Site loading image

Regulatory Update

CFATS Program Expires but Reauthorization Anticipated this Fall

Larry Fitzgerald & Sarah Fuller | September 6, 2023

On July 28, 2023, the authorization for the Department of Homeland Security’s (DHS’s) Chemical Facility Anti-Terrorism Standards (CFATS) program, as codified in Title 6 of the Code of Federal Regulations Part 27 (6 CFR 27) was allowed to expire.

This means that facilities are not required to report their chemicals of interest (COI) or submit any information in DHS’s Chemical Security Assessment Tool (CSAT) and high-risk facilities are not required to perform inspections, provide CFATS compliance assistance, or otherwise meet the DHS Cybersecurity and Infrastructure Security Agency (CISA) requirements for this program.

Additionally, the authorization’s expiration means CISA can no longer require facilities to implement the Site Security Plan or Alternative Security Program, which are required by CFATS.

At TRC, we fully expect that CFATS will be reauthorized in the fall, but do not know when exactly this will happen. Our opinion is based on the following:

  • The House of Representatives passed a bill to reauthorize CFATS for three more years with overwhelming support on July 22, 2023.
  • Although there is also overwhelming support in the Senate, the reauthorization bill was not brought up for a vote before the July 28th expiration date.
  • The American Chemistry Council (ACC), National Association of Chemical Distributors (NACD), and other industry trade groups support CFATS reauthorization and are urging their members to contact their senators to get CFATS reauthorized.
  • The ACC stated “[t]he country lost an important tool in the fight against terrorism when the CFATS program was allowed to expire on July 27, 2023 . . . Congress must act quickly to reinstate CFATS to restore protections for chemical facilities, workers and communities across the country.”
  • The NACD stated “CFATS is one of the most successful chemical security programs in existence and helps high-risk chemical facilities protect against terrorist attacks.”
  • To not reauthorize CFATS is to leave the door open to those individuals and groups that would exploit this gap in the protection of critical infrastructure and to compromise national security.

Until Congress reauthorizes CFATS, TRC recommends that firms continue to follow CISA’s requests:

  • Facilities that have been tiered as high-risk chemical facilities should continue implementing and managing their security programs as they were doing; and
  • Any new facility meeting the criteria for the COI they handle should be ready to comply with the regulations (e.g., be ready to obtain CVI training, register on CSAT and submit the Top Screen Security Survey for their facility via CSAT).

Next Steps: TRC Can Help

It is important to keep up to date with your compliance program to avoid adverse impacts when CFATS is reauthorized. In addition to following regulatory developments, TRC can help you protect your facilities and operations with guidance on best approaches for securing your chemicals of interest. CFATS is a performance-based program and there are multiple security strategies that should be considered to find the optimum one for your facility.

Our team can also support the development various CFATS compliance documents from Top Screen, SVA/SSPs, Compliance Checklists and Security and Emergency Management Plans. We develop security designs and standards, support Authorization Inspections and other compliance activities; develop and deliver customized security training modules specific to your team and facility; develop standard operating procedures and policies to protect chemicals and to comply with CFATS (including personal surety/background checks, inventory controls, etc.); and general security support.

If you have any questions about CFATS and/or its reauthorization, or you need assistance securing your facilities and your people, please do not hesitate to contact one of the following TRC security professionals:

Larry Fitzgerald

Larry Fitzgerald, CPTED, PSP, CPP leads TRC’s national Security and Emergency Management Practice, where he has supported security many different types of Critical Infrastructure, including dozens of utilities. He has assessed security, developed security master plans, security designs, developed policies, provided training, and overall security consulting/strategy for clients nationwide. Contact Larry at

Sarah P. Fuller

Sarah P. Fuller, M.A., CPTED, BPATS, is an Emergency and Security Planner with TRC’s Security and Emergency Management Services team. She specializes in threat and vulnerability assessments for utilities, state and local governments, and educational facilities, as well as emergency management (plans, exercises, etc.) and crisis communications across multiple sectors. She has managed and supported security and emergency management projects for utility clients across the country. Contact Sarah at

Looking for effective solutions to your problems?

Turn to the experts at TRC.

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Read our Privacy Policy.