Security Policy Alert: TSA Issues National Alternative Measure for Cybersecurity Joint Emergency Amendment

May 30, 2023

TSA issued a Joint National Alternative Measure (NAM) to Joint Emergency Amendment (EA) 23-01 Cybersecurity – Performance Based Measures. The joint EA applies to Category X and I airports as well as certain air carriers. The NAM has been posted to HSIN.

The National Alternative Measure provides airports and air carriers with an alternative option for submission of the Cybersecurity Implementation Plans (CIP) required under the EA. In response to AAAE and industry's concerns about submission via password-protected e-mail, TSA is developing a secure portal to allow for submission of documentation to TSA under the Joint EA. Pending availability of the secure portal, airports can submit via password-protected e-mail as outlined in the EA or use the National Alternative Measure. Specifically, under the NAM, an airport's cybersecurity coordinator may attest under penalty of perjury that the CIP has been completed and all measures implemented on or before June 5, 2023. The airport can then maintain the CIP locally, as long as the CIP and any appendix is made available to TSA upon request for review, copying, and approval during any onsite inspections. Once the secure portal is made available by TSA, airport operators have seven days to submit their CIP using the secure portal.

The National Alternative Measure is optional. Again, airport operators can submit their CIPs using password-protected e-mail as outlined in the EA. The June 5 deadline remains the same for either submission option. 

TSA also updated the FAQ (Joint EA 23-01 FAQs v2 05-30-2023) to reflect the availability of the NAM. The updated FAQs, as well as the NAM, can be found on HSIN on the ACO200 web board under New Postings and in the Cybersecurity Information conference.  

As always, please do not hesitate to contact us if you have any questions or need any further information.