link to page 1 link to page 1 link to page 1 
Updated February 14, 2020
Chemical Facility Anti-Terrorism Standards
State and federal governments have long regulated safety
Department of Energy, regulated by the Nuclear Regulatory
practices at facilities that store large amounts of hazardous
Commission, or regulated under the Maritime
chemicals to reduce the risk of harm from an accidental
Transportation Security Act of 2002 (P.L. 107-295). Any
release. In 2006, the Department of Homeland Security
non-excluded facility that possesses more than a defined
Appropriations Act, 2007 (P.L. 109-295) authorized the
threshold of any of the 322 “chemicals of interest” (6
Department of Homeland Security (DHS) to regulate
C.F.R. Part 27, Appendix A) must submit information to
security practices at chemical facilities to reduce the risk of
DHS through an online survey known as Top-Screen. DHS
terrorists triggering an intentional release or stealing
uses Top-Screen data to determine each facility’s risk level.
chemicals for use in attacks elsewhere. Congress extended
Only facilities DHS deems high risk must meet the risk-
and modified this authority through the Protecting and
based performance standards. As of December 2019,
Securing Chemical Facilities from Terrorist Attacks Act of
approximately 42,000 unique facilities had submitted Top-
2014 (P.L. 113-254). This authority is currently set to
Screen data. DHS has determined that 3,310 (<8%) of these
expire in April 2020. The Administration’s proposed
are high-risk facilities.
FY2021 budget would eliminate funding for this DHS
program.
DHS assigns each high-risk facility to one of four graduated
risk tiers (Figure 1). About 5% of the high risk facilities are
Chemical Facility Anti-Terrorism
in the highest tier, Tier 1.
Standards
In 2007, DHS promulgated the Chemical Facilities Anti-
Figure 1. CFATS Facility Risk Tier Distribution
Terrorism Standards (CFATS, 6 C.F.R. Part 27). These
regulations require certain “high-risk” chemical facilities to
meet risk-based performance standards in 18 areas (Table
1). The statute does not permit DHS to require any
particular security measure. Facilities may implement any
security program or process that adequately meets the
requisite performance level for its risk level.
Each covered facility must meet standards based on its
specific risk, i.e., higher risk facilities must meet more
stringent standards than lower risk facilities.
Table 1. CFATS Risk-Based Performance Standards
Restrict Area
Monitoring
Perimeter
Training
Secure Site Assets
Personnel Surety
Screen and Control
Elevated Threats
Access
Specific Threats,
Deter, Detect, and
Vulnerabilities, or Risks
Source: CRS analysis of DHS data, January 2020.
Delay
Each covered facility must prepare and submit a Security
Reporting of Significant
Shipping, Receipt, and
Vulnerability Assessment that describes its vulnerability to
Security Incidents
Storage
DHS-defined attack scenarios and a Site Security Plan that
Significant Security
details how the facility will meet each of the 18 risk-based
Theft and Diversion
Incidents and Suspicious
performance standards appropriate for its risk tier.
Sabotage
Activities
Following evaluation of the Site Security Plan and an on-
Cyber
Officials and Organization
site authorization inspection, DHS may issue a letter of
approval. The approved facilities must implement the Site
Response
Records
Security Plan and conduct annual implementation audits.
Source: 6 C.F.R. §27.230
DHS inspects each covered site every two years.
Covered Facilities
Potential Reauthorization Issues
Most chemical facilities do not have to meet these
The 116th Congress is considering whether the CFATS
standards. The statute specifically excludes all facilities
authority should be reauthorized, modified, or allowed to
defined as a water system or waste water treatment works,
expire. The Administration’s FY2021 budget proposes
owned or operated by the Department of Defense or
eliminating funding for the CFATS program.
https://crsreports.congress.gov
Chemical Facility Anti-Terrorism Standards
Congress may consider whether the CFATS and associated
included in the statute. Similar proposals are likely to be
regulations appropriately balance homeland security and
considered during any reauthorization debate. Some of the
stakeholder needs. Congress may also consider how well
past criticism of a proposed statutory requirement to adopt
DHS has implemented the program and whether the
inherently safer technology focused on the difficulty the
implementation is aligned with current congressional intent.
government would have determining useful requirements
that could feasibly be applied given the complicated context
If Congress decides to reauthorize, it may also consider
of each facility and process.
modifying aspects of the program.
Even without a legal requirement, hundreds of facilities
Reauthorization
have adopted changes to move from regulated to non-
According to industry groups, complying with this program
regulated status or to lower their high-risk tier. DHS has
imposes significant costs on regulated facilities.
identified some common approaches that these facilities
Additionally, DHS spends approximately $70 million
have adopted and has disseminated information about these
annually implementing CFATS. Congress might decide that
practices to the regulated community. Regulated and
these costs outweigh the benefits and allow the CFATS
potentially regulated facilities can factor in this information
program to end. Although this would lower the recurring
when determining the potential costs and benefits of such
costs of compliance for the currently regulated facilities, it
practices in the context of their individual security, safety,
would not affect the sunk costs for changes to processes and
efficiency, and other business needs.
security infrastructure that facilities have already spent to
come into initial compliance. Those costs and process
Options for congressional consideration include requiring
changes might place formerly regulated facilities at a
DHS to establish inherently safer technology standards;
competitive disadvantage to facilities entering the market
codifying DHS’s current practice of disseminating lessons
after the CFATS program ends.
learned; or continuing to allow DHS the discretion to
continue or change its programs as it sees fit.
Make Authority Permanent?
Congress specifically established a termination date for this
Legislation
program when it codified the previously existing DHS
The House Committee on Homeland Security reported the
CFATS program through the Protecting and Securing
Protecting and Securing Chemical Facilities from Terrorist
Chemical Facilities from Terrorist Attacks Act of 2014
Attacks Act of 2019 (H.R. 3256) on December 12, 2019
(P.L. 113-254). Additionally, the 116th Congress decided to
(H.Rept. 116-341). As reported, this bill would, among
maintain a termination date when it enacted the Chemical
other provisions
Facility Anti-Terrorism Standards Program Extension Act
(H.R. 251) to extend the program to April 2020. Including a
reauthorize CFATS until May 1, 2025,
termination date in a reauthorization of the program would
require a future Congress to make an affirmative decision
require DHS to verify facility-submitted information
that the program is worthy of continuance. However,
before lowering risk tier,
retaining a termination date might also increase uncertainty
for the regulated community.
increase requirements for facility employee input in
vulnerability assessments and security plans,
Modify Exclusions?
The current statute exempts some public water systems and
increase requirements for facility communication with
waste water treatment works from CFATS regulations. In
local emergency responders,
2019, DHS estimated that this exempted more than 9,700
high-risk facilities and represented a critical gap in CFATS
eliminate the expedited approval plan program that
coverage. Lifting this exclusion could nearly quadruple the
allowed tier 3 and 4 facilities to adopt DHS-prescribed
number of regulated facilities.
measures instead of developing individual security
plans,
Representatives of the water sector have previously asserted
that their role in public health and safety could make
require DHS to collect and disseminate common
sanctions under CFATS counterproductive. They cite, for
security practices facilities use to lower risk,
example, loss of public sanitation, potable water, and fire
protection if DHS ordered a water or waste water utility to
authorize exemption of specific products or mixtures
cease operations for security reasons or failure to comply
DHS deems to pose no security threat,
with the CFATS regulations.
create the Chemical Security Advisory Committee to
Inherently Safer Technologies
advise DHS on CFATS implementation, and
The term inherently safer technologies refers to the concept
of chemical facilities lowering risk by making changes such
require an independent assessment of the national
as switching to non-CFATS regulated chemicals, or using
security effects of the statutory facility exclusions.
lower concentrations or amounts of regulated chemicals.
Proposals that would have required chemical facilities to
Frank Gottron, Specialist in Science and Technology
adopt inherently safer technologies were debated during
Policy
previous congressional CFATS consideration, but were not
https://crsreports.congress.gov
Chemical Facility Anti-Terrorism Standards
IF10853
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to
congressional committees and Members of Congress. It operates solely at the behest of and under the direction of Congress.
Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has
been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as a work of the
United States Government, are not subject to copyright protection in the United States. Any CRS Report may be
reproduced and distributed in its entirety without permission from CRS. However, as a CRS Report may include
copyrighted images or material from a third party, you may need to obtain the permission of the copyright holder if you
wish to copy or otherwise use copyrighted material.
https://crsreports.congress.gov | IF10853 · VERSION 6 · UPDATED