View Rule

View EO 12866 Meetings Printer-Friendly Version     Download RIN Data in XML

DHS/CISA RIN: 1670-AA01 Publication ID: Fall 2022 
Title: Chemical Facility Anti-Terrorism Standards (CFATS)  

The Cybersecurity and Infrastructure Security Agency (CISA) previously invited public comment on an Advance Notice of Proposed Rulemaking (ANPRM) during August 2014 for potential revisions to the Chemical Facility Anti-Terrorism Standards (CFATS) regulations. The ANPRM provided an opportunity for the public to provide recommendations for possible program changes. In June 2020, CISA published for public comment a retrospective analysis of the CFATS program. And in January 2021, CISA invited additional public comment through an ANPRM concerning the removal of certain explosive chemicals from CFATS. CISA intends to address many of the subjects raised in both ANPRMs and the retrospective analysis in this regulatory action, including potential updates to CFATS cybersecurity requirements and Appendix A to the CFATS regulations.

Agency: Department of Homeland Security(DHS)  Priority: Other Significant 
RIN Status: Previously published in the Unified Agenda Agenda Stage of Rulemaking: Proposed Rule Stage 
Major: No  Unfunded Mandates: No 
CFR Citation: 6 CFR 27   
Legal Authority: 6 U.S.C. 621 to 629   
Legal Deadline:  None

Statement of Need:

The Chemical Facility Anti-Terrorism Standards (CFATS) program regulates facilities possessing large quantities of dangerous chemicals. The particular chemicals listed and threshold quantities were established in 2007, and were based on EPA’s threshold quantities for Hazardous Substances published under its Release Management Program. In the 15 years since implementation of the program, CISA has gained extensive experience in analyzing chemical holdings and determining which facilities should be classified as high-risk and subject to further regulation. Given its experience, CISA has determined that it should adjust its list of regulated chemicals, threshold quantities, and counting methods to better reflect the security issues implicated by these chemicals. Additionally, CISA believes that the CFATS security performance guidelines, first issued in 2009, should be updated to better reflect lessons learned over the past decade, including substantially updating the guidelines for cybersecurity performance metrics.

Summary of the Legal Basis:

This regulation is authorized pursuant to 6 U.S.C. 621 et seq.


CISA considered an alternative version of this NPRM where we updated only the performance guidance but not the chemical listings. Additionally, we considered an alternative version where changes to certain toxic chemical listings were omitted.

Anticipated Costs and Benefits:

CISA is developing the cost and benefits estimates for this rulemaking.

Action Date FR Cite
ANPRM  08/18/2014  79 FR 48693   
ANPRM Comment Period End  10/17/2014 
ANPRM  01/06/2021  86 FR 495   
Announcement of Availability; Retrospective Analysis  06/22/2020  85 FR 37393   
Announcement of Availability; Retrospective Analysis Comment Period End  09/21/2020 
NPRM  05/00/2023 
Regulatory Flexibility Analysis Required: Yes  Government Levels Affected: Federal, Local, State 
Small Entities Affected: Businesses  Federalism: No 
Included in the Regulatory Plan: Yes 
RIN Information URL:   Public Comment URL:  
RIN Data Printed in the FR: Yes 
Related RINs: Previously reported as 1601-AA69, Merged with 1670-AA03 
Agency Contact:
Ryan Donaghy
Deputy Branch Chief for Chemical Security Policy, Rulemaking, and Engagement
Department of Homeland Security
Cybersecurity and Infrastructure Security Agency
245 Murray Lane SW, Mail Stop 0610,
Arlington, VA 20528
Phone:571 532-4127