1625-0077 Stat/Authority

CFR-2010-title49-vol9-part1520.pdf

Security Plan for Ports, Vessels, Facilities, Outer Continental Shelf Facilities and Other Security-Related Requirements

1625-0077 Stat/Authority

OMB: 1625-0077

Document [pdf]
Download: pdf | pdf
SUBCHAPTER B—SECURITY RULES FOR ALL MODES OF
TRANSPORTATION
PART 1520—PROTECTION OF
SENSITIVE SECURITY INFORMATION
Sec.
1520.1 Scope.
1520.3 Terms used in this part.
1520.5 Sensitive security information.
1520.7 Covered persons.
1520.9 Restrictions on the disclosure of SSI.
1520.11 Persons with a need to know.
1520.13 Marking SSI.
1520.15 SSI disclosed by TSA or the Coast
Guard.
1520.17 Consequences of unauthorized disclosure of SSI.
1520.19 Destruction of SSI.
AUTHORITY: 46 U.S.C. 70102–70106, 70117; 49
U.S.C. 114, 40113, 44901–44907, 44913–44914,
44916–44918, 44935–44936, 44942, 46105.
SOURCE: 69 FR 28082, May 18, 2004, unless
otherwise noted.

erowe on DSK5CLS3C1PROD with CFR

§ 1520.1 Scope.
(a) Applicability. This part governs
the maintenance, safeguarding, and
disclosure of records and information
that TSA has determined to be Sensitive Security Information, as defined
in § 1520.5. This part does not apply to
the maintenance, safeguarding, or disclosure of classified national security
information, as defined by Executive
Order 12968, or to other sensitive unclassified information that is not SSI,
but that nonetheless may be exempt
from public disclosure under the Freedom of Information Act. In addition, in
the case of information that has been
designated as critical infrastructure information under section 214 of the
Homeland Security Act, the receipt,
maintenance, or disclosure of such information by a Federal agency or employee is governed by section 214 and
any implementing regulations, not by
this part.
(b) Delegation. The authority of TSA
and the Coast Guard under this part
may be further delegated within TSA
and the Coast Guard, respectively.
§ 1520.3 Terms used in this part.
In addition to the terms in § 1500.3 of
this chapter, the following terms apply
in this part:

Administrator means the Under Secretary of Transportation for Security
referred to in 49 U.S.C. 114(b), or his or
her designee.
Coast Guard means the United States
Coast Guard.
Covered person means any organization, entity, individual, or other person
described in § 1520.7. In the case of an
individual, covered person includes any
individual applying for employment in
a position that would be a covered person, or in training for such a position,
regardless of whether that individual is
receiving a wage, salary, or other form
of payment. Covered person includes a
person applying for certification or
other form of approval that, if granted,
would make the person a covered person described in § 1520.7.
DHS means the Department of Homeland Security and any directorate, bureau, or other component within the
Department of Homeland Security, including the United States Coast Guard.
DOT means the Department of Transportation and any operating administration, entity, or office within the Department of Transportation, including
the Saint Lawrence Seaway Development Corporation and the Bureau of
Transportation Statistics.
Federal Flight Deck Officer means a
pilot participating in the Federal
Flight Deck Officer Program under 49
U.S.C. 44921 and implementing regulations.
Maritime facility means any facility as
defined in 33 CFR part 101.
Rail facility means ‘‘rail facility’’ as
defined in 49 CFR 1580.3.
Rail hazardous materials receiver
means ‘‘rail hazardous materials receiver’’ as defined in 49 CFR 1580.3.
Rail
hazardous
materials
shipper
means ‘‘rail hazardous materials shipper’’ as defined in 49 CFR 1580.3.
Rail secure area means ‘‘rail secure
area’’ as defined in 49 CFR 1580.3.
Rail transit facility means ‘‘rail transit facility’’ as defined in 49 CFR 1580.3.
Rail transit system or Rail Fixed Guideway System means ‘‘rail transit system’’ or ‘‘Rail Fixed Guideway System’’ as defined in 49 CFR 1580.3.

298

VerDate Mar<15>2010

08:56 Nov 10, 2010

Jkt 220220

PO 00000

Frm 00308

Fmt 8010

Sfmt 8010

Y:\SGML\220220.XXX

220220

Transportation Security Administration, DHS

erowe on DSK5CLS3C1PROD with CFR

Railroad means ‘‘railroad’’ as defined
in 49 U.S.C. 20102(1).
Railroad carrier means ‘‘railroad carrier’’ as defined in 49 U.S.C. 20102(2).
Record includes any means by which
information is preserved, irrespective
of format, including a book, paper,
drawing, map, recording, tape, film,
photograph, machine-readable material, and any information stored in an
electronic format. The term record also
includes any draft, proposed, or recommended change to any record.
Security contingency plan means a
plan detailing response procedures to
address a transportation security incident, threat assessment, or specific
threat against transportation, including details of preparation, response,
mitigation, recovery, and reconstitution procedures, continuity of government, continuity of transportation operations, and crisis management.
Security screening means evaluating a
person or property to determine whether either poses a threat to security.
SSI means sensitive security information, as described in § 1520.5.
Threat image projection system means
an evaluation tool that involves periodic presentation of fictional threat
images to operators and is used in connection with x-ray or explosives detection systems equipment.
TSA means the Transportation Security Administration.
Vulnerability assessment means any review, audit, or other examination of
the security of a transportation infrastructure asset; airport; maritime facility, port area, or vessel; aircraft;
railroad; railroad carrier, rail facility;
train; rail hazardous materials shipper
or receiver facility; rail transit system;
rail transit facility; commercial motor
vehicle; or pipeline; or a transportation-related automated system or
network to determine its vulnerability
to unlawful interference, whether during the conception, planning, design,
construction, operation, or decommissioning phase. A vulnerability assessment may include proposed, recommended, or directed actions or countermeasures to address security concerns.
[69 FR 28082, May 18, 2004, as amended at 70
FR 41599, July 19, 2005; 73 FR 72172, Nov. 26,
2008; 74 FR 47695, Sept. 16, 2009]

§ 1520.5

§ 1520.5 Sensitive
tion.

security

(a) In general. In accordance with 49
U.S.C. 114(s), SSI is information obtained or developed in the conduct of
security activities, including research
and development, the disclosure of
which TSA has determined would—
(1) Constitute an unwarranted invasion of privacy (including, but not limited to, information contained in any
personnel, medical, or similar file);
(2) Reveal trade secrets or privileged
or confidential information obtained
from any person; or
(3) Be detrimental to the security of
transportation.
(b) Information constituting SSI. Except as otherwise provided in writing
by TSA in the interest of public safety
or in furtherance of transportation security, the following information, and
records containing such information,
constitute SSI:
(1) Security programs and contingency
plans. Any security program or security contingency plan issued, established, required, received, or approved
by DOT or DHS, including any comments, instructions, or implementing
guidance, including—
(i) Any aircraft operator, airport operator, fixed base operator, or air cargo
security program, or security contingency plan under this chapter;
(ii) Any vessel, maritime facility, or
port area security plan required or directed under Federal law;
(iii) Any national or area security
plan prepared under 46 U.S.C. 70103; and
(iv) Any security incident response
plan established under 46 U.S.C. 70104.
(2) Security Directives. Any Security
Directive or order—
(i) Issued by TSA under 49 CFR
1542.303, 1544.305, 1548.19, or other authority;
(ii) Issued by the Coast Guard under
the Maritime Transportation Security
Act, 33 CFR part 6, or 33 U.S.C. 1221 et
seq. related to maritime security; or
(iii) Any comments, instructions, and
implementing
guidance
pertaining
thereto.
(3) Information Circulars. Any notice
issued by DHS or DOT regarding a
threat to aviation or maritime transportation, including any—

299

VerDate Mar<15>2010

08:56 Nov 10, 2010

Jkt 220220

PO 00000

Frm 00309

Fmt 8010

informa-

Sfmt 8010

Y:\SGML\220220.XXX

220220

erowe on DSK5CLS3C1PROD with CFR

§ 1520.5

49 CFR Ch. XII (10–1–10 Edition)

(i) Information circular issued by
TSA under 49 CFR 1542.303, 1544.305,
1548.19, or other authority; and
(ii) Navigation or Vessel Inspection
Circular issued by the Coast Guard related to maritime security.
(4) Performance specifications. Any
performance specification and any description of a test object or test procedure, for—
(i) Any device used by the Federal
Government or any other person pursuant to any aviation or maritime transportation security requirements of
Federal law for the detection of any
person, and any weapon, explosive, incendiary, or destructive device, item,
or substance; and
(ii) Any communications equipment
used by the Federal government or any
other person in carrying out or complying with any aviation or maritime
transportation security requirements
of Federal law.
(5) Vulnerability assessments. Any vulnerability assessment directed, created, held, funded, or approved by the
DOT, DHS, or that will be provided to
DOT or DHS in support of a Federal security program.
(6) Security inspection or investigative
information. (i) Details of any security
inspection or investigation of an alleged violation of aviation, maritime,
or rail transportation security requirements of Federal law that could reveal
a security vulnerability, including the
identity of the Federal special agent or
other Federal employee who conducted
the inspection or audit.
(ii) In the case of inspections or investigations performed by TSA, this includes the following information as to
events that occurred within 12 months
of the date of release of the information: the name of the airport where a
violation occurred, the airport identifier in the case number, a description
of the violation, the regulation allegedly violated, and the identity of any
aircraft operator in connection with
specific locations or specific security
procedures. Such information will be
released after the relevant 12-month
period, except that TSA will not release the specific gate or other location
on an airport where an event occurred,
regardless of the amount of time that
has passed since its occurrence. During

the period within 12 months of the date
of release of the information, TSA may
release summaries of an aircraft operator’s, but not an airport operator’s,
total security violations in a specified
time range without identifying specific
violations or locations. Summaries
may include total enforcement actions,
total proposed civil penalty amounts,
number of cases opened, number of
cases referred to TSA or FAA counsel
for legal enforcement action, and number of cases closed.
(7) Threat information. Any information held by the Federal government
concerning threats against transportation or transportation systems and
sources and methods used to gather or
develop threat information, including
threats against cyber infrastructure.
(8) Security measures. Specific details
of aviation, maritime, or rail transportation security measures, both operational and technical, whether applied
directly by the Federal government or
another person, including—
(i) Security measures or protocols
recommended by the Federal government;
(ii) Information concerning the deployments, numbers, and operations of
Coast Guard personnel engaged in maritime security duties and Federal Air
Marshals, to the extent it is not classified national security information; and
(iii) Information concerning the deployments and operations of Federal
Flight Deck Officers, and numbers of
Federal Flight Deck Officers aggregated by aircraft operator.
(iv) Any armed security officer procedures issued by TSA under 49 CFR part
1562.
(9) Security screening information. The
following information regarding security screening under aviation or maritime transportation security requirements of Federal law:
(i) Any procedures, including selection criteria and any comments, instructions, and implementing guidance
pertaining thereto, for screening of
persons, accessible property, checked
baggage, U.S. mail, stores, and cargo,
that is conducted by the Federal government or any other authorized person.
(ii) Information and sources of information used by a passenger or property

300

VerDate Mar<15>2010

08:56 Nov 10, 2010

Jkt 220220

PO 00000

Frm 00310

Fmt 8010

Sfmt 8010

Y:\SGML\220220.XXX

220220

erowe on DSK5CLS3C1PROD with CFR

Transportation Security Administration, DHS
screening program or system, including
an automated screening system.
(iii) Detailed information about the
locations at which particular screening
methods or equipment are used, only if
determined by TSA to be SSI.
(iv) Any security screener test and
scores of such tests.
(v) Performance or testing data from
security equipment or screening systems.
(vi) Any electronic image shown on
any screening equipment monitor, including threat images and descriptions
of threat images for threat image projection systems.
(10)
Security
training
materials.
Records created or obtained for the
purpose of training persons employed
by, contracted with, or acting for the
Federal government or another person
to carry out aviation, maritime, or rail
transportation security measures required or recommended by DHS or
DOT.
(11) Identifying information of certain
transportation security personnel. (i)
Lists of the names or other identifying
information that identify persons as—
(A) Having unescorted access to a secure area of an airport, a rail secure
area, or a secure or restricted area of a
maritime facility, port area, or vessel;
(B) Holding a position as a security
screener employed by or under contract with the Federal government pursuant to aviation or maritime transportation security requirements of
Federal law, where such lists are aggregated by airport;
(C) Holding a position with the Coast
Guard responsible for conducting vulnerability
assessments,
security
boardings, or engaged in operations to
enforce maritime security requirements or conduct force protection;
(D) Holding a position as a Federal
Air Marshal; or
(ii) The name or other identifying information that identifies a person as a
current, former, or applicant for Federal Flight Deck Officer.
(12) Critical aviation, maritime, or rail
infrastructure asset information. Any list
identifying systems or assets, whether
physical or virtual, so vital to the aviation, maritime, or rail transportation
system (including rail hazardous materials shippers and rail hazardous mate-

§ 1520.5

rials receivers) that the incapacity or
destruction of such assets would have a
debilitating impact on transportation
security, if the list is—
(i) Prepared by DHS or DOT; or
(ii) Prepared by a State or local government agency and submitted by the
agency to DHS or DOT.
(13) Systems security information. Any
information involving the security of
operational or administrative data systems operated by the Federal government that have been identified by the
DOT or DHS as critical to aviation or
maritime transportation safety or security, including automated information security procedures and systems,
security inspections, and vulnerability
information concerning those systems.
(14) Confidential business information.
(i) Solicited or unsolicited proposals
received by DHS or DOT, and negotiations arising therefrom, to perform
work pursuant to a grant, contract, cooperative agreement, or other transaction, but only to the extent that the
subject matter of the proposal relates
to aviation or maritime transportation
security measures;
(ii) Trade secret information, including information required or requested
by regulation or Security Directive,
obtained by DHS or DOT in carrying
out aviation or maritime transportation security responsibilities; and
(iii) Commercial or financial information, including information required
or requested by regulation or Security
Directive, obtained by DHS or DOT in
carrying out aviation or maritime
transportation security responsibilities, but only if the source of the information does not customarily disclose it to the public.
(15) Research and development. Information obtained or developed in the
conduct of research related to aviation,
maritime, or rail transportation security activities, where such research is
approved,
accepted,
funded,
recommended, or directed by DHS or DOT,
including research results.
(16) Other information. Any information not otherwise described in this
section that TSA determines is SSI
under 49 U.S.C. 114(s) or that the Secretary of DOT determines is SSI under

301

VerDate Mar<15>2010

08:56 Nov 10, 2010

Jkt 220220

PO 00000

Frm 00311

Fmt 8010

Sfmt 8010

Y:\SGML\220220.XXX

220220

§ 1520.7

49 CFR Ch. XII (10–1–10 Edition)

49 U.S.C. 40119. Upon the request of another Federal agency, TSA or the Secretary of DOT may designate as SSI information not otherwise described in
this section.
(c) Loss of SSI designation. TSA or the
Coast Guard may determine in writing
that information or records described
in paragraph (b) of this section do not
constitute SSI because they no longer
meet the criteria set forth in paragraph (a) of this section.

erowe on DSK5CLS3C1PROD with CFR

[69 FR 28082, May 18, 2004, as amended at 70
FR 41599, July 19, 2005; 71 FR 30507, May 26,
2006; 73 FR 72172, Nov. 26, 2008; 74 FR 47695,
Sept. 16, 2009]

§ 1520.7 Covered persons.
Persons subject to the requirements
of part 1520 are:
(a) Each airport operator, aircraft operator, and fixed base operator subject
to the requirements of subchapter C of
this chapter, and each armed security
officer under subpart B of part 1562.
(b) Each indirect air carrier (IAC), as
described in 49 CFR part 1548; each validation firm and its personnel, as described in 49 CFR 1522; and each certified cargo screening facility and its
personnel, as described in 49 CFR 1549.
(c) Each owner, charterer, or operator of a vessel, including foreign vessel owners, charterers, and operators,
required to have a security plan under
Federal or International law.
(d) Each owner or operator of a maritime facility required to have a security plan under the Maritime Transportation Security Act, (Pub.L. 107–295), 46
U.S.C. 70101 et seq., 33 CFR part 6, or 33
U.S.C. 1221 et seq.
(e) Each person performing the function of a computer reservation system
or global distribution system for airline passenger information.
(f) Each person participating in a national or area security committee established under 46 U.S.C. 70112, or a
port security committee.
(g) Each industry trade association
that represents covered persons and
has entered into a non-disclosure
agreement with the DHS or DOT.
(h) DHS and DOT.
(i) Each person conducting research
and development activities that relate
to aviation or maritime transportation
security and are approved, accepted,

funded, recommended, or directed by
DHS or DOT.
(j) Each person who has access to
SSI, as specified in § 1520.11.
(k) Each person employed by, contracted to, or acting for a covered person, including a grantee of DHS or
DOT, and including a person formerly
in such position.
(l) Each person for which a vulnerability assessment has been directed,
created, held, funded, or approved by
the DOT, DHS, or that has prepared a
vulnerability assessment that will be
provided to DOT or DHS in support of
a Federal security program.
(m) Each person receiving SSI under
§ 1520.15(d) or (e).
(n) Each railroad carrier, rail hazardous materials shipper, rail hazardous materials receiver, and rail
transit system subject to the requirements of part 1580 of this chapter.
[69 FR 28082, May 18, 2004, as amended at 70
FR 41600, July 19, 2005; 73 FR 72173, Nov. 26,
2008; 74 FR 47695, Sept. 16, 2009]

§ 1520.9 Restrictions on the disclosure
of SSI.
(a) Duty to protect information. A covered person must—
(1) Take reasonable steps to safeguard SSI in that person’s possession
or control from unauthorized disclosure. When a person is not in physical
possession of SSI, the person must
store it a secure container, such as a
locked desk or file cabinet or in a
locked room.
(2) Disclose, or otherwise provide access to, SSI only to covered persons
who have a need to know, unless otherwise authorized in writing by TSA, the
Coast Guard, or the Secretary of DOT.
(3) Refer requests by other persons
for SSI to TSA or the applicable component or agency within DOT or DHS.
(4) Mark SSI as specified in § 1520.13.
(5) Dispose of SSI as specified in
§ 1520.19.
(b) Unmarked SSI. If a covered person
receives a record containing SSI that is
not marked as specified in § 1520.13, the
covered person must—
(1) Mark the record as specified in
§ 1520.13; and
(2) Inform the sender of the record
that the record must be marked as
specified in § 1520.13.

302

VerDate Mar<15>2010

08:56 Nov 10, 2010

Jkt 220220

PO 00000

Frm 00312

Fmt 8010

Sfmt 8010

Y:\SGML\220220.XXX

220220

Transportation Security Administration, DHS
(c) Duty to report unauthorized disclosure. When a covered person becomes
aware that SSI has been released to unauthorized persons, the covered person
must promptly inform TSA or the applicable DOT or DHS component or
agency.
(d) Additional Requirements for Critical
Infrastructure Information. In the case
of information that is both SSI and has
been designated as critical infrastructure information under section 214 of
the Homeland Security Act, any covered person who is a Federal employee
in possession of such information must
comply with the disclosure restrictions
and other requirements applicable to
such information under section 214 and
any implementing regulations.

erowe on DSK5CLS3C1PROD with CFR

§ 1520.11

Persons with a need to know.

(a) In general. A person has a need to
know SSI in each of the following circumstances:
(1) When the person requires access
to specific SSI to carry out transportation security activities approved, accepted, funded, recommended, or directed by DHS or DOT.
(2) When the person is in training to
carry out transportation security activities approved, accepted, funded,
recommended, or directed by DHS or
DOT.
(3) When the information is necessary
for the person to supervise or otherwise
manage individuals carrying out transportation security activities approved,
accepted, funded, recommended, or directed by the DHS or DOT.
(4) When the person needs the information to provide technical or legal
advice to a covered person regarding
transportation security requirements
of Federal law.
(5) When the person needs the information to represent a covered person
in connection with any judicial or administrative
proceeding
regarding
those requirements.
(b) Federal, State, local, or tribal government employees, contractors, and
grantees. (1) A Federal, State, local, or
tribal government employee has a need
to know SSI if access to the information is necessary for performance of
the employee’s official duties, on behalf or in defense of the interests of the

§ 1520.13

Federal, State, local, or tribal government.
(2) A person acting in the performance of a contract with or grant from a
Federal, State, local, or tribal government agency has a need to know SSI if
access to the information is necessary
to performance of the contract or
grant.
(c) Background check. TSA or Coast
Guard may make an individual’s access
to the SSI contingent upon satisfactory completion of a security background check or other procedures and
requirements for safeguarding SSI that
are satisfactory to TSA or the Coast
Guard.
(d) Need to know further limited by the
DHS or DOT. For some specific SSI,
DHS or DOT may make a finding that
only specific persons or classes of persons have a need to know.
[69 FR 28082, May 18, 2004, as amended at 70
FR 1382, Jan. 7, 2005; 73 FR 72173, Nov. 26,
2008]

§ 1520.13

Marking SSI.

(a) Marking of paper records. In the
case of paper records containing SSI, a
covered person must mark the record
by placing the protective marking conspicuously on the top, and the distribution limitation statement on the bottom, of—
(1) The outside of any front and back
cover, including a binder cover or folder, if the document has a front and
back cover;
(2) Any title page; and
(3) Each page of the document.
(b) Protective marking. The protective
marking is: SENSITIVE SECURITY
INFORMATION.
(c) Distribution limitation statement.
The distribution limitation statement
is:
WARNING: This record contains Sensitive
Security Information that is controlled
under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a ‘‘need to know’’, as defined in 49 CFR
parts 15 and 1520, except with the written
permission of the Administrator of the
Transportation Security Administration or
the Secretary of Transportation. Unauthorized release may result in civil penalty or
other action. For U.S. government agencies,
public disclosure is governed by 5 U.S.C. 552
and 49 CFR parts 15 and 1520.

303

VerDate Mar<15>2010

08:56 Nov 10, 2010

Jkt 220220

PO 00000

Frm 00313

Fmt 8010

Sfmt 8010

Y:\SGML\220220.XXX

220220

§ 1520.15

49 CFR Ch. XII (10–1–10 Edition)

erowe on DSK5CLS3C1PROD with CFR

(d) Other types of records. In the case
of non-paper records that contain SSI,
including motion picture films, videotape recordings, audio recording, and
electronic and magnetic records, a covered person must clearly and conspicuously mark the records with the protective marking and the distribution
limitation statement such that the
viewer or listener is reasonably likely
to see or hear them when obtaining access to the contents of the record.
§ 1520.15 SSI disclosed by TSA or the
Coast Guard.
(a) In general. Except as otherwise
provided in this section, and notwithstanding the Freedom of Information
Act (5 U.S.C. 552), the Privacy Act (5
U.S.C. 552a), and other laws, records
containing SSI are not available for
public inspection or copying, nor does
TSA or the Coast Guard release such
records to persons without a need to
know.
(b) Disclosure under the Freedom of Information Act and the Privacy Act. If a
record contains both SSI and information that is not SSI, TSA or the Coast
Guard, on a proper Freedom of Information Act or Privacy Act request,
may disclose the record with the SSI
redacted, provided the record is not
otherwise exempt from disclosure
under the Freedom of Information Act
or Privacy Act.
(c) Disclosures to committees of Congress and the General Accounting Office.
Nothing in this part precludes TSA or
the Coast Guard from disclosing SSI to
a committee of Congress authorized to
have the information or to the Comptroller General, or to any authorized
representative of the Comptroller General.
(d) Disclosure in enforcement proceedings—(1) In general. TSA or the
Coast Guard may provide SSI to a person in the context of an administrative
enforcement proceeding when, in the
sole discretion of TSA or the Coast
Guard, as appropriate, access to the
SSI is necessary for the person to prepare a response to allegations contained in a legal enforcement action
document issued by TSA or the Coast
Guard.
(2) Security background check. Prior to
providing SSI to a person under para-

graph (d)(1) of this section, TSA or the
Coast Guard may require the individual or, in the case of an entity, the
individuals representing the entity,
and their counsel, to undergo and satisfy, in the judgment of TSA or the
Coast Guard, a security background
check.
(e) Other conditional disclosure. TSA
may authorize a conditional disclosure
of specific records or information that
constitute SSI upon the written determination by TSA that disclosure of
such records or information, subject to
such limitations and restrictions as
TSA may prescribe, would not be detrimental to transportation security.
(f) Obligation to protect information.
When an individual receives SSI pursuant to paragraph (d) or (e) of this section that individual becomes a covered
person under § 1520.7 and is subject to
the obligations of a covered person
under this part.
(g) No release under FOIA. When TSA
discloses SSI pursuant to paragraphs
(b) through (e) of this section, TSA
makes the disclosure for the sole purpose described in that paragraph. Such
disclosure is not a public release of information under the Freedom of Information Act.
(h) Disclosure of Critical Infrastructure
Information. Disclosure of information
that is both SSI and has been designated as critical infrastructure information under section 214 of the Homeland Security Act is governed solely by
the requirements of section 214 and any
implementing regulations.
§ 1520.17 Consequences of unauthorized disclosure of SSI.
Violation of this part is grounds for a
civil penalty and other enforcement or
corrective action by DHS, and appropriate personnel actions for Federal
employees. Corrective action may include issuance of an order requiring retrieval of SSI to remedy unauthorized
disclosure or an order to cease future
unauthorized disclosure.
§ 1520.19 Destruction of SSI.
(a) DHS. Subject to the requirements
of the Federal Records Act (5 U.S.C.
105), including the duty to preserve
records containing documentation of a
Federal agency’s policies, decisions,

304

VerDate Mar<15>2010

08:56 Nov 10, 2010

Jkt 220220

PO 00000

Frm 00314

Fmt 8010

Sfmt 8010

Y:\SGML\220220.XXX

220220

Transportation Security Administration, DHS
and essential transactions, DHS destroys SSI when no longer needed to
carry out the agency’s function.
(b) Other covered persons—(1) In general. A covered person must destroy
SSI completely to preclude recognition
or reconstruction of the information
when the covered person no longer
needs the SSI to carry out transportation security measures.
(2) Exception. Paragraph (b)(1) of this
section does not require a State or
local government agency to destroy information that the agency is required
to preserve under State or local law.

PART 1522—TSA-APPROVED VALIDATION
FIRMS
AND
VALIDATORS
Subpart A—General
Sec.
1522.1 Scope and terms used in this part.
1522.3 Fraud and intentional falsification of
records.
1522.5 TSA inspection authority.

Subpart B—TSA-Approved Validation Firms
and Validators for the Certified Cargo
Screening Program
1522.101 Applicability.
1522.103 Requirements for validation firms.
1522.105 Adoption and implementation of
the security program.
1522.107 Application.
1522.109 TSA review and approval.
1522.111 Reconsideration of disapproval of
an application.
1522.113 Withdrawal of approval.
1522.115 Renewal of TSA approval.
1522.117 Qualifications of validators.
1522.119 Training.
1522.121 Security threat assessments for
personnel of TSA-approved validation
firms.
1522.123 Conduct of assessments.
1522.125 Protection of information.
1522.127 Assessment report.
1522.129 Recordkeeping requirements.

erowe on DSK5CLS3C1PROD with CFR

AUTHORITY: 49 U.S.C. 114, 5103, 40113, 44901–
44907, 44913–44914, 44916–44918, 44932, 44935–
44936, 44942, 46105.
SOURCE: 74 FR 47695, Sept. 16, 2009, unless
otherwise noted.

§ 1522.1

Subpart A—General
§ 1522.1 Scope and terms used in this
part.
(a) This part governs the use of TSAapproved validation firms and individual validators to assess whether certain persons regulated under this chapter are in compliance with this chapter.
(b) In addition to the terms in
§§ 1500.3 and 1540.5 of this chapter, the
following terms apply in this part:
Applicant means a firm that seeks to
become a TSA-approved validation
firm under this part.
Assessment means the physical inspections, records reviews, personnel interviews, and other procedures conducted
by a validator to assess whether a person is in compliance with relevant requirements of a security program.
Conflict of interest means a situation
in which the validation firm, the
validator, or an individual assisting in
the assessment, or the spouse or immediate family member of such person,
has a relationship with, or an interest
in, the person under assessment that
may adversely affect the impartiality
of the assessment. Examples of conflict
of interest situations include, but are
not limited to, any of the following:
(1) The validation firm is a parent
company or subsidiary of the person
under assessment, has a financial interest in the person under assessment,
or has common management or organizational governance (for example,
interlocking boards of directors) with
the person under assessment.
(2) The validation firm, the validator,
or an individual who will assist in conducting the assessment, or an immediate family member of such a
validator or individual, is a creditor or
debtor of the person under assessment.
(3) The validator, or an individual
who will assist in conducting the assessment, or the spouse or immediate
family member of such a person, is, or
within the past two years has been, an
employee, officer, or contractor of the
person under assessment whose duties
did not involve the operations being assessed.
(4) The validator, or an individual
who will assist in conducting the assessment, or the spouse or immediate

305

VerDate Mar<15>2010

08:56 Nov 10, 2010

Jkt 220220

PO 00000

Frm 00315

Fmt 8010

Sfmt 8010

Y:\SGML\220220.XXX

220220


File Typeapplication/pdf
File Modified2014-08-25
File Created2014-08-25

© 2022 OMB.report | Privacy Policy