[United States Statutes at Large, Volume 128, 113th Congress, 2nd Session]
[From the U.S. Government Publishing Office, www.gpo.gov]


Public Law 113-254
113th Congress

An Act


 
To recodify and reauthorize the Chemical Facility Anti-Terrorism
Standards Program. <>

Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled, <>
SECTION 1. SHORT TITLE.

This Act may be cited as the ``Protecting and Securing Chemical
Facilities from Terrorist Attacks Act of 2014''.
SEC. 2. CHEMICAL FACILITY ANTI-TERRORISM STANDARDS PROGRAM.

(a) In General.--The Homeland Security Act of 2002 (6 U.S.C. 101 et
seq.) is amended by adding at the end the following:

``TITLE <>  XXI--CHEMICAL FACILITY ANTI-
TERRORISM STANDARDS
``SEC. 2101. <>  DEFINITIONS.

``In this title--
``(1) the term `CFATS regulation' means--
``(A) an existing CFATS regulation; and
``(B) any regulation or amendment to an existing
CFATS regulation issued pursuant to the authority under
section 2107;
``(2) the term `chemical facility of interest' means a
facility that--
``(A) holds, or that the Secretary has a reasonable
basis to believe holds, a chemical of interest, as
designated under Appendix A to part 27 of title 6, Code
of Federal Regulations, or any successor thereto, at a
threshold quantity set pursuant to relevant risk-related
security principles; and
``(B) is not an excluded facility;
``(3) the term `covered chemical facility' means a facility
that--
``(A) the Secretary--
``(i) identifies as a chemical facility of
interest; and
``(ii) based upon review of the facility's
Top-Screen, determines meets the risk criteria
developed under section 2102(e)(2)(B); and
``(B) is not an excluded facility;
``(4) the term `excluded facility' means--

[[Page 2899]]

``(A) a facility regulated under the Maritime
Transportation Security Act of 2002 (Public Law 107-295;
116 Stat. 2064);
``(B) a public water system, as that term is defined
in section 1401 of the Safe Drinking Water Act (42
U.S.C. 300f);
``(C) a Treatment Works, as that term is defined in
section 212 of the Federal Water Pollution Control Act
(33 U.S.C. 1292);
``(D) a facility owned or operated by the Department
of Defense or the Department of Energy; or
``(E) a facility subject to regulation by the
Nuclear Regulatory Commission, or by a State that has
entered into an agreement with the Nuclear Regulatory
Commission under section 274 b. of the Atomic Energy Act
of 1954 (42 U.S.C. 2021(b)) to protect against
unauthorized access of any material, activity, or
structure licensed by the Nuclear Regulatory Commission;
``(5) the term `existing CFATS regulation' means--
``(A) a regulation promulgated under section 550 of
the Department of Homeland Security Appropriations Act,
2007 (Public Law 109-295; 6 U.S.C. 121 note) that is in
effect on the day before the date of enactment of the
Protecting and Securing Chemical Facilities from
Terrorist Attacks Act of 2014; and
``(B) a Federal Register notice or other published
guidance relating to section 550 of the Department of
Homeland Security Appropriations Act, 2007 that is in
effect on the day before the date of enactment of the
Protecting and Securing Chemical Facilities from
Terrorist Attacks Act of 2014;
``(6) the term `expedited approval facility' means a covered
chemical facility for which the owner or operator elects to
submit a site security plan in accordance with section
2102(c)(4);
``(7) the term `facially deficient', relating to a site
security plan, means a site security plan that does not support
a certification that the security measures in the plan address
the security vulnerability assessment and the risk-based
performance standards for security for the facility, based on a
review of--
``(A) the facility's site security plan;
``(B) the facility's Top-Screen;
``(C) the facility's security vulnerability
assessment; or
``(D) any other information that--
``(i) the facility submits to the Department;
or
``(ii) the Department obtains from a public
source or other source;
``(8) the term `guidance for expedited approval facilities'
means the guidance issued under section 2102(c)(4)(B)(i);
``(9) the term `risk assessment' means the Secretary's
application of relevant risk criteria identified in section
2102(e)(2)(B);
``(10) the term `terrorist screening database' means the
terrorist screening database maintained by the Federal
Government Terrorist Screening Center or its successor;

[[Page 2900]]

``(11) the term `tier' has the meaning given the term in
section 27.105 of title 6, Code of Federal Regulations, or any
successor thereto;
``(12) the terms `tiering' and `tiering methodology' mean
the procedure by which the Secretary assigns a tier to each
covered chemical facility based on the risk assessment for that
covered chemical facility;
``(13) the term `Top-Screen' has the meaning given the term
in section 27.105 of title 6, Code of Federal Regulations, or
any successor thereto; and
``(14) the term `vulnerability assessment' means the
identification of weaknesses in the security of a chemical
facility of interest.
``SEC. 2102. <>  CHEMICAL FACILITY ANTI-TERRORISM
STANDARDS PROGRAM.

``(a) Program Established.--
``(1) In general.--There is in the Department a Chemical
Facility Anti-Terrorism Standards Program.
``(2) Requirements.--In carrying out the Chemical Facility
Anti-Terrorism Standards Program, the Secretary shall--
``(A) identify--
``(i) chemical facilities of interest; and
``(ii) covered chemical facilities;
``(B) <>  require each chemical
facility of interest to submit a Top-Screen and any
other information the Secretary determines necessary to
enable the Department to assess the security risks
associated with the facility;
``(C) establish risk-based performance standards
designed to address high levels of security risk at
covered chemical facilities; and
``(D) require each covered chemical facility to--
``(i) <>  submit a security
vulnerability assessment; and
``(ii) <>  develop,
submit, and implement a site security plan.

``(b) Security Measures.--
``(1) In general.--A facility, in developing a site security
plan as required under subsection (a), shall include security
measures that, in combination, appropriately address the
security vulnerability assessment and the risk-based performance
standards for security for the facility.
``(2) Employee input.--To the greatest extent practicable, a
facility's security vulnerability assessment and site security
plan shall include input from at least 1 facility employee and,
where applicable, 1 employee representative from the bargaining
agent at that facility, each of whom possesses, in the
determination of the facility's security officer, relevant
knowledge, experience, training, or education as pertains to
matters of site security.

``(c) Approval or Disapproval of Site Security Plans.--
``(1) In general.--
``(A) Review.--Except as provided in paragraph (4),
the Secretary shall review and approve or disapprove
each site security plan submitted pursuant to subsection
(a).
``(B) Bases for disapproval.--The Secretary--

[[Page 2901]]

``(i) may not disapprove a site security plan
based on the presence or absence of a particular
security measure; and
``(ii) shall disapprove a site security plan
if the plan fails to satisfy the risk-based
performance standards established pursuant to
subsection (a)(2)(C).
``(2) Alternative security programs.--
``(A) Authority to approve.--
``(i) <>  In general.--
The Secretary may approve an alternative security
program established by a private sector entity or
a Federal, State, or local authority or under
other applicable laws, if the Secretary determines
that the requirements of the program meet the
requirements under this section.
``(ii) Additional security measures.--If the
requirements of an alternative security program do
not meet the requirements under this section, the
Secretary may recommend additional security
measures to the program that will enable the
Secretary to approve the program.
``(B) Satisfaction of site security plan
requirement.--A covered chemical facility may satisfy
the site security plan requirement under subsection (a)
by adopting an alternative security program that the
Secretary has--
``(i) reviewed and approved under subparagraph
(A); and
``(ii) determined to be appropriate for the
operations and security concerns of the covered
chemical facility.
``(3) Site security plan assessments.--
``(A) Risk assessment policies and procedures.--In
approving or disapproving a site security plan under
this subsection, the Secretary shall employ the risk
assessment policies and procedures developed under this
title.
``(B) Previously approved plans.--In the case of a
covered chemical facility for which the Secretary
approved a site security plan before the date of
enactment of the Protecting and Securing Chemical
Facilities from Terrorist Attacks Act of 2014, the
Secretary may not require the facility to resubmit the
site security plan solely by reason of the enactment of
this title.
``(4) Expedited approval program.--
``(A) In general.--A covered chemical facility
assigned to tier 3 or 4 may meet the requirement to
develop and submit a site security plan under subsection
(a)(2)(D) by developing and submitting to the
Secretary--
``(i) a site security plan and the
certification described in subparagraph (C); or
``(ii) a site security plan in conformance
with a template authorized under subparagraph (H).
``(B) Guidance for expedited approval facilities.--
``(i) <>  In general.--Not
later than 180 days after the date of enactment of
the Protecting and Securing Chemical Facilities
from Terrorist Attacks Act of 2014, the Secretary
shall issue guidance for expedited

[[Page 2902]]

approval facilities that identifies specific
security measures that are sufficient to meet the
risk-based performance standards.
``(ii) Material deviation from guidance.--If a
security measure in the site security plan of an
expedited approval facility materially deviates
from a security measure in the guidance for
expedited approval facilities, the site security
plan shall include an explanation of how such
security measure meets the risk-based performance
standards.
``(iii) Applicability of other laws to
development and issuance of initial guidance.--
During the period before the Secretary has met the
deadline under clause (i), in developing and
issuing, or amending, the guidance for expedited
approval facilities under this subparagraph and in
collecting information from expedited approval
facilities, the Secretary shall not be subject
to--
``(I) section 553 of title 5, United
States Code;
``(II) subchapter I of chapter 35 of
title 44, United States Code; or
``(III) section 2107(b) of this
title.
``(C) Certification.--The owner or operator of an
expedited approval facility shall submit to the
Secretary a certification, signed under penalty of
perjury, that--
``(i) the owner or operator is familiar with
the requirements of this title and part 27 of
title 6, Code of Federal Regulations, or any
successor thereto, and the site security plan
being submitted;
``(ii) the site security plan includes the
security measures required by subsection (b);
``(iii)(I) the security measures in the site
security plan do not materially deviate from the
guidance for expedited approval facilities except
where indicated in the site security plan;
``(II) any deviations from the guidance for
expedited approval facilities in the site security
plan meet the risk-based performance standards for
the tier to which the facility is assigned; and
``(III) the owner or operator has provided an
explanation of how the site security plan meets
the risk-based performance standards for any
material deviation;
``(iv) the owner or operator has visited,
examined, documented, and verified that the
expedited approval facility meets the criteria set
forth in the site security plan;
``(v) the expedited approval facility has
implemented all of the required performance
measures outlined in the site security plan or set
out planned measures that will be implemented
within a reasonable time period stated in the site
security plan;
``(vi) each individual responsible for
implementing the site security plan has been made
aware of the requirements relevant to the
individual's responsibility contained in the site
security plan and has demonstrated competency to
carry out those requirements;

[[Page 2903]]

``(vii) the owner or operator has committed,
or, in the case of planned measures will commit,
the necessary resources to fully implement the
site security plan; and
``(viii) the planned measures include an
adequate procedure for addressing events beyond
the control of the owner or operator in
implementing any planned measures.
``(D) Deadline.--
``(i) In general.--Not later than 120 days
after the date described in clause (ii), the owner
or operator of an expedited approval facility
shall submit to the Secretary the site security
plan and the certification described in
subparagraph (C).
``(ii) Date.--The date described in this
clause is--
``(I) for an expedited approval
facility that was assigned to tier 3 or
4 under existing CFATS regulations
before the date of enactment of the
Protecting and Securing Chemical
Facilities from Terrorist Attacks Act of
2014, the date that is 210 days after
the date of enactment of that Act; and
``(II) for any expedited approval
facility not described in subclause (I),
the later of--
``(aa) the date on which the
expedited approval facility is
assigned to tier 3 or 4 under
subsection (e)(2)(A); or
``(bb) the date that is 210
days after the date of enactment
of the Protecting and Securing
Chemical Facilities from
Terrorist Attacks Act of 2014.
``(iii) <>  Notice.--An owner
or operator of an expedited approval facility
shall notify the Secretary of the intent of the
owner or operator to certify the site security
plan for the expedited approval facility not later
than 30 days before the date on which the owner or
operator submits the site security plan and
certification described in subparagraph (C).
``(E) Compliance.--
``(i) In general.--For an expedited approval
facility submitting a site security plan and
certification in accordance with subparagraphs
(A), (B), (C), and (D)--
``(I) the expedited approval
facility shall comply with all of the
requirements of its site security plan;
and
``(II) the Secretary--
``(aa) except as provided in
subparagraph (G), may not
disapprove the site security
plan; and
``(bb) may audit and inspect
the expedited approval facility
under subsection (d) to verify
compliance with its site
security plan.
``(ii) Noncompliance.--If the Secretary
determines an expedited approval facility is not
in compliance with the requirements of the site
security plan or is otherwise in violation of this
title, the Secretary may enforce compliance in
accordance with section 2104.

[[Page 2904]]

``(F) Amendments to site security plan.--
``(i) Requirement.--
``(I) <>  In
general.--If the owner or operator of an
expedited approval facility amends a
site security plan submitted under
subparagraph (A), the owner or operator
shall submit the amended site security
plan and a certification relating to the
amended site security plan that contains
the information described in
subparagraph (C).
``(II) Technical amendments.--For
purposes of this clause, an amendment to
a site security plan includes any
technical amendment to the site security
plan.
``(ii) Amendment required.--The owner or
operator of an expedited approval facility shall
amend the site security plan if--
``(I) there is a change in the
design, construction, operation, or
maintenance of the expedited approval
facility that affects the site security
plan;
``(II) the Secretary requires
additional security measures or suspends
a certification and recommends
additional security measures under
subparagraph (G); or
``(III) <>  the
owner or operator receives notice from
the Secretary of a change in tiering
under subsection (e)(3).
``(iii) Deadline.--An amended site security
plan and certification shall be submitted under
clause (i)--
``(I) in the case of a change in
design, construction, operation, or
maintenance of the expedited approval
facility that affects the security plan,
not later than 120 days after the date
on which the change in design,
construction, operation, or maintenance
occurred;
``(II) in the case of the Secretary
requiring additional security measures
or suspending a certification and
recommending additional security
measures under subparagraph (G), not
later than 120 days after the date on
which the owner or operator receives
notice of the requirement for additional
security measures or suspension of the
certification and recommendation of
additional security measures; and
``(III) in the case of a change in
tiering, not later than 120 days after
the date on which the owner or operator
receives notice under subsection (e)(3).
``(G) Facially deficient site security plans.--
``(i) Prohibition.--Notwithstanding
subparagraph (A) or (E), the Secretary may suspend
the authority of a covered chemical facility to
certify a site security plan if the Secretary--
``(I) <>
determines the certified site security
plan or an amended site security plan is
facially deficient; and
``(II) <>  not
later than 100 days after the date on
which the Secretary receives the site
security

[[Page 2905]]

plan and certification, provides the
covered chemical facility with written
notification that the site security plan
is facially deficient, including a clear
explanation of each deficiency in the
site security plan.
``(ii) Additional security measures.--
``(I) <>  In
general.--If, during or after a
compliance inspection of an expedited
approval facility, the Secretary
determines that planned or implemented
security measures in the site security
plan of the facility are insufficient to
meet the risk-based performance
standards based on misrepresentation,
omission, or an inadequate description
of the site, the Secretary may--
``(aa) require additional
security measures; or
``(bb) suspend the
certification of the facility.
``(II) Recommendation of additional
security measures.--If the Secretary
suspends the certification of an
expedited approval facility under
subclause (I), the Secretary shall--
``(aa) recommend specific
additional security measures
that, if made part of the site
security plan by the facility,
would enable the Secretary to
approve the site security plan;
and
``(bb) provide the facility
an opportunity to submit a new
or modified site security plan
and certification under
subparagraph (A).
``(III) <>
Submission; review.--If an expedited
approval facility determines to submit a
new or modified site security plan and
certification as authorized under
subclause (II)(bb)--
``(aa) not later than 90
days after the date on which the
facility receives
recommendations under subclause
(II)(aa), the facility shall
submit the new or modified plan
and certification; and
``(bb) not later than 45
days after the date on which the
Secretary receives the new or
modified plan under item (aa),
the Secretary shall review the
plan and determine whether the
plan is facially deficient.
``(IV) Determination not to include
additional security measures.--
``(aa) Revocation of
certification.--If an expedited
approval facility does not agree
to include in its site security
plan specific additional
security measures recommended by
the Secretary under subclause
(II)(aa), or does not submit a
new or modified site security
plan in accordance with
subclause (III), the Secretary
may revoke the certification of
the facility by issuing an order
under section 2104(a)(1)(B).

[[Page 2906]]

``(bb) Effect of
revocation.--If the Secretary
revokes the certification of an
expedited approval facility
under item (aa) by issuing an
order under section
2104(a)(1)(B)--
``(AA) the order shall
require the owner or
operator of the facility to
submit a site security plan
or alternative security
program for review by the
Secretary review under
subsection (c)(1); and
``(BB) the facility
shall no longer be eligible
to certify a site security
plan under this paragraph.
``(V) <>
Facial deficiency.--If the Secretary
determines that a new or modified site
security plan submitted by an expedited
approval facility under subclause (III)
is facially deficient--
``(aa) <>
not later than 120 days after
the date of the determination,
the owner or operator of the
facility shall submit a site
security plan or alternative
security program for review by
the Secretary under subsection
(c)(1); and

``(bb) <>
the facility shall no longer be
eligible to certify a site
security plan under this
paragraph.
``(H) Templates.--
``(i) In general.--The Secretary may develop
prescriptive site security plan templates with
specific security measures to meet the risk-based
performance standards under subsection (a)(2)(C)
for adoption and certification by a covered
chemical facility assigned to tier 3 or 4 in lieu
of developing and certifying its own plan.
``(ii) Applicability of other laws to
development and issuance of initial site security
plan templates and related guidance.--During the
period before the Secretary has met the deadline
under subparagraph (B)(i), in developing and
issuing, or amending, the site security plan
templates under this subparagraph, in issuing
guidance for implementation of the templates, and
in collecting information from expedited approval
facilities, the Secretary shall not be subject
to--
``(I) section 553 of title 5, United
States Code;
``(II) subchapter I of chapter 35 of
title 44, United States Code; or
``(III) section 2107(b) of this
title.
``(iii) Rule of construction.--Nothing in this
subparagraph shall be construed to prevent a
covered chemical facility from developing and
certifying its own security plan in accordance
with subparagraph (A).
``(I) Evaluation.--
``(i) <>  In general.--Not
later than 18 months after the date of enactment
of the Protecting and Securing Chemical Facilities
from Terrorist Attacks Act of 2014, the Secretary
shall take any appropriate action necessary for a
full evaluation of the expedited approval program
authorized under this paragraph, including

[[Page 2907]]

conducting an appropriate number of inspections,
as authorized under subsection (d), of expedited
approval facilities.
``(ii) Report.--Not later than 18 months after
the date of enactment of the Protecting and
Securing Chemical Facilities from Terrorist
Attacks Act of 2014, the Secretary shall submit to
the Committee on Homeland Security and
Governmental Affairs of the Senate and the
Committee on Homeland Security and the Committee
on Energy and Commerce of the House of
Representatives a report that contains--
``(I)(aa) the number of eligible
facilities using the expedited approval
program authorized under this paragraph;
and
``(bb) the number of facilities that
are eligible for the expedited approval
program but are using the standard
process for developing and submitting a
site security plan under subsection
(a)(2)(D);
``(II) any costs and efficiencies
associated with the expedited approval
program;
``(III) the impact of the expedited
approval program on the backlog for site
security plan approval and authorization
inspections;
``(IV) <>  an
assessment of the ability of expedited
approval facilities to submit facially
sufficient site security plans;
``(V) <>  an
assessment of any impact of the
expedited approval program on the
security of chemical facilities; and
``(VI) <>
a recommendation by the Secretary on the
frequency of compliance inspections that
may be required for expedited approval
facilities.

``(d) Compliance.--
``(1) Audits and inspections.--
``(A) Definitions.--In this paragraph--
``(i) the term `nondepartmental'--
``(I) with respect to personnel,
means personnel that is not employed by
the Department; and
``(II) with respect to an entity,
means an entity that is not a component
or other authority of the Department;
and
``(ii) the term `nongovernmental'--
``(I) with respect to personnel,
means personnel that is not employed by
the Federal Government; and
``(II) with respect to an entity,
means an entity that is not an agency,
department, or other authority of the
Federal Government.
``(B) Authority to conduct audits and inspections.--
The Secretary shall conduct audits or inspections under
this title using--
``(i) employees of the Department;
``(ii) nondepartmental or nongovernmental
personnel approved by the Secretary; or
``(iii) a combination of individuals described
in clauses (i) and (ii).

[[Page 2908]]

``(C) Support personnel.--The Secretary may use
nongovernmental personnel to provide administrative and
logistical services in support of audits and inspections
under this title.
``(D) Reporting structure.--
``(i) Nondepartmental and nongovernmental
audits and inspections.--Any audit or inspection
conducted by an individual employed by a
nondepartmental or nongovernmental entity shall be
assigned in coordination with a regional
supervisor with responsibility for supervising
inspectors within the Infrastructure Security
Compliance Division of the Department for the
region in which the audit or inspection is to be
conducted.
``(ii) Requirement to report.--While an
individual employed by a nondepartmental or
nongovernmental entity is in the field conducting
an audit or inspection under this subsection, the
individual shall report to the regional supervisor
with responsibility for supervising inspectors
within the Infrastructure Security Compliance
Division of the Department for the region in which
the individual is operating.
``(iii) Approval.--The authority to approve a
site security plan under subsection (c) or
determine if a covered chemical facility is in
compliance with an approved site security plan
shall be exercised solely by the Secretary or a
designee of the Secretary within the Department.
``(E) Standards for auditors and inspectors.--The
Secretary shall prescribe standards for the training and
retraining of each individual used by the Department as
an auditor or inspector, including each individual
employed by the Department and all nondepartmental or
nongovernmental personnel, including--
``(i) minimum training requirements for new
auditors and inspectors;
``(ii) retraining requirements;
``(iii) minimum education and experience
levels;
``(iv) the submission of information as
required by the Secretary to enable determination
of whether the auditor or inspector has a conflict
of interest;
``(v) the proper certification or
certifications necessary to handle chemical-
terrorism vulnerability information (as defined in
section 27.105 of title 6, Code of Federal
Regulations, or any successor thereto);
``(vi) <>  the reporting of
any issue of non-compliance with this section to
the Secretary within 24 hours; and
``(vii) any additional qualifications for
fitness of duty as the Secretary may require.
``(F) Conditions for nongovernmental auditors and
inspectors.--If the Secretary arranges for an audit or
inspection under subparagraph (B) to be carried out by a
nongovernmental entity, the Secretary shall--
``(i) <>  prescribe
standards for the qualification of the individuals
who carry out such audits and inspections

[[Page 2909]]

that are commensurate with the standards for
similar Government auditors or inspectors; and
``(ii) ensure that any duties carried out by a
nongovernmental entity are not inherently
governmental functions.
``(2) Personnel surety.--
``(A) Personnel surety program.--For purposes of
this title, the Secretary shall establish and carry out
a Personnel Surety Program that--
``(i) does not require an owner or operator of
a covered chemical facility that voluntarily
participates in the program to submit information
about an individual more than 1 time;
``(ii) provides a participating owner or
operator of a covered chemical facility with
relevant information about an individual based on
vetting the individual against the terrorist
screening database, to the extent that such
feedback is necessary for the facility to be in
compliance with regulations promulgated under this
title; and
``(iii) provides redress to an individual--
``(I) whose information was vetted
against the terrorist screening database
under the program; and
``(II) who believes that the
personally identifiable information
submitted to the Department for such
vetting by a covered chemical facility,
or its designated representative, was
inaccurate.
``(B) Personnel surety program implementation.--To
the extent that a risk-based performance standard
established under subsection (a) requires identifying
individuals with ties to terrorism--
``(i) a covered chemical facility--
``(I) may satisfy its obligation
under the standard by using any Federal
screening program that periodically vets
individuals against the terrorist
screening database, or any successor
program, including the Personnel Surety
Program established under subparagraph
(A); and
``(II) shall--
``(aa) accept a credential
from a Federal screening program
described in subclause (I) if an
individual who is required to be
screened presents such a
credential; and
``(bb) address in its site
security plan or alternative
security program the measures it
will take to verify that a
credential or documentation from
a Federal screening program
described in subclause (I) is
current;
``(ii) visual inspection shall be sufficient
to meet the requirement under clause (i)(II)(bb),
but the facility should consider other means of
verification, consistent with the facility's
assessment of the threat posed by acceptance of
such credentials; and
``(iii) the Secretary may not require a
covered chemical facility to submit any
information about an individual unless the
individual--

[[Page 2910]]

``(I) is to be vetted under the
Personnel Surety Program; or
``(II) has been identified as
presenting a terrorism security risk.
``(C) Rights unaffected.--Nothing in this section
shall supersede the ability--
``(i) of a facility to maintain its own
policies regarding the access of individuals to
restricted areas or critical assets; or
``(ii) of an employing facility and a
bargaining agent, where applicable, to negotiate
as to how the results of a background check may be
used by the facility with respect to employment
status.
``(3) Availability of information.--The Secretary shall
share with the owner or operator of a covered chemical facility
any information that the owner or operator needs to comply with
this section.

``(e) Responsibilities of the Secretary.--
``(1) Identification of chemical facilities of interest.--In
carrying <>  out this title, the Secretary
shall consult with the heads of other Federal agencies, States
and political subdivisions thereof, relevant business
associations, and public and private labor organizations to
identify all chemical facilities of interest.
``(2) Risk assessment.--
``(A) In general.--For purposes of this title, the
Secretary shall develop a security risk assessment
approach and corresponding tiering methodology for
covered chemical facilities that incorporates the
relevant elements of risk, including threat,
vulnerability, and consequence.
``(B) Criteria for determining security risk.--The
criteria for determining the security risk of terrorism
associated with a covered chemical facility shall take
into account--
``(i) relevant threat information;
``(ii) potential severe economic consequences
and the potential loss of human life in the event
of the facility being subject to attack,
compromise, infiltration, or exploitation by
terrorists; and
``(iii) vulnerability of the facility to
attack, compromise, infiltration, or exploitation
by terrorists.
``(3) Changes in tiering.--
``(A) Maintenance of records.--The Secretary shall
document the basis for each instance in which--
``(i) tiering for a covered chemical facility
is changed; or
``(ii) a covered chemical facility is
determined to no longer be subject to the
requirements under this title.
``(B) Required information.--The records maintained
under subparagraph (A) shall include information on
whether and how the Secretary confirmed the information
that was the basis for the change or determination
described in subparagraph (A).
``(4) Semiannual performance reporting.--Not later than 6
months after the date of enactment of the Protecting and
Securing Chemical Facilities from Terrorist Attacks Act

[[Page 2911]]

of 2014, and not less frequently than once every 6 months
thereafter, the Secretary shall submit to the Committee on
Homeland Security and Governmental Affairs of the Senate and the
Committee on Homeland Security and the Committee on Energy and
Commerce of the House of Representatives a report that includes,
for the period covered by the report--
``(A) the number of covered chemical facilities in
the United States;
``(B) information--
``(i) describing--
``(I) the number of instances in
which the Secretary--
``(aa) placed a covered
chemical facility in a lower
risk tier; or

``(bb) <>
determined that a facility that
had previously met the criteria
for a covered chemical facility
under section 2101(3) no longer
met the criteria; and
``(II) the basis, in summary form,
for each action or determination under
subclause (I); and
``(ii) that is provided in a sufficiently
anonymized form to ensure that the information
does not identify any specific facility or company
as the source of the information when viewed alone
or in combination with other public information;
``(C) the average number of days spent reviewing
site security or an alternative security program for a
covered chemical facility prior to approval;
``(D) the number of covered chemical facilities
inspected;
``(E) the average number of covered chemical
facilities inspected per inspector; and
``(F) any other information that the Secretary
determines will be helpful to Congress in evaluating the
performance of the Chemical Facility Anti-Terrorism
Standards Program.
``SEC. 2103. <>  PROTECTION AND SHARING OF
INFORMATION.

``(a) In General.--Notwithstanding any other provision of law,
information developed under this title, including vulnerability
assessments, site security plans, and other security related
information, records, and documents shall be given protections from
public disclosure consistent with the protection of similar information
under section 70103(d) of title 46, United States Code.
``(b) Sharing of Information With States and Local Governments.--
Nothing in this section shall be construed to prohibit the sharing of
information developed under this title, as the Secretary determines
appropriate, with State and local government officials possessing a need
to know and the necessary security clearances, including law enforcement
officials and first responders, for the purpose of carrying out this
title, provided that such information may not be disclosed pursuant to
any State or local law.
``(c) Sharing of Information With First Responders.--
``(1) Requirement.--The Secretary shall provide to State,
local, and regional fusion centers (as that term is defined in
section 210A(j)(1)) and State and local government officials, as
the Secretary determines appropriate, such information as

[[Page 2912]]

is necessary to help ensure that first responders are properly
prepared and provided with the situational awareness needed to
respond to security incidents at covered chemical facilities.
``(2) Dissemination.--The Secretary shall disseminate
information under paragraph (1) through a medium or system
determined by the Secretary to be appropriate to ensure the
secure and expeditious dissemination of such information to
necessary selected individuals.

``(d) Enforcement Proceedings.--In any proceeding to enforce this
section, vulnerability assessments, site security plans, and other
information submitted to or obtained by the Secretary under this title,
and related vulnerability or security information, shall be treated as
if the information were classified information.
``(e) Availability of Information.--Notwithstanding any other
provision of law (including section 552(b)(3) of title 5, United States
Code), section 552 of title 5, United States Code (commonly known as the
`Freedom of Information Act') shall not apply to information protected
from public disclosure pursuant to subsection (a) of this section.
``(f) Sharing of Information With Members of Congress.--Nothing in
this section shall prohibit the Secretary from disclosing information
developed under this title to a Member of Congress in response to a
request by a Member of Congress.
``SEC. 2104. <>  CIVIL ENFORCEMENT.

``(a) Notice of Noncompliance.--
``(1) <>  Notice.--If the
Secretary determines that a covered chemical facility is not in
compliance with this title, the Secretary shall--
``(A) provide the owner or operator of the facility
with--
``(i) not later than 14 days after date on
which the Secretary makes the determination, a
written notification of noncompliance that
includes a clear explanation of any deficiency in
the security vulnerability assessment or site
security plan; and
``(ii) <>  an opportunity
for consultation with the Secretary or the
Secretary's designee; and
``(B) issue to the owner or operator of the facility
an order to comply with this title by a date specified
by the Secretary in the order, which date shall be not
later than 180 days after the date on which the
Secretary issues the order.
``(2) Continued noncompliance.--If an owner or operator
remains noncompliant after the procedures outlined in paragraph
(1) have been executed, or demonstrates repeated violations of
this title, the Secretary may enter an order in accordance with
this section assessing a civil penalty, an order to cease
operations, or both.

``(b) Civil Penalties.--
``(1) Violations of orders.--Any person who violates an
order issued under this title shall be liable for a civil
penalty under section 70119(a) of title 46, United States Code.
``(2) Non-reporting chemical facilities of interest.--Any
owner of a chemical facility of interest who fails to comply
with, or knowingly submits false information under, this title
or the CFATS regulations shall be liable for a civil penalty
under section 70119(a) of title 46, United States Code.

[[Page 2913]]

``(c) Emergency Orders.--
``(1) <>  In general.--Notwithstanding
subsection (a) or any site security plan or alternative security
program approved under this title, if the Secretary determines
that there is an imminent threat of death, serious illness, or
severe personal injury, due to a violation of this title or the
risk of a terrorist incident that may affect a chemical facility
of interest, the Secretary--
``(A) <>  shall consult with
the facility, if practicable, on steps to mitigate the
risk; and
``(B) <>  may order the
facility, without notice or opportunity for a hearing,
effective immediately or as soon as practicable, to--
``(i) implement appropriate emergency security
measures; or
``(ii) cease or reduce some or all operations,
in accordance with safe shutdown procedures, if
the Secretary determines that such a cessation or
reduction of operations is the most appropriate
means to address the risk.
``(2) Limitation on delegation.--The Secretary may not
delegate the authority under paragraph (1) to any official other
than the Under Secretary responsible for overseeing critical
infrastructure protection, cybersecurity, and other related
programs of the Department appointed under section 103(a)(1)(H).
``(3) Limitation on authority.--The Secretary may exercise
the authority under this subsection only to the extent necessary
to abate the imminent threat determination under paragraph (1).
``(4) Due process for facility owner or operator.--
``(A) Written orders.--An order issued by the
Secretary under paragraph (1) shall be in the form of a
written emergency order that--
``(i) describes the violation or risk that
creates the imminent threat;
``(ii) states the security measures or order
issued or imposed; and
``(iii) describes the standards and procedures
for obtaining relief from the order.
``(B) <>  Opportunity for review.--
After issuing an order under paragraph (1) with respect
to a chemical facility of interest, the Secretary shall
provide for review of the order under section 554 of
title 5 if a petition for review is filed not later than
20 days after the date on which the Secretary issues the
order.
``(C) <>  Expiration of effectiveness of
order.--If a petition for review of an order is filed
under subparagraph (B) and the review under that
paragraph is not completed by the last day of the 30-day
period beginning on the date on which the petition is
filed, the order shall vacate automatically at the end
of that period unless the Secretary determines, in
writing, that the imminent threat providing a basis for
the order continues to exist.

``(d) Right of Action.--Nothing in this title confers upon any
person except the Secretary or his or her designee a right of action
against an owner or operator of a covered chemical facility to enforce
any provision of this title.

[[Page 2914]]

``SEC. 2105. <>  WHISTLEBLOWER PROTECTIONS.

``(a) Procedure for Reporting Problems.--
``(1) <>  Establishment of a
reporting procedure.--Not later than 180 days after the date of
enactment of the Protecting and Securing Chemical Facilities
from Terrorist Attacks Act of 2014, the Secretary shall
establish, and provide information to the public regarding, a
procedure under which any employee or contractor of a chemical
facility of interest may submit a report to the Secretary
regarding a violation of a requirement under this title.
``(2) Confidentiality.--The Secretary shall keep
confidential the identity of an individual who submits a report
under paragraph (1) and any such report shall be treated as a
record containing protected information to the extent that the
report does not consist of publicly available information.
``(3) Acknowledgment of receipt.--If a report submitted
under paragraph (1) identifies the individual making the report,
the Secretary shall promptly respond to the individual directly
and shall promptly acknowledge receipt of the report.
``(4) Steps to address problems.--The Secretary--
``(A) <>  shall review and consider
the information provided in any report submitted under
paragraph (1); and
``(B) may take action under section 2104 of this
title if necessary to address any substantiated
violation of a requirement under this title identified
in the report.
``(5) Due process for facility owner or operator.--
``(A) <>  In general.--If,
upon the review described in paragraph (4), the
Secretary determines that a violation of a provision of
this title, or a regulation prescribed under this title,
has occurred, the Secretary may--
``(i) institute a civil enforcement under
section 2104(a) of this title; or
``(ii) if the Secretary makes the
determination under section 2104(c), issue an
emergency order.
``(B) Written orders.--The action of the Secretary
under paragraph (4) shall be in a written form that--
``(i) describes the violation;
``(ii) states the authority under which the
Secretary is proceeding; and
``(iii) describes the standards and procedures
for obtaining relief from the order.
``(C) <>  Opportunity for review.--
After taking action under paragraph (4), the Secretary
shall provide for review of the action if a petition for
review is filed within 20 calendar days of the date of
issuance of the order for the action.
``(D) <>  Expiration of effectiveness of
order.--If a petition for review of an action is filed
under subparagraph (C) and the review under that
subparagraph is not completed by the end of the 30-day
period beginning on the date the petition is filed, the
action shall cease to be effective at the end of such
period unless the Secretary determines, in writing, that
the violation providing a basis for the action continues
to exist.
``(6) Retaliation prohibited.--
``(A) In general.--An owner or operator of a
chemical facility of interest or agent thereof may not
discharge an

[[Page 2915]]

employee or otherwise discriminate against an employee
with respect to the compensation provided to, or terms,
conditions, or privileges of the employment of, the
employee because the employee (or an individual acting
pursuant to a request of the employee) submitted a
report under paragraph (1).
``(B) Exception.--An employee shall not be entitled
to the protections under this section if the employee--
``(i) knowingly and willfully makes any false,
fictitious, or fraudulent statement or
representation; or
``(ii) uses any false writing or document
knowing the writing or document contains any
false, fictitious, or fraudulent statement or
entry.

``(b) Protected Disclosures.--Nothing in this title shall be
construed to limit the right of an individual to make any disclosure--
``(1) protected or authorized under section 2302(b)(8) or
7211 of title 5, United States Code;
``(2) protected under any other Federal or State law that
shields the disclosing individual against retaliation or
discrimination for having made the disclosure in the public
interest; or
``(3) to the Special Counsel of an agency, the inspector
general of an agency, or any other employee designated by the
head of an agency to receive disclosures similar to the
disclosures described in paragraphs (1) and (2).

``(c) <>
Publication of Rights.--The Secretary, in partnership with industry
associations and labor organizations, shall make publicly available both
physically and online the rights that an individual who discloses
information, including security-sensitive information, regarding
problems, deficiencies, or vulnerabilities at a covered chemical
facility would have under Federal whistleblower protection laws or this
title.

``(d) Protected Information.--All information contained in a report
made under this subsection (a) shall be protected in accordance with
section 2103.
``SEC. 2106. <>  RELATIONSHIP TO OTHER LAWS.

``(a) Other Federal Laws.--Nothing in this title shall be construed
to supersede, amend, alter, or affect any Federal law that--
``(1) regulates (including by requiring information to be
submitted or made available) the manufacture, distribution in
commerce, use, handling, sale, other treatment, or disposal of
chemical substances or mixtures; or
``(2) authorizes or requires the disclosure of any record or
information obtained from a chemical facility under any law
other than this title.

``(b) States and Political Subdivisions.--This title shall not
preclude or deny any right of any State or political subdivision thereof
to adopt or enforce any regulation, requirement, or standard of
performance with respect to chemical facility security that is more
stringent than a regulation, requirement, or standard of performance
issued under this section, or otherwise impair any right or jurisdiction
of any State with respect to chemical facilities within that State,
unless there is an actual conflict between this section and the law of
that State.

[[Page 2916]]

``SEC. 2107. <>  CFATS REGULATIONS.

``(a) General Authority.--The Secretary may, in accordance with
chapter 5 of title 5, United States Code, promulgate regulations or
amend existing CFATS regulations to implement the provisions under this
title.
``(b) Existing CFATS Regulations.--
``(1) In general.--Notwithstanding section 4(b) of the
Protecting and Securing Chemical Facilities from Terrorist
Attacks Act of 2014, each existing CFATS regulation shall remain
in effect unless the Secretary amends, consolidates, or repeals
the regulation.
``(2) <>  Repeal.--Not later
than 30 days after the date of enactment of the Protecting and
Securing Chemical Facilities from Terrorist Attacks Act of 2014,
the Secretary shall repeal any existing CFATS regulation that
the Secretary determines is duplicative of, or conflicts with,
this title.

``(c) Authority.--The Secretary shall exclusively rely upon
authority provided under this title in--
``(1) determining compliance with this title;
``(2) identifying chemicals of interest; and
``(3) determining security risk associated with a chemical
facility.
``SEC. 2108. <>  SMALL COVERED CHEMICAL
FACILITIES.

``(a) Definition.--In this section, the term `small covered chemical
facility' means a covered chemical facility that--
``(1) has fewer than 100 employees employed at the covered
chemical facility; and
``(2) is owned and operated by a small business concern (as
defined in section 3 of the Small Business Act (15 U.S.C. 632)).

``(b) Assistance to Facilities.--The Secretary may provide guidance
and, as appropriate, tools, methodologies, or computer software, to
assist small covered chemical facilities in developing the physical
security, cybersecurity, recordkeeping, and reporting procedures
required under this title.
``(c) Report.--The Secretary shall submit to the Committee on
Homeland Security and Governmental Affairs of the Senate and the
Committee on Homeland Security and the Committee on Energy and Commerce
of the House of Representatives a report on best practices that may
assist small covered chemical facilities in development of physical
security best practices.
``SEC. 2109. <>  OUTREACH TO CHEMICAL FACILITIES
OF INTEREST.

``Not later <>  than 90 days after the date
of enactment of the Protecting and Securing Chemical Facilities from
Terrorist Attacks Act of 2014, the Secretary shall establish an outreach
implementation plan, in coordination with the heads of other appropriate
Federal and State agencies, relevant business associations, and public
and private labor organizations, to--
``(1) identify chemical facilities of interest; and
``(2) make available compliance assistance materials and
information on education and training.''.

(b) Clerical Amendment.--The table of contents in section 1(b) of
the Homeland Security Act of 2002 (Public Law 107-196; 116 Stat. 2135)
is amended by adding at the end the following:

[[Page 2917]]

``TITLE XXI--CHEMICAL FACILITY ANTI-TERRORISM STANDARDS

``Sec. 2101. Definitions.
``Sec. 2102. Chemical Facility Anti-Terrorism Standards Program.
``Sec. 2103. Protection and sharing of information.-
``Sec. 2104. Civil enforcement.
``Sec. 2105. Whistleblower protections.
``Sec. 2106. Relationship to other laws.
``Sec. 2107. CFATS regulations.
``Sec. 2108. Small covered chemical facilities.
``Sec. 2109. Outreach to chemical facilities of interest.''.

SEC. 3. ASSESSMENT; REPORTS.

(a) Definitions.--In this section--
(1) the term ``Chemical Facility Anti-Terrorism Standards
Program'' means--
(A) the Chemical Facility Anti-Terrorism Standards
program initially authorized under section 550 of the
Department of Homeland Security Appropriations Act, 2007
(Public Law 109-295; 6 U.S.C. 121 note); and
(B) the Chemical Facility Anti-Terrorism Standards
Program subsequently authorized under section 2102(a) of
the Homeland Security Act of 2002, as added by section
2;
(2) the term ``Department'' means the Department of Homeland
Security; and
(3) the term ``Secretary'' means the Secretary of Homeland
Security.

(b) Third-party Assessment.--Using amounts appropriated to the
Department before the date of enactment of this Act, the Secretary shall
commission a third-party study to assess vulnerabilities of covered
chemical facilities, as defined in section 2101 of the Homeland Security
Act of 2002 (as added by section 2), to acts of terrorism.
(c) Reports.--
(1) Report to congress.--Not later than 18 months after the
date of enactment of this Act, the Secretary shall submit to the
Committee on Homeland Security and Governmental Affairs of the
Senate and the Committee on Homeland Security and the Committee
on Energy and Commerce of the House of Representatives a report
on the Chemical Facility Anti-Terrorism Standards Program that
includes--
(A) <>  a certification by the
Secretary that the Secretary has made significant
progress in the identification of all chemical
facilities of interest under section 2102(e)(1) of the
Homeland Security Act of 2002, as added by section 2,
including--
(i) a description of the steps taken to
achieve that progress and the metrics used to
measure the progress;
(ii) information on whether facilities that
submitted Top-Screens as a result of the
identification of chemical facilities of interest
were tiered and in what tiers those facilities
were placed; and
(iii) <>  an action plan to
better identify chemical facilities of interest
and bring those facilities into compliance with
title XXI of the Homeland Security Act of 2002, as
added by section 2;
(B) <>  a certification by the
Secretary that the Secretary has developed a risk
assessment approach and corresponding tiering
methodology under section 2102(e)(2)

[[Page 2918]]

of the Homeland Security Act of 2002, as added by
section 2;
(C) an assessment by the Secretary of the
implementation by the Department of the recommendations
made by the Homeland Security Studies and Analysis
Institute as outlined in the Institute's Tiering
Methodology Peer Review (Publication Number: RP12-22-
02); and
(D) a description of best practices that may assist
small covered chemical facilities, as defined in section
2108(a) of the Homeland Security Act of 2002, as added
by section 2, in the development of physical security
best practices.
(2) Annual gao report.--
(A) <>  In
general.--During the 3-year period beginning on the date
of enactment of this Act, the Comptroller General of the
United States shall submit to Congress an annual report
that assesses the implementation of this Act and the
amendments made by this Act.
(B) Initial report.--Not later than 180 days after
the date of enactment of this Act, the Comptroller
General shall submit to Congress the first report under
subparagraph (A).
(C) Second annual report.--Not later than 1 year
after the date of the initial report required under
subparagraph (B), the Comptroller General shall submit
to Congress the second report under subparagraph (A),
which shall include an assessment of the whistleblower
protections provided under section 2105 of the Homeland
Security Act of 2002, as added by section 2, and--
(i) describes the number and type of problems,
deficiencies, and vulnerabilities with respect to
which reports have been submitted under such
section 2105;
(ii) evaluates the efforts of the Secretary in
addressing the problems, deficiencies, and
vulnerabilities described in subsection (a)(1) of
such section 2105; and
(iii) <>  evaluates the
efforts of the Secretary to inform individuals of
their rights, as required under subsection (c) of
such section 2105.
(D) Third annual report.--Not later than 1 year
after the date on which the Comptroller General submits
the second report required under subparagraph (A), the
Comptroller General shall submit to Congress the third
report under subparagraph (A), which shall include an
assessment of--
(i) the expedited approval program authorized
under section 2102(c)(4) of the Homeland Security
Act of 2002, as added by section 2; and
(ii) the report on the expedited approval
program submitted by the Secretary under
subparagraph (I)(ii) of such section 2102(c)(4).
SEC. 4. <>  EFFECTIVE DATE; CONFORMING
REPEAL.

(a) Effective Date.--This Act, and the amendments made by this Act,
shall take effect on the date that is 30 days after the date of
enactment of this Act.

[[Page 2919]]

(b) Conforming Repeal.--Section 550 of the Department of Homeland
Security Appropriations Act, 2007 (Public Law 109-295; 120 Stat.
1388), <>  is repealed as of the effective date
of this Act.
SEC. 5. <>  TERMINATION.

The authority provided under title XXI of the Homeland Security Act
of 2002, as added by section 2(a), shall terminate on the date that is 4
years after the effective date of this Act.

Approved December 18, 2014.

LEGISLATIVE HISTORY--H.R. 4007:
---------------------------------------------------------------------------

HOUSE REPORTS: No. 113-491, Pt. 1 (Comm. on Homeland Security).
SENATE REPORTS: No. 113-263 (Comm. on Homeland Security and Governmental
Affairs).
CONGRESSIONAL RECORD, Vol. 160 (2014):
July 8, considered and passed House.
Dec. 10, considered and passed Senate, amended.
Dec. 11, House concurred in Senate amendment.