Security Policy Alert: Summary of TSA's Monthly Conference Call for Airport Stakeholders
February 2, 2023
TSA held its monthly conference call for airport stakeholders on February 2, 2023. The conference call was led by Alan Paterno, TSA's Industry Engagement Manager for Airports in the office of Policy, Plans and Engagement (PPE).
PPE's Kevin Knott introduced Tim Leaf, who recently joined as Section Chief of Special Programs. Leaf came from the intel community and has expertise in cybersecurity. Knott also introduced Dave Siegmund who joined the Airports Policy team in December 2022. Siegmund came from TSA's canine program.
Updates from Policy, Plans and Engagement:
Ramp Movement National Amendment: Shauna Lawrence provided an update on Ramp Movement amendment and airline program changes to ID media. Lawrence stated that the final changes were issued yesterday on February 1, 2023. The NA has an effective date of April 1, 2023. The final Ramp Movement Amendment includes a new section on ramp badges describing the areas to which ramp badge holders may have unescorted access.
As background, in order to resolve longstanding compliance issues relating to TSA ID Media guidance, TSA posted for notice and comment updated ID media policy for aircraft operators regulated under the AOSSP, FACAOSSP, PCSSP, and TFSSP. Concurrently, TSA issued a proposed change to the ASP National Amendment for Ramp Movement.
Based on 85 comments received from aircraft operators and airports, TSA made several changes to the proposed security measures allowing for more flexibility in the final policy for both airlines and airports. On the call, Lawrence stated that TSA agreed with airport comments that they are not responsible for airline assignments and uniform requirements so those were deleted as airport requirements. Also, the amendment made consistent the requirement that ID media must be displayed above the waist.
The final aircraft operator policy clarifies which airline personnel aircraft operators may issue crew, ramp, and exclusive area ID media, including transient mechanics. Based on a question during the call, TSA needs to relook at "load masters" definition.
Policy Clarification Notice for non-SIDA airports: TSA has recently issued a policy clarification notice to airport operators without Security Identification Display Areas (SIDAs) that want to enhance their security by conducting Criminal History Records Check (CHRC) and Security Threat Assessments (STA) on individuals. These airports must ask for and receive explicit authorization from TSA to do so. Airports must submit an Alternative Measure (AM) to TSA-NA-21-04 about their intent to implement security measures greater than what is required. If TSA approves the AM, then the non-SIDA airport operator will have the necessary authority to conduct CHRCs and STAs.
Cybersecurity Updates: TSA is continuing to coordinate comments it received on cybersecurity performance measures during recent industry engagement discussions. TSA plans to issue a revised prosed ASP amendment for additional notice and comment "soon". The exact timing was unclear.
Update on Enrollment Services and Vetting Programs:
e-Badge: Currently, 33 airports are participating in e-Badge. Phase 2, which is intended to streamline the CBP seal process for FIS areas at airports, was deployed the first week in January. After the federal deployment of phase 2, a number of airports reached out to TSA and CBP with concerns about applications in their trusted airport queue that may be duplicative of a seal already issued, which was confusing. TSA stated that many of these cases were in a ‘pending' status between TSA and CBP when the two databases synced. TSA further indicated that if there are duplicate cases, the duplicates can be cancelled. TSA is continuing to work with CBP on how to handle this and recommends you work with your CBP Seals office too.
Rap Back Expired Subscriptions: As first discussed on the December national airports' call, TSA became aware of a number of cases at about 30 airports where badges remained active even though the Rap Back subscriptions were expired. TSA appreciated airports bringing this to their attention. This was due to a technical problem with the FBI's Next Generation Identification (NGI system). The FBI implemented a fix in late December and TSA does not expect this problem to re-occur. If your airport is experiencing any ongoing issues with Rap Back, please bring them to TSA's attention.
Handling Criminal History Information: TSA wants to ensure airport operators understand their responsibilities for receiving, storing, securing, handling, and disposing of Criminal History Information. FPRD is a system of record for TSA absent additional regulatory requirements to maintain CHRI. Be cognizant of whom has access (escorted/unescorted), how best to dispose of personal information, and applicant rights should there be incorrect information presented in a Rap Sheet.
In regard to applicant rights, TSA asked airports to make sure they provide the FBI challenge brochure that outlines how an applicant can appeal a rap sheet finding. As a best practice, TSA generally recommends making it available to applicants by posting in an area where fingerprints are taken, or in an application.
Further, TSA reminded those on the call that FPRD information is not provided for "read only" purposes. The agency will deny this if you make a request. FPRD access is for individuals that adjudicate these records and usage is monitored.
Requirements and Capabilities Analysis Updates:
Bob Pryor discussed two staff screening related items: a proposed toolkit and a catalogue of technologies to help address random screening needs.
Toolkit: TSA is developing a staff screening toolkit which will cater to airports that want to build an airport security checkpoint. TSA plans to publish this toolkit or design guide. Pryor stated that TSA thinks an employee checkpoint does not have to meet the same threat detection standards as a passenger screening checkpoint because employees already undergo other vetting. As a result, this may open up technology options beyond what is currently deployed at passenger checkpoints.
Pryor emphasized that the TSA toolkit for staff screening will look "nothing like the exit lane toolbox" the agency developed in 2014. The exit lane tool box is very hard to use unless you are an engineer or airport system designer. Pryor reminded those on the call that this toolbox should only be accessed by those people that TSA has vetted and have a "need to know". TSA tracks these log ins and if they find someone accessing this exit lane information inappropriately, they could refer it to TSA investigation for further review.
Technology Catalogue: TSA is also developing a catalogue and other information for airports, particularly smaller ones, about what technologies are available that will help address the need for random and unpredictable screening of staff at airports. Pryor indicated that these portable technologies will help screen items employees bring in every day to help with their work. TSA's surface program already has developed a catalogue that includes a list of technologies in the marketplace, many of which TSA has assessed.
This catalogue will be put on HSIN, in a sub-portal, once it is ready. Currently, TSA is trying to determine how much of this information will be labeled security sensitive information. To prevent the information about screening staff technologies from getting out into the public domain, TSA will provide personnel with access to this sub-portal only after an individual's identity and need has been verified by a Federal Security Director. This will be done in phases. During the call, a question was raised about why this needed to occur since anyone with access to HSIN has already been vetted, has a unique username, and password.
Safe Skies Update:
Jessica Grizzle from Safe Skies shared the following information about the two PARAS reports published in December 2022. The links to these reports can be found here:
• PARAS 0040 Pandemic Response, Recovery, and Preparedness Planning for Airport Security Operations (Phase 2) - Building on Phase 1, Phase 2 provides guidance to support communicable disease response and recovery planning for airport security operations, and to facilitate preparedness in coordination with existing response and recovery protocols in Airport Emergency Plans.
• PARAS 0042 Force Multiplier Strategies for Airport Law Enforcement - This guidebook serves as a comprehensive resource of force multiplier strategies to assist law enforcement agencies in effectively and efficiently accomplishing their varying responsibilities in the airport environment.
In addition, an RFP for PARAS 0056 Guidance for Developing and Maintaining an Airport Security Program closes on March 3. Jessica raised this in case any consultants reach out to airports about the RFP.
Finally, Safe Skies recently issued the following ASSIST report: SSDA—22-036 Blank Slate Employee Training Retention Application Platform Fort Lauderdale-Hollywood International Airport. Airport Security Coordinators who wish to request the ASSIST reports may email anna.hamilton@sskies.org or navigate to the Safe Skies Conference area on HSIN to download them.
Next TSA Conference Call: The next TSA call for airport stakeholders will be Thursday, March 2, 2023, at 1 p.m. ET.
TSA held its monthly conference call for airport stakeholders on February 2, 2023. The conference call was led by Alan Paterno, TSA's Industry Engagement Manager for Airports in the office of Policy, Plans and Engagement (PPE).
PPE's Kevin Knott introduced Tim Leaf, who recently joined as Section Chief of Special Programs. Leaf came from the intel community and has expertise in cybersecurity. Knott also introduced Dave Siegmund who joined the Airports Policy team in December 2022. Siegmund came from TSA's canine program.
Updates from Policy, Plans and Engagement:
Ramp Movement National Amendment: Shauna Lawrence provided an update on Ramp Movement amendment and airline program changes to ID media. Lawrence stated that the final changes were issued yesterday on February 1, 2023. The NA has an effective date of April 1, 2023. The final Ramp Movement Amendment includes a new section on ramp badges describing the areas to which ramp badge holders may have unescorted access.
As background, in order to resolve longstanding compliance issues relating to TSA ID Media guidance, TSA posted for notice and comment updated ID media policy for aircraft operators regulated under the AOSSP, FACAOSSP, PCSSP, and TFSSP. Concurrently, TSA issued a proposed change to the ASP National Amendment for Ramp Movement.
Based on 85 comments received from aircraft operators and airports, TSA made several changes to the proposed security measures allowing for more flexibility in the final policy for both airlines and airports. On the call, Lawrence stated that TSA agreed with airport comments that they are not responsible for airline assignments and uniform requirements so those were deleted as airport requirements. Also, the amendment made consistent the requirement that ID media must be displayed above the waist.
The final aircraft operator policy clarifies which airline personnel aircraft operators may issue crew, ramp, and exclusive area ID media, including transient mechanics. Based on a question during the call, TSA needs to relook at "load masters" definition.
Policy Clarification Notice for non-SIDA airports: TSA has recently issued a policy clarification notice to airport operators without Security Identification Display Areas (SIDAs) that want to enhance their security by conducting Criminal History Records Check (CHRC) and Security Threat Assessments (STA) on individuals. These airports must ask for and receive explicit authorization from TSA to do so. Airports must submit an Alternative Measure (AM) to TSA-NA-21-04 about their intent to implement security measures greater than what is required. If TSA approves the AM, then the non-SIDA airport operator will have the necessary authority to conduct CHRCs and STAs.
Cybersecurity Updates: TSA is continuing to coordinate comments it received on cybersecurity performance measures during recent industry engagement discussions. TSA plans to issue a revised prosed ASP amendment for additional notice and comment "soon". The exact timing was unclear.
Update on Enrollment Services and Vetting Programs:
e-Badge: Currently, 33 airports are participating in e-Badge. Phase 2, which is intended to streamline the CBP seal process for FIS areas at airports, was deployed the first week in January. After the federal deployment of phase 2, a number of airports reached out to TSA and CBP with concerns about applications in their trusted airport queue that may be duplicative of a seal already issued, which was confusing. TSA stated that many of these cases were in a ‘pending' status between TSA and CBP when the two databases synced. TSA further indicated that if there are duplicate cases, the duplicates can be cancelled. TSA is continuing to work with CBP on how to handle this and recommends you work with your CBP Seals office too.
Rap Back Expired Subscriptions: As first discussed on the December national airports' call, TSA became aware of a number of cases at about 30 airports where badges remained active even though the Rap Back subscriptions were expired. TSA appreciated airports bringing this to their attention. This was due to a technical problem with the FBI's Next Generation Identification (NGI system). The FBI implemented a fix in late December and TSA does not expect this problem to re-occur. If your airport is experiencing any ongoing issues with Rap Back, please bring them to TSA's attention.
Handling Criminal History Information: TSA wants to ensure airport operators understand their responsibilities for receiving, storing, securing, handling, and disposing of Criminal History Information. FPRD is a system of record for TSA absent additional regulatory requirements to maintain CHRI. Be cognizant of whom has access (escorted/unescorted), how best to dispose of personal information, and applicant rights should there be incorrect information presented in a Rap Sheet.
In regard to applicant rights, TSA asked airports to make sure they provide the FBI challenge brochure that outlines how an applicant can appeal a rap sheet finding. As a best practice, TSA generally recommends making it available to applicants by posting in an area where fingerprints are taken, or in an application.
Further, TSA reminded those on the call that FPRD information is not provided for "read only" purposes. The agency will deny this if you make a request. FPRD access is for individuals that adjudicate these records and usage is monitored.
Requirements and Capabilities Analysis Updates:
Bob Pryor discussed two staff screening related items: a proposed toolkit and a catalogue of technologies to help address random screening needs.
Toolkit: TSA is developing a staff screening toolkit which will cater to airports that want to build an airport security checkpoint. TSA plans to publish this toolkit or design guide. Pryor stated that TSA thinks an employee checkpoint does not have to meet the same threat detection standards as a passenger screening checkpoint because employees already undergo other vetting. As a result, this may open up technology options beyond what is currently deployed at passenger checkpoints.
Pryor emphasized that the TSA toolkit for staff screening will look "nothing like the exit lane toolbox" the agency developed in 2014. The exit lane tool box is very hard to use unless you are an engineer or airport system designer. Pryor reminded those on the call that this toolbox should only be accessed by those people that TSA has vetted and have a "need to know". TSA tracks these log ins and if they find someone accessing this exit lane information inappropriately, they could refer it to TSA investigation for further review.
Technology Catalogue: TSA is also developing a catalogue and other information for airports, particularly smaller ones, about what technologies are available that will help address the need for random and unpredictable screening of staff at airports. Pryor indicated that these portable technologies will help screen items employees bring in every day to help with their work. TSA's surface program already has developed a catalogue that includes a list of technologies in the marketplace, many of which TSA has assessed.
This catalogue will be put on HSIN, in a sub-portal, once it is ready. Currently, TSA is trying to determine how much of this information will be labeled security sensitive information. To prevent the information about screening staff technologies from getting out into the public domain, TSA will provide personnel with access to this sub-portal only after an individual's identity and need has been verified by a Federal Security Director. This will be done in phases. During the call, a question was raised about why this needed to occur since anyone with access to HSIN has already been vetted, has a unique username, and password.
Safe Skies Update:
Jessica Grizzle from Safe Skies shared the following information about the two PARAS reports published in December 2022. The links to these reports can be found here:
• PARAS 0040 Pandemic Response, Recovery, and Preparedness Planning for Airport Security Operations (Phase 2) - Building on Phase 1, Phase 2 provides guidance to support communicable disease response and recovery planning for airport security operations, and to facilitate preparedness in coordination with existing response and recovery protocols in Airport Emergency Plans.
• PARAS 0042 Force Multiplier Strategies for Airport Law Enforcement - This guidebook serves as a comprehensive resource of force multiplier strategies to assist law enforcement agencies in effectively and efficiently accomplishing their varying responsibilities in the airport environment.
In addition, an RFP for PARAS 0056 Guidance for Developing and Maintaining an Airport Security Program closes on March 3. Jessica raised this in case any consultants reach out to airports about the RFP.
Finally, Safe Skies recently issued the following ASSIST report: SSDA—22-036 Blank Slate Employee Training Retention Application Platform Fort Lauderdale-Hollywood International Airport. Airport Security Coordinators who wish to request the ASSIST reports may email anna.hamilton@sskies.org or navigate to the Safe Skies Conference area on HSIN to download them.
Next TSA Conference Call: The next TSA call for airport stakeholders will be Thursday, March 2, 2023, at 1 p.m. ET.
