Security Policy Alert: TSA Issues Final ASP Amendment on Cybersecurity Self-Assessments and Contingency Plans
June 30, 2022
As AAAE reported recently reported, TSA on June 30 issued the final Airport Security Program (ASP) national amendment TSA-NA-22-01: Cybersecurity Self Assessments and Incident Response Plans. According to TSA, the agency issued the change to establish a baseline for airport operators to complete a cybersecurity self assessment, create remediation measures, and develop and adopt a cybersecurity incident response plan. The final ASP amendment is marked Sensitive Security Information (SSI) and can be found on the TSA web board for airport operators on the Homeland Security Information Network (HSIN).
TSA issued the proposed ASP amendment for notice and comment in January. Based on comments submitted by AAAE, airport operators and others, TSA made several modifications to the final amendment, including clarifications and additions to definitions, required procedures, cybersecurity self-assessment and remediation measures, and cybersecurity incident response plans. Notably, the timeframes required by the final amendment have shifted to 90 days from the effective date for cybersecurity self-assessments, 180 days from the effective date for identification of remediation measures, and 180 days from the effective date to develop and adopt a cybersecurity incident response plan. The effective date is July 31, 2022.
TSA-NA-22-01 applies to Category X, I and II airports. TSA also issued an Information Circular (IC) directed at Category III and IV airports recommending the same measures included in TSA-NA-22-01. The IC can also be found on HSIN.
TSA has informed AAAE that they are planning on compiling a Frequently Asked Questions guidance document on TSA-NA-22-01. Please share any questions or feedback you may have on the final ASP amendment and we will share with TSA. We will also discuss the final ASP amendment on next month's AAAE Transportation Security Services Committee call scheduled for Wednesday, July 13 at 2:00 pm ET.
As always, please do not hesitate to contact us if you have any questions or need any additional information. We welcome your feedback as we continue to work with TSA on cybersecurity related issues and regulations.
As AAAE reported recently reported, TSA on June 30 issued the final Airport Security Program (ASP) national amendment TSA-NA-22-01: Cybersecurity Self Assessments and Incident Response Plans. According to TSA, the agency issued the change to establish a baseline for airport operators to complete a cybersecurity self assessment, create remediation measures, and develop and adopt a cybersecurity incident response plan. The final ASP amendment is marked Sensitive Security Information (SSI) and can be found on the TSA web board for airport operators on the Homeland Security Information Network (HSIN).
TSA issued the proposed ASP amendment for notice and comment in January. Based on comments submitted by AAAE, airport operators and others, TSA made several modifications to the final amendment, including clarifications and additions to definitions, required procedures, cybersecurity self-assessment and remediation measures, and cybersecurity incident response plans. Notably, the timeframes required by the final amendment have shifted to 90 days from the effective date for cybersecurity self-assessments, 180 days from the effective date for identification of remediation measures, and 180 days from the effective date to develop and adopt a cybersecurity incident response plan. The effective date is July 31, 2022.
TSA-NA-22-01 applies to Category X, I and II airports. TSA also issued an Information Circular (IC) directed at Category III and IV airports recommending the same measures included in TSA-NA-22-01. The IC can also be found on HSIN.
TSA has informed AAAE that they are planning on compiling a Frequently Asked Questions guidance document on TSA-NA-22-01. Please share any questions or feedback you may have on the final ASP amendment and we will share with TSA. We will also discuss the final ASP amendment on next month's AAAE Transportation Security Services Committee call scheduled for Wednesday, July 13 at 2:00 pm ET.
As always, please do not hesitate to contact us if you have any questions or need any additional information. We welcome your feedback as we continue to work with TSA on cybersecurity related issues and regulations.
