: National Protection and Programs Directorate, DHS.

ACTION: Implementation of the CFATS Personnel Surety Program.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security (DHS), National Protection 
and Programs Directorate (NPPD), Office of Infrastructure Protection 
(IP) is providing notice to the public and chemical facilities 
regulated under the Chemical Facility Anti-Terrorism Standards (CFATS) 
that it is commencing implementation of the CFATS Personnel Surety 
Program. CFATS requires regulated chemical facilities to implement 
security measures designed to ensure that certain individuals with or 
seeking access to the restricted areas or critical assets at those 
chemical facilities are screened for terrorist ties. The CFATS 
Personnel Surety Program enables regulated chemical facilities to meet 
this requirement.

DATES: This notice is effective as of the date of publication.

ADDRESSES: Questions about this notice may be directed by mail to the 
DHS/NPPD/IP/Infrastructure Security Compliance Division CFATS Program 
Manager at the Department of Homeland Security, 245 Murray Lane, SW., 
Mail Stop 0610, Arlington, VA 20528-0610. Questions, which include 
trade secrets, confidential commercial or financial information, 
Chemical-terrorism Vulnerability Information (CVI),\1\ Sensitive 
Security Information (SSI),\2\ or Protected Critical Infrastructure 
Information (PCII),\3\ should be properly safeguarded.
---------------------------------------------------------------------------

    \1\ For more information about CVI see 6 CFR 27.400 and the CVI 
Procedural Manual at http://www.dhs.gov/xlibrary/assets/chemsec_cvi_proceduresmanual.pdf.
    \2\ For more information about SSI see 49 CFR part 1520 and the 
SSI Program Web page at www.tsa.gov.
    \3\ For more information about PCII see 6 CFR part 29 and the 
PCII Program Web page at http://www.dhs.gov/protected-critical-infrastructure-information-pcii-program.
---------------------------------------------------------------------------

Table of Contents

 
 
 
I. Notice of Implementation.................................           3
II. Statutory and Regulatory History of the CFATS Personnel            4
 Surety Program.............................................
III. Contents and Requirements of the CFATS Personnel Surety           7
 Program....................................................
    A. Who Must be Checked for Terrorist Ties?..............           7
    B. Checking for Terrorist Ties During an Emergency or              8
     Exigent Situation......................................
    C. High-Risk Chemical Facilities have Flexibility when             8
     Implementing the CFATS Personnel Surety Program........
    D. Options Available to High-Risk Chemical Facilities to           9
     Comply with RBPS 12(iv)................................
    E. High-Risk Chemical Facilities may Use More Than One            17
     Option.................................................
    F. High-Risk Chemical Facilities may Propose Additional           17
     Options................................................
    G. Security Considerations for High-risk Chemical                 18
     Facilities to Weigh in Selecting Options...............
    H. When the Check for Terrorist Ties Must be Completed..          20
IV. Additional Details about Option 1 and Option 2 (Which             21
 Involve the Submission of Information to the Department)...
    A. Submission of a New Affected Individual's Information          21
     under Option 1 or Option 2.............................
    B. Updates & Corrections to Information about Affected            22
     Individuals under Option 1 or Option 2.................
    C. Notification that an Affected Individual No Longer             23
     Has Access under Option 1 or Option 2..................
    D. What/Who is the Source of the Information under                23
     Option 1 and Option 2..................................
V. CSAT User Roles and Responsibilities.....................          24
VI. Privacy Considerations..................................          25
    A. Privacy Act Requirements To Enable Option 1 and                26
     Option 2...............................................
    B. Redress..............................................          27
    C. Additional Privacy Considerations Related to Option 1          27
     And Option 2...........................................
    D. Additional Privacy Considerations for Option 3 and             28
     Option 4:..............................................
VII. Information a High-Risk Chemical Facility may Wish to            29
 Consider Including in its SSP..............................
 

I. Notice of Implementation

    The Department is publishing this notice to inform Tier 1 and Tier 
2 high-risk chemical facilities regulated under CFATS of the 
implementation of the CFATS Personnel Surety Program.\4\ High-risk 
chemical facilities will be individually notified as to when the 
Department will expect each high-risk

[[Page 79059]]

chemical facility to begin implementing risk based performance standard 
(RBPS) 12(iv) in accordance with its Site Security Plan (SSP).\5\
---------------------------------------------------------------------------

    \4\ The Department intends to expand the scope of the CFATS 
Personnel Surety Program to include Tier 3 and Tier 4 high-risk 
chemical facilities after implementing the CFATS Personnel Surety 
Program at Tier 1 and Tier 2 high-risk chemical facilities. Any 
expansion to include Tier 3 and Tier 4 high-risk chemical facilities 
will require updates to the CFATS Personnel Surety Program 
Information Collection Request. The Department will publish another 
notice to inform Tier 3 and Tier 4 high-risk chemical facilities of 
program expansion after making necessary updates to the CFATS 
Personnel Surety Program Information Collection Request.
    \5\ Throughout this notice any reference to SSPs also refers to 
Alternative Security Programs submitted by high-risk chemical 
facilities as described in 6 CFR 27.235.
---------------------------------------------------------------------------

II. Statutory and Regulatory History of the CFATS Personnel Surety 
Program

    Section 550 of the Department of Homeland Security Appropriations 
Act of 2007, Public Law 109-295 (2006) (``Section 550''), provided the 
Department with the authority to identify and regulate the security of 
high-risk chemical facilities using a risk-based approach. On April 9, 
2007, the Department issued the CFATS Interim Final Rule (IFR) 
implementing this statutory mandate. See 72 FR 17688.
    Section 550 required that the Department establish risk-based 
performance standards for high-risk chemical facilities, and through 
the CFATS regulations the Department promulgated 18 RBPSs, including 
RBPS 12--Personnel Surety. Under RBPS 12, high-risk chemical facilities 
regulated under CFATS are required to account for the conduct of 
certain types of background checks in their Site Security Plans. 
Specifically, RBPS 12 requires high-risk chemical facilities to:

    Perform appropriate background checks on and ensure appropriate 
credentials for facility personnel, and as appropriate, for 
unescorted visitors with access to restricted areas or critical 
assets, including, (i) Measures designed to verify and validate 
identity; (ii) Measures designed to check criminal history; (iii) 
Measures designed to verify and validate legal authorization to 
work; and (iv) Measures designed to identify people with terrorist 
ties[.]

6 CFR 27.230(a)(12).

    The first three aspects of RBPS 12 (checks for identity, criminal 
history, and legal authorization to work) have already been 
implemented, and high-risk chemical facilities have addressed these 
aspects of RBPS 12 in their Site Security Plans. This notice announces 
to the public and chemical facilities that it is commencing 
implementation of the CFATS Personnel Surety Program, which requires 
Tier 1 and Tier 2 facilities to implement security measures designed, 
to ensure that certain individuals with or seeking access to the 
restricted areas or critical assets at those chemical facilities are 
screened for terrorist ties.
    Identifying affected individuals who have terrorist ties is an 
inherently governmental function and requires the use of information 
held in government-maintained databases that are unavailable to high-
risk chemical facilities. See 72 FR 17688, 17709 (April 9, 2007). Thus, 
under RBPS 12(iv), the Department and high-risk chemical facilities 
must work together to satisfy the ``terrorist ties'' aspect of the 
Personnel Surety performance standard. To implement the provisions of 
RBPS 12(iv), and in accordance with the Homeland Security Act as 
amended by the Protecting and Securing Chemical Facilities from 
Terrorist Attacks Act of 2014, Public Law 113-254,\6\ the following 
options will be available to enable high-risk chemical facilities to 
facilitate terrorist-ties vetting of affected individuals.
---------------------------------------------------------------------------

    \6\ Section 2 of Public Law 113-254 adds a new Title XXI to the 
Homeland Security Act of 2002. Title XXI contains new sections 
numbered 2101 through 2109. Citations to the Homeland Security Act 
of 2002 throughout this document reference those sections of Title 
XXI. In addition to being found in amended versions of the Homeland 
Security Act of 2002, those sections of Title XXI can also be found 
in section 2 of the CFATS Act of 2014, or in 6 U.S.C. 621-629.
---------------------------------------------------------------------------

    Option 1. High-risk chemical facilities may submit certain 
information about affected individuals that the Department will use to 
vet those individuals for terrorist ties. Specifically, the identifying 
information about affected individuals will be compared against 
identifying information of known or suspected terrorists contained in 
the federal government's consolidated and integrated terrorist 
watchlist, the Terrorist Screening Database (TSDB), which is maintained 
by the Department of Justice (DOJ) Federal Bureau of Investigation 
(FBI) in the Terrorist Screening Center (TSC).\7\
---------------------------------------------------------------------------

    \7\ For more information about the TSDB, see DOJ/FBI--019 
Terrorist Screening Records System, 72 FR 47073 (August 22, 2007).
---------------------------------------------------------------------------

    Option 2. High-risk chemical facilities may submit information 
about affected individuals who already possess certain credentials that 
rely on security threat assessments conducted by the Department. See 72 
FR 17688, 17709 (April 9, 2007). This will enable the Department to 
verify the continuing validity of these credentials.
    Option 3. High-risk chemical facilities may comply with RBPS 12(iv) 
without submitting to the Department information about affected 
individuals who possess Transportation Worker Identification 
Credentials (TWICs), if a high-risk chemical facility electronically 
verifies and validates the affected individual's TWICs through the use 
of TWIC readers (or other technology that is periodically updated using 
the Canceled Card List).
    Option 4. High-risk chemical facilities may visually verify certain 
credentials or documents that are issued by a Federal screening program 
that periodically vets enrolled individuals against the Terrorist 
Screening Database (TSDB). The Department continues to believe that 
visual verification has significant security limitations and, 
accordingly, encourages high-risk chemical facilities choosing this 
option to identify in their Site Security Plans the means by which they 
plan to address these limitations.
    Each of these options is described in further detail below in 
Section III.D.

III. Contents and Requirements of the CFATS Personnel Surety Program

    The CFATS Personnel Surety Program enables the Department and high-
risk chemical facilities to mitigate the risk that certain individuals 
with or seeking access to restricted areas or critical assets at high-
risk chemical facilities may have terrorist ties.

A. Who Must be Checked for Terrorist Ties?

    RBPS 12(iv) requires that certain individuals with or seeking 
access to restricted areas or critical assets at high-risk chemical 
facilities be checked for terrorist ties. These individuals are 
referred to as ``affected individuals.'' Specifically, affected 
individuals are facility personnel or unescorted visitors with or 
seeking access to restricted areas or critical assets at high-risk 
chemical facilities. High-risk facilities may classify particular 
contractors or categories of contractors either as ``facility 
personnel'' or as ``visitors.'' This determination should be a 
facility-specific determination, and should be based on facility-
security considerations, operational requirements, and business 
practices.
    There are also certain groups of persons, which the Department does 
not consider to be affected individuals, such as (1) federal officials 
who gain unescorted access to restricted areas or critical assets as 
part of their official duties; (2) state and local law enforcement 
officials who gain unescorted access to restricted areas or critical 
assets as part of their official duties; and (3) emergency responders 
at the state or local level who gain unescorted access to restricted 
areas or critical assets during emergency situations.

B. Checking for Terrorist Ties During an Emergency or Exigent Situation

    In some emergency or exigent situations, access to restricted areas 
or critical assets by other individuals who have not had appropriate 
background checks under RBPS 12 may be necessary. For example, 
emergency

[[Page 79060]]

responders who are not emergency responders at the state or local level 
may require such access as part of their official duties under 
appropriate circumstances. If high-risk chemical facilities anticipate 
that an individual will require access to restricted areas or critical 
assets without visitor escorts or without the background checks listed 
in RBPS 12 under exceptional circumstances (e.g., foreseeable but 
unpredictable circumstances), high-risk chemical facilities may 
describe such situations and the types of individuals who might require 
access in those situations in their SSPs. The Department will assess 
the situations described, and any security measures the high-risk 
chemical facility plans to take to mitigate vulnerabilities presented 
by these situations, as it reviews each high-risk chemical facility's 
SSP.

C. High-Risk Chemical Facilities Have Flexibility When Implementing the 
CFATS Personnel Surety Program

    A high-risk chemical facility will have flexibility to tailor its 
implementation of the CFATS Personnel Surety Program to fit its 
individual circumstances and, in this regard, to best balance who 
qualifies as an affected individual, unique security issues, costs, and 
burden. For example a high-risk chemical facility may, in its Site 
Security Plan:
     Restrict the numbers and types of persons allowed to 
access its restricted areas and critical assets, thus limiting the 
number of persons who will need to be checked for terrorist ties.
     Define its restricted areas and critical assets, thus 
potentially limiting the number of persons who will need to be checked 
for terrorist ties.
     Choose to escort visitors accessing restricted areas and 
critical assets in lieu of performing terrorist ties background checks 
under the CFATS Personnel Surety Program. The high-risk chemical 
facility may propose in its SSP traditional escorting solutions and/or 
innovative escorting alternatives such as video monitoring (which may 
reduce facility security costs), as appropriate, to address the unique 
security risks present at the facility.

D. Options Available to High-Risk Chemical Facilities To Comply With 
RBPS 12(iv)

    The Department has developed a CFATS Personnel Surety Program that 
provides high-risk chemical facilities several options to comply with 
RBPS 12(iv). In addition to the alternatives expressly described in 
this notice, the Department will also permit high-risk chemical 
facilities to propose alternative measures for terrorist ties 
identification in their SSPs, which the Department will consider on a 
case-by-case basis in evaluating high-risk chemical facilities' SSPs. 
Of note, and as discussed further below, a high-risk chemical facility 
may choose one option or a combination of options to comply with RBPS 
12(iv).
Overview of Option 1
    The first option allows high-risk chemical facilities (or 
designee(s)) \8\ to submit certain information about affected 
individuals to the Department through a Personnel Surety Program 
application in an online technology system developed under CFATS called 
the Chemical Security Assessment Tool (CSAT). Access to and the use of 
CSAT is provided free of charge to high-risk chemical facilities (or 
their designee(s)).
---------------------------------------------------------------------------

    \8\ A designee is a third party that submits information about 
affected individuals to DHS on behalf of a high-risk chemical 
facility.
---------------------------------------------------------------------------

    Under this option, information about affected individuals submitted 
by, or on behalf of, high-risk chemical facilities will be compared 
against identifying information of known or suspected terrorists 
contained in the TSDB.\9\
---------------------------------------------------------------------------

    \9\ Detailed information about the submission of information 
about affected individuals under Option 1 to the Department for 
vetting purposes via CSAT can be found in the CSAT Personnel Surety 
Program User Manual available on www.dhs.gov/chemicalsecurity.
---------------------------------------------------------------------------

    If Option 1 is selected by a high-risk chemical facility in its 
SSP, the facility (or its designee(s)) must submit the following 
information about an affected individual to satisfy RBPS 12(iv):
     For U.S. Persons (U.S. citizens and nationals as well as 
U.S. lawful permanent residents):
    [cir] Full name
    [cir] Date of Birth
    [cir] Citizenship or Gender
     For Non-U.S. Persons:
    [cir] Full Name
    [cir] Date of Birth
    [cir] Citizenship
    [cir] Passport information and/or alien registration number

    To reduce the likelihood of false positives in matching against 
records in the Federal Government's consolidated and integrated 
terrorist watchlist, high-risk chemical facilities (or their 
designee(s)) are encouraged, but not required, to submit the following 
optional information about each affected individual:

     Aliases
     Gender (for Non-U.S. Persons)
     Place of Birth
     Redress Number\10\
---------------------------------------------------------------------------

    \10\ For more information about Redress Numbers, please go to 
http://www.dhs.gov/one-stop-travelers-redress-process#1.

    If a high-risk chemical facility chooses to submit information 
about an affected individual under Option 1, the following table 
summarizes the biographic data that would be submitted to the 
Department.

                     Table 01--Affected Individual Required and Optional Data Under Option 1
----------------------------------------------------------------------------------------------------------------
     Data elements submitted to the
               department                        For a U.S. person                 For a non-U.S. person
----------------------------------------------------------------------------------------------------------------
Full Name...............................                                 Required
----------------------------------------------------------------------------------------------------------------
Date of Birth...........................                                 Required
----------------------------------------------------------------------------------------------------------------
Gender..................................  Must provide Citizenship or      Optional.
                                           Gender.
                                         -----------------------------------------------------------------------
Citizenship.............................  ...............................  Required.
----------------------------------------------------------------------------------------------------------------
Passport Information and/or Alien         N/A............................  Required.
 Registration Number.
----------------------------------------------------------------------------------------------------------------
Aliases.................................                                 Optional
----------------------------------------------------------------------------------------------------------------
Place of Birth..........................                                 Optional
----------------------------------------------------------------------------------------------------------------
Redress Number..........................                                 Optional
----------------------------------------------------------------------------------------------------------------


[[Page 79061]]

Overview of Option 2
    The second option also allows high-risk chemical facilities (or 
designee(s)) to submit certain information about affected individuals 
to the Department through the CSAT Personnel Surety Program 
application.\11\ This option allows high-risk chemical facilities and 
the Department to take advantage of the vetting for terrorist ties 
already being conducted on affected individuals enrolled in the TWIC 
Program, Hazardous Materials Endorsement (HME) Program, as well as the 
NEXUS, Secure Electronic Network for Travelers Rapid Inspection 
(SENTRI), Free and Secure Trade (FAST), and Global Entry Trusted 
Traveler Programs.
---------------------------------------------------------------------------

    \11\ Detailed information about the submission of information 
about affected individuals under Option 2 to the Department via CSAT 
can be found in the CSAT Personnel Surety Program User Manual 
available on www.dhs.gov/chemicalsecurity.
---------------------------------------------------------------------------

    Under Option 2, high-risk chemical facilities (or designee(s)) may 
submit information to the Department about affected individuals 
possessing the appropriate credentials to enable the Department to 
electronically verify the affected individuals' enrollments in these 
other programs. The Department will subsequently notify the Submitter 
\12\ of the high-risk chemical facility whether or not an affected 
individual's enrollment in one of these other DHS programs was 
electronically verified. The Department will also periodically re-
verify each affected individual's continued enrollment in one of these 
other programs, and notify the high-risk chemical facility and/or 
designee(s) of significant changes in the status of an affected 
individual's enrollment (e.g., if an affected individual who has been 
enrolled in the HME Program ceases to be enrolled, then the Department 
would change the status of the affected individual in the CSAT 
Personnel Surety Program application and notify the Submitter).\13\ 
Electronic verification and re-verification ensure that both the 
Department and the high-risk chemical facility can rely upon the 
continuing validity of an affected individual's credential or 
endorsement. As a condition of choosing Option 2, a high-risk chemical 
facility must describe in its SSP what action(s) it, or its 
designee(s), will take in the event the Department is unable to verify, 
or no longer able to verify, an affected individual's enrollment in the 
other DHS program. The high-risk facility must take some action and not 
leave the situation unresolved.
---------------------------------------------------------------------------

    \12\ A Submitter is a person who is responsible for the 
submission of information through the CSAT system as required in 6 
CFR 27.200(b)(3).
    \13\ When the Department notifies the Submitter of the high-risk 
chemical facility of significant changes in the status of an 
affected individual's enrollment, such a notification should not be 
construed to indicate that an individual has terrorist ties or be 
treated as derogatory information.
---------------------------------------------------------------------------

    If Option 2 is selected by a high-risk chemical facility in it SSP, 
the high-risk chemical facility (or designee(s)) must submit the 
following information about an affected individual to satisfy RBPS 
12(iv):

     Full Name;
     Date of Birth; and
     Program-specific information or credential information, 
such as unique number, or issuing entity (e.g., State for Commercial 
Driver's License (CDL) associated with an HME).
    To further reduce the potential for misidentification, high-risk 
chemical facilities (or designee(s)) are encouraged, but not required, 
to submit the following optional information about affected individuals 
to the Department:\14\
---------------------------------------------------------------------------

    \14\ The CSAT Personnel Surety application will be constructed 
to enable submission of these optional data elements in the future. 
However, the ability to submit them in the initial phases of 
implementation of the program may be limited.
---------------------------------------------------------------------------

     Aliases
     Gender
     Place of Birth
     Citizenship
    If a high-risk chemical facility chooses to submit information 
about an affected individual under Option 2, the following table 
summarizes the biographic data that would be submitted to the 
Department.

                     Table 02--Affected Individual Required and Optional Data Under Option 2
----------------------------------------------------------------------------------------------------------------
                                                                                         For affected individual
                                                                                          enrolled in a trusted
    Data elements submitted to the     For affected individual  For affected individual      traveler program
              department                     with a TWIC              with an HME         (NEXUS, SENTRI, FAST,
                                                                                             or Global Entry)
----------------------------------------------------------------------------------------------------------------
Full Name............................                                   Required
----------------------------------------------------------------------------------------------------------------
Date of Birth........................                                   Required
----------------------------------------------------------------------------------------------------------------
Expiration Date......................                                   Required
----------------------------------------------------------------------------------------------------------------
Unique Identifying Number............  TWIC Serial Number:      CDL Number: Required...  PASS ID Number:
                                        Required.                                         Required.
----------------------------------------------------------------------------------------------------------------
Issuing State of CDL.................  N/A....................  Required...............  N/A.
----------------------------------------------------------------------------------------------------------------
Aliases..............................                                   Optional
----------------------------------------------------------------------------------------------------------------
Gender...............................                                   Optional
----------------------------------------------------------------------------------------------------------------
Place of Birth.......................                                   Optional
----------------------------------------------------------------------------------------------------------------
Citizenship..........................                                   Optional
----------------------------------------------------------------------------------------------------------------

Overview of Option 3
    Under Option 3--Electronic Verification of TWIC, a high-risk 
chemical facility (or its designee(s)) will not submit to the 
Department information about affected individuals in possession of 
TWICs, but rather will electronically verify and validate the affected 
individuals' TWICs \15\ through the use of TWIC readers (or other 
technology that is periodically updated with revoked card information). 
Any

[[Page 79062]]

high-risk chemical facility that chooses this option must describe in 
its SSP the process and procedures it will follow if it chooses to use 
TWIC readers, including what action(s) it, or its designee(s), will 
take in the event the high-risk chemical facility is unable to verify 
the TWIC, or subsequently unable to verify an affected individual's 
TWIC. For example, if a TWIC cannot be verified through the use of a 
TWIC Reader, the high-risk chemical facility may choose to verify the 
affected individual's enrollment in TWIC under Option 2, or submit 
information about the affected individual under Option 1.
---------------------------------------------------------------------------

    \15\ Electronic verification and validation of an affected 
individual's TWIC requires authentication that the affected 
individual's TWIC (1) is a valid credential issued by TSA, and (2) 
has not been cancelled by the TSA, and (3) the biometric live sample 
matches the biometric template on the TWIC.
---------------------------------------------------------------------------

Overview of Option 4
    Option 4--Visual Verification Of Credentials Conducting Periodic 
Vetting complies with section 2102(d)(2) of the Homeland Security Act 
and allows a high-risk chemical facility to satisfy its obligation 
under 6 CFR 27.230(a)(12)(iv) to identify individuals with terrorist 
ties using any Federal screening program that periodically vets 
individuals against the TSDB if:
     The Federal screening program issues a credential or 
document,\16\
---------------------------------------------------------------------------

    \16\ This requirement is derived from section 2102(d)(2)(B)(i) 
of the Homeland Security Act.
---------------------------------------------------------------------------

     The high-risk chemical facility is presented \17\ a 
credential or document by the affected individual,\18\ and
---------------------------------------------------------------------------

    \17\ The Department considers records of credentials or 
documents maintained by the high-risk chemical facility, or 
designee, as having been presented by the affected individual. For 
example, if high-risk chemical facility (or designee) has in its 
personnel or access control files a photocopy of an affected 
individual's CDL with an HME, the high-risk chemical facility may 
consider the copy in its files as having been presented by the 
affected individual.
    \18\ Section 2102(d)(2)(B)(i)(II)(aa) of the Homeland Security 
Act requires high-risk chemical facilities to accept the credential 
or document from any federal screening program that conducts 
periodic vetting against the TSDB. Under Option 4, a high-risk 
chemical facility may contact the Department when drafting its SSP 
to determine if a specific credential or document is from a federal 
screening program that conducts periodic vetting against the TSDB.
---------------------------------------------------------------------------

     The high-risk chemical facility verifies the credential or 
document is current in accordance with its SSP.\19\
---------------------------------------------------------------------------

    \19\ This requirement is derived from section 
2102(d)(2)(B)(i)(II)(bb) of the Homeland Security Act.
---------------------------------------------------------------------------

    As a result, a high-risk chemical facility may verify that a 
credential or document is current based upon visual inspection, if the 
processes for conducting such visual inspections are described in its 
SSP. When developing such processes, the Department encourages high-
risk chemical facilities to consider any rules, processes, and 
procedures prescribed by the entity issuing the credential or document. 
The Department believes that visual verification has inherent 
limitations and provides less security value than the other options 
available under the CFATS Personnel Surety Program. The Department 
encourages every high-risk chemical facility to consider a means of 
verification that is consistent with its specific circumstances and its 
assessment of the threat posed by the acceptance of such credentials. 
If a facility chooses to use Option 4, in whole or in part, it should 
also identify in its Site Security Plan the means by which it plans to 
address these limitations.
    An example of Option 4 that could be implemented by a high-risk 
chemical facility is to leverage the vetting conducted by the Bureau of 
Alcohol, Tobacco, Firearms, and Explosives (ATF) on affected 
individuals who are employee possessors of a Federal explosives 
licensee/permittee. For example, a high-risk chemical facility may rely 
on a ``letter of clearance'' issued by ATF when presented by an 
affected individual who is also an employee-possessor of explosives. 
The high-risk chemical facility should describe in its SSP the 
procedures it will use to verify the letter of clearance is current. 
The Department will consider high-risk chemical facilities' proposals 
in the course of evaluating individual SSPs.

E. High-Risk Chemical Facilities May Use More Than One Option

    High-risk chemical facilities have discretion as to which option(s) 
to use for an affected individual. For example, if an affected 
individual possesses a TWIC or some other credential or document, a 
high-risk chemical facility could choose to use Option 1 for that 
individual. Similarly, a high-risk chemical facility, at its 
discretion, may choose to use Option 1 or Option 2 rather than Option 3 
or Option 4 for affected individuals who have TWICs or some other 
credential or document. High-risk chemical facilities also may choose 
to combine Option 1 with Option 2, Option 3, and/or Option 4, as 
appropriate, to ensure that adequate terrorist ties checks are 
performed on different types of affected individuals (e.g., employees, 
contractors, unescorted visitors). Each high-risk chemical facility 
must describe how it will comply with RBPS 12(iv) in its SSP.

F. High-Risk Chemical Facilities May Propose Additional Options

    In addition to the options described above for satisfying RBPS 
12(iv), a high-risk chemical facility is welcome to propose alternative 
or supplemental options not described in this document in its SSPs. The 
Department will assess the adequacy of such alternative or supplemental 
options on a facility-by-facility basis, in the course of evaluating 
each facility's SSP.

G. Security Considerations for High-Risk Chemical Facilities To Weigh 
in Selecting Options

    The Department believes the greatest security benefit is achieved 
when a high-risk chemical facility selects either Option 1 and/or 
Option 2. Option 3 also provides significant security benefit. Option 4 
provides some security benefit but less than Option 1, Option 2, or 
Option 3.
    Option 1 and Option 2 provide the greatest security benefit because 
the information submitted about each affected individual will be 
recurrently vetted against the TSDB. Recurrent vetting is a Department 
best practice and compares an affected individual's information against 
new and/or updated TSDB records as such records become available. 
Further, in the event that an affected individual with terrorist ties 
has or is seeking access to restricted areas or critical assets, if 
information about that affected individual is submitted to the 
Department under Option 1 or Option 2, the Department will be able to 
ensure that an appropriate Federal law enforcement agency is notified 
and that, as appropriate and consistent with law-enforcement and 
intelligence requirements, the facility receives notification as well.
    Option 3 also provides significant security benefit because 
information about affected individuals with TWICs is recurrently vetted 
against the TSDB. However, since the Department does not receive 
information about these affected individuals from high-risk chemical 
facilities under Option 3, the Department cannot ensure that the 
appropriate Federal law enforcement agency is provided information 
about the high-risk chemical facility at which any such affected 
individual with terrorist ties has or is seeking access.
    Finally, Option 4 provides a more-limited security benefit, as some 
Federal screening programs do not conduct recurrent vetting. Recurrent 
vetting compares an affected individual's information against new and/
or updated TSDB records as those new and/or updated records become 
available. Recurrent vetting is a Department best practice because 
often records about terrorists are either created or updated in the 
TSDB after the initial vetting has already occurred. Consequently, 
recurrent vetting results in additional

[[Page 79063]]

matches and provides substantial security value.
    In addition, relying on a visual inspection of a credential or 
document is not as secure as electronic verification because visual 
inspection may make it more difficult to ascertain whether a credential 
or document has expired, been revoked, or is fraudulent. For example, 
the visual verification of a TWIC will not reveal whether the TWIC has 
been revoked by the Transportation Security Administration. Similarly, 
visual verification of a Hazardous Material Endorsement on a commercial 
driver's license will not reveal if the endorsement has expired or been 
revoked.
    Finally, since the Department will not receive from high-risk 
chemical facilities information about affected individuals whose 
credentials are visually verified, the Department will be unable to 
ensure the appropriate Federal law enforcement agency is provided 
information regarding the risks posed to a high-risk chemical facility 
by any such affected individual with terrorist ties, nor will it be 
able to ensure that the facility receives appropriate notification of 
the risk.
    For the reasons described above, Option 4 provides less security 
value than the other options available to high-risk chemical facilities 
under the CFATS Personnel Surety Program.

H. When the Check for Terrorist Ties Must Be Completed

    The Department will notify high-risk chemical facilities, 
individually, when it will require each to address RBPS 12(iv) in its 
SSP. After that notification, a facility must update or draft its SSP 
to address RBPS 12(iv), as appropriate, prior to authorization or 
approval by the Department. After authorization or approval, a high-
risk chemical facility (as described in its authorized or approved SSP) 
must complete the terrorist ties check required to be conducted on a 
particular affected individual by 6 CFR 27.230(a)(iv) prior to the 
affected individual being granted access to any restricted area or 
critical asset.\20\ For affected individuals with existing access, the 
Department will expect, unless otherwise noted in an authorized or 
approved SSP or ASP, that the terrorist ties check will be completed 
within 60 days after receiving authorization or approval of an SSP 
requiring the facility to implement measures to comply with RBPS 
12(iv). A high-risk chemical facility may suggest an alternative 
schedule based on its unique circumstances in its SSP. Table 3 below 
outlines the four primary options, and the expected time a high-risk 
chemical facility will have to complete the required activity(ies) 
outlined in the authorized or approved SSP to comply with RBPS 12(iv) 
for new affected individual as well as affected individuals with 
existing access.
---------------------------------------------------------------------------

    \20\ The Department indicated (in previous notices the 
Department published to comply with the Paperwork Reduction Act) 
that the terrorist ties check should be performed 48 hours prior to 
access. Although performing checks at least 48 hours in advance 
remains a best practice, the Department no longer expects all high-
risk chemical facilities to perform checks in advance. The 
Department has changed this expectation in order to encourage high-
risk chemical facilities to select Option 1, 2, and/or 3 when 
drafting SSPs.

                             Table 3--Summary of Options To Check for Terrorist Ties
----------------------------------------------------------------------------------------------------------------
                                                                                          Timeline for affected
        Option for compliance             Facility activity         Timeline for new         individuals with
                                             description          affected individuals       existing access
----------------------------------------------------------------------------------------------------------------
OPTION 1--Direct Vetting.............  Facility submits         Unless otherwise noted   Unless otherwise noted
                                        information to the       in an authorized or      in an authorized or
OPTION 2--Use of Vetting Conducted      Department.              approved SSP, the        approved SSP, the
 Under Other DHS Programs.             Facility submits          Department expects       Department expects
OPTION 3--Electronic Verification of    information to the       that this activity       that this activity
 TWIC.                                  Department.              will be completed        will be completed
OPTION 4--Visual Verification of       .......................   prior to the affected    within 60 days after
 Credentials Conducting Periodic       Facility uses a TWIC      individual being         receiving
 Vetting.                               Reader.                  granted access to any    authorization or
                                       .......................   restricted area or       approval of an SSP
                                       Facility conducts         critical asset.          requiring the facility
                                        visual verifications                              to implement measures
                                        by examining affected                             to comply with RBPS
                                        individuals'                                      12(iv).
                                        credentials or
                                        documents.
Facility-Proposed Alternative........  Details about facility-  Details about facility-  Details about facility-
                                        proposed alternatives    proposed alternatives    proposed alternatives
                                        could vary               could vary               could vary
                                        significantly from       significantly from       significantly from
                                        facility to facility.    facility to facility.    facility to facility.
----------------------------------------------------------------------------------------------------------------

IV. Additional Details About Option 1 and Option 2 (Which Involve the 
Submission of Information to the Department)

A. Submission of a New Affected Individual's Information Under Option 1 
or Option 2

    Under Option 1 or Option 2, a high-risk chemical facility may 
submit information about new affected individuals in accordance with 
its SSP. The Department encourages high-risk chemical facilities to 
submit information about affected individuals as soon as possible after 
an individual has been determined to be an affected individual. As 
described earlier in this notice, the high-risk chemical facilities 
must submit information prior to a new affected individual obtaining 
access to any restricted area or critical asset.

B. Updates & Corrections to Information About Affected Individuals 
Under Option 1 or Option 2

    Section 2102(d)(2)(A)(i) of the Homeland Security Act prohibits the 
Department from requiring a high-risk chemical facility to submit 
information about an individual more than one time under Option 1 or 
Option 2. Therefore, under Option 1 or Option 2, a high-risk chemical 
facility may choose whether to submit data updates or corrections about 
affected individuals.
    The Department believes that there are substantial privacy risks if 
a high-risk chemical facility opts not to provide updates and 
corrections (e.g., updating or correcting a name or date of birth) 
about affected individuals. Specifically, the accuracy of an affected 
individual's personal data being vetted against the TSDB for terrorist 
ties may be affected. Accurate information both (1) increases the 
likelihood of correct matches against information about known or 
suspected terrorists, and (2) decreases the likelihood of incorrect 
matches that associate affected individuals without terrorist ties with 
known and suspected terrorist identities. As a result, the Department 
encourages high-risk

[[Page 79064]]

chemical facilities to submit updates and corrections as they become 
known so that the Department's checks for terrorist ties, which are 
done on a recurrent basis, are accurate. If a high-risk chemical 
facility is either unable or unwilling to update or correct an affected 
individual's information, the affected individual may seek redress as 
described in the CFATS Personnel Surety Program Privacy Impact 
Assessment.\21\
---------------------------------------------------------------------------

    \21\ Concurrent with the publication of this implementation 
notice the Department is publishing a Privacy Impact Assessment 
(PIA) Update which is available at www.dhs.gov/privacy.
---------------------------------------------------------------------------

C. Notification That an Affected Individual No Longer Has Access Under 
Option 1 or Option 2

    Section 2102(d)(2)(A)(i) of the Homeland Security Act also 
prohibits the Department from requiring a high-risk chemical facility 
to notify the Department when an affected individual no longer has 
access to the restricted areas or critical assets of a high-risk 
chemical facility. Therefore, under Option 1 or Option 2, a high-risk 
chemical facility has the option to notify the Department when the 
affected individual no longer has access to any restricted areas or 
critical assets, but such notification is not required. The Department 
strongly encourages high-risk chemical facilities to notify the 
Department when an affected individual no longer has access to 
restricted areas or critical assets to ensure the accuracy of the 
Department's data and to stop the recurrent vetting on the person who 
is no longer an affected individual. If a high-risk chemical facility 
is either unable or unwilling to notify the Department when an affected 
individual no longer has access to restricted areas or critical assets, 
the affected individual may seek redress as described in the CFATS 
Personnel Surety Program Privacy Impact Assessment.

D. What/Who Is the Source of the Information Under Option 1 and Option 
2

    High-risk chemical facilities are responsible for complying with 
RBPS 12(iv). However, companies operating multiple high-risk chemical 
facilities, as well as companies operating only one high-risk chemical 
facility, may comply with RBPS 12(iv) in a variety of ways. A high-risk 
chemical facility, or its parent company, may choose to comply with 
RBPS 12(iv) by identifying and directly submitting to the Department 
the information about affected individuals. Alternatively, a high-risk 
chemical facility, or its parent company, may choose to comply with 
RBPS 12(iv) by outsourcing the information-submission process to third 
parties.
    The Department also anticipates that many high-risk chemical 
facilities will rely on businesses that provide them with contract 
services (e.g., complex turn-arounds, freight delivery services, 
landscaping) to identify and submit the appropriate information about 
affected individuals the contract services employ to the Department 
under Option 1 and Option 2.
    Both third parties that submit information on behalf of high-risk 
chemical facilities and businesses that provide services to high-risk 
chemical facilities must be designated by the high-risk chemical 
facility within CSAT in order to submit appropriate information about 
affected individuals to the Department on behalf of the high-risk 
chemical facility.\22\
---------------------------------------------------------------------------

    \22\ Information about how to designate a third party within 
CSAT is explain in the CFATS Personnel Surety Program User Manual 
available on www.dhs.gov/chemicalsecurity.
---------------------------------------------------------------------------

V. CSAT User Roles and Responsibilities

    Under Options 1 and 2 (as described above), high-risk chemical 
facilities have wide latitude in assigning CSAT user roles to align 
with their business operations and/or the business operations of third 
parties that provide contracted services to them. The Department has 
structured the CSAT Personnel Surety Program application to allow 
designee(s) of high-risk chemical facilities to submit information 
about affected individuals directly to the Department on behalf of 
high-risk chemical facilities.
    High-risk chemical facilities and designee(s) will be able to 
structure CSAT user roles to submit information about affected 
individuals to the Department in several ways, including but not 
limited to the following:
     A high-risk chemical facility may directly submit 
information about affected individuals, and designate one or more 
officers or employees of the facility with appropriate CSAT user roles; 
and/or
     A high-risk chemical facility may ensure the submission of 
information about affected individuals by designating one or more 
persons affiliated with a third party (or with multiple third parties); 
and/or
     A company owning several high-risk chemical facilities 
could consolidate its submission process for affected individuals. 
Specifically, the company could designate one or more persons to submit 
information about affected individuals on behalf of all or some of the 
Tier 1 and Tier 2 high-risk chemical facilities within the company on a 
company-wide basis.
    Third parties interested in providing information about affected 
individuals to the Department on behalf of high-risk chemical 
facilities may request a CSAT user account from the high-risk chemical 
facility or company for which the third party will be working. Third 
parties will not be able to submit information about affected 
individuals until a high-risk chemical facility designates the third 
party within CSAT to submit information on its behalf.
    A high-risk chemical facility (or designee(s)) may submit 
information under Option 1 or Option 2 after the facility's SSP has 
been approved or authorized by the Department for RBPS 12(iv).

VI. Privacy Considerations

    High-risk chemical facilities (or designee(s)) may maintain 
information about an affected individual, for the purpose of complying 
with CFATS, which is not submitted to the Department as part of the 
CFATS Personnel Surety Program (e.g., for compliance with RBPS 12(i)-
(iii), or for recordkeeping pertaining to Option 3 or Option 4). 
Information not in the possession of and not submitted to the 
Department is not covered under the Privacy Act of 1974. Nevertheless, 
the Department expects that high-risk chemical facilities and 
designee(s) will protect and safeguard any such information as outlined 
in their SSPs and in accordance with any other Federal, State, or local 
privacy laws that are applicable to the collection of the information, 
just as the high-risk chemical facilities would for other similar 
information collected under a their normal business practices for 
activities unrelated to CFATS.

A. Privacy Act Requirements To Enable Option 1 and Option 2

    The Department complies with all applicable federal privacy 
requirements including those contained in the Privacy Act, the E-
Government Act, the Homeland Security Act, and Departmental policy. The 
United States also follows international instruments on privacy, all of 
which are consistent with the Fair Information Practice Principles 
(FIPPs).\23\ The Department:
---------------------------------------------------------------------------

    \23\ See Privacy Policy Guidance Memorandum, The Fair 
Information Practice Principles: Framework for Privacy Policy at the 
Department of Homeland Security, available at http://www.dhs.gov/xlibrary/assets/privacy/privacy_policyguide_2008-01.pdf (December 
29, 2008).

---------------------------------------------------------------------------

[[Page 79065]]

     Published a System of Records Notice (SORN) for the CFATS 
Personnel Surety Program on June 14, 2011 as well as a SORN Update on 
May 19, 2014.\24\
---------------------------------------------------------------------------

    \24\ See DHS/NPPD-002--Chemical Facility Anti-Terrorism 
Standards Personnel Surety Program System of Records, 79 FR 28752, 
available at www.dhs.gov/privacy (May 19, 2014).
---------------------------------------------------------------------------

     Issued a Final Rule \25\ to exempt portions of the 
Chemical Facility Anti-Terrorism Standards Personnel Surety Program 
SORN from certain provisions of the Privacy Act because of criminal, 
civil, and administrative enforcement requirements on May 21, 2014.
---------------------------------------------------------------------------

    \25\ See Implementation of Exemptions; Department of Homeland 
Security/National Protection and Programs Directorate--002 Chemical 
Facility Anti-Terrorism Standards Personnel Surety Program System of 
Records, 79 FR 29072, available at www.dhs.gov/privacy (May 21, 
2014).
---------------------------------------------------------------------------

     Published a CFATS Personnel Surety Program Privacy Impact 
Assessment (PIA) in May 2011, and a CFATS Personnel Surety Program PIA 
Update on May 1, 2014. Concurrent with the publication of this 
implementation notice the Department is publishing a second PIA Update 
which is available at www.dhs.gov/privacy.
    With the publication of these privacy documents, the Department has 
ensured that the CFATS Personnel Surety Program complies with the 
appropriate privacy laws and Department of Homeland Security privacy 
policies.

B. Redress

    The CFATS Personnel Surety Program complies with the requirement of 
section 2102(d)(2)(A)(iii) of the Homeland Security Act to provide 
redress to an individual: (1) Whose information was vetted against the 
TSDB under the program; and (2) who believes that the personally 
identifiable information submitted to the Department for such vetting 
by a covered chemical facility, or its designated representative, was 
inaccurate. The Department has described how to seek redress in the 
CFATS Personnel Surety Program Privacy Impact Assessment.

C. Additional Privacy Considerations Related to Option 1 and Option 2

    The Submitter(s) of each high-risk chemical facility (or 
designee(s)) will be required to affirm that, in accordance with its 
SSP, notice required by the Privacy Act of 1974 has been given to 
affected individuals before their information is submitted to the 
Department. The Department has made available a sample Privacy Act 
notice that complies with subsection (e)(3) of the Privacy Act (5 
U.S.C. 552a(e)(3)) in the CFATS Personnel Surety Program PIA Update 
being published concurrently with this notice.\26\ The sample notice, 
or a different satisfactory notice, must be provided by a high-risk 
chemical facility to affected individuals prior to the submission of 
Personally Identifiable Information (PII) to the Department under 
Option 1 and Option 2. This notice must: (1) Notify those individuals 
that their information is being submitted to DHS for vetting against 
the TSDB, and that in some cases additional information may be 
requested and submitted in order to resolve a potential match; (2) 
instruct those individuals how to access their information; (3) 
instruct those individuals how to correct their information; and (4) 
instruct those individuals on procedures available to them for redress 
if they believe their information has been improperly matched by the 
Department to information contained in the TSDB. Individuals have the 
opportunity and the right to decline to provide information; however, 
if an individual declines to provide information, he or she may impact 
a high-risk chemical facility's compliance with CFATS.
---------------------------------------------------------------------------

    \26\ The CFATS Personnel Surety Program PIA Update, as well as 
other privacy related documents, are available at on the 
Department's Web site at www.dhs.gov/privacy.
---------------------------------------------------------------------------

D. Additional Privacy Considerations for Option 3 and Option 4

    A high-risk chemical facility will not submit information to the 
Department if the facility opts to electronically verify and validate 
affected individuals' TWICs through the use of TWIC readers (or other 
technology that is periodically updated with revoked card information) 
under Option 3. High-risk chemical facilities that opt to implement 
Option 3 are encouraged, but are not required, to provide notice to 
each affected individual whose TWIC is being verified and validated. 
Although Option 3 allows high-risk chemical facilities to comply with 
RBPS 12(iv) without submitting information to the Department, the 
Department feels that appropriate notice should still be given to those 
individuals so that they know their TWICs are now being used to comply 
with 6 CFR 27.230(a)(12)(iv). The Department has provided a sample 
privacy notice for high-risk chemical facilities to use in the CFATS 
Personnel Surety Program PIA Update, published May 1, 2014. A revised 
sample Privacy Act notice is also included in the PIA Update being 
published concurrently with this notice.
    In addition, a high-risk chemical facility will not submit 
information to the Department if the facility opts to utilize Option 4 
and to visually inspect a credential or document for any Federal 
screening program that periodically vets individuals against the TSDB. 
High-risk chemical facilities that opt to implement Option 4 are 
encouraged, but are not required, to provide notice to each affected 
individual whose Federal screening program credential or document is 
being visually inspected in order to comply with 6 CFR 
27.230(a)(12)(iv).

VII. Information a High-Risk Chemical Facility May Wish To Consider 
Including in its SSP

    When writing, revising, or updating their SSPs, high-risk chemical 
facilities may wish to consider including information about the 
following topics to assist the Department in evaluating the adequacy of 
the security measures outlined in the SSP for RBPS12(iv):

1. General

     Who does the facility consider an affected individual and 
how does the facility identify affected individuals?
    [cir] Who does the facility consider facility personnel and how 
does the facility identify them?
    [cir] Who does the facility consider unescorted visitors and how 
does the facility identify them?
     If the facility escorts any visitors, how does it escort 
them?
     How does the facility define its restricted areas and/or 
critical assets for the purposes of RBPS 12?
     Does the facility include computer systems or remote 
access as either a restricted area or critical asset?
     Which Option(s), or alternative approaches not described 
in this notice, will the facility or its designee(s) use to check for 
terrorist ties?
     Does the facility intend to use one or more Options for 
some affected individuals that it will not use for other affected 
individuals? If so, which Option(s) apply to which groups of affected 
individuals?
     Will the facility opt to have a designee(s) submit 
information about affected individuals? If so, what guidance will the 
high-risk chemical facility establish for designee(s) when it submits 
information (e.g., when are affected individuals considered to be 
``facility personnel'' ``unescorted visitors,'' how will the facility 
verify that notice has been provided to an affected individual before 
information about him/her is provided to the Department)?
     Does the high-risk chemical facility anticipate that any 
individuals will require access to restricted areas or

[[Page 79066]]

critical assets without visitor escorts or without the background 
checks listed in RBPS 12 under exceptional circumstances (e.g., 
foreseeable but unpredictable circumstances)? If so, who? If so, which 
exceptional circumstances would warrant access without visitor escorts 
or without the background checks listed in RBPS 12?

2. With Regard to Option 1

     How will notice be provided to affected individuals that 
information is being provided to the Department?

3. With Regard to Option 2

     How will notice be provided to affected individuals that 
information is being provided to the Department?
     What will the facility do if NPPD is unable to verify an 
affected individual's enrollment in another Department TSDB vetting 
program?
     What will be the timeframe for this follow-on action?
     What will the facility do if NPPD does verify the 
credential, but later during a periodic re-verification, is unable 
verify the credential?
     What will be the timeframe for this follow-on action?
     Does the facility describe how it will comply with RBPS 
12(iv) for affected individuals without credentials capable of being 
verified under Option 2?

4. With Regard to Option 3

     How will the facility identify those affected individuals 
who possess TWICs?
     How will the facility comply with RBPS 12(iv) for affected 
individuals without TWICs?
     How will the facility electronically verify and validate 
TWICs of affected individuals?
     Which reader(s) or Physical Access Control System (PACS) 
will the facility be using? Or, if it is not using readers, how it will 
use the CCL or CRL?
     Where will the reader(s) or PAC(s) be located?
     What mode or modes (i.e., which setting on the TWIC 
Reader) will be used when verifying and validating the TWIC of an 
affected individual? \27\
---------------------------------------------------------------------------

    \27\ See table 4.1 on page 18 of the TSA reader specification at 
(http://www.tsa.gov/sites/default/files/publications/pdf/twic/twic_reader_card_app_spec.pdf).
---------------------------------------------------------------------------

     Will the TWIC of an affected individual be re-verified and 
re-validated with TWIC readers, and, if so, how often?
     What will the facility (or designee(s)) do if an affected 
individual's TWIC cannot be verified or if the TWIC reader is not 
functioning properly?

5. With Regard to Option 4

     Upon which Federal screening program(s) does the facility 
or designee intend to rely?
     What document(s) or credential(s) issued by the Federal 
screening program(s) will the facility visually verify?
     What procedures will the facility use to allow affected 
individuals to present document(s) or credential(s)?
     How will the facility verify that the credential or 
document presented by affected individuals is not fraudulent?
     What procedures will the facility follow to visually 
verify that a credential or document is current and valid (i.e., not 
expired)?
     Will the visual verification include the following?
    [cir] Comparing any picture on a document or credential to the 
bearer of the credential or document;
    [cir] Comparing any physical characteristics listed on the 
credential or document (e.g., height, hair color, eye color) with the 
bearer's physical appearance;
    [cir] Checking for tampering;
    [cir] Reviewing both sides of the credential or document and 
checking for the appropriate stock/credential material;
    [cir] Checking for an expiration date; and
    [cir] Checking for any insignia, watermark, hologram, signature or 
other unique feature.
     What will the facility do if it is unable to visually 
verify an affected individual's credential or document, if the 
credential or document fails visual verification, or if the credential 
or document appears invalid, expired, or fraudulent?

6. With Regard to Other Options

     A facility that chooses to propose an option not listed 
above in its SSP should provide as much detail as possible to allow the 
Department to consider the potential option and evaluate whether or not 
it meets the RBPS 12(iv) standard.

Caitlin Durkovich,
Assistant Secretary, Office of Infrastructure Protection, National 
Protection and Programs Directorate, U.S. Department of Homeland 
Security.
[FR Doc. 2015-31625 Filed 12-17-15; 8:45 am]
 BILLING CODE 9110-9P-P