12 November 2004 Source: http://www.access.gpo.gov/su_docs/aces/fr-cont.html ----------------------------------------------------------------------- [Federal Register: November 10, 2004 (Volume 69, Number 217)] [Proposed Rules] [Page 65257-65291] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr10no04-34] [[Page 65257]] ----------------------------------------------------------------------- Part II Department of Homeland Security ----------------------------------------------------------------------- Transportation Security Administration ----------------------------------------------------------------------- 49 CFR Part 1540 et al. Air Cargo Security Requirements; Proposed Rule [[Page 65258]] ----------------------------------------------------------------------- DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration 49 CFR Parts 1540, 1542, 1544, 1546 and 1548 [Docket No. TSA-2004-19515] RIN 1652-AA23 Air Cargo Security Requirements AGENCY: Transportation Security Administration (TSA), Department of Homeland Security (DHS). ACTION: Notice of proposed rulemaking (NPRM). ----------------------------------------------------------------------- SUMMARY: The Transportation Security Administration (TSA), an agency within the Department of Homeland Security's Border and Transportation Security Directorate, proposes to amend current transportation security regulations to enhance and improve the security of air cargo transportation. The Aviation and Transportation Security Act directed TSA to implement measures to enhance the security of air cargo transported in both passenger and all-cargo aircraft. In discharging this responsibility, TSA conducted analyses of internal and external threats, risk and vulnerability assessments, and security measures already in place. This proposed rulemaking would require the adoption of security measures throughout the air cargo supply chain; these security measures will be applicable to airport operators, aircraft operators, foreign air carriers, and indirect air carriers. These proposed regulatory requirements would impose significant barriers to terrorists seeking to use the air cargo transportation system for malicious purposes. This proposal would also change the applicability of the requirement for a ``twelve-five'' security program from aircraft with a maximum certificated takeoff weight ``of 12,500 pounds or more'' to those with a maximum certificated takeoff weight of ``more than 12,500 pounds.'' This change would conform the regulation to recent legislation. DATES: Send your comments on or before January 10, 2005. ADDRESSES: You may submit comments, identified by the TSA docket number, to this rulemaking using any one of the following methods: Comments Filed Electronically: You may submit comments through the docket Web site at http://dms.dot.gov. Please be aware that anyone is able to search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). You may review the applicable Privacy Act Statement published in the Federal Register on April 11, 2000 (65 FR 19477), or you may visit http://dms.dot.gov. You also may submit comments through the Federal eRulemaking portal at http://www.regulations.gov. Comments Submitted by Mail, Fax, or In Person: Address or deliver your written, signed comments to the Docket Management System, U.S. Department of Transportation, Room Plaza 401, 400 Seventh Street, SW., Washington, DC 20590-0001; Fax: 202-493-2251. Comments that include trade secrets, confidential commercial or financial information, or sensitive security information (SSI) should not be submitted to the public regulatory docket. Please submit such comments separately from other comments on the proposed rule. Comments containing trade secrets, confidential commercial or financial information, or SSI should be appropriately marked as containing such information and submitted by mail to the individual listed in FOR FURTHER INFORMATION CONTACT. Reviewing Comments in the Docket: You may review the public docket containing comments in person in the Dockets Office between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The Dockets Office is located on the plaza level of the NASSIF Building at the Department of Transportation address above. Also, you may review public dockets on the Internet at http://dms.dot.gov. See SUPPLEMENTARY INFORMATION for format and other information about comment submissions. FOR FURTHER INFORMATION CONTACT: Tamika McCree, Transportation Security Administration, Office of Transportation Security Policy (TSA-9), 601 South 12th Street, Arlington, Virginia, 22202, (571-227-2632), tamika.mccree@dhs.gov. SUPPLEMENTARY INFORMATION: Comments Invited The TSA invites interested persons to participate in this rulemaking by submitting written comments, data, or views. We also invite comments relating to the economic, environmental, energy, or federalism impacts that might result from adopting the proposals in this document. See ADDRESSES above for information on where to submit comments. With each comment, please include your name and address, identify the docket number at the beginning of your comments, and give the reason for each comment. The most helpful comments reference a specific portion of the proposal, explain the reason for any recommended change, and include supporting data. You may submit comments and material electronically, in person, or by mail as provided under ADDRESSES, but please submit your comments and material by only one means. If you submit comments by mail or delivery, submit them in two copies, in an unbound format, no larger than 8.5 by 11 inches, suitable for copying and electronic filing. If you want TSA to acknowledge receipt of your comments on this rulemaking, include with your comments a self-addressed, stamped postcard on which the docket number appears. We will stamp the date on the postcard and mail it to you. Except for comments containing confidential information and SSI, we will file in the public docket all comments we receive, as well as a report summarizing each substantive public contact with TSA personnel concerning this rulemaking. The docket is available for public inspection before and after the comment closing date. We will consider all comments we receive on or before the closing date for comments. We will consider comments filed late to the extent practicable. We may change this rulemaking in light of the comments we receive. Availability of Rulemaking Documents You can get an electronic copy using the Internet by-- (1) Searching the Department of Transportation's electronic Docket Management System (DMS) web page (http://dms.dot.gov/search); (2) Accessing the Government Printing Office's web page at http://www.access.gpo.gov/su_docs/aces/aces140.html ; or (3) Visiting the TSA's Law and Policy web page at http://www.tsa.dot.gov/public/index.jsp . In addition, copies are available by writing or calling the individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to identify the docket number of this rulemaking. Abbreviations and Terms Used in This Document ACSSP--Air Carrier Standard Security Program ASAC--Aviation Security Advisory Committee ATSA--Aviation and Transportation Security Act CBP--U.S. Customs and Border Protection [[Page 65259]] C-TPAT--Customs-Trade Partnership Against Terrorism DHS--Department of Homeland Security DOT--Department of Transportation DSIP--Domestic Security Integration Program EA--Emergency Amendment FAA--Federal Aviation Administration IAC--Indirect Air Carrier IACSSP--Indirect Air Carrier Standard Security Program IC--Information Circular SD--Security Directive SIDA--Security Identification Display Area SSI--Sensitive Security Information TSA--Transportation Security Administration Outline of Notice of Proposed Rulemaking: I. Background II. Efforts Leading to the Development of This NPRM A. The Aviation Security Advisory Committee B. Air Cargo Security Strategic Plan C. TSA-CBP Air Cargo Coordination III. Summary of the Rulemaking A. Who is affected by this NPRM? B. Why is this regulatory change necessary? C. How did TSA enhance cargo security after September 11, 2001? D. What would this proposed rulemaking do to strengthen the current air cargo security regulatory regime? E. How will TSA enforce compliance? F. Did TSA invite recommended changes? G. Were other solutions considered and why were these proposals chosen over others? IV. Summary of Proposed Amendments A. Current regulation of aircraft operators and foreign air carriers B. Security Threat Assessments for Air Cargo Workers C. Security Measures for Persons Boarding an All-cargo Aircraft D. Screening Cargo E. Securing the Cargo Operating Environment F. Accepting Cargo from Comparable Entities G. Known Shipper Program H. Establish All-Cargo Operator Standard Security Program I. Strengthen Foreign Aircraft Operator Security Measures J. Enhancing Existing Requirements for IACs K. Establishing New Training and Personnel Requirements V. Section-by-Section Analysis of Proposed Changes VI. Compliance Schedule VII. Fee Authority for the Security Threat Assessment VIII. Regulatory Evaluation Summary IX. The Proposed Amendment X. International Trade Impact Assessment XI. Unfunded Mandates Reform Act Analysis XII. Paperwork Reduction Act XIII. International Compatibility XIV. Executive Order 13132, Federalism XV. Environmental Analysis XVI. Energy Impact I. Background On September 11, 2001, terrorist attacks against the United States resulted in unprecedented human casualties and property damage. In response to those attacks, Congress passed the Aviation and Transportation Security Act (ATSA), which established the Transportation Security Administration. TSA was created as an agency within the Department of Transportation (DOT), operating under the direction of the Under Secretary of Transportation for Security. On March 1, 2003, TSA was transferred to the Department of Homeland Security (DHS);\1\ the office formerly designated DOT Under Secretary for Transportation Security is now Administrator of TSA. TSA continues to have the statutory authority and responsibility that ATSA granted to the Administrator with respect to security in all modes of transportation.\2\ In ATSA, Congress set forth the following specific requirements for TSA in the area of air cargo security: --------------------------------------------------------------------------- \1\ Homeland Security Act, Pub. L. 107-296 (Nov. 25, 2002). \2\ 49 U.S.C. 114(d). --------------------------------------------------------------------------- Provide for screening of all property, cargo, carry-on and checked baggage, and other articles, that will be carried aboard a passenger aircraft operated by an air carrier or foreign air carrier; \3\ and --------------------------------------------------------------------------- \3\ 49 U.S.C. 44901(a) --------------------------------------------------------------------------- Establish a system to screen, inspect, or otherwise ensure the security of freight that is to be transported in all-cargo aircraft as soon as practicable.\4\ --------------------------------------------------------------------------- \4\ 49 U.S.C. 44901(f) --------------------------------------------------------------------------- TSA has addressed air cargo security through the issuance of regulations, Security Directives (SDs), and Emergency Amendments (EAs) to security programs. All cargo loaded on passenger aircraft is subject to security requirements through TSA's known shipper program, which prohibits operators of passenger aircraft from transporting any cargo from shippers that are unknown.\5\ Notably, in 49 U.S.C. section 44901(a), Congress expressly provided that the known shipper program is a form of screening that need not be carried out by a Federal government employee, unlike most screening of persons and property that is loaded on a passenger aircraft. Thus, aircraft operators carry out screening using the known shipper program. --------------------------------------------------------------------------- \5\ See discussion on Known Shipper Program at IV.G. --------------------------------------------------------------------------- The known shipper program has been substantially strengthened since September 11, 2001, and additional security measures have been implemented over the last two years. TSA prohibits aircraft operators in passenger operations under full programs \6\ from transporting cargo unless a Known Shipper ships it. Entities may qualify for Known Shipper status if they meet certain security requirements. This proposed rule would codify the known shipper program as well as provide enhancements to the existing structure to strengthen the program further. --------------------------------------------------------------------------- \6\ See discussion of aircraft operator security programs in IV. of this preamble. --------------------------------------------------------------------------- This proposed rule also includes other elements to improve security of air cargo carried on passenger aircraft. With respect to all-cargo aircraft, this proposed rule would enhance security significantly by requiring the adoption of a number of measures by airports, aircraft operators, and indirect air carriers (IACs), sometimes known as air freight forwarders. Following the acts of terrorism on September 11, the Federal Aviation Administration (FAA) and then the Transportation Security Administration (TSA) took steps to amend security regulations governing aviation security, including the acceptance and handling of air cargo. While other agencies, including FAA, regulate safety considerations in the transportation of cargo and U.S. Customs and Border Protection (CBP) regulates the entry of cargo into the United States, TSA is solely responsible for the security of shipments of air cargo. The requirements outlined in this proposed rule, including those presently implemented by security directives, would comprehensively enhance the security of air cargo. These proposals would fill gaps in existing air cargo security regulations to mitigate the threat of terrorism to this vital industry. Section IV of this NPRM specifically addresses each of the changes made to 49 CFR parts 1540-1548 and discusses how those changes will improve air cargo security. The major objectives of the program are to prevent passenger and large all-cargo aircraft from being used as weapons and to prevent unauthorized explosives from being carried aboard, and potentially detonated, during flight. In summary, DHS is proposing to establish a Standard Security Program for all-cargo aircraft operators utilizing aircraft with a take-off weight of over 45,500 kg. These carriers currently are not covered by the requirement in section [[Page 65260]] 1544.101(a) as they relate to the cargo provisions of section 1544.205 because they do not carry passengers. Instead, these all-cargo operators typically follow provisions of 1544.101(d) and (e), which are intended to govern the operations of much smaller aircraft. The current rules for cargo carried on certain passenger aircraft, and for other all-cargo operations under the existing Twelve-Five Standard Security Program, would be enhanced. DHS also proposes to extend security threat assessments, or focused background checks, to air cargo industry workers who handle air cargo but do not operate within a secure area. Currently, these workers are not screened, leaving the possibility that they could introduce weapons, explosives, or individuals into the air cargo system. For similar reasons, we also propose to extend Secure Identification Display Area requirements at airports that have these areas under Sec. 1544.205 to cargo operation areas not covered by the current language of this regulation. We also seek to ensure persons traveling on all-cargo aircraft are screened to ensure they do not pose a threat to the aircraft. Finally the draft regulation would bolster the requirements imposed on indirect air carriers in recognition of the fact that vulnerabilities within their operations could lead to the introduction of weapons, explosives, or individuals who may jeopardize the security of aircraft. None of these measures is currently covered under existing TSA or other agency regulations. CBP has issued regulations governing international air cargo, but the CBP regulations have a different purpose than these proposed regulations. As a result, there is no redundancy in the two programs. Internationally, CBP requires aircraft operators to report cargo manifest data in advance of arrival into the United States under 19 CFR 4.7-7a. This requirement, however, may be fulfilled at the time the aircraft is already flying to the United States, when it may be too late to prevent an incident that would destroy the aircraft and potential ground-level targets. TSA and CBP are currently engaged in efforts to leverage their respective regulatory programs to further militate against an act of terrorism through air cargo. While CBP also has other security-focused regulations, the CBP mission and statutory authority concentrates on preventing the entry of high-risk goods from entering the United States upon arrival at the border. These CBP regulations do not govern the security requirements that air carriers must implement in order to prevent the introduction of explosives or operatives as cargo moves through the supply chain and onto aircraft for flight. TSA regulations and proposed amendments address this different security threat. II. Efforts Leading to the Development of This NPRM This NPRM is the result of more than a year of industry consultation, strategic planning and interagency coordination by TSA and DHS. The foundation of the policy changes recommended here are TSA's consultations with industry through its Aviation Security Advisory Committee (ASAC), the development of the DHS/TSA Air Cargo Strategic Plan, and coordination within the Department of Homeland Security. A. The Aviation Security Advisory Committee The Aviation Security Advisory Committee, a standing committee organized under the Federal Advisory Committee Act, was created in 1989, in the wake of the crash of Pan Am 103 over Lockerbie, Scotland, to provide the federal government with expert consultation on aviation security issues. Previously managed by the FAA, ASAC is now managed by TSA. ASAC is composed of 27 organizations with a stake in securing the aviation sector; members include groups representing victims and survivors of terrorist acts, freight forwarders, aircraft owners, airports, aircraft manufacturers, representatives of passenger and cargo airline management and labor, and representatives of key federal government agencies. In April 2003, ASAC established three Air Cargo Security working groups: Shipper Acceptance Procedures (which focused on known shipper and other screening protocols), Indirect Air Carrier Security and Compliance, and Securing the All-Cargo Aircraft. ASAC working group members consisted of representatives from the following organizations and agencies, listed alphabetically: Air Courier Conference of America; Air Forwarders Association; Air France; Air Line Pilots Association; Air Transport Association; Airport Law Enforcement Action Network; Airports Council International--North America; Allied Pilots Association; American Association of Airport Executives; American Trucking Association; Association of Flight Attendants; Aviation Consumer Action Project; British Airways; Cargo Airline Association; Coalition of Airline Pilots Association; Federal Aviation Administration; Federal Bureau of Investigation; International Air Transport Association; Lufthansa; National Air Carrier Association; National Customs Brokers and Forwarders Association of America; National Industrial Transportation League; Regional Airline Association; Transportation Intermediaries Association; U.S. Customs and Border Protection; U.S. Department of Transportation--Office of the Secretary; U.S. Department of State; U.S. Postal Service; and Victims of Pan Am Flight 103. On October 1, 2003, ASAC presented TSA with its final report on air cargo security, which included 42 recommendations covering 22 topical areas.\7\ The working group's recommendations included strengthening the known shipper program by improving technology links between aircraft operators and the federal government, leveraging new technology to create a more layered cargo security approach, augmenting requirements to achieve known shipper status, strengthening the Indirect Air Carrier Standard Security Program (IACSSP) and securing the all-cargo aircraft operating area. The recommendations from the consensus report are reflected throughout this NPRM. --------------------------------------------------------------------------- \7\ the ASAC report is protected at Sensitive Security Information under 49 CFR part 1520. --------------------------------------------------------------------------- B. Air Cargo Security Strategic Plan While the ASAC working groups were completing their independent assessments of air cargo security, TSA was developing an extensive strategic plan for securing air cargo (Air Cargo Strategic Plan). The Air Cargo Strategic Plan, which was completed in November 2003, and approved by the Department of Homeland Security in January 2004, evaluated TSA's and others' analyses of air cargo security, including the ASAC report. Based on these evaluations, the Air Cargo Strategic Plan details a threat-based, risk-managed program for securing the air cargo transportation system. The Air Cargo Strategic Plan contains a vision to ensure that TSA has adequately considered the security of air cargo operations. It identifies priority actions based on risk, cost, deadlines, performance, research and technology initiatives, and coordinated stakeholder outreach efforts. The Air Cargo Strategic Plan focuses on a multi-layered approach to security. The Air Cargo Strategic Plan contains sensitive security information (SSI); therefore, its contents cannot be [[Page 65261]] disclosed to the public.\8\ In summary, it prescribes TSA's mission in the area of air cargo: providing the most effective security program possible while maintaining effective stewardship of resources and not unduly impeding the flow of commerce. The plan is multimodal, ensures that TSA has adequately considered the expanse of the air cargo security domain, and details a program for denying terrorists the opportunity to exploit that system. It identifies priority actions based on risk, cost, deadlines, performance, research and technology initiatives, and coordinated stakeholder outreach efforts in four strategic components: enhancing shipper and supply chain security, identifying elevated risk cargo through prescreening, identifying technology for performing targeted air cargo inspections, and securing all-cargo aircraft through appropriate facility security measures. --------------------------------------------------------------------------- \8\ SSI is information obtained or developed in the conduct of security activities, including research and development, the disclosure of which TSA has determined would: constitute an unwarranted invasion of privacy; reveal trade secrets or privileged or confidential information obtained from any person; or be detrimental to transportation security. 49 CFR 1520.5(a)(1-3); 69 FR 28066, 28082-28083 (May 18, 2004). --------------------------------------------------------------------------- This NPRM proposes to implement many of the provisions of the Air Cargo Strategic Plan and ensures that the appropriate regulatory framework exists for additional measures that are not regulatory in nature. In addition to regulatory changes, aspects of the Air Cargo Strategic Plan will be implemented through security program updates, SDs and EAs, research and development programs, and public-private cooperative endeavors. C. TSA-CBP Air Cargo Coordination Since its establishment in November 2002 by the Homeland Security Act of 2002 (Pub. L. 107-296), the Department of Homeland Security has had, as one of its central tenets, the goals to reduce redundancy and improve effectiveness. This priority has particularly been the case in the area of air cargo security. Shortly after their transfer to the DHS, TSA and the U.S. Customs and Border Protection (formerly, the United States Customs Service) initiated an interagency program to leverage resources, eliminate unnecessary duplication and ensure compatibility between their respective air cargo security programs. The goal of this endeavor is to ensure that DHS has a comprehensive, coordinated policy for securing air cargo entering, transiting within and departing the United States. This NPRM complements CBP's programs, including the following primary coordination areas: the TSA known shipper program in conjunction with Customs-Trade Partnership Against Terrorism (C-TPAT); targeting, risk assessment, and compliance measurement; technology research and development; and explosives detection canine programs. This interagency coordination is instrumental to the implementation of TSA's layered approach to air cargo security and to many of the systems and processes that will support the regulatory changes proposed in this NPRM, and coincides with a Congressional mandate in the conference report accompanying the DHS appropriations act (H.R. Conf. Report No. 108-280 (2004) (``Air Cargo Report'')) that directed TSA to consider testing the expansion of C-TPAT to the domestic air cargo supply chain. III. Summary of This Rulemaking As explained further in section IV, this NPRM would enhance aviation cargo security significantly by requiring a number of measures. The NPRM would create a mandatory security program for all- cargo aircraft operations over 45,500 kg (100,309.3 pounds) and would amend existing security regulations and programs for other aircraft operators, foreign air carriers, airport operators, and IACs. The current rules for cargo carried on certain passenger aircraft, and for all-cargo operations under the existing Twelve-Five Standard Security Program \9\ would be enhanced. Existing screening requirements for aircraft operators would be extended to cover all-cargo operations. Airports or aircraft operators would be required to secure the cargo operations areas. The definition of ``Indirect Air Carrier'' included in 49 CFR 1540.5 would be amended to include those transporting goods via all-cargo aircraft and all IACs would be subject to a more thorough vetting by TSA prior to receiving authorization to operate. --------------------------------------------------------------------------- \9\ See discussions of Twelve-Five Standard Security Program at III.C. and IV.G. --------------------------------------------------------------------------- This NPRM also would require Security Threat Assessments for individuals who have unescorted access to cargo carried by certain aircraft operators, foreign air carriers, and IACs. TSA is proposing these amendments after extensive consultation with industry through its Aviation Security Advisory Committee, and with other Federal agencies including the Department of Transportation and U.S. Customs and Border Protection. These amendments would significantly enhance aviation cargo security. A. Who Is Affected by This NPRM? TSA regulates four segments of the air cargo industry: (1) Airports serving cargo operations; (2) passenger aircraft operators that transport cargo; (3) all-cargo aircraft operators; and (4) IACs. Each segment is currently required to implement some type of TSA cargo security program. The current regulatory regime covers domestic entities in these four categories as well as foreign air carriers that operate into or out of the United States. The proposals in this NPRM would amend current security requirements for all of these industry segments, both through direct regulatory changes and through anticipated related security program changes. B. Why Are These Regulatory Changes Necessary? TSA has identified two critical risks in the air cargo environment: (1) The hostile takeover of an all-cargo aircraft leading to its use as a weapon; and (2) the use of cargo to introduce an explosive device onboard a passenger aircraft in order to cause catastrophic damage. The magnitude of these risks is determined by factoring in the presence of credible threats and the existence of possible vulnerabilities that a terrorist could exploit. Many steps taken since September 11, 2001 have reduced the capabilities of international terrorist organizations; however, the terrorist threat remains. Likewise, new aviation security requirements have reduced the vulnerability of the air cargo system. Nonetheless, TSA, in cooperation with its many partners in the air cargo transportation industry, has identified additional enhancements of air cargo security to reduce further the likelihood of cargo tampering or unauthorized access to the aircraft with malicious intent. This NPRM addresses the remaining vulnerabilities in the air cargo system. TSA invites public comment on whether these concerns are appropriately addressed and adequately accounted for in this NPRM. Terrorists have attempted to use air cargo to attack U.S. passenger aircraft on occasions in the past, and aviation generally continues to be a priority target for terrorists. The threat to air cargo represents a meaningful risk. TSA believes that strengthening air cargo security requirements through this proposed rulemaking will mitigate the threats. C. How Did TSA Enhance Cargo Security After September 11, 2001? Federal air cargo security requirements date back to the 1970's and have since evolved. Since [[Page 65262]] September 11, 2001, the Federal Government has moved expeditiously to strengthen air cargo security even further. Immediately after September 11, FAA prohibited the shipment of all cargo aboard passenger aircraft. Later, this restriction was partially lifted to allow cargo from known shippers to be transported on passenger aircraft operators, but not cargo from unknown shippers.\10\ By limiting air cargo aboard commercial passenger aircraft to known shippers only, FAA reduced the likelihood that cargo would pose a security threat to passenger aircraft. Since its creation, TSA has also taken several emergency measures to strengthen existing requirements, including additional qualifying requirements for the known shipper program.\11\ --------------------------------------------------------------------------- \10\ See Section IV. G. \11\ The specific criteria for the known shipper program are SSI under 49 CFR part 1520. --------------------------------------------------------------------------- In the all-cargo aircraft environment, several all-cargo aircraft operators have voluntarily adopted the TSA Domestic Security Integration Program (DSIP) \12\ to transfer cargo to passenger aircraft operators and to apply security identification display area (SIDA) requirements to all-cargo operations. The DSIP has been in place since 1992. FAA also strengthened the requirements for IACs immediately after September 11 by requiring additional steps to achieve IAC status. On February 22, 2002, TSA implemented the security program for Aircraft 12,500 Pounds or More, which became effective April 1, 2002 and applies to operators of aircraft with Maximum Certificated Take Off Weight (MTOW) more than 12,500 pounds in scheduled or charter service that are carrying passengers, cargo, or both and are not otherwise required to have a full or partial security program.\13\ The rule also requires the pilot, flight engineer, or flight navigator assigned to duty during flight time on all regulated aircraft operators to have successfully completed a fingerprint-based criminal history records check (CHRC). It calls for restricted access to the flight deck if the aircraft has a flight deck door, and it mandates use of security coordinators, security training, procedures for bomb threats, and contingency plans. --------------------------------------------------------------------------- \12\ The DSIP is a limited program under 49 CFR 1544.101(g). TSA has made this program available to all-cargo aircraft operators, in part, to allow those entities to interline cargo with passenger aircraft operations. \13\ 67 FR 8205 (Feb. 22, 2002). --------------------------------------------------------------------------- In June 2002, TSA completed an extensive Air Cargo Security Scenario Analysis. The specific contents of this report are sensitive security information, and accordingly not publicly releasable. Where available, actual data were used for calculations; where data were not obtainable, estimates were identified and used. The analysis examined various scenarios, which focused on varying degrees of cargo screening, and which were selected to prevent or deter the introduction of explosive devices into the cargo holds of passenger aircraft. It was the first known attempt to conceptualize and conduct a detailed examination of the different security regimes, measure implementation costs and assumptions, and account for potential responses of the industry to the security changes, including the potential costs of implementation. The scenarios and variants ranged from screening unknown shipper cargo to screening cargo on passenger aircraft or preventing any cargo from being transported on passenger aircraft. The various scenarios were compared in terms of costs, benefits, and effectiveness. TSA also has enhanced cargo security by implementing a web-enabled Known Shipper database to centralize data on persons and businesses that are authorized to ship air cargo on passenger aircraft to allow quick and efficient verification of a shipper's status while reducing redundancy. The initial version of the database was deployed in the Fall of 2002 and is currently being used by aircraft operators and IACs on a voluntary basis. Most of the major airlines, and 400 IACs, are participating. The database already consists of over 400,000 known shippers. In the near future, TSA plans to make use of the system mandatory for all aircraft operators, foreign air carriers and IACs required to participate in the known shipper program. This proposed rule would provide authority for this planned change, which would be implemented in the security programs of the aircraft operators, foreign air carriers and IACs. At the core of this endeavor, the Known Shipper database will allow aircraft operators, foreign air carriers and IACs to submit electronically information on their known shippers to TSA and to verify electronically whether a client has been approved with known status under the program. This effort will offer a number of benefits, both for facilitating trade and improving security. Persons and businesses seeking Known Shipper status will no longer have to obtain this status from every aircraft operator, foreign air carrier or IAC with whom they do business; instead, once a shipper is accepted into the database, they will be considered known to all aircraft operators, foreign air carriers and IACs with access. In November 2003, TSA required U.S. aircraft operators, foreign air carriers, and IACs to carry out certain additional security measures with respect to cargo. The U.S. intelligence community continued to receive and evaluate a high volume of reports indicating possible threats against U.S. interests. These reports, combined with recent terrorist attacks, created an atmosphere of concern. Terrorist groups such as Al Qaeda are capable of sophisticated tactics. The Department of Homeland Security was concerned about Al-Qaeda's continued interest in aviation, including using cargo aircraft to carry out attacks on critical infrastructure. In recognition of this threat, TSA made a determination that these circumstances required immediate action to ensure safety in air transportation. The additional measures TSA required in response to those concerns are described in IV. A. D. What Would This Proposed Rulemaking Do To Strengthen the Current Air Cargo Security Regulatory Regime? TSA is implementing a layered security solution throughout the life-cycle of the air cargo shipment and the aircraft on which it is being transported. As discussed in more detail in section IV. of this NPRM, TSA proposes to: Require security threat assessments for individuals with unescorted access to cargo; Codify cargo screening requirements first implemented under SDs, EAs, and part 1550 programs issued in November 2003; Require airports with SIDAs to extend them to cargo operating areas; Require aircraft operators to prevent unauthorized access to the operational area of the aircraft while loading and unloading cargo; Require aircraft operators under a full or all-cargo program to accept cargo only from an entity with a comparable security program or directly from the shipper; Codify and further strengthen the Known Shipper program; Establish a security program specific to aircraft operators in all-cargo operations with aircraft with a maximum certificated takeoff weight more than 45,500 kg; Strengthen foreign air carrier security requirements essentially to parallel the requirements on U.S. aircraft operators; and Enhance security requirements for Indirect Air Carriers. [[Page 65263]] TSA's proposed security requirements are infused throughout the supply chain instead of concentrating all efforts on one measure, such as physical inspection, at a single stage potentially resulting in significant disruption of the supply chain. This NPRM is a central component of this solution and proposes updating the requirements applicable to airports, aircraft operators, IACs, and foreign air carriers currently operating under a security program, and instituting new security requirements for all-cargo aircraft operators and the freight forwarders servicing them. E. How Will TSA Enforce Compliance? TSA relies on its staff of field inspectors to enforce compliance among regulated parties. As noted in various sections above, TSA also believes that issuance of a voluntary disclosure program, development and distribution of security training materials for certain IAC employees and agents, and implementation of enhanced electronic communication capabilities will materially enhance the regulated parties' compliance ability and orientation. The ASAC working groups recommended that TSA implement a voluntary disclosure program to facilitate and improve compliance by regulated parties. TSA has received numerous similar requests from regulated parties. TSA agrees that aviation security is promoted by creating incentives for regulated entities to identify, disclose and correct their own instances of non-compliance, and to invest in efforts to preclude their recurrence. As a result, in December 2003, TSA implemented a voluntary disclosure program. Details of the program are available via the Internet on the TSA Web site at http://www.tsa.gov, with a link titled ``TSA Announces Civil Enforcement Policies'' in the section on Law & Policy. TSA's program is designed to encourage compliance with TSA regulations, foster secure practices, and encourage the development of internal evaluation programs. Upon detecting an inadvertent violation not yet known to TSA, a regulated entity must take immediate action to correct the violation. The regulated entity must report the violation to TSA in writing within 24 hours of detection and submit a detailed written report within 10 calendar days of the initial reporting. The regulated entity must develop a corrective action plan to ensure that the noncompliance remains corrected. After the regulated entity takes these steps, TSA may issue a letter of correction instead of a civil penalty action for the violation, provided all other elements of the policy are met. This program has been issued in a separate action and is not part of this rulemaking proposal. F. Did TSA Consider Recommended Changes? Yes, in addition to its own assessments, TSA based the policy changes proposed in this NPRM on recommendations received from the Department of Transportation Office of Inspector General (OIG), the General Accounting Office (GAO), and the Aviation Security Advisory Committee (ASAC). In addition, TSA has coordinated its efforts with other agencies in the Department of Homeland Security, including the U.S. Customs and Border Protection, which has statutory authority for screening cargo entering and departing the United States. The Department of Transportation Office of Inspector General completed its audit of the air cargo security program in September 2002. This report is SSI. Accordingly, its distribution is restricted. In the report, the OIG offered 14 specific recommendations to increase the level of security as to ``insiders''--namely employees of aircraft operators and IACs with access to cargo. These recommendations varied from increasing the vetting of IACs seeking approval of their security program to training and testing requirements to improved compliance enforcement. Further, in December 2002, the GAO issued its report, ``Vulnerabilities and Potential Improvements for the Air Cargo System (GAO-03-344).'' GAO traced the implementation of recommendations delivered during the 1990's and the development of technologies or operational procedures that might be used to enhance air cargo security. GAO did not make specific recommendations, but called for TSA to develop a comprehensive plan for air cargo security that includes priority actions identified on the basis of risk, costs, deadlines for completing those actions, and performance targets. TSA completed this strategic plan in November 2003. As noted previously, this document includes SSI and is not available to the public. As previously discussed, TSA also considered the ASAC consensus report transmitted on October 1, 2003. G. Were Other Solutions Considered and Why Were the Proposals in the NPRM Chosen Over Others? TSA recognizes that the air cargo industry is large and complex, composed of numerous shippers, 226 domestic and foreign aircraft operators providing services through 2,789 stations at U.S. airports, and approximately 3,200 IACs with over 10,000 business locations. Together these entities transport approximately $30 billion worth of goods per year. In recognition of this breadth and complexity, TSA considered the full gamut of potential solutions for enhancing air cargo security in developing this NPRM. TSA analyzed the existing regulatory structure for air cargo security in the United States, partnered with industry, reviewed a variety of external assessments of the air cargo system, and coordinated with other agencies in the Department of Homeland Security with air cargo security experience and responsibilities, such as CBP, to develop solutions for today's challenges. TSA also reached out to numerous international entities including the European Commission, Transport Canada and International Air Transport Association to assess best practices and regulatory regimes that might be applicable to the U.S. environment. The majority of participants in the ASAC air cargo security working groups have stated that proposals to require the inspection of every piece of cargo shipped on passenger aircraft are impractical. Instead, they recommended a risk-based targeting strategy to identify higher risk cargo for additional scrutiny; relying, in part, on the Government Accounting Office (GAO) report on Vulnerabilities and Potential Improvements for the Air Cargo System,\14\ the Department of Transportation's Office of the Inspector General (OIG) Audit of the Cargo Security Program,\15\ and TSA's Air Cargo Security Scenario Analysis. These reports have cautioned that, in the absence of an appropriate targeting methodology and data, a requirement for inspection of 100% of air cargo would severely burden the just-in-time delivery that is currently a key competitive feature of many U.S. manufacturing and distribution industries, and could have particularly severe negative impacts on aircraft operators, IACs and their employees and agents. TSA agrees with this assessment. TSA believes that a requirement to inspect every piece of cargo could result in an unworkable cost of more than $650 million in the first year of implementation.\16\ --------------------------------------------------------------------------- \14\ GAO-03-344 December 2002. \15\ Report Number SC-2002-113 (September 19, 2002). This report is SSI. \16\ See Regulatory Evaluation for the Air Cargo Security Requirements NPRM, Table 1, Ten-Year Undiscounted Cost Summary for passenger and all-cargo flight cargo screening. --------------------------------------------------------------------------- [[Page 65264]] In its final presentation to TSA, ASAC noted that the layered solution outlined in its forty recommendations would significantly enhance air cargo security while ensuring that commerce is not disrupted, two goals TSA is committed to achieving. It was the sense of the ASAC that technology solutions must be pursued as aggressively as possible. Specifically, the committee's recommendations included using technology to improve communication links between regulated parties and the federal government, leveraging new technology to create a more layered cargo security approach, and using technology to enable enhanced requirements for achieving Known Shipper status. Similarly, TSA reviewed FAA's October 2001 ``Air Cargo Threat Assessment'' (DOT/FAA/AR-02/15) analysis of the vulnerabilities of the current air cargo security program.\17\ In this report, FAA's overall assessment was that an integrated security regime was required. These FAA recommendations have been considered and are reflected in portions of this NPRM.\18\ --------------------------------------------------------------------------- \17\ This document is SSI and, accordingly, not publicly releasable. \18\ This report is protected as Sensitive Security Information under 49 CFR part 1520. --------------------------------------------------------------------------- The Department of Transportation Office of the Inspector General audited the FAA's air cargo security program. The OIG's report of this audit and its results, including data sources, are SSI. Like the ASAC and FAA, the OIG determined that air cargo security could best be bolstered by implementing layered solutions throughout the air cargo system; and offered fourteen specific recommendations. TSA concurred with the OIG's assessment and these recommendations are reflected in both TSA's air cargo strategic plan and in this NPRM. TSA will continue to use SDs and EAs as required to address immediate threats. These directives are issued to regulated parties outlining specific requirements that must be met as part of their security programs and are protected as sensitive security information. Like TSA, CBP also relies on a layered security program for securing air cargo and both agencies are committed to determining how best to leverage individual resources and avoid unnecessary redundancy. As a result, TSA and CBP have initiated a dialogue for coordinating their respective air cargo security activities. TSA and CBP initiated this effort shortly after DHS was established and the agencies received a Congressional mandate to continue this effort during Fiscal Year 2004. TSA and CBP are looking closely at how best to apply their combined experience in promoting supply chain security, securing cargo prior to loading, and applying risk-based targeting programs. In addition, through this effort, DHS is committed to ensuring the maximum degree of consistency between TSA and CBP programs and minimizing the impact on industry by coordinating requirements and procedures. Within the BTS Directorate, CBP and TSA have distinct, but equally vital, security missions in securing air cargo. Historically, CBP has primarily been responsible for determining the admissibility of the cargo held on the aircraft and as such is concerned about cargo that may carry threats to be deployed once the cargo reaches U.S. borders. TSA, on the other hand, is responsible for securing both domestic aircraft and foreign flights destined for the United States from destruction or hijacking and as a result is primarily concerned with the illicit loading of explosives or stowaways on board. The priority mission of CBP is to prevent terrorists and terrorist weapons from entering the United States. That mission means improving security at the nation's physical borders and ports of entry, but it also means extending the zone of security beyond our physical borders-- so that American borders are not the first line of defense. With regard to the securing of international air cargo, CBP has a long history of screening and inspecting cargo upon arrival in the United States. Today it continues this challenge with a refined focus on stopping terrorists and terrorist weapons at our nation's borders. TSA's mission is to provide security in all modes of transportation, with a priority emphasis on aviation. Like CBP, TSA employs a threat-based, risk-managed approach to securing air cargo. Therefore, we focus our efforts in the passenger environment on preventing the introduction of explosive devices into the cargo bays of passenger air carriers. In the all-cargo environment, while measures are taken to prevent the introduction of an explosive device on an all- cargo aircraft, our primary concern is focused on keeping intruders or stowaways off the aircraft, as a hijacking causes significant loss of life and other damage on the ground and in the air. Extensive interagency analysis and outreach to both industry and other federal agencies have led TSA to conclude that a threat based, risk managed, layered solution will provide the highest degree of security in the air cargo environment while causing the least financial and procedural impact on a business sector that contributes significantly to the United States and global economies. TSA invites public comment on the feasibility of this approach overall, on the specific rule changes and requirements proposed in this NPRM, and on other possible actions, such as a requirement to inspect 100% of air cargo, that have been the subject of public discussion but which TSA, for reasons outlined above, has determined not to propose in this NPRM. IV. Summary of Proposed Amendments A. Current Regulation of Aircraft Operators and Foreign Air Carriers and Proposed Amendments TSA regulations currently cover a variety of aircraft operators as part of an overall, layered approach to security. Aircraft operators with scheduled or public charter passenger operations using aircraft with a passenger seating configuration of 61 or more, or those using smaller aircraft that enplane passengers from or deplane passengers into a sterile area, must have full programs under Sec. 1544.101(a). These operators often carry cargo in addition to passengers and must comply with cargo security requirements under Sec. 1544.205. Aircraft operators using aircraft in scheduled or public charter passenger operations using aircraft with a passenger seating configuration of 31 or more but 60 or fewer seats must have a partial program under Sec. 1544.101(b). Aircraft operators using aircraft with a maximum certificated takeoff weight of 12,500 pounds or more, in scheduled or charter service, carrying passengers or cargo or both, must have a twelve-five program under Sec. 1544.101(d) & (e). Aircraft operators using aircraft in private charter passenger operations using aircraft with a passenger seating configuration of 61 or more or a maximum certificated takeoff weight greater than 45,500 kg (100,309.3 pounds) must have a private charter program under Sec. 1544.101(f), as well as having a twelve-five program. This NPRM is proposing to add another type of program. As discussed further in this preamble, TSA is proposing that aircraft operators operating all-cargo aircraft with a maximum certificated takeoff weight of more than 45,500 kg (100,309.3 pounds) have an all-cargo program under proposed Sec. 1544.101(h) & (i). Certain foreign air carriers must have security programs as well. Those with [[Page 65265]] scheduled or public charter passenger operations using aircraft with a passenger seating configuration of 61 or more, or those using smaller aircraft that enplane passengers from or deplane passengers into a sterile area (analogous to U.S. operators with full programs), must have security programs under Sec. 1546.101(a) or (b). Those in scheduled or public charter passenger operations using aircraft with a passenger seating configuration of 31 or more but 60 or fewer seats must have programs under Sec. 1546.101(d) (analogous to U.S. operators with partial programs). In addition, in November 2003, in response to threats, TSA required foreign air carriers that perform all-cargo operations using aircraft with a maximum certificated takeoff weight of 12,500 pounds or more to carry out the All-Cargo International Security Procedures issued by TSA. 69 FR 3939 (Jan. 27, 2004). In this NPRM, TSA is proposing to codify this procedure and to create foreign air carrier security programs analogous to a U.S. twelve-five program in all-cargo operations and to the proposed all-cargo program in part 1544. Additionally, in November 2003, TSA issued SDs and EAs requiring domestic aircraft operators under a full program or a twelve-five all- cargo program and foreign air carriers to apply further screening measures to cargo. More specifically, TSA required that these operators inspect a percentage of cargo prior to loading it on an aircraft. Aircraft operators under a full program must also continue to abide by the requirements of the Known Shipper program. Generally, these aircraft operators may transport only cargo from a known shipper. Congress specified in ATSA, codified at 49 U.S.C. 44901(a), that a Federal employee is not required to carry out screening requirements for a passenger aircraft operator of the Known Shipper program. These screening functions may be performed by the private sector. Likewise at 44901(a), Congress distinguished that Federal screeners must conduct certain passenger screening. Operators of all-cargo aircraft do not share this distinction. All-cargo aircraft operators also may perform cargo screening; it is not required that a Federal employee carry out screening of all-cargo aircraft. The security procedures required for the varying programs are focused to address the greatest perceived threats to the respective operations. Accordingly, TSA requires the most security procedures under the layered approach to those operations perceived to have the highest threat. For instance, the full program focuses security requirements both to protect the large number of passengers on board the aircraft as well as to prevent the largest of aircraft from being hijacked and used as a missile to attack another target, and thus are subject to the most intense security measures. The proposed all-cargo program would focus on the latter threat because aircraft operators under this proposed program generally use the same types of aircraft as those used under a full program. All-cargo operations under the twelve- five program require layers of security appropriate to the lower threats posed by smaller aircraft. TSA has developed a measured approach to match security requirements with the possible risks. B. Security Threat Assessments for Air Cargo Workers TSA currently requires a variety of individuals working in aviation to submit to a criminal history records check. Generally, these individuals work on airport grounds and have access to secure areas. In the cargo environment, many other persons have access to cargo before someone who works for the airport and has had such a check handles it. In this rulemaking, TSA proposes to require additional persons who have unescorted access to air cargo, but do not have unescorted Security Identification Display Area (SIDA) access, to undergo a security check to verify that they do not pose a security threat. TSA recognizes that the number of individuals with access to cargo is large--approximately 63,000--and that the companies that they work for run the gamut from complex organizations to ``mom and pop's.'' Therefore, requiring all these individuals to undergo fingerprint-based criminal history background checks would be a time-consuming and costly process. TSA believes that potential security concerns related to unescorted access to cargo by these individuals would be best addressed at this time by requiring the individuals to submit to a Security Threat Assessment program, focused on the threat of terrorism. A Security Threat Assessment, as proposed in this NPRM, would rely on checks of existing intelligence-based records and databases to ensure that an individual who is a known or suspected threat is prohibited from working in positions that could allow that individual to have unescorted access to air cargo. This program adopts best practices from the financial services and transportation security communities to reduce the likelihood that a terrorist could gain access to cargo. In proposed Sec. Sec. 1544.228, 1546.213, and 1548.15, TSA would prohibit aircraft operators under a full program or all-cargo program; foreign air carriers operating under Sec. Sec. 1546.101(a) (b) or (e); and each IAC from authorizing any individual to have unescorted access to cargo unless the respective operator has verified the identity of that individual in a manner acceptable to TSA, and that individual has successfully completed a CHRC under 49 CFR 1542, 1544, or 1546, Security Threat Assessment pursuant to proposed Subpart C of part 1540, or another Security Threat Assessment approved by TSA. TSA has also considered extending security threat assessment requirements in additional contexts. For instance, TSA considered requiring every employee of an entity regulated by TSA that is in the business of cargo transportation to submit to a security threat assessment. TSA proposes that the layered approach of requiring assessments for those individuals with unescorted access to cargo, combined with requirements to secure cargo upon acceptance, are at this time sufficiently focused on the potential security threat. TSA also considered requiring each person who boards for transportation on an aircraft under an all-cargo security program to submit to a security threat assessment. Alternatively, TSA considered requiring persons who board an aircraft under an all-cargo security program who require prohibited items during the flight to perform their duties to submit to the assessment. TSA has not proposed these measures but invites comments on these considerations. C. Security Measures for Persons Boarding an All-Cargo Aircraft TSA is proposing to codify requirements for screening persons other than passengers boarding the all-cargo aircraft with a maximum certificated take-off weight greater than 12,500 pounds. See proposed Sec. 1544.202 and Sec. 1546.202. Under FAA rules, some persons who are not flight crew members or passengers may travel on an all-cargo aircraft, such as handlers escorting an animal being shipped via air cargo. See 14 CFR 121.583 and 121.587. Such individuals could be in a position to attempt to take over the aircraft. TSA believes that it is necessary to screen such persons to ensure that individuals traveling on aircraft under an all-cargo program, or under a twelve-five program in an all-cargo operation, do not present a security threat. Such screening is now being done under SDs issued in November 2003 and is included as a proposed regulatory requirement in this NPRM. While [[Page 65266]] Congress specified in 49 U.S.C. 44901(a) that a Federal employee must conduct screening of persons in passenger operations, section 44901(f) has no such requirement for all-cargo operations. Accordingly, the private sector may conduct screening in all-cargo operations in compliance with TSA standards. D. Screening Cargo To guard against unauthorized weapons, explosives, persons, and other destructive substances or items in cargo, TSA proposes to codify a requirement for aircraft operators to inspect a portion of air cargo, including that offered by known shippers. See proposed Sec. Sec. 1544.205 and 1546.205. An SD issued to operators with full programs in November 2003 requires that a portion of known shipper cargo be inspected, and this NPRM would codify that change. In addition, an SD issued requires operators of Twelve-Five all-cargo aircraft inspect a portion of cargo. When conducting inspections, aircraft operators are required to follow TSA-approved requirements. In addition, aircraft operators operating under full programs are currently required to submit individuals conducting cargo screening to a fingerprint-based CHRC under Sec. 1544.229 to reduce the likelihood that a terrorist could gain such employment to facilitate the introduction of unauthorized persons, explosives, incendiaries, and other substances or items. This proposed rule would also require aircraft operators operating under all-cargo programs to submit their cargo screeners to a CHRC under Sec. 1544.229, mitigating the possibility that an authorized person would threaten or otherwise compromise the security of the aircraft operations. TSA considered several other requirements for cargo screening that are not included in this NPRM. For instance, TSA considered prohibiting all cargo from transportation on passenger aircraft. TSA recognizes, however, that this requirement would likely lead to significant economic impact on passenger operations. Moreover, TSA proposes that a layered approach to security requirements, including those proposed in this NPRM, would provide for an appropriate level of security and could be implemented without undue hardship on the affected stakeholders. TSA also considered requiring physical inspection of 100% of all cargo on all aircraft, or alternatively on passenger aircraft. However, as noted in III.G. above, 100% inspection of cargo would be impractical and would severely impact the rapid delivery of air cargo. TSA invites comment on these considerations. E. Securing the Cargo Operating Environment Measures to prevent unauthorized individuals from gaining access to the cargo operations area are necessary to prevent tampering with the aircraft or the cargo and to remove a potential access point for stowaways. Currently, at airports that have complete programs under 49 CFR 1542, and therefore are required to have a SIDA based on the presence of covered passenger operations, all individuals working in the SIDA must have an airport-approved photo identification (ID) media that meets standards established by TSA. This ID must be displayed at all times above the waist on the individual's outermost garments. To obtain a SIDA ID, a person must successfully undergo a fingerprint- based CHRC and successfully complete training in accordance with the airport's security program (see 49 CFR 1542.205, 1542.211, and 1542.213). In addition, procedures must be in place for challenging all persons not displaying appropriate ID for the area in which they are found. Currently, all-cargo operations are not specifically covered under airport SIDA requirements. At airports that are required to have a SIDA because of the presence of covered passenger operations, TSA proposes in this NPRM to extend SIDA requirements to cargo operating areas. See proposed Sec. 1542.205. As previously discussed, the potential consequences of an all-cargo aircraft being hijacked and used as a missile to attack another target are comparable to the consequences of a hijacking of a passenger aircraft of the same size. Accordingly, TSA proposes to add a layer of security to protect these aircraft further by applying SIDA requirements in cargo operating areas. Airports that currently have SIDA have the associated procedures and requirements in place. TSA believes that airports that have SIDA will be able to extend SIDAs to areas where cargo is loaded and unloaded without great challenges. Indeed, the cargo operation areas at many of these airports already are SIDAs. TSA also considered extending SIDA requirements to airports that serve all-cargo carriers and are not currently required to have a SIDA. Airports without SIDAs, however, would be required to implement many unfamiliar requirements in order to create SIDA. These airports also may have only occasional and unpredictable all-cargo aircraft traffic, such as on-demand charter operations. In this NPRM, TSA proposes that aircraft operators implement other measures that will enhance security instead of requiring airports without SIDAs to create them. Accordingly, TSA proposes in Sec. 1544.225 to require that the aircraft operator prevent unauthorized access to the operational area of the aircraft while loading or unloading cargo. Note that aircraft operators now must comply with Sec. 1544.217, which requires covered aircraft operators to arrange for a law enforcement presence to respond to any situations that may arise. TSA believes that the aircraft operator is well positioned to provide sufficient security for their aircraft operations, in lieu of an airport SIDA. TSA invites public comment on the economic, operational, and security implications of this approach. TSA also proposes to require that, before placing an all- cargo aircraft back into service after a period spent unattended, the aircraft operator conduct a security inspection of the aircraft. See proposed Sec. 1544.225 and Sec. 1546.103(a)(1). Together, these provisions would reduce the likelihood of successful tampering, stowaway boarding, or the introduction of an improvised explosive device or other destructive substance or item. Similar provisions are currently required of passenger aircraft operators operating aircraft of the same size. F. Accepting Cargo From Comparable Entities TSA is proposing to authorize aircraft operators under full or all- cargo programs to accept cargo only from the shipper, or from an entity with a security program comparable to the aircraft operator's. See proposed Sec. 1544.205(e) and Sec. 1546.205(e). The purpose of this proposed amendment is to prohibit aircraft operators from carrying cargo transferred from persons or businesses without the appropriate security measures to guard against the introduction of unauthorized weapons, explosives, persons, or other destructive substances or items. TSA will provide these aircraft operators in their security programs with a more detailed account of what cargo may be accepted. G. Known Shipper Program TSA proposes to codify and strengthen the Known Shipper program in regulation at 49 CFR 1544.239, 1546.215, and 1548.17. As discussed above in section III., paragraph C., ``How did TSA enhance cargo security after September 11, 2001?,'' the Known Shipper program is a protocol to distinguish shippers about whom security-relevant information is known from those shippers about whom the aircraft operator has inadequate [[Page 65267]] information. This program applies to aircraft operators with full programs, corresponding foreign air carriers, and IACs that offer cargo to such aircraft operators and foreign air carriers. TSA considered extending a regulatory program directly to shippers of cargo that intend to use air transportation. By doing so, TSA would have direct oversight and regulatory authority throughout the cargo supply chain. The number of potential shippers, however, may be unwieldy. Potentially any person or business may ship cargo by air. TSA proposes, instead, to focus on aircraft operators and IACs as discussed through this NPRM. Certain operational elements of the Known Shipper program are sensitive security information and cannot be divulged. However, the existence of the program is a matter of public record. Congress recognized the existence of the Known Shipper program in the Aviation and Transportation Security Act, Pub. L. 107-71, at section 110. Since September 11, 2001, cargo from unknown shippers has not been permitted to be transported aboard aircraft operated under a full program. TSA considered allowing unknown shipper cargo on passenger aircraft after physical inspection. TSA recognizes that this cargo could provide considerable business opportunity to aircraft operators, but determined that this measure could not assure adequate security. No single technology currently exists with sufficient versatility to handle the vast array of cargo sizes, shapes, and materials to ensure security while maintaining acceptable throughput, or processing time. TSA welcomes comments and recommendations on this issue. Although the Known Shipper program has been in existence for over 10 years in its current form and has its roots in security programs that date back to 1976, it has not previously been identified in security regulations; rather, it has been in the aircraft operator security programs. TSA is proposing to codify and enhance the Known Shipper program in this NPRM. TSA will consider, but TSA is not proposing to allow cargo submitted by unknown shippers to be transported on passenger aircraft under a full program at this time. TSA invites public comment on the costs, benefits and practical implications associated with screening cargo from unknown shippers to the degree necessary to permit it to be transported on commercial passenger aircraft. As discussed in III.C. above, TSA is implementing a comprehensive strengthening of the Known Shipper program. These improvements centralize and automate the vetting of applicants to the Known Shipper program. Under this NPRM, when proposing a shipper for the Known Shipper program, an aircraft operator, foreign air carrier, or IAC would be required to submit an application electronically to TSA for vetting against terrorist and law enforcement data. This information will then be stored in a central database along with the shipper's status in the program. Aircraft operators, foreign air carriers, and IACs would be required to check a shipper's status on the system before accepting its cargo for transport on passenger aircraft. This proposed requirement will enable TSA to conduct a thorough threat assessment of those seeking to ship by passenger aircraft. To assist in implementing the enhancements to the Known Shipper program, TSA proposes in this NPRM that, when TSA so requires, the aircraft operators, foreign air carriers, and IACs will submit known shipper information electronically and update it as needed. TSA has designed its known shipper database, including the necessary Internet elements, to ensure that shipper lists are not compromised. TSA believes that the proposed changes would facilitate industry participation in the Known Shipper program by reducing the administrative burden on individual aircraft operators. H. Establish All-Cargo Operator Standard Security Program Aircraft operators using passenger aircraft with a passenger seating configuration of sixty-one seats or more in scheduled or public charter service must have a full program under 49 CFR 1544.101(a), using the Aircraft Operator Standard Security Program (AOSSP). Aircraft operators using passenger aircraft that have a maximum certificated takeoff weight greater than 45,500 kg (100,309.3 pounds), or a passenger-seating configuration of 61 or more, that are not government charters or in private charter service, must have a program under 49 CFR 1544.101(f). Currently, however, all-cargo aircraft operators operating aircraft of a similar size and potential destructive power are subject to the Twelve-Five program, rather than the full program. These operators are currently required to implement security programs in accordance with TSA's Twelve-Five Standard Security Program governing aircraft with a maximum take off weight of 12,500 pounds or more. In addition, some cargo operators voluntarily participate in the more comprehensive DSIP. Considering the potential risks associated with heavier all-cargo aircraft, TSA proposes to require additional steps for securing all-cargo aircraft weighing more than 45,500 kg (100,309.3 pounds) at Sec. 1544.101(h). These measures would be incorporated into a mandatory All-Cargo Aircraft Operator Standard Security Program. The program will include elements of the DSIP. Extending pertinent requirements to all-cargo aircraft operators operating above the 45,500 kg threshold would institute security measures for all-cargo aircraft comparable to passenger aircraft of the same size. An all-cargo aircraft with maximum certificated takeoff weight greater than 45,500 kg could cause significant damage if taken over and used as a weapon. TSA also applies this applicability threshold in the private charter program,\19\ 49 CFR 1544.101(f), and it is consistent with international security standards adopted by the International Civil Aviation Organization.\20\ --------------------------------------------------------------------------- \19\ 67 FR 41635, 41637 (June 19, 2002). \20\ 67 FR 79881, 79883 (December 31, 2002). --------------------------------------------------------------------------- TSA recognizes that the operations of all-cargo aircraft operators and passenger aircraft operators are not identical and looks forward to working with industry to ensure that proposed new requirements are tailored to accommodate those differences. I. Strengthen Foreign Aircraft Operator Security Measures TSA currently requires foreign air carriers using aircraft of a certain size and engaged in scheduled or public charter passenger operations and landing or taking off in the United States to have a TSA-approved security program. Foreign all-cargo air carriers are subject to certain security requirements identified in a security program issued by TSA under part 1550 in November 2003, including random inspection of cargo. See 69 FR 3939 (Jan. 27, 2004). TSA is proposing to amend Sec. 1546.101 to make these requirements permanent and incorporate them into the foreign air carrier regulations in recognition that these measures were implemented on an emergency basis and should now be available for public comment as part of this rulemaking. TSA proposes to extend to foreign all-cargo air carriers requirements to implement a level of security similar to that of U.S. aircraft operators using the same size aircraft. Under the proposed amendment to Sec. 1546.101, foreign air carriers would be required to adopt and implement a security program acceptable to TSA for all flights using an [[Page 65268]] all-cargo aircraft with a maximum certificated takeoff weight of more than 45,500 kg that land or take off in the United States. This security program would essentially parallel the requirements of the proposed all-cargo program for U.S. aircraft operators. This NPRM also proposes that foreign air carriers in all-cargo operations with aircraft over 12,500 pounds and up to 45,500 kg also implement security programs. This security program would essentially parallel the requirements of the Twelve-Five Standard Security Program for U.S. aircraft operators. The remaining proposed amendments would require foreign air carrier security programs to provide a level of security similar to that required of U.S. aircraft operators serving the same airport and employ equivalent procedures. These procedures include application of security measures to persons and property on board the airplane under proposed Sec. 1546.202, measures for acceptance and screening of cargo under proposed Sec. 1546.205, introduction of security threat assessments for cargo personnel in the United States under proposed Sec. 1546.213, and application of Known Shipper program requirements under proposed Sec. 1546.215. J. Enhancing Existing Requirements for IACs The IAC, sometimes called a freight forwarder, is a crucial part of the air cargo system, acting as an intermediary between the shipper and the aircraft operator for approximately 80% of all air cargo shipped on passenger aircraft in the United States. TSA estimates that there are 3,200 entities in the United States operating as IACs ranging from large corporations to sole proprietors working out of their homes. All IACs are required to maintain a security program known as the IACSSP and are regulated under 49 CFR 1548. This NPRM proposes to expand the definition of IAC to include businesses engaged in the indirect transport of cargo on larger commercial aircraft, regardless of whether the operation is conducted with a passenger aircraft or an all-cargo aircraft. In addition, TSA plans to strengthen security requirements for all IACs. Specifically, TSA proposes to vet businesses more thoroughly before they are authorized to do business as IACs, strengthen a requirement for periodic recertification of IAC status, and strengthen security requirements for accepting and processing air cargo. These amendments to the rules governing IAC operations are intended to improve the security of the air cargo supply chain by infusing better security during the period between when a package leaves a shipper and when it is presented to the aircraft operator. A key element of TSA's proposed enhanced IAC standard security program is a more thorough vetting of entities seeking authority to do business as IACs. To strengthen the application process, TSA is developing a web-based, centralized system for validating and revalidating IACs. This system will improve security through an enhanced, more effective vetting process while facilitating the application, renewal and review process for the industry. Upon implementation of the Internet-based system, TSA proposes, under Sec. 1548.7, to require all businesses to use the system to obtain initial IAC approval and to renew their approval. In doing so, TSA proposes to require IAC applicants to submit more information about themselves and their business than is currently required, including basic corporate records. IACs would also be required to use the system to notify TSA of any changes to their corporate structure and to renew their status annually. These two steps will allow TSA to check whether the applicant is a legitimate business and determine whether the business or personnel poses a threat to transportation security. These planned new IAC vetting tools, combined with the centralization of information and automated communications, would enable TSA to implement effectively a program to remove IAC authorization from those persons found to be security risks during revalidation or found to be out of compliance. In this NPRM, TSA proposes procedures for withdrawing IAC security program approval. TSA's envisioned electronic validation/revalidation process is also indicative of the DHS commitment to improving security while promoting best business practices. By automating much of the current paper-based process, TSA would be able to accelerate the validation and revalidation process, and industry would have an improved means of communication with TSA that facilitates TSA's ability to notify IACs and aircraft operators of pending actions. K. Establishing New Training and Personnel Requirements TSA is proposing to add regulatory text to: expand general security requirements to include the protection of stored or en route cargo under Sec. 1548.9; implement training under Sec. 1548.11; require IACs to appoint Security Coordinators under Sec. 1548.13; authorize IACs to receive and require IACs to confirm receipt of, and to implement SDs and Information Circulars under Sec. 1548.15. To ensure that IAC employees understand and are trained to implement their security responsibilities, TSA is proposing to require a comprehensive and recurrent training program for IACs. This program would cover procedures for accepting, accessing and handling cargo intended for transport on aircraft as well as record keeping, acceptance and maintenance of Sensitive Security Information, and communication protocols and other requirements in the security program. As part of this initiative, TSA proposes to develop computer and/or video-based instructional materials and a testing tool, including a minimum standard that an employee will be expected to meet, and protocols for situations where employees fail to meet the threshold. Development of these training tools will coincide with the review and consideration of this NPRM and revisions to the IACSSP; training materials should be available to IACs shortly after these changes are implemented. TSA believes that development and distribution of these training tools will enhance regulatory compliance among the IAC community. TSA invites public comment on the practical and economic implications of requiring training of IAC and IAC agent personnel, and on the best means for achieving a high training standard without disrupting commerce. TSA also proposes to require IACs to designate a Security Coordinator at the corporate level. This individual will be responsible for implementing the IAC's security program and will serve as the IAC's primary point of contact for communication with TSA. The Security Coordinator can be an existing employee with additional duties, but someone in this role must be available 24 hours a day. Establishment of IAC security coordinators is crucial to ensuring that TSA has an open line of communication with this important class of regulated parties. Currently, airport operators and aircraft operators must have Security Coordinators. As TSA is presented with new threat and vulnerability information, TSA may need to require IACs to adjust their actions accordingly. Currently, TSA communicates such information to regulated parties, particularly to aircraft operators, by issuing SDs and Information Circulars. TSA is proposing to implement a parallel capability for IACs. IACs would be authorized to receive SDs, and required to verify receipt of the directive or circular and [[Page 65269]] to notify TSA how they will comply with it. If an IAC is unable to comply with a SD, it would be allowed to propose an alternative means of compliance to TSA. Formalizing this two-way communication is necessary to ensure sufficient measures are enacted when the threat changes, such as during a heightened state of alert. TSA also proposes to codify existing general requirements of the IACSSP to require IACs to enhance the security of cargo stored or en route to the aircraft operator. The proposal to enhance en route and storage security is intended to ensure that IACs are held accountable for securing the goods entrusted to them throughout those legs of the supply chain for which they are responsible. Acceptable security measures are likely to include standards for facility security, and lock and seal requirements for conveyances. TSA invites suggestions from interested parties regarding the most appropriate solutions available. V. Section-by-Section Analysis of Proposed Changes Part 1540--Civil Aviation Security: General Rules Section 1540.5--Terms Used in This Subchapter TSA proposes to broaden the definition of ``Indirect Air Carrier'' by removing the word ``passenger,'' in order to expand TSA security program requirements to freight forwarders that offer cargo to all- cargo aircraft operations. The ASAC Air Cargo Security working groups (``ASAC working groups'') recommended, and TSA agrees, that limiting the definition of IAC to only those persons that tender cargo to a passenger aircraft would be inconsistent with TSA's goal of extending a security regime to all-cargo aircraft operations. Sections 1540.201 Through 1540.209--Subpart C--Security Threat Assessments The ASAC working groups recommended, and TSA agrees, that the identities of personnel who have unescorted access to cargo to be shipped by air should be verified, and that such personnel should be subject to appropriate background checks. TSA proposes to create a type of personnel background check to be called a ``Security Threat Assessment.'' This Security Threat Assessment would include a search by TSA of domestic and international databases to determine the existence of indicators of potential terrorist threats that meet the standards set forth in proposed Subpart C of part 1540. This subpart is procedural and sets out the scope and basic procedural requirements of a Security Threat Assessment, including related fee requirements, and provides for review of TSA determinations in connection with Security Threat Assessments. In proposed Sec. Sec. 1544.228, 1546.312, and 1548.15, operators would be required to ensure that individuals who have unescorted access to cargo undergo a Security Threat Assessment or other check. See the discussion of Sec. 1544.228 below. This requirement would apply to aircraft operators operating under full or all-cargo programs, the corresponding foreign air carriers, and IACs that offer cargo to such operators. TSA's proposed Security Threat Assessment would require in Sec. 1540.203 that operators verify the individual's identity, after which TSA would check their identity information against intelligence records and other data related to terrorism. Operators would be required to submit the individual's name, date and place of birth, social security number and date of naturalization (if a naturalized citizen), citizenship status, alien registration number (if applicable) and a detailed description of the measures taken to verify the individual's identity. After assessing this data to determine whether the individual poses or is suspected of posing a threat to national security, transportation security or of terrorism, under proposed Sec. 1540.205, TSA would notify the regulated party and the individual. This notification can take 3 forms: 1. Security Authorization for Unescorted Cargo. This notification would indicate that TSA has not found that the individual presents a known or suspected threat to security. Upon receipt of this notification, the operator may authorize the individual unescorted access to air cargo. 2. Initial Denial of Authorization for Unescorted Cargo Access. This notification would be issued if TSA knew or suspected the individual of posing a threat. The individual would be able to appeal this determination through adjudication, but the individual would not be permitted unescorted access to air cargo while the appeal is pending. 3. Final Denial of Authorization for Unescorted Cargo Access. If the individual was determined to present a threat after an initial determination was issued and the individual has an opportunity to appeal that determination, this notification would inform the operator and the individual that he or she must be barred from having unescorted access to air cargo. Section 1540.207 would set out the appeals procedures under this proposal to provide appropriate due process. Section 1540.209 would establish the fee requirements necessary to recover associated costs of the Security Threat Assessment. Under the proposed rule, the operator would not permit the individual to handle cargo until the operator and the individual were notified of a Security Authorization for Unescorted Cargo Access by TSA. In cases where TSA issues a Denial of Authorization for Unescorted Cargo Access, TSA may notify government agencies for law enforcement or security purposes, or in the interests of national security. TSA recognizes that the requirement for background checks may cause affected businesses to alter their hiring practices. However, TSA believes that the security benefits of this requirement will be considerable and that TSA will be able to conduct the initial assessments in an expeditious fashion, providing timely notice to the regulated party. Part 1542--Airport Security Section 1542.1--Applicability of This Part Currently, part 1542 applies to airport operators regularly serving aircraft operators with full programs, private charter programs, or partial programs under part 1544, or the corresponding foreign air carriers under part 1546. Airport operators under part 1542 must have and carry out security programs as described in that part and, under Sec. 1542.5, must allow TSA to conduct inspections on the airport. Airports that do not regularly serve such operations, or only serve twelve-five programs, are not now subject to part 1542. TSA proposes to revise Sec. 1542.1 by adding subparagraph (d) to require that each airport that serves an aircraft operator with any security program under part 1544 or a foreign air carrier under part 1546 would be subject to Sec. 1542.5. This would ensure that TSA could inspect aircraft operators and foreign air carriers using an airport that does not have a security program. It is critical that TSA have access to those aircraft operations to determine whether they are in compliance with the security requirements. Accordingly, the proposed addition of subparagraph (d) would provide that TSA may enter an airport that is not otherwise subject to part 1542 to conduct an inspection on an aircraft operator or a foreign air carrier regulated under parts 1544 and 1546, respectively. This proposal would not require that any additional airport operators obtain security programs; it [[Page 65270]] would only require that certain airport operators allow TSA to conduct inspections under Sec. 1542.5. Section 1542.205--Security of the Security Identification Display Area (SIDA) The ASAC working groups recommended, and TSA agrees, that, at airports that currently have one or more SIDAs, the SIDA should be extended or a new SIDA created to encompass air cargo operations. These airports have complete programs under Sec. 1542.101(a) and serve the passenger aircraft operators with full programs. Under current Sec. 1542.205, for each SIDA the airport operator must establish and carry out a personnel identification system, subject each individual who has unescorted access to a criminal history records check, and ensure each individual with unescorted access is properly trained. Currently, air cargo operations are not required to be conducted in SIDAs. Under paragraph 1542.205(a) TSA is proposing to add a new paragraph (a)(2) that expands the scope of operations that must be in a SIDA by requiring airports with SIDAs either to expand existing or create new SIDA to incorporate areas of cargo operations. These cargo operations areas would include areas where cargo is regularly sorted, loaded, or unloaded by certain aircraft operators or foreign air carriers. The SIDA would only be extended to areas on airport grounds. This proposed change would apply only to aircraft operations conducted under a full program, and those operating under an all-cargo program. Also, only areas of the airport that are regularly used for these cargo operations would be made SIDAs. Areas on these airports that are only occasionally used would not need to be SIDAs, but the aircraft operator would be required to provide security for the area under proposed Sec. 1544.225(d). Similarly, at airports that do not have SIDAs pursuant to Sec. Sec. 1542.103(a) and 1542.205(a), aircraft operators would provide security under proposed Sec. 1544.225(d). All airport operators who would be affected by the proposed amendment of paragraph 1542.205(a) currently have a SIDA and are already subject to the requirements of Sec. 1542.103(a) and Sec. 1542.205. TSA also proposes to revise current paragraph 1542.205(b)(2), which states that an individual must undergo an employment history verification under Sec. 1542.209 before gaining unescorted access to a SIDA. This paragraph would be changed to clarify that a criminal history records check is required pursuant to Sec. 1542.209 rather than an employment history verification. This clarification would make the text of Sec. 1542.205(b)(2) consistent with that of Sec. 1542.209. Finally, TSA proposes to add new paragraph 1542.205(c). This paragraph would make it clear that an airport operator that is not required to have a complete program under Sec. 1542.103(a) is not required to establish a SIDA under proposed Sec. 1542.205. The security measures required in a SIDA provide additional safeguards against unauthorized persons from gaining access to cargo operations where they could tamper with the cargo or stow away in attempt to take over the aircraft in flight, or introducing into cargo an unauthorized explosive, incendiary, or destructive substance or item. Part 1544--Aircraft Operator Security: Air Carriers and Commercial Operators Section 1544.101--Adoption and Implementation The ASAC working groups recommended, and TSA agrees, that all-cargo aircraft operations conducted in aircraft with a maximum certificated take-off weight of more than 45,500 kg (100,309.3 pounds) should be subject to certain security requirements beyond those applicable to such operations under the current Twelve-Five Standard Security Program. TSA has already determined that this size aircraft is of a size that could cause significant damage if taken over and used as a weapon, and thus when this size aircraft is used in private charter passenger operations it must be operated under a private charter security program.\21\ Additionally, the 45,500 kg threshold is consistent with international security standards adopted by the International Civil Aviation Organization. Accordingly, to ensure consistent treatment of similar aircraft, TSA proposes, in Sec. 1544.101(h) and (i), to apply the same threshold by requiring that all- cargo operations in such aircraft be covered under an all-cargo program. Note that such aircraft carry both cargo and certain other persons (not passengers) in accordance with FAA rules. 14 CFR 121.547 and 121.583. These persons handle the cargo and perform other operations related to the flight. --------------------------------------------------------------------------- \21\ 67 FR 41635 (June 19, 2002), amended by 67 FR 79861 (Dec. 31, 2002). --------------------------------------------------------------------------- Operations under an all-cargo program would no longer be under the current twelve-five program. Accordingly, TSA proposes to amend paragraph 1544.101(d)(1) to conform to the addition of the all-cargo program by providing that the twelve-five program does not apply for operations under an all-cargo program. In addition, TSA proposes to change the requirement for a twelve- five program from aircraft with a maximum certificated takeoff weight ``of 12,500 pounds or more'' to ``more than 12,500 pounds.'' This section initially was based on the requirement in ATSA section 132(a) that TSA implement a security program for charter air carriers for aircraft having a maximum certificated takeoff weight of 12,500 pounds or more. In Vision 100, section 606(a), this was changed to require security programs for aircraft with a weight of more than 12,500.\22\ This proposed amendment is consistent with Congressional intent. Vision 100 also codified the requirement for charter air carrier security programs in 49 U.S.C. 44903(l)(1). --------------------------------------------------------------------------- \22\ Century of Aviation Reauthorization Act, Pub. L. 108-176. --------------------------------------------------------------------------- Vision 100 section 606(a) also codifies in new 49 U.S.C. 44903(l)(2) an exemption for armed forces charters so they are not subject to the requirements of 44903(l)(1). Such military operations are not subject to the requirements of Sec. 1544.101(d) or (e) and no TSA rule change is needed to implement this provision. TSA also proposes to amend paragraph 1544.101(e)(1), which lists the elements of the twelve-five program. TSA proposes the following enhancements to the twelve-five program for all-cargo operations: Sec. 1544.202 (Persons and property onboard the all-cargo aircraft) and Sec. 1544.205(a), (b), and (d) (Acceptance and screening of cargo: Preventing or deterring the carriage of any explosive or incendiary, Screening and inspection of cargo, and Refusal to transport). Section 1544.202--Persons and Property Onboard the All-Cargo Aircraft Section 1544.201 currently requires passenger operations under full programs or private charter to screen, inspect, and provide other security for persons who board their aircraft and their accessible property. This section is geared largely to cover screening of passengers and their accessible property, though it also covers security measures for other persons boarding aircraft operated under full programs or private charter programs. TSA proposes to add new Sec. 1544.202. This section would require aircraft operators to apply the security measures in their security programs to persons who board the aircraft, and to their property. This proposed requirement is [[Page 65271]] intended to prevent persons who may pose a security threat from boarding and to prevent or deter the carriage of unauthorized explosives, incendiaries, and other destructive substances or items. This section would authorize TSA to incorporate into the security programs screening for unauthorized persons, or substances or items that could be used to pose a threat to transportation security. TSA proposes to incorporate this requirement into both the twelve- five program for all-cargo operations and the proposed new all-cargo program. Such operators currently apply security measures to persons who board their aircraft under SDs that TSA has issued in response to threats. TSA envisions these measures to continue under this proposed rule. Section 1544.205--Acceptance and Screening of Cargo The ASAC working groups recommended, and TSA agrees, that security measures for and screening of air cargo should be enhanced. TSA proposes to amend paragraphs 1544.205(a), (b), (c), and (d) to broaden the scope of security measures that may be required in an aircraft operator security program, and to reference the Known Shipper program. Specifically, TSA is proposing to require aircraft operators operating under a full, all-cargo, or twelve-five security program to inspect cargo for unauthorized persons, explosives, incendiaries, and other destructive substances or items. TSA believes that this amendment is necessary to prevent the introduction of stowaway hijackers, explosive devices, or other threats into air cargo. Carriers under these programs are currently required to inspect cargo to protect against such potential threats. This proposed provision would not alter that requirement but is adding it to the CFR and providing industry an opportunity for public comment. The security measures in proposed Sec. 1544.205(a) and (b) are the same as those incorporated into SDs that have been issued and are currently being carried out by aircraft operators with full programs and twelve-five programs. Proposed Sec. 1544.205(b) would authorize TSA to incorporate into an aircraft operator's security program screening of cargo for unauthorized persons, or substances or items the intentional misuse of which could pose a threat to transportation security. Current Sec. 1544.205(c) provides that the aircraft operator must prevent access by persons other than an aircraft operator employee or its agent. TSA is proposing to add that persons authorized by the airport operator or host government also may have access. Such individuals as Customs inspectors and airport law enforcement officers must have access to such areas. TSA also proposes to strengthen the cargo acceptance requirements applicable to aircraft operators operating under a full program or an all-cargo program. Pursuant to proposed Sec. 1544.205(e), an aircraft operator would be permitted to accept cargo for air transportation only from entities that have comparable security programs. TSA believes that this provision is necessary to secure the aircraft by strengthening the integrity of the air cargo supply chain. These requirements parallel those currently applied to operations conducted under a full program. TSA also proposes, in Sec. 1544.205(f), to require each aircraft operator to carry out the requirements of its security program for cargo to be loaded on its aircraft outside the United States. Not all of the part 1544 requirements can be carried out in other countries. Rather, TSA works with the host governments, under international agreements, to ensure that the security measures in place provide the appropriate level of security. Section 1544.225--Security of Aircraft and Facilities The ASAC working groups recommended, and TSA agrees, that additional steps should be taken to assure that attempted unauthorized access to the aircraft and cargo is detected and prevented. Proposed paragraph 1544.225(d) would require the operators of aircraft operating under a full program or an all-cargo program to prevent unauthorized access to the operational area of the aircraft while loading or unloading cargo. This requirement would apply to operations conducted both within and outside a SIDA. TSA recognizes that current paragraph 1544.225(b) requires all aircraft operators operating under security programs to prevent unauthorized access to each aircraft. Proposed paragraph (d) would broaden this requirement, for aircraft operated under a full or an all-cargo program, to clarify that unauthorized access must be prevented to the operational area around the aircraft during cargo loading and unloading operations. This measure would provide an additional layer of protection around the aircraft. Section 1544.228--Security Threat Assessments for Cargo Personnel TSA proposes to require persons who have unescorted access to cargo to undergo a security check. This would require that they comply with the requirements of subpart C of part 1540 by successfully completing a Security Threat Assessment, or that they undergo a criminal history records check under current rules, or other approved Security Threat Assessment. This requirement would apply to aircraft operators under a full program or an all-cargo program. TSA believes that this step is necessary to reduce the likelihood of a terrorist gaining employment in a position with access to cargo for the purpose of introducing an explosive, stowaway hijacker, or other destructive substance into air cargo. Extending Security Threat Assessments to these individuals would allow for a comparable degree of security for all personnel with access to cargo on behalf of regulated parties from the time it is picked up from a shipper to the time it is loaded on the aircraft. This proposal would allow for another Security Threat Assessment to be approved by TSA. For instance, if the individual had undergone a Security Threat Assessment for the issuance of a hazardous materials endorsement on a commercial drivers license in accordance with 49 CFR 1572.5, TSA could approve that as acceptable for compliance with proposed Sec. 1544.228. TSA has proposed a fee structure and collection process to fund some or all of the costs associated with the proposed Security Threat Assessment requirements. The proposed fee may be found at section VII titled Fee Authority for the Security Threat Assessment of this NPRM. Section 1544.229--Fingerprint-Based Criminal History Records Checks (CHRC): Unescorted Access Authority, Authority To Perform Screening Functions, and Authority To Perform Checked Baggage or Cargo Functions The ASAC working groups recommended, and TSA agrees, that the identities of persons who perform certain key actions with air cargo should be subject to verification and that the backgrounds of these persons should be checked. TSA proposes to broaden the background check requirements by revising paragraph 1544.229(a)(1)(iii)(B) to include a cross-reference to the new paragraph 1544.229(a)(1)(iii)(C). The new paragraph requires persons who screen cargo that will be carried on an aircraft of an operator required to screen cargo under part 1544 to submit to a CHRC under Sec. 1544.229. Currently, Sec. 1544.229 applies, in pertinent part, only to persons having authority to screen cargo, in the United States, of an [[Page 65272]] aircraft operator required to screen passengers under this part, or serving as an immediate supervisor of such an individual, when the cargo will be carried in the cabin of the aircraft. Accordingly, only cargo screeners for operators with full programs currently are subject to Sec. 1544.229. This new requirement parallels the current requirement that persons who screen passengers and carry-on baggage (accessible property) must comply with Sec. 1544.229. TSA also proposes to require that cargo screeners for operators with all-cargo programs be subject to the criminal history records check requirements of Sec. 1544.229. This change would provide an additional protection against individuals who screen cargo for the largest all-cargo aircraft from using their positions to introduce unauthorized explosives, incendiaries, persons, or destructive substances or items into the cargo or aircraft. Section 1544.239--Known Shipper Program Proposed Sec. 1544.239 would codify the Known Shipper program in the federal regulations. The ``known shipper'' concept, which differentiates cargo being shipped by recognized entities from that originating with unknown parties, has been a fundamental element of air cargo security since 1976. The program has also been recognized as a global standard by the International Air Transport Association (IATA) and was recognized by the United States Congress as a form of screening in ATSA. Aircraft operators operating under a full program would be required to have a Known Shipper program including measures to ensure the shippers' validity and integrity, to inspect or further screen cargo, and to provide shipper data to TSA. Aircraft operators must meet these requirements in accordance with the standards detailed in their security program. The Known Shipper program would apply to operations under full programs. Aircraft operators with full programs are already required to maintain a Known Shipper program under their security programs. TSA believes that it is prudent to set out the major features of this program in regulation at this time. Additional changes to how the Known Shipper program must operate may be included in revisions to the security program. Part 1546--Foreign Air Carrier Security Section 1546.101--Adoption and Implementation The ASAC working groups recommended, and TSA agrees, that cargo operations of foreign air carriers that land or take-off in the United States should be required to conform to essentially the same requirements as those applicable to comparable operations by domestic aircraft operators. TSA proposes to broaden the provisions of Sec. 1546.101 to require each foreign air carrier landing or taking off in the United States to adopt and carry out an appropriate security program for each covered all-cargo operation. TSA proposes to establish the requirements of an appropriate security program for a covered foreign air carrier conducting all-cargo operations for operations in aircraft having a maximum certificated take-off weight greater than 45,500 kg (100,309.3 pounds) (analogous to a U.S. all-cargo program under part 1544), and for operations in aircraft having a maximum certificated take-off weight greater than 12,500 pounds up to 45,500 kg (100,309.3 pounds) (analogous to a U.S. twelve-five program in all- cargo operations under part 1544). Section 1546.103--Form, Content, and Availability of Security Program TSA proposes to make an administrative change to paragraph 1546.103(a) by removing the word ``passenger'' and changing ``U.S. air carriers'' to ``U.S. aircraft operators.'' In paragraph 1546.103(b), TSA proposes to add paragraphs 1546.101 (e) and (f) to the introductory text. This proposed change broadens the requirements to embrace cargo operations. Section 1546.202--Persons and Property Onboard the Airplane This proposed new section parallels the requirements of the proposed aircraft operations in the United States. The rationale for this addition is described in the section-by-section analysis for Sec. 1544.202. Section 1546.205--Acceptance and Screening of Cargo The ASAC Working groups recommended, and TSA agrees, that, consistent with recognition of the sovereignty of foreign states, aviation security regulations should be clarified with respect to the duty of foreign air carriers for the security of air cargo loaded in or destined for the United States. TSA proposes to amend paragraph (a) and add paragraphs (c), (d), (e), and (f) to Sec. 1546.205. These paragraphs are parallel to those for U.S. aircraft operators in proposed Sec. 1544.205. Proposed paragraph 1546.205(d), ``Screening and inspection of cargo in the United States,'' would provide that each foreign air carrier must ensure that, as required in its security program, cargo is screened and inspected for explosives, incendiaries, unauthorized persons, and other destructive substances or items as provided in the foreign air carrier's security program, in accordance with Sec. 1546.207, and Sec. 1546.215 if applicable, before loading it on its aircraft in the United States. Proposed paragraph 1546.205(e), ``Acceptance of cargo in the United States,'' would provide that each foreign air carrier may accept cargo in the United States only from the shipper, or from an aircraft operator, foreign air carrier, or IAC operating under a security program under this chapter, with a comparable cargo security program as provided in its security program. Proposed paragraph 1546.205(f) would provide that, for cargo to be loaded on its aircraft outside the United States, each foreign air carrier must carry out the requirements of its security program. Section 1546.213--Security Threat Assessment for Cargo Personnel in the United States TSA proposes to require persons who are not required to complete a CHRC under Sec. Sec. 1542.209, 1544.229, or 1544.230 and who have unescorted access to cargo, to comply with the requirements of subpart C of part 1540 by successfully completing a Security Threat Assessment. This requirement would apply to foreign air carriers under paragraphs 1546.101(a), (b), or (e). The rationale for this security measure parallels that rationale described in the section-by-section analysis for Sec. 1544.228. Section 1546.215--Known Shipper Program TSA proposes to codify the Known Shipper program for the foreign air carriers just as we proposed in Sec. 1544.239. The rationale for adding this new section is the same as stated in the section-by-section analysis for Sec. 1544.239. Part 1548--Indirect Air Carrier Security Section 1548.5--Adoption and Implementation of the Security Program TSA proposes to revise paragraphs (a), (b), and (c) of Sec. 1548.5 regarding the adoption and implementation of the [[Page 65273]] IACSSP. The proposed change to paragraph 1548.5(a) would specify that no IAC may offer cargo to an aircraft operator operating under a full program or an all-cargo program specified in part 1544, or to a foreign air carrier operating a passenger operation under paragraphs 1546.101(a) and (b) or an all-cargo program under paragraph 1546.101(e), unless that IAC has and carries out an approved security program under part 1548. The proposed change to paragraph 1548.5(b) would broaden the scope of screening actions that may be required in an individual IAC's security program. IACs having cargo screening responsibilities under current Sec. 1548.5(b)(1) and their approved security programs must ``[p]rovide for the safety of persons and property traveling in air transportation against acts of criminal violence and air piracy and the introduction of any unauthorized explosive or incendiary into cargo aboard a passenger aircraft.'' TSA proposes to revise this requirement to provide that the IAC must ``provide for the security of persons and property traveling in air transportation against acts of criminal violence and air piracy and the introduction of any unauthorized person, explosive, incendiary, or other destructive substances or items as provided in the IAC's security program.'' This provision would also broaden the duty of IACs to include cargo to be carried on an aircraft operated under an all-cargo program rather than solely in passenger operations. This change parallels the cargo security requirements in proposed Sec. Sec. 1544.205 and 1546.205. It authorizes TSA to incorporate into an IAC's individual security program screening of cargo for unauthorized persons, or substances or items the intentional misuse of which could pose a threat to transportation security. Under Sec. 1548.5(b)(1)(i), this requirement would apply from the time the IAC accepts the cargo to the time it transfers the cargo to an entity that is not an employee, agent, contractor, or subcontractor of the IAC. This proposed provision clarifies the existing IAC security program requirement that the IAC is responsible for carrying out security measures under this part when its employee, agent, contractor or subcontractor fulfills its function. Section 1548.5(b)(1)(ii) would apply while the cargo is stored, en route, or otherwise being handled by an employee, agent, contractor, or subcontractor of the IAC. Section 1548.5(b)(1)(iii) would apply regardless of whether the IAC has or ever has physical possession of the cargo. At times, IACs perform cargo services that may include arranging for transportation of cargo by other entities. This proposed amendment clarifies that the IAC is responsible for these shipments even though the IAC, itself, does not have physical possession. Proposed paragraph 1548.5(b) would also require the IAC to assure that its employees, agents, contractors, and subcontractors comply with the requirements of the IAC's security program. This provision currently is in the IACs' standard security programs. The proposed change to paragraph 1548.5(c) would assure that the content of each IAC security program reflects the scope of security measures established under proposed Sec. 1548.5(b), references Known Shipper program requirements that are proposed to be codified in Sec. 1548.17, and establishes a new requirement that each IAC security program include documentation of the procedures and curriculum used to accomplish the training of persons who accept, store, transport or deliver cargo for or on behalf of the IAC. This training would be required under proposed new Sec. 1548.11. Section 1548.7--Approval, Amendment, Annual Renewal, and Withdrawal of Approval of the Security Program TSA proposes to restructure and revise this section both to reflect actual practices and enhance the security of this regulatory regime. The proposed revision of paragraph 1548.7(a) accounts for the fact that TSA has developed the IACSSP. Consistent with current practices, rather than submitting a security program for TSA approval, an entity would request approval to operate under the IACSSP. The proposed addition explains how an applicant must seek approval to operate under the IACSSP, including a record-keeping requirement and a list of information that the applicant must submit to TSA for consideration. Paragraph 1548.7(a) also proposes the process that TSA will follow to approve an applicant's operation under a security program, proposes that approvals would be effective for one year, and provides that the approved IAC must notify TSA of changes to the initial application. TSA would use the information submitted by IAC applicants to verify their legitimacy through a check of publicly-available records and to cross check that information against data on known and suspected terrorists. Under current practices, TSA issues an IACSSP to expire each year. The proposed addition of paragraph 1548.7(b) presents the processes an IAC must follow to annually seek renewed TSA approval to operate under the IACSSP. Annual renewal would be a continuation, and codification, of the current practice. Other entities regulated by a TSA security program, such as aircraft operators and airports, must obtain FAA certification. IACs are not required to do so. Additionally, TSA has found that the IAC industry has a high degree of turnover. Accordingly, TSA proposes in paragraph 1548.7(b) that the IAC must submit to TSA for renewal at least 30 calendar days prior to expiration of the IACSSP as well as other standards for the submission. The proposed renewal standards also include that the IAC certify that it has provided TSA with its most up-to-date information and acknowledge that intentional falsification of the information may be subject to civil and criminal penalties. The addition further proposes the standard for TSA to renew the approval of an IACSSP. Proposed Sec. 1548.7(b) otherwise codifies the existing security program required for annual renewal. The proposed additions of paragraphs 1548.7(c), (d), and (e) revise the existing requirements of paragraphs 1548.7(b), (c) and (d), respectively. Many of the changes parallel changes made previously to similar requirements for airport operator security programs and aircraft operator security programs in Sec. Sec. 1542.105 and 1544.105. In part, the new paragraphs have been moved to ensure that the structure of the section remains logical. Proposed Sec. 1548.7(c) closely parallels the existing Sec. 1548.7(b), but adds Sec. 1548.7(c)(6)--allowing a group of IACs to submit a proposed amendment together. Proposed paragraph 1548.7(d) is the same as the existing paragraph 1548.7(c). The proposed paragraph 1548.7(e) revises the existing Emergency Amendments (EA) standards of the existing paragraph 1548.7(d). The proposed paragraph is separated into three subparagraphs for easier reading. Proposed paragraph 1548.7(d)(1) substitutes ``aviation security'' for ``safety in air transportation or in air commerce'' to clarify the breadth of TSA's EA authority. Proposed paragraph 1548.7(d)(2) reorganizes existing EA standards to emphasize immediate effectiveness and that TSA will provide a brief statement regarding the rationale for the EA. Finally, paragraph 1548.7(d)(3) provides the IAC with 15 days to file a petition for reconsideration but provides that the filing of the petition does not stay the effective date of the amendment. TSA proposes to codify procedures for TSA to withdraw an IAC's approval to operate under the IACSSP with the [[Page 65274]] addition of paragraph 1548.7(f). The proposed standard for withdrawal is a TSA determination that the operation is contrary to security and the public interest. Proposed paragraph 1548.7(f) provides procedures for notice, response, and petition for reconsideration. The affected IAC would be able to request a stay of the withdrawal. TSA also proposes the codification of emergency withdrawal procedures. This proposal creates procedural guidelines to implement withdrawal of a security program and affords due process to the IAC. The emergency procedures would allow the IAC to submit a petition for reconsideration, but the filing of a petition will not stay the effective date of withdrawal. Proposed paragraph 1548.7(g) adds provisions for proper service of documents in the withdrawal proceedings. Procedures for time extensions are proposed at paragraph 1548.7(h). Section 1548.9--Acceptance of Cargo TSA proposes to revise paragraph 1548.9(a) to broaden the scope of the IAC's duty to prevent or deter the carriage of unauthorized persons or destructive substances or items on board an aircraft to the existing requirements regarding explosives and incendiaries. With the expanded definition of IAC, this provision proposes to require IACs to carry out these procedures whenever offering cargo for air transportation on all- cargo aircraft, as well as a passenger aircraft under a full program. This proposed section further provides that, subject to TSA approval of the provisions of the IAC's security program. Additionally the proposed amendment would add a requirement that the IAC request the shipper's consent to search or inspect the cargo. TSA proposes to revise paragraph 1548.9(b) by adding all-cargo aircraft operations to the search and inspection requirements. Under current paragraph 1548.9(b), this duty extends only to cargo that is intended for shipment aboard a passenger aircraft. By removing the word ``passenger,'' this paragraph would extend to cargo for shipment aboard all-cargo aircraft operations as well. Proposed paragraph 1548.9(b) would delete the requirement, found in current paragraph 1548.9(b), that the IAC must search or inspect cargo. This amendment is primarily aimed at creating a parallel structure to the requirements found in parts 1544 and 1546. Section 1548.11--Training and Knowledge for Individuals with Security- Related Duties The ASAC working groups recommended, and TSA agrees, that certain employees of IACs, and of agents, contractors, and subcontractors performing services for IACs, should be subject to security-related training. These enhanced requirements for training covers individuals who perform security-related duties to ensure the appropriate security standards are met. TSA proposes to add new Sec. 1548.11(a), which specifies that an IAC must not use any individual to perform any security-related duties to meet the requirements of its security program unless the individual has received training as specified in its security program. This requirement would cover employees of the IAC as well as employees of any agent, contractor, or subcontractor performing security-related duties for the IAC. Under proposed Sec. 1548.11(b), additional training would be specified for individuals who accept, handle, transport, or deliver cargo for or on behalf of the IAC. This training must include, at a minimum, requirements contained in the applicable provisions of part 1548, applicable SDs and Information Circulars, the approved airport security program applicable to their location, and the aircraft operator's or IAC's security program to the extent that such individuals need to know in order to perform their duties. Proposed paragraph 1548.11(c) would require annual recurrent training of covered individuals in these elements of knowledge. Pursuant to proposed Sec. 1548.7(a), initial training of the identified individuals performing duties for the IAC must be completed before an IAC may begin operations under its approved security program. Section 1548.13--Security Coordinators The ASAC working groups recommended, and TSA agrees, that communication among regulated aircraft operators, airport operators, TSA, and IACs concerning security matters must be improved, and responsibility for compliance by IACs with TSA security requirements must be clarified. TSA proposes to require each IAC to designate and use an Indirect Air Carrier Security Coordinator (IACSC). The IAC would be required to appoint the IACSC at the corporate level, and IACSC would be directed to serve as the IAC's primary contact for security- related activities and communications with TSA, as set forth in the IACSSP. Either the IACSC or an alternate IACSC would be required to be available on a 24-hour basis. This proposed addition parallels existing security coordinator positions required of airport operators in Sec. 1542.3 and aircraft operators in Sec. 1544.215. Section 1548.15--Security Threat Assessments for Individuals Having Unescorted Access to Cargo The ASAC working groups recommended, and TSA agrees, that the identities of personnel who have unescorted access to cargo to be shipped by air should be verified, and that such personnel should be subject to an appropriate background check. TSA proposes to add new Sec. 1548.15, which would prohibit each IAC from authorizing any individual unescorted access to cargo until the IAC has verified the identity of that individual in a manner acceptable to TSA, and that individual has successfully completed a Security Threat Assessment pursuant to proposed subpart C of 1540. The rationale for this security measure parallels that described in the section-by-section analysis for Sec. 1544.228. Section 1548.17--Known Shipper Program TSA proposes to add new Sec. 1548.17 to codify the Known Shipper program in regulation. This addition is essentially the same as that for aircraft operators under proposed Sec. 1544.239. Section 1548.19--Security Directives and Information Circulars The ASAC working groups recommended, and TSA agrees, that communication between regulated IACs and TSA concerning security matters must be improved, and responsibility for compliance by IACs with TSA security requirements must be clarified. In the past, when threat conditions required that additional security measures be carried out immediately, TSA has issued EAs to IACs' security programs. This section would, in part, provide a procedure for TSA to impose such measures using SDs. TSA proposes to add new Sec. 1548.19, which would authorize TSA to issue SDs and Information Circulars to regulated IACs, and would mandate compliance by the IAC with each SD that it receives. Proposed Sec. 1548.19 would also require the IAC to acknowledge in writing receipt of the SD within the time prescribed in the SD, and to specify the method by which the measures in the SD have been implemented (or will be implemented, if the SD is not yet effective) within the time prescribed in the SD. In the event that the IAC is unable to implement the measures in an SD, proposed Sec. 1548.19 would authorize [[Page 65275]] the IAC to submit proposed alternative measures and the basis for the alternative measures to TSA for approval. The IAC would be required to submit the proposed alternative measures within the time prescribed in the SD and, if they are approved by TSA, the IAC would be required to implement them. Proposed Sec. 1548.19 also provides that each IAC that receives an SD may comment on the SD by submitting data, views, or arguments in writing to TSA, and that TSA may amend the SD based on comments received. Proposed Sec. 1548.19 also provides that submission of a comment would not delay the effective date of the SD. Proposed Sec. 1548.19 also provides that each IAC that receives a SD or Information Circular and each person who receives information from a SD or Information Circular would be required to restrict the availability of the SD or Information Circular, and information contained in either document, to those persons with a need-to-know. The IAC would be required to refuse to release the SD or Information Circular, and information contained in either document, to persons other than those with a need-to-know without the prior written consent of TSA. VI. Proposed Compliance Schedule Most of the provisions in this proposed rule would codify existing SD requirements. It appears to TSA that most of the new provisions in this proposed rule are achievable by the regulated parties within 90 days. However, TSA recognizes the need for further time to implement some provisions. TSA proposes that the proposed rule, if adopted, would become effective as follows: (1) The proposed rule would become effective 90 days after the date of publication of the final rule in the Federal Register and operators would generally be required to comply with the requirements (with the exception of the compliance date described in VI. (2)). (2) TSA proposes that certain measures in the proposed rule would require compliance by 180 days from the date of publication of the final rule in the Federal Register. TSA believes IACs will need as much as 180 days to introduce new training requirements under Sec. 1548.11 and to establish and operate under a TSA security program pursuant to Sec. 1548.7. Finally, TSA proposes to provide 180 days for aircraft operators, foreign air carriers, and IACs to comply with the security threat assessment for those individuals required to submit to the requirements pursuant to proposed Sec. Sec. 1544.228, 1546.213, and 1548.15. TSA requests additional information from the public on how many operators would be affected, what the impact would be on those individual operators, and the proposed compliance schedule. VII. Fee Authority for Security Threat Assessment The USA PATRIOT Act did not grant TSA authority to collect fees to cover the costs associated with completing background checks. However, on October 1, 2003, legislation was enacted requiring TSA to collect reasonable fees to cover the costs of providing credentialing and background investigations in the transportation field, including implementation of the USA PATRIOT Act requirements.\23\ Fees collected under this legislation (Section 520) must be used to pay for the costs of conducting or obtaining a criminal history records check (CHRC); reviewing available law enforcement databases, commercial databases, and records of other governmental and international agencies; reviewing and adjudicating requests for waivers and appeals of TSA decisions; and any other costs related to performing the background records check or providing the credential. --------------------------------------------------------------------------- \23\ Department of Homeland Security Appropriations Act, 2004, Section 520, Pub. L. 108-90, October 1, 2003, 117 Stat. 1137. --------------------------------------------------------------------------- Section 520 mandates that any fee collected shall be available for expenditure only to pay for the costs incurred in providing services in connection with performing the background check or providing the credential. The fee shall remain available until expended. TSA is establishing this fee in accordance with the criteria in 31 U.S.C. 9701 (General User Fee Statute), which requires fees to be fair and based on (1) costs to the government, (2) the value of the service or thing to the recipient, (3) public policy or interest served, and (4) other relevant facts. Summary of Security Threat Assessment Requirement TSA currently requires a variety of individuals working in aviation to submit to criminal history records checks to reduce the likelihood that a terrorist would gain employment that would give them access to the aircraft. Generally, these individuals work on airport grounds and have unescorted access to secure areas. In the cargo environment, many other persons have access to cargo before someone who has had such a check handles it. TSA recognizes that the number of individuals handling cargo is very large and that extending fingerprint-based records checks to these people would likely be a very time-consuming and costly process that would cause a major disruption to the domestic and international transportation of goods. TSA is proposing a focused Security Threat Assessment program to determine whether individuals seeking to handle cargo present a terrorist threat. This program will reduce the likelihood that a terrorist might gain access to a cargo aircraft. Flexibility will be achieved by ensuring that each of the following individuals with unescorted access to cargo be required to have either a Security Threat Assessment or unescorted SIDA access: (1) IAC personnel; (2) Aircraft Operator personnel operating under a full program or an all-cargo program; and (3) Foreign Air Carrier personnel under 49 CFR 1546.101(a), (b), or (e). TSA also proposes to conduct a Security Threat Assessment on each officer, director and person who holds 25 percent or more of total outstanding voting stock of an Indirect Air Carrier or entity applying to become an IAC. Security Threat Assessment Population Personnel with unescorted access to cargo that work for an IAC, an aircraft operator, or a foreign air carrier would be required to undergo a name-based Security Threat Assessment. Additionally each officer, director and person who holds 25 percent or more of total outstanding voting stock of an Indirect Air Carrier or entity applying to become an IAC would be required to undergo a name-based Security Threat Assessment. TSA approximates a de minimis number of persons who hold 25 percent or more total outstanding voting stock that are not also officers or directors of these IACs. Accordingly, TSA has not accounted for these individuals separately. However, those personnel with unescorted SIDA access have undergone a criminal history records check. TSA would accept the criminal history records check in lieu of the proposed Security Threat Assessment for these personnel. The Indirect Air Carrier Population TSA estimates that there are approximately 3,800 companies that are defined as IACs. TSA further estimates that there are approximately 7 employees per IAC. Therefore the total population is estimated to be 26,600. [[Page 65276]] Cargo Personnel Not Subject to Other TSA Security Threat Assessments TSA has estimates that there are approximately 65 aircraft operators and foreign air carriers operating all-cargo flights that have employees who are subject to the proposed Security Threat Assessment. As discussed in the economic evaluation, aircraft operators and foreign air carriers have some employees who are required to submit to the fingerprint-based SIDA check but some employees would only be required to submit to the Security Threat Assessment. Because most of the operator employees are covered in the SIDA background check requirements, TSA believes that only a limited number of employees would be required to submit to a Security Threat Assessment and not the security assessment for SIDA workers. There may be instances where all employees with access to the cargo will have the security assessment for SIDA workers. TSA estimates that there are approximately 25 employees for each aircraft operator and foreign air carrier operating all-cargo flights who would be required to submit to a Security Threat Assessment. Therefore the total population is estimated to be 1,625 (65x25). Total Initial Population Given the IAC population of 26,600 and the population of relevant aircraft operators and foreign air carriers operating all-cargo flights employees of 1,625, the total population subject to a Security Threat Assessment is 28,225 (26,600 + 1,625). This initial population would be required to submit to a Security Threat Assessment during the first year of the program. Recurring Population TSA estimates approximately 15% of the initial total population would be required to submit to a Security Threat Assessment each year after the initial assessment. This percentage represents new employees or employees with a new requirement for the Security Threat Assessment. Therefore the recurring population that would be required to submit to a Security Threat Assessments is estimated to be 4,234. Five Year Population Given the first year population of 28,225 and subsequent annual recurring population of 4,234, we estimate that the total population receiving a Security Threat Assessment over the first 5 years is 45,161 (28,225 + 4 x 4,234). Program Costs This section summarizes TSA's estimated costs for establishing the program, processes, and resources to establish and perform the Security Threat Assessment on the appropriate population. Leveraging Existing Resources Where possible, TSA would leverage existing processes, infrastructure and personnel that are envisioned to be in place for other Security Threat Assessment programs at the time this program on Security Threat Assessment begins operation. Existing infrastructure that would be leveraged include the HAZMAT Endorsement Program's \24\ Hazardous Materials Endorsement Screening Gateway System (HMESG); however, some modifications to these systems would be necessary to meet proposed requirements. These changes would include connectivity with additional government agencies, software enhancement and additional backup capabilities. In addition to the HMESG, this program would leverage existing real estate and Project Management Office personnel. The additional costs that would be incurred by the HAZMAT program have been identified in the recurring cost section below. --------------------------------------------------------------------------- \24\ The HAZMAT Endorsement Program is a program currently being developed by the TSA to provide background checks on drivers with a Hazardous Materials Endorsement on their Commercial Drivers License. Initially, all current endorsement holders will have a name-based check performed on them and, as an individual renews or applies for a HAZMAT endorsement, a fingerprint-based background check will be performed. --------------------------------------------------------------------------- Start-Up Costs We estimate that the total start-up costs would be $690,000. This includes $570,000 for hardware and software modifications for the existing HAZMAT HMESG and $120,000 for program management personnel. See Figure 1 below for additional details. Recurring Costs We estimate that the total annual recurring costs would be $928,354 for the first year and $214,102 for each subsequent year. These costs include an annual $50,000 expense TSA will incur for connectivity and $66,454 expense for use of the HAZMAT program infrastructure. The use of the HAZMAT program infrastructure would include use of program management, adjudication and fee processing personnel, use of real estate, and use of systems. The first recurring year would have significantly higher costs associated with those costs that are completely variable (i.e., a function of the number of Security Threat Assessments performed). The combined first year cost for third party terrorist threat \25\ checks and third party clearinghouse fees will be $783,675 and the costs for the four following years would be $93,414 annually. --------------------------------------------------------------------------- \25\ The third party assessments include (i) those performed by the Office of National Risk Assessment (ONRA) and (ii) FBI named- based checks through Automated Case Systems (ACS).- Figure 1.--Costs Estimates ---------------------------------------------------------------------------------------------------------------- Category and subcategory Description Start-Up Year 1 Recurring ---------------------------------------------------------------------------------------------------------------- Hardware/Software: HAZMAT HMESG Modification........... The Hazardous Materials $570,000 ........... ........... Endorsement Screening Gateway System. HAZMAT HMESG Connectivity........... ............................... ........... $50,000 $50,000 -------------- Hardware/Software Total........... ............................... 570,000 50,000 50,000 ============== Federal Personnel: Personnel to staff Additional federal employees 120,000 ........... ........... program office. will be required to staff the program office during the start-up phase. In the start- up phase, one FTE at $120,000 annually will be necessary for program implementation and development. -------------- Total Federal Personnel........... ............................... 120,000 ........... ........... ============== [[Page 65277]] Third Party Clearinghouse Fee: Third The third party clearinghouse ........... 84,675 12,702 Party Clearinghouse Fee. will collect and process the applicant's biographical information, collect the applicant fee and forward the information and fee to TSA. -------------- Total Third Party Clearinghouse ............................... ........... 84,675 12,702 Fee. ============== Terrorist Threat Assessment: Automated Case System Fee (FBI name A terrorist threat analysis is ........... 564,500 67,260 based checks-Automated Case the process of querying Systems). applicant names in terrorist threat and criminal databases. This cost is derived by multiplying the total population by the cost per applicant of several database checks. $20 per applicant. Office of National Risk Assessment A terrorist threat analysis is ........... 134,500 13,452 Fee. the process of querying applicant names in terrorist threat and criminal databases. The cost is derived by multiplying the total population by the cost per applicant of several database checks: $4 per applicant. -------------- Total-Terrorist Threat Assessment. ............................... ........... 699,000 80,712 Additional costs to existing programs: Leveraging the planned ........... 66,454 66,454 Additional costs incurred by HAZMAT infrastructure to the HAZMAT program. program will increase the total recurring costs by 1% per year. The cost here is 1% of the average relevant annual costs. Includes Federal and Contractor personnel, Office Facilities, and Systems. Total additional costs to existing ............................... ........... 66,454 66,454 programs. ============== Total Costs....................... ............................... 690,000 928,354 214,102 ---------------------------------------------------------------------------------------------------------------- Total Costs Based on its population and cost estimate assumptions, TSA estimates that start-up phase costs would be approximately $690,000 and recurring phase costs would be approximately $928,354 annual for the first recurring year and $214,102 for each subsequent year. Therefore the total cost of the program for the first 5 years would be $2,474,762. Cost Adjustments Pursuant to the Chief Financial Officers Act of 1990, DHS/TSA will review this fee at least every two years.\26\ Upon review, if it is found that the fee is either too high or too low, a new fee will be proposed. --------------------------------------------------------------------------- \26\ 31 U.S.C. 902. --------------------------------------------------------------------------- Fee Calculation TSA is proposing to charge a fee to cover the recurring costs of the program. Start-up costs will be provided by TSA. Recurring Phase Costs TSA estimates that the total annual recurring phase costs for the first 5 years would be $1,784,762. These total costs consist of the sum of the first year costs plus the four recurring years at $214,102 per year. The expected applicants divide these costs over the first 5 years. Therefore the fee associated will be $39 ($1,784,762/45,161) per applicant, rounded to the nearest dollar from $39.52. The fees are based on summing the annual costs and population over 5 years. This calculation is done in order to account for any variability that may arise from the imprecise nature of the population and cost estimates. Fee Remittance Process TSA would employ a third party to establish the infrastructure for collecting data and fees, cleansing data, and forwarding the funds and information to TSA. This process would function in a similar manner to other TSA background check programs and may include the services of Pay.gov. The third party processing costs are accounted for in the ``Third Part Clearinghouse Fee'' category in Figure 1-Cost Estimates. VIII. Regulatory Evaluation Summary Proposed changes to Federal regulations must undergo several economic analyses. First, Executive Order 12866 directs each Federal agency to propose or adopt a regulation only if the agency makes a reasoned determination that the benefits of the intended regulation justify its costs. Second, the Regulatory Flexibility Act of 1980 requires agencies to analyze the economic impact of regulatory changes on small entities. Third, the Trade Agreements Act (19 U.S.C. 2531- 2533) prohibits agencies from setting standards that create unnecessary obstacles to the foreign commerce of the United States. In developing U.S. standards, this Trade Act requires agencies to consider international standards and where appropriate, as the basis of U.S. standards. Fourth, the Unfunded Mandates Reform Act of 1995 (Public Law 104-4) requires agencies to prepare a written assessment of the costs, benefits and other effects of proposed or final rules that include a Federal mandate likely to result in the expenditure by State, local or tribal governments, in the aggregate, or by the private sector, of $100 million or more annually (adjusted for inflation). In conducting these analyses, TSA has determined this proposed rule: (1) Has benefits which are likely to justify its costs, is not a ``significant regulatory action'' as defined in the Executive Order, but is significant due to public interest, rather than economically; (2) Will not have a significant impact on a substantial number of small entities; [[Page 65278]] (3) Imposes no significant barriers to international trade; and (4) Does not impose an unfunded mandate on State, local, or tribal governments, or on the private sector. These analyses, available in the docket, are summarized below. Economic Impacts This summary highlights the costs and benefits of the proposed rule to amend the transportation security regulations to further enhance and improve the security of air cargo transportation. TSA has determined that this is not a major rule within the definition of Executive Order 12866, as annual costs or benefits to all parties do not pass the $100 million threshold in any year. Likewise there are no significant economic impacts for each of the required analyses of small business impact, international trade, or unfunded mandates. A separate detailed regulatory evaluation is available in the docket and TSA invites comments on all aspects of the economic analysis. TSA proposes to create a mandatory security program for all-cargo aircraft operations over 45,500 kg (100,309.3 lbs) and to amend existing security regulations and programs for aircraft operators, foreign air carriers, airport operators, and IACs. IAC would be redefined to include those transporting goods via all-cargo aircraft. Mandatory security programs for all-cargo operations would replace the voluntary DSIP and extensively build on the requirements of the Twelve- Five Standard Security Program. TSA also proposes to expand the use of background checks and threat assessments to new populations, including IAC employees and individuals who have unescorted access to cargo, where such operations are either outside of the currently defined airport SIDA. Costs The following sections summarize the estimated costs of this NPRM by general category of who pays. A summary table is provided for an overview of the cost items, the regulation section creating the requirement, and a brief description of cost elements. Both in this summary and the economic evaluation, descriptive language is used to address the consequences of the regulation. Although the regulatory evaluation attempts to mirror the terms and wording of the regulation, no attempt is made to replicate precisely the regulatory language and readers are cautioned that the actual regulatory text, not the text of the regulatory evaluation, is binding. Aircraft Operators will incur additional costs to comply with requirements of this NPRM. Over the 10-year period of 2004-2013, all- cargo aircraft operators are estimated to incur costs totaling approximately $600,000 to comply with new requirements to require background checks for individuals who screen cargo for all-cargo airplanes and their supervisors, as well as for employees with unescorted access to the cargo. The NPRM proposes to require all-cargo aircraft operators to screen all persons entering the aircraft. This requirement is estimated to impose additional costs of approximately $33.7 million over the ten-year period of this analysis. All-cargo aircraft operators also will be required to take additional measures to secure the aircraft and facilities at an estimated cost of $33.6 million. Although every all-cargo operator will now have to designate a security coordinator, many already have the requirement. The estimated cost for these duties is $200,000. All-cargo aircraft operators who conduct operations with airplanes having a maximum certificated take- off weight greater than 45,500kg (100,309.3 lbs) would be required to provide additional law enforcement capability to comply with proposed requirements to extend or create new secure areas to encompass air cargo operations. TSA estimates this ten-year cost to be $27 million. Finally, proposals to require random screening of cargo on passenger aircraft and on all-cargo flights are estimated to impose additional ten-year costs of $493 million, and $167 million, respectively. Airport Operators of airports that currently have one or more SIDAs will be required to extend or create a new SIDA to encompass air cargo operations. This proposed change would apply only to aircraft operations conducted with airplanes having a maximum certificated take- off weight greater than 45,500kg (100,309.3 lbs) operating a full or all-cargo program. TSA estimates the cost of this requirement to be $900,000 over the ten-year period of this analysis. This cost reflects the cost of additional employee badges, and the administrative costs of updating the airports' security plans. Indirect Air Carriers will be impacted in several ways if the proposals in this NPRM become effective. IACs will be required to complete Security Threat Assessments for individuals having unescorted access to cargo. This requirement is estimated to impose costs totaling $3.4 million over ten years. IACs also will be required to implement training and develop a testing tool for individuals who perform security related duties to meet the requirements of their security programs. These costs are estimated at $15.1 million over the ten-year period 2004-2013. These costs include the cost of initial training and annual recurrent training for the IAC labor force. This NPRM establishes new requirements for IACs to obtain approval, to amend, and for annual recertification of their security programs. The costs estimated to comply with these requirements are $36 million over the period of this analysis. Foreign Air Carriers' costs inside the United States are considered domestic costs for the purpose of this analysis, and therefore were not estimated separately from domestic carrier costs; a separate discussion for these costs is not included. This method of cost consideration reflects the way DOT reports on foreign aircraft operations in the U.S. and the way it reports the cost impact of such aircraft operations on the U.S. economy. TSA will incur costs as a result of the proposed rule. To develop the training that IACs will be required to implement and ensure that IAC employees have completed will cost the agency approximately $450,000. TSA also will incur costs to administer the Known Shipper program of approximately $24.5 million. The cost to TSA for the vetting of IACs is estimated at $2.6 million. TSA will also be modifying a system under development for another rule to accommodate the Security Threat Assessments in this proposed rule. The costs of utilizing this system are included in a fee proposal and therefore are captured in the unit costs used to develop the costs for the aircraft operators and IACs. In summary, the cost impacts of this NPRM are estimated to total approximately $837 million, undiscounted, over the period 2004-2013. Aircraft operators will incur costs totaling $758 million; airport operators $900,000; IACs $51 million; and TSA anticipates cost expenditures to administer the provisions of the NPRM at $28 million over the ten year analysis period. Details on how estimates were developed, as well as the discounted value comparisons, are included in the full regulatory evaluation. The following table summarizes the estimated costs. BILLING CODE 4910-62-P [[Page 65279]] [GRAPHIC] [TIFF OMITTED] TP10NO04.000 BILLING CODE 4910-62-C Benefits The primary benefit of the proposed rule would be increased protection to persons and property in the U.S. from acts of terrorism; however, some aspects of this proposed rule would provide [[Page 65280]] cost savings for the industry as well. This NPRM is intended to enhance and improve the security of air cargo transportation. The proposed rule is designed to prevent unauthorized persons, explosives, incendiaries, and other substances or items from being introduced into the air cargo supply chain. Persons on the ground, in buildings, and elsewhere in our society would also be afforded enhanced protection against acts of terrorism involving the use of an all-cargo aircraft. The warning late in 2003 from U.S. Intelligence sources was swift and simple: terrorists are considering using cargo aircraft--freighters that carry mostly boxes instead of people. Homeland Security officials recently declared the existence of intelligence that indicated al-Qaeda may be plotting an attack using cargo planes. One security conscious carrier has petitioned the U.S. government to allow checks on people with access to cargo planes.\27\ --------------------------------------------------------------------------- \27\ Paraphrase from Business-Times article of Dec. 9, 2003. The same elements were reported in numerous news services at approximately the same time. --------------------------------------------------------------------------- Strengthening air cargo security and expanding security measures to all-cargo aircraft operations would provide important countermeasures against possible terrorist activities aimed at ultimately destroying commercial passenger aircraft and all-cargo aircraft in flight. Provisions of the NPRM also reduce the opportunity for terrorists to use aircraft involved in the transport of cargo to achieve their goals. Although it is difficult to impossible to project statistically the likelihood of incidents of terrorist acts involving aircraft, the following table reports the costs of several significant events that give examples of the potential impact of terrorism to civil aviation: Examples of Incidents -------------------------------------------------------------------------------------------------------------------------------------------------------- Loss of life/bodily Year Event Type of attack Property loss injury Total cost -------------------------------------------------------------------------------------------------------------------------------------------------------- 1986.............................. Pan Am 073............ Aircraft hijacking.... $0.55M............... $66M death $72.5M $139.05M injury. 1987.............................. Korean Airlines 858... Mid-air explosion..... ..................... $345M................. ..................... 1988.............................. Pan Am 103............ Mid-air explosion..... $184M................ $810M................. $994M 2001.............................. New York World Trade Aircraft used as a ..................... ...................... $16B \28\ Center. weapon. -------------------------------------------------------------------------------------------------------------------------------------------------------- \28\ The General Accounting Office (Review of Studies of the Economic Impact of the September 11, 2001, Terrorist Attacks on the World Trade Center, GAO- 02-700R, May 29, 2002) reviewed 8 separate studies that estimated the impact of the 9/11 destruction of the World Trade Center. Their conclusion was that the best estimate of un-reimbursed cost was $16 billion. Following significant security incidents, such as those reported in the table titled ``Examples of Incidents,'' security agencies have strengthened measures designed to prevent recurrences. For this reason, the full benefits of avoiding losses such as those presented in the table are not claimed in this NPRM. However, terrorist events continue to be threatened. Moreover, it appears that the use of a large commercial aircraft as a weapon, unprecedented prior to September 11, 2001, has the potential to raise the cost of a terrorist event by an order of magnitude. (The table titled ``Example of Incidents'' does not reflect the additional costs of investigations, government action, and loss of business due to decreased passenger levels. Consideration of these costs would increase the cost of a successful terrorist event beyond the numbers presented in the table titled ``Example of Incidents.'' Against this scale, it is clear that avoiding just one incident of the magnitude that has been characteristic of the types of terrorist acts this proposed rule is intended to protect against more than justifies the costs imposed by this NPRM.) Initial Regulatory Flexibility Analysis The Regulatory Flexibility Act of 1980 (RFA) establishes ``as a principle of regulatory issuance that agencies shall endeavor, consistent with the objective of the rule and of applicable statutes, to fit regulatory and informational requirements to the scale of the business, organizations, and governmental jurisdictions subject to regulation.'' To achieve that principle, the RFA requires agencies to solicit and consider flexible regulatory proposals and to explain the rationale for their actions. The Act covers a wide range of small entities, including small businesses, not-for-profit organizations, and small governmental jurisdictions. Agencies must perform a review to determine whether a proposed or final rule will have a significant economic impact on a substantial number of small entities. If the determination is that it will, the agency must prepare a regulatory flexibility analysis as described in the Act. However, if an agency determines that a proposed or final rule is not expected to have a significant economic impact on a substantial number of small entities, section 605(b) of the 1980 RFA provides that the head of the agency may so certify and a regulatory flexibility analysis is not required. The certification must include a statement providing the factual basis for this determination, and the reasoning should be clear. As part of implementing the security plan, TSA expects security to be integrated into actions the same way safety has become integral to how things are done rather than adding layers or extra program costs. For this reason, in years beyond the initial year, costs are limited to an annual report, insuring their own plan is followed, and vetting any new employees. TSA has conducted an initial regulatory flexibility analysis. There are a substantial number of IACs and all-cargo carriers that are impacted, but TSA's initial finding is that the impacts are not substantial. TSA has made several conservative assumptions in this analysis, which may have resulted in an overestimate of the costs of the proposed rule. For example, even though TSA believes most airports and all-cargo carriers have many elements of this rule already in place as good business practice or out of their own concerns for security, costing was done as if the entire group would be implementing these as new requirements. Based on information gathered through other efforts with the airports, TSA believes the airports have reached out to the aviation community and already successfully completed fingerprint-based criminal history records checks, and provided access badges and the associated access training. As a conservative measure, TSA has assumed that there are additional expenses to provide IDs for a limited group of employees at 100 locations. Also, there is a distinct possibility that very few additional law enforcement officers would be required, [[Page 65281]] but TSA allowed for the full-time equivalent coverage for two shifts for 20 of the carrier locations. This equated to an average of 0.6 per carrier and $27 million over the 10 years. IACS IACs are a subset of freight forwarders. The larger category of freight forwarders includes all modes of transportation.\29\ Without better information, the characteristics of the total industry are assumed to apply to the IACs. The threshold for small business for this industry is $6 million and the distributions are as follows: --------------------------------------------------------------------------- \29\ For a technical explanation of how the detailed data was segmented see the separate Regulatory Evaluation. Freight Forwarding [Number of firms in Duns for SIC 4731 02 by employees (not all records have employee data)] ---------------------------------------------------------------------------------------------------------------- w Employees Primary SIC +Secondary SIC FTE and sales Category % Cmltv % data ---------------------------------------------------------------------------------------------------------------- 1-4............................. 4154 4404 4311 55.2 55.23 5-9............................. 1493 1602 1584 20.3 75.52 10-19........................... 826 907 898 11.5 87.02 20-49........................... 519 597 591 7.6 94.59 50+............................. 336 427 422 5.4 100.00 ----------------- Total..................... 7328 7937 7806 100.0 .............. ---------------------------------------------------------------------------------------------------------------- [Number of firms in Duns for SIC 4731 02 by sales] ---------------------------------------------------------------------------------------------------------------- Sales Primary +Secondary Category % Cmltv % ---------------------------------------------------------------------------------------------------------------- < $20k........................................... 5 5 0.0 0.0 $20-$50k........................................ 41 62 0.6 0.6 $50,001-$100k................................... 109 167 1.6 2.2 $100,001-$249,999............................... 749 880 8.3 10.5 $250k-$499,999.................................. 1763 1877 17.7 28.3 $500k-$999,999.................................. 3230 3360 31.8 60.0 $1m-$6m......................................... 3264 3503 33.1 93.1 >$6 million..................................... 627 725 6.9 100.0 ----------------- Total..................................... 9788 10579 100.0 .............. ---------------------------------------------------------------------------------------------------------------- Using the data above and the 3,800 population values in the analysis, all but 6.9% (or 3540) would be small entities for this analysis. To evaluate the impact, the data was segmented and the smallest of the small were examined to see if there was a significant impact. If the smallest group can be shown not to have significant impact, and because the relationship remains somewhat proportional as firm size increases, it is a reasonable conclusion that the overall impact is also insignificant. Once again, specific D&B firm data for the smallest 10.5% with revenues less than $250,000 was examined. This group provided 1110 useable records. To estimate the impact, the individual cost items from the report above per employee are multiplied times the number of employees and then the cost per firm is added. The results are summed over the entire population which results in an impact of $72,700 on $170,278,465 of revenue or at a rate of .04% in the first or most expensive year. This rate of impact is not significant. See the following table for a summary of the calculation. ---------------------------------------------------------------------------------------------------------------- Per employee Item Rate Firm costs costs ---------------------------------------------------------------------------------------------------------------- Annual Reporting........................... 75/report/firm..................... 75 .............. STA........................................ 55/Employee........................ .............. 55 -------------------------------------- Total................................ ................................... 937.5 155 ---------------------------------------------------------------------------------------------------------------- All-Cargo Operations For All-Cargo Operations, DOT form 41 data from BTS TRASTATS was analyzed. The following distribution was found. Freight [Aircraft size percentage] ------------------------------------------------------------------------ Firm size >=100 <100 Total ------------------------------------------------------------------------ Large........................................... 77.7 0.8 78.5 Small........................................... 21.1 0.3 21.5 --------- All Firms..................................... 98.8 1.2 100.0 ------------------------------------------------------------------------ [[Page 65282]] Departures [Aircraft size percentage] ------------------------------------------------------------------------ Firm size >=100 <100 Total ------------------------------------------------------------------------ Large........................................... 47.2 15.9 63.1 Small........................................... 22.9 14.0 36.9 --------- All Firms..................................... 70.0 30.0 100.0 ------------------------------------------------------------------------ Passenger Flight Reporting Freight [Aircraft size percentage] ------------------------------------------------------------------------ Grand Firm size Large Small total ------------------------------------------------------------------------ Large........................................... 88.3 8.5 96.7 Small........................................... 1.5 1.8 3.3 --------- 89.8 10.2 100.0 ------------------------------------------------------------------------ Although it reflects revenue data for the large carriers (>$6 million) and many midsize carriers, too many small carriers are missing revenue data to make a cost comparison. TSA invites public comment on existing cost and revenue relationship as firms are experiencing under the existing security directives. X. International Trade Impact Assessment The Trade Agreement Act of 1979 prohibits Federal agencies from establishing any standards or engaging in related activities that create unnecessary obstacles to the foreign commerce of the United States. Legitimate domestic objectives, such as safety, are not considered unnecessary obstacles. The statute also requires consideration of international standards and, where appropriate, that they be the basis for U.S. standards. TSA has assessed the potential effect of this proposed rule and has determined that it imposes the same costs on domestic and international entities and thus has a neutral trade impact. XI. Unfunded Mandates Reform Act Analysis The Unfunded Mandates Reform Act of 1995 (the Act) is intended, among other things, to curb the practice of imposing unfunded Federal mandates on State, local, and tribal governments. Title II of the Act requires each Federal agency to prepare a written statement assessing the effects of any Federal mandate in a proposed or final agency rule that may result in an expenditure of $100 million or more (adjusted annually for inflation) in any one year by State, local, and tribal governments, in the aggregate, or by the private sector, such a mandate is deemed to be a ''significant regulatory action.'' This proposed rule does not contain such a mandate. The requirements of Title II do not apply. XII. Paperwork Reduction Act Under the Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501, et seq.), a Federal agency must obtain approval from the Office of Management and Budget (OMB) for each collection of information it conducts, sponsors, or requires through regulations. This proposal contains information collection activities subject to the PRA. Accordingly, the following information requirements are being submitted to OMB for its review. Title: Air Cargo Security Requirements. Summary: TSA proposes to amend current transportation security regulations to further enhance and improve the security of air cargo transportation. Specifically, TSA proposes to create a mandatory security program for all-cargo aircraft operations over 45,500 kg (100,309.3 lbs) and to amend existing security regulations and programs for aircraft operators, foreign air carriers, airport operators, and IACs. TSA is also proposing to expand security threat assessment requirements to new populations, including certain individuals who have unescorted access to air cargo and each officer, director and person who holds 25 percent or more of total outstanding voting stock of an Indirect Air Carrier or entity applying to become an IAC. Use of: Security programs that are developed or amended as a result of this proposal will be kept on file and updated so that TSA inspectors may check for regulatory compliance and uniform application of the rules. Evidence of appropriate employee training in security matters will also become a part of this record. Security threat assessments conducted as a result of this proposal will be used to determine employment suitability for those who have unescorted access to cargo and each officer, director and person who holds 25 percent or more of total outstanding voting stock of an Indirect Air Carrier or entity applying to become an IAC. Respondents (including number of): The likely respondents to this proposed information requirement are aircraft operators, foreign air carriers, IACs, and their employees who undergo security threat assessments for a total of approximately 37,090 respondents the first year and approximately 8,800 respondents each following year, for an average of 18,230 respondents for each of the next 3 years. The annual respondents include both new entrants and renewals. The number consists of 65 all-cargo operators, 3800 IACs, and their affected employees. TSA invites comments regarding these estimates. Frequency: Upon implementation, security programs related to this proposal, including employee training records, will need to be kept on file and updated as necessary. Security threat assessments will be conducted for all existing and subsequent new employees who have unescorted access to cargo where such employees do not already have unescorted SIDA access. Annual Burden Estimate: The annual burden associated with the security program is estimated to be 30,920 hours, while the annual burden associated with the security threat assessments is estimated to average 3,559 hours over the next 3 years, for a combined average annual total of 34,479 hours. The agency is inviting comments to-- (1) Evaluate whether the proposed information requirement is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; (2) Evaluate the accuracy of the agency's estimate of the burden; (3) Enhance the quality, utility, and clarity of the information to be collected; and (4) Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology. Individuals and organizations may submit comments on the information collection requirement by January 10, 2005, and should direct them via fax to the Office of Information and Regulatory Affairs, Office of Management and Budget, Attention: DHS-TSA Desk Officer, at (202) 395-5806. Comments to OMB are most useful if received within 30 days of publication. As protection provided by the Paperwork Reduction Act, as amended, an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. The OMB control number for this information collection will be published in the Federal Register after OMB approves it. XIII. International Compatibility In keeping with U.S. obligations under the Convention on International Civil Aviation, it is TSA policy to comply with International Civil Aviation Organization (ICAO) Standards [[Page 65283]] and Recommended Practices to the maximum extent practicable. TSA has determined that these proposed regulations are consistent with ICAO Standards and Recommended Practices. XIV. Executive Order 13132, Federalism TSA has analyzed this proposed rule under the principles and criteria of Executive Order 13132, Federalism. We determined that this action would not have a substantial direct effect on the States, on the relationship between the national Government and the States, or on the distribution of power and responsibilities among the various levels of government, and therefore would not have federalism implications. XV. Environmental Analysis TSA has reviewed this action for purposes of the National Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has determined that this action will not have a significant effect on the human environment. In accordance with FAA Order 1050.1D, appendix 4, paragraph 4(j), this rulemaking action qualifies for a categorical exclusion. The FAA order continues to apply to TSA in accordance with the Homeland Security Act (Pub. L. 107-296), until DHS publishes its NEPA implementing regulations. Energy Impact The energy impact of this document has been assessed in accordance with the Energy Policy and Conservation Act (EPCA) Public Law 94-163, as amended (42 U.S.C. 6362). We have determined that this rulemaking is not a major regulatory action under the provisions of the EPCA. List of Subjects 49 CFR Part 1540 Air carriers, Aircraft, Airports, Civil Aviation Security, Law enforcement officers, Reporting and recordkeeping requirements, Security measures. 49 CFR Part 1542 Air carriers, Aircraft, Airport Security, Aviation safety, Security measures. 49 CFR Part 1544 Air carriers, Aircraft, Aviation safety, Freight forwarders, Incorporation by reference, Reporting and recordkeeping requirements, Security measures. 49 CFR Part 1546 Aircraft, Aviation safety, Foreign Air Carriers, Incorporation by reference, Reporting and recordkeeping requirements, Security measures. 49 CFR Part 1548 Air transportation, Reporting and recordkeeping requirements, Security measures. IX. The Proposed Amendment For the reasons set forth above, the Transportation Security Administration proposes to amend Title 49 of the Code of Federal Regulations parts 1540, 1542, 1544, 1546, and 1548 as follows: PART 1540--CIVIL AVIATION SECURITY: GENERAL RULES 1. The authority citation for part 1540 continues to read as follows: Authority: 49 U.S.C. 114, 5103, 40113, 44901-44907, 44913-44914, 44916-44918, 44935-44936, 44942, 46105. 2. Amend Sec. 1540.5 by revising the definition of ``indirect air carrier'' to read as follows: Sec. 1540.5 Terms used in this subchapter. * * * * * Indirect air carrier means any person or entity within the United States not in possession of an FAA air carrier operating certificate, that undertakes to engage indirectly in air transportation of property, and uses for all or any part of such transportation the services of an air carrier. This does not include the United States Postal Service (USPS) or its representative while acting on the behalf of the USPS. * * * * * 3. Add Subpart C--Security Threat Assessments to read as follows: Subpart C--Security Threat Assessments Sec. 1540.201 Applicability and definitions. 1540.203 Operator responsibilities. 1540.205 Notification. 1540.207 Appeal procedures. 1540.209 Security threat assessment fee. Sec. 1540.201 Applicability and definitions. (a) This subpart applies to: (1) Each aircraft operator operating under a full program described in 49 CFR 1544.101(a); (2) Each foreign air carrier operating under a program described in 49 CFR 1546.101; (3) Each indirect air carrier subject to 49 CFR part 1548; and (4) Each individual with unescorted access to cargo under one of these programs. (b) For purposes of this subpart, aircraft operator, foreign air carrier, and indirect air carrier listed in paragraphs (a)(1) through (a)(3) of this section are referred to as ``operator,'' and the individuals listed in paragraph (a)(4) of this section are referred to as ``individual.'' (c) An individual poses a security threat under this subpart when TSA determines that he or she is a threat: (1) To national security; (2) To transportation security; or (3) Of terrorism. (d) For purposes of this subpart (1) Date of service means-- (i) The date of personal delivery in the case of personal service; (ii) The mailing date shown on the certificate of service; (iii) The date shown on the postmark if there is no certificate of service; (iv) Another mailing date shown by other evidence if there is no certificate of service or postmark; or (v) The date in an e-mail showing when it was sent. (2) Day means calendar day. Sec. 1540.203 Operator responsibilities. (a) Each operator subject to this subpart must ensure that an individual with unescorted access to cargo must complete the Security Threat Assessment described in this section. (b) Each operator must: (1) Authenticate the identity of the individual by-- (i) Reviewing two forms of identification, one of which must be a government-issued photo ID; or (ii) Other means approved by TSA. (2) Submit to TSA a Security Threat Assessment application for each individual that is signed by the individual and that includes: (i) Legal name, including first, middle, and last; any applicable suffix; and any other names used. (ii) Current mailing address, including residential address if different than current mailing address, and all other residential addresses for the previous seven years and email, if applicable. (iii) Date and place of birth. (iv) Social security number, if applicable. (v) Citizenship status and date of naturalization if the individual is a naturalized citizen of the United States. (vi) Alien registration number, if applicable. (vii) The following statement reading: Privacy Act Notice: Authority: The authority for collecting this information is 49 U.S.C. 114, 40113, and 49 U.S.C. 5103a. Purpose: This information is needed to verify your identity and to conduct a Security Threat Assessment to evaluate your suitability for completing the functions required by this position. Your Social Security Number (SSN) or alien registration number will be used as your identification number in this process and to verify your identity. Furnishing this information, including your SSN or alien registration [[Page 65284]] number, is voluntary; however, failure to provide it will prevent the completion of your Security Threat Assessment, without which you may not be granted authorization to have unescorted access to cargo. Routine Uses: Routine uses of this information include disclosure to TSA contractors or other agents who are providing services relating to the Security Threat Assessments; to appropriate governmental agencies for law enforcement or security purposes, or in the interests of national security; and to foreign and international governmental authorities in accordance with law and international agreement. The information I have provided on this application is true, complete, and correct to the best of my knowledge and belief and is provided in good faith. I understand that a knowing and willful false statement, or an omission of a material fact, on this application can be punished by fine or imprisonment or both (see section 1001 of Title 18 United States Code), and may be grounds for denial of authorization or in the case of parties regulated under this section, removal of authorization to operate under this chapter, if applicable. (3) Retain the individual's signed Security Threat Assessment application and any communications with TSA regarding the individual's application, for 180 days following the end of the individual's service to the operator. (c) Records under this section may include electronic documents with electronic signature or other means of personal authentication, where accepted by TSA. Sec. 1540.205 Notification. (a) TSA review. In completing the Security Threat Assessment, TSA reviews-- (1) The information required in Sec. 1540.203(b) and transmitted to TSA; and (2) Domestic and international databases relevant to determining whether an individual poses a known or suspected security threat or that confirm an individual's identity. (b) Security Authorization for Unescorted Cargo Access. TSA serves a Security Authorization on the individual and the operator if TSA determines that an individual does not pose a known or suspected security threat. (c) Initial Denial of Authorization for Unescorted Cargo Access. TSA serves an Initial Denial of Authorization on the individual and the operator if TSA determines that the individual poses a known or suspected security threat. The Initial Denial of Authorization for Unescorted Cargo Access includes-- (1) A statement that TSA has determined that the individual poses a security threat; (2) The basis for the determination; (3) Information about how the individual may appeal the determination; and (4) A statement that if the individual chooses not to appeal TSA's determination within 30 days of receipt of the Initial Denial of Authorization, or does not request an extension of time within 30 days of the Initial Denial of Authorization in order to file an appeal, the Initial Denial of Authorization becomes a Final Denial of Authorization for Unescorted Cargo Access. (d) Final Denial of Authorization for Unescorted Cargo Access. If TSA determines that an individual poses a known or suspected security threat, TSA serves a Final Denial of Authorization for Unescorted Cargo Access on the operator and the individual who appealed the Initial Denial of Authorization. (e) Withdrawal by TSA. TSA serves a Withdrawal of the Initial Denial of Authorization for Unescorted Cargo Access on the individual and a Security Authorization for Unescorted Cargo Access on the operator, if the appeal results in a determination that the individual does not pose a threat to security. (f) Final Disposition. Within 30 days of receipt of a Security Authorization for Unescorted Cargo Access or a Final Denial of Authorization for Unescorted Cargo Access, the operator must: (1) Update the individual's permanent record to reflect the results of the Security Threat Assessment; (2) Grant or deny the individual's unescorted access to cargo based on the results of the threat assessment. Sec. 1540.207 Appeal procedures. (a) Scope. This section applies to individuals who wish to appeal an Initial Denial of Authorization for Unescorted Cargo Access that is based on TSA's Security Threat Assessment. (b) Grounds for Appeal. An individual may appeal an Initial Denial of Authorization for Unescorted Cargo Access if the individual is asserting that he or she does not pose a known or suspected security threat. (c) Appeal. An individual initiates an appeal by submitting a written reply or written request for materials from TSA. If the individual fails to initiate an appeal within 30 days of receipt, the Initial Denial of Authorization for Unescorted Cargo Access becomes final, and TSA serves a Final Denial of Authorization for Unescorted Cargo Access on the operator and the individual. (1) Request for materials. Within 30 days of the date of service of the Initial Denial of Authorization for Unescorted Cargo Access, the individual may serve upon TSA a written request for copies of the materials upon which the Initial Denial of Authorization was based. (2) TSA response. Within 30 days of receiving the individual's request for materials, TSA serves copies upon the individual of the releasable materials upon which the Initial Denial of Authorization was based. TSA will not include any classified information or other protected information described in paragraph (f) of this section. (3) Correction of records. If the Initial Denial of Authorization for Unescorted Cargo Access was based on a record that the individual believes is erroneous, he or she may correct the record, as follows: (i) The individual may contact the jurisdiction or entity responsible for the information and attempt to correct or complete information contained in his or her record. (ii) The individual must then provide TSA with the revised record, or a certified true copy of the information from the appropriate entity, before TSA may determine that the individual meets the standards for the Security Threat Assessment. (4) Reply. (i) The individual may serve upon TSA a written reply to the Initial Denial of Authorization for Unescorted Cargo Access within 30 days of service of the Initial Denial of Authorization, or 30 days after the date of service of TSA's response to the individual's request for materials under paragraph (c)(1) of this section, if the individual served such a request. (ii) In an individual's reply, TSA will consider only material that is relevant to verifying identification or determining that the individual does not pose a known or suspected security threat. (5) Final determination. Within 30 days after TSA receives the individual's reply, TSA serves a Final Denial of Authorization for Unescorted Cargo Access or a Withdrawal of the Initial Denial of Authorization. (d) Final Denial of Authorization for Unescorted Cargo Access. (1) If TSA determines that the individual poses a security threat, TSA serves a Final Denial of Authorization for Unescorted Cargo Access upon the individual and the operator. The Final Denial of Authorization includes-- (2) A statement that TSA has reviewed the Initial Denial of Authorization, the individual's reply, if any, and any other materials or information available to him or her and has determined that the individual poses a known or suspected security threat. [[Page 65285]] (e) Withdrawal of Initial Denial of Authorization. If TSA concludes that the individual does not pose a security threat, TSA serves a Withdrawal of the Initial Denial of Authorization on the individual and the operator. (f) Nondisclosure of certain information. In connection with the procedures under this section, TSA does not disclose classified information to the individual, as defined in Executive Order 12968 section 1.1(d), and reserves the right not to disclose any other information or material not warranting disclosure or protected from disclosure under law. (g) Extension of time. TSA may grant an individual an extension of time of the limits set forth in this section for good cause shown. An individual's request for an extension of time must be in writing and be received by TSA at least 2 days before the due date to be extended. TSA may grant itself an extension of time for good cause. (h) Judicial review. For purposes of judicial review, the Final Denial of Authorization for Unescorted Cargo Access constitutes a final TSA order in accordance with 49 U.S.C. 46110. Sec. 1540.209 Security threat assessment fee. (a) Imposition of fees. The fee of $39.00 is required for TSA to conduct a security threat assessment for a candidate who has unescorted access to cargo and who is subject to the requirements of Part 1540, Subpart C, and each officer, director and person who holds 25 percent or more of total outstanding voting stock of an Indirect Air Carrier or entity applying to become an IAC. (b) Remittance of fees. (1) A candidate must remit the fee required under this subpart to TSA, in a form and manner acceptable to TSA, each time the candidate or an aircraft operator, foreign air carrier, or indirect air carrier submits the information required under Sec. 1540.203 to TSA. (2) Fees remitted to TSA under this subpart must be payable to the ``Transportation Security Administration'' in United States currency and drawn on a United States bank. (3) TSA will not issue any fee refunds, unless a fee was paid in error. PART 1542--AIRPORT SECURITY 4. The authority citation for part 1542 continues to read as follows: Authority: 49 U.S.C. 114, 5103, 40113, 44901-44905, 44907, 44913-44914, 44916-44917, 44935-44936, 44942, 46105. 5. Amend Sec. 1542.1 by adding paragraph (d) to read as follows: Sec. 1542.1 Applicability of this part. * * * * * (d) Each airport that serves an aircraft operator operating under a security program under part 1544 of this chapter, or a foreign air carrier operating under a security program under part 1546 of this chapter. Such airport operators must comply with Sec. 1542.5 of this part. 6. Revise paragraphs 1542.205(a) and (b)(2) and add paragraph (c) to read as follows: Sec. 1542.205 Security of the security identification display area (SIDA). (a) Each airport operator required to have a security program under Sec. 1542.103(a) must establish at least one SIDA, which must include the following areas: (1) Each secured area must be a SIDA. (2) Each area that is regularly used to sort cargo that may be carried by an aircraft operator under a full or all-cargo program as provided in Sec. 1544.101(a) or (h) or under a foreign air carrier program under Sec. 1546.101(a), (b), or (e), and each area that is regularly used to load cargo on or unload cargo from such aircraft, must be a SIDA. (3) Other areas of the airport may be SIDAs. (b) * * * (1) * * * (2) Subject each individual to a criminal history records check as described in Sec. 1542.209 before authorizing unescorted access to the SIDA. * * * * * (c) An airport operator that is not required to have a complete program under Sec. 1542.103(a) is not required to establish a SIDA under this section. PART 1544--AIRCRAFT OPERATOR SECURITY: AIR CARRIERS AND COMMERCIAL OPERATORS 7. The authority citation for part 1544 continues to read as follows: Authority: 49 U.S.C. 114, 5103, 40113, 44901-44905, 44907, 44913-44914, 44916-44918, 44932, 44935-44936, 44942, 46105. 8. Amend Sec. 1544.101 by revising paragraphs (d)(1), (d)(4), and (e)(1) and add new paragraphs (h) and (i) to read as follows: Sec. 1544.101 Adoption and implementation. * * * * * (d) * * * (1) Is an aircraft with a maximum certificated takeoff weight more than 12,500 pounds. * * * * * (4) Is not under a full program, partial program, or all-cargo program under paragraph (a), (b), or (h) of this section. (e) * * * (1) The requirements of Sec. Sec. 1544.215, 1544.217, 1544.219, 1544.223, 1544.230, 1544.235, 1544.237, 1544.301(a) and (b), 1544.303, and 1544.305; and for all-cargo operations, Sec. Sec. 1544.202, 1544.205(a), (b), and (d). * * * * * (h) All-Cargo program--adoption: Each aircraft operator must carry out the requirements of paragraph (i) of this section for each operation that is-- (1) In an aircraft with a maximum certificated takeoff weight of more than 45,500 kg (100,309.3 pounds); and (2) Carrying cargo and authorized persons and no passengers. (i) All-Cargo program--contents: For each operation described in paragraph (h) of this section, the aircraft operator must carry out the following, and must adopt and carry out a security program that meets the applicable requirements of Sec. 1544.103(c): (1) The requirements of Sec. Sec. 1544.202, 1544.205, 1544.207, 1544.209, 1544.211, 1544.215, 1544.217, 1544.219, 1544.225, 1544.227, 1544.228, 1544.229, 1544.230, 1544.231, 1544.233, 1544.235, 1544.237, 1544.301, 1544.303, and 1544.305. (2) Other provisions of subpart C of this part that TSA has approved upon request. (3) The remaining requirements of subpart C of this part when TSA notifies the aircraft operator in writing that a security threat exists concerning that operation. 9. Add new Sec. 1544.202 to read as follows: Sec. 1544.202 Persons and property onboard the all-cargo aircraft. Each aircraft operator operating under an all-cargo program or a twelve-five program in an all-cargo operation, must apply the security measures in its security program for persons who board the aircraft, and for their property, to prevent or deter the carriage of unauthorized weapons, explosives, incendiaries, persons, and other destructive substances or items. 10. Amend Sec. 1544.205 by revising paragraphs (a), (b), (c) introductory text, (c)(2) and (d); and adding new paragraphs (e) and (f) to read as follows: Sec. 1544.205 Acceptance and screening of cargo. (a) Preventing or deterring the carriage of any explosive or incendiary. Each aircraft operator operating under a full program, an all-cargo program, or a twelve-five program in an all-cargo operation, must use the procedures, facilities, and equipment described in its security program to prevent or deter the carriage of unauthorized persons, [[Page 65286]] explosives, incendiaries, and other destructive substances or items in cargo onboard an aircraft. (b) Screening and inspection of cargo. Each aircraft operator operating under a full program or an all-cargo program, or a twelve- five program in an all-cargo operation, must ensure that cargo is screened and inspected for unauthorized persons, explosives, incendiaries, and other destructive substances or items as provided in the aircraft operator's security program and Sec. 1544.207, and as provided in Sec. 1544.239 for operations under a full program, before loading it on its aircraft. (c) Control. Each aircraft operator operating under a full program or an all-cargo program must use the procedures in its security program to control cargo that it accepts for transport on an aircraft in a manner that: (1) * * * (2) Prevents access by persons other than an aircraft operator employee or its agent, or persons authorized by the airport operator or host government. (d) Refusal to transport. Each aircraft operator operating under a full program, an all-cargo program, or a twelve-five program when in an all-cargo operation, must refuse to transport any cargo if the shipper does not consent to a search or inspection of that cargo in accordance with the system prescribed by this part. (e) Acceptance of cargo only from specified persons. Each aircraft operator operating under a full program or an all-cargo program may accept cargo for air transportation only from the shipper, or from an aircraft operator, foreign air carrier, or indirect air carrier operating under a security program under this chapter with a comparable cargo security program, except as provided in its security program. (f) Screening of cargo outside the United States. For cargo to be loaded on its aircraft outside the United States, each aircraft operator must carry out the requirements of its security program. 11. Amend Sec. 1544.225 by adding new paragraph (d): Sec. 1544.225 Security of aircraft and facilities. * * * * * (d) When operating under a full program or an all-cargo program, prevent unauthorized access to the operational area of the aircraft while loading or unloading cargo. 12. Add new Sec. 1544.228 to read as follows: Sec. 1544.228 Security threat assessments for cargo personnel. This section applies to each aircraft operator operating under a full program or an all-cargo program, and to each individual who has unescorted access to cargo accepted by such an aircraft operator. (a) Before gaining unescorted access to cargo, each individual must successfully complete one of the following: (1) A criminal history records check under Sec. Sec. 1542.209, 1544.229, or 1544.230 of this chapter, if the individual is otherwise required to undergo such a check under those sections; or (2) A Security Threat Assessment under part 1540 subpart C of this chapter; or (3) Another Security Threat Assessment approved by TSA. (b) Each aircraft operator must ensure that each individual who has access to its cargo has either successfully completed one of the checks in paragraph (a) of this section or is escorted by such an individual. 13. Amend Sec. 1544.229 by adding introductory text, revising paragraphs (a)(1)(iii) introductory text and (a)(1)(iii)(B) and adding new paragraph (a)(1)(iii)(C) to read as follows: Sec. 1544.229 Fingerprint-based criminal history records checks (CHRC): Unescorted access authority, authority to perform screening functions, and authority to perform checked baggage or cargo functions. This section applies to each aircraft operator operating under a full program, a private charter program, or an all-cargo program. (a) * * * (1) * * * (iii) Each individual granted authority to perform the following screening functions at locations within the United States (referred to as ``authority to perform screening functions''): (A) * * * (B) Serving as an immediate supervisor (checkpoint security supervisor (CSS)), and the next supervisory level (shift or site supervisor), to those individuals described in paragraph (a)(1)(iii)(A) or (a)(1)(iii)(C) of this section. (C) Screening cargo that will be carried on an aircraft of an aircraft operator required to screen cargo under this part. * * * * * 14. Add new Sec. 1544.239 as follows: Sec. 1544.239 Known shipper program. This section applies to each aircraft operator operating under a full program under Sec. 1544.101(a). (a) For cargo to be loaded on its aircraft in the United States, each aircraft operator must have and carry out a known shipper program in accordance with its security program. The program must: (1) Determine the shipper's validity and integrity as provided in its security program; (2) Provide that the aircraft operator will separate known shipper shipments from unknown shipper shipments; and (3) Provide for the aircraft operator to ensure that cargo is screened or inspected as set forth in its security program. (b) When required by TSA, each aircraft operator must submit in a form and manner acceptable to TSA: (1) Information identified in its security program regarding an applicant to the known shipper program; and (2) Upon learning of a change to the information specified in paragraph (b)(1) of this section, corrections and updates of this information. PART 1546--FOREIGN AIR CARRIER SECURITY 15. The authority citation for part 1546 continues to read as follows: Authority: 49 U.S.C. 114, 5103, 40113, 44901-44905, 44907, 44914, 44916-44917, 44935-44936, 44942, 46105. 16. Amend Sec. 1546.101 by revising the introductory text and paragraph (a) and by adding paragraphs (e) and (f): Sec. 1546.101 Adoption and implementation. Each foreign air carrier landing or taking off in the United States must adopt and carry out a security program, for each scheduled and public charter passenger operation or all-cargo operation, that meets the requirements of-- (a) Section 1546.103(b) and subparts C, D, and E of this part for each operation with an airplane having a passenger seating configuration of 61 or more seats; * * * * * (e) Sections 1546.103(b)(2) and (b)(4), 1546.202, 1546.205(a), (b), (c), (d), (e), and (f), 1546.213, and 1546.215 for each all-cargo operation with an airplane having a maximum certificated take-off weight more than 45,500 kg (100,309.3 pounds); and (f) Sections 1546.103(b)(2) and (b)(4), 1546.202, 1546.205(a), (b) and (c), 1546.213, and 1546.215 for each all-cargo operation with an airplane having a maximum certificated take-off weight more than 12,500 pounds but no more than 45,500 kg. 17. Amend Sec. 1546.103 by revising paragraph (a)(1) and paragraph (b) introductory text to read as follows: [[Page 65287]] Sec. 1546.103 Form, content, and availability of security program. (a) * * * (1) Acceptable to TSA. A foreign air carrier's security program is acceptable only if TSA finds that the security program provides a level of protection similar to the level of protection provided by U.S. aircraft operators serving the same airports. Foreign air carriers must employ procedures equivalent to those required of U.S. aircraft operators serving the same airport if TSA determines that such procedures are necessary to provide a similar level of protection. * * * * * (b) Content of security program. Each security program required by Sec. 1546.101(a), (b), (c), (e) or (f) as applicable, must be designed to: * * * * * 18. Add Sec. 1546.202 to read as follows: Sec. 1546.202 Persons and property on board the airplane. Each foreign air carrier operating under Sec. 1546.101(e) or (f) must apply the security measures in its security program for persons who board the airplane, and for their property, to prevent or deter the carriage of unauthorized weapons, explosives, incendiaries, persons, and other destructive substances or items. 19. Amend Sec. 1546.205 by revising paragraphs (a) and (b) and adding new paragraphs (c), (d), (e) and (f) to read as follows: Sec. 1546.205 Acceptance and screening of cargo. (a) Preventing or deterring the carriage of any explosive or incendiary. Each foreign air carrier operating a program under Sec. 1546.101(a), (b), (e) or (f) must use the procedures, facilities and equipment described in its security program to prevent or deter the carriage of unauthorized persons, explosives, incendiaries, and other destructive substances or items in cargo onboard an airplane. (b) Refusal to transport. Each foreign air carrier operating a program under Sec. 1546.101(a), (b), (e), or (f) must refuse to transport any cargo if the shipper does not consent to a search or inspection of that cargo in accordance with the system prescribed by this part. (c) Control. Each foreign air carrier operating a program Sec. 1546.101(a), (b), or (e) must use the procedure in its security program to control cargo that it accepts for transport on an airplane in a manner that: (1) Prevents the carriage of any unauthorized persons, explosives, incendiaries, and other destructive substances or items aboard the airplane. (2) Prevents access by unauthorized persons other than a foreign air carrier employee or its agent, or persons authorized by the airport operator or host government. (d) Screening and inspection of cargo in the United States. Each foreign air carrier operating a program under Sec. 1546.101(a), (b), (e), or (f) must ensure that, as required in its security program, cargo is screened and inspected for explosives, incendiaries, unauthorized persons, and other destructive substances or items as provided in the foreign air carrier's security program, in accordance with Sec. 1546.207, and Sec. 1546.213 if applicable, before loading it on its airplane in the United States. (e) Acceptance of cargo in the United States. Each foreign air carrier operating a program under Sec. 1546.101(a), (b), or (e) may accept cargo in the United States only from the shipper, or from an aircraft operator, foreign air carrier, or indirect air carrier operating under a security program under this chapter with a comparable cargo security program, as provided in its security program. (f) Acceptance of cargo to be loaded outside the United States. Each foreign air carrier subject to this section that accepts cargo to be loaded on its airplane outside the United States must carry out the requirements of its security program. 20. Add a new Sec. 1546.213 to read as follows: Sec. 1546.213 Security threat assessments for cargo personnel in the United States. This section applies to each foreign air carrier operating under Sec. 1546.101(a), (b), or (e), and to each individual who has unescorted access in the United States. (a) Before gaining unescorted access to cargo, each individual must successfully complete one of the following: (1) A criminal history records check under Sec. Sec. 1542.209, 1544.229, or 1544.230 of this chapter, if the individual is otherwise required to undergo such a check under those sections; or (2) A Security Threat Assessment under part 1540 subpart C of this chapter; or (3) Another Security Threat Assessment approved by TSA. (b) Each foreign air carrier must ensure that each individual who has access to its cargo has either successfully completed one of the checks in paragraph (a) of this section or is escorted by such an individual. 21. Add new Sec. 1546.215 as follows: Sec. 1546.215 Known shipper program. This section applies to each foreign air carrier operating a program under Sec. 1546.101(a) or (b). (a) For cargo to be loaded on its aircraft in the United States, each foreign air carrier must have and carry out a known shipper program in accordance with its security program. The program must: (1) Determine the shipper's validity and integrity as provided in its security program; (2) Provide that the foreign air carrier will separate known shipper shipments from unknown shipper shipments; and (3) Provide for the foreign air carrier to ensure that cargo is screened or inspected as set forth in its security program. (b) When required by TSA, each foreign air carrier must submit in a form and manner acceptable to TSA: (1) Information identified in its security program regarding an applicant to the known shipper program; and (2) Upon learning of a change to the information specified in (b)(1) of this section, corrections and updates to the information. PART 1548--INDIRECT AIR CARRIER SECURITY 22. The authority citation for part 1548 continues to read as follows: Authority: 49 U.S.C. 114, 5103, 40113, 44901-44905, 44913-44914, 44916-44917, 44932, 44935-44936, 46105. 23. Amend Sec. 1548.5 by revising paragraphs (a), (b) and (c) to read as follows: Sec. 1548.5 Adoption and implementation of the security program. (a) Security program required. No indirect air carrier may offer cargo to or perform cargo services for an aircraft operator operating under a full program or an all-cargo program specified in part 1544 of this subchapter, or to a foreign air carrier operating under a program under Sec. 1546.101(a), (b), or (e) of this subchapter, unless that indirect air carrier has and carries out an approved security program under this part. (b) General requirements. (1) The security program must provide for the security of persons and property traveling in air transportation against acts of criminal violence and air piracy and the introduction of any unauthorized person, explosive, incendiary or other destructive substances or items as provided in the indirect air carrier's security program. This requirement applies: [[Page 65288]] (i) From the time the indirect air carrier accepts the cargo to the time it transfers the cargo to an entity that is not an employee, agent, contractor or subcontractor of the indirect air carrier; (ii) While the cargo is stored, en route, or otherwise being handled by an employee, agent, contractor or subcontractor of the indirect air carrier; and (iii) Regardless of whether the indirect air carrier has or ever had physical possession of the cargo. (2) The indirect air carrier must assure that its employees, agents, contractors, and subcontractors comply with the requirements of the indirect air carrier's security program. (c) Content. Each security program under this part must -- (1) Be designed to prevent or deter the introduction of any unauthorized person, explosive, incendiary or other destructive substances or items onto an aircraft; (2) Include the procedures and description of the facilities and equipment used to comply with the requirements of Sec. Sec. 1548.9 and 1548.17 regarding the acceptance and offering of cargo. (3) Include the procedures and curriculum used to accomplish the training required under Sec. 1548.11 of persons who accept, handle, transport, or deliver cargo for or on behalf of the indirect air carrier. * * * * * 24. Revise Sec. 1548.7 to read as follows: Sec. 1548.7 Approval, amendment, annual renewal, and withdrawal of approval of the security program. (a) Original Application. (1) The applicant must apply for a security program in a form and a manner prescribed by TSA not less than 90 calendar days before the applicant intends to begin operations. The application must be in writing and include: (i) Business name; other names, including doing business as; state of incorporation, if applicable; and tax identification number. (ii) The names, addresses, and dates of birth of each officer, director, and each person who holds 25 percent or more of total outstanding voting stock of the entity. (iii) A signed statement from each person listed in paragraph (a)(1)(ii) of this section stating whether he or she has been an officer, director, or owner of an IAC that had its security program withdrawn by TSA. (iv) Copies of government-issued identification of persons listed in (a)(1)(ii) of this section. (v) Addresses of all business locations. (vi) Whether the business is a ``small business'' pursuant to section 3 of the Small Business Act (15 U.S.C. 632). (vii) Statement acknowledging and ensuring that each employee of the indirect air carrier who is subject to training under Sec. 1548.11 will have successfully completed the training outlined in its security program before performing security-related duties. (viii) Other information requested by TSA concerning Security Threat Assessments. (ix) Statement acknowledging and ensuring that each individual will successfully complete a Security Threat Assessment under Sec. 1548.15 before the individual has unescorted access to cargo. (2) Approval. TSA will approve the security program by providing the indirect air carrier with the Indirect Air Carrier Standard Security Program and any Security Directives upon determining that: (i) The indirect air carrier has met the requirements of this part, its security program, and any Security Directives. (ii) The approval of its security program is not contrary to the interests of security and the public interest. (iii) The indirect air carrier has not held a security program that was withdrawn within the previous year, unless otherwise authorized by TSA. (3) Commencement of operations. The indirect air carrier may operate under a security program when it meets all requirements, including but not limited to successful completion of training and Security Threat Assessments by relevant personnel. (4) Duration of security program. The security program will remain effective until the end of the calendar month one year after the month it was approved. (5) Requirement to report changes in information. Each indirect air carrier with an approved security program under this part must notify TSA, in a form and manner approved by TSA, of any changes to the information submitted during initial application. This notification must be submitted to the designated official for reapproval within 30 days from the date the change occurred. Changes included in the requirement of this paragraph include but are not limited to changes in the indirect air carrier's contact information, owners, business addresses and locations, and form of business entity. (b) Renewal Application. (1) Unless otherwise authorized by TSA, each indirect air carrier that has a security program under this part must timely submit to TSA, at least 30 calendar days prior to the first day of the anniversary month of initial approval of its security program, an application for renewal of its security program in a form and a manner approved by TSA. Upon timely submittal of an application for renewal and unless and until TSA denies the application, the indirect air carrier's approved security program remains in effect. (2) The application for renewal must be in writing and include a signed statement that the indirect air carrier has reviewed and ensures the continuing accuracy of the contents of its initial application for a security program, subsequent renewal applications, or other submissions to TSA confirming a change of information and noting the date such applications and submissions were sent to TSA, including the following certification: [Name of indirect air carrier] (hereinafter ``the IAC'') has adopted and is currently carrying out a security program in accordance with the Transportation Security Regulations as originally approved on [insert date of initial approval]. In accordance with TSA regulations, the IAC has notified TSA of any new or changed information required for the IAC's initial security program. If new or changed information is being submitted to TSA as part of this application for reapproval, that information is stated in this filing. The IAC understands that intentional falsification of certification to an air carrier or to TSA may be subject to both civil and criminal penalties under 49 CFR 1540 and 1548 and 18 U.S.C. 1001. Failure to notify TSA of any new or changed information required for initial approval of the IAC's security program in a timely fashion and in a form acceptable to TSA may result in withdrawal by TSA of approval of the IAC's security program. (3) TSA will renew approval of the security program if TSA determines that: (i) The indirect air carrier has met the requirements of this part, its security program, and any Security Directives; and (ii) The renewal of its security program is not contrary to the interests of security and the public interest. (4) If TSA determines that the indirect air carrier meets the requirements of paragraph (b)(3) of this section, it will renew the indirect air carrier's security program. The security program will remain effective until the end of the calendar month one year after the month it was renewed. (c) Amendment requested by an indirect air carrier or applicant. An indirect air carrier or applicant may submit a request to TSA to amend its security program as follows: [[Page 65289]] (1) The request for an amendment must be filed with the designated official at least 45 calendar days before the date it proposes for the amendment to become effective, unless a shorter period is allowed by the designated official. (2) Within 30 calendar days after receiving a proposed amendment, the designated official, in writing, either approves or denies the request to amend. (3) An amendment to an indirect air carrier security program may be approved if the designated official determines that safety and the public interest will allow it, and if the proposed amendment provides the level of security required under this part. (4) Within 30 calendar days after receiving a denial of the proposed amendment, the indirect air carrier may petition the Administrator to reconsider the denial. A petition for reconsideration must be filed with the designated official. (5) Upon receipt of a petition for reconsideration, the designated official either approves the request to amend or transmits the petition, together with any pertinent information, to the Administrator for reconsideration. The Administrator will dispose of the petition within 30 calendar days of receipt by either directing the designated official to approve the amendment or by affirming the denial. (6) Any indirect air carrier may submit a group proposal for an amendment that is on behalf of it and other indirect air carriers that co-sign the proposal. (d) Amendment by TSA. TSA may amend a security program in the interest of safety and the public interest, as follows: (1) TSA notifies the indirect air carrier, in writing, of the proposed amendment, fixing a period of not less than 30 calendar days within which the indirect air carrier may submit written information, views, and arguments on the amendment. (2) After considering all relevant material, the designated official notifies the indirect air carrier of any amendment adopted or rescinds the notice of amendment. If the amendment is adopted, it becomes effective not less than 30 calendar days after the indirect air carrier receives the notice of amendment, unless the indirect air carrier petitions the Administrator to reconsider no later than 15 calendar days before the effective date of the amendment. The indirect air carrier must send the petition for reconsideration to the designated official. A timely petition for reconsideration stays the effective date of the amendment. (3) Upon receipt of a petition for reconsideration, the designated official either amends or withdraws the notice of amendment or transmits the petition, together with any pertinent information, to the Administrator for reconsideration. The Administrator disposes of the petition within 30 calendar days of receipt by either directing the designated official to withdraw or amend the notice of amendment, or by affirming the notice of amendment. (e) Emergency Amendments. (1) If TSA finds that there is an emergency requiring immediate action with respect to aviation security that makes procedures in this section contrary to the public interest, the designated official may issue an emergency amendment, without the prior notice and comment procedures described in paragraph (d) of this section. (2) The emergency amendment is effective without stay on the date the indirect air carrier receives notification. TSA will incorporate in the notification a brief statement of the reasons and findings for the emergency amendment to be adopted. (3) The indirect air carrier may file a petition for reconsideration with the Administrator no later than 15 calendar days before the effective date of the emergency amendment. The indirect air carrier must send the petition for reconsideration to the designated official; however, the filing does not stay the effective date of the emergency amendment. (f) Withdrawal of approval of a security program. TSA may withdraw the approval of the indirect air carrier's security program, if TSA determines continued operation is contrary to security and the public interest, as follows: (1) Notice of proposed withdrawal of approval. The designated official will serve a notice of proposed withdrawal of approval that notifies the indirect air carrier, in writing, of the facts, charges, and applicable law, regulation, or order that forms the basis for the determination. (2) IAC reply. The indirect air carrier may respond to the notice of proposed withdrawal of approval no later than 15 calendar days after receipt of the withdrawal by providing the designated official in writing with any material facts, arguments, applicable law, and regulation. (3) TSA review. The designated official will consider all information available, including any relevant material or information submitted by the indirect air carrier, before either issuing a withdrawal of approval of the indirect air carrier's security program or rescinding the notice of proposed withdrawal of approval. If a withdrawal of approval is issued, it becomes effective upon receipt by the indirect air carrier or 15 calendar days after service, whichever occurs first. (4) Petition for reconsideration. The indirect air carrier may petition the Administrator to reconsider the withdrawal of approval by serving a petition for consideration no later than 15 calendar days after the indirect air carrier receives the withdrawal of approval. The indirect air carrier must serve the petition for reconsideration to the designated official. Submission of a petition for reconsideration will not automatically stay the withdrawal of approval. The indirect air carrier may request the designated official to stay the withdrawal of approval pending consideration of the petition. (5) Administrator's review. The designated official transmits the petition together with all pertinent information to the Administrator for reconsideration. The Administrator will dispose of the petition within 15 calendar days of receipt by either directing the designated official to rescind the withdrawal of approval or by affirming the withdrawal of approval. The decision of the Administrator is a final order under 49 U.S.C. 46110. (6) Emergency withdrawal. If TSA finds that there is an emergency requiring immediate action with respect to aviation security that makes procedures in this section contrary to the public interest, the designated official may issue an emergency withdrawal of the indirect air carrier's security program, without first issuing a notice of proposed withdrawal effective without stay on the date that the indirect air carrier receives notice of the emergency withdrawal. In such a case, the designated official will send the indirect air carrier a brief statement of the facts, charges, and applicable law, regulation, or order that forms the basis for the emergency withdrawal. The indirect air carrier may submit a petition for reconsideration under the procedures in paragraphs (f)(2) through (f)(5) of this section; however, this petition will not stay the effective date of the emergency withdrawal. (g) Service of documents for withdrawal of approval of security program proceedings. Service may be accomplished by personal delivery, certified mail, or express courier. Documents served on an indirect air carrier will be served at the indirect air carrier's official place of business as designated in its application for [[Page 65290]] approval or its security program. Documents served on TSA must be served to the address noted in the notice of withdrawal of approval or withdrawal of approval, whichever is applicable. (1) Certificate of service. An individual may attach a certificate of service to a document tendered for filing. A certificate of service must consist of a statement, dated and signed by the person filing the document, that the document was personally delivered, served by certified mail on a specific date, or served by express courier on a specific date. (2) Date of service. The date of service will be the date of personal delivery; if served by certified mail, the mailing date shown on the certificate of service, the date shown on the postmark if there is no certificate of service, or other mailing date shown by other evidence if there is no certificate of service or postmark; or if served by express courier, the service date shown on the certificate of service, or by other evidence if there is no certificate of service. (h) Extension of time. TSA may grant an extension of time of the limits set forth in this section for good cause shown. An indirect air carrier's request for an extension of time must be in writing and be received by TSA at least 2 days before the due date to be extended. TSA may grant itself an extension of time for good cause. 25. Revise Sec. 1548.9 to read as follows: Sec. 1548.9 Acceptance of cargo. (a) Preventing or deterring the carriage of any explosive or incendiary. Each indirect air carrier must use the facilities, equipment, and procedures described in its security program to prevent or deter the carriage on board an aircraft of any unauthorized person, explosive, incendiary, and other destructive substances or items as provided in the indirect air carrier's security program. (b) Refusal to transport. Each indirect air carrier must refuse to offer for transport on an aircraft any cargo if the shipper does not consent to a search or inspection of that cargo in accordance with this part, or part 1544 or 1546 of this chapter. 26. Add new Sec. 1548.11 to read as follows: Sec. 1548.11 Training and knowledge for individuals with security- related duties. (a) No indirect air carrier may use any individual to perform any security-related duties to meet the requirements of its security program unless that individual has received training as specified in its security program including their individual responsibilities in Sec. 1540.105 of this chapter. (b) Each indirect air carrier must ensure that individuals who accept, handle, transport, or deliver cargo for or on behalf of the indirect air carrier have knowledge of the applicable provisions of this part, applicable Security Directives and Information Circulars, the approved airport security program applicable to their location, and the aircraft operator's or indirect air carrier's security program to the extent that such individuals need to know in order to perform their duties. (c) Each indirect air carrier must ensure that each individual under paragraph (b) of this section for the indirect air carrier successfully completes recurrent training at least annually on their individual responsibilities in Sec. 1540.105 of this chapter, the applicable provisions of this part, applicable Security Directives and Information Circulars, the approved airport security program applicable to their location, and the aircraft operator's or indirect air carrier's security program to the extent that such individuals need to know in order to perform their duties. 27. Add new Sec. 1548.13 to read as follows: Sec. 1548.13 Security coordinators. (a) Indirect Air Carrier Security Coordinator. Each indirect air carrier must designate and use an Indirect Air Carrier Security Coordinator (IACSC). The IACSC and alternates must be appointed at the corporate level and must serve as the indirect air carrier's primary contact for security-related activities and communications with TSA, as set forth in the security program. Either the IACSC or an alternate IACSC must be available on a 24-hour basis. (b) [Reserved]. 28. Add new Sec. 1548.15 to read as follows: Sec. 1548.15 Security threat assessments for individuals having unescorted access to cargo. This section applies to each indirect air carrier, and to each individual who has unescorted access to cargo accepted by such an indirect air carrier. (a) Before gaining unescorted access to cargo, each individual must successfully complete either-- (1) A criminal history records check under Sec. Sec. 1542.209, 1544.229, or 1544.230 of this chapter, if the individual is otherwise required to undergo such a check under those sections; or (2) A Security Threat Assessment under part 1540 of this chapter; or (3) Another Security Threat Assessment approved by TSA. (b) Each indirect air carrier must ensure that each individual who has access to its cargo has either successfully completed one of the checks in paragraph (a) of this section or is escorted by such an individual. 29. Add new Sec. 1548.17 to read as follows: Sec. 1548.17 Known shipper program. This section applies for cargo that an indirect air carrier offers to an aircraft operator operating under a full program under Sec. 1544.101(a), or to a foreign air carrier operating under Sec. 1546.101(a) or (b). (a) For cargo to be loaded on aircraft in the United States, each indirect air carrier must have and carry out a known shipper program in accordance with its security program. The program must: (1) Determine the shipper's validity and integrity as provided in its security program; (2) Provide that the indirect air carrier will separate known shipper shipments from unknown shipper shipments. (b) When required by TSA, each indirect air carrier must submit to TSA, in a form and manner acceptable to TSA: (1) Information identified in its security program regarding an applicant to the known shipper program; and (2) Upon learning of a change to the information specified in subparagraph (b)(1) of this paragraph, corrections and updates of this information. 30. Add new Sec. 1548.19 to read as follows: Sec. 1548.19 Security directives and information circulars. (a) TSA may issue an Information Circular to notify indirect air carriers of security concerns. When TSA determines that additional security measures are necessary to respond to a threat assessment or to a specific threat against civil aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each indirect air carrier required to have an approved indirect air carrier security program must comply with each Security Directive issued to the indirect air carrier by TSA, within the time prescribed in the Security Directive for compliance. (c) Each indirect air carrier that receives a Security Directive must-- (1) Within the time prescribed in the Security Directive, acknowledge in writing receipt of the Security Directive to TSA. [[Page 65291]] (2) Within the time prescribed in the Security Directive, specify the method by which the measures in the Security Directive have been implemented (or will be implemented, if the Security Directive is not yet effective). (d) In the event that the indirect air carrier is unable to implement the measures in the Security Directive, the indirect air carrier must submit proposed alternative measures and the basis for submitting the alternative measures to TSA for approval. The indirect air carrier must submit the proposed alternative measures within the time prescribed in the Security Directive. The indirect air carrier must implement any alternative measures approved by TSA. (e) Each indirect air carrier that receives a Security Directive may comment on the Security Directive by submitting data, views, or arguments in writing to TSA. TSA may amend the Security Directive based on comments received. Submission of a comment does not delay the effective date of the Security Directive. (f) Each indirect air carrier that receives a Security Directive or Information Circular and each person who receives information from a Security Directive or Information Circular must: (1) Restrict the availability of the Security Directive or Information Circular, and information contained in either document, to those persons with a need-to-know. (2) Refuse to release the Security Directive or Information Circular, and information contained in either document, to persons other than those with a need-to-know without the prior written consent of TSA. Issued in Arlington, VA, on November 3, 2004. David M. Stone, Assistant Secretary. [FR Doc. 04-24883 Filed 11-9-04; 8:45 am] BILLING CODE 4910-62-P