Download:
pdf |
pdfPt. 27
6 CFR Ch. I (1–1–13 Edition)
competent jurisdiction, or as expressly
authorized in writing by the Under
Secretary, no person, firm, or other entity may:
(1) Disclose SAFETY Act Confidential Information (as defined above) to
any person, firm, or other entity, or
(2) Use any SAFETY Act Confidential
Information for his, her, or its own
benefit or for the benefit of any other
person, firm, or other entity, unless
the applicant has consented to the release of such SAFETY Act Confidential
Information.
(c) Legends. Any person, firm, or
other entity that submits data or information to the Department under
this part may place a legend on such
data or information indicating that the
submission constitutes SAFETY Act
Confidential Information. The absence
of such a legend shall not prevent any
data or information submitted to the
Department under this part from constituting or being considered by the
Department to constitute SAFETY Act
Confidential Information.
27.245 Review and approval of site security
plans.
27.250 Inspections and audits.
27.255 Recordkeeping requirements.
Subpart C—Orders and Adjudications
27.300 Orders.
27.305 Neutral adjudications.
27.310 Commencement of adjudication proceedings.
27.315 Presiding officers for proceedings.
27.320 Prohibition on ex parte communications during proceedings.
27.325 Burden of proof.
27.330 Summary decision procedures.
27.335 Hearing procedures.
27.340 Completion of adjudication proceedings.
27.345 Appeals.
Subpart D—Other
27.400 Chemical-terrorism vulnerability information.
27.405 Review and preemption of State laws
and regulations.
27.410 Third party actions.
APPENDIX A TO PART 27—DHS CHEMICALS OF
INTEREST
AUTHORITY: Pub. L. 109–295, sec. 550.
SOURCE: 72 FR 17729, Apr. 9, 2007, unless
otherwise noted.
PART 27—CHEMICAL FACILITY
ANTI-TERRORISM STANDARDS
Subpart A—General
Subpart A—General
Sec.
27.100 Purpose.
27.105 Definitions.
27.110 Applicability.
27.115 Implementation.
27.120 Designation of a coordinating official; Consultations and technical assistance.
27.125 Severability.
Subpart B—Chemical Facility Security
Program
27.200 Information regarding security risk
for a chemical facility.
27.203 Calculating the screening threshold
quantity by security issue.
27.204 Minimum concentration by security
issue.
27.205 Determination that a chemical facility ‘‘presents a high level of security
risk.’’
27.210 Submissions schedule.
27.215 Security vulnerability assessments.
27.220 Tiering.
27.225 Site security plans.
27.230 Risk-based performance standards.
27.235 Alternative security program.
27.240 Review and approval of security vulnerability assessments.
§ 27.100 Purpose.
The purpose of this part is to enhance the security of our Nation by
furthering the mission of the Department as provided in 6 U.S.C. § 111(b)(1)
and by lowering the risk posed by certain chemical facilities.
§ 27.105 Definitions.
As used in this part:
A Commercial Grade (ACG) shall refer
to any quality or concentration of a
chemical of interest offered for commercial sale that a facility uses, stores,
manufactures, or ships.
A Placarded Amount (APA) shall refer
to the STQ for a sabotage and contamination chemical of interest, as calculated in accordance with § 27.203(d).
Alternative Security Program or ASP
shall mean a third-party or industry
organization program, a local authority, state or Federal government program or any element or aspect thereof,
that the Assistant Secretary has determined meets the requirements of this
192
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00202
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�Office of the Secretary, DHS
§ 27.105
part and provides for an equivalent
level of security to that established by
this Part.
Assistant Secretary shall mean the Assistant Secretary for Infrastructure
Protection, Department of Homeland
Security or his designee.
Chemical Facility or facility shall mean
any establishment that possesses or
plans to possess, at any relevant point
in time, a quantity of a chemical substance determined by the Secretary to
be potentially dangerous or that meets
other risk-related criteria identified by
the Department. As used herein, the
term chemical facility or facility shall
also refer to the owner or operator of
the chemical facility. Where multiple
owners and/or operators function within a common infrastructure or within a
single fenced area, the Assistant Secretary may determine that such owners and/or operators constitute a single
chemical facility or multiple chemical
facilities
depending
on
the
circumstances.
Chemical of Interest shall refer to a
chemical listed in appendix A to part
27.
Chemical Security Assessment Tool or
CSAT shall mean a suite of four applications, including User Registration,
Top-Screen, Security Vulnerability Assessment, and Site Security Plan,
through which the Department will
collect and analyze key data from
chemical facilities.
Chemical-terrorism Vulnerability Information or CVI shall mean the information listed in § 27.400(b).
Coordinating Official shall mean the
person (or his designee(s)) selected by
the Assistant Secretary to ensure that
the regulations are implemented in a
uniform, impartial, and fair manner.
Covered Facility or Covered Chemical
Facility shall mean a chemical facility
determined by the Assistant Secretary
to present high levels of security risk,
or a facility that the Assistant Secretary has determined is presumptively
high risk under § 27.200.
CUM 100g shall refer to the cumulative STQ of 100 grams for designated
theft/diversion-CW/CWP chemicals and
which is located in appendix A to part
27 as the entry for the STQ and Minimum Concentration of certain theft/
diversion-CW/CWP chemicals.
Department shall mean the Department of Homeland Security.
Deputy Secretary shall mean the Deputy Secretary of the Department of
Homeland Security or his designee.
Director of the Chemical Security Division or Director shall mean the Director
of the Chemical Security Division, Office of Infrastructure Protection, Department of Homeland Security or any
successors to that position within the
Department or his designee.
General Counsel shall mean the General Counsel of the Department of
Homeland Security or his designee.
Operator shall mean a person who has
responsibility for the daily operations
of a facility or facilities subject to this
Part.
Owner shall mean the person or entity that owns any facility subject to
this Part.
Present high levels of security risk and
high risk shall refer to a chemical facility that, in the discretion of the Secretary of Homeland Security, presents
a high risk of significant adverse consequences for human life or health, national security and/or critical economic assets if subjected to terrorist
attack, compromise, infiltration, or exploitation.
Risk profiles shall mean criteria identified by the Assistant Secretary for
determining which chemical facilities
will complete the Top-Screen or provide other risk assessment information.
Screening Threshold Quantity or STQ
shall mean the quantity of a chemical
of interest, upon which the facility’s
obligation to complete and submit the
CSAT Top-Screen is based.
Secretary or Secretary of Homeland Security shall mean the Secretary of the
Department of Homeland Security or
any person, officer or entity within the
Department to whom the Secretary’s
authority under section 550 is delegated.
Security Issue shall refer to the type
of risks associated with a given chemical. For purposes of this part, there
are four main security issues:
(1) Release (including toxic, flammable, and explosive);
(2)Theft and diversion (including
chemical weapons and chemical weapons precursors, weapons of mass effect,
193
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00203
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�§ 27.110
6 CFR Ch. I (1–1–13 Edition)
and explosives and improvised explosive device precursors),
(3) Sabotage and contamination, and
(4) Critical to government mission
and national economy.
Terrorist attack or terrorist incident
shall mean any incident or attempt
that constitutes terrorism or terrorist
activity under 6 U.S.C. 101(15) or 18
U.S.C.
2331(5)
or
8
U.S.C.
1182(a)(3)(B)(iii), including any incident
or attempt that involves or would involve sabotage of chemical facilities or
theft, misappropriation or misuse of a
dangerous quantity of chemicals.
Tier shall mean the risk level associated with a covered chemical facility
and which is assigned to a facility by
the Department. For purposes of this
part, there are four risk-based tiers,
ranging from highest risk at Tier 1 to
lowest risk at Tier 4.
Top-Screen shall mean an initial
screening process designed by the Assistant Secretary through which chemical facilities provide information to
the Department for use pursuant to
§ 27.200 of these regulations.
Under Secretary shall mean the Under
Secretary for National Protection and
Programs, Department of Homeland
Security or any successors to that position within the Department or his
designee.
[72 FR 17729, Apr. 9, 2007, as amended at 72
FR 65418, Nov. 20, 2007]
§ 27.110
Applicability.
(a) This part applies to chemical facilities and to covered facilities as set
out herein.
(b) This part does not apply to facilities regulated pursuant to the Maritime Transportation Security Act of
2002, Pub. L. 107–295, as amended; Public Water Systems, as defined by section 1401 of the Safe Drinking Water
Act, Pub. L. 93–523, as amended; Treatment Works as defined in section 212 of
the Federal Water Pollution Control
Act, Pub. L. 92–500, as amended; any facility owned or operated by the Department of Defense or the Department of
Energy, or any facility subject to regulation by the Nuclear Regulatory Commission.
§ 27.115 Implementation.
The Assistant Secretary may implement the section 550 program in a
phased
manner,
selecting
certain
chemical facilities for expedited initial
processes under these regulations and
identifying other chemical facilities or
types or classes of chemical facilities
for other phases of program implementation. The Assistant Secretary has
flexibility to designate particular
chemical facilities for specific phases
of program implementation based on
potential risk or any other factor consistent with this Part.
§ 27.120 Designation of a coordinating
official; Consultations and technical
assistance.
(a) The Assistant Secretary will designate a Coordinating Official who will
be responsible for ensuring that these
regulations are implemented in a uniform, impartial, and fair manner.
(b) The Coordinating Official and his
staff shall provide guidance to covered
facilities regarding compliance with
this part and shall, as necessary and to
the extent that resources permit, be
available to consult and to provide
technical assistance to an owner or operator who seeks such consultation or
assistance.
(c) In order to initiate consultations
or seek technical assistance, a covered
facility shall submit a written request
for consultation or technical assistance
to the Coordinating Official or contact
the Department in any other manner
specified in any subsequent guidance.
Requests for consultation or technical
guidance do not serve to toll any of the
applicable timelines set forth in this
Part.
(d) If a covered facility modifies its
facility, processes, or the types or
quantities of materials that it possesses, and believes that such changes
may impact the covered facility’s obligations under this Part, the covered facility may request a consultation with
the Coordinating Official as specified
in paragraph (c).
§ 27.125 Severability.
If a court finds any portion of this
part to have been promulgated without
proper authority, the remainder of this
part will remain in full effect.
194
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00204
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�Office of the Secretary, DHS
§ 27.203
Subpart B—Chemical Facility
Security Program
§ 27.200 Information regarding security risk for a chemical facility.
(a) Information to determine security
risk. In order to determine the security
risk posed by chemical facilities, the
Secretary may, at any time, request
information from chemical facilities
that may reflect potential consequences of or vulnerabilities to a terrorist attack or incident, including
questions specifically related to the
nature of the business and activities
conducted at the facility; information
concerning the names, nature, conditions of storage, quantities, volumes,
properties, customers, major uses, and
other pertinent information about specific chemicals or chemicals meeting a
specific criterion; information concerning facilities’ security, safety, and
emergency response practices, operations, and procedures; information regarding incidents, history, funding, and
other matters bearing on the effectiveness of the security, safety and emergency response programs, and other information as necessary.
(b) Obtaining information from facilities. (1) The Assistant Secretary may
seek the information provided in paragraph (a) of this section by contacting
chemical facilities individually or by
publishing a notice in the FEDERAL
REGISTER seeking information from
chemical facilities that meet certain
criteria, which the Department will use
to determine risk profiles. Through
any such individual or FEDERAL REGISTER notification, the Assistant Secretary may instruct such facilities to
complete and submit a Top-Screen
process, which may be completed
through a secure Department Web site
or through other means approved by
the Assistant Secretary.
(2) A facility must complete and submit a Top-Screen in accordance with
the schedule provided in § 27.210, the
calculation provisions in § 27.203, and
the minimum concentration provisions
in § 27.204 if it possesses any of the
chemicals listed in appendix A to this
part at or above the STQ for any applicable Security Issue.
(3) Where the Department requests
that a facility complete and submit a
Top-Screen, the facility must designate a person who is responsible for
the submission of information through
the CSAT system and who attests to
the accuracy of the information contained in any CSAT submissions. Such
submitter must be an officer of the corporation or other person designated by
an officer of the corporation and must
be domiciled in the United States.
(c) Presumptively High Risk Facilities.
(1) If a chemical facility subject to
paragraph (a) or (b) of this section fails
to provide information requested or
complete the Top-Screen within the
timeframe provided in § 27.210, the Assistant Secretary may, after attempting to consult with the facility, reach a
preliminary determination, based on
the information then available, that
the facility presumptively presents a
high level of security risk. The Assistant Secretary shall then issue a notice
to the entity of this determination
and, if necessary, order the facility to
provide information or complete the
Top-Screen pursuant to these rules. If
the facility then fails to do so, it may
be subject to civil penalties pursuant
to § 27.300, audit and inspection under
§ 27.250 or, if appropriate, an order to
cease operations under § 27.300.
(2) If the facility deemed ‘‘presumptively high risk’’ pursuant to paragraph (c)(1) of this section completes
the Top-Screen, and the Department
determines that it does not present a
high level of security risk under
§ 27.205, its status as ‘‘presumptively
high risk’’ will terminate, and the Department will issue a notice to the facility to that effect.
[72 FR 17729, Apr. 9, 2007, as amended at 72
FR 65418, Nov. 20, 2007]
§ 27.203 Calculating
the
screening
threshold quantity by security
issue.
(a) General. In calculating whether a
facility possesses a chemical of interest that meets the STQ for any security issue, a facility need not include
chemicals of interest:
(1) Used as a structural component;
(2) Used as products for routine janitorial maintenance;
(3) Contained in food, drugs, cosmetics, or other personal items used by
employees;
195
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00205
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�§ 27.203
6 CFR Ch. I (1–1–13 Edition)
(4) In process water or non-contact
cooling water as drawn from environment or municipal sources;
(5) In air either as compressed air or
as part of combustion;
(6) Contained in articles, as defined
in 40 CFR 68.3;
(7) In solid waste (including hazardous waste) regulated under the Resource Conservation and Recovery Act,
42 U.S.C. 6901 et. seq., except for the
waste described in 40 CFR 261.33;
(8) in naturally occurring hydrocarbon mixtures prior to entry of the
mixture into a natural gas processing
plant or a petroleum refining process
unit. Naturally occurring hydrocarbon
mixtures include condensate, crude oil,
field gas, and produced water as defined
in 40 CFR 68.3.
(b) Release Chemicals—(1) ReleaseToxic, Release-Flammable, and ReleaseExplosive Chemicals. Except as provided
in paragraphs (b)(2) and (b)(3), in calculating whether a facility possesses an
amount that meets the STQ for release
chemicals of interest, the facility shall
only include release chemicals of interest:
(i) In a vessel as defined in 40 CFR
68.3, in a underground storage facility,
or stored in a magazine as defined in 27
CFR 555.11;
(ii) In transportation containers used
for storage not incident to transportation, including transportation containers connected to equipment at a facility for loading or unloading and
transportation containers detached
from the motive power that delivered
the container to the facility;
(iii) Present as process intermediates, by-products, or materials produced incidental to the production of a
product if they exist at any given time;
(iv) In natural gas or liquefied natural gas stored in peak shaving facilities; and
(v) In gasoline, diesel, kerosene or jet
fuel (including fuels that have flammability hazard ratings of 1, 2, 3, or 4, as
determined by using National Fire Protection Association (NFPA) 704: Standard System for the Identification of the
Hazards of Materials for Emergency
Response [2007 ed.], which is incorporated by reference at 27.204(a)(2))
stored in aboveground tank farms, in-
cluding tank farms that are part of
pipeline systems;
(2)
Release-Toxic,
Release-Flammable, and Release-Explosive Chemicals. Except as provided in paragraph
(c)(2)(i), in calculating whether a facility possesses an amount that meets the
STQ for release-toxic, release-flammable, and release-explosive chemicals,
a facility need not include releasetoxic, release-flammable, or release-explosive chemicals of interest that a facility manufactures, processes or uses
in a laboratory at the facility under
the supervision of a technically qualified individual as defined in 40 CFR
720.3.
(i) This exemption does not apply to
specialty chemical production; manufacture, processing, or use of substances in pilot plant scale operations;
or activities, including research and
development, involving chemicals of
interest conducted outside the laboratory.
(ii) [Reserved]
(3) Propane. In calculating whether a
facility possesses an amount that
meets the STQ for propane, a facility
need not include propane in tanks of
10,000 pounds or less.
(c) Theft and Diversion Chemicals. In
calculating whether a facility possesses an amount of a theft/diversion
chemical of interest that meets the
STQ, the facility shall only include
theft/diversion chemicals of interest in
a transportation packaging, as defined
in 49 CFR 171.8. Where a theft/diversion-Chemical Weapons (CW) chemical
is designated by ‘‘CUM 100g,’’ a facility
shall total the quantity of all such designated chemicals in its possession to
determine whether the facility possesses theft/diversion-CW chemicals
that meet or exceed the STQ of 100
grams.
(d) Sabotage and Contamination Chemicals. A facility meets the STQ for a
sabotage/contamination chemical of interest if it ships the chemical and is required to placard the shipment of that
chemical pursuant to the provisions of
subpart F of 49 CFR part 172.
[72 FR 65419, Nov. 20, 2007]
196
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00206
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�Office of the Secretary, DHS
§ 27.204
§ 27.204 Minimum concentration by security issue.
(a) Release Chemicals—(1) ReleaseToxic Chemicals. If a release-toxic
chemical of interest is present in a
mixture, and the concentration of the
chemical is equal to or greater than
one percent (1%) by weight, the facility
shall count the amount of the chemical
of interest in the mixture toward the
STQ. If a release-toxic chemical of interest is present in a mixture, and the
concentration of the chemical is less
than one percent (1%) by weight of the
mixture, the facility need not count
the amount of that chemical in the
mixture in determining whether the facility possesses the STQ. Except for
oleum, if the concentration of the
chemical of interest in the mixture is
one percent (1%) or greater by weight,
but the facility can demonstrate that
the partial pressure of the regulated
substance in the mixture (solution)
under handling or storage conditions in
any portion of the process is less than
10 millimeters of mercury (mm Hg),
the amount of the substance in the
mixture in that portion of a vessel need
not be considered when determining
the STQ. The facility shall document
this partial pressure measurement or
estimate.
(2) Release-Flammable Chemicals. If a
release-flammable chemical of interest
is present in a mixture in a concentration equal to or greater than one percent (1%) by weight of the mixture, and
the mixture has a National Fire Protection Association (NFPA) flammability hazard rating of 4, the facility
shall count the entire amount of the
mixture toward the STQ. Except as
provided in § 27.203(b)(1)(v) for fuels
that are stored in aboveground tank
farms (including farms that are part of
pipeline systems), if a release-flammable chemical of interest is present
in a mixture in a concentration equal
to or greater than one percent (1%) by
weight of the mixture, and the mixture
has a National Fire Protection Association (NFPA) flammability hazard
rating of 1, 2, or 3, the facility need not
count the mixture toward the STQ.
The flammability hazard ratings are
defined in NFPA 704: Standard System
for the Identification of the Hazards of
Materials for Emergency Response
[2007 ed.]. The Director of the Federal
Register approves the incorporation by
reference of this standard in accordance with 5 U.S.C. 552(a) and 1 CFR
part 51. You may obtain a copy of the
incorporated standard from the National Fire Protection Association at 1
Batterymarch Park, Quincy, MA 02169–
7471 or http://www.nfpa.org. You may inspect a copy of the incorporated standard at the Department of Homeland Security, 1621 Kent Street, 9th Floor,
Rosslyn VA (please call 703–235–0709) to
make an appointment or at the or at
the National Archives and Records Administration (NARA). For information
on the availability of material at
NARA, call 202–741–6030, or go to http://
www.archives.gov/federallregister/
codeloflfederallregulations/
ibrllocations.html. If a release-flammable chemical of interest is present
in a mixture, and the concentration of
the chemical is less than one percent
(1%) by weight, the facility need not
count the mixture in determining
whether the facility possesses the STQ.
(3) Release-Explosive Chemicals. For
each release-explosive chemical of interest, a facility shall count the total
quantity of all commercial grades of
the chemical of interest toward the
STQ, unless a specific minimum concentration is assigned in the Minimum
Concentration column of appendix A to
part 27, in which case the facility
should count the total quantity of all
commercial grades of the chemical at
the specified minimum concentration.
(b) Theft and Diversion Chemicals. (1)
Theft/Diversion-Chemical
Weapons
(CW) and Chemical Weapons Precursors
(CWP Chemicals: Where a theft/diversion-CWC/CWP chemical of interest is
not designated by ‘‘CUM 100g’’ in appendix A, and the chemical is present
in a mixture at or above the minimum
concentration amount listed in the
Minimum Concentration column of appendix A to part 27, the facility shall
count the entire amount of the mixture
toward the STQ.
(2) Theft/Diversion-Weapon of Mass
Effect (WME) Chemicals: If a theft/diversion-WME chemical of interest is
present in a mixture at or above the
minimum concentration amount listed
in the Minimum Concentration column
of appendix A to part 27, the facility
197
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00207
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�§ 27.205
6 CFR Ch. I (1–1–13 Edition)
shall count the entire amount of the
mixture toward the STQ.
(3) Theft/Diversion-Explosives/Improvised Explosive Device Precursor (EXP/
IEDP) Chemicals. For each theft/diversion-EXP/IEDP chemical of interest, a
facility shall count the total quantity
of all commercial grades of the chemical toward the STQ, unless a specific
minimum concentration is assigned in
the Minimum Concentration column of
appendix A to part 27, in which case
the facility should count the total
quantity of all commercial grades of
the chemical at the specified minimum
concentration.
(c) Sabotage and Contamination Chemicals. For each sabotage/contamination
chemical of interest, a facility shall
count the total quantity of all commercial grades of the chemical toward
the STQ.
[72 FR 65419, Nov. 20, 2007]
§ 27.205 Determination that a chemical
facility ‘‘presents a high level of security risk.’’
(a) Initial Determination. The Assistant Secretary may determine at any
time that a chemical facility presents
a high level of security risk based on
any information available (including
any information submitted to the Department under § 27.200) that, in the
Secretary’s discretion, indicates the
potential that a terrorist attack involving the facility could result in significant adverse consequences for
human life or health, national security
or critical economic assets. Upon determining that a facility presents a
high level of security risk, the Department shall notify the facility in writing of such initial determination and
may also notify the facility of the Department’s preliminary determination
of the facility’s placement in a riskbased tier pursuant to § 27.220(a).
(b) Redetermination. If a covered facility previously determined to present a
high level of security risk has materially altered its operations, it may seek
a redetermination by filing a Request
for Redetermination with the Assistant
Secretary, and may request a meeting
regarding the Request. Within 45 calendar days of receipt of such a Request,
or within 45 calendar days of a meeting
under this paragraph, the Assistant
Secretary shall notify the covered facility in writing of the Department’s
decision on the Request for Redetermination.
§ 27.210 Submissions schedule.
(a) Initial Submission. The timeframes
in paragraphs (a)(2) and (a)(3) of this
section also apply to covered facilities
that submit an Alternative Security
Program pursuant to § 27.235.
(1) Top-Screen. Facilities shall complete and submit a Top-Screen within
the following time frames:
(i) Unless otherwise notified, within
60 calendar days of November 20, 2007
for facilities that possess any of the
chemicals listed in appendix A at or
above the STQ for any applicable Security Issue, or within 60 calendar days
for facilities that come into possession
of any of the chemicals listed in appendix A at or above the STQ for any applicable Security Issue; or
(ii) Within the time frame provided
in any written notification from the
Department or specified in any subsequent FEDERAL REGISTER notice.
(2) Security Vulnerability Assessment.
Unless otherwise notified, a covered facility must complete and submit a Security Vulnerability Assessment within 90 calendar days of written notification from the Department or within
the time frame specified in any subsequent FEDERAL REGISTER notice.
(3) Site Security Plan. Unless otherwise notified, a covered facility must
complete and submit a Site Security
Plan within 120 calendar days of written notification from the Department
or within the time frame specified in
any subsequent FEDERAL REGISTER notice.
(b) Resubmission Schedule for Covered
Facilities. The timeframes in this subsection also apply to covered facilities
who submit an Alternative Security
Program pursuant to § 27.235.
(1) Top-Screen. Unless otherwise notified, Tier 1 and Tier 2 covered facilities
must complete and submit a new TopScreen no less than two years, and no
more than two years and 60 calendar
days, from the date of the Department’s approval of the facility’s Site
Security Plan; and Tier 3 and Tier 4
covered facilities must complete and
submit a Top-Screen no less than 3
198
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00208
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�Office of the Secretary, DHS
§ 27.215
years, and no more than 3 years and 60
calendar days, from the date of the Department’s approval of the facility’s
Site Security Plan.
(2) Security Vulnerability Assessment.
Unless otherwise notified and following
a Top-Screen resubmission pursuant to
paragraph (b)(1) of this section, a covered facility must complete and submit
a new Security Vulnerability Assessment within 90 calendar days of written notification from the Department
or within the time frame specified in
any subsequent FEDERAL REGISTER notice.
(3) Site Security Plan. Unless otherwise notified and following a Security
Vulnerability Assessment resubmission
pursuant to paragraph (b)(2) of this section , a covered facility must complete
and submit a new Site Security Plan
within 120 calendar days of written notification from the Department or
within the time frame specified in any
subsequent FEDERAL REGISTER notice.
(c) The Assistant Secretary retains
the authority to modify the schedule in
this part as needed. The Assistant Secretary may shorten or extend these
time periods based on the operations at
the facility, the nature of the covered
facility’s vulnerabilities, the level and
immediacy of security risk, or for
other reasons. If the Department alters
the time periods for a specific facility,
the Department will do so in written
notice to the facility.
(d) If a covered facility makes material modifications to its operations or
site, the covered facility must complete and submit a revised Top-Screen
to the Department within 60 days of
the material modification. In accordance with the resubmission requirements in § 27.210(b)(2) and (3), the Department will notify the covered facility as to whether the covered facility
must submit a revised Security Vulnerability Assessment, Site Security Plan,
or both.
[72 FR 17729, Apr. 9, 2007, as amended at 72
FR 65420, Nov. 20, 2007]
§ 27.215 Security vulnerability assessments.
(a) Initial Assessment. If the Assistant
Secretary determines that a chemical
facility is high-risk, the facility must
complete a Security Vulnerability As-
sessment. A Security Vulnerability Assessment shall include:
(1) Asset Characterization, which includes the identification and characterization of potential critical assets;
identification of hazards and consequences of concern for the facility,
its surroundings, its identified critical
asset(s), and its supporting infrastructure; and identification of existing layers of protection;
(2) Threat Assessment, which includes a description of possible internal threats, external threats, and internally-assisted threats;
(3) Security Vulnerability Analysis,
which includes the identification of potential security vulnerabilities and the
identification of existing countermeasures and their level of effectiveness in both reducing identified
vulnerabilities and in meeting the applicable
Risk-Based
Performance
Standards;
(4) Risk Assessment, including a determination of the relative degree of
risk to the facility in terms of the expected effect on each critical asset and
the likelihood of a success of an attack; and
(5) Countermeasures Analysis, including strategies that reduce the
probability of a successful attack or reduce the probable degree of success,
strategies that enhance the degree of
risk reduction, the reliability and
maintainability of the options, the capabilities and effectiveness of mitigation options, and the feasibility of the
options.
(b) Except as provided in § 27.235, a
covered facility must complete the Security
Vulnerability
Assessment
through the CSAT process, or through
any other methodology or process identified or issued by the Assistant Secretary.
(c) Covered facilities must submit a
Security Vulnerability Assessment to
the Department in accordance with the
schedule provided in § 27.210.
(d) Updates and Revisions. (1) A covered facility must update and revise its
Security Vulnerability Assessment in
accordance with the schedule provided
in § 27.210.
(2) Notwithstanding paragraph (d)(1)
of this section, a covered facility must
199
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00209
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�§ 27.220
6 CFR Ch. I (1–1–13 Edition)
update, revise or otherwise alter its Security Vulnerability Assessment to account for new or differing modes of potential terrorist attack or for other security-related reasons, if requested by
the Assistant Secretary.
§ 27.220 Tiering.
(a) Preliminary Determination of RiskBased Tiering. Based on the information
the Department receives in accordance
with §§ 27.200 and 27.205 (including information submitted through the TopScreen process) and following its initial determination in § 27.205(a) that a
facility presents a high level of security risk, the Department shall notify
a facility of the Department’s preliminary determination of the facility’s
placement in a risk-based tier.
(b) Confirmation or Alteration of RiskBased Tiering. Following review of a
covered facility’s Security Vulnerability Assessment, the Assistant Secretary shall notify the covered facility
of its final placement within a riskbased tier, or for covered facilities previously notified of a preliminary
tiering, confirm or alter such tiering.
(c) The Department shall place covered facilities in one of four risk-based
tiers, ranging from highest risk facilities in Tier 1 to lowest risk facilities in
Tier 4.
(d) The Assistant Secretary may provide the facility with guidance regarding the risk-based performance standards and any other necessary guidance
materials applicable to its assigned
tier.
§ 27.225 Site security plans.
(a) The Site Security Plan must meet
the following standards:
(1) Address each vulnerability identified in the facility’s Security Vulnerability Assessment, and identify and
describe the security measures to address each such vulnerability;
(2) Identify and describe how security
measures selected by the facility will
address the applicable risk-based performance standards and potential
modes of terrorist attack including, as
applicable, vehicle-borne explosive devices, water-borne explosive devices,
ground assault, or other modes or potential modes identified by the Department;
(3) Identify and describe how security
measures selected and utilized by the
facility will meet or exceed each applicable performance standard for the appropriate risk-based tier for the facility; and
(4) Specify other information the Assistant Secretary deems necessary regarding chemical facility security.
(b) Except as provided in § 27.235, a
covered facility must complete the
Site Security Plan through the CSAT
process, or through any other methodology or process identified or issued by
the Assistant Secretary.
(c) Covered facilities must submit a
Site Security Plan to the Department
in accordance with the schedule provided in § 27.210.
(d) Updates and Revisions. (1) When a
covered facility updates, revises or otherwise alters its Security Vulnerability
Assessment pursuant to § 27.215(d), the
covered facility shall make corresponding changes to its Site Security
Plan.
(2) A covered facility must also update and revise its Site Security Plan
in accordance with the schedule in
§ 27.210.
(e) A covered facility must conduct
an annual audit of its compliance with
its Site Security Plan.
§ 27.230 Risk-based
performance
standards.
(a) Covered facilities must satisfy the
performance standards identified in
this section. The Assistant Secretary
will issue guidance on the application
of these standards to risk-based tiers of
covered facilities, and the acceptable
layering of measures used to meet
these standards will vary by risk-based
tier. Each covered facility must select,
develop in their Site Security Plan,
and implement appropriately riskbased measures designed to satisfy the
following performance standards:
(1) Restrict Area Perimeter. Secure and
monitor the perimeter of the facility;
(2) Secure Site Assets. Secure and monitor restricted areas or potentially
critical targets within the facility;
(3) Screen and Control Access. Control
access to the facility and to restricted
areas within the facility by screening
and/or inspecting individuals and vehicles as they enter, including,
200
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00210
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�Office of the Secretary, DHS
§ 27.230
(i) Measures to deter the unauthorized introduction of dangerous substances and devices that may facilitate
an attack or actions having serious
negative consequences for the population surrounding the facility; and
(ii) Measures implementing a regularly updated identification system
that checks the identification of facility personnel and other persons seeking access to the facility and that discourages abuse through established disciplinary measures;
(4) Deter, Detect, and Delay. Deter, detect, and delay an attack, creating sufficient time between detection of an
attack and the point at which the attack becomes successful, including
measures to:
(i) Deter vehicles from penetrating
the facility perimeter, gaining unauthorized access to restricted areas or
otherwise presenting a hazard to potentially critical targets;
(ii) Deter attacks through visible,
professional, well maintained security
measures and systems, including security personnel, detection systems, barriers and barricades, and hardened or
reduced value targets;
(iii) Detect attacks at early stages,
through countersurveillance, frustration of opportunity to observe potential targets, surveillance and sensing
systems, and barriers and barricades;
and
(iv) Delay an attack for a sufficient
period of time so to allow appropriate
response through on-site security response, barriers and barricades, hardened targets, and well-coordinated response planning;
(5) Shipping, Receipt, and Storage. Secure and monitor the shipping, receipt,
and storage of hazardous materials for
the facility;
(6) Theft and Diversion. Deter theft or
diversion of potentially dangerous
chemicals;
(7) Sabotage. Deter insider sabotage;
(8) Cyber. Deter cyber sabotage, including by preventing unauthorized onsite or remote access to critical process controls, such as Supervisory Control and Data Acquisition (SCADA)
systems, Distributed Control Systems
(DCS), Process Control Systems (PCS),
Industrial Control Systems (ICS), crit-
ical business system, and other sensitive computerized systems;
(9) Response. Develop and exercise an
emergency plan to respond to security
incidents internally and with assistance of local law enforcement and first
responders;
(10) Monitoring. Maintain effective
monitoring, communications and warning systems, including,
(i) Measures designed to ensure that
security systems and equipment are in
good working order and inspected, tested, calibrated, and otherwise maintained;
(ii) Measures designed to regularly
test security systems, note deficiencies, correct for detected deficiencies, and record results so that
they are available for inspection by the
Department; and
(iii) Measures to allow the facility to
promptly identify and respond to security system and equipment failures or
malfunctions;
(11) Training. Ensure proper security
training, exercises, and drills of facility personnel;
(12) Personnel Surety. Perform appropriate background checks on and ensure appropriate credentials for facility personnel, and as appropriate, for
unescorted visitors with access to restricted areas or critical assets, including,
(i) Measures designed to verify and
validate identity;
(ii) Measures designed to check
criminal history;
(iii) Measures designed to verify and
validate legal authorization to work;
and
(iv) Measures designed to identify
people with terrorist ties;
(13) Elevated Threats. Escalate the
level of protective measures for periods
of elevated threat;
(14) Specific Threats, Vulnerabilities, or
Risks.
Address
specific
threats,
vulnerabilities or risks identified by
the Assistant Secretary for the particular facility at issue;
(15) Reporting of Significant Security
Incidents. Report significant security
incidents to the Department and to
local law enforcement officials;
(16) Significant Security Incidents and
Suspicious Activities. Identify, investigate, report, and maintain records of
201
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00211
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�§ 27.235
6 CFR Ch. I (1–1–13 Edition)
significant security incidents and suspicious activities in or near the site;
(17) Officials and Organization. Establish official(s) and an organization responsible for security and for compliance with these standards;
(18) Records. Maintain appropriate
records; and
(19) Address any additional performance standards the Assistant Secretary
may specify.
(b) [Reserved]
§ 27.235 Alternative security program.
(a) Covered facilities may submit an
Alternate Security Program (ASP) pursuant to the requirements of this section. The Assistant Secretary may approve an Alternate Security Program,
in whole, in part, or subject to revisions or supplements, upon a determination that the Alternate Security
Program meets the requirements of
this part and provides for an equivalent
level of security to that established by
this Part.
(1) A Tier 4 facility may submit an
ASP in lieu of a Security Vulnerability
Assessment, Site Security Plan, or
both.
(2) Tier 1, Tier 2, or Tier 3 facilities
may submit an ASP in lieu of a Site
Security Plan. Tier 1, Tier 2, and Tier
3 facilities may not submit an ASP in
lieu of a Security Vulnerability Assessment.
(b) The Department will provide notice to a covered facility about the approval or disapproval, in whole or in
part, of an ASP, using the procedure
specified in § 27.240 if the ASP is intended to take the place of a Security
Vulnerability Assessment or using the
procedure specified in § 27.245 if the
ASP is intended to take the place of a
Site Security Plan.
§ 27.240 Review and approval of security vulnerability assessments.
(a) Review and Approval. The Department will review and approve in writing all Security Vulnerability Assessments that satisfy the requirements of
§ 27.215, including Alternative Security
Programs
submitted
pursuant
to
§ 27.235.
(b) If a Security Vulnerability Assessment does not satisfy the requirements of § 27.215, the Department will
provide the facility with a written notification that includes a clear explanation of deficiencies in the Security
Vulnerability Assessment. The facility
shall then enter further consultations
with the Department and resubmit a
sufficient Security Vulnerability Assessment by the time specified in the
written notification provided by the
Department under this section. If the
resubmitted Security Vulnerability Assessment does not satisfy the requirements of § 27.215, the Department will
provide the facility with written notification (including a clear explanation of
deficiencies in the SVA) of the Department’s disapproval of the SVA.
§ 27.245 Review and approval of site
security plans.
(a) Review and Approval. (1) The Department will review and approve or
disapprove all Site Security Plans that
satisfy the requirements of § 27.225, including Alternative Security Programs
submitted pursuant to § 27.235.
(i) The Department will review Site
Security Plans through a two-step
process. Upon receipt of Site Security
Plan from the covered facility, the Department will review the documentation and make a preliminary determination as to whether it satisfies the
requirements of § 27.225. If the Department finds that the requirements are
satisfied, the Department will issue a
Letter of Authorization to the covered
facility.
(ii) Following issuance of the Letter
of Authorization, the Department will
inspect the covered facility in accordance with § 27.250 for purposes of determining compliance with the requirements of this Part.
(iii) If the Department approves the
Site Security Plan in accordance with
§ 27.250, the Department will issue a
Letter of Approval to the facility, and
the facility shall implement the approved Site Security Plan.
(2) The Department will not disapprove a Site Security Plan submitted
under this part based on the presence
or absence of a particular security
measure. The Department may disapprove a Site Security Plan that fails
to satisfy the risk-based performance
standards established in § 27.230.
202
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00212
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�Office of the Secretary, DHS
§ 27.250
(b) When the Department disapproves
a preliminary Site Security Plan
issued prior to inspection or a Site Security Plan following inspection, the
Department will provide the facility
with a written notification that includes a clear explanation of deficiencies in the Site Security Plan. The
facility shall then enter further consultations with the Department and resubmit a sufficient Site Security Plan
by the time specified in the written notification provided by the Department
under this section. If the resubmitted
Site Security Plan does not satisfy the
requirements of § 27.225, the Department will provide the facility with
written notification (including a clear
explanation of deficiencies in the SSP)
of the Department’s disapproval of the
SSP.
§ 27.250 Inspections and audits.
(a) Authority. In order to assess compliance with the requirements of this
Part, authorized Department officials
may enter, inspect, and audit the property,
equipment,
operations,
and
records of covered facilities.
(b) Following preliminary approval of
a Site Security Plan in accordance
with § 27.245, the Department will inspect the covered facility for purposes
of determining compliance with the requirements of this Part.
(1) If after the inspection, the Department determines that the requirements
of § 27.225 have been met, the Department will issue a Letter of Approval to
the covered facility.
(2) If after the inspection, the Department determines that the requirements
of § 27.225 have not been met, the Department will proceed as directed by
§ 27.245(b) in ‘‘Review and Approval of
Site Security Plans.’’
(c) Time and Manner. Authorized Department officials will conduct audits
and inspections at reasonable times
and in a reasonable manner. The Department will provide covered facility
owners and/or operators with 24-hour
advance notice before inspections, except
(1) If the Under Secretary or Assistant Secretary determines that an inspection without such notice is warranted by exigent circumstances and
approves such inspection; or
(2) If any delay in conducting an inspection might be seriously detrimental to security, and the Director of
the Chemical Security Division determines that an inspection without notice is warranted, and approves an inspector to conduct such inspection.
(d) Inspectors. Inspections and audits
are conducted by personnel duly authorized and designated for that purpose as ‘‘inspectors’’ by the Secretary
or the Secretary’s designee.
(1) An inspector will, on request,
present his or her credentials for examination, but the credentials may not be
reproduced by the facility.
(2) An inspector may administer
oaths and receive affirmations, with
the consent of any witness, in any matter.
(3) An inspector may gather information by reasonable means including,
but not limited to, interviews, statements, photocopying, photography, and
video- and audio-recording. All documents, objects and electronically
stored information collected by each
inspector during the performance of
that inspector’s duties shall be maintained for a reasonable period of time
in the files of the Department of Homeland Security maintained for that facility or matter.
(4) An inspector may request forthwith access to all records required to
be kept pursuant to § 27.255. An inspector shall be provided with the immediate use of any photocopier or other
equipment necessary to copy any such
record. If copies can not be provided
immediately upon request, the inspector shall be permitted immediately to
take the original records for duplication and prompt return.
(e) Confidentiality. In addition to the
protections provided under CVI in
§ 27.400, information received in an
audit or inspection under this section,
including the identity of the persons
involved in the inspection or who provide information during the inspection,
shall remain confidential under the investigatory file exception, or other appropriate exception, to the public disclosure requirements of 5 U.S.C. 552.
(f) Guidance. The Assistant Secretary
shall issue guidance identifying appropriate processes for such inspections,
and specifying the type and nature of
203
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00213
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�§ 27.255
6 CFR Ch. I (1–1–13 Edition)
documentation that must be made
available for review during inspections
and audits.
§ 27.255 Recordkeeping requirements.
(a) Except as provided in § 27.255(b),
the covered facility must keep records
of the activities as set out below for at
least three years and make them available to the Department upon request.
A covered facility must keep the following records:
(1) Training. For training, the date
and location of each session, time of
day and duration of session, a description of the training, the name and
qualifications of the instructor, a
clear, legible list of attendees to include the attendee signature, at least
one other unique identifier of each
attendee receiving the training, and
the results of any evaluation or testing.
(2) Drills and exercises. For each drill
or exercise, the date held, a description
of the drill or exercise, a list of participants, a list of equipment (other than
personal equipment) tested or employed in the exercise, the name(s) and
qualifications of the exercise director,
and any best practices or lessons
learned which may improve the Site
Security Plan;
(3) Incidents and breaches of security.
Date and time of occurrence, location
within the facility, a description of the
incident or breach, the identity of the
individual to whom it was reported,
and a description of the response;
(4) Maintenance, calibration, and testing of security equipment. The date and
time, name and qualifications of the
technician(s) doing the work, and the
specific security equipment involved
for each occurrence of maintenance,
calibration, and testing;
(5) Security threats. Date and time of
occurrence, how the threat was communicated, who received or identified
the threat, a description of the threat,
to whom it was reported, and a description of the response;
(6) Audits. For each audit of a covered
facility’s Site Security Plan (including
each audit required under § 27.225(e)) or
Security Vulnerability Assessment, a
record of the audit, including the date
of the audit, results of the audit,
name(s) of the person(s) who conducted
the audit, and a letter certified by the
covered facility stating the date the
audit was conducted.
(7) Letters of Authorization and Approval. All Letters of Authorization
and Approval from the Department,
and documentation identifying the results of audits and inspections conducted pursuant to § 27.250.
(b) A covered facility must retain
records of submitted Top-Screens, Security Vulnerability Assessments, Site
Security Plans, and all related correspondence with the Department for
at least six years and make them available to the Department upon request.
(c) To the extent necessary for security purposes, the Department may request that a covered facility make
available records kept pursuant to
other Federal programs or regulations.
(d) Records required by this section
may be kept in electronic format. If
kept in an electronic format, they
must be protected against unauthorized access, deletion, destruction,
amendment, and disclosure.
Subpart C—Orders and
Adjudications
§ 27.300 Orders.
(a) Orders Generally. When the Assistant Secretary determines that a facility is in violation of any of the requirements of this Part, the Assistant Secretary may take appropriate action including the issuance of an appropriate
Order.
(b) Orders Assessing Civil Penalty and
Orders to Cease Operations. (1) Where
the Assistant Secretary determines
that a facility is in violation of an
Order issued pursuant to paragraph (a)
of this section, the Assistant may
enter an Order Assessing Civil Penalty,
Order to Cease Operations, or both.
(2) Following the issuance of an
Order by the Assistant Secretary pursuant to paragraph (b)(1) of this section, the facility may enter further
consultations with Department.
(3) Where the Assistant Secretary determines that a facility is in violation
of an Order issued pursuant to paragraph (a) of this section and issues an
Order Assessing Civil Penalty pursuant
to paragraph (b)(1) of this section, a
chemical facility is liable to the United
204
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00214
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�Office of the Secretary, DHS
§ 27.310
States for a civil penalty of not more
than $25,000 for each day during which
the violation continues.
(c) Procedures for Orders. (1) At a minimum, an Order shall be signed by the
Assistant Secretary, shall be dated,
and shall include:
(i) The name and address of the facility in question;
(ii) A listing of the provision(s) that
the facility is alleged to have violated;
(iii) A statement of facts upon which
the alleged instances of noncompliance
are based;
(iv) A clear explanation of deficiencies in the facility’s chemical security program, including, if applicable,
any deficiencies in the facility’s Security Vulnerability Assessment, Site Security Plan, or both; and
(v) A statement, indicating what action(s) the chemical must take to remedy the instance(s) of noncompliance;
and
(vi) The date by which the facility
must comply with the terms of the
Order.
(2) The Assistant Secretary may establish procedures for the issuance of
Orders.
(d) A facility must comply with the
terms of the Order by the date specified
in the Order unless the facility has
filed a timely Notice for Application
for Review under § 27.310.
(e) Where a facility or other person
contests the determination of the Assistant Secretary to issue an Order, a
chemical facility may seek an adjudication pursuant to § 27.310.
(f) An Order issued under this section
becomes final agency action when the
time to file a Notice of Application of
Review under § 27.310 has passed without such a filing or upon the conclusion of adjudication or appeal proceedings under this subpart.
§ 27.305 Neutral adjudications.
(a) Any facility or other person who
has received a Finding pursuant to
§ 27.230(a)(12)(iv), a Determination pursuant to § 27.245(b), or an Order pursuant to § 27.300 is entitled to an adjudication, by a neutral adjudications officer, of any issue of material fact relevant to any administrative action
which deprives that person of a cognizable interest in liberty or property.
(b) A neutral adjudications officer
appointed pursuant to § 27.315 shall
issue an Initial Decision on any material factual issue related to a Finding
pursuant to § 27.230(a)(12)(iv), a Determination pursuant to § 27.245, or an
Order pursuant to § 27.300 before any
such administrative action is reviewed
on appeal pursuant to § 27.345.
§ 27.310 Commencement of adjudication proceedings.
(a) Proceedings Instituted by Facilities
or other Persons. A facility or other person may institute proceedings to review a determination by the Assistant
Secretary:
(1)
Finding,
pursuant
to
the
§ 27.230(a)(12)(iv), that an individual is a
potential security threat;
(2) Disapproving a Site Security Plan
pursuant to § 27.245(b); or
(3) Issuing an Order pursuant to
§ 27.300(a) or (b).
(b) Procedure for Applications by Facilities or other Persons. A facility or
other person may institute Proceedings
by filing a Notice of Application for
Review specifying that the facility or
other person requests a Proceeding to
review a determination specified in
paragraph (a) of this section.
(1) An Applicant institutes a Proceeding by filing a Notice of Application for Review with the office of the
Department hereinafter designated by
the Secretary.
(2) An Applicant must file a Notice of
Application for Review within seven
calendar days of notification to the facility or other person of the Assistant
Secretary’s Finding, Determination, or
Order.
(3) The Applicant shall file and simultaneously serve each Notice of Application for Review and all subsequent
filings on the Assistant Secretary and
the General Counsel.
(4) An Order is stayed from the timely filing of a Notice of Application for
Review until the Presiding Officer
issues an Initial Decision, unless the
Secretary has lifted the stay due to exigent circumstances pursuant to paragraph (d) of this section.
(5) The Applicant shall file and serve
an Application for Review within fourteen calendar days of the notification
to the facility or other person of the
205
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00215
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�§ 27.315
6 CFR Ch. I (1–1–13 Edition)
Assistant Secretary’s Finding, Determination, or Order.
(6) Each Application for Review shall
be accompanied by all legal memoranda, other documents, declarations,
affidavits, and other evidence supporting the position asserted by the
Applicant.
(c) Response. The Assistant Secretary, through the Office of General
Counsel, shall file and serve a Response, accompanied by all legal
memoranda, other documents, declarations, affidavits and other evidence
supporting the position asserted by the
Assistant Secretary within fourteen
calendar days of the filing and service
of the Application for Review and all
supporting papers.
(d) Procedural Modifications. The Secretary may, in exigent circumstances
(as determined in his sole discretion):
(1) Lift any stay applicable to any
Order under § 27.300;
(2) Modify the time for a response;
(3) Rule on the sufficiency of Applications for Review; or
(4) Otherwise modify these procedures with respect to particular matters.
§ 27.315 Presiding
ceedings.
officers
for
pro-
(a) Immediately upon the filing of
any Application for Review, the Secretary shall appoint an attorney, who
is employed by the Department and
who has not performed any investigative or prosecutorial function with respect to the matter, to act as a neutral
adjudications officer or Presiding Officer for the compilation of a factual
record and the recommendation of an
Initial Decision for each Proceeding.
(b) Notwithstanding paragraph (a) of
this section, the Secretary may appoint one or more attorneys who are
employed by the Department and who
do not perform any investigative or
prosecutorial function with respect to
this subpart, to serve generally in the
capacity as Presiding Officer(s) for
such matters pursuant to such procedures as the Secretary may hereafter
establish.
§ 27.320 Prohibition on ex parte communications during proceedings.
(a) At no time after the designation
of a Presiding Officer for a Proceeding
and prior to the issuance of a Final Decision pursuant to § 27.345 with respect
to a facility or other person, shall the
appointed Presiding Officer, or any person who will advise that official in the
decision on the matter, discuss ex parte
the merits of the proceeding with any
interested person outside the Department, with any Department official
who performs a prosecutorial or investigative function in such proceeding or
a factually related proceeding, or with
any representative of such person.
(b) If, after appointment of a Presiding Officer and prior to the issuance
of a Final Decision pursuant to § 27.345
with respect to a facility or other person, the appointed Presiding Officer, or
any person who will advise that official
in the decision on the matter, receives
from or on behalf of any party, by
means of an ex parte communication,
information which is relevant to the
decision of the matter and to which
other parties have not had an opportunity to respond, a summary of such
information shall be served on all other
parties, who shall have an opportunity
to reply to the ex parte communication
within a time set by the Presiding Officer.
(c) The consideration of classified information or CVI pursuant to an in
camera procedure does not constitute a
prohibited ex parte communication for
purposes of this subpart.
§ 27.325
Burden of proof.
The Assistant Secretary bears the
initial burden of proving the facts necessary to support the challenged administrative action at every proceeding instituted under this subpart.
§ 27.330
Summary decision procedures.
(a) The Presiding Officer appointed
for each Proceeding shall immediately
consider whether the summary adjudication of the Application for Review
is appropriate based on the Application
for Review, the Response, and all the
supporting filings of the parties pursuant to §§ 27.310(b)(5) and 27.310(c).
206
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00216
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�Office of the Secretary, DHS
§ 27.345
(1) The Presiding Officer shall
promptly issue any necessary scheduling order for any additional briefing
of the issue of summary adjudication
on the Application for Review and Response.
(2) The Presiding Officer may conduct scheduling conferences and other
proceedings that the Presiding Officer
determines to be appropriate.
(b) If the Presiding Officer determines that there is no genuine issue of
material fact and that one party or the
other is entitled to decision as a matter of law, then the record shall be
closed and the Presiding Officer shall
issue an Initial Decision on the Application for Review pursuant to § 27.340.
(c) If a Presiding Officer determines
that any factual issues require the
cross-examination of one or more witnesses or other proceedings at a hearing, the Presiding Officer, in consultation with the parties, shall promptly
schedule a hearing to be conducted pursuant to § 27.335.
§ 27.335
Hearing procedures.
(a) Any hearing shall be held as expeditiously as possible at the location
most conducive to a prompt presentation of any necessary testimony or
other proceedings.
(1) Videoconferencing and teleconferencing may be used where appropriate
at the discretion of the Presiding Officer.
(2) Each party offering the affirmative testimony of a witness shall
present that testimony by declaration,
affidavit, or other sworn statement
submitted in advance as ordered by the
Presiding Officer.
(3) Any witness presented for further
examination shall be asked to testify
under an oath or affirmation.
(4) The hearing shall be recorded verbatim.
(b)(1) A facility or other person may
appear and be heard on his own behalf
or through any counsel of his choice
who is qualified to possess CVI.
(2) A facility of other person individually, or through counsel, may offer
relevant and material information including written direct testimony which
he believes should be considered in opposition to the administrative action
or which may bear on the sanction
being sought.
(3) The facility or other person individually, or through counsel, may conduct such cross-examination as may be
specifically allowed by the Presiding
Officer for a full determination of the
facts.
§ 27.340 Completion
proceedings.
of
adjudication
(a) The Presiding Officer shall close
and certify the record of the adjudication promptly upon the completion of:
(1) Summary judgment proceedings,
(2) A hearing, if necessary,
(3) The submission of post hearing
briefs, if any are ordered by the Presiding Officer, and
(4) The conclusion of oral arguments,
if any are permitted by the Presiding
Officer.
(b) The Presiding Officer shall issue
an Initial Decision based on the certified record, and the decision shall be
subject to appeal pursuant to § 27.345.
(c) An Initial Decision shall become a
final agency action on the expiration of
the time for an Appeal pursuant to
§ 27.345.
§ 27.345
Appeals.
(a) Right to Appeal. A facility or any
person who has received an Initial Decision under § 27.340(b) has the right to
appeal to the Under Secretary acting
as a neutral appeals officer.
(b) Procedure for Appeals. (1) The Assistant Secretary, a facility or other
person, or a representative on behalf of
a facility or person, may institute an
Appeal by filing a Notice of Appeal
with the office of the Department hereinafter designated by the Secretary.
(2) The Assistant Secretary, a facility, or other person must file a Notice
of Appeal within seven calendar days of
the service of the Presiding Officer’s
Initial Decision.
(3) The Appellant shall file with the
designated office and simultaneously
serve each Notice of Appeal and all
subsequent filings on the General
Counsel.
(4) An Initial Decision is stayed from
the timely filing of a Notice of Appeal
until the Under Secretary issues a
Final Decision, unless the Secretary
207
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00217
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�§ 27.400
6 CFR Ch. I (1–1–13 Edition)
lifts the stay due to exigent circumstances pursuant to § 27.310(d).
(5) The Appellant shall file and serve
a Brief within 28 calendar days of the
notification of the service of the Presiding Officer’s Initial Decision.
(6) The Appellee shall file and serve
its Opposition Brief within 28 calendar
days of the service of the Appellant’s
Brief.
(c) The Under Secretary may provide
for an expedited appeal for appropriate
matters.
(d) Ex Parte Communications. (1) At no
time after the filing of a Notice of Appeal pursuant to paragraph (b)(1) of
this section and prior to the issuance
of a Final Decision on an Appeal pursuant to paragraph (f) of this section
with respect to a facility or other person shall the Under Secretary, his designee, or any person who will advise
that official in the decision on the matter, discuss ex parte the merits of the
proceeding with any interested person
outside the Department, with any Department official who performs a prosecutorial or investigative function in
such proceeding or a factually related
proceeding, or with any representative
of such person.
(2) If, after the filing of a Notice of
Appeal pursuant to paragraph (b)(1) of
this section and prior to the issuance
of a Final Decision on an Appeal pursuant to paragraph (f) of this section
with respect to a facility or other person, the Under Secretary, his designee,
or any person who will advise that official in the decision on the matter, receives from or on behalf of any party,
by means of an ex parte communication, information which is relevant to
the decision of the matter and to which
other parties have not had an opportunity to respond, a summary of such
information shall be served on all other
parties, who shall have an opportunity
to reply to the ex parte communication
within a time set by the Under Secretary or his designee.
(3) The consideration of classified information or CVI pursuant to an in
camera procedure does not constitute a
prohibited ex parte communication for
purposes of this subpart.
(e) A facility or other person may
elect to have the Under Secretary participate in any mediation or other res-
olution process by expressly waiving,
in writing, any argument that such
participation has compromised the Appeal process.
(f) The Under Secretary shall issue a
Final Decision and serve it upon the
parties. A Final Decision made by the
Under Secretary constitutes final agency action.
(g) The Secretary may establish procedures for the conduct of Appeals pursuant to this section.
Subpart D—Other
§ 27.400 Chemical-terrorism
vulnerability information.
(a) Applicability. This section governs
the maintenance, safeguarding, and
disclosure of information and records
that constitute Chemical-terrorism
Vulnerability Information (CVI), as defined in § 27.400(b). The Secretary shall
administer this section consistent with
section 550(c) of the Homeland Security
Appropriations Act of 2007, including
appropriate sharing with Federal,
State and local officials.
(b) Chemical-terrorism Vulnerability Information. In accordance with section
550(c) of the Department of Homeland
Security Appropriations Act of 2007,
the following information, whether
transmitted verbally, electronically, or
in written form, shall constitute CVI:
(1) Security Vulnerability Assessments under § 27.215;
(2) Site Security Plans under § 27.225;
(3) Documents relating to the Department’s review and approval of Security
Vulnerability Assessments and Site Security Plans, including Letters of Authorization, Letters of Approval and
responses thereto; written notices; and
other documents developed pursuant to
§§ 27.240 or 27.245;
(4) Alternate Security Programs
under § 27.235;
(5) Documents relating to inspection
or audits under § 27.250;
(6) Any records required to be created
or retained under § 27.255;
(7) Sensitive portions of orders, notices or letters under § 27.300;
(8) Information developed pursuant
to §§ 27.200 and 27.205; and
(9) Other information developed for
chemical facility security purposes
that the Secretary, in his discretion,
208
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00218
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�Office of the Secretary, DHS
§ 27.400
determines is similar to the information protected in § 27.400(b)(1) through
(8) and thus warrants protection as
CVI.
(c) Covered Persons. Persons subject
to the requirements of this section are:
(1) Each person who has a need to
know CVI, as specified in § 27.400(e);
(2) Each person who otherwise receives or gains access to what they
know or should reasonably know constitutes CVI.
(d) Duty to protect information. A covered person must—
(1) Take reasonable steps to safeguard CVI in that person’s possession
or control, including electronic data,
from unauthorized disclosure. When a
person is not in physical possession of
CVI, the person must store it in a secure container, such as a safe, that
limits access only to covered persons
with a need to know;
(2) Disclose, or otherwise provide access to, CVI only to persons who have
a need to know;
(3) Refer requests for CVI by persons
without a need to know to the Assistant Secretary;
(4) Mark CVI as specified in § 27.400(f);
(5) Dispose of CVI as specified in
§ 27.400(k);
(6) If a covered person receives a
record or verbal transmission containing CVI that is not marked as specified in § 27.400(f), the covered person
must—
(i) Mark the record as specified in
§ 27.400(f) of this section; and
(ii) Inform the sender of the record
that the record must be marked as
specified in § 27.400(f); or
(iii) If received verbally, make reasonable efforts to memorialize such information and mark the memorialized
record as specified in § 27.400(f) of this
section, and inform the speaker of any
determination that such information
warrants CVI protection.
(7) When a covered person becomes
aware that CVI has been released to
persons without a need to know (including a covered person under
§ 27.400(c)(2)), the covered person must
promptly inform the Assistant Secretary.
(8) In the case of information that is
CVI and also has been designated as
critical
infrastructure
information
under section 214 of the Homeland Security Act, any covered person in possession of such information must comply with the disclosure restrictions and
other requirements applicable to such
information under section 214 and any
implementing regulations.
(e) Need to know. (1) A person, including a State or local official, has a need
to know CVI in each of the following
circumstances:
(i) When the person requires access to
specific CVI to carry out chemical facility security activities approved, accepted, funded, recommended, or directed by the Department.
(ii) When the person needs the information to receive training to carry out
chemical facility security activities
approved,
accepted,
funded,
recommended, or directed by the Department.
(iii) When the information is necessary for the person to supervise or
otherwise manage individuals carrying
out chemical facility security activities approved, accepted, funded, recommended, or directed by the Department.
(iv) When the person needs the information to provide technical or legal
advice to a covered person, who has a
need to know the information, regarding chemical facility security requirements of Federal law.
(v) When the Department determines
that access is required under §§ 27.400(h)
or 27.400(i) in the course of a judicial or
administrative proceeding.
(2) Federal employees, contractors, and
grantees. (i) A Federal employee has a
need to know CVI if access to the information is necessary for performance of
the employee’s official duties.
(ii) A person acting in the performance of a contract with or grant from
the Department has a need to know
CVI if access to the information is necessary to performance of the contract
or grant. Contractors or grantees may
not further disclose CVI without the
consent of the Assistant Secretary.
(iii) The Department may require
that non-Federal persons seeking access to CVI complete a non-disclosure
agreement before such access is granted.
(3) Background check. The Department may make an individual’s access
209
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00219
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�§ 27.400
6 CFR Ch. I (1–1–13 Edition)
to the CVI contingent upon satisfactory completion of a security background check or other procedures and
requirements for safeguarding CVI that
are satisfactory to the Department.
(4) Need to know further limited by the
Department. For some specific CVI, the
Department may make a finding that
only specific persons or classes of persons have a need to know.
(5) Nothing in § 27.400(e) shall prevent
the Department from determining, in
its discretion, that a person not otherwise listed in § 27.400(e) has a need to
know CVI in a particular circumstance.
(f) Marking of paper records. (1) In the
case of paper records containing CVI, a
covered person must mark the record
by placing the protective marking conspicuously on the top, and the distribution limitation statement on the bottom, of—
(i) The outside of any front and back
cover, including a binder cover or folder, if the document has a front and
back cover;
(ii) Any title page; and
(iii) Each page of the document.
(2) Protective marking. The protective marking is: CHEMICAL-TERRORISM VULNERABILITY INFORMATION.
(3) Distribution limitation statement.
The distribution limitation statement
is: WARNING: This record contains
Chemical-terrorism Vulnerability Information controlled by 6 CFR 27.400.
Do not disclose to persons without a
‘‘need to know’’ in accordance with 6
CFR 27.400(e). Unauthorized release
may result in civil penalties or other
action. In any administrative or judicial proceeding, this information shall
be treated as classified information in
accordance with 6 CFR 27.400(h) and (i).
(4) Other types of records. In the case
of non-paper records that contain CVI,
including motion picture films, videotape recordings, audio recording, and
electronic and magnetic records, a covered person must clearly and conspicuously mark the records with the protective marking and the distribution
limitation statement such that the
viewer or listener is reasonably likely
to see or hear them when obtaining access to the contents of the record.
(g) Disclosure by the Department—In
general. (1) Except as otherwise pro-
vided in this section, and notwithstanding the Freedom of Information
Act (5 U.S.C. 552), the Privacy Act (5
U.S.C. 552a), and other laws, records
containing CVI are not available for
public inspection or copying, nor does
the Department release such records to
persons without a need to know.
(2) Disclosure of Segregatable Information under the Freedom of Information Act and the Privacy Act. If a
record is marked to signify both CVI
and information that is not CVI, the
Department, on a proper Freedom of
Information Act or Privacy Act request, may disclose the record with the
CVI redacted, provided the record is
not otherwise exempt from disclosure
under the Freedom of Information Act
or Privacy Act.
(h) Disclosure in administrative enforcement proceedings. (1) The Department
may provide CVI to a person governed
by section 550, and his counsel, in the
context of an administrative enforcement proceeding of section 550 when, in
the sole discretion of the Department,
as appropriate, access to the CVI is
necessary for the person to prepare a
response to allegations contained in a
legal enforcement action document
issued by the Department.
(2) Security background check. Prior to
providing CVI to a person under
§ 27.400(h)(1), the Department may require the individual or, in the case of
an entity, the individuals representing
the entity, and their counsel, to undergo and satisfy, in the judgment of the
Department, a security background
check.
(i) Disclosure in judicial proceedings.
(1) In any judicial enforcement proceeding of section 550, the Secretary, in
his sole discretion, may, subject to
§ 27.400(i)(1)(i), authorize access to CVI
for persons necessary for the conduct
of such proceedings, including such
persons’ counsel, provided that no
other persons not so authorized shall
have access to or be present for the disclosure of such information.
(i) Security background check. Prior to
providing CVI to a person under
§ 27.400(i)(1), the Department may require the individual to undergo and
satisfy, in the judgment of the Department, a security background check.
(ii) [Reserved]
210
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00220
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�Office of the Secretary, DHS
§ 27.400
(2) In any judicial enforcement proceeding of section 550 where a person
seeks to disclose CVI to a person not
authorized to receive it under paragraph (i)(1) of this section, or where a
person not authorized to receive CVI
under paragraph (i)(1) of this section
seeks to compel its disclosure through
discovery, the United States may make
an ex parte application in writing to
the court seeking authorization to—
(i) Redact specified items of CVI from
documents to be introduced into evidence or made available to the defendant through discovery under the Federal Rules of Civil Procedure;
(ii) Substitute a summary of the information for such CVI; or
(iii) Substitute a statement admitting relevant facts that the CVI would
tend to prove.
(3) The court shall grant a request
under paragraph (i)(2) of this section if,
after in camera review, the court finds
that the redacted item, stipulation, or
summary is sufficient to allow the defendant to prepare a defense.
(4) If the court enters an order granting a request under paragraph (i)(2) of
this section, the entire text of the documents to which the request relates
shall be sealed and preserved in the
records of the court to be made available to the appellate court in the event
of an appeal.
(5) If the court enters an order denying a request of the United States
under paragraph (i)(2) of this section,
the United States may take an immediate, interlocutory appeal of the
court’s order in accordance with 18
U.S.C. 2339B(f)(4), (5). For purposes of
such an appeal, the entire text of the
documents to which the request relates, together with any transcripts of
arguments made ex parte to the court
in connection therewith, shall be maintained under seal and delivered to the
appellate court.
(6) Except as provided otherwise at
the sole discretion of the Secretary, access to CVI shall not be available in
any civil or criminal litigation unrelated to the enforcement of section 550.
(7) Taking of trial testimony—
(i) Objection—During the examination of a witness in any judicial proceeding, the United States may object
to any question or line of inquiry that
may require the witness to disclose
CVI not previously found to be admissible.
(ii) Action by court—In determining
whether a response is admissible, the
court shall take precautions to guard
against the compromise of any CVI, including—
(A) Permitting the United States to
provide the court, ex parte, with a proffer of the witness’s response to the
question or line of inquiry; and
(B) Requiring the defendant to provide the court with a proffer of the nature of the information that the defendant seeks to elicit.
(iii) Obligation of defendant—In any
judicial enforcement proceeding, it
shall be the defendant’s obligation to
establish the relevance and materiality
of any CVI sought to be introduced.
(8) Construction. Nothing in this subsection shall prevent the United States
from seeking protective orders or asserting privileges ordinarily available
to the United States to protect against
the disclosure of classified information, including the invocation of the
military and State secrets privilege.
(j) Consequences of Violation. Violation of this section is grounds for a
civil penalty and other enforcement or
corrective action by the Department,
and appropriate personnel actions for
Federal employees. Corrective action
may include issuance of an order requiring retrieval of CVI to remedy unauthorized disclosure or an order to
cease future unauthorized disclosure.
(k) Destruction of CVI. (1) The Department of Homeland Security. Subject to
the requirements of the Federal
Records Act (5 U.S.C. 105), including
the duty to preserve records containing
documentation of a Federal agency’s
policies, decisions, and essential transactions, the Department destroys CVI
when no longer needed to carry out the
agency’s function.
(2) Other covered persons—(i) In general. A covered person must destroy
CVI completely to preclude recognition
or reconstruction of the information
when the covered person no longer
needs the CVI to carry out security
measures under paragraph (e) of this
section.
211
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00221
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�§ 27.405
6 CFR Ch. I (1–1–13 Edition)
(ii) Exception. Section 27.400(k)(2)
does not require a State or local government agency to destroy information
that the agency is required to preserve
under State or local law.
§ 27.405 Review and preemption
State laws and regulations.
of
(a) As per current law, no law, regulation, or administrative action of a
State or political subdivision thereof,
or any decision or order rendered by a
court under state law, shall have any
effect if such law, regulation, or decision conflicts with, hinders, poses an
obstacle to or frustrates the purposes
of this regulation or of any approval,
disapproval or order issued there
under.
(1) Nothing in this part is intended to
displace other federal requirements administered by the Environmental Protection Agency, U.S. Department of
Justice, U.S. Department of Labor,
U.S. Department of Transportation, or
other federal agencies.
(2) [Reserved]
(b) State law, regulation or administrative action defined. For purposes of
this section, the phrase ‘‘State law,
regulation or administrative action’’
means any enacted law, promulgated
regulation, ordinance, administrative
action, order or decision, or common
law standard of a State or any of its
political subdivisions.
(c) Submission for review. Any chemical facility covered by these regulations and any State may petition the
Department by submitting a copy of a
State law, regulation, or administra-
tive action, or decision or order of a
court for review under this section.
(d) Review and opinion—(1) Review.
The Department may review State
laws, administrative actions, or opinions or orders of a court under State
law and regulations submitted under
this section, and may offer an opinion
whether the application or enforcement of the State law or regulation
would conflict with, hinder, pose an obstacle to or frustrate the purposes of
this Part.
(2) Opinion. The Department may
issue a written opinion on any question
regarding preemption. If the question
was submitted under subsection (c) of
this part, the Assistant Secretary will
notify the affected chemical facility
and the Attorney General of the subject State of any opinion under this
section.
(3) Consultation with States. In conducting a review under this section,
the Department will seek the views of
the State or local jurisdiction whose
laws may be affected by the Department’s review.
§ 27.410
Third party actions.
(a) Nothing in this part shall confer
upon any person except the Secretary a
right of action, in law or equity, for
any remedy including, but not limited
to, injunctions or damages to enforce
any provision of this Part.
(b) An owner or operator of a chemical facility may petition the Assistant
Secretary to provide the Department’s
view in any litigation involving any
issues or matters regarding this Part.
212
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00222
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�Office of the Secretary, DHS
Pt. 27, App. A
APPENDIX A TO PART 27—DHS CHEMICALS OF INTEREST
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00223
Fmt 8010
Sfmt 8006
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.008
213
�Pt. 27, App. A
6 CFR Ch. I (1–1–13 Edition)
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00224
Fmt 8010
Sfmt 8006
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.009
214
�Office of the Secretary, DHS
Pt. 27, App. A
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00225
Fmt 8010
Sfmt 8006
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.010
215
�Pt. 27, App. A
6 CFR Ch. I (1–1–13 Edition)
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00226
Fmt 8010
Sfmt 8006
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.011
216
�Office of the Secretary, DHS
Pt. 27, App. A
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00227
Fmt 8010
Sfmt 8006
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.012
217
�Pt. 27, App. A
6 CFR Ch. I (1–1–13 Edition)
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00228
Fmt 8010
Sfmt 8006
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.013
218
�Office of the Secretary, DHS
Pt. 27, App. A
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00229
Fmt 8010
Sfmt 8006
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.014
219
�Pt. 27, App. A
6 CFR Ch. I (1–1–13 Edition)
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00230
Fmt 8010
Sfmt 8006
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.015
220
�Office of the Secretary, DHS
Pt. 27, App. A
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00231
Fmt 8010
Sfmt 8006
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.016
221
�Pt. 27, App. A
6 CFR Ch. I (1–1–13 Edition)
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00232
Fmt 8010
Sfmt 8006
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.017
222
�Office of the Secretary, DHS
Pt. 27, App. A
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00233
Fmt 8010
Sfmt 8006
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.018
223
�Pt. 27, App. A
6 CFR Ch. I (1–1–13 Edition)
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00234
Fmt 8010
Sfmt 8006
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.019
224
�Office of the Secretary, DHS
Pt. 27, App. A
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00235
Fmt 8010
Sfmt 8006
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.020
225
�Pt. 27, App. A
6 CFR Ch. I (1–1–13 Edition)
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00236
Fmt 8010
Sfmt 8002
Q:\06\6V1.TXT
ofr150
PsN: PC150
ER20NO07.021
226
�Office of the Secretary, DHS
§ 29.2
[72 FR 65420, Nov. 20, 2007]
AUTHORITY: Pub. L. 107–296, 116 Stat. 2135 (6
U.S.C. 1 et seq.); 5 U.S.C. 301.
information with State and local governments pursuant to section 214(a)
through (g) of the HSA.
(4) The issuance of advisories, notices
and warnings related to the protection
of critical infrastructure or protected
systems in such a manner as to protect
from unauthorized disclosure the
source of critical infrastructure information that forms the basis of the
warning, and any information that is
proprietary or business sensitive,
might be used to identify the submitting person or entity, or is otherwise
not appropriately in the public domain.
(b) Scope. The regulations in this part
apply to all persons and entities that
are authorized to handle, use, or store
PCII or that otherwise accept receipt
of PCII.
SOURCE: 71 FR 52271, Sept. 1, 2006, unless
otherwise noted.
§ 29.2
PART 29—PROTECTED CRITICAL
INFRASTRUCTURE INFORMATION
Sec.
29.1 Purpose and scope.
29.2 Definitions.
29.3 Effect of provisions.
29.4 Protected Critical Infrastructure Information Program administration.
29.5 Requirements for protection.
29.6 Acknowledgment of receipt, validation,
and marking.
29.7 Safeguarding of Protected Critical Infrastructure Information.
29.8 Disclosure of Protected Critical Infrastructure Information.
29.9 Investigation and reporting of violation
of PCII procedures.
§ 29.1 Purpose and scope.
(a) Purpose of this Part. This part implements sections 211 through 215 of
the Homeland Security Act of 2002
(HSA) through the establishment of
uniform procedures for the receipt,
care, and storage of Critical Infrastructure Information (CII) voluntarily submitted to the Department of Homeland
Security (DHS). Title II, Subtitle B, of
the Homeland Security Act is referred
to herein as the Critical Infrastructure
Information Act of 2002 (CII Act). Consistent with the statutory mission of
DHS to prevent terrorist attacks within the United States and reduce the
vulnerability of the United States to
terrorism, DHS will encourage the voluntary submission of CII by safeguarding and protecting that information from unauthorized disclosure and
by ensuring that such information is,
as necessary, securely shared with
State and local government pursuant
to section 214(a) through (g) of the CII
Act. As required by the CII Act, these
rules establish procedures regarding:
(1) The acknowledgement of receipt
by DHS of voluntarily submitted CII;
(2) The receipt, validation, handling,
storage, proper marking and use of information as PCII;
(3) The safeguarding and maintenance of the confidentiality of such information, appropriate sharing of such
Definitions.
For purposes of this part:
(a) Critical Infrastructure has the
meaning stated in section 2 of the
Homeland Security Act of 2002 (referencing the term used in section
1016(e) of Public Law 107–56 (42 U.S.C.
5195c(e)).
(b) Critical Infrastructure Information,
or CII, has the same meaning as established in section 212 of the CII Act of
2002 and means information not customarily in the public domain and related to the security of critical infrastructure or protected systems, including documents, records or other information concerning:
(1) Actual, potential, or threatened
interference with, attack on, compromise of, or incapacitation of critical
infrastructure or protected systems by
either physical or computer-based attack or other similar conduct (including the misuse of or unauthorized access to all types of communications
and data transmission systems) that
violates Federal, State, local, or tribal
law, harms interstate commerce of the
United States, or threatens public
health or safety;
(2) The ability of any critical infrastructure or protected system to resist
such interference, compromise, or incapacitation, including any planned or
227
VerDate Mar<15>2010
15:18 Jan 11, 2013
Jkt 229011
PO 00000
Frm 00237
Fmt 8010
Sfmt 8010
Q:\06\6V1.TXT
ofr150
PsN: PC150
�
| File Type | application/pdf |
| File Modified | 2013-01-29 |
| File Created | 2013-01-29 |