Security Policy Alert: Summary of TSA's Monthly Conference Call for Airport Stakeholders
April 7, 2022
TSA held its monthly conference call for airport stakeholders on April 7. The conference call was led by Alan Paterno, TSA's Airport Industry Engagement Manager in the office of Policy, Plans, and Engagement (PPE). Following are highlights from today's call:
Safe Skies Alliance:
Jessica Grizzle from Safe Skies Alliance provided an update about two reports released in March that are available on their website. Specifically:
'¢ PARAS 0032 Enhancing Security of Cargo Operations at Airports - This document is intended to help airports make well-informed decisions to ensure secure and efficient cargo operations. It discusses the regulatory context for air cargo operations requirements, and guidance and best practices for security programs and measures. This document pays particular attention to the implementation of third-party canine screening in a cargo operation.
'¢ PARAS 0036 Airport Credentialing Efficiency Toolkit - This toolkit was developed to help airports enhance the efficiency of their credentialing process. The guidance includes research findings and recommendations in thirteen credentialing challenge areas, as well as strategies, best practices, checklists, and associated considerations to assist airports in assessing their processes and implementing changes to improve the efficiency of their credentialing process. Two software tools are also available as part of the toolkit.
Also, PARAS posted some new RFP proposals on their website on biometric technology and centralized revocation database use.
CT Acquisition and Deployment:
Paul Burrowes from TSA's Acquisition and Program Management team briefed airports about TSA's acquisition and deployment strategy for computed tomography (CT) machines of varying sizes and configurations. He first highlighted that improvements CTs will provide in passenger screening operations and discussed the original AT/CT procurement of 300 CT machines from Smiths in 2019. Deployment of those machines was completed in April 2021, and they are currently located in 141 airports.
Mid-sized CTs: TSA awarded a contract to Analogic for the first 314 mid-sized ConnectCT machines in April 2021. Deployments of these units began in December 2021 and are expected to be completed by December 2022. At the end of March, 35 of the mid-sized systems have been deployed to 18 airports. TSA has provided the latest version of the mid-size CT deployment locations .
Base and Full-Sized CTs: On March 18, 2022, TSA awarded the first orders for the base and full-size CT systems to Analogic Corporation. TSA plans to procure approximately 45 base and 118 full-size systems in FY22, for a total of 163 Analogic CT systems. Deployments are expected to begin in the summer of 2022 and be complete by spring 2023. Currently, TSA is developing deployment plans for these base and full-sized CT systems. Once finalized, the allocation will be shared. This will include, but not be limited to, contacting airports several months prior to planned deployments to coordinate a site survey. Additionally, airport Integrated Project Teams will be set up and begin approximately two months prior to planned CT installations. TSA has provided the latest draft of base and full-sized CT deployments , which are not yet final and subject to change.
As has been discussed previously and in alignment with the hub and spoke deployment strategy, TSA is aiming to deploy Analogic base and full-size systems to airports within the 'Hub and Spokes' that already received (or are planned to receive) Analogic Mid-size systems. This will support standardized training for TSOs and permit them to move easily between screening lanes. Additionally, AT/CT (Smiths CTiX) systems located at airports receiving Analogic CT systems will be removed and relocated to a different airport to ensure a consistent CT fleet.
Next CT procurement: TSA plans to procure the next set of CT systems (all three sizes) in the second quarter of FY23.
Rap Back:
Eric Byczynski from PPE and Brian Stortors from Enrollment Services and Vetting Programs provided an update on Rap Back, including answering questions previously received from AAAE airports and those airports on the call today. For ease of reading, question topics are underlined.
Stortors thanked airports for helping TSA achieve the March 29 Rap Back deadline. As of that date, all new Criminal History Record Check (CHRC) requests must also include a subscription in Rap Back. Existing badge holders or individuals with a completed CHRC have until March 29, 2024, to be subscribed in Rap Back. Air carriers and full all-cargo carriers are also now required to participate in the Rap Back program under their respective security programs.
Currently, there are 331 operators approved and 356 operators actively submitting subscriptions. Stortors noted that the Rap Back user guide has been updated. Both the user guide and FAQs are posted on HSIN.
Byczynski informed participants that TSA issued a clarification letter about Rap Back Subscription Responses (RBSR) on March 30. RBSRs are generated when an individual with an existing CHRC is subscribed into the Rap Back program. Under TSA-NA-21-03, airport operators are required to review the RBSRs within three business days, regardless of when the CHRC was initially conducted. Because current RBSR queues in FPRD are substantial in some cases, TSA has given until June 30th to clear out the queue. Thereafter, RBSRs responses must be reviewed within the three-day time frame. TSA clarified that this challenge is more applicable to aircraft operators, not airports.
CHRC by Proxy is the practice of allowing an airport operator to submit CHRCs on behalf of an aircraft operator. This worked when TSA required only 2-year CHRCs using the 'Search and Retain' transaction. However, as of March 29, 2022, TSA has discontinued the proxy CHRC process due to technical reasons. Now, all new CHRC submissions to TSA must be accompanied by a Rap Back subscription using the 'Search and Subscribe' transaction, and only the subscribing entity can submit the CHRC and its accompanying Rap Back subscription.
Airport operators or other third-party fingerprinting services are still permitted to collect fingerprints on behalf of an aircraft operator, but they must transmit those prints in a secure manner to the aircraft operator for the aircraft operator to use the Search and Subscribe transaction with their DAC.
In response to a question about multiple CHRCs on a single individual at a single location, TSA emphasized that Rap Back is a continuous monitoring system. Airports have the most up-to-date criminal history information on any individual that has completed a CHRC and is already subscribed in Rap Back. TSA does not mandate a second CHRC for these individuals as a new CHRC for any purpose would provide no new information and would be an unnecessary duplication. While some airports have this a best practice, TSA suggested that those airports work with their local compliance team to modify their ASP as necessary in order to adapt to the Rap Back environment.
In response to a question about the individual covered populations , TSA explained that airports have three ways to meet the CHRC requirement before an individual can be granted unescorted access to the SIDA or sterile areas of the airport. These are:
'¢ The airport operator completes the CHRC and subscribes the individual in Rap Back;
'¢ The airport operator accepts a CHRC and Rap Back certification from an aircraft operator; OR
'¢ The individual is exempted from the CHRC due to their status as a government employee with a CHRC as a condition of their employment.
TSA clarified that its new Rap Back requirements did not expand the population of individuals covered by a CHRC; it applies Rap Back to individuals already covered by a CHRC requirement. TSA did acknowledge that there may be some overlap of individuals requiring unescorted access between airport and aircraft operators. TSA elaborated that if an aircraft operator's employee works in these areas but is not specifically covered by an aircraft operator's CHRC or the airport is not willing to accept an aircraft-provided CHRC, the airport must do the CHRC on that individual before granting unauthorized access.
As noted above, as of March 29, 2024, all new employees must be subscribed in Rap Back. For current employees, there is a two-calendar year window for renewal . TSA reaffirmed that individuals with airport-issued ID media are not required to be subscribed outside of their established renewal cycle. If the airport-issued ID media is renewed more frequently than two years, the subscription will occur at the next renewal.
Airports can accept a one-time certification from aircraft operators that an individual has successfully completed CHRC, is enrolled in Rap Back, and has been provided a Privacy Notice. The aircraft operator must include the FBI number and should include the date of submission into Rap Back. Airport operators are not required to validate the CHRC subscription submitted by the aircraft operator. And the onus is on the aircraft operator to provide the airport with the most current information.
In response to a question about how to handle seasonal employees , TSA advised the airport that if they cancel their Rap Back subscription at the end of the season, and the employee returns more than 60 days later, the airport just needs to resubmit the employee's fingerprints (if they are still on file) for a new Rap Back subscription. If their work gap is less than 60 days, the airport cannot cancel and un-cancel their subscription in that window. TSA will answer a separate question related to 30-day seasonal employment.
In response to a question about the need to collect a physical certification letter when an airport uses an identity management system (IDMS), TSA stated that this is difficult to answer because there are many different IDMS systems with different service tiers. Byczynski clarified that the requirement just says 'certification'; the airport can determine what is an acceptable format for each individual (letter, email, IDMS).
Lastly, Stortors highlighted that some airports may receive a ' M0015 or M0016 message update '. This message relates to possible ID theft. Airports should consider these messages as warnings and adjudicate them using their standard SOP. TSA also recommended that the airport notify the applicant that they might be susceptible to identity theft.
Centralized Revocation Database:
Alan Paterno provided a brief update on the centralized revocation database, noting that TSA is currently going through the nomination process. The agency plans to reach out to airports with questions, comments, or to begin deleting records.
Next TSA Conference Call
The next TSA conference call for airport stakeholders is scheduled for Thursday, May 5 at 1:00 p.m. ET. Please note the conference call number is 1-800-857-5826 and the passcode is 9596778.