[Federal Register: October 30, 2008 (Volume 73, Number 211)]
[Proposed Rules]
[Page 64789-64855]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr30oc08-23]
[[Page 64789]]
-----------------------------------------------------------------------
Part III
Department of Homeland Security
-----------------------------------------------------------------------
Transportation Security Administration
-----------------------------------------------------------------------
49 CFR Parts 1515, 1520, et al.
Large Aircraft Security Program, Other Aircraft Operator Security
Program, and Airport Operator Security Program; Proposed Rule
[[Page 64790]]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Transportation Security Administration
49 CFR Parts 1515, 1520, 1522, 1540, 1542, 1544, and 1550
[Docket No. TSA-2008-0021]
RIN 1652-AA53
Large Aircraft Security Program, Other Aircraft Operator Security
Program, and Airport Operator Security Program
AGENCY: Transportation Security Administration, DHS.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: The Transportation Security Administration (TSA) proposes to
amend current aviation transportation security regulations to enhance
the security of general aviation by expanding the scope of current
requirements and by adding new requirements for certain large aircraft
operators and airports serving those aircraft. TSA is proposing to
require that all aircraft operations, including corporate and private
operations, with aircraft with a maximum certificated takeoff weight
(MTOW) above 12,500 pounds (``large aircraft'') adopt a large aircraft
security program (LASP). This security program would be based on the
current security program that applies to operators providing scheduled
or charter services.
TSA also proposes to require large aircraft operators to contract
with TSA-approved auditors to conduct audits of the operators'
compliance with their security programs and with TSA-approved watch-
list service providers to verify that their passengers are not on the
No Fly and/or Selectee portions of the consolidated terrorist watch-
list maintained by the Federal Government. This proposed rule describes
the process and criteria under which auditors and companies that
perform watch-list matching would obtain TSA approval.
TSA also proposes further security measures for large aircraft
operators in all-cargo operations and for operators of passenger
aircraft with a MTOW of over 45,500 kilograms (100,309.3 pounds),
operated for compensation or hire. TSA also proposes to require that
certain airports that serve large aircraft adopt security programs and
amend the security program for full program and full all-cargo
operators.
DATES: Submit comments by December 29, 2008.
ADDRESSES: You may submit comments, identified by the TSA docket number
to this rulemaking, to the Federal Docket Management System (FDMS), a
government-wide, electronic docket management system, using any one of
the following methods:
Electronically: You may submit comments through the Federal
eRulemaking portal at http://www.regulations.gov. Follow the online
instructions for submitting comments.
Mail, In Person, or Fax: Address, hand-deliver, or fax your written
comments to the Docket Management Facility, U.S. Department of
Transportation, 1200 New Jersey Avenue, SE., West Building Ground
Floor, Room W12-140, Washington, DC 20590-0001; Fax 202-493-2251. The
Department of Transportation (DOT), which maintains and processes TSA's
official regulatory dockets, will scan the submission and post it to
FDMS.
See SUPPLEMENTARY INFORMATION for format and other information
about comment submissions.
FOR FURTHER INFORMATION CONTACT: For program questions: Erik Jensen,
Branch Chief--Policy, Plans & Stakeholder Affairs, Office of General
Aviation, TSNM, TSA-28, Transportation Security Administration, 601
South 12th Street, Arlington, VA 22202-4220; telephone (571) 227-2401;
facsimile (571) 227-2920; e-mail LASP@dhs.gov.
For questions regarding Sensitive Security Information (SSI):
Andrew Colsky, Director, SSI Office, Office of the Special Counselor
(OSC), TSA-31, Transportation Security Administration, 601 South 12th
Street, Arlington, VA 22202-4220; telephone (571) 227-3513; facsimile
(571) 227-2945; e-mail SSI@dhs.gov.
SUPPLEMENTARY INFORMATION:
Comments Invited
TSA invites interested persons to participate in this rulemaking by
submitting written comments, data, or views. We also invite comments
relating to the economic, environmental, energy, or federalism impacts
that might result from this rulemaking action. See ADDRESSES above for
information on where to submit comments.
With each comment, please identify the docket number at the
beginning of your comments. TSA encourages commenters to provide their
names and addresses. The most helpful comments reference a specific
portion of the rulemaking, explain the reason for any recommended
change, and include supporting data. You may submit comments and
material electronically, in person, by mail, or fax as provided under
ADDRESSES, but please submit your comments and material by only one
means. If you submit comments by mail or delivery, submit them in an
unbound format, no larger than 8.5 by 11 inches, suitable for copying
and electronic filing.
If you want TSA to acknowledge receipt of comments submitted by
mail, include with your comments a self-addressed, stamped postcard on
which the docket number appears. We will stamp the date on the postcard
and mail it to you.
TSA will file in the public docket all comments received by TSA,
except for comments containing confidential information and Sensitive
Security Information (SSI).\1\ TSA will consider all comments received
on or before the closing date for comments and will consider comments
filed late to the extent practicable. The docket is available for
public inspection before and after the comment closing date.
---------------------------------------------------------------------------
\1\ ``Sensitive Security Information'' or ``SSI'' is information
obtained or developed in the conduct of security activities, the
disclosure of which would constitute an unwarranted invasion of
privacy, reveal trade secrets or privileged or confidential
information, or be detrimental to the security of transportation.
The protection of SSI is governed by 49 CFR part 1520.
---------------------------------------------------------------------------
Handling of Confidential or Proprietary Information and Sensitive
Security Information (SSI) Submitted in Public Comments
Do not submit comments that include trade secrets, confidential
commercial, or financial information, or SSI to the public regulatory
docket. Please submit such comments separately from other comments on
the rulemaking. Comments containing this type of information should be
appropriately marked as containing such information and submitted by
mail to the address listed in FOR FURTHER INFORMATION CONTACT section.
Upon receipt of such comments, TSA will not place the comments in
the public docket and will handle them in accordance with applicable
safeguards and restrictions on access. TSA will hold them in a separate
file to which the public does not have access, and place a note in the
public docket that TSA has received such materials from the commenter.
If TSA receives a request to examine or copy this information, TSA will
treat it as any other request under the Freedom of Information Act
(FOIA) (5 U.S.C. 552) and the Department of Homeland Security's (DHS)
FOIA regulation found in 6 CFR part 5.
Reviewing Comments in the Docket
Please be aware that anyone is able to search the electronic form
of all comments received into any of our
[[Page 64791]]
dockets by the name of the individual submitting the comment (or
signing the comment, if submitted on behalf of an association,
business, labor union, etc.). You may review the applicable Privacy Act
Statement published in the Federal Register on April 11, 2000 (65 FR
19477), or you may visit http://docketinfo.gov.
You may review TSA's electronic public docket on the Internet at
http://www.regulations.gov. In addition, DOT's Docket Management
Facility provides a physical facility, staff, equipment, and assistance
to the public. To obtain assistance or to review comments in TSA's
public docket, you may visit this facility between 9 a.m. 5 p.m.,
Monday through Friday, excluding legal holidays, or call (202) 366-
9826. This docket operations facility is located in the West Building
Ground Floor, Room W12-140 at 1200 New Jersey Avenue, SE., Washington,
DC 20590.
Availability of Rulemaking Document
You can get an electronic copy using the Internet by--
(1) Searching the electronic Federal Docket Management System
(FDMS) Web page at http://www.regulations.gov;
(2) Accessing the Government Printing Office's web page at http://
www.gpoaccess.gov/fr/index.html; or
(3) Visiting TSA's Security Regulations web page at http://
www.tsa.gov and accessing the link for ``Research Center'' at the top
of the page.
In addition, copies are available by writing or calling the
individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to
identify the docket number of this rulemaking.
Abbreviations and Terms Used in This Document
AICPA--American Institute of Certified Public Accountants
ALJ--Administrative Law Judge
AOSC--Aircraft Operator Security Coordinator
AOSSP--Aircraft Operator Standard Security Program
ATSA--Aviation and Transportation Security Act
CFR--Code of Federal Regulations
CHRC--Criminal History Records Check
CJIS--Criminal Justice Information Services
CBP--U.S. Customs and Border Protection
DHS--U.S. Department of Homeland Security
FAMs--Federal Air Marshals
FAA--Federal Aviation Administration
FACAOSSP--Full All-Cargo Aircraft Operator Standard Security Program
FBI--Federal Bureau of Investigation
FISMA--Federal Information Security Management Act
GA--General Aviation
HME--Hazardous Materials Endorsement
IPA--Independent Public Accounting firm
IT--Information Technology
LASP--Large Aircraft Security Program
LEO--Law Enforcement Officer
MTOW--Maximum Certificated Take-Off Weight
NIST--National Institute of Standards and Technology
PPSSP--Partial Program Standard Security Program
PCSSP--Private Charter Standard Security Program
SSI--Sensitive Security Information
STA--Security Threat Assessment
TSC--Terrorist Screening Center
TSA--Transportation Security Administration
TWIC--Transportation Worker Identification Credential
TFSSP--Twelve-Five Standard Security Program
Outline of the Notice of Proposed Rulemaking
I. Introduction
A. Current Standard Security Programs
B. Current Security Programs for Large Aircraft
C. Implementation and Compliance Schedule
II. Major Proposed Elements in This NPRM
A. Major Requirements in the Proposed Large Aircraft Security
Program
B. Proposed Requirements for Certain Airports
C. Passenger Checking Against the Watch-list
D. Third-Party Audits for Large Aircraft Operators
E. Proposed Amendments to the Full Program and the Full All-
Cargo Program
III. Section-by-Section Analysis
IV. Regulatory Requirements
A. Paperwork Reduction Act
B. Regulatory Impact Analyses
1. Regulatory Evaluation Summary
2. Executive Order 12866 Assessment
3. Regulatory Flexibility Act Assessment
4. International Trade Impact Assessment
5. Unfunded Mandates Assessment
C. Executive Order 13132, Federalism
D. Environmental Analysis
E. Energy Impact Analysis
List of Subjects
The Proposed Amendments
I. Introduction
The aviation industry is composed of thousands of operators that
conduct different types of operations in numerous different types of
aircraft. Many aircraft operators are air carriers or commercial
operators that offer transportation to the public for compensation or
hire. Others are general aviation (GA) operators that do not offer
transportation to the public. These operators often are corporate or
private owners of aircraft that operate their aircraft for their own
use or provide transportation for compensation or hire only to certain
customers without offering transportation to the public in general.\2\
---------------------------------------------------------------------------
\2\ There is no statutory or regulatory definition of ``general
aviation.'' For the purposes of this NPRM, we use the term to refer
to aircraft operations that are not air carriers or commercial,
governmental or military operators.
---------------------------------------------------------------------------
To date, the Federal Government's primary focus with regard to
aviation security has been on air carriers and commercial operators
that offer transportation for compensation or hire to the public. TSA
requires these carriers and operators to develop and operate under a
particular security program depending on the precise nature of their
operations. A security program is a set of security procedures that
will meet the requirements of applicable TSA regulations. For example,
a security program would include specific measures to screen cargo, to
transport Federal Air Marshals, to use personnel identification
systems, and to provide training to employees, if the operator were
subject to those requirements in TSA's regulation.
With few exceptions, TSA does not currently require security
programs for GA aircraft operators. As vulnerabilities and risks
associated with air carriers and commercial operators have been reduced
or mitigated, terrorists may view general aviation aircraft as more
vulnerable and thus attractive targets. If hijacked and used as a
missile, these aircraft would be capable of inflicting significant
damage.
The Federal Aviation Administration's (FAA) long-standing
definition of ``large aircraft'' is an aircraft with a maximum
certificated takeoff weight (MTOW) of over 12,500 pounds. See 14 CFR
1.1. Based on the aviation industry's familiarity with this definition
and TSA's belief that aircraft of this size pose a potential risk, TSA
is proposing to require security programs for all operators of
aircraft--GA or otherwise--that have a MTOW of over 12,500 pounds,
excluding certain governmental operations (collectively, ``large
aircraft operators'').\3\
---------------------------------------------------------------------------
\3\ In general, aircraft that weigh over 12,500 pounds MTOW are
those aircraft equipped with twin turboprop or turbojet engines.
Typically corporate and charter aircraft have a seating
configuration for 6-8 passengers, while similar aircraft used in
scheduled passenger service would likely have 18 or more seats.
---------------------------------------------------------------------------
Currently, TSA requires many large aircraft operators that are air
carriers or commercial operators to implement security programs such as
the Twelve-Five Security Program or the Private Charter Security
Program.\4\ TSA is
[[Page 64792]]
proposing to expand this requirement to include previously unregulated
large aircraft operators--namely, GA with a MTOW of over 12,500 pounds.
Doing so will expand the large aircraft operator population required to
have a TSA-approved security program to approximately 10,000 operators
from the approximately 650 operators today. In addition, TSA is
proposing to establish a single large aircraft security program (LASP)
to replace the various security programs used by currently regulated
large aircraft operators, such as air carriers and commercial
operators. It is TSA's view that the proposed rule would enhance
security significantly.
---------------------------------------------------------------------------
\4\ Although aircraft operators that are subject to the full
program under 49 CFR 1544.101(a), or the full all-cargo program
under Sec. 1544.101(h), operate large aircraft, TSA does not
include them in references to operators of large aircraft and large
aircraft operators for purposes of this NPRM. Full program operators
are generally known as the commercial airlines.
---------------------------------------------------------------------------
TSA recognizes that this would greatly increase the number and type
of operators subject to a TSA-approved security program. TSA invites
comments on the weight threshold of aircraft covered by this proposed
rule. For instance, parties may choose to comment on whether the
security goals discussed herein would be met if security programs were
required for GA aircraft only over some greater weight threshold. For
example, we explain below that aircraft over 45,500 kg (100,309.3
pounds) MTOW are currently covered by the ``private charter'' security
program, which includes security measures in addition to those outlined
in the ``twelve-five'' security program. Since incidents involving
heavier aircraft have the potential to lead to greater damages and loss
of life under one of the scenarios studied in our regulatory impact
analysis, we specifically solicit comment on whether this would be a
logical alternative weight threshold to consider for the increased
security requirements for general aviation. Although TSA has concluded
in this NPRM that the security benefits of the lower weight threshold
of 12,500 lbs are justified by the risk and therefore justify the
additional cost of the lower threshold, we welcome commenters' views on
that topic, as well as on the cost-benefit impact of alternate weight
thresholds.
Below is a list of the major requirements GA aircraft operators
would be required to adopt under the LASP; a more detailed discussion
of the LASP and the individual requirements is in sections II and III
of this preamble:
Ensure that their flight crew members have undergone a
fingerprint-based criminal history records check (CHRC).
Conduct watch-list matching of their passengers through
TSA-approved watch-list matching service providers.
Undergo a biennial audit of their compliance by a TSA-
approved third party auditor.
Comply with the current cargo requirements for the twelve-
five all-cargo program if conducting an all-cargo operation.
For aircraft with a MTOW of over 45,500 kilograms operated
for compensation or hire, screen passengers and their accessible
property.
Check property on board for unauthorized persons.
In addition, TSA is proposing amendments to its regulations
regarding airport security programs.\5\ TSA is proposing to require
additional airports to adopt security programs, because these airports
serve aircraft operators that either currently must carry out a
security program or would be required to have a security program under
the proposed rule. TSA proposes to require the following airports to
adopt a security program:
---------------------------------------------------------------------------
\5\ The regulations are in 49 CFR 1542.101.
---------------------------------------------------------------------------
Reliever airports, which perform the function of relieving
congestion at commercial service airports and provide more GA access to
the overall community.
Airports that regularly serve large aircraft with
scheduled or public charter service.
A. Current Aircraft Operator Security Programs
TSA requires security programs for air carriers and commercial
operators that require security measures for individuals, property, and
cargo aboard aircraft. Currently TSA requires security programs for
full program, full all-cargo, partial, private charter, and twelve-five
program operators. For full program operators,\6\ the standard security
program \7\ is called an aircraft operator standard security program
(AOSSP). For the full all-cargo program operators \8\ operating all-
cargo aircraft over 45,500 kg MTOW, the standard security program is
the full all-cargo aircraft operator standard security program
(FACAOSSP). The partial program \9\ applies to scheduled passenger or
public charter operations in an aircraft with 31 or more, but 60 or
fewer passenger seats that does not enplane from or deplane into a
sterile area. The standard security program for private charters is the
private charter standard security program.\10\ For other scheduled or
charter flights, or all-cargo operations, in an aircraft with a MTOW of
over 12,500 pounds, the standard security program is the twelve-five
standard security program.\11\
---------------------------------------------------------------------------
\6\ 49 CFR 1544.101(a).
\7\ A standard security program is a security program issued by
TSA that serves as the baseline for a particular type of operator.
An aircraft operator's security program consists of the appropriate
standard security program, together with any amendments and
alternative procedures to the security program, if approved by TSA.
\8\ 49 CFR 1544.101(h).
\9\ 49 CFR 1544.101(b).
\10\ 49 CFR 1544.101(f).
\11\ 49 CFR 1544.101(d).
---------------------------------------------------------------------------
The full program, the full all-cargo program, the partial program,
the private charter program, and the twelve-five program aircraft
operators all are covered under TSA regulations in 49 CFR part 1544.
They all must hold FAA air carrier operating certificates or FAA
operating certificates in accordance with the Federal Aviation
Administration (FAA) regulations in 14 CFR part 119.\12\ They all
engage in interstate common carriage or intrastate common carriage.\13\
TSA has also required certain operators not engaged in common carriage
to hold and carry out security programs. Operators of aircraft with a
MTOW of over 12,500 pounds must conduct operations in accordance with
the FAA rules in 14 CFR part 125 (part 125 operators).\14\ By notice
published in the Federal Register, TSA required these operators to
carry out the twelve-five standard security program for operations in
aircraft over 12,500 pounds but not over 45,500 kg, and to carry out
the private charter standard security program for operations in
aircraft over 45,500 kg.\15\ These part 125 operators conduct
operations when common carriage is not involved. They may conduct
operations for compensation or hire, however, and they may also conduct
operations not for compensation or hire.\16\
---------------------------------------------------------------------------
\12\ 49 CFR 1544.1.
\13\ 49 U.S.C. 40102 and 14 CFR 119.21.
\14\ 14 CFR 119.23.
\15\ 69 FR 61516 (Oct. 19, 2004).
\16\ 14 CFR 119.3 and 119.23. After TSA adopted the full all-
cargo program, it required part 125 operators in all-cargo
operations using aircraft over 45,500 kg to have and carry out a
full all-cargo program. See 71 FR 30478 (May 26, 2006).
---------------------------------------------------------------------------
Finally, all civil aircraft must operate under FAA regulations 14
CFR part 91, Air Traffic and General Operating Rules. These operators,
when not also subject to another FAA regulation, such as part 119 or
part 125, are often referred to in the industry as part 91 operators.
TSA generally has not required such operators to carry out security
measures.
The main objectives of the proposed rule are: (1) To merge the
partial, private charter and twelve-five programs into a large aircraft
security program and to
[[Page 64793]]
expand its scope to include general aviation operators using aircraft
with a MTOW of over 12,500 pounds; and (2) to enhance the security of
these operations.
B. Current Security Programs for Large Aircraft
Large aircraft are operated by a diverse group of air carriers,
commercial operators, and GA operators. As stated above, to date, TSA
has mandated security programs for the air carrier and commercial
operator segments of the aviation industry including scheduled
passenger operations, private charters, public charters, and all-cargo
operations in large aircraft through the twelve-five program, the
partial program, and the private charter program. With limited
exceptions, TSA has not required security programs for large aircraft
in general aviation.
Large GA aircraft are most often operated by corporate entities,
though some large GA aircraft are operated by individuals. Corporate
aviation, with a population of approximately 10,000 operators flying
15,000 aircraft, is largely unregulated for security purposes. Yet many
of these aircraft are of the same size and weight of the air carriers
and commercial operators that TSA regulates, and they could be used
effectively to commit a terrorist act. Complicating the situation is
the fact that many GA operators have the authorization to function
under several different FAA regulations and operating certificates,
which may require different TSA security programs or no TSA security
program at all.
TSA considered developing a new regulatory program to be used
solely on GA aircraft and their potential security risks. This decision
would have created yet another security program applicable to large
aircraft operators. Instead of five separate security programs that
would apply to large aircraft operators depending on the type of
service they provide, TSA is proposing one security program that would
apply to all large aircraft operators (except certain government
operations) and would replace the current security programs for partial
program operators, twelve-five program operators, and private charter
operators. The LASP would establish a consistent set of regulations for
air carriers and commercial operators, as well as GA operators using
large aircraft. Indeed, LASP would provide large aircraft operators not
covered under the full program, or the full all-cargo security program,
with one set of regulations that would form the core of their security
programs distinct to their operational and security needs.
Table 1 below identifies the different types of large aircraft
operators that currently are required to have a security program and
the major security requirements for these operators. It also identifies
the types of operators that would be subject to the new proposed LASP.
Table 1--Standard Security Programs Applicable to Aircraft Operators
--------------------------------------------------------------------------------------------------------------------------------------------------------
Would be using this
An aircraft operator that operates Must have this Currently using this standard security
this type of service, other than In this size aircraft And program standard security program under the
all-cargo program NPRM
--------------------------------------------------------------------------------------------------------------------------------------------------------
Scheduled passenger or public 61 or more passenger ...................... Full Program Sec. AOSSP................ No change.
charter passenger *. seats. 1544.101(a)(1).
Scheduled passenger or public 60 or fewer passenger It enplanes from, or Full Program Sec. AOSSP................ No change.
charter passenger *. seats. deplanes into, an 1544.101(a)(2).
existing sterile area.
Scheduled passenger or public 31 or more but 60 or It does not enplane Partial Program Sec. Partial Program Proposed LASSP ****
charter passenger *. fewer passenger seats. from, or deplane 1544.101(b)(1). Standard Security with component for
into, an existing Program (PPSSP). aircraft greater
sterile area. than 45,500 kg (if
applicable).
Scheduled, public charter, or More than 12,500 It does not enplane Twelve-Five Program Twelve-Five Standard Proposed LASSP.
private charter; passenger *. pounds MTOW. from, or deplane Sec. 1544.101(d). Security Program
into, an existing (TFSSP).
sterile area, and it
is not under a Full
Program or a Partial
Program.
Private charter *.................. Any size.............. It enplanes from, or Private Charter Private Charter Proposed LASSP with
deplanes into, an Program Sec. Standard Security component for
existing sterile area. 1544.101(f)(1)(i). Program (PCSSP). aircraft greater
than 45,500 kg (if
applicable) and
alternative
procedures for
enplaning from or
deplaning into an
existing sterile
area.
Private charter *.................. More than 45,500 kg, It does not enplane Private Charter PCSSP................ Proposed LASSP with
OR 61 or more from, or deplane Program Sec. component for
passenger seats. into, an existing 1544.101(f)(1)(ii). aircraft greater
sterile area, and it than 45,500 kg.
is not a government
charter.
Under an FAA certificate issued More than 45,500 kg It is carrying Sec. 1550.7; (69 FR PCSSP................ Proposed LASSP with
under 14 CFR part 125 **. MTOW. passengers or 61516, 10/19/2004). component for
property for aircraft greater
compensation or hire than 45,500 kg or 61
and is not under or more seats.
another TSA security
program.
[[Page 64794]]
Under an FAA certificate issued 61 or more passenger It is carrying Sec. 1550.7; (69 FR PCSSP................ Proposed LASSP with
under 14 CFR part 125 **. seats. passengers or 61516, 10/19/2004). component for
property for aircraft greater
compensation or hire than 45,500 kg or 61
and is not under or more seats.
another TSA security
program.
Under an FAA certificate issued More than 45,500 kg It is not carrying Sec. 1550.7; (69 FR PCSSP................ Proposed LASSP.
under 14 CFR part 125 **. MTOW. passengers or 61516, 10/19/2004).
property for
compensation or hire
and not under another
TSA security program.
Under an FAA certificate issued 61 or more passenger It is not carrying Sec. 1550.7; (69 FR PCSSP................ Proposed LASSP.
under 14 CFR part 125 **. seats. passengers or 61516, 10/19/2004).
property for
compensation or hire
and not under another
TSA security program.
Under an FAA certificate issued More than 12,500 It is not under Sec. 1550.7........ TFSSP................ Proposed LASSP.
under 14 CFR part 125 **. pounds MTOW. another TSA security
program.
Operating under 14 CFR part 91 only More than 12,500 It enplanes from, or General Aviation No standard program.. Proposed LASSP with
**. pounds. deplanes into, an Operations using a alternative
existing sterile area. sterile area Sec. procedures for
1550.5. enplaning from or
deplaning into an
existing sterile
area.
Operating under 14 CFR part 91 only 12,500 pounds or less. It enplanes from, or General Aviation No standard program.. No change.
**. deplanes into, an Operations using a
existing sterile area. sterile area Sec.
1550.5.
Operating under 14 CFR part 91 only More than 12,500 It is not under Not required to have Not required to have Proposed LASSP.
**. pounds. another TSA security a security program. a security program.
program, and does not
enplane from or
deplane to an
existing sterile area.
Operating under 14 CFR part 91 only 12,500 pounds or less. It is not under Not required to have Not required to have No change.
**. another TSA security a security program. a security program.
program, and does not
enplane from or
deplane to an
existing sterile area.
Passenger operations into and out Any size.............. It is not under a Full DCA Access Program DCA Access Standard No change.
of Ronald Reagan Washington Program. part 1562. Security Program
National Airport (DCA) ***. (DASSP).
Other operations **................ Any size.............. Is not under any other Limited program Sec. No standard program.. No change.
required program but 1544.101(g).
aircraft operator
requests a security
program.
--------------------------------------------------------------------------------------------------------------------------------------------------------
* These aircraft operators are considered air carriers or commercial operators.
** These aircraft operators are considered general aviation.
*** May be air carriers, commercial operators, or general aviation operators.
**** After issuing the LASP final rule, TSA would develop and issue a standard security program to implement the LASP called the Large Aircraft Standard
Security Program (LASSP).
Cites in this column are to 49 CFR.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Would be using this
An all-cargo aircraft operator that Must have this Currently using this standard security
operates this type of service: In this size aircraft And program standard security program under the
program NPRM
--------------------------------------------------------------------------------------------------------------------------------------------------------
All-cargo.......................... Greater than 45,500 Operating under a FAA Full All-Cargo Full All-Cargo No change.
kg, OR 61 or more certificate issued Program. Aircraft Operator
passenger seats. under 14 CFR part 119 Sec. 1544.101(h)... Standard Security
or 125. Program (FACAOSSP).
All-cargo......................... Over 12,500 lbs but ...................... Twelve-Five Program TFSSP in all-cargo LASSP with all-cargo
not over 45,500 kg. in all-cargo operations. component.
operations.
Sec. 1544.101(d)...
[[Page 64795]]
All-cargo under an FAA certificate More than 45,500 kg.. ...................... FACAOSSP............ FACAOSSP +.......... No change.
issued under 14 CFR part 125.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Cites in this column are to 49 CFR.
All-cargo operations carry cargo and authorized persons, but no passengers.
In developing the proposed rule, TSA analyzed the existing security
programs to determine which security measures have been effective and
would be appropriate for inclusion in the proposed LASP. The LASP would
combine the essential elements of some of the current security programs
into one consolidated and comprehensive program.
In this rulemaking, TSA is also proposing to reorganize certain
existing regulations in 49 CFR part 1544. Specifically, TSA has
clarified the meaning of the rule, simplified the text, and harmonized
regulations between the different industry populations. This
reorganization may affect the currently regulated population in
addition to the proposed newly regulated population. TSA is also
proposing to reorganize certain sections in 49 CFR part 1544 to account
for the proposed addition of the LASP. The reorganization would not
make any substantive changes to the regulations.
C. Implementation and Compliance Schedule
Based on industry data, TSA anticipates that this proposed rule
would require approximately 10,000 aircraft operators and 315 airport
operators, most of whom are not currently required to do so, to
implement security programs. Due to the large number of aircraft
operators and airport operators that would be required to implement
security programs, TSA proposes using a phased approach in the
implementation of the proposed rule. The proposed compliance schedule
would allow for proper and adequate support and staffing within TSA and
also would allow sufficient time for compliance on the part of the
newly regulated aircraft operators and airport operators. Following
issuance of a final rule, TSA would implement a communication plan
commencing with a wide distribution of press releases, web-site
postings, and industry association briefings and meetings. These
briefings and meetings would communicate, educate, and confirm which
operators would be affected by the final rule, what actions the
aircraft operators and airport operators would be required to take to
comply with the rule, and the time period within which the aircraft
operator and airport operators would be required to submit their
applications and other supporting documents. At that time, TSA would
provide the process, procedures, and necessary forms to the aircraft
operators and airport operators to enable the operators to apply for
the large aircraft program, or the airport partial program, via a
secure web-board.
TSA's implementation schedule would divide the country into five
areas, taking into account which areas of the country contain the
largest affected populations of aircraft operators and airport
operators. TSA anticipates six phases of compliance, targeting
approximately 20 percent of the large aircraft operator and airport
operators population that currently do not hold security programs in
each of the first five phases. The sixth and final phase would include
aircraft operators that currently hold a security program.\17\ The
following timeline for compliance would start upon the effective date
of the final rule, which would be 60 days after publication of the
final rule in the Federal Register:
---------------------------------------------------------------------------
\17\ There are no airport operators that currently hold a
partial program.
Phase 1, Mid-Atlantic region--months 1-4 after the effective date of
the final rule.
Phase 2, North-East region--months 5-8 after the effective date of the
final rule.
Phase 3, Southern region--months 9-12 after the effective date of the
final rule.
Phase 4, Mid-West region--months 13-16 after the effective date of the
final rule.
Phase 5, Western region--months 17-20 after the effective date of the
final rule.
Phase 6, Existing security program holders--months 21-24 after the
effective date of the final rule.
The phase in which a large aircraft operator would fall would be
determined by where the aircraft is based. For large aircraft operators
that have multiple bases for their aircraft, the phase would be
determined by the location of the large aircraft operator's
headquarters. We seek comment on this phased approach and on
determining which phase would be applicable to each large aircraft
operator based on the location of the aircraft or headquarters.
II. Major Elements in This NPRM
A. Major Requirements in the Proposed Large Aircraft Security Program
To provide greater consistency across all large aircraft
operations, the proposed regulation would create the Large Aircraft
Standard Security Program (LASSP) to replace the current security
programs for partial program operators, twelve-five program operators,
and private charter program operators. The major requirements in this
proposed rule are based on the requirements in the Twelve-Five and the
Private Charter Security Programs.
The proposed LASP provides a core security program for all large
aircraft, irrespective of the FAA regulations under which they operate,
whether they are air carriers, commercial operators, or GA. Beyond the
core requirements for large aircraft with a MTOW of over 12,500 pounds,
the proposed LASP would include a component for large aircraft with a
MTOW of over 45,500 kilograms operated for compensation or hire. The
following is a summary of the major security measures in the proposed
LASP.
1. Proposed Core Requirements of the Large Aircraft Security Program in
Sec. 1544.103(e)
In TSA's experience, the current Twelve-Five Security Program has
proven to be effective in safeguarding the operations of scheduled and
charter operations in aircraft with MTOW of over 12,500 pounds without
unduly burdening the aircraft operators. Accordingly, TSA would base
the core requirements of the LASP on the Twelve-Five Security Program.
The LASP, however, would include additional requirements that would
[[Page 64796]]
strengthen the existing security measures. Below is a discussion of the
major requirements of the LASP.
Security Threat Assessment With Criminal History Records Check for
Flight Crew Members
Under the current security programs that apply to large aircraft
operators, TSA requires aircraft operators to ensure that their flight
crew members have undergone a fingerprint-based criminal history
records check (CHRC). TSA views this as an important security measure
that should apply to flight crew members of all large aircraft. Pilots
are in control of the aircraft and other flight crew members are in the
cockpit and could obtain control of the aircraft. Consequently, TSA
proposes to require that large aircraft operators ensure that all of
their flight crew members undergo a security threat assessment (STA)
that includes a CHRC and other analyses, including checks of
appropriate terrorist watch-lists and other databases. The list of
disqualifying crimes of the CHRC would be the same as for the full and
full all-cargo operations. 49 CFR 1544.229 and 1544.230.
After TSA adopted the Twelve-Five Security Program requirements, it
became clear that most operators of that size were not well-prepared to
conduct adjudication of the CHRCs. Accordingly, while the twelve-five
operators have been ensuring that their flight crew members submit
their fingerprints, TSA has been adjudicating the criminal histories;
that is, TSA reviews the history to determine whether the flight crew
member has a disqualifying criminal offense. TSA is proposing to codify
that practice and to charge a fee for the services. See the section-by-
section analysis for proposed part 1544, subpart G.
TSA recognizes that a flight crew member may be contracted to work
for more than one large aircraft operator. We seek comment on whether
the STA should be transferable so that the flight crew member would
need to undergo only one STA every five years, regardless of the number
of employers the flight crew members may have within the five-year
period. Potential employers would check the status of the flight crew
member's STA through a mechanism required by TSA.
TSA also is considering ways to positively identify pilots
conducting both domestic and international flight operations and
effectively link them to the aircraft they are operating. We seek
comment and recommended methods for positively identifying pilots and
effectively linking them to the aircraft they are operating.
Watch-List Matching of Passengers
The Federal Government maintains a terrorist watch-list. The watch-
list, which includes the No Fly List and the Selectee List components
of the Terrorist Screening Database maintained by the Terrorist
Screening Center (TSC), is the basis for the pre-flight passenger
watch-list matching currently conducted by certain aircraft operators.
Watch-list matching of passengers on large aircraft is an important
security measure, because it can prevent individuals who are believed
to pose a risk from boarding a large aircraft and, potentially, gaining
control of the aircraft, to use it as a weapon. TSA studies have shown
that significant loss of lives and other damage could result from such
an incident. Matching passenger information against the No Fly List
component of the terrorist watch-list would identify individuals who,
if permitted to board aircraft, may pose a threat to the aircraft and/
or persons on board. Matching passenger information against the
Selectee List component of the terrorist watch-list also would identify
individuals who may be potential threats and would allow TSA and/or the
aircraft operators to take appropriate action, if necessary.
Under the current watch-list matching process, TSA provides the No
Fly and Selectee List to twelve-five, partial program, and private
charter aircraft operators to enable them to conduct the watch-list
matching. When an aircraft operator receives passenger information that
is similar to, or the same as, a name on the No Fly or Selectee List,
the aircraft operator is required to notify law enforcement personnel
and TSA in order to determine whether that passenger is in fact the
individual listed on the No Fly or Selectee List. The aircraft operator
may not board a passenger until TSA has instructed the aircraft
operator that the passenger is clear to board the aircraft.
a. Removing watch-list from aircraft operators. Per Homeland
Security Presidential Directive-16/National Security Presidential
Directive-47, section 4012(a) of the Intelligence Reform and Terrorism
Prevention Act,\18\ and in support of 9/11 commission recommendations,
the U.S. government is in the process of assuming control over watch-
list matching in the aviation environment. TSA is concerned that
providing the watch-list to approximately 10,000 large aircraft
operators as part of the LASP program would increase the risk that the
watch-list would be disseminated to unauthorized persons and that the
watch-list would be misused and/or compromised. Since it is not
possible to bring the watch-list matching function into the federal
government in one step, TSA is considering ways to provide this list to
a more limited set of holders while TSA considers the most effective
method to assume the watch-list matching responsibility from all
aircraft operators required to conduct watch-list matching through the
Secure Flight program.
---------------------------------------------------------------------------
\18\ Public Law 108-458, 118 Stat. 3638, Dec. 17, 2004; 49
U.S.C. 44903 (j)(2).
---------------------------------------------------------------------------
TSA recognizes that the Secure Flight program has not yet achieved
the operational capability to conduct watch-list matching for general
aviation, nor is such capability anticipated by the time TSA would
require large general aviation and charter aircraft operators to
implement the LASP. Therefore, TSA is proposing a solution for watch-
list matching in this NPRM for the time period in which the Secure
Flight program does not have the capability to conduct watch-list
matching for large aircraft passengers. If TSA is able to develop the
capability for the Secure Flight program to conduct watch-list matching
for large aircraft passengers, TSA may amend the scope of the Secure
Flight program to include large aircraft operators in the final rule
for this NPRM.\19\
---------------------------------------------------------------------------
\19\ For example, proposed Sec. 1560.1(a) may be amended to
include large aircraft operators. See Secure Flight NPRM, 72 FR at
48387.
---------------------------------------------------------------------------
b. Watch-list Service Providers. Under the proposed rule, TSA would
not provide the No Fly List to large aircraft operators, which means
that TSA would no longer provide the watch-list to the approximately
800 aircraft operators now receiving it under the twelve-five program,
partial program and private charter operators and would not begin
providing it to the additional approximately 9,300 general aviation
operators that would be under the LASP. Instead, TSA would provide the
watch-list to watch-list service providers approved by TSA. Large
aircraft operators would transmit their passenger information to these
watch-list service providers, who would conduct the automated watch-
list matching function and transmit the results back to the large
aircraft operators.
TSA is proposing this approach for two reasons. First, this would
greatly reduce the number of entities receiving the watch-list, thus
reducing the risk that it would be disseminated to unauthorized persons
or misused. Second, having a small number of watch-list service
providers conduct watch-list matching in accordance with
[[Page 64797]]
TSA standards would result in greater consistency in the application of
the watch-list matching function. These watch-list service providers
will have been determined to have appropriate security, including
Information Technology (IT) security and performance capabilities, to
perform this important function in the interim. TSA invites comments on
the role that watch-list service providers may continue to have if the
responsibility for watch-list matching shifts to the U.S. Government in
the future. For example, would watch-list service providers offer their
services to consolidate passenger information from large aircraft
operators and to transmit the passenger information to Secure Flight?
While the watch-list service providers would perform the watch-list
matching function, large aircraft operators would have several
responsibilities under the proposed rule. Large aircraft operators
would be responsible for all costs associated with watch-list matching,
including any fee charged by the watch-list service providers.
c. Compliance with CBP programs. Large aircraft operators would not
be required to transmit passenger information to their watch-list
service providers for any flight for which the large aircraft operator
has submitted advance passenger information to U.S. Customs and Border
Protection (CBP) under 19 CFR part 122. For passengers on flights in
commercial aircraft, as defined in 19 CFR 122.1, the large aircraft
operator are required to submit advance passenger information under 19
CFR 122.49a and 122.75a and comply with the CBP boarding instruction
regarding each passenger.
TSA notes that CBP published a notice of proposed rulemaking,
``Advance Information on Private Aircraft Arriving in and Departing
from the United States,'' proposing to implement certain passenger
manifest and advance passenger screening requirements for private
aircraft departing foreign ports for U.S. destinations or departing the
United States for foreign ports. Under the CBP proposed rule, a private
aircraft, in contrast to a commercial aircraft,\20\ is generally any
aircraft engaged in a personal or business flight to or from the United
States that is not carrying passengers and/or cargo for commercial
purposes.\21\ See 19 CFR 122.1(h). CBP's Advance Passenger Information
System (APIS) requirements and proposed eAPIS requirements apply to
both U.S.-operated and foreign-operated aircraft.
---------------------------------------------------------------------------
\20\ 19 CFR 122.1(d) defines ``commercial aircraft'' as any
aircraft transporting passengers and/or cargo for some payment or
other consideration, including money or services rendered.
\21\ 19 CFR 122.1(h) also defines a private aircraft as any
aircraft leaving the United States carrying neither passengers nor
cargo in order to lade passengers and/or cargo in a foreign area for
commercial purposes; or returning to the United States carrying
neither passengers nor cargo in ballast after leaving with
passengers and/or cargo for commercial purposes.
---------------------------------------------------------------------------
To avoid process redundancies, DHS would require operators and
pilots of private large aircraft that would be subject to this TSA
proposed rule and CBP's eAPIS private aircraft regulations to submit
their passenger manifest to CBP only and not to watch-list service
providers. TSA would deem U.S. operators of private large aircraft to
be in compliance with the proposed rule's requirements to submit
passenger information for watch-list matching for international flights
if the pilot submits passenger information required under the proposed
eAPIS regulations. See proposed 19 CFR 122.22.
The TSA and CBP screening processes work in tandem for flights
departing foreign ports destined for the United States and flights
departing the United States for foreign destinations. If CBP grants the
pilot landing rights under 19 CFR 122.49a, 122.75a, or 122.22, TSA
would allow the large aircraft operator to permit all passengers, for
whom the aircraft operator submitted advance passenger information to
CBP, to board the aircraft. If CBP identifies a passenger as a selectee
under 19 CFR 122.49a, 122.75a, or 122.22, TSA would allow the large
aircraft operator to permit the passenger to board the aircraft, and
TSA would require the large aircraft operator to comply with the
procedures in its security program pertaining to passengers that are
identified as selectees, as discussed in further detail below. If CBP
identifies a passenger as ``not cleared'' under 19 CFR 122.49a,
122.75a, or 122.22, TSA would not allow the large aircraft operator to
permit the passenger to board the aircraft. CBP would instruct the
large aircraft operator to contact TSA regarding the passenger who has
been identified as ``not cleared'' for further resolution.
d. Passenger information. This proposed rule would require large
aircraft operators to request full name, gender, date of birth, and
redress number \22\ (if available) from all passengers. TSA has
determined that an individual's full name, gender, and date of birth
are critically important for effective automated watch-list matching of
that individual against those individuals on the watch-list.\23\ The
full name is the primary attribute used to conduct watch-list matching
and would be required for all passengers. Partial names would increase
the likelihood of false positive matches, because partial names are
more likely to match a number of different entries on the watch-list.
As a result, this proposed rule would require individuals to provide
their full names and would prohibit aircraft operators from boarding a
passenger who does not provide a full name. Date of birth and gender
would be optional for the passenger. This proposed requirement on
passengers to provide the full name is consistent with TSA's proposal
in the Secure Flight NPRM. In the Secure Flight NPRM, TSA proposes to
require passengers on commercial flights operated by full program
operators and foreign air carriers to provide their full name when they
make a reservation for a flight. See proposed Sec. 1540.107(b) in the
Secure Flight NPRM, 72 FR at 48386.
---------------------------------------------------------------------------
\22\ The redress number is the number assigned by DHS to an
individual processed through the redress procedures described in 49
CFR part 1560, subpart C, as proposed in the Secure Flight NPRM.
\23\ See Secure Flight NPRM, 72 FR at 48364.
---------------------------------------------------------------------------
Many names do not indicate gender, because they can be used by
either gender. Additionally, names not derived from the Latin alphabet,
when transliterated into English, often do not denote gender. Providing
information on gender will reduce the number of false positive watch-
list matches, because the information will distinguish persons who have
the same or similar names but who are of a different gender. The date
of birth is also helpful in distinguishing a passenger from an
individual on a watch-list with the same or similar name, thereby
reducing the number of false positive watch-list matches.
This proposed rule would also require aircraft operators to request
an individual's redress number, if available. DHS will assign this
unique number to individuals who use the DHS Traveler Redress Inquiry
Program (DHS TRIP), because they believe they have been incorrectly
delayed or denied boarding. Individuals may be less likely to be
delayed by false positive matches to the watch-list if they provide
their redress number, if available.
Under the proposed rule, individuals would not be compelled to
provide their gender, date of birth, or redress number when requested
by the aircraft operators. However, without this information, the
watch-list service provider may be unable to perform effective
automated watch-list matching and, as a result, the individuals may be
more likely to be denied boarding, or under certain circumstances, be
subject
[[Page 64798]]
to additional screening. TSA is considering whether to require all
individuals to provide their gender and date of birth to assist in the
watch-list matching and resolution process.
The proposed rule would require large aircraft operators to
transmit to the watch-list service provider the passengers' full names
and also transmit the passengers' genders, dates of birth, and redress
numbers, to the extent they are available. In addition, the proposed
rule would require large aircraft operators to transmit certain
information from an individual's passport (full name, passport number,
country of issuance, expiration date, gender, and date of birth), if it
is available and was provided to the aircraft operator. Based on TSA's
experience in conducting security threat assessments that include
watch-list matching, TSA has determined that passport information would
help resolve possible false positive matches and make the watch-list
matching process more accurate.
TSA is not proposing a minimum time in advance of the flight that
large aircraft operators would be required to submit passenger
information to the watch-list service provider. TSA anticipates that
the large aircraft operators would work with their service providers to
establish a minimum time that the service provider would need to
complete watch-list matching in advance of a flight. Nevertheless, TSA
seeks comment on whether it should establish a minimum time for
submission of passenger information to the service providers, what that
minimum time should be, and the reasons supporting the suggested
minimum time.
Upon submission of the passenger information by the aircraft
operator to the watch-list service provider, the service provider would
conduct the automated vetting of the passenger information provided
against the watch-list which is comprised of the No Fly and Selectee
List components of the Terrorist Screening Database. The watch-list
service provider would inform the aircraft operator of the results of
the watch-list matching by transmitting instructions to the large
aircraft operator for each passenger. The large aircraft operator would
not be able to permit a passenger aboard an aircraft until the large
aircraft operator receives the instructions from the watch-list service
provider that would allow the aircraft operator to board the passenger.
The large aircraft operator would be required to comply with the
instructions.
Upon submission of the passenger information by the aircraft
operator to the watch-list service provider, the service provider would
conduct the automated comparison using the passenger information
provided. If an automated comparison indicates that the passenger is
not a match to the watch-list, the service provider would instruct the
aircraft operator that the passenger is cleared to board the aircraft.
If the automated comparison using the passenger information identifies
a potential match to the watch-list, the watch-list service provider
would contact TSA for resolution of the potential match. TSA would
coordinate with the TSC for resolution if necessary and would provide
further instructions concerning the passenger to the service provider.
If TSA cannot determine from the information provided by the watch-
list service provider whether the individual is a match to the watch-
list, it may be necessary for the passenger to provide additional
information to resolve the possible match. In these instances, TSA
would inform the watch-list service provider to instruct the large
aircraft operator to contact TSA directly to resolve the possible match
between the passenger and the watch-list record, and TSA would provide
final instructions concerning the possible match and the passenger's
status to the large aircraft operator.
e. Aircraft operator procedures. TSA believes that it is important
for large aircraft operators and their pilots, as the in-flight
security coordinators, to know whether a passenger is identified as a
selectee so they can make appropriate security decisions. If the
passenger is identified as a selectee, TSA would allow the large
aircraft operator to permit the passenger to board the aircraft.
However, TSA would require the aircraft operator to comply with the
procedures described in its security program pertaining to passengers
identified as selectees. Although TSA would not require large aircraft
operators to conduct screening of selectees and their accessible
property on a normal basis, if warranted by security considerations,
TSA may require some or all large aircraft operators to screen
selectees and their accessible property. In this circumstance, TSA
would coordinate with the large aircraft operators on the appropriate
screening protocols.
If the watch-list service provider instructs the large aircraft
operator that a passenger must be denied boarding, the large aircraft
operator would not be able to permit the passenger to board unless
explicitly authorized by TSA.
Additionally, if the aircraft operator becomes aware that any data
element in the passenger information has changed, the large aircraft
operator would be required to transmit to the watch-list service
provider updated passenger information, which includes the full name,
and if available, gender, date of birth, redress number, and passport
information. If the large aircraft operator sends updated passenger
information to the watch-list service provider for a passenger for whom
the service provider has already transmitted instruction, the large
aircraft operator would not be able to permit the passenger on board
until the large aircraft operator receives updated instructions from
the watch-list service provider. Any previous instruction regarding the
passenger would be void; the large aircraft operator would be required
to comply with any updated instruction from the service provider.
f. Master passenger list. TSA recognizes that many large aircraft
operators carry the same passengers on most or all of their flights and
that it would be burdensome for the large aircraft operators to send
the required information for the same individuals on each flight.
Consequently, the proposed rule includes a provision for a master
passenger list. Under this optional proposed provision, individuals on
a master passenger list would be subject to continuous vetting of their
names against the watch-list.\24\ TSA would not require large aircraft
operators to transmit information on these passengers every time they
are on a flight operated by the large aircraft operator. This master
list would be applied for domestic flights only; CBP would require
aircraft operators and their pilots to transmit advance passenger
information to CBP for international flights departing from or arriving
in the United States under CBP's eAPIS NPRM, and passengers would need
to present their passports pursuant to CBP regulations.
---------------------------------------------------------------------------
\24\ The proposed rule would define ``continuous vetting'' as
the process in which the passenger's information is continuously
matched against the most current watch-list.
---------------------------------------------------------------------------
Prior to collecting passenger information from an individual to
place that individual on a master passenger list, the large aircraft
operator would be required to inform the individual that he or she
would have the option of being placed on the master passenger list, to
provide the individual with notice of the purpose and procedures
related to a master passenger list, and to obtain from the individual a
signed, written statement affirmatively
[[Page 64799]]
requesting that he or she be placed on a master passenger list. These
requirements would ensure that individuals would be informed that their
inclusion in a master passenger list would be voluntary and contingent
upon their providing written consent and that a watch-list service
provider would continuously maintain their passenger information and
compare the information against the watch-list.
In order to place an individual on the master passenger list, the
large aircraft operator would be required to comply with the following:
(1) Request and obtain the full name, gender, date of birth, redress
number, and passport information of the individual; (2) transmit the
passenger information and any updated passenger information to a watch-
list service provider and designate the individual for continuous
vetting; (3) ensure that the watch-list service provider is responsible
for continuous vetting for that individual at the time the individual
boards an aircraft; (4) receive an instruction that the individual is
cleared in response to the initial transmission of passenger
information or transmission of updated passenger information; and (5)
receive any instruction to prohibit the individual from boarding an
aircraft.
g. Aircraft operators under a full program. Under 49 CFR
1544.101(a), TSA requires full program aircraft operators to conduct
watch-list matching of their passengers under their security program.
Some of the full program aircraft operators also operate flights under
the other security programs in 49 CFR 1544.101. Many of these aircraft
operators use the same system or process to conduct watch-list matching
for their flights operated under their full security program, as well
as flights operated under their other security programs. Under the
proposed rule, TSA would require full program aircraft operators to
transmit the passenger information for passengers on their flights
operated under the LASP to watch-list service providers approved by TSA
to conduct the watch-list matching on their behalf. TSA requests
comment on whether full program aircraft operators should be permitted
to conduct watch-list matching for passengers on flights operated under
their LASP using the system or process that they use for flights
operated under their full security program, including TSA's Secure
Flight Program when it is available.
h. Privacy notice and data retention. TSA would only receive
passenger information if the watch-list service provider's automated
vetting system identifies an individual as a potential match to the
watch-list; this is much like the current practice where aircraft
operators conduct watch-list matching pursuant to their security
programs. TSA is considering requiring aircraft operators to provide a
privacy notice to passengers in the LASP. Most LASP aircraft operators
do not have a reservation system and are on-demand operations, such as
charter, corporate, fractional, and recreational (friends and family)
operations. LASP aircraft operators may find it challenging and
burdensome to provide a privacy notice to their passengers when
collecting the information. TSA is seeking comments on how a privacy
notice could be provided during the collection of information while
considering the feasibility, costs, and effectiveness of providing such
notice. Should TSA require large aircraft operators to provide a
privacy notice on web sites through which passenger service is offered,
either on their own web site or through an internet travel web site
that offers seats on charter flights, or via other means that would
provide notice to passengers on aircraft operated by LASP operators?
TSA is considering data and record retention requirements for
records for watch-list service providers and large aircraft operators.
TSA seeks comment on whether the proposed record retention for the
Secure Flight Program should be applied to large aircraft operators and
watch-list service providers to ensure that personally identifiable
information is not retained for longer than necessary. As explained in
the Secure Flight NPRM, TSA would retain passenger information for
seven days for passengers that are cleared, seven years for passengers
that have been identified as potential matches to the watch-list, and
99 years for passengers who are confirmed matches to the watch-list
under the Secure Flight Program.\25\ If TSA were to require a similar
record retention schedule for records collected, transmitted, and
received under proposed Sec. 1544.245 and part 1544, subpart F, large
aircraft operators' watch-list service providers would retain and
destroy passenger information and watch-list matching results in
accordance to this schedule. TSA is also considering requiring large
aircraft operators and watch-list service providers to retain passenger
information for passengers who are cleared, for three years, to
facilitate the audit that large aircraft operators would undergo every
two years under proposed Sec. 1544.243 and compliance oversight.
---------------------------------------------------------------------------
\25\ See Secure Flight NPRM, 72 FR at 48363.
---------------------------------------------------------------------------
i. Secure Flight. As noted above, the long-term plan is for TSA to
assume the watch-list matching responsibility from all aircraft
operators required to conduct watch-list matching and to conduct the
watch-list matching through the Secure Flight Program. Under the
current stage of Secure Flight development, Secure Flight will not have
the capability to conduct watch-list matching for large aircraft
operators for several years.
Under the Secure Flight NPRM, TSA would assume the watch-list
matching only for full program operators and certain foreign air
carriers. If the Secure Flight Program is capable of assuming the
watch-list matching responsibility from large aircraft operators when
TSA would require implementation of the LASP, TSA may amend the scope
of the Secure Flight regulations to include large aircraft operators in
the final rule for this NPRM.
Under the Secure Flight Program, TSA may require large aircraft
operators to collect and transmit the same data elements, called Secure
Flight Passenger Data (SFPD), to TSA for all passengers that full
program operators must collect and transmit for their passengers.
Although, in the Secure Flight NPRM, TSA did not propose to cover the
large aircraft population in the Secure Flight Program, TSA is
proposing, in this LASP NPRM, to align the LASP passenger information
requirements with those of the Secure Flight Program. Consequently, the
passenger information requirement in proposed Sec. 1544.245 of this
LASP NPRM is similar to proposed Sec. 1560.101 in the Secure Flight
NPRM.\26\ TSA's intent is to align the data requirements of LASP and
the Secure Flight Program, so that they match when the final rules are
implemented.
---------------------------------------------------------------------------
\26\ 72 FR at 48388.
---------------------------------------------------------------------------
The methods for transmitting SFPD to TSA would be described in the
standard security program for large aircraft operators. Possible
methods of transmission may include a direct connection to TSA, similar
to the connection that some full program operators will establish, and
an internet-based application. Similar to the requirements proposed for
the watch-list service provider, large aircraft operators would not be
able to board passengers until they received boarding instructions from
TSA. TSA would also require large aircraft operators to comply with the
boarding instructions. TSA would transmit the boarding instructions
after conducting the watch-list matching of the passengers.
[[Page 64800]]
TSA has determined that watch-list matching of passengers on large
aircraft is an important security measure, because it can prevent
individuals who are believed to pose a risk from boarding a large
aircraft and, potentially, gaining control of the aircraft, to use it
as a weapon or to cause harm to aviation or national security. Such
considerations extend beyond the simple use of aircraft as missiles,
but also include aircraft as delivery vectors for other catastrophic
payloads (e.g., chemical, biological, radiological or nuclear
materials). Given the security concerns, TSA believes a reliable
mechanism for watch-list matching for large aircraft must be
operational without undue delay. The watch-list matching service
providers would provide the needed security and do so in a timely
fashion. While the Secure Flight Program would also provide a reliable
mechanism, its ability to absorb the watch-list matching function for
the large aircraft population is likely to be several years away, and
it is likely that it would not be available to address this important
security need when TSA would be ready to implement the LASP. Thus, TSA
believes that the using the watch-list service providers will be the
more viable security solution for watch-list matching when TSA is ready
to implement the LASP.
While TSA anticipates that Secure Flight would be the long-term
mechanism for conducting watch-list matching of passengers, TSA seeks
comments on whether the watch-list matching service providers should
serve as part of the long-term solution to large aircraft watch-list
matching, such as by gathering the passenger information from the
aircraft operators and submitting it to TSA for watch-list matching,
then receiving the results from TSA. One possible advantage of the
watch-list service providers may be that the master passenger list
system developed by these providers would remain undisturbed, a
convenience for passengers on those lists and the large aircraft
operators. Additionally, TSA seeks comment on whether maintaining the
watch-list matching service providers may reduce the costs associated
with a transition to the Secure Flight Program. There may also be
benefit to TSA in limiting the number of different entities to which
the Secure Flight program would maintain direct links, requiring only
links with the watch-list service providers, not all large aircraft
operators.
Audit Requirement
Due to the large size and widely-dispersed geographical locations
of the aircraft operator population that would be subject to this
proposed rule, TSA would need an effective mechanism to verify large
aircraft operators' compliance with the large aircraft program. While
TSA intends to develop a compliance program for, and conduct
inspections of, large aircraft operators, it is not possible for TSA to
visit approximately 10,000 large aircraft operators on a regular basis.
TSA proposes the use of TSA-approved third-party auditors. These
TSA-approved third-party auditors would support existing TSA resources
and would enhance compliance with TSA regulations and the aircraft
operator's security program. Auditors would conduct audits of large
aircraft operators for their compliance with their security program and
TSA regulations. The auditors would submit their findings in the manner
and form prescribed by TSA. Auditors' reports would assist TSA
inspectors in the conduct of compliance inspections as necessary. TSA
would use the third-party auditors' reports as one tool in establishing
inspection priorities. The audits would also assist large aircraft
operators in assessing the security measures in place for their own
aircraft.
TSA proposes to require large aircraft operators to contract with
TSA-approved auditors to conduct a biennial audit of their compliance
with TSA regulations and their security programs. Large aircraft
operators would initially undergo an audit within 60 days of TSA's
approval of the large aircraft operators' security program and then
every two years thereafter. Large aircraft operators would also be
required to provide auditors access to their records, equipment, and
facilities necessary for the auditor to conduct an audit. The aircraft
operators would receive a copy of the audit report and would be
provided an opportunity to submit comments on the audit report to TSA.
In this NPRM, TSA is proposing that large aircraft operators may
select any TSA-approved auditor to perform the audit function. However,
TSA is considering instituting a system that would assign auditors to
large aircraft operators on a random basis in order to assure overall
consistency of the auditing program, thereby enhancing security. TSA
seeks comment on whether to include a system of assigning auditors in
the final rule and on methods of doing so.
As stated above, many full program aircraft operators also operate
flights under the private charter program. TSA routinely conducts
inspections of full program aircraft operators, and these inspections
include any private charter operations the aircraft operators may have.
Given these TSA inspections, TSA requests comment on whether it is
necessary to require full program aircraft operators that also operate
flights under a LASP to contract with a third party auditor to conduct
a biennial audit of their operations for compliance with their security
program and TSA regulations.
Unauthorized Persons and Accessible Weapons on Board Large Aircraft
TSA would require large aircraft operators to apply security
measures in their security program to prevent or deter the carriage of
unauthorized persons and unauthorized weapons, explosives,
incendiaries, and other destructive substances or items on board a
large aircraft. This proposed security measure is designed to prevent
unauthorized persons, such as a stowaway, or accessible weapons, from
being placed in a large aircraft. Under the proposed security measure,
the large aircraft operator would check for weapons and check any
container, cargo, or company material that may be used to hide a
stowaway, or explosives, incendiaries, or other destructive substances
or items. The security program would describe the method for conducting
the checks, such as visual inspection of the exterior of the persons or
containers of certain sizes and weights, with further evaluation if
necessary. This proposed rule would only apply to property that may be
accessible to the cabin of the aircraft. For example, if the property
is stowed in a cargo hold that would not allow access to the cabin of
the aircraft, then that property would be exempt from inspection.
For purposes of screening passengers on air carrier flights under a
full program, TSA considers weapons to include items on its prohibited
items list, which is posted on TSA's Web site at http://www.tsa.gov.
This list includes, among other things, guns, firearms, and certain
sharp objects or tools such as knives, including steak knives and
pocket knives. TSA is proposing to require large aircraft operators to
adopt and carry out procedures to prevent passengers from carrying
prohibited items onto the aircraft. We understand, however, that large
aircraft operators currently not subject to a TSA security program \27\
may have special circumstances that should be considered. TSA seeks
comment on the following issues: First, for large aircraft
[[Page 64801]]
operators that are not carrying persons or property for compensation or
hire, should ``weapons'' be limited to guns and firearms? Further,
should there be a different requirement depending on whether the
aircraft has a MTOW of 45,500 kg or less or more than 45,500 kg?
---------------------------------------------------------------------------
\27\ Private charters and twelve-five operators currently must
ensure there are no prohibited items accessible in the cabin.
---------------------------------------------------------------------------
TSA understands that a significant portion of the large aircraft
population may not have inaccessible cargo hold compartments, but may
have a need to transport weapons, such as when transporting hunters.
Therefore, TSA proposes that weapons may be stored in a cargo hold, if
the aircraft has such a cargo hold, or may be stored in a locked box in
the cabin under the direct control of the in-flight security
coordinator. In these instances, the weapons would be considered
inaccessible to the persons on board.
Additional Requirements
The LASP would also include the following requirements: designation
of Aircraft Operator Security Coordinators, Ground Security
Coordinators, and In-Flight Security Coordinators; regulations
concerning law enforcement personnel; the carriage of TSA Federal Air
Marshals (FAMs) onboard an aircraft; the aviation security contingency
plan; and procedures for handling bomb and air piracy threats. These
proposed requirements are discussed in further detail in the Section-
by-Section Analysis portion of the preamble.
The economic analysis for this NPRM suggests that the aircraft
operator security coordinator requirement is the highest-cost measure
in this proposed rule, and TSA invites comment on whether there is a
more cost-effective means of meeting the same or substantially similar
security goals as detailed herein. Although our preliminary view is
that the benefits of the security coordinator requirements as proposed
justify their costs, we are interested in comment on alternatives. Is
there a current industry practice that could provide a suitable
alternative? Should certain general aviation operators be exempted from
the requirements or portions of the requirements? Are there operational
limitations that prevent aircraft operators from designating security
coordinators for multiple flight segments? TSA also invites comments on
the use of a single individual for multiple security coordinator roles.
Comments that specifically address the costs and benefits of
alternatives to the security coordinator requirements would be welcome.
2. Aircraft of MTOW Over 45,500 kg or With a Passenger Seating
Configuration of 61 Seats or More Operated for Compensation or Hire
TSA has determined that aircraft over 45,500 kilograms or with a
passenger seating configuration of 61 seats or more operated for
compensation or hire should be subject to increased security
requirements. The current private charter program, which applies to
aircraft of this size and weight, includes more security measures than
the current twelve-five program. Part 125 (14 CFR) operators using this
size aircraft also currently must comply with the private charter
program. This approach is supported by the International Civil Aviation
Organization (ICAO), which requires that aircraft of more than 60
passengers, or with a MTOW of over 45,500 kilograms, be regulated and
protected from intrusion and ballistic threats.
Although the private charter program would be merged into the large
aircraft program, TSA believes that maintaining a higher level of
security for aircraft over 45,500 kilograms, or with a passenger
seating configuration of 61 seats or more, operated for compensation or
hire would be an important security measure. Thus, for these aircraft,
the proposed rule would continue the requirements now in the Private
Charter Program for the operators to inspect passengers and their
property and to perform CHRCs on their employees who conduct screening.
3. All-Cargo Operations
TSA recently issued a final rule regarding air cargo security,
including all-cargo operations in an aircraft with a MTOW over 12,500
pounds. See Final Rule for Air Cargo Security Requirements, 71 FR 30478
(May 26, 2006).\28\ Because cargo security remains an important part of
aviation security, TSA proposes to retain the requirements for all-
cargo operations in the LASP. Consequently, large aircraft all-cargo
operations would be required to comply with the cargo requirements in
49 CFR 1544.202 and 1544.205(a), (b), (d), and (f) in addition to the
core requirements of the LASP.
---------------------------------------------------------------------------
\28\ The effective date of the final rule was Oct. 23, 2006.
---------------------------------------------------------------------------
The large aircraft all-cargo program would replace the existing
Twelve-Five All-Cargo Program. Current aircraft operators that are
subject to the Twelve-Five All-Cargo Program would be subject to the
proposed requirements for large aircraft in all-cargo operations.
Additionally, 14 CFR part 125 operators in all-cargo operations, which
currently are required to comply with the Twelve-Five All-Cargo
Program, would also be subject to Sec. 1544.202.
All-cargo operations with an aircraft with an MTOW of over 45,500
kilograms currently must use the full all-cargo program and this would
be reflected in the rule.
4. Sensitive Security Information
Protection of Sensitive Security Information (SSI), as codified at
49 CFR part 1520, would apply to each aircraft operator operating under
the large aircraft program. Airport and aircraft operator security
programs and related amendments, Security Directives and Information
Circulars, technical specifications of security screening and detection
systems and devices, among other types of information, constitute SSI
under current 1520.5 and are prohibited from public disclosure. Watch-
list service providers' instructions to the large aircraft operators
would also be SSI. The SSI regulations would apply to LASPs as well.
Access to SSI is strictly limited to those covered persons with a
need to know, as defined in 49 CFR 1520.7 and 1520.11. In general, a
person has a need to know specific SSI when he or she requires access
to the information to carry out transportation security activities that
are government-approved, -accepted, -funded, -recommended, or -
directed, including for purposes of training on, and supervision of,
such activities or to provide legal or technical advice to airport
operators, aircraft operators or their employees regarding security-
related requirements. Accordingly, the protection of SSI would apply to
each large aircraft operator operating under a security program
pursuant to 1544.101(b).
5. Existing and Proposed Requirements for Large Aircraft
Table 2 below illustrates the requirements for large aircraft
operators and whether these requirements would be new or modified for
current holders of security programs. The table indicates how the
proposed rule would affect the current large aircraft operators. The
first column describes the proposed content requirements for the LASP.
The remaining five columns list five types of aircraft operators that
would be required to adopt and implement the large aircraft security
program under the proposed rule. The table indicates whether each type
of aircraft operator is currently required to comply with each content
requirement of the proposed LASP or whether the proposed content
requirement is a new requirement for
[[Page 64802]]
the aircraft operator. Additionally, as part of this rule, TSA would
modify some of the content requirements for the current Twelve-Five
Security Program and the Private Charter Security Program. The table
also indicates existing requirements that would be modified under the
proposed rule.
Table 3 compares the proposed large aircraft program with the Full
Program and the Full All-Cargo Program.
Table 2--Regulatory Requirements for Large Aircraft
--------------------------------------------------------------------------------------------------------------------------------------------------------
Scheduled or charter
Scheduled or charter Private charters operations in Large aircraft
Description of proposed LASP operations required to All-cargo operations required to have a aircraft with 31-60 operators not
requirement have a twelve-five required to have a private charter seats required to currently required to
program twelve-five program program have a partial have a security
program program
--------------------------------------------------------------------------------------------------------------------------------------------------------
Acceptance & screening of Does not apply........ Does not apply........ Currently applies and Does not apply....... Does not apply.
individuals and accessible would continue.
property (Sec. 1544.201).
Acceptance and screening of cargo Does not apply........ Currently applies and Does not apply....... Does not apply....... Does not apply.
(Sec. 1544.205). would continue.
Persons and property on board a New requirement....... Does not apply........ New requirement...... New requirement...... New requirement.
large aircraft (Sec. 1544.206).
Screening of individuals and Does not apply........ Does not apply........ Currently applies and Does not apply....... Does not apply.
property (Sec. 1544.207). would continue.
Required to have security Currently applies and Currently applies and Currently applies and Currently applies and New requirement.
coordinators (Sec. 1544.215). would continue. would continue. would continue. would continue.
Provision of law enforcement Currently applies and Currently applies and Currently applies and Currently applies and New requirement.
personnel at airports serving the would continue. would continue. would continue. would continue.
aircraft operators (Sec.
1544.217).
Carriage of accessible weapons on Currently applies and Currently applies and Currently applies and Currently applies and New requirement.
board aircraft (Sec. 1544.219). would continue. would continue. would continue. would continue.
Requirement to transport FAMs (Sec. Currently applies; Currently applies; New requirement...... Currently applies; New requirement.
1544.223). would be modified. would be modified. would be modified.
Provide for security of aircraft New requirement....... New requirement....... Currently applies and New requirement...... New requirement.
and facilities (Sec. 1544.225). would continue.
Security training for security New requirement....... New requirement....... Currently applies and New requirement...... New requirement.
coordinators and crew (Sec. would continue.
1544.233).
Training Program--Individual Currently applies and Currently applies and Currently applies and Currently applies and New requirement.
security-related duties (Sec. would continue. would continue. would continue. would continue.
1544.235).
Program to permit passengers to New requirement....... New requirement....... New requirement...... New requirement...... New requirement.
provide volunteer emergency
services (Sec. 1544.241).
Required to undergo third-party New requirement....... New requirement....... New requirement...... New requirement...... New requirement.
audits (Sec. 1544.243).
Required to send flight manifest to New requirement....... New requirement....... New requirement...... New requirement...... New requirement.
approved vendor for watch-list
matching of passengers (Sec.
1544.245).
Security threat assessment with New requirement....... New requirement....... New requirement...... New requirement...... New requirement.
criminal history records check for
flight crew (part 1544, subpart G).
Develop and implement contingency Currently applies and Currently applies and Currently applies and Currently applies and New requirement.
plan in response to threats (Sec. would continue. would continue. would continue. would continue.
Sec. 1544.301(a) & (b)).
Bomb and hijacking threats (Sec. Currently applies and Currently applies and Currently applies and Currently applies and New requirement.
1544.303). would continue. would continue. would continue. would continue.
Comply with security directives and Currently applies and Currently applies and Currently applies and Currently applies and New requirement.
information circulars (Sec. would continue. would continue. would continue. would continue.
1544.305).
--------------------------------------------------------------------------------------------------------------------------------------------------------
[[Page 64803]]
Table 3--Comparison of Aircraft Operator Security Programs
----------------------------------------------------------------------------------------------------------------
Proposed large
Full program Full all-cargo aircraft
Description of security requirement operators program program
operators operators
----------------------------------------------------------------------------------------------------------------
Acceptance & screening of individuals and accessible property X ............... X
(Sec. 1544.201)...........................................
Screening of individuals and property (watch-list & ............... X X
accessible weapons) (Sec. 1544.202).......................
Acceptance and screening of checked baggage (Sec. 1544.203) X ............... ...............
Acceptance and screening of cargo and accessible property X X X
(Sec. 1544.205)...........................................
Check property on board (Sec. 1544.206).................... ............... ............... X
Screening of individuals and property (Sec. 1544.207)...... X X X
Use of metal detection devices (Sec. 1544.209)............. X X ...............
Use of X-ray systems (Sec. 1544.211)....................... X X ...............
Use of explosives detection systems (Sec. 1544.213)........ X ............... ...............
Required to have security coordinators (Sec. 1544.215)..... X X X
Provision for law enforcement personnel at airports serving X X X
the aircraft operators (Sec. 1544.217)....................
Carriage of accessible weapons on board aircraft (Sec. X X X
1544.219)...................................................
Carriage of prisoners under the control of armed law X ............... ...............
enforcement officers (Sec. 1544.221)......................
Requirement to transport FAMs (Sec. 1544.223).............. X X X
Provide for security of aircraft and facilities (Sec. X X X
1544.225)...................................................
Exclusive area agreements (Sec. 1544.227).................. X X ...............
Access to cargo and security threat assessments for cargo X X ...............
personnel in the United States (Sec. 1544.228)............
CHRC: Unescorted access to SIDA, screening, baggage/cargo X X ...............
checks (Sec. 1544.229)....................................
CHRC: Flight crew members (Sec. 1544.230).................. X X ...............
Airport-approved and exclusive area personnel identification X X ...............
systems (Sec. 1544.231)...................................
Security training for security coordinators and crew (Sec. X X X
1544.233)...................................................
Training Program--Individual security-related duties (Sec. X X X
1544.235)...................................................
Flight deck privileges (Sec. 1544.237)..................... X X ...............
Program to permit passengers to provide volunteer emergency X ............... X
services (Sec. 1544.241)..................................
Required to undergo third-party audits (Sec. 1544.243)..... ............... ............... X
Required to send flight manifest to approved vendor for watch- ............... ............... X
list matching of passengers (Sec. 1544.245)...............
Security threat assessment with criminal history records ............... ............... X
check for flight crew, individuals authorized to perform
screening functions, applicants to become TSA-approved
auditors, and watch-list service provider cover personnel
(Part 1544, subpart G)......................................
Develop and implement contingency plan in response to threats X X X
(Sec. 1544.301)...........................................
Bomb and hijacking threats (Sec. 1544.303)................. X X X
Comply with security directives and information circulars X X X
(Sec. 1544.305)...........................................
----------------------------------------------------------------------------------------------------------------
B. Proposed Requirements for Certain Airports
Currently, the regulations extend airport security program
requirements to airports that regularly serve aircraft operations using
full programs, partial programs, private charter programs, and
corresponding foreign air carriers.\29\ These regulations for airport
operators provide for the safety and security of persons and property
on an aircraft operating in air transportation against an act of
criminal violence and aircraft piracy. An enhanced security environment
at the airports where large aircraft operate would support enhanced
security for the large aircraft. Thus, as part of the proposal to
provide security for large aircraft through a large aircraft program
for aircraft operators, TSA also proposes to require certain airports
that serve large aircraft to adopt a security program.
---------------------------------------------------------------------------
\29\ 49 CFR 1544.101(a), (b), and (f), and 1546.101(a), (b),
(c), and (d). However, there are no airports that currently hold a
security program because they regularly serve an aircraft operator
holding a partial program or a private charter program, or their
foreign air carrier equivalent.
---------------------------------------------------------------------------
There are thousands of GA airports that serve large aircraft. TSA
considered the heavy burden involved for all these airports to adopt a
security program. Many are very small and may have limited resources
and limited large aircraft activity. TSA proposes to require two types
of airports to hold a security program because of the type of service
they provide.
The first type of airport that would be required to hold a partial
program is a GA airport that is designated as a ``reliever'' airport by
the Secretary of Transportation, as defined in 49 U.S.C. 47102(22).
These airports perform the function of relieving congestion at a
commercial service airport by diverting GA from the commercial services
airport to the reliever airport and provide more GA access to the
overall community. Reliever airports are generally near metropolitan
areas and thus serve and are close to large populations--thus the need
for greater security at these airports.
The second type of airport is an airport that regularly serves
scheduled or public charter operations in large aircraft. These
operations have fare-paying passengers on a regular basis. TSA proposes
to require these airports to adopt the partial program. This program
would provide a basic level of security enhancement to compliment and
support the security measures that TSA would require large aircraft
operators to adopt and implement.
Table 4 below illustrates how the proposed rule would affect the
various types of airports. Table 5 compares the three types of airport
security programs--complete program, supporting program, and partial
program. TSA believes that the requirements of the partial program for
airport operators would not be burdensome for reliever airports, and
airports that regularly serve scheduled or public charter operations,
to adopt and carry out. TSA also believes that the requirement for
these airports to implement security programs will not place a
significant burden on local law
[[Page 64804]]
enforcement agencies, because TSA expects that there will be few
incidents requiring law enforcement response at these airports.
Table 4--Airport Operator Security Programs
----------------------------------------------------------------------------------------------------------------
Current: If it regularly serves
An airport operator must have this aircraft operations under these Proposed: If it meets the following
program security programs in 49 CFR criteria:
----------------------------------------------------------------------------------------------------------------
Complete program Sec. 1542.101(a) full program under Sec. No change.
1544.101(a)(1); or foreign air
carrier program under Sec.
1546.101(a).
Supporting program Sec. full program under Sec. Regularly serves full program
1542.101(b). 1544.101(a)(2); or. aircraft operator under Sec.
1544.101(a)(2) (no change); or
private charter program under Sec. Regularly serves foreign air carrier
1544.101(f); or. aircraft operator program under
Sec. 1546.101(b) (no change); or
foreign air carrier program under Regularly serves foreign air carrier
Sec. 1546.101(c). under Sec. 1546.101(c) (no
change).
Partial program Sec. 1542.101(c). partial program under Sec. Regularly serves large aircraft
1544.101(b); or. operator in scheduled or public
charter passenger operations under
Sec. 1544.101(b); or
foreign air carrier program under Is a reliever airport.
Sec. 1546.101(d).
None required *.................... twelve-five program under Sec. Large aircraft not described above.
1544.101(d).
None required *.................... limited program under Sec. No change.
1544.101(g).
None required *.................... full all-cargo program under Sec. No change.
1544.101(h).
----------------------------------------------------------------------------------------------------------------
* TSA may enter airports to inspect an aircraft operator that is operating under a part 1544 or 1546 security
program. 49 CFR 1542.5(e).
Table 5--Comparison of Airport Security Programs
------------------------------------------------------------------------
Description of security Complete Supporting Partial
requirement program program program
------------------------------------------------------------------------
Designate Airport Security X X X
Coordinator (Sec. 1542.3)..
Description of secured areas X ............ ............
of the airport...............
Description of the Airport X ............ ............
Operations Area..............
Description of the Security X ............ ............
Identification Display Area
(SIDA).......................
Description of the sterile X ............ ............
area.........................
Criminal history records check X ............ ............
of airport operator, airport
user, individuals with
unescorted access to a SIDA,
and individuals seeking
unescorted access authority..
Description of personnel X ............ ............
identification systems (Sec.
1542.211)...................
Escort procedures (Sec. X ............ ............
1542.211(e)).................
Challenge procedures (Sec. X ............ ............
1542.211(d)).................
Training program for X ............ ............
individuals performing
security-related functions
for the airport operator
(Sec. 1542.213)............
Training program for law X X X
enforcement personnel (Sec.
1542.217(c)(2)...............
Description of law enforcement X X X
support......................
System for maintaining records X X X
(Sec. 1542.221)............
Procedures and description of X ............ ............
facilities and equipment used
to support TSA inspection of
individuals, property, and
aircraft operator and foreign
air carrier screening
functions....................
Contingency plan (Sec. X X ............
1542.301)....................
Procedures for the X X X
distribution, storage, and
disposal of Sensitive
Security Information
(including security program,
Security Directives,
Information Circulars, and
implementing instructions),
and, as appropriate,
classified information.......
Procedures for posting of X X X
public advisories (Sec.
1542.305))...................
Incident management procedures X X X
(Sec. 1542.307)............
Alternate security procedures, X ............ ............
if any, that the airport
intends to use in the event
of natural disasters, and
other emergency and unusual
conditions...................
Exclusive area agreement (Sec. X ............ ............
1542.111)..................
Airport tenant security X ............ ............
program (Sec. 1542.113)....
------------------------------------------------------------------------
In addition to the two types of airports in the proposed rule text,
TSA requests comments on whether other types of airports should also be
required to adopt a security program, such as the partial program. For
example, should TSA require airports that regularly serve aircraft used
in private charter operations-aircraft with MTOW of over 45,500
kilograms or a passenger seating configuration of 61 or more seats--to
adopt a partial program? If TSA were to adopt such an approach, how
should TSA determine whether an airport ``regularly serves'' a large
aircraft with MTOW of over 45,500 kilograms or a passenger seat
configuration of 61 or more seats? Should TSA require airports that
serve any large aircraft with MTOW of over 45,500 kilograms or a
passenger seat configuration of 61 or more seats to adopt a partial
program, regardless of frequency?
In addition to the proposed amendments to Sec. 1542.101(b) and
(c), TSA is seeking comments on whether the content requirements of the
partial program and the supporting program should be amended. For
example, TSA is considering whether it should require airport security
coordinators at locations with partial programs to undergo the same
security training that airport security coordinators at locations with
a supporting or complete program under Sec. 1542.3 undergo or whether
a shorter training program would be appropriate.
TSA is also considering whether airport operators should be
required to
[[Page 64805]]
undertake a risk-based self assessment of their security programs. The
``TSA Information Publication (A-001), Security Guidelines for General
Aviation,'' includes the Airport Characteristic Measurement Tool, which
lists the most significant airport characteristics that can potentially
affect a facility's security posture.
TSA may develop a computer based training, available online or in a
DVD format, which incorporates GA security awareness, elements of the
existing ``TSA Information Publication (A-001), Security Guidelines for
General Aviation Airports,'' and industry best practices. Airport
operators may be able to use this training and accompanying self-
assessment tool to fulfill a risk-based self assessment should TSA
decide to include it as part of the partial program.
C. Passenger Checking Against the Watch-List
As discussed above in section II.A of the preamble, the proposed
rule would require large aircraft operators to transmit passenger
information to third-party entities called watch-list service providers
to conduct watch-list matching of their passengers. Because watch-list
service providers would perform an important security function, TSA is
proposing to require potential watch-list service providers to obtain
approval from TSA prior to conducting watch-list matching for any large
aircraft operator. The proposed approval process would ensure that the
watch-list service provider has the appropriate personnel and systems
to process and keep secure sensitive and personally identifiable
information.
The following are the major requirements that potential watch-list
matching service providers would have to satisfy to obtain approval
from TSA. The individual requirements are described and discussed in
further detail in the section-by-section analysis of proposed Sec.
1544.503.
Demonstrate ability to conduct automated watch-list
matching and continuous vetting.
Adopt and implement a system security plan for the system
that contains personally identifiable information or is used to conduct
watch-list matching.
Demonstrate ability to receive passenger information from
large aircraft operators and transmit watch-list matching results back
to large aircraft operators.
Successfully undergo a suitability assessment by TSA.
Watch-list service provider's covered personnel would be
required to successfully complete security threat assessments.
Adopt a security program that complies with TSA
requirements.
The proposed rule describes the approval process that would apply
and includes a provision allowing prospective watch-list service
providers to seek reconsideration of an initial disapproval.
Once TSA approves a watch-list service provider, the provider would
have several responsibilities. TSA lists the major responsibilities
below and then describes them in greater detail in the section-by-
section analysis of proposed Sec. Sec. 1544.513 and 1544.515.
Carry out its security program, which details the
requirements for conducting watch-list matching, security of the
systems and physical property used to conduct watch-list matching, and
training of personnel.
Develop and execute procedures to identify, handle, and
protect Sensitive Security Information and maintain the confidentiality
of other information provided by TSA and aircraft operators.
Submit to inspection by TSA.
Under the proposed rule, TSA would retain the authority to withdraw
a watch-list service provider's approval to conduct watch-list matching
if the watch-list service provider failed to meet the qualification
requirements or its responsibilities under the rule or if it were in
the interest of transportation or national security. Watch-list service
providers would be able to seek reconsideration of the withdrawal of
approval to conduct watch-list matching from the Assistant Secretary or
designee.
D. Third-Party Audits for Large Aircraft Operators
As described in section II.A of this NPRM, TSA would require large
aircraft operators to contract with TSA-approved auditors to conduct
audits of their compliance with TSA regulations and their security
programs. To ensure that auditors have the qualification and
responsibilities to produce audits that would be useful to TSA and the
large aircraft operators and to identify, handle, and protect Sensitive
Security Information and other sensitive information, TSA proposes the
following major qualifications and responsibilities that would apply to
auditors. These qualifications and responsibilities, as well as other
requirements, are described and discussed in further detail in the
section-by-section analysis of proposed part 1522.
Successfully undergo a TSA security threat assessment.
Currently hold or be able to obtain a certification or
accreditation from an organization recognized by TSA.
Have sufficient knowledge and skills to conduct a security
audit of an aircraft operator.
Receive initial and biennial training.
Conduct independent and impartial audits, submit audit
reports to TSA, and retain audit reports for 36 months.
Identify, handle, and protect Sensitive Security
Information and keep confidential other information provided by TSA and
large aircraft operators.
Submit to inspection by TSA.
The proposed rule describes the approval process that would apply
to auditors. Auditors would be able to seek reconsideration of the
disapproval to be a TSA-approved auditor from the Assistant Secretary
or designee.
Under the proposed rule, TSA would be able to withdraw approval of
an auditor or responsibilities under the proposed rule or in the
interest of transportation or national security. Auditors would be able
to seek reconsideration of the withdrawal of approval to conduct audits
from the Assistant Secretary or designee.
E. Proposed Amendments to the Full Program and the Full All-Cargo
Program
As part of this NPRM, TSA is also proposing a few minor amendments
to the full program and the full all-cargo program. TSA proposes to
require these aircraft operators to provide the following information
when they submit their security program for approval under Sec.
1544.105: business name; other names including ``doing business as'';
state of incorporation; tax identification number; and the address of
the aircraft operator's primary place of business or headquarters. This
information would provide TSA the means to identify the aircraft
operators and to obtain basic information about the aircraft operator
in the course of reviewing a new security program for approval.
Additionally, TSA proposes to add a provision of voluntary services
to the full program and the full all-cargo program, as explained in
further detail in the section-by-section analysis of proposed Sec.
1544.241. Finally, as explained in the section-by-section analysis of
Sec. 1544.101, TSA proposes to clarify that the full program applies
to operators holding FAA operating certificates under 14 CFR part 119
and that the full all-cargo program applies to operators holding FAA
operating certificates under 14 CFR part 119 or part 125.
[[Page 64806]]
III. Section-By-Section Analysis
The proposed rule sets forth the security regulations that would
apply to large aircraft operators, including the requirements for the
security program. TSA is also proposing to amend several other sections
of part 1544 and adding new subparts F and G to set forth the
procedures for watch-list service providers to obtain TSA approval and
for large aircraft flight crews, auditors, and watch-list service
providers' covered personnel to obtain security threat assessments,
respectively. TSA is proposing to add a new provision in part 1540 to
govern withdrawals of approved security programs. In addition, TSA is
proposing to add a new part 1522, which establishes procedures for
accrediting third-party auditors and for prescribing their functions in
the LASP program. With respect to airports serving large aircraft, TSA
is proposing to amend portions of part 1542 by regulating reliever
airports, as designated by the Secretary of Transportation. TSA is also
proposing changes to part 1520 to include the proposed LASP in the
coverage of the regulations regarding Sensitive Security Information
and minor changes to part 1550 to maintain consistency between
regulations.
Part 1520--Protection of Sensitive Security Information
Section 1520.5 Sensitive Security Information
TSA proposes to amend Sec. 1520.5(b)(1)(i) to protect watch-list
service provider security programs as Sensitive Security Information.
The watch-list service provider would have access to, and handle
information on, the No Fly and Selectee Lists, which are SSI. The
proposed change to this section would protect this SSI from
unauthorized disclosure by the TSA-approved auditor, the watch-list
service provider, the aircraft operator, or any other covered person.
Section 1520.7--Covered Persons
As explained in the section-by-section analysis of proposed part
1522 and Sec. 1544.243, TSA would require large aircraft operators to
engage independent TSA-approved auditors to audit their compliance with
their security programs and TSA regulations. TSA-approved auditors
would have access to and handle SSI regarding the aircraft operator and
TSA security standards as they relate to large aircraft operators.
Similarly, the watch-list service provider would have access to and
handle the No Fly and Selectee Lists, which are SSI. Accordingly, TSA
would amend Sec. 1520.7(a) to include TSA-approved auditors and watch-
list service providers as covered persons that are subject to the
requirements of part 1520 as they apply to SSI.
Part 1522--TSA Approved Auditors
As described in section II.D, aircraft operators subject to this
rule would need to engage independent TSA-approved auditors to audit
their compliance with their security programs. TSA is proposing a new
part 1522 to establish a framework for this new third-party auditor
program. This third-party auditor program would initially apply only to
aircraft operators under the LASP. TSA may expand its use to other
programs in the future. The broad scope of part 1522 would allow TSA to
use the process set forth in part 1522 for other programs that it may
determine may benefit from an audit program.
Part 1522 would have two components: (1) qualifications and
procedures for individuals who seek TSA's approval for conducting
audits; and (2) specific qualifications and required content of audit
reports for the LASP. The first of these components would apply to all
programs in which TSA would require third-party auditors. The second
component would apply to the LASP.
Subpart A--General
Section 1522.1 Scope and Terms Used in This Part
Proposed Sec. 1522.1 explains that individuals who wish to conduct
audits of operators' compliance with security programs must obtain
TSA's approval in accordance with part 1522. Section 1522.1 also
defines terms used in the subpart. Proposed Sec. 1522.1 defines
``applicant'' to mean the individual who is seeking to become a TSA-
approved auditor.
Section 1522.1 defines ``conflict of interest'' as a situation when
the TSA-approved auditor has a personal impairment that might affect
their ability to do their work and report their findings impartially.
This definition is derived from the Government Auditing Standards
established by the Government Accountability Office (GAO) for ensuring
that auditors do not have personal impairments that would interfere
with their ability to maintain their independence. The proposed
definition includes examples of conflict of interest situations, such
as family or employment relationships. Relationships with family
members that may be a conflict of interest would include relationships
with parents, children, and siblings.
Other proposed examples of conflict of interest include financial
relationships and business relationships between the auditor and the
operators to be audited. Financial interest would include, for example,
the auditor owning stocks or bonds of the operator or the auditor
having an employment, rather than a contractual, relationship with the
operator. Examples of business relationships that would give rise to a
conflict of interest would be where the auditor had previous decision-
making or managerial authority that would affect current operations or
program being audited. Additionally, an auditor or the company that
employs the auditor would not be able to provide non-audit services to
the operator if the non-audit services relate to the operator's
security program. TSA seeks comments on these examples as well as
suggestions for other examples that TSA should consider. TSA is also
considering expressing the conflict of interest concept as auditor
independence. Rather than defining and prohibiting conflicts of
interest, TSA would define independence and would require an auditor to
have independence from the entity the auditor would audit. If TSA were
to adopt a definition of ``independence'' in the final rule, the
definition of ``independence'' would describe circumstances similar to
those described in the proposed definition of ``conflict of interest.''
This approach would be consistent with the GAO's Government Auditing
Standards and the Securities and Exchange Commissions regulations at 17
CFR 210.2-01 concerning audits by certified public accountants.
The final definition in proposed Sec. 1522.1 is ``TSA-approved
auditor'' or ``auditor.'' These terms would mean an individual who has
been approved under proposed part 1522 to conduct an audit under 49 CFR
chapter XII.
Section 1522.3 Qualifications
Section 1522.3 would establish qualifications for third-party
auditors that would apply to such auditors in any program in which TSA
would require their use. These qualifications are designed to ensure
that auditors have the resources and expertise required to conduct an
audit and to prepare the required reports. With respect to
qualifications, TSA is proposing that auditors have experience with
Federal statutes and regulations and have a certification or
accreditation from a highly-regarded organization in the appropriate
field. Such an organization might include, for
[[Page 64807]]
example, the International Standards Organization. For auditors that
would be involved with the large aircraft program, the International
Civil Aviation Organization or the International Business Aviation
Council would also be acceptable. TSA would make publicly available a
list of acceptable accreditation or certification organizations. TSA
requests comments on whether this qualification is appropriate and on
other organizations that might have the stature to provide the
necessary certification or accreditation.
Finally, applicants would be required to undergo a successful
security threat assessment that includes a criminal history records
check.
The proposed rule text does not require auditors to be U.S.
citizens, U.S. nationals, or lawful permanent residents of the United
States. We invite comments on whether individuals with these important
duties should be subject to such a qualification.
Section 1522.5 Application
Proposed Sec. 1522.5 describes the information and documentation
that applicants would be required to submit to TSA. The information
would include the applicant's name, business address, business phone
number, and business e-mail address. TSA would also require the
applicant to submit a copy of his or her accreditation or certification
from one of the organizations TSA determines are acceptable for this
purpose and a statement of how he or she meets the requirements in
proposed Sec. 1522.3.
Section 1522.7 TSA Review and Approval
Proposed Sec. 1522.7 describes the review and approval process
which TSA would carry out upon receipt of the auditor's application.
The procedures by which TSA would review applications for the third-
party auditor program may involve several steps. After TSA receives an
application, TSA would decide whether to approve or disapprove the
application and would send a written notice of approval or disapproval
to the applicant. If the application is disapproved, the applicant
would be able to seek reconsideration under proposed Sec. 1522.9.
Section 1522.9 Reconsideration of Disapproval of an Application
Proposed Sec. 1522.9 describes the review and petition process for
reconsideration of disapproval of the auditor's application. If an
applicant seeks to challenge the disapproval of his or her application,
the applicant would be required to submit a written petition for
reconsideration within 30 days of receipt of the notice of disapproval.
The petition would include a statement explaining why the applicant
believes he or she meets the criteria in Sec. 1522.3 with any
supporting documentation. Reconsideration may result in confirmation of
the disapproval or in a determination that the application should be
approved.
Section 1522.11 Withdrawal of Approval
Under proposed Sec. 1522.11, TSA would be able to withdraw the
approval of an auditor if the auditor ceased to meet the qualification
standards, the auditor failed to meet his or her responsibilities, or
it is in the interest of security or the public. If TSA withdraws an
auditor's approval, the auditor would no longer be able to perform an
audit under TSA regulations.
Under proposed Sec. 1522.11, before revoking an auditor's
authority, TSA would provide the auditor with a proposed notice of
withdrawal of approval that would include the basis for the withdrawal
of approval. The auditor would be able to file a written petition for
reconsideration to challenge the proposed notice. To challenge the
proposed notice of withdrawal of approval, an auditor would be required
to submit the petition for reconsideration within 30 days of receipt of
the proposed notice. Reconsideration may result in confirmation of the
disapproval or in a determination that the application should be
approved. If the auditor does not file a petition for reconsideration,
the proposed notice of withdrawal of approval would become a final
notice 31 days after the auditor receives the proposed notice.
In emergency situations, proposed Sec. 1522.11 would allow TSA to
issue an emergency notice of withdrawal of approval that would be
effective upon receipt by the auditor. The auditor would be able to
challenge the emergency notice of withdrawal of approval by submitting
a written petition for reconsideration but submission of the petition
would not stay the withdrawal of approval.
Section 1522.13 Responsibilities of TSA-Approved Auditors
Proposed Sec. 1522.13 prescribes the responsibilities of TSA-
approved auditors. Auditors would not be allowed to undertake an audit
where the auditor had a conflict of interest as defined in proposed
Sec. 1522.1. Auditors would be required to submit reports to TSA that
meet TSA standards for the particular program. Auditors would be
required to comply with TSA's regulations for identifying, handling,
and protecting SSI. Under this section, auditors would also be
prohibited from disclosure of any proprietary information. Importantly,
if an auditor conducting an audit believes that there is an instance of
noncompliance that presents an imminent threat to transportation
security or public safety, the auditor would be required to notify TSA
immediately. The auditor would not be authorized to require any
remedial action.
Section 1522.15 Fraud and Intentional Falsification of Records
Proposed Sec. 1522.15 includes provisions that would prohibit any
person from making or providing any fraudulent statements, reports,
records, access mediums, or identification. Any falsification of
records or fraudulent actions would be a violation of the regulations
and 18 U.S.C. 1001, and it would be a basis for TSA to withdraw the
auditor's approval under proposed Sec. 1522.13.
Section 1522.17 Inspections
Under proposed Sec. 1522.17, auditors would be required to permit
TSA to inspect their facilities and copy records. This section would
allow TSA to evaluate the auditor's performance and an operator's
compliance with TSA regulations and its security program.
Subpart C--Auditors for the Large Aircraft Security Program
Section 1522.201 Applicability
Proposed Sec. 1522.201 states that subpart C would apply to
auditors seeking to obtain TSA's approval to conduct audits for the
large aircraft program.
Section 1522.203 Additional Qualification Requirements
Proposed Sec. 1522.203 describes the additional requirements that
auditors for the LASP would be required to meet to be considered for
approval. These requirements would include:
At least five years of experience in inspection or
auditing relating to governmental programs in security or aviation;
Three professional references;
Accreditation from an outside organization within the last
ten years; and
Knowledge and ability to assess compliance with Federal
statutes and regulations.
These additional requirements would demonstrate that the auditor
possesses
[[Page 64808]]
sufficient experience and knowledge in auditing compliance with
governmental programs and that the auditor has credentials that reflect
knowledge of the aviation industry. Auditors would be able to satisfy
the five-year experience requirement as a government employee or
private consultant or contractor. TSA requests comments on these
requirements as well as other requirements that TSA should consider for
auditors of LASPs.
Section 1522.205 Audit Report
Section 1522.205 would require an auditor to prepare an audit
report that would include information about the audit process and the
auditor's findings and conclusions of the audit. TSA would require the
auditor to submit the audit report within 30 days after the audit was
conducted. TSA would also require the auditor to sign an attestation
that the audit was performed professionally and impartially. The audit
report would be an important tool in TSA's compliance program by
enabling TSA to evaluate a large aircraft operator's compliance with
TSA regulations and the operator's security program and to ascertain if
additional TSA action is required.
Section 1522.207 Training
Under proposed Sec. 1522.207, TSA would require auditors to
undergo initial and recurrent training. Through the initial training,
auditors would acquire the necessary information on the process,
procedures, and forms associated with the TSA-required audit. Recurrent
TSA prescribed training would provide auditors with up-to-date
information and would ensure that the auditor has maintained the
necessary expertise to continue to perform audits. Recurrent training
would be required every 24 months.
Section 1522.209 Biennial Review
To ensure that a TSA-approved auditor continues to possess the
requisite qualification and expertise to conduct audits, TSA would
require the auditor to submit to a biennial review. The review would
consist of submitting evidence that an auditor's training has been
successfully completed and is current and that an auditor continues to
hold the necessary accreditation or certification.
Part 1540--Civil Aviation Security: General Rules
Section 1540.107 Submission to Screening and Inspection
As discussed in section II.A, TSA would require large aircraft
operators to contract with a watch-list service provider to determine
whether their passengers may board the aircraft. Watch-list service
providers, who must be approved by TSA, would compare passenger names
against the watch-list.
Under proposed Sec. 1544.245(b), large aircraft operators would be
required to request and obtain the full name of their passengers to
transmit their passengers' information to a watch-list service provider
to conduct watch-list matching prior to the passengers boarding the
aircraft. Because full name is essential in conducting effective watch-
list matching, TSA proposes to require passengers to provide their full
name when the large aircraft operator requests their full name.
TSA has published the Secure Flight NPRM, which also includes a
proposal to require individuals who make reservations for a covered
flight to provide their full names.\30\ Under the proposed Secure
Flight Program, full name would be the full name that appears on the
individual's verifying identity document. A verifying identity document
would be an unexpired photo identification issued by a government
(Federal, State, or tribal) bearing the individual's full name and date
of birth or an unexpired foreign passport. Examples of verifying
identity documents are driver's licenses and passports. Accordingly,
proposed Sec. 1540.107(c) would apply the same requirements to
passengers of large aircraft operators.
---------------------------------------------------------------------------
\30\ ``Covered flight'' is defined as a flight operated by an
aircraft operator subject to a full program under 49 CFR 1544.101(a)
or by a foreign air carrier subject to 49 CFR 1546.101(a) or (b).
Proposed Sec. 1560.3, 72 FR at 48387.
---------------------------------------------------------------------------
Section 1540.301 Withdrawal of Approval of a Security Program
Various entities, such as airport operators and aircraft operators,
must submit their security programs to TSA for approval. Once TSA
approves a security program, the operator must implement and operate
under its approved security program. The regulations, however, do not
specifically address the process through which TSA may withdraw its
approval of a security program, when appropriate.
TSA currently has withdrawal procedures only for indirect air
carriers in 49 CFR 1548.7(f). To standardize the regulations, TSA
proposes a new Sec. 1540.301 to codify procedures for TSA to withdraw
approval of any operator's security program held under subchapter C.
The proposed standard for withdrawal would be a TSA determination that
the operation is contrary to security and the public interest. Proposed
Sec. 1540.301 provides procedures for notice, response, and appeal of
a TSA decision to withdraw approval. The affected airport operator,
aircraft operator, or large aircraft operator would also be able to
request a stay of the withdrawal pending appeal of the notice.
TSA further proposes the codification of emergency withdrawal
procedures. This proposal would create procedural guidelines to
implement withdrawal of a security program and affords due process to
the airport operator, aircraft operator, and large aircraft operator.
The emergency procedures would allow the operator to appeal the
withdrawal, but the filing of the appeal would not stay the effective
date of withdrawal because of the extant circumstances giving rise to
the emergency.
Part 1542--Airport Security
Section 1542.103 Content
Section 1542.103 describes the airports that TSA requires to adopt
a security program. TSA requires airports that regularly serve full
program aircraft operators described in Sec. 1544.101(a)(1) or foreign
air carriers described in Sec. 1546.101(a) to adopt a complete
program. 49 CFR 1542.103(a). TSA also requires airports that regularly
serve full program aircraft operators described in Sec.
1544.101(a)(2), private charter aircraft operators described in Sec.
1544.101(f), or a foreign air carrier described in Sec. 1546.101(b) or
(c) to adopt a supporting program. 49 CFR 1542.103(b). Additionally,
TSA requires airports regularly serving operations of an aircraft
operator or foreign air carrier described in Sec. 1544.101(b) or Sec.
1546.101(d) to adopt a partial program. 49 CFR 1542.103(c).
As explained in section II.B of this NPRM, TSA proposes to expand
the types of airports that would be required to adopt a partial program
to include reliever airports and airports that regularly serve large
aircraft with scheduled or public charter service. Furthermore, TSA
would amend Sec. 1542.103(b) to remove airports regularly serving
aircraft operators that are subject to the private charter program
under Sec. 1544.101(f) from among the airport operators that are
subject to the supporting program.
An airport that would not be required to adopt a security program
under Sec. 1542.101(a), (b), or (c) may nevertheless seek TSA approval
for its security program. To address this situation, TSA proposes to
adopt Sec. 1542.101(e), which would allow TSA to approve a security
program for this type of airport, if the airport makes a request to
TSA.
[[Page 64809]]
Part 1544--Aircraft Operator Security
Section 1544.1 Applicability of This Part
Currently, Sec. 1544.1(a)(1) limits part 1544 to aircraft
operators that hold a FAA operating certificate under 14 CFR part 119.
Because part 1544 would apply to other aircraft operators under this
NPRM, TSA would amend Sec. 1544.1(a)(1) to clarify that part 1544
applies to all aircraft operators engaged in civil aviation in an
aircraft with a MTOW of more than 12,500 pounds, not just those that
hold a operating certificate under 14 CFR part 119.
Section 1544.101 Adoption and Implementation
TSA is proposing this rulemaking to regulate any civil aviation
operations. To ensure consistent treatment of similar aircraft
operators, TSA proposes, in Sec. 1544.101(b), to apply the same
threshold by requiring that the existing partial program, twelve-five
program, and private charter program operations be consolidated and
covered under a single LASP. Note that the LASP would replace the above
stated programs in Sec. Sec. 1544.101(b) through (f).
Operations under the LASP would include civil operations of
aircraft, including passenger and all-cargo operations, and scheduled,
charter, or other service, with a MTOW over 12,500 pounds, that do not
operate under the full program (Sec. 1544.101(a)) or the full all-
cargo program (Sec. 1544.101(h)), and do not operate as a public
aircraft as described in 49 U.S.C. Sec. 40102 or as a government
charter under the definition of private charter in Sec. 1540.5 of this
chapter. ``Public aircraft'' is defined in 49 U.S.C. 40102(37) as
follows:
``public aircraft'' means any of the following:
(A) Except with respect to an aircraft described in subparagraph
(E), an aircraft used only for the United States Government, except
as provided in section 40125(b).
(B) An aircraft owned by the Government and operated by any
person for purposes related to crew training, equipment development,
or demonstration, except as provided in section 40125(b).
(C) An aircraft owned and operated by the government of a State,
the District of Columbia, or a territory or possession of the United
States or a political subdivision of one of these governments,
except as provided in section 40125(b).
(D) An aircraft exclusively leased for at least 90 continuous
days by the government of a State, the District of Columbia, or a
territory or possession of the United States or a political
subdivision of one of these governments, except as provided in
section 40125(b).
(E) An aircraft owned or operated by the armed forces or
chartered to provide transportation to the armed forces under the
conditions specified by section 40125(c).
The government maintains direct responsibility for the operation of
public aircraft. Public aircraft are not subject to many of the safety
regulations that cover other aircraft operations.\31\ They are not
included in the statutory definition of ``civil aircraft'' and thus are
not subject to many of the same requirements that apply to civil
aircraft. See 49 U.S.C. 40102(16). There are strict limitations on how
such aircraft may be used. See 49 U.S.C. 40124. Many of the operations
are highly specialized and require unique procedures, including
security procedures. TSA is proposing to make clear that public
aircraft would not be subject to the LASP.
---------------------------------------------------------------------------
\31\ FAA limits many of its regulations to operation of civil
aircraft, which do not include public aircraft. For example, see 14
CFR part 91, subpart E--Maintenance, Preventive Maintenance, and
Alterations.
---------------------------------------------------------------------------
A government private charter under TSA regulations means any
aircraft operator flight--
(2) For which the total passenger capacity of the aircraft is
used for the purpose of civilian or military air movement conducted
under contract with the Government of the United States or the
government of a foreign country.
See 49 CFR 1540.5. Currently TSA regulations exempt most such
operations from the Private Charter Security Program. See 49 CFR
1544.101(f)(1)(ii). The rationale has been that such charters can, and
do, carry out procedures on a regular basis to address the security
concerns at issue. The U.S. Department of Defense (DOD) and Federal
agencies use private charter operations to transport persons and
property in furtherance of their government missions. See 67 FR 41635
(June 19, 2002). TSA is concerned, however, that the chartering
government agency may not always understand that it would be
responsible for security of the operation. Unlike with public aircraft
discussed above, a government charter may be for a short duration, even
one flight at a time, and thus normal safety regulations continue to
apply. Accordingly, the rule would make clear that TSA would exempt
government charter operations from complying with the LASP, only if the
government takes security responsibility for the following:
(A) The aircraft;
(B) Persons onboard; and
(C) Property onboard.
See proposed Sec. 1544.101(b)(3)(iv). If the chartering government
agency does not take responsibility for the security of the operation,
the normal TSA requirements would apply.
Note, however, that under the current rule, government charters
must comply with the Private Charter Program if the charter enplanes
passengers from, or deplanes passengers into, a sterile area at an
airport. This minimizes the risk that any weapon or other prohibited
item the government personnel may be carrying could inadvertently or
purposefully be used to taint the sterile area. This requirement would
continue under the proposed rule. TSA would require government charters
that deplane into, or enplane from, sterile areas to comply with the
LASP, including obtaining an alternate procedure for deplaning into, or
enplaning from, a sterile area.
The full program, the limited program, and the full all-cargo
program would not be included in the large aircraft regulations.
However, because TSA proposes to amend Sec. 1544.1(a) to make part
1544 applicable to operators of aircraft with MTOW of over 12,500
pounds, TSA would also need to amend Sec. Sec. 1544.101(a) and (h) to
maintain the status quo as to which aircraft operators are subject to
the full program. Consequently, TSA would amend Sec. 1544.101(a) to
state that aircraft operators that hold a FAA certificate under 14 CFR
part 119 would have to adopt and carry out a full program if they meet
the conditions described in Sec. 1544.101(a)(1) or (a)(2). Similarly,
TSA would amend Sec. 1544.101(h) to state that the full all-cargo
program applies to aircraft operators that hold a FAA certificate under
14 CFR part 119 or part 125. The limited program is for aircraft
operators that have unique operations that do not fall within any other
category of operations requiring a security program under other
sections of part 1544. Nevertheless, the aircraft operator adopts a
security program for its operations and TSA approves the security
program and classifies it as a limited program.
Section 1544.103 Form, Content, and Availability
Proposed Sec. 1544.103 sets forth the form, content, and
availability requirements for the security programs required under
Sec. 1544.101. There have been standard security programs for certain
aircraft operators since 1976. TSA is proposing to recognize the use of
standard security programs by TSA and aircraft operators in current
requirements for aircraft operators and proposed under part 1544. This
proposed rule would clarify that each particular operator's security
program would be the standard security program issued by TSA, together
with any amendments and alternate procedures
[[Page 64810]]
approved or accepted by TSA for that aircraft operator.
Currently, Sec. 1544.103(c) lists the content requirements of a
security program for a full program aircraft operator. The specific
security regulations are set forth in part 1544, subpart C--Operations.
TSA proposes to add new paragraphs (d), (e), and (f) to describe the
content requirements for full all-cargo and LASPs, respectively. Also,
TSA would amend paragraph (c) to add the new requirements of proposed
Sec. 1544.241 regarding volunteer emergency services for full program
operators.
The content requirements for the full all-cargo security programs
in proposed paragraph (d) are essentially the same requirements in the
current Sec. 1544.101(i), except for the addition of proposed Sec.
1544.241 concerning volunteer emergency services. The content
requirements for the LASP are described in section II.A of the
preamble. The individual elements, not discussed in this section of the
preamble, are discussed in further detail in the section-by-section
analysis of Sec. Sec. 1544.202, 1544.205, 1544.206, 1544.207,
1544.215, 1544.217, 1544.223, 1544.225, 1544.233, 1544.235, 1544.241,
1544.245, and subpart G.
The existing partial program and private charter program include a
few security measures that would not be part of the LASP, because these
measures would be unnecessary under the LASP. First, the partial
program requires that aircraft operators under that program participate
in any airport-sponsored exercise of the airport contingency plan in
Sec. 1544.301(c). Currently, there are very few aircraft operators
that hold a partial program and are subject to Sec. 1544.301(c). Also,
most large aircraft operators operate out of GA airports that are not
required to have a contingency plan, including those that TSA proposed
to require to adopt and carry out a partial program under proposed
Sec. 1542.103(c). Thus it would be unnecessary to require large
aircraft operators to participate in an airport-sponsored exercise of
the airport contingency plan and to include this security measure in
the LASP.
TSA is also proposing not to include the requirements in Sec. Sec.
1544.209 and 1544.211 regarding the use of metal detection devices and
X-ray systems that are in the current private charter program. Because
private charter operators currently do not use these devices or systems
in their screening processes, it would be unnecessary to include those
requirements in the LASP. If a large aircraft operator plans to use a
metal detection device or an X-ray system, the operator would apply for
an amendment or alternate procedure to its security program, which
would describe the requirements and procedures for using such devices
or systems.
Section 1544.105 Approval and Amendments to the Security Program
Aircraft operators that are required to adopt a security program
under Sec. 1544.101 must apply for a security program from TSA. TSA
provides the standard security program and may amend the program on its
own initiative, or as requested by the aircraft operator and approved
by TSA. Similarly, TSA would provide large aircraft operators with a
standard security program. At that time, the aircraft operator would be
able to submit any amendment to their security program to TSA for
approval. If the aircraft operator fully accepts the standard TSA
security program, they would not be required to submit any amendments
to TSA. Accordingly, TSA proposes to amend Sec. 1544.105 to apply to
large aircraft operators.
Unlike the full program and full all-cargo program operators, a
large aircraft operator would need to submit additional information,
such as the names, addresses, and phone numbers of the owners and
aircraft operator security coordinator of the large aircraft, and the
FAA certificate number if the aircraft operator holds an FAA
certificate, when it submits its application for approval of its
security program. Full program and full all-cargo program operators
hold certificates from the FAA and DOT, and the Federal Government has
reviewed the operators, including their key personnel, in connection
with the certification processes; thus the operators are known to the
Federal Government. Large aircraft operators, however, are a diverse
group of operators that range from individuals who own and operate
their aircraft to large corporations that operate aircraft using owned
and/or leased aircraft. As a result, TSA would need the additional
information to identify the owners and operators of large aircraft and
to evaluate their security programs for approval.
TSA believes that aviation security will be enhanced if TSA
conducts an analysis to determine whether operators of aircraft subject
to this proposed regulation are legitimate business entities and
whether their owners are individuals who appear to pose a risk to
aviation security. Accordingly, TSA is considering various options to
achieve the objective. For checking on whether the aircraft operator is
a legitimate business entity, TSA may rely on a check against Dun &
Bradstreet or a similar commercial database and/or governmental
databases, such as the FAA's Aircraft Registration Database. For
individuals who would be identified as a proprietor, general partner,
officer, director, or owner in proposed section 1544.105(a)(1)(ii)(B),
TSA does not intend to use commercial or publicly available data to
determine whether the individuals pose or may pose a threat to
transportation or national security. For these individuals, TSA seeks
comment on whether it should require these individuals to undergo the
security threat assessment (STA) described in proposed part 1544,
subpart G. TSA requests public comment on these options and on other
approaches that would achieve the desired result.
TSA would also use the information to identify and contact aircraft
and their respective operators for operational or security reasons.
The proposed rule would not change the process for amending a
security program, either by the aircraft operator or TSA. Proposed
Sec. 1544.105(f) would provide TSA with a mechanism to withdraw its
approval of an aircraft operator's security program pursuant to the
procedures set forth in proposed Sec. 1540.301.
Section 1544.107 Fractional Ownership of Large Aircraft
Proposed Sec. 1544.107 addresses situations in which a large
aircraft is under fractional ownership program under the FAA rules in
14 CFR part 91, subpart K, for purposes of determining who would be the
aircraft operator under proposed Sec. 1544.101(b). We propose to use
essentially the same requirements that apply in the FAA rules for this
purpose. See 14 CFR 91.1011. Each owner in operational control of a
program flight would be ultimately responsible for safe operations and
for complying with all applicable requirements, including those related
to security issues. An owner would be considered in operational control
when the owner has the legal rights to the aircraft, has directed that
the aircraft carry passengers or property designated by the owner, and
the aircraft is carrying those passengers or property.
Although TSA would consider each owner as the aircraft operator,
the owner would be able to delegate some or all of the performance of
the tasks associated with carrying out this security responsibility to
the program manager. For operations where the owner in operational
control delegates performance of security tasks to the
[[Page 64811]]
program manager, the TSA would consider the owner and the program
manager to be holding the security program jointly, and the owner and
the program manager would be jointly and individually responsible for
compliance. In the event that a program manager manages multiple
aircraft, the program manager would have one large aircraft program
that applies to all its operations.
An owner would be considered not in operational control when an
aircraft is used for a flight for administrative purposes, such as
demonstration, positioning, ferrying, maintenance, or crew training,
and no passengers or property that were designated by the owner are
being carried. Further, if the aircraft is operated under 14 CFR part
121 or 135, then the owner would be considered not to be in operational
control.
This approach to determining the party that would be considered the
aircraft operator for purposes of the LASP is based on the FAA
regulations found in 14 CFR part 91, subpart K, regarding fractional
ownership operations. TSA invites comments on whether we should provide
additional features of subpart K in these regulations, such as the
requirement in 14 CFR 91.1013 that the program manager brief the
fractional owner.
Section 1544.202 Persons and Property Onboard All-Cargo Aircraft
Current Sec. 1544.202 requires each aircraft operator operating
under the full all-cargo program and the twelve-five program in all-
cargo operations to apply the security measures in their security
programs to persons who board the aircraft and their property.
``Cargo'' is defined as property tendered for air transportation
accounted for on an air waybill. Company materials and other property
not under an air waybill are not cargo; Rather, they are property that
would be subject to proposed Sec. 1544.206, as discussed in section
II.A of this preamble and below.
Section 1544.202 is intended to prevent persons who may pose a
security threat from boarding and to prevent or deter the carriage of
any unauthorized persons and unauthorized explosives, incendiaries, and
other destructive substances or items. This provides the opportunity
for aircraft operators to conduct an on-site check of persons and
property for compliance, and provides TSA with the means to perform
security database checks. Section 1544.202 remains an important
security measure for aircraft with MTOW of over 12,500 pounds in all-
cargo operation. Consequently, we propose to revise Sec. 1544.202 to
apply to aircraft operated under the LASP in an all-cargo operation and
to remove the references to the twelve-five program in all-cargo
operations.
Section 1544.205 Acceptance and Screening of Cargo
Section 1544.205 sets forth the requirements for screening cargo on
full program operations that carry cargo, full all-cargo operations,
and twelve-five all-cargo operations. As with Sec. 1544.202, cargo
under Sec. 1544.205 is property tendered for air transportation
accounted for on an air waybill. As discussed above, TSA would require
operators of large aircraft that are all-cargo operations to screen
persons, accessible property, and cargo onboard the aircraft to prevent
and deter the carriage of any unauthorized persons or the unauthorized
carriage of weapons or explosives. Sections 1544.205(a), (b), (d), and
(f) would apply to all large aircraft with an MTOW of over 12,500
pounds in all-cargo operations.
Section 1544.206 Persons and Property on Board a Large Aircraft
As discussed in section II.A of the preamble, TSA proposes Sec.
1544.206, which would require aircraft operators operating under a
large aircraft program under Sec. 1544.101(b) to apply security
measures in its security program to prevent or deter the carriage of
unauthorized persons or unauthorized weapons, explosives, incendiaries,
and other destructive substances or items. TSA also notes that 18
U.S.C. 922(e) and (f) impose criminal penalties for the unlawful
transport or delivery of firearms or ammunition by any person or by
common or contract carriers, respectively.
Section 1544.207 Inspection of Individuals and Property
Current Sec. 1544.207 describes which entities conduct screening
under which circumstances: TSA, a foreign government, or the aircraft
operator. TSA is proposing to amend Sec. 1544.207 to clarify which
aircraft operator is subject to this section and which entity is
responsible for conducting the required screening.
TSA would amend Sec. 1544.207(a) to state clearly that this
section applies to full program operators, full all-cargo program
operators, and operations in a large aircraft with a MTOW over 45,500
kilograms operated for compensation or hire, as described in proposed
Sec. 1544.103(f)(1).
Proposed Sec. 1544.207(b) applies to full program operators and is
substantively the same as the current requirements for these operators.
This section originally was written before TSA assumed the
responsibility for all passenger and checked baggage screening in the
United States and does not currently clearly state where TSA conducts
the screening. TSA proposes to clarify this section. For locations in
the United States, each full program operator must not board a
passenger, or load his or her accessible or checked property, unless
TSA or a TSA contractor has conducted the necessary inspection. In
locations outside of the United States where the foreign country
conducts the screening, each full program operator must not board a
passenger, or load his or her accessible or checked property, unless
the foreign country has conducted the necessary screening. TSA may
require supplemental screening of some passengers. In locations outside
of the United States where the foreign country does not conduct part or
all of the required screening, each full program operator must not
board a passenger, or load his or her accessible or checked property,
unless the operator or its authorized representative has conducted the
required screening.
Proposed Sec. 1544.207(c) applies to full all-cargo programs and
to operations in a large aircraft with a MTOW over 45,500 kilograms
operated for compensation or hire, which currently are referred to as
private charters. These aircraft operators are generally required to
conduct their own screening. They would be required to follow the
security procedures in their security programs and the requirements in
49 CFR part 1544, subpart E, regarding screener qualifications when the
aircraft operator conducts the screening.
In the event that the aircraft enplanes or deplanes from a sterile
area, the large aircraft operator would be required to obtain an
alternate procedure for its security program.
Section 1544.217 Law Enforcement Personnel
Section 1544.217 currently requires aircraft operators under the
partial program, the twelve-five program, the private charter program,
and the full all-cargo program to provide for law enforcement personnel
that meet TSA's requirements. TSA proposes to replace the referenced
partial program, the twelve-five program, and the private charter
program, with the LASP, requiring large aircraft operators to perform
the same duties required under Sec. 1544.217. TSA proposes that large
aircraft operators must provide their employees, including crewmembers,
current information regarding procedures for obtaining law
[[Page 64812]]
enforcement assistance, to enable them to contact local law enforcement
personnel expeditiously in the event of a security need.
Section 1544.223 Transportation of Federal Air Marshals
Current Sec. 1544.223 requires that full program operators and
large aircraft over 45,500 kilograms that operate for compensation or
hire under Sec. 1544.103(f) carry Federal Air Marshals (FAMs). In this
NPRM, TSA proposes to add Sec. 1544.223(g) to require other large
aircraft operators not covered by Sec. 1544.103(f)(1) to carry FAMs
only upon notification by TSA. This would affect mostly private/
corporate aircraft owners. The regulation change would provide TSA with
the ability to require these operators to put a FAM on board a large
aircraft, pursuant to prior notification, if the need arises. TSA
understands that maintaining the confidentiality of the FAM onboard a
large aircraft may not be possible, and therefore TSA proposes to limit
Sec. 1544.223(g) to those operating under a full program or a LASP in
an aircraft with MTOW over 45,500 kilograms.
Section 1544.237 Flight Deck Privileges
Section 1544.237(b) currently allows for access to the flight deck
by FAA air carrier inspectors, authorized representatives of the
National Transportation Safety Board, and U.S. Secret Service agents.
This NPRM proposes to amend Sec. 1544.237(b) to include Department of
Defense (DOD) commercial air carrier evaluators who may seek admittance
to the aircraft flight deck. TSA proposes to amend Sec. 1544.237 to
harmonize with FAA regulations at 14 CFR 121.547. DOD commercial air
carrier evaluators will assess the effectiveness of a carrier's
operations department, including crew coordination and safety
awareness. DOD evaluators are required to pre-arrange all flight deck
evaluations.
Section 1544.241 Voluntary Provision of Emergency Services
Congress has enacted statutory provisions that provide certain
exemptions from liability for qualified law enforcement officers,
firefighters, and emergency medical technicians who provide emergency
services during emergencies; and that directs TSA to establish a
program to allow such individuals to volunteer to provide such
emergency services. 49 U.S.C. 44944. TSA has already incorporated this
program into the AOSSP for full program operators and now proposes to
codify the provisions in new Sec. 1544.241. Because the statute limits
these provisions to air carriers, TSA proposes to limit the application
of Sec. 1544.241 to aircraft operators that hold an air carrier
operating certificate under 14 CFR part 119.
The statute provides that a qualified individual shall not be
liable for damages in any action brought in Federal or State court
which arises from the act or omission of that individual in providing
or attempting to provide assistance in an in-flight emergency, absent
gross negligence or willful misconduct. TSA must establish the
requirements for qualifications of these individuals. Consistent with
the statute, TSA's proposed regulation requires air carriers operating
under a full program to implement a method or a program for qualified
individuals who are law enforcement officers, firefighters, or
emergency medical technicians to present their credentials to the
carrier and to give their consent to be called upon during an in-flight
emergency.
As required in the statute, Sec. 1544.241(b) sets out proposed
qualifications for the law enforcement officers, firefighters, and
emergency medical technicians who would be exempted from liability
under the statute and who would be able to volunteer under this
section. TSA proposes that an individual is qualified for purposes of
this section if the individual is qualified under Federal, State,
local, or tribal law, or under the law of a foreign government, has
valid standing with the licensing or employing agency that produced the
credentials, and is a scheduled, on-call, paid, or volunteer employee,
as one of the following:
1. A law enforcement officer who is an employee or authorized by
the Federal, state, local or tribal government or under the law of a
foreign government, with the primary purpose of the prevention,
investigation, apprehension, or detention of individuals suspected or
convicted of Government offenses.
2. A firefighter who is an employee, whether paid or a volunteer,
of a fire department of any Federal, state, local, or tribe who is
certified as a firefighter as a condition of employment and whose duty
it is to extinguish fires, to protect life, and to protect property.
3. An emergency medical technician who is trained and certified to
appraise and initiate the administration of emergency care for victims
of trauma or acute illness. We request comments on whether these are
the appropriate qualifications to carry out the purposes of the
statute.
This exemption from liability provided in the statute is stated for
information in proposed Sec. 1544.241(b)(1). The statutory exemption
from liability applies only to the three named groups above. The
proposed rule in Sec. 1544.241(b)(2) includes the statutory provision
that the exemption shall not apply in any case where an individual
provides or attempts to provide assistance in a manner that constitutes
gross negligence or willful misconduct. The statute does not require
the individual volunteer to identify himself or herself before
departure to be subject to this exemption. Proposed Sec.
1544.241(b)(3) states expressly that the exemption would apply
regardless of whether the individuals identify themselves in advance of
departure. The proposed rule also makes clear that an individual need
not have his or her credentials with himself or herself at the time of
providing assistance for the exemption from liability to apply. For
instance, if a firefighter who did not volunteer before the flight as
provided in paragraph (c), and who did not have his credentials with
him, were to provide assistance in the case of an in-flight emergency,
the statutory exemption from liability would apply. After the incident,
to show that the exemption applied, the firefighter may have to
establish that he was qualified as provided in paragraph (a), but the
lack of credentials present at the time of the emergency would not
preclude the application of the exemption.
Proposed Sec. 1544.241(c) contains the requirement for aircraft
operators to implement a program for individuals who meet the
qualifications in paragraph (a) to volunteer, prior to departure, to be
called on by a crewmember or flight attendant to provide emergency
services in the event of an in-flight emergency. The required
procedures would include a check of the credentials of individuals
identifying themselves pre-departure.
Under this program, TSA would not expect FAMs and LEOs who are
flying armed under Sec. 1544.219 to volunteer to assist in an
emergency situation prior to departure. Since the FAMs and LEOs must
identify themselves to the aircraft operator prior to departure and
must have taken appropriate training to fly armed, it is not necessary
for the aircraft operator or the FAM or LEO to carry out Sec.
1544.241. The flight crew knows where each FAM and armed LEO is seated
and is able to request their assistance if the need arises. The
statutory exemption from liability would apply if a FAM or LEO were to
assist during an emergency.
[[Page 64813]]
Proposed Sec. 1544.241 would not preclude passengers from
assisting in an emergency, even if they did not meet the qualifications
in paragraph (a). We note that any passenger may assist in an
emergency, and in the past, physicians, nurses, and others have
provided vital help when needed, and they will continue to be able to
do so.
Generally, the aircraft operator will determine whether to request
assistance and from whom to request it based on all the circumstances
and information available to the aircraft operator. For instance, while
the statute does not apply to doctors or nurses, if there is a medical
emergency and the aircraft operator is aware that a doctor or a nurse
is on board, the aircraft operator may request assistance of them
instead of other individuals who may have volunteered under this
program. However, the statute limits liability protection to qualified
law enforcement officers, firefighters, and emergency medical
technicians. State Good Samaritan Laws and other protections may apply
to other individuals, not mentioned in the statute, who assist in an
emergency.
Additionally, in accordance with 49 U.S.C. 44944(a), the aircraft
operator must keep all information of the identity or personal
information of the qualified individual confidential and must not
provide such information to any individual, other than the appropriate
aircraft operator personnel.
Section 1544.243 Third Party Audit
As discussed in section II.A of the preamble, proposed Sec.
1544.243 would require a large aircraft operator to contract with a
TSA-approved auditor to audit its compliance with the requirements of
49 CFR chapter XXII and its security program. The regulations include
procedures for obtaining TSA approval and for conducting audits.
Section 1544.245 Passenger Vetting for Large Aircraft Operators
TSA would require large aircraft operators to contract with watch-
list service providers to conduct watch-list matching of their
passengers before allowing them to board. Passengers determined to be
on the No Fly list would not be able to board an aircraft. Proposed
Sec. 1544.245 establishes the procedures that large aircraft operators
would be required to follow in order to comply with the requirements
for watch-list matching. Section II.A of this preamble provides a
detailed discussion of the requirements and process.
Subpart F--Watch-List Service Providers
Under proposed Sec. 1544.245, large aircraft operators would
submit passenger information to watch-list service providers approved
by TSA to conduct watch-list matching. Proposed part 1544, subpart F,
sets forth the proposed requirements and procedures for entities to
obtain and maintain TSA approval to conduct watch-list matching. TSA
would require watch-list service providers to maintain high IT system
security, to develop and implement a robust system capable of
conducting automated watch-list matching quickly and continuous vetting
of master passenger lists, to protect personally identifiable
information and sensitive security information, and to adopt and
implement a security program. Because of these requirements, TSA
expects that limited number of entities would be approved to be watch-
list service providers. TSA is also considering whether to limit in the
final rule the number of watch-list service providers that it would
approve. This would preserve the security of the watch-list by
restricting the distribution of the watch-list to a small number of
entities that would have access to the watch-list. TSA seeks comment on
limiting the number of entities that would be approved watch-list
service providers, including what criteria would be used to determine
which applicants would be approved and how many watch-list service
providers should be approved. For instance, TSA is considering criteria
such as the level of IT system security, the type of watch-list
matching system, and the ability of the service provider to quickly
conduct the service.
Section 1544.501 Scope and Terms Used in This Subpart
Subpart F would apply to watch-list service providers who conduct
watch-list matching on behalf of large aircraft operators. The
definition of ``applicant'' would mean the entity that is seeking
approval from TSA to conduct watch-list matching for large aircraft
operators. ``Large aircraft operators'' are defined as those operators
described in Sec. Sec. 1544.101(b) or 1544.107. The final definition
in proposed Sec. 1544.501 is ``covered personnel.'' This term would
mean an employee, officer, principal, or program manager of the watch-
list service provider who collects, handles or uses passenger
information or watch-list matching results or who conducts watch-list
matching.
Section 1544.503 Qualification Standards for Approval
Proposed Sec. 1544.503 would establish qualification standards for
approval of applicants to conduct watch-list matching. The applicant
would need to demonstrate the ability to receive passenger information
from large aircraft operators and to conduct automated watch-list
matching, including using continuously updated information from TSA,
and to transmit the watch-list matching results to the large aircraft
operator in a secure manner. The applicant would be required to obtain
an attestation from an independent public accounting (IPA) firm that
the system that the applicant would use to contain SSI and personally
identifiable information collected as part of the watch-list matching
process and to perform the necessary transmissions and matching are in
compliance with the applicant's approved system security plan and TSA
standards. In addition, TSA would require the applicant to successfully
undergo a suitability assessment by TSA, and the applicant's covered
personnel to successfully undergo a security threat assessment by TSA.
Finally, TSA would require the applicant to be incorporated within
the United States, and the applicant's operations and systems for
conducting the watch-list matching to be located in the United States.
Under this proposal, eligibility to be a watch-list service provider
would be limited to U.S. companies and U.S. subsidiaries of foreign
corporations that are incorporated and located in the United States.
This requirement would lessen the possibility that the SSI and the
personally identifiable information that would be part of the watch-
list matching process would be exported to a foreign country, which
would limit the U.S. Government's ability to protect that information.
The requirement would also allow for better TSA oversight and control
over this watch-list matching process. Because the watch-list matching
process involves personally identifiable information and SSI, TSA seeks
comments on whether to require covered personnel to be U.S. citizens,
U.S. nationals, or lawful permanent residents of the United States.
Section 1544.505 Application
Proposed Sec. 1544.505 would require every applicant to submit an
application in a form and manner prescribed by TSA. The application
would include the following: (1) Applicant's full name, business
address, business phone, and business email address; (2) a statement
[[Page 64814]]
and other supporting documentation providing evidence of the
applicants' abilities and satisfaction of the required qualifications;
(3) a system security plan that would satisfy standards set forth by
TSA; and (4) a security program that meets the requirements set out in
Sec. 1544.515.
TSA proposes to require watch-list service providers to adopt a
system security plan that satisfies TSA standards to ensure that watch-
list service providers protect personally identifiable information and
SSI. TSA standards would be based on the National Institute of
Standards and Technology (NIST) Special Publication 800-53,
``Recommended Security Control for Federal Information Systems,'' (NIST
Special Publication 800-53). The objective of NIST Special Publication
800-53 is to provide security controls that are consistent with and
complementary to other established security standards. The catalog of
security controls provided in NIST Special Publication 800-53 can be
effectively used to demonstrate compliance with a variety of
governmental, organizational, or institutional security standards. NIST
Special Publication 800-53 is a widely recognized body of security
criteria for Federal systems.
TSA standards for the systems security plan would likely be
organized into three classes: Management, Operational, and Technical.
Management controls would focus on security systems program risk.
Operational controls would address security methods of mechanisms that
people (as opposed to systems) would implement and execute. Technical
controls would manage security controls that the watch-list service
provider's systems would execute. These controls would provide
automated protection from unauthorized access or misuse, facilitate
detection of security violations, and support security requirements for
applications and data.
Furthermore, the NIST Federal Information Processing Standards
Publication 199, ``Standards for Security Categorization of Federal
Information and Information Systems,'' February 2004, establishes
security categories for both Federal information and information
systems. The security categories are based on potential impact should
certain events occur. Based on analysis of potential impacts, TSA
believes that security categorization for confidentiality, integrity,
and availability would be ``High.'' Consequently, security controls
that should be applied are those that are commensurate with a High
security category system. NIST Special Publication 800-53 contains
implementation requirements for this categorization.
Under proposed Sec. Sec. 1544.505 and 1544.515, TSA would require
watch-list service providers to submit a system security plan as part
of their application for TSA approval, and that system security plan
would be part of the watch-list service providers' security program.
TSA requests comments on which standards and controls in the NIST
Special Publication 800-53 should apply to watch-list service
providers' systems. TSA would develop the specific standards for the
system security by reviewing all of the standards and controls in NIST
Special Publication 800-53 and the comments received in response to
this NPRM. Based on its review, TSA would issue a system security plan
template that would incorporate the standards and controls that TSA
determines would be appropriate to require of the watch-list service
providers for their systems, similar to the process that TSA used to
develop the information systems security standards for the Registered
Traveler Interoperability Pilot.\32\ Watch-list service providers would
have an opportunity to comment on the template including the standards.
---------------------------------------------------------------------------
\32\ ``The Registered Traveler Security, Privacy and Compliance
Standards for Sponsoring Entities and Service Providers,'' including
all appendices, is available on TSA's Web site at www.tsa.gov.
---------------------------------------------------------------------------
Section 1544.507 TSA Review and Approval
Section 1544.507 proposes procedures for TSA's review and approval
of applications to perform watch-list matching. Upon receipt of the
application, TSA would review the application and might conduct a site
visit of the applicant's place of business to determine whether the
applicant meets TSA's qualifications. Upon final review of the
application by TSA, TSA would notify the applicant of approval or
disapproval by written notice. After TSA approves an application and
receives an attestation report for an IPA firm opining that the watch-
list service provider's system is in compliance with its system
security plan and TSA standards, the watch-list service provider would
be able to begin passenger vetting pursuant to the regulations.
Section 1544.509 Reconsideration of Disapproval of an Application
Proposed Sec. 1544.509 would allow an applicant whose application
has been disapproved to petition for reconsideration of TSA's decision
by submitting a written petition to the Assistant Secretary or designee
within 30 days of the notice of disapproval. The petition for
reconsideration would need to include the applicant's contact
information and any documentation that the applicant believes may
assist the Assistant Secretary in making a final decision. The
Assistant Secretary or designee would also be able to request
additional information from the applicant that may assist in disposing
of the petition.
Section 1544.511 Withdrawal of Approval
Proposed Sec. 1544.511 would state the procedure for TSA to
withdraw the approval of the watch-list service provider if it ceases
to meet the standards for approval, fails to fulfill its
responsibilities, or if it is in the interest of security or the
public. If TSA decides to withdraw the approval of a service provider,
TSA would provide the service provider with a written notice of
proposed withdrawal of approval, which would include the basis of the
withdrawal of approval. The initial notice would become a final notice
of withdrawal of approval if TSA does not receive a written petition of
reconsideration within 31 days after the service provider's receipt of
TSA's notice of proposed withdrawal of approval. Except in an
emergency, during the 31 days prior to the TSA's receipt of the written
petition, the service provider would be able to continue conducting
watch-list matching. Additionally, if the watch-list service provider
did file a timely written petition for reconsideration, the service
provider would be able to continue conducting watch-list matching,
unless and until the service provider receives a final notice of
withdrawal of approval. Once the watch-list service provider received a
final notice of withdrawal of approval, the service provider would not
be able to continue conducting watch-list matching.
If TSA found an emergency situation requiring immediate withdrawal
of the service provider's approval, the proposed rule would allow TSA
to withdraw the approval without prior notice. The emergency notice
would include the basis of the emergency withdrawal of approval and
would be effective upon receipt by the watch-list service provider. As
above, the service provider would be able to file a written petition
for reconsideration within 30 days of receipt of the emergency notice;
however, this would not stay the effective date of the emergency notice
of withdrawal of approval.
[[Page 64815]]
Section 1544.513 Responsibilities of Watch-List Service Providers
Proposed Sec. 1544.513 describes the responsibilities of watch-
list service providers under this part. These responsibilities would
ensure that the watch-list service providers are conducting watch-list
matching in a manner that is consistent with TSA standards and that
protects personally identifiable information and SSI. Under proposed
Sec. 1544.513, watch-list service providers would have the following
responsibilities: (1) Adopt and carry out a security program that meets
the requirements of proposed Sec. 1544.515; (2) comply with the system
security plan; (3) contract with an IPA firm to perform periodic
attestation of their compliance with their systems security plan and
TSA standards, as explained in further detail below; (4) identify,
handle, and protect SSI in accordance with 49 CFR part 1520; (5) not
disclose information received from or sent to the aircraft operator or
to TSA, unless otherwise authorized by TSA; (6) allow TSA to inspect
watch-list service providers to determine their compliance with TSA
regulations and their security programs; (7) adopt and make public a
privacy policy; (8) provide documentation establishing compliance if
requested by TSA; and (9) only use the watch-list for watch-list
matching under proposed part 1544, subpart F.
Because watch-list matching involves security and privacy issues,
TSA proposes to require watch-list service providers to contract with a
qualified IPA firm to perform an attestation of their compliance with
their system security plan and TSA standards. TSA would consider an IPA
firm qualified if their selection is consistent with the American
Institute of Certified Public Accountants' (AICPA) guidance regarding
independence, and the firm demonstrates the capability to assess
information system security and process controls. TSA would reserve the
right to reject the IPA firm's attestation if, in TSA's judgment, the
IPA firm is not sufficiently qualified to perform these services.
TSA proposes to require that the IPA firm conduct the attestation
in accordance with AICPA ``Statement for Standards on Attestation
Engagements'' No. 10 and TSA standards. TSA would also require the IPA
firm to prepare and submit a report, in a form and manner prescribed by
TSA.
As stated above, TSA would require watch-list service providers to
obtain an attestation report prior to commencement of operations to
conduct watch-list matching. Additionally, TSA would require watch-list
service providers to obtain periodic attestation reports for the
duration of their watch-list matching. TSA would require watch-list
service providers to undergo an attestation every year and the IPA firm
would submit an attestation report to TSA approximately 12 months after
submission of the previous attestation report.
Section 1544.515 Security Program
Proposed Sec. 1544.515 would set forth the content requirements
for a security program. These requirements would ensure that watch-list
service providers have the capability and proper procedures to conduct
watch-list matching under this subpart. Watch-list service providers
would be required to adopt and carry out security programs that include
the procedures for receiving passenger information from the aircraft
operators, conducting watch-list matching of the passengers, including
continuous vetting of passengers, and transmitting the watch-list
matching results to the operator. The security program would also
contain procedures for the service provider to contact TSA for
resolution of passengers who are potential matches to the watch-list.
Because a watch-list service provider's system would contain
personally identifiable information about passengers and SSI, the
security program would include various security requirements to protect
this information. These requirements include procedures for compliance
with the watch-list service provider's system security plan, and
procedures for the physical security of the system used to conduct
watch-list matching.
Under proposed Sec. 1544.515, TSA would require service providers
to provide personnel who are available to TSA 24-hours a day, 7-days a
week. TSA would operate on a 24-hour basis, and therefore TSA would
require the service providers to be available at all times for
resolution of potential watch-list matches.
The service provider would also be responsible for training its
covered personnel on the requirements in the TSA regulations and the
security program. TSA training requirements would also include topics
related to identifying, handling, and protecting SSI and personally
identifiable information, and the procedures used to perform the watch-
list matching and to resolve any potential matches.
Subpart G--Security Threat Assessments for Large Aircraft Flight Crew,
Applicants to Become TSA-Approved Auditors, and Watch-List Service
Providers Covered Personnel
As stated in section II of the preamble, TSA proposes to require
that flight crews for large aircraft operators, individuals authorized
to perform screening functions, applicants to become TSA-approved
auditors, and key employees to watch-list service providers undergo a
TSA security threat assessment (STA). The STA would include
fingerprint-based criminal history records checks and other analyses,
including checks of appropriate terrorist watch-lists and other
databases. The proposed information required and the procedures used
for the STA are very similar to the procedures that apply to applicants
for a hazardous materials endorsement (HME) on their commercial
driver's licenses, or a Transportation Worker Identification Credential
(TWIC) under 49 CFR part 1572. The proposed rule would add subpart G to
part 1544 to set forth the requirements and procedures that would apply
to these individuals.
Section 1544.601 Scope and Expiration
Subpart G would apply to flight crews of large aircraft operators,
individuals authorized to perform screening functions, applicants to
become TSA-approved auditors, and key employees of watch-list service
providers that TSA would require to undergo security threat
assessments. The same requirements and procedures would apply to all of
these individuals. However, flight crew members or individuals
authorized to perform screening functions who have undergone a criminal
history records check under Sec. 1544.229 or 1544.230 would be
grandfathered on a limited basis, such that they would not be required
to undergo a STA until five years after TSA provided the results of
their original CHRC.
A Determination of No Security Threat would be valid for five years
unless TSA withdraws the determination. Prior to the expiration of the
five years, TSA would require flight crew members, applicants to become
TSA-approved auditors, and watch-list service providers' key employees
to reapply for a new STA to continue with their No Security Threat
status.
Section 1544.603 Enrollment for Security Threat Assessments
For TSA to conduct a comprehensive STA, individuals would need to
provide
[[Page 64816]]
TSA with biographic information and their fingerprints. TSA is
proposing Sec. 1544.603 to require individuals to provide biographic
and biometric information necessary for TSA to complete the
fingerprint-based checks and other analyses. These applicants would
provide the information necessary for enrollment, including personal
information such as gender and date of birth.
To ensure that correct and accurate information is provided to TSA,
the application would include, and the individual would sign, a
statement providing that the statements made on the application are
true, complete, and correct pursuant to penalty of law. TSA would also
require the individual to include a statement that he or she has not
been convicted, or found not guilty by reason of insanity, of any of
the disqualifying crimes listed in Sec. 1544.229(d) during the 10
years before submission of the individual's application. These are the
same disqualifying criminal offenses that currently apply to flight
crew members under Sec. 1544.230 and to many persons at airports under
Sec. 1542.209. The statement would also include language that the
individual understands that he or she must immediately inform TSA of
any conviction of a disqualifying offense that occurs while he or she
is a TSA-approved auditor or a watch-list service provider.
TSA anticipates that the individuals would provide their
information though an enrollment provider under contract with TSA. The
enrollment provider would verify the identity of the individual, advise
the individual that a copy of the criminal record would be provided if
requested, and identify a point of contact for any questions the
individual may have, prior to fingerprinting. The enrollment provider
would then collect, control, and process the fingerprints of the
individual and submit the data and the application to TSA.
Section 1544.605 Content of Security Threat Assessment
TSA proposes that the STA would include a criminal history records
check, other analyses, and a final disposition.
Section 1544.607 Criminal History Records Check
As part of the security threat assessment, TSA proposes to perform
a CHRC. TSA would submit the fingerprints provided by the individuals
as part of the enrollment process to the Federal Bureau of
Investigation's (FBI) Criminal Justice Information Services (CJIS) to
obtain any criminal history records that correspond to the
fingerprints. Upon receipt of the results from FBI/CJIS, TSA would
adjudicate the results based on the disqualifying criminal offenses in
Sec. 1544.229(d).
At times, a CHRC may result in data that discloses an arrest for a
disqualifying offense, but does not provide a disposition for the
offense. The individual would be required to provide further
documentation that the arrest did not result in a disqualifying
offense. A conviction of a disqualifying offense would be reason to
disqualify the individual. However, if the disposition did not result
in a conviction, or in a finding of not guilty by reason of insanity,
of a disqualifying offense, the individual would then not be
disqualified under this section, provided that the applicant explains
how the arrest was resolved.
If the results received from the FBI provide a reason for
disqualifying the individual, TSA would notify the individual of the
disqualifying reasons. The individual may request a copy of the record
on which TSA's determination is based. The individual would be able to
contact the FBI in order to complete or correct his or her record, if
the individual contacts TSA within 30 days of being notified that the
FBI record disclosed a disqualifying offense. Otherwise, TSA would make
a Final Determination of Threat Assessment.
TSA also proposes to require a continuing obligation of individuals
who receive a Determination of No Security Threat, by requiring
immediate notice (within 24 hours) to TSA of any conviction of a
disqualifying offense that occurs while he or she holds a determination
of no security threat that has not expired.
Section 1544.609 Other Analyses
TSA proposes to conduct other analyses through domestic and
international government databases to confirm the individual's identity
and whether he or she poses a security threat. These would include
checks against terrorist-related and immigration databases, as well as
other governmental information sources such as those that identify open
wants and warrants. TSA would adjudicate the results of all searches
conducted including searches that reveal extensive foreign or domestic
criminal convictions, convictions for a serious crime not listed in 49
CFR 1572.103, or periods of foreign or domestic imprisonment that
exceeds 365 consecutive days.
If an individual who has successfully undergone an initial security
threat is subsequently found not to meet TSA's criteria, TSA may
withdraw its Determination of No Security Threat under proposed Sec.
1544.613.
Section 1544.611 Final Disposition
TSA proposes that after conducting a CHRC and other analyses, it
would serve a Determination of No Security Threat if TSA determines
that an individual meets the STA standards. TSA also proposes to serve
an Initial Determination of Threat Assessment on the individual if TSA
determines that the individual does not meet the STA standards. The
Initial Determination of Threat Assessment would include the following:
1. A statement that TSA has determined that the individual poses,
or is suspected of posing, a security threat warranting disapproval of
the application for which a STA is required;
2. The basis for the determination;
3. Information about how the individual may appeal the
determination, as described in Sec. 1544.615; and
4. A statement that if the individual chooses not to appeal TSA's
Initial Determination within 30 days after receipt of the Initial
Determination, or does not request an extension of time within 30 days
after receipt of the Initial Determination in order to file an appeal,
the Initial Determination becomes a Final Determination of Security
Threat Assessment.
TSA also proposes to serve a Withdrawal of the Initial
Determination of Threat Assessment or a Withdrawal of Final
Determination of Threat Assessment on the individual, if the appeal
results in a finding that the individual does not pose a threat to
security.
Section 1544.613 Withdrawal of Determination of No Security Threat
TSA would be able to withdraw a Determination of No Security Threat
at any time under proposed Sec. 1544.613, if it determines that a TSA-
auditor or watch-list service provider poses, or is suspected of
posing, a security threat warranting withdrawal of the Determination of
No Security Threat. If TSA determines that the individual does not meet
the STA standards, TSA would serve a withdrawal of the Determination of
No Security Threat on the individual. The notice would include the
following:
1. A statement that TSA has determined that the individual poses,
or is suspected of posing, a security threat warranting disapproval of
the application for which a STA is required;
2. The basis for the determination;
[[Page 64817]]
3. Information about how the individual may appeal the
determination; and
4. A statement that if the individual chooses not to appeal TSA's
Initial Determination within 30 days after receipt of the withdrawal of
the Determination of No Security Threat, or does not request an
extension of time within 30 days after receipt of the withdrawal of the
Determination of No Security Threat to file an appeal, the withdrawal
of the Determination of No Security Threat becomes a Final
Determination of Security Threat Assessment.
TSA also proposes to serve a Withdrawal of Final Determination of
Threat Assessment on the individual, if the appeal results in a finding
that the individual does not pose a threat to security.
Section 1544.615 Appeals
If the individual appeals the Initial Determination of Threat
Assessment or a Withdrawal of the Determination of No Security Threat
as discussed above, the procedures in 49 CFR part 1515 would apply. The
section-by-section analysis of part 1515 discusses which provisions of
part 1515 would apply.
Section 1544.617 Fees
To comply with the mandates of sec. 520 of the 2004 DHS
Appropriations Act, 2004 (Pub. L. 108-90, 117 Stat. 1137, 1156, Oct. 1,
2003), TSA proposes to establish fees for individuals who are required
to complete background investigations under this program.
Costs
TSA proposes that individuals required to undergo a STA would be
required to pay a fee to cover the following costs:
----------------------------------------------------------------------------------------------------------------
Operational year 1st year 2nd year 3rd year 4th year 5th year Total
----------------------------------------------------------------------------------------------------------------
Estimated Annual Applicants....... 27,918 21,034 10,074 9,975 10,115 79,116
Cost Components
Enrollment Costs.................. $418,776 $315,507 $151,108 $149,626 $151,728 $1,186,745
Security Threat Assessment Cost
FBI Criminal History Records 481,592 362,833 173,774 172,070 174,488 1,364,757
Check........................
Other analyses................ 139,592 105,169 50,369 49,875 50,576 395,582
System Costs.................. 0 0 0 0 0 0
Personnel Costs............... 579,593 579,593 579,593 579,593 579,593 2,897,965
-----------------------------------------------------------------------------
Security Threat Assessment 1,200,777 1,047,594 803,736 801,539 804,657 4,658,303
Cost-Subtotal................
-----------------------------------------------------------------------------
Grand Totals.............. 1,619,553 1,363,102 954,844 951,164 956,385 5,845,049
----------------------------------------------------------------------------------------------------------------
1. Enrollment. Part of the fee for the STA covers the cost for TSA
or its agent to enroll applicants, collect, format, and process the
required information and to submit the information accordingly. The STA
process would require individuals who apply for a STA to submit their
fingerprints and biographic information to TSA or its agent. Based on
TSA's research of the costs of both commercial and government
fingerprint and information collection services, as well as a prior
competitive bidding and acquisition process for similar services, TSA
preliminarily estimates that the per applicant cost to collect and
transmit fingerprints and other required data electronically is likely
to be $15. TSA may adjust this estimated amount upwards or downwards in
the final rule based on its final calculations of its costs. This cost
would also cover related administrative support, help desk services,
quality control, and related logistics.
2. Security Threat Assessment. Part of the fee for the STA covers
the cost for TSA to conduct a STA. For the STA, each applicant's
information would be checked against multiple databases and other
information sources so that TSA would be able to determine whether the
applicant poses a security threat that warrants denial of approval. The
threat assessment would include an appeals process for individuals who
believe that the records upon which TSA bases its determination are
incorrect.
As part of the STA, TSA would submit fingerprints to the FBI to
obtain any criminal history records that correspond to the
fingerprints. The FBI is authorized to establish and collect fees to
process fingerprint identification records. See Title II of the
Judiciary Appropriations Act, 1991 (Pub. L. 101-515, Nov. 5, 1990, 104
Stat. 2112), codified in a note to 28 U.S.C. 534. Pursuant to Criminal
Justice Information Services Information Letter 07-3 (Jun. 1, 2007),
this fee is currently set at $17.25, effective October 1, 2007. If the
FBI increases or decreases its fee to complete the criminal history
records check, the increase or decrease would apply to this regulation
on the date that the new FBI fee becomes effective.
TSA would need to implement and maintain the appropriate systems,
resources, and personnel to ensure that fingerprints and applicant
information are appropriately linked and that TSA would be able to
receive and act on the results of the STA. TSA would need to have the
necessary resources--including labor, equipment, database access, and
overhead--to complete the STA process.
TSA estimates that the total cost of threat assessment services
will be $4,658,303 over five years. This estimate includes $1,364,757
for FBI criminal history records checks, $395,582 for other analyses,
and $2,897,965 for personnel necessary to facilitate the STA
processing. These estimates are initial estimates and the final costs
may be higher or lower depending on the final calculations which would
be discussed in the final rule.
Population
TSA estimates that approximately 79,116 applicants would be
required to complete a STA during the first five years of the program.
This estimate is derived from the following population figures that
have been gathered for specific segments of the regulated population.
[[Page 64818]]
----------------------------------------------------------------------------------------------------------------
Operational year 1st year 2nd year 3rd year 4th year 5th year Total
----------------------------------------------------------------------------------------------------------------
Flight Crew Estimate*
Part 91s.................................. 19,440 16,189 5,427 5,503 5,580 52,139
Part 125s................................. 293 244 82 83 84 785
Part 135s................................. 7,886 4,586 4,550 4,374 4,436 25,831
-----------------------------------------------------------------
Flight Crew Estimate-Subtotal................. 27,618 21,018 10,058 9,960 10,100 78,755
Third-Party Auditor Estimate.................. 150 8 8 8 8 180
Watch-list Service Provider Estimate.......... 150 8 8 8 8 182
-----------------------------------------------------------------
Grand Total............................... 27,918 21,034 10,074 9,975 10,115 79,116
----------------------------------------------------------------------------------------------------------------
* Cites are to FAA regulations, 14 CFR.
Total Fee
TSA would charge a fee to recover its STA and other program
management and oversight costs associated with the implementation of
this rule. TSA estimates that applicant charge would be $74 per
applicant. The estimate is based on the following preliminary
calculations by TSA: the cost of services provided ($5,845,049) divided
by the estimated population (79,116) receiving the service would equal
$74 per applicant. As TSA continues to review and develop the STA
program for the large aircraft program and to work to minimize all
costs, some or all of its preliminary calculations may change resulting
in an increase or decrease of the per applicant cost. In the final
rule, TSA will publish the fee based on its final calculations, and the
fee may remain $74 or it may be more or less.
TSA proposes to establish the $74 fee to recover all enrollment
costs and STA costs. As part of the $74 fee, TSA would collect the
current FBI Fingerprinting Fee of $17.25 for the criminal history
records checks in the STA process and forward the fee to the FBI. If
the FBI increases or decreases that fee in the future, TSA would
collect the increased or decreased fee.
Additionally, pursuant to the Chief Financial Officers Act of 1990
(Pub. L. 101-576, Nov. 15, 1990, 104 Stat. 2838), DHS is required to
review fees no less than every two years. 31 U.S.C. 3512. Upon review,
if it is found that the fees are either too high (i.e., total fees
exceed the total cost to provide the services) or too low (i.e., total
fees do not cover the total costs to provide the services), the fee
would be adjusted. Finally, TSA would be able to adjust the fees for
inflation following publication of the final rule. If TSA were to
adjust the fees for this reason, TSA would publish a Notice in the
Federal Register notifying the public of the change.
Section 1544.619 Notice to Employers
TSA would notify employers of flight crew members, individuals
authorized to perform screening functions, and watch-list service
provider covered personnel of the results of the security threat
assessment under proposed Sec. 1544.619. This notification would allow
aircraft operators or watch-list service providers to know whether an
individual may be employed to perform the functions that would require
a successful STA. Although TSA would notify an aircraft operator or a
watch-list service provider that an individual received a Final
Determination of Threat Assessment, TSA would not inform the aircraft
operator or watch-list service provider of the basis of that
determination to protect the privacy of that individual.
TSA proposes to require aircraft operators and watch-list service
providers to retain the notification of the results of the STA for five
years. The notification would serve as documentation that an individual
has undergone a STA if the aircraft operator or watch-list service
provider is asked to produce such documentation as part of an audit or
inspection.
Part 1515--Appeals and Waiver Procedures for Security Threat Assessment
for Individuals
For individuals who may want to appeal an Initial Determination of
Threat Assessment, a Final Determination of Threat Assessment, or a
Withdrawal of an Initial or Final Determination of Threat Assessment,
TSA proposes to apply the appeals procedures in current part 1515.
These are the same procedures that apply to applicants for a hazardous
materials endorsement on their commercial driver's license or a
Transportation Worker Identification Credential under 49 CFR part 1572,
or for certain air cargo workers under 49 CFR part 1540, subpart C.
Section 1515.1 Scope
TSA proposes to add individuals subject to proposed part 1544,
subpart G to the scope of part 1515 to provide these individuals with a
process to appeal an Initial Determination of Threat Assessment, a
Final Determination of Threat Assessment, or a Withdrawal of an Initial
or Final Determination of No Security Threat.
Section 1515.5 Appeal of Initial Determination of Threat Assessment
Based on Criminal Conviction, Immigration Status, or Mental Capacity
Because the STAs for flight crew members, individuals authorized to
perform screening functions, auditors, and watch-list service provider
covered personnel involve criminal history records checks, TSA proposes
to apply the procedures in Sec. 1515.5 for these individuals to appeal
an Initial Determination of Threat Assessment based on a disqualifying
criminal offense.
An individual would be able to appeal an Initial Determination of
Threat Assessment under Sec. 1515.5 if he asserts that he does not
have a disqualifying criminal offense. These procedures would also
apply to appeals of a Withdrawal of Determination of No Security Threat
based on a disqualifying criminal offense. An individual would initiate
an appeal by providing TSA with a written request for the releasable
materials upon which the Initial Determination was based, or by serving
TSA with a written reply to the Initial Determination. The individual
would be required to serve TSA with the written request for the
releasable material or the written reply with 60 days after the date of
service of the Initial Determination. TSA's response would be due no
later than 60 days after the individual is served with a written
request or the written reply.
In response, TSA cannot provide any classified information, as
defined under 6 CFR part 7 (DHS Classified National Security
Information); or under E.O. 12958, Classified National Security
Information, as amended by E.O. 13292 (68 FR 15315, Mar. 28, 2003); and
E.O. 12968, Access to Classified Information, (60 FR 40245, Aug, 7,
1995); or any other information or material protected from disclosure
by law. Classified national security information is
[[Page 64819]]
information that the President or another authorized Federal official
has determined, pursuant to E.O. 12958, as amended, and E.O. 12968,
must be protected against unauthorized disclosure to safeguard the
security of American citizens, the country's democratic institutions,
and America's participation within the community of nations. See 60 FR
19825 (Apr. 20, 1995). E.O. 12958, as amended, and E.O. 12968 prohibit
Federal employees from disclosing classified information to individuals
who have not been cleared to have access to such information under the
requirements of that E.O. See also 6 CFR part 7. If TSA determines that
an applicant is requesting classified materials, TSA would deny the
request for classified information.
In the written reply to the Initial Determination, the individual
should explain why he or she is appealing the Initial Determination and
provide evidence that the Initial Determination was incorrect. In an
applicant's reply, TSA would consider only material that is relevant to
whether he or she meets the standards for the STA. If an individual
does not dispute or reply to the Initial Determination, the Initial
Determination would become a Final Determination of Threat Assessment.
An individual would have the opportunity to correct a record on
which an adverse decision is based. As long as the record is not
classified or protected by law from release, TSA would notify the
applicant of the adverse information and provide a copy of the record.
If the individual wishes to correct the inaccurate information, he or
she would need to provide written proof that the record is inaccurate.
The individual should contact the jurisdiction responsible for the
inaccurate information to complete or correct the information contained
in the record. The individual would be required to provide TSA with the
revised record or a certified true copy of the information from the
appropriate entity before TSA can reach a determination that the
applicant does not pose a security threat.
In considering an appeal, the Assistant Secretary would review the
Initial Determination, the materials upon which the Initial
Determination is based, the applicant's reply and other materials or
information available to TSA. The Assistant Secretary would be able to
affirm the Initial Determination by concluding that an individual poses
a security threat. If this occurs, TSA would serve a Final
Determination of Threat Assessment on the applicant. The Final
Determination would include a statement that the Assistant Secretary
has reviewed the Initial Determination, the materials upon which the
Initial Determination was based, the reply, if any, and other available
information and has determined that the individual has a disqualifying
criminal offense. For purposes of judicial review, a Final
Determination based on a disqualifying criminal offense is a final TSA
order.
If TSA determines that the individual does not have a disqualifying
criminal offense, TSA would serve a Withdrawal of the Initial
Determination on the individual and a Determination of No Security
Threat on the individual's employer if the individual is a flight crew
member, an individual authorized to perform screening functions, or a
watch-list service provider covered personnel.
As noted above, TSA is proposing to apply to flight crew members,
individuals authorized to perform screening functions, auditors, and
watch-list service provider covered personnel the same disqualifying
criminal offenses that now apply to certain other aviation workers
under 49 CFR 1542.209 and 1544.229. These sections are based on a
statutory provision, 49 U.S.C. 44936. The appeal process in Sec.
1515.5 addresses whether or not the applicant has a disqualifying
criminal offense, that is, whether the applicant has a conviction or a
finding of not guilty by reason of insanity of one or more of the
crimes listed in the rule within the time specified in the rule. If the
individual does have a disqualifying criminal offense, there is no
waiver. Accordingly, the waiver provisions that apply to applicants for
an HME or a TWIC in Sec. 1515.7 would not apply.
Section 1515.9 Appeal of Security Threat Assessment Based on Other
Analyses
The STA for flight crew members, individuals authorized to perform
screening functions, auditors, and key employees of watch-list service
providers would also include other analyses, including checks of
appropriate terrorist watch-lists and related databases under proposed
Sec. 1544.609. TSA proposes to use the appeals procedures in Sec.
1515.9 for individuals who wish to appeal an Initial Determination of
Threat Assessment or a withdrawal of a Determination of No Security
Threat based on the other analyses.
The procedures in Sec. 1515.9 are similar to the procedures in
Sec. 1515.5. However, unlike a Final Determination of Security Threat
Assessment based on a disqualifying criminal offense, a Final
Determination based on other analyses would not be a final TSA order
unless the individual fails to file an appeal to an administrative law
judge (ALJ) under Sec. 1515.11.
Further, because other analyses are often based on classified and
other sensitive information, there would be limits on what TSA would
release in response to a request for materials. If TSA determines that
an applicant who is appealing the other analyses is requesting
classified materials, TSA would deny the request for classified
information.
The denial of access to classified information under these
circumstances is also consistent with the treatment of classified
information under the Freedom of Information Act (FOIA), which
specifically exempts such information from the general requirement
under FOIA that government documents are subject to public disclosure.
5 U.S.C. 552(b)(1).
Similarly, under 49 U.S.C. 114(s), the Assistant Secretary of TSA
shall, notwithstanding the FOIA statute, prescribe regulations
prohibiting the public disclosure of information that would be
detrimental to the security of transportation. Information that is
designated as SSI must only be disclosed to people with a need to know,
such as those needing to carry out regulatory security duties. 49 CFR
1520.11. The Assistant Secretary has defined information concerning
threats against transportation as SSI by regulation. See 49 CFR 1520.5.
Thus, information that TSA obtains indicating that an applicant poses a
security threat, including the source of such information and the
methods through which the information was obtained, will commonly be at
least SSI and may be classified information. The purpose of designating
such information as SSI is to ensure that persons who seek to harm the
transportation system do not obtain access to information that will
enable them to evade the government's efforts to detect and prevent
their activities. Disclosure of this information, especially to an
individual specifically suspected of posing a threat to the
transportation system, is precisely the type of harm that Congress
sought to avoid by authorizing the Assistant Secretary to define and
protect SSI.
Other pieces of information also are protected from disclosure by
law due to their sensitivity in law enforcement and intelligence. In
some instances, the release of information about a particular
individual or his or her supporters or associates could have a
substantial adverse impact on security matters. The release by TSA of
the identities or other information regarding individuals related to a
security threat
[[Page 64820]]
determination could jeopardize sources and methods of the intelligence
community, the identities of confidential sources, and techniques and
procedures for law enforcement investigations or prosecution. See 5
U.S.C. 552(b)(7)(D) and (E). Release of such information also could
have a substantial adverse impact on ongoing investigations being
conducted by Federal law enforcement agencies, by revealing the course
and progress of an investigation. In certain instances, release of
information could alert co-conspirators to the extent of the Federal
investigation and the imminence of their own detection, thus provoking
flight.
For the reasons discussed above, TSA would not provide classified
information or SSI to an individual, and TSA reserves the right to
withhold SSI or other sensitive material protected from disclosure
under law. As noted above, TSA expects that information would be
withheld only for determinations based on Sec. 1572.107, which list
databases that indicate potential terrorist activity or threats.
The procedures for appeals of Initial Determination of Threat
Assessment would also apply to appeals of a Withdrawal of Determination
of No Security Threat.
Section 1515.11 Review by Administrative Law Judge and TSA Final
Decision Maker
An individual who has received an Initial Determination of Threat
Assessment or a withdrawal of Determination of No Security Threat based
on the other analyses under Sec. 1544.609 would first appeal that
determination using the procedures in Sec. 1515.9. If after that
appeal TSA continues its determination that the applicant is not
qualified, the applicant would be able to seek review by an ALJ under
Sec. 1515.11.
The procedures would provide an individual with 30 calendar days
from the date of service of the determination to request a review. An
ALJ who possesses the appropriate security clearances to review
classified information would conduct the review. Section 1515.11
provides detailed requirements for the conduct of the review, such as
information that individuals must submit, requests for extension of
time, and the duties of the ALJ.
Within 30 calendar days after the conclusion of the hearing, the
ALJ would issue an unclassified decision to the parties. The ALJ may
issue a classified decision to TSA. The ALJ may decide that the
decision was supported by substantial evidence on the record or that
the decision was not supported by substantial evidence on the record.
If neither party requests a review of the ALJ's decision, TSA would
issue a final order either granting or denying the waiver or the
appeal.
Either TSA or the individual would be able to petition for review
of the ALJ's decision to the TSA Final Decision Maker. The TSA Final
Decision Maker would issue a written decision within 60 calendar days
after receipt of the petition or within 30 days of receipt of the other
party's response, if a response is filed, unless a longer period is
required. The TSA Final Decision Maker may issue an unclassified
opinion to the parties and a classified opinion to TSA. For purposes of
judicial review, the decision of the TSA Final Decision Maker would be
a final agency order.
Part 1550--Aircraft Security Under General Operating and Flight Rules
Section 1550.5 Operations Using a Sterile Area
TSA proposes to remove the reference to scheduled passenger
operations, public charter passenger operations, and private charter
passenger operations, and replace the language with ``aircraft
operators that have a security program'' to maintain consistency
between regulations. TSA also proposes to delete the compliance date
section since the date has passed. Operators that must follow this
section should currently be adhering to the applicable regulations.
Section 1550.7 Operations in Aircraft Over 12,500 Pounds
TSA proposes to amend references to ``12,500 pounds or more,'' and
replace the language with ``over 12,500 pounds'' to maintain
consistency between regulations. The proposed changes would provide
that Sec. 1550.7 only applies to aircraft over 12,500 pounds,
excluding operations specified in Sec. 1550.5 and operations under a
security program under part 1544 and 1546. The aircraft that remain
subject to this regulation are the foreign aircraft with an MTOW of
over 12,500 pounds that are not an all-cargo operation or are under a
security program under part 1546.
IV. Regulatory Requirements
A. Paperwork Reduction Act
The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501, et seq.)
requires that TSA consider the impact of paperwork and other
information collection burdens imposed on the public and, under the
provisions of PRA section 3507(d), obtain approval from the Office of
Management and Budget (OMB) for each collection of information it
conducts, sponsors, or requires through regulations.
This proposed rule contains amended information collection
activities subject to the PRA. TSA is revising a collection that OMB
has previously approved and assigned OMB Control Number 1652-0003
(Aircraft Operator Security). Accordingly, TSA has submitted the
following information requirements to OMB for its review.
Title: Large Aircraft Security Program.
Summary: TSA proposes to amend current aviation transportation
security regulations (49 CFR part 1544) to enhance and improve the
security of GA by issuing this NPRM that would require revisions to a
currently approved information collection. Through this NPRM, TSA is
proposing the following seven required information collections in
addition to those already approved under this OMB control number: (1)
Require security programs for all operators of aircraft that have a
maximum certificated takeoff weight of over 12,500 pounds, except for
aircraft operators under a full program, full all-cargo program,
limited program, or certain government aircraft (``large aircraft'');
(2) require that aircraft operator flight crews, individuals authorized
to perform screening functions, TSA-approved auditors, and TSA-approved
watch-list service providers' key personnel undergo STAs that include a
fingerprint-based criminal history records check; (3) require large
aircraft operators to submit to an independent, third-party audit
conducted by TSA-approved auditors (i.e., large aircraft operators
would be required to maintain records, and provide auditors access to
their records, equipment, and facilities necessary for the auditor to
conduct an audit); (4) require TSA oversight of auditors (i.e., TSA-
approved auditors would submit to any TSA inspection, include copying
of their records, to determine their compliance with TSA regulations);
(5) require large aircraft operators to transmit passenger information
to TSA-approved watch-list service providers to conduct watch-list
matching against the No-Fly and Selectee Lists; (6) require auditors
and watch-list service providers to submit applications to become TSA-
approved; and (7) require watch-list service providers to submit
security programs for approval.
Use of: The LASP requirement would replace some existing security
programs for large aircraft operators and would include additional GA
operators, such that TSA would apply consistent
[[Page 64821]]
security procedures to operators of large aircraft. TSA would use the
identifying information and fingerprints collected from flight crew
members, auditors, and key employees of TSA-approved watch-list service
providers to conduct STAs that include a criminal history records
check. The TSA-approved auditors would review and inspect the records
aircraft operators would be required to maintain to demonstrate
compliance with TSA requirements during their audits. TSA would inspect
the records maintained by the auditors to determine their compliance
with TSA regulations and to ensure that auditors have the qualification
to produce useful audits to TSA and the aircraft operators. The watch-
list service providers would use the passenger information transmitted
by the aircraft operators to conduct watch-list matching against the No
Fly and Selectee Lists. TSA would use the applications submitted by
auditors and watch-list service providers to ensure the entities are
eligible and qualified. TSA would require watch-list service providers
to adopt and carry out a security program to ensure that they are
taking appropriate security measures and are consistent and accurate in
performance of their duties.
Respondents (including number of): The likely respondents to this
proposed information requirement are: operators of aircraft that have a
maximum certificated takeoff weight of over 12,500 pounds, except for
aircraft operators under a full program, full all-cargo program,
limited program, or certain government aircraft (``large aircraft'');
individuals authorized to perform screening functions; entities seeking
to become TSA-approved auditors; and entities seeking to become TSA-
approved watch-list matching service providers and key personnel.
Frequency: The proposed recordkeeping requirements would be ongoing
and continuous. The requirement that operators ensure their flight
crewmembers, other employees, and individuals authorized to perform
screening functions undergo a security threat assessment, which
includes a criminal history records check, would be a frequency of
every five years. The aircraft operators would be required to transmit
passenger information to watch-list service providers to conduct watch-
list matching on a per flight basis. The watch-list service providers
would be required to report matches to the Federal watch-list as
matches occur. Individuals and firms desiring to become TSA-approved
auditors as well as firms seeking approval to become watch-list service
providers would be required to send TSA an application only once.
Watch-list service providers also would be required to submit a
security program to TSA once, and would be required to ensure their
covered personnel undergo a STA conducted by TSA once every five years.
Auditors would be required to submit an audit report to the aircraft
operator and to TSA for every audit that they perform.
Annual Burden Estimate: TSA is amending this information collection
to reflect the addition of approximately 9,544 new respondents, as well
as new collection burdens, for an estimated total 10,374 respondents.
Over three years, the new population includes 9,363 new large aircraft
operators, 166 TSA-approved auditors, and 15 watch-list service
providers. TSA estimates that the large aircraft operators would spend
approximately 1 million hours annually establishing and/or maintaining
appropriate security programs, completing passenger watch-list matching
in the prescribed manner, completing STAs on flight crewmembers, and
completing third party audits of established security programs.
TSA estimates that the TSA-approved auditors would spend
approximately 19,660 hours annually, with an annual 4,990 responses,
submitting application materials and profiles, completing STAs on their
employees, and writing up their findings and submitting copies to the
aircraft operator and TSA. TSA estimates that the total annual hour
burden for watch-list service providers would be approximately 88
hours, which includes submitting application materials (including a
security program and profile information) and conducting STAs on their
employees in order to receive TSA approval.
TSA is also amending the cost burden for this information
collection to reflect an expanded respondent population and new
information collection costs. As a result of the LASP, non-AOSSP
operators would be required to pay fees to submit passenger information
to watch-list service providers, conduct security threat assessments on
their flight crew members and individuals authorized to perform
screening functions, and contract with TSA-approved auditors. TSA-
approved auditors and watch-list service providers would also pay fees
to conduct STAs on their employees. In total, these requirements would
add $10.5 million to the average annual cost of this information
collection, bringing the total annual cost of the information
collection (which includes costs to AOSSP aircraft operators) to $12.9
million.
TSA is soliciting comments to--
(1) Evaluate whether the proposed information requirement is
necessary for the proper performance of the functions of the agency,
including whether the information will have practical utility;
(2) Evaluate the accuracy of the agency's estimate of the burden;
(3) Enhance the quality, utility, and clarity of the information to
be collected; and
(4) Minimize the burden of the collection of information on those
who are to respond, including using appropriate automated, electronic,
mechanical, or other technological collection techniques or other forms
of information technology.
Individuals and organizations may submit comments on the
information collection requirements by December 29, 2008. Direct the
comments to the address listed in the ADDRESSES section of this
document, and fax a copy of them to the Office of Information and
Regulatory Affairs, Office of Management and Budget, Attention: DHS-TSA
Desk Officer, at (202) 395-5806. A comment to OMB is most effective if
OMB receives it within 30 days of publication. TSA will publish the OMB
control number for this information collection in the Federal Register
after OMB approves it.
As protection provided by the Paperwork Reduction Act, as amended,
an agency may not conduct or sponsor, and a person is not required to
respond to, a collection of information unless it displays a currently
valid OMB control number.
B. Regulatory Impact Analyses
1. Regulatory Evaluation Summary
Changes to Federal regulations must undergo several economic
analyses. First, Executive Order 12866, Regulatory Planning and Review
(58 FR 51735, October 4, 1993), directs each Federal agency to propose
or adopt a regulation only upon a reasoned determination that the
benefits of the intended regulation justify its costs. Second, the
Regulatory Flexibility Act of 1980 (5 U.S.C. 601, et seq., as amended
by the Small Business Regulatory Enforcement Fairness Act (SBREFA) of
1996) requires agencies to analyze the economic impact of regulatory
changes on small entities. Third, OMB directs agencies to assess the
effect of regulatory changes on international trade. Fourth, the
Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1531-1538) requires
agencies to prepare a written assessment of the costs, benefits, and
other effects of proposed or final rules that include a Federal mandate
likely to result in the
[[Page 64822]]
expenditure by State, local, or tribal governments, in the aggregate,
or by the private sector, of $100 million or more annually (adjusted
for inflation).
TSA has prepared a separate detailed analysis document, which is
available to the public in the docket. With respect to these analyses,
TSA provides the following conclusions and summary information.
TSA has determined that this is an economically
significant rule within the definition of E.O. 12866, as estimated
annual costs or benefits exceed $100 million in any year. The mandatory
OMB Circular A-4, Regulatory Analysis, accounting statement is included
in the separate complete analysis and is not repeated here.
As a normal practice, we provide the Initial Regulatory
Flexibility Analysis (IRFA) to the public, but withhold the final
formal certification of determination as required by the RFA until
after we receive public comments and publish the Final Regulatory
Flexibility Analysis. The IRFA reflects substantial gaps in data where
TSA was unable to identify either impacted entities or revenues for
those that are businesses. TSA has provided the analysis based upon
available data and requests public comment on all aspects of the
analysis. As a result, TSA makes no preliminary finding as to whether
there is or is not a significant impact on a substantial number of
small businesses.
The Trade Agreement Act of 1979 prohibits Federal agencies
from establishing any standards or engaging in related activities that
create unnecessary obstacles to the foreign commerce of the United
States. Legitimate domestic objectives, such as safety, are not
considered unnecessary obstacles. The statute also requires
consideration of international standards and, where appropriate, that
they be the basis for U.S. standards. TSA has assessed the potential
effect of this notice of proposed rulemaking and has determined this
rule would not have an adverse impact on international trade.
The regulatory evaluation provides the required written
assessment of Unfunded Mandates. The proposed rule is not likely to
result in the expenditure by State, local, or tribal governments, in
the aggregate, of $100 million or more annually (adjusted for
inflation). However, because the rule is economically significant as
defined by E.O. 12866, it does have an unfunded mandate impact on the
economy as a whole.
2. Executive Order 12866 Assessment Benefits
The proposed rule would yield benefits in the areas of security and
quality governance. The security and governance benefits are four-fold.
First, the rule would enhance security by expanding the mandatory use
of security measures to certain operators of large aircraft that are
not currently required to have a security plan. These measures would
deter malicious individuals from perpetrating acts that might
compromise transportation or national security by using large aircraft
for these purposes. Second, it would harmonize, as appropriate,
security measures used by a single operator in its various operations
and between different operators. Third, the new periodic audits of
security programs would augment TSA's efforts to ensure that large
aircraft operators are in compliance with their security programs.
Finally, it would consolidate the regulatory framework for large
aircraft operators that currently operate under a variety of security
programs, thus simplifying the regulations and allowing for better
governance. When taken together, the security-related benefits would
act as part of the larger benefits yielded by TSA's layered security
approach.
At this time, TSA cannot quantify these benefits; however, TSA
conducted a ``break-even'' analysis to determine what reduction of
overall risk of a terror attack and resulting reduction in the expected
losses for the nation due to a terror attack would be necessary in
order for the expected benefits of the rule to exceed the costs.
Because the types of attacks that would be prevented by this regulation
vary widely in their intensity and effects, depending both on the
intent of those undertaking the attack and their effectiveness in
completing it, TSA considered three example attack scenarios and the
monetized losses associated with each. Similar break-even analyses have
been undertaken in support of other DHS rules, and TSA has coordinated
the current analysis with these earlier ones, with the aim of
maintaining consistency in DHS analyses and results. In the case of the
LASP proposed rule, some of the types of terror attacks that might be
undertaken using aircraft operated by those covered under the proposed
rule are similar to those that were considered by U.S. Customs and
Border Protection (CBP), and this similarity has informed the current
analysis and examples. For one scenario, however, TSA has relied on DHS
research into the effects of successful delivery of a weapon of mass
destruction (WMD) by an aircraft of the type affected by the proposed
rule. The conclusions of this DHS research are consistent with results
from existing academic and think tank research into similar issues.
In order to compare the losses associated with each scenario to the
cost of the proposed rule, TSA converted casualties into a monetary
total. TSA used the Value of a Statistical Life (VSL) of $5.8 million
that is used by the Department of Transportation (DOT), and which was
recently revised to reflect current academic and other research into
this quantity.\33\ The VSL represents an individual's willingness to
pay to avoid a fatality onboard an aircraft, based on economic studies
of the value individuals place on small changes in risk. Similarly,
based on the same DOT guidance, TSA valued moderate injuries at 1.55
percent of the VSL and severe injuries at 18.75 percent of the VSL. TSA
emphasizes that the VSL is a statistical value of a unit decrease in
expected fatalities to be used for regulatory comparison, and does not
suggest that the actual value of a particular individual's life can be
stated in dollar terms.
---------------------------------------------------------------------------
\33\ U.S. Department of Transportation memorandum, Treatment of
the Economic Value of a Statistical Life in Departmental Analyses.
Office of the Secretary of Transportation, February 5, 2008.
---------------------------------------------------------------------------
The following paragraphs present a description of the four
scenarios considered by TSA with corresponding estimates of their
monetary consequences. These scenarios make up a wide range of possible
consequences, which reflects the varied opportunities for attack and
targeting that may exist for those intent on doing the nation harm. In
order to compare direct costs to direct benefits, TSA presents only the
direct economic losses estimated to result from the attack scenarios
and has omitted economic ``ripple effects'' and economic transfers from
its calculations.
Scenario 1 contemplates a situation where a large aircraft is used
as a missile to attack an unpopulated or lightly populated area,
resulting in minimal loss of life, moderate injuries and destruction of
the aircraft. Of the scenarios considered, this is the most restrained
in its level of envisioned harm. It is assumed that a loss of 3 lives
occurs, along with 10 moderate injuries and the complete hull loss of
the aircraft. Using the DOT VSL of $5.8 million, the monetary estimate
associated with the loss of life is $17.4 million. Again using DOT
guidance, moderate injuries to those affected are valued at 1.55% of
the VSL, or $89,900. To estimate the value of the lost aircraft,
[[Page 64823]]
TSA used $9.3 million, which is the 2008 average market value of a
General Aviation jet aircraft weighing between 12,500 and 65,000
pounds.\34\ Taken together, the monetary consequence of this scenario
totals $32 million, or $0.032 billion.
---------------------------------------------------------------------------
\34\ Federal Aviation Administration. 2007. Economic Values for
FAA Investment and Regulatory Decisions, A Guide. Prepared by GRA,
Inc. December 31, 2004 (updated). Table 5-7. This table reports 2003
value estimates, and the 2003 estimate of $7.2 million was brought
to the 2008 value of $9.3 million using the FAA recommended method
described in the document in Section 9.6 (page 9-9), which relies on
the BLS producer price index series for civil aircraft, available in
the producer price index values for commodities at http://
stats.bls.gov/ppi/home.htm.
---------------------------------------------------------------------------
Scenario 2 also contemplates a situation where a large aircraft is
used as a missile to attack a populated area, resulting in
significantly greater loss of life and injuries, and destruction of the
aircraft. It is assumed that a loss of 250 lives occurs, along with 250
severe injuries and the complete hull loss of the aircraft. Using the
DOT VSL of $5.8 million, the monetary estimate associated with the loss
of life is $1.45 billion. Again using DOT guidance, severe injuries to
those affected are valued at 18.75% of the VSL, or $1.1 million, the
monetary impact of these injuries total $272 million. To estimate the
value of the lost aircraft, TSA used $9.3 million, which is the 2008
average market value of a General Aviation jet aircraft weighing
between 12,500 and 65,000 pounds. Taken together, the monetary
consequence of this scenario totals $1.73 billion. The level of damage
in this type of scenario is consistent with the scenarios considered
for the CBP APIS Final Rule analysis, although the current analysis
also includes a component of severe injuries.\35\
---------------------------------------------------------------------------
\35\ Regulatory Assessment & Final Regulatory Flexibility
Analysis for the Final Rule, Passenger Manifests for Commercial
Aircraft Arriving in and Departing from the United States; Passenger
and Crew Manifests for Commercial Vessels Departing from the United
States. Table 12, page 35.
---------------------------------------------------------------------------
Scenario 3 contemplates a situation where a large aircraft is used
as a missile to carry out a direct attack on a building in a densely
populated urban area. Because of these locational details, a successful
attack would result in much more severe consequences, including
significantly increased loss of life and widespread real property
damage, compared to Scenario 1. For valuation purposes for this
scenario, TSA assumes 3,000 fatalities, valued at $17.4 billion using
the DOT VSL of $5.8 million. To maintain consistency with existing DHS
analyses, in particular the APIS analysis,\36\ TSA assumes property
losses totaling $21.8 billion; this total is motivated by comparison to
the City of New York Comptroller's estimate of direct losses to the
city due to the September 11 attacks.\37\ However, TSA also assumes
that 9,000 severe injuries would also result from such an attack. These
severe injuries, valued at 18.75% of the VSL based on the DOT guidance,
have a monetary valuation of $9.79 billion. Finally, based on the FAA
estimate of aircraft value, losses in Scenario 3 include $9.3 million
due to complete hull loss of the aircraft used in the attack. The
scenario elements aggregate to a total consequence of $49.0 billion.
---------------------------------------------------------------------------
\36\ Regulatory Assessment & Final Regulatory Flexibility
Analysis for the Final Rule, Passenger Manifests for commercial
Aircraft Arriving in and Departing from the United States; Passenger
and Crew Manifests for Commercial Vessels Departing from the United
States. Table 13, page 36.
\37\ Thompson, Jr., William C. Comptroller, City of New York.
``One Year Later: The Fiscal Impact of 9/11 on New York City.''
September 4, 2002.
---------------------------------------------------------------------------
Finally, Scenario 4 contemplates a catastrophic situation in which
a large aircraft is used to deliver a nuclear or biohazard device to an
urban center. The costs associated with a scenario such as this have
been examined by DHS in detail for a nuclear device.\38\ This research
concludes that the consequences of such an event would be immense, with
a wide range of uncertainty. For the present analysis, TSA is using a
value of $1 trillion for the direct consequences of an attack of this
severity. This value falls in the midrange of the values developed in
the DHS research, and is consistent with results obtained from a review
of academic and think tank research into the consequences of nuclear
and bioterror attacks on urban areas. The value of $1 trillion results
from loss of life in an attacked urban area in the hundreds of
thousands and enormous loss of property and productive assets.
---------------------------------------------------------------------------
\38\ ``Economic Consequences of a Nuclear Detonation in an Urban
Area'' undated DHS draft.
---------------------------------------------------------------------------
Figure 1 below displays the impacts and monetary consequences
identified for each of these scenarios. TSA compared the monetary
consequence from a successful attack with the cost of the proposed
LASP. To judge the value or effectiveness of the LASP proposed rule in
the context of these scenarios, it is necessary to compare the extent
of monetary consequence from a successful attack with the cost of a
program like LASP that would be deployed to reduce the risk or
likelihood of such an attack being successfully undertaken. The annual
risk reductions required for the proposed rule to break even under each
of the four scenarios are presented below. In this analysis the
comparison is made between the estimated scenario consequence and the
LASP discounted annualized cost of $194.1 million, using a discount
rate of 7%; the ``required risk reduction'' for breakeven is simply the
ratio between this annualized program cost and the scenario consequence
total. As shown, depending on the attack scenario, underlying baseline
risk of terror attack would have to be reduced less than 1 percent
(Scenarios 3 and 4) to 11 percent (Scenario 2) in order for the rule to
break even. If only avoidance of quantified direct losses is
considered, preventing the impact characterized in Scenario 1 is not
sufficient to offset the LASP program's annualized costs, even if a
Scenario 1 outcome were a certainty, expressed as a baseline risk of
100%, and the chance of this were eliminated entirely (100 percent risk
reduction).
[[Page 64824]]
Figure 1--Required Reduction in Annual Risk Necessary (%) for LASP Annualized Discounted Costs ($194.1 M) To Equal Expected Benefits, by Attack Scenario
--------------------------------------------------------------------------------------------------------------------------------------------------------
Valuation Required
Loss of at VSL of Hull loss Property Injuries risk
Scenario Scale life $5.8 M ($ ($ B) loss ($ B) ($ B) Total ($ B) reduction
B) by LASP (%)
--------------------------------------------------------------------------------------------------------------------------------------------------------
1............................. Minimal...................... 3 $0.02 $0.009 None $0.005 $0.03 N/A
2............................. Moderate..................... 250 1.45 0.009 None 0.27 173 11.0
3............................. Major........................ 3000 17.4 0.009 21.8 9.79 49.0 0.7
-----------------------------------------------------------------
4............................. Catastrophic................. Large and Variable across Studies 1,000 0.019
--------------------------------------------------------------------------------------------------------------------------------------------------------
Costs
The following summarizes the estimated costs of this rulemaking by
general category of who pays. A summary table provides an overview of
the cost items and a brief description of cost elements. Both in this
summary and the economic evaluation, descriptive language is used to
try and relate the consequences of the regulation. Although the
regulatory evaluation attempts to mirror the terms and wording of the
proposed rule text, no attempt is made to precisely replicate the
regulatory language and readers are cautioned that the actual
regulatory text, not the text of the evaluation, would be binding.
Throughout the evaluation rounding in displayed values may result in
minor differences in displayed totals.
Aircraft operators, airport operators, and TSA would incur costs to
comply with the requirements of the proposed LASP rule. TSA estimated
the total 10-year cost of the program at $1.4 billion, discounted at
7%. At this rate, the annualized total rule cost per flight is
estimated at $44. Aircraft operator costs comprise 85 percent of all
estimated costs. This is due to the large number of newly regulated
aircraft operators and the amount of time security coordinators are
anticipated to spend on their duties.
TSA estimated approximately 9,000 GA aircraft operators use
aircraft with a maximum takeoff weight exceeding 12,500 pounds and
would thus be subject to the proposed rule. These aircraft operators
are currently not required to operate under any existing TSA security
programs. Costs to these newly regulated aircraft operators represent
84 percent of total estimated costs, with security coordinator duties
and training making up 89.5 percent of those new aircraft operator
costs. Security coordinator duties and training for these operators are
estimated at $1.0 billion over 10 years, discounted at 7 percent. The
following figure provides the total 10-year costs as well as annualized
costs at the 0, 7, and 3 percent discount rates for the principal
populations affected by the proposed rule.
Total and Annualized Costs by Affected Entity
----------------------------------------------------------------------------------------------------------------
10-year total costs Annualized costs
Affected entity -----------------------------------------------------------------
0% 3% 7% 0% 3% 7%
----------------------------------------------------------------------------------------------------------------
New Aircraft Operators........................ $1,655.8 $1,402.3 $1,143.5 $165.6 $164.4 $162.8
Existing Aircraft Operators................... 19.6 16.7 13.6 2.0 2.0 1.9
Airport Operators............................. 7.5 6.5 5.5 0.8 0.8 0.8
TSA........................................... 194.4 165.9 136.6 19.4 19.4 19.5
Passengers (Opportunity)...................... 91.9 78.2 64.1 9.2 9.2 9.1
-----------------------------------------------------------------
Total, Primary............................ 1,969.3 1,669.5 1,363.4 196.9 195.7 194.1
=================================================================
Total, High............................... 2,720.7 2,305.9 1,882.3 272.1 270.3 268.0
=================================================================
Total, Low................................ 1,239.1 1,051.2 859.2 123.9 123.2 122.3
----------------------------------------------------------------------------------------------------------------
[[Page 64825]]
[GRAPHIC] [TIFF OMITTED] TP30OC08.000
Given several areas of uncertainty in the cost estimates, TSA
estimates of the total cost of the rule range from $859 million to $1.9
bilion, discounted at 7 percent. TSA was unable to model some
requirements, such as aircraft operator expenses to collect and submit
passenger information for watch-list matching. TSA is requesting
detailed comments to enable quantification of this impact for new and
existing operators. The figure below displays the cost segments of the
proposed rule grouped into four major cost categories: Security
coordinator duties and training; audits and inspections; STAs; and
security programs.
[GRAPHIC] [TIFF OMITTED] TP30OC08.001
[[Page 64826]]
TSA estimated covered aircraft operators would expend $1.1 billion
over 10 years to comply with the proposed LASP, discounted at 7
percent. All covered aircraft operators would incur costs to develop
and submit security programs and profiles. Newly regulated aircraft
operators would be required to designate security coordinators who
would perform a variety of security-related duties and complete annual
security training. These aircraft operators also would be required to
ensure that their flight crewmembers successfully undergo STAs
conducted by TSA. All aircraft operators would need to control access
to any weapons and check property in the cabin for possible stowaways.
Further, aircraft operators would be required to submit names of
passengers aboard their flights to TSA-approved service providers for
purposes of matching names against terrorist watch-lists. Finally
aircraft operators would contract with TSA-approved auditors to undergo
biennial reviews demonstrating compliance with their security programs.
Since TSA views security programs as a package, this rule would
also require a partial airport security program for non-federalized
airports regularly serving large aircraft, in scheduled or public
charter operations and airports designated by the Secretary of
Transportation as ``Reliever Airports.'' TSA has determined these
airports frequently serve as a base for aircraft operators covered by
the LASP. Covered airports would be required to develop and submit
security programs to TSA and comply with program requirements. This
would include the designation of airport security coordinators and
completion of attendant training. TSA estimated airport operators would
expend $5.5 million over 10 years, discounted at 7 percent.
To implement and oversee this new security program regime, TSA
would expend monies to conduct outreach to covered aircraft and airport
operators and process security programs and profiles, enforce
compliance with the proposed requirements, and enroll auditors and
watch-list service providers. TSA estimated its 10-year costs to
implement the proposed regulation would range from $133.5 million to
$139.8 million, discounted at 7 percent, with a primary estimate of
$136.6 million.
Entities wishing to participate as auditors or watch-list service
providers would incur voluntary costs to apply to TSA for authorization
to provide those services. These service entities would likely pass
their enrollment expenses to subscribing aircraft operators; thus, in
the regulatory evaluation TSA assesses the costs directly to the
affected aircraft operators. To avoid double-counting, the analysis
does not provide a separate estimate of auditor and watch-list service
provider enrollment costs. However, TSA has included a description of
the enrollment process and anticipated unit costs within the discussion
of TSA's costs to process auditor and watch-list service provider
applications.
Passengers on covered aircraft would incur opportunity costs from
the time spent providing personal information to aircraft operators,
for use in Watch List Matching, and, to a much more modest degree, from
time spent delayed when pre-flight Watch List Matching issues need to
be resolved in real time. TSA estimated that these passenger
opportunity costs total $64 million, discounted at 7 percent.
As previously noted, TSA estimates that the total 10-year cost of
the program would be $1.4 billion, discounted at 7 percent; the
annualized cost (at a 7 percent discount rate) per flight would be $44.
3. Initial Regulatory Flexibility Assessment (IRFA)
The Regulatory Flexibility Act of 1980 establishes ``as a principle
of regulatory issuance that agencies shall endeavor, consistent with
the objective of the rule and of applicable statutes, to fit regulatory
and informational requirements to the scale of the business,
organizations, and governmental jurisdictions subject to regulation.''
To achieve that principle, the RFA requires agencies to solicit and
consider flexible regulatory proposals and to explain the rationale for
their actions. The RFA covers a wide range of small entities, including
small businesses, not-for-profit organizations, and small governmental
jurisdictions.
When issuing a rulemaking, agencies must perform a review to
determine whether a proposed or final rule will have a significant
economic impact on a substantial number of small entities. If the
determination is that it will, the agency must prepare a regulatory
flexibility analysis as described in the RFA. However, if an agency
determines that a proposed or final rule is not expected to have a
significant economic impact on a substantial number of small entities,
section 605(b) of the RFA provides that the head of the agency may so
certify and a regulatory flexibility analysis is not required. The
certification must include a statement providing the factual basis for
this determination, and the reasoning should be clear.
As part of implementing this NPRM, TSA conducted this Initial
Regulatory Flexibility Analysis. The IRFA describes the reasons for and
objectives of the proposed rule; includes a description and estimate of
the number of small entities that would be impacted by the proposed
rule; estimates the cost of complying with requirements for small
entities; addresses significant alternatives to the rulemaking
considered by TSA; and, identifies duplicative, overlapping, and
conflicting rules.
Reason for the Proposed Rule
The Aviation and Transportation Security Act (ATSA) (Pub. L. 107-
71, 115 Stat. 597, Nov. 19, 2001) granted TSA broad statutory authority
to take measures to increase the security of civil aviation in the
United States. Since the passage of ATSA, TSA has used its authority to
implement an array of aviation security programs, focusing mainly on
the commercial aviation segment of the industry.
TSA is aware that as vulnerabilities within the air carrier and
commercial operator segment of the aviation industry are reduced, GA
operations may become more attractive targets. With thousands of
operators flying over 100,000 aircraft, firms operating in the GA
market--including some smaller airports--are largely unregulated with
respect to security. Many GA aircraft, however, are of the same size
and weight of the commercial operators that TSA regulates, meaning that
they potentially and effectively could be used to commit a terrorist
act.
Consequently, this portion of the aviation industry may be
vulnerable to exploitation by terrorists. Except for limited security
requirements for certain classes of GA aircraft, TSA does not currently
require security programs for many GA aircraft operators. This
situation presents a security risk.
The proposed rule would mitigate this risk by requiring GA aircraft
operators and certain airports to enact an assortment of security
measures.
Objectives of the Proposed Rule
The objective of the proposed rule is to strengthen the security of
civil aviation.
Description and Estimate of the Number of Small Entities
The proposed rule would impact certain firms flying aircraft with a
maximum take-off weight greater than 12,500 pounds in the civil
aviation market. It would also impact certain
[[Page 64827]]
publicly- and privately-owned airports. This section of the IRFA
attempts to describe and identify all small entities within the
aforementioned industries, including those operating under existing
security regulations and those that are currently not regulated.
Currently Regulated Aircraft Operators
The proposed rule would affect aircraft operators currently
offering services under existing security regulations. Aircraft
operators utilizing TSA-required security programs, including the
Twelve-Five Standard Security Program (TFSSP), the All Cargo Twelve-
Five Standard Security Program (TFSSP-AC), the Partial Program Standard
Security Program (PPSSP), and the Private Charter Standard Security
Program (PCSSP) would be covered by the proposed rule.
Aircraft operators offering services under the TFSSP and the TFSSP-
AC utilize aircraft with a maximum takeoff weight of more than 12,500
pounds; offer scheduled or charter service; carry passengers or cargo
or both; and do not operate under a PPSSP or PCSSP.
The PPSSP is used by scheduled passenger or public charter
passenger operations using aircraft with seating configurations of 31
or more, but 60 or fewer seats that do not enplane from or deplane into
a sterile area, and by scheduled passenger or public charter passenger
operations using aircraft with seating configurations of 60 or fewer
seats engaged in operations to, from, or outside the United States that
do not enplane from or deplane into a sterile area.
The requirements of the PPSSP are identical to those of the TFSSP,
with the exception that the PPSSP requires operators to participate in
airport operator-sponsored exercises of airport contingency plans. TSA
estimated that approximately 649 operators, utilizing 4,540 large
aircraft, were conducting operations either solely or primarily under
the TFSSP or PPSSP at the time of writing. (Within the text of this
IRFA, Twelve-Five and Partial Program operators may be referred to
collectively as TFSSP operators due to the extremely small number of
Partial Program operators, the similarities between the two groups, and
the fact that they would be merged under the proposed regulation.)
Conversely, aircraft operators using privately chartered aircraft
(aircraft hired by, and for, one specific group of people), having a
MTOW greater than 45,500 kg (100,309.3 pounds); or, a passenger seating
configuration of 61 or more seats, or, that enplane from or deplane
into a sterile area, operate under the PCSSP. To be considered a
private charter, the charterer must have engaged the total passenger
capacity of the aircraft, invited all of the passengers, borne all of
the costs of the charter, and must not have advertised to the public,
in any way, to solicit passengers.
In conducting research for the Regulatory Evaluation, TSA generated
estimates of the number of operators offering services under each
security program described above. The estimates are shown in the figure
below.
LASP Aircraft Operators Currently Operating Under a TSA Security Program
------------------------------------------------------------------------
Number of
Existing security program or operating certificate aircraft
operators
------------------------------------------------------------------------
Twelve-Five Standard Security Program................... 649
All Cargo Twelve-Five Standard Security Program......... 48
Private Charter Standard Security Program............... 77
---------------
Total............................................... 774
------------------------------------------------------------------------
To determine if the firms identified in the figure above qualify as
small entities as defined by the RFA and the Small Business
Administration (SBA), TSA first attempted to classify each firm using
North American Industry Classification System (NAICS) codes maintained
by the U.S. Census Bureau. After analyzing the various operators'
characteristics and the NAICS codes, TSA determined that the aircraft
operators described above would broadly fall into the nonscheduled air
transportation market. Firms in NAICS code 481211, Nonscheduled
Chartered Passenger Air Transportation, and code 481212, Nonscheduled
Charter Freight Air Transportation, are classified as large or small
based on employee measures. Firms in these markets with less than 1,500
employees are considered small by the SBA.
Unfortunately, TSA could not obtain current, detailed employee data
for the respective firms, making it difficult to discern whether the
firms are small or large according to standards set by the SBA. In
light of the lack of current employee data on these firms, TSA turned
to U.S. Census Bureau information to gauge the number of currently
regulated entities affected by the proposed rule that may be considered
small.
NAICS 481211--Nonscheduled Chartered Passenger Air Transportation
As stated above, the SBA defines any firm in the Nonscheduled
Chartered Passenger Air Transportation industry with less than 1,500
employees as small. Using 2002 data maintained by the U.S. Census
Bureau, TSA determined that there are 1,400 firms in the industry, and
at least 1,178 of these firms are small entities. The average annual
revenue for firms in this industry in 2002 was approximately $3.9
million. The data that TSA accessed from the Census Bureau to make this
determination did not have enough detail for the Agency to draw a
conclusion on the remaining 222 firms. See the figure below.
[[Page 64828]]
[GRAPHIC] [TIFF OMITTED] TP30OC08.002
NAICS 481212--Nonscheduled Chartered Freight Air Transportation
As previously stated, the SBA defines any firm in the Nonscheduled
Chartered Freight Air Transportation industry with less than 1,500
employees as small. Again using Census Bureau data, TSA determined that
there are 231 firms in the overall industry, and at least 162 of these
firms are small entities. The average annual revenue for firms in this
industry in 2002 was approximately $5.0 million. The data that TSA
accessed from the Census Bureau to make this determination did not have
enough detail for the Agency to draw a conclusion on the remaining 69
firms.
[GRAPHIC] [TIFF OMITTED] TP30OC08.003
Firms operating aircraft under the TFSSP and the PCSSP likely fall
into NAICS code 481211, Nonscheduled Chartered Passenger Air
Transportation, described above. As previously stated, TSA estimated
that there are 649 and 77 TFSSP and PCSSP operators, respectively, that
would be affected by the NPRM. In all likelihood, these
[[Page 64829]]
operators represent a subset of the firms TSA identified using the
Census data. So while TSA identified 1,178 small entities (and 222
potentially small entities) in the overall Nonscheduled Chartered
Passenger Air Transportation market, it is not likely that all of those
firms would be impacted by the proposed rule.
Firms operating under the TFSSP-AC most likely are classified by
the Census Bureau by NAICS code 481212, Nonscheduled Chartered Freight
Air Transportation. As stated above, TSA estimated that the proposed
rule would only affect 48 of these operators. It is likely that the 48
operators represent a subset of the firms TSA identified in the Census
data described above.
By adding the estimated number of TFSSP, PCSSP, and TFSSP-AC
operators together, TSA was able to conclude that the proposed rule
would affect a total of 774 currently regulated operators. In 2003,
pursuant to another rulemaking, TSA estimated that of 767 TFSSP, TFSSP-
AC, and PCSSP operators, all but 15 were small entities. Typically,
these types of operators are independently owned and operated, and
rarely employ more than 1,500 employees, making them small entities
according to the SBA. Given that TSA has not received any new data on
these operators since 2003, and given the lack of detail in the Census
Bureau data, the Agency assumed for the purposes of this analysis that
all but 15 of the 774 operators that would be affected by this NPRM are
small entities. The Agency seeks comment on this preliminary
conclusion.
Newly Regulated Aircraft Operators
The proposed rule would also cover any aircraft operator using an
aircraft having a MTOW greater than 12,500 pounds. Such operators
primarily conduct operations under 14 CFR part 91 and 14 CFR part 125.
Currently, these types of operators are generally not covered by
existing security regulations.
Part 91 operations, commonly referred to as GA operations, can be
undertaken for a wide range of purposes, but a basic distinction is
drawn between flight activity used to provide ``common carriage'' and
other flight activity. Common carriage means any operation for
compensation or hire where the operator holds itself out as willing to
furnish transportation to any member of the public seeking the services
offered. The operator openly offers a service for a fee (by advertising
or any other means) to members of the public.
In contrast, ``private'' or ``non-common carriage'' does not
involve offering or holding out by the operator through advertising or
any other means. Non-common carriage includes the following:
Carriage of operator's own employees or property.
Carriage of participating members of a club.
Carriage of persons and property, which is only incidental
to the operator's primary business.
Carriage of persons or property for compensation or hire
under a contractual business arrangement that did not result from the
operator's holding out or offering. In this situation, the customer
seeks out an operator to perform the desired service and enters into an
exclusive mutual agreement; the operator does not seek out the
customer.
Under the proposed rule, both common carriage and non-common
carriage large aircraft operators would be required to establish and
implement the security requirements of the LASP. Those firms operating
under common carriage have been discussed in the currently regulated
section of this IRFA; the following discussion relates to non-common
carrier operations.
Part 125 of 14 CFR applies to some large aircraft operations that
may provide private carriage (but not common carriage). Part 125
governs the operation of large aircraft that are able to carry 6,000
pounds or more of payload capacity and 20 or more passenger seats.
In conducting research for the Regulatory Evaluation, TSA subject
matter experts determined that the proposed rule would affect 9,000
aircraft operators regulated by 14 CFR part 91, and 61 aircraft
operators regulated by 14 CFR part 125. Due to the unique conditions
under which these firms conduct operations, TSA could not identify the
respective NAICS codes for these operators. Consequently, TSA could not
determine the small entity size standards for these businesses. Without
this information, TSA could not reliably estimate the number of small
entities operating aircraft in these operating categories. Moreover,
TSA could not find reliable revenue and employee data for these firms,
further complicating the effort.
Given the constraints discussed above, TSA could only conclude that
the proposed rule would affect between 0 and 9,000 small entities
currently regulated by 14 CFR part 91, and between 0 and 61 small
entities currently regulated by 14 CFR part 125. TSA seeks comment on
information that would allow it to refine its estimate of small
entities as defined by the RFA.
Airport Operators
Airports that would be affected by the proposed rule include
airports regularly serving scheduled or public charter operations in
large aircraft and ``reliever airports,'' as designated by the
Secretary of Transportation. TSA determined approximately 42 airports
regularly serving scheduled or public charter operations and 273
reliever airports would be subject to the proposed rule, a total of 315
airports.
The 42 affected airports TSA has identified that regularly serve
scheduled or public charter operations and do not already have a TSA
security program are all owned by public entities. Because the airports
are publicly owned, the Census Bureau classifies them using NAICS Code
926120, Regulation and Administration of Transportation Programs.
Reliever airports are airports designated by the FAA to relieve
congestion at commercial service airports and to provide improved GA
access to members of the local community.\39\ The 273 reliever airports
that would be impacted by the rule are owned by public entities--such
as State and local governments--and private, for-profit concerns. The
publicly--and privately-owned airports, due to their different
ownership characteristics, are classified by different NAICS codes by
the U.S. Census Bureau. Privately-owned airports are classified by
NAICS code 48811, Airport Operations, while publicly owned airports are
classified by NAICS code 926120, Regulation and Administration of
Transportation Programs.
---------------------------------------------------------------------------
\39\ U.S. Department of Transportation, Federal Aviation
Administration, ``Categories of Airports,'' Available from: http://
www.faa.gov/airports_airtraffic/airports/planning_capacity/
passenger_allcargo_stats/categories/. Accessed on February 28,
2007.
---------------------------------------------------------------------------
NAICS 48811--Airport Operations
Private firms operating reliever airports fall into NAICS code
48811, Airport Operations. The SBA defines firms in this industry with
less than $6.5 million in annual revenues as small. To discern the
number of small firms likely to be impacted by the proposed rule, TSA
first obtained data on the total number affected reliever airports from
FAA. From the FAA information, which identified 273 total reliever
airports that would be subject to the rule, TSA was able to identify 46
privately-held reliever airports.
Unfortunately, TSA could not find any revenue information on the 46
privately-owned reliever airports, making it impossible to determine if
[[Page 64830]]
they are classified as small entities. However, given that the average
annual revenues in the industry were $3.8 million in 2002, well below
the $6.5 million threshold set by SBA, it is likely that some of the
affected firms are small entities. Due to the lack of available revenue
data, TSA assumed for the purposes of this analysis that there are
between 0 and 46 small entities in this industry that would be impacted
by the rule. TSA seeks comment on this assumption.
NAICS 926120--Regulation and Administration of Transportation Programs
As previously stated, publicly owned reliever airports likely fall
into NAICS code 926120, Regulation and Administration of Transportation
Programs. Because firms in this industry are not privately held, for-
profit companies, the SBA does not use revenue or employment measures
to determine if they are small entities.
Instead, the SBA uses the population of the government jurisdiction
that owns the firm to determine if it is a small governmental
jurisdiction. Specifically, sec. 601(5) of the RFA defines small
governmental jurisdictions as governments of cities, counties, towns,
townships, villages, school districts, or special districts with a
population of less than 50,000.\40\
---------------------------------------------------------------------------
\40\ Regulatory Flexibility Act, Public Law 96-354, Sep. 19,
1980, 94 Stat. 1164 (codified at 5 U.S.C. 601).
---------------------------------------------------------------------------
To determine if the proposed rule would have an impact on any small
governmental jurisdictions, TSA again accessed the FAA airport data. Of
the 315 affected airports, TSA discerned that 269 are owned by
governments. After researching the population of all the affected
governments using U.S. Census Bureau population data, TSA concluded
that between 68 and 74 small governmental jurisdictions would be
impacted by the proposed rule. See the figure below.
[GRAPHIC] [TIFF OMITTED] TP30OC08.004
Summary of Number of Small Entities
Using the data discussed above, TSA concluded that the NPRM would
impact between 827 and 9,955 small entities. The ambiguous nature of
the revenue and employee data for the firms in some of the affected
industries, coupled with the lack of information on operators covered
by 14 CFR part 91 and 14 CFR part 125, prevented TSA from making a more
refined estimate. See the figure below.
Total Estimate of Small Entities Potentially Affected by the LASP \*\
----------------------------------------------------------------------------------------------------------------
NAICS Low High
Operator classification code Industry SBA size standard estimate estimate
----------------------------------------------------------------------------------------------------------------
Currently Regulated Aircraft 481211 Nonscheduled Chartered 1,500 employees...... 759 774
Operators (TFSSP, PCSSP, TFSSP-AC). Passenger Air
Transportation.
481212 Nonscheduled Chartered ..................... ........ ........
Freight Air
Transportation.
Newly Regulated Aircraft Operators U U..................... U.................... 0 9,061
(14 CFR part 91, 14 CFR part 125).
Privately-Owned Airports........... 48811 Airport Operations.... $6.5 million in 0 46
annual revenue.
[[Page 64831]]
Public Airports.................... 926120 Regulation and 50,000 population of 68 74
Administration of governmental
Transportation jurisdiction.
Programs.
-------------------
Total.......................... ........ ...................... ..................... 827 9,955
----------------------------------------------------------------------------------------------------------------
* Total Small Entities Impacted: The NPRM would impact between 827 and 9,957 small entities.
Source: 2002 Economic Census, FAA, SBA, TSA calculations.
Notes: U means data unavailable.
The data used to determine the number of impacted small entities in
this analysis exhibit some critical shortcomings. First, TSA did not
have access to any comprehensive employment data for some of the
affected aircraft operators in the nonscheduled air transportation
industry.
Second, TSA was unable to access comprehensive revenue or
employment data for the aircraft operators offering services under 14
CFR part 91 and 14 CFR part 125. Additionally, TSA could not identify
the appropriate NAICS codes for these operators, making it impossible
to identify the size standard that would be necessary to determine if
the firms are large or small.
Third, TSA could not obtain revenue data for firms operating
privately-owned reliever airports, making it impossible to generate an
accurate estimate of the number of small entities in that industry.
Finally, TSA was unable to find reliable information on some of the
governmental jurisdictions operating covered airports. This situation
prevented TSA from making a more accurate estimate of the number of
small governmental jurisdictions that would be subject to the proposed
rule.
Due to the reasons described above, TSA may have under- or over-
estimated the number of affected small entities. TSA seeks comment on
this possibility.
Description and Estimate of Compliance Requirements
The proposed rule would require firms operating certain classes of
aircraft and airports to undertake a number of measures aimed at
increasing civil aviation security. This section of the analysis
provides a brief description of each requirement, followed by an
estimate of the unit cost per operator to comply with each requirement.
This part of the analysis also attempts to make an initial
determination on whether the proposed rule would have a significant
economic impact on a substantial number of small entities.
Given the operational and regulatory differences between the
various firms that would be affected by the proposed rule, compliance
requirements and their attendant costs are described separately for
currently regulated aircraft operators, newly regulated aircraft
operators, and airport operators. Furthermore, costs are estimated as
ranges rather than absolute values in order to reflect the uncertainty
surrounding different estimates.
Currently Regulated Aircraft Operators
Security Programs and Profiles
Currently regulated aircraft operators affected by the proposed
rule would be required to submit a profile containing several pieces of
information and to develop and submit a security program. TSA would
make available to all covered aircraft operators a template Large
Aircraft Standard Security Program that operators would have the option
to either accept without modification or use as the basis of developing
their own security program. In estimating costs for this requirement,
TSA assumed that nearly all covered operators would choose to adopt the
template security program. These requirements would impose costs on
currently regulated aircraft operators, which are shown in the figure
below. For a more robust discussion on how TSA estimated these costs,
see the section on security programs and profiles located above in the
Regulatory Evaluation.
Unit Cost: Security Programs/Profiles, Currently Regulated Aircraft Operators
----------------------------------------------------------------------------------------------------------------
Hours Total unit cost
Hourly compensation -----------------------------------------------------------------
Low Primary High Low Primary High
a b c d (a) x (b) (a) x (c) (a) x (d)
----------------------------------------------------------------------------------------------------------------
$62.43........................................ 2 4 6 $125 $250 $375
----------------------------------------------------------------------------------------------------------------
Security Coordinator Duties
Currently regulated aircraft operators have existing security
coordinators and would not incur new costs as a result of this
requirement.
Security Threat Assessments for Flight Crews
Aircraft operators offering services under existing security
regulations must utilize flight crew personnel that have undergone a
criminal history records check. The proposed rule would require LASP
aircraft operators to begin ensuring that their flight crewmembers
undergo STAs and would limit the validity of a STA to five years. As
proposed, the STA would consist of a CHRC and a check against
government terrorism watch-lists and related databases. Existing
aircraft operators currently pay an estimated $30 to $35 for CHRCs;
however, the collection system used by these operators does not include
the terrorism check component of the proposed STA. As a result, TSA
intends to establish a new system to enable it to process STA
applications from covered aircraft operators. TSA is thus proposing a
fee of $74 to recover its costs associated with this new system and the
processing of STAs.
Flight crewmembers of currently regulated aircraft operators would
be required to submit a new STA application upon publication of a final
[[Page 64832]]
rule if their most recent CHRC had been completed five or more years
prior to the compliance date of the final rule. Flight crewmembers
having CHRCs completed within five years prior to the compliance date
in a final rule would be required to submit a STA application once five
years had passed since their CHRC. Since TSA instituted the existing
operator security programs in early 2003, several existing operators
may need to conduct a STA on their flight crewmembers in the first year
of the LASP.
Because this represents a new requirement, TSA used the full
proposed fee, plus opportunity costs, to estimate a unit cost to
existing operator small entities. As noted above, the proposed fee is
$74. TSA estimated opportunity costs would consist of 0.5 hours of
flight crewmember time to provide the information required for the STA
application and to have fingerprints taken. Using an average wage rate
of $51.40 for aircraft operator flight crews,\41\ 30 minutes represents
an opportunity cost of $25.70 per STA, for a total STA unit cost of
$99.70. TSA estimated existing operators each employ an average of 18
flight crewmembers based on data provided by TSA subject matter experts
and the American Association of Airport Executives, the entity that
processes existing operator CHRCs. Based on an assumed turnover rate of
15 percent, however, TSA estimated that on average an existing operator
would have only about eight crewmembers whose CHRCs would be expired
under the proposed rule. Thus, the maximum per-operator cost for STAs
would be approximately $800.
---------------------------------------------------------------------------
\41\ The flight crew wage reported here is a weighted average of
the following occupations from the 2006 NBAA Salary Survey: Aviation
Department Manager II (does some flying), Chief Pilot, Senior
Captain, and Copilot.
Unit Cost: Security Threat Assessments, Currently Regulated Aircraft
Operators
------------------------------------------------------------------------
Flight Total unit
Unit fee (inc. opportunity costs) crewmember cost per
STAs operator
a b (a x b)
------------------------------------------------------------------------
$99.70...................................... 8 $800
------------------------------------------------------------------------
Control of Access to Weapons
Aircraft operators utilizing the TFSSP-All Cargo would be required
to control access to weapons. Presently, these operators are required
to ``apply the security measures in its security program for persons
who board the aircraft for transportation, and for their property, to
prevent or deter the carriage of any unauthorized persons, and any
unauthorized weapons, explosives, incendiaries, and other destructive
devices, items, or substances.'' \42\ The proposed rule modifies
current law by inserting between ``unauthorized weapons'' the words
``or accessible.'' TSA has determined this requirement would have a de
minimis impact, because few passengers are carried aboard such flights
and operators are already required to screen them. Further, operators
would have a variety of means of rendering weapons inaccessible to
passengers.
---------------------------------------------------------------------------
\42\ 49 CFR 1544.202.
---------------------------------------------------------------------------
Check of Accessible Property
The proposed rule would require an aircraft operator to inspect,
pursuant to the terms and method in its security program, any property
brought on board that would be accessible to the cabin. Property, for
this section, is defined as any container, cargo, or company material
that may be used to hide a stowaway or explosives, incendiaries or
other destructive devices.
TSA has determined that in most cases affected operators already
comply with the anticipated inspection requirements during the normal
course of the pre-flight check. Costs associated with this
responsibility are captured in the security coordinator duties above.
Because currently regulated aircraft operators are not expected to
incur any marginal costs for security coordinators, this requirement
also would not add any additional costs for these operators.
Watch-List Matching
The proposed regulation would require each aircraft operator to
request and obtain certain passenger information from every passenger
on each flight operated by the aircraft operator, and transmit the
information to an entity approved by TSA to conduct watch-list matching
(known as a watch-list service provider). Any changes to the passenger
information prior to boarding would be required to be resent to the
watch-list service provider.
TSA has estimated the compliance costs for this requirement as the
10-year undiscounted cost of WLSP averaged over the forecast number of
flights. This average cost per flight multiplied by the average flights
per operator produces an estimated annual cost per operator for WLSP.
TSA estimates the cost for compliance would range from $245 to $736 per
operator with a primary cost estimate of $491 per operator. To the
extent that small entities may make fewer flights per year than large
entities, the actual impact to small entities may be lower. However,
TSA believes these costs provide a conservative estimate of the impact
to small operators. For more discussion on the costs of this
requirement, see the section on watch-list matching above, located in
the Regulatory Evaluation.
----------------------------------------------------------------------------------------------------------------
Cost estimates
Components --------------------------------------------------
Low Primary High
----------------------------------------------------------------------------------------------------------------
WLSP Costs................................................... $22,787,364 $45,574,727 $68,362,091
Flight Forecast.............................................. 87,932,347 87,932,347 87,932,347
Cost per Flight.............................................. $0.26 $0.52 $0.78
Flights per Operator......................................... 946 946 946
Cost per Operator............................................ $245 $491 $736
----------------------------------------------------------------------------------------------------------------
Audits of Aircraft Operators
Under the proposed rule, each aircraft operator must contract with
an auditor approved by TSA to conduct an audit of the aircraft
operator's compliance with its security program.
Based on similar audits undertaken relative to other federal
aviation programs, TSA estimated the cost for these audits to be
approximately $2,257 per audit, on average. Currently, audits are
performed to review safety, operations, and maintenance. TSA
anticipates that many of these firms will
[[Page 64833]]
offer the ``security'' audit as part of their offerings to their
current customers and, perhaps, where feasible, bundle the security
audit with already scheduled audits.
Based on interviews with 3 International Standard for Business
Aircraft Operations auditors, TSA estimated costs for audits could
range from $1,464 to $3,050. As stated above, TSA adopted the average
of $2,257 as its primary estimate. For more discussion on these costs,
see the section in the Regulatory Evaluation that describes this
requirement.
Total Cost per Currently Regulated Aircraft Operator
The following figure is a summary of the requirements and
compliance costs of the proposed rule for currently regulated aircraft
operators. As described above, TSA estimated that between 759 and 774
currently regulated small entities would be impacted by the proposed
rule.
Total Compliance Unit Cost, Currently Regulated Aircraft Operators
------------------------------------------------------------------------
Unit cost
Requirement -----------------------------
Low Primary High
------------------------------------------------------------------------
Security Programs and Profiles........... $125 $250 $375
Security Coordinator Duties.............. ........ ........ ........
STAs for Flight Crew..................... 800 800 800
Control Access to Weapons................ ........ ........ ........
Screening of Accessible Property......... ........ ........ ........
Watch-list Matching...................... 245 491 736
Audits................................... 1,464 2,257 3,050
-----------------------------
Total................................ 2,634 3,797 4,960
------------------------------------------------------------------------
Given the uncertainty in this analysis, it was difficult for TSA to
conclusively determine if the proposed rule would have a significant
economic impact on a substantial number of currently regulated aircraft
operators. Although neither the RFA nor the SBA define the term
``significant economic impact,'' TSA attempted to compare compliance
costs to average firm revenues to determine if the rule would have a
considerable economic impact on covered small entities. Unfortunately,
this review proved difficult due to the lack of revenue data on covered
firms.
As previously stated, currently regulated aircraft operators are
likely categorized by the Census Bureau using NAICS codes 481211,
Nonscheduled Chartered Passenger Air Transportation, and 481212,
Nonscheduled Chartered Freight Air Transportation. In 2002, according
to the Economic Census, firms in these industries earned annual
revenues of approximately $3.9 million and $5.0 million, respectively.
For a firm with average annual revenues in either of these industries,
a compliance cost of approximately $2,634 to $4,960 would not likely
constitute a significant economic impact, given that the cost would
equal less than 1 percent of annual revenues.
For the proposed rule to have a significant economic impact on a
currently regulated aircraft operator, the aircraft operator would
likely have to earn annual revenues of approximately $367,000 or less.
In this scenario, the highest estimated compliance costs associated
with the proposed rule would represent approximately 1 percent of the
firm's annual revenue.
While conducting research for this analysis, TSA was unable to
acquire comprehensive revenue data on currently regulated aircraft
operators, and therefore could not make a conclusive determination on
whether these firms would experience a significant economic impact
under the proposed rule. However, in light of the average annual
revenues of firms in the respective industries in 2002, TSA does not
believe the proposed rule would represent a significant economic impact
on a substantial number of currently regulated aircraft operators. TSA
requests comment on this preliminary determination.
Newly Regulated Aircraft Operators
Security Programs and Profiles
As described above, covered aircraft operators would be required to
submit a profile to TSA and to develop and submit a security program.
TSA estimated it would take newly regulated aircraft operators between
8 and 16 hours to review the template security program, assemble the
requisite profile information, and submit the requisite documents to
TSA for review. TSA assumed an average of 12 hours for its primary
estimate. To calculate costs for newly regulated aircraft operators to
review security programs and submit the required profile information,
TSA again multiplied the estimated hourly range by the hourly wage of
$62.43.
Unit Cost: Security Programs/Profiles, Newly Regulated Aircraft Operators
----------------------------------------------------------------------------------------------------------------
Hours Total unit cost
Hourly compensation -----------------------------------------------------------------
Low Primary High Low Primary High
----------------------------------------------------------------------------------------------------------------
a b c d (a x b) (a x c) (a x d)
----------------------------------------------------------------------------------------------------------------
$62.43....................................... 8 12 16 $500 $750 $1,000
----------------------------------------------------------------------------------------------------------------
Security Coordinator Duties
Newly regulated large aircraft operators would be required to
designate Aircraft Operator Security Coordinators (AOSC), Ground
Security Coordinators (GSC), and In-Flight Security Coordinators (ISC),
and ensure they are properly trained. Each security coordinator
position would have unique responsibilities; however, aircraft operator
employees could be trained to
[[Page 64834]]
serve as one or all three of these positions.
The principal AOSC or an alternate, if applicable, must be
available for contact by TSA 24 hours a day, seven days a week to
ensure TSA is able to quickly disseminate any intelligence of a threat
to a specific aircraft operator or industry segment. The AOSC bears the
further responsibility for maintaining any and all records necessary to
demonstrate to an auditor or TSA inspector the aircraft operator's
compliance with its security program. In addition to these AOSC duties,
security coordinators are responsible for the enforcement of policies
and procedures relative to the security of the aircraft, including the
vetting of crew (where required) and passengers which must be carried
out in accordance with the operator's security program. Many of the
aircraft operator requirements discussed in the following cost sections
fall under the responsibility of the security coordinators.
TSA estimated the amount of time security coordinators of newly
regulated aircraft operators would spend on their duties. For a
detailed discussion of these estimates, see the section on security
coordinator duties in the Regulatory Evaluation. The figure below
displays the annual cost per operator of having an AOSC.
Unit Cost: Security Coordinator Duties, Newly Regulated Aircraft Operators
----------------------------------------------------------------------------------------------------------------
Hours Total unit cost
Hourly compensation -----------------------------------------------------------------
Low Primary High Low Primary High
----------------------------------------------------------------------------------------------------------------
a b c d (a x b) (a x c) (a x d)
----------------------------------------------------------------------------------------------------------------
$53.59........................................ 164 284 404 $8,780 $15,210 $21,650
----------------------------------------------------------------------------------------------------------------
Newly regulated aircraft operators would also need to ensure that
security coordinators underwent appropriate security training in order
to carry out their required functions. The AOSC would thus coordinate
with TSA to provide training to GSCs and ISCs. Training would cover
topics such as procedures to notify authorities when dealing with
suspect items, unauthorized access to the aircraft, threat notification
and response, implementation of security directives, and other security
related topics. Security coordinators would be required to complete
both an initial training course and annual recurring training. TSA
again provided a range of estimates of the amount of time newly
regulated operators would spend conducting new and recurring training.
For the purposes of estimating costs for this IRFA, TSA assumed
that an operator would need to conduct an initial and recurring
training of GSCs and ISCs in one year. Although this timeframe is
unlikely, TSA feels that it is a conservative assumption that accounts
for the maximum potential cost of this requirement.
Unit Cost: Security Coordinator Training, Newly Regulated Aircraft
Operators
------------------------------------------------------------------------
Unit cost
Requirement -----------------------------
Low Primary High
------------------------------------------------------------------------
New Training.............................. $460 $680 $890
Recurring Training........................ 230 340 440
-----------------------------
Total................................. 690 1,020 1,330
------------------------------------------------------------------------
Security Threat Assessments for Flight Crews
The proposed rule would also require newly regulated aircraft
operators to ensure that their flight crewmembers undergo security
threat assessments. The STA process would require each flight
crewmember to submit fingerprints, along with information such as name,
date and place of birth, Social Security Number (voluntary), and other
information necessary for TSA to determine whether an applicant has
committed a disqualifying crime or poses a threat to transportation or
national security. For a comprehensive discussion of how TSA derived
the total cost of this provision, see the section of the Regulatory
Evaluation that describes this requirement.
For the purposes of estimating costs for this IRFA, TSA estimated
the cost of flight crews obtaining STAs on a per operator basis. Based
on input from TSA subject matter experts, TSA assumed 1.5 flight
crewmembers per aircraft, and 1.8 aircraft per Part 91 operator and 4
aircraft per part 125 operator. The figure below displays the average
cost that each newly regulated operator would incur as a result of this
NPRM.
Unit Cost: Security Threat Assessments, Newly Regulated Aircraft
Operators
------------------------------------------------------------------------
Total unit cost
Requirement -----------------------------
Low Primary High
------------------------------------------------------------------------
Security Threat Assessment................ $580 $580 $580
------------------------------------------------------------------------
[[Page 64835]]
Control of Access to Weapons
As described in the more comprehensive Regulatory Evaluation and in
the section on currently regulated aircraft operators of this IRFA,
this requirement is anticipated to have a de minimis impact on covered
operators.
Check of Accessible Property
As previously stated, TSA determined that in most cases affected
operators already comply with the anticipated inspection requirements
during the normal course of the pre-flight check. Costs associated with
this responsibility are captured in the security coordinator duties
above.
Watch-List Matching
The estimated cost for WLSP compliance is the same for the newly
covered and existing operators. TSA utilizes the same methodology as
above to estimate the total unit compliance cost for newly regulated
aircraft operators. TSA estimates the cost for compliance would range
from $245 to $736 with a primary cost of $491 per operator.
Audits of Aircraft Operators
Under the proposed rule, each aircraft operator must contract with
an auditor approved by TSA to conduct an audit of the aircraft
operator's compliance with its security program. The cost of this
requirement for newly regulated aircraft operators would be identical
to the cost for currently regulated operators. TSA estimated that the
unit cost of an audit would range from $1,464 to $3,050, with $2,257
being TSA's primary estimate for the cost of this requirement.
Total Cost per Newly Regulated Aircraft Operator
The following figure is a summary of the requirements and
compliance costs of the proposed rule for newly regulated aircraft
operators. TSA estimated that the cost of complying with the proposed
rule would range from $12,259 to $28,356 for newly regulated aircraft
operators. As described above, TSA estimated that between 0 and 9,061
small entities in this operator category would be impacted by the
proposed rule.
Total Compliance Unit Cost, Newly Regulated Aircraft Operators
------------------------------------------------------------------------
Unit cost
Requirement --------------------------------------
Low Primary High
------------------------------------------------------------------------
Security Programs and Profiles... $500 $750 $1,000
Security Coordinator Duties...... 9,470 16,230 22,990
STAs for Flight Crew............. 580 580 580
Control Access to Weapons........ ........... ........... ...........
Screening of Accessible Property. ........... ........... ...........
Watch-list Matching.............. 245 491 736
Audits........................... 1,464 2,257 3,050
--------------------------------------
Total........................ $12,259 $20,308 $28,356
------------------------------------------------------------------------
TSA again encountered analytical difficulties when attempting to
determine if the proposed rule would have a significant economic impact
on a substantial number of newly regulated aircraft operators. As
previously stated, TSA was unable to acquire annual revenue data for
these operators. This lack of information prevented TSA from making a
conclusive determination of the rule's impact on small entities in this
operator category.
For the proposed rule to have a significant economic impact on a
newly regulated aircraft operator, the aircraft operator would likely
have to earn annual revenues of $2.7 million or less. If a firm with
this level of annual revenues incurred compliance costs of $28,356 (the
high estimate in the figure above), it would represent 1 percent of
annual revenue. Given the uncertainty in its estimates, TSA requests
comment on whether the proposed rule would have a significant economic
impact on a substantial number of newly regulated aircraft operators.
Airport Operators
Security Programs and Profiles
The proposed rule would require certain privately-owned airports to
develop security programs and submit security profiles to TSA. TSA
would make available a template partial airport security program that
operators would have the option to either accept without modification
or use as the basis of developing their own security program.
To calculate the unit cost for airports to comply with this
requirement, TSA assumed that nearly all covered airport operators
would choose to adopt the template security program, thereby minimizing
the cost of implementing this requirement. Second, TSA estimated it
would take these newly regulated private airport operators between 8
and 16 hours to review and implement the template security program and
assemble the requisite profile information. TSA adopted an average of
12 hours as its primary estimate. Finally, TSA multiplied each hour
estimate by a middle management wage rate of $31.24 per hour to
generate a unit cost between $250 and $500, with a primary estimate of
$375. The requirement to adopt and submit security programs and
profiles is not recurring; therefore, airport operators would only
incur this cost once over the ten-year period of analysis. This
estimate does not include completion of a risk-based self-assessment
tool that may complement the security program. TSA has requested
comments on whether such a tool should be mandatory but has not set it
forth as a requirement in the proposed rule.
[[Page 64836]]
Unit Cost: Security Programs/Profiles, Airport Operators
----------------------------------------------------------------------------------------------------------------
Hours Total unit cost
Hourly compensation -----------------------------------------------------------------
Low Primary High Low Primary High
a b c d (a x b) (a x c) (a x d)
----------------------------------------------------------------------------------------------------------------
$31.24........................................ 8 12 16 $250 $375 $500
----------------------------------------------------------------------------------------------------------------
Airport Security Coordinators
The proposed rule would also require airport operators to maintain
airport security coordinators (ASC). For a more in-depth discussion of
this requirement, see the airport security coordinator section of the
Regulatory Evaluation.
TSA estimated airport security coordinators would spend an average
of between 0.5 and 1 hour per week on their duties, adopting 0.75 hours
per week as its primary estimate. To calculate the cost on an annual
basis, TSA translated the weekly hour estimates into annual estimates
of 26, 39, and 52 hours, respectively. Finally, to calculate the unit
cost associated with this requirement, TSA multiplied the anticipated
number annual hours by the ASC average hourly cost of compensation. See
the figure below.
Unit Cost: Security Coordinator Duties, Airport Operators
----------------------------------------------------------------------------------------------------------------
Hours Total unit cost
Hourly compensation -----------------------------------------------------------------
Low Primary High Low Primary High
a b c d (a x b) (a x c) (a x d)
----------------------------------------------------------------------------------------------------------------
$31.24........................................ 26 39 52 $810 $1,220 $1,620
----------------------------------------------------------------------------------------------------------------
Airport security coordinators would need to undergo training to
comply with the proposed rule. TSA training requirements for airport
security coordinators differ from those for aircraft operator security
coordinators. ASC training is only offered twice per year by the
American Association of Airport Executives. This 8-hour training course
is taught by professional trainers and requires payment of a $350
registration fee. Since this training is offered at a single location,
TSA estimated ASCs would need to expend an additional $450 to cover
travel and other incidental expenses. TSA assumed the need to travel to
and from the training would effectively add an additional eight hours
to the training.
To estimate the cost of this requirement, the eight hours of class
time are added to the eight hours of assumed travel time for a total of
16 hours of compensated ASC time. TSA estimated airports would need to
train between one and three ASCs in order to meet the requirements that
an ASC be available 24-hours per day. Without more detailed
information, TSA adopted the average for its primary estimate. See the
figure below for a summary of the costs of complying with this
requirement. TSA has requested comments on whether it should adopt a
self-paced training program for these airports that would reduce the
impact of this requirement. For the purposes of the RFA, however, TSA
estimated costs for this requirement as it is proposed in the NPRM.
Unit Cost: Security Coordinator Training, Airport Operators
------------------------------------------------------------------------
Unit cost
Training cost item --------------------------------
Low Primary High
------------------------------------------------------------------------
Training Course Fee.................... ......... $350 .........
Travel Expenses........................ ......... 450 .........
ASC Compensation....................... $500 1,000 $1,500
--------------------------------
Total.............................. 1,300 1,800 2,300
------------------------------------------------------------------------
Total Cost per Airport Operator
Using the estimates described above, TSA concluded that the
proposed rule would impose a compliance cost of between approximately
$2,360 and $4,420 per airport operator. The range of compliance costs
reflects the uncertainty surrounding many of the variables used to
generate the estimates. See the figure below.
Total Compliance Unit Cost, Airport Operators
------------------------------------------------------------------------
Unit cost
Requirement -----------------------------
Low Primary High
------------------------------------------------------------------------
Security Program and Profile.............. $250 $375 $500
ASC Duties................................ 810 1,220 1,620
[[Page 64837]]
ASC Training.............................. 1,300 1,800 2,300
-----------------------------
Total................................. 2,360 3,395 4,420
------------------------------------------------------------------------
After making the estimates described above, TSA has initially
concluded that the proposed rule would not impose a significant
economic impact on a substantial number of privately-owned airport
operators. In 2002, the latest year for which data are available, firms
in this industry earned on average approximately $3.8 million in annual
revenue according to the U.S. Census Bureau. The cost of complying with
the proposed rule, as calculated above, would therefore represent less
than 1 percent of revenue for a firm with average industry revenues.
Alternatively, if an airport operator incurred the highest estimated
compliance cost described above ($4,420), it would need annual revenues
of less than $442,000 for the proposed rule to impose costs of 1
percent of firm revenue. Consequently, TSA has initially determined
that the rule would not impose a significant economic impact on these
types of firms. TSA seeks comment on this preliminary conclusion.
As stated above, the proposed rule would also affect publicly owned
airports. These airport operators would have to follow the same
requirements as privately-held airport operators: adopt security
programs, submit security profiles to TSA, and designate and maintain
airport security coordinators.
Because the requirements for these airports are the same as for the
privately-owned airports, TSA estimated the unit compliance costs using
the same methodology. As stated above, TSA calculated that the proposed
rule would impose a cost of between $2,360 and $4,420 per airport
operator. Although these airports are publicly owned, TSA was unable to
locate revenue information for them. The Agency was thus unable to
compare compliance costs to revenue in order to make a judgment on
whether the costs represent a significant economic impact to these
firms.
TSA therefore requests comment on whether the proposed rule would
have a significant economic impact on the 68 to 74 publicly owned small
airport operators that TSA identified in its research. Specifically,
TSA requests any information that would allow it to compare estimated
compliance costs to revenues typically earned by these types of airport
operators.
Significant Alternatives Considered
TSA considered four substantive alternatives to the proposed
regulation that would have reduced compliance costs for small
businesses. First, TSA considered using the current method of watch-
list matching employed by aircraft operators under the TFSSP and PCSSP
rules. Second, TSA considered using TSA inspectors to conduct audits
instead of TSA approved third party auditors. Third, TSA considered
leveraging the Secure Flight program currently under development, which
would use a web-based application for transmission of passenger
information to the Secure Flight vetting engine. Fourth, TSA evaluated
the incremental impact of raising the aircraft weight threshold from
12,500 pounds MTOW to 16,500 pounds MTOW and the incremental impact of
lowering the aircraft weight threshold to 10,500 pounds MTOW. This
section describes those alternatives relative to the proposed
regulation. TSA invites comments on these or other substantive
alternatives to the proposed rule.
TSA Inspectors
TSA considered using TSA inspectors instead of approved third-party
auditors to complete the audits proposed in the rule. Under such a
scenario, TSA would need to hire several new employees to complete the
inspections. Each operator would complete a TSA inspection every other
year. Because TSA would conduct all of the inspections, aircraft
operators would no longer pay a biennial fee for audits. This
arrangement would reduce the primary unit cost estimate for newly
regulated small aircraft operators from $20,308 to $18,051. Assuming a
``significant impact'' is 1 percent of an operator's revenues, this
change would reduce the number of affected small entities to those
having annual revenues less than $2.5 million. Unfortunately, TSA was
unable to estimate how many operators would be affected by this change
and, as noted in the alternatives analysis in the Regulatory
Evaluation, TSA requests comments that would enable it to quantify
these impacts.
Watch-List Matching
TSA considered requiring all large aircraft operators to conduct
watch-list matching as currently done under the Twelve-Five and Private
Charter Rules. These aircraft operators currently run their passengers
against the No Fly List, which they retrieve from TSA. The proposed
rule would require aircraft operators to send passenger information to
a TSA-approved watch-list service provider. The alternative to the
proposed rule is to extend the current method of watch-list matching
under the Twelve-Five and Private Charter Rules to large aircraft
operators that are not currently required to have a security program.
Operationally, this would require that a total of approximately 9,835
aircraft operators have direct access to the watch-list from TSA.
TSA has rejected this alternative based on security grounds.
Expanding direct access to the watch-list from 750 aircraft operators
today to 9,835 under this alternative increases the opportunity for the
list to be compromised and would contradict other TSA initiatives to
limit distribution of the watch-lists. To limit the number of entities
that have access to the watch-list, TSA proposes to require large
aircraft operators to submit passenger information to a TSA-approved
watch-list service provider. The proposal would reduce the number of
entities with direct access to the watch-list, thus improving security.
Secure Flight Web-Based Application
TSA has indicated the use of a web-based application for some
transmissions of passenger information to the Secure Flight vetting
engine. While the design and development of the Secure Flight web-based
application is in its early stages, TSA subject matter experts have
provided two approaches to extending an already established web-based
application. These costs reflect an early stage of development and
cannot, given this early stage, include costs that may be identified as
TSA proceeds with system development. The first approach would
[[Page 64838]]
be developed and implemented with the absence of an implemented LASP
and would amount to $23.2 million undiscounted over ten years. This
approach posits that without an implemented LASP, Secure Flight would
be required to establish a relationship with each of the aircraft
operators. TSA would work with aircraft operators to develop the
formatting and transmission procedures for not only for the upload of
passenger information but also the download of passenger vetting
results. These out-reach or ramp-up activities will be borne by the
Secure Flight process. The second approach would be developed and
implemented with the ability to leverage activities associated with a
fully implemented LASP and would amount to $24.2 million undiscounted
over ten years. This approach posits that an implemented LASP would
establish a relationship with each of the aircraft operators during the
initial deployment of the watch-list service provider process. During
this period both TSA and the watch-list service providers would work
with aircraft operators to develop the formatting and transmission
procedures for not only for the upload of passenger information but
also the download of passenger vetting results. As a result, Secure
Flight would assume a relatively mature process.
Comparison of the First Three Alternatives
TSA opted for the proposed plan as the more efficient and effective
way of applying its limited compliance and enforcement resources
towards the objective of increasing security. The use of third-parties
would allow TSA to meet its security mission into four important ways.
First, third-party auditors would increase effective TSA oversight
by reviewing each aircraft operator's compliance with its security
program six months after TSA approves its security program and every
two years thereafter.
Second, given the number of large aircraft operators (approximately
10,000), the third-party auditor program would allow TSA to ramp up
more quickly thereby obtaining the assessment of all large aircraft
operators more quickly relative to a program that relied solely on TSA
inspectors, given the associated hiring and training associated with
new hires.
Third, the third-party auditor program would allow TSA to focus
more of its compliance and enforcement resources on aircraft operators
that are experiencing problems with implementing and complying with
their security programs.
Fourth, the watch-list matching service providers would provide the
needed security and do so in a timely fashion. Given the security
concerns, TSA believes a reliable mechanism for watch-list matching for
large aircraft must be operational without undue delay. While the
Secure Flight Program would also provide a reliable mechanism, its
development is likely to be several years away and it is likely that it
would not be available to address this important security need when TSA
would be ready to implement the LASP.
This proposal is consistent with current practices in the aviation
industry, which frequently rely on the Federal Aviation
Administration's designee program. This type of program has been
successfully implemented in other related aviation requirements.
Additionally, the GA industry is very familiar with the third party
auditor concept as it relates to safety inspections. Many GA operators
undergo third party audits each year to comply with customer
requirements. The proposal should be easily integrated into most GA
operator's existing audit schedules.
Evaluating Different Aircraft Weight Thresholds
The determination of weight must take into account a number of
factors such as the effect on international harmonization, existing
policies and programs, and the economic effect on the GA community.
Discussed below are two alternatives to the threshold weight issue.
Alternative 1: Lower threshold weight to 10,500 pounds MTOW. This
solution will reduce the associated risk and number of unknown aircraft
operators by incorporating an additional 3,000-5,000 aircraft into a
mandatory security program. This alternative would also include a
portion of currently unregulated types of aircraft, including large
turboprops and smaller jet aircraft. However, in order to successfully
implement this threshold weight, significant modifications to existing
security programs and new rulemaking would be required, which would
result in delayed program/rule timelines. These additional aircraft
require TSA oversight and place an additional strain on existing TSA
resources. Furthermore, this change would require additional
international coordination, since TSA would be moving away from the
globally accepted International Civil Aviation Organization standards.
TSA estimates the cost impact of option one, in terms of
undiscounted annualized dollars would add $23.7 million to the
undiscounted annualized cost of the rule as proposed.
Alternative 2: Raise threshold weight to 16,000 pounds MTOW. This
option would reduce the number of regulated aircraft and parties by
approximately 9,000 aircraft which would ultimately decrease the
inspection requirements on TSA resources. However, excluding these
aircraft would increase the potential risk and could result in higher
damage potential. TSA believes that this increased risk and damage
potential of aircraft between greater than 12,500 pounds MTOW and
16,000 pounds MTOW are not justified by the reduction in cost.
Furthermore, moving away from the common greater than 12,500 pounds
MTOW threshold will yield the same concerns discussed in alternative
one.
TSA estimates the cost impact of option two, in terms of
undiscounted annualized dollars would subtract $26.4 million from the
undiscounted annualized cost of the rule as proposed.
Based on the above discussion and analysis by TSNM-GA technical
experts, the program office recommends that the threshold of greater
than 12,500 pounds MTOW be maintained as the recognized security
threshold weight standard for current and future GA security programs
and policies. Selecting a lower threshold weight would improve security
because more aircraft would be subject to the LASP but would also
increase the burden to industry to the point where the burden may not
be fully supported by increased security. Selecting a higher threshold
weight would lower the burden on the industry because a lower number of
aircraft would be subject to the LASP. However, with this higher
threshold weight, the proposed LASP would not cover many aircraft that
can cause significant damage if used as a missile or to deliver a
biological, chemical, or nuclear weapon. TSA believes that mitigating
the potential security risk and damage potential of large aircraft
16,000 pounds MTOW or under outweighs the cost difference.
Consequently, TSA believes that the weight threshold of greater than
12,500 pounds MTOW is the appropriate balance of risk and burden.
Identification of Duplication, Overlap, and Conflict With Other Federal
Rules
TSA has identified an overlap between the proposed LASP and U.S.
Customs and Border Protection's (CBP) regulations governing its Advance
Passenger Information System (APIS). CBP requires certain aircraft
flying to or from the United States to submit passenger manifests to
APIS for
[[Page 64839]]
comparison to the watch-lists. CBP's watch-list comparison would thus
duplicate TSA's proposed requirement that large aircraft operators
submit passenger information to watch-list service providers for
comparison to the watch-lists.
In recognition of this overlap, TSA would exempt a flight from its
watch-list requirement flights covered by its NPRM that also are
subject to APIS regulations.
Preliminary Conclusion
Based on this preliminary analysis, TSA has made no determination
whether the proposed rule would have a significant economic impact on a
substantial number of small entities under section 605(b) of the RFA.
TSA requests comment on all aspects of this analysis. TSA will make a
final determination in the Final Regulatory Flexibility Analysis for
the Final Rule.
3. International Trade Impact Assessment
The Trade Agreement Act of 1979 prohibits Federal agencies from
establishing any standards or engaging in related activities that
create unnecessary obstacles to the foreign commerce of the United
States. Legitimate domestic objectives, such as safety, are not
considered unnecessary obstacles. The statute also requires
consideration of international standards and, where appropriate, that
they be the basis for U.S. standards. TSA has assessed the potential
effect of this notice of proposed rulemaking and has determined this
rule would not have an adverse impact on international trade.
4. Unfunded Mandates Assessment
The Unfunded Mandates Reform Act of 1995 is intended, among other
things, to curb the practice of imposing unfunded Federal mandates on
State, local, and tribal governments. Title II requires each Federal
agency to prepare a written statement assessing the effects of any
Federal mandate in a proposed or final agency rule that may result in
an expenditure of $100 million or more (adjusted annually for
inflation) in any one year by State, local, and tribal governments, in
the aggregate, or by the private sector; such a mandate is deemed to be
a ``significant regulatory action.'' This notice of proposed rulemaking
does not exceed this threshold for State, local, and tribal
governments; however, proposed security measures for city- or county-
owned airports may nevertheless impose a burden on some small
municipalities. The impact on the overall economy does exceed the
threshold, resulting in an unfunded mandate on the private sector. This
regulatory evaluation documents costs and alternatives. TSA will
publish a final analysis, including its response to public comments,
when it publishes a final rule.
A. Executive Order 13132, Federalism
TSA has analyzed this notice of proposed rulemaking under the
principles and criteria of E.O. 13132, Federalism. We determined that
this action will not have a substantial direct effect on the States, or
the relationship between the National Government and the States, or on
the distribution of power and responsibilities among the various levels
of government, and therefore, does not have federalism implications.
B. Environmental Analysis
TSA has reviewed this action for purposes of the National
Environmental Policy Act of 1969 (42 U.S.C. 4321-4347) and has
determined that this action will not have a significant effect on the
human environment.
C. Energy Impact Analysis
TSA has assessed the energy impact of the action in accordance with
the Energy Policy and Conservation Act (EPCA), Public Law 94-163, as
amended (42 U.S.C. 6362). We have determined that this rulemaking is
not a major regulatory action under the provisions of the EPCA.
List of Subjects
49 CFR Part 1515
Appeals, Commercial drivers license, Criminal history background
checks, Explosives, Facilities, Hazardous materials, Incorporation by
reference, Maritime security, Motor carriers, Motor vehicle carriers,
Ports, Seamen, Security measures, Security threat assessment, Vessels,
Waivers.
49 CFR Part 1520
Air transportation, Law enforcement officers, Reporting and
recordkeeping requirements, Security measures.
49 CFR Part 1522
Accounting, Aircraft operators, Aviation safety, Reporting and
recordkeeping requirements, Security measures.
49 CFR Part 1540
Aircraft operators, Airports, Aviation safety, Law enforcement
officers, Reporting and recordkeeping requirements, Security measures.
49 CFR Part 1542
Airports, Arms and munitions, Aviation safety, Law enforcement
officers, Reporting and recordkeeping requirements, Security measures.
49 CFR Part 1544
Aircraft, Aircraft operators, Airmen, Airports, Arms and munitions,
Aviation safety, Explosives, Freight forwarders, Law enforcement
officers, Reporting and recordkeeping requirements, Security measures.
49 CFR Part 1550
Aircraft, Aviation safety, Security measures.
The Proposed Amendments
In consideration of the foregoing, the Transportation Security
Administration proposes to amend Chapter XII of Title 49, Code of
Federal Regulations, as follows:
SUBCHAPTER A--ADMINISTRATIVE AND PROCEDURAL RULES
PART 1515--APPEAL AND WAIVER PROCEDURES FOR SECURITY THREAT
ASSESSMENTS FOR INDIVIDUALS
1. The authority for part 1515 continues to read as follows:
Authority: 46 U.S.C. 70105; 49 U.S.C. 114, 5103a, 40113, and
46105; 18 U.S.C. 842, 845; 6 U.S.C. 469.
2. Amend Sec. 1515.1 by revising paragraph (a) to read as follows:
Sec. 1515.1 Scope.
(a) Appeal. This part applies to applicants who are appealing an
Initial Determination of Threat Assessment or an Initial Determination
of Threat Assessment and Immediate Revocation in a security threat
assessment as described in:
(1) 49 CFR part 1572 for a hazardous materials endorsement (HME) or
a Transportation Worker Identification Credential (TWIC);
(2) 49 CFR part 1540, subpart C, for air cargo workers; or
(3) 49 CFR part 1544, subpart G, for large aircraft flight crew
members, individuals authorized to perform screening functions, TSA-
approved auditors and watch-list service provider covered personnel.
* * * * *
3. Amend Sec. 1515.5 by revising introductory text in paragraphs
(a), (c), and (h), and adding paragraphs (a)(4) and (h)(3) to read as
follows:
[[Page 64840]]
Sec. 1515.5 Appeal of Initial Determination of Threat Assessment
based on criminal conviction, immigration status, or mental capacity.
(a) Scope. This section applies to applicants appealing from an
Initial Determination of Threat Assessment that was based on one or
more of the following:
* * * * *
(4) TSA has determined that a large aircraft flight crew member, an
individual authorized to perform screening functions, an applicant to
become a TSA-approved auditor, or a watch-list service provider covered
personnel has a disqualifying criminal offense described in 49 CFR
1544.229(d).
* * * * *
(c) Final Determination of Threat Assessment. (1) If the Assistant
Administrator concludes that an HME or TWIC applicant does not meet the
standards described in 49 CFR 1572.103, 1572.105, or 1572.109, or that
a large aircraft flight crew member, an individual authorized to
perform screening functions, an applicant to become a TSA-approved
auditor, or a service provider covered personnel does not meet the
requirements in 49 CFR 607, TSA serves a Final Determination of Threat
Assessment upon the applicant. In addition--
* * * * *
(h) Appeal of immediate revocation. If TSA directs an immediate
revocation, the applicant may appeal this determination by following
the appeal procedures described in paragraph (b) of this section. This
applies--
* * * * *
(3) If TSA withdraws a Determination of No Security Threat issued
to a large aircraft flight crew member, an individual authorized to
perform screening functions, a TSA-approved auditor, or a service
provider covered personnel.
4. Amend Sec. 1515.9 by revising the introductory text in
paragraphs (a) and (f), and adding paragraphs (a)(3) and (f)(4) to read
as follows:
Sec. 1515.9 Appeal of security threat assessment based on other
analyses.
(a) Scope. This section applies to an applicant appealing an
Initial Determination of Threat Assessment as follows:
* * * * *
(3) TSA had determined that a large aircraft flight crew member, an
individual authorized to perform screening functions, an applicant to
become a TSA-approved auditor, or a watch-list service provider covered
personnel poses a security threat as provided in 49 CFR 1544.609.
* * * * *
(f) Appeal of immediate revocation. If TSA directs an immediate
revocation, the applicant may appeal this determination by following
the appeal procedures described in paragraph (b) of this section. This
applies--
* * * * *
(4) If TSA withdraws a Determination of No Security Threat issued
to a large aircraft flight crew member, an individual authorized to
perform screening functions, a TSA-approved auditor, or a service
provider covered personnel.
5. Amend Sec. 1515.11 by revising the introductory text in
paragraph (a) and adding paragraph (a)(4) to read as follows:
Sec. 1515.11 Review by administrative law judge and TSA Final
Decision Maker.
(a) Scope. This section applies to the following applicants:
* * * * *
(4) A large aircraft flight crew member, an individual authorized
to perform screening functions, a TSA-approved auditor, or a service
provider covered personnel, or an applicant to become one, who has been
issued a Final Determination of Threat Assessment after an appeal as
described in 49 CFR 1515.5 or 1515.9.
* * * * *
SUBCHAPTER B--SECURITY RULES FOR ALL MODES OF TRANSPORTATION
PART 1520--PROTECTION OF SENSITIVE SECURITY INFORMATION
6. The authority citation for part 1520 continues to read as
follows:
Authority: 46 U.S.C. 70102-70106, 70117; 49 U.S.C. 114, 40113,
44901-44907, 44913-44914, 44916-44918, 44935-44936, 44942, 46105.
7. Amend Sec. 1520.5 by revising paragraph (b)(1)(i) to read as
follows:
Sec. 1520.5 Sensitive security information.
* * * * *
(b) * * *
(1) * * *
(i) Any aircraft operator, airport operator, watch-list service
provider, or fixed base operator security program, or security
contingency plan under this chapter;
* * * * *
8. Amend Sec. 1520.7 by revising the introductory text and
paragraph (a) to read as follows:
Sec. 1520.7 Covered persons.
Persons subject to the requirements of part 1520 are:
(a) Each airport operator, aircraft operator, TSA-approved auditor,
independent public accounting firm attesting to compliance under part
1544, subpart F, watch-list service provider, and fixed base operator
subject to the requirements of subchapter C of this chapter, and each
armed security officer under subpart B of part 1562.
* * * * *
9. Add new part 1522 to subchapter B to read as follows:
PART 1522--TSA-APPROVED AUDITORS
Subpart A--General
Sec.
1522.1 Scope and terms used in this part.
1522.3 Qualifications.
1522.5 Application.
1522.7 TSA review and approval.
1522.9 Reconsideration of disapproval of an application.
1522.11 Withdrawal of approval.
1522.13 Responsibilities of TSA-approved auditors.
1522.15 Fraud and intentional falsification of records.
1522.17 TSA Inspection authority.
Subpart B [Reserved]
Subpart C--Auditors for the Large Aircraft Security Program.
Sec.
1522.201 Applicability.
1522.203 Additional qualification requirements.
1522.205 Audit report.
1522.207 Training.
1522.209 Biennial Review.
Authority: 49 U.S.C. 114, 5103, 40113, 44901-44907, 44913-44914,
44916-44918, 44932, 44935-44936, 44942, 46105.
PART 1522--TSA-APPROVED AUDITORS
Subpart A--General
Sec. 1522.1 Scope and terms used in this part.
(a) This part governs the approval and responsibilities of persons
conducting security audits of large aircraft operators that are
required to have a security program under part 1544.
(b) In addition to the terms in Sec. Sec. 1500.3 and 1540.5 of
this chapter, the following terms apply in this part:
Applicant means an individual who seeks to become a TSA-approved
auditor under this part.
Conflict of interest means a situation when the TSA-approved
auditor has impairments that might affect their ability to do their
work and report their findings impartially. Examples of situations
where a TSA-auditor would have a conflict of interest include but are
not limited to any of the following:
(1) The TSA-approved auditor has official, professional, personal,
or
[[Page 64841]]
financial relationships that might cause an auditor to limit the extent
of the inquiry, to limit disclosure, or to weaken or distort audit
findings in any way.
(2) The TSA-approved auditor had previous responsibility for
decision-making or managing an entity that would affect current
operations of the entity or program being audited.
(3) The TSA-approved auditor currently or previously maintained the
official records that are the subject of the audit.
(4) The TSA-approved auditor has financial interest that is direct,
or is substantial though indirect, in the audited entity or program.
(5) An immediate family member of the TSA-approved auditor is an
officer of the operator that is the subject of the audit.
(6) The TSA-approved auditor or an entity with which the TSA-
approved auditor has an employment relationship provides to the
operator being audited non-audit services that relate to the operator's
security program.
TSA-approved auditor or auditor means any individual who has been
approved under this part to conduct an audit required under this
chapter.
Sec. 1522.3 Qualifications.
To be considered for approval as an auditor, the applicant must--
(a) Have sufficient facilities, resources, and personnel to perform
the required audit responsibilities;
(b) Have knowledge of the Federal statutory and regulatory
requirements and experience understanding and interpreting Federal
statutes and regulations;
(c) Have sufficient, relevant experience to perform the required
audit responsibilities;
(d) Obtain a certification or accreditation from an organization
that TSA recognizes as qualified to certify or accredit an auditor for
the type of audit that the applicant seeks to perform; and
(e) Demonstrate the ability to prepare clear and thorough written
reports and other documents required for the auditing function they
will perform and demonstrate excellent oral communication skills.
Sec. 1522.5 Application.
(a) Each applicant must submit an application in a form and manner
prescribed by TSA.
(b) An application must include the following information:
(1) The applicant's full name, business address, business phone
number, and business email address;
(2) A copy of the applicant's certification from an organization
that TSA recognizes as qualified to certify or accredit an auditor for
the type of audit that the applicant seeks to perform; and
(3) A statement of how the applicant meets the qualifications set
forth on Sec. 1522.3.
Sec. 1522.7 TSA review and approval.
(a) Review. Upon receiving an application, TSA will review the
application. TSA will approve the application if the applicant meets
the qualifications described in Sec. 1522.3 and other applicable
qualifications described in this part and TSA determines that approval
is in the interest of safety and the public.
(b) Approval. If an application is approved, TSA will send the
applicant a written notice of approval. Once approved, an auditor may
conduct audits in which he or she does not have a conflict of interest.
(c) Disapproval. TSA will send a written notice of disapproval to
an applicant whose application is disapproved. The notice of
disapproval will include the basis of the disapproval of the
application.
Sec. 1522.9 Reconsideration of disapproval of an application.
(a) Petition for reconsideration. If an application is disapproved,
the applicant may seek reconsideration of the decision by submitting a
written petition for reconsideration to the Assistant Secretary or
designee within 30 days of receiving the notice of disapproval. The
written petition for reconsideration must include a statement and any
supporting documentation explaining why the applicant believes the
reason for disapproval is incorrect.
(b) Review of petition. Upon review of the petition for
reconsideration, the Assistant Secretary or designee disposes of the
petition by either affirming the disapproval of the application or
approving the application. The Assistant Secretary or designee may
request additional information from the applicant prior to rendering a
decision.
Sec. 1522.11 Withdrawal of approval.
(a) Basis for withdrawal of approval. TSA may withdraw approval of
a TSA-approved auditor if the auditor ceases to meet the standards for
approval, fails to fulfill his or her responsibilities under Sec.
1522.11, or it is in the interest of security or the public, such as
failure to report an imminent threat under Sec. 1522.11(c).
(b) Notice of withdrawal of approval. (1) Except as provided in
paragraph (c) of this section, TSA will provide a written notice of
proposed withdrawal of approval to the auditor.
(2) The notice of proposed withdrawal of approval will include the
basis of the withdrawal of approval.
(3) Unless the auditor files a written petition for reconsideration
under paragraph (d) of this section, the notice of proposed withdrawal
of approval will become a final notice of withdrawal of approval 31
days after the auditor's receipt of the notice of proposed withdrawal
of approval.
(c) Emergency notice of withdrawal of approval. (1) If TSA finds
that there is an emergency requiring immediate action with respect to a
TSA-approved auditor's ability to perform audits, TSA may withdraw
approval of that auditor without prior notice.
(2) TSA will incorporate in the emergency notice of withdrawal of
approval a brief statement of the reasons and findings for the
withdrawal of approval.
(3) The emergency notice of withdrawal of approval is effective
upon the TSA-approved auditor's receipt of the notice. The auditor may
file a written petition for reconsideration under paragraph (d) of this
section; however, this petition does not stay the effective date of the
emergency notice of withdrawal of approval.
(d) Petition for reconsideration. An auditor may seek
reconsideration of the withdrawal of approval by submitting a written
petition for reconsideration to the Assistant Secretary or designee
within 30 days of receiving the notice of withdrawal of approval.
(e) Review of petition. Upon review of the written petition for
reconsideration, the Assistant Secretary or designee disposes of the
petition by either affirming or withdrawing the notice of withdrawal of
approval. The Assistant Secretary or designee may request additional
information from the auditor prior to rendering a decision.
Sec. 1522.13 Responsibilities of TSA-approved auditors.
(a) Standards for audit. Each auditor must perform an audit, in a
form and manner prescribed by TSA, to determine whether the operator is
in compliance with applicable TSA requirements.
(b) Conflict of interest. No auditor may undertake an audit in
which he or she has a conflict of interest as defined in Sec. 1552.1.
(c) Audit report. Each auditor must prepare and submit a report, in
a form and manner prescribed by TSA, for each audit that he or she
performs.
(d) Immediate notification to TSA. If during the course of an audit
the auditor believes that there is or may be an instance of
noncompliance with TSA
[[Page 64842]]
requirements that presents an imminent threat to transportation
security or public safety, the auditor must report the instance
immediately to TSA.
(e) Change in information. Each auditor must inform TSA of any
change in the information described in Sec. 1522.3 and 1522.5.
(f) No authorization to take remedial or disciplinary action. The
auditor is not authorized to require any remedial or disciplinary
action against the person subject to the audit.
(g) Sensitive Security Information. Each TSA-approved auditor must
comply with the requirements in 49 CFR part 1520 regarding the handling
and protection of Sensitive Security Information.
(h) Non-disclosure of proprietary information. Unless explicitly
authorized by TSA, each auditor may not make an unauthorized release or
dissemination of any information that TSA or a large aircraft operator
indicates as proprietary information and provides to the auditor.
Sec. 1522.15 Fraud and intentional falsification of records.
No auditor may make, or cause to be made, any of the following:
(a) Any fraudulent or intentionally false statement in any
application under this part.
(b) Any fraudulent or intentionally false entry in any record or
report that is kept, made, or used to show compliance with this
subchapter, or exercise any privileges under this part.
(c) Any reproduction or alteration, for fraudulent purpose, of any
report, record, security program, access medium, or identification
medium issued or submitted under this part.
Sec. 1522.17 TSA inspection authority.
(a) Each TSA-approved auditor must allow TSA, at any time or place,
to make any inspections, including copying records, to determine
compliance of a TSA-approved auditor or an operator required to submit
to an audit under this subchapter with:
(1) This subchapter and any security program under this subchapter,
and part 1520 of this chapter; and
(2) 49 U.S.C. Subtitle VII, as amended.
(b) At the request of TSA, each TSA-approved auditor must provide
evidence of compliance with this part.
Subpart B [Reserved]
Subpart C--Auditors for the Large Aircraft Security Program
Sec. 1522.201 Applicability.
This subpart applies to auditors who seek to obtain approval from
TSA to conduct audits of operators of large aircraft that are required
to have a security program under 49 CFR 1544.101(b).
Sec. 1522.203 Additional qualification requirements.
In addition to the requirements set forth in Sec. 1522.3, an
applicant seeking to obtain approval to audit aircraft operators that
are required to have a security program under 49 CFR 1544.101(b) must
have the following qualifications:
(a) The applicant must have at least five years of experience in
inspection or auditing compliance with State or Federal regulations in
the security industry, the aviation industry, or government programs.
The five years of experience must have been obtained within 10 years of
the date of the application.
(b) The applicant must present three professional references that
address the applicant's abilities in inspection or auditing and written
communications.
(c) Maintain a current accreditation or certification required in
Sec. 1522.3(d).
(d) The applicant must have sufficient knowledge of, and ability to
determine compliance with, regulations, policies, directives, rules,
and regulations, pertaining to the large aircraft security program.
(e) The applicant must have sufficient knowledge of and ability to
apply the concepts, principles, and methods of compliance with the
requirements of the large aircraft security program to include
assessment, inspection, investigation, and reporting of compliance with
the large aircraft security program.
(f) The applicant must successfully undergo a security threat
assessment under 49 CFR part 1544, subpart G, and have a valid
Determination of No Security Threat.
Sec. 1522.205 Audit report.
(a) Each TSA-approved auditor must prepare and submit a written
audit report to TSA in a manner and form prescribed by TSA within 30
days of completing an audit.
(b) The audit report must include the following information:
(1) A description of the facilities, equipment, systems, processes,
and/or procedures that were audited.
(2) The auditor's findings regarding the operator's compliance with
TSA requirements.
(3) Conclusions on the systems, processes, and/or procedures that
were audited.
(4) Signed attestation by the auditor that he or she did not have
any conflicts of interest in conducting the audit and that the audit
was conducted impartially, professionally, and consistent with the
standards set forth by TSA.
(5) The third party auditor must retain copies of completed audit
reports for 36 calendar months.
Sec. 1522.207 Training.
(a) Initial training. Each TSA-approved auditor must complete the
initial training prescribed by TSA before conducting any audit under
this subchapter.
(b) Recurrent training. Each TSA-approved auditor must complete
recurrent training prescribed by TSA 24 months after his or her most
recent TSA-prescribed training. If the TSA-approved auditor completes
the recurrent training in the month before or the month after it is
due, the TSA-approved auditor is considered to have taken it in the
month it is due.
Sec. 1522.209 Biennial review.
(a) Initial review. Except as otherwise required by TSA, each TSA-
approved auditor must submit the following information within 24 months
after the auditor is approved under Sec. 1522.5. If the TSA-approved
auditor submits the following information in the month before or the
month after it is due, the TSA-approved auditor is considered to have
submitted the information in the month it is due:
(1) Evidence that the auditor successfully completed the initial
training under Sec. 1522.207(a) and any recurrent training described
Sec. 1522.207(b); and
(2) Evidence that the auditor continues to be certified or
accredited by an organization that TSA recognizes as qualified to
certify or accredit an auditor for the large aircraft security program.
(b) Recurrent review. Except as otherwise required by TSA, each
TSA-approved auditor must submit the following information 24 months
after the auditor submitted the information required under paragraph
(a) or (b) of this section. If the TSA-approved auditor submits the
following information in the month before or the month after it is due,
the TSA-approved auditor is considered to have submitted the
information in the month it is due:
(1) Evidence that the auditor successfully completed the initial
training under Sec. 1522.207(a) and any recurrent training described
Sec. 1522.207(b); and
(2) Evidence that the auditor continues to be certified or
accredited by an organization that TSA recognizes
[[Page 64843]]
as qualified to certify or accredit an auditor for the large aircraft
security program.
SUBCHAPTER C--CIVIL AVIATION SECURITY
PART 1540--CIVIL AVIATION SECURITY: GENERAL RULES
10. The authority citation for part 1540 continues to read as
follows:
Authority: 49 U.S.C. 114, 5103, 40113, 44901-44907, 44913-44914,
44916-44918, 44935-44936, 44942, 46105.
Subpart A--General
11. Amend Sec. 1540.5 by adding the definition of ``Standard
security program'' in alphabetical order to read as follows:
Sec. 1540.5 Terms used in this subchapter.
* * * * *
Standard security program means a security program issued by TSA
that serves as a baseline for a particular type of operator. If TSA has
issued a standard security program for a particular type of operator,
unless otherwise authorized by TSA, each operator's security program
consists of the standard security program together with any amendments
and alternative procedures approved or accepted by TSA.
* * * * *
Subpart B--Responsibilities of Passengers and Other Individuals and
Persons
12. Revise Sec. 1540.107(c) to read as follows:
Sec. 1540.107 Submission to screening and inspection.
* * * * *
(c) An individual must provide his or her full name, as defined in
Sec. 1560.3, when--
(1) The individual makes a reservation for a covered flight, as
defined in Sec. 1560.3.
(2) The individual makes a request for authorization to enter a
sterile area.
(3) An aircraft operator described in Sec. 1544.101(b) requests
the individual's full name under Sec. 1544.245(b).
13. Add new subpart D to part 1540 to read as follows:
Subpart D--Responsibilities of Holders of TSA-Approved Security
Programs
Sec. 1540.301 Withdrawal of approval of a security program.
(a) Applicability. This section applies to holders of a security
program approved or accepted by TSA under 49 CFR chapter XII,
subchapter C.
(b) Withdrawal of security program approval. TSA may withdraw the
approval of a security program, if TSA determines continued operation
is contrary to security and the public interest, as follows:
(1) Notice of proposed withdrawal of approval. TSA will serve a
Notice of Proposed Withdrawal of Approval, which notifies the holder of
the security program, in writing, of the facts, charges, applicable
law, regulation, or order that form the basis of the determination.
(2) Security program holder's reply. The holder of the security
program may respond to the Notice of Proposed Withdrawal of Approval no
later than 15 calendar days after receipt of the withdrawal by
providing the designated official, in writing, with any material facts,
arguments, applicable law, and regulation.
(3) TSA review. The designated official will consider all
information available, including any relevant material or information
submitted by the holder of the security program, before either issuing
a Withdrawal of Approval of the security program or rescinding the
Notice of Proposed Withdrawal of Approval. If TSA issues a Withdrawal
of Approval, it becomes effective upon receipt by the holder of the
security program, or 15 calendar days after service, whichever occurs
first.
(4) Petition for reconsideration. The holder of the security
program may petition TSA to reconsider its Withdrawal of Approval by
serving a petition for consideration no later than 15 calendar days
after the holder of the security program receives the Withdrawal of
Approval. The holder of the security program must serve the Petition
for Reconsideration on the designated official. Submission of a
Petition for Reconsideration will not stay the Withdrawal of Approval.
The holder of the security program may request the designated official
to stay the Withdrawal of Approval pending review of and decision on
the Petition.
(5) Assistant Secretary's review. The designated official transmits
the Petition together with all pertinent information to the Assistant
Secretary for reconsideration. The Assistant Secretary will dispose of
the Petition within 15 calendar days of receipt by either directing the
designated official to rescind the Withdrawal of Approval or by
affirming the Withdrawal of Approval. The decision of the Assistant
Secretary constitutes a final agency order subject to judicial review
in accordance with 49 U.S.C. 46110.
(6) Emergency withdrawal. If TSA finds that there is an emergency
with respect to aviation security requiring immediate action that makes
the procedures in this section contrary to the public interest, the
designated official may issue an Emergency Withdrawal of Approval of a
security program without first issuing a Notice of Proposed Withdrawal
of Approval. The Emergency Withdrawal would be effective on the date
that the holder of the security program receives the emergency
withdrawal. In such a case, the designated official will send the
holder of the security program a brief statement of the facts, charges,
applicable law, regulation, or order that forms the basis for the
Emergency Withdrawal. The holder of the security program may submit a
Petition for Reconsideration under the procedures in paragraphs (b)(4)
through (b)(5) of this section; however, this petition will not stay
the effective date of the Emergency Withdrawal.
(c) Service of documents for withdrawal of approval of security
program proceedings. Service may be accomplished by personal delivery,
certified mail, or express courier. Documents served on the holder of a
security program will be served at its official place of business as
designated in its application for approval or its security program.
Documents served on TSA must be served to the address noted in the
Notice of Withdrawal of Approval or Withdrawal of Approval, whichever
is applicable.
(1) Certificate of service. An individual may attach a certificate
of service to a document tendered for filing. A certificate of service
must consist of a statement, dated and signed by the person filing the
document, that the document was personally delivered, served by
certified mail on a specific date, or served by express courier on a
specific date.
(2) Date of service. The date of service is--
(i) The date of personal delivery;
(ii) If served by certified mail, the mailing date shown on the
certificate of service, the date shown on the postmark if there is no
certificate of service, or other mailing date shown by other evidence
if there is no certificate of service or postmark; or
(iii) If served by express courier, the service date shown on the
certificate of service, or by other evidence if there is no certificate
of service.
(d) Extension of time. TSA may grant an extension of time to the
limits set forth in this section for good cause shown. A security
program holder's request for an extension of time must be in writing
and be received by TSA at least two days before the due date in order
to be considered. TSA may grant
[[Page 64844]]
itself an extension of time for good cause.
PART 1542--AIRPORT SECURITY
14. The authority citation for part 1542 continues to read as
follows:
Authority: 49 U.S.C. 114, 5103, 40113, 44901-44907, 44913-44914,
44916-44918, 44935-44936, 44942, 46105.
15. Amend Sec. 1542.103 by revising introductory text of
paragraphs (a) and (b), revising paragraphs (c) and (d), and adding new
paragraphs (e) and (f) to read as follows:
Subpart B--Airport Security Program
Sec. 1542.103 Content.
(a) Complete program. Except as otherwise approved by TSA, each
airport operator regularly serving operations of an aircraft operator
or foreign air carrier described in Sec. 1544.101(a)(1) or Sec.
1546.101(a) of this chapter, must adopt and carry out a complete
program, and include in its security program the following:
* * * * *
(b) Supporting program. Except as otherwise approved by TSA and
except for airports that are required to adopt a complete program under
paragraph (a) of this section, each airport regularly serving
operations of an aircraft operator or foreign air carrier described in
Sec. 1544.101(a)(2) or Sec. 1546.101(b) or (c) of this chapter, must
adopt and carry out a supporting program, and include in its security
program a description of the following:
* * * * *
(c) Partial program. Except as otherwise approved by TSA and except
for airports that are required to adopt a complete program under
paragraph (a) of this section or a supporting program under paragraph
(b) of this section, each of the following airports must adopt and
carry out a partial program, and must include in its security program
the requirements in paragraph (d) of this section.
(1) Each airport regularly serving large aircraft operations of an
aircraft operator described in Sec. 1544.101(b) with scheduled or
public charter operations.
(2) Each reliever airport as defined in 49 U.S.C. 47102(22).
(d) Partial program content. Except as otherwise approved by TSA,
each airport described in paragraph (c) of this section must include in
its security program a description of the following:
(1) Name, means of contact, duties, and training requirements of
the airport security coordinator as required under Sec. 1542.3.
(2) A description of the law enforcement support used to comply
with Sec. 1542.215(b).
(3) Training program for law enforcement personnel required under
Sec. 1542.217(c)(2), if applicable.
(4) A system for maintaining the records described in Sec.
1542.221.
(5) Procedures for the distribution, storage, and disposal of
Sensitive Security Information (which, as defined in Sec. 1520.5,
includes security programs, Security Directives, Information Circulars,
and implementing instructions), and, as appropriate, classified
information.
(6) Procedures for public advisories as specified in Sec.
1542.305.
(7) Incident management procedures used to comply with Sec.
1542.307.
(e) Provisional program. (1) An airport operator that is not
subject to paragraph (a), (b), or (c) of this section may request TSA
to review and approve its security program.
(2) TSA may approve the security program if it determines that
approval is in the interest of safety and the public using the
procedures described in Sec. 1544.105(a).
(3) The airport operator must comply with the security program
approved under this paragraph (e).
(4) An airport operator or TSA may amend an approved security
program using the procedures described in Sec. 1544.105.
(5) TSA may withdrawal approval of a security program using the
procedures described in Sec. 1540.301 if it determines that withdrawal
of approval is in the interest of safety and the public.
(f) Use of appendices. The airport operator may comply with
paragraphs (a), (b), (c), and (d) of this section by including in its
security program, as an appendix, any document that contains the
information required by paragraphs (a), (b), (c), and (d) of this
section. The appendix must be referenced in the corresponding
section(s) of the security program.
PART 1544--AIRCRAFT OPERATOR SECURITY
16. The authority citation for part 1544 continues to read as
follows:
Authority: 49 U.S.C. 114, 5103, 40113, 44901-44905, 44907,
44913-44914, 44916-44918, 44932, 44935-44936, 44942, 46105.
Subpart A--General
17. Amend Sec. 1544.1 by revising paragraph (a)(1) to read as
follows:
Sec. 1544.1 Applicability of this part.
(a) * * *
(1) The operations of aircraft operators engaged in any civil
operation in an aircraft with a maximum certificated takeoff weight of
over 12,500 pounds.
* * * * *
Subpart B--Security Program
Sec. 1544.101 [Amended]
18. Amend Sec. 1544.101 as follows:
a. Revise paragraph (a) introductory text;
b. Revise paragraph (b);
c. Remove and reserve paragraphs (c), (d), (e), and (f);
d. Revise paragraph (g) to read as follows;
e. Revise paragraph (h) introductory text; and
f. Remove paragraph (i).
The revisions read as follows:
Sec. 1544.101 Adoption and implementation.
(a) Full program. Each aircraft operator holding an operating
certificate under 14 CFR part 119 must carry out the requirements in
subparts C, D, and E of this part specified in Sec. 1544.103 (c) and
must adopt and carry out a security program that meets the requirements
of Sec. Sec. 1544.103(a), (b), and (c) for each of the following
operations:
* * * * *
(b) Large aircraft program. Each aircraft operator must carry out
the requirements in subparts C, D, and E of this part specified in
Sec. Sec. 1544.103(e) and (f) and must adopt and carry out a security
program that meets the requirements of Sec. Sec. 1544.103(a), (b),
(e), and (f) for each operation that meets all of the following:
(1) Is an aircraft with a maximum certificated takeoff weight of
over 12,500 pounds.
(2) Is in any civil operation.
(3) Is not one of the following:
(i) Operating under a full program under paragraph (a) of this
section;
(ii) Operating under a full all-cargo program under paragraph (h)
of this section;
(iii) A public aircraft as described in 49 U.S.C. 40102, provided
that the aircraft operator obtains security procedures from TSA if the
aircraft deplanes into or enplanes from a sterile area; or
(iv) A government charter under paragraph (2) of the definition of
private charter in Sec. 1540.5 of this chapter, provided that aircraft
does not deplane into or enplane from a sterile area and the government
takes security responsibility for the following:
(A) The aircraft;
(B) Persons onboard; and
(C) Property onboard.
* * * * *
(g) Limited program. Each aircraft operator that is not required to
have a
[[Page 64845]]
full program, a large aircraft program or a full all-cargo program, as
identified in paragraphs (a), (b), and (h) of this section
respectively, may request a security program from TSA. Each aircraft
operator with a limited program must carry out selected provisions of
subparts C, D, and E of this part, as provided by TSA and must adopt
and carry out the provisions of Sec. 1544.305, as specified in its
security program.
(h) Full all-cargo program. Each aircraft operator holding an
operating certificate under 14 CFR part 119 or 14 CFR part 125 must
carry out the requirements in subparts C, D, and E of this part
specified in Sec. 1544.103(d) and must adopt and carry out a security
program that meets the requirements of Sec. Sec. 1544.103(a), (b), and
(d) for each operation that is--
* * * * *
19. Amend Sec. 1544.103 by adding paragraph (a)(4), revising
paragraph (c), and adding paragraphs (d), (e), and (f) to read as
follows:
Sec. 1544.103 Form, content, and availability.
(a) * * *
(4) Includes the standard security program issued by TSA, together
with any amendments and alternate procedures approved or accepted by
TSA for the aircraft operator.
* * * * *
(c) Content of a security program for a full program aircraft
operator. The standard security program for a full program aircraft
operator described in Sec. 1544.101(a) is the Aircraft Operator
Standard Security Program (AOSSP). The security program must include
the following:
(1) Section 1544.201, Acceptance and screening of individuals and
accessible property.
(2) Section 1544.203, Acceptance and screening of checked baggage.
(3) Section 1544.205, Acceptance and screening of cargo.
(4) Section 1544.207, Inspection of individuals and property.
(5) Section 1544.209, Use of metal detection devices.
(6) Section 1544.211, Use of X-ray systems.
(7) Section 1544.213, Use of explosives detection systems.
(8) Section 1544.215, Security coordinators.
(9) Section 1544.217, Law enforcement personnel.
(10) Section 1544.219, Carriage of accessible weapons.
(11) Section 1544.221, Carriage of prisoners under the control of
armed law enforcement officers.
(12) Section 1544.223(a) through (h), Transportation of Federal Air
Marshals.
(13) Section 1544.225, Security of the aircraft and facilities.
(14) Section 1544.227, Exclusive area agreements.
(15) Section 1544.228, Access to cargo and security threat
assessments for cargo personnel in the United States.
(16) Sections 1544.229 and 1544.230, Fingerprint-based criminal
history records checks.
(17) Section 1544.231, Airport-approved and exclusive area
personnel identification systems.
(18) Sections 1544.233 and 1544.235, Security coordinators and
crewmember training and training for individuals with security-related
duties.
(19) Section 1544.237, Flight deck privileges.
(20) Section 1544.241, Regarding voluntary provision of emergency
services.
(21) Section 1544.301, Contingency plan.
(22) Section 1544.303, Bomb or air piracy threats.
(23) Section 1544.305, Security directives and information
circulars.
(d) Content of a security program for a full all-cargo program. The
standard security program for a full all-cargo aircraft operator
described in Sec. 1544.101(h) is the Full All-Cargo Aircraft Operator
Standard Security Program (FACAOSSP). The security program must include
the following:
(1) Section 1544.202, Persons and property onboard an all-cargo
aircraft.
(2) Section 1544.205, Acceptance and screening of cargo.
(3) Section 1544.207, Inspection of individuals and property.
(4) Section 1544.209, Use of metal detection devices.
(5) Section 1544.211, Use of x-ray systems.
(6) Section 1544.215, Security coordinators.
(7) Section 1544.217, Law enforcement personnel.
(8) Section 1544.219, Carriage of accessible weapons.
(9) Section 1544.223(a) through (h), Transportation of Federal Air
Marshals.
(10) Section 1544.225, Security of the aircraft and facilities.
(11) Section 1544.227, Exclusive area agreements.
(12) Section 1544.228, Access to cargo and security threat
assessments for cargo personnel in the United States.
(13) Sections 1544.229 and 1544.230, Fingerprint-based criminal
history records checks.
(14) Section 1544.231, Airport-approved and exclusive area
personnel identification systems.
(15) Sections 1544.233 and 1544.235, Security coordinators and
crewmember training and training for individuals with security-related
duties.
(16) Section 1544.237, Flight deck privileges.
(17) Section 1544.301, Contingency plan.
(18) Section 1544.303, Bomb or air piracy threats.
(19) Section 1544.305, Security directives and information
circulars.
(20) Other provisions of subpart C of this part that TSA has
approved upon request.
(21) The remaining requirements of subpart C of this part when TSA
notifies the aircraft operator in writing that a security threat exists
concerning that operation.
(e) Content of a security program for a large aircraft operator.
The standard security program for large aircraft operators described in
Sec. 1544.101(b) is the large aircraft security program (LASP). The
security program must include the following and any applicable
requirements in paragraph (f) of this section:
(1) Section 1544.206, Person and property onboard a large aircraft.
(2) Section 1544.215, Security coordinators.
(3) Section 1544.217, Law enforcement personnel.
(4) Section 1544.219, Carriage of accessible weapons.
(5) Section 1544.223(i), Transportation of Federal Air Marshals.
(6) Section 1544.225, Security of the aircraft and facilities.
(7) Sections 1544.233 and 1544.235, Security coordinators and
crewmember training.
(8) Section 1544.241, Voluntary provision of emergency services if
the large aircraft operator holds an Air Carrier Certificate under 14
CFR part 119.
(9) Section 1544.243, Third party audit.
(10) Section 1544.245, Passenger vetting for large aircraft
operators.
(11) Sections 1544.301(a) and (b), Contingency plan.
(12) Section 1544.303, Bomb or air piracy threats.
(13) Section 1544.305, Security directives and information
circulars.
(14) Part 1544, subpart G, Security threat assessment for flight
crew.
(15) Except as provided in paragraph (f)(1) of this section, an
aircraft operator must seek alternative procedures from TSA for the
screening of individuals and property for an aircraft that enplanes
from or deplanes into a sterile area.
(16) Other provisions of subparts C, D, and E of this part that TSA
has approved upon request.
[[Page 64846]]
(17) The remaining requirements of subparts C, D, and E of this
part when TSA notifies the aircraft operator that a security threat
exists concerning that operation.
(f) Additional requirements for large aircraft operators. In
addition to the requirements in paragraph (e) of this section each
aircraft operator described in Sec. 1544.101(b) must include in its
security program, the applicable requirements of this paragraph (f).
(1) Large aircraft over 45,500 kilograms (100,309.3 pounds) or with
a passenger-seating configuration of 61 or more. For large aircraft
operated for compensation or hire with a maximum certificated take-off
weight of over 45,500 kilograms (100,309.3 pounds), or a passenger-
seating configuration of 61 or more, each aircraft operator must
include in its security program the following:
(i) Section 1544.201, Acceptance and screening of individuals and
their accessible property.
(ii) Section 1544.207(c), Inspection of individuals and property.
(iii) Section 1544.223(a) through (h), Transportation of Federal
Air Marshals.
(iv) Procedures for ensuring that each of the following individuals
have successfully undergone a security threat assessment under subpart
G of this part before granting the individual authority to perform
screening functions:
(A) Individuals who screen passengers or property that will be
carried in a cabin of the aircraft.
(B) Individuals who serve as immediate supervisors or the next
supervisory level to those individuals described in paragraph
(a)(1)(iv)(A) of this section.
(2) All-Cargo operations for aircraft with an MTOW of over 12,500
pounds. A large aircraft operator in an all-cargo operation must
include the following in its security program:
(i) Section 1544.202, Persons and property onboard an all-cargo
aircraft.
(ii) Sections 1544.205(a), (b), (d), and (f), Acceptance and
screening of cargo.
20. Revise Sec. 1544.105 to read as follows:
Sec. 1544.105 Approval and amendments to the security program.
(a) Initial approval of security program. (1) Application. Unless
otherwise authorized by TSA, each aircraft operator required to have a
security program under this part must apply for a security program in a
form and a manner prescribed by TSA at least 90 days before the
intended date of operations. The application must be in writing.
(i) Each aircraft operator must include in its application the
following:
(A) The aircraft operator's business name and other names,
including ``doing business as'';
(B) Address of the aircraft operator's primary place of business or
headquarters;
(C) The aircraft operator's state of incorporation, if applicable;
and
(D) The aircraft operator's tax identification number.
(ii) Each aircraft operator under the large aircraft program as
described in Sec. 1544.101(b) must include the following in its
application:
(A) The business name and other names, including ``doing business
as.'' If the applicant holds or is applying for a FAA operating
certificate, the business name must be the same as the name on the FAA
operating certificate.
(B) The names and addresses of each proprietor, general partner,
officer, director, and owner of an aircraft identified under Sec.
1544.101(b).
(C) A signed statement from each person listed in paragraph
(a)(1)(ii) of this section stating whether he or she has been a
proprietor, general partner, officer, director, or owner of a large
aircraft that had its security program withdrawn or suspended by TSA.
(D) If the applicant holds a FAA operating certificate, the FAA
operating certificate number.
(E) If the applicant does not have a FAA operating certificate, the
type of operation under which the applicant operates, for example
operating under 14 CFR part 91.
(F) The name, title, address, phone number, and electronic mail
address of the Aircraft Operator Security Coordinator (AOSC) and any
alternates. The telephone number provided must be a number where at
least one AOSC may be reached.
(G) A statement acknowledging and ensuring that each employee and
agent of the aircraft operator, who is subject to training under Sec.
1544.233 and 235, will have successfully completed the training
outlined in its security program before performing security-related
duties.
(2) Standard security program. TSA will provide to the aircraft
operator security coordinator the appropriate standard security
program, any security directives, and amendments to the security
program and other alternative procedures that apply to the aircraft
operator. The aircraft operator may either accept the standard security
program or submit a proposed modified security program to the
designated official for approval. TSA will approve the security program
under paragraph (a)(3) of the section or issue a written notice to
modify under paragraph (a)(4) of this section.
(3) Approval. TSA will approve the security program upon
determining that--
(i) The aircraft operator has met the requirements of this part,
its security program, and any applicable Security Directives;
(ii) The aircraft operator is able and willing to carry out the
requirements of its security program;
(iii) The approval of the security program is not contrary to the
interests of security and the public interest; and
(iv) The aircraft operator has not held a security program that was
withdrawn, unless otherwise authorized by TSA.
(4) Modification. (i) If a security program does not satisfy the
requirements in paragraph (a)(3) of this section, TSA will provide the
aircraft operator written Notice to Modify the security program to
comply with the applicable requirements of this part.
(ii) The aircraft operator may either submit a modified security
program to TSA for approval, or a petition for Reconsideration of
Notice to Modify within 30 days of receipt of the Notice to modify. A
Petition for Reconsideration must be filed with the designated
official.
(iii) The designated official, upon receipt of a Petition for
Reconsideration, either amends or withdraws the Notice, or transmits
the Petition, together with any pertinent information, to the Assistant
Secretary for reconsideration. The Assistant Secretary may dispose of
the Petition within 30 days of receipt by either directing the
designated official to withdraw or amend the Notice to Modify, or by
denying the Petition and affirming the Notice to Modify.
(5) Commencement of operations. The aircraft operator may operate
under an approved security program when it meets all requirements,
including but not limited to successful completion of training and
Security Threat Assessments by relevant personnel, if applicable.
(b) Amendment requested by an aircraft operator. An aircraft
operator may submit a request to TSA to amend its security program as
follows:
(1) The request for an amendment must be filed in writing, with the
designated official at least 45 days before the date the aircraft
operator proposes for the amendment to become effective, unless a
shorter period is allowed by the designated official.
(2) Within 30 days after receiving a proposed amendment, the
designated official, in writing, either approves or denies the request
to amend.
[[Page 64847]]
(3) An amendment to an aircraft operator security program may be
approved if the designated official determines that security and the
public interest will allow it, and the proposed amendment provides the
level of security required under this part.
(4) If the proposed amendment is denied, within 30 days after
receiving a denial, the aircraft operator may petition the Assistant
Secretary to reconsider the denial. A Petition for Reconsideration must
be filed with the designated official.
(5) Upon receipt of a petition for reconsideration, the designated
official either approves the request to amend or transmits the
petition, together with any pertinent information, to the Assistant
Secretary for reconsideration. The Assistant Secretary disposes of the
petition within 30 days of receipt by either directing the designated
official to approve the amendment, or denying the Petition and
affirming the denial.
(6) Any aircraft operator may submit a group proposal for an
amendment that is on behalf of it and other aircraft operators that co-
sign the proposal.
(c) Amendment by TSA. If security and the public interest require
an amendment, TSA may amend a security program as follows:
(1) The designated official notifies the aircraft operator, in
writing, of the proposed amendment, fixing a period of not less than 30
days within which the aircraft operator may submit written information,
views, and arguments on the amendment.
(2) After considering all relevant material, the designated
official notifies the aircraft operator of any amendment adopted or
rescinds the notice. If the amendment is adopted, it becomes effective
not less than 30 days after the aircraft operator receives the notice
of amendment, unless the aircraft operator petitions the Assistant
Secretary, in writing, to reconsider no later than 15 days before the
effective date of the amendment. The aircraft operator must send the
written Petition for Reconsideration to the designated official. A
timely Petition for Reconsideration stays the effective date of the
amendment.
(3) Upon receipt of a Petition for Reconsideration, the designated
official either amends or withdraws the notice or transmits the
Petition, together with any pertinent information, to the Assistant
Secretary for reconsideration. The Assistant Secretary disposes of the
Petition within 30 days of receipt by either directing the designated
official to withdraw or amend the amendment, or by denying the Petition
and affirming the amendment.
(d) Emergency amendments. If the designated official finds that
there is an emergency requiring immediate action with respect to
security in air transportation or in air commerce that makes procedures
in this section contrary to the public interest, the designated
official may issue an emergency amendment, without the prior notice and
comment procedures in paragraph (c) of this section, effective without
stay on the date the aircraft operator receives notice of it. In such a
case, the designated official will incorporate in the notice a brief
statement of the reasons and findings for the amendment to be adopted.
The aircraft operator may file a written Petition for Reconsideration
under paragraph (c) of this section; however, this does not stay the
effective date of the Emergency Amendment.
(e) Requirement to report changes in information. Each aircraft
operator with an approved security program under this part must notify
TSA, in a form and manner approved by TSA, of any changes to the
information submitted during its initial application under paragraph
(a)(1) of this section.
(1) This notification must be submitted in writing to the
designated official not later than 30 days after the date the change
occurred.
(2) Changes included in the requirement of this paragraph include,
but are not limited to, changes in the holder of a security program's
contact information, owners, business addresses and locations, and form
of business entity.
(f) TSA may withdraw its approval of an aircraft operator's
security program under Sec. 1540.301.
21. Add new Sec. 1544.107 to subpart B to read as follows:
Sec. 1544.107 Fractional ownership of large aircraft.
(a) This section applies to aircraft operators operating aircraft
under a large aircraft program under Sec. 1544.101(b) that are under a
fractional ownership program under 14 CFR part 91, subpart K. For
operations where the owner in operational control delegates performance
of security tasks to the program manager, the security program is
considered to be held jointly by the owner and the program manager, and
the owner and the program manager are jointly and individually
responsible for compliance.
(b) A fractional program manager that manages multiple aircraft may
have one large aircraft program that applies to all its operations.
Subpart C--Operations
22. Amend Sec. 1544.201 by adding introductory text to read as
follows:
Sec. 1544.201 Acceptance and screening of individuals and accessible
property.
This section applies to each aircraft operator required to comply
with this section under 49 CFR 1544.103.
* * * * *
23. Revise Sec. 1544.202 to read as follows:
Sec. 1544.202 Persons and property onboard all-cargo aircraft.
Each aircraft operator operating under a full all-cargo program or
a large aircraft program in an all-cargo operation as described in
Sec. 1544.103(f)(2) must apply the security measures in its security
program for persons who are carried on the aircraft, and for their
property, to prevent or deter the carriage of any unauthorized persons,
and any unauthorized or accessible weapons, explosives, incendiaries,
and other destructive substances or items.
24. Amend Sec. 1544.205 by revising paragraphs (a), (b), and (d)
to read as follows:
Sec. 1544.205 Acceptance and screening of cargo.
(a) Preventing or deterring the carriage of any explosive or
incendiary. Each aircraft operator operating under a full program, a
full all-cargo program, or a large aircraft program in an all-cargo
operation as described in Sec. 1544.103(f)(2) must use the procedures,
facilities, and equipment described in its security program to prevent
or deter the carriage of any unauthorized persons, and any unauthorized
explosives, incendiaries, and other destructive devices, substances or
items in cargo onboard an aircraft.
(b) Screening and inspection of cargo. Each aircraft operator
operating under a full program or a full all-cargo program, or a large
aircraft program in an all-cargo operation, as described in Sec.
1544.103(f)(2), must ensure that cargo is screened and inspected for
any unauthorized person, and any unauthorized explosive, incendiary,
and other destructive substance or item as provided in the aircraft
operator's security program and Sec. 1544.207, and as provided in
Sec. 1544.239 for operations under a full program, before loading it
on its aircraft.
* * * * *
(d) Refusal to transport. Except as otherwise provided in its
program, each aircraft operator operating under a full
[[Page 64848]]
program, a full all-cargo program, or a large aircraft program in an
all-cargo operation as described in Sec. 1544.103(f)(2) must refuse to
transport any cargo if the shipper does not consent to a search or
inspection of that cargo in accordance with the system prescribed by
this part.
* * * * *
25. Add new Sec. 1544.206 to subpart C to read as follows:
Sec. 1544.206 Persons and property on board a large aircraft.
Each aircraft operator operating under a large aircraft program
under Sec. 1544.101(b), except for a large aircraft operator in an
all-cargo operation as described in Sec. 1544.103(f)(2), must apply
the security measures in its security program for any persons and
accessible property onboard the aircraft, including company materials
(COMAT), to prevent or deter the carriage of any unauthorized persons,
and any unauthorized or accessible weapons, explosives, incendiaries,
and other destructive devices, substances or items.
26. Revise Sec. 1544.207 to read as follows:
Sec. 1544.207 Inspection of individuals and property.
(a) Applicability of this section. This section applies to the
inspection of individuals, accessible property, checked baggage, and
cargo by each full program operator under Sec. 1544.101(a); the
inspection of individuals, accessible property and cargo by each full
all-cargo program operator under Sec. 1544.101(h); and the inspection
of individuals and accessible property by a large aircraft program
operator under Sec. 1544.103(f)(1), as required under this part.
(b) Full program aircraft operators. Each aircraft operator must
ensure that passengers and their accessible property do not board an
aircraft and that checked baggage is not loaded onto an aircraft unless
inspection is conducted as follows:
(1) Locations within the United States. The inspection of
passengers, accessible property, and checked baggage is conducted by
TSA.
(2) Locations outside the United States. (i) In non-U.S. locations
where the foreign country conducts inspection of passengers, accessible
property, and checked baggage, the aircraft operator must ensure that
the foreign country or its designee conducts such inspection. TSA may
require aircraft operators to conduct supplemental inspection
operations.
(ii) In non-U.S. locations where the foreign country does not
conduct inspection of passengers, accessible property, and/or checked
baggage, an aircraft operator must conduct any inspection not conducted
by the foreign country or must not permit non-inspected individuals on
the aircraft. The aircraft operator's personnel must be trained and
authorized to inspect individuals, accessible property, and checked
baggage, as provided in subpart E.
(3) All locations. Each aircraft operator must ensure the
inspection of all cargo prior to loading on the aircraft. The cargo
must be inspected as provided in each aircraft operator's security
program or by TSA, or by the foreign country. Where the foreign country
does not conduct inspection of cargo, the aircraft operator must
conduct the inspection or must not permit non-inspected cargo on the
aircraft.
(c) Full all-cargo aircraft operators and large aircraft operators.
Each aircraft operator must use the measures in its security program
and in subpart E of this part to inspect individuals and property.
27. Amend Sec. 1544.217 by revising the introductory text of
paragraphs (a)(2) and (b) to read as follows:
Sec. 1544.217 Law enforcement personnel.
(a) * * *
(2) For operations under a large aircraft program under Sec.
1544.101(b) or a full all-cargo program under Sec. 1544.101(h), each
aircraft operator must--
* * * * *
(b) This paragraph (b) applies to operations at airports required
to hold security programs under part 1542 of this chapter. For
operations under a large aircraft program under Sec. 1544.101(b), or a
full all-cargo program under Sec. 1544.101(h), each aircraft operator
must--
* * * * *
28. Amend Sec. 1544.219 by adding introductory text, and revising
the introductory text of paragraphs (a) and (b) to read as follows:
Sec. 1544.219 Carriage of accessible weapons.
This section applies to each aircraft operator required to comply
with this section under 49 CFR 1544.103.
(a) Flights for which screening is conducted. The provisions of
Sec. Sec. 1544.201(d) and 1544.202, with respect to accessible
weapons, do not apply to a law enforcement officer (LEO) traveling
armed aboard a flight for which screening is required, if the
requirements of this section are met.
* * * * *
(b) Flights for which screening is not conducted. The provisions of
Sec. Sec. 1544.201(d) and 1544.202, with respect to accessible
weapons, do not apply to a LEO aboard a flight for which screening is
not required if the requirements of paragraphs (a)(1), (3), and (4) of
this section are met.
* * * * *
29. Amend Sec. 1544.223 by adding introductory text and a new
paragraph (i), and revising paragraphs (b), (f), and (g) to read as
follows:
Sec. 1544.223 Transportation of Federal Air Marshals.
Each aircraft operator under the full program as described in Sec.
1544.101(a), full all-cargo program as described in Sec. 1544.101(h),
or the large aircraft program and required to comply with Sec.
1544.103(f)(1), must comply with paragraphs (a) through (h) of this
section. Each aircraft operator under the large aircraft program as
described in Sec. 1544.101(b), other than large aircraft operators
described in Sec. 1544.103(f)(1), must comply with paragraph (i) of
this section.
* * * * *
(b) Each aircraft operator must carry Federal Air Marshals, in the
number and manner specified by TSA.
* * * * *
(f) The requirements of Sec. Sec. 1544.219(a) and 1544.241 do not
apply for a Federal Air Marshal on duty status.
(g) Each aircraft operator operating under a security program
pursuant to Sec. Sec. 1544.101(a), (b) and (h), must restrict any
information concerning the presence, seating, names, and purpose of
Federal Air Marshals at any station or on any flight to those persons
with an operational need to know.
* * * * *
(i) Upon prior notification from TSA, large aircraft operators must
carry Federal Air Marshals, in the number and manner specified by TSA.
30. Amend Sec. 1544.237 by adding introductory text and revising
paragraph (b) to read as follows:
Sec. 1544.237 Flight deck privileges.
This section applies to each aircraft operator required to comply
with this section under 49 CFR 1544.103:
* * * * *
(b) This section does not restrict access for an FAA air carrier
inspector, a DOD commercial air carrier evaluator, an authorized
representative of the National Transportation Safety Board, or an Agent
of the U.S. Secret Service, under 14 CFR parts 121, 125, or 135, or a
Federal Air Marshal under this part.
31. Add new Sec. 1544.241 to subpart C to read as follows:
[[Page 64849]]
Sec. 1544.241 Voluntary provision of emergency services.
This section applies to each aircraft operator that is required to
comply with this section under 49 CFR 1544.103 and that is an air
carrier.
(a) Qualification under this section. An individual is qualified
for purposes of this section if the individual is qualified under
Federal, State, local, or tribal law, or under the law of a foreign
government, has valid standing with the licensing or employing agency
that issued the credentials, and is a scheduled, on-call, paid, or
volunteer employee, as one of the following:
(1) A law enforcement officer who is an employee or authorized by
the Federal, state, local, or tribal government or under the law of a
foreign government, with the primary purpose of the prevention,
investigation, apprehension, or detention of individuals suspected or
convicted of government offenses.
(2) A firefighter who is an employee, whether paid or a volunteer,
of a fire department of any Federal, state, local, or tribal government
who is certified as a firefighter as a condition of employment and
whose duty it is to extinguish fires, to protect life, and to protect
property.
(3) An emergency medical technician who is trained and certified to
appraise and initiate the administration of emergency care for victims
of trauma or acute illness.
(b) Exemption from liability. (1) Under 49 U.S.C. 44944(b), an
individual shall not be liable for damages in any action brought in a
Federal or State court that arises from an act or omission of the
individual in providing or attempting to provide assistance in the case
of an in-flight emergency in an aircraft of an air carrier if the
individual meets the qualifications described in paragraph (a) of this
section.
(2) Under 49 U.S.C. 44944(c), exemption described in paragraph
(b)(1) of this section shall not apply in any case in which an
individual provides, or attempts to provide, assistance in a manner
that constitutes gross negligence or willful misconduct.
(3) The exemption described in paragraph (b)(1) of this section
applies whether or not the individual has volunteered prior to
departure under the program described in paragraph (c) of this section.
(4) For purposes of this paragraph (b), the qualified individual
need not have his or her credentials present at the time of providing
or attempting to provide assistance.
(c) Program for pre-departure volunteers. Each aircraft operator
must adopt and carry out a program for qualified individuals to
volunteer, prior to departure, to be called upon by a crew member or
flight attendant to provide emergency services in the event of an in-
flight emergency. Prior to accepting an offer of voluntary emergency
services from a qualified individual prior to departure, the aircraft
operator must request and review any credential, document, and
identification offered by the individual to determine whether he or she
meets the definition of a qualified individual.
(1) The credential, document, or identification must identify the
service category and bear the individual's name, clear full-face
picture, and signature and must not have expired, except as provided in
paragraph (c)(3) of this section.
(2) If the credential does not bear an expiration date, the
qualified individual must also present an official letter identifying
current employment in the relevant service category.
(3) If the credential does not bear a full-face image of the
individual, the individual must also present a photo identification
issued by a government authority.
(4) An individual whose credential bears an expiration date that
has passed on the date of the intended flight is not considered a
qualified individual for purposes of paragraph (c) of this section.
(d) Law enforcement officers flying armed and federal air marshals.
The aircraft operator need not apply the requirements of paragraph (c)
to a law enforcement officer traveling armed pursuant to Sec. 1544.219
or to a Federal Air Marshal on duty status pursuant to Sec. Sec.
1544.219 and 1544.223.
(e) Discretion of the aircraft operator. The aircraft operator has
full discretion to request, accept, or reject a qualified individual's
offer of assistance. Nothing in this section prohibits or requires any
passenger's assistance in an emergency.
(f) Confidentiality. The aircraft operator must not provide any
individual, other than the appropriate aircraft operator personnel who
need to know, the identity or any other personal or professional
information of any qualified individual offering to provide emergency
services.
32. Add new Sec. 1544.243 to subpart C to read as follows:
Sec. 1544.243 Third party audit.
(a) Applicability. This section applies to aircraft operators
operating under a large aircraft program under Sec. 1544.101(b).
(b) General. Each aircraft operator must contract with an auditor
approved under 49 CFR part 1522 to conduct an audit of the aircraft
operator's compliance with this chapter and its security program in
accordance with this section.
(c) Timing. (1) Initial audit. Except as approved by TSA, each
aircraft operator must cause the initial audit to be conducted within
sixty days of the approval of the aircraft operator's security program
under Sec. 1544.105.
(2) Biennial audit. Each aircraft operator must cause an audit to
be conducted 24 months after the aircraft operator's most recent audit
conducted to meet the requirements in paragraph (c)(1) of this section
or this paragraph (c)(2). If the aircraft operator completes the audit
in the month before or the month after it is due, the aircraft operator
is considered to have completed the audit in the month it is due.
(d) Auditor's access. Each aircraft operator must provide the
auditor access to all records, equipment, and facilities necessary for
the auditor to conduct an audit of the aircraft operator's compliance
with this chapter and its security program.
(e) Audit report. Each aircraft operator will receive a copy of the
audit report from its auditor.
(f) Comments on audit report. Within 30 days of receiving a copy of
an audit report from the auditor, an aircraft operator may submit
written comments on the report to TSA.
33. Add new Sec. 1544.245 to subpart C to read as follows:
Sec. 1544.245 Passenger vetting for large aircraft operators.
(a) Applicability and terms used in this section. (1)
Applicability. (i) Except as provided in paragraph (a)(1)(ii) of this
section, this section applies to aircraft operators operating under a
large aircraft program described in Sec. 1544.101(b).
(ii) This section does not apply to any flight operated by a large
aircraft operator for which the large aircraft operator has submitted
advance passenger information to U.S. Custom and Border Protection
(CBP) under 19 CFR 122.49a, 122.75a, or 122.22 and has complied with
CBP's instructions. If CBP grants the pilot landing rights under 19 CFR
122.49a, 122.75a, or 122.22, the large aircraft operator may permit all
passengers for whom the aircraft operator submitted advance passenger
information to CBP to board the aircraft. If CBP identifies a passenger
as a selectee under 19 CFR 122.49a, 122.75a, or 122.22, the large
aircraft operator may permit the passenger to board the aircraft and
the large aircraft operator must comply with the
[[Page 64850]]
procedures in its security program pertaining to passengers that are
identified as selectees. If CBP identifies a passenger as ``not
cleared'' under 19 CFR 122.49a, 122.75a, or 122.22, the large aircraft
operator must not permit the passenger to board the aircraft.
(2) Terms used in this section. In addition to the terms in
Sec. Sec. 1500.3 and 1540.5 of this chapter, the following terms apply
in this section:
Continuous vetting means the process in which an individual's full
name, date of birth, gender, passport information, and Redress Number
(if available) are continuously matched against the most current watch-
list in a manner prescribed by TSA.
Passenger information means:
(1) Full name of the passenger.
(2) Date of birth of the passenger, if available.
(3) Gender of the passenger, if available.
(4) Passport information, if available.
(5) Redress Number of the passenger, if available.
Passport information means the following information from an
individual's passport:
(1) Passport number.
(2) Country of issuance.
(3) Expiration date.
(4) Gender.
(5) Full name.
Redress Number means the number assigned by DHS to an individual
processed through the redress procedures described in 49 CFR part 1560,
subpart C.
Watch-list refers to the No Fly List and Selectee List components
of the Terrorist Screening Database maintained by the Terrorist
Screening Center.
Watch-list service provider is an entity that TSA has approved
under 49 CFR part 1544, subpart F, to conduct watch-list matching for
large aircraft operators required under this section.
(b) Request for and transmission of passenger information. (1)
Passenger information list. Except as provided in paragraph (b)(2) of
this section, each aircraft operator must:
(i) Request and obtain the full name of every passenger on each
flight operated by the aircraft operator;
(ii) Request the gender, date of birth, and Redress Number for
every passenger on each flight operated by the aircraft operator;
(iii) Transmit the full name and other available passenger
information, and any available passport information, to an entity
approved to conduct watch-list matching under 49 CFR part 1544, subpart
F (``Watch-list service provider''); and
(iv) Transmit updated passenger information to its watch-list
service provider if there are revisions to the passenger's full name,
date of birth, gender, passport information, or Redress Number.
(2) Master passenger list. An aircraft operator does not need to
transmit passenger information required under paragraph (b)(1) of this
section or await boarding instructions required under paragraph (c) of
this section for individuals who satisfy all of the following:
(i) Prior to obtaining and transmitting passenger information under
paragraphs (b)(2)(ii) and (iii) of this section, the aircraft operator
must inform the individual that inclusion in the master passenger list
is voluntary, provide the individual with notice of the purpose and
procedures related to a master passenger list, and obtain from the
individual a signed, written statement affirmatively requesting that he
or she be placed on the master passenger list.
(ii) The aircraft operator has obtained the full name, gender, date
of birth, and Redress Number (if available) of the individuals.
(iii) The aircraft operator has transmitted the full name, gender,
date of birth, passport information, and Redress Number (if available)
of the individual and any updated passenger information to a watch-list
service provider and identified the individual as an individual that
should be subject to continuous vetting.
(iv) The aircraft operator ensures that the watch-list service
provider has responsibility for conducting continuous vetting of the
individual at the time that the individual boards a flight operated by
the aircraft operator.
(v) The watch-list service provider that conducts the continuous
vetting of the individual has informed the aircraft operator that the
individual is cleared to board an aircraft after the aircraft operators
transmits the initial passenger information to the watch-list service
provider. If the aircraft operator transmits updated passenger
information, the aircraft operator must wait until the watch-list
service provider informs the aircraft operator that the individual is
cleared to board an aircraft.
(vi) The watch-list service provider that conducts the continuous
vetting of the individual has not informed the aircraft operator that
the individual must be inhibited from boarding the aircraft, unless
explicitly authorized by TSA to permit boarding of the individual.
(c) Watch-list matching results. An operator must not permit a
passenger to board an aircraft until the aircraft operator's watch-list
service provider informs the aircraft operator of the results of watch-
list matching for that passenger in response to the aircraft operator's
most recent submission of passenger information for that passenger. The
aircraft operator must comply with instructions transmitted by the
watch-list service provider under this paragraph (c), unless explicitly
instructed otherwise by TSA.
(1) Cleared to board an aircraft. If the aircraft operator's
watch-list service provider instructs the aircraft operator that a
passenger is cleared, the aircraft operator may permit the passenger to
board an aircraft.
(2) Passenger identified as a selectee. If the aircraft operator's
watch-list service provider instructs the aircraft operator that a
passenger is a selectee, the aircraft operator may permit the passenger
to board an aircraft. The aircraft operator must comply with the
procedures in its security program pertaining to passengers that are
identified as selectees.
(3) Denial to board an aircraft. If the aircraft operator's watch-
list service provider instructs the aircraft operator that the
passenger must be inhibited from boarding an aircraft, the aircraft
operator must not permit the passenger to board an aircraft. If the
aircraft operator's watch-list service provider instructs the aircraft
operator to contact TSA for further resolution of the watch-list
matching results, the aircraft operator must contact TSA in accordance
with procedures set forth in its security program.
(4) Override by an aircraft operator. No aircraft operator may
override an instruction to inhibit a passenger from boarding an
aircraft, unless explicitly authorized by TSA to do so.
(5) Updated passenger information from an aircraft operator. When
an aircraft operator sends updated passenger information to its watch-
list service provider under paragraph (b)(1)(iv) of this section for a
passenger for whom the watch-list service provider has already
transmitted an instruction, all previous instructions concerning that
passenger are voided. The aircraft operator may not permit the
passenger to board an aircraft until it receives an updated instruction
concerning the passenger from its watch-list service provider. Upon
receiving an updated instruction from its watch-list service provider,
the aircraft operator must comply with the updated instruction and
disregard all previous instruction.
(d) Use of the watch-list matching results. An aircraft operator
must not use any watch-list matching results provided by the watch-list
service
[[Page 64851]]
provider or TSA for purposes other than those provided in paragraph (c)
of this section and security purposes.
34. Add new subparts F and G to part 1544 to read as follows:
Subpart F--Watch-List Service Providers
Sec.
1544.501 Scope and terms used in this subpart.
1544.503 Qualification standards for approval.
1544.505 Application.
1544.507 TSA review and approval.
1544.509 Reconsideration of disapproval of an application.
1544.511 Withdrawal of approval.
1544.513 Responsibilities of watch-list service providers.
1544.515 Security program.
Subpart F--Watch-List Service Providers
Sec. 1544.501 Scope and terms used in this subpart.
(a) This subpart applies to entities that conduct watch-list
matching for large aircraft operators under Sec. 1544.245.
(b) In addition to the terms in Sec. Sec. 1500.3 and 1540.5 of
this chapter, the following terms apply in this part:
Applicant means an entity that seeks approval from TSA to conduct
watch-list matching for large aircraft operators under Sec. 1544.245.
Covered personnel means:
(1) Employees who have access to passenger information, the watch-
list, or watch-list matching results; and
(2) Officers, principals, and program managers responsible for
access of passenger information, the watch-list, or watch-list matching
results.
Large aircraft operator means an aircraft operator described in
Sec. Sec. 1544.101(b) or 1544.107.
Passenger information means--
(1) Full name of the passenger.
(2) Date of birth of the passenger, if available.
(3) Gender of the passenger, if available.
(4) Passport information, if available.
(4) Redress Number of the passenger, if available.
Passport information means the following information from an
individual's passport:
(1) Passport number.
(2) Country of issuance.
(3) Expiration date.
(4) Gender.
(5) Full name.
Continuous vetting means the process in which an individual's full
name, date of birth, gender, passport information, and Redress Number
(if available) is continuously matched against the most current watch-
list in a manner prescribed by TSA.
Redress Number means the number assigned by DHS to an individual
processed through the redress procedures described in 49 CFR part 1560,
subpart C.
Watch-list refers to the No Fly List and Selectee List components
of the Terrorist Screening Database maintained by the Terrorist
Screening Center.
Watch-list service provider is an entity that TSA has approved
under this subpart to conduct watch-list matching for large aircraft
operators under Sec. 1544.507.
Sec. 1544.503 Qualification standards for approval.
To be considered for approval to conduct watch-list matching under
Sec. 1544.245, the applicant must satisfy all of the following
requirements.
(a) The applicant must demonstrate the capability to receive
passenger information from large aircraft operators described in Sec.
1544.101(b).
(b) The applicant must demonstrate the capability to conduct
automated watch-list matching and continuous vetting of individuals in
a system that satisfies standards set forth by TSA for the protection
of personally identifiable information and the security of the system.
(c) The applicant must demonstrate the capability to transmit
watch-list matching results to the large aircraft operator.
(d) The applicant must successfully undergo a suitability
assessment conducted by TSA including a determination that it does not
pose or is suspected of posing a threat to transportation or national
security.
(e) Every covered personnel of the applicant must successfully
undergo a security threat assessment under 49 CFR part 1544, subpart G
and have a valid Determination of No Security Threat.
(f) The applicant is incorporated within the United States. The
applicant's operations and systems for conducting watch-list matching
under this subpart must be located in the United States.
Sec. 1544.505 Application.
(a) Each applicant must submit an application in a form and manner
prescribed by TSA.
(b) An application must include the following information:
(1) The applicant's full name, business address, business phone
number, and business email address.
(2) A statement and other documentary evidence of how the applicant
meets the qualification standards set forth on Sec. 1544.503.
(3) A system security plan for its information technology system
that contains personally identifiable information collected under this
part and Sec. 1544.245 or is used to conduct watch-list matching. The
system security plan must comply with standards established by TSA.
(4) An attestation report of the attestation conducted under Sec.
1544.513(c)(1)(i).
(5) A security program that meets requirements in Sec. 1544.515.
Sec. 1544.507 TSA review and approval.
(a) Review. Upon receiving an application, TSA will review the
application including the system security plan as described in Sec.
1544.505(b)(3). TSA may conduct a site visit as part of its review
process. At its discretion, TSA may approve or disapprove the
application.
(b) Approval. If an application is approved, TSA will send the
applicant a written notice of approval. Once approved, the watch-list
service provider may perform passenger vetting in accordance with this
subpart after TSA receives an attestation report for an attestation
conducted under Sec. 1544.513(c)(1)(i) in which the independent public
accounting (IPA) firm opines that the watch-list service provider's
system is in compliance with its system security plan and TSA
standards.
(c) Disapproval. TSA will send a written notice of disapproval to
an applicant whose application is disapproved.
Sec. 1544.509 Reconsideration of disapproval of an application.
(a) Petition for reconsideration. If an application is disapproved,
the applicant may seek reconsideration of the decision by submitting a
written petition for reconsideration to the Assistant Secretary or
designee within 30 days of receiving the notice of disapproval.
(b) Review of petition. Upon review of the petition for
reconsideration, the Assistant Secretary or designee disposes of the
petition by either affirming the disapproval of the application or
approving the application. The Assistant Secretary or designee may
request additional information from the applicant prior to rendering a
decision.
Sec. 1544.511 Withdrawal of approval.
(a) Basis for withdrawal of approval. TSA may withdraw approval to
conduct watch-list matching if a watch-list service provider ceases to
meet the qualification standards for approval, fails to fulfill its
responsibilities, or in the interest of security or the public.
(b) Notice of withdrawal. (1) Except as provided in paragraph (c)
of this
[[Page 64852]]
section, TSA will provide a written notice of proposed withdrawal of
approval to the watch-list service provider.
(2) The notice of withdrawal of approval will include the basis of
the withdrawal of approval.
(3) Unless the watch-list service provider files a written petition
for reconsideration under paragraph (d) of this section, the notice of
proposed withdrawal of approval will become a final notice of
withdrawal of approval 31 days after the watch-list service provider's
receipt of the notice of proposed withdrawal of approval.
(c) Emergency notice of withdrawal of approval. (1) If TSA finds
that there is an emergency requiring immediate action with respect to a
watch-list service provider's ability to conduct watch-list matching,
TSA may withdraw approval of that watch-list service provider without
prior notice.
(2) TSA will incorporate in the emergency notice of withdrawal of
approval a brief statement of the reasons and findings for the
withdrawal of approval.
(3) The emergency notice of withdrawal of approval is effective
upon the watch-list service provider's receipt of the notice. The
watch-list service provider may file a written petition for
reconsideration under paragraph (d) of this section; however, this does
not stay the effective date of the emergency notice of withdrawal of
approval.
(d) Petition for reconsideration. A watch-list service provider may
seek reconsideration of the withdrawal of approval of approval by
submitting a written petition for reconsideration to the Assistant
Secretary or designee within 30 days of receiving the notice of
withdrawal of approval.
(e) Review of petition. Upon review of the petition for
reconsideration, the Assistant Secretary or designee disposes of the
petition by either affirming or withdrawing the withdrawal of approval.
The Assistant Secretary or designee may request additional information
from the watch-list service provider prior to rendering a decision.
Sec. 1544.513 Responsibilities of watch-list service providers.
(a) Security program. Each watch-list service provider must adopt
and carry out a security program that meets the requirements of Sec.
1544.515.
(b) System security plan. Each watch-list provider must comply with
its approved system security plan.
(c) Authorized watch-list matching. Each watch-list service
provider may only conduct watch-list matching for aircraft operators
that hold a large aircraft program, as described in Sec. 1544.101(b),
that is approved by TSA under Sec. 1544.105. Each watch-list service
provider must confirm with TSA that an aircraft operator holds an
approved large aircraft program prior to commencement of watch-list
matching for that aircraft operator.
(d) Attestation of compliance. (1) Each watch-list service provider
must contract with a qualified IPA firm to conduct an attestation of
the watch-list service provider's compliance with its system security
plan and TSA standards for systems that are used to conduct watch-list
matching as follows:
(i) An attestation must be conducted prior to commencement of
watch-list matching operations;
(ii) An attestation must be conducted 6 months after commencement
of watch-list matching operations; and
(iii) An attestation must be conducted 12 months after the watch-
list service provider's most recent attestation conducted to meet the
requirements in paragraph (c)(1)(ii) of this section or this paragraph
(c)(1)(iii). If the watch-list service provider completes the
attestation in the month before or the month after it is due, the
watch-list service provider is considered to have completed the
attestation in the month it is due.
(2) The IPA firm conducts the attestation in accordance with the
American Institute of Certified Public Accountants' (AICPA) Statement
for Standards on Attestation Engagements 10 and TSA standards;
(3) The IPA firm must prepare and submit a report, in a form and
manner prescribed by TSA, for each audit conducted under paragraph
(c)(1) of this section.
(4) An IPA firm is qualified for purposes of paragraph (c)(1) of
this section if:
(i) The selection of the IPA firm was in accordance with the
relevant AICPA guidance regarding independence; and
(ii) The IPA firm demonstrates the capability to assess information
system security and process controls. TSA reserves the right to reject
the IPA firm's attestation if, in TSA's judgment, the IPA firm is not
sufficiently qualified to perform these services.
(e) Sensitive Security Information. Each watch-list service
provider must comply with the requirements in 49 CFR part 1520
regarding the handling and protection of Sensitive Security
Information.
(f) Non-disclosure of proprietary information. Unless explicitly
authorized by TSA, each watch-list service provider may not further
release or disseminate any information that TSA or a large aircraft
operator indicates as proprietary information and provides to the
watch-list service provider.
(g) Privacy policy. Each watch-list service provider must adopt and
make public a privacy policy.
(h) TSA inspection authority. (1) Each watch-list service provider
must allow TSA, at any time or place, to make any inspections or tests,
including copying records, to determine compliance of a watch-list
service provider or a large aircraft operator with--
(i) This subpart, 49 CFR 1544.245, and part 1520 of this chapter;
and
(ii) 49 U.S.C. Subtitle VII, as amended.
(2) At the request of TSA, each watch-list service provider must
provide evidence of compliance with this subpart.
(i) Use of watch-list. Watch-list service providers may not use the
passenger information transmitted under Sec. 1544.245 and obtained
under this subpart, the watch-list, or the watch-list matching results
for any purpose other than to conduct watch-list matching under this
part in accordance with their security programs.
Sec. 1544.515 Security program.
(a) Each watch-list service provider must adopt and carry out a
security program that includes all of the following requirements:
(1) Procedures for conducting watch-list matching in a manner
prescribed by TSA.
(2) Procedures for sending instructions back to aircraft operators
based on the results of the watch-list matching.
(3) Procedures for contacting TSA for resolution of passengers that
are potential matches to the watch-list.
(4) Procedures for identifying passengers about whom a large
aircraft operator must contact TSA for resolution of a potential match
to the watch-list.
(5) Procedures for complying with its system security plan.
(6) Procedures for ensuring the physical security of the system
used to conduct watch-list matching and the space and furniture used to
receive passenger information from aircraft operators, to conduct
watch-list matching, to transmit watch-list results to aircraft
operators, and to store documents related to watch-list matching.
(7) Procedures for training covered personnel on the requirements
of this subpart.
(8) Procedures for conducting continuous vetting of individuals.
[[Page 64853]]
(9) Procedures for providing personnel that is available to TSA 24
hours a day, 7 days a week.
(10) Procedures to identify, handle, and protect Sensitive Security
Information.
(11) Procedures to maintain confidentiality of proprietary
information.
(b) A watch-list service provider or TSA may amend an approved
security program using the procedures in Sec. 1544.105.
(c) TSA may withdraw approval of a security program using
procedures in Sec. 1540.301.
Subpart G--Security Threat Assessments for Large Aircraft Flight Crew,
Applicants To Become TSA-Approved Auditors and Watch-List Service
Providers Covered Personnel
Sec.
1544.601 Scope and expiration.
1544.603 Enrollment for security threat assessments.
1544.605 Content of security threat assessment.
1544.607 Criminal history records check (CHRC).
1544.609 Other analyses.
1544.611 Final disposition.
1544.613 Withdrawal of Determination of No Security Threat.
1544.615 Appeals.
1544.617 Fees.
1544.619 Notice to employers.
Subpart G--Security Threat Assessments for Large Aircraft Flight
Crew, Applicants To Become TSA-Approved Auditors and Watch-List
Service Providers Covered Personnel
Sec. 1544.601 Scope and expiration.
(a) Scope. This subpart applies to the following individuals who
must undergo a security threat assessment:
(1) Flight crew member for aircraft operators required to hold a
large aircraft security program under Sec. 1544.101(b);
(2) Individuals authorized to perform screening functions under
Sec. 1544.103(f)(1);
(3) Applicant to become a TSA-approved auditor under Sec.
1522.203; and
(4) Watch-list service provider covered personnel under Sec.
1544.503.
(b) Expiration. A Determination of No Security Threat issued under
Sec. 1544.611(a) is valid for five years from the date that the
individual receives the determination unless TSA issues a withdrawal of
Determination of No Security Threat under Sec. 1544.613 that results
in a Final Determination of Security Threat Assessment. An individual
may renew a Determination of No Security Threat using the procedures
set forth in this subpart.
(c) Individuals who have undergone a CHRC under Sec. 1544.229 or
1544.230. Flight crew members or employees or contract employees
authorized to perform screening functions who have undergone a
fingerprint-based criminal history records check under Sec. Sec.
1544.229 or 1544.230 within five years of the effective date of this
rule are not required to undergo a security threat assessment under
this part until 5 years after the date of their notification of the
results of their criminal history records check.
Sec. Sec. 1544.603 Enrollment for security threat assessments.
(a) Except for paragraphs (a)(4) and (a)(12)-(16) of this section,
an individual who is required to undergo a security threat assessment
under this subpart must provide the following information to TSA in a
manner and time prescribed by TSA:
(1) Legal name, including first, middle, and last; any applicable
suffix; and any other name used previously.
(2) Current mailing address and residential address if it differs
from the mailing address; and the previous residential address.
(3) Date of birth.
(4) Social security number. Providing the social security number is
voluntary; however, failure to provide it will delay and may prevent
completion of the threat assessment.
(5) Gender.
(6) Height, weight, hair and eye color.
(7) City, state, and country of birth.
(8) Immigration status and date of naturalization if the individual
is a naturalized citizen of the United States.
(9) Alien registration number, if applicable.
(10) The name, telephone number, and address of the individual's
current employer(s). If the individual's current employer is the U.S.
military service, include the branch of the service.
(11) Fingerprints in a manner prescribed by TSA.
(12) Passport number, city of issuance, date of issuance, and date
of expiration. This information is voluntary and may expedite the
adjudication process for individuals who are U.S. citizens born abroad.
(13) Department of State Consular Report of Birth Abroad. This
information is voluntary and may expedite the adjudication process for
individuals who are U.S. citizens born abroad.
(14) If the individual is not a national or citizen of the United
States, the alien registration number and/or the number assigned to the
applicant on the U.S. Customs and Border Protection Arrival-Departure
Record, Form I-94. This information is voluntary and may expedite the
adjudication process for individuals who are not U.S. citizens.
(15) Whether the applicant has previously completed a TSA threat
assessment, and if so the date and program for which it was completed.
This information is voluntary and may expedite the adjudication process
for applicants who have completed a TSA security threat assessment.
(16) Whether the applicant currently holds a federal security
clearance, and if so, the date of and agency for which the clearance
was performed. This information is voluntary and may expedite the
adjudication process for applicants who have completed a federal
security threat assessment.
(b) The individual must certify and date receipt of the following
statement:
Privacy Act Statement: Authority: 49 U.S.C. 114, 40113. Purpose:
This information will be used to verify your identity and to conduct
a security threat assessment to evaluate your suitability for a
position for which this security threat assessment is required.
Furnishing this information, including your SSN, is voluntary;
however, failure to provide it will delay and may prevent the
completion of your security threat assessment. Routine Uses:
Includes disclosure to the FBI to retrieve your criminal history
record; to appropriate governmental agencies for licensing, law
enforcement, or security purposes, or in the interests of national
security; and to foreign and international governmental authorities
in accordance with law and international agreement. For further
information, see TSA 002 System of Records Notice.
(c) The individual must provide a statement, signature, and date of
signature that he or she--
(1) Was not convicted, or found not guilty by reason of insanity,
of a disqualifying criminal offense identified in Sec. 1544.229(d) in
any jurisdiction during the 10 years before the date of the
individual's application for a security threat assessment under this
subpart.
(2) Is not wanted, or under indictment, in a civilian or military
jurisdiction, for a disqualifying criminal offense identified in Sec.
1544.229(d);
(3) Has, or has not, served in the military, and if so, the branch
in which he or she served, the date of discharge, and the type of
discharge; and
(4) Has been informed that Federal regulations under 49 CFR
1544.607 impose a continuing obligation on the individual to disclose
to TSA if he or she is convicted, or found not guilty by reason of
insanity of a disqualifying crime.
[[Page 64854]]
(d) Each individual must complete and sign the application prior to
submitting his or her fingerprints.
(e) The individual must certify and date receipt of the following
statement, immediately before the signature line:
The information I have provided on this application is true,
complete, and correct, to the best of my knowledge and belief, and
is provided in good faith. I understand that a knowing and willful
false statement, or an omission of a material fact on this
application, can be punished by fine or imprisonment or both (see
section 1001 of Title 18 United States Code), and may be grounds for
denial of approval for the position or privilege for which this
security threat assessment is required.
(f) A flight crew member for a large aircraft, an individual
authorized to perform screening functions, or a watch-list service
provider covered personnel must certify the following statement in
writing:
I acknowledge that if the Transportation Security Administration
determines that I pose a security threat, my employer may be
notified.
(g) If an Enrollment Provider enrolls an individual, the Enrollment
Provider must:
(1) Verify the identity of the individual through two forms of
identification prior to fingerprinting, and ensure that the printed
name on the fingerprint application is legible. At least one of the two
forms of identification must have been issued by a government
authority, and at least one must include a photo.
(2) Advise the individual that a copy of the criminal record
received from the FBI will be provided to the individual, if requested
by the individual in writing;
(3) Identify a point of contact if the individual has questions
about the results of the CHRC; and
(4) Collect, control, and process one set of legible and
classifiable fingerprints under direct observation by the enrollment
provider or a law enforcement officer.
(5) Submit the biographic or biometric data and the application to
TSA in the manner specified by TSA.
Sec. 1544.605 Content of the security threat assessment.
The security threat assessment TSA conducts under this subpart
includes a criminal history records check, other analyses, and a final
disposition.
Sec. 1544.607 Criminal history records check (CHRC).
(a) Fingerprints and other information used. In conducting criminal
history record checks under this subpart, TSA uses fingerprints and may
use other identifying information.
(b) Submission of fingerprints to FBI/CJIS. In order to conduct a
fingerprint-based criminal history records check, TSA transmits the
fingerprints to the FBI/CJIS in accordance with the FBI/CJIS
fingerprint submission standards, receives the results from the FBI/
CJIS, and adjudicates the results of the check in accordance with this
section.
(c) Adjudication of results. (1) TSA determines that an individual
does not pose a security threat warranting denial of approval based on
a disqualifying criminal offense if the individual does not have a
disqualifying criminal offense described in Sec. 1544.229(d).
(2) An applicant who is wanted, or under indictment in any civilian
or military jurisdiction for a felony listed in this section, is
disqualified until the want or warrant is released or the indictment is
dismissed.
(d) Determination of arrest status. When a CHRC on an individual
described in this subpart discloses an arrest for any disqualifying
criminal offense listed in Sec. 1544.229(d) without indicating a
disposition, the individual must provide documentation demonstrating
that the arrest did not result in a disqualifying offense before the
individual may assume a position or perform a function for which a
criminal history records check under this Subpart is required. If the
disposition did not result in a conviction or in a finding of not
guilty by reason of insanity of one of the offenses listed in Sec.
1544.229(d), the individual is not disqualified under this section.
(e) Limits on dissemination of results. Criminal record information
provided by the FBI may be used only to carry out this section and
Sec. 1544.229. No person may disseminate the results of a CHRC to
anyone other than:
(1) The individual to whom the record pertains, or that
individual's authorized representative.
(2) Entities who are determining whether to grant the individual a
position or function for which the criminal history records check in
this subpart is required.
(3) Others designated by TSA.
(f) Correction of FBI records and notification of disqualification.
(1) Before making a final decision to deny a position or privilege to
an individual required to undergo a criminal history records check
prescribed by this section, TSA will serve an Initial Determination of
Threat Assessment and advise him or her that the FBI criminal record
discloses information that would disqualify him or her from the
position or privilege and will provide the individual a copy of the FBI
record if he or she requests it.
(2) The individual may contact the local jurisdiction responsible
for the information and the FBI to complete or correct the information
contained in his or her record, subject to the following conditions--
(i) Within 30 days after being advised that the criminal record
received from the FBI discloses a disqualifying criminal offense, the
individual must notify TSA of his or her intent to correct any
information he or she believes to be inaccurate.
(ii) If no notification, as described in paragraph (f)(3)(1) of
this section, is received within 30 days, TSA will make a final
determination to deny the individual the position or privilege.
(g) Continuing obligations to disclose. An individual who received
a Determination of No Security Threat under this subpart must disclose
to TSA or to another entity identified by TSA within 24 hours if he or
she is convicted of any disqualifying criminal offense that occurs
while he or she is has a Determination of No Security Threat that has
not expired.
Sec. 1544.609 Other analyses.
To conduct other analyses, TSA completes the following procedures:
(a) Reviews the individual information required in 49 CFR 1544.603.
(b) TSA may search domestic and international Government databases
to determine if an individual meets the requirements of 49 CFR 1572.107
or to confirm an individual's identity. TSA may determine that an
applicant poses a security threat based on a search of the following
databases:
(1) Interpol and other international databases, as appropriate.
(2) Terrorist watch-lists and related databases.
(3) Any other databases relevant to determining whether an
applicant poses, or is suspected of posing, a security threat, or that
confirm an applicant's identity.
Sec. 1544.611 Final disposition.
Following completion of the procedures described in Sec. Sec.
1544.607 and 1544.609, the following procedures apply, as appropriate:
(a) TSA serves a Determination of No Security Threat to the
individual if TSA determines that an individual meets the security
threat assessment standards described in Sec. Sec. 1544.607 and
1544.609.
(b) TSA serves an Initial Determination of Threat Assessment on the
individual if TSA determines that the individual does not meet the
[[Page 64855]]
security threat assessment standards described in Sec. Sec. 1544.607
and 1544.609. The Initial Determination of Threat Assessment includes--
(1) A statement that TSA has determined that the individual poses
or is suspected of posing a security threat warranting disapproval of
the application to assume a position or perform a function for which a
security threat assessment under this subpart is required;
(2) The basis for the determination;
(3) Information about how the individual may appeal the
determination, as described in Sec. 1544.615; and
(4) A statement that if the individual chooses not to appeal TSA's
determination within 30 days after receipt of the Initial
Determination, or does not request an extension of time within 30 days
after receipt of the Initial Determination in order to file an appeal,
the Initial Determination becomes a Final Determination of Threat
Assessment.
(5) TSA serves a Withdrawal of the Initial Determination of Threat
Assessment or a Withdrawal of Final Determination of Threat Assessment
on the individual, if the appeal results in a finding that the
individual does not pose a threat to security.
Sec. 1544.613 Withdrawal of Determination of No Security Threat.
(a) TSA may withdraw a Determination of No Security Threat issued
under Sec. 1544.611(a) at any time it determines that a flight crew
member, an individual authorized to perform screening functions, a TSA-
approved auditor, or a watch-list service provider poses or is
suspected of posing a security threat warranting withdrawal of the
Determination of No Security Threat.
(b) TSA serves withdrawal of the Determination of No Security
Threat on the individual if TSA determines that the individual does not
meet the security threat assessment standards described in Sec. Sec.
1544.607 and 1544.609. The withdrawal of the Determination of No
Security Threat includes--
(1) A statement that TSA has determined that the individual poses
or is suspected of posing a security threat warranting disapproval of
the application to assume a position or perform a function for which a
security threat assessment under this subpart is required;
(2) The basis for the determination;
(3) Information about how the individual may appeal the
determination, as described in Sec. 1544.615; and
(4) A statement that if the individual chooses not to appeal TSA's
Initial Determination within 30 days after receipt of the withdrawal of
the Determination of No Security Threat, or does not request an
extension of time within 30 days after receipt of the withdrawal of the
Determination of No Security Threat in order to file an appeal, the
withdrawal of the Determination of No Security Threat becomes a Final
Determination of Threat Assessment.
(5) TSA serves a Final Determination of Threat Assessment on the
individual, if the appeal results in a finding that the individual does
not pose a threat to security.
Sec. 1544.615 Appeals.
If the individual appeals the Initial Determination of Threat
Assessment or a withdrawal of the Determination of No Security Threat,
the procedures in 49 CFR part 1515 apply.
Sec. 1544.617 Fees.
(a) Individuals required to undergo a security threat assessment
must pay the Security Threat Assessment fee of $56.75 and the cost for
the FBI to process fingerprint identification records under Public Law
101-515.
(b) The Security Threat Assessment fee described in paragraph (a)
of this section may be adjusted annually on or after October 1, 2007,
by publication of an inflation adjustment. A final rule in the Federal
Register will announce the inflation adjustment. The adjustment shall
be a composite of the Federal civilian pay raise assumption and non-pay
inflation factor for that fiscal year issued by the Office of
Management and Budget for agency use in implementing OMB Circular A-76,
weighted by the pay and non-pay proportions of total funding for that
fiscal year. If Congress enacts a different Federal civilian pay raise
percentage than the percentage issued by OMB for Circular A-76, the
Department of Homeland Security may adjust the fees to reflect the
enacted level.
(c) If the FBI amends its fee to process fingerprint identification
records under Public Law 101-515, TSA or its agent will collect the
amended fee.
(d) When an individual submits the enrollment information, as
required under 1544.603, to obtain or renew a security threat
assessment, the fee must be remitted to TSA or its approved agent in a
form and manner approved by TSA.
(e) TSA will not issue any refunds of fees required under this
section.
(f) Information about payment options is available though the
designated TSA headquarters point of contact. Individual personal
checks are not acceptable.
Sec. 1544.619 Notice to employers.
(a) If the individual is a large aircraft flight crew member, an
individual authorized to perform screening functions, or a watch-list
service provider covered personnel, TSA will notify the individual's
employer that it has served a Determination of No Security Threat, a
Final Determination of Threat Assessment, or a Withdrawal of Final
Determination of Threat Assessment, as applicable, to the individual.
(b) Each employer must retain a copy of the notification described
in paragraph (a) of this section for five years.
PART 1550--AIRCRAFT SECURITY UNDER GENERAL OPERATING AND FLIGHT
RULES
35. The authority citation for part 1550 continues to read as
follows:
Authority: 49 U.S.C. 114, 5103, 40113, 44901-44907, 44913-44914,
44916-44918, 44935-44936, 44942, 46105.
36. Amend Sec. 1550.5 by revising paragraph (a), and removing and
reserving paragraph (d) to read as follows:
Sec. 1550.5 Operations using a sterile area.
(a) Applicability of this section. This section applies to all
aircraft operations in which passengers, crewmembers, or other
individuals are enplaned from or deplaned into a sterile area, except
for aircraft operators that have a security program accepted or
approved under part 1544 or 1546 of this chapter.
* * * * *
(d) [Reserved]
* * * * *
37. Amend Sec. 1550.7 by revising paragraph (a) to read as
follows:
Sec. 1550.7 Operations in aircraft over 12,500 pounds.
(a) Applicability of this section. This section applies to each
aircraft operation conducted in an aircraft with a maximum certificated
takeoff weight of over 12,500 pounds except for those operations
specified in Sec. 1550.5 and those operations conducted under a
security program under part 1544 or 1546 of this chapter.
* * * * *
Issued in Arlington, Virginia, on October 2, 2008.
Kip Hawley,
Assistant Secretary.
[FR Doc. E8-23685 Filed 10-29-08; 8:45 am]
BILLING CODE 4910-52-P