Security Policy Alert: TSA Issues Proposed ASP Amendment on Cybersecurity Vulnerability Assessments and Contingency Planning
January 13, 2022
As discussed on yesterday's AAAE Transportation Security Services Committee call, TSA has issued a proposed ASP amendment for Category X, I and II airports to require cybersecurity vulnerability assessments and contingency planning. The proposed ASP amendment (TSA-PNA-22-01) has been posted on HSIN. Comments are due on February 14, 2022.
As expected, the proposed ASP amendment requires baseline cybersecurity measures related to vulnerability assessments and contingency planning for airport operators that have already been imposed on other modes of transportation, notably pipelines and rail, through Security Directives. Attachment 1 of the proposed ASP amendment includes the required cybersecurity self-assessment checklist, which utilizes the functions and categories found in the National Institute of Standards and Technology (NIST) Cybersecurity Guidance Framework, that airports must use to identify and remediate cyber-related vulnerabilities. The proposed ASP amendment also requires the implementation and annual testing of a cybersecurity incident response plan.
AAAE will submit comments on behalf of our airport members in advance of the February 14 deadline. As always, please share any questions, concerns or feedback you may have to help inform our comments.
As discussed on yesterday's AAAE Transportation Security Services Committee call, TSA has issued a proposed ASP amendment for Category X, I and II airports to require cybersecurity vulnerability assessments and contingency planning. The proposed ASP amendment (TSA-PNA-22-01) has been posted on HSIN. Comments are due on February 14, 2022.
As expected, the proposed ASP amendment requires baseline cybersecurity measures related to vulnerability assessments and contingency planning for airport operators that have already been imposed on other modes of transportation, notably pipelines and rail, through Security Directives. Attachment 1 of the proposed ASP amendment includes the required cybersecurity self-assessment checklist, which utilizes the functions and categories found in the National Institute of Standards and Technology (NIST) Cybersecurity Guidance Framework, that airports must use to identify and remediate cyber-related vulnerabilities. The proposed ASP amendment also requires the implementation and annual testing of a cybersecurity incident response plan.
AAAE will submit comments on behalf of our airport members in advance of the February 14 deadline. As always, please share any questions, concerns or feedback you may have to help inform our comments.
