DOT 49 CFR PART 1520-2010 PROTECTION OF SENSITIVE SECURITY INFORMATION.pdf

1、298 SUBCHAPTER BSECURITY RULES FOR ALL MODES OF TRANSPORTATION PART 1520PROTECTION OF SENSITIVE SECURITY INFORMATION Sec. 1520.1 Scope. 1520.3 Terms used in this part. 1520.5 Sensitive security information. 1520.7 Covered persons. 1520.9 Restrictions on the disclosure of SSI. 1520.11 Persons with a

2、need to know. 1520.13 Marking SSI. 1520.15 SSI disclosed by TSA or the Coast Guard. 1520.17 Consequences of unauthorized disclo-sure of SSI. 1520.19 Destruction of SSI. AUTHORITY: 46 U.S.C. 7010270106, 70117; 49 U.S.C. 114, 40113, 4490144907, 4491344914, 4491644918, 4493544936, 44942, 46105. SOURCE:

3、 69 FR 28082, May 18, 2004, unless otherwise noted. 1520.1 Scope. (a) Applicability. This part governs the maintenance, safeguarding, and disclosure of records and information that TSA has determined to be Sen-sitive Security Information, as defined in 1520.5. This part does not apply to the mainten

4、ance, safeguarding, or dis-closure of classified national security information, as defined by Executive Order 12968, or to other sensitive un-classified information that is not SSI, but that nonetheless may be exempt from public disclosure under the Free-dom of Information Act. In addition, in the c

5、ase of information that has been designated as critical infrastructure in-formation under section 214 of the Homeland Security Act, the receipt, maintenance, or disclosure of such in-formation by a Federal agency or em-ployee is governed by section 214 and any implementing regulations, not by this p

6、art. (b) Delegation. The authority of TSA and the Coast Guard under this part may be further delegated within TSA and the Coast Guard, respectively. 1520.3 Terms used in this part. In addition to the terms in 1500.3 of this chapter, the following terms apply in this part: Administrator means the Und

7、er Sec-retary of Transportation for Security referred to in 49 U.S.C. 114(b), or his or her designee. Coast Guard means the United States Coast Guard. Covered person means any organiza-tion, entity, individual, or other person described in 1520.7. In the case of an individual, covered person include

8、s any individual applying for employment in a position that would be a covered per-son, or in training for such a position, regardless of whether that individual is receiving a wage, salary, or other form of payment. Covered person includes a person applying for certification or other form of approv

9、al that, if granted, would make the person a covered per-son described in 1520.7. DHS means the Department of Home-land Security and any directorate, bu-reau, or other component within the Department of Homeland Security, in-cluding the United States Coast Guard. DOT means the Department of Trans-po

10、rtation and any operating adminis-tration, entity, or office within the De-partment of Transportation, including the Saint Lawrence Seaway Develop-ment Corporation and the Bureau of Transportation Statistics. Federal Flight Deck Officer means a pilot participating in the Federal Flight Deck Officer

11、Program under 49 U.S.C. 44921 and implementing regula-tions. Maritime facility means any facility as defined in 33 CFR part 101. Rail facility means rail facility as defined in 49 CFR 1580.3. Rail hazardous materials receiver means rail hazardous materials re-ceiver as defined in 49 CFR 1580.3. Rail

12、 hazardous materials shipper means rail hazardous materials ship-per as defined in 49 CFR 1580.3. Rail secure area means rail secure area as defined in 49 CFR 1580.3. Rail transit facility means rail tran-sit facility as defined in 49 CFR 1580.3. Rail transit system or Rail Fixed Guide-way System me

13、ans rail transit sys-tem or Rail Fixed Guideway Sys-tem as defined in 49 CFR 1580.3. VerDate Mar2010 08:56 Nov 10, 2010 Jkt 220220 PO 00000 Frm 00308 Fmt 8010 Sfmt 8010 Y:SGML220220.XXX 220220erowe on DSK5CLS3C1PROD with CFRProvided by IHSNot for ResaleNo reproduction or networking permitted without

14、 license from IHS-,-,-299 Transportation Security Administration, DHS 1520.5 Railroad means railroad as defined in 49 U.S.C. 20102(1). Railroad carrier means railroad car-rier as defined in 49 U.S.C. 20102(2). Record includes any means by which information is preserved, irrespective of format, inclu

15、ding a book, paper, drawing, map, recording, tape, film, photograph, machine-readable mate-rial, and any information stored in an electronic format. The term record also includes any draft, proposed, or rec-ommended change to any record. Security contingency plan means a plan detailing response proc

16、edures to address a transportation security inci-dent, threat assessment, or specific threat against transportation, includ-ing details of preparation, response, mitigation, recovery, and reconstitu-tion procedures, continuity of govern-ment, continuity of transportation op-erations, and crisis mana

17、gement. Security screening means evaluating a person or property to determine wheth-er either poses a threat to security. SSI means sensitive security infor-mation, as described in 1520.5. Threat image projection system means an evaluation tool that involves peri-odic presentation of fictional threa

18、t images to operators and is used in con-nection with x-ray or explosives detec-tion systems equipment. TSA means the Transportation Secu-rity Administration. Vulnerability assessment means any re-view, audit, or other examination of the security of a transportation infra-structure asset; airport; m

19、aritime fa-cility, port area, or vessel; aircraft; railroad; railroad carrier, rail facility; train; rail hazardous materials shipper or receiver facility; rail transit system; rail transit facility; commercial motor vehicle; or pipeline; or a transpor-tation-related automated system or network to d

20、etermine its vulnerability to unlawful interference, whether dur-ing the conception, planning, design, construction, operation, or decommis-sioning phase. A vulnerability assess-ment may include proposed, rec-ommended, or directed actions or coun-termeasures to address security con-cerns. 69 FR 2808

21、2, May 18, 2004, as amended at 70 FR 41599, July 19, 2005; 73 FR 72172, Nov. 26, 2008; 74 FR 47695, Sept. 16, 2009 1520.5 Sensitive security informa-tion. (a) In general. In accordance with 49 U.S.C. 114(s), SSI is information ob-tained or developed in the conduct of security activities, including r

22、esearch and development, the disclosure of which TSA has determined would (1) Constitute an unwarranted inva-sion of privacy (including, but not lim-ited to, information contained in any personnel, medical, or similar file); (2) Reveal trade secrets or privileged or confidential information obtained

23、 from any person; or (3) Be detrimental to the security of transportation. (b) Information constituting SSI. Ex-cept as otherwise provided in writing by TSA in the interest of public safety or in furtherance of transportation se-curity, the following information, and records containing such informat

24、ion, constitute SSI: (1) Security programs and contingency plans. Any security program or secu-rity contingency plan issued, estab-lished, required, received, or approved by DOT or DHS, including any com-ments, instructions, or implementing guidance, including (i) Any aircraft operator, airport op-e

25、rator, fixed base operator, or air cargo security program, or security contin-gency plan under this chapter; (ii) Any vessel, maritime facility, or port area security plan required or di-rected under Federal law; (iii) Any national or area security plan prepared under 46 U.S.C. 70103; and (iv) Any s

26、ecurity incident response plan established under 46 U.S.C. 70104. (2) Security Directives. Any Security Directive or order (i) Issued by TSA under 49 CFR 1542.303, 1544.305, 1548.19, or other au-thority; (ii) Issued by the Coast Guard under the Maritime Transportation Security Act, 33 CFR part 6, or

27、 33 U.S.C. 1221 et seq. related to maritime security; or (iii) Any comments, instructions, and implementing guidance pertaining thereto. (3) Information Circulars. Any notice issued by DHS or DOT regarding a threat to aviation or maritime trans-portation, including any VerDate Mar2010 08:56 Nov 10,

28、2010 Jkt 220220 PO 00000 Frm 00309 Fmt 8010 Sfmt 8010 Y:SGML220220.XXX 220220erowe on DSK5CLS3C1PROD with CFRProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-300 49 CFR Ch. XII (10110 Edition) 1520.5 (i) Information circular issued by TSA under 49 CFR

29、 1542.303, 1544.305, 1548.19, or other authority; and (ii) Navigation or Vessel Inspection Circular issued by the Coast Guard re-lated to maritime security. (4) Performance specifications. Any performance specification and any de-scription of a test object or test proce-dure, for (i) Any device used

30、 by the Federal Government or any other person pursu-ant to any aviation or maritime trans-portation security requirements of Federal law for the detection of any person, and any weapon, explosive, in-cendiary, or destructive device, item, or substance; and (ii) Any communications equipment used by

31、the Federal government or any other person in carrying out or com-plying with any aviation or maritime transportation security requirements of Federal law. (5) Vulnerability assessments. Any vul-nerability assessment directed, cre-ated, held, funded, or approved by the DOT, DHS, or that will be prov

32、ided to DOT or DHS in support of a Federal se-curity program. (6) Security inspection or investigative information. (i) Details of any security inspection or investigation of an al-leged violation of aviation, maritime, or rail transportation security require-ments of Federal law that could reveal a

33、 security vulnerability, including the identity of the Federal special agent or other Federal employee who conducted the inspection or audit. (ii) In the case of inspections or in-vestigations performed by TSA, this in-cludes the following information as to events that occurred within 12 months of t

34、he date of release of the informa-tion: the name of the airport where a violation occurred, the airport identi-fier in the case number, a description of the violation, the regulation alleg-edly violated, and the identity of any aircraft operator in connection with specific locations or specific secu

35、rity procedures. Such information will be released after the relevant 12-month period, except that TSA will not re-lease the specific gate or other location on an airport where an event occurred, regardless of the amount of time that has passed since its occurrence. During the period within 12 month

36、s of the date of release of the information, TSA may release summaries of an aircraft opera-tors, but not an airport operators, total security violations in a specified time range without identifying specific violations or locations. Summaries may include total enforcement actions, total proposed ci

37、vil penalty amounts, number of cases opened, number of cases referred to TSA or FAA counsel for legal enforcement action, and num-ber of cases closed. (7) Threat information. Any informa-tion held by the Federal government concerning threats against transpor-tation or transportation systems and sour

38、ces and methods used to gather or develop threat information, including threats against cyber infrastructure. (8) Security measures. Specific details of aviation, maritime, or rail transpor-tation security measures, both oper-ational and technical, whether applied directly by the Federal government

39、or another person, including (i) Security measures or protocols recommended by the Federal govern-ment; (ii) Information concerning the de-ployments, numbers, and operations of Coast Guard personnel engaged in mar-itime security duties and Federal Air Marshals, to the extent it is not classi-fied na

40、tional security information; and (iii) Information concerning the de-ployments and operations of Federal Flight Deck Officers, and numbers of Federal Flight Deck Officers aggre-gated by aircraft operator. (iv) Any armed security officer proce-dures issued by TSA under 49 CFR part 1562. (9) Security

41、screening information. The following information regarding secu-rity screening under aviation or mari-time transportation security require-ments of Federal law: (i) Any procedures, including selec-tion criteria and any comments, in-structions, and implementing guidance pertaining thereto, for screen

42、ing of persons, accessible property, checked baggage, U.S. mail, stores, and cargo, that is conducted by the Federal gov-ernment or any other authorized per-son. (ii) Information and sources of infor-mation used by a passenger or property VerDate Mar2010 08:56 Nov 10, 2010 Jkt 220220 PO 00000 Frm 00

43、310 Fmt 8010 Sfmt 8010 Y:SGML220220.XXX 220220erowe on DSK5CLS3C1PROD with CFRProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-301 Transportation Security Administration, DHS 1520.5 screening program or system, including an automated screening system.

44、 (iii) Detailed information about the locations at which particular screening methods or equipment are used, only if determined by TSA to be SSI. (iv) Any security screener test and scores of such tests. (v) Performance or testing data from security equipment or screening sys-tems. (vi) Any electron

45、ic image shown on any screening equipment monitor, in-cluding threat images and descriptions of threat images for threat image pro-jection systems. (10) Security training materials. Records created or obtained for the purpose of training persons employed by, contracted with, or acting for the Federa

46、l government or another person to carry out aviation, maritime, or rail transportation security measures re-quired or recommended by DHS or DOT. (11) Identifying information of certain transportation security personnel. (i) Lists of the names or other identifying information that identify persons as

47、 (A) Having unescorted access to a se-cure area of an airport, a rail secure area, or a secure or restricted area of a maritime facility, port area, or vessel; (B) Holding a position as a security screener employed by or under con-tract with the Federal government pur-suant to aviation or maritime t

48、rans-portation security requirements of Federal law, where such lists are aggre-gated by airport; (C) Holding a position with the Coast Guard responsible for conducting vul-nerability assessments, security boardings, or engaged in operations to enforce maritime security require-ments or conduct forc

49、e protection; (D) Holding a position as a Federal Air Marshal; or (ii) The name or other identifying in-formation that identifies a person as a current, former, or applicant for Fed-eral Flight Deck Officer. (12) Critical aviation, maritime, or rail infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital to the avia-tion, maritime, or rail transportation system (including rai