Recently DHS released their Fall Quarterly Update providing more detail on the implementation of the CFATS program.
As of September 1, 2017, CFATS covers 3,478 facilities. DHS has completed more than 2,700 Compliance Inspections (to read more about Compliance Inspections, click here). Since launching CSAT 2.0 a year ago, DHS has received more than 25,000 CSAT Top Screens. DHS is continuing to issue tiering letters to facilities as their Top Screens are received and reviewed.
You can read more about CSAT 2.0 here.
One topic discussed in the update in the new questions that facilities will need to answer when submitting a new or revised SVA/SSP.
When submitting the SSP, the new questions facilities will need to address include:
- Q3.10.050 Personnel Presence
- Q3.10.400 through Q3.10.420 Inventory Controls
- Q3.40.400 through Q3.40.430 Cyber Control and Business Systems
- Q3.50.320 Personnel Surety, Types of Affected Individuals
- Q3.50.710 Recordkeeping Affirmation
In addition to these new SSP question, facilities are asked to select whether a certain detection and delay security measure applies to perimeter and/or critical assets. The following SSP questions should be reviewed to ensure the location(s) are correctly associated with the security measures applied:
- Q3.10.070 Mobile Patrols
- Q3.10.120 Intrusion Detection Systems
- Q3.10.180 through Q3.10.230 Intrusion Detection Sensors
- Q3.10.290 and Q3.10.310 Closed Circuit Television
- Q3.20.030 through Q3.20.160 Perimeter Security
- Q3.20.430 and Q3.20.440 Access Control Systems
- Q3.20.560 Anti-Vehicle Measures
Personnel Surety Program (PSP)
Tier 1 and Tier 2 facilities will see questions that address RBPS 12(iv), screening for terrorist ties. Questions Q3.50.330 through Q3.50.550 allow facilities to identify the option(s) chosen and measure(s) used to implement those options for compliance with RBPS 12(iv). To read more about those options, click here.
Additionally, DHS is going to integrate the Personnel Surety Program into the CSAT 2.0 Portal. This should make it much easier and provide better functionality for the user.
Chiefs of Regulatory Compliance
DHS also announced in this update that they have hired Chiefs of Regulatory Compliance (CRCs) for majority of their Regional Offices. CRCs will serve as the lead DHS representatives administering the CFATS regulation and serving as advisors to the Office of Infrastructure Protection Regional Directors.
- Region 1 (VT, RI, ME, NH, CT, MA) – Charles Colley firstname.lastname@example.org
- Region 2 (VI, PR, NJ, NY) – John Dean email@example.com
- Region 3 (DC, DE, WV, MD, VA, PA) – Don Keen firstname.lastname@example.org
- Region 4 (MS, SC, AL, KY, FL, NC, TN, GA) – Cheryl Louck email@example.com
- Region 5 (MN, WI, IN, MI, IL, OH) – Kathy Young firstname.lastname@example.org
- Region 6 (NM, OK, LA, AR, TX) – Steve Shedd email@example.com
- Region 7 (NE, KS, IA, MO) – Dave Martak firstname.lastname@example.org
- Region 8 (WY, ND, SD, MT, UT, CO) – Jim Williams email@example.com
- Region 9 (MP, GU, HI, NV, AZ, CA) – Marcie Stone firstname.lastname@example.org
- Region 10 (AK, ID, OR, WA) – Marc Glasser email@example.com
Feel free to contact us if more information or support is needed.