Air Cargo Screening, 47672-47710 [E9-21794]

Agencies

• DEPARTMENT OF HOMELAND SECURITY
• Transportation Security Administration

[Federal Register Volume 74, Number 178 (Wednesday, September 16, 2009)]
[Rules and Regulations]
[Pages 47672-47710]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-21794]



[[Page 47671]]

-----------------------------------------------------------------------

Part III





Department of Homeland Security





-----------------------------------------------------------------------



Transportation Security Administration



-----------------------------------------------------------------------



49 CFR Parts 1515, 1520, 1522, et al.



Air Cargo Screening; Interim Final Rule

Federal Register / Vol. 74, No. 178 / Wednesday, September 16, 2009 / 
Rules and Regulations

[[Page 47672]]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration

49 CFR Parts 1515, 1520, 1522, 1540, 1544, 1546, 1548, and 1549

[Docket No. TSA-2009-0018; Amendment Nos. 1515-1, 1520-8, 1522-New, 
1540-10, 1544-9, 1546-5, 1548-5, 1549-New]
RIN 1652-AA64


Air Cargo Screening

AGENCY: Transportation Security Administration, DHS.

ACTION: Interim final rule; request for comments.

-----------------------------------------------------------------------

SUMMARY: This rule codifies a statutory requirement of the Implementing 
Recommendations of the 9/11 Commission Act that the Transportation 
Security Administration (TSA) establish a system to screen 100 percent 
of cargo transported on passenger aircraft by August 3, 2010. To assist 
in carrying out this mandate, this rule establishes a program under 
which TSA will certify cargo screening facilities located in the U.S. 
that volunteer to screen cargo prior to tendering it to aircraft 
operators for carriage on passenger aircraft. This rule requires 
affected passenger aircraft operators to ensure that either an aircraft 
operator or certified cargo screening facility that does so in 
accordance with TSA standards, or TSA itself, screens all cargo loaded 
on passenger aircraft.
    TSA will require certified cargo screening facilities (CCSFs) to 
screen cargo using TSA-approved methods and implement chain of custody 
measures to ensure the security of the screened cargo throughout the 
air cargo supply chain prior to tendering it for transport on passenger 
aircraft. CCSF personnel must successfully undergo a TSA-conducted 
security threat assessment (STA) and pay a fee for that assessment. TSA 
proposes a fee to cover the Government's costs in conducting the STA 
and requests comment on the fee and the methodology used to develop the 
fee.
    Before being certified and periodically thereafter, the CCSF must 
undergo examination by a TSA-approved validator. Validators must have 
specified qualifications, complete training regarding the certified 
cargo screening program (CCSP), and successfully undergo a TSA-
conducted STA as described in the discussion of part 1540 in this 
preamble, and pay a fee for that assessment.

DATES: Effective Date: This rule is effective November 16, 2009.
    Comment Date: Comments must be received by November 16, 2009.

ADDRESSES: You may submit comments, identified by the TSA docket number 
to this rulemaking, to the Federal Docket Management System (FDMS), a 
government-wide, electronic docket management system, using any one of 
the following methods:
    Electronically: You may submit comments through the Federal 
eRulemaking portal at https://www.regulations.gov. Follow the online 
instructions for submitting comments.
    Mail, In Person, or Fax: Address, hand-deliver, or fax your written 
comments to the Docket Management Facility, U.S. Department of 
Transportation, 1200 New Jersey Avenue, SE., West Building Ground 
Floor, Room W12-140, Washington, DC 20590-0001; Fax 202-493-2251. The 
Department of Transportation (DOT), which maintains and processes TSA's 
official regulatory dockets, will scan the submission and post it to 
FDMS.
    See SUPPLEMENTARY INFORMATION for format and other information 
about comment submissions.

FOR FURTHER INFORMATION CONTACT: Tamika McCree, Manager, Air Cargo 
Stakeholder Relations, Air Cargo Security, TSA-28, Transportation 
Security Administration, 601 South 12th Street, Arlington, VA 20598-
6028; telephone (571) 227-2632; facsimile (571) 227-1947; e-mail 
AirCargoScreeningCommentsIFR@dhs.gov.

SUPPLEMENTARY INFORMATION:

Comments Invited

    TSA adopts this interim rule without prior notice and prior public 
comment. In this rule, however, TSA seeks prior public comment on our 
proposed fee to cover the cost of the STAs. To the maximum extent 
possible, DHS provides an opportunity for public comment on regulations 
issued without prior notice. Accordingly, TSA invites interested 
persons to participate in this rulemaking by submitting written 
comments, data, or views on the proposed fee for the STA, as well as 
all other aspects of this rule. We also invite comments relating to the 
economic, environmental, energy, or federalism impacts that might 
result from this rulemaking action. See ADDRESSES above for information 
on where to submit comments.
    With each comment, please identify the docket number at the 
beginning of your comments. TSA encourages commenters to provide their 
names and addresses. The most helpful comments reference a specific 
portion of the rulemaking, explain the reason for any recommended 
change, and include supporting data. You may submit comments and 
material electronically, in person, by mail, or fax as provided under 
ADDRESSES, but please submit your comments and material by only one 
means. If you submit comments by mail or delivery, submit them in an 
unbound format, no larger than 8.5 by 11 inches, suitable for copying 
and electronic filing.
    If you would like TSA to acknowledge receipt of comments submitted 
by mail, include with your comments a self-addressed, stamped postcard 
on which the docket number appears. We will stamp the date on the 
postcard and mail it to you.
    TSA will file in the public docket all comments received by TSA, 
except for comments containing confidential information and sensitive 
security information (SSI),\1\ TSA will consider all comments received 
on or before the closing date for comments and will consider comments 
filed late to the extent practicable. The docket is available for 
public inspection before and after the comment closing date.
---------------------------------------------------------------------------

    \1\ ``Sensitive Security Information'' or ``SSI'' is information 
obtained or developed in the conduct of security activities, the 
disclosure of which would constitute an unwarranted invasion of 
privacy, reveal trade secrets or privileged or confidential 
information, or be detrimental to the security of transportation. 
The protection of SSI is governed by 49 CFR part 1520.
---------------------------------------------------------------------------

Handling of Confidential or Proprietary Information and Sensitive 
Security Information (SSI) Submitted in Public Comments

    Do not submit comments that include trade secrets, confidential 
commercial or financial information, or SSI to the public regulatory 
docket. Please submit such comments separately from other comments on 
the rulemaking. Comments containing this type of information should be 
appropriately marked as containing such information and submitted by 
mail to the address listed in FOR FURTHER INFORMATION CONTACT section.
    Upon receipt of such comments, TSA will not place the comments in 
the public docket and will handle them in accordance with applicable 
safeguards and restrictions on access. TSA will hold documents 
containing SSI, confidential business information, or trade secrets in 
a separate file to which the public does not have access, and place a 
note in the public docket that TSA has received such materials from the 
commenter. If TSA determines, however, that portions of these comments 
may be made publicly available, TSA may include a redacted

[[Page 47673]]

version of the comment in the public docket. If TSA receives a request 
to examine or copy information that is not in the public docket, TSA 
will treat it as any other request under the Freedom of Information Act 
(FOIA) (5 U.S.C. 552) and the FOIA regulation of the Department of 
Homeland Security found in 6 CFR part 5.

Reviewing Comments in the Docket

    Please be aware that anyone is able to search the electronic form 
of all comments received into any of our dockets by the name of the 
individual who submitted the comment (or signed the comment, if 
submitted on behalf of an association, business, labor union, etc.). 
You may review the applicable Privacy Act Statement published in the 
Federal Register on April 11, 2000 (65 FR 19477) and modified on 
January 17, 2008 (73 FR 3316).
    You may review TSA's electronic public docket on the Internet at 
https://www.regulations.gov. In addition, DOT's Docket Management 
Facility provides a physical facility, staff, equipment, and assistance 
to the public. To obtain assistance or to review comments in TSA's 
public docket, you may visit this facility between 9 a.m. to 5 p.m., 
Monday through Friday, excluding legal holidays, or call (202) 366-
9826. This docket operations facility is located in the West Building 
Ground Floor, Room W12-140 at 1200 New Jersey Avenue, SE., Washington, 
DC 20590.

Availability of Rulemaking Document

    You can get an electronic copy using the Internet by--
    (1) Searching the electronic Federal Docket Management System 
(FDMS) Web page at https://www.regulations.gov;
    (2) Accessing the Government Printing Office's Web page at https://www.gpoaccess.gov/fr/; or
    (3) Visiting TSA's Security Regulations Web page at https://www.tsa.gov and accessing the link for ``Research Center'' at the top 
of the page.
    In addition, copies are available by writing or calling the 
individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to 
identify the docket number of this rulemaking.

Small Entity Inquiries

    The Small Business Regulatory Enforcement Fairness Act (SBREFA) of 
1996 requires TSA to comply with small entity requests for information 
and advice about compliance with statutes and regulations within TSA's 
jurisdiction. Any small entity that has a question regarding this 
document may contact the person listed in FOR FURTHER INFORMATION 
CONTACT. Persons can obtain further information regarding SBREFA on the 
Small Business Administration's Web page at https://www.sba.gov/advo/laws/law_lib.html.

Abbreviations and Terms Used in This Document

CBP U.S. Customs and Border Protection
CCSF Certified Cargo Screening Facility
CCSP Certified Cargo Screening Program
CFR Code of Federal Regulations
CHRC Criminal History Records Check
DHS Department of Homeland Security
FSD Federal Security Director
IAC Indirect Air Carrier
IED Improvised Explosive Device
MSP Model Security Program
SIDA Security Identification Display Area
SSI Sensitive Security Information
STA Security Threat Assessment
TSA Transportation Security Administration

Outline of Interim Final Rule

I. Summary of Rule
II. Background
    A. Current Air Cargo Screening
    B. 9/11 Act Requirements
    C. Development of the Certified Cargo Screening Program
    D. Certified Cargo Screening Pilot Programs
III. TSA's Program for Achieving the Statutory Mandates for Cargo 
Loaded Domestically
IV. Organization of the Rule
V. Section-by-Section Analysis
VI. Good Cause for Immediate Adoption
VII. Paperwork Reduction Act
VIII. Economic Impact Analyses
    A. Regulatory Evaluation Summary
    B. Executive Order 12866 Assessment
    C. Regulatory Flexibility Act Assessment
    D. International Trade Impact Assessment
    E. Unfunded Mandates Assessment
IX. Executive Order 13132, Federalism
X. Environmental Analyses
XI. Energy Impact Analysis
List of Subjects
The Amendments

I. Summary of Rule

    This rule provides that affected U.S. aircraft operators and 
foreign air carriers \2\ must have screened at least 50 percent of its 
cargo transported on passenger aircraft by February 3, 2009, and must 
screen 100 percent of cargo by August 3, 2010, to carry out sec. 1602 
of the Implementing the Recommendations of the 9/11 Commission Act of 
2007 (Pub. L. 110-53, 121 Stat. 266, 478, Aug. 3, 2007) (9/11 Act). The 
rule applies to certain commercial passenger operations, and applies to 
foreign air carriers the same standards that apply to U.S. aircraft 
operators, for the same types of flights. This rule applies only to 
cargo loaded in the United States. It does not apply to either U.S. 
aircraft operators or foreign air carriers when they load cargo outside 
the U.S. and transport it into the U.S., nor to U.S. or foreign all-
cargo operations. This rule will not cover general aviation operations.
---------------------------------------------------------------------------

    \2\ The affected aircraft operators are U.S. aircraft operators 
with full programs under 49 CFR 1544.101(a) and foreign air carriers 
with security programs under 49 CFR 1546.101(a) or (b). This 
includes aircraft operators with scheduled or public charter 
operations with an aircraft having a passenger seating configuration 
of 61 or more seats, and those operating smaller aircraft when 
passengers are enplaned from or deplaned into a sterile area.
---------------------------------------------------------------------------

    The Transportation Security Administration (TSA) concluded that 
this mandate could not be achieved by relying solely on U.S. aircraft 
operators and foreign air carriers to conduct screening. Aircraft 
operators do not have the capacity to screen the approximately 12 
million pounds of cargo that is now transported on passenger aircraft 
daily. Requiring passenger aircraft operators to screen 100 percent of 
air cargo would result in carrier delays, backlogs of unscreened cargo, 
and missed flights, which could significantly impede the flow of 
commerce.
    Accordingly, TSA will establish the certified cargo screening 
program (CCSP) to allow entities other than aircraft operators to 
conduct screening off-airport. Under the CCSP, facilities upstream in 
the air cargo supply chain, such as shippers, manufacturers, 
warehousing entities, distributors, third party logistics companies, 
and Indirect Air Carriers (IACs) that are located in the U.S., may 
apply to TSA to become certified cargo screening facilities (CCSFs). 
Aircraft operators that screen cargo off-airport must also become CCSFs 
in order to screen cargo for transport on passenger aircraft. These 
applicants must submit to TSA an application for certification of a 
single facility, including a TSA-approved validator's evaluation of the 
applicant's security measures. Once certified, the CCSF must--
     Implement the certified cargo screening standard security 
program that TSA develops and any amendments to it;
     Appoint security coordinators at the corporate and 
facility levels and alternates to be available 24 hours per day, 7 days 
per week;
     Ensure that the following individuals successfully undergo 
a TSA-conducted STA: (1) Each employee and authorized representative 
who screens cargo or has unescorted access to screened cargo, and (2) 
each security coordinator and alternate, senior manager of the 
facility, and other individual who implements the cargo screening 
program;

[[Page 47674]]

     Adhere to strict physical and access control measures for 
the storage, handling, and screening of cargo;
     Screen cargo using TSA-approved methods;
     Implement chain of custody requirements, including the use 
of tamper evident technology, which must begin when the cargo is 
screened and remain intact until the cargo is tendered to the aircraft 
operator for transport on a passenger aircraft; and
     Apply for recertification, including a new examination by 
a TSA-approved validator, every 36 months.
    TSA believes that it is important for CCSFs to submit to a 
recertification assessment of their security programs every three years 
in order to maintain good standing in the CCSP. Within the 36 month 
period, TSA will inspect the CCSF for compliance and the CCSFs will 
conduct quarterly self-audits. TSA based the 36-month cycle on a 
similar program in the United Kingdom, the Known Consignor program 
discussed in section II.C. below.
    This rule establishes procedures under which firms may apply for 
TSA's approval to conduct validation assessments of CCSF facilities. 
Approved validation firms must hold and carry out a TSA-approved 
security program, must have security coordinators to be the primary 
point of contact for security at the facility, and must ensure that 
individuals conducting assessments have professional qualifications, 
receive training, do not have conflicts of interest with facilities to 
be assessed, and conduct assessments impartially. The rule requires 
validators and their supervisors and validation firm security 
coordinators and their alternates to successfully undergo a TSA-
conducted STA. Individuals conducting validation assessments must--
     Be a citizen or national of the United States or be a 
lawful permanent resident alien;
     Hold a certification or accreditation from a TSA-
recognized organization qualified to certify or accredit a validator;
     Have at least five years of experience in inspection or 
validating compliance with certain government and industry 
organizations;
     Have sufficient knowledge of certain regulations, 
policies, and security programs and be able to determine compliance;
     Have sufficient knowledge of the CCSP; and
     Conduct no more than two assessments of a facility seeking 
approval, unless TSA authorizes otherwise.
    This rule also amends the threat assessment provisions that 
currently exist in 49 CFR part 1540, subpart C, for individuals who 
work in the air cargo sector to enhance TSA's ability to effectively 
conduct STAs.

II. Background

A. Current Air Cargo Screening

    Since 2002, TSA has implemented a multilayered, risk-based system 
for securing cargo transported on passenger aircraft. U.S. aircraft 
operators and foreign air carriers must ensure that cargo transported 
on passenger aircraft is screened or inspected as set forth in their 
security programs. 49 CFR 1544.205, 1546.205. IACs must screen a 
certain percentage of cargo prior to tendering the cargo for transport 
or take other security measures as required in the applicable Security 
Directives and in their security programs.\3\ U.S. aircraft operators, 
foreign air carriers, and IACs must screen 100 percent of cargo 
considered to present an ``elevated risk,'' and TSA screens 100 percent 
of all cargo transported on passenger aircraft at Category II-IV 
airports.\4\
---------------------------------------------------------------------------

    \3\ Security Directives and security programs are SSI and the 
details are non-public information. See footnote 1.
    \4\ There are several categories of airport designations that 
are based largely on the number of enplanements. Category II-IV 
airports include those with less than five million annual domestic 
enplanements or with five million or more annual domestic 
enplanements, but less than one million international enplanements. 
Overall, approximately 99 percent of cargo loaded on passenger 
aircraft in the United States is loaded at Category X and I 
airports.
---------------------------------------------------------------------------

    Currently, aircraft operators conduct screening of most cargo at 
the airports. Generally applicable TSA-approved methods of screening 
include x-ray, explosives trace detection (ETD), explosive detection 
systems (EDS), explosives detection canine teams, and physical 
inspection along with verification of the description of the cargo on 
the shipping manifest. There are certain categories of cargo for which 
these generally applicable methods of screening may not be effective or 
feasible, so the aircraft operators and IACs use TSA-approved 
alternative methods of screening.

B. 9/11 Act Requirements

    The 9/11 Act amended 49 U.S.C. 44901(g)(1), which provides, in 
pertinent part:

    Not later than 3 years after the date of enactment of the [9/11 
Act], the Secretary of Homeland Security shall establish a system to 
screen 100 percent of cargo transported on passenger aircraft 
operated by an air carrier or foreign air carrier in air 
transportation or intrastate air transportation to ensure the 
security of all such passenger aircraft carrying cargo.

As amended by the 9/11 Act, 49 U.S.C. 44901(g)(2) provides that the 
system used to screen cargo on passenger aircraft shall provide a level 
of security ``commensurate with the level of security for the screening 
of passenger checked baggage'' and directs that--
     Fifty percent of such cargo must be screened not later 
than February 3, 2009; and
     One hundred percent of such cargo must be screened not 
later than August 3, 2010.

Section 44901(g)(3)(B) explicitly authorizes TSA to issue an interim 
final rule (IFR) to implement the requirements. If TSA issues an IFR, 
TSA must issue a final rule not later than one year after the effective 
date of the IFR.
    The 9/11 Act defines the term ``screening'' in sec. 44901(g)(5) to 
mean ``a physical examination or non-intrusive method of assessing 
whether cargo poses a threat to transportation security. Methods 
include x-ray systems, explosives detection systems, explosives trace 
detection, explosives detection canine teams certified by TSA or a 
physical search together with manifest verification.'' This section 
further provides that TSA may approve additional methods to ensure that 
the cargo does not pose a threat to transportation security and to 
assist in meeting the requirements of the 9/11 Act. TSA will continue 
to consider different technologies or methods for screening cargo 
transported on passenger or cargo flights. TSA would approve these 
additional methods and technologies based on their applicability and 
effectiveness in screening specific commodities.

C. Development of the Certified Cargo Screening Program

    TSA recognized that it needed to develop a program that could 
achieve the 9/11 Act's requirement for 100 percent screening while 
still allowing for the flow of commerce. Approximately 12 million 
pounds of cargo are transported on passenger aircraft in the United 
States each day. In evaluating the practical implications of 100 
percent screening, the Congressional Research Service has stated that 
``* * * given the sheer volume of cargo that must be expediently 
processed and loaded on aircraft * * * full screening of air cargo, as 
is now required of checked passenger baggage, is likely to present 
significant logistic and operational challenges.'' CRS Report for 
Congress, Air Cargo Security, Updated July 30, 2007, CRS-2.

[[Page 47675]]

    TSA has developed the CCSP by working closely with U.S. and 
international agencies and associations to incorporate key aspects of 
similar security programs in other countries and in the United States. 
In particular, TSA studied the Known Consignor programs in Great 
Britain and Ireland. Such programs have been in effect for several 
years and operate successfully. TSA also examined the security measures 
of the Customs-Trade Partnership Against Terrorism (C-TPAT), a U.S. 
Customs and Border Protection (CBP) program. Like the programs in Great 
Britain and Ireland, CBP's C-TPAT program adopts the concept of supply 
chain security in its voluntary program under which participants 
benefit from expedited CBP processing.
    The United Kingdom (UK) Known Consignor program has key features 
that TSA has incorporated into the CCSP. First, like the CCSP, the UK 
Known Consignor program relies on authorized entities to augment air 
carriers' screening of cargo. Both programs rely on a chain of custody 
concept, requiring verification that no tampering has occurred between 
the time of screening and the time the cargo is tendered to the air 
carrier.
    Second, the UK Known Consignor program requires approved validators 
to assess Known Consignors and requires Known Consignors to pay a fee 
for these assessments. TSA based the validator requirements in this 
IFR, in part, on the UK program. In both programs, entities wishing to 
serve as validators seek approval from the government regulatory 
agency. In both programs, the government reviews the validators' 
assessments and, where appropriate, government agents may conduct 
inspections to determine if enforcement action is necessary.
    In addition to these structural similarities, some of the methods 
to secure cargo will be similar in the two programs. For example, the 
UK program makes use of tamper-resistant seals, tamper evident tape, 
and procedures to document that the cargo is not subject to 
unauthorized access from the time the cargo is screened until it is 
tendered to an aircraft operator for transport on a passenger aircraft. 
These are key elements in the CCSP ``chain of custody'' framework.
    The UK program has been in place since 2003 and has achieved the 
benefits TSA seeks to gain from the CCSP. Known consignors screen close 
to 50 percent of cargo that otherwise would be screened by aircraft 
operators and foreign air carriers on airports; the rest of the cargo 
is screened by air carriers. Having aircraft operators and foreign air 
carriers screen all cargo at airports could result in delays in flights 
and backlogs of cargo to be screened. The UK program significantly 
reduces potential adverse impacts on the flow of commerce that 
otherwise could result if aircraft operators and foreign air carriers 
were required to screen all cargo. The same concerns exist for 
screening cargo at U.S. airports.

D. Certified Cargo Screening Pilot Programs

    TSA is testing the concept of screening earlier in the supply chain 
by conducting two parallel pilot programs: (1) The CCSP pilot involving 
shippers and other entities, such as manufacturers, distributors, and 
third party logistics companies, and (2) the IAC technology pilot. The 
CCSP pilots began at the following major gateway airports representing 
over 65% of all air cargo loaded on passenger flights: San Francisco 
(SFO), Chicago (ORD), Philadelphia (PHL), Seattle (SEA), Los Angeles 
(LAX), Dallas-Fort Worth (DFW), Miami (MIA), Atlanta (ATL), and New 
York/Newark (JFK/EWR). The IAC pilot is now in effect at all U.S. 
airports.
    Over 65 percent of all cargo transported on passenger aircraft is 
carried on wide-body passenger aircraft, such as a B-767, from the 
airports listed above. Approximately 43 percent of cargo transported on 
wide-body aircraft originates in 6 of these airports. Thus, TSA focused 
its outreach for the pilot programs on the entities using the airports 
with the highest volume of cargo transported on wide body passenger 
aircraft. Industry agreed to participate in the pilots.
    TSA conducted outreach for the CCSP pilot program by contacting 120 
shippers and other entities in 9 major cities. The CCSP pilot focuses 
on the ability of these entities to screen cargo according to methods 
approved by TSA, primarily by physical search of the shipping box 
before it is closed, sealed, and leaves the facility using a secure 
chain of custody. Shippers, manufacturers, distributors, and third-
party logistics companies are in the best position to screen the 
contents of the box before it leaves their facility, as they know what 
should be in the box and can spot anomalies quickly. As long as the 
screening is conducted in accordance with TSA procedures and the chain 
of custody remains intact when the cargo is loaded on passenger 
aircraft, the cargo does not have to be rescreened.
    The IAC technology pilot is evaluating the effectiveness of cargo 
screening technology and processes recommended by TSA by commodity 
class at each participant's consolidation facility. Congressional 
appropriations provided TSA with funds for the screening of air cargo. 
TSA is using these funds in part to assist in the deployment of 
appropriate screening technology for use in the IAC pilot. The IAC 
technology pilot participants must use either x-ray or Explosive Trace 
Detection (ETD) equipment during the screening process. This pilot is 
also evaluating the IAC community's ability to screen cargo volumes, 
and the use of chain of custody procedures.
    When the IFR becomes effective, the CCSP pilot program will end. 
Participants will become CCSFs under the IFR. The IACs in the IAC 
technology pilot will continue to collect and submit information to TSA 
regarding the cargo screening technology until August 2010. TSA will 
collect information after the IFR becomes effective under OMB's 
Paperwork Reduction Act approval for the IFR; this information will 
include the data collected during the IAC technology pilot. After the 
completion of the IAC technology pilot, DHS will conduct an evaluation 
of the pilot.

III. TSA's Program for Achieving the Statutory Mandates for Cargo 
Loaded Domestically

    With respect to cargo loaded within the United States, TSA 
implemented two measures that assisted industry in achieving the 
requirement that 50 percent of cargo transported on passenger aircraft 
be screened by February 3, 2009. First, on August 1, 2008, TSA issued 
an amendment to the Aircraft Operator Standard Security Program that 
requires 100 percent screening of cargo transported on narrow-body 
passenger aircraft. Narrow-body aircraft represent 96 percent of all 
domestic passenger flights, and approximately one-quarter of all cargo 
on passenger aircraft travels on narrow-body aircraft. TSA has required 
that all cargo on narrow-body passenger aircraft, such as a B-737, must 
be screened. This requirement was a key component of achieving the 9/11 
Act's requirement to ensure that 50 percent of cargo on passenger 
aircraft was screened by February 2009. The second key component was to 
have IACs participating in the pilot program at the major gateway 
airports screen cargo prior to their consolidating the cargo for the 
airlines. Data from the pilot programs, as well as inspections by TSA 
Inspectors, demonstrates that industry has achieved the 50 percent 
milestone of the 9/11 Act.
    This rule is a key component of our strategy to maintain 50 percent 
screening as of February 3, 2009, and to

[[Page 47676]]

achieve 100 percent screening by August 3, 2010. The rule will allow 
shippers to screen their cargo prior to tendering it to the airlines. 
We have developed this IFR implementing the permanent CCSP based on 
lessons learned in the CCSP pilot program. We estimate that, at full 
implementation, certified cargo screening facilities and aircraft 
operators will screen cargo traveling on passenger aircraft as follows:
     Of the 4.3 billion pounds of cargo shipped on passenger 
aircraft annually, aircraft operators will screen 30 percent of the 
cargo or 1.3 billion pounds;
     CCSFs using screening equipment will screen 38 percent of 
the cargo or 1.6 billion pounds; and
     CCSFs using physical search methods to screen will screen 
32 percent of the cargo or 1.4 billion pounds.

IV. Organization of the Rule

    The section-by-section analysis below is organized sequentially to 
follow the CFR numbering. This rule amends a number of TSA's existing 
regulations and adds several new parts to the CFR. Briefly, these 
changes include the following:
     The rule expands 49 CFR part 1515 to provide redress 
procedures for individuals who undergo STAs in connection with their 
air cargo work for aircraft operators, certified cargo screening 
facilities, and validation firms, if they receive an adverse decision 
from TSA.
     The rule amends 49 CFR part 1520, the regulations 
governing sensitive security information (SSI), requiring these newly-
regulated populations, such as CCSFs and validators, to protect such 
information from disclosure.
     The rule adds a new 49 CFR part 1522, establishing a 
system to authorize TSA-approved validators to perform assessments of 
CCSFs. It also provides a framework for potential future use in other 
TSA programs.
     The rule amends the existing STA regulations in 49 CFR 
part 1540, subpart C, to encompass newly-required STAs for certain 
personnel of certified cargo screening facilities and approved 
validation firms. Also, the rule amends the list of biographic 
information that applicants and operators must provide TSA, so that TSA 
can conduct more efficient threat assessments. In addition, the rule 
adds provisions to facilitate the use of comparable threat assessments 
in place of the assessments that TSA requires in subpart C of part 
1540.
     The rule amends 49 CFR parts 1544 and 1546 to impose new 
requirements on U.S. aircraft operators and foreign air carriers with 
respect to the cargo screening and acceptance of cargo from CCSFs.
     The rule also amends 49 CFR parts 1544, 1546, and 1548 to 
clarify which individuals are subject to the STA requirements and to 
better reflect current TSA requirements in the standard security 
programs for U.S. aircraft operators, foreign air carriers, and IACs.
     The rule adds a new 49 CFR part 1549, which provides the 
regulatory requirements for facilities participating in the CCSP. 
Requirements include qualifications of screening personnel, STAs, 
adoption of security programs, and cargo screening procedures.

V. Section-by-Section Analysis

Part 1515--Appeal and Waiver Procedures for Security Threat Assessments 
for Individuals

Section 1515.1--Scope
    In part 1515, TSA sets forth redress procedures for many of the 
transportation workers who must successfully complete an STA. These 
STAs are described more fully in the Section-by-Section analysis for 
part 1540, subpart C. The redress procedures include administrative 
appeals, requests for waivers, and review of certain cases by 
administrative law judges. This rule amends Sec.  1515.1 to expand the 
scope of part 1515 to include applicants engaged in air cargo 
operations who work for certified cargo screening facilities or 
validation firms who have applied for an STA and wish to appeal an 
Initial Determination of Threat Assessment or an Initial Determination 
of Threat Assessment and Immediate Revocation.
Section 1515.9--Appeal of Security Threat Assessment Based on Other 
Analyses
    This rule revises Sec.  1515.9 to expand its scope to allow 
applicants engaged in air cargo operations who work for certified cargo 
screening facilities or validation firms to appeal an Initial 
Determination of Threat Assessment in which TSA has determined that the 
applicants pose a security threat under 49 CFR 1549.107.
Section 1515.11--Review by Administrative Law Judge and TSA Final 
Decision Maker
    This rule revises Sec.  1515.11 to allow applicants engaged in air 
cargo operations who work for certified cargo screening facilities or 
validation firms and who have received Final Determinations of Threat 
Assessment after appeals as described in Sec.  1515.9 to obtain review 
of these determinations by an administrative law judge and the TSA 
Final Decision Maker.

Part 1520--Protection of Sensitive Security Information

    Implementation of this rule will create new types of sensitive 
security information (SSI) and new populations of persons with access 
to, and responsibilities for, protecting all SSI. See Footnote 1. 
Therefore, TSA is making the following changes to part 1520, which 
implements the SSI program.
Section 1520.5--Sensitive Security Information
    This rule amends the list of information constituting SSI in Sec.  
1520.5 to include the SSI to be created under this rule. Specifically, 
TSA adds ``air cargo'' to paragraph (b)(1)(i) of this section, which 
contains the listing of security programs that constitute SSI. Such 
programs include those for IACs as well as for CCSFs and validation 
firms. TSA has determined that validation firm security programs 
(operating under part 1522) and CCSF security programs (operating under 
part 1549) to be SSI because they will contain specific information 
about how the operation will implement measures for personnel security, 
physical security, chain-of-custody controls, and other measures that--
if publicly disclosed--would allow a terrorist or other person with 
malicious intent to jeopardize air cargo security.
    In a related, clarifying change, this rule amends Sec.  1520.3 to 
remove the definition of ``security program.'' This definition, which 
is only used in Sec.  1520.5, is unnecessary, because it only describes 
which security programs are SSI, a subject which is entirely covered in 
Sec.  1520.5. Removing this duplicative provision will preclude 
possible confusion. TSA moved the phrase ``including any comments, 
instructions, or implementing guidance'' from the definition of 
security program to Sec.  1520.5(b)(1) to make clear that comments, 
instructions, and implementing guidance for security programs are 
protected in the same way as the security programs themselves.
Section 1520.7--Covered Persons
    This rule also amends the definition of ``covered person'' in Sec.  
1520.7 to include personnel of certified cargo screening facilities and 
of validation firms. These persons will have access to SSI, including 
security programs and applicable security directives and orders. 
Including these persons as ``covered individuals'' brings them within 
the scope of the responsibilities

[[Page 47677]]

for protecting SSI that are contained in 49 CFR 1520.9. These include 
the duty to protect SSI from disclosure and to report incidents of 
unauthorized disclosure to TSA.

Part 1522--TSA-Approved Validation Firms and Validators

    The provisions of part 1522 establish a system in which TSA 
approves validation firms; these firms are responsible for hiring 
individuals, called validators, who must have specific qualifications. 
These validators are responsible for conducting the assessments of the 
facility seeking certification or recertification as a CCSF operating 
under part 1549. The CCSF applicants (whether they are individual 
companies or IACs) will pay the validation firm for the validation 
assessment. TSA will not charge or establish a fee for that purpose.
    Firms that seek to perform the functions of validation firms for 
purposes of the CCSP must apply to TSA for approval and, once approved, 
must perform the functions in accordance with TSA's requirements. The 
criteria for approval and the performance requirements are set forth in 
part 1522 and described below. Part 1522 also addresses the 
qualifications and responsibilities of individual validators, who, on 
behalf of a validation firm, actually perform the assessments of 
persons, operations, or facilities regulated under this chapter.
Section 1522.1--Scope and Terms Used in This Part
    Section 1522.1(a) explains that part 1522 governs the use of 
private firms employing individual validators to assess whether certain 
persons regulated by TSA are complying with security programs 
applicable to those persons and other TSA requirements.
    Paragraph (b) of Sec.  1522.1 defines the terms used in part 1522. 
The rule defines ``TSA-approved validation firm'' or ``validation 
firm'' as a firm that has received TSA's approval to make such 
assessments on whether regulated persons have complied with security 
programs and other TSA requirements applicable to those persons. The 
rule defines ``applicant'' as a firm seeking to become a TSA-approved 
validation firm. The rule's definition of ``firm'' includes business 
enterprises, including individuals operating as a business, as well as 
other non-governmental organizations, such as non-profit corporations. 
The term ``validator'' means the particular individual assigned by the 
validation firm to perform a given assessment; thus, the terms 
``validation firm'' and ``validator'' are not synonymous. The term 
``assessment'' as defined in Sec.  1522.1, refers to the validator's 
evaluation of compliance with the relevant requirements of a security 
program.
    The rule also defines the term ``national of the United States.'' 
For purposes of this rule, `national' means a citizen of the United 
States, or a person who, though not a citizen, owes permanent 
allegiance to the United States, as defined in 8 U.S.C. 1101(a)(22), 
and includes American Samoa and Swains Island. It is consistent with 
the definition of the same term (49 CFR 1570.3) in the Maritime and 
Land Transportation Security regulations and with the definition in 8 
U.S.C. 1101(a)(22).
    Validation firms and validators must be free of conflicts of 
interest to perform assessments for TSA programs. Section 1522.129(a) 
requires validation firms to maintain records demonstrating compliance 
with this regulation, including the conflict-of-interest requirements. 
As part of the inspection process, TSA may review records concerning a 
facility's compliance with conflict of interest provisions.
    Section 1522.1(b) defines ``conflict of interest'' as a situation 
in which a relationship with, or a financial interest in, the person 
being assessed may adversely affect the impartiality of the assessment. 
This definition encompasses the validation firm as an entity, as well 
as the individuals of the firm who will be conducting, or assisting in 
conducting, the assessment, and their immediate family members. This 
definition is derived in part from the Government Auditing Standards 
established by the Government Accountability Office (GAO) for ensuring 
that Government auditors or their employees do not have business or 
personal impairments that would interfere with their ability to 
maintain their independence. See GAO, Government Auditing Standards 
(July 2007), ch. 3. The definition is also derived, in part, from the 
post-governmental employment restrictions applicable to Federal 
employees.
    The definition of ``conflict of interest'' in Sec.  1522.1(b) 
contains several examples. It includes examples of conflict-of-interest 
situations applicable to a validation firm as an entity, such as 
parent-subsidiary relationships and common management or organizational 
governance (for example, interlocking boards of directors). It also 
includes an example of a conflict of interest situation in which the 
validation firm, or validator, or the individual assisting the 
validator, or his or her immediate family member as an individual, is a 
creditor or debtor of the person being assessed. It also lists examples 
of conflicts of interest related to financial interests, such as 
investments in debt and equity, in the person being assessed.
    The other examples of conflict of interest in the definition 
address situations in which the validator or an individual assisting 
the validator, or his or her immediate family member, is a former 
employee, officer, or contractor including a consultant of the person 
being assessed. If the former duties and responsibilities of the 
validator or individual assisting the validator involved the operations 
or functions to be assessed, he or she has a permanent conflict of 
interest; such an individual may never conduct or assist in conducting 
an assessment of an operation or function with respect to which he or 
she had duties or responsibilities. If the former duties and 
responsibilities of the validator or individual assisting the validator 
did not involve the operations or functions to be assessed, he or she 
must observe a two-year ``cooling-off period'' during which he or she 
may not conduct assessments of his or her former employer. These 
concepts are consistent with the post-employment restrictions 
applicable to governmental employees found at 18 U.S.C. 207. 
Individuals who are former employees of the person being assessed who 
will not be conducting or assisting in the assessment do not create a 
conflict of interest if they are segregated from the assessment work.
Section 1522.3--Fraud and Intentional Falsification of Records
    Section 1522.3 includes provisions that prohibit any person, 
whether the validation firm, the validator, or another individual, from 
making or providing any fraudulent or intentionally false statements, 
reports, records, access mediums, or identification. The same 
prohibitions apply to persons regulated under TSA's Civil Aviation 
Security regulations; see 49 CFR 1540.103, on which this section is 
based. Any intentional falsification or fraud may constitute a basis 
for TSA to withdraw the validator's approval. In addition, any 
intentional falsification or fraud may constitute a violation of 
certain criminal laws such as 18 U.S.C. 1001. In appropriate cases TSA 
will refer potential criminal violations to the U.S. Attorney for 
investigation.
Section 1522.5--TSA Inspection Authority
    Section 1522.5 sets out TSA's broad authority to inspect a 
validation firm

[[Page 47678]]

and a validator, including on-site inspections and the copying of 
records. TSA needs such broad authority to perform its role in 
monitoring compliance with this part. Paragraph (a) requires each 
validation firm to allow TSA to enter the facility to make inspections 
or tests, including copying records. A validation firm's operations are 
unlikely to give rise to the kinds of emergencies that would require 
after-hours inspections, so this paragraph only refers to TSA 
inspections during normal business hours. This paragraph also provides 
that the inspection may be without advance notice. While TSA expects 
often to provide advance notice of an inspection, we must have the 
ability to do so unannounced to verify compliance by the validation 
firm and its personnel and to otherwise assess security. The 
inspections referred to in paragraph (a) include inspections for 
compliance with the statute and TSA rules, and includes inspections 
that TSA may make to carry out duties assigned to TSA in 49 U.S.C. 
114(f), as set out in Sec.  1522.5(a)(2).
    Section 1522.5(b) provides that at the request of TSA each 
validation firm and validator must provide evidence of compliance with 
the TSA regulations, which are located in 49 CFR chapter XII, including 
parts 1500-1699. This may include providing records to TSA or other 
evidence to show compliance. Paragraph (c) provides that TSA and DHS 
officials working with TSA may conduct inspections without access media 
issued or approved by a validation firm or other person. This is to 
facilitate the inspection process and make it possible for TSA to 
conduct unannounced inspections. It is based on a similar provision in 
Sec.  1542.5(e) that applies to airport operators. Taken as a whole, 
this section will allow TSA to evaluate the validation firm's and the 
validator's respective performance, and to evaluate the reliability of 
the validator's assessments.
Section 1522.101--Applicability
    Subpart B, which begins at Sec.  1522.101, applies specifically to 
the use of TSA-approved validation firms and validators in the context 
of the CCSP. Each facility that seeks to be a CCSF will need to engage 
a validation firm to assess whether that facility complies with the 
security program that TSA requires under 49 CFR 1549.5.
Section 1522.103--Requirements for Validation Firms
    Section 1522.103 establishes the general requirements for 
validation firms. Paragraph (a) states the fundamental requirement, 
which is that the firm must have the necessary facilities, resources, 
and personnel to conduct assessments. Among other things, this 
requirement entails the demonstrated capability to define, execute, and 
document standardized business processes. The validation firm must also 
demonstrate its capability to hire and train personnel to perform 
operations similar to the assessments required under this subpart and 
part 1549. The purpose of this requirement is to establish a basis on 
which TSA may evaluate whether a firm has the experience and 
capabilities to perform as a validation firm.
    Paragraph (b) provides that each validation firm must have a 
Security Coordinator and one or more alternates. This provision is 
based on the concept of Security Coordinator for IACs as implemented in 
49 CFR 1548.13. These individuals must be senior officers or employees 
to ensure that they have the authority necessary to fulfill their 
functions. They serve as the validation firm's primary point of contact 
with TSA on security-related matters. Because a validation firm has a 
support (as opposed to an operational) role in the certified cargo 
security program, the Security Coordinator or an alternate must be 
available during regular business hours (rather than on a 24-hour 
basis). Also, the Security Coordinator and alternates bear the 
responsibility of immediately initiating corrective action if the firm 
discovers an instance of non-compliance with any applicable TSA 
security requirement. These requirements ensure that each validation 
firm has at least one readily available and accountable individual with 
adequate authority to monitor security-related matters.
    Under paragraph (c) of Sec.  1522.103, the validation firm must 
hold and carry out a TSA-approved security program. This topic is 
covered in more detail in the discussion of Sec.  1522.105, below.
    Paragraph (d) of Sec.  1522.103 imposes an affirmative obligation 
on the validation firm to ensure that its personnel carry out the 
requirements of TSA's regulations and the security program. 
``Personnel'' includes direct employees, contractors, agents, and other 
persons acting on behalf of the validation firm.
    Finally, paragraph (e) requires the validation firm to notify TSA 
of all pertinent changes in information that the validation firm must 
submit to TSA. Examples of such information include changes of address, 
changes in the identity of the Security Coordinator or alternates, and 
significant changes in the ownership of the firm. A significant change 
in the ownership would include, for example, acquisition of the firm by 
another business entity, or the form of the firm's organization, for 
example, incorporation. It would not include a minor change in the 
identity of shareholders.
Section 1522.105--Adoption and Implementation of the Security Program
    Paragraph (a) of Sec.  1522.105 provides that a validation firm 
must hold and carry out an approved security program in order to 
operate as a validation firm. Paragraph (b) outlines the requirements 
for the content of the validation firm standard security program. These 
requirements are generally consistent with the similar requirement for 
IACs in part 1548.
    Paragraph (b)(1) states the fundamental purpose of the security 
program, which is to provide for the security of aircraft and protect 
against threats to air security. Paragraph (b)(1) thus establishes that 
validation firms, even though they serve a supporting role, are 
important components in the overall certified cargo security program.
    Key among these requirements for security programs is that the 
programs must specify the processes and procedures that the firm will 
use to maintain the qualifications of its validators and its personnel 
assisting validators with assessments. This is important, because the 
quality of the validation firm's operational performance depends 
primarily on the expertise of its personnel, especially the validators. 
Thus, the security program must describe in detail how the validation 
firm will maintain the current qualifications, accreditations, 
credentials, training, and STAs for its relevant personnel.
    The security program must also include provisions for a Security 
Coordinator, as well as for setting managerial responsibilities for 
ensuring that the firm's personnel carry out their responsibilities 
under TSA regulations and the security program.
    Paragraph (c) of Sec.  1522.105 sets out procedures by which an 
applicant or a validation firm may request amendments to a security 
program. Paragraph (d) sets out the process by which TSA will initiate 
amendment of a security program. Paragraph (e) covers emergency 
amendments, which TSA may make without prior notice and which take 
effect immediately. The provisions of paragraphs (c), (d), and (e) are 
analogous to similar provisions relating to IAC security programs (49 
CFR 1548.7), which provides that TSA may issue emergency amendments to 
aircraft operators if there is an emergency requiring immediate action

[[Page 47679]]

with respect to safety in air transportation or in air commerce that 
makes procedures in Sec.  1522.105 contrary to the public interest; 
such provisions establish an orderly process for revising security 
programs when circumstances change. Similar provisions exist in 49 CFR 
1542.105(d) (airport operators), 1544.105(d) (aircraft operators), 
1546.105(d) (foreign air carriers), and 1548.7(e) (indirect air 
carriers). Paragraph (f), parallel with 49 CFR 1548.5(d), provides 
basic requirements on availability of the security program to the 
firm's personnel and to TSA and requires measures to protect it as SSI.
Section 1522.107--Application
    Section 1522.107 sets out the procedures by which a firm may apply 
for approval to operate as a validation firm. TSA will prescribe the 
form and manner of the application, which must be in writing and 
submitted at least 90 days in advance.
    Paragraph (a) enumerates the required items that applicants must 
include in their applications. Among other items, applicants must 
include a statement declaring whether the applicant is a small 
business; the collection of this information assists TSA in developing 
appropriate civil penalty formulas.
    Paragraph (b) of Sec.  1522.107 discusses the next step in the 
application process. After TSA receives the initial application 
specified in paragraph (a), and after the applicant's Security 
Coordinator has successfully completed a STA, TSA will send the 
validation firm, via the Security Coordinator, a copy of the Validation 
Firm Standard Security Program. TSA anticipates that all information 
will be sent to participants via electronic means in a password 
protected mode. TSA also plans to develop a secure Web address that 
will be available to the participating validation firms to obtain 
copies of the security program. The validation firm must also submit a 
supplement to its security plan that specifies processes and procedures 
that the firm will use to maintain the qualification of its validators 
and its personnel assisting validators with assessments to the 
designated TSA official for approval. This provision establishes a 
baseline of standardization, while allowing for flexibility in 
appropriate circumstances. TSA will seek comment on the validation firm 
security program from applicants as part of the application process. 
Thereafter, any approved validation firm may request amendments to its 
security program.
Section 1522.109--TSA Review and Approval
    Paragraph (a) of Sec.  1522.109 lists the criteria that TSA will 
employ in reviewing an application submitted under Sec.  1522.107. As 
provided in paragraph (b), TSA will approve or disapprove the 
application based on these criteria. In either case, TSA will provide 
written notice to the applicant. In the case of an approval, TSA may 
approve or require modifications to the security program applicable to 
the applicant. The validation firm will also demonstrate to TSA how the 
validators employed by the firm will meet TSA qualifications. In the 
case of a disapproval, TSA will state the basis for the disapproval in 
writing.
    Under paragraphs (b)(1) and (2), a validation firm may commence 
operations only after it receives approval of its security program and 
approval to operate as a validation firm, and after the relevant 
personnel have completed all required training and STAs. These 
paragraphs make it clear that the validation firm must satisfy all of 
these elements before the validation firm may conduct assessments.
    As provided in paragraph (c), the duration of an approval granted 
under this section is 12 months.
    The following table demonstrates the certification and training 
cycles for CCSFs and validation firms.

----------------------------------------------------------------------------------------------------------------
                                     IAC operating
                                      certificate       Validation firm
                                       (renewal       operating approval     Certification    Recurrent training
                                     application)
----------------------------------------------------------------------------------------------------------------
Shipper/CCSF....................  N/A...............  N/A...............  Every three years.  Annually.
IAC/CCSF........................  Annually..........  N/A...............  Every three years.  Annually.
Validation Firm/Validator.......  N/A...............  Annually..........  N/A...............  Annually.
----------------------------------------------------------------------------------------------------------------

Section 1522.111--Reconsideration of Disapproval of an Application
    Section 1522.111 describes the review and petition process for 
TSA's reconsideration of disapproval of the validator's application. If 
an applicant challenges the disapproval, the applicant must submit a 
written petition for reconsideration within 30 days of receipt of the 
notice of disapproval. The petition must include a statement, with 
supporting documentation, explaining why the applicant believes the 
application meets the criteria of Sec.  1522.103. Reconsideration may 
result in confirmation of the disapproval or in an approval. 
Disposition pursuant to this section constitutes a final agency action 
for purposes of review under 49 U.S.C. 46110.
Section 1522.113--Withdrawal of Approval
    Section 1522.113 establishes procedures by which TSA may withdraw a 
previously-granted approval of a validation firm. This may occur if the 
validation firm no longer meets the qualification standards, if the 
validation firm fails to conduct assessments in compliance with TSA's 
requirements, or if withdrawal is in the interest of security or the 
public. 49 CFR 1522.113(a). If TSA withdraws a validation firm's 
approval, the validation firm must immediately stop performing any and 
all activities related to assessments. In determining whether 
withdrawal is appropriate, TSA considers the number, frequency, and 
severity of security violations committed by a regulated party. If TSA 
determines withdrawal is appropriate, TSA will remove the validation 
firm from the list of approved validation firms.
    Under paragraph (b) of Sec.  1522.113, TSA will provide the 
validation firm with a written notice of proposed withdrawal of 
approval that will include a statement of the basis for the proposed 
withdrawal of approval. Paragraph (c) provides for immediate withdrawal 
of approval in emergency circumstances. Upon receipt of a notice of 
emergency withdrawal under paragraph (c), the validation firm must 
immediately stop performing assessments, and must discontinue any 
assessments in progress. Paragraphs (d) and (e) provide a 
reconsideration procedure that may result in confirmation of the 
withdrawal of approval or in a decision to allow the validation to 
retain (or regain) its approval. Disposition pursuant to this section 
constitutes a final agency action

[[Page 47680]]

for purposes of review under 49 U.S.C. 46110.
Section 1522.115--Review of TSA Approval
    It is important that validation firms meet TSA's standards both 
before and after they begin performing validations. TSA will actively 
monitor validations through a process of initial and recurrent reviews. 
Approved validation firms must apply for renewal of approval annually. 
During these reviews, TSA will examine, among other things, whether the 
validation firm's personnel have received required training and whether 
the relevant personnel have maintained the required accreditations and/
or certifications. The review will also focus on the firm's compliance 
with part 1522 and with its security program.
Section 1522.117--Qualifications for Validators
    Section 1522.117 prescribes the necessary qualifications for 
individuals selected by validation firms to serve as validators for 
particular assessments. The requirements establish minimum levels of 
expertise and experience that an individual must have before he or she 
may be employed as a validator. As explained in the discussion of Sec.  
1522.123 below, a properly qualified validator must be directly 
responsible for the conduct of each assessment. A validation firm may 
assign an individual to be a validator with direct responsibility for 
an assessment only if the individual meets the qualifications specified 
in Sec.  1522.117(a)(1)-(5) described below. The validation firm will 
be responsible for determining whether an individual has the 
appropriate qualifications to serve as a validator, and TSA will 
inspect for compliance with these requirements.
    Pursuant to paragraph (a)(1) of Sec.  1522.117, an individual must 
be a U.S. citizen or national, or be an alien lawfully admitted to the 
United States as a Lawful Permanent Resident (LPR) in order to function 
as a validator. For aliens to become LPRs (commonly referred to as 
``green card'' holders), the U.S. Government must have determined that 
they are admissible to the United States as immigrants; that 
determination requires security and criminal checks. TSA will allow 
LPRs to function as validators based on the fact that the U.S. 
Government has already performed security and criminal checks on these 
individuals.
    Validators must have extensive experience in conducting 
assessments, inspections, or audits before undertaking duties under 
this part. Paragraph (a)(2) identifies two bases on which individuals 
can establish they possess the appropriate level of experience. Under 
the first basis, he or she must have an accreditation or certification 
from an organization that TSA recognizes as qualified to certify or 
accredit a validator assessing facilities, such as certified cargo 
screening facilities, or the individual must have five years or more 
experience in conducting inspections under State or Federal regulatory 
programs in the security industry, the aviation industry, or other 
government programs. TSA will review the accreditation of a validator 
when the validation firm submits a plan to TSA demonstrating how the 
firm will ensure that the validators in the firm meet TSA 
qualifications. If a validator does not meet the accreditation 
standards, TSA may deny approval to the validation firm or may approve 
the firm but direct that the individual without the necessary 
accreditation not be used for the CCSP program.
    Examples of an organization qualified to accredit a validator would 
include the International Standards Organization and ASIS 
International. TSA will make publicly available on the TSA public Web 
site a list of acceptable accreditation or certification organizations. 
The individual must have had this experience within the past ten years. 
Under the second basis, he or she must show relevant experience and 
expertise by having been employed by a Federal or State government 
agency as an inspector, assessor, or auditor in assessment or 
inspection tasks similar to the assessments under this part. Inspectors 
for governmental agencies receive thorough training and are subject to 
rigorous qualification standards. For example, a former Department of 
Transportation safety inspector would presumably have this kind of 
experience.
    Under paragraph (a)(3), the individual must have three current 
professional references. The purpose of this requirement, which is 
related to the requirements of paragraph (a)(2), is to allow the 
validation firm and TSA to further verify the experience and expertise 
of the validator.
    The expertise and experience of the validators is a critical 
component of this program. Paragraph (a)(4) states the requirement that 
validators must understand the requirements of the program in order to 
perform their functio