Security Policy Alert: TSA Monthly Conference Call Summary for June 2021
June 3, 2021
This afternoon, TSA held its monthly conference call for airport stakeholders. The conference call was led by Alan Paterno, TSA's Airport Industry Engagement Manager in the office of Policy, Plans and Engagement (PPE). Following are highlights from today'™s call:
Inspection of Sterile Area Goods
TSA'™s Policy, Plans and Engagement team provided clarification about the terminology of 'œcommercially prepared' as it relates to inspections of sterile area goods. Commercially prepared goods refer to goods that have been packaged and sealed by the manufacturer, such as cardboard cases of Coca-Cola or shrink- wrapped pallets of bottled water. These items do not need to be opened during inspection. However, consolidated boxes of products not coming directly from manufacturers or that contain mixed shipments do need to be opened for inspection, regardless of where the consolidation occurred in the supply chain, such as a FedEx or UPS shipping facility. Individual items within such consolidated boxes in commercially prepared packaging from the manufacturer do not need to be further opened for inspection.
Alternative Measures
TSA asked airports seeking alternative measures to support special events, such as air shows or events involving the non-traveling public, work as much in advance as possible with TSA. In addition to the Federal Security Director, TSA PPE must approve the requested Alternative Measures and the process takes time.
Security Directive on Face Mask Requirements
TSA reported that the agency is continuing to actively work with the Centers for Disease Control and Prevention (CDC) and other federal agencies such as the FAA regarding updated guidance on the use of masks for vaccinated individuals outdoors in the transportation environment. TSA is currently in a waiting pattern and further information will be forthcoming. TSA advised airports that it did not want to get ahead of any official announcement. AAAE thanked TSA for the update and encouraged the interagency to update guidance sooner rather than later as warmer summer temperatures spread across the country.
Special Emphasis Assessment on Cybersecurity
TSA Compliance reported that, in addition to the ongoing Special Emphasis Assessment (SEA) on airport access control, the agency is conducting a follow-up to last year'™s SEA on airport cybersecurity best practices. Specifically, TSA is focusing on airport adoption of the best practices and recommendations outlined in Information Circular (IC) 17-03B.
TSA conducted a similar SEA last year and shared results with DHS and its Cyber and Instructure Security Agency (CISA). This SEA will cover all airports and will be conducted either in-person or by phone interview (no e-mail surveys). TSA has allotted additional time in the inspectors'™ schedule to ensure that the appropriate cyber professionals can respond on behalf of airport facilities. TSA stressed that the SEA will not result in any enforcement activity and is focused on implementation of recommended best practices.
COVID-19 Related Standard Operating Procedure Changes
TSA'™s Requirements and Capabilities Analysis (RCA) office provided an update on COVID-19 related Standard Operating Procedure (SOP) changes implemented as of May 7. The changes reflect feedback from Transportation Security Officers (TSOs) as well as recent CDC guidance. Before implementation, all changes were subject to a risk assessment and analyzed for impact on through-put and security effectiveness.
Changes include:
· Fully vaccinated TSOs are no longer required to use face shields;
· Passengers no longer need to divest food items prior to screening;
· Passengers no longer have the option to go back out to the public area to remove items from their carry-on baggage; and,
· TSOs no longer have to change their gloves after each and every bag search. Alcohol can be used to sanitize gloves between bag searches. TSOs do have to change gloves if a passenger requests it.
Safe Skies Update
Jessica Grizzle from Safe Skies provided an update on data collection for two on-going PARAS projects. Grizzle reminded airport that any SSI data will be protected as such and airports will be deidentified in any final and published reports. If you are interested in volunteering to participate in an interview or provide information for either of these efforts, please contact jessica.grizzle@sskies.org.
Data collection will also begin soon for Phase 1 of PARAS 0040 Pandemic Response, Recovery, and Preparedness Planning for Airport Security Operations. The research agency, Ross & Baruzzini, will be reaching out soon regarding the following topics:
· Passenger impacts, such as checkpoint queueing/distancing, screening-related equipment cleaning, signage and messaging and mask compliance strategies
· Employee/Badge holder impacts, such as safety protocols/PPE during the credentialing process, safety protocols and changes to the employee inspections process (i.e., distancing, equipment cleaning, mask compliance), health screening/attestation requirements (including HIPAA/privacy considerations), applicable policy/accountability requirements for businesses requiring credentialed access, stakeholder engagement and timely communication of changes, and Initial and renewal SIDA training, including safeguards and delivery methods
· ASP impacts and considerations for program reduction/suspension
· Changes or ordinances related to public areas (limiting access, etc.)
· Ensuring compliance with evolving local and federal requirements
Data collection will also begin soon for PARAS 0039 Security, Operations, and Design Considerations for Airside Vehicle Access Gates. The research agency, TransSolutions, will be reaching out soon regarding the following topics:
· Design and infrastructure, including space planning and layout, fencing, gates, and other physical barriers, considerations for relevant technology use, lighting needs, backup power, functional, environmental, and protection considerations for guard house(s), and environmental considerations for people and equipment
· Operational considerations, including volume management strategies, inspections/vetting, emergency access needs, irregular and contingency procedures, staffing strategies and human factor considerations, and auditing strategies.
Enrollment Services and Vetting Programs Update
TSA'™s Enrollment Services and Vetting Programs (ESVP) office reported that, given the increase in Security Threat Assessment (STA) applications, delays in STA processing may grow longer '” possibly up to 30 days. AAAE has urged TSA to provide additional and more timely information about the STA processing delays in a bulletin, which is expected shortly. TSA did report that their adjudicators are cross trained across 11 vetting populations and can maneuver among populations to keep processing delay levels manageable. If you do reach out to TSA about delay STA results, please be sure to use the correct e-mail. As a reminder, all 'œdhs.gov' TSA case management support emails no longer exist. Please ensure you are using the 'œtsa.dhs.gov' emails for case management inquiries.
In addition, last month, TSA reported that STAs were being delayed because of airports submitting updates shortly after submission, which moved the STAs down in the adjudication work queue. In working with AAAE'™s Transportation Security Clearinghouse, it was discovered that it was actually a bug on TSA'™s backend that mistakenly identified Rap Back subscriptions as updates. TSA has developed a fix to this bug and hopes to streamline the process prior to additional increases in the number of STA applications. TSA, however, did not provide a definitive date for the fix to be implemented. TSA did remind airports to ensure all cases are submitted to TSA complete with documentation at the time of submission and to provide additional information if requested by TSA.
TSA also provided an update on the eBadge program. There are currently 25 airports participating and over 60,000 submissions have been successfully processed.
Finally, TSA ESVP reported that later this fiscal year, the agency will release a Request for Proposal for the Aviation Channeling and Data Management System (ACDMS) vendors for the aviation worker program. Currently, TSA works with the Designated Aviation Channelers (DACs), including AAAE'™s Clearinghouse, to support the aviation worker program. TSA announced that it will extend the current Other Transactional Agreements with the DACs to September 2022. According to TSA, the extension of the current agreements to September 2022 will allow TSA time to transition vendors to support the aviation industry with channeling and data management system support in the fall of 2022. Following are the talking points TSA used on the conference call to describe the RFP process and shared with AAAE to distribute to our members:
· Organizationally, the purpose of the ACDMS Vendor is to facilitate the communication of biographic and biometric data securely and correctly from the badging entity to TSA.
· The ACDMS Vendors will provide badging entities with expertise to include: biometric identification, authentication, and validation for use within vetting and credentialing systems; identity verification and validation methodologies; biographic data authentication; and training requirements.
· Specifically, the ACDMS Vendor must comply with the technology standards and processes related to both the Government'™s conducting of Security Threat Assessments (STA) and the exchange of biometric data and biographic information between TSA and badging entities. For the Vendors to serve as an approved conduit for badging entities, TSA requires the ACDMS Vendor to meet technical, program management, and financial related processes and standards. ACDMS Vendor supports badging entities in satisfying regulatory, statutory, security directives, and amendments to aviation security requirements.
· Since 2015, TSA has been capturing feedback and annotating requests from airports and aircraft operators with regard to Aviation Channeling and Data Management System support.
· TSA incorporated feedback from site visits, data inquiries, and interviews to develop enhancements which will create products and services to better support the airports and aircraft operators. Essentially, this Other Transaction Agreement (OTA) was developed with the airport and aircraft operators (badging entities) at the forefront.
· TSA will develop a transition plan and will continue to solicit feedback this summer and fall. As TSA increases engagement regarding Rap Back the agency will use that time to ensure they are developing a plan with airports and aircraft operators during the next year.
· TSA will develop a data management quality plan during the upcoming months to support airports during the approaching transition in fall of 2022. TSA will also develop a targeted stakeholder engagement plan to ensure feedback from the airports is incorporated into the process. Out of this will come a transition plan to support and assist badging entities with vendor transition, where applicable.
· To ensure the utmost levels of support for badging entities, TSA'™s goals are to conduct outreach this summer of 2021 to gather input, issues and concerns regarding the ACDMS vendor transition.
· TSA anticipate lots of questions, comments and feedback throughout this process and TSA aims to ensure the airports are informed at each step of the way. Please feel free to submit questions to aviation.workers@tsa.dhs.gov or work with your association representatives.
Credential Authentication Technology Deployment
TSA Acquisitions and Program Management office reported that 1,001 Credential Authentication Technology (CAT) machines will be included in its Phase III deployment. TSA has determined that 467 unites will go to 85 airports, although an exact schedule has not yet been developed. TSA has not determined an allocation strategy for the remaining 534 units at this time.
Next TSA Conference Call
The next TSA conference call for airport stakeholders is scheduled for Thursday, July 1 at 1:00 p.m. ET. Please note the updated conference call number and passcode: 1-800-857-5826 and passcode 9596778.
This afternoon, TSA held its monthly conference call for airport stakeholders. The conference call was led by Alan Paterno, TSA's Airport Industry Engagement Manager in the office of Policy, Plans and Engagement (PPE). Following are highlights from today'™s call:
Inspection of Sterile Area Goods
TSA'™s Policy, Plans and Engagement team provided clarification about the terminology of 'œcommercially prepared' as it relates to inspections of sterile area goods. Commercially prepared goods refer to goods that have been packaged and sealed by the manufacturer, such as cardboard cases of Coca-Cola or shrink- wrapped pallets of bottled water. These items do not need to be opened during inspection. However, consolidated boxes of products not coming directly from manufacturers or that contain mixed shipments do need to be opened for inspection, regardless of where the consolidation occurred in the supply chain, such as a FedEx or UPS shipping facility. Individual items within such consolidated boxes in commercially prepared packaging from the manufacturer do not need to be further opened for inspection.
Alternative Measures
TSA asked airports seeking alternative measures to support special events, such as air shows or events involving the non-traveling public, work as much in advance as possible with TSA. In addition to the Federal Security Director, TSA PPE must approve the requested Alternative Measures and the process takes time.
Security Directive on Face Mask Requirements
TSA reported that the agency is continuing to actively work with the Centers for Disease Control and Prevention (CDC) and other federal agencies such as the FAA regarding updated guidance on the use of masks for vaccinated individuals outdoors in the transportation environment. TSA is currently in a waiting pattern and further information will be forthcoming. TSA advised airports that it did not want to get ahead of any official announcement. AAAE thanked TSA for the update and encouraged the interagency to update guidance sooner rather than later as warmer summer temperatures spread across the country.
Special Emphasis Assessment on Cybersecurity
TSA Compliance reported that, in addition to the ongoing Special Emphasis Assessment (SEA) on airport access control, the agency is conducting a follow-up to last year'™s SEA on airport cybersecurity best practices. Specifically, TSA is focusing on airport adoption of the best practices and recommendations outlined in Information Circular (IC) 17-03B.
TSA conducted a similar SEA last year and shared results with DHS and its Cyber and Instructure Security Agency (CISA). This SEA will cover all airports and will be conducted either in-person or by phone interview (no e-mail surveys). TSA has allotted additional time in the inspectors'™ schedule to ensure that the appropriate cyber professionals can respond on behalf of airport facilities. TSA stressed that the SEA will not result in any enforcement activity and is focused on implementation of recommended best practices.
COVID-19 Related Standard Operating Procedure Changes
TSA'™s Requirements and Capabilities Analysis (RCA) office provided an update on COVID-19 related Standard Operating Procedure (SOP) changes implemented as of May 7. The changes reflect feedback from Transportation Security Officers (TSOs) as well as recent CDC guidance. Before implementation, all changes were subject to a risk assessment and analyzed for impact on through-put and security effectiveness.
Changes include:
· Fully vaccinated TSOs are no longer required to use face shields;
· Passengers no longer need to divest food items prior to screening;
· Passengers no longer have the option to go back out to the public area to remove items from their carry-on baggage; and,
· TSOs no longer have to change their gloves after each and every bag search. Alcohol can be used to sanitize gloves between bag searches. TSOs do have to change gloves if a passenger requests it.
Safe Skies Update
Jessica Grizzle from Safe Skies provided an update on data collection for two on-going PARAS projects. Grizzle reminded airport that any SSI data will be protected as such and airports will be deidentified in any final and published reports. If you are interested in volunteering to participate in an interview or provide information for either of these efforts, please contact jessica.grizzle@sskies.org.
Data collection will also begin soon for Phase 1 of PARAS 0040 Pandemic Response, Recovery, and Preparedness Planning for Airport Security Operations. The research agency, Ross & Baruzzini, will be reaching out soon regarding the following topics:
· Passenger impacts, such as checkpoint queueing/distancing, screening-related equipment cleaning, signage and messaging and mask compliance strategies
· Employee/Badge holder impacts, such as safety protocols/PPE during the credentialing process, safety protocols and changes to the employee inspections process (i.e., distancing, equipment cleaning, mask compliance), health screening/attestation requirements (including HIPAA/privacy considerations), applicable policy/accountability requirements for businesses requiring credentialed access, stakeholder engagement and timely communication of changes, and Initial and renewal SIDA training, including safeguards and delivery methods
· ASP impacts and considerations for program reduction/suspension
· Changes or ordinances related to public areas (limiting access, etc.)
· Ensuring compliance with evolving local and federal requirements
Data collection will also begin soon for PARAS 0039 Security, Operations, and Design Considerations for Airside Vehicle Access Gates. The research agency, TransSolutions, will be reaching out soon regarding the following topics:
· Design and infrastructure, including space planning and layout, fencing, gates, and other physical barriers, considerations for relevant technology use, lighting needs, backup power, functional, environmental, and protection considerations for guard house(s), and environmental considerations for people and equipment
· Operational considerations, including volume management strategies, inspections/vetting, emergency access needs, irregular and contingency procedures, staffing strategies and human factor considerations, and auditing strategies.
Enrollment Services and Vetting Programs Update
TSA'™s Enrollment Services and Vetting Programs (ESVP) office reported that, given the increase in Security Threat Assessment (STA) applications, delays in STA processing may grow longer '” possibly up to 30 days. AAAE has urged TSA to provide additional and more timely information about the STA processing delays in a bulletin, which is expected shortly. TSA did report that their adjudicators are cross trained across 11 vetting populations and can maneuver among populations to keep processing delay levels manageable. If you do reach out to TSA about delay STA results, please be sure to use the correct e-mail. As a reminder, all 'œdhs.gov' TSA case management support emails no longer exist. Please ensure you are using the 'œtsa.dhs.gov' emails for case management inquiries.
In addition, last month, TSA reported that STAs were being delayed because of airports submitting updates shortly after submission, which moved the STAs down in the adjudication work queue. In working with AAAE'™s Transportation Security Clearinghouse, it was discovered that it was actually a bug on TSA'™s backend that mistakenly identified Rap Back subscriptions as updates. TSA has developed a fix to this bug and hopes to streamline the process prior to additional increases in the number of STA applications. TSA, however, did not provide a definitive date for the fix to be implemented. TSA did remind airports to ensure all cases are submitted to TSA complete with documentation at the time of submission and to provide additional information if requested by TSA.
TSA also provided an update on the eBadge program. There are currently 25 airports participating and over 60,000 submissions have been successfully processed.
Finally, TSA ESVP reported that later this fiscal year, the agency will release a Request for Proposal for the Aviation Channeling and Data Management System (ACDMS) vendors for the aviation worker program. Currently, TSA works with the Designated Aviation Channelers (DACs), including AAAE'™s Clearinghouse, to support the aviation worker program. TSA announced that it will extend the current Other Transactional Agreements with the DACs to September 2022. According to TSA, the extension of the current agreements to September 2022 will allow TSA time to transition vendors to support the aviation industry with channeling and data management system support in the fall of 2022. Following are the talking points TSA used on the conference call to describe the RFP process and shared with AAAE to distribute to our members:
· Organizationally, the purpose of the ACDMS Vendor is to facilitate the communication of biographic and biometric data securely and correctly from the badging entity to TSA.
· The ACDMS Vendors will provide badging entities with expertise to include: biometric identification, authentication, and validation for use within vetting and credentialing systems; identity verification and validation methodologies; biographic data authentication; and training requirements.
· Specifically, the ACDMS Vendor must comply with the technology standards and processes related to both the Government'™s conducting of Security Threat Assessments (STA) and the exchange of biometric data and biographic information between TSA and badging entities. For the Vendors to serve as an approved conduit for badging entities, TSA requires the ACDMS Vendor to meet technical, program management, and financial related processes and standards. ACDMS Vendor supports badging entities in satisfying regulatory, statutory, security directives, and amendments to aviation security requirements.
· Since 2015, TSA has been capturing feedback and annotating requests from airports and aircraft operators with regard to Aviation Channeling and Data Management System support.
· TSA incorporated feedback from site visits, data inquiries, and interviews to develop enhancements which will create products and services to better support the airports and aircraft operators. Essentially, this Other Transaction Agreement (OTA) was developed with the airport and aircraft operators (badging entities) at the forefront.
· TSA will develop a transition plan and will continue to solicit feedback this summer and fall. As TSA increases engagement regarding Rap Back the agency will use that time to ensure they are developing a plan with airports and aircraft operators during the next year.
· TSA will develop a data management quality plan during the upcoming months to support airports during the approaching transition in fall of 2022. TSA will also develop a targeted stakeholder engagement plan to ensure feedback from the airports is incorporated into the process. Out of this will come a transition plan to support and assist badging entities with vendor transition, where applicable.
· To ensure the utmost levels of support for badging entities, TSA'™s goals are to conduct outreach this summer of 2021 to gather input, issues and concerns regarding the ACDMS vendor transition.
· TSA anticipate lots of questions, comments and feedback throughout this process and TSA aims to ensure the airports are informed at each step of the way. Please feel free to submit questions to aviation.workers@tsa.dhs.gov or work with your association representatives.
Credential Authentication Technology Deployment
TSA Acquisitions and Program Management office reported that 1,001 Credential Authentication Technology (CAT) machines will be included in its Phase III deployment. TSA has determined that 467 unites will go to 85 airports, although an exact schedule has not yet been developed. TSA has not determined an allocation strategy for the remaining 534 units at this time.
Next TSA Conference Call
The next TSA conference call for airport stakeholders is scheduled for Thursday, July 1 at 1:00 p.m. ET. Please note the updated conference call number and passcode: 1-800-857-5826 and passcode 9596778.
