Security Policy Alert: TSA Monthly Conference Call Summary for May 2021
May 6, 2021
This afternoon, TSA held its monthly conference call for airport stakeholders. The conference call was led by Alan Paterno, TSA's Airport Industry Engagement Manager in the office of Policy, Plans and Engagement (PPE). Following are highlights from today'™s call:
REAL ID
It was announced last week the REAL ID enforcement deadline has been extended to May 3, 2023. See the AAAE Security Policy Alert for additional information.
Proposed TSA-NA-20-21
Today, TSA issued a proposed national Airport Security Program (ASP) amendment (TSA-NA-20-21) regarding the Perpetual Vetting of Aviation Workers for Airports without Security Threat Assessments (STAs). The proposed amendment would apply only to airports governed under 1542.103(b) without a Security Identification Display Area (SIDA) specified in their ASP and not covered under Security Directive (SD) 1542-04-08 series.
When TSA issued the final ASP amendment TSA-NA-18-01 regarding Airport Access and Vetting, which eliminated airport operators'™ access to the No Fly and Selectee watchlists, the agency issued interim guidance to smaller airports without a SDIA and not subject to SD-1542-04-08 outlining a manual process to conduct watchlist vetting for employees. The proposed TSA-NA-21-01 would replace this interim guidance and direct smaller airports to use the TSA'™s newly established Transportation Vetting Portal (TVP) for perpetual vetting of their aviation workers.
The proposed changes to the airport operator'™s ASP include: the use of TVP for perpetual vetting of airport operator direct employees and authorized representatives; TVP Security Manager responsibilities, including managing local TVP authorized users and recordkeeping; background check requirements for TVP access; TVP Security Manager and TVP Authorized User training requirements; submission elements for TVP; and notifications by TSA and aviation worker redress. TSA also posted the Transportation Vetting Portal User Guide as part of the proposed policy package. TSA is not soliciting comments on technical procedures in the TVP user guide but will accept comments on the impact and burden of such procedures upon the airport operator.
Comments on the proposed TSA NA 21-01 are due on June 21, 2021.
Rap Back
TSA has completed comment adjudication and has drafted final policy documents for the security program changes to make the Rap Back program mandatory for airport operators, air carriers and full all-cargo carriers. The final policy documents are in pre-coordination within the agency now and the next step will be a TSA Requirements and Capabilities Analysis risk assessment '” a new requirement for all TSA proposed policy. The final documents will then be circulated for final coordination.
Once the ASP amendment to make the Rap Back program mandatory for airport operators is issued as final, TSA will need to update the SD 1542-04-08 series and the Rap Back User Guide for consistency with the final documents.
HSIN Modernization
The Homeland Security Information Network (HSIN), which houses the TSA Web Board for Airport Operators (ACO-200), recently underwent several modifications and upgrades that significantly changed the user interface and accessibility to information.
Several issues have already been addressed, such as restoring full functionality to users using Internet Explorer. DHS and TSA are still working on others, such as making the membership links more prominent on the front page. For now, to find your memberships (such as the ACO-200 board), you must click on the nine-dot waffle in the left-hand corner to see memberships as an option to select.
TSA stated that they would communicate any further changes to HSIN to end users. It was suggested that a tip sheet be provided to help airports better navigate the site and access needed information.
On a separate but IT related note, Paterno noted that as of May 31, 2021, the @dhs.gov e-mail domain name will no longer be supported for TSA employees. If you are e-mailing a TSA contact, please make sure you use the @tsa.dhs.gov domain name going forward.
Safe Skies
Jessica Grizzle from Safe Skies provided an update regarding the latest Safe Skies initiatives.
The following PARAS reports are now available for download on their website at sskies.org.
'¢ 0025 Security Regulatory Compliance at Tenant Facilities '” This toolkit provides descriptions of tenant security practices used by a wide range of airport stakeholders and can assist in airports'™ assessments of tenant security responsibilities at their facilities. It explores the range of operational security challenges that tenant security agreements must address and examines the approaches that have successfully met those challenges. The document also provides a collection of language from different agreements, lease structures, and local regulations addressing tenant security issues to assist airports in constructing their own agreements.
'¢ 0035 Synthesis of Escort Privileges and Escorting Practices '” Airports face numerous complicated tasks surrounding the practice of escorting, including vetting escorted individuals; documenting and monitoring escorted individuals; preventing companies and individuals from using the escort system to bypass the credentialing process; and enforcing escorting policies and procedures. This document provides a synthesis of current practices to assist airports with decisions surrounding escort privileges and escorted-access options.
'¢ PARAS 0039 Security, Operations, and Design Considerations for Airside Vehicle Access Gates has been awarded to TransSolutions, LLC with Gloria Bender as the Principal Investigator. The project team may be reaching out to airports for data to inform the report. As always, airports can check the Safe Skies web site for all current and active PARAS projects, including selected project teams.
In addition, Safe Skies recently issued the following ASSIST reports:
· Bosch DINION IP thermal 8000 Video Analytic System San Antonio International Airport
· Pelco Sarix TI 2 Thermal Imaging Analytic System San Antonio International Airport
· Evolon Edgeâ„¢ CP Thermal Analytic Software San Antonio International Airport
Airport Security Coordinators who wish to request ASSIST reports may email anna.hamilton@sskies.org or go to the Safe Skies Conference area on HSIN to download them.
Enrollment Services and Vetting Programs (ESVP)
Sam Smith from TSA'™s Enrollment Services and Vetting Programs provided an update on several vetting related programs, including Rap Back, eBadge and aviation worker vetting.
Aviation Worker Vetting: TSA has seen an increase in enrollments for the aviation worker vetting program. TSA had 60,000 enrollments for the aviation worker and full all-cargo programs in April, up from 40,000 in January and comparable to January 2020 enrollment numbers. The increase in applications has led to an increase in delays of Security Threat Assessment (STA) results. TSA recommends that airports ensure all cases are submitted with complete with documentation at the time of submission. If TSA requests more information, the airport should provide it. TSA has observed several cases of airports submitting an application and then updating just a few hours or a day later with additional information, usually documentation, which can cause delays in TSA'™s adjudication work queue.
eBadge: There are 24 airports currently participating in the eBadge program and there have been 50,000 eBadge submissions successfully processed.
Rap Back: TSA thanked airports for their efforts in reducing the number of Rap Back expirations. TSA has observed a significant drop in the number of Rap Back expirations, which is a positive sign since Rap Back subscriptions should be renewed or cancelled before they are set to expire.
TSA has also observed that not all airports are reviewing the Rap Back Subscriptions Responses (RBSRs) in their work queue. The RBSRs do not indicate if there is a Record or No Record attached to the Criminal History Record Information (CHRI). As a result, airports may be missing criminal activity that took place between the initial CHRC and any subsequent Rap Back Notifications (RBN). TSA recommends that airports follow the detailed guidance contained in the Rap Back User Guide (page 36), excerpted below. TSA also encouraged airports to clear out their work queue by reviewing the RBSRs prior to the Rap Back program becoming mandatory since work queues will likely increase with that mandate.
From the Rap Back User Guide: It is important for the AO to remember that an updated IdHS can be returned by the FBI and posted by TSA to the FPRD for any of the following Rap Back transactions:
'¢ Subsequent Rap Back Subscription (RBSCVL)
'¢ Search and Subscribe
'¢ Rap Back Activity Notification (RBN)
'¢ Rap Back Maintenance Transaction (RBMNT)
'¢ Consolidation Notice
'¢ Rap Back Identity History Summary (RBIHS) request response
Even if the case details screen in FPRD has a 'œno record' indicator in the heading, the AO must click on the transaction results message for any of the above Rap Back transactions to review possible additional criminal history (IdHS) from the FBI. The AO must ensure that any updated IdHS information is promptly reviewed.
Special Emphasis Assessment on Access Control
Joe Kris from TSA'™s Compliance office provided a heads-up on a special emphasis assessment (SEA) on access control, which will kick-off next week and run for 4 to 5 weeks through early June. TSA Compliance uses SEAs to collect and assess information. There will not be any enforcement actions based on the assessment.
The SEA will focus on access control systems measures and procedures in security restricted areas (SRAs). SRAs are basically any non-public areas such as SIDA, sterile, secure and AOA areas. Specifically, the SEA will focus on mechanical access control devices listed in the Airport Security Program, such as keyed media. For this assessment, proximity cards are considered electronic access control devices and will not be assessed at this time (unless electrical access control devices are outlined in an Exclusive Area Agreement or Airport Tenant Security Program). Airports that do not have any mechanical access control devices listed in their ASP may not even be contacted for the SEA.
Transportation Security Inspectors (TSIs) have been instructed to conduct the assessment through a collaborative dialogue either in-person or on the phone; TSIs should not conduct the assessment through e-mail or a questionnaire.
Face Mask Security Directive
Based on a question from AAAE, TSA reiterated its enforcement philosophy in regard to the face mask requirements under SD 1542-21-01A, which was recently extended to September 13, 2021. Kris stated that TSA'™s focus is on individuals that do not comply with directions from the regulated entity to wear a face mask. TSA currently has 1,200 separate investigations related to face mask incidents reported by airports and air carriers, which can lead to administrative and civil penalties. Kris reminded airports to include as much detailed information, especially about the individual, in any incident reports to ensure TSA has the necessary information to pursue an investigation. In response to concerns raised repeatedly by airports that the SD extension did not include recent CDC guidance about masks '” or lack thereof '” for fully vaccinated individuals outside, TSA indicated that the agency is in almost daily conversations with CDC and other federal agencies about updating the CDC Order to reflect the recent guidance. TSA has stated that the CDC Order must be updated before the SD can be modified accordingly.
Next TSA Conference Call
The next TSA conference call for airport stakeholders is scheduled for Thursday, June 3 at 1:00 p.m. ET. Please note the updated conference call number and passcode: 1-800-857-5826 and passcode 9596778.
This afternoon, TSA held its monthly conference call for airport stakeholders. The conference call was led by Alan Paterno, TSA's Airport Industry Engagement Manager in the office of Policy, Plans and Engagement (PPE). Following are highlights from today'™s call:
REAL ID
It was announced last week the REAL ID enforcement deadline has been extended to May 3, 2023. See the AAAE Security Policy Alert for additional information.
Proposed TSA-NA-20-21
Today, TSA issued a proposed national Airport Security Program (ASP) amendment (TSA-NA-20-21) regarding the Perpetual Vetting of Aviation Workers for Airports without Security Threat Assessments (STAs). The proposed amendment would apply only to airports governed under 1542.103(b) without a Security Identification Display Area (SIDA) specified in their ASP and not covered under Security Directive (SD) 1542-04-08 series.
When TSA issued the final ASP amendment TSA-NA-18-01 regarding Airport Access and Vetting, which eliminated airport operators'™ access to the No Fly and Selectee watchlists, the agency issued interim guidance to smaller airports without a SDIA and not subject to SD-1542-04-08 outlining a manual process to conduct watchlist vetting for employees. The proposed TSA-NA-21-01 would replace this interim guidance and direct smaller airports to use the TSA'™s newly established Transportation Vetting Portal (TVP) for perpetual vetting of their aviation workers.
The proposed changes to the airport operator'™s ASP include: the use of TVP for perpetual vetting of airport operator direct employees and authorized representatives; TVP Security Manager responsibilities, including managing local TVP authorized users and recordkeeping; background check requirements for TVP access; TVP Security Manager and TVP Authorized User training requirements; submission elements for TVP; and notifications by TSA and aviation worker redress. TSA also posted the Transportation Vetting Portal User Guide as part of the proposed policy package. TSA is not soliciting comments on technical procedures in the TVP user guide but will accept comments on the impact and burden of such procedures upon the airport operator.
Comments on the proposed TSA NA 21-01 are due on June 21, 2021.
Rap Back
TSA has completed comment adjudication and has drafted final policy documents for the security program changes to make the Rap Back program mandatory for airport operators, air carriers and full all-cargo carriers. The final policy documents are in pre-coordination within the agency now and the next step will be a TSA Requirements and Capabilities Analysis risk assessment '” a new requirement for all TSA proposed policy. The final documents will then be circulated for final coordination.
Once the ASP amendment to make the Rap Back program mandatory for airport operators is issued as final, TSA will need to update the SD 1542-04-08 series and the Rap Back User Guide for consistency with the final documents.
HSIN Modernization
The Homeland Security Information Network (HSIN), which houses the TSA Web Board for Airport Operators (ACO-200), recently underwent several modifications and upgrades that significantly changed the user interface and accessibility to information.
Several issues have already been addressed, such as restoring full functionality to users using Internet Explorer. DHS and TSA are still working on others, such as making the membership links more prominent on the front page. For now, to find your memberships (such as the ACO-200 board), you must click on the nine-dot waffle in the left-hand corner to see memberships as an option to select.
TSA stated that they would communicate any further changes to HSIN to end users. It was suggested that a tip sheet be provided to help airports better navigate the site and access needed information.
On a separate but IT related note, Paterno noted that as of May 31, 2021, the @dhs.gov e-mail domain name will no longer be supported for TSA employees. If you are e-mailing a TSA contact, please make sure you use the @tsa.dhs.gov domain name going forward.
Safe Skies
Jessica Grizzle from Safe Skies provided an update regarding the latest Safe Skies initiatives.
The following PARAS reports are now available for download on their website at sskies.org.
'¢ 0025 Security Regulatory Compliance at Tenant Facilities '” This toolkit provides descriptions of tenant security practices used by a wide range of airport stakeholders and can assist in airports'™ assessments of tenant security responsibilities at their facilities. It explores the range of operational security challenges that tenant security agreements must address and examines the approaches that have successfully met those challenges. The document also provides a collection of language from different agreements, lease structures, and local regulations addressing tenant security issues to assist airports in constructing their own agreements.
'¢ 0035 Synthesis of Escort Privileges and Escorting Practices '” Airports face numerous complicated tasks surrounding the practice of escorting, including vetting escorted individuals; documenting and monitoring escorted individuals; preventing companies and individuals from using the escort system to bypass the credentialing process; and enforcing escorting policies and procedures. This document provides a synthesis of current practices to assist airports with decisions surrounding escort privileges and escorted-access options.
'¢ PARAS 0039 Security, Operations, and Design Considerations for Airside Vehicle Access Gates has been awarded to TransSolutions, LLC with Gloria Bender as the Principal Investigator. The project team may be reaching out to airports for data to inform the report. As always, airports can check the Safe Skies web site for all current and active PARAS projects, including selected project teams.
In addition, Safe Skies recently issued the following ASSIST reports:
· Bosch DINION IP thermal 8000 Video Analytic System San Antonio International Airport
· Pelco Sarix TI 2 Thermal Imaging Analytic System San Antonio International Airport
· Evolon Edgeâ„¢ CP Thermal Analytic Software San Antonio International Airport
Airport Security Coordinators who wish to request ASSIST reports may email anna.hamilton@sskies.org or go to the Safe Skies Conference area on HSIN to download them.
Enrollment Services and Vetting Programs (ESVP)
Sam Smith from TSA'™s Enrollment Services and Vetting Programs provided an update on several vetting related programs, including Rap Back, eBadge and aviation worker vetting.
Aviation Worker Vetting: TSA has seen an increase in enrollments for the aviation worker vetting program. TSA had 60,000 enrollments for the aviation worker and full all-cargo programs in April, up from 40,000 in January and comparable to January 2020 enrollment numbers. The increase in applications has led to an increase in delays of Security Threat Assessment (STA) results. TSA recommends that airports ensure all cases are submitted with complete with documentation at the time of submission. If TSA requests more information, the airport should provide it. TSA has observed several cases of airports submitting an application and then updating just a few hours or a day later with additional information, usually documentation, which can cause delays in TSA'™s adjudication work queue.
eBadge: There are 24 airports currently participating in the eBadge program and there have been 50,000 eBadge submissions successfully processed.
Rap Back: TSA thanked airports for their efforts in reducing the number of Rap Back expirations. TSA has observed a significant drop in the number of Rap Back expirations, which is a positive sign since Rap Back subscriptions should be renewed or cancelled before they are set to expire.
TSA has also observed that not all airports are reviewing the Rap Back Subscriptions Responses (RBSRs) in their work queue. The RBSRs do not indicate if there is a Record or No Record attached to the Criminal History Record Information (CHRI). As a result, airports may be missing criminal activity that took place between the initial CHRC and any subsequent Rap Back Notifications (RBN). TSA recommends that airports follow the detailed guidance contained in the Rap Back User Guide (page 36), excerpted below. TSA also encouraged airports to clear out their work queue by reviewing the RBSRs prior to the Rap Back program becoming mandatory since work queues will likely increase with that mandate.
From the Rap Back User Guide: It is important for the AO to remember that an updated IdHS can be returned by the FBI and posted by TSA to the FPRD for any of the following Rap Back transactions:
'¢ Subsequent Rap Back Subscription (RBSCVL)
'¢ Search and Subscribe
'¢ Rap Back Activity Notification (RBN)
'¢ Rap Back Maintenance Transaction (RBMNT)
'¢ Consolidation Notice
'¢ Rap Back Identity History Summary (RBIHS) request response
Even if the case details screen in FPRD has a 'œno record' indicator in the heading, the AO must click on the transaction results message for any of the above Rap Back transactions to review possible additional criminal history (IdHS) from the FBI. The AO must ensure that any updated IdHS information is promptly reviewed.
Special Emphasis Assessment on Access Control
Joe Kris from TSA'™s Compliance office provided a heads-up on a special emphasis assessment (SEA) on access control, which will kick-off next week and run for 4 to 5 weeks through early June. TSA Compliance uses SEAs to collect and assess information. There will not be any enforcement actions based on the assessment.
The SEA will focus on access control systems measures and procedures in security restricted areas (SRAs). SRAs are basically any non-public areas such as SIDA, sterile, secure and AOA areas. Specifically, the SEA will focus on mechanical access control devices listed in the Airport Security Program, such as keyed media. For this assessment, proximity cards are considered electronic access control devices and will not be assessed at this time (unless electrical access control devices are outlined in an Exclusive Area Agreement or Airport Tenant Security Program). Airports that do not have any mechanical access control devices listed in their ASP may not even be contacted for the SEA.
Transportation Security Inspectors (TSIs) have been instructed to conduct the assessment through a collaborative dialogue either in-person or on the phone; TSIs should not conduct the assessment through e-mail or a questionnaire.
Face Mask Security Directive
Based on a question from AAAE, TSA reiterated its enforcement philosophy in regard to the face mask requirements under SD 1542-21-01A, which was recently extended to September 13, 2021. Kris stated that TSA'™s focus is on individuals that do not comply with directions from the regulated entity to wear a face mask. TSA currently has 1,200 separate investigations related to face mask incidents reported by airports and air carriers, which can lead to administrative and civil penalties. Kris reminded airports to include as much detailed information, especially about the individual, in any incident reports to ensure TSA has the necessary information to pursue an investigation. In response to concerns raised repeatedly by airports that the SD extension did not include recent CDC guidance about masks '” or lack thereof '” for fully vaccinated individuals outside, TSA indicated that the agency is in almost daily conversations with CDC and other federal agencies about updating the CDC Order to reflect the recent guidance. TSA has stated that the CDC Order must be updated before the SD can be modified accordingly.
Next TSA Conference Call
The next TSA conference call for airport stakeholders is scheduled for Thursday, June 3 at 1:00 p.m. ET. Please note the updated conference call number and passcode: 1-800-857-5826 and passcode 9596778.
