22 May 2006
-----------------------------------------------------------------------
[Federal Register: May 22, 2006 (Volume 71, Number 98)][Proposed Rules] [Page 29395-29462] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr22my06-15] [[Page 29395]] ----------------------------------------------------------------------- Part II Department of Homeland Security ----------------------------------------------------------------------- Coast Guard ----------------------------------------------------------------------- Transportation Security Administration ----------------------------------------------------------------------- 33 CFR Parts 1, 20 et al.; 46 CFR Parts 10, 12, and 15 49 CFR Parts 1515, 1570, and 1572 Transportation Worker Identification Credential (TWIC) Implementation in the Maritime Sector; Proposed Rules [[Page 29396]] ----------------------------------------------------------------------- DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration 49 CFR Parts 1515, 1570, 1572 Coast Guard 33 CFR Parts 101, 103, 104, 105, 106, 125; 46 CFR Parts 10, 12, 15 [Docket Nos. TSA-2006-24191; USCG-2006-24196] RIN 1652-AA41 Transportation Worker Identification Credential (TWIC) Implementation in the Maritime Sector; Hazardous Materials Endorsement for a Commercial Driver's License AGENCY: Transportation Security Administration; United States Coast Guard, DHS. ACTION: Notice of proposed rulemaking (NPRM). ----------------------------------------------------------------------- SUMMARY: This is a notice of proposed rulemaking by the Department of Homeland Security, specifically by the Transportation Security Administration and the United States Coast Guard. If promulgated, this rule would implement the Transportation Worker Identification Credential program in the maritime sector. Under this program, merchant mariners holding an active License, Merchant Mariner Document, or Certificate of Registry and workers who require unescorted access to secure areas at maritime facilities or on vessels must undergo a security threat assessment, and, if found to not pose a security threat, obtain a Transportation Worker Identification Credential. Persons without Transportation Worker Identification Credentials will not be granted unescorted access to secure areas at affected maritime facilities or on vessels. Under this proposed rule, the Coast Guard seeks to amend its regulations on vessel and facility security to require the use of the Transportation Worker Identification Credential as an access control measure. It is also proposing to amend its regulations covering merchant mariners to incorporate the requirement to obtain a Transportation Worker Identification Credential. In a separate rulemaking action published elsewhere in this edition of the Federal Register, the Coast Guard also is proposing to consolidate existing licensing and documentation regulations to minimize duplicative or redundant identification or background check requirements. The Transportation Security Administration proposes amending its security threat assessment standards that currently apply to commercial drivers authorized to transport hazardous materials in commerce to also apply to merchant mariners and workers who require unescorted access to secure areas on vessels and at port facilities. These proposed amendments also relate to the notification an employer receives when an employee who holds a hazardous materials endorsement or a Transportation Worker Identification Credential is determined to pose a security threat. The Transportation Security Administration also is proposing regulations dealing with the enrollment of port workers into the Transportation Worker Identification Credential program. In addition, the Transportation Security Administration is proposing a fee, as authorized under the Department of Homeland Security Appropriations Act of 2004, to pay for the costs related to the issuance of the Transportation Worker Identification Credentials under this rule. This rulemaking would enhance the security of ports by requiring background checks on persons and establishing a biometric access control system to prevent those who pose a security threat from gaining unescorted access to secure areas of ports. This rulemaking implements the Maritime Transportation Security Act of 2002, which requires that credentialed merchant mariners and workers with unescorted access to secured areas of vessels and facilities be subject to a security threat assessment and receive a biometric credential needed to access secured areas. DATES: Comments and related material must reach the Docket Management Facility on or before July 6, 2006. Comments sent to the Office of Management and Budget (OMB) on collection of information must reach OMB on or before July 6, 2006. Public Meetings: TSA and the Coast Guard will hold four public meetings as follows: Wednesday, May 31, 2006 in Newark, NJ; Thursday, June 1 in Tampa, FL; Wednesday, June 6 in St. Louis, MO; and Thursday, June 7 in Long Beach, CA. Interested individuals are invited to attend, provide comments and ask questions about the proposed rule. TSA and Coast Guard will provide exact locations and other additional information about the meetings in another document to be published in the Federal Register. ADDRESSES: You may submit comments identified by TSA docket number TSA- 2006-24191 or Coast Guard docket number USCG-2006-24196 to the Docket Management Facility at the U.S. Department of Transportation. To avoid duplication, please use only one of the following methods: (1) Web site: http://dms.dot.gov. (2) Mail: Docket Management Facility, U.S. Department of Transportation, Room Plaza 401, 400 Seventh Street SW., Washington, DC 20590-0001. (3) Fax: 202-493-2251. (4) Delivery: Room PL-401 on the Plaza level of the Nassif Building, 400 Seventh Street SW., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The telephone number is 202-366-9329. (5) Federal eRulemaking Portal: http://www.regulations.gov. You must mail comments on collection of information to the Office of Information and Regulatory Affairs, Office of Management and Budget, 725 17th Street NW, Washington, DC 20503, ATTN: Desk Officer, United States Coast Guard. See SUPPLEMENTARY INFORMATION for format and other information about comment submissions. FOR FURTHER INFORMATION CONTACT: For questions related to TSA's proposed standards: Rick Collins, Transportation Security Administration, 601 South 12th Street, Arlington, VA 22202-4220, TWIC Program, 571-227-3515; e-mail: credentialing@dhs.gov. For legal questions: Christine Beyer, TSA-2, Transportation Security Administration, 601 South 12th Street, Arlington, VA 22202- 4220; telephone (571) 227-2657; facsimile (571) 571 1380; e-mail Christine.Beyer@dhs.gov. For questions concerning the Coast Guard provisions of this proposed rule: LCDR Jonathan Maiorine, Commandant (G-PCP-2), United States Coast Guard, 2100 Second Street, SW., Washington, DC 20593; telephone 1-877-687-2243. For questions concerning viewing or submitting material to the docket: Renee V. Wright, Program Manager, Docket Management System, U.S. Department of Transportation, Room Plaza 401, 400 Seventh Street, SW., Washington, DC 20590-0001; telephone (202) 493-0402. SUPPLEMENTARY INFORMATION: Public Participation and Request for Comments We encourage you to participate in this rulemaking by submitting comments and related materials. All comments received will be posted, without change, to http://dms.dot.gov [[Page 29397]] and will include any personal information you have provided. We have an agreement with the Department of Transportation (DOT) to use the Docket Management Facility. Please see DOT's ``Privacy Act'' paragraph below. Submitting comments: If you submit a comment, please include your name and address, identify the docket number for this rulemaking (TSA- 2006-24191 or USCG-2006-24196), indicate the specific section of this document to which each comment applies, and give the reason for each comment. Please send comments on the TSA portions of the proposed rule to the TSA docket (TSA-2006-24191), and send comments on the Coast Guard portions of the proposed rule to the Coast Guard docket (USCG- 2006-24196). You may submit your comments and material by electronic means, mail, fax, or delivery to the Docket Management Facility at the address under ADDRESSES; but please submit your comments and material by only one means. If you submit them by mail or delivery, submit them in an unbound format, no larger than 8\1/2\ by 11 inches, suitable for copying and electronic filing. If you submit them by mail and would like us to acknowledge receipt, please enclose a stamped, self- addressed postcard or envelope. We will consider all comments and material received during the comment period. We may change this proposed rule in view of them. Handling of Confidential or Proprietary Information and Sensitive Security Information (SSI) Submitted in Public Comments: Do not submit comments that include trade secrets, confidential commercial or financial information, or sensitive security information (SSI) \1\ to the public regulatory docket. Please submit such comments separately from other comments on the rulemaking. Comments containing this type of information should be appropriately marked as containing such information and submitted by mail to the TSA legal point of contact listed in the FOR FURTHER INFORMATION CONTACT section. --------------------------------------------------------------------------- \1\ ``Sensitive Security Information'' or ``SSI'' is informaton obtained or developed int he conduct of security activities, the disclosure of which would constitute an unwarranted invasion of privacy, reveal trade secrets or privileged or confidential information, or be detrimental tot he security of transportation. The protection of SSI is governed by 49 CFR part 1520. --------------------------------------------------------------------------- Upon receipt of such comments, TSA will not place the comments in the public docket and will handle them in accordance with applicable safeguards and restrictions on access. TSA will hold them in a separate file to which the public does not have access, and place a note in the public docket that TSA has received such materials from the commenter. If TSA receives a request to examine or copy this information, TSA will treat it as any other request under the Freedom of Information Act (FOIA) (5 U.S.C. 552) and the Department of Homeland Security's FOIA regulation found in 6 CFR part 5. Viewing comments and documents: To view comments, as well as documents mentioned in this preamble as being available in the docket, go to http://dms.dot.gov at any time, click on ``Simple Search,'' enter the last five digits of the docket number for this rulemaking, and click on ``Search.'' You may also visit the Docket Management Facility in Room PL-401 on the Plaza level of the Nassif Building, 400 Seventh Street, SW., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. Privacy Act: Anyone can search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). You may review the Department of Transportation's Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477), or you may visit http://dms.dot.gov. Abbreviations and Terms Used in This Document AMS--Area Maritime Security ASP--Alternative Security Program ATSA--Aviation and Transportation Security Act ATF--Bureau of Alcohol, Tobacco, Firearms, and Explosives CDC--Certain Dangerous Cargo CDL--Commercial drivers license CDLIS--Commercial drivers license information system CHRC--Criminal history records check CJIS--Criminal Justice Information Services Division COR--Certificate of Registry COTP--Captain of the Port DHS--Department of Homeland Security DOJ--Department of Justice DMV--Department of Motor Vehicles DOT--Department of Transportation FBI--Federal Bureau of Investigation FIPS 201--Federal Information Processing Standards Publication 201 FMCSA--Federal Motor Carrier Safety Administration FMSC--Federal Maritime Security Coordinator FSP--Facility Security Plan HME--Hazardous materials endorsement HSA--Homeland Security Act HSPD 12--Homeland Security Presidential Directive 12 ICC--Integrated Circuit Chip MARSEC--Maritime Security MMD--Merchant Mariner Document MSC--Marine Safety Center MTSA--Maritime Transportation Security Act OCS--Outer Continental Shelf REC--Regional Exam Center SAFETEA-LU--Safe, Accountable, Flexible, Efficient Transportation Equity Act--A Legacy for Users STCW--International Convention on Standards of Training, Certification, and Watchkeeping for Seafarers, 1978, as amended TSA--Transportation Security Administration TWIC--Transportation Worker Identification Credential USA PATRIOT Act--Uniting and Strengthening America by Providing AppropriateTools Required to Intercept and Obstruct Terrorism Act VSP--Vessel Security Plan Table of Contents I. Background and Purpose II. Development of TWIC Process III. Proposed Rule A. Coast Guard B. TSA 1. TWIC Process a. Pre-Enrollment and Enrollment b. Adjudication of Security Threat Assessment c. Credential Production d. Credential Activation e. Using TWIC in an Access Control System f. Lost, Damaged or Stolen TWICs g. Renewal h. Call Center i. Notifying Employers of Threat Determination 2. Fee 3. TWIC in Other Modes of Transportation IV. Advisory Committee Participation V. Section-by-Section Analysis of United States Coast Guard Proposed Rule General Introduction 33 CFR Part 101 33 CFR 101.105 Definitions. 33 CFR 101.121 Alternative Security Programs--TWIC Addendum. 33 CFR 101.514 TWIC Requirement. 33 CFR 101.515 Personal identification. 33 CFR Part 103 33 CFR 103.305 Composition of an Area Maritime Security (AMS) Committee. 33 CFR 103.505 Elements of the Area Maritime Security (AMS) Plan and 103.510 Area Maritime Security (AMS) Plan review and approval. 33 CFR Part 104 33 CFR 104.105 Applicability. 33 CFR 104.106 Passenger Access Area. 33 CFR 104.115 Compliance dates. 33 CFR 104.120 Compliance documentation. 33 CFR 104.200 Owner or Operator/104.210 Company Security Officer [[Page 29398]] (CSO)/104.215 Vessel Security Officer (VSO)/104.220 Company or vessel personnel with security duties/104.225 Security training for all other personnel. 33 CFR 104.235 Vessel recordkeeping requirements. 33 CFR 104.265 Security measures for access control. 33 CFR 104.290 Security incident procedures. 33 CFR 104.295 Additional requirements--cruise ships. 33 CFR 104.405 Format of the Vessel Security Plan (VSP). New Subpart E (33 CFR 104.500-104.510). 33 CFR Part 105 33 CFR 105.115 Compliance dates. 33 CFR 105.120 Compliance documentation. 33 CFR 105.200 Owner or operator/105.205 Facility Security Officer (FSO)/105.210 Facility personnel with security duties/ 105.215 Security training for all other facility personnel. 33 CFR 105.225 Facility recordkeeping requirements. 33 CFR 105.255 Security measures for access control. 33 CFR 105.280 Security incident procedures. 33 CFR 105.285 Additional requirements-passenger and ferry facilities. 33 CFR 105.290 Additional requirements-cruise ship terminals. 33 CFR 105.295 Additional requirements-Certain Dangerous Cargo (CDC) facilities. 33 CFR 105.296 Additional requirements-barge fleeting facilities. 33 CFR 105.405 Format and content of the Facility Security Plan (FSP). New Subpart E (33 CFR 105.500-105.510). 33 CFR Part 106 33 CFR 106.110 Compliance dates. 33 CFR 106.115 Compliance documentation. 33 CFR 106.200 Owner or operator/106.205 Company Security Officer (CSO)/106.210 OCS Facility Security Officer (FSO)/106.215 Company or OCS Facility personnel with security duties/106.220 Security training for all other OCS facility personnel. 33 CFR 106.230 OCS facility recordkeeping requirements. 33 CFR 106.260 Security measures for access control. 33 CFR 106.280 Security incident procedures. 33 CFR 106.405 Format and content of the Facility Security Plan (FSP). New Subpart E (33 CFR 106.500-106.510). Miscellaneous Items 33 CFR 101.305 (Reporting requirements). 33 CFR 101.400 (Enforcement) 33 CFR 104.130, 105.130, and 106.125 (Waivers). 33 CFR Subpart C Parts 104, 105, and 106 (Security Assessments). 46 CFR Parts 10, 12, and 15. VI. Section-by-Section Analysis of TSA Proposed Rule 49 CFR Part 1515 Appeal and Waiver Procedures for Security Threat Assessments for Individuals. 49 CFR 1515.1 Scope. 49 CFR 1515.3 Terms used in this part. 49 CFR 1515.5 Appeal procedures. 49 CFR 1515.7 Waiver Procedures. 49 CFR Part 1570 Land Transportation Security: General Rules. 49 CFR 1570.3 Terms used in this part. 49 CFR Part 1572 Credentialing and Background Checks for Land Transportation Security. 49 CFR 1572.5 Scope and standards for hazardous materials. 49 CFR 1572.7 Waivers of security threat assessment standards. 49 CFR 1572.9 Applicant information required for security threat assessment for a hazardous materials endorsement. 49 CFR 1572.11 Applicant responsibilities for a security threat assessment for a hazardous materials endorsement. 49 CFR 1572.13 State responsibilities for issuance of hazardous materials endorsement. 49 CFR 1572.15 Procedures for security threat assessment for an HME. 49 CFR 1572.17 Applicant information required for the security threat assessment for TWIC. 49 CFR 1572.19 Applicant responsibilities for a security threat assessment for TWIC. 49 CFR 1572.21 Procedures for security threat assessment for a TWIC. 49 CFR 1572.23 Conforming Equipment; Incorporation by reference. 49 CFR 1572.24-40 [Reserved] 49 CFR 1572.41 Compliance, inspection and enforcement. 49 CFR 1572.101 Scope. 49 CFR 1572.103 Disqualifying Criminal Offenses. 49 CFR 1572.105 Immigration status. 49 CFR 1572.107 Other analyses. 49 CFR 1572.109 Mental capacity. Subpart E--Fees for Transportation Worker Identification Credential A. TWIC Maritime Population Estimation Methodology 1. Recurring population 2. Five-year population B. Proposed Fee 1. Information Collection/Credential Issuance 2. Threat Assessment/Credential Production 3. FBI Fee 4. Total Fees C. Section 1572.501 Fee Collection VII. Rulemaking Analyses and Notices A. Executive Order 12866 (Regulatory Planning and Review) B. Small Entities C. Assistance for Small Entities D. Collection of Information E. Federalism F. Unfunded Mandates Reform Act G. Taking of Private Property H. Civil Justice Reform I. Protection of Children J. Indian Tribal Governments K. Energy Effects L. Technical Standards M. Environment I. Background and Purpose Under this rule, the Department of Homeland Security (DHS), through the United States Coast Guard (Coast Guard) and the Transportation Security Administration (TSA), proposes to require that all merchant mariners holding an active License, Mechant Mariner Document, or Certificate of Registry and all persons who need unescorted access to secure areas of a regulated facility or vessel must obtain a Transportation Worker Identification Credential (TWIC). In order to obtain a TWIC, individuals will be required to undergo a security threat assessment conducted by TSA. TSA, in conducting those security threat assessments, will use the procedures and standards established by TSA for commercial motor vehicle drivers licensed to transport hazardous materials within the United States. The implementation of the TWIC program in the maritime sector builds upon existing Coast Guard credentialing requirements and security programs for port facilities and vessels. In a separate rulemaking action published in this issue of the Federal Register, Coast Guard also proposes consolidating existing merchant mariner licensing and documentation requirements to avoid duplicative credentials and background checks and to avoid interruption in commerce and reduce the burden on mariners. The TWIC program is a DHS initiative, with joint participation of the Coast Guard and TSA. The program is supported by several statutory and regulatory authorities and presidential directives. The principal statutory authority is the Maritime Transportation Security Act (MTSA), Pub. L. 107-295, 116 Stat. 2064 (November 25, 2002) (46 U.S.C. 70105). Section 102 of MTSA requires the Secretary of Homeland Security to issue a biometric transportation security credential to merchant mariners ``issued a license, certificate of registry, or merchant mariners document'' and individuals who require unescorted access to secure areas of vessels and facilities.\2\ These individuals also must undergo a security threat assessment to determine that they do not pose a security threat prior to receiving the biometric credential and authority to access the secure areas without escort. Id. The security threat assessment must include a review of criminal, immigration, and [[Page 29399]] pertinent intelligence records in determining whether the individual poses a threat, and individuals must have the opportunity to appeal an adverse determination or apply for a waiver of the standards. Specifically, an individual cannot be denied the transportation security credential required under MTSA unless the individual-- --------------------------------------------------------------------------- \2\ 46 U.S.C. 70105. Section 102 of MTSA defines ``Secretary'' to mean ``the Secretary of the department in which the Coast Guard is operating.'' Under the Homeland Security Act of 2002, the Coast Guard became part of DHS, thus the Secretary of Homeland Security is authorized to implement the credential requirements for mariners and persons seeking access to secure port facilities under MTSA. --------------------------------------------------------------------------- (A) Has been convicted within the preceding 7-year period of a felony or found not guilty by reason of insanity of a felony-- (i) that the Secretary believes could cause the individual to be a terrorism security risk to the United States; or (ii) for causing a severe transportation security incident; (B) Has been released from incarceration within the preceding 5- year period for committing a felony described in subparagraph (A); (C) May be denied admission to the United States or removed from the United States under the Immigration and Nationality Act (8 U.S.C. 1101 et seq.); or (D) Otherwise poses a terrorism security risk to the United States.46 U.S.C. 70105(c). Following the enactment of MTSA in November 2002, the Coast Guard issued a series of general regulations for maritime security. See, 33 CFR parts 101-106. The MTSA regulations set out specific requirements for owners and operators (henceforth ``owners/operators'') of vessels, facilities, and Outer Continental Shelf (OCS) facilities that had been identified by the Secretary of Homeland Security as posing a high risk of being involved in a transportation security incident. Under MTSA and the Coast Guard's MTSA regulations, owners/operators of these vessels and facilities were required to conduct security assessments of their respective vessels and facilities, create security plans specific to their needs, and submit the plans for approval to the Coast Guard by December 31, 2003. All affected vessels and facilities are required to have been operating in accordance with their respective plans since July 1, 2004, and are required to resubmit plans every 5 years. Each plan requires owners/operators to address specific vulnerabilities identified pursuant to their individual security assessments, including controlling access to their respective vessels and facilities. The MTSA regulations require owners/operators to implement security measures to ensure that an identification system was established for checking the identification of vessel and facility personnel or other persons seeking access to the vessel or facility. In establishing the system, owners/operators were directed to accept identification only if it: (1) Was laminated or otherwise secure against tampering; (2) contained the individual's full name; (3) contained a photo that accurately depicted that individual's current facial appearance; and (4) bore the name of the issuing authority. See, 33 CFR 101.515. The issuing authority must be a government authority or organization authorized to act on behalf of the government authority, or the individual's employer, union, or trade association. There was no requirement that the identification be issued pursuant to a security threat assessment because there was no existing credential and supporting structure that could fulfill the needs specific to the maritime environment. In addition to the regulation of ports and facilities, the Coast Guard has a long history of regulating the merchant marine. Under the current Coast Guard regulatory scheme, the Coast Guard may issue a mariner any combination of 4 credentials: (1) Merchant Mariner Document (MMD); (2) License; (3) Certificate of Registry (COR); or (4) International Convention on Standards of Training, Certification, and Watchkeeping (STCW) Endorsement. An MMD serves as a mariner's identification credential and is issued to mariners who are employed on merchant vessels of 100 gross register tons or more, except for those vessels employed exclusively in trade on the navigable waters of the U.S. Licenses are qualification certificates that are issued to officers. CORs are qualification certificates that are issued to medical personnel and pursers. STCW Endorsements are qualification certificates issued to mariners who meet international standards and serve aboard vessels to which STCW applies. The License, COR, and STCW Endorsement are qualification credentials only. Only the MMD is an identity document, and none of the current mariner credentials contain the biometric information required under MTSA. TSA currently administers several programs involving security threat assessments of individuals engaged in the transportation industry, including certain airport and aircraft operator employees, and alien flight school students. Section 1012 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act) Pub. L. 107-56, 115 Stat. 272 (October 25, 2001) provides that a State cannot issue a hazardous materials endorsement (HME) to a commercial driver who poses a security threat. TSA implemented its security threat assessment processes under this provision. TSA first issued regulations to implement security threat assessment standards for HME applicants (TSA's hazmat rule) in May 2003 and subsequently amended those regulations based on comments received from the States, employers and affected drivers. (A more detailed discussion and regulatory history of the hazmat regulations can be found at 68 FR 23852 (May 5, 2003); 68 FR 63033 (November 7, 2003); 69 FR 17696 (April 6, 2004); and 69 FR 68720 (November 24, 2004). These standards are codified at 49 CFR part 1572, where many of the standards we propose for TWIC under this rule also will reside. TSA's hazmat regulations establish standards concerning criminal history, immigration status, mental capacity, and terrorist activity to determine whether a driver poses a security threat and is qualified to hold an HME.\3\ Drivers who have been convicted or found not guilty by reason of insanity for certain crimes in the preceding 7 years, or have been released from incarceration for those crimes in the preceding 5 years, are deemed to pose a security threat and are not authorized to hold an HME. 49 CFR 1572.103. Drivers convicted of certain particularly heinous crimes, such as espionage, treason, terrorist-related offenses, or severe transportation security incidents, are permanently banned from holding an HME. Id. In addition, drivers who have been involuntarily committed to a mental institution or adjudicated as mentally incapacitated are considered to pose a security threat that warrants disqualification from holding an HME. 49 CFR 1572.109. --------------------------------------------------------------------------- \3\ In developing the hazmat regulations, TSA sought to harmonize, to the extent possible, the background check and eligibility criteria requirements of both MTSA and the USA PATRIOT Act and thus adopts privisions from both statutes where appropriate. See 68 FR at 23853. --------------------------------------------------------------------------- Aliens are not prohibited from obtaining an HME. The hazmat rule permits individuals who are in the United States lawfully and are authorized under applicable immigration laws to work in the United States to hold an HME upon completion of a satisfactory TSA security threat assessment. 49 CFR 1572.105. TSA reviews a driver's immigration status to determine if the applicant for an HME is authorized to be present and work in the United States under applicable [[Page 29400]] immigration laws. In addition, as set forth in the hazmat rules, TSA conducts a security check of international databases through Interpol or other appropriate means. 49 CFR 1572.107. TSA's hazmat regulations also include appeal and waiver procedures to ensure that no driver is wrongfully determined to pose a threat, to provide individuals who are disqualified from holding an HME the opportunity to show rehabilitation, where applicable, and to maintain consistency with other credentialing or background check requirements among transportation workers, such as those in the maritime industry covered by MTSA and this TWIC rulemaking. See e.g., 49 CFR parts 1572.141 and 143. II. Development of TWIC Process In 2002, TSA established the TWIC program in response to identity management shortcomings and vulnerabilities identified in the transportation system. In some segments of the transportation system, it is not possible to positively identify individuals entering secure areas or assess the threat they may pose due to a lack of pertinent background information. Also, existing identity credentials are often vulnerable to fraud. To mitigate these weaknesses, TSA determined that an integrated, credential-based, identity management system for all transportation workers who need unescorted access to secure areas of the nation's transportation system would be necessary. Homeland Security Presidential Directive 12 (HSPD 12) requires Federal agencies to improve secure identification processes for Federal employees and contractors. The objectives of the directive are to ensure that the credentialing processes are administered by accredited providers; are based on sound criteria for verifying an individual's identity; include a credential that is resistant to fraud, tampering, counterfeiting and terrorist exploitation, and can be authenticated quickly and electronically. As designed and proposed in this rule, TWIC does not contradict the control objectives of HSPD 12. The U.S. Department of Commerce published guidance on the standards and methods by which Agencies could reach compliance with HSPD 12. In February 2005, the Department of Commerce issued the Federal Information Processing Standards Publication 201 (FIPS 201), Personal Identification Verification of Federal Employees and Contractors in response to HSPD 12. FIPS 201 is divided into Personal Identification Verification (PIV) Parts I and II. Part I addresses the control and security objectives, particularly the personal identity proofing process. Part II provides detailed technical specifications that must be met to ensure interoperability of PIV-compliant credentials in personal authentication, access control, and credential management systems throughout the Federal government. The development of FIPS 201 occurred concurrently with the design of TWIC. TSA and its contractors closely monitored the development of FIPS 201 and individuals working on FIPS 201 followed the design of TWIC. TSA recognized that there are many benefits to designing TWIC in alignment with FIPS 201: Leveraging the TWIC infrastructure to support other DHS or government credentialing programs; avoiding obsolescence by using the latest technology; securing critical facilities with the same process used by Federal agencies; having interoperability during an emergency; and demonstrating the functionality of FIPS 201. All of the significant components of the TWIC system align with FIPS 201. As tested in the maritime environment and planned in this NPRM, TWIC is an identification credential containing numerous technologies to make it secure and tamper-proof. TWIC is a ``smart'' credential containing two electronic chips on which encoded data is stored to allow all subsequent TWIC functions to be performed. TWIC is designed to ensure that the identity of each TWIC holder has been verified; that a threat assessment has been completed on that identity; and that each credential issued is positively linked to the rightful holder through the use of biometric technology. Facility and vessel owners/operators subject to this rule will then determine which TWIC holders will be granted unescorted access to secure areas of their facility. Prototype The TWIC program has been developed in three phases. Phases I, Planning, and II, Technology Evaluation, were completed in 2003, and Phase III, Prototype, was completed in 2005. In the technology evaluation, TSA tested and evaluated a range of credential-based systems in use at transportation facilities. In Prototype, TSA tested a comprehensive credentialing system, which included enrollment, threat assessments, biometric security, credential production, and credential issuance. Prototype was conducted at twenty-eight facilities beginning November 4, 2004 in various modes of the transportation system, including air, rail, and maritime. The Prototype Phase came to an end in the summer of 2005. During Prototype, the participating facilities and associated transportation workers voluntarily provided biographical and biometric identifiers. Participants provided appropriate identity verification documentation, such as a birth certificate, driver's license, government photo identification, or similar document. TSA conducted a name-based threat assessment using the biographic information provided, and utilized the biometric information to verify identity and determine whether an applicant had previously enrolled in the program. TSA did not use biometric information to complete a security threat assessment.\4\ TSA will be using both biographic and biometric information to conduct the security threat assessment once TSA implements the full program. To verify an individual's identity during Prototype, TSA followed the U.S. Citizenship and Immigration Services Employment Eligibility Verification (Form I-9) process, commonly used by the federal government and industry in the hiring process. TSA tested the TWIC as positive identification for access to secure areas of participating transportation facilities. --------------------------------------------------------------------------- \4\ Florida law requires persons seeking access to certain port facilities within that State to submit fingerprints and other information to obtain a State-issued credential. During Prototype conducted in Florida, therefore, participants submitted fingerprints as required under State law and the State completed a fingerprint- based criminal history records check. TSA did not use biometric information collected from Florida participants to conduct a security threat assessment. --------------------------------------------------------------------------- By testing the integration of these components, TSA was able to assess the system's performance prior to deciding how the program should be implemented. Consequently, some processes that were tested in Prototype, such as ``employer sponsorship,'' are not being proposed in this rule based on TSA's determination that the process did not add sufficient value or created operational difficulties that could not be resolved. III. Proposed Rule A. Coast Guard In order to integrate TWIC into already existing security programs in the maritime environment, the Coast Guard must amend its maritime security regulations, found in 33 CFR Subchapter H. These changes will set performance standards for owners/operators of vessels, facilities, and Outer Continental Shelf facilities to meet [[Page 29401]] when incorporating TWIC into their existing security programs. The Coast Guard also must amend its regulations governing merchant mariners, found in 46 CFR parts 10, 12, and 15, in order to add the statutory mandate that they hold a TWIC. In a separate rulemaking, published in today's Federal Register, the Coast Guard is proposing to consolidate qualifications credentials and streamline its mariner regulations, which would ensure that no mariner is required to undergo (or pay for) more than one security threat assessment and identity verification. Coast Guard emphasizes that possession of the TWIC credential is not intended to constitute an automatic access right to any facility. The owner/operator continues to have the ultimate authority as to access control decisions, and although holding a duly-issued TWIC is required before an individual is eligible to be granted unescorted access, the individual must also have a need for access in accordance with the approved security plan. The owner/operator's right to refuse admittance to any individual, regardless of whether he or she holds an authenticated TWIC, remains unchanged. B. TSA TSA's role in implementing the TWIC program in the maritime sector will be to conduct security threat assessments of credentialed merchant mariners and individuals with unescorted access to secure areas, providing an appeal and waiver process for applicants who receive an adverse determination, and performing related functions in the enrollment and credential issuance process. In this rule, TSA proposes changes to its regulations to extend the current processes for conducting security threat assessments for HMEs to persons seeking to obtain TWICs. On August 10, 2005, the Safe, Accountable, Flexible, Efficient Transportation Equity Act--A Legacy for Users (SAFETEA-LU), Pub. L. 109-59, 119 Stat. 1144 (August 10, 2005) was enacted. Section 7105 of SAFETEA-LU (49 U.S.C. 5103a(g)(1)(B)(i)) requires TSA to initiate a rulemaking to determine which background checks required by Federal law and applicable to transportation workers are equivalent to or less stringent than the security threat assessment TSA requires for HME drivers. In addition, SAFETEA-LU requires TSA to develop a process for notifying employers of the results of a threat assessment conducted on an HME applicant. Under this rule, TSA is proposing a fee to cover the cost of the TWIC threat assessment, appeals of TSA decisions during the process, and the issuance of the credential as required under Section 520 of the Homeland Security Appropriations Act of 2004 (2004 DHS Appropriations Act), Pub. L. 108-90 (October 2003). TSA also is inviting comments from the transportation industry at large on the processes proposed under this rule as TSA and DHS are considering extending the TWIC program to other areas in the transportation industry outside of the maritime sector. 1. TWIC Process As proposed in this rule, the purpose of the TWIC program is to ensure that only authorized personnel who have successfully completed a security threat assessment have unescorted access to secure areas of maritime facilities and vessels. The credential will include a reference biometric--fingerprints--that positively links the credential holder to the identity of the individual who was issued the credential. TWIC holders may be asked to confirm, by providing a fingerprint, that they are the rightful owner of the credential at any time. Access control procedures and systems at facilities and vessels will recognize the credential and the information encrypted on it, so that the overall maritime network will be interoperable. In addition, an individual's credential can be deactivated or revoked by TSA if disqualifying information is discovered by or presented to TSA or other DHS entity, or the credential is lost or stolen, so that the credential can no longer be used to obtain unescorted access to secure areas. TSA has designed the TWIC process to maintain strict privacy controls so that a holder's biographic and biometric information cannot be compromised. The TWIC process proposed in this rule is described below from the perspective of an applicant. a. Pre-Enrollment and Enrollment TWIC enrollment will be conducted by TSA (or TSA's agent operating under TSA's direction). All enrollment personnel must successfully complete a TSA security threat assessment and receive a TWIC before they will be authorized to access documents, systems, or secure areas. Facility and vessel owners/operators must notify workers of their responsibility to enroll, as well as the deadline for doing so. (The proposed implementation plan for enrollment is discussed in greater detail below.) Owners/operators must provide applicants enough lead time to enroll so that TSA has sufficient time to complete the security threat assessment and issue the credential before the access control procedures go into effect. Generally, owners/operators should give individuals at least 60 days notice to begin the process. TSA cannot guarantee that any threat assessment can be completed in less than 30 days, and therefore, owners/operators and applicants should make every effort to initiate enrollment in a timely fashion to prevent workers being denied access for non-compliance. TSA will provide owners/ operators with locations for enrollment that they can then pass on to the workers (hereinafter referred to as applicants). For purposes of the NPRM, a list of potential enrollment center locations is provided on the TSA Web site (http://www.tsa.gov) to provide prospective owner/ operators and applicants a general idea of the enrollment plan. This list is subject to change and TSA invites comment from affected parties on the potential enrollment locations. Applicants will be able to ``pre-enroll'' online to reduce the time needed to complete the entire enrollment process at an enrollment center. For pre-enrollment, applicants need a computer with internet access. The applicant can access the TWIC Web site to provide personal information required for enrollment and select an enrollment center at which to complete enrollment. Data submitted by applicants via the Internet will be sent using Internet security protocols (i.e., SSL). All information provided is then stored in the TSA system, which encrypts and protects the data from unauthorized access. Applicants may schedule an appointment while on-line to complete the enrollment process, although appointments are not required at enrollment centers. The Web site will list the documents the applicant must bring to the enrollment center to verify identity. The convenience of pre-enrollment is a significant benefit for applicants and reduces strain on the enrollment centers. Applicants who pre-enroll must appear at enrollment centers to verify their identity, confirm that the information provided during pre-enrollment is correct, provide biometrics, and sign the enrollment documents. At the enrollment center, applicants will receive a privacy notice and consent form, by which they agree to provide personal information for the security threat assessment and credential. (For applicants who pre-enroll, the privacy notice is provided with the application online, but the applicants must acknowledge receipt of the notice in writing at the enrollment [[Page 29402]] center.) If an applicant fails to sign the consent form or does not have the required documents to authenticate identity, enrollment will not proceed. During Prototype, 96 percent of applicants appeared for enrollment with suitable identity verification documents. As TWIC is implemented, TSA and Coast Guard will make information available to affected workers in advance of enrollment so that all are aware of what to bring to the enrollment center. This information will also be posted on the TSA/TWIC Web site at http://www.tsa.gov. All information collected at the enrollment center or during the pre-enrollment process, including the signed privacy consent form and identity documents are scanned into the TSA system for storage. All information is encrypted or stored using methods that protect the information from unauthorized retrieval or use. At the enrollment centers, applicants must provide ten fingerprints and sit for a digital photograph. The fingerprints and photograph will be electronically captured at the enrollment center for use on the credential. Individuals must provide ten fingerprint images for use in completing the security threats assessment process. The credential itself will store two fingerprint templates, one of which is used as a reference biometric to verify identity. The entire enrollment record (including the 10 fingerprints) will be stored in the TSA system, encrypted and segmented to prevent unauthorized use. TSA will provide alternative procedures for enrollment centers to use for situations in which an applicant is unable to provide fingerprints. The TWIC fee, which covers the complete cost of enrollment, threat assessment, and credential production and delivery, must be collected from the applicant at the enrollment center prior to the enrollment record being transmitted to the TSA system. The TWIC enrollment fee will be non-refundable, even if the threat assessment results in a TWIC not being issued. Once all data and the fee are collected, the enrollment record is encrypted and electronically transmitted to the TSA system. The TSA system acknowledges receipt of the enrollment record, at which time all enrollment data is automatically deleted from the enrollment workstation. Once the enrollment record is transmitted to the TSA system, personal information is stored only in the TSA system, and personal data is encrypted to very high standards before it is transferred or stored. If an enrollment center temporarily loses its internet connection, the enrollment data is encrypted and stored on the enrollment workstation, but only until an internet connection is restored. During Prototype, the average time needed for an applicant who pre- enrolled to complete enrollment was 10 minutes, 21 seconds. It is expected that it will take approximately fifteen minutes to complete enrollment of applicants who do not pre-enroll. TSA and Coast Guard currently envision a phased enrollment process based on risk assessment and cost/benefit analysis. Locations that are considered critical and provide the greatest number of individual applicants will be among the earliest enrollment sites. There are approximately 125 locations covering approximately 300 ports where TSA plans to enroll applicants, and we are in the process of rating each location against a variety of factors to assess criticality, population, and infrastructure. TSA and Coast Guard will work closely with the maritime industry to ensure that owners/operators and workers are given as much notice as is possible when a definitive enrollment schedule is selected. TSA and Coast Guard also are contemplating implementing a more flexible rollout, with anticipated dates to be announced by notices published in the Federal Register. (See the discussion of Sec. 1572.19 below for additional information on timing of enrollment.) TSA plans to use a combination of fixed and mobile enrollment stations to make the enrollment process as efficient as possible for applicants and owners/operators. b. Adjudication of Security Threat Assessment Following enrollment, the TSA system sends pertinent parts of the record to various sources so that appropriate terrorist threat, criminal history, and immigration checks can be performed. When the checks are completed, TSA makes a determination on whether or not to issue a TWIC to the applicant and notifies the applicant. If disqualifying information is discovered, TSA issues an Initial Determination of Security Threat to the applicant with information on how the applicant can appeal an adverse decision or apply for a waiver of the standards. If the applicant does not respond to the Initial Determination within a specified period, it converts to a Final Determination of Security Threat and the applicant does not receive a TWIC. If the applicant proceeds with an appeal or application for waiver and is successful, the applicant is notified accordingly and the credential production process begins. (The appeal and waiver processes are discussed in greater detail below in the section-by-section analysis.) TSA may provide some of the notifications to applicants via email, if an applicant provides an email address on the application for the TWIC. We invite comment from prospective applicants about the substitution of email notification for a paper process. c. Credential Production If the applicant is qualified to receive a TWIC, the TSA system generates an order to produce a credential. It is produced at a government credential production facility and securely shipped to the center at which the applicant enrolled. The applicant will be notified that the TWIC is ready to be retrieved and activated for use. The face of the TWIC credential contains the applicant's photograph, name, TWIC expiration date, and a unique credential number. In addition, the credential will store finger minutia templates of 2 fingers, finger pattern templates of 2 fingers, a personal identification number, and a Federal Agency Smart Credential number. The data is securely stored and protected in accordance with FIPS 201 in the various technologies used in the credential, such as magnetic stripe, contact chip, and contactless chip. The fingerprint data, the reference biometric, is used to match the credential to the person who enrolled. The TWIC system contains many feedback mechanisms to validate the transmission and receipt of data at key points in the process. The status of each transmission is recorded within the system. Credentials are electronically locked prior to shipment to the enrollment center so that the data cannot be accessed. Once the credentials are electronically locked, they cannot be used for access to any vessel or facility until they are activated by the TWIC enrollment station. d. Credential Activation The applicant is notified when the enrollment center has received the credential. The applicant then returns to the enrollment site at his or her convenience to activate the credential. At the enrollment center, the applicant's credential is retrieved from secure storage and the photograph and name on it are compared to the applicant and the identity documents the applicant uses to authenticate identity. The applicant places a designated finger on a reader to generate a biometric match against the biometric stored on the credential and in the TSA [[Page 29403]] system. Upon successful biometric match, the TWIC is activated and the applicant selects a Personal Identification Number (PIN) that also is stored on the credential. The PIN can subsequently be used as an additional factor in proving one's identity and authorized use of the credential, or as the primary verification tool if the biometric is inoperative for some reason. The TWIC security threat assessment and credential are valid for five years, unless derogatory information is discovered and TSA revokes the credential. The process outlined above for credential activation is the same process TSA tested in Prototype, which worked well for owner/operators and employees who enroll. However, implementation of the program nationwide involving employees that are not stationary at one facility or port may impact applicants and owner/operators differently. TSA is concerned that requiring an applicant to return to the enrollment center to activate the credential may be onerous for workers who travel a great deal and may not know where they will be when the credential is ready for pick-up. TSA is considering the security and operational impacts of alternative procedures, on which we invite comment. TSA is considering an amendment to the process that would allow a worker to designate a specific enrollment center for credential pick up and activation. The card production facility would send the credential to that location rather than the location where the applicant enrolled. This is a change that can be accomplished, but this was not tested in Prototype and a variety of software changes may be needed, which could increase costs and affect the timing of implementation. Moreover, applicants will not know the exact date on which their credential will be ready and so those who work at a variety of ports across the country may not be able to designate a specific activation location on the enrollment application. During Prototype, the entire process from enrollment to card production was complete in fewer than 10 days. However, that process differed from the full program we plan to implement with this rule in a few significant ways. First, nearly all of the employees who volunteered for Prototype worked at the same location every day and the enrollment center was located on that site. Second, TSA did not complete fingerprint-based criminal history records checks, and so there was no time needed to adjudicate and provide redress for criminal activity. For threat assessment programs that are currently in place nationally in which applicants are not stationary and TSA conducts a fingerprint-based CHRC, the threat assessment is generally completed in less than 30 days. The time needed to complete the threat assessment varies depending on whether the database searches produce adverse information that must be investigated, and whether the applicant files an appeal or requests a waiver. These conditions will exist for the TWIC program and therefore, TSA will not be able to predict or establish a specific date on which the threat assessment and card production process will be complete. DHS invites comment on this option, and any other proposals that would make it easier logistically, without sacrificing security, for the public to receive and activate TWIC cards. e. Using TWIC in an Access Control System Once the enrollment process is complete and the credential is activated, the credential is ready to be used as an access control tool. Possession of a TWIC does not guarantee access to secure areas because the owner/operator controls the individuals who are given unescorted access to the facility or vessel. Rather, TWIC is a secure, verified credential that can be used in conjunction with the owner/ operator's risk-based security plan and as required by the Coast Guard security regulations. As envisioned in this NPRM, owners/operators will determine an individual's need for unescorted access to secure areas and then grant access using a TWIC program. The access control administrator of the vessel or facility verifies that the individual holding the TWIC matches the biometric stored on the TWIC by conducting a 1-to-1 match with the individual's finger and the fingerprint template stored on the chip in the TWIC. The owner/operator verifies that an individual's TWIC is valid, either by directly interfacing with the TSA system or by using a list of invalid credentials downloaded from TSA. Either method provides owners/operators pertinent information concerning the validity of the credential. TSA will invalidate credentials that are reported as lost, stolen, damaged, retired, or issued to an applicant that TSA subsequently determines may pose a security threat. When the invalidation is for cause, that is, due to a security threat, TSA will revoke the credential. Invalidated credentials cannot be used or honored for unescorted access to secure areas. Cardholders who report the credential as lost, stolen, or damaged must go to the enrollment center for resolution, and/or re-issuance of a new credential. After the individual has been granted access to the facility, the owner/operator may opt to notify the TSA system that access privileges have been granted to this worker at that facility. If the owner/ operator invokes this option, the owner/operator also assumes responsibility for informing the TSA system if the owner/operator subsequently denies the individual access privileges. f. Lost, Damaged, or Stolen TWICs Replacement TWICs are available if a credential is lost, stolen, or damaged. As soon as the applicant is aware that the credential is missing or damaged, he or she calls the Call Center and the Center follows a standard process to invalidate the credential. The applicant then travels to an enrollment center to receive a new credential. During Prototype, the card production facility printed and shipped the new credentials within 24 hours of receiving the information. Applicants must pay a fee of $36 to cover the cost of lost/damage/ stolen credential invalidation, new credential production, reissuance, shipping, and other appropriate program costs. No new TSA threat assessment-specific or enrollment costs are factored into this replacement fee. g. Renewal TWICs issued under this rule will expire after five years unless renewed. TSA does not plan to notify TWIC holders when their credential is about to expire because the expiration date will be displayed on the face of the credential. To renew a TWIC, the holder must appear at any enrollment center, starting up to 90 days before the expiration date of the credential, to initiate the renewal process. However, mariners are allowed and encouraged to initiate renewal 180 days prior to expiration to allow sufficient time for TSA to conduct the security threat assessment and the Coast Guard to complete any review necessary to renew any required mariner credentials. During renewal, applicants must provide the same biographic and biometric information required in the initial enrollment and pay the associated fees. A new credential is issued upon renewal. h. Call Center Upon publication of the final rule, TSA will refer the public to a Call Center to assist with questions about the TWIC program. An automated telephone line, listing options for the caller to select, will direct the caller to the TWIC Help Desk or the TSA/TWIC Web site. [[Page 29404]] Callers will be able to discuss questions about the program and final standard, the status of their security threat assessment, the location and time of operation of enrollment centers, and online applications and educational materials. TSA has used the Call Center when implementing other new programs and believes it will be very useful to owners/operators and applicants. i. Notifying Employers of Threat Determinations TSA is proposing to modify the rule text applicable to HME applicants concerning employer notification and apply the proposed changes to the TWIC applicants. As discussed above, SAFETEA-LU established several mandates concerning the threat assessment process. One of the provisions requires TSA to invite comment on and develop a process to notify employers of HME applicants of the results of the threat assessment. Specifically, section 7105 states that-- Within 90 days of enactment, TSA, after receiving comments from interested parties, must develop and implement a process for notifying employers designated by applicants for a HAZMAT license of the results of the applicant's background check if (1) such notification is appropriate considering the potential security implications and (2) the Director determines in a final notification of threat assessment served on the applicant that he or she does not meet the standards for granting a license. In the November 24, 2004 hazmat rule, TSA discussed employer notification, noting that actual criminal history or other dispositive records must be maintained confidentially by TSA. See 69 FR at 68726. TSA may inform an employer that an employee is disqualified from holding an HME, or has had an HME revoked, so that the employer knows that the employee is not authorized to transport hazardous materials. TSA, however, generally cannot disclose the basis for the determination result of the threat assessment due to prohibitions on disclosure of such information under the Privacy Act, or other pertinent privacy laws or law enforcement or security regulations. See e.g., 5 U.S.C. 552a (as amended); 46 U.S.C. 70105(e); 28 CFR 50.12. In the hazmat rule, TSA noted that if it believes an immediate threat exists, TSA may provide additional information to the employer to help prevent a security incident. In the November hazmat rule, TSA requested comment on methods to notify an employer that a particular driver's HME is revoked or the application for an HME is denied. TSA anticipated that it would be difficult to locate a driver's employer because drivers tend to change employers frequently and may work for several employers at one time. Also, many drivers are self-employed as owners/operators and notification in these cases would be unnecessary. TSA proposed requiring each employer to maintain a current list of hazmat-endorsed driver employees on a secure Web site that TSA could access for notification purposes and employers could amend as employees change jobs. This list would minimize the chance that TSA would erroneously notify a previous employer of a disqualification. Also, the list would prevent the loss of time and resources needed to locate an employer for notification. Similar procedures are in place with respect to aviation workers who have airport security identification display area authority. 49 CFR 1542.211. TSA received no comments on this proposal or suggestions for an alternative plan, although some employers stated that they would like notification of all employee disqualifications. Currently, when TSA determines that a driver is not qualified to hold an HME, TSA applies the following policy: (1) TSA notifies the employer only in cases where TSA determines that an imminent security threat may exist. (2) TSA notifies the employer listed in the driver's HME application. (3) TSA limits the information provided to the employer to the fact that the driver's HME is being revoked or denied, but does not provide the reason for the action. TSA developed this process to address two primary concerns. First, TSA is concerned about sharing disqualification information with incorrect employers and that the likelihood of such notifications would rise if TSA made notifications in all disqualification cases. For the many drivers who change employers frequently or are self-employed, TSA would expend considerable resources trying to determine with certainty an applicant's current employer(s). Second, for actions in which there is not an imminent threat, employers of hazmat drivers have other procedures in place to verify whether a driver has an HME. Carriers currently are required to determine if a driver employee has been issued an HME, by checking State driver records. The Federal Motor Carrier Safety Administration (FMCSA) requires carriers to check the driver's status in the first 30 days of employment by contacting the licensing State. After that, the carrier must make an inquiry with the State at least once annually to ensure that the driver is authorized to transport hazardous materials. 49 CFR 391.25. Additionally, FMCSA requires carriers to review an employee's driving record during the three years preceding employment with the carrier, in every State in which the driver was licensed. The carriers also must investigate the driver's employment record during the preceding three years. 49 CFR 391.23. These investigations reveal whether the driver's HME has been revoked. In light of the employer notification requirement in SAFETEA-LU, and upon further analysis, TSA proposes to amend the rule text concerning employer notification generally and apply the following proposed changes to HME and TWIC applicants. First, TSA proposes to add a statement to the application for an HME or TWIC acknowledging that TSA may notify the applicant's employer if TSA determines that the applicant poses a security threat. The applicant must acknowledge receipt of this statement. Second, TSA proposes to amend the rule text to state that TSA will notify an applicant's employer, where appropriate, when issuing final determinations of threat assessment or immediate revocations. Aside from the employer notification issue, with TWIC applicants, TSA also proposes to notify the Federal Maritime Security Coordinator (FMSC), the chief governmental security official at the port, of revocations. The FMSC also is the Captain of the Port (COTP). 33 CFR 101.105. TSA will notify the Coast Guard concerning the outcome of threat assessments of merchant mariners because a mariner credential may not be issued by Coast Guard if TSA denies or revokes a TWIC for the mariner. TSA invites comment on these proposed requirements for notifying employers of employee disqualifications. TSA also invites suggestions for improving this system and methods by which a current employer/ employee list can be available to TSA when employer notification is necessary. TSA may change its requirements based on these comments. 2. Fee Section 520 of the 2004 DHS Appropriations Act requires TSA to collect reasonable fees for providing credentialing and background investigations in the field of transportation. Fees may be collected to pay for the costs of the: (1) Conducting or obtaining a criminal history records check (CHRC); (2) reviewing available law enforcement databases, commercial databases, and records of other [[Page 29405]] governmental and international agencies; (3) reviewing and adjudicating requests for waivers and appeals of TSA decisions; and (4) other costs related to performing the security threat assessment or providing the credential or performing the background records check. Section 520 requires that any fee collected must be available only to pay for the costs incurred in providing services in connection with performing the security threat assessment or providing the credential or performing the background records check. The fee may remain available until expended. TSA establishes these fees in accordance with the criteria in 31 U.S.C. 9701 (General User Fee Statute), which requires fees to be fair and based on: (1) Costs to the government, (2) the value of the service or thing to the recipient, (3) public policy or interest served, and (4) other relevant facts. In this rule, TSA proposes to establish new user fees: (1) The Information Collection and Credential Issuance fee, estimated to range from $45-$65; (2) the Threat Assessment and Credential Production fee, which will be $62, or $50 for applicants who have already received a comparable threat assessment from DHS, including those for a Merchant Mariner License (MML), Merchant Mariners Document (MMD), Hazardous Materials Endorsement (HME), and Free and Secure Trade (FAST) card holders; and (3) the fee for replacement of a lost, damaged, or stolen TWIC, which will be $36 for all TWIC holders. In addition, TSA will collect the FBI Fee for the criminal history records checks in the TWIC threat assessment process and forward the fee to the FBI. The current FBI Fee is $22.00. If the FBI increases that fee in the future, TSA will collect the increased fee. Therefore, total TWIC fees are expected to range from $95 (MML, HME, and FAST card holders already vetted by DHS) to $149 for all other applicants. 3. TWIC in Other Modes of Transportation This rule proposes standards for the maritime environment and consequently the security threat assessment standards primarily impact merchant mariners and port workers. However, there are a variety of individuals who work in other modes of transportation that may be subject to the security threat assessment requirement proposed here. For instance, many ports include railroad operations. Rail employees may be required to obtain a TWIC depending on whether the railroad operations are situated in the secure areas. Commercial truck drivers delivering or retrieving goods at the port typically have unescorted access to secure areas and so they would be required to have a TWIC. As envisioned and currently proposed in this rule, commercial drivers that hold an HME and have completed TSA's security threat assessment under 49 CFR part 1572 would not be required to undergo a new threat assessment for TWIC until their HME threat assessment expires. These drivers would be required to provide a biometric for use on the TWIC and pay for enrollment services, credential costs, and appropriate program support costs. TSA is considering whether to incorporate the TWIC system into all modes of transportation. Therefore, TSA requests comments from all of the transportation industry--rail, mass transit, pipeline, and aviation--not just those affected immediately by these specific proposed maritime rules. TSA invites ideas on how this security threat assessment and credentialing system can be used to its full potential in each of these areas. Each mode of transportation brings its own set of challenges to the philosophy of creating secure areas and access control procedures that provide a high level of security, protect privacy, and do not interfere with commerce. TSA welcomes the views of all interested parties as we continue to improve transportation security with TWIC and other programs. IV. Advisory Committee Participation In drafting the TWIC regulations, the Coast Guard drew upon the expertise of the National Maritime Security Advisory Committee (NMSAC), which is composed of a cross-section of maritime industries and port and waterway stakeholders; including, but not limited to: Shippers, carriers, port authorities, and facility operators. NMSAC advises, consults with, and makes recommendations to, the Secretary of Homeland Security via the Commandant of the Coast Guard on matters affecting maritime security. In response, NMSAC formed a Credentialing Work Group (CWG), which was comprised of a significant number of NMSAC members and approximately 25 other members from the public who represented various geographic cross-sections and different elements of the maritime industry. NMSAC provided the Coast Guard and TSA with specific industry sponsored comments and recommendations for consideration in developing this proposed rule. TSA and Coast Guard summarized these comments and provide their joint responses below. A. Access Control Comment: NMSAC recommended that ``secure area'' be defined to coincide with the access control area determined by the facility operator in its security plan. Response: We agree with this recommendation and, for all of the reasons discussed in this NPRM, are including it in the Coast Guard's proposed definition of secure area. Comment: NMSAC also recommended that when vessels are moored at MTSA regulated facilities, they should be allowed to rely on the facility's TWIC procedures and not be required to read an individual's TWIC again when he or she required unescorted access to the vessel from the facility. Response: We agree with this recommendation in part. Nothing in the proposed rule prohibits vessels and facilities from agreeing to share the management of access control on a case-by-case or recurring basis to facilitate operations, subject to approval by the cognizant COTP. In keeping with the intent of MTSA, facilities and vessels will still retain ultimate responsibility for their own access control measures. In the interest of preserving layered security, we also anticipate there will be situations where persons seeking unescorted access should be required to follow access control procedures again--when moving from a vessel to a facility and vice versa--even if this requires repeating access control procedures. Comment: NMSAC believes that TWIC should serve as the baseline requirement for unescorted access to a facility or vessel, allowing owners or operators to adopt additional measures. Response: We agree with this recommendation. Nothing in this NPRM prevents an owner/operator from instituting additional requirements before granting access. Comment: NMSAC also felt that possession of a TWIC should not guarantee access to a facility or vessel, or to a specific location within the site. Response: We agree. Owners and operators decide who, among the TWIC holders, may have unescorted access to the facility or vessel. Comment: NMSAC also recommended that access to Outer Continental Shelf facilities as defined in part 106, where access is limited and can be controlled by having the TWIC credential read at the point of embarkation. Response: This arrangement is currently allowed under the existing regulations and could continue under the provisions of this NPRM. [[Page 29406]] B. Location of Reader Points Comment: NMSAC recommends that the regulation not stipulate specific reader locations. Response: We agree. Reader locations are not specified in the proposed rule. Owners/operators determine where readers are located, based on the security plan and the performance standards established in the NPRM. Comment: NMSAC recommends that screening points should be placed far from critical areas and placement should be determined by owners/ operators. Response: Screening locations are not specified in the proposed rule. Owners/operators determine where screening points are located, based on the security plan and the performance standards established in the NPRM. C. Sponsorship Comment: A majority of NMSAC opposed employer sponsorship as a requirement of the TWIC application process. Many members believe sponsorship introduced several complex components, including privacy concerns, increased bureaucracy associated with approving and monitoring sponsors, and employer liability issues. Response: After careful consideration, we agree that sponsorship, as originally conceived, is a challenge for the maritime TWIC program. Many of the individuals who will require a TWIC, such as truck drivers and casual laborers entering the port, would not be able to list or obtain a sponsor. Making accommodations to the sponsorship process for these workers would greatly reduce its value. Under the NPRM, applicants are asked to provide information on their employer if applicable, and to certify that they have a need to obtain a TWIC. D. Waiver Process/Alternative Security Arrangements Comment: NMSAC recommended that we use the list of disqualifying offenses currently used for hazmat drivers for establishing disqualifying offenses, with some qualifications and concerns. The primary concern centered on the waiver requirements found in MTSA, which require employer involvement. NMSAC believes that employer involvement in the waiver process is inconsistent with MTSA's prohibition against disclosure of details of why an applicant is denied a TWIC. NMSAC recommended that the TWIC regulations rely upon the existing waiver procedures that apply to hazmat drivers. Response: We agree. We have proposed using the same list of crimes currently in place under the hazmat regulations when making determinations regarding TWIC eligibility. Additionally, the NPRM contains the waiver procedures that currently apply to hazmat drivers. Comment: NMSAC also expressed concerns about individuals currently employed in the maritime industry who might be denied a TWIC due to previous criminal activity. NMSAC believes existing employees should not be denied a TWIC and possibly lose their jobs unless TSA determines the individual to pose a risk based on the entire threat assessment. NMSAC recommended a ``limited term waiver'' that would allow an individual who is employed on the date of TWIC implementation, and is not otherwise determined to be a security threat, to obtain a TWIC. Response: A ``limited term waiver'' is not being proposed. As in the hazmat rule, language in the waiver provisions of the NPRM allow individuals to request a waiver of all but four disqualifying offenses. These pertain to espionage, sedition, treason, and terrorism. In accordance with MTSA and the NPRM, individuals with immigration violations would also be ineligible for the TWIC. Under the hazmat program, the majority of workers with disqualifying offenses, other than those listed above, who have applied for a waiver have been successful in obtaining their endorsement through the existing waiver process. In addition, the time between publication of the final rule and the date an individual is required to obtain a TWIC will provide existing employees ample time to apply for a waiver. Comment: NMSAC believes that the fingerprint data provided by applicants should be used to search all relevant federal databases. In addition, NMSAC suggested that TSA check against criminal databases in the applicant's State of residence. NMSAC also recommended that a nolo contendere plea be treated as a conviction. Response: We intend to use an applicant's fingerprints to search the criminal databases that require fingerprints to gain access. However, there are some databases pertinent to security that are accessed by name and therefore, we must use name and other biographic information to use these databases. Currently, we do not plan to check each State criminal database in addition to the FBI criminal databases. The administrative cost and time associated with such an undertaking would greatly increase the user fee and make adjudication of all applicant records overwhelming. Under this proposal, a nolo contendere plea constitutes a conviction. Comment: NMSAC proposed that the regulations be consistent nationwide. NMSAC was concerned that if individual states are allowed to enact legislation that established standards different than the federal standard, it would result in additional costs and delays to the industry. NMSAC also believed that varied state background checks could result in venue shopping by applicants. Response: We agree that the TWIC should be nationally consistent and that states do not have the authority to modify the federal TWIC program. However, States, when acting in their capacity as an owner or operator, retain the right of any owner or operator to impose additional security measures at their ports and facilities, as they see fit, including additional measures for access control beyond the TWIC requirements. In addition, States retain their sovereign police powers to impose statutes and regulations to protect their citizens from all manner of threats, and ensure public welfare. In that capacity, a State may impose additional measures at ports, facilities and vessels within its jurisdiction that are directed against reducing all types of crime, so long as those measures do not conflict with any existing Federal regulatory program or frustrate a Federal purpose, including the TWIC. Therefore, while the process for obtaining and maintaining a TWIC will be uniform across the country, access control measures may vary across States, and even from facility to facility, which is in keeping with the recommendations of the NMSAC and the intent of this rulemaking. E. Type of Biometric To Be Used, Other Than Fingerprints Comment: NMSAC recommended that the applicant's digital photograph be stored on the integrated circuit chip (ICC) on the TWIC. Its format and technological standards should conform to other national and international programs, such as US-VISIT and FAST. NMSAC recommended that we reevaluate the use of fingerprint biometrics for access control after completion of Prototype to address procedures for individuals who cannot provide fingerprints. Response: Regarding the first comment, we agree and are proposing that the applicant's digital photograph be stored within the TWIC's ICC. We agree with the second comment and are proposing a credential that meets or exceeds HSPD 12 and FIPS 201 technical standards, which are the baseline for all federal identification [[Page 29407]] credentials. We also agree with the third comment and are proposing that the digital photograph be used as the alternate biometric for individuals who are unable to provide fingerprints at the time of issuance. F. Federally-Managed vs. Federally-Regulated Comment: NMSAC strongly supports a federally-managed approach to TWIC implementation, as opposed to a federally-regulated approach. NMSAC believes that a federally managed program would protect collective bargaining agreements, promote uniformity of process and technology, ensure appropriate auditing and oversight, protect the sensitivity of the biographic and biometric information required for application, and limit the potential for security compromises or other integrity issues. It also states that there would be significant cost savings if TWIC is implemented in a centralized, federally managed program. Response: We agree and the NPRM reflects this approach. G. Enrollment Comment: In the interest of time, NMSAC recommended that TSA provide as many enrollment centers as practical during the initial enrollment period, staffed either by DHS personnel or trained trusted agents. NMSAC believes that enrollment personnel should be subject to a higher level of scrutiny than TWIC applicants, including financial and credit screening. NMSAC recommended that TSA streamline the enrollment process by allowing pre-enrollment through secure Internet connections, dedicated kiosks, or existing facilities. NMSAC had reservations about allowing non-safety related agencies or organizations becoming involved in this process. They also recommend DHS first look to its own agencies, such as Coast Guard License Issuing Centers, or other federal, state or local public safety offices to process enrollments before seeking partnerships with agencies with non-security missions. Response: We agree with most of the NMSAC recommendations. The current rollout strategy is phased enrollment over a period of time to accommodate the majority of the maritime population centers and then geographically expands to cover all ports/facilities with mobile enrollment centers. All enrollment centers will be staffed by trained trusted agents who will be subject to a thorough threat assessment. The NPRM allows for pre-enrollment through secure Internet connections and dedicated kiosks. H. Costs Comment: NMSAC stated that the fee should be collected at the time of application from the applicant. Any potential employer reimbursements or other business relationships should not be defined in the regulation. Individuals who have already been screened to an equal or higher standard than the TWIC, such as the assessment done for a hazmat endorsement, should not have to pay for duplicate applications, credential issuance, and background records check. TSA should collect only the costs of the program, and the cost for TWIC should be standardized at all enrollment centers. Response: We agree. The NPRM states that the fee is collected from the applicant at the time of enrollment and does not require any reimbursement arrangements. Also, we propose comparability standards so that agencies with similar checks can apply to TSA for a comparability determination. As for hazmat drivers, the check they must complete to get a hazmat endorsement is the same as the standard for TWIC. Therefore, drivers are not required to complete both checks, but must pay a reduced fee for TWIC enrollment and credential production because it was not included in the hazmat fee or process. I. Term of Validity Comment: The TWIC should be valid for a period of five years, unless revoked for cause. This recommendation assumes there is continual check on applicants. Response: We agree and propose a 5-year period of validity for the TWIC unless revoked for cause. TSA repeats portions of the check throughout the 5-year term. J. Roll-Out Strategy Comment: NMSAC supported a phased in regional implementation. A timeline and deadline should be identified by TSA, and the final implementation/compliance date should be consistent across the country and provide sufficient advance lead time to allow stakeholders to prepare. To accommodate U.S. mariners, NMSAC proposed that DHS allow enrollment centers be set up at foreign facilities with a Coast Guard presence. Response: We agree and Sec. 1572.19 proposes the implementation timeline for applicants to enroll for a TWIC. Regarding oversees enrollment of U.S. mariners, we recognize that is an issue in need of resolution. As credentialed U.S. mariners pose less of a security risk due to the successful completion of security and safety background checks, they have been identified as a population who could potentially be lower on the priority list for receipt of the TWIC. In the meantime, options such as setting up TWIC enrollment stations within existing Coast Guard overseas facilities is being explored. K. TWIC Requirement for Access to Sensitive Security Information Comment: NMSAC recommended that TWIC be used as identification credential alone, and not affect access to SSI. Response: The statute requires ``individuals with access to security sensitive information as determined by the Secretary'' to hold a TWIC. We agree that requiring all individuals with access to SSI to also hold a TWIC may be impractical. We have interpreted the language of the statute to allow that only certain individuals who will require access to SSI hold a TWIC, if they have not already been subject to an equivalent check. These individuals are clearly identified by position in the NPRM. L. Miscellaneous Issues Comment: NMSAC strongly urges TSA and Coast Guard to gather industry input in the TWIC rulemaking. Response: In developing the TWIC program, we have benefited from the expertise and assistance of industry and government stakeholders. Our work with the NMSAC has produced several outstanding recommendations and solutions to potential challenges. Additionally, we are planning four public meetings on this NPRM, in order to engage industry and gather comments before a final rule is in place. Comment: NMSAC urged TSA and Coast Guard to coordinate TWIC with other federal programs to avoid duplication and conflicts. It also urged that Merchant Mariner Licenses and Documents be merged with TWIC to the greatest extent possible to minimize the number of credentials mariners are required to carry. Response: The Coast Guard National Maritime Center has expressed similar concerns over adding yet another credential to the list of those required for mariners. In a separate rulemaking published in today's Federal Register, the Coast Guard has proposed combining all merchant mariner credentials into a single form, in order to minimize the number of credentials a mariner must carry. That proposal would merge the existing mariner documents, consisting of the License, Merchant Mariner Document, STCW Endorsement, and Certificate of Registry, into one. The TWIC would [[Page 29408]] remain the identification credential and separate from these other credentials, at least for the time being. The consolidated mariner form would document the mariner's professional skills and capabilities and the TWIC would document the mariner's identity. M. Procedures for Replacement of Lost or Stolen Credentials, and Penalties for Persons Who Fraudulently Obtain or Use/Attempt to Use a TWIC Comment: NMSAC expressed concerns about the procedures to address lost or stolen credentials, and the penalty for persons who fraudulently obtain or use/attempt to use a TWIC. Response: We agree that procedures for lost or stolen credentials are essential services. Applicants will be given an 800-number to call in the event they lose the TWIC or it is stolen. The applicant must return to an enrollment center to activate a new TWIC. This will not require a full enrollment process unless the biometric or biographic information has changed since the time of the initial enrollment and the period of validity of the TWIC will be the same as the lost or stolen credential it is replacing. As the NPRM states, applicants who fraudulently obtain or attempt to use a TWIC may be prosecuted criminally and/or through administrative action. N. On-Site TWIC Implementation Comment: NMSAC expressed concern about the possibility for delay at points of entry due to implementation of theTWIC program. Response: During TSA's Prototype, possession of a TWIC ultimately accelerated access for individuals when they were entered into the local access control system. We anticipate similar results when TWIC is fully operational. As proposed, this rule would permit owners/operators to determine the details of the access control system, and so resolving access problems would largely be managed at the facility or vessel. However, we welcome industry feedback and insight on ways that we may be able to improve the proposed requirements without compromising either security or function. V. Section-by-Section Analysis of United States Coast Guard Proposed Rule General Introduction The following discussion highlights the changes being made to the Coast Guard regulations and address some miscellaneous effects that these changes will have on unamended sections of the regulations. The discussion is divided into parts and sections within those parts, which will enable the reader to skip to those regulations that affect him/ her. In order to allow for this, some explanations are repeated from part to part (for example, the explanation for proposed amendments to the recordkeeping requirement sections in parts 104, 105, and 106, are identical). 33 CFR Part 101 33 CFR 101.105 Coast Guard proposes amending Sec. 101.105 by adding new definitions for escorting, personal identification number (PIN), recurring unescorted access, secure area, TWIC, TWIC program, and unescorted access. These terms would be introduced by the amendments discussed below, and their definitions are self-explanatory. 33 CFR 101.121 Coast Guard proposes adding Sec. 101.121 to require those organizations that have approved Alternative Security Programs (ASPs) to submit a TWIC Addendum to their ASP. This TWIC Addendum should explain how the TWIC requirements proposed in parts 104, 105, and 106 (as applicable) would be implemented in the ASP. The TWIC Addendum would be submitted to the Coast Guard for approval and, once approved, would be given the same expiration date as the overall ASP. When it is time for the overall ASP to be reapproved, the TWIC Addendum would be incorporated into the overall ASP, resulting in a single document. Any organization not submitting the TWIC Addendum by the given deadline would have their ASP declared invalid. 33 CFR 101.514 Coast Guard proposes adding Sec. 101.514. This new section contains the requirement that all persons requiring unescorted access to secure areas of vessels, facilities, and OCS facilities regulated by parts 104, 105, or 106 of subchapter H possess a TWIC before such access is granted. Federal officials would not be required to use a TWIC, but rather would be required to use their HSPD 12-compliant agency credential. These HSPD 12-compliant, biometrically-enabled credentials will be built according to the same technical standards as the TWIC, ensuring comparable levels of security. Coast Guard has also included a provision allowing for State and local officials to voluntarily obtain a TWIC when their office or duty station falls within, or where they require recurring unescorted access to, a secure area of a vessel, facility, or an OCS facility. Coast Guard would not, at this time, require these officials to obtain a TWIC, but we may revisit this in the future. Coast Guard also would allow for voluntary compliance with TWIC for those maritime facilities and vessels that would otherwise not be required to comply. Any owner or operator who would like to voluntarily comply with TWIC requirements would first be required to contact their cognizent COTP, who will forward the request, along with the COTP's recommendation, to TSA. Once the Coast Guard and TSA determine that use of the TWIC by the facility or vessel would benefit and improve overall maritime security, the owner/operator would receive authorization to have employees enroll at TSA enrollment centers and establish a TWIC program at their facility. Coast Guard requests that those owner/ operators who would like to voluntarily comply under this provision please submit a comment. 33 CFR 101.515 Coast Guard proposes amending Sec. 101.515 to limit its application only to those persons seeking escorted access to a secure area. This amendment would require that anyone, other than law enforcement officers in performance of their official duties, seeking access to a vessel, facility, or OCS facility provide personal identification meeting the standards listed in this section. It also would require that these individuals be escorted at all times in a secure area. 33 CFR Part 103 33 CFR 103.305 Coast Guard proposes amending Sec. 103.305 to require that all Area Maritime Security (AMS) Committee members hold a TWIC or have passed a comparable security background investigation, as determined by the FMSC, with the exception of credentialed Federal, state and local officials. Coast Guard would omit credentialed Federal, state, and local officials from the requirement to hold a TWIC because the majority of these individuals undergo a security threat assessment prior to beginning their job, and because (as explained above) the Federal officials will all be issued HSPD 12-compliant, biometric identification credentials, and it is hoped that states and local entities will follow suit. 33 CFR 103.505 and 103.510 Coast Guard proposes amending Sec. Sec. 103.505 and 103.510 to require that all AMS plans address biometric access programs within the port, and to require [[Page 29409]] that all AMS plans be updated to reflect this consideration. 33 CFR Part 104 33 CFR 104.105 Coast Guard proposes amending Sec. 104.105 to exempt foreign vessels from the TWIC requirements. Currently foreign vessels entering U.S. ports that carry a valid International Ship and Port Facility (ISPS) certificate are deemed to be in compliance with part 104, except for Sec. Sec. 104.240, 104.255, 104.292, and 104.295. However, there are a small number of foreign vessels who are not required to comply with the International Convention for Safety of Life at Sea (SOLAS) or with the ISPS Code, and therefore must submit security plans in accordance with this part. Without the proposed language, these vessels would be required to comply with the TWIC provisions. The crew of these vessels would primarily consist of foreign mariners. While not explicitly exempt from the TWIC requirements by the language of 46 U.S.C. 70105, the particular situation of foreign mariners makes it impractical to issue this population TWICs, and it has been determined that it is inappropriate to this rulemaking. Thus, the small number of foreign vessels who would otherwise be required to comply with part 104, as well as all other foreign vessels, have been exempted from complying with the TWIC provisions of this part since none of their crew would hold a TWIC. Nothing in this proposed exemption should affect the existing requirements that owners or operators have procedures in place for allowing seafarers to traverse facilities for the purpose of completing crew changes or taking shore leave. 33 CFR 104.106 Coast Guard proposes adding Sec. 104.106 to provide for passenger access areas on board passenger vessels, ferries, and cruise ships. Implementation of the TWIC credential would have a significant impact on the way that owners and operators make access control decisions. The proposed rule would introduce the concept of a ``secure area,'' defined as the area over which an owner or operator chooses to exercise access control as set forth in Sec. 104.265, essentially making the entire vessel a secure area. In non-passenger vessels, this is not problematic; for those that carry passengers, however, it presents difficulties. Since the law requires that no one be allowed unescorted access to secure areas unless they carry a TWIC, passenger vessels, ferries, and cruise ships would have had to either require passengers to obtain TWICs or ensure that passengers were ``escorted'' at all times while on the vessel. To avoid either outcome, Coast Guard proposes creating the ``passenger access area,'' which will allow vessel owners/operators to carve out areas within the secure areas aboard their vessels where passengers are free to move about unescorted. These passenger access areas would work in a manner similar to the already existing ``public access areas'' in part 105. 33 CFR 104.115 In Sec. 104.115, Coast Guard proposes using the same roll-out and implementation model for TWIC as was used for vessel security plans. Vessels would have six (6) months from the date that the final rule is published to submit a TWIC addendum to the Marine Safety Center. They would be required to be operating according to the addendum between twelve (12) and eighteen (18) months following the date that the final rule is published, depending on whether enrollment for the port in which the vessel is operating has been completed. 33 CFR 104.120 The proposed amendment to Sec. 104.120 would require that a copy of the approved TWIC addendum be kept on board the vessel, along with the already approved Vessel Security Plan (VSP) (already required to be on board). Coast Guard has included provisions for scenarios in which the TWIC addendum has been submitted to the Marine Safety Center (MSC) but not yet approved, and for vessels operating under an approved alternative security program. 33 CFR 104.200, 104.210, 104.215, 104.220, and 104.225 Coast Guard proposes amending these sections to require that all individuals with security duties, including the company security officer (CSO), acquire and maintain a TWIC. Coast Guard requests comment on whether owners/operators should also be required to obtain a TWIC, based on their access to sensitive security information (SSI). Coast Guard also proposes amending these sections to add knowledge requirements and responsibilities pertaining to TWIC to those already assigned to owners/operators, company security officers, vessel security officers, vessel employees with security duties, and all vessel employees. At this time, there are no formal training requirements proposed in order to meet the TWIC knowledge requirements. It is important that owners/operators and those with security duties be familiar with the technologies on the credential that make it resistant to tampering and forgery. Persons who will be examining TWICs at access control points should be familiar enough with its physical appearance such that variations or alterations are easily recognized. It is important that security personnel at the access points to the vessel be familiar with alternate ways to reliably verify an individual's identity and his or her credential should the individual be unsuccessful using the primary means of verification (e.g., fingerprint match). Personnel who will be required to resolve an individual's failure to electronically verify his or her identity should be familiar with all the possible reasons for the failure. For example, an individual may not be able to verify his identity against the biometric stored on the credential due to wear on the integrated circuit chip (ICC) itself, problems with the reader, wear on the individual's fingerprints, or because the individual is an imposter. Alternate procedures for addressing failures of an individual to verify his fingerprint against the information stored on the credential should be reasonably designed to discern between a legitimate user and an imposter. All other employees should be familiar with the TWIC topology, as well as the steps to take should their own TWIC become lost or stolen. The heaviest burden has been placed on the owner/operator, who would be required to ensure that the TWIC program is implemented on board the vessel in accordance with the proposed regulations. This would include a new requirement that the owner/operator ensure that someone on the vessel know who is on the vessel at all times. It would also include a requirement that the owner/operator ensure that computer and access control systems and hardware are secure. The Coast Guard has placed a sample document in its docket (located at the places listed in the ADDRESSES section above) for this NPRM that outlines the proper standard of care to be used to protect these systems and hardware. We request comment on this standard of care, as well as on any associated costs to implement it. 33 CFR 104.235 Coast Guard proposes adding a new record-keeping requirement, mandating that owners/operators maintain records for two years of all persons who are granted access to secure areas of the vessel, including when they disembark the vessel. The requirement does not distinguish between those who were granted unescorted access because they [[Page 29410]] carried a TWIC and those who were granted escorted access. For those who are granted recurring unescorted access, such as permanently attached crew or other employees, owners/operators would be required to record the span over which the individual's access privileges endured. For individuals who were granted escorted access, the owners/operators would be required to record each date that the individual is escorted, and identify his escort. 33 CFR 104.265 Coast Guard proposes amending this section to require the use of TWIC in the vessel's access control measures. This section would show the greatest changes as a result of TWIC implementation, and reflects a difficult compromise of many competing concerns, including our desire to preserve as much of the performance-based standard as possible so that vessels could tailor implementation to suit their individual operational needs while preserving the security enhancements provided by the TWIC credential. TWIC provides for implementing graduated security measures by relying upon the three factor authentication process for establishing a person's identity. This process consists of identifying: (1) Something the person has--a TWIC credential; (2) something the person knows--a PIN, stored securely on the ICC in the credential; and (3) something the person is--in the case of the TWIC, that will be the individual's fingerprint, which also is stored on the ICC of the credential. By requiring one or all of these factors before allowing access, owners/ operators can make increasingly more secure decisions regarding individuals who are requesting to board the vessel. Currently, most access control decisions are made relying on a ``flash pass.'' Individuals requesting entry are required to show identification that conforms to Sec. 101.515 of subchapter H, which currently encompasses a broad spectrum of credentials, including driver's licenses from all 50 states. Many of these credentials are easily forged or altered, and the sheer diversity of appearances hampers security personnel's ability to recognize a forged or altered credential when it is presented. Even when used as a flash pass, the TWIC provides greater reliability than the existing system because it presents a uniform appearance with embedded features on the face of the credential that make it difficult to forge or alter. When presented with a TWIC, security personnel familiar with its security features are immediately able to notice any absence or destruction of these features. Nevertheless, our intent was to discourage the use of the TWIC as a flash pass for several reasons. While security personnel can reliably detect changes to the appearance of the credential or missing features, he or she cannot know whether or not the credential has been revoked by TSA, or other competent authority, merely by examining the surface of the credential. Furthermore, comparing the individual to the photo on the credential requires focused examination that is likely to suffer when security personnel are distracted or during particularly busy periods. This is the time that an unauthorized individual is most likely to attempt entry, and is most likely to breach a system that relies solely on the flash pass system. Finally, allowing owners/ operators to rely solely on the flash pass system is unreasonable in light of the additional cost of the credential, and the available security enhancements that the increased cost represents. Thus, Coast Guard proposes to require owners/operators to use at least one of the technical enhancements on the credential to electronically verify a person's identity and also requires verification that the credential remains valid, and has not been altered or counterfeited. Implementation of the TWIC program will require that the owner/ operator use different processes for identifying persons, depending on whether or not the individual is requesting unescorted access. If the individual is requesting, or will require, unescorted access as part of his or her job responsibilities, the individual must have and maintain a TWIC. On an owner/operator's first encounter with an individual seeking or requiring unescorted access to the vessel, we would require that all of TWIC's security features be used to verify both the individual's claimed identity and that the credential remained valid. Thus, when presented with an individual's TWIC for the first time, an owner or operator would be required to electronically verify that the individual's fingerprint matches the data stored on the ICC, and that the individual can correctly enter the PIN that is also stored on the ICC. Both of these processes will require that the individual have the TWIC in his/her possession, thus satisfying all three factors of the authentication process. In addition, the owner or operator would have to confirm that the TWIC remains valid. In order to know that the TWIC has not been revoked, some regular contact with TSA will be necessary. Coast Guard has not specified how this contact should be made so as to provide as much flexibility as possible. These steps performed together will detect to the highest degree of certainty whether the individual is the rightful bearer of the TWIC he or she holds, and whether or not it was duly issued and remains valid. After the initial encounter, there is as much flexibility as possible for the owner/operator so that the TWIC would provide a valuable security enhancement without unnecessarily burdening daily operations. Coast Guard recognized that, particularly for smaller vessels such as towing vessels, the value by the daily validation of an individual's personal identity is less than for facilities, which generally interact with greater numbers of vendors, visitors, and facility employees. We assumed that the crew of most vessels, excluding cruise ships, would be a relatively small number of people who would quickly become familiar enough with one another so as to be able to readily identify fellow crew members and notice strangers. Thus, there is more emphasis on ensuring that the credential remains valid. Accordingly, Coast Guard has identified specific intervals, according to the Maritime Security (MARSEC) level, when a vessel owner/operator must routinely check that the credential remains valid. As a result of this desire to provide flexibility, we propose the concept of ``recurring unescorted access,'' which is intended to allow an individual to enter on a continual basis, without repeating the personal identity verification piece. The decision to grant recurring access privileges should be based on two considerations: (1) The relationship of the individual to the vessel, or how well ``known'' he or she is; and (2) the individual's need to have frequent and unimpeded access to the vessel. No vessel is required to grant any individual recurring unescorted access; it is intended as a tool by which owners/operators can allow persons who are well known to them to move in and out of secure areas on a repetitive basis without having to electronically verify the individual's identity each time. The credential verification requirement would remain, and owners/operators would be responsible to check the validity of the TWIC belonging to any person to whom is granted recurring unescorted access according to the identified specific interval, based on the MARSEC level. Frequent vendors and other visitors, such as union and seafarer representatives, could seek and, at the [[Page 29411]] owner/operator's discretion, be granted recurring unescorted access. If granted, it would allow these individuals, identified by the vessel security officer, or other qualified personnel, to be entered onto the vessel's rolls of TWIC holders whose TWIC must be checked on a regular basis to ensure it remains unrevoked by TSA. The infrequent visitor or vendor who bears a TWIC and seeks unescorted access, would be required to electronically verify his or her identity by matching the biometric information stored on the ICC. The credential's validity would also have to be verified to ensure that it has not been revoked since issuance by TSA. Coast Guard acknowledges that maintaining this connectivity with TSA will be a challenge for vessel owners and operators. However, TSA has indicated that it will be able to maintain an updated list of all invalid credentials which can be downloaded over a secure connection with the TSA Web site, and vessel owners/operators would be able to verify the validity of credentials from infrequent visitors against this list. Furthermore, Coast Guard has assumed that vessels which could not establish access to TSA via a secure Web site from time to time could obtain updated versions of the list from its agent or home office. Persons presenting for entry who do not hold a TWIC would still be required to show an acceptable form of identification, as set forth in Sec. 101.515 and 104.265(e)(3), and would be required to be escorted if they are granted access to secure areas. Owners/operators are not required by the proposed changes to use the TWIC as their primary badging system. As much as practical, Coast Guard has retained the performance-based standards from the existing regulations that allows owners/operators to establish identification systems that best suits their individual operational needs. If, however, owners/operators choose to rely solely on the TWIC as their badging system, the system should include a means for identifying non-TWIC holders. If owners/ operators choose to use a separate badging system, it must be coordinated with the TWIC requirements in this part such that notification to the owner/operator of changes in the individual's TWIC status are also reflected in the separate badging system. Other existing regulatory requirements that we thought were important to preserve related to coordinating access control measures and the TWIC implementation with facilities whenever possible, particularly as that would facilitate the ready access of frequent vendors, and union and seafarer representatives to the vessel, as appropriate. Coast Guard anticipates that these individuals will also obtain a TWIC. Any coordination must be outlined in the TWIC addendum. In keeping with the longstanding tradition that seafarers keep their mariner credentials and other important documents on the bridge, or stored in a secure place, this rule does not propose that vessel crew be required to display or maintain their TWIC on their person at all times. Instead, anyone granted unescorted access to the secure areas of the vessel under this proposed rule is expected to produce his or her TWIC for inspection if so required by a competent authority. Thus, persons assigned to the vessel can keep the credential stored securely on the vessel with their other important documents. However, mariners will have to take the TWIC with them when they leave the vessel in order to gain unescorted access through the facility. Owners/operators are required to devise backup processes for making access control decisions when any part of the TWIC system fails, with particular attention paid to not creating greater vulnerabilities that can be leveraged by a failure of the system due to deliberate efforts. Of particular concern is the occasion when an individual may not be able to match his or her biometric against the information stored on the ICC. While this could mean the person is not who he says he is, it is also possible that wear and tear on the reader, the ICC, or the person's fingerprint itself have caused the failure. In resolving these kinds of failures, security personnel should be well informed as to other reliable means of verifying identity, such as comparing the image of the individual that is electronically stored on the ICC to the person him or herself, or by having other authorized personnel vouch for his identity. In keeping with the graduated scheme of the MTSA regulations, this rule proposes requiring increased use of TWIC security features at higher MARSEC levels. At MARSEC level 1, the owner/operator would be required to ensure that the validity of TWIC credentials is verified against the latest information available from TSA on a weekly basis. At MARSEC level 2, the owner/operator would be required to ensure that the validity of TWIC credentials is verified against the latest information available from TSA on a daily basis. At MARSEC level 3, all personnel seeking unescorted access would be required to verify their identity biometrically and using their PIN at each entry to a secure area of the vessel. The requirements at each MARSEC level are laid out in the table that follows. -------------------------------------------------------------------------------------------------------------------------------------------------------- Vessels ------------------------------------------------ U.S. flagged cruise Recurring unescorted Non-recurring Facilities OCS facilities ships access unescorted access -------------------------------------------------------------------------------------------------------------------------------------------------------- MARSEC 1........................... Facial recognition 1 to 1 biometric match 1 to 1 biometric 1 to 1 biometric 1 to 1 biometric minimum each entry; at each entry; card match at each entry; match at each entry; match at each entry; card validity checked validity checked at card validity card validity card validity weekly with each entry with checked at each checked at each checked at each information < =1 week information < = 1 week entry with entry with entry with most old. old. information < =1 week information < =1 week current information old. old; recheck those available from TSA. continuously aboard weekly with most current information available from TSA. -------------------------------------------------------------------------------------------------------------------------------------------------------- [[Page 29412]] MARSEC 2........................... Facial recognition 1 to 1 biometric match 1 to 1 biometric 1 to 1 biometric 1 to 1 biometric minimum each entry; at each entry; card match at each entry; match at each entry; match + PIN at each card validity checked validity checked at card validity card validity entry; card validity daily with the most each entry with checked at each checked at each checked at each current information information < =1 day entry with entry with entry with most available from TSA. old. information < =1 day information < =1 day current information old. old; recheck those available from TSA. continuously aboard daily with most current information available from TSA. -------------------------------------------------------------------------------------------------------------------------------------------------------- MARSEC 3........................... 1 to 1 biometric match + PIN at each entry; 1 to 1 biometric 1 to 1 biometric 1 to 1 biometric card validity checked at each entry with match + PIN at each match + PIN at each match + PIN at each information < =1 day old. entry; card validity entry; card validity entry; card validity checked at each checked at each checked at each entry with entry with entry with most information < =1 day information < =1 day current information old. old; recheck those available from TSA. aboard continuously daily. -------------------------------------------------------------------------------------------------------------------------------------------------------- 33 CFR 104.290 Coast Guard proposes amending this section to require owners/ operators to have the records of persons who have been granted access to the vessel (See, Sec. 104.235, discussed above) available after a security incident. 33 CFR 104.295 Coast Guard proposes amending Sec. 104.295 to impose higher burdens on U.S. cruise ships. The same assumptions regarding crew size and connectivity (discussed in the proposed changes to Sec. 104.265 above) do not apply to these large, sophisticated vessels whose potential to be the impetus of a transportation security incident (TSI) is much greater than other vessels. As a result, TWIC requirements more closely resemble those for facilities. Coast Guard proposes requiring that an individual's identity be checked against their TWIC at each entry to the vessel, and that the validity of the TWIC be verified with TSA at a higher rate than for other vessels. 33 CFR 104.405 Coast Guard proposes amending this section to require that when each vessel security plan is reviewed and resubmitted for approval upon its 5 year anniversary date, it incorporates the TWIC Addendum into all appropriate sections of the VSP. Most of these changes should be reflected in the plan's section on access control. New Subpart E (33 CFR 104.500-104.510) Proposed Sec. 104.500-104.510 are new and are intended to be temporary measures that will be phased out as existing plans are renewed according to their expiration date. Rather than require owners/ operators to resubmit their entire plan with the TWIC measures incorporated within, Coast Guard proposes requiring a temporary TWIC addendum to be submitted. The addendum should be drafted in conjunction with the existing plan, reflecting all modifications that the TWIC rules require. Once approved, it should be attached to and maintained as part of the entire plan, and will be given the same expiration date as the existing plan. Upon expiration, the TWIC addendum should be seamlessly incorporated into the full plan when it is renewed in accordance with the regulations in place at the time of renewal. Owners/operators may opt to resubmit their entire plan, with a list of sections amended, as their TWIC Addendum, but once approved it will carry the same expiration date as it had prior to amendment. Owners/ operators are encouraged to submit the addendum via Homeport (http://homeport.uscg.mil ). 33 CFR Part 105 33 CFR 105.115 In Sec. 105.115, Coast Guard proposes using the same roll-out and implementation model for TWIC as was used for MTSA security plans. Facilities would have six (6) months from the date that the final rule is effective to submit a TWIC addendum to their cognizant Captain of the Port (COTP) and would be required to be operating according to the addendum between twelve (12) and eighteen (18) months following the effective date, depending on whether enrollment has been completed at the port where the facility is located. 33 CFR 105.120 In the proposed amendment to Sec. 105.120, Coast Guard would require that the facility keep a copy of the approved TWIC addendum on- site, along with the already approved facility security plan (FSP) (already required to be on site). Coast Guard has included provisions for scenarios in which the TWIC addendum has been submitted to the COTP but not yet approved, and for facilities operating under an approved alternative security program. 33 CFR 105.200, 105.205, 105.210, and 105.215 Coast Guard proposes amending these sections to require that all individuals with security duties acquire and maintain a TWIC. Coast Guard requests comment on whether owners/operators should also be required to obtain a TWIC, based on their access to sensitive security information (SSI). Coast Guard also proposes adding knowledge requirements and responsibilities pertaining to TWIC to those already assigned to owners/operators, facility security officers, facility employees with security duties, and all facility employees. There are no formal training requirements in order to meet the TWIC knowledge requirements proposed at this time. It is important that owners/ operators and those with security duties be familiar with the technologies on the credential, particularly the imbedded features that make the credential resistant to tampering and forgery. Persons who will be examining TWICs at access control points should be familiar enough with its physical [[Page 29413]] appearance such that variations or alterations are easily recognized. It is important that security personnel at the access points to the facility be familiar with alternate ways to reliably verify an individual's identity and his or her credential should the individual be unsuccessful using the primary means of verification (e.g., fingerprint match). For example, an individual may not be able to verify his identity against the biometric stored on the credential due to wear on the ICC itself, problems with the reader, wear on the individual's fingerprints, or because the individual is an imposter. Alternate procedures for addressing failures of an individual to verify his fingerprint against the information stored on the credential should be reasonably designed to discern between a legitimate user and an imposter. All other employees should be familiar with the TWIC topology, as well as the steps to take should their own TWIC become lost or stolen. The heaviest burden has been placed on the owner/operator, who would be required to ensure that the TWIC program is implemented on board the facility in accordance with the proposed regulations. This would include a new requirement that the owner/operator ensure that someone on the facility know who is on the facility at all times. It would also include a requirement that the owner/operator ensure that computer and access control systems and hardware are secure. The Coast Guard has placed a sample document in its docket (located at the places listed in the ADDRESSES section above) for this NPRM that outlines the proper standard of care to be used to protect these systems and hardware. We request comment on this standard of care, as well as on any associated costs to implement it. 33 CFR 105.225 Coast Guard proposes adding a new record-keeping requirement, mandating that owners/operators maintain records for two years of all persons who are granted access to the facility. The requirement does not distinguish between those who were granted unescorted access because they carried a TWIC and those who were granted escorted access. For individuals who were granted escorted access, the owners/operators would be required to record each date that the individual is escorted, and identify his escort. 33 CFR 105.255 Coast Guard proposes amending this section to require the use of TWIC in the facility's access control measures. This section would show the greatest changes as a result of TWIC implementation, and reflects a difficult compromise of many competing concerns, including our desire to preserve as much of the performance-based standard as possible so that facilities could tailor implementation to suit their individual operational needs while preserving the security enhancements provided by the TWIC credential. TWIC provides graduated increases in security by relying upon the three factor authentication process for establishing a person's identity. This process consists of identifying: (1) Something the person has--a TWIC credential; (2) something the person knows--a Personal Identification Number (PIN), stored on the integrated circuit chip (ICC) in the credential; and (3) something the person is--in the case of the TWIC, it will be the individual's fingerprint, which is also stored on the ICC of the credential. By requiring one or all of these factors before allowing access, owners/ operators can make increasingly more secure decisions regarding individuals who are requesting to enter the facility. Currently, most access control decisions are made relying on a ``flash pass.'' Individuals requesting entry are required to show identification that conforms to Sec. 101.515 of subchapter H, which currently encompasses a broad spectrum of credentials, including driver's licenses from all 50 states. Many of these credentials are easily forged or altered, and the sheer diversity of appearances hampers security personnel's ability to recognize a forged or altered credential when it is presented. Even when used as a flash pass, the TWIC provides greater reliability than the existing system because it presents a uniform appearance with embedded features on the face of the credential that make it difficult to forge or alter. When presented with a TWIC, security personnel familiar with its security features are immediately able to notice any absence or destruction of these features. Nevertheless, our intent was to discourage the use of the TWIC as a flash pass for several reasons. While security personnel can reliably detect changes to the appearance of the credential or missing features, he or she cannot know whether or not the credential has been revoked by TSA, or other competent authority, merely by examining the surface of the credential. Furthermore, comparing the individual to the photo on the credential requires focused examination that is likely to suffer when security personnel are distracted or during particularly busy periods. This is the time that an unauthorized individual is most likely to attempt entry, and is most likely to breach a system that relies solely on the flash pass system. Finally, allowing owners/ operators to rely solely on the flash pass system is unreasonable in light of the additional cost of the credential, and the available security enhancements that the increased cost represents. Thus, Coast Guard proposes to require owners/operators to use at least one of the technical enhancements on the credential to electronically verify a person's identity and also requires verification that the credential remains valid, and has not been altered or counterfeited. Implementation of TWIC will require that the owner/operator use different processes for identifying persons depending on whether or not the individual is requesting unescorted access. If the individual is requesting unescorted access, or will require unescorted access as part of his or her job responsibilities, the individual must have and maintain a TWIC. Individuals requesting unescorted access to secure areas of the facility must present a valid TWIC prior to entry and electronically verify his or her identity by matching his or her biometric against the information stored on the credential. In addition, the owner or operator would have to confirm that the TWIC remains valid. In order to know that the TWIC has not been revoked, some regular contact with TSA will be necessary. (See, discussion of ``using TWIC in an access control system'' above.) No particular method has been prescribed for contacting TSA to verify the validity of credentials so as to provide as much flexibility to owners/ operators as possible. Persons presenting for entry who do not hold a TWIC would still be required to show an acceptable form of identification, as set forth in Sec. Sec. 101.515 and 104.265(e)(3), and will be required to be escorted if they are granted access to secure areas. Owners/operators are not required by the proposed changes to use the TWIC as their primary badging system. As much as practical, the rule proposed to retain the performance-based standards from the existing rule that allows owners/operators to establish identification systems that best suit their individual operational needs. If, however, owners/operators choose to rely solely on the TWIC as their badging system, the system should include a means for identifying non-TWIC holders. If owners/ operators choose to use a separate badging system, it must [[Page 29414]] be coordinated with the TWIC requirements in this part. Other provisions that are important to preserve are related to coordinating access control measures and the TWIC implementation with vessels whenever possible, particularly as that would facilitate the ready access of frequent vendors, and union and seafarer representatives to the vessel and crew as appropriate. Facility personnel are required to have their TWIC readily available for inspection if so required by a competent authority. Coast Guard proposes that owners/operators be required to devise backup processes for making access control decisions should any part of the TWIC system fail, with particular attention paid to not creating greater vulnerabilities that can be leveraged by deliberately causing a failure of the system. Of particular concern is the occasion when an individual may not be able to match his or her biometric against the information stored on the ICC. While this could mean the person is not who he says he is, it is also possible that wear and tear on the reader, the ICC, or the person's fingerprint itself have caused the failure. In resolving these kinds of failures, security personnel should be well informed as to other reliable means of verifying identity, such as comparing the image of the individual that is electronically stored on the ICC to the person him or herself, or by having other authorized personnel vouch for his identity. In keeping with the graduated scheme of the MTSA regulations, Coast Guard proposes requiring increased use of the TWIC at higher MARSEC levels. At MARSEC level 1, the owner/operator would be required to ensure the validity of the TWIC credentials is verified against the latest information available from TSA on a weekly basis. At MARSEC level 2, the owner/operator would be required to ensure that the validity of TWIC credentials is verified against the latest information available from TSA on a daily basis, as well as ensure all TWIC-enabled access gates are manned. At MARSEC level 3, Coast Guard would require verification of an individual's PIN at each entry to the secure area. The requirements at each MARSEC level are laid out in the table that follows. -------------------------------------------------------------------------------------------------------------------------------------------------------- Vessels ------------------------------------------------ U.S. flagged cruise Recurring unescorted Non-recurring Facilities OCS facilities ships access unescorted access -------------------------------------------------------------------------------------------------------------------------------------------------------- MARSEC 1........................... Facial recognition 1 to 1 biometric match 1 to 1 biometric 1 to 1 biometric 1 to 1 biometric minimum each entry; at each entry; card match at each entry; match at each entry; match at each entry; card validity checked validity checked at card validity card validity card validity weekly with each entry with checked at each checked at each checked at each information < = 1 week information < = 1 week entry with entry with entry with most old. old. information < = 1 information < = 1 current information week old. week old; recheck available from TSA. those continuously aboard weekly with most current information available from TSA. -------------------------------------------------------------------------------------------------------------------------------------------------------- MARSEC 2........................... Facial recognition 1 to 1 biometric match 1 to 1 biometric 1 to 1 biometric 1 to 1 biometric minimum each entry; at each entry; card match at each entry; match at each entry; match + PIN at each card validity checked validity checked at card validity card validity entry; card validity daily with most each entry with checked at each checked at each checked at each current information information < = 1 day entry with entry with entry with most available from TSA. old. information < = 1 day information < = 1 day current information old. old; recheck those available from TSA. continuously aboard daily with most current information available from TSA. -------------------------------------------------------------------------------------------------------------------------------------------------------- MARSEC 3........................... 1 to 1 biometric match + PIN at each entry; 1 to 1 biometric 1 to 1 biometric 1 to 1 biometric card validity checked at each entry with match + PIN at each match + PIN at each match + PIN at each information < = 1 day old. entry; card validity entry; card validity entry; card validity checked at each checked at each checked at each entry with entry with entry with information < = 1 day information < = 1 day information old. old; recheck those available from TSA. aboard continuously daily. -------------------------------------------------------------------------------------------------------------------------------------------------------- This section would be amended to require owners/operators to have the records of persons who have been granted access to the facility (See Sec. 105.225, discussed above) available after a security incident. 33 CFR 105.285 This section would be amended to clarify that passengers must be escorted within secure and restricted areas of the facility. 33 CFR 105.290 This section would be amended to clarify which activities must be done within the facility's secure area, to clarify the identifications to be checked before granting individuals entry to the facility, and to clarify that passengers must be escorted within secure and restricted areas of the facility. 33 CFR 105.295 Coast Guard proposes making a change to clarify that persons not holding TWICs must be escorted within Certain Dangerous Cargo (CDC) facilities. Coast Guard asks for comment as to whether there should be more stringent TWIC program requirements at these facilities, and what those requirements should be. [[Page 29415]] 33 CFR 105.296 Coast Guard proposes amending Sec. 105.296 to require that owners/ operators of barge fleeting facilities take responsibility for ensuring that anyone seeking unescorted access to barges within the fleeting facility hold a TWIC. 33 CFR 105.405 This section would be amended to require that when each facility security plan is reviewed and resubmitted for approval upon its 5-year anniversary date, it incorporate the TWIC Addendum into all appropriate sections of the FSP. Most of these changes should be reflected in the plan's section on access control. New Subpart E (33 CFR 105.500-105.510) Proposed Sec. Sec. 105.500-105.510 are new and are intended to be temporary measures that will be phased out as existing plans are renewed according to the existing plan's expiration date. Rather than require owners/operators to resubmit their entire plan with the TWIC measures incorporated within, we propose requiring a temporary TWIC addendum to be submitted. The addendum should be drafted in conjunction with the existing plan, reflecting all modifications that the TWIC rules require. Once approved, it should be attached to and maintained as part of the entire plan, and will be given the same expiration date as the existing plan. Upon expiration, the TWIC addendum should be seamlessly incorporated into the plan when it is renewed in accordance with the regulations in place at the time of renewal. Owners/operators may opt to resubmit their entire plan, with a list of sections amended, as their TWIC Addendum, but once approved it will carry the same expiration date as it had prior to amendment. Owners/operators are encouraged to submit the addendum via Homeport (http://homeport.uscg.mil ). 33 CFR Part 106 33 CFR 106.110 In Sec. 106.110, Coast Guard proposes using the same roll-out and implementation model for TWIC as was used for MTSA security plans. OCS facilities would have six (6) months from the date that the final rule is published to submit a TWIC addendum to their cognizant District Commander and would be required to be operating according to the addendum between twelve (12) and eighteen (18) months following the publication date, depending on whether enrollment has been completed at the port where the facility is located. 33 CFR 106.115 The proposed amendment to Sec. 106.115 would require that the OCS facility keep a copy of the approved TWIC addendum on site, along with the already approved OCS FSP (already required to be on site). This proposed rule includes provisions for scenarios in which the TWIC addendum has been submitted to the District Commander but not yet approved, and for OCS facilities operating under an approved alternative security program. 33 CFR 106.200, 106.205, 106.210, 106.215, and 106.220 These sections would be amended to require that all individuals with security duties, including the CSO, acquire and maintain a TWIC. Coast Guard requests comment on whether owners/operators should also be required to obtain a TWIC, based on their access to sensitive security information (SSI). This proposal would also amend these sections to add knowledge requirements and responsibilities pertaining to TWIC to those already assigned to owners/operators, company security officers, OCS facility security officers, OCS facility employees with security duties, and all OCS facility employees. There are no formal training requirements in order to meet the TWIC knowledge requirements at this time. It is important that owners/operators and those with security duties be familiar with the technologies on the credential, particularly the imbedded features that make the credential resistant to tampering and forgery. Persons who will be examining TWICs at access control points should be familiar enough with its physical appearance such that variations or alterations are easily recognized. It is important that security personnel at the access points to the OCS facility be familiar with alternate ways to reliably verify an individual's identity and his or her credential should the individual be unsuccessful using the primary means of verification (e.g., fingerprint match). Personnel who will be required to resolve an individual's failure to electronically verify his or her identity should be familiar with all the possible reasons for the failure. For example, an individual may not be able to verify his identity against the biometric stored on the credential due to wear on the ICC itself, problems with the reader, wear on the individual's fingerprints, or because the individual is an imposter. Alternate procedures for addressing failures of an individual to verify his fingerprint against the information stored on the credential should be reasonably designed to discern between a legitimate user and an imposter. All other employees should be familiar with the TWIC topology, as well as the steps to take should their own TWIC become lost or stolen. The heaviest burden has been placed on the owner/operator, who would be required to ensure that the TWIC program is implemented on board the OCS facility in accordance with the proposed regulations. This would include a new requirement that the owner/operator ensure that someone on the OCS facility know who is on the OCS facility at all times. It would also include a requirement that the owner/operator ensure that computer and access control systems and hardware are secure. The Coast Guard has placed a sample document in its docket (located at the places listed in the ADDRESSES section above) for this NPRM that outlines the proper standard of care to be used to protect these systems and hardware. We request comment on this standard of care, as well as on any associated costs to implement it. 33 CFR 106.230 Coast Guard proposes adding a new record-keeping requirement, mandating that owners/operators maintain records for two years of all persons who are granted access to the OCS facility. The requirement does not distinguish between those who were granted unescorted access because they carried a TWIC and those who were granted escorted access. 33 CFR 106.260 Coast Guard proposes amending this section to require the use of TWIC in the OCS facility's access control measures. This section would show the greatest changes as a result of TWIC implementation, and reflects a difficult compromise of many competing concerns, including our desire to preserve as much of the performance based standard as possible so that OCS facilities could tailor implementation to suit their individual operational needs while preserving the security enhancements provided by the TWIC credential. TWIC provides for implementing graduated security measures by relying upon the three factor identification process for establishing a person's identity. This process consists of identifying (1) something the person has--a TWIC credential; (2) something the person knows--a Personal Identification Number (PIN), stored on [[Page 29416]] the integrated circuit chip (ICC) in the credential; and (3) something the person is--in the case of the TWIC, it will be the individual's fingerprint, which is also stored on the ICC of the credential. By requiring one or all of these factors before allowing access, owners/ operators can make increasingly more secure decisions regarding individuals who are requesting access to the OCS facility. Currently, most access control decisions are made relying on a ``flash pass.'' Individuals requesting entry are required to show identification that conforms to Sec. 101.515 of subchapter H, which currently encompasses a broad spectrum of credentials, including driver's licenses from all 50 states. Many of these credentials are easily forged or altered, and the sheer diversity of appearances hampers security personnel's ability to recognize a forged or altered credential when it is presented. Even when used as a flash pass, the TWIC provides greater reliability than the existing system because it presents a uniform appearance with embedded features on the face of the credential that make it difficult to forge or alter. When presented with a TWIC, security personnel familiar with its security features are immediately able to notice any absence or destruction of these features. Nevertheless, our intent was to discourage the use of the TWIC as a flash pass for several reasons. While security personnel can reliably detect changes to the appearance of the credential or missing features, he or she cannot know whether or not the credential has been revoked by TSA, or other competent authority, merely by examining the surface of the credential. Furthermore, comparing the individual to the photo on the credential requires focused examination that is likely to suffer when security personnel are distracted or during particularly busy periods. This is the time that an unauthorized individual is most likely to attempt entry, and is most likely to breach a system that relies solely on the flash pass system. Finally, allowing owners/ operators to rely solely on the flash pass system is unreasonable in light of the additional cost of the credential, and the available security enhancements that the increased cost represents. Thus, Coast Guard proposes to require owners/operators to use at least one of the technical enhancements on the credential to electronically verify a person's identity and also requires verification that the credential remains valid, and has not been altered or counterfeited. Implementation of TWIC will require that the owner/operator use different processes for identifying persons depending on whether or not the individual is requesting unescorted access. If the individual is requesting unescorted access, or will require it as part of their job responsibilities, the individual must have and maintain a TWIC. For OCS facilities, Coast Guard proposes requiring uniformly that all of TWIC's security features be used to verify both the individual's claimed identity and that the credential remains valid each time an individual seeks unescorted access to the OCS facility. Thus, an owner/ operator must ensure some means for completing an electronic verification that the individual's fingerprint is matched to the data stored on the ICC each time an individual seeks unescorted access to the OCS facility. This process will require that the individual have the TWIC in his/her possession, thus satisfying all three factors of the three factor authentication process. In addition, the owner/operator will have to confirm that the TWIC remains valid. In order to know that the TWIC has not been revoked, some regular contact with TSA is required. The rule would not specify, however, how this contact shall be made, so as to leave as many options open as possible. (See discussion of ``using TWIC in an access control system'' above.) These steps performed together will detect to the highest degree of certainty whether the individual is the rightful bearer of the TWIC he or she holds, and whether or not it was duly issued and remains valid. Persons presenting for entry who do not hold a TWIC would still be required to show an acceptable form of identification, as set forth in Sec. Sec. 101.515 and 106.260(d), and would be required to be escorted if they are granted access to secure areas. Owners/operators are not required by the proposed changes to use the TWIC as their primary badging system. As much as practical, the rule proposes to retain the performance-based standards from the existing rule that allows owners/ operators to establish identification systems that best suit their individual operational needs. If, however, owners/operators choose to rely solely on the TWIC as their badging system, the system should include a means for identifying non-TWIC holders. If owners and operators choose to use a separate badging system, it must be coordinated with the TWIC requirements in this part. Other provisions that we thought were important to preserve related to coordinating access control measures and the TWIC implementation with vessels whenever possible, particularly as that would facilitate the movement of OCS facility employees using offshore supply vessels to gain access to the OCS facility. Any coordination must be outlined in the TWIC addendum. Owners/operators are required to devise backup processes for making access control decisions when any part of the TWIC system fails, with particular attention paid to not creating greater vulnerabilities that can be leveraged by deliberately causing a failure of the system. Of particular concern is the occasion when an individual may not be able to match his or her biometric against the information stored on the ICC. While this could mean the person is not who he says he is, it is also possible that wear and tear on the reader, the ICC, or the person's fingerprint itself have caused the failure. In resolving these kinds of failures, security personnel should be well informed as to other reliable means of verifying identity, such as comparing the image of the individual that is electronically stored on the ICC to the person him or herself, or by having other authorized personnel vouch for his identity. In keeping with the graduated scheme of the MTSA regulations, this NPRM proposes requiring increased use of the TWIC at higher MARSEC levels. At MARSEC level 1, the owner/operator would be required to ensure that the validity of TWIC credentials is verified against the latest information available from TSA on a weekly basis. At MARSEC level 2, the owner/operator would be required to ensure that the validity of TWIC credentials is verified against the latest information available from TSA on a daily basis. At MARSEC level 3, Coast Guard would require verification of an individual's PIN at each entry to the secure area. The requirements at each MARSEC level are laid out in the table that follows. [[Page 29417]] -------------------------------------------------------------------------------------------------------------------------------------------------------- Vessels ------------------------------------------------ U.S. flagged cruise Recurring unescorted Non-recurring Facilities OCS facilities ships access unescorted access -------------------------------------------------------------------------------------------------------------------------------------------------------- MARSEC 1........................... Facial recognition 1 to 1 biometric match 1 to 1 biometric 1 to 1 biometric 1 to 1 biometric minimum each entry; at each entry; card match at each entry; match at each entry; match at each entry; card validity checked validity checked at card validity card validity card validity weekly with each entry with checked at each checked at each checked at each information < =1 week information < =1 week entry with entry with entry with most old. old. information < =1 week information < =1 week current information old. old; recheck those available from TSA. continuously aboard weekly with most current information available from TSA. -------------------------------------------------------------------------------------------------------------------------------------------------------- MARSEC 2........................... Facial recognition 1 to 1 biometric match 1 to 1 biometric 1 to 1 biometric 1 to 1 biometric minimum each entry; at each entry; card match at each entry; match at each entry; match + PIN at each card validity checked validity checked at card validity card validity entry; card validity daily with most each entry with checked at each checked at each checked at each current information information < = 1 day entry with entry with entry with most available from TSA. old. information < = 1 day information < = 1 day current information old. old; recheck those available from TSA. continuously aboard daily with most current information available from TSA. -------------------------------------------------------------------------------------------------------------------------------------------------------- MARSEC 3........................... 1 to 1 biometric match + PIN at each entry; 1 to 1 biometric 1 to 1 biometric 1 to 1 biometric card validity checked at each entry with match + PIN at each match + PIN at each match + PIN at each information < = 1 day old. entry; card validity entry; card validity entry; card validity checked at each checked at each checked at each entry with entry with entry with most information < = 1 day information < = 1 day current information old. old; recheck those available from TSA. aboard continuously daily. -------------------------------------------------------------------------------------------------------------------------------------------------------- 33 CFR 106.280 This section would be amended to require owners/operators to have the records of persons who have been granted access to the OCS facility (See Sec. 106.230, discussed above) available after a security incident. 33 CFR 106.405 This section would be amended to require that when each OCS facility security plan (FSP) is reviewed and resubmitted for approval upon its 5-year anniversary date, it must incorporate the TWIC Addendum into all appropriate sections of the OCS FSP. Most of these changes should be reflected in the plan's section on access control. New Subpart E (33 CFR 106.500-106.510) Proposed Sec. Sec. 106.500-106.510 are new and are intended to be temporary measures that will be phased out as existing plans are renewed according to the existing plan's expiration date. Rather than require owners/operators to resubmit their entire plan with the TWIC measures incorporated within, the rule would require a temporary TWIC addendum to be submitted. The addendum should be drafted in conjunction with the existing plan, reflecting all modifications that the TWIC rules require. Once approved, it should be attached to and maintained as part of the entire plan, and will be given the same expiration date as the existing plan. Upon expiration, the TWIC addendum should be seamlessly incorporated into the plan when it is renewed in accordance with the regulations in place at the time of renewal. Owners/operators may opt to resubmit their entire plan, with a list of sections amended, as their TWIC Addendum, but once approved it will carry the same expiration date as it had prior to amendment. Owners/operators are encouraged to submit the addendum via Homeport (http://homeport.uscg.mil ). Miscellaneous Items The proposed changes outlined above would affect other sections within 33 CFR subchapter H, even though these sections would not be changed. Some of the greatest impacts are summarized below: 33 CFR 101.305 There are no proposed amendments to this section, but certain incidents involving TWICs would need to be reported as either a suspicious activity or breach of security. For example, under certain circumstances an individual's attempt to gain entry using an invalid TWIC (one that has been revoked or one that is counterfeit) may qualify as suspicious activity, even if that individual was denied access. Circumstance that trigger the reporting requirement in 101.305(a), are highly fact-specific and difficult to define comprehensively, but the general language found within that section (``activities that may result in a transportation security incident'') is a good guide. If an owner/operator, or any other individual holding a TWIC, knows of a reason that an individual who holds a TWIC should have that TWIC revoked, the owner/operator should treat this as suspicious activity and report it as required in 101.305(a). The owner/operator may also deny the TWIC-holder access in this situation. Additionally, finding an individual who does not have a valid TWIC within a secure area would qualify as a breach of security, and should be reported as such pursuant to 101.305(b). 33 CFR 101.400 TSA, as the DHS entity responsible for conducting security threat assessments and issuing credentials under this rule, will have principal enforcement authority in regard to an individual's TWIC status for the misuse of a TWIC, including forgery, [[Page 29418]] counterfeiting, alteration or use of a TWIC by an unauthorized individual. The Coast Guard will work with TSA where abuses of the TWIC program are identified in the maritime sector. In addition, individuals who try to enter a facility or vessel using a stolen, forged, counterfeit, altered or otherwise unauthorized TWIC, and who are detected and turned away by the facility, may be subject to Coast Guard enforcement actions under 33 CFR 101.415 or other applicable Coast Guard authority, including, but not limited to, civil or criminal penalties. An owner/operator is required to deny unescorted access to an individual who attempts to access a facility with a TWIC that has been revoked by TSA. Coast Guard is not asking owners/operators to take any additional steps, beyond current requirements, with respect to individuals who attempt unauthorized access to a facility. In such circumstances (e.g., where an individual presents for entry at a facility with a TWIC that has been revoked by TSA or with a TWIC which the owner/operator has reason to believe is invalid due to forgery, adulteration, counterfeiting or possession by an unauthorized individual), however, the owner/operator is required to immediately report the matter to the Coast Guard and/or local law enforcement as required under 101.305. 33 CFR 104.130, 105.130, and 106.125 There are no proposed amendments to these sections. However, note that owners/operators of vessels, facilities and OCS facilities, regulated under parts 104, 105, or 106, respectively, may use the above-cited provisions to apply for waivers from the TWIC requirements. They also may suggest equivalents, under Sec. 101.130. These requests should be made in accordance with the relevant provisions of parts 104, 105, or 106. The Coast Guard, however, will not be responsible for making determinations of requests for waivers from individuals required to obtain a TWIC. TSA is the only agency that may waive the requirement that an individual pass a security threat assessment. No one will be waived from the requirement to actually obtain a TWIC. 33 CFR Subpart C, Parts 104, 105, and 106 When it is time for a vessel, facility, or OCS facility to redo a security assessment, in concert with an update to a security plan, consideration of TWIC implementation must be part of the assessment. The TWIC program implemented by the vessel, facility, or OCS facility becomes part of the baseline security analyzed by the assessment. 46 CFR Parts 10, 12, and 15 In order to implement the MTSA mandate that all credentialed merchant mariners hold a TWIC, the Coast Guard is proposing to amend parts 10, 12, and 15 of title 46 to the CFR to require that any individual holding or working under an MMD or a license also hold a TWIC. Coast Guard, in a separate rulemaking published in today's issue of the Federal Register, is proposing to consolidate merchant mariner credentials to minimize duplicate or redundant identification or background check requirements. VI. Section-by-Section Analysis of TSA Proposed Rule TSA proposes to amend and redesignate its existing hazmat regulations to apply those processes to a person who is eligible to obtain a TWIC. TSA does not reiterate substantive analyses of the hazmat provisions below if the standard is not changing, but instead directs the public to the section-by-section analysis of those sections contained in the interim final rule implementing the hazmat regulations at 69 FR 68720. Where standards that formerly applied only to HME applicants now apply to TWIC applicants, however, TSA provides substantive analyses below for the convenience of potential TWIC applicants. The following is a discussion of the proposed changes to sections in title 49 of the CFR. 49 CFR Part 1515 Appeal and Waiver Procedures for Security Threat Assessments for Individuals 49 CFR 1515.1 Scope TSA is proposing to redesignate Sec. Sec. 49 CFR 1572.141 and 143 as new part 1515, Appeal and Waiver Procedures for Land and Maritime Workers to Subchapter A--Administrative and Procedural Rules. TSA developed the appeal and waiver procedures in part 1572 that currently apply to commercial drivers applying for an HME for additional transportation workers who may be subject to the security threat assessment requirement. These are the procedures TSA proposes to apply to TWIC applicants. In addition, TSA may use these procedures for other security threat assessments. For instance, TSA published a proposed rule on air cargo security that included security threat assessment requirements for certain individuals and an appeal procedure that is used currently for HME applicants. 69 FR 65258 (November 10, 2004). It makes more sense, organizationally, to place the appeal rules in a general section of the regulations. The scope section states that the standards in part 1515 apply to an applicant who undergoes a security threat assessment and wishes to appeal an adverse decision or file a waiver request. 49 CFR 1515.3 Terms Used in This Part This section lists definitions of terms that apply specifically to the appeal and waiver process. The term ``applicant'' is amended to include individuals applying for a TWIC, as well as individuals applying for an HME. The terms ``date of service'' and ``day'' are currently listed in the definition section of part 1572, and TSA proposes to move them to Sec. 1515.3 without any change. ``Date of service'' means the date of personal delivery; the mailing date shown on a certificate of service; 10 days from the date of mailing, if there is no certificate of service; another mailing date shown by other evidence if there is no certificate of service or postmark; or the date of an electronic transmission showing when the document was sent. TSA created this definition with mobile workers in mind, to accommodate the use of email or facsimile, and to provide a 10-day period from the date of mailing, rather than 5 or 7 days. The mariners, commercial truck drivers, train crew members, and other workers subject to the threat assessment requirements may travel from the East Coast to the West Coast on a regular basis, or be stationed away from home for days, weeks, or months at a time. We believe this definition makes the appeal process more reasonable for the group of workers affected. The term ``day'' used in the NPRM means calendar day and is the same definition being used in part 1572 now. 49 CFR 1515.5 Appeal Procedures TSA is proposing to use the substantive appeal standards that currently appear in 49 CFR 1572.141 for HME applicants for TWIC applicants, and proposes to expand the suspense deadlines. TSA has found in implementing the HME program that individuals making a good faith effort to comply with the timelines set forth in 1572.141 have difficulty doing so. Thirty days may not be adequate for workers who travel for extended periods during the month. Therefore, TSA proposes to extend response deadlines [[Page 29419]] from 30 to 60 days in the appeal process. An individual may appeal an Initial Determination of Threat Assessment if he asserts that he meets all standards for the security threat assessment. For example, if the Initial Determination was based on information indicating the applicant is not lawfully present in the United States, but the applicant is a lawful permanent resident, he can appeal the Determination and provide TSA proof of lawful presence. Paragraph (b) of this section sets forth the basic mechanics of the appeal process. An applicant initiates an appeal by providing TSA with a written request for the releasable materials upon which the Initial Determination was based, or by serving TSA with a written reply to the Initial Determination. Currently, if an applicant wishes to receive copies of the releasable material upon which the Initial Determination was based, he must serve TSA with a written request within 30 days after the date of service of the Initial Determination. TSA proposes to change this to 60 days after the date of service of the Initial Determination. Under the current provisions, TSA's response is due within 30 days. We propose to change this requirement so that the response would be due in 60 days. In response, TSA cannot provide any classified information, as defined under 6 CFR part 7 (DHS Classified National Security Information), or under E.O.s 12958, as amended by E.O. 13292 (68 FR 15315(Mar. 28, 2003)), and 12968, or any other information or material protected from disclosure by law. If an applicant wishes to reply to the Initial Determination, we propose that he or she must provide TSA with a written reply within 60 days after the date of service of the Initial Determination or the date of service of TSA's response to the applicant's request for materials. The applicant should explain why he or she is appealing the Initial Determination and provide evidence that the Initial Determination was incorrect. In an applicant's reply, TSA will consider only material that is relevant to whether he or she meets the standards for the security threat assessment. If an applicant does not dispute or reply to the Initial Determination, the Initial Determination becomes a Final Determination of Threat Assessment. Under paragraph (b)(3) of this section, an applicant has the opportunity to correct a record on which an adverse decision is based. As long as the record is not classified or protected by law from release, TSA will notify the applicant of the adverse information and provide a copy of the record. If the applicant wishes to correct the inaccurate information, he or she must provide written proof that the record is inaccurate. The applicant should contact the jurisdiction responsible for the inaccurate information to complete or correct the information contained in the record. The applicant must provide TSA with the revised record or a certified true copy of the information from the appropriate entity before TSA can reach a determination that the applicant does not pose a security threat. The Director makes the Final Determination on appeals that involve disqualifying criminal offenses, mental capacity, and immigration status. However, in a case where an Initial Determination of Threat Assessment is based on the applicant's connection to terrorist activity or similar threat under Sec. 1572.107, the Assistant Secretary of TSA reviews the appeal and makes the Final Determination. TSA has the Assistant Secretary review these cases to provide additional scrutiny because these cases will likely involve a review of classified information that the applicant cannot see. In addition, these applicants are not eligible for waivers if the Initial Determination stands. TSA believes that the review by the Assistant Secretary for these cases provides an additional protection that the agency's Final Determination of Threat is sound. In considering an appeal, the Director or Assistant Secretary reviews the Initial Determination, the materials upon which the Initial Determination is based, the applicant's reply and other materials or information available to TSA. The Director or Assistant Secretary may affirm the Initial Determination by concluding that an individual poses a security threat. If this occurs, TSA serves a Final Determination of Threat Assessment on the applicant. Also, for cases involving mariners applying for a TWIC, TSA would provide the Coast Guard with the Final Determination. In cases involving HME applicants, TSA serves the licensing State with the Final Determination. For all TWIC applicants, TSA serves FMSC (who is also the Captain of the Port) with Final Determinations of Threat Assessment. DHS believes that the FMSC, as the chief Federal security officer at the port, should be aware of individuals who are denied a TWIC. The Final Determination includes a statement that the Director or Assistant Secretary has reviewed the Initial Determination, the materials upon which the Initial Determination was based, the reply, if any, and other available information and has determined that the applicant poses a security threat. There is no administrative appeal of the Final Determination of Threat Assessment. However, as explained below, an applicant may apply for a waiver under certain circumstances. For purposes of judicial review, the Final Determination of Threat Assessment constitutes a final TSA order. Paragraph (e) sets forth the procedures to follow if TSA determines that the applicant does not pose a security threat. TSA serves a Withdrawal of the Initial Determination on the applicant and a Determination of No Security Threat on the issuing State for an HME applicant and on the Coast Guard when it involves a mariner applying for a TWIC. Paragraph (f) provides that TSA cannot disclose to the applicant classified information, as defined in section 1.1(c) of E.O. 12958, as amended by E.O. 13292, and section 1.1(d) of E.O. 12968. See also, 6 CFR part 7. TSA reserves the right not to disclose any other information or material not warranting disclosure or protected from disclosure under law, such as Sensitive Security Information (SSI); sensitive law enforcement and intelligence information; sources, methods, means, and application of intelligence techniques; and identities of confidential informants, undercover operatives, and material witnesses. For determinations under Sec. 1572.107, the finding that an individual poses a security threat will be based, in large part, on classified national security information, unclassified information designated as SSI, or other information that is protected from disclosure by law. Classified national security information is information that the President or another authorized Federal official has determined, pursuant to E.O.s 12958, as amended, and 12968, must be protected against unauthorized disclosure to safeguard the security of American citizens, the country's democratic institutions, and America's participation within the community of nations. See 60 FR 19825 (April 20, 1995). E.O.s 12958, as amended, and 12968 prohibit Federal employees from disclosing classified information to individuals who have not been cleared to have access to such information under the requirements of that E.O. See also, 6 CFR part 7. If the Director determines that an applicant who is appealing the intelligence-related check is requesting classified materials, the applicant will not be able to access classified national security information. The denial of access to classified information under these circumstances [[Page 29420]] is consistent with the treatment of classified information under the Freedom of Information Act (FOIA), which specifically exempts such information from the general requirement under FOIA that government documents are subject to public disclosure. 5 U.S.C. 552(b)(1). SSI is unclassified information that is subject to disclosure limitations under statute and TSA regulations. See 49 U.S.C. 114(s); 49 CFR part 1520 as amended by 69 FR 28066 (May 18, 2004). Under 49 U.S.C. 114(s), the Assistant Secretary of TSA may designate categories of information as SSI if release of the information would be detrimental to the security of transportation. Information that is designated as SSI must only be disclosed to people with a need to know, such as those needing to carry out regulatory security duties. 49 CFR 1520.11 as added by 69 FR 28084-5. The Assistant Secretary has defined information concerning threats against transportation as SSI by regulation. See 49 CFR 1520.5. Thus, information that TSA obtains indicating that an applicant poses a security threat, including the source of such information and the methods through which the information was obtained, will commonly be designated SSI or classified information. The purpose of designating this information as SSI is to ensure that those who seek to do harm to the transportation system and their associates do not obtain access to information that will enable them to evade the government's efforts to detect and prevent their activities. Disclosure of this information, especially to an applicant specifically suspected of posing a threat to the transportation system, is precisely the type of harm that Congress sought to avoid by authorizing the Assistant Secretary to define and protect SSI. Other pieces of information also are protected from disclosure by law due to their sensitivity in law enforcement and intelligence. In some instances, the release of information about a particular individual or his or her supporters or associates could have a substantial adverse impact on security matters. The release by TSA of the identities or other information regarding individuals related to a security threat determination could jeopardize sources and methods of the intelligence community, the identities of confidential sources, and techniques and procedures for law enforcement investigations or prosecution. See 5 U.S.C. 552(b)(7)(D), (E). Release of such information also could have a substantial adverse impact on ongoing investigations being conducted by Federal law enforcement agencies, by revealing the course and progress of an investigation. In certain instances, release of information could alert co-conspirators to the extent of the Federal investigation and the imminence of their own detection, thus provoking flight. For the reasons discussed above, TSA will not provide any classified information to an applicant, and TSA reserves the right to withhold SSI or other sensitive material protected from disclosure under law. As noted above, TSA expects that information will be withheld only for determinations based on Sec. 1572.107, which involve databases that list indicators of potential terrorist activity or threats. When the determination is based on the individual's criminal records, TSA expects that appropriate supporting records most likely can be disclosed to the applicant upon a written request to TSA. With respect to disqualifications based on immigration status, TSA will provide the applicant with the reason for a denial, but may not be able to provide specific documentation on the applicant's alien status. TSA has the discretion to extend due dates both for an applicant and for the agency during the appeal process. An applicant must provide a written statement of good cause for extending the due date, within a reasonable time prior to the due date at issue. This is consistent with the rules of civil procedure. TSA anticipates that if an applicant is attempting to correct erroneous records or gather documents in support of a waiver request, the individual may need additional time for the appropriate governmental agency or entity to produce the documents. As long as the applicant provides a sufficient explanation of these problems, TSA will extend the time needed to complete the process. There are a variety of reasons or events that might require an extension of time, and TSA will review these requests liberally to give applicants as much time as is necessary to provide the correct information. Family needs and emergencies, business travel, extreme weather conditions, and lost documents are all considered legitimate reasons on which TSA would grant an extension of time to an applicant. In addition, an applicant's extension request does not have to be a formal document. A handwritten request for an extention of time in a letter to TSA is all that is required. The appeal process is designed for applicants to use without legal counsel and so informal written materials are always accepted. There are also reasons for which TSA may need to extend a response date, particularly where an applicant is the subject of an ongoing investigation by another agency. This has been a rare circumstance with the hazmat threat assessment process, but it has occurred and undoubtedly will occur with TWIC applicants. TSA is not required under the hazmat rule or in this proposed rule, to provide notice to an applicant that TSA's response may be late. However, applicants may contact TSA to determine the status of an appeal. In the hazmat threat assessment process, TSA has an 800-number for drivers to call to ask questions about the appeal procedures and the status of a particular threat assessment. Typically, TSA is able to provide the requested information within one business day. This process will also be available for TWIC applicants. Paragraph (i) of this section describes the procedure for appealing an immediate revocation of an HME under Sec. 1572.13(a) or immediate invalidation of a TWIC under Sec. 1572.21(d)(3). Immediate revocation occurs where TSA determines during the course of conducting a security threat assessment that sufficient factual and legal grounds exist to warrant immediate revocation of the HME. For a hazmat driver under these circumstances, the applicant must surrender the endorsement and cease transporting hazardous materials prior to initiating an appeal. For a TWIC, TSA would invalidate the TWIC in the TSA system. TSA understands that removing the individual from service without an opportunity to correct the record may have adverse consequences, but this mechanism will be used only in cases where the risk of imminent danger is significant and the adverse information is highly reliable. This procedure will also be used where an applicant should have surrendered the endorsement or TWIC and/or applied for a waiver, but failed to do so. The individual may appeal this decision, include all supporting documentation when he or she submits the appeal, and may request releasable documents from TSA. 49 CFR 1515.7 Waiver Procedures This section applies to applicants who have been disqualified from holding or obtaining an HME or TWIC due to a disqualifying criminal offense or mental incapacity. The current standard, Sec. 1572.143, applies to HME applicants and provides that an applicant with certain disqualifying offenses or issues of mental competence may apply for a waiver. In this NPRM, TSA proposes to use the same waiver procedures for TWIC applicants. We are [[Page 29421]] providing a discussion of this section to inform TWIC applicants, most of whom did not need to participate in the hazmat rulemaking where these sections were first discussed. Waivers are offered because an applicant may be rehabilitated to the point that he or she can be trusted in sensitive or potentially dangerous work or has been declared mentally competent. The existing standard and this NPRM provide criteria that TSA considers if the individual does not meet the criminal history standards. TSA believes that these factors are good indicators that an individual may be rehabilitated to the point that a waiver is advisable. The factors are: (1) The circumstances of the disqualifying act or offense; (2) restitution made by the individual; (3) Federal or State mitigation remedies; (4) court records indicating that the individual has been declared mentally competent; and (5) other factors TSA believes bear on the potential security threat posed by an individual. Many of these factors are set forth in MTSA, at 46 U.S.C. 70105(c)(2). TSA has concluded that some crimes, such as espionage, treason, sedition, a terrorist act, and a crime involving a transportation security incident, are so highly indicative of a security threat that individuals convicted of them pose an ongoing, unacceptable risk to transportation security. Most likely, these individuals will be incarcerated for a very long term, but the rule now makes clear that convictions for these crimes disqualify an individual for life, with no opportunity to apply for a waiver. Individuals who are disqualified due to mental incompetence are eligible for a waiver. To support the waiver request TSA will accept a court order or official medical declaration showing that an individual previously declared incompetent is now competent. Generally, TSA will not grant waivers on the basis of a letter from a treating physician stating that the individual is capable of maintaining a job, because these submissions tend to be very subjective and vague. The standard in the rule states that an applicant is mentally incompetent if a court declares it or he or she is involuntarily committed to a mental hospital. Official documents that reverse these findings are necessary for TSA to grant a waiver. TSA, however, does not grant waivers from the standards concerning immigration status or information discovered during a search under Sec. 1572.107. With respect to immigration violations and findings under Sec. 1572.107, individuals may appeal an Initial Determination based on assertions that the underlying records are incorrect, the applicant's identity is mistaken, or TSA's analysis of the records is not correct. However, if TSA finds that the Initial Determination is accurate, the individual is ineligible for a waiver. After reviewing an individual's application for a waiver, TSA sends a written decision to the individual. If the waiver is granted, TSA sends a Determination of No Security Threat to the licensing State or Coast Guard within 60 days after the date of the individual's waiver application. TSA proposes to add new requirements to paragraph (c) of this section to apply to HME and TWIC applicants. As originally conceived, HME applicants who know they have a disqualifying criminal conviction could apply to TSA for a waiver without initiaing the HME threat assessment process. Therefore, the applicants did not provide all of the biographic information or fingerprints required to conduct a full background check under Part 1572 or pay the full fee for the HME background check. However, in practice TSA would conduct a full background check in order to assess the waiver application properly. Under these conditions, TSA would not possess the best information about the applicant on which to base a waiver decision and did not recover the cost of completing the background check from the applicant. To ameliorate this situation, we propose to require all applicants who know they will be disqualified under the standards in Subpart B of part 1572 and want to apply for a waiver to undergo a full threat assessment for the HME or TWIC and pay all fees associated with the complete security threat assessment. TSA will be able to review all available information in considering an application for a waiver. TSA reviews these materials to ensure that the waiver applicant is being truthful concerning past criminal history and other pertinent activity before determining whether a waiver request should be granted. By requiring the fee and critical biographical information in the waiver submission, TSA will complete waiver evaluations more quickly and effectively. Otherwise, TSA must contact the waiver applicant to request additional information, wait for the information to be submitted and run the risk of missing critical information. Finally, if legislation is enacted after publication of this proposed rule that would require TSA to adopt a program in which Administrative Law Judges may be used to review cases in which TSA has denied a waiver request, or other changes that would impact the waiver process, TSA will amend the final rule as appropriate to address such statutory mandates. 49 CFR Part 1570 Land Transportation Security: General Rules 49 CFR 1570.3 Terms Used in This Part TSA proposes to move the definitions of the terms used for the security threat assessment standards from part 1572, Credentialing and Background Checks for Land Transportation Security to part 1570, Land Transportation Security: General Rules. Most of the terms have been through notice and comment in the hazmat rulemaking. TSA proposes to add definitions for terms used in the TWIC standards and amend some of the terms first promulgated in the hazmat rule. We propose to change the definition of ``applicant'' to cover individuals who apply for any security threat assessment described in Subchapter D, rather than just individuals who apply for an HME. The term ``Determination of No Security Threat'' is amended to clarify that such determinations apply both to the authorization to transport hazardous materials and to unescorted access to secure areas of maritime facilities and vessels. Also, TSA is amending the definition to add that TSA will notify the Coast Guard when issuing a Determination of No Security Threat for a mariner applying for a TWIC. The definition for ``explosive or explosive device'' was published in the current hazmat rule at Sec. 1572.3. TSA proposes to move the definition to Sec. 1572.103 to make clear that the definition applies only to the term as it is used in the list of disqualifying criminal offenses. After publishing the hazmat rule in November 2004, TSA received comments asserting that the definition created confusion between the ``explosives'' that are hazardous materials under the federal hazardous material regulations and require placarding in transportation, and the crimes that involve explosives and are disqualifying. To resolve these questions, the definition now clearly applies only to Sec. 1572.103, disqualifying criminal offenses. The kind of explosives offenses that are disqualifying are in 18 U.S.C. 232(5), 841(c)-(f), and 844(j), and a destructive device is defined in 18 U.S.C. 921(a)(4) and 26 U.S.C. 5845(f). The explosive material that requires placarding and triggers the requirement to obtain an HME continues to be defined in regulations issued by the U.S. Department of Transportation. 49 CFR 172.101. [[Page 29422]] TSA proposes to amend ``Final Determination of Threat Assessment'' to add that TSA will notify the Coast Guard when TSA determines that a mariner applying for a TWIC does not meet the security threat assessment standards. A Final Determination may not be administratively appealed. TSA proposes to amend ``Initial Determination of Threat Assessment'' to also apply to issuance of a TWIC. An Initial Determination may be administratively appealed. TSA proposes to amend ``Initial Determination of Threat Assessment and Immediate Revocation'' to extend it to the TWIC threat assessment process. This is an initial administrative determination that an applicant poses an imminent security threat and immediate revocation of an HME or TWIC is necessary. Applicants may appeal the determination after revocation has occurred. TSA issues an Immediate Revocation only where we believe the driver may pose an imminent threat to transportation, national security, or other individuals. This definition is provided to distinguish the notification documents used in an immediate revocation from the more common Initial Determination process. ``Invalidate'' means the action TSA takes when a TWIC is reported as lost, stolen, damaged, no longer necessary, or TSA determines the holder poses a security threat. This action makes the credential inoperative in access control systems. TSA proposes to definition for the term ``owner/operator'' to refer to the maritime facilities and vessels subject to MTSA. TSA proposes to delete the term ``pilot state'' from the definitions section because the process in which it was used is no longer in effect. The definition for ``revoke'' or ``revocation'' is being amended to apply to the TWIC process as well as the HME process. It is the action TSA or a State takes to cancel, rescind, suspend, or deactivate an HME or TWIC when TSA determines that an applicant does not meet the security threat assessment standards set forth in Sec. 1572.5. TSA proposes to add a new term, ``secure area,'' which means the area on a vessel, maritime facility, or outer continental shelf facility where security measures have been implemented in a security plan approved by the Coast Guard. For purposes of TWIC, the secure area is the area in which a TWIC is required, unless under escort. We propose to add a new term, ``sensitive security information'' to the definition section. This term means information that is described in and must be managed pursuant to the requirements codified at 49 CFR part 1520. TSA is adding language to the definition of ``transportation security incident'' to reflect a new requirement in SAFETEA-LU. The statute requires TSA to make clear that a transportation security incident does not include work stoppage or other nonviolent action taken in an employee/employer dispute. Therefore, employees or employers who participate in a strike or other labor/management activity cannot be deemed to have committed a disqualifying offense under Sec. 1572.103. TSA is also moving the definition to Sec. 1572.103 to help clarify the kind of crime that is considered disqualifying. TSA proposes to add a new definition for ``transportation worker identification credential.'' The TWIC is a Federally-issued biometric credential that TSA issues to an individual who has successfully completed a security threat assessment. TSA proposes to add a new definition for ``TSA system'' to explain the electronic program used to sort, store, and send security threat assessment information to the appropriate database or enrollment center. 49 CFR 1572 Credentialing and Background Checks for Land and Transportation Security 49 CFR 1572.5 Scope and Standards for Hazardous Materials Endorsement Security Threat Assessment This section describes the individuals and entities subject to the requirements in Subpart A and the standards they must meet. In addition, the general standards TSA uses to assess an individual in a security threat assessment. Subpart A applies to State agencies responsible for issuing commercial drivers licenses and HMEs, applicants who hold or apply for an HME, and applicants who hold or apply for a TWIC. The security threat assessment standards TSA applies to HME applicants and proposes to apply to TWIC applicants are established by statute. The USA PATRIOT Act and MTSA require TSA to review relevant criminal history, immigration status, and other watch lists and databases that TSA believes appropriate to make an informed security assessment. An applicant poses a security threat if convicted of certain serious crimes, is not lawfully present in the United States, has a connection to terrorist activity, or has been adjudicated as lacking mental capacity. The specific criteria TSA reviews to determine whether an applicant poses a security threat is described in Subpart B and is discussed in detail below. We are proposing to add paragraph (d) to this section to establish a process by which TSA can determine if a security threat assessment completed by another government entity is comparable to the assessment required in part 1572. As noted above, SAFETEA-LU established several mandates for TSA concerning security threat assessment, one of which we address in this section. TSA must initiate a rulemaking to address the comparability of Federal background checks and eliminate redundant checks. TSA proposes to consider checks conducted by Federal, State, and local governmental bodies in the comparability assessment. TSA will evaluate all aspects of the agency threat assessment, including checks of relevant criminal history databases, immigration status, relevant intelligence and international databases, duration, identity verification and authentication, and the use of biometrics for credentialing. It is important to note that TSA must adhere to its own security standards in evaluating other threat assessments. TSA intends to make a determination of comparability only where it is clear that the threat assessment of the agency applying for the determination includes all of the critical components of TSA's check. Many governmental bodies focus on factors that relate specifically to the work done by the agency when conducting a background check and therefore would not necessarily include a check of intelligence data or immigration status. Similarly, local and State agencies might not have conducted terrorist database checks. TSA most likely cannot issue a positive comparability determination in these cases. The age of the threat assessment is another area that TSA will review carefully. For purposes of the threat assessment standards set forth in part 1572, a new threat assessment is required every five years. If TSA determines that another security threat assessment is comparable to part 1572 checks, then we must determine how long the check remains valid. For the most part, all checks would have to be renewed every five years. However, there may be circumstances under which the check would remain valid for a longer or shorter term, depending on other factors surrounding the breath of the threat assessment, such as whether perpetual checks are part of the assessment. [[Page 29423]] TSA plans to establish a verification process between TSA and participating agencies to ensure that only employees who have successfully completed a threat assessment through another agency are approved under TSA's comparability determination. TSA will strive to automate the verification process to reduce costs and processing time. TSA will establish rules governing the exchange of information between TSA and the participating agency, including appropriate Interface Control Documents (ICD). TSA may enter into Memoranda of Understanding (MOU) with other agencies if necessary. TSA plans to notify the public of any determinations of comparability, unless otherwise prohibited by law or such a disclosure would reveal sensitive security information. TSA considered proposing that individuals, rather than agencies, could apply for a comparability determination, but has determined that the costs would increase substantially and the reliability of the information exchanged could be questionable. TSA proposes to notify the public when comparability determinations are made, to make certain that all individuals who are eligible are aware of the determination. An applicant who completes a threat assessment that TSA determines to be comparable to the assessment set forth in part 1572, and wishes to apply for a TWIC to gain unescorted access to a secure area of a facility or vessel, would have to complete the enrollment process required for a TWIC and pay the corresponding fee to cover the cost of information collection and issuance of the credential. However, because a duplicate threat assessment would not be required, the applicant would not have to pay a threat assessment fee. In making comparability determinations, TSA proposes to ``grandfather'' the comparable threat assessment for the period of time remaining before that threat assessment would expire. For instance, if an HME holder completed the threat assessment under part 1572 in October 2005 and applies for a TWIC in October 2006, TSA would issue the TWIC for the period of time remaining before the HME threat assessment expires. Therefore, the TWIC would show an expiration date of October 2010--five years from the date of the HME threat assessment. TSA proposes to announce comparability determinations in this NPRM. First, an applicant who successfully completes the security threat assessment required for an HME would be deemed to have completed the threat assessment for a TWIC. The standards and period of validity are the same for an HME and a TWIC. However, if an HME holder wishes to apply for the TWIC credential to have unescorted access to secure areas of a facility or vessel, the applicant would complete the TWIC enrollment process and provide the biometric information for issuance of the credential. Second, TSA deems the security threat assessment required to obtain a FAST card, as part of the Free and Secure Trade program administered by U.S. Customs and Border Protection (CBP), an agency within DHS, to be comparable to the security threat assessment set forth in part 1572. FAST is a cooperative effort among CBP and the governments of Canada and Mexico. Applicants from Canada, Mexico, and the United States may volunteer to undergo a background records check and if they complete it successfully, may receive expedited entrance privileges at the northern and southern borders, subject to other requirements. CBP conducts a fingerprint-based criminal history records check, name-based checks of pertinent intelligence databases, and a personal interview. Canada conducts a similar check for Canadian citizens. The FAST card and background check are valid for five years. TSA invites comment on paragraph (d) from all interested parties. TSA invites other agencies and workers who may be affected by this section to propose different or additional standards to make this process as efficient and effective as possible. TSA urges all agencies interested in obtaining a comparability determination to contact TSA, not only with comments to the proposed rule, but also to inform TSA of the interest in seeking the determination. Please contact Assistant Program Manager, Attn: Federal Agency Comparability Check, Hazmat Threat Assessment Program, TSA-19, TSA, 611 South 12th Street, Arlington, VA 22202. 49 CFR 1572.7 Waivers of Security Threat Assessment Standards This section describes the TWIC applicants who TSA proposes may apply for a waiver of the threat assessment standards. As we do with HME applicants, TSA proposes that TWIC applicants who have been convicted of certain criminal offenses and those who have been declared mentally incompetent in the past may apply for a waiver. Individuals convicted of treason, sedition, espionage, a crime involving a transportation security incident, and a crime of terrorism are not eligible for a waiver from TSA. TSA believes this is appropriate given the severity and level of risk these crimes reflect. For applicants who do not meet the immigration standards in Sec. 1572.105, there is no circumstance or set of facts under which TSA would wish to suspend the application of the lawful immigration categories listed to issue a waiver. Additionally, if a TWIC applicant is disqualified under Sec. 1572.107, the applicant should not be eligible for a waiver. Granting a waiver to an individual determined to pose a security threat would undermine the purpose of this rule and the statutes that gave rise to it. 49 CFR 1572.9 Applicant Information Required for Security Threat Assessment for a Hazardous Materials Endorsement This section describes all of the identifying information an HME applicant must provide in order for TSA to complete the fingerprint- and intelligence-related checks. TSA is proposing one change in paragraph (g) relating to employer notification of adverse threat determinations. TSA proposes to add a statement to the application process, informing the applicant that TSA may notify the applicant's employer if TSA determines that he or she poses a security threat. TSA believes that applicants should be fully aware of TSA's authority and responsibility to provide employer notifications at the time of the threat assessment application. 49 CFR 1572.11 Applicant Responsibilities for a Security Threat Assessment for a Hazardous Materials Endorsement This section describes the standards with which each HME applicant must comply and the actions the applicant must take in order to hold an HME. TSA is not proposing any changes to this section. 49 CFR 1572.13 State Responsibilities for Issuance of Hazardous Materials Endorsement This section lists all of the responsibilities that the States must perform in order to ensure that only individuals who meet the security threat assessment standards receive a hazmat endorsement. TSA is not proposing any substantive changes to this section, except to remove sunset provisions. Former paragraph (b) included compliance dates that have passed and so are not necessary to reference in rule text. Former paragraph (c) permitted a State to apply to be a ``Pilot State'' prior to January 31, 2005 and is no longer necessary. Former paragraph (f) required [[Page 29424]] States to submit a declaration by December 27, 2004 if the State wanted to conduct fingerprint collection, and is no longer necessary. 49 CFR 1572.15 Procedures for Security Threat Assessment for an HME TSA is not proposing to make any changes to this section. This section describes the security threat assessment process in detail, and provides that no State can issue an HME unless the steps outlined in this section have been completed. 49 CFR 1572.17 Applicant Information Required for the Security Threat Assessment for TWIC TSA is proposing this new section to require TWIC applicants to provide biographic and biometric information necessary for TSA to conduct a comprehensive security threat assessment. This proposed section is nearly identical to Sec. 1572.9, Applicant information required for the security threat assessment for an HME. However, in this section, TSA proposes to require the applicant to explain his or her need for a TWIC. Paragraph (a)(10) states that the applicant must provide his or her job description and the facility, vessel, or port where the applicant requires unescorted access, if it is known. Paragraph (a)(11) asks for information concerning the applicant's employer, if known. Paragraph (f) proposes to require each TWIC applicant to certify that he or she needs unescorted access to secure areas of maritime facilities as part of their employment duties, or that he or she is a merchant mariner. TSA is proposing these requirements to limit TWIC to individuals with a legitimate need to enter secure areas of maritime facilities. First, TSA has authority to conduct threat assessments on individuals only in furtherance of its transportation security authorities. We cannot conduct security threat assessments on persons who have no such nexus. This principle is consistent with security standards in other modes of transportation. For instance, in aviation, each airport operator determines which individuals need unescorted access to the secure area of the airport, and the airport conducts a background check and provides a credential to those individuals. TSA has no employment or business relationship with the TWIC applicant and so we propose to obtain a minimum level of information from the applicant to avoid conducting security threat assessments and providing a tool for accessing facilities to any individual who may have a criminal motive or casual interest in the facility. Ultimately, the facility owner controls the individuals that are given unescorted access through the access control system, but TSA believes some sort of minimal filter is advisable to restrict TWIC to those who have a need for it. TSA also believes this may prevent an unscrupulous employer who has no connection to a facility or vessel from using the TWIC threat assessment process as a free suitability assessment in making hiring decisions. TSA does not intend for this provision to adversely impact an employee who is seeking employment in the maritime industry and applies for a TWIC to increase his or her marketability. These applicants should be able to articulate the facility, vessel or port where they may seek employment, which would satisfy paragraph (a)(10). 49 CFR 1572.19 Applicant Responsibilities for a Security Threat Assessment for TWIC In this section, we propose the basic duties a TWIC applicant must comply with to satisfy the rule. Paragraphs (a) and (b) propose a timeline for enrollment for TWIC applicants. As currently envisioned, enrollment of the current population subject to this rule will be accomplished three phases: ------------------------------------------------------------------------ Start date End date ------------------------------------------------------------------------ Group 1 Effective date Not later than 10 months after effective of rule. date of rule. Group 2 After Group 1.. Not later than 15 months after effective date of rule. Group 3 After Group 2.. Not later than 18 months after effective date of rule. ------------------------------------------------------------------------ We believe that a staggered rollout is the most efficient way to implement a program of this size and complexity. TSA and the Coast Guard plan to focus resources consistent with the schedule above and complete each grouping as quickly as possible. The length of the enrollment period at each port will vary depending on port population, with the requirement that enrollment at all regulated facilities and vessels must be completed within 18 months after the effective date of the final rule. TSA and Coast Guard also are contemplating implementing a more flexible rollout, with anticipated dates to be announced by notices published in the Federal Register. The timetable proposed in the rule does not include actual credential issuance. Once the enrollment process is complete for an applicant, the time required to complete the threat assessment and have the credential ready to issue will typically be 30 days. As proposed, each FMSC, with input from the AMS Committee, would establish his/her own plan for scheduling enrollment to ensure a steady flow of enrollees, prevent long lines, and avoid disrupting commerce. TSA plans to establish enrollment times that are consistent with normal port operations. To allow flexibility and service the maritime population effectively, TSA will deploy permanent and mobile enrollment centers. Enrollment workstations will be fielded at larger ports in sufficient quantity to complete the enrollments within the required timeframe, assuming reasonably steady enrollment rates. The strategic placement of the enrollment stations will accommodate port management and operational requirements, and satisfy new enrollments and replacement of lost or stolen credentials. Paragraph (b) of this section discusses the enrollment of mariners. Mariners who hold an MMD or License can enroll in TWIC pursuant to the schedule in paragraph (a). However, these applicants are not required to undergo the criminal history records portion of the TWIC security threat assessment if they received an MMD after February 3, 2003 or a License after February 13, 2006. These applicants must provide the information necessary for enrollment, including biometric information, and obtain the credential. These MMD and License applicants have completed a full security background check performed by the Coast Guard, including review of criminal records for all crimes listed in 46 CFR 10.201 or 46 CFR 12.02-4. These include terrorism offenses, acts of sabotage, and espionage. In addition, the Coast Guard safety and security evaluation analyzes several data sources that contain intelligence information and includes a verification of immigration status. We have agreed to eliminate the requirement for a criminal history records check for this portion of the merchant mariner population to prevent redundancy and reduce costs for applicants and the government. Mariners who have already had their background fully vetted by the Coast [[Page 29425]] Guard are not required to undergo the full TWIC security threat assessment described in part 1572 for their first TWIC, as long as their MMD or License is current. TWICs issued in accordance with these procedures will expire five (5) years after the date of the Coast Guard security threat assessment, and align with the expiration date of the MMD or license, as applicable. Although a mariner may opt to undergo the full security vetting and be issued a TWIC that is valid for the full 5-year period, this is not required for the mariner population who have an MMD issued after February 3, 2003 or a License issued after January 13, 2006. In paragraphs (c)-(e) we propose the same standards that currently apply to HME applicants. TWIC holders would be required to surrender the TWIC to TSA if TSA determines that the holder poses a security threat, and have a continuing obligation to report a disqualifying event to TSA. In addition, TWIC applicants would be required to submit the biometric and biographic information required in Sec. 1572.17 and the security threat assessment fee to TSA once every five years. Paragraph (f) addresses lost, stolen, or damaged credentials. To minimize fraud and prevent unauthorized individuals from entering the secure areas, TWIC holders must report lost or stolen credentials to TSA as soon as the holder loses possession of the credential. TSA would then invalidate the credential number in the TSA system to prevent it from being used in an access control system. Employees will pay a fee for the cost of the replacement credential, but we do not currently plan to require a new threat assessment. The expiration date on the replacement credential will be the same as the expiration date on the original card. If a TWIC holder finds that the credential no longer operates as intended in the access control system, he or she should report it and go to an enrollment center to determine the cause of the malfunction. Unless there is an inherent defect in the credential, the holder will be charged a fee of $36 for a replacement credential. 49 CFR 1572.21 Procedures for Security Threat Assessment for a TWIC This section outlines the procedures TSA, applicants, and owners/ operators would follow in completing the security threat assessment. These procedures are nearly identical to the procedures followed in the HME process. However, where TSA notifies a State of a Final Determination of Threat Assessment, Determination of No Security Threat, or an Immediate Revocation in an action involving an HME, TSA would notify the Coast Guard with respect to a TWIC applicant who is a mariner. TSA provides this information to the Coast Guard because TSA's final determination bears on the mariner's credential. If the mariner is not eligible for a TWIC, the Coast Guard will not issue the mariner credential. Also, TSA will notify the FMSC of TWIC revocations and denials. As the chief governmental security officer at a port, the FMSC should be aware of an applicant who is denied a TWIC or has a TWIC that has been revoked. 49 CFR 1572.23 Conforming Equipment; Incorporation by Reference Each owner/operator required to have access control systems and equipment, including card readers, in conjunction with TWIC, must meet TSA-approved standards. These readers shall conform to referenced industry standards employed by TSA for secure identity credentials. TSA plans to incorporate these standards by reference in the final rule. These standards are listed in proposed Sec. 1572.23. Copies of these standards may be obtained through the Web sites and addresses listed in proposed Sec. 1572.23. 49 CFR 1572.24-40 [Reserved] 49 CFR 1572.41 Compliance, Inspection and Enforcement In this section, TSA proposes standards requiring owners/operators to permit TSA personnel to enter the secure areas of maritime facilities to evaluate, inspect, and test for compliance with the standards in part 1572. These proposals are standard and necessary for TSA to exercise its oversight and enforcement responsibilities over trusted agents, the enrollment process, and the performance of the credential in a variety of circumstances. TSA will be subject to audits and reporting requirements on the TWIC threat assessment and credentialing system that require visual and operational assessments that necessitate access to facilities and vessels. TSA will work cooperatively with owners/ operators to minimize adverse impacts on normal operations. 49 CFR 1572.101 Scope TSA is amending this section to add TWIC applicants to the group of individuals subject to the threat assessment standards. Also, TSA is adding paragraph (a) to this section to acknowledge that hazmat drivers are subject to additional standards issued by the Federal Motor Carrier Safety Administration and the State that issues the commercial driver's license, including safety requirements, immigration status and criminal history standards. 49 CFR 1572.103 Disqualifying Criminal Offenses TSA proposes to adopt the list of criminal acts that disqualify an applicant from holding an HME under 49 CFR 1572.103 for TWIC applicants. In addition, TSA proposes to make one substantive and several administrative changes to this section, as it applies to HME and TWIC applicants. TSA is moving the definitions of ``explosive,'' ``firearm,'' and ``transportation security incident'' from Sec. 1572.3 to Sec. 1572.103, where the terms are used. This should help to eliminate uncertainty about the crimes that are disqualifying. In addition, TSA is adding clarifying language concerning the kind of activity that constitutes a ``transportation security incident.'' As required in SAFETEA-LU, the definition now makes clear that nonviolent labor-management activity is not considered a disqualifying offense. TSA also adds paragraph (a)(1) to the scope of this section acknowledging that hazmat drivers are subject to other standards issued by the Federal Motor Carrier Safety Administration and the State that issues the driver's commercial license and hazmat endorsement. TSA is proposing a substantive change to this section concerning the crimes of treason, sedition, espionage, and terrorism listed in Sec. 1572.103(a), which are permanently disqualifying. Applicants convicted of these crimes are not eligible for a waiver. TSA is adding conspiracy to commit these crimes to the list of crimes that are not subject to a waiver request. TSA has determined that a conviction of conspiracy to commit espionage, treason, sedition, or terrorism are indicative of a serious, ongoing, unacceptable risk to security and should not be waived under any circumstances. This change applies to HME and TWIC applicants. Paragraph (d) describes how an arrest with no indication of a conviction, plea, sentence or other information indicative of a final disposition must be handled. TSA proposes to change the time allowed for an applicant to provide correct records from 30 days to 60 days. The individual must provide TSA with written proof that the arrest did not result in a conviction of a disqualifying criminal offense within 60 days after the date TSA notifies the individual. If TSA does not receive such proof in 60 days, TSA notifies the applicant that the he or [[Page 29426]] she is disqualified from holding an HME or a TWIC. TSA is considering whether to change the list of disqualifying criminal offenses and invites comment on this matter. TSA received comments on this list following publication of the November 2004 hazmat rule, particularly concerning crimes with explosives. Commenters suggested that possession of explosives should not be disqualifying if the conviction results from previous criminal activity, perhaps nonviolent, that makes any subsequent possession of an explosive or firearm a felony. Also, commenters suggested that explosives convictions should be disqualifying only when the crime involves explosives in the amount and packaging that require placarding in transportation. Even assuming TSA agrees with these suggested changes, the current criminal recordation system does not include the level of detail these distinctions require. Often, criminal rap sheets list only the statute violated, which may or may not include ``explosives'' in the title. Rarely, if ever, would a rap sheet include specific facts about the amount or type of explosive involved, or whether the conviction is based on a previous underlying conviction that prohibits contact with explosives. These are the kind of facts TSA can and does evaluate during a request for a waiver, where the applicant provides background information surrounding the conviction and any mitigating information. TSA invites comment on this and any other issue related to disqualifying criminal offenses, in which the public believes TSA can improve the process. TSA may amend Sec. 1572.103 as it applies to TWIC and HME applicants. Any amendment to the list of disqualifying crimes will apply equally to TWIC and HME applicants. 49 CFR 1572.105 Immigration Status The immigration standards in this section currently apply to HME applicants, with the exception of paragraph (a)(2)(iv), which is a new proposal. TSA now proposes to apply the entire section to TWIC applicants. TSA proposes to add a new paragraph to permit certain drivers licensed in Canada or Mexico who frequently deliver goods to facilities and vessels to meet the immigration standards for holding a TWIC. These drivers are admitted to the United States under a North American Free Trade Agreement (NAFTA) implementation visa category. 8 CFR 214.2(b)(4)(i)(E). These drivers are lawful non-immigrants, doing business in the United States, but are not ``working in'' the United States for purposes of the immigration laws. These individuals do not possess (nor are they required to possess under this particular visa category) specific documentation authorizing them to work in the United States for a specified time, as is required of other lawful nonimmigrants applying for a TWIC under paragraph 1572.105(a)(3)(i)- (iii). This proposed paragraph is intended to cover the significant number of commercial drivers regularly entering the United States to deliver food and other products to a port or vessel. Requiring these drivers to enter the access control portion of the port under escort would interfere with normal port operations and could potentially adversely affect other businesses on the port. This proposal would not have any impact on existing requirements that must be met to receive a visa under 8 CFR 214.2(b)(4)(i)(E). TSA invites comment on this proposal from all interested parties. 49 CFR 1572.107 Other Analyses This section of TSA's HME rule currently applies to HME applicants and we are proposing to apply it to TWIC applicants. MTSA requires that TSA disqualify an individual that ``poses a terrorism security risk to the United States.'' For checks under this section for the HME process, TSA accesses relevant international databases, such as Interpol-U.S. National Central Bureau, and other appropriate sources of information on terrorists and terrorist activity, violent gangs, fugitives from justice, and international criminal records. These sources are also appropriate for TWIC applicants. Paragraph (c) states that TSA may determine that an individual poses a security threat if TSA's search reveals an extensive or very serious domestic or foreign criminal history, conviction for serious crimes not listed in Sec. 1572.103, or an extensive period of imprisonment, foreign or domestic, exceeding 365 consecutive days. TSA placed this language in the hazmat rule to clarify the full application of this section and to provide sufficient notice to the public that there may be cases in which an applicant's criminal record includes convictions for serious crimes that are not specifically listed in Sec. 1572.103, but may be disqualifying. Also, if an applicant has been imprisoned for more than a year, which is generally indicative of a serious offense or a long history of criminal activity, TSA may determine that the applicant poses an unacceptable security threat. As TSA noted in the hazmat rulemaking, we cannot possibly list all of the offenses or other information that may be relevant to determining whether an individual poses a security threat that warrants denial of an HME. TSA has discretion to carry out the intent of MTSA and the USA PATRIOT Act and assess threats to transportation and the Nation, where the intelligence and threats are so dynamic. TSA understands that the flexibility this language provides must be used cautiously and on the basis of compelling information that can withstand judicial review. TSA invites comment on this section. 49 CFR 1572.109 Mental Capacity The explosives laws prohibit individuals who have been adjudicated as lacking mental capacity from transporting explosives. The hazmat rule currently provides that any person who has been determined to lack mental capacity does not meet the standards for a security threat assessment. We propose to extend this qualification standard to TWIC applicants. An individual lacks mental capacity, for purposes of this NPRM, if he or she has been committed to a mental health facility or has been adjudicated as lacking mental capacity. An individual is adjudicated as lacking mental capacity if a court or other appropriate authority determines that the individual is a danger to himself or herself, or lacks the mental capacity to manage his or her affairs. An individual is ``committed to a mental health facility'' if formally committed by a court; this term does not refer to voluntary admissions to a mental institution or hospital. Subpart E--Fees for Transportation Worker Identification Credential A. TWIC Maritime Population Estimation Methodology TSA conducted an analysis of the maritime population to determine the necessary fee level for the TWIC threat assessment, including enrollment; adjudication, appeals and waivers; and issuance of the credential. TSA estimates that during initial rollout of the program, it will issue TWIC credentials to approximately 750,000 workers requiring regular, unescorted access to secure areas of MTSA-regulated facilities. This figure is the product of survey and analysis work by TSA and Coast Guard personnel, using information provided by individual ports, public and private-sector data sources, interviews with sector subject-matter experts, and extrapolation from survey responses. In developing this estimate, TSA first identified a wide array of worker categories at MTSA-regulated facilities [[Page 29427]] that would most likely to be required to carry a TWIC. This list evolved during the course of TSA's rulemaking process, both to reflect new information as well as consultations with Coast Guard and maritime industry representatives. The list of major port-related personnel subject to TWIC requirements is as follows:Cruise Workers (Land-Based Only) Liquid Bulk Refining/Processing Workers Longshoremen Merchant Mariner Document or License Holders Off-Shore Liquid Bulk Workers (i.e. MODUs) Rail Workers Shipyard Workers Site Management/Administration Workers Truck Drivers Vessel Operations/Port Support Workers Contractors/Other The 750,000 figure was derived from analyzing each of these employment segments using a number of approaches and resources. First, TSA and Coast Guard conducted a maritime population survey during late 2004 and early 2005. TSA and Coast Guard interviewed management officials from 45 ports across the United States, covering many of the nation's largest cargo operations.\5\ We asked senior port managers and security officers to estimate the number of workers requiring regular unescorted access to their ports, subdivided into distinct employment categories. To enable comparisons between ports and estimate the range of labor required to load/unload/transport a specific volume of freight, port officials also estimated tonnage and twenty-foot equivalent units (TEU) statistics by cargo type for their ports, such as container, liquid bulk, dry bulk, and roll-on/roll-off (``ro-ro''). --------------------------------------------------------------------------- \5\ Ports surveyed (in whole or in part) include: Baltimore, Beaumont, Boston, Brownsville, Brunswick, Burns Harbor, Charleston, Cleveland, Duluth-Superior, Gulfport, Houston, Jacksonville, Lake Charles, Long Beach, Los Angeles, Miami, Milwaukee, Mobile, Morehead City, New Orleans, New York/New Jersey, Oakland, Palm Beach, Panama City, Pascagoula, Pensacola, Philadelphia, Port Arthur, Port Canaveral, Port Hueneme, Port Manatee, Portland (ME), San Diego, San Francisco, Savannah, Seattle, South Louisiana, Tampa, Texas City, Toledo, Virginia Ports (Newport News, Norfolk, Portsmouth), Wilmington (DE), and Wilmington (NC). --------------------------------------------------------------------------- This data was utilized to generate four geographically-diverse extrapolation scenarios, each approximating the nationwide distribution of different cargo types.\6\ TSA and Coast Guard used this approach to minimize the impact of the significant variation it found in labor intensiveness across ports, and to incorporate a broader array of port data in TSA's calculations. TSA and Coast Guard believe that this method yielded reliable port worker population estimates in the following categories: \6\ The TSA Office of Revenue and MARAD representatives jointly cooperated on a cargo type interpretation of U.S. Army Corps of Engineers Waterborne Commerce data, producing a single normalized basis for extrapolation projections: 49% liquid bulk, 9% container, 41% dry bulk/break bulk, 1% ro-ro. --------------------------------------------------------------------------- Site Management/Administration (70,000) Vessel Operations/Port Support (50,000) Rail (10,000) Contractors/Other (70,000) TSA and Coast Guard also used industry-based employee research to complement the maritime population survey. The agencies believe that the survey did not produce sufficiently accurate worker counts for longshoremen and port truckers in particular, because employees in these classes sometimes work at multiple facilities and thus were likely double-counted in the TSA/Coast Guard survey data. For this reason, industry-wide estimates of port truckers and longshoremen were substituted for the agencies' initial survey data involving these sectors. The total longshoremen estimate (60,000) was reached by aggregating data from labor unions and port management organizations.\7\ The port trucker estimate (110,000) was developed using the 2002 (latest available) Vehicle Inventory and Use Survey (VIUS) of the U.S. Census Bureau, isolating respondent populations with common port container trucker characteristics. Additionally, an estimate for non-container drivers was based on a consensus percentage of the total VIUS survey data from trucking subject-matter expert interviews.\8\ \9\ --------------------------------------------------------------------------- \7\ Sources consulted by TSA include the Pacific Maritime Association, United States Maritime Alliance, International Longshoreman's Association, and International Longshoremen and Warehouse Union. \8\ Sources consulted by TSA include (but are not limited to) the American Trucking Association, Owner-Operator Independent Drivers Association, International Brotherhood of Teamsters (Port Division), and academic subject-matter experts from the University of Michigan, University of Minnesota-Morris, and California State University at Long Beach. \9\ According to subject-matter experts consulted by TSA, the vast majority of port truckers (~80%) drive containers. Thus, TSA estimated non-container port truckers to be 20% of the total population. Common characteristics of this sector include: independent owner-operator status, for-hire employment basis, high proportion of short hauls (less than 100 miles). --------------------------------------------------------------------------- TSA and the Coast Guard also conducted employment category research with leading maritime associations and other relevant organizations to account for MTSA-regulated maritime population segments that the agencies believe were either not represented or under-represented in its maritime population survey. These segments include: Barge Operators (30,000) \10\ --------------------------------------------------------------------------- \10\ Based on sector data provided by American Waterways Operators. --------------------------------------------------------------------------- Land-Based Cruise Personnel (15,000) \11\ --------------------------------------------------------------------------- \11\ Extrapolation based on Maritime Population Survey population data and International Council on Cruise Lines (ICCL) market share information. --------------------------------------------------------------------------- Liquid Bulk Refining/Processing (80,000) \12\ --------------------------------------------------------------------------- \12\ MTSA-regulated refinery estimate (35,000-40,000) reflects National Petrochemical and Refiners Association (NPRA) Injuries and Illness Survey data. Other liquid bulk numbers are extrapolations based on MTSA-regulated facility population data in the EPA Risk Management Database. --------------------------------------------------------------------------- MODU/Offshore Liquid Bulk (30,000)\13\ --------------------------------------------------------------------------- \13\ Based on sector data provided by the Minerals Management Services of the U.S. Department of Interior. Only MTSA-regulated offshore facilities are included. --------------------------------------------------------------------------- Shipyard (55,000) \14\ \14\ Based on data provided by MARAD's Office of Shipbuilding and Marine Technology. Sources consulted by TSA include (but are not limited to) the American Shipbuilding Association and Shipbuilders Council of America. Only MTSA-regulated shipyards are included. --------------------------------------------------------------------------- Finally, TSA and the Coast Guard integrated the Coast Guard's operational data for merchant mariners. The National Maritime Center (NMC)--which provides credentialing, training, and certification services to all merchant mariners--lists 204,835 domestic MMD and MML holders.\15\ While no reliable data exists on the overlap between MMD holders and active land-based port workers, representatives of NMC and TSA arrived at a rough estimate of 35,000. Thus, the net active estimate for MMDs who will require TWICs is ~170,000 (205,000-35,000 overlapping MMDs counted among other categories). --------------------------------------------------------------------------- \15\ Date is as of June 2005. Includes both MMDs and other license holders to be covered by TWIC. --------------------------------------------------------------------------- The aggregate results of TSA/Coast Guard maritime employment population research are summarized in the table below: [[Page 29428]] ------------------------------------------------------------------------ TSA/Coast Guard Maritime employment sector population estimate \1\ ------------------------------------------------------------------------ MMD and License Holders................................. 205,000 MMD/License Overlap with Other Worker Categories........ -35,000 Port Truck Drivers...................................... 110,000 Liquid Bulk Refining/Processing......................... 80,000 Site Management/Administration.......................... 70,000 Contractors/Other....................................... 70,000 Longshoremen............................................ 60,000 Shipyards............................................... 55,000 Vessel Operations/Port Support.......................... 50,000 MODU/Offshore Liquid Bulk............................... 30,000 Barge Operators......................................... 30,000 Land-Based Cruise....................................... 15,000 Rail Workers............................................ 10,000 --------------- Total TWIC Initial Maritime Population................ 750,000 ------------------------------------------------------------------------ \1\ Population estimate is for those persons requiring regular unescorted access to secure areas of MTSA-regulated facilities. TSA and Coast Guard have set an 18-month TWIC enrollment period for MTSA-regulated facilities and vessels beginning in the final month of FY06, with the majority of enrollments occurring in FY07 and completion by mid FY08. The enrollment plan assumes that workers at the largest U.S. ports are enrolled first, and those at small and rural locations will be completed toward the end of this cycle. TSA estimates a 1% population growth per year, not including worker turnover, in which individuals leave the port worker population and are replaced by new port workers.\16\ Accounting for this annual population growth net of turnover, (or ``net population growth''), results in an 18-month initial enrollment population of approximately 758,000. --------------------------------------------------------------------------- \16\ Population growth estimate derived from the Bureau of Labor Statistics' (BLS) National Employment Matrix, which estimates growth in the ``Transportation and Warehousing'' sector of the economy at 1.1 percent --------------------------------------------------------------------------- 1. Recurring Population TSA estimates that approximately 12 percent of port workers will leave the port labor force every year and thus will be replaced by new workers who will require a TWIC. This estimate is derived from TSA and Coast Guard's informal port population survey efforts and related anecdotal evidence. Given that the port population segments discussed above are extremely diverse in operations and demographics, TSA expects this annual turnover will not be consistent across all categories or locations. Assuming a 12 percent annual rate and 1 percent net population growth per year, TSA estimates a five-year total turnover of approximately 410,000. TSA also estimates that 8 percent of port workers will lose or damage their TWIC credentials each year. This estimate is derived from anecdotal evidence from other Federal credentialing programs. Assuming an 8 percent annual rate and 1 percent net population growth per year, TSA estimates five-year lost/damaged credential totals of some 273,000. 2. Five-Year Enrollment Population Based on these calculations, TSA estimates total five-year TWIC enrollments (initial enrollments, including annual net population growth, plus job turnover enrollments), of approximately 1,168,000. This estimate does not include the lost/damaged card replacement estimate of 273,000 over five years. B. Proposed Fee To comply with the mandates of Section 520 of the 2004 DHS Appropriations Act, TSA proposes to establish user fees for individuals who apply for or renew a TWIC, and thus are required to undergo a security threat assessment in accordance with 49 CFR part 1572. TSA proposes to establish a new user fee (with two components), separate from the fee the FBI charges to check its criminal history records databases.\17\ --------------------------------------------------------------------------- \17\ The FBI is authorized to establish and collect fees to process fingerprint identification records and name checks for non- criminal justice, non-law enforcement employment and licensing purposes that may be used for salaries and other expenses incurred in providing these services. See Title II of Pub. L. 101-515, November 5, 1990, 104 Stat. 2112, codified in a note to 28 U.S.C. 534. --------------------------------------------------------------------------- First, TSA proposes an Information Collection/Credential Issuance Fee to cover the costs of collecting the biometric and biographic information, transmitting the information to the appropriate process or location, and issuing the credential. Second, TSA proposes a Threat Assessment/Credential Production Fee to cover TSA's costs to perform and adjudicate security threat assessments; administer the appeal and waiver process; conduct program oversight; and produce the credential. Third, TSA proposes a fee to cover the cost of creating a new credential to replace a lost, stolen, or damaged credential. Based on the information currently available to the agency, TSA proposes the following fees: an Information Collection/ Credential Issuance Fee ranging from $45-$65; a Threat Assessment/Credential Production Fee of $50-$62; and a Credential Replacement Fee of $36. The FBI currently charges a fee of $22 for the criminal history records check, which is also collected whenever a security threat assessment is required. Pursuant to the Chief Financial Officers Act of 1990, DHS/TSA is required to review these fees no less than every two years. 31 U.S.C. 3512. Upon review, if it is found that the fees are either too high (i.e., total fees exceed the total cost to provide the services) or too low (i.e., total fees do not cover the total costs to provide the services), the fee will be adjusted. In addition, TSA may increase or decrease the fees described in this regulation for inflation following publication of the final rule. If TSA increases or decreases the fees for this reason, TSA will publish a Notice in the Federal Register notifying the public of the change. 1. Information Collection/Credential Issuance The security threat assessment process requires all applicants who apply for or renew a TWIC to submit their fingerprints and biographic [[Page 29429]] information at a TSA-approved enrollment facility. The same enrollment facility will handle credential issuance to the applicant after successful completion of the threat assessment process. TSA will hire a contractor agent to provide these services. Based on TSA's research of the costs of both commercial and Government fingerprint and information collection services, as well as a prior competitive bidding and acquisition process for similar (but less extensive) services in support of TSA's HME program, TSA estimates that the per applicant cost to collect and transmit fingerprints and other required data electronically is likely to be between $45 and $65. This fee also includes the costs for related administrative support, help desk services, quality control, credential distribution and related logistics. 2. Threat Assessment/Credential Production For the TSA security threat assessment and credential production process, each applicant's information will be checked against multiple databases and other information sources so that TSA can determine whether the applicant poses a security threat that warrants denial of a TWIC. The threat assessment includes an appeal process for individuals who believe the records upon which TSA bases its determination are incorrect. In addition, TSA will administer a waiver process for applicants denied a TWIC due to criminal activity or mental incompetence. TSA must implement and maintain the appropriate systems, resources, and personnel to ensure that fingerprints and applicant information are appropriately linked, and that TSA can receive and act on the results of the security threat assessment. TSA must have the necessary resources--including labor, equipment, database access, and overhead-- to complete the security threat assessment process. TSA estimates that the total cost of threat assessment services will be $24.1 million over five years. This estimate includes $4.6 million for all information systems expenses, including the modification and sustainment of TSA's Screening Gateway. The Screening Gateway is an information system platform that allows TSA to submit, receive, and integrate security threat assessment information from a variety of Federal, State, and other sources in order to help make security threat assessment determinations. Upon successful completion of the threat assessment process, the applicant's enrollment record is sent to the TSA-approved credential production facility. The production facility initiates the TWIC credential personalization process, which includes printing and magnetic stripe and chip encoding. Before the credentials are shipped back to the enrollment center, the credential production facility employees perform quality control inspections. TWIC credentials are then securely packaged and shipped to the designated enrollment center. The credential production process will be administered by a TSA- approved federal credential production facility. It will require expenditures for the following items: card stock, customization materials (i.e., contactless chips, laminates), biennial credential re- design, production equipment and maintenance, production labor, and shipping costs. TSA estimates that the total cost of credentialing production and management will be $17.5 million over five years. TSA representatives will manage the operation and integration of the TWIC programs, including coordination of a nationwide credentialing rollout program. The Agency will also be responsible for ensuring compliance at all TWIC enrollment facilities. These tasks will require the assignment of permanent TSA personnel and temporary contract labor for program support. Contractors will also certify and accredit TWIC systems on a periodic basis. Support costs will include program travel and office supplies. TSA has also developed an electronic network (the TSA system) to facilitate applicant information collection, coordination, credential production, applicant notification and the extensive access control activities of all TWIC cardholders and regulated facilities over time. While the majority of the TSA system development costs were financed in prior years with funds appropriated to TSA, system modification costs and recurring operational costs are included in the five-year program costs. TSA estimates that the total for program support will be $36.1 million over five years. Table Five details the major cost components TSA expects to incur over the next five years to implement the TWIC program. Table 5.--Year TSA Costs for Transportation Worker Identification Credential Program ---------------------------------------------------------------------------------------------------------------- Operational year Start-up 1st Year 2nd Year 3rd Year 4th Year 5th Year ---------------------------------------------------------------------------------------------------------------- Estimated Annual New Applicants 15,000 708,000 164,000 93,000 94,000 95,000 and Turnover..................... Estimated Annual Lost/Damaged 50 27,876 58,003 61,818 62,436 63,061 Credential Replacement Applicants Cost Components* Threat Assessment Costs: Personnel to conduct name- $70,000 $1,687,000 $2,014,000 $2,200,000 $2,387,000 $2,576,000 based threat assessments..... Personnel to conduct redress $45,000 $537,000 $269,000 $269,000 $269,000 $269,000 operations (waivers and appeals)..................... Adjudication labor............ $136,000 $3,350,000 $1,208,000 $824,000 $828,000 $831,000 Screening Gateway development. $300,000 ........... ........... ........... ........... ........... Screening Gateway operations, $247,000 $993,000 $513,000 $513,000 $513,000 $513,000 maintenance & disaster recovery..................... Document management system.... $42,000 $504,000 $360,000 $240,000 $240,000 $240,000 ----------------------------------------------------------------------------- Threat Assessment Costs-- $840,000 $7,071,000 $4,364,000 $4,046,000 $4,237,000 $4,429,000 Subtotal................. Card Production Costs: Card materials................ $1,750,000 $5,250,000 $1,750,000 $1,750,000 $1,750,000 $1,750,000 Card production equipment and $909,000 $1,261,000 $937,000 $707,000 $707,000 $707,000 labor........................ Production system design...... $250,000 ........... ........... $100,000 ........... ........... Card re-design................ ........... ........... $100,000 ........... $100,000 ........... [[Page 29430]] Shipping...................... $7,000 $331,000 $100,000 $70,000 $70,000 $71,000 ----------------------------------------------------------------------------- Card Production Costs-- $2,916,000 $6,842,000 $2,887,000 $2,627,000 $2,627,000 $2,528,000 Subtotal................. Identity Management System (IDMS) Costs: IDMS labor, O&M, and help desk $2,850,000 $3,600,000 $1,800,000 $1,680,000 $1,680,000 $1,680,000 IDMS hardware, software, and $188,000 $945,000 $885,000 $825,000 $825,000 $825,000 technology refresh........... IDMS disaster recovery........ $500,000 $100,000 $100,000 $100,000 $100,000 $100,000 ----------------------------------------------------------------------------- IDMS Costs--Subtotal...... $3,538,000 $4,645,000 $2,785,000 $2,605,000 $2,605,000 $2,605,000 Program Support: Personnel for program support-- $1,624,000 $2,584,000 $2,614,000 $2,614,000 $2,614,000 $2,614,000 federal and contract......... Information systems security $600,000 $250,000 $250,000 $500,000 $250,000 $500,000 certification and accreditation................ Program travel................ $48,000 $144,000 $112,000 $112,000 $112,000 $112,000 Interagency systems and $481,000 $1,085,000 $659,000 $633,000 $630,000 $647,000 communications infrastructure Office supplies and $35,000 $60,000 $60,000 $60,000 $60,000 $60,000 miscellaneous program costs.. Fee processing & analysis..... $17,000 $100,000 $100,000 $100,000 $100,000 $100,000 ----------------------------------------------------------------------------- Program Support--Subtotal. $2,805,000 $4,223,000 $3,795,000 $4,019,000 $3,766,000 $4,033,000 Enrollment Management and Compliance: Personnel and operational $12,000 $584,000 $135,000 $76,000 $77,000 $78,000 expenses for enrollment compliance................... ----------------------------------------------------------------------------- Enrollment Management and $12,000 $584,000 $135,000 $76,000 $77,000 $78,000 Compliance--Subtotal......... ----------------------------------------------------------------------------- Grand Totals.............. $10,111,000 $23,365,000 $13,966,000 $13,373,000 $13,312,000 $13,673,000 ---------------------------------------------------------------------------------------------------------------- Threat Assessment/Credential Production Calculation TSA will charge a fee to recover its threat assessment, credentialing, and other program management and oversight costs associated with the implementation of this rule. TSA notes that since it received appropriated funds for the development of the TWIC program prototype and start-up operations, these costs will not be recovered in the fee charges. Substantially all costs TSA will have incurred before the beginning of program operations are considered start-up costs for calculation of the Threat Assessment/Credential Production fee. Based on the estimated costs in Table Five, TSA has calculated the per applicant Threat Assessment/Credential Production fee as follows: threat assessment cost estimate of $24.1 million over five years is added to credentialing and program expenses of $53.6 million. These total costs are then divided by 1,441,000 total estimated applicants for a TWIC--both new and lost/damaged replacement card applicants--over the first five years. The resulting applicant charges will range from $50-$62 per applicant, as fees will vary based on the services provided to each population. Individuals requiring a complete security threat assessment will pay $62. Applicants who have completed a fingerprint-based criminal history records check that TSA deems equivalent to the TWIC check, such as MMD, MML, HME, and FAST credential holders, will not be charged for TSA's adjudication expenses associated with this portion of the threat assessment and will be assessed $50. Individuals who lose, damage, or have their credential stolen will not be assessed any threat assessment costs but will be charged $36 for a replacement credential. No new TSA threat assessment-specific or enrollment costs are factored into this replacement fee. 3. FBI Fee As part of the security threat assessment, TSA submits fingerprints to the FBI to obtain any criminal history records that correspond to the fingerprints. The FBI is authorized to establish and collect fees to process fingerprint identification records. See Title II of Pub. L. 101-515, November 5, 1990, 104 Stat. 2112, codified in a note to 28 U.S.C. 534. Pursuant to Criminal Justice Information Services (CJIS) Information Letter 93-3 (October 8, 1993), this fee is currently set at $22. If the FBI increases or decreases its fee to complete the criminal history records check, the increase or decrease will apply to this regulation on the date that the new FBI fee becomes effective. 4. Total Fees TSA proposes the following fees for TWIC applicants who submit fingerprints and applicant information to a TSA agent: (1) Information Collection/Credential Issuance: $45-$65. (2) Threat Assessment/Credential Production: $50-$62. (3) Credential Replacement: $36. (4) FBI: $22. The total fees for TWIC applicants would be between $95 and $149, depending on threat assessment services provided. TSA will continue to work to minimize all costs and will finalize final fee charges in the final rule. TSA may increase or decrease the fees described in this regulation for inflation following publication of the final rule. TSA will publish a notice in the Federal Register notifying the public of the change. C. Section 1572.501 Fee Collection Section 1572.501 provides that when TSA collects fingerprints and applicant information under 49 CFR part 1572, TSA will collect fees for TWIC, in accordance with the procedures in Sec. 1572.503. Section 1572.503 describes the procedures that TSA and a TWIC applicant will follow. Paragraph 1572.503(a) list the specific fees: $45-65 for information collection/credential issuance; $50-62 for the threat assessment/credential production; $36 [[Page 29431]] for a replacement credential; and $22 for the FBI. Paragraph 1572.503(b) states that the fees must be provided in U.S. currency, and in check, money order, wire, or another method approved by TSA. Paragraph 1572.503(c) states that TSA will not issue refunds and paragraph 1572.503(d) states that applications would be processed only upon receipt of all applicable fees. Paragraph 1572.503(e) states that TSA may adjust the fees annually after October 1, 2007 because of inflation, and any adjustment will be announced by notice in the Federal Register. Any increase would be a composite of the Federal civilian pay raise percentage and non-pay inflation factor for the current fiscal year. These figures are issued by the Office of Management and Budget. Paragraph (f) of this section relates to any amendments the FBI may make to its fee for the criminal history records check. The change to the fee for TWIC applicants will become effective on the date that the FBI fee increase or decrease became effective. VII. Rulemaking Analyses and Notices A. Executive Order 12866 (Regulatory Planning and Review) This proposed rule is a ``significant regulatory action'' under section 3(f) of E.O. 12866, Regulatory Planning and Review and therefore has been reviewed by the Office of Management and Budget. E.O. 12866 requires an assessment of potential costs and benefits under section 6(a)(3) of that Order. A draft Assessment is available in both the TSA and Coast Guard dockets where indicated under the ``Public Participation and Request for Comments'' section of this preamble. A summary of the Assessment follows: Regulatory Evaluation Summary Proposed changes to Federal regulations must undergo several economic analyses. First, E.O. 12866 directs each Federal agency to propose or adopt a regulation only if the agency makes a reasoned determination that the benefits of the intended regulation justify its costs. Second, the Regulatory Flexibility Act of 1980 requires agencies to analyze the economic impact of regulatory changes on small entities. Third, the Trade Agreements Act (19 U.S.C. 2531-2533) prohibits agencies from setting standards that create unnecessary obstacles to the foreign commerce of the United States. In developing U.S. standards, this Trade Act requires agencies to consider international standards and where appropriate, as the basis of U.S. standards. Fourth, the Unfunded Mandates Reform Act of 1995 (Public Law 104-4) requires agencies to prepare a written assessment of the costs, benefits and other effects of proposed or final rules that include a Federal mandate likely to result in the expenditure by State, local or tribal governments, in the aggregate, or by the private sector, of $100 million or more annually (adjusted for inflation). The mandatory OMB A- 4 Accounting Statement is located in the separate detailed regulatory evaluation. In conducting these preliminary analyses, TSA and the USCG are proposing that this rule: 1. Is a ``significant regulatory action'' as defined in the E.O. 2. Has a yet to be determined impact on small business. We have provided an Initial Regulatory Flexibility Analysis (IRFA) for comment. 3. Imposes no significant barriers to international trade. 4. Does not impose an unfunded mandate on State, local, or tribal governments, but does on the private sector as there are two years with undiscounted costs in excess of the inflation adjusted $100 million threshold. This regulatory evaluation is a joint effort of TSA and USCG. For ease of reading, the agencies decided to use the term ``we'' to represent both DHS components even for issues which might be directly related to proposed rule actions of only one agency. We believe this simplification will be less of a burden to the public in trying to understand and comment on the evaluation. The reader is cautioned that we did not attempt to replicate precisely the regulatory language in this discussion of the proposed rule; the regulatory text, not the text of this evaluation, is legally binding. A copy of the detailed regulatory evaluation document is available on the dockets for each agency. TSA and the USCG invite comments on all aspects of the economic analysis. We will attempt to evaluate and address all regulatory evaluation comments submitted by the public; however, those comments with specific data sources or detailed information will be more useful in improving the impact analysis. Comments may be placed on either docket as directed in the rule preamble; although there is no prohibition of submitting the evaluation comments to both dockets, duplicate submissions will be treated as a single issue submission. If possible, evaluation comments should be clearly identified with the evaluation issue or section. Including page numbers or figure references with your comments will expedite the process and insure the issue is addressed by the most appropriate agency experts. Impact Summary Section 102 of the Maritime Transportation Security Act requires a regulation regarding the issue of a biometric security card to individuals with unescorted access to secure areas of vessels and facilities. Under this authority, DHS has developed this proposed rule, and this summary provides a synopsis of the costs and benefits of the proposed rule. Benefits of the Proposed Rule The proposed rule would facilitate commerce and, most importantly, increase security at vessels, facilities, and OCS facilities regulated by 33 CFR chapter I, subchapter H. Security The proposed rule would increase security at vessels, facilities, and OCS facilities regulated by 33 CFR chapter I, subchapter H. It would accomplish this by: (1) Reducing the number of high-risk individuals with unescorted access to secure areas of vessels, facilities, and OCS facilities through the use of robust background checks; (2) enhancing the security of the credential through the use of a highly tamper-resistant card and the implementation of a strong identity-verification process to guard against fraud; and (3) increasing the stringency of access control measures throughout the maritime transportation sector. Commerce Although not the primary impetus for regulation, this NPRM would enhance the flow of commerce by streamlining the number of credentials and access control procedures, eliminating the need for several port credentialing offices and systems, and creating an interoperable credential recognizable across the maritime environment. During the TWIC Phase III Prototype, TSA learned that many individuals underwent multiple background checks, paid redundant fees, and endured long lines and short hours of operation at local credentialing offices. We anticipate this NPRM would eliminate some of these inefficient practices. Economic Costs We conclude that the primary estimate of economic costs over a 10 year period for this rule are $1,028 million undiscounted, $918.5 million with a 3 percent discount rate, and [[Page 29432]] $802.8 million at a 7 percent discount rate. In preparing estimates, we considered ranges for some values. No statistical confidence interval is associated with this range. These ranges provide an upper estimate of $1,062 million undiscounted and a lower range of $995.0 million undiscounted. The full list of scenarios and discounted values are displayed in the following charts and figures. Ten Year Costs ------------------------------------------------------------------------ ------------------------------------------------------------------------ Minimum.......................... 7% Discount Rate.... $777,040,010 3% Discount Rate.... 888,602,138 Undiscounted........ 994,986,264 Primary.......................... 7% Discount Rate.... 802,830,101 3% Discount Rate.... 918,517,801 Undiscounted........ 1,028,754,087 High............................. 7% Discount Rate.... 828,620,192 3% Discount Rate.... 948,433,464 Undiscounted........ 1,062,521,911 ------------------------------------------------------------------------ [GRAPHIC] [TIFF OMITTED] TP22MY06.000 Timing of Costs The startup costs plus initial enrollments cause roughly 40 percent of expenses to occur in the first program year. Because credentials must be renewed after five years, there is another spike in enrollments and, therefore, expenses at year six. This spike is not as large as the initial enrollment because there is movement in and out of the labor force over those five years. This increase in enrollments in year six represents approximately 15 percent of the total costs. The other eight program years are similar in costs. [[Page 29433]] [GRAPHIC] [TIFF OMITTED] TP22MY06.001 Total Ten-Year Costs--Primary Estimate [$ millions] -------------------------------------------------------------------------------------------------------------------------------------------------------- Discount Rate/Yr 1 2 3 4 5 6 7 8 9 10 Total -------------------------------------------------------------------------------------------------------------------------------------------------------- 7% Discount Rate.......................... $383.6 $74.0 $36.7 $34.2 $32.2 $105.7 $45.7 $32.2 $30.1 $28.4 $802.8 3% Discount Rate.......................... 398.5 79.9 41.1 39.8 38.9 132.9 59.7 43.7 42.4 41.6 918.5 Undiscounted.............................. 410.4 84.7 44.9 44.8 45.1 158.7 73.4 55.4 55.3 55.9 1,028.8 -------------------------------------------------------------------------------------------------------------------------------------------------------- Distribution of Costs The fee setting section of the NPRM and supporting documents in the docket provide details of the distribution of impacts. By category, almost 39 percent of the costs are facility costs, 11 percent enrollment contract costs, while the smallest category of costs is related to Outer Continental Shelf facilities at less than 0.1 percent of the total costs. The following series of figures summarizes the 11 categories for the range of costs discounted at 7 percent, categorical percentage share of total costs, and share differences between the primary estimate and each of the other two scenarios. Costs by Category and Scenario, Discounted 7% ------------------------------------------------------------------------ Component Low Primary High ------------------------------------------------------------------------ Enrollment Opportunity Costs........... $71.8 $71.8 $71.8 Enrollment Contract Costs.............. 91.9 91.9 91.9 Security Threat Assessments............ 57.9 57.9 57.9 TSA System Costs....................... 27.4 27.4 27.4 Appeals and Waivers Opportu............ 5.7 5.7 5.7 Card Production........................ 29.5 29.5 29.5 Issuance Opportunity Costs............. 89.0 89.0 89.0 Program Office Support................. 41.0 41.0 41.0 Facilities............................. 299.0 312.1 325.1 Vessels................................ 63.1 75.8 88.4 OCS Facilities......................... 0.6 0.7 0.8 -------------------------------- Total.............................. 777.0 802.8 828.6 ------------------------------------------------------------------------ [[Page 29434]] [GRAPHIC] [TIFF OMITTED] TP22MY06.002 ---------------------------------------------------------------------------------------------------------------- Percent cost share by category and scenario Difference from ------------------------------------------------------------------------------------------- primary estimate --------------------- Component Low Primary High Low High (percent) (percent) (percent) (percent) (percent) ---------------------------------------------------------------------------------------------------------------- Enrollment Opportunity Costs............................. 9.2 8.9 8.7 0.3 -0.3 Enrollment Contract Costs................................ 11.8 11.4 11.1 0.4 -0.4 Security Threat Assessments.............................. 7.5 7.2 7.0 0.2 -0.2 TSA System Costs......................................... 3.5 3.4 3.3 0.1 -0.1 Appeals and Waivers Opportunity.......................... 0.7 0.7 0.7 0.0 -0.0 Card Production.......................................... 3.8 3.7 3.6 0.1 -0.1 Issuance Opportunity Costs............................... 11.5 11.1 10.7 0.4 -0.3 Program Office Support................................... 5.3 5.1 5.0 0.2 -0.2 Facilities............................................... 38.5 38.9 39.2 -0.4 0.4 Vessels.................................................. 8.1 9.4 10.7 -1.3 1.2 OCS Facilities........................................... 0.1 0.1 0.1 0.0 0.0 ------------------------------------------------------ Total................................................ 100.0 100.0 100.0 ......... - ---------------------------------------------------------------------------------------------------------------- B. Small Entities Under the Regulatory Flexibility Act (5 U.S.C. 601-612), we have considered whether this proposed rule would have a significant economic impact on a substantial number of small entities. The term ``small entities'' comprises small businesses, not-for-profit organizations that are independently owned and operated and are not dominant in their fields, and governmental jurisdictions with populations of less than 50,000. Individuals are not considered small entities for the purposes of the Regulatory Flexibility Act. At this time, we have not determined if this proposed rule would have a significant economic impact on a substantial number of small entities. We request comment on the full Initial Regulatory Flexibility Analysis, which is located on the docket. A brief summary of this analysis appears below. With certain exceptions, the proposed rule would impact vessels, facilities, and OCS facilities presently regulated by 33 CFR chapter I, subchapter H. TSA and USCG estimated the proposed rule would cover 10,785 vessels, 3,492 facilities, and 42 OCS facilities. TSA and USCG concluded that most vessels and some facilities may be owned by small businesses, but no small businesses, as defined by the Regulatory Flexibility Act, currently operate OCS facilities. The proposed rule would require affected vessels, facilities and OCS facilities to implement increased security measures. Because many of the proposed measures are based on performance standards, the proposed rule affords covered businesses [[Page 29435]] flexibility in complying with the requirements. Due to this flexibility, we foresee small entities complying with the proposed rule in a number of ways. We therefore used a range of estimates when characterizing the potential impacts to small entities. The following table displays this range. ---------------------------------------------------------------------------------------------------------------- Initial costs Recurring costs Requirement ----------------------------------------------------------------- Low Primary High Low Primary High ---------------------------------------------------------------------------------------------------------------- Smart Card Reader Purchase.................... $2,000 $3,500 $5,000 ......... ......... ......... Smart Card Reader Software.................... 1,000 1,000 1,000 ......... ......... ......... Smart Card Reader Installation................ 200 200 200 ......... ......... ......... Creating TWIC Addendum........................ 1,693 1,691 1,691 ......... ......... ......... Knowledge Requirements........................ 2,709 2,709 2,709 ......... ......... ......... Recordkeeping................................. 1,303 1,303 1,303 ......... ......... ......... TWIC Validation............................... ......... ......... ......... $391 $391 $391 ----------------------------------------------------------------- Total..................................... 8,906 10,403 11,903 391 391 391 ---------------------------------------------------------------------------------------------------------------- C. Assistance for Small Entities Under section 213(a) of the Small Business Regulatory Enforcement Fairness Act of 1996 (Pub. L. 104-121), we want to assist small entities in understanding this proposed rule so that they can better evaluate its effects on them and participate in the rulemaking. If the rule would affect your small business, organization, or governmental jurisdiction and you have questions concerning its provisions or options for compliance, please consult LCDR Jonathan Maiorine, Commandant (G-PCP-2), United States Coast Guard, 2100 Second Street, SW., Washington, DC 20593; telephone 1 (877) 687-2243. DHS will not retaliate against small entities that question or complain about this rule or any policy or action of DHS. Small businesses may send comments on the actions of Federal employees who enforce, or otherwise determine compliance with, Federal regulations to the Small Business and Agriculture Regulatory Enforcement Ombudsman and the Regional Small Business Regulatory Fairness Boards. The Ombudsman evaluates these actions annually and rates each agency's responsiveness to small business. If you wish to comment on actions by employees of TSA or of the Coast Guard, call 1- 888-REG-FAIR (1-888-734-3247). D. Collection of Information This proposed rule would call for a collection of information under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-3520). As defined in 5 CFR 1320.3(c), ``collection of information'' comprises reporting, recordkeeping, monitoring, posting, labeling, and other, similar actions. The title and description of the information collections, a description of those who must collect the information, and an estimate of the total annual burden follow. The estimate covers the time for reviewing instructions, searching existing sources of data, gathering and maintaining the data needed, and completing and reviewing the collection. Title: Transportation Worker Identification Credential (TWIC) Program. Summary of the Collection of Information: Need for Information: TSA has developed the Transportation Worker Identification Credential (TWIC) as an identification tool that encompasses the authorities of the Aviation and Transportation Security Act of 2001(ATSA) (Pub. L. 107-71, Sec.106), and the Maritime Transportation Security Act of 2002 (MTSA) (Pub. L. 107-295, Sec. 102) to perform background checks and issue credentials to workers within the national transportation system. The data to be collected is that biographic and biometric information necessary for TSA to complete the required security threat assessment on individuals who will seek unescorted access to secure areas of vessels and maritime facilities through the use of a TWIC. TWIC cards, when issued, will contain biographic and biometric data necessary to prove identity of the cardholder and to interoperate with access control systems on vessels and at facilities nationwide. Proposed Use of Information: TSA will use the information to verify the identity of the individual applying for a TWIC and to verify that the person poses no security threat that would preclude issuance of a TWIC. Description of the Respondents: The respondents to this collection of information will be workers within the national transportation system, specifically individuals who require unescorted access to secure areas of vessels or maritime facilities. Number of Respondents: Although the number of respondents will vary over three years, TSA estimates that the annualized number of total respondents will be approximately 317,400. Based on research conducted by TSA and the USCG, the total estimated base population that will be affected by TWIC is 750,000. However, TSA estimates that more than seventy percent of the base maritime worker population will enroll in the program in the first year, and the remainder will enroll in year two. Turnover and growth within the affected population is expected to result in another 202,257 respondents. Frequency of Response: Because renewals for the TWIC will be on a five year basis, for purposes of the Paperwork Reduction Act, to apply for a TWIC, each respondent will be required to respond once to the enrollment collection. TSA estimates an additional response from the estimated two percent of respondents who will appeal decisions made by the agency with respect to security threat assessments or ask for a waiver from disqualifying offenses. Thus, TSA estimates the number of total annual responses to be approximately 323,800. Burden of Response: TSA estimates the annual hour burden for enrollment to be 476,129, or one and one half hour per respondent. TSA estimates the annual hour burden for appeals and waiver to be approximately 38,100. TSA has determined that the information collection and card issuance portion of the TWIC fee will be between $45 and $65 per respondent. The exact fee will be determined in the final rulemaking. This portion of the fee accounts for more than the actual cost of the information collection as it includes cost of the enrollment process, system operations and maintenance, and TWIC card distribution. Estimate of Total Annual Burden: TSA estimates the total annual hour burden as a result of this collection of information to be approximately 514,200. Because the TWIC fee may [[Page 29436]] change over time as actual costs are determined and annualized, TSA estimates total annual fee for respondents to be between $14,283,855 and $20,632,235. As required by the Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)), we have submitted a copy of this proposed rule to the Office of Management and Budget (OMB) for its review of the collection of information. We ask for public comment on the proposed collection of information to help us determine how useful the information is; whether it can help us perform our functions better; whether it is readily available elsewhere; how accurate our estimate of the burden of collection is; how valid our methods for determining burden are; how we can improve the quality, usefulness, and clarity of the information; and how we can minimize the burden of collection. If you submit comments on the collection of information, submit them both to OMB and to the Docket Management Facility where indicated under ADDRESSES, by the date under DATES. You need not respond to a collection of information unless it displays a currently valid control number from OMB. Before the requirements for this collection of information become effective, we will publish notice in the Federal Register of OMB's decision to approve, modify, or disapprove the collection. E. Federalism A rule has implications for federalism under E.O. 13132, Federalism, if it has a substantial direct effect on State or local governments and would either preempt State law or impose a substantial direct cost of compliance on them. TSA and Coast Guard have analyzed this proposed rule under that Order and have determined that it has implications for federalism, for the same reasons that we found Federalism impacts for the Coast Guard's previously published MTSA regulations. 68 FR at 60468-9. A summary of the impacts on federalism in this proposed rule follows. This proposed rule would have a substantial direct effect on States, local governments, or political subdivisions under section 1(a) of the Order when those states owning vessels/facilities are required to submit a TWIC Addendum and implement a TWIC program. It would also preempt State law under section 6(c) of the Order by: Continuing to prevent States from regulating mariners; and continuing to prevent the States from requiring security plans. It would impose substantial direct costs of compliance on States or local governments under section 6(b) of the Order, by requiring the submission of a TWIC Addendum and the implementation of TWIC on State owned vessels or facilities. Regulations already issued by the Coast Guard under other sections of the MTSA of 2002 cited the need for national standards of security, claimed preemption, and received comments in support of such a scheme. See 68 FR 60448, 60468-60469. (October 23, 2003). The law is well-settled that States may not regulate in categories expressly reserved for regulation by the Coast Guard. The law also is well-settled that all of the categories covered in 46 U.S.C. 3306, 3703, 7101, and 8101 (design, construction, alteration, repair, maintenance, operation, equipping, personnel qualification, and manning of vessels), as well as the reporting of casualties and any other category in which Congress intended the Coast Guard to be the sole source of a vessel's obligations, are within the field foreclosed from regulation by the States. See United States v. Locke and Intertanko v. Locke, 529 U.S. 89, 120 S.Ct. 1135 (Mar. 6, 2000). Since portions of this proposed rule involve the manning of U.S. vessels and the licensing of merchant mariners, it relates to personnel qualifications. Because the states may not regulate within this category, these portions of this proposed rule do not present new preemption issues under E.O. 13132. We are only asserting field preemption in those areas where federal regulations have historically dominated the field, such as merchant mariner regulations, or where we are amending regulations that we have previously asserted preempt state regulation, such as the Marine Transportation Security Act Regulations found in 33 CFR chapter I, subchapter H. States would not be preempted from instituting their own background checks or badging systems in addition to the TWIC. We are asking for comments specifically on the issue of preemption. F. Unfunded Mandates Reform Act The Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1531-1538) requires Federal agencies to assess the effects of their discretionary regulatory actions. In particular, the Act addresses actions that may result in the expenditure by a State, local, or tribal government, in the aggregate, or by the private sector of $100,000,000 or more in any one year. This proposed rule would result in such an expenditure, and we discuss the effects of this rule in the Draft Regulatory Evaluation, which is summarized in the E.O. 12866 section above. G. Taking of Private Property This proposed rule would not affect a taking of private property or otherwise have taking implications under E.O. 12630, Governmental Actions and Interference with Constitutionally Protected Property Rights. H. Civil Justice Reform This proposed rule meets applicable standards in sections 3(a) and 3(b)(2) of E.O. 12988, Civil Justice Reform, to minimize litigation, eliminate ambiguity, and reduce burden. I. Protection of Children We have analyzed this proposed rule under E.O. 13045, Protection of Children from Environmental Health Risks and Safety Risks. While this rule is an economically significant rule, it would not create an environmental risk to health or risk to safety that might disproportionately affect children. J. Indian Tribal Governments This proposed rule does not have tribal implications under E.O. 13175, Consultation and Coordination with Indian Tribal Governments, because it would not have a substantial direct effect on one or more Indian tribes, on the relationship between the Federal Government and Indian tribes, or on the distribution of power and responsibilities between the Federal Government and Indian tribes. K. Energy Effects We have analyzed this proposed rule under E.O. 13211, Actions Concerning Regulations That Significantly Affect Energy Supply, Distribution, or Use. We have determined that it is not a ``significant energy action'' under that order. While it is a ``significant regulatory action'' under E.O. 12866, it is not likely to have a significant adverse effect on the supply, distribution, or use of energy. The Administrator of the Office of Information and Regulatory Affairs has not designated it as a significant energy action. Therefore, a Statement of Energy Effects is not required for this rule under E.O. 13211. L. Technical Standards The National Technology Transfer and Advancement Act (NTTAA) (15 U.S.C. 272 note) directs agencies to use voluntary consensus standards in their regulatory activities unless the agency provides Congress, through the Office of Management and Budget, with an explanation of why using these [[Page 29437]] standards would be inconsistent with applicable law or otherwise impractical. Voluntary consensus standards are technical standards (e.g., specifications of materials, performance, design, or operation; test methods; sampling procedures; and related management systems practices) that are developed or adopted by voluntary consensus standards bodies. This rulemaking will incorporate standards for TWIC readers and card technology. These standards have been developed by the Federal government; there are no voluntary consensus standards that could be used in their place. M. Environment This Transportation Worker Identification Credential (TWIC) proposal contains a program of activities to improve the safety and security of vessels, facilities, Outer Continental Shelf facilities, and U.S. ports. It proposes requirements for developing application forms, collecting and processing forms, application evaluation criteria, and issuing determinations on applications. It also updates the training, qualifying, licensing, and disciplining of maritime personnel and proposes amendments to security plans that will contribute to a higher level of marine safety and security for vessels, facilities, Outer Continental Shelf facilities, and U.S. ports. Implementation of this proposal will involve establishing ``enrollment stations'' inside existing port facilities to collect TWIC applications. The enrollment stations will include a small office, using existing utilities, located in space made available in existing port facilities or other available space within a 25 mile radius of the port facility. If a location does not have a port facility, or enough space, a temporary unit will be provided until either sufficient permanent space is available or the need for the enrollment station no longer exists. To meet the initial surge of enrollments expected when the rule is final, 138 stations (permanent and mobile/temporary) are expected to be operating nationwide. The on-going/maintenance phase will involve approximately 134 stations. The provisions of this proposed rule have been analyzed under the Department of Homeland Security (DHS) Management Directive (MD) 5100.1, Environmental Planning Program, which is the DHS policy and procedures for implementing the National Environmental Policy Act (NEPA), and related E.O.s and requirements. The implementation of this rule is expected to be categorically excluded under the following categorical exclusions (CATEX) listed in MD 5100.1, Appendix A, Table 1: CATEX A1 (personnel, fiscal, management and administrative activities); CATEX A3 (promulgation of rules, issuance of rulings or interpretations); and CATEX A4 (information gathering, data analysis and processing, information dissemination, review, interpretation and development of documents). CATEX B3 (proposed activities and operations conducted in an existing structure that would be compatible with and similar in scope to ongoing functional uses) is also applicable. Additionally, we have determined that there are no extraordinary circumstances presented by this rule that would limit the use of a CATEX under MD 5100.1, Appendix A, paragraph 3.2. List of Subjects 33 CFR Part 101 Harbors, Maritime security, Reporting and recordkeeping requirements, Security measures, Vessels, Waterways. 33 CFR Part 103 Facilities, Harbors, Maritime security, Ports, Reporting and recordkeeping requirements, Security measures, Vessels, Waterways. 33 CFR Part 104 Incorporation by reference, Maritime security, Reporting and recordkeeping requirements, Security measures, Vessels. 33 CFR Part 105 Facilities, Maritime security, Reporting and recordkeeping requirements, Security measures. 33 CFR Part 106 Facilities, Maritime security, Outer Continental Shelf, Reporting and recordkeeping requirements, Security measures. 33 CFR Part 125 Administrative practice and procedure, Harbors, Reporting and recordkeeping requirements, Security measures, Vessels. 46 CFR Part 10 Penalties, Reporting and recordkeeping requirements, Schools, Seamen. 46 CFR Part 12 Penalties, Reporting and recordkeeping requirements, Seamen. 46 CFR Part 15 Reporting and recordkeeping requirements, Seamen, Vessels. 49 CFR Part 1515 Appeals, Commercial drivers license, Criminal history background checks, Explosives, Facilities, Hazardous materials, Incorporation by reference, Maritime security, Motor carriers, Motor vehicle carriers, Ports, Seamen, Security measures, Security threat assessment, Vessels, Waivers. 49 CFR Part 1570 Appeals, Commercial drivers license, Criminal history background checks, Explosives, Facilities, Hazardous materials, Incorporation by reference, Maritime security, Motor carriers, Motor vehicle carriers, Ports, Seamen, Security measures, Security threat assessment, Vessels, Waivers. 49 CFR Part 1572 Appeals, Commercial drivers license, Criminal history background checks, Explosives, Facilities, Hazardous materials, Incorporation by reference, Maritime security, Motor carriers, Motor vehicle carriers, Ports, Seamen, Security measures, Security threat assessment, Vessels, Waivers. The Amendments For the reasons listed in the preamble, the Coast Guard proposes to amend 33 CFR parts 101, 103, 104, 105, 106, 125; and 46 CFR parts 10, 12, and 15 and the Transportation Security Administration proposes to add or amend 49 CFR parts 1515, 1570, and 1572 as follows: Title 33--Navigation and Navigable Waters Chapter I--Coast Guard PART 101--MARITIME SECURITY: GENERAL 1. The authority citation for part 101 continues to read as follows: Authority: 33 U.S.C. 1226, 1231; 46 U.S.C. Chapter 701; 50 U.S.C. 191, 192; Executive Order 12656, 3 CFR 1988 Comp., p. 585; 33 CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; Department of Homeland Security Delegation No. 0170.1. 2. In Sec. 101.105 add, in alphabetical order, definitions for the terms escorting, personal identification number (PIN), recurring unescorted access, secure area, TWIC, TWIC program, and unescorted access, to read as follows: Sec. 101.105 Definitions. * * * * * Escorting means ensuring that the escorted individual is continuously [[Page 29438]] accompanied or monitored while within a secure area in a manner sufficient to identify whether the escorted individual is engaged in activities other than those for which escorted access was granted. * * * * * Personal Identification Number (PIN) means a personally selected number stored electronically on the individual's TWIC. * * * * * Recurring unescorted access means authorization to enter a vessel on a continual basis after an initial personal identity and credential verification, as outlined in the vessel security plan. * * * * * Secure Area means the area on board a vessel or at a facility or outer continental shelf facility over which the owner/operator has implemented security measures for access control, as defined by a Coast Guard approved security plan. It does not include passenger access areas or public access areas, as those terms are defined in Sec. Sec. 104.106 and 105.106 of this subchapter. * * * * * TWIC means a valid, non-revoked transportation worker identification credential, as defined and explained in 49 CFR part 1572. TWIC Program means those procedures and systems, detailed in an approved security plan, that a vessel, facility, or outer continental shelf facility must implement in order to assess and validate TWICs when maintaining access control. * * * * * Unescorted access means having the authority to enter and move about a secure area without escort. * * * * * 3. From [effective date of the final rule] to [effective date of final rule + 5 years], add Sec. 101.121 to read as follows: Sec. 101.121 Alternative Security Programs--TWIC Addendum. (a) Submitters of Alternative Security Programs that have been approved by the Commandant (G-PC) under section 101.120 of this part, must submit a TWIC Addendum by [date six months after date of publication of final rule], or else their Alternative Security Plan is invalid. The TWIC Addendum should include an explanation of how the ASP addresses the requirements for a TWIC program contained in parts 104, 105 and 106 of this subchapter, as applicable. (b) The Commandant (G-PC) will examine each TWIC Addendum for compliance with this part and either: (1) Approve it and specify any conditions of approval, returning to the submitter a letter stating its approval and any conditions; (2) Return it for revision, returning a copy to the submitter with brief descriptions of the required revisions; or (3) Disapprove it, returning a copy to the submitter with a brief statement of the reasons for disapproval. (c) The ASP TWIC Addendum will be given the same expiration date as the ASP. (d) Upon gaining approval of the TWIC Addendum, the submitter of the ASP must incorporate the approved TWIC Addendum into their ASP when it is due for reapproval in accordance with Sec. 101.120 of this subpart. 4. Add Sec. 101.514 to read as follows: Sec. 101.514 TWIC requirement. (a) All persons requiring unescorted access to secure areas of vessels, facilities, and OCS facilities regulated by parts 104, 105 or 106 of this subchapter must possess a TWIC before such access is granted, except as otherwise noted in this section. A TWIC must be obtained via the procedures established by TSA in 49 CFR part 1572. (b) Federal officials are not required to obtain or possess a TWIC. Except in cases of emergencies or other exigent circumstances, in order to gain unescorted access to a secure area of a vessel, facility, or OCS facility regulated by parts 104, 105 or 106 of this subchapter, he/ she must verify his identity at a TWIC reader using his/her agency issued, HSPD 12 compliant, credential. Until each agency issues its HSPD 12 compliant cards, Federal officials may gain unescorted access by using their agency's official credential. The COTP will advise facilities and vessels within his area of responsibility as agencies come into compliance with HSPD 12. (c) Law enforcement officials at the State or local level are not required to obtain or possess a TWIC to gain unescorted access to secure areas. They may, however, voluntarily obtain a TWIC where their offices fall within or where they desire recurring unescorted access to a secure area of a vessel, facility or OCS facility. (d) Owners and/or operators of any vessel or maritime facility that is not required to comply with parts 104, 105, or 106 of this subchapter, respectively, who would like to implement a TWIC Program for their vessel or facility must contact their cognizant COTP to gain authorization. If approved, the Coast Guard will contact TSA, who will provide the authorization to enroll the vessel or facility employees at a TWIC enrollment center. 5. Revise Sec. 101.515 to read as follows: Sec. 101.515 TWIC/Personal identification. (a) Persons not described in Sec. 101.514 of this part shall be required to present personal identification in order to gain entry to a vessel, facility, and OCS facility regulated by parts 104, 105 or 106 of this subchapter. These individuals must be escorted at all times while in a secure area. This personal identification must, at a minimum, meet the following requirements: (1) Be laminated or otherwise secure against tampering; (2) Contain the individual's full name (full first and last names, middle initial is acceptable); (3) Contain a photo that accurately depicts that individual's current facial appearance; and (4) Bear the name of the issuing authority. (b) The issuing authority in paragraph (a)(4) of this section must be: (1) A government authority, or an organization authorized to act of behalf of a government authority; or (2) The individual's employer, union, or trade association. (c) Vessel, facility, and OCS facility owners and operators must permit law enforcement officials, in the performance of their official duties, who present proper identification in accordance with this section and Sec. 101.514 of this part to enter or board that vessel, facility, or OCS facility at any time, without delay or obstruction. Law enforcement officials, upon entering or boarding a vessel, facility, or OCS facility, will, as soon as practicable, explain their mission to the Master, owner, or operator, or their designated agent. PART 103--MARITIME SECURITY: AREA MARITIME SECURITY 6. The authority citation for part 103 continues to read as follows: Authority: 33 U.S.C. 1226, 1231; 46 U.S.C. 70102, 70103, 70104, 70112; 50 U.S.C. 191; 33 CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; Department of Homeland Security Delegation No. 0170.1. 7. Revise Sec. 103.305(c) to read as follows: Sec. 103.305 Composition of an Area Maritime Security (AMS) Committee. * * * * * (c) Members appointed under this section serve for a term of not more than 5 years. In appointing members, the FMSC should consider the skills required by Sec. 103.410 of this part. With the exception of credentialed Federal, state and local officials, all AMS Committee members shall hold a TWIC, or have passed a comparable security [[Page 29439]] threat assessment, as determined by the FMSC. 8. In Sec. 103.505, revise paragraph (n) to read as follows: Sec. 103.505 Elements of the Area Maritime Security (AMS) plan. * * * * * (n) Security measures designed to ensure the effective security of infrastructure, special events, vessels, passengers, cargo, and cargo handling equipment at facilities within the port not otherwise covered by a Vessel or Security Plan, approved under part 104, 105, or 106 of this subchapter. This includes the use of a TWIC program. * * * * * 9. In Sec. 103.510, designate the existing text as paragraph (a) and add paragraph (b) to read as follows: Sec. 103.510 Area Maritime Security (AMS) Plan review and approval. * * * * * (b) From [effective date of the final rule] to [effective date of the final rule + 5 years], this paragraph (b) shall apply. Each AMS Plan shall be updated to include the implementation of the TWIC program. PART 104--MARITIME SECURITY: VESSELS 10. The authority citation for part 104 continues to read as follows: Authority: 33 U.S.C. 1226, 1231; 46 U.S.C. Chapter 701; 50 U.S.C. 191; 33 CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; Department of Homeland Security Delegation No, 0170.1. 11. Amend Sec. 104.105 by redesignating paragraph (d) as paragraph (e) and adding a new paragraph (d) to read as follows: Sec. 104.105 Applicability. * * * * * (d) The TWIC requirements found in this part do not apply to foreign vessels. * * * * * 12. Add Sec. 104.106 to read as follows: Sec. 104.106 Passenger access area. (a) A ferry, passenger vessel, or cruise ship may designate areas within the vessel as passenger access areas. Any such areas must be specified in the VSP. (b) A passenger access area is a defined space within the access control area of a ferry or passenger vessel that is open to passengers. It is not a secure area and does not require a TWIC for unescorted access. 13. From [effective date of the final rule] to [effective date of final rule + 5 years], amend Sec. 104.115 by adding paragraph (d) to read as follows: Sec. 104.115 Compliance dates. * * * * * (d) Vessel owners or operators subject to paragraph (b) of this section and not excluded by Sec. 104.105(d) or this part must: (1) Submit a TWIC Addendum to the Commanding Officer, Marine Safety Center, to cover each vessel they own or operate subject to this part on or before [date 6 months after publication of the final rule]; and (2) Be operating in accordance with the TWIC provisions found within this part, as outlined in their TWIC Addendum, between [date 1 year after publication of the final rule] and [date 18 months after publication of the final rule], depending on whether enrollment has been completed in the port in which the vessel is operating, in accordance with 49 CFR 1572.19. 14. From [effective date of the final rule] to [effective date of final rule + 5 years], amend Sec. 104.120 by adding paragraph (c) to read as follows: Sec. 104.120 Compliance documentation. * * * * * (c) Each vessel owner or operator subject to this part must ensure, before [date one year after publication of the final rule] that copies of the following documentation are carried on board the vessel and are made available to the Coast Guard upon request: (1) The approved TWIC addendum and any approved revisions or amendments thereto, and a letter of approval from the Commanding Officer, Marine Safety Center (MSC) dated within the last 5 years; (2) The TWIC Addendum submitted for approval and current written acknowledgment from the Commanding Officer, MSC, stating that the Coast Guard is currently reviewing the TWIC Addendum submitted for approval and that the vessel may continue to operate; or (3) For vessels operating under a Coast Guard-approved Alternative Security Program as provided in Sec. 104.140, a copy of the Alternative Security Program the vessel is using, including a vessel specific security assessment report generated under the Alternative Security Program, as specified in Sec. 101.120(b)(3) of this subchapter, and a letter signed by the vessel owner or operator, stating which Alternative Security Program the vessel is using and certifying that the vessel is in full compliance with that program, as it has been amended pursuant to Sec. 101.121 of this subchapter. Subpart B--Vessel Security Requirements 15. Revise Sec. 104.200(b) to read as follows: Sec. 104.200 Owner or operator. * * * * * (b) For each vessel, the vessel owner or operator must: (1) Define the security organizational structure for each vessel and provide all personnel exercising security duties or responsibilities within that structure with the support needed to fulfill security obligations; (2) Designate, in writing, by name or title, a Company Security Officer (CSO), a Vessel Security Officer (VSO) for each vessel, and identify how those officers can be contacted at any time; (3) Ensure personnel receive training, drills, and exercises enabling them to perform their assigned security duties; (4) Inform vessel personnel of their responsibility to apply for and maintain a TWIC, including the deadlines and methods for such applications, and of their obligation to inform TSA of any event that would render them ineligible for a TWIC, or which would invalidate their existing TWIC; (5) Ensure vessel security records are kept; (6) Ensure that adequate coordination of security issues takes place between vessels and facilities; this includes the execution of a Declaration of Security (DoS); (7) Ensure coordination of shore leave, transit, or crew change-out for vessel personnel, as well as access through the facility of visitors to the vessel (including representatives of seafarers' welfare and labor organizations), with facility operators in advance of a vessel's arrival. Vessel owners or operators may refer to treaties of friendship, commerce, and navigation between the U.S. and other nations in coordinating such leave. The text of these treaties can be found at http://www.marad.dot.gov/Programs/treaties.html; (8) Ensure security communication is readily available; (9) Ensure coordination with and implementation of changes in Maritime Security (MARSEC) Level; (10) Ensure that security systems and equipment are installed and maintained, including at least one TWIC reader that meets the standard incorporated by TSA at 49 CFR 1572.23, and that computer and access control systems and hardware are secure; (11) Ensure that vessel access, including the embarkation of persons and their effects, are controlled; [[Page 29440]] (12) Ensure that TWIC procedures are implemented as set forth in this part, including; (i) Ensuring that only individuals who hold a TWIC and are authorized to be in secure areas in accordance with the VSP are permitted to escort; and (ii) Identifying what action is to be taken by an escort, or other authorized individual, should individuals under escort engage in activities other than those for which escorted access was granted. (13) Ensure that restricted areas are controlled and TWIC provisions are coordinated, if applied to such restricted areas; (14) Ensure that protocols are in place for responding to TWIC holders presenting for entry who cannot electronically verify a match between themselves and the information stored on the credential's ICC. These must include interim alternative security measures for an individual who cannot electronically verify his identity. Such provisions should take into account measures appropriate for occasional failures to verify and for persistent problems with verification such that a person may require a new credential; (15) Ensure that protocols are in place for responding to TWIC holders presenting for entry whose cards have been revoked by TSA, and provisions for individuals requiring access who report a lost or stolen TWIC; (16) Ensure there are alternate provisions in case of equipment or power failures that affect TWIC readers and other validation equipment. (17) Ensure that appropriate personnel know who is on the vessel at all times; (18) Ensure that cargo and vessel stores and bunkers are handled in compliance with this part; (19) Ensure restricted areas, deck areas, and areas surrounding the vessel are monitored; (20) Provide the Master, or for vessels on domestic routes only, the CSO, with the following information: (i) Parties responsible for appointing vessel personnel, such as vessel management companies, manning agents, contractors, concessionaires (for example, retail sales outlets, casinos, etc.); (ii) Parties responsible for deciding the employment of the vessel, including time or bareboat charters or any other entity acting in such capacity; and (iii) In cases when the vessel is employed under the terms of a charter party, the contract details of those documents, including time or voyage charters; and (21) Give particular consideration to the convenience, comfort, and personal privacy of vessel personnel and their ability to maintain their effectiveness over long periods. 16. Amend Sec. 104.210 by adding paragraphs (a)(5), (b)(2)(xv) and (c)(15) to read as follows: Sec. 104.210 Company Security Officer (CSO). (a) * * * (5) The CSO must maintain a valid TWIC. (b) * * * (2) * * * (xv) Knowledge of TWIC. (c) * * * (15) Ensure the TWIC program is being properly implemented. 17. Amend Sec. 104.215 by adding paragraphs (a)(6), (b)(7) and (c)(12) to read as follows: Sec. 104.215 Vessel Security Officer (VSO). (a) * * * (6) The VSO must maintain a valid TWIC. (b) * * * (7) TWIC. (c) * * * (12) Ensure TWIC programs are in place and implemented appropriately. 18. Amend Sec. 104.220 by revising the introductory paragraph and adding paragraph (n) to read as follows: Sec. 104.220 Company or vessel personnel with security duties. Company and vessel personnel responsible for security duties must maintain a valid TWIC, and must have knowledge, through training or equivalent job experience, in the following, as appropriate: * * * * * (n) Relevant aspects of the TWIC program and how to carry them out. 19. Amend Sec. 104.225 by adding paragraph (f) to read as follows: Sec. 104.225 Security training for all other vessel personnel. * * * * * (f) Relevant aspects of the TWIC program and how to carry them out. 20. Amend Sec. 104.235 by redesignating paragraphs (b)(1) through (b)(8) as (b)(2) through (b)(9), respectively, and add new paragraph (b)(1) to read as follows: Sec. 104.235 Vessel recordkeeping requirements. * * * * * (b) * * * (1) Access. Records of those individuals who are granted access to secure areas of the vessel, including records of when these individuals disembark the vessel and, in the case of individuals who are escorted, the identification of the individual who escorted or the method by which the individual was escorted; * * * * * 21. Revise Sec. 104.265 to read as follows: Sec. 104.265 Security measures for access control. (a) General. The vessel owner or operator must ensure the implementation of security measures to: (1) Deter the unauthorized introduction of dangerous substances and devices, including any device intended to damage or destroy persons, vessels, facilities, or ports; (2) Secure dangerous substances and devices that are authorized by the owner or operator to be on board; (3) Control access to the vessel; and (4) Prevent an unescorted individual from entering an area of the vessel that is designated as a secure area unless the individual holds a duly issued TWIC and is authorized to be in the area in accordance with the vessel security plan. (b) The vessel owner or operator must ensure that the following are specified: (1) The locations providing means of access to the vessel where access restrictions or prohibitions are applied for each Maritime Security (MARSEC) Level, including those points where a TWIC reader is or will be deployed. ``Means of access'' include, but are not limited, to all: (i) Access ladders; (ii) Access gangways; (iii) Access ramps; (iv) Access doors, side scuttles, windows, and ports; (v) Mooring lines and anchor chains; and (vi) Cranes and hoisting gear; (2) The identification of the types of restriction or prohibition to be applied and the means of enforcing them; (3) The means used to establish the identity of individuals not in possession of a TWIC and procedures for escorting, in accordance with Sec. 101.515 of this subchapter; and (4) Procedures for identifying authorized and unauthorized persons at any MARSEC level. (c) The vessel owner or operator must ensure that a TWIC program is implemented as follows: (1) Determine whether recurring unescorted access will be used and, prior to granting any individual recurring unescorted access (as defined in Sec. 101.105 of this subchapter) to secure areas of the vessel, ensure that the individual being granted recurring access privileges has a TWIC and verify the individual's identity. The identity [[Page 29441]] verification procedure must electronically verify a match between the individual and the biometric information stored on the TWIC's ICC, including a verification of the individual's personal identification number (PIN). The validity of the TWIC itself shall also be verified at this time; (2) After granting recurring unescorted access, verify the individual's identity at each entry to the secure area of the vessel. This identity verification procedure must be outlined in the approved VSP and should at a minimum include visual facial recognition; (3) Ensure that any individual granted unescorted access to secure areas of the vessel is able to produce his or her TWIC upon request; (4) Ensure that the identity of any individual not granted recurring unescorted access and seeking unescorted access to the vessel is verified by matching the individual to the biometric information stored on the TWIC's ICC at every entry. The validity of the TWIC itself shall also be verified at this time; (5) Includes disciplinary measures to prevent fraud and abuse; (6) Allows certain long-term, frequent vendor representatives and visitors, including seafarers' chaplains and union representatives who hold a TWIC to be eligible for recurring unescorted access; (7) Allows for temporary access if alternative security measures are implemented due to a failure of the TWIC system, and the individual can meet or pass those alternative security measures; (8) Is coordinated, when practicable, with identification and TWIC systems at facilities used by the vessel; and (9) Periodically verifies the validity of TWICs as outlined in paragraphs (f)(1), (g)(1) and (h)(1) of this section. (d) If the vessel owner or operator uses a separate identification system, ensure that it complies and is coordinated with TWIC provisions in this part. (e) The vessel owner or operator must establish in the approved Vessel Security Plan (VSP) the frequency of application of any security measures for access control, particularly if these security measures are applied on a random or occasional basis. (f) MARSEC Level 1. The vessel owner or operator must ensure security measures in this paragraph are implemented to: (1) Employ TWIC as set out in paragraph (c) of this section. The validity of a TWIC presented for unescorted access shall be verified using information that is no more than seven (7) days old. The validity of a TWIC held by a person previously granted recurring unescorted access shall be verified weekly, using the most current information available from TSA. (2) Screen persons, baggage (including carry-on items), personal effects, and vehicles for dangerous substances and devices at the rate specified in the approved Vessel Security Plan (VSP), except for government-owned vehicles on official business when government personnel present identification credentials for entry; (3) Conspicuously post signs that describe security measures currently in effect and clearly state that: (i) Boarding the vessel is deemed valid consent to screening or inspection; and (ii) Failure to consent or submit to screening or inspection will result in denial or revocation of authorization to board; (4) Check the identification of any person not holding a TWIC and seeking to board the vessel, including vessel passengers, vendors, personnel duly authorized by the cognizant government authorities, and visitors. This check includes confirming the reason for boarding by examining at least one of the following: (i) Joining instructions; (ii) Passenger tickets; (iii) Boarding passes; (iv) Work orders, pilot orders, or surveyor orders; (v) Government identification; or (vi) Visitor badges issued in accordance with an identification system implemented under paragraph (d) of this section. (5) Deny or revoke a person's authorization to be on board if the person is unable or unwilling, upon the request of vessel personnel, to establish his or her identity in accordance with this part or to account for his or her presence on board. Any such incident must be reported in compliance with this part; (6) Deter unauthorized access to the vessel; (7) Identify access points that must be secured or attended to deter unauthorized access; (8) Lock or otherwise prevent access to unattended spaces that adjoin areas to which passengers and visitors have access; (9) Provide a designated area on board, within the secure area, or in liaison with a facility, for conducting inspections and screening of people, baggage (including carry-on items), personal effects, vehicles and the vehicle's contents; (10) Ensure vessel personnel are not subjected to screening, of the person or of personal effects, by other vessel personnel, unless security clearly requires it. Any such screening must be conducted in a way that takes into full account individual human rights and preserves the individual's basic human dignity; (11) Ensure the screening of all unaccompanied baggage; (12) Ensure checked persons and their personal effects are segregated from unchecked persons and their personal effects; (13) Ensure embarking passengers are segregated from disembarking passengers; (14) Ensure, in liaison with the facility, a defined percentage of vehicles to be loaded aboard passenger vessels are screened prior to loading at the rate specified in the approved VSP; (15) Ensure, in liaison with the facility, all unaccompanied vehicles to be loaded on passenger vessels are screened prior to loading; and (16) Respond to the presence of unauthorized persons on board, including repelling unauthorized boarders. (g) MARSEC Level 2. In addition to the security measures required for MARSEC Level 1 in this section, at MARSEC Level 2, the vessel owner or operator must: (1) Verify the validity of a TWIC presented for unescorted access using information that is no more than one (1)day old, and verify the validity of TWIC credentials presented by persons granted recurring unescorted access to the vessel daily, using the most current information available from TSA; and (2) Ensure the implementation of additional security measures, as specified for MARSEC Level 2 in the approved VSP. These additional security measures may include: (i) Increasing the frequency and detail of screening of people, personal effects, and vehicles being embarked or loaded onto the vessel as specified for MARSEC Level 2 in the approved VSP, except for government-owned vehicles on official business when government personnel present identification credentials for entry; (ii) X-ray screening of all unaccompanied baggage; (iii) Assigning additional personnel to patrol deck areas during periods of reduced vessel operations to deter unauthorized access; (iv) Limiting the number of access points to the vessel by closing and securing some access points; (v) Denying access to visitors who do not have a verified destination; [[Page 29442]] (vi) Deterring waterside access to the vessel, which may include, in liaison with the facility, providing boat patrols; and (vii) Establishing a restricted area on the shore side of the vessel, in close cooperation with the facility. (h) MARSEC Level 3. In addition to the security measures required for MARSEC Level 1 and MARSEC Level 2, the vessel owner or operator must: (1) Require all persons, including those granted recurring unescorted access to secure areas of the vessel in accordance with paragraph (c)(1) of this section, to verify their identity at each entry to a secure area by electronically matching the individual to the biometric information stored on the TWIC, including a verification of the individual's PIN; (2) Ensure the implementation of additional security measures, as specified for MARSEC Level 3 in the approved VSP. The additional security measures may include: (i) Screening all persons, baggage, and personal effects for dangerous substances and devices; (ii) Performing one or more of the following on unaccompanied baggage: (A) Screen unaccompanied baggage more extensively, for example, x- raying from two or more angles; (B) Prepare to restrict or suspend handling unaccompanied baggage; or (C) Refuse to accept unaccompanied baggage on board; (iii) Being prepared to cooperate with responders and facilities; (iv) Limiting access to the vessel to a single, controlled access point; (v) Granting access to only those responding to the security incident or threat thereof; (vi) Suspending embarkation and/or disembarkation of personnel; (vii) Suspending cargo operations; (viii) Evacuating the vessel; (ix) Moving the vessel; or (x) Preparing for a full or partial search of the vessel. 22. Amend Sec. 104.290 by redesignating paragraphs (a)(1) through (a)(5) as (a)(2) through (a)(6), respectively, and adding new paragraph (a)(1) to read as follows: Sec. 104.290 Security incident procedures. * * * * * (a) * * * (1) Providing a list of all individuals who have been granted access to the vessel, as maintained pursuant to Sec. 104.235 of this part; * * * * * 23. Revise Sec. 104.295 to read as follows: Sec. 104.295 Additional requirements--cruise ships. (a) The owner or operator of a U.S.-flagged cruise ship must ensure the following: (1) At all MARSEC levels: (i) Each crewmember or employee's identity and TWIC must be verified prior to allowing the individual to board the vessel at each entry to the vessel. The TWIC validation procedure must rely upon the most current information available from TSA. The identity verification procedure must electronically verify a match between the individual and the biometric information stored on the TWIC's ICC. (ii) All persons, baggage, and personal effects must be screened for dangerous substances and devices; (iii) The identification of all persons seeking to board the vessel must be checked. Persons holding a TWIC shall be checked as set forth in paragraph (a)(1) of this section. For persons not holding a TWIC, this check includes confirming the reason for boarding by examining passenger tickets, boarding passes, government identification or visitor badges, or work orders; (iv) Security patrols must be performed; and (v) Selected areas must be searched prior to embarking passengers and prior to sailing. (2) At MARSEC Level 2, in addition to the requirements of paragraph (a)(1)(i), above the owner or operator of a U.S.-flagged cruise ship must ensure that each crewmember or employee seeking to board the vessel is required to enter his or her correct PIN prior to being allowed to board. (3) At MARSEC Level 3, the owner or operator of a U.S.-flagged cruise ship must ensure that security briefs to passengers about the specific threat are provided. (b) The owner or operator of a foreign-flagged cruise ship must ensure the following: (1) At all MARSEC Levels: (i) All persons, baggage, and personal effects must be screened for dangerous substances and devices; (ii) The identification of all persons seeking to board the vessel must be checked, and must include confirming the reason for boarding by examining joining instructions, passenger tickets, boarding passes, government identification or visitor badges, or work orders; (iii) Perform security patrols; and (iv) Search selected areas prior to embarking passengers and prior to sailing. (2) At MARSEC Level 3, the owner or operator of a foreign cruise ship must ensure that security briefs to passengers about the specific threat are provided. Subpart D--Vessel Security Plan (VSP) 24. Revise Sec. 104.405(a)(10) to read as follows: Sec. 104.405 Format of the Vessel Security Plan (VSP). (a) * * * (10) Security measures for access control, including designated passenger access areas and TWIC implementation; * * * * * 25. From [effective date of the final rule] to [effective date of final rule + 5 years], add Subpart E--TWIC Addendum to read as follows: Subpart E--TWIC Addendum Sec. 104.500 General. 104.505 Submission and approval. 104.510 Integration of TWIC Addendum into full VSP. Subpart E--TWIC Addendum Sec. 104.500 General. A vessel owner or operator must ensure the completion of a TWIC Addendum. The TWIC Addendum must outline the security measures to be used on the vessel in order to implement a TWIC program as discussed in Sec. 104.265 of this part, including the alternate procedures to be used. Sec. 104.505 Submission and approval. (a) In accordance with Sec. 104.115, on or before [date six months after publication of the final rule], each vessel owner or operator not operating under an ASP must submit one copy of their TWIC Addendum, in English, for review and approval to the Commanding Officer, Marine Safety Center (MSC) and a letter certifying that their TWIC Addendum meets applicable requirements of this part. (b) Owners or operators of vessels not in service on or before [date of publication of final rule] must comply with Sec. 104.510 and submit a complete VSP that includes details regarding the implementation of a TWIC program. (c) The Commanding Officer, MSC, will examine each submission for compliance with this subpart and either: (1) Approve it and specify any conditions of approval, returning to the submitter a letter stating its acceptance and any conditions; (2) Return it for revision, returning a letter to the submitter with brief descriptions of the required revisions; or (3) Disapprove it, returning a letter to the submitter with a brief statement of the reasons for disapproval. [[Page 29443]] (d) A TWIC Addendum may be submitted and approved to cover more than one vessel where the vessel design and operations are similar. (e) Each company or vessel owner or operator that submits one TWIC Addendum to cover two or more vessels of similar design and operation must address vessel-specific information that includes the physical and operational characteristics of each vessel. (f) A TWIC Addendum will be given the same expiration date as the vessel's full VSP. Sec. 104.510 Integration of TWIC Addendum into full VSP. Upon gaining approval for the TWIC Addendum, the vessel owner or operator must incorporate the approved TWIC Addendum into the VSP when the vessel's VSP is due for reapproval in accordance with Subpart D of this part. PART 105--MARITIME SECURITY: FACILITIES 26. The authority citation for part 105 continues to read as follows: Authority: 33 U.S.C. 1226, 1231; 46 U.S.C. 70103; 50 U.S.C. 191; 33 CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; Department of Homeland Security Delegation No, 0170.1. 27. From [effective date of the final rule] to [effective date of final rule + 5 years], amend Sec. 105.115 by adding paragraph (c) to read as follows: Sec. 105.115 Compliance dates. * * * * * (c) Facility owners or operators must: (1) Submit a TWIC Addendum to their COTP to cover each facility they own or operate subject to this part on or before [date 6 months after publication of final rule]; and (2) Be operating in accordance with the TWIC provisions found within this part, as outlined in their TWIC Addendum, between [date 1 year after publication of the final rule] and [date 18 months after publication of the final rule], depending on whether enrollment has been completed in the port where the facility is operating, in accordance with 49 CFR 1572.19. 28. Amend Sec. 105.120 by: a. Designating the undesignated text as paragraph (a); b. Redesignating paragraphs (a), (b), and (c) as (a)(1), (a)(2), and (a)(3), respectively; and c. Adding paragraph (b) to read as follows: Sec. 105.120 Compliance documentation. * * * * * (b) From [effective date of final rule] to [effective date of the final rule + 5 years], this paragraph (b) shall apply. Each facility owner or operator subject to this part must ensure, before [date one year after publication of final rule] that a copies of the following documentation are available at the facility and are made available to the Coast Guard upon request: (1) The approved TWIC addendum and any approved revisions or amendments thereto, and a letter of approval from the cognizant COTP dated within the last 5 years; (2) The TWIC Addendum submitted for approval and current written acknowledgment from the cognizant COTP, stating that the Coast Guard is currently reviewing the TWIC Addendum submitted for approval and that the facility may continue to operate; or (3) For facilities operating under a Coast Guard-approved Alternative Security Program as provided in Sec. 105.140, a copy of the Alternative Security Program the facility is using, including a facility specific security assessment report generated under the Alternative Security Program, as specified in Sec. 101.120(b)(3) of this subchapter, and a letter signed by the facility owner or operator, stating which Alternative Security Program the facility is using and certifying that the facility is in full compliance with that program, as it has been amended pursuant to Sec. 101.121 of this subchapter. Subpart B--Facility Security Requirements 29. Revise Sec. 105.200(b) to read as follows: Sec. 105.200 Owner or operator. * * * * * (b) For each facility, the facility owner or operator must: (1) Define the security organizational structure and provide each person exercising security duties and responsibilities within that structure the support needed to fulfill those obligations; (2) Designate, in writing, by name or by title, a Facility Security Officer (FSO) and identify how the officer can be contacted at any time; (3) Ensure that a Facility Security Assessment (FSA) is conducted; (4) Ensure the development and submission for approval of a Facility Security Plan (FSP); (5) Ensure that the facility operates in compliance with the approved FSP; (6) Ensure that the TWIC program is properly implemented as set forth in this part, including; (i) Ensuring that only individuals who hold a TWIC and are authorized to be in the area in accordance with the FSP are permitted to escort; (ii) Identifying what action is to be taken by an escort, or other authorized individual, should individuals under escort engage in activities other than those for which escorted access was granted; and (iii) Ensuring that security systems and equipment are installed and maintained, including at least one TWIC reader that meets the standard incorporated by TSA in 49 CFR 1572.23, and that computer and access control systems and hardware are secure; (7) Ensure that restricted areas are controlled and TWIC provisions are coordinated, if applied to such restricted areas; (8) Ensure that adequate coordination of security issues takes place between the facility and vessels that call on it, including the execution of a Declaration of Security (DoS) as required by this part; (9) Ensure coordination of shore leave for vessel personnel or crew change-out, as well as access through the facility for visitors to the vessel (including representatives of seafarers' welfare and labor organizations), with vessel operators in advance of a vessel's arrival. In coordinating such leave, facility owners or operators may refer to treaties of friendship, commerce, and navigation between the U.S. and other nations. The text of these treaties can be found at http://www.marad.dot.gov/Programs/treaties.html ; (10) Ensure, within 12 hours of notification of an increase in MARSEC Level, implementation of the additional security measures required for the new MARSEC Level; (11) Ensure security for unattended vessels moored at the facility; (12) Ensure the report of all breaches of security and transportation security incidents to the National Response Center in accordance with part 101 of this chapter; (13) Ensure consistency between security requirements and safety requirements; (14) Inform facility personnel of their responsibility to apply for and maintain a TWIC, including the deadlines and methods for such applications, and of their obligation to inform TSA of any event that would render them ineligible for a TWIC, or which would invalidate their existing TWIC; (15) Ensure that protocols are in place for responding to TWIC holders presenting for entry who cannot electronically verify a match between themselves and the information stored on the credential's ICC. These must include interim alternative security [[Page 29444]] measures for an individual who cannot electronically verify his identity. Such provisions should take into account measures appropriate for occasional failures to verify and for persistent problems with verification such that a person may require a new credential; (16) Ensure that protocols are in place for responding to TWIC holders presenting for entry whose cards have been revoked by TSA, or other appropriate authority, or otherwise reported as invalid, and provisions for individuals requiring access who report a lost or stolen TWIC; (17) Ensure there are alternate provisions in case of equipment or power failures that affect TWIC readers and other validation equipment; and (18) Ensure that appropriate personnel know who is on the facility at all times. 30. Amend Sec. 105.205 by adding paragraphs (a)(4), (b)(2)(xv) and (c)(19) to read as follows: Sec. 105.205 Facility Security Officer (FSO). (a) * * * (4) The FSO must maintain a valid TWIC. (b) * * * (2) * * * (xv) Knowledge of TWIC. (c) * * * (19) Ensure the TWIC program is being properly implemented. 31. Amend Sec. 105.210 by revising the introductory paragraph and adding paragraph (n) to read as follows: Sec. 105.210 Facility personnel with security duties. Facility personnel responsible for security duties must maintain a valid TWIC, and must have knowledge, through training or equivalent job experience, in the following, as appropriate: * * * * * (n) Familiar with all relevant aspects of the TWIC program and how to carry them out. 32. Amend Sec. 105.215 by adding paragraph (f) to read as follows: Sec. 105.215 Security training for all other facility personnel. * * * * * (f) Familiar with all relevant aspects of the TWIC program and how to carry them out. 33. Amend Sec. 105.225 by adding paragraph (b)(9) to read as follows: Sec. 105.225 Facility recordkeeping requirements. * * * * * (b) * * * (9) Records of those individuals who are granted access to the secure areas of the facility, including records of when these individuals exit the facility and, in the case of individuals who are escorted, the identification of the individual who escorted or the method by which the individual was escorted. * * * * * 34. Revise Sec. 105.255 to read as follows: Sec. 105.255 Security measures for access control. (a) General. The facility owner or operator must ensure the implementation of security measures to: (1) Deter the unauthorized introduction of dangerous substances and devices, including any device intended to damage or destroy persons, vessels, facilities, or ports; (2) Secure dangerous substances and devices that are authorized by the owner or operator to be on the facility; (3) Control access to the facility; and (4) Prevent an unescorted individual from entering an area of the facility that is designated as a secure area unless the individual holds a duly issued TWIC and is authorized to be in the area in accordance with the facility security plan. (b) The facility owner or operator must ensure that the following are specified: (1) The locations where restrictions or prohibitions that prevent unauthorized access are applied for each MARSEC Level, including those points where a TWIC reader is or will be deployed. Each location allowing means of access to the facility must be addressed; (2) The types of restrictions or prohibitions to be applied and the means of enforcing them; (3) The means used to establish the identity of individuals not in possession of a TWIC, in accordance with Sec. 101.515 of this subchapter, and procedures for escorting them; (4) Procedures for identifying authorized and unauthorized persons at any MARSEC level; and (5) The locations where persons, personal effects and vehicle screenings are to be conducted. The designated screening areas should be covered to provide for continuous operations regardless of the weather conditions. (c) The facility owner or operator must ensure that a TWIC program is implemented as follows: (1) Prior to granting any individual unescorted access to secure areas of the facility, ensure that the individual being granted access privileges has a TWIC and verify the individual's identity. The identity verification procedure must electronically verify a match between the individual and the biometric information stored on the TWIC's ICC. The validity of the TWIC itself shall also be verified at this time; (2) Ensure that any individual granted unescorted access to secure areas of the facility is able to produce his or her TWIC upon request; (3) Uses disciplinary measures to prevent fraud and abuse; (4) Allows for temporary access if alternative security measures are implemented due to a failure of the TWIC system, and the individual can meet or pass those alternative security measures; (5) Is coordinated, when practicable, with identification and TWIC systems of vessels or other transportation conveyances that use the facility; and (6) Periodically verifies the validity of TWICs as outlined in paragraphs (f)(1), (g)(1) and (h)(1) of this section. (d) If the facility owner or operator uses a separate identification system, ensure that it complies and is coordinated with TWIC provisions in this part. (e) The facility owner or operator must establish in the approved Facility Security Plan (FSP) the frequency of application of any access controls, particularly if they are to be applied on a random or occasional basis. (f) MARSEC Level 1. The facility owner or operator must ensure the following security measures are implemented at the facility: (1) Implement TWIC as set out in paragraph (c) of this section. The validity of a TWIC presented for unescorted access shall be verified using information that is no more than seven (7) days old; (2) Screen persons, baggage (including carry-on items), personal effects, and vehicles, for dangerous substances and devices at the rate specified in the approved FSP, excluding government-owned vehicles on official business when government personnel present identification credentials for entry; (3) Conspicuously post signs that describe security measures currently in effect and clearly state that: (i) Entering the facility is deemed valid consent to screening or inspection; and (ii) Failure to consent or submit to screening or inspection will result in denial or revocation of authorization to enter; (4) Check the identification of any person not holding a TWIC and seeking entry to the facility, including vessel passengers, vendors, personnel duly authorized by the cognizant government authorities, and visitors. This check shall include confirming the reason for [[Page 29445]] boarding by examining at least one of the following: (i) Joining instructions; (ii) Passenger tickets; (iii) Boarding passes; (iv) Work orders, pilot orders, or surveyor orders; (v) Government identification; or (vi) Visitor badges issued in accordance with an identification system implemented under paragraph (d) of this section; (5) Deny or revoke a person's authorization to be on the facility if the person is unable or unwilling, upon the request of facility personnel, to establish his or her identity in accordance with this part or to account for his or her presence. Any such incident must be reported in compliance with this part; (6) Designate restricted areas and provide appropriate access controls for these areas; (7) Identify access points that must be secured or attended to deter unauthorized access; (8) Deter unauthorized access to the facility and to designated restricted areas within the facility; (9) Screen by hand or device, such as x-ray, all unaccompanied baggage prior to loading onto a vessel; and (10) Secure unaccompanied baggage after screening in a designated restricted area and maintain security control during transfers between the facility and a vessel. (g) MARSEC Level 2. In addition to the security measures required for MARSEC Level 1 in this section, at MARSEC Level 2, the facility owner or operator must: (1) Verify the validity of TWIC credentials presented by all persons, using information that is no more than one (1) day old, and ensure that all TWIC enabled gates are manned; and (2) Ensure the implementation of additional security measures, as specified for MARSEC Level 2 in their approved FSP. These additional security measures may include: (i) Increasing the frequency and detail of the screening of persons, baggage, and personal effects for dangerous substances and devices entering the facility; (ii) X-ray screening of all unaccompanied baggage; (iii) Assigning additional personnel to guard access points and patrol the perimeter of the facility to deter unauthorized access; (iv) Limiting the number of access points to the facility by closing and securing some access points and providing physical barriers to impede movement through the remaining access points; (v) Denying access to visitors who do not have a verified destination; (vi) Deterring waterside access to the facility, which may include, using waterborne patrols to enhance security around the facility; or (vii) Except for government-owned vehicles on official business when government personnel present identification credentials for entry, screening vehicles and their contents for dangerous substances and devices at the rate specified for MARSEC Level 2 in the approved FSP. (h) MARSEC Level 3. In addition to the security measures required for MARSEC Level 1 and MARSEC Level 2, at MARSEC level 3, the facility owner or operator must ensure that each person holding a TWIC and seeking unescorted access to a secure area is required to enter his or her correct PIN prior to being allowed to enter that area, and must ensure the implementation of additional security measures, as specified for MARSEC Level 3 in their approved FSP. These additional security measures may include: (1) Screening all persons, baggage, and personal effects for dangerous substances and devices; (2) Performing one or more of the following on unaccompanied baggage: (i) Screen unaccompanied baggage more extensively; for example, x- raying from two or more angles; (ii) Prepare to restrict or suspend handling unaccompanied baggage; or (iii) Refuse to accept unaccompanied baggage; (3) Being prepared to cooperate with responders and facilities; (4) Granting access to only those responding to the security incident or threat thereof; (5) Suspending access to the facility; (6) Suspending cargo operations; (7) Evacuating the facility; (8) Restricting pedestrian or vehicular movement on the grounds of the facility; or (9) Increasing security patrols within the facility. 35. Amend Sec. 105.280 by adding paragraph (f) to read as follows: Sec. 105.280 Security incident procedures. * * * * * (f) Provide a list of all persons granted access to the facility, as required to be maintained in Sec. 105.225. 36. Amend Sec. 105.285 by revising paragraph (a)(4) to read as follows: Sec. 105.285 Additional requirements-passenger and ferry facilities. (a) * * * (4) Deny passenger access to secure and restricted areas unless escorted by authorized facility security personnel; and * * * * * 37. Revise Sec. 105.290 to read as follows: Sec. 105.290 Additional requirements-cruise ship terminals. At all MARSEC Levels, in coordination with a vessel moored at the facility, the facility owner or operator must ensure the following security measures: (a) Screen all persons, baggage, and personal effects for dangerous substances and devices; (b) Check the identification of all persons seeking to enter the facility. Persons holding a TWIC shall be checked as set forth in this part. For persons not holding a TWIC, this check includes confirming the reason for boarding by examining passenger tickets, boarding passes, government identification or visitor badges, or work orders; (c) Designate holding, waiting, or embarkation areas within the facility's secure area to segregate screened persons and their personal effects awaiting embarkation from unscreened persons and their personal effects; (d) Provide additional security personnel to designated holding, waiting, or embarkation areas within the facility's secure area; and (e) Deny individuals not holding a TWIC access to secure and restricted areas unless escorted. 38. Amend Sec. 105.295 by revising paragraph (a)(1) to read as follows: Sec. 105.295 Additional requirements-Certain Dangerous Cargo (CDC) facilities. (a) * * * (1) Escort all non-TWIC holders at all times while on the facility; * * * * * 39. Amend Sec. 105.296 by adding paragraph (a)(4) to read as follows: Sec. 105.296 Additional requirements-barge fleeting facilities. (a) * * * (4) Control access to the barges once tied to the fleeting area by implementing TWIC as described in Sec. 105.255 of this part. * * * * * Subpart D--Facility Security Plan (FSP) 40. Revise Sec. 105.405(a)(10) to read as follows: Sec. 105.405 Format and content of the Facility Security Plan (FSP). (a) * * * [[Page 29446]] (10) Security measures for access control, including designated public access areas and TWIC implementation; * * * * * 41. From [effective date of the final rule] to [effective date of final rule + 5 years], add Subpart E--TWIC Addendum to read as follows: Subpart E--TWIC Addendum Sec. 105.500 General. 105.505 Submission and approval. 105.510 Integration of TWIC Addendum into full FSP. Subpart E--TWIC Addendum Sec. 105.500 General. A facility owner or operator must ensure the completion of a TWIC Addendum. The TWIC Addendum must outline the security measures to be used on the facility in order to implement a TWIC program as discussed in Sec. 105.255 of this part, including the alternate procedures to be used. Sec. 105.505 Submission and approval. (a) In accordance with Sec. 105.115, on or before [date six months after publication of the final rule], each facility owner or operator must either: (1) Submit one copy of their TWIC Addendum, in English, for review and approval to the cognizant COTP and a letter certifying that their TWIC Addendum meets applicable requirements of this part; or (2) If operating under a Coast Guard-approved Alternative Security Program (ASP), a letter signed by the facility owner or operator stating which approved ASP the owner or operator is using, and affirming that any new provisions of that ASP regarding TWIC have been implemented. (b) Owners or operators of facilities not in service on or before [date of publication of the final rule] must comply with Sec. 105.510 and submit a complete FSP that includes details regarding the implementation of a TWIC program. (c) The cognizant COTP will examine each submission for compliance with this subpart and either: (1) Approve it and specify any conditions of approval, returning to the submitter a letter stating its acceptance and any conditions; (2) Return it for revision, returning a copy to the submitter with brief descriptions of the required revisions; or (3) Disapprove it, returning a copy to the submitter with a brief statement of the reasons for disapproval. (d) A TWIC Addendum may be submitted and approved to cover more than one facility where they share similarities in design and operations, if authorized and approved by each cognizant COTP. (e) Each facility owner or operator that submits one TWIC Addendum to cover two or more facilities of similar design and operation must address facility-specific information that includes the design and operational characteristics of each facility. (f) A TWIC Addendum will be given the same expiration date as the facility's full FSP. Sec. 105.510 Integration of TWIC Addendum into full FSP. * * * * * Upon gaining approval for the TWIC Addendum, the facility owner or operator must incorporate the approved TWIC Addendum into the FSP when the facility's FSP is due for reapproval in accordance with Subpart D of this part. PART 106--MARITIME SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES 42. The authority citation for part 106 continues to read as follows: Authority: 33 U.S.C. 1226, 1231; 46 U.S.C. Chapter 701; 50 U.S.C. 191; 33 CFR 1.05-1, 6.04-11, 6.14, 6.16, and 6.19; Department of Homeland Security Delegation No, 0170.1. 43. From [effective date of the final rule] to [effective date of final rule + 5 years] amend Sec. 106.110 by adding paragraph (d) to read as follows: Sec. 106.110 Compliance dates. (d) OCS facility owners and operators must: (1) Submit a TWIC Addendum to the cognizant District Commander to cover each facility they own or operate subject to this part on or before [date 6 months after publication of final rule]; and (2) Be operating in accordance with the TWIC provisions found within this part, as outlined in their TWIC Addendum, between [date 1 year after publication of the final rule] and [date 18 months after publication of the final rule], depending on whether enrollment has been completed in the port where the facility is operating, in accordance with 49 CFR 1572.19. 44. Amend Sec. 106.115 by: a. Designating the undesignated text as paragraph (a); b. Redesignating paragraphs (a), (b), and (c) as (a)(1), (a)(2), and (a)(3), respectively; and c. Adding paragraph (b) to read as follows: Sec. 106.115 Compliance documentation. * * * * * (b) From [effective date of final rule] to [effective date of final rule + 5 years], this paragraph (b) shall apply. Each OCS facility owner or operator subject to this part must ensure, before [date one year after publication of final rule] that a copies of the following documentation are available at the OCS facility and are made available to the Coast Guard upon request: (1) The approved TWIC addendum and any approved revisions or amendments thereto, and a letter of approval from the cognizant District Commander dated within the last 5 years; (2) The TWIC Addendum submitted for approval and current written acknowledgment from the cognizant District Commander, stating that the Coast Guard is currently reviewing the TWIC Addendum submitted for approval and that the OCS facility may continue to operate; or (3) For OCS facilities operating under a Coast Guard-approved Alternative Security Program as provided in Sec. 106.135, a copy of the Alternative Security Program the OCS facility is using, including a facility specific security assessment report generated under the Alternative Security Program, as specified in Sec. 101.120(b)(3) of this subchapter, and a letter signed by the OCS facility owner or operator, stating which Alternative Security Program the OCS facility is using and certifying that the OCS facility is in full compliance with that program, as it has been amended pursuant to Sec. 101.121 of this subchapter. 45. Revise Sec. 106.200(b) to read as follows: Sec. 106.200 Owner or operator. * * * * * (b) For each OCS facility, the OCS facility owner or operator must: (1) Define the security organizational structure for each OCS Facility and provide each person exercising security duties or responsibilities within that structure the support needed to fulfill those obligations; (2) Designate in writing, by name or title, a Company Security Officer (CSO) and a Facility Security Officer (FSO) for each OCS Facility and identify how those officers can be contacted at any time; (3) Ensure that a Facility Security Assessment (FSA) is conducted; (4) Ensure the development and submission for approval of a Facility Security Plan (FSP); (5) Ensure that the OCS facility operates in compliance with the approved FSP; (6) Ensure that the TWIC program is properly implemented as set forth in this part, including: [[Page 29447]] (i) Ensuring that only individuals who hold a TWIC and are authorized to be in the area in accordance with the OCS FSP are permitted to escort; (ii) Identifying what action is to be taken by an escort, or other authorized individual, should individuals under escort engage in activities other than those for which escorted access was granted; and (iii) Ensuring that security systems and equipment are installed and maintained, including at least one TWIC reader that meets the standard incorporated by TSA in 49 CFR 1572.23, and that computer and access control systems and hardware are secure; (7) Ensure that adequate coordination of security issues takes place between OCS facilities and vessels, including the execution of a Declaration of Security (DoS) as required by this part; (8) Ensure, within 12 hours of notification of an increase in MARSEC Level, implementation of the additional security measures required by the FSP for the new MARSEC Level; (9) Ensure all breaches of security and security incidents are reported in accordance with part 101 of this subchapter; (10) Ensure consistency between security requirements and safety requirements; (11) Inform OCS facility personnel of their responsibility to apply for and maintain a TWIC, including the deadlines and methods for such applications, and of their obligation to inform TSA of any event that would render them ineligible for a TWIC, or which would invalidate their existing TWIC; (12) Ensure that protocols are in place for responding to TWIC holders presenting for entry who cannot electronically verify a match between themselves and the biometric information stored on the credential's ICC. These must include interim alternative security measures for an individual who cannot electronically identify his identity. Such provisions should take into account measures appropriate for occasional failures to verify and for persistent problems with verification such that a person may require a new credential; (13) Ensure that protocols are in place for responding to TWIC holders presenting for entry whose cards have been revoked by TSA, or other appropriate authority, or otherwise reported as invalid, and provisions for individuals requiring access who report a lost or stolen TWIC; (14) Ensure there are alternate provisions in case of equipment or power failures that affect TWIC readers and other validation equipment; and (15) Ensure that appropriate personnel know who is on the OCS facility at all times. 46. Amend Sec. 106.205 by adding paragraphs (a)(4), (c)(13) and (d)(13) to read as follows: Sec. 106.205 Company Security Officer (CSO). (a) * * * (4) The CSO must maintain a valid TWIC. * * * * * (c) * * * (13) Knowledge of TWIC. (d) * * * (13) Ensure the TWIC program is being properly implemented. 47. Amend Sec. 106.210 by adding paragraphs (a)(4) and (c)(15) to read as follows: Sec. 106.210 OCS Facility Security Officer (FSO). (a) * * * (4) The FSO must maintain a valid TWIC. * * * * * (c) * * * (15) Ensure the TWIC programs is properly implemented. 48. Amend Sec. 106.215 by revising the introductory paragraph and redesignating paragraphs (k) and (l) as (l) and (m), respectively, and adding new paragraph (k) to read as follows: Sec. 106.215 Company of OCS facility personnel with security duties. Company and OCS facility personnel responsible for security duties must maintain a valid TWIC, and must have knowledge, through training or equivalent job experience, in the following, as appropriate: * * * * * (k) Familiarity with all relevant aspects of the TWIC program and how to carry them out; * * * * * 49. Amend Sec. 106.220 by adding paragraph (f) to read as follows: Sec. 106.220 Security training for all other OCS personnel. * * * * * (f) Familiarity with all relevant aspects of the TWIC program and how to carry them out. 50. Revise Sec. 106.230 by adding paragraph (b)(9) to read as follows: Sec. 106.230 OCS facility recordkeeping requirements. * * * * * (b) * * * (9) Records of those individuals who are granted access to the secure area of the OCS facility, including records of when these individuals exit the OCS facility and, in the case of individuals who are escorted, the identification of the individual who escorted or the method by which the individual was escorted. 51. Revise Sec. 106.260 to read as follows: Sec. 106.260 Security measures for access control. (a) General. The OCS facility owner or operator must ensure the implementation of security measures to: (1) Deter the unauthorized introduction of dangerous substances and devices, including any device intended to damage or destroy persons, vessels, or the OCS facility; (2) Secure dangerous substances and devices that are authorized by the OCS facility owner or operator to be on board; (3) Control access to the OCS facility; and (4) Prevent an unescorted individual from entering the OCS facility unless the individual holds a duly issued TWIC and is authorized to be on the OCS facility in accordance with the OCS facility security plan. (b) The OCS facility owner or operator must ensure that the following are specified: (1) All locations providing means of access to the OCS facility where access restrictions or prohibitions are applied for each security level to prevent unauthorized access, including those points where a TWIC reader is or will be deployed; (2) The identification of the types of restriction or prohibition to be applied and the means of enforcing them; (3) The means used to establish the identity of individuals not in possession of a TWIC and the means by which they will be allowed access to the OCS facility; and (4) Procedures for identifying authorized and unauthorized persons at any MARSEC level. (c) The OCS facility owner or operator must ensure that a TWIC program is implemented as follows: (1) Prior to granting any individual unescorted access to the OCS facility, ensure that the individual has a TWIC and verify the individual's identity. The identity verification procedure must electronically verify a match between the individual and the biometric information stored on the TWIC's ICC. The validity of the TWIC itself must also be verified at this time; (2) Ensure that any individual granted unescorted access to the OCS facility is able to produce his or her TWIC upon request; [[Page 29448]] (3) Uses disciplinary measures to prevent fraud and abuse; (4) Allows for temporary access if alternative security measures are implemented due to a failure of the TWIC system, and the individual can meet or pass those alternative security measures; and (5) Periodically verifies the validity of TWICs, using the latest information available from TSA, as outlined in paragraphs (f)(1), (g)(1) and (h)(1) of this section. (d) If the OCS facility owner or operator uses a separate identification system, ensure that it is coordinated with identification and TWIC systems in place on vessels conducting operations with the OCS facility. (e) The OCS facility owner or operator must establish in the approved Facility Security Plan (FSP) the frequency of application of any access controls, particularly if they are to be applied on a random or occasional basis. (f) MARSEC Level 1. The OCS facility owner or operator must ensure the following security measures are implemented at the facility: (1) Implement TWIC as set out in paragraph (c) of this section. The validity of a TWIC presented for unescorted access shall be verified using information that is no more than seven (7) days old. The validity of a TWIC held by a person already granted access to the OCS facility shall be verified weekly, using the most current information available from TSA; (2) Screen persons and personal effects going aboard the OCS facility for dangerous substances and devices at the rate specified in the approved FSP; (3) Conspicuously post signs that describe security measures currently in effect and clearly stating that: (i) Boarding an OCS facility is deemed valid consent to screening or inspection; and (ii) Failure to consent or submit to screening or inspection will result in denial or revocation of authorization to be on board; (4) Check the identification of any person seeking to board the OCS facility, including OCS facility employees, passengers and crews of vessels interfacing with the OCS facility, vendors, and visitors and ensure that non-TWIC holders are denied unescorted access to the OCS facility; (5) Deny or revoke a person's authorization to be on board if the person is unable or unwilling, upon the request of OCS facility personnel, to establish his or her identity in accordance with this part or to account for his or her presence on board. Any such incident must be reported in compliance with this part; (6) Deter unauthorized access to the OCS facility; (7) Identify access points that must be secured or attended to deter unauthorized access; (8) Lock or otherwise prevent access to unattended spaces that adjoin areas to which OCS facility personnel and visitors have access; (9) Ensure OCS facility personnel are not required to engage in or be subjected to screening, of the person or of personal effects, by other OCS facility personnel, unless security clearly requires it; (10) Provide a designated secure area on board, or in liaison with a vessel interfacing with the OCS facility, for conducting inspections and screening of people and their personal effects; and (11) Respond to the presence of unauthorized persons on board. (g) MARSEC Level 2. In addition to the security measures required for MARSEC Level 1 in this section, at MARSEC Level 2, the OCS facility owner or operator must: (1) Verify the validity of a TWIC presented for unescorted access shall be verified using information that is no more than one (1) day old, and verify the validity of a TWIC held by a person already granted access to the OCS facility daily, using the most current information available from TSA; (2) Ensure the implementation of additional security measures, as specified for MARSEC Level 2 in the approved FSP. These additional security measures may include: (i) Increasing the frequency and detail of screening of people and personal effects embarking onto the OCS facility as specified for MARSEC Level 2 in the approved FSP; (ii) Assigning additional personnel to patrol deck areas during periods of reduced OCS facility operations to deter unauthorized access; (iii) Limiting the number of access points to the OCS facility by closing and securing some access points; or (iv) Deterring waterside access to the OCS facility, which may include, providing boat patrols. (h) MARSEC Level 3. In addition to the security measures required for MARSEC Level 1 and MARSEC Level 2, at MARSEC level 3, the facility owner or operator must ensure that each person holding a TWIC and seeking unescorted access to a secure area is required to enter his or her correct PIN prior to being allowed to enter that area, and must ensure the implementation of additional security measures, as specified for MARSEC Level 3 in their approved FSP. The additional security measures may include: (1) Screening all persons and personal effects for dangerous substances and devices; (2) Being prepared to cooperate with responders; (3) Limiting access to the OCS facility to a single, controlled access point; (4) Granting access to only those responding to the security incident or threat thereof; (5) Suspending embarkation and/or disembarkation of personnel; (6) Suspending the loading of stores or industrial supplies; (7) Evacuating the OCS facility; or (8) Preparing for a full or partial search of the OCS facility. 52. Amend Sec. 106.280 by adding paragraph (g) to read as follows: Sec. 106.280 Security incident procedures. * * * * * (g) Provide a list of all persons granted access to the OCS facility, as required to be maintained in Sec. 106.230. Subpart D--Outer Continental Shelf (OCS) Facility Security Plan (FSP) 53. Revise Sec. 106.405(a)(10) to read as follows: Sec. 106.405 Format of the Facility Security Plan (FSP). (a) * * * (10) Security measures for access control, including TWIC implementation; * * * * * 54. From [effective date of the final rule] to [effective date of final rule + 5 years], add Subpart E--TWIC Addendum to read as follows: Subpart E--TWIC Addendum Sec. 106.500 General. 106.505 Submission and approval. 106.510 Integration of TWIC Addendum into full FSP. Subpart E--TWIC Addendum Sec. 106.500 General. An OCS facility owner or operator must ensure the completion of a TWIC Addendum. The TWIC Addendum must outline the security measures to be used on the OCS facility in order to implement a TWIC program as discussed in Sec. 106.260 of this part, including the alternate procedures to be used. Sec. 106.505 Submission and approval. (a) In accordance with Sec. 106.115, on or before [date six months after date of publication of final rule], each OCS facility owner or operator must either: [[Page 29449]] (1) Submit one copy of their TWIC Addendum, in English, for review and approval to the cognizant District Commander and a letter certifying that their TWIC Addendum meets applicable requirements of this part; or (2) If operating under a Coast Guard-approved Alternative Security Program (ASP), a letter signed by the OCS facility owner or operator stating which approved ASP the owner or operator is using, and affirming that any new provisions of that ASP regarding TWIC have been implemented. (b) Owners or operators of OCS facilities not in service on or before [date of publication of final rule] must comply with Sec. 106.510 and submit a complete FSP that includes details regarding the implementation of a TWIC program. (c) The cognizant District Commander will examine each submission for compliance with this subpart and either: (1) Approve it and specify any conditions of approval, returning to the submitter a letter stating its acceptance and any conditions; (2) Return it for revision, returning a copy to the submitter with brief descriptions of the required revisions; or (3) Disapprove it, returning a copy to the submitter with a brief statement of the reasons for disapproval. (d) A TWIC Addendum may be submitted and approved to cover more than one facility where they share similarities in physical characteristics, location, and operations. (e) Each OCS facility owner or operator that submits one TWIC Addendum to cover two or more OCS facilities of similar design, location, and operation must address OCS facility-specific information that includes the physical and operational characteristics of each OCS facility. (f) A TWIC Addendum will be given the same expiration date as the OCS facility's full FSP. Sec. 106.510 Integration of TWIC Addendum into full FSP. Upon gaining approval for the TWIC Addendum, the OCS facility owner or operator must incorporate the approved TWIC Addendum into the FSP when the OCS facility's FSP is due for reapproval in accordance with Subpart D of this part. PART 125--IDENTIFICATION CREDENTIALS FOR PERSONS REQUIRING ACCESS TO WATERFRONT FACILITIES OR VESSELS 55. The authority citation for part 125 is revised to read as follows: Authority: R.S. 4517, 4518, secs. 19, 2, 23 Stat. 58, 118, sec. 7, 49 Stat. 1936, sec. 1, 40 Stat. 220; 46 U.S.C. 570'572, 2, 689, and 70105; 50 U.S.C. 191, EO 10173, EO 10277, EO 10352, 3 CFR, 1949--1953 Comp. pp. 356, 778, 873. 56. In Sec. 125.09, revise paragraph (f) and add paragraph (g) to read as follows: Sec. 125.09 Identification credentials. * * * * * (f) Transportation Worker Identification Credential. (g) Such other identification as may be approved by the Commandant from time to time. Title 46--Shipping Chapter I--Coast Guard PART 10--LICENSING OF MARITIME PERSONEL 57. The authority citation for part 10 continues to read as follows: Authority: 14 U.S.C. 633; 31 U.S.C. 9701; 46 U.S.C. 2101, 2103, and 2110; 46 U.S.C. chapter 71; 46 U.S.C. 7502, 7505, 7701, and 8906; Executive Order 10173; Department of Homeland Security Delegation No. 0170.1. Section 11.107 is also issued under the authority of 44 U.S.C. 3507. 58. Add new Sec. 10.113 to read as follows: Sec. 10.113 Transportation Worker Identification Credential In accordance with the implementation schedule contained in 49 CFR 1572.19, all mariners holding an active License, Certificate of Registry or STCW endorsement issued under this Part must hold a valid Transportation Worker Identification Credential (TWIC) issued by the Transportation Security Administration under title 49 CFR part 1572. PART 12--CERTIFICATION OF SEAMEN 59. The authority citation for part 12 is revised to read as follows: Authority: 31 U.S.C. 9701; 46 U.S.C. 2101, 2103, 2110, 7301, 7302, 7503, 7505, 7701, and 70105; Department of Homeland Security Delegation No. 0170.1. 60. Add new Sec. 12.01-11 to read as follows: Sec. 12.01-11 Transportation Worker Identification Credential. In accordance with the implementation schedule contained in 49 CFR 1572.19, all mariners holding a Merchant Mariner's Document or STCW endorsement issued under this Part must hold a valid Transportation Worker Identification Credential (TWIC) issued by the Transportation Security Administration under 49 CFR part 1572. PART 15--MANNING REQUIREMENTS 61. The authority citation for part 15 is revised to read as follows: Authority: 46 U.S.C. 2101, 2103, 3306, 3703, 8101, 8102, 8104, 8105, 8301, 8304, 8502, 8503, 8701, 8702, 8901, 8902, 8903, 8904, 8905(b), 8906, 9102, and 70105; and Department of Homeland Security Delegation No. 0170.1. 62. Add new Sec. 15.415 to read as follows: Sec. 15.415 Transportation Worker Identification Credential. In accordance with the implementation schedule contained in 49 CFR 1572.19, a person may not employ or engage an individual, and an individual may not serve in a position in which an individual is required by law or regulation to hold an active License, Merchant Mariner Document, Certificate of Registry or STCW endorsement, unless the individual holds a valid Transportation Security Identification Credential (TWIC). All mariners holding an active License, Merchant Mariner Document, Certificate of Registry or STCW endorsement issued by the Coast Guard must hold a valid TWIC issued by the Transportation Security Administration under 49 CFR part 1572. Title 49--Transportation Chapter XII--Transportation Security Administration Subchapter A--Administrative and Procedural Rules 63. Add a new part 1515 to subchapter A to read as follows: PART 1515--APPEAL AND WAIVER PROCEDURES FOR SECURITY THREAT ASSESSMENTS FOR INDIVIDUALS Sec. 1515.1 Scope. 1515.3 Terms used in this part. 1515.5 Appeal procedures. 1515.7 Waiver procedures. Authority: 46 U.S.C. 70105; 49 U.S.C. 114, 5103a, 40113, and 46105; 18 U.S.C. 842, 845; 6 U.S.C. 469. Sec. 1515.1 Scope. This part applies to applicants who undergo one of the following security threat assessments and wish to appeal an Initial Determination of Threat Assessment or an Initial Determination of Threat Assessment and Immediate Revocation or apply for a waiver: (a) For a hazardous materials endorsement (HME) as described in 49 CFR part 1572. [[Page 29450]] (b) For a Transportation Worker Identification Credential (TWIC) as described in 49 CFR part 1572. Sec. 1515.3 Terms used in this part. The terms used in 49 CFR parts 1500, 1540, 1570, and 1572 also apply in this part. In addition, the following terms are used in this part: Applicant means a person who has applied for one of the security threat assessments identified in Sec. 1515.1. Date of service means-- (1) In the case of personal service, the date of personal delivery to the residential address listed on the application; (2) In the case of mailing with a certificate of service, the date shown on the certificate of service; (3) In the case of mailing and there is no certificate of service, 10 days from the date mailed to the address designated on the application as the mailing address; (4) In the case of mailing with no certificate of service or postmark, the date mailed to the address designated on the application as the mailing address shown by other evidence; or (5) The date on which an electronic transmission occurs. Day means calendar day. Security threat assessment means the threat assessment for which the applicant has applied, as described in Sec. 1515.1. Sec. 1515.5 Appeal procedures. (a) Scope. This section applies to appeals from an Initial Determination of Threat-- (1) For a hazardous materials endorsement (HME) as described in 49 CFR 1572.15. (2) For a Transportation Worker Identification Credential (TWIC) as described in 49 CFR 1572.15. (b) Grounds for appeal. An applicant may appeal an Initial Determination of Threat Assessment if the applicant is asserting that he or she meets the standards for the security threat assessment for which he or she is applying. (c) Appeal--(1) Initiating an appeal. An applicant initiates an appeal by submitting a written reply to TSA or written request for materials from TSA. If the applicant does not initiate an appeal within 60 days of receipt, the Initial Determination of Threat Assessment becomes final. TSA then serves a Final Determination of Threat Assessment on the applicant. (i) In the case of an HME, TSA also serves a Final Determination of Threat Assessment on the licensing State. (ii) In the case of a mariner applying for TWIC, TSA also serves a Final Determination of Threat Assessment on the Coast Guard. (2) Request for materials. Within 60 days of the date of service of the Initial Determination of Threat Assessment, the applicant may serve upon TSA a written request for copies of the materials upon which the Initial Determination was based. (3) TSA response. (i) Within 60 days of receiving the applicant's request for materials, TSA serves copies of the releasable materials upon the applicant on which the Initial Determination was based. TSA will not include any classified information or other protected information described in paragraph (f) of this section. (ii) Within 60 days of receiving the applicant's request for materials or written reply, TSA may request additional information or documents from the applicant that TSA believes are necessary to make a Final Determination. (4) Correction of records. If the Initial Determination of Threat Assessment was based on a record that the applicant believes is erroneous, the applicant may correct the record, as follows: (i) The applicant contacts the jurisdiction or entity responsible for the information and attempts to correct or complete information contained in his or her record. (ii) The applicant provides TSA with the revised record, or a certified true copy of the information from the appropriate entity, before TSA determines that the applicant meets the standards for the security threat assessment. (5) Reply. (i) The applicant may serve upon TSA a written reply to the Initial Determination of Threat Assessment within 60 days of service of the Initial Determination, or 60 days after the date of service of TSA's response to the applicant's request for materials under paragraph (b)(1) of this section, if the applicant served such request. The reply must include the rationale and information on which the applicant disputes TSA's Initial Determination. (ii) In an applicant's reply, TSA will consider only material that is relevant to whether the applicant meets the standards described in 49 CFR 1572.5(a). (6) Final determination. Within 60 days after TSA receives the applicant's reply, TSA serves a Final Determination of Threat Assessment or a Withdrawal of the Initial Determination as provided in paragraphs (c) or (d) of this section. (d) Final Determination of Threat Assessment. (1) If the Director concludes that the applicant does not meet the standards described in 49 CFR 1572.5(a)(1), (a)(2), or (a)(4) following an appeal, TSA serves a Final Determination of Threat Assessment upon the applicant. In addition-- (i) In the case of an HME, TSA serves a Final Determination of Threat Assessment on the licensing State. (ii) In the case of a mariner applying for TWIC, TSA serves a Final Determination of Threat Assessment on the Coast Guard. (iii) In the case of a TWIC, TSA serves a Final Determination of Threat Assessment on the Federal Maritime Security Coordinator (FMSC). (2) If the Assistant Secretary concludes that the applicant does not meet the security threat assessment standards described in 49 CFR 1572.5(a)(3) following an appeal, TSA serves a Final Determination of Threat Assessment upon the applicant. In addition-- (i) In the case of an HME, TSA serves a Final Determination of Threat Assessment on the licensing State. (ii) In the case of a mariner applying for TWIC, TSA serves a Final Determination of Threat Assessment on the Coast Guard. (iii) In the case of a TWIC, TSA serves a Final Determination of Threat Assessment on the FMSC. (3) The Final Determination includes a statement that the Director or Assistant Secretary has reviewed the Initial Determination, the applicant's reply and any accompanying information, and any other materials or information available to him or her, and has determined that the applicant poses a security threat warranting denial of the security threat assessment for which the applicant has applied. (e) Withdrawal of Initial Determination. If the Director or Assistant Secretary concludes that the applicant does not pose a security threat, TSA serves a Withdrawal of the Initial Determination upon the applicant. (f) Nondisclosure of certain information. In connection with the procedures under this section, TSA does not disclose classified information to the applicant, as defined in Executive Order 12968 section 1.1(d), and reserves the right not to disclose any other information or material not warranting disclosure or protected from disclosure under law. (g) Extension of time. TSA may grant an applicant an extension of time of the limits described in this section for good cause shown. An applicant's request for an extension of time must be in writing and be received by TSA within a reasonable time before the due date to [[Page 29451]] be extended. TSA may grant itself an extension of time for good cause. (h) Judicial review. For purposes of judicial review, the Final Determination of Threat Assessment constitutes a final TSA order in accordance with 49 U.S.C. 46110. (i) Appeal of immediate revocation. If TSA directs an immediate revocation, the applicant may appeal this determination by following the appeal procedures described in paragraph (b) of this section. This applies to-- (1) If TSA directs a State to revoke an HME pursuant to 49 CFR 1572.13(a). (2) If TSA invalidates a TWIC by issuing an Initial Determination of Threat Assessment and Immediate Revocation pursuant to 49 CFR 1572.21(d)(3). Sec. 1515.7 Waiver procedures. (a) Scope. This section applies if an applicant does not meet certain standards for a security threat assessment but wishes to obtain a waiver of those standards, for-- (1) For a hazardous materials endorsement (HME) as described in 49 CFR part 1572. (2) For a Transportation Worker Identification Credential (TWIC) as described in 49 CFR part 1572. (b) Grounds for waiver. TSA may issue a waiver of certain standards and grant an HME or TWIC, if TSA determines that an applicant no longer poses a security threat based on a review of information described in paragraph (c) of this section. An applicant disqualified for the reasons described in paragraphs (b)(1) through (b)(3) of this section may apply for a waiver of the standards. (1) A disqualifying criminal offense described in 49 CFR 1572.103(a)(5) through (a)(9), and Sec. 1572.103(a)(10), if the underlying criminal offense is in Sec. Sec. 1572.103 (a)(5) through (a)(9); or (2) A disqualifying criminal offense described in 49 CFR 1572.103(b); or (3) Mental incapacity as described in 49 CFR 1572.109. (c) Initiating waiver. (1) An applicant initiates a waiver request by-- (i) Providing the information required in 49 CFR 1572.9 for an HME or 49 CFR 1572.17 for a TWIC; (ii) Paying the fees required in 49 CFR 1572.405 (a)(1) through (a)(3) for an HME or in 49 CFR 1572.503(a)(1)(i) through (a)(1)(iii) for a TWIC; and (iii) Sending a written request to TSA for a waiver at any time, but not later than 60 days after the date of service of the Final Determination of Threat Assessment. (2) In determining whether to grant a waiver, TSA will consider the following factors: (i) The circumstances of the disqualifying act or offense. (ii) Restitution made by the applicant. (iii) Any Federal or State mitigation remedies. (iv) Court records or official medical release documents indicating that the individual no longer lacks mental capacity. (v) Other factors that indicate the applicant does not pose a security threat warranting denial of the HME or TWIC. (d) Grant or denial of waivers. (1) The Director will send a written decision granting or denying the waiver to the applicant within 60 days of service the applicant's request for a waiver, or longer period as TSA may determine for good cause. (2) In the case of an HME, if the Director grants the waiver, the Director will send a Determination of No Security Threat to the licensing State within 60 days of service the applicant's request for a waiver, or longer period as TSA may determine for good cause. (3) In the case of a mariner applying for TWIC, if the Director grants the waiver, the Director will send a Determination of No Security Threat to the Coast Guard within 60 days of service the applicant's request for a waiver, or longer period as TSA may determine for good cause. (e) Extension of time. TSA may grant an applicant an extension of time of the limits described in paragraph (b) and (c) of this section for good cause shown. An applicant's request for an extension of time must be in writing and be received by TSA within a reasonable time before the due date to be extended. TSA may grant itself an extension of time for good cause. Subchapter D--Maritime and Land Transportation Security 64. Revise part 1570 to read as follows: PART 1570--GENERAL RULES Sec. 1570.1 Scope. 1570.3 Terms used in this subchapter. 1570.5 Fraud and intentional falsification of records. Authority: 46 U.S.C. 70105; 49 U.S.C. 114, 5103a, 40113, and 46105; 18 U.S.C. 842, 845; 6 U.S.C. 469. Sec. 1570.1 Scope. This part applies to any person involved in land or maritime transportation as specified in this part. Sec. 1570.3 Terms used in this subchapter. For purposes of this subchapter: Adjudicate means to make an administrative determination of whether an applicant meets the standards in this subchapter, based on the merits of the issues raised. Alien means any person not a citizen or national of the United States. Alien registration number means the number issued by the U.S. Department of Homeland Security to an individual when he or she becomes a lawful permanent resident of the United States or attains other lawful, non-citizen status. Applicant means a person who has applied for one of the security threat assessments identified in this subchapter. Assistant Secretary means Assistant Secretary for Homeland Security, Transportation Security Administration (Assistant Secretary), the highest ranking TSA official, or his or her designee, and who is responsible for making the final determination on the appeal of an intelligence-related check under this part. Commercial drivers license (CDL) is used as defined in 49 CFR 383.5. Convicted means any plea of guilty or nolo contendere, or any finding of guilt, except when the finding of guilt is subsequently overturned on appeal, pardoned, or expunged. For purposes of this subchapter, a conviction is expunged when the conviction is removed from the individual's criminal history record and there are no legal disabilities or restrictions associated with the expunged conviction, other than the fact that the conviction may be used for sentencing purposes for subsequent convictions. In addition, where an individual is allowed to withdraw an original plea of guilty or nolo contendere and enter a plea of not guilty and the case is subsequently dismissed, the individual is no longer considered to have a conviction for purposes of this subchapter. Determination of No Security Threat means an administrative determination by TSA that an individual does not pose a security threat warranting denial of an HME or a TWIC. Director means the officer designated by the Assistant Secretary to administer the appeal and waiver programs described in this part, except where the Assistant Secretary is specifically designated in this part to administer the appeal or waiver program. The Director may appoint a designee to assume his or her duties. Federal Maritime Security Coordinator (FMSC) has the same meaning as defined in 46 U.S.C. 70103(a)(2)(G); is the Captain of the Port (COTP) exercising authority for the COTP zones described in 33 CFR part 3, and is the Port Facility Security Officer [[Page 29452]] as described in the International Ship and Port Facility Security (ISPS) Code, part A. Final Determination of Threat Assessment means a final administrative determination by TSA, including the resolution of related appeals, that an individual poses a security threat warranting denial of an HME or a TWIC. Hazardous materials endorsement (HME) means the authorization for an individual to transport hazardous materials in commerce, an indication of which must be on the individual's commercial driver's license, as provided in the Federal Motor Carrier Safety Administration (FMCSA) regulations in 49 CFR part 383. Imprisoned or imprisonment means confined to a prison, jail, or institution for the criminally insane, on a full-time basis, pursuant to a sentence imposed as the result of a criminal conviction or finding of not guilty by reason of insanity. Time spent confined or restricted to a half-way house, treatment facility, or similar institution, pursuant to a sentence imposed as the result of a criminal conviction or finding of not guilty by reason of insanity, does not constitute imprisonment for purposes of this rule. Incarceration means confined or otherwise restricted to a jail-type institution, half-way house, treatment facility, or another institution, on a full or part-time basis, pursuant to a sentence imposed as the result of a criminal conviction or finding of not guilty by reason of insanity. Initial Determination of Threat Assessment means an initial administrative determination by TSA that an individual poses a security threat warranting denial of an HME or a TWIC. Initial Determination of Threat Assessment and Immediate Revocation means an initial administrative determination that an individual poses a security threat that warrants immediate revocation of an HME or invalidation of a TWIC. In the case of an HME, the State must immediately revoke the HME if TSA issues an Initial Determination of Threat Assessment and Immediate Revocation. In the case of a TWIC, TSA invalidates the TWIC when TSA issues an Initial Determination of Threat Assessment and Immediate Revocation. Invalidate means the action TSA takes to make a credential inoperative when it is reported as lost, stolen, damaged, no longer needed, or when TSA determines an applicant does not meet the security threat assessment standards of 49 CFR part 1572. Lawful permanent resident means an individual, lawfully admitted to the United States for permanent residence, as defined in 8 U.S.C. 1101. Maritime facility has the same meaning as ``facility'' together with ``OCS facility'' (Outer Continental Shelf facility), as defined in 33 CFR 101.105. Mental health facility means a mental institution, mental hospital, sanitarium, psychiatric facility, and any other facility that provides diagnoses by licensed professionals of mental retardation or mental illness, including a psychiatric ward in a general hospital. Owner/operator with respect to a maritime facility or a vessel has the same meaning as defined in 33 CFR 101.105. Revocation means the termination, deactivation, rescission, invalidation, cancellation, or withdrawal of the privileges and duties conferred by an HME or TWIC, when TSA determines an applicant does not meet the security threat assessment standards of 49 CFR part 1572. Secure area means the area on board a vessel or at a facility or outer continental shelf facility, over which the owner/operator has implemented security measures for access control, as defined by a Coast Guard approved security plan. It does not include passenger access areas or public access areas, as those terms are defined in 33 CFR 104.106 and 105.106 respectively. Security threat means an individual whom TSA determines or suspects of posing a threat to national security; to transportation security; or of terrorism. Sensitive security information (SSI) means information that is described in, and must be managed in accordance with, 49 CFR part 1520. State means a State of the United States and the District of Columbia. Transportation Worker Identification Credential (TWIC) means a Federal biometric credential, issued to an individual, when TSA determines that the individual does not pose security threat. Withdrawal of Initial Determination of Threat Assessment is the document that TSA issues after issuing an Initial Determination of Security Threat, when TSA determines that an individual does not pose a security threat, warranting denial of an HME or TWIC. Sec. 1570.5 Fraud and intentional falsification of records. No person may make, or cause to be made, any of the following: (a) Any fraudulent or intentionally false statement in any record or report that is kept, made, or used to show compliance with the subchapter, or exercise any privileges under this subchapter. (b) Any reproduction or alteration, for fraudulent purpose, of any record, report, security program, access medium, or identification medium issued under this subchapter or pursuant to standards in this subchapter. 65. Revise part 1572 to read as follows: PART 1572--CREDENTIALING AND SECURITY THREAT ASSESSMENTS Subpart A--Procedures and General Standards Sec. 1572.1 Applicability. 1572.3 Scope. 1572.5 Standards for security threat assessments. 1572.7 Waiver of security threat assessment standards. 1572.9 Applicant information required for HME security threat assessment. 1572.11 Applicant responsibilities for HME security threat assessment. 1572.13 State responsibilities for issuance of hazardous materials endorsement. 1572.15 Procedures for HME security threat assessment. 1572.17 Applicant information required for TWIC security threat assessment. 1572.19 Applicant responsibilities for a TWIC security threat assessment. 1572.21 Procedures for TWIC security threat assessment. 1572.23 Conforming equipment; Incorporation by reference. 1572.24-1572.40 [Reserved] 1572.41 Compliance, inspection, and enforcement. Subpart B--Qualification Standards for Security Threat Assessments 1572.101 Scope. 1572.103 Disqualifying criminal offenses. 1572.105 Immigration status. 1572.107 Other analyses. 1572.109 Mental incapacity. 1572.111-1572.139 [Reserved] Subpart C--Transportation of Explosives From Canada to the United States 1572.201 Via commercial motor vehicle. 1572.203 Via railroad carrier. Subpart D--[Reserved] Subpart E--Fees for Security Threat Assessments for Hazmat Drivers 1572.400 Scope and definitions. 1572.401 Fee collection options. 1572.403 Procedures for collection by States. 1572.405 Procedures for collection by TSA. Subpart F--Fees for Security Threat Assessments for Transportation Worker Identification Credential (TWIC) 1572.500 Scope. 1572.501 Fee collection. 1572.503 Fee procedures for collection by TSA or its agent. [[Page 29453]] Authority: 46 U.S.C. 70105; 49 U.S.C. 114, 5103a, 40113, and 46105; 18 U.S.C. 842, 845; 6 U.S.C. 469. Subpart A--Procedures and General Standards Sec. 1572.1 Applicability. This part establishes regulations for credentialing and security threat assessments for certain maritime and land transportation workers. Sec. 1572.3 Scope. This part applies to-- (a) State agencies responsible for issuing a hazardous materials endorsement (HME); and (b) An applicant who-- (1) Is qualified to hold a commercial driver's license under 49 CFR parts 383 and 384, and is applying to obtain, renew, or transfer an HME; or (2) Is applying to obtain or renew a TWIC in accordance with 33 CFR parts 104 through 106 or 46 CFR part 10; Sec. 1572.5 Standards for security threat assessments. (a) Standards. TSA determines that an applicant poses a security threat warranting denial of an HME or TWIC, if-- (1) The applicant has a disqualifying criminal offense described in Sec. 1572.103; (2) The applicant does not meet the immigration status requirements described in Sec. 1572.105; (3) TSA conducts the analyses described in Sec. 1572.107 and determines that the applicant poses a security threat; or (4) The applicant has been adjudicated as lacking mental capacity or committed to a mental health facility, as described in Sec. 1572.109. (b) Immediate revocation/invalidation. TSA may invalidate a TWIC or direct a State to revoke an HME immediately, if TSA determines during the security threat assessment that an applicant poses an immediate threat to transportation security, national security, or of terrorism. (c) Violation of FMCSA standards. The regulations of the Federal Motor Carrier Safety Administration (FMCSA) provide that an applicant is disqualified from operating a commercial motor vehicle for specified periods, if he or she has an offense that is listed in the FMCSA rules at 49 CFR 383.51. If records indicate that an applicant has committed an offense that would disqualify the applicant from operating a commercial motor vehicle under 49 CFR 383.51, TSA will not issue a Determination of No Security Threat until the State or the FMCSA determine that the applicant is not disqualified under that section. (d) Comparability of other security threat assessment standards. TSA may determine that security threat assessments conducted by other governmental agencies are comparable to the threat assessment described in this part, which TSA conducts for HME and TWIC applicants. (1) In making a comparability determination, TSA will consider-- (i) The minimum standards used for the security threat assessment; (ii) The frequency of the threat assessment; (iii) The date of the most recent threat assessment; and (iv) Whether the threat assessment includes biometric identification and a biometric credential. (2) To apply for a comparability determination, the agency seeking the determination must contact the Assistant Program Manager, Attn: Federal Agency Comparability Check, Hazmat Threat Assessment Program, Transportation Security Administration, 601 South 12th Street, Arlington, VA 22202-4220. (3) TSA will notify the public when a comparability determination is made. (4) An applicant, who has completed a security threat assessment that is determined to be comparable under this section to the threat assessment described in this part, must complete the enrollment process and provide biometric information to obtain a TWIC, if the applicant seeks unescorted access to a secure area of a vessel or facility. The applicant must pay the fee listed in Sec. 1572.503 for information collection/credential issuance. (5) TSA has determined that the security threat assessment for an HME under this part is comparable to the security threat assessment for TWIC. (6) TSA has determined that the security threat assessment for a FAST card, under the Free and Secure Trade program administered by the U.S. Customs and Border Protection, is comparable to the security threat assessment described in this part. Sec. 1572.7 Waiver of security threat assessment standards. (a) An applicant may apply to TSA for a waiver of the standards described in Sec. 1572.5, if the applicant-- (1) Has a disqualifying criminal offense described in Sec. 1572.103(a)(5) through (a)(9), and Sec. 1572.103 (a)(10), if the underlying criminal offense is in Sec. 1572.103 (a)(5) through (a)(9); or (2) Has a disqualifying criminal offense described in Sec. 1572.103(b); or (3) Has a history of mental incapacity described in Sec. 1572.109. (b) HME and TWIC applicants must follow the procedures described in 49 CFR 1515.7 when applying for a waiver. Sec. 1572.9 Applicant information required for HME security threat assessment. An applicant must supply the information required in this section, in a form acceptable to TSA, when applying to obtain or renew an HME. When applying to transfer an HME from one State to another, Sec. 1572.13(e) applies. (a) The applicant must provide the following identifying information: (1) Legal name, including first, middle, and last; any applicable suffix; and any other name used previously. (2) Current and previous mailing address, current residential address if it differs from the current mailing address, and email address. (3) Date of birth. (4) Social security number. Providing the social security number is voluntary; however, failure to provide it will delay and may prevent completion of the threat assessment. (5) Gender. (6) Height, weight, hair color, and eye color. (7) City, state, and country of birth. (8) Immigration status and, if the applicant is a naturalized citizen of the United States, the date of naturalization. (9) Alien registration number, if applicable. (10) The State of application, CDL number, and type of HME(s) held. (11) Name, telephone number, facsimile number, and address of the applicant's current employer(s), if the applicant's work for the employer(s) requires an HME. (b) The applicant must provide a statement, signature, and date of signature that he or she-- (1) Was not convicted, or found not guilty by reason of insanity, of a disqualifying crime listed in Sec. 1572.103(b), in a civilian or military jurisdiction, during the seven years before the date of the application; (2) Was not released from incarceration, in a civilian or military jurisdiction, for committing a disqualifying crime listed in Sec. 1572.103(b), during the five years before the date of the application; (3) Is not wanted, or under indictment, in a civilian or military jurisdiction, for a disqualifying criminal offense identified in Sec. 1572.103; (4) Was not convicted, or found not guilty by reason of insanity, of a disqualifying criminal offense identified in Sec. 1572.103(a), in a civilian or military jurisdiction; [[Page 29454]] (5) Has not been adjudicated as lacking mental capacity or committed to a mental health facility involuntarily; (6) Meets the immigration status requirements described in Sec. 1572.105; (7) Has or has not served in the military, and if so, the branch in which he or she served, the date of discharge, and the type of discharge; and (8) Has been informed that Federal regulations, under Sec. 1572.11, impose a continuing obligation on the HME holder to disclose to the State if he or she is convicted, or found not guilty by reason of insanity, of a disqualifying crime, adjudicated as lacking mental capacity, or committed to a mental health facility. (c) The applicant must certify and date receipt the following statement: Privacy Act Notice: Authority: The authority for collecting this information is 49 U.S.C. 114, 40113, and 5103a. Purpose: This information is needed to verify your identity and to conduct a security threat assessment to evaluate your suitability for a hazardous materials endorsement for a commercial driver's license. Furnishing this information, including your SSN or alien registration number, is voluntary; however, failure to provide it will delay and may prevent completion of your security threat assessment. Routine Uses: Routine uses of this information include disclosure to the FBI to retrieve your criminal history record; to TSA contractors or other agents who are providing services relating to the security threat assessments; to appropriate governmental agencies for licensing, law enforcement, or security purposes, or in the interests of national security; and to foreign and international governmental authorities in accordance with law and international agreement. (d) The applicant must certify and date receipt the following statement, immediately before the signature line: The information I have provided on this application is true, complete, and correct, to the best of my knowledge and belief, and is provided in good faith. I understand that a knowing and willful false statement, or an omission of a material fact on this application can be punished by fine or imprisonment or both (See section 1001 of Title 18 United States Code), and may be grounds for denial of a hazardous materials endorsement. (e) The applicant must certify the following statement in writing: I acknowledge that if the Transportation Security Administration determines that I pose a security threat, my employer, as listed on this application, may be notified. Sec. 1572.11 Applicant responsibilities for HME security threat assessment. (a) Surrender of HME. If an individual is disqualified from holding an HME under Sec. 1572.5(c), he or she must surrender the HME to the licensing State. Failure to surrender the HME to the State may result in immediate revocation under Sec. 1572.13(a) and/or civil penalties. (b) Continuing responsibilities. An individual who holds an HME must surrender the HME as required in paragraph (a) of this section within 24 hours, if the individual-- (1) Is convicted of, wanted, under indictment or complaint, or found not guilty by reason of insanity, in a civilian or military jurisdiction, for a disqualifying criminal offense identified in Sec. 1572.103; or (2) Is adjudicated as lacking mental capacity, or committed to a mental health facility, as described in Sec. 1572.109; or (3) Renounces or loses U.S. citizenship or status as a lawful permanent resident; or (4) Violates his or her immigration status, and/or is ordered removed from the United States. (c) Submission of fingerprints and information. (1) An HME applicant must submit fingerprints and the information required in Sec. 1572.9, in a form acceptable to TSA, when so notified by the State, or when the applicant applies to obtain or renew an HME. The procedures outlined in Sec. 1572.13(e) apply to HME transfers. (2) When submitting fingerprints and the information required in Sec. 1572.9, the fee described in Sec. 1572.503 must be remitted to TSA. Sec. 1572.13 State responsibilities for issuance of hazardous materials endorsement. Each State must revoke an individual's HME immediately, if TSA informs the State that the individual does not meet the standards for security threat assessment in Sec. 1572.5 and issues an Initial Determination of Threat Assessment and Immediate Revocation. (a) No State may issue or renew an HME for a CDL, unless the State receives a Determination of No Security Threat from TSA. (b) Each State must notify each individual holding an HME issued by that State that he or she will be subject to the security threat assessment described in this part as part of an application for renewal of the HME, at least 60 days prior to the expiration date of the individual's HME. The notice must inform the individual that he or she may initiate the security threat assessment required by this section at any time after receiving the notice, but no later than 60 days before the expiration date of the individual's HME. (c) The State that issued an HME may extend the expiration date of the HME for 90 days, if TSA has not provided a Determination of No Security Threat or a Final Determination of Threat Assessment before the expiration date. Any additional extension must be approved in advance by TSA. (d) Within 15 days of receipt of a Determination of No Security Threat or Final Determination of Threat Assessment from TSA, the State must-- (1) Update the applicant's permanent record to reflect: (i) The results of the security threat assessment; (ii) The issuance or denial of an HME; and (iii) The new expiration date of the HME. (2) Notify the Commercial Drivers License Information System operator of the results of the security threat assessment. (3) Revoke or deny the applicant's HME if TSA serves the State with a Final Determination of Threat Assessment. (e) For applicants who apply to transfer an existing HME from one State to another, the second State will not require the applicant to undergo a new security threat assessment until the security threat assessment renewal period established in the preceding issuing State, not to exceed five years, expires. (f) Each State must retain the application and information required in Sec. 1572.9, for at least one year, in paper or electronic form. Sec. 1572.15 Procedures for HME security threat assessment. (a) Contents of security threat assessment. The security threat assessment TSA completes includes a fingerprint-based criminal history records check, an intelligence-related background check, and a final disposition. (b) Fingerprint-based check. In order to conduct a fingerprint- based criminal history records check, the following procedures must be completed: (1) The State notifies the applicant that he or she will be subject to the security threat assessment at least 60 days prior to the expiration of the applicant's HME, and that the applicant must begin the security threat assessment no later than 30 days before the date of the expiration of the HME. (2) Where the State elects to collect fingerprints and applicant information, the State-- (i) Collects fingerprints and applicant information required in Sec. 1572.9; (ii) Provides the applicant information to TSA electronically, unless otherwise authorized by TSA; [[Page 29455]] (iii) Transmits the fingerprints to the FBI/Criminal Justice Information Services (CJIS), in accordance with the FBI/CJIS fingerprint submission standards; and (iv) Retains the signed application, in paper or electronic form, for one year and provides it to TSA, if requested. (3) Where the State elects to have a TSA agent collect fingerprints and applicant information-- (i) TSA provides a copy of the signed application to the State; (ii) The State retains the signed application, in paper or electronic form, for one year and provides it to TSA, if requested; and (iii) TSA transmits the fingerprints to the FBI/CJIS, in accordance with the FBI/CJIS fingerprint submission standards. (4) TSA receives the results from the FBI/CJIS and adjudicates the results of the check, in accordance with Sec. 1572.103 and, if applicable, Sec. 1572.107. (c) Intelligence-related check. To conduct an intelligence-related check, TSA completes the following procedures: (1) Reviews the applicant information required in Sec. 1572.9. (2) Searches domestic and international Government databases described in Sec. Sec. 1572.105, 1572.107, and 1572.109. (3) Adjudicates the results of the check in accordance with Sec. Sec. 1572.103, 1572.105, 1572.107, and 1572.109. (d) Final disposition. Following completion of the procedures described in paragraphs (b) and/or (c) of this section, the following procedures apply, as appropriate: (1) TSA serves a Determination of No Security Threat on the State in which the applicant is authorized to hold an HME, if TSA determines that an applicant meets the security threat assessment standards described in Sec. 1572.5. (2) TSA serves an Initial Determination of Threat Assessment on the applicant, if TSA determines that the applicant does not meet the security threat assessment standards described in Sec. 1572.5. The Initial Determination of Threat Assessment includes-- (i) A statement that TSA has determined that the applicant poses a security threat warranting denial of the HME; (ii) The basis for the determination; (iii) Information about how the applicant may appeal the determination, as described in 49 CFR 1515.5; and (iv) A statement that if the applicant chooses not to appeal TSA's determination within 60 days of receipt of the Initial Determination, or does not request an extension of time within 60 days of receipt of the Initial Determination in order to file an appeal, the Initial Determination becomes a Final Determination of Security Threat Assessment. (3) TSA serves an Initial Determination of Threat Assessment and Immediate Revocation on the applicant, the applicant's employer where appropriate, and the State, if TSA determines that the applicant does not meet the security threat assessment standards described in Sec. 1572.5 and may pose an imminent threat to transportation or national security, or of terrorism. The Initial Determination of Threat Assessment and Immediate Revocation includes-- (i) A statement that TSA has determined that the applicant poses a security threat warranting immediate revocation of an HME; (ii) The basis for the determination; (iii) Information about how the applicant may appeal the determination, as described in 49 CFR 1515.5(h); and (iv) A statement that if the applicant chooses not to appeal TSA's determination within 60 days of receipt of the Initial Determination and Immediate Revocation, the Initial Determination and Immediate Revocation becomes a Final Determination of Threat Assessment. (4) TSA serves a Final Determination of Threat Assessment on the State in which the applicant applied for the HME, the applicant's employer where appropriate, and on the applicant, if the appeal of the Initial Determination results in a finding that the applicant poses a security threat. (5) TSA serves a Withdrawal of the Initial Determination of Threat Assessment or a Withdrawal of Final Determination of Threat Assessment on the applicant, and a Determination of No Security Threat on the State and the employer if appropriate, if the appeal results in a finding that the applicant does not pose a security threat, or if TSA grants the applicant a waiver pursuant to 49 CFR 1515.7. Sec. 1572.17 Applicant information required for TWIC security threat assessment. An applicant must supply the information required in this section, in a form acceptable to TSA, when applying to obtain or renew a TWIC. (a) The applicant must provide the following identifying information: (1) Legal name, including first, middle, and last; any applicable suffix; and any other name used previously. (2) Current and previous mailing address, current residential address if it differs from the current mailing address, and email address if available. (3) Date of birth. (4) Social security number. Providing the social security number is voluntary; however, failure to provide it will delay and may prevent completion of the threat assessment. (5) Gender. (6) Height, weight, hair color, and eye color. (7) City, state, and country of birth. (8) Immigration status and, if the applicant is a naturalized citizen of the United States, the date of naturalization. (9) Alien registration number, if applicable. (10) The reason that the applicant requires a TWIC, including the applicant's job description and the primary facility, vessel, or port location(s) where the applicant will most likely require unescorted access, if known. This statement does not limit access to other facilities, vessels, or ports, but establishes eligibility for a TWIC. (11) The name, telephone number, and address of the applicant's current employer(s), if working for the employer requires a TWIC. An applicant whose current employer does not require possession of a TWIC, does not have a single employer, or is self-employed, must provide the primary vessel or port location(s) where the applicant requires unescorted access, if known. This statement does not limit access to other facilities, vessels, or ports, but establishes eligibility for a TWIC. (b) The applicant must provide a statement, signature, and date of signature that he or she-- (1) Was not convicted, or found not guilty by reason of insanity, of a disqualifying crime listed in Sec. 1572.103(b), in a civilian or military jurisdiction, during the seven years before the date of the application; (2) Was not released from incarceration, in a civilian or military jurisdiction, for committing a disqualifying crime listed in Sec. 1572.103(b), during the five years before the date of the application; (3) Is not wanted, or under indictment, in a civilian or military jurisdiction, for a disqualifying criminal offense identified in Sec. 1572.103; (4) Was not convicted, or found not guilty by reason of insanity, of a disqualifying criminal offense identified in Sec. 1572.103(a), in a civilian or military jurisdiction; (5) Has not been adjudicated as lacking mental capacity, or committed to a mental health facility involuntarily; (6) Meets the immigration status requirements described in Sec. 1572.105; [[Page 29456]] (7) Has, or has not, served in the military, and if so, the branch in which he or she served, the date of discharge, and the type of discharge; and (8) Has been informed that Federal regulations under Sec. 1572.19 impose a continuing obligation on the TWIC holder to disclose to TSA if he or she is convicted, or found not guilty by reason of insanity, of a disqualifying crime, adjudicated as lacking mental capacity, or committed to a mental health facility. (c) Applicants, applying to obtain or renew a TWIC, must submit biometric information to be used for identity verification purposes. If an individual cannot provide the selected biometric, TSA will collect an alternative biometric identifier. (d) The applicant must certify and date receipt the following statement: Privacy Act Notice: Authority: The authority for collecting this information is 49 U.S.C. 114, 40113, and 5103a. Purpose: This information is needed to verify your identity and to conduct a security threat assessment to evaluate your suitability for a Transportation Worker Identification Credential. Furnishing this information, including your SSN or alien registration number, is voluntary; however, failure to provide it will delay and may prevent completion of your security threat assessment. Routine Uses: Routine uses of this information include disclosure to the FBI to retrieve your criminal history record; to TSA contractors or other agents who are providing services relating to the security threat assessments; to appropriate governmental agencies for licensing, law enforcement, or security purposes, or in the interests of national security; and to foreign and international governmental authorities in accordance with law and international agreement. (e) The applicant must certify the following statement in writing: As part of my employment duties, I am required to have unescorted access to secure areas of maritime facilities or vessels in which a Transportation Worker Identification Credential is required; or I am now, or I am applying to be, a credentialed merchant mariner. (f) The applicant must certify and date receipt the following statement, immediately before the signature line: The information I have provided on this application is true, complete, and correct, to the best of my knowledge and belief, and is provided in good faith. I understand that a knowing and willful false statement, or an omission of a material fact on this application, can be punished by fine or imprisonment or both (see section 1001 of Title 18 United States Code), and may be grounds for denial of a Transportation Worker Identification Credential. (g) The applicant must certify the following statement in writing: I acknowledge that if the Transportation Security Administration determines that I pose a security threat, my employer, as listed on this application, may be notified. Sec. 1572.19 Applicant responsibilities for a TWIC security threat assessment. (a) Implementation schedule. Except as provided in paragraph (b) of this section, applicants must provide the information required in Sec. 1572.17, when so directed by the owner/operator and consistent with table 1 to this paragraph. The Group Numbers are listed in table 1. Table 1 to Paragraph (a)--Implementation Schedule ------------------------------------------------------------------------ Start date End date ------------------------------------------------------------------------ Group 1 Effective Date Not later than 10 months after effective of rule. date of rule, unless otherwise authorized by TSA. Group 2 After Group 1.. Not later than 15 months after effective date of rule, unless otherwise authorized by TSA. Group 3 After Group 2.. Not later than 18 months after effective date of rule, unless otherwise authorized by TSA. ------------------------------------------------------------------------ (b) Implementation schedule for certain mariners. An applicant, who holds a Merchant Mariner Document (MMD) issued after February 3, 2003, and before [the effective date of this rule], or a Merchant Marine License (License) issued after January 13, 2006, and before [the effective date of this rule], must submit the information required in this section, but is not required to undergo the security threat assessment described in this part. (c) Surrender of TWIC. If an individual is disqualified from holding a TWIC under Sec. 1572.5, he or she must surrender the TWIC to TSA. Failure to surrender the TWIC to TSA may result in immediate revocation under Sec. 1572.5(b) and/or civil penalties. (d) Continuing responsibilities. An individual who holds a TWIC must surrender the TWIC, as required in paragraph (a) of this section, within 24 hours if the individual-- (1) Is convicted of, wanted, under indictment or complaint, or found not guilty by reason of insanity, in a civilian or military jurisdiction, for a disqualifying criminal offense identified in Sec. 1572.103; or (2) Is adjudicated as lacking mental capacity or committed to a mental health facility, as described in Sec. 1572.109; or (3) Renounces or loses U.S. citizenship or status as a lawful permanent resident; or (4) Violates his or her immigration status and/or is ordered removed from the United States. (e) Submission of fingerprints and information. (1) TWIC applicants must submit fingerprints and the information required in Sec. 1572.17, in a form acceptable to TSA, to obtain or renew a TWIC. (2) When submitting fingerprints and the information required in Sec. 1572.17, the fee required in Sec. 1572.503 must be remitted to TSA. (f) Lost or stolen credentials. If a TWIC holder loses possession of the credential, he or she must notify TSA immediately. Sec. 1572.21 Procedures for TWIC security threat assessment. (a) Contents of security threat assessment. The security threat assessment TSA conducts includes a fingerprint-based criminal history records check, an intelligence-related check, and a final disposition. (b) Fingerprint-based check. The following procedures must be completed to conduct a fingerprint-based criminal history records check: (1) Consistent with the implementation schedule described in Sec. 1572.19(a) and (b), and as required in 33 CFR 104.200, 105.200, or 106.200, applicants are notified (2) During enrollment, TSA-- (i) Collects fingerprints, applicant information, and the fee required in Sec. 1572.17; (ii) Transmits the fingerprints to the FBI/CJIS in accordance with the FBI/CJIS fingerprint submission standards. (iii) Receives and adjudicates the results of the check from FBI/ CJIS, in accordance with Sec. 1572.103 and, if applicable, Sec. 1572.107. (c) Intelligence-related check. To conduct an intelligence-related check, TSA completes the following procedures: (1) Reviews the applicant information required in Sec. 1572.17; (2) Searches domestic and international Government databases required to determine if the applicant [[Page 29457]] meets the requirements of Sec. Sec. 1572.105, 1572.107, and 1572.109; (3) Adjudicates the results of the check in accordance with Sec. Sec. 1572.103, 1572.105, 1572.107, and 1572.109. (d) Final disposition. Following completion of the procedures described in paragraphs (b) and/or (c) of this section, the following procedures apply, as appropriate: (1) TSA serves a Determination of No Security Threat on the applicant if TSA determines that the applicant meets the security threat assessment standards described in Sec. 1572.5. In the case of a mariner, TSA also serves a Determination of No Security Threat on the Coast Guard. (2) TSA serves an Initial Determination of Threat Assessment on the applicant if TSA determines that the applicant does not meet the security threat assessment standards described in Sec. 1572.5. The Initial Determination of Threat Assessment includes-- (i) A statement that TSA has determined that the applicant poses a security threat warranting denial of the TWIC; (ii) The basis for the determination; (iii) Information about how the applicant may appeal the determination, as described in 49 CFR 1515.5; and (iv) A statement that if the applicant chooses not to appeal TSA's determination within 60 days of receipt of the Initial Determination, or does not request an extension of time within 60 days of receipt of the Initial Determination in order to file an appeal, the Initial Determination becomes a Final Determination of Security Threat Assessment. (3) TSA serves an Initial Determination of Threat Assessment and Immediate Revocation on the applicant, the applicant's employer where appropriate, the FMSC, and in the case of a mariner applying for a TWIC, on the Coast Guard, if TSA determines that the applicant does not meet the security threat assessment standards described in Sec. 1572.5 and may pose an imminent security threat. The Initial Determination of Threat Assessment and Immediate Revocation includes-- (i) A statement that TSA has determined that the applicant poses a security threat warranting immediate revocation of a TWIC and unescorted access to secure areas; (ii) The basis for the determination; (iii) Information about how the applicant may appeal the determination, as described in 49 CFR 1515.5(h); and (iv) A statement that if the applicant chooses not to appeal TSA's determination within 60 days of receipt of the Initial Determination and Immediate Revocation, the Initial Determination and Immediate Revocation becomes a Final Determination of Threat Assessment. (4) TSA serves a Final Determination of Threat Assessment on the applicant, the applicant's employer where appropriate, the FMSC, and in the case of a mariner applying for a TWIC, on the Coast Guard, if the appeal of the Initial Determination results in a finding that the applicant poses a security threat. (5) TSA serves a Withdrawal of the Initial Determination of Threat Assessment on the applicant. TSA serves a Withdrawal of Final Determination of Threat Assessment or a Determination of No Security Threat on the applicant, the applicant's employer where appropriate, and in the case of a mariner applying for a TWIC, the Coast Guard, if the appeal results in a finding that the applicant does not pose a security threat, or if TSA grants the applicant a waiver pursuant to 49 CFR 1515.7. (e) Expiration date for a TWIC. A TWIC expires five years after it was issued, at the end of the month in which it was issued. Sec. 1572.23 Conforming equipment; Incorporation by reference. Each owner/operator required to have access control systems and equipment, including card readers, in conjunction with TWIC, must meet TSA-approved standards. The standards are set forth in FIPS-201-1 Personal Identity Verification (PIV) of Federal Employees and Contractors, March, 2006, by the National Institute of Standards and Technology, U.S. Department of Commerce; Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems, Version 2.3, 2006, by the Physical Access Interagency Interoperability Working Group, approved by the Government Smart Card Interagency Advisory Board; and the TWIC Smart Card Reader Specification, Version 0.6, August 25, 2005. TSA plans to incorporate these standards by reference in the final rule. The Director of the Federal Register approves this incorporation by reference in accordance with 5 U.S.C. 552(a) and 1 CFR part 51. You may obtain copies from the Credentialing Program Office (Attn: TWIC Program), TSA-19, Transportation Security Administration, 601 South 12th Street, Arlington, VA 22202-4220; e-mail: credentialing@dhs.gov. You may inspect or make copies at: TSA's Docket No. TSA-2006-24191, at http://dms.dot.gov, or by visiting the Docket Management Facility, U.S. Department of Transportation, Room Plaza 401, 400 Seventh Street SW., Washington, DC 20590-0001; accessing the ``Industry Standards of TWIC'' portion of the Industry Partners/TSA Pilots & Programs section of TSA's Web site at http://www.tsa.gov/public/ ; or at the National Archives and Records Administration (NARA). For information on the availability of this material at NARA, call 202- 741-6030, or go to http://www.archives.gov/federal_register/code_of_federal_regulations/ibr_locations.html . Sec. 1572.24-1572.40 [Reserved] Sec. 1572.41 Compliance, inspection, and enforcement. (a) Each owner/operator must allow TSA, at any time or place, to make any inspections or tests, including copying records, to determine compliance of an owner/operator with-- (1) This subchapter and part 1520 of this chapter; and (2) 46 U.S.C. 70105 and 49 U.S.C. 114. (b) At the request of TSA, each owner/operator must provide evidence of compliance with this part, including copies of records. Subpart B--Qualification Standards for Security Threat Assessments Sec. 1572.101 Scope. This subpart applies to applicants who hold or are applying to obtain, renew, or transfer an HME or TWIC. Applicants for an HME are subject to safety requirements issued by the Federal Motor Carrier Safety Administration under 49 CFR part 383 and by the State issuing the HME, including additional immigration status and criminal history standards. Sec. 1572.103 Disqualifying criminal offenses. (a) Permanent disqualifying criminal offenses. An applicant has a permanent disqualifying offense, if convicted, or found not guilty by reason of insanity, in a civilian or military jurisdiction of any of the following felonies: (1) Espionage or conspiracy to commit espionage. (2) Sedition, or conspiracy to commit sedition. (3) Treason, or conspiracy to commit treason. (4) A crime listed in 18 U.S.C. Chapter 113B--Terrorism, or a State law that is comparable, or conspiracy to commit such crime. (5) A crime involving a transportation security incident. A transportation security incident is a security incident resulting in a significant loss of life, environmental damage, transportation [[Page 29458]] system disruption, or economic disruption in a particular area, as defined in 46 U.S.C. 70101. A work stoppage, or other nonviolent employee-related action, resulting from an employer-employee dispute is not a transportation security incident. (6) Improper transportation of a hazardous material under 49 U.S.C. 5124, or a State law that is comparable. (7) Unlawful possession, use, sale, distribution, manufacture, purchase, receipt, transfer, shipping, transporting, import, export, storage of, or dealing in an explosive or explosive device. An explosive or explosive device includes, but is not limited to, an explosive or explosive material as defined in 18 U.S.C. 232(5), 841(c) through 841(f), and 844(j); and a destructive device, as defined in 18 U.S.C. 921(a)(4) and 26 U.S.C. 5845(f). (8) Murder. (9) Conspiracy or attempt to commit the crimes in paragraphs (a)(5) through (a)(8). (10) Violations of the Racketeer Influenced and Corrupt Organizations Act, 18 U.S.C. 1961, et seq., or a State law that is comparable, where one of the predicate acts found by a jury or admitted by the defendant, consists of one of the offenses listed in paragraphs (a)(4) or (a)(8) of this section. (b) Interim disqualifying criminal offenses. The felonies listed in paragraphs (b)(1) through (b)(14) of this section are disqualifying, if either the applicant was convicted, or found not guilty by reason of insanity, of the crime in a civilian or military jurisdiction, within the seven years preceding the date of application; or the applicant was released from incarceration for the crime, within the five years preceding the date of application. (1) Assault with intent to murder. (2) Kidnapping or hostage taking. (3) Rape or aggravated sexual abuse. (4) Unlawful possession, use, sale, manufacture, purchase, distribution, receipt, transfer, shipping, transporting, delivery, import, export of, or dealing in a firearm or other weapon. A firearm or other weapon includes, but is not limited to, firearms as defined in 18 U.S.C. 921(a)(3) or 26 U.S.C.5 845(a), or items contained on the U.S. Munitions Import List at 27 CFR 447.21. (5) Extortion. (6) Dishonesty, fraud, or misrepresentation, including identity fraud. (7) Bribery. (8) Smuggling. (9) Immigration violations. (10) Violations of the Racketeer Influenced and Corrupt Organizations Act, 18 U.S.C. 1961, et seq., or a State law that is comparable, other than the violations listed in paragraph (a)(10) of this section. (11) Robbery. (12) Distribution of, possession with intent to distribute, or importation of a controlled substance. (13) Arson. (14) Conspiracy or attempt to commit the crimes in this paragraph (b). (c) Under want or warrant. An applicant who is wanted, or under indictment in any civilian or military jurisdiction for a felony listed in this section, is disqualified until the want or warrant is released. (d) Determination of arrest status. (1) When a fingerprint-based check discloses an arrest for a disqualifying crime listed in this section without indicating a disposition, TSA will so notify the applicant and provide instructions on how the applicant must clear the disposition, in accordance with paragraph (d)(2) of this section. (2) The applicant must provide TSA with written proof that the arrest did not result in a disqualifying criminal offense, within 60 days after the service date of the notification in paragraph (d)(1) of this section. If TSA does not receive proof in that time, TSA will notify the applicant that he or she is disqualified. In the case of an HME, TSA will notify the State that the applicant is disqualified, and in the case of a mariner applying for TWIC, TSA will notify the Coast Guard that the applicant is disqualified. Sec. 1572.105 Immigration status. (a) An applicant applying for a security threat assessment for a TWIC or HME must be-- (1) A citizen of the United States who has not renounced or lost his or her U.S. citizenship; (2) A lawful permanent resident of the United States, as defined in Sec. 101(a)(20) of the Immigration and Nationality Act (8 U.S.C. 1101); or (3) An individual who is-- (i) In lawful nonimmigrant status, and possesses valid evidence of unrestricted employment authorization; (ii) A refugee admitted under 8 U.S.C. 1157, and possessing valid evidence of unrestricted employment authorization; (iii) An alien granted asylum under 8 U.S.C. 1158, and possessing valid evidence of unrestricted employment authorization; or (iv) A commercial driver licensed by Canada or Mexico, who is admitted to the United States, under 8 CFR 214.2(b)(4)(i)(E), to conduct business in the United States. (b) To determine an applicant's immigration status, TSA checks relevant Federal databases and may perform other checks, including verifying the validity of the applicant's social security number or alien registration number. Sec. 1572.107 Other analyses. (a) TSA checks the following databases, and analyzes the resulting information, to determine whether applicant poses a security threat: (1) Interpol and other international databases, as appropriate. (2) Terrorist watchlists and related databases. (3) Any other databases relevant to determining whether an applicant poses, or is suspected of posing, a security threat, or that confirm an applicant's identity. (b) TSA may determine that an applicant poses a security threat, if the search conducted under this part reveals extensive foreign or domestic criminal convictions, a conviction for a serious crime not listed in Sec. 1572.103, or a period of foreign or domestic imprisonment that exceeds 365 consecutive days. Sec. 1572.109 Mental incapacity. (a) An applicant has mental incapacity, if he or she has been-- (1) Adjudicated as lacking mental capacity; or (2) Committed to a mental health facility. (b) An applicant is adjudicated as lacking mental capacity, if-- (1) A court, board, commission, or other lawful authority has determined that the applicant, as a result of marked subnormal intelligence, mental illness, incompetence, condition, or disease, is a danger to him- or herself or others, or lacks the mental capacity to conduct or manage his or her own affairs. (2) This includes a finding of insanity by a court in a criminal case and a finding of incompetence to stand trial; or a finding of not guilty by reason of lack of mental responsibility, by any court, or pursuant to articles 50a and 76b of the Uniform Code of Military Justice (10 U.S.C. 850a and 876b). (c) An applicant is committed to a mental health facility, if he or she is formally committed to a mental health facility by a court, board, commission, or other lawful authority, including involuntary commitment and commitment for lacking mental capacity, mental illness, and drug use. This does not include commitment to a mental health facility for observation or voluntary admission to a mental health facility. [[Page 29459]] Sec. Sec. 1572.111-1572.139 [Reserved] Subpart C--Transportation of Explosives From Canada to the United States Sec. 1572.201 Via commercial motor vehicle. (a) Applicability. This section applies to carriers that carry explosives from Canada to the United States, using a driver who is not a U.S. citizen or lawful permanent resident alien of the United States. (b) Terms used in this section. For purposes of this section: Carrier means any ``motor carrier'' or ``motor private carrier'', as defined in 49 U.S.C. 13102(12) and (13), respectively. Customs Service means the U.S. Customs Service. Explosive means a material that has been examined by the Associate Administrator for Hazardous Materials Safety, Research and Special Programs Administration, in accordance with 49 CFR 173.56, and determined to meet the definition for a Class 1 material in 49 CFR 173.50. Known carrier means a person that has been determined by the Governments of Canada and the United States to be a legitimate business, operating in accordance with all applicable laws and regulations governing the transportation of explosives. Known driver means a driver of a motor vehicle who has been determined by the Governments of Canada and the United States to present no known security concern. Known offeror means an offeror that has been determined by the Governments of Canada and the United States to be a legitimate business, operating in accordance with all applicable laws and regulations governing the transportation of explosives. Lawful permanent resident alien means a lawful permanent resident alien of the United States, as defined by 8 U.S.C. 1101(a)(2). Offeror means the person offering a shipment to the carrier for transportation from Canada to the United States, and may also be known as the ``consignor'' in Canada. (c) Prior approval of carrier, offeror, and driver. (1) No carrier may transport in commerce any explosive into the United States from Canada via motor vehicle, if the driver of the vehicle is a not a U. S. citizen or lawful permanent resident alien, unless the carrier, offeror, and driver are identified on a TSA list as a known carrier, known offeror, and known driver, respectively. (2) The carrier must ensure that it, its offeror, and its driver have been determined to be a known carrier, known offeror, and known driver, respectively. If any has not been so determined, the carrier must submit the following information to Transport Canada: (i) The carrier must provide its-- (A) Official name; (B) Business number; (C) Any trade names; and (D) Address. (ii) The following information about any offeror of explosives whose shipments it will carry: (A) Official name. (B) Business number. (C) Address. (iii) The following information about any driver the carrier may use to transport explosives into the United States from Canada, who is neither a U.S. citizen nor lawful permanent resident alien of the United States: (A) Full name. (B) Canada Commercial Driver's License number. (C) Both current and most recent prior residential addresses. (3) Transport Canada will determine that the carrier and offeror are legitimately doing business in Canada, and will also determine that the drivers are properly licensed and present no known problems for purposes of this section. Transport Canada will notify TSA of these determinations by forwarding to TSA lists of known carriers, offerors, and drivers and their identifying information. (4) TSA will update and maintain the list of known carriers, offerors, and drivers and forward the list to the Customs Service. (5) Once included on the list, the carriers, offerors, and drivers need not obtain prior approval for future transport of explosives under this section. (d) TSA checks. TSA may periodically check the data on the carriers, offerors, and drivers to confirm their continued eligibility, and may remove from the list any that TSA determines is not known or is a threat to security. (e) At the border--(1) Driver who is not a U.S. citizen or lawful permanent resident alien. Upon arrival at the border, and prior to entry into the United States, the driver must provide a valid Canadian commercial driver's license to the Customs Service. (2) Driver who is a U.S. citizen or lawful permanent resident alien. If the Customs Service cannot verify that the driver is on the list, and if the driver is a U.S. citizen or lawful permanent resident alien, the driver may be cleared by the Customs Service upon providing-- (i) A valid U.S. passport; or (ii) One or more other document(s), including a form of U.S. Federal or State Government-issued identification with photograph, acceptable to the Customs Service. (3) Compliance. If a carrier attempts to enter the United States without having complied with this section, the Customs Service will deny entry of the explosives and may take other appropriate action. Sec. 1572.203 Via railroad carrier. (a) Applicability. This section applies to railroad carriers that carry explosives from Canada to the United States, using a train crew member who is not a U.S. citizen or lawful permanent resident alien of the United States. (b) Terms under this section. For purposes of this section: Customs Service means the U.S. Customs Service. Explosive means a material that has been examined by the Associate Administrator for Hazardous Materials Safety, Research and Special Programs Administration, in accordance with 49 CFR 173.56, and determined to meet the definition for a Class 1 material in 49 CFR 173.50. Known railroad carrier means a person that has been determined by the Governments of Canada and the United States to be a legitimate business, operating in accordance with all applicable laws and regulations governing the transportation of explosives. Known offeror means an offeror that has been determined by the Governments of Canada and the United States to be a legitimate business, operating in accordance with all applicable laws and regulations governing the transportation of explosives. Known train crew member means an individual used to transport explosives from Canada to the United States, who has been determined by the Governments of Canada and the United States to present no known security concern. Lawful permanent resident alien means a lawful permanent resident alien of the United States, as defined by 8 U.S.C. 1101(a)(2). Offeror means the person offering a shipment to the railroad carrier for transportation from Canada to the United States, and may also be known as the ``consignor'' in Canada. Railroad carrier means ``railroad carrier'', as defined in 49 U.S.C. 20102. (c) Prior approval of railroad carrier, offeror, and train crew member. (1) No railroad carrier may transport in [[Page 29460]] commerce any explosive into the United States from Canada, via a train operated by a crew member who is not a U.S. citizen or lawful permanent resident alien, unless the railroad carrier, offeror, and train crew member are identified on a TSA list as a known railroad carrier, known offeror, and known train crew member, respectively. (2) The railroad carrier must ensure that it, its offeror, and each of its crew members have been determined to be a known railroad carrier, known offeror, and known train crew member, respectively. If any has not been so determined, the railroad carrier must submit the following information to Transport Canada: (i) The railroad carrier must provide its-- (A) Official name; (B) Business number; (C) Any trade names; and (D) Address. (ii) The following information about any offeror of explosives whose shipments it will carry: (A) Official name. (B) Business number. (C) Address. (iii) The following information about any train crew member the railroad carrier may use to transport explosives into the United States from Canada, who is neither a U.S. citizen nor lawful permanent resident alien: (A) Full name. (B) Both current and most recent prior residential addresses. (3) Transport Canada will determine that the railroad carrier and offeror are legitimately doing business in Canada and will also determine that the train crew members present no known problems for purposes of this section. Transport Canada will notify TSA of these determinations by forwarding to TSA lists of known railroad carriers, offerors, and train crew members and their identifying information. (4) TSA will update and maintain the list of known railroad carriers, offerors, and train crew members and forward the list to the Customs Service. (5) Once included on the list, the railroad carriers, offerors, and train crew members need not obtain prior approval for future transport of explosives under this section. (d) TSA checks. TSA may periodically check the data on the railroad carriers, offerors, and train crew members to confirm their continued eligibility, and may remove from the list any that TSA determines is not known or is a threat to security. (e) At the border--(1) Train crew members who are not U.S. citizens or lawful permanent resident aliens. Upon arrival at a point designated by the Customs Service for inspection of trains crossing into the United States, the train crew members of a train transporting explosives must provide sufficient identification to the Customs Service to enable that agency to determine if each crew member is on the list of known train crew members maintained by TSA. (2) Train crew members who are U.S. citizens or lawful permanent resident aliens. If the Customs Service cannot verify that the crew member is on the list and the crew member is a U.S. citizen or lawful permanent resident alien, the crew member may be cleared by the Customs Service upon providing-- (i) A valid U.S. passport; or (ii) One or more other document(s), including a form of U.S. Federal or state Government-issued identification with photograph, acceptable to the Customs Service. (3) Compliance. If a carrier attempts to enter the U.S. without having complied with this section, the Customs Service will deny entry of the explosives and may take other appropriate action. Subpart D--[Reserved] Subpart E--Fees for Security Threat Assessments for Hazmat Drivers Sec. 1572.400 Scope and definitions. (a) Scope. This part applies to-- (1) States that issue an HME for a commercial driver's license; (2) Individuals who apply to obtain or renew an HME for a commercial driver's license and must undergo a security threat assessment under 49 CFR part 1572; and (3) Entities who collect fees from such individuals on behalf of TSA. (b) Terms. As used in this part: Commercial driver's license (CDL) is used as defined in 49 CFR 383.5. Day means calendar day. FBI Fee means the fee required for the cost of the Federal Bureau of Investigation (FBI) to process fingerprint identification records and name checks. Information Collection Fee means the fee required, in this part, for the cost of collecting and transmitting fingerprints and other applicant information under 49 CFR part 1572. Threat Assessment Fee means the fee required, in this part, for the cost of TSA adjudicating security threat assessments, appeals, and waivers under 49 CFR part 1572. TSA agent means an entity approved by TSA to collect and transmit fingerprints and applicant information, in accordance with 49 CFR part 1572, and fees in accordance with this part. Sec. 1572.401 Fee collection options. (a) State collection and transmission. If a State collects fingerprints and applicant information under 49 CFR part 1572, the State must collect and transmit to TSA the Threat Assessment Fee, in accordance with the requirements of Sec. 1572.403. The State also must collect and remit the FBI Fee, in accordance with established procedures. (b) TSA agent collection and transmission. If a TSA agent collects fingerprints and applicant information under 49 CFR part 1572, the agent must-- (1) Collect the Information Collection Fee, Threat Assessment Fee, and FBI Fee, in accordance with procedures approved by TSA; (2) Transmit to TSA the Threat Assessment Fee, in accordance with procedures approved by TSA; and (3) Transmit to TSA the FBI Fee, in accordance with procedures approved by TSA and the FBI. Sec. 1572.403 Procedures for collection by States. This section describes the procedures that a State, which collects fingerprints and applicant information under 49 CFR part 1572; and the procedures an individual who applies to obtain or renew an HME, for a CDL in that State, must follow for collection and transmission of the Threat Assessment Fee and the FBI Fee. (a) Imposition of fees. (1) The following Threat Assessment Fee is required for TSA to conduct a security threat assessment, under 49 CFR part 1572, for an individual who applies to obtain or renew an HME: $34. (2) The following FBI Fee is required for the FBI to process fingerprint identification records and name checks required under 49 CFR part 1572: the fee collected by the FBI under 28 U.S.C. 534. (3) An individual who applies to obtain or renew an HME, or the individual's employer, must remit to the State the Threat Assessment Fee and the FBI Fee, in a form and manner approved by TSA and the State, when the individual submits the application for the HME to the State. (b) Collection of fees. (1) A State must collect the Threat Assessment Fee and FBI Fee, when an individual submits an application to the State to obtain or renew an HME. (2) Once TSA receives an application from a State for a security threat assessment under 49 CFR part 1572, the State is liable for the Threat Assessment Fee. [[Page 29461]] (3) Nothing in this subpart prevents a State from collecting any other fees that a State may impose on an individual who applies to obtain or renew an HME. (c) Handling of fees. (1) A State must safeguard all Threat Assessment Fees, from the time of collection until remittance to TSA. (2) All Threat Assessment Fees are held in trust by a State for the beneficial interest of the United States in paying for the costs of conducting the security threat assessment, required by 49 U.S.C. 5103a and 49 CFR part 1572. A State holds neither legal nor equitable interest in the Threat Assessment Fees, except for the right to retain any accrued interest on the principal amounts collected pursuant to this section. (3) A State must account for Threat Assessment Fees separately, but may commingle such fees with other sources of revenue. (d) Remittance of fees. (1) TSA will generate and provide an invoice to a State on a monthly basis. The invoice will indicate the total fee dollars (number of applicants times the Threat Assessment Fee) that are due for the month. (2) A State must remit to TSA full payment for the invoice, within 30 days after TSA sends the invoice. (3) TSA accepts Threat Assessment Fees only from a State, not from an individual applicant for an HME. (4) A State may retain any interest that accrues on the principal amounts collected between the date of collection and the date the Threat Assessment Fee is remitted to TSA, in accordance with paragraph (d)(2) of this section. (5) A State may not retain any portion of the Threat Assessment Fee to offset the costs of collecting, handling, or remitting Threat Assessment Fees. (6) Threat Assessment Fees, remitted to TSA by a State, must be in U.S. currency and made payable to the ``Transportation Security Administration.'' (7) Threat Assessment Fees must be remitted by check, money order, wire, or any other payment method acceptable to TSA. (8) TSA will not issue any refunds of Threat Assessment Fees. (9) If a State does not remit the Threat Assessment Fees for any month, TSA may decline to process any HME applications from that State. Sec. 1572.405 Procedures for collection by TSA. This section describes the procedures that an individual, who applies to obtain or renew an HME for a CDL, must follow if a TSA agent collects and transmits the Information Collection Fee, Threat Assessment Fee, and FBI Fee. (a) Imposition of fees. (1) The following Information Collection Fee is required for a TSA agent to collect and transmit fingerprints and applicant information, in accordance with 49 CFR part 1572: $38. (2) The following Threat Assessment Fee is required for TSA to conduct a security threat assessment, under 49 CFR part 1572, for an individual who applies to obtain or renew an HME: $34. (3) The following FBI Fee is required for the FBI to process fingerprint identification records and name checks required under 49 CFR part 1572: The fee collected by the FBI under 28 U.S.C. 534. (4) An individual who applies to obtain or renew an HME, or the individual's employer, must remit to the TSA agent the Information Collection Fee, Threat Assessment Fee, and FBI Fee, in a form and manner approved by TSA, when the individual submits the application required under 49 CFR part 1572. (b) Collection of fees. A TSA agent will collect the fees required under this section, when an individual submits an application to the TSA agent, in accordance with 49 CFR part 1572. (c) Remittance of fees. (1) Fees required under this section, which are remitted to a TSA agent, must be made in U.S. currency and made payable to the ``Transportation Security Administration.'' (2) Fees required under this section must be remitted by check, money order, wire, or any other payment method acceptable to TSA. (3) TSA will not issue any refunds of fees required under this section. (4) Applications, submitted in accordance with 49 CFR part 1572, will be processed only upon receipt of all applicable fees under this section. Subpart F--Fees for Security Threat Assessments for Transportation Worker Identification Credential (TWIC) Sec. 1572.500 Scope. This subpart applies to individuals who apply for, or renew, a Transportation Worker Identification Credential and must undergo a security threat assessment under 49 CFR part 1572. Sec. 1572.501 Fee collection. When TSA collects fingerprints and applicant information under 49 CFR 1572.17, TSA will collect the Information Collection Fee, Threat Assessment Fee, and FBI Fee, in accordance with procedures approved by TSA. Sec. 1572.503 Fee procedures for collection by TSA or its agent. (a) When an individual submits the application, required under 49 CFR 1572.17, to obtain or renew a TWIC, the fee must be remitted to TSA or its approved agent in a form and manner approved by TSA. (1) The fee to obtain or renew a TWIC, other than for those identified in paragraph (a)(2) of this section, is $95-149, depending on the services provided to the regulated party, plus any increase in the FBI Fee that may be made. This fee is made up of the total of the following component fees: (i) The Information Collection/Credential Issuance Fee covers the cost for TSA or its agent to enroll applicants and is $45-$65. (ii) The Threat Assessment/Credential Production Fee covers the cost for TSA or its agent to conduct a security threat assessment and is $50-$62. (iii) The FBI Fee is collected by the FBI under 28 U.S.C. 534 to process fingerprint identification records and name checks, which is $22, plus any increase that the FBI may make. (2) The fee to obtain a TWIC when the applicant has undergone a comparable threat assessment in connection with an HME, a FAST card, or other threat assessment, as provided in Sec. 1572.5(d); or holds an MMD or License as provided in Sec. 1572.19(b), is $50. This fee is made up of the Information Collection/Credential Issuance Fee and a reduced fee for the Threat Assessment/Credential Production Fee. Such applicants are not charged the FBI Fee. (3) The fee to replace a credential that has been lost, stolen, or damaged is $36. (b) Form of fees. (1) Fees, required under this section, must be made in U.S. currency, and made payable to the ``Transportation Security Administration.'' (2) Fees, required under this section, must be remitted by check, money order, wire, or any other payment method acceptable to TSA. (c) TSA will not issue any refunds of fees required under this section. (d) Applications, submitted in accordance with 49 CFR 1572.17, will be processed only upon receipt of all applicable fees. (e) The fees prescribed in paragraphs (a)(1)(i) and (a)(1)(ii) of this section may be adjusted annually on or after October 1, 2007, by publication of an inflation adjustment. A final rule in the Federal Register will announce the inflation adjustment. The adjustment shall be a composite of the Federal civilian pay raise assumption and non-pay inflation factor for that fiscal year issued by the [[Page 29462]] Office of Management and Budget for agency use in implementing OMB Circular A-76, weighted by the pay and non-pay proportions of total funding for that fiscal year. If Congress enacts a different Federal civilian pay raise percentage than the percentage issued by OMB for Circular A-76, the Department of Homeland Security may adjust the fees to reflect the enacted level. The required fee shall be the amount prescribed in paragraphs (a)(1)(i) and (a)(1)(ii), plus the latest inflation adjustment. (f) Any FBI Fee amendment that increases or decreases its fees to process fingerprint identification records and name checks will apply to the FBI fees identified in this regulation effective on the date of the FBI increase or decrease. Dated: May 10, 2006. Thomas H. Collins, Commandant, United States Coast Guard. Kip Hawley, Assistant Secretary, Transportation Security Administration. [FR Doc. 06-4508 Filed 5-12-06; 12:25 pm] BILLING CODE 4910-15-P