Chemical Facility Anti-Terrorism Standards, 17688-17745 [E7-6363]

Agencies

• DEPARTMENT OF HOMELAND SECURITY

[Federal Register Volume 72, Number 67 (Monday, April 9, 2007)]
[Rules and Regulations]
[Pages 17688-17745]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E7-6363]



[[Page 17687]]

-----------------------------------------------------------------------

Part III





 Department of Homeland Security





-----------------------------------------------------------------------



6 CFR Part 27



 Chemical Facility Anti-Terrorism Standards; Final Rule

Federal Register / Vol. 72, No. 67 / Monday, April 9, 2007 / Rules 
and Regulations

[[Page 17688]]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

6 CFR Part 27

[DHS-2006-0073]
RIN 1601-AA41


Chemical Facility Anti-Terrorism Standards

AGENCY: Department Of Homeland Security.

ACTION: Interim final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security (DHS or Department) issues 
this interim final rule (IFR) pursuant to Section 550 of the Homeland 
Security Appropriations Act of 2007 (Section 550), which provided the 
Department with authority to promulgate ``interim final regulations'' 
for the security of certain chemical facilities in the United States.
    This rule establishes risk-based performance standards for the 
security of our Nation's chemical facilities. It requires covered 
chemical facilities to prepare Security Vulnerability Assessments 
(SVAs), which identify facility security vulnerabilities, and to 
develop and implement Site Security Plans (SSPs), which include 
measures that satisfy the identified risk-based performance standards. 
It also allows certain covered chemical facilities, in specified 
circumstances, to submit Alternate Security Programs (ASPs) in lieu of 
an SVA, SSP, or both.
    The rule contains associated provisions addressing inspections and 
audits, recordkeeping, and the protection of information that 
constitutes Chemical-terrorism Vulnerability Information (CVI). 
Finally, the rule provides the Department with authority to seek 
compliance through the issuance of Orders, including Orders Assessing 
Civil Penalty and Orders for the Cessation of Operations.

EFFECTIVE DATES: This regulation is effective June 8, 2007, except for 
Appendix A to part 27. A subsequent final rule document will announce 
the effective date of Appendix A to Part 27.
    Comment related to the addition of Appendix A to part 27 only will 
be accepted until May 9, 2007.

ADDRESSES: You may submit comments, identified by docket number 2006-
0073, by one of the following methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail: IP/CSCD/Dennis Deziel, Mail Stop 8100, Department of 
Homeland Security, Washington, DC 20528-8100.

FOR FURTHER INFORMATION CONTACT: Dennis Deziel, Chemical Security 
Regulatory Task Force, Department of Homeland Security, 703-235-5263.

SUPPLEMENTARY INFORMATION: This interim final rule is organized as 
follows: Section I explains the public participation provisions and 
provides a brief discussion of the statutory and regulatory authority 
and history; Section II summarizes the changes from the Advance Notice 
of Rulemaking and discusses the revised rule text; Section III 
summarizes and responds to the comments the Department received in 
response to the Advance Notice of Rulemaking; and Section IV contains 
the regulatory analyses for this interim final rule.

Table of Contents

I. Introduction and Background
    A. Public Participation
    B. Statutory and Regulatory Authority and History
II. Interim Final Rule
    A. Summary of Changes From Advance Notice of Rulemaking
    B. Rule Provisions
III. Discussion of Comments
    A. Applicability of the Rule
    1. Definition of ``Chemical Facility or Facility''
    2. Multiple Owners or Operators
    3. Classifying Facilities Based on Hazard Class
    4. Applicability to Specific Chemicals or Quantities of 
Chemicals
    5. Applicability to Types of Facilities
    6. Statutory Exemptions
    B. Determining Which Facilities Present a High-Level of Security 
Risk
    1. Use of the Top-Screen Approach
    2. Assessment Methodologies
    3. Risk-Based Tiers
    C. Security Vulnerability Assessments and Site Security Plans
    1. General Comments
    2. Submitting a Site Security Plan
    3. Content of Site Security Plans
    4. Approval of Site Security Plans
    5. Timing
    6. Alternate Security Programs
    D. Risk-Based Performance Standards
    1. General Approach To Performance Standards
    2. Comments about Specific Performance Standards
    3. Variations in Performance Standards for Risk Tiers
    4. Adoption of MTSA Provisions
    E. Background Checks
    F. Inspections and Audits
    1. Inspections
    2. Third-Party Auditors and Inspectors
    G. Recordkeeping
    H. Orders
    I. Adjudications and Appeals
    J. Information Protection: Chemical-terrorism Vulnerability 
Information (CVI)
    1. General
    2. Disclosure of CVI
    3. Scope of CVI
    4. Relation of CVI to Other Categories of Protected Information 
and FOIA
    5. Sharing CVI with State and Local Officials, the Public, and 
Congress
    6. Litigation
    7. Protection of CVI
    K. Preemption
    L. Implementation of the Rule
    M. Other Issues
    1. Whistleblower Protection
    2. Inherently Safer Technology
    3. Delegation of Responsibility
    4. Interaction with Other Federal Rules and Programs
    5. Third-Party Actions
    6. Judicial Review
    7. Guidance and Technical Assistance
    8. Miscellaneous Comments
    N. Regulatory Evaluation
IV. Regulatory Analyses
    A. Executive Order 12866: Regulatory Planning and Review
    B. Regulatory Flexibility Act
    C. Executive Order 13132: Federalism
    1. Background
    2. Propriety of the Department's View on Preemption
    3. No Field Preemption
    4. Principles of Conflict Preemption
    D. Unfunded Mandates Reform Act
    E. Paperwork Reduction Act
    F. NEPA

I. Introduction and Background

A. Public Participation

    Interested persons are invited to participate in this rulemaking by 
submitting written data, views, or arguments on Appendix A of this 
interim final rule. Comments that will provide the most assistance to 
DHS in finalizing the Appendix will reference specific chemicals and 
Screening Threshold Quantities on the list, explain the reason for any 
recommended change, and include data, information, or authority that 
support such recommended change.
    Instructions: All submissions received must include the agency name 
and docket number for this rulemaking. All comments received will be 
posted without change to https://www.regulations.gov, including any 
personal information provided.
    Comments that include trade secrets, confidential commercial or 
financial information, Sensitive Security Information (SSI), or 
Protected Critical Infrastructure Information (PCII) should not be 
submitted to the public regulatory docket. Please submit such comments 
separately from other comments on the rule. Comments containing trade 
secrets, confidential commercial or financial information, Sensitive 
Security Information (SSI), or Protected Critical Infrastructure 
Information (PCII) should be appropriately marked as containing such 
information and submitted by mail

[[Page 17689]]

to the individual(s) listed in the FOR FURTHER INFORMATION CONTACT 
section.
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov. Submitted comments 
by mail may also be inspected. To inspect comments, please call Dennis 
Deziel, 703-235-5263, to arrange for an appointment.

B. Statutory Regulatory Authority and History

    On October 4, 2006, the President signed the Department of Homeland 
Security Appropriations Act of 2007 (the Act), which provides the 
Department of Homeland Security with the authority to regulate the 
security of high-risk chemical facilities. See Pub. L. 109-295, sec. 
550. Section 550 requires the Secretary of Homeland Security to 
promulgate interim final regulations ``establishing risk-based 
performance standards for security of chemical facilities'' by April 4, 
2007. Id. Although interim final regulations are usually issued without 
prior notice and comment (and the Act requires neither), the Department 
issued an Advance Notice of Rulemaking (Advance Notice) seeking comment 
on the significant issues and regulatory text. See generally 71 FR 
78276 (Dec. 28, 2006).
    As discussed more fully in the Advance Notice, before the enactment 
of Section 550, the Federal government did not have authority to 
regulate the security of most chemical facilities. The Department has, 
however, worked closely with industry leaders in pursuit of voluntary 
enhancement of security at these facilities and provided both technical 
assistance and grant funding for security. In addition, through the 
Coast Guard's Maritime Security regulations, the Department has 
addressed security at certain maritime-related chemical facilities. See 
33 CFR Part 105. Recently, the Departments of Homeland Security and 
Transportation also proposed security regulations for the rail 
transportation of hazardous chemicals. See 71 FR 76834, 71 FR 76851 
(Dec. 21, 2006). Other Federal programs have addressed chemical 
facility safety, but not security: the Environmental Protection Agency 
(EPA) regulates chemical process safety through its Risk Management 
Plan (RMP) program; the Department of Labor's Occupational Safety and 
Health Administration (OSHA) regulates workplace safety and health at 
chemical facilities; the Department of Commerce oversees compliance 
with the Chemical Weapons Convention; and the Department of Justice's 
Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) regulates, 
through licenses and permits, the purchase, possession, storage, and 
transportation of explosives.
    With the authority under Section 550, the Department can now fill a 
significant security gap in the country's anti-terrorism efforts. 
Section 550 specifies that the regulations ``shall apply to chemical 
facilities that, in the discretion of the Secretary, present high 
levels of security risk.'' The statute requires that the regulations 
establish risk-based performance standards; requires Security 
Vulnerability Assessments and Site Security Plans; allows Alternative 
Security Programs; mandates audits and inspections to determine 
compliance with the regulations; provides for civil penalties for 
violation of an order issued under the statute; and allows the 
Secretary to order a facility to cease operations if the facility is 
not in compliance with the requirements. The statute also gives the 
Department the authority to protect from inappropriate public 
disclosure any information developed pursuant to Section 550, 
``including vulnerability assessments, site security plans, and other 
security related information, records, and documents.''
    As discussed in the Advance Notice, by directing the Secretary to 
issue ``interim final regulations,'' Congress authorized the Secretary 
to proceed without the traditional notice-and-comment required by the 
Administrative Procedure Act. See 71 FR 78276, 78277. The Department, 
however, saw great benefit in soliciting comments on as much of the 
program as was practicable in the short timeframe permitted under the 
statute. Accordingly, the Department voluntarily sought comment on a 
range of regulatory and implementation issues and responds to the 
comments below.

II. Interim Final Rule

A. Summary of Changes From Advance Notice of Rulemaking

    In this interim final rule, the Department has not changed the 
general, risk-based approach it proposed in the December 28, 2006, 
Advance Notice. See 71 FR 78276. As discussed in detail below, the 
Department plans to implement the regulation in phases, starting to 
work aggressively with chemical facilities presenting the very highest 
security risks first. The Department adopts a risk-based tiering 
structure in its regulatory approach, so that the Department's scrutiny 
of facilities under this regulation increases as the level of risk 
increases. Even though this approach remains the same, the Department 
provides further details below on a number of unresolved issues 
presented in the Advance Notice. For example, the Department provides 
further detail on the issues surrounding background checks for those 
with access to high-risk facilities, and the Department describes its 
approach on facilities possessing ammonium nitrate.
    On several important issues, the Department has reconsidered and 
modified the position it proposed in the Advance Notice. For example, 
in response to comments, the Department has restructured its provisions 
concerning objections, consultations, adjudications, and appeals. As 
discussed below, the Department's aim is to provide flexibility and 
assistance for facilities seeking to comply with the regulatory 
standards. The Department has decided, however, to incorporate a role 
for a neutral adjudicator where unresolved differences present 
themselves and result in significant fines or other penalties. In 
addition, the Department has modified a number of scheduling and timing 
requirements in response to comments, and the Department further 
explains its approach on preemption of state and local law after 
considering the numerous comments on that subject. Although the 
Department continues to view as important the opportunity for 
facilities to submit Alternative Security Programs, the Department 
modified the circumstances in which it will accept Alternative Security 
Programs.
    Finally, the Department will consider the issues surrounding the 
use of fees in this regulatory program. The Department is contemplating 
the assessment of different fees, including filing fees, fees for 
inspections and audits, and fees for the screening of individuals 
against the Terrorist Screening Database. The Department has not 
provided for fees in this interim final rule, but may, in the future, 
propose and seek comment on the issues surrounding fees for this 
regulatory program.

B. Rule Provisions

    This section summarizes the regulatory text changes that the 
Department has made to this interim final rule. In addition to the 
summary contained in this section, we have, in many cases, provided a 
more extensive discussion of the change, and the reason for the change, 
in the response to comments below. See Sec.  III ``Discussion of 
Comments.'' Finally, to the extent that the Department has made 
technical corrections or corrected typographical errors, we do not 
specifically discuss them.

[[Page 17690]]

Subpart A

Section 27.100 Purpose

    The Department has added a Purpose section to the rule. It states 
the Department's purpose and intent in issuing this rule and enforcing 
this regulatory program.

Section 27.105 Definitions

    For purposes of clarity, DHS has added several definitions, 
including ``Chemical Security Assessment Tool,'' ``Chemical-terrorism 
Vulnerability Information,'' ``Deputy Secretary,'' ``Director of the 
Chemical Security Division'' and ``Screening Threshold Quantity.'' The 
Department has also revised a few definitions, including ``Assistant 
Secretary'' and ``Under Secretary.'' The Department revised ``Under 
Secretary'' as a result of organizational changes in the Department 
following the Post-Katrina Emergency Reform Act, which the President 
signed on October 4, 2006. See Public Law 109-295, Title VI. In several 
places, the Department indicated that the named official, or his 
designee, has the specified responsibility under the regulation. The 
Department also revised the definition of ``Alternate Security 
Program,'' to provide consistency with changes the Department has since 
made to Sec.  27.235, the Alternate Security Programs section. The 
Department expanded upon the definition of ``tier,'' adding that, for 
purposes of this part, there are four risk-based tiers.
    Finally, the Department made clarifying changes to ``Chemical 
Facility,'' ``Covered Chemical Facility,'' and ``Owner.'' With respect 
to the definition of ``Chemical Facility,'' the Department removed the 
circular nature of the definition in the Advance Notice (i.e., a 
chemical facility shall mean any facility) (emphasis added) and now 
provides that a chemical facility ``shall mean any establishment that 
possesses or plans to possess * * *.''

Section 27.120 Designation of a coordinating official; Consultations 
and technical assistance

    The language in revised Sec.  27.120(a) makes clear that the 
Assistant Secretary will designate a Coordinating Official responsible 
for ensuring the uniform, impartial, and fair implementation of these 
regulations. The language in revised Sec.  27.120(b) indicates that the 
Coordinating Official and his staff shall provide guidance to 
facilities, and while the Coordinating Official and his staff will be 
available for consultation and to provide technical assistance, they 
will be available only to the extent that resources permit.
    In Sec.  27.120(c), the Department has provided specific details as 
to how a facility requests the assistance of the Coordinating Official. 
In the second sentence of Sec.  27.120(c), the Department provides that 
requests for consultation or technical guidance do not serve to toll 
any of the applicable timelines set forth in this part. Accordingly, 
regardless of whether or when a facility submits a request for 
consultation or technical guidance, the Department will require the 
facility to comply with the regulatory requirements, such as completing 
the Top-Screen, identifying vulnerabilities in the Security 
Vulnerability Assessment, and developing and implementing a Site 
Security Plan.
    The Department has added a new provision in Sec.  27.120(d). This 
provision provides that a covered facility may request a consultation 
with the Coordinating Official if it modifies its facility, processes, 
or the types or quantities of materials that it possesses, and believes 
such changes may impact the covered facility's obligations under this 
part. The Department added this provision in response to commenters 
concerned about a facility's ability to ``exit'' the regulatory 
program. The Department recognizes that facilities that reduce risk to 
levels below those levels that the Department deems as that 
characterized for Tier 4 facilities (i.e., the lowest risk facilities 
of the ``high risk'' facilities) or that eliminate certain risks 
altogether may no longer need to be covered by this regulation. This 
provision allows the covered facility to request the initiation of the 
screening process (which determines whether or not the facility is 
high-risk and therefore whether the facility is or is not included in 
this regulatory program) prior to the facility's next scheduled CSAT 
Top-Screen submission pursuant to Sec.  27.210. Through this 
consultation process, the facility may initiate discussions with the 
Department and ultimately accelerate the process for determining 
whether it can ``exit'' the regulatory program.

Subpart B

Section 27.200 Information regarding security risk for a chemical 
facility

    The Department has added several new provisions to this section. 
The Department has revised paragraph (b), by incorporating language 
from proposed Sec.  27.200(a) of the Advance Notice and by also adding 
new provisions. The two sentences in paragraph (b)(1) come from the end 
of proposed Sec.  27.200(a). Paragraph (b)(1) provides that the 
Assistant Secretary may seek the information listed in paragraph (a) by 
contacting chemical facilities individually or by publishing a notice 
in the Federal Register. It also provides that the Assistant Secretary 
may instruct facilities to complete and submit a Top-Screen through a 
secure Department Web site or through any other means approved by the 
Assistant Secretary.
    Paragraph (b)(2) is a new provision. It provides that a facility 
must complete and submit a Top-Screen in accordance with the schedule 
provided in Sec.  27.210 if it possesses any of the chemicals listed in 
Appendix A: ``DHS Chemicals of Interest'' at the corresponding 
quantities. For a further discussion of Appendix A, see the discussion 
of Appendix A further below in the Rule Provisions section. The purpose 
of this provision is to give facilities direction as to whether or not 
they must complete and submit a Top-Screen.
    As noted in the discussion of Appendix A, the presence or amount of 
a particular chemical is not an indicator of a facility's coverage 
under this rule. The presence or amount of a chemical in the Appendix 
is merely a baseline threshold requiring a facility to complete and 
submit a Top-Screen. (Consistent with Sec.  27.200(b)(1), DHS will 
retain the ability to notify facilities, through direct notification or 
Federal Register notice, that they need to complete and submit a Top-
Screen.) The information that the Department will obtain through the 
Top-Screen process is only one of several factors that the Department 
will consider in determining whether a facility is ``high-risk'' and 
thus covered by this rule.
    Paragraph (b)(3) addresses the requirements for individuals who 
submit information to the Department through the CSAT system, which 
includes the Top-Screen process. Paragraph (b)(3) provides that, where 
the Department requests that a facility complete and submit a Top-
Screen, the facility must designate a person to be responsible for the 
submission of information through the CSAT system. (The CSAT system is 
comprised of three sequential parts: the Top-Screen, the SVA, and the 
SSP). The Department provides that any such submitter must be an 
officer of the corporation or other person designated by an officer of 
the corporation, and must be domiciled in the United States. The 
Department had contemplated such requirements in Appendix A to the 
Advance Notice and now finalizes them here.
    Consistent with the explanation in Appendix A to the Advance 
Notice, the

[[Page 17691]]

Department notes that a facility may choose to have another individual, 
in addition to the above-discussed ``submitter,'' involved in the 
submission of information through the Top-Screen. That other individual 
is a ``provider.'' A provider would be a qualified individual who is 
familiar with the facility in question and who completes the 
information in the CSAT system. The provider, however, would not 
formally submit information to the Department. The individual 
responsible for sending information to the Department through the CSAT 
system (whether Top-Screen, SVA, or SSP) is always the submitter. And 
as indicated in paragraph (b)(3), the submitter is also responsible for 
attesting to the accuracy of the submitted information.
    Paragraphs (c)(1) and (2) address facilities that the Department 
deems as ``presumptively high risk.'' Both paragraphs were in the 
Advance Notice, though they were located in proposed Sec. Sec.  
27.200(b) and (c).

Section 27.205 Determination that a chemical facility ``presents a high 
level of security risk.''

    The Advance Notice, at the end of Sec.  27.205(a), contained a 
provision about Departmental notification to facilities of their 
preliminary placement in a risk-based tier. The Department has moved 
that language to Sec.  27.220 ``Tiering,'' so that it is located with 
the related tiering provisions.
    In addition, the Department has removed proposed Sec.  27.205(c), 
along with Sec. Sec.  27.220(b), and 27.240(c), all of which had 
contained a mechanism for objections. In the Advance Notice, the 
Department had provided facilities with the opportunity to object to 
the following three Departmental actions: determination that a facility 
``presents a high level of risk,'' placement in a high-risk tier, and 
disapproval of a facility's Site Security Plan. The intention behind 
those provisions was to provide facilities with an informal opportunity 
to consult with the Department. The Department believes that the rule 
(including existing provisions from the Advance Notice as well as new 
provisions in this interim final rule) provides facilities with several 
opportunities for consultation when they disagree with an initial 
decision on these matters. Specifically, revised Sec.  27.120(b) 
provides that the Coordinating Official and his staff shall be 
available to consult and to provide technical assistance to a facility 
owner or operator, revised Sec.  27.120(c) provides the details for how 
a facility should initiate consultations or assistance, and revised 
Sec.  27.120(d) provides that a covered facility may request a 
consultation if it modifies its facility, processes, or the types or 
quantities of materials that it possesses and believes such changes may 
impact the covered facility's obligations under this part. In addition, 
Sec. Sec.  27.240(b) and 27.245(b) provide that a facility shall enter 
further consultations following Departmental written notification that 
a Security Vulnerability Assessment or Site Security Plan is 
unsatisfactory. Given that the rule already provides consultation 
opportunities, coupled with the fact that the Department has greatly 
modified its adjudication and appeal provisions, the Department 
believes it is unnecessary to retain these objections provisions and 
has thus removed them from the interim final rule.

Section 27.210 Submissions Schedule

    In Sec.  27.210, the Department clarifies the submission schedule 
for the Top-Screen, Security Vulnerability Assessment, and Site 
Security Plan. In Sec.  27.210(a) of the Advance Notice, the Department 
included a sentence indicating that the presumptive time frames were 60 
days for the Security Vulnerability Assessment and 120 days for the 
Site Security Plan. In this interim final rule, the Department has 
added presumptive timeframes for the submission of the Top-Screen and 
revised the presumptive timeframes for SVAs and SSPs. See Sec.  
27.210(a) and (b). The presumptive timeframes for initial submissions 
are 60 calendar days for the Top-Screen, 90 calendar days for the SVA, 
and 120 calendar days for the SSP. The presumptive timeframes for 
resubmission vary depending on a facility's tier. As a general matter, 
the Department will require facilities in Tiers 1 and 2 to update their 
Top-Screen, SVA, and SSP every two years, and facilities in Tiers 3 and 
4 to update their Top-Screen, SVA, and SSP every three years.
    In addition, the Department added a new paragraph (c), which 
addresses the Department's authority to modify schedules as necessary. 
The Department removed Sec.  27.210(c) as it appeared in the Advance 
Notice, because the provision was unnecessary in light of the new 
provisions in Sec.  27.120(b) and (c), ``Designation of a coordinating 
official; consultations and technical assistance.''
    Finally, the Department added a new paragraph (d), which addresses 
material modifications. In Sec. Sec.  27.215(c)(3) and 27.225(b)(3) of 
the Advance Notice, the Department provided that a covered facility had 
to notify the Department of material modifications to the SVA or SSP 
and that the Department would notify the facility within 60 days of 
whether the Department disapproved the revised SVA or SSP. The 
Department has re-located a new but similar requirement in Sec.  
27.210(d). The regulation now provides that if a covered facility makes 
material modifications to its operations or site, the covered facility 
must complete and submit a revised Top-Screen to the Department within 
60 days of completion of the material modification. In accordance with 
the resubmission requirements in Sec.  27.210(b)(2) and (3), the 
Department will notify the covered facility as to whether the covered 
facility must submit a revised Security Vulnerability Assessment, Site 
Security Plan, or both. As a result of this new paragraph (d), the 
Department removed the provisions that appeared in Sec. Sec.  
27.215(c)(3) and 27.225(b)(3) of the Advance Notice.

Section 27.215 Security Vulnerability Assessments and Section 27.225 
Site Security Plans

    The Department has revised several of the corresponding provisions 
in both Sec.  27.215 and Sec.  27.225. First, the Department has 
revised the corresponding provisions regarding methodologies. 
Specifically, the Department has revised the language in Sec.  
27.215(b) and added a new paragraph (b) in Sec.  27.225. In both 
places, the Department explains that, except as provided in Sec.  
27.235, a covered facility must submit either the SVA/SSP through the 
CSAT process or any other methodology or process identified by the 
Assistant Secretary.
    By this change, the Department is making more explicit its 
intention to use the CSAT process at this time. The CSAT process 
includes completion of the Top-Screen process and, depending on the 
results of the Top-Screen process, may also include the development of 
a Security Vulnerability Assessment and the development of a Site 
Security Plan. Thus, for facilities that are determined to be high-
risk, the CSAT process will consist of three sequential parts (i.e., 
the Top-Screen, SVA, and SSP). The Department also notes that 
facilities will have to obtain access to the CSAT system by submitting 
a user registration request. Section 27.200(b)(1) contains the 
requirements for individuals (i.e., submitters) who will be submitting 
information through the CSAT system and attesting to the accuracy of 
that information.
    Second, in paragraph (c) of both sections, the Department provides 
that a covered facility must submit an SVA or SSP to the Department in 
accordance

[[Page 17692]]

with the schedule provided in Sec.  27.210. This captures the 
requirement that had been located in proposed Sec.  27.240(a)(1) of the 
Advance Notice.
    Third, in paragraph (d) of both sections, the Department revised 
the update/revision provisions for submitting SVAs and SSPs. In the 
Advance Notice, the Department indicated that covered facilities must 
update or revise their SVAs or SSPs based on a schedule set by the 
Assistant Secretary. Because the Department has established a 
submission schedule in Sec.  27.210, the Department now includes cross-
references in Sec.  27.215(d)(1) and Sec.  27.225(d)(2) to that 
schedule. As a related matter, in Sec.  27.215(d), the Department moved 
the general submissions schedule requirement to Sec.  27.215(d)(1), 
thereby re-locating the provision formerly in Sec.  27.215(d)(1) to 
Sec.  27.215(d)(2).
    Fourth, the Department has removed the language about material 
modifications from proposed Sec.  27.215(c)(3) and Sec.  27.225(b)(3). 
As discussed in the summary of Sec.  27.210, the Department added a 
new, but similar, provision to Sec.  27.210(d). The new provision now 
captures the concept contemplated in proposed Sec.  27.215(c)(3) and 
Sec.  27.225(b)(3).
    With respect to changes to Sec.  27.225 only, the Department has 
added a provision that requires facilities to conduct annual audits of 
their Site Security Plans. See Sec.  27.225(e). This provision had been 
implied in the recordkeeping requirement in the Advance Notice (see 
Sec.  27.255(a)(6)) and is now explicit. DHS made some additional 
revisions to the corresponding recordkeeping provision, in which DHS 
more clearly specifies the audit-related records that covered 
facilities should maintain.
    Finally, throughout this document, the Department now uses the term 
``Security Vulnerability Assessment'' (or SVA) instead of the term 
``Vulnerability Assessment'' or (VA), which the Department had used in 
the Advance Notice. The Department intends no change in meaning with 
this revision.

Section 27.220 Tiering

    The Department has added several paragraphs to this section. 
Section 27.220(a) addresses the Department's preliminary determination 
as to a facility's risk-based tier. Paragraph (a) is based on language 
that had been in the Advance Notice at the end of Sec.  27.205(a). The 
Department has elaborated on the Preliminary Tiering provision. 
Notably, the Department has indicated that it shall notify a facility 
of the Department's preliminary tiering decision. This contrasts with 
the Advance Notice, which had merely indicated that the Department may 
notify a facility of the Department's preliminary tiering decision.
    Section 27.220(b) is not a new subsection; rather, it contains the 
language that was previously located in Sec.  27.220(a). Note that the 
Department has removed paragraph (b) as proposed in the Advance Notice. 
Paragraph (b) had contained an objections provision. For a discussion 
of the Department's decision to remove the objections provisions from 
this rule (in Sec. Sec.  27.205(c), 27.220(b), and 27.240(c)), see the 
summary under Sec.  27.205(c).
    Section 27.220(c) is a new subsection. The Department is 
reiterating, in part, what it provides in the definitions section. The 
Department will place facilities in one of four risk-based tiers. Tiers 
will range from Tier 1, which contains the highest-risk covered 
facilities, to Tier 4, which contains the lowest-risk covered 
facilities. Finally, the Department separated the sentence located at 
the end of proposed Sec.  27.220(a) into its own section, Sec.  
27.220(d).

Section 27.230 Risk-Based Performance Standards

    This section contains the risk-based performance standards that 
covered facilities must satisfy. The Department has added a sentence to 
Sec.  27.230(a), noting that the ``acceptable layering of measures used 
to meet the standards will vary by risk-based tier.'' While all 
facilities must satisfy the performance standards, the measures 
sufficient to meet those standards will be more robust for those 
facilities that present higher levels of risk. In other words, the 
manner in which the standards are applied will require a higher level 
of security (and so provide for greater reduction in risk) for those 
facilities that present higher levels of risk. The Department will 
provide details about the application of these standards in guidance.
    In addition, for each of the performance standards, the Department 
has added a short descriptor at the beginning of the subparagraph 
(e.g., paragraph (a)(1) begins with ``Restricted Area Perimeter,'' 
paragraph (a)(2) begins with ``Securing Site Assets,'' and so forth).
    The Department has also revised some of the language related to 
specific performance standards. Section 27.230(a)(4) now provides that 
facilities must select, develop, and implement measures designed to 
``[d]eter, detect, and delay an attack, creating sufficient time 
between detection of an attack and the point at which the attack 
becomes successful.'' This revised language more adequately captures 
the concept that the Department had intended in the language in 
paragraph (a)(4) of the Advance Notice and is more complete. Section 
27.230(a)(5) now requires facilities to secure and monitor the storage 
of hazardous materials, in addition to the shipping and receipt of 
hazardous materials. Section 27.230(a)(8) now contains a broader 
description of critical process systems. In the Advance Notice, the 
Department had used the acronym ``SCADA'' (Supervisory Control and Data 
Acquisition) to refer to instrumented control systems in general. In 
this interim final rule, the Department has provided more descriptive 
terminology to refer to critical process systems. For a further 
discussion of SCADA, see the Department responses to ``Comments on 
Specific Performance Standards.'' Section 27.230(a)(12) contains an 
expanded standard for background checks. For a further discussion of 
background checks, see the Department response to comments about 
``Background Checks.'' Section 27.230(a)(15) now provides that 
facilities should report significant security incidents to local law 
enforcement in addition to the Department. Finally, the Department has 
removed the paragraph that was paragraph 27.230(a)(19) in the Advance 
Notice, because that standard was already addressed in paragraph 
(a)(14).

Section 27.235 Alternative security program

    The Department has revised this section to provide more detail 
about the process for Alternate Security Programs (ASPs). The basic 
requirement remains the same, in that certain covered facilities may 
submit ASPs, and the Assistant Secretary may approve those ASPs. See 
Sec.  27.235(a). To accept an ASP, the Assistant Secretary must find 
that the program ``provides an equivalent level of security to the 
level of security established by this part.'' This language, which 
clarifies the standard for accepting ASPs, comes from the preamble of 
the Advance Notice and is consistent with the terms of Section 550. See 
71 FR 78276, 78285.
    In Sec.  27.235(a)(1)-(2), the Department specifies, by tier, which 
facilities may submit ASPs in lieu of Security Vulnerability 
Assessments (SVAs) and which facilities may submit ASPs in lieu of Site 
Security Plans (SSPs). A Tier 4 facility may submit an ASP in lieu of a 
Security Vulnerability Assessment, Site Security Plan, or both. Tier 1, 
Tier 2, and Tier 3 facilities may submit an

[[Page 17693]]

ASP in lieu of a Site Security Plan. Tier 1, Tier 2, and Tier 3 
facilities may not submit an ASP in lieu of a Security Vulnerability 
Assessment. Accordingly, Tier 1, Tier 2, and Tier 3 facilities will 
have to submit their SVA through the CSAT system.
    With respect to Tier 4 facilities, the Department clarifies the 
following point: Given that the Department notifies a facility of its 
final placement in a risk-based tier following the Department's review 
of a covered facility's SVA (see Sec.  27.220(b)), a facility will not 
know its final tier placement at the time it might decide to submit an 
ASP in lieu of a SVA. Because of that, the Department understands that 
facilities will rely on the Department's preliminary tiering 
determination made pursuant to Sec.  27.220(a).
    There are various reasons underlying the Department's decision not 
to accept ASPs as SVAs for Tier 1, Tier 2, and Tier 3 facilities. The 
Department needs a consistent baseline against which to compare risks 
and vulnerabilities across chemical facilities. (For a further 
discussion of this issue, see the Department's response to comments in 
Sec.  III(B)(1)). As well, the Chemical Security Assessment Tool (CSAT) 
system uses an integrated approach to chemical facility security, and 
by considering SVAs that use the methodology in the CSAT system, the 
Department can take full advantage of that integrated approach. 
Furthermore, by using this electronic, integrated CSAT approach, the 
Department can more efficiently review and assess a greater number 
SVAs, and that is of importance considering the Department's phased 
implementation scheme to address the highest risk facilities first.
    The Department acknowledges that many facilities have expended 
substantial resources and incurred significant expense to identify 
vulnerabilities and to develop security plans. The Department commends 
facilities for such efforts. The work performed on these efforts is 
valuable, and DHS is committed to capitalizing on these investments. 
The information developed in these efforts will be relevant to 
facilities as they complete the CSAT SVA. Facilities will be able to 
use the information from existing vulnerability assessments, and in 
many cases, the practical impact of requiring Tiers 1, 2, and 3 
facilities use the CSAT SVA system will be one of formatting, i.e., 
facilities will have to enter their information from their existing 
vulnerability assessments into the format established by the CSAT 
system. While some additional analytical effort will be required, even 
where the facility has produced a strong SVA, the effort will be 
considerably less than that at facilities that are starting without a 
pre-existing SVA.
    In addition, Sec.  27.235(b) provides that the notice requirements 
for submitting ASPs correspond with the notice requirements (including 
the approval and disapproval process) for SVAs and SSPs. In other 
words, if a facility is submitting an ASP in lieu of an SVA, the 
process in Sec.  27.240 applies, and if a facility is submitting an ASP 
in lieu of an SSP, the process in Sec.  27.245 applies.

Section 27.240 Review and Approval of Security Vulnerability Assessment 
and Section 27.245 Review and Approval of Site Security Plans

    In this interim final rule, the Department has separated the review 
and approval of SVAs and SSPs into two separate sections. In the 
Advance Notice, both sets of requirements were located in Sec.  27.240. 
In this interim final rule, the provisions related to Security 
Vulnerability Assessments are located in Sec.  27.240, and the 
provisions related to Site Security Plans are located in Sec.  27.245.
    In addition, the Department made some changes to the corresponding 
provisions in the two separate sections. In both sections, the 
Department has removed the language (from proposed Sec.  27.240(a)(1)) 
about time periods for submitting SVAs and SSPs. The Department has 
already addressed this issue in Sec. Sec.  27.215(c)-(d) and Sec. Sec.  
27.225(c)-(d) (by providing that a facility must provide, update, and 
revise its SVA and SSP consistent with the schedule in Sec.  27.210), 
so it was unnecessary to also include this language here. Also, in both 
sections, the Department has added new language about the disapproval 
of SVAs or SSPs. The Department added a new sentence, which provides 
that ``[i]f the resubmitted [SVA or SSP] does not satisfy the 
requirements of [Sec.  27.215 or Sec.  27.225], the Department will 
provide the facility with written notification (including a clear 
explanation of deficiencies in the [SVA or SSP]) of the Department's 
disapproval of the [SVA or SSP].'' See Sec.  27.240(b) and Sec.  
27.245(b).
    Finally, the Department has added a provision in Sec.  
27.245(a)(1)(iii), indicating that the Department issues a Letter of 
Approval if it approves a facility's Site Security Plan in accordance 
with Sec.  27.250. While this provision appears elsewhere in the rule 
(see Sec.  27.245(b)), the Department thought it was appropriate to 
include it here as well.
    The Department has removed 27.240(c) as proposed in the Advance 
Notice. Paragraph (c) had contained an objections provision. For a 
discussion of the Department's decision to remove the objections 
provisions from this rule (in Sec. Sec.  27.205(c), 27.220(b), and 
27.240(c)), see the summary under Sec.  27.205(c).

Section 27.250 Inspections and Audits

    The Department has added additional provisions to the inspection 
and audit section. In Sec.  27.250(c), the Department discusses the 
time and manner requirements for inspections. While the Department will 
generally provide facilities with 24-hour advance notice of 
inspections, the Department recognizes two exceptions where an 
unannounced inspection might occur. The Department included the first 
exception in the Advance Notice, and the Department has added the 
second exception in this interim final rule. For a further discussion, 
see the Discussion of Comments in Sec.  III(F) on ``Inspections and 
Audits.''
    In Sec.  27.250(d), the Department addresses various details 
related to the inspectors who will conduct inspections and audits. This 
is a new paragraph that was not in the Advance Notice. Although 
Congress has not provided the Department with administrative subpoena 
authority, this paragraph explains that inspectors will have 
credentials and may administer oaths and receive affirmations upon 
consent. It also provides details about the means by which inspectors 
may gather information and the access that inspectors will have to 
records. The Department has also added a paragraph (e), which addresses 
confidentiality. Finally, the guidance paragraph, which had been 
located in paragraph (d) has been moved to paragraph (f).

Section 27.255 Recordkeeping Requirements

    The Department revised various provisions related to recordkeeping. 
With respect to Sec.  27.255(a)(1), the Department added a few 
additional record requirements regarding training. In addition to 
keeping records of the date and location of each training session, time 
of day and duration of each session, the name and qualifications of the 
instructor, and a clear, legible list of the attendees including 
attendees' signatures, the facility must also keep at least one other 
unique identifier for each attendee receiving training and the results 
of any evaluation or training. The Department also added a requirement 
to Sec.  27.255(b), requiring facilities to keep submitted Top-Screens 
in addition to submitted

[[Page 17694]]

SVAs and SSPs. In addition, as discussed above in the summary for Sec.  
27.225(e), the Department revised the recordkeeping provision related 
to internal audits. See Sec.  27.255(a)(6).
    The Department also added a new paragraph (c), allowing the 
Department to request that covered facilities make available records 
kept pursuant to other Federal programs or regulations. The Department 
would make such requests for records to the extent that any such 
records were necessary for security purposes. As a result of adding new 
paragraph (c), the Department had to re-designate proposed paragraph 
(c) as paragraph (d).

Subpart C

    The Department has substantially revised Subpart C, which contains 
the provisions for Orders, Adjudications, and Appeals.

Section 27.300 Orders

    The Department has restructured the Orders provisions. Whereas the 
Advance Notice contained four separate sections (see Sec. Sec.  27.300, 
27.305, 27.310, and 27.315), the Department has now consolidated all of 
the Order provisions into one section, Sec.  27.300. The main substance 
of the Orders provisions, however, remains the same. Pursuant to Sec.  
27.300(a), the Assistant Secretary can issue an Order for any instance 
of noncompliance. For example, the Assistant Secretary may issue an 
Order for a facility's refusal to complete a Top-Screen, failure to 
allow an inspection, or failure to update a Site Security Plan.
    Beyond a basic Order, the Assistant Secretary may issue an Order 
Assessing Civil Penalty, an Order to Cease Operations, or both, where 
it determines that a facility is in violation of any Order issued 
pursuant to paragraph (a). See Sec.  27.300(b). Orders Assessing Civil 
Penalty are for a continual noncompliance, a repeated pattern of 
noncompliance or egregious instances of noncompliance. Orders to Cease 
Operations are the most serious Orders that the Assistant Secretary 
might choose to issue under this regulatory scheme. The Assistant 
Secretary will use such a measure cautiously and judiciously and will 
balance the immediate security needs with the possible impact (e.g., 
economic impact or national security effect) of such an Order on the 
chemical industry and the Nation as a whole. As the Department wrote in 
the Advance Notice, ``This authority would be utilized when no other 
options will achieve the required result.'' See 71 FR 78276, 78287.
    Paragraphs (c) through (f) of Sec.  27.300 address the process and 
procedures for Orders. Section 27.300(c) lists the information, at a 
minimum, that the Assistant Secretary must include in an Order and also 
notes that the Assistant Secretary may establish further procedures for 
the issuance of Orders. Section 27.300(d) notes that a facility must 
comply with the terms of the Order by the date specified in the Order. 
Section 27.300(e) indicates that a facility has the right to seek an 
adjudication to review the decision of the Assistant Secretary to issue 
an Order, and Sec.  27.300(f) addresses final agency action.
    With respect to the staying of Orders, the Department addresses 
this issue in the new adjudications sections. Specifically, Sec.  
27.310(b)(4) provides that an Order is stayed from the timely filing of 
a Notice of Application for Review until the Presiding Officer issues 
an Initial Decision, unless the Secretary lifts the stay due to exigent 
circumstances pursuant to Sec.  27.310(d). The new adjudications 
section is discussed in more depth below.

Section 27.305 through 27.340 Adjudications

    Most significantly with respect to adjudications, the Department 
has provided facilities with the opportunity to seek review of 
specified decisions before a neutral adjudications officer. A facility 
or other person may seek review of the following Department (i.e., 
Assistant Secretary) determinations: (1) A finding, pursuant to Sec.  
27.230(a)(12)(iv) that an individual is a potential security threat; 
(2) The disapproval of a Site Security Plan pursuant to Sec.  
27.245(b); or (3) The issuance of an Order pursuant to Sec.  27.300(a) 
or (b). See Sec.  27.310(a).
    The procedures for Applications are found in Sec.  27.310(b). To 
institute Adjudication Proceedings, the facility or other person 
(``Applicant'') must file a Notice of Application for Review within 
seven calendar days of notification of the Assistant Secretary's 
determination. See Sec.  27.310(b)(1)-(2). Then, in an Application for 
Review, the Applicant must explain his or her position (i.e., explain 
why the Assistant Secretary's determination should be set aside). The 
Applicant has 14 calendar days from the date of notification of the 
Assistant Secretary's determination to file and serve an Application 
for Review. See Sec.  27.310(b)(5). The Assistant Secretary, through 
the Office of the General Counsel, shall file and serve a Response 
within 14 calendar days of the filing and service of the Application 
for Review. See Sec.  27.310(c). Finally, the Secretary may make 
certain procedural modifications in exigent circumstances. See Sec.  
27.310(d).
    A Presiding Officer is the neutral adjudications officer who 
handles these proceedings. The Secretary shall appoint a Presiding 
Officer, consistent with the requirements in Sec.  27.315. A Presiding 
Officer shall immediately consider whether a summary adjudication of an 
Application for Review is appropriate, and if the Presiding Officer 
finds that there is no genuine issue of material fact and that one 
party or the other is entitled to decision as a matter of law, then the 
record shall be closed and the Presiding Officer shall issue an Initial 
Decision on the Application for Review. See Sec.  27.330(b). Such 
summary decisions are governed by the procedures in Sec.  27.330.
    Where there is no summary decision, the Presiding Officer may 
conduct a hearing using the procedures specified in Sec.  27.335. The 
Presiding Officer shall close and certify the record upon the 
completion of one of the following: a summary judgment proceeding, a 
hearing, the submission of post-hearing briefs, or the conclusion of 
oral arguments. See Sec.  27.340(a). Based on the certified record, the 
Presiding Officer shall issue an Initial Decision, and the decision 
shall be subject to appeal pursuant to Sec.  27.345.
    In addition to the sections mentioned above, there are a few other 
sections that address provisions related to adjudications. Section 
27.320 specifies the prohibition on ex parte communications during 
Proceedings. And Sec.  27.325 provides that the Assistant Secretary 
bears the initial burden of proving the facts necessary to support the 
challenged administrative action at every proceeding instituted under 
this subpart.
    Finally, as related to the Appeals section below, a Presiding 
Officer's Initial Decision is stayed from the timely filing of a Notice 
of Appeal until the Under Secretary issues a Final Decision, unless the 
Under Secretary lifts the stay due to exigent circumstances. See Sec.  
27.345(b)(4).

Section 27.345 Appeals

    The interim final rule contains a revised appeals section. There 
are several differences. First, a facility or other person may appeal 
the Initial Decision of the Presiding Officer made pursuant to Sec.  
27.340(b). This differs from the Advance Notice, in which a facility 
could appeal a Departmental final determination regarding disapproval 
of a Site Security Plan and the Departmental issuance of an Order. See 
Sec.  27.320 in the Advance Notice.

[[Page 17695]]

Second, the Advance Notice provided that the Under Secretary would make 
decisions for most categories of appeals, and the Deputy Secretary 
would make decisions for one category of appeal. This interim final 
rule provides that all appeals go to the Under Secretary or his 
designee acting as a neutral appeals officer. Third, as is discussed in 
more depth below, the procedures for an appeal have changed.
    The Assistant Secretary, a facility, or other person 
(``Appellant'') may institute an Appeal by filing a Notice of Appeal 
within seven calendar days of notification of the Presiding Officer's 
Initial Decision. See Sec.  27.345(b)(1)-(3). The Appellant shall then 
file and serve a Brief within 28 calendar days of the notification of 
the Presiding Officer's Initial Decision. See Sec.  27.345(b)(5). The 
Appellee shall file and serve its Opposition Brief within 28 days of 
the filing of Appellant's Brief. See Sec.  27.345(b)(6). The Under 
Secretary shall issue a Final Decision and serve it on the parties. A 
Final Decision by the Under Secretary constitutes final agency action. 
See Sec.  27.345(f).
    In addition to the provisions mentioned above, the Department notes 
the following: Pursuant to Sec.  27.345(b), the Under Secretary may 
provide for an expedited appeal; pursuant to Sec.  27.345(c), ex parte 
communications are prohibited; and pursuant to Sec.  27.345(c), a 
facility or other person may elect to have the Under Secretary 
participate in any mediation or other resolution process by expressly 
waiving, in writing, any argument that such participation has 
compromised the Appeals process. In addition, pursuant to Sec.  
27.345(g), the Secretary may establish procedures for the conduct of 
appeals.

Subpart D

Section 27.400 Chemical-Terrorism Vulnerability Information

    The Department has made numerous clarifying changes to the 
chemical-terrorism vulnerability information (CVI) section. Some of 
these changes corrected typographical errors, while several others 
clarified existing provisions. With respect to a minor change, note 
that, in Sec.  27.400 of the Advance Notice, the Department referred to 
CVI as ``Chemical-terrorism Security and Vulnerability Information'' 
and in this interim final rule, the Department now refers to CVI as 
``Chemical-terrorism Vulnerability Information.'' The Department 
intends no change in meaning with this revision.
    The Department has highlighted below the more substantive changes 
to Sec.  27.400. With respect to paragraph (c), the Department has 
removed paragraph (c)(2), because that concept is already covered in 
paragraph (e)(1)(v). In paragraph (d)(1), the Department provides that 
covered persons must protect all CVI in their possession or control, 
including electronic data. In paragraph (e)(1), the Department added 
language providing that a person who might have a ``need to know'' 
includes ``state or local officials, law enforcement officials, and 
first responders.'' In paragraph (e)(1)(ii), the Department clarified 
that a person in training will only have access to CVI that he needs as 
part of his training, and in paragraph (e)(1)(iv), the Department 
clarified that a the person in a fiduciary relationship with a covered 
person who is representing or providing advice to that covered person 
will also have a need to know CVI. In paragraph (e)(2)(iii), the 
Department provides that it may require non-Federal persons seeking 
access to CVI to complete a non-disclosure agreement before such access 
is granted. In paragraph (f)(3), the Department shortened the 
distribution limitation statement and added a new sentence at the end, 
which provides: ``[i]n any administrative or judicial proceedings, this 
information shall be treated as classified information in accordance 
with 6 CFR Sec. Sec.  27.400(h) and (i).'' And in paragraphs (h)(1), 
(i)(1), and (i)(2), the Department made it clear that these sections 
apply to the disclosure of CVI in the context of administrative or 
judicial enforcement proceedings of section 550 only, not any other 
kind of enforcement proceeding. Similarly, in paragraph (i)(7)(iii), 
the Department made it clear that this section applies only to judicial 
enforcement proceedings and not any other judicial proceeding.

Section 27.405 Review and Preemption of State Laws and Regulations

    The Department has made several changes to Sec.  27.405, including 
various regulatory text changes. Among those changes, the Department 
has added paragraph (a)(1). The Department wishes to avoid any 
unintended consequences in the program's interaction with other Federal 
requirements. For this reason, Sec.  27.405(a)(1) provides that 
``[n]othing in this regulation is intended to displace other federal 
requirements administered by the Environmental Protection Agency, U.S. 
Department of Justice, U.S. Department of Labor, U.S. Department of 
Transportation, or other federal agencies.'' For a further discussion 
of these changes and preemption in general, see the section below 
entitled ``Executive Order: 13132: Federalism.''

Proposed Appendix A: DHS Chemicals of Interest

    In the Advance Notice, the Department sought comment on appropriate 
sources of information or methodologies for evaluating and categorizing 
chemical facilities.'' See 71 FR 78276, 78282. The Department responds 
to those comments below in the ``Discussion of Comments.'' In this 
interim final rule, the Department has decided to evaluate chemical 
facility risks by, in part, classifying facilities by particular 
chemicals. In proposed Appendix A, the Department has included a list 
of ``DHS Chemicals of Interest'' along with Screening Threshold 
Quantities, or STQs, for each chemical. The Department has established 
STQs to trigger preliminary screening requirements. The STQ is not the 
threshold quantity for establishing whether a given facility is a high-
risk facility, but only sets a threshold to require a facility to 
complete and submit a CSAT Top-Screen. As noted in the ``Public 
Participation'' section above, the Department is accepting public 
comment on proposed Appendix A for 30 days. Following the close of the 
comment period, the Department will review the comments and publish a 
final Appendix A. The requirements related to Appendix A, which are 
found in Sec. Sec.  27.200(b)(2) and 27.210, will become operative on 
the date that the Department publishes a final Appendix A.
    Pursuant to Sec.  27.200(b)(2), if a facility possesses any 
chemicals identified in Appendix A at the corresponding quantities, the 
facility must complete and submit a Top-Screen. Consistent with the 
submission requirements in Sec.  27.210(a)(1), the facility must 
complete the Top-Screen within 60 calendar days of the effective date 
of a final Appendix A or within 60 calendar days of coming into 
possession of any such chemical at the corresponding quantity. (As 
indicated in the regulatory text, this submission requirement is not 
operative until the Department publishes a final Appendix A.) Note that 
this provision does not affect the Department's ability to contact 
facilities independently of this list. Pursuant to Sec.  27.200(b)(1), 
DHS may notify facilities, on an individual basis or through an 
additional Federal Register notice, that they need to complete and 
submit the Top-Screen. The Department notes that, where a facility has 
a question as to whether it should complete a Top-Screen, the facility 
can contact the

[[Page 17696]]

Department and seek a consultation pursuant to Sec.  27.120.
    The Department reiterates that the presence or amount of a 
particular chemical listed in Appendix A is not the sole factor in 
determining whether a facility presents a high-level of security risk 
and is not an indicator of a facility's coverage under this rule. The 
DHS Chemicals of Interest list merely directs certain facilities to 
complete and submit the Top-Screen. This list serves as a tool to aid 
the Department in gathering information needed to administer the 
program under Section 550. In order for the Department to assess 
compliance by particular chemical facilities with the regulation (see 
Section 550(e)), the Department must first obtain information to 
determine whether the particular chemical facilities qualify for 
coverage under Section 550. The list set out in Appendix A serves as a 
procedural tool designed to aid the Department in determining which 
facilities must comply with the substantive standards. Only after the 
Department gathers additional information through the Top-Screen 
process will the Department make a determination as to whether a 
facility presents a high risk and therefore must comply with the 
regulatory requirements to ensure adequate security. Under Section 550, 
the Department has the authority to use its best judgment and all 
available information in determining whether a facility presents a high 
level of security risk.
    In developing the ``DHS Chemicals of Interest'' list, the 
Department has looked to existing sources of information and has then 
drawn on many of those sources of information, including some of the 
sources that commenters suggested. Those sources include the following: 
(1) The chemicals contained on the EPA's RMP list. Pursuant to the 
Clean Air Act (42 U.S.C. 7401, et seq.), which provides that the EPA 
shall promulgate a list of substances that ``in the case of accidental 
release, are known to cause or may reasonably be anticipated to cause 
death, injury, or serious adverse effects to human health or the 
environment (see 42 U.S.C. 7412(r)(3)), the EPA promulgated two lists. 
Table 1 is titled ``List of Regulated Toxic Substances and Threshold 
Quantities for Accidental Release Prevention,'' and Table 3 is titled 
``List of Regulated Flammable Substances and Threshold Quantities for 
Accidental Release Prevention'' (see 40 CFR 68.130); (2) The chemicals 
from the Chemical Weapons Convention (CWC). Section 6701, et seq. of 
Title 22 of the United States Code implements the Convention on the 
Prohibition of the Development, Production, Stockpiling and Use of 
Chemical Weapons and on Their Destruction. The CWC covers three lists, 
or ``schedules'' of chemicals. Schedule 1 chemicals are provided in 
Supplement No. 1 to 15 CFR part 712, Schedule 2 chemicals are provided 
in Supplement No. 2 to 15 CFR part 713, and Schedule 3 chemicals are 
provided in Supplement No. 3 to 15 CFR part 714; and (3) Hazardous 
materials, including gases poisonous by inhalation (PIH) and explosive 
materials, which the Department of Transportation regulates. See 49 CFR 
173.115(c), 49 CFR 173.50(b), and 49 CFR 172.101. The Department has 
also considered other categories of chemicals, such as chemicals that 
can be used as precursors for Improvised Explosive Devices (IEDs) and 
certain water-reactive materials that produce toxic gases.
    The Department makes a few points with respect to the list in 
Appendix A. First, DHS is not using any existing list (e.g., the EPA 
RMP list) as its sole source, and DHS is not classifying all facilities 
on a list in one particular way (i.e., classifying all RMP facilities 
as high-risk). By using multiple sources at this initial phase, DHS 
believes it is obtaining a more complete picture of the universe of 
facilities that may qualify as high-risk. Second, in identifying the 
types and STQs of chemicals for Appendix A, the Department has sought 
to be sufficiently inclusive of chemicals and quantities that might 
present a high level of risk under the statute without being overly 
inclusive and therefore capturing facilities which are unlikely to 
present a high level of risk.
    In addition to drawing on information from existing sources, the 
Department has identified chemicals by considering three security 
issues. These three security issues, which are explained below, address 
multiple risk areas.
    1. Release--DHS believes that certain quantities of toxic, 
flammable, or explosive chemicals or materials, if released from a 
facility, have the potential for significant adverse consequences for 
human life or health.
    2. Theft or Diversion--DHS believes that certain chemicals or 
materials, if stolen or diverted, have the potential to be used as 
weapons or easily converted into weapons using simple chemistry, 
equipment or techniques in order to c