TSA Issues Updated National Alternative Measure for Joint Emergency Amendment on Cybersecurity Performance-Based Measures
July 14, 2023
TSA issued an updated National Alternative Measure (NAM) for the Joint Emergency Amendment (EA) for Cybersecurity Performance-Based Measures. NAM 23-01A has posted on HSIN.
The updated NAM provides covered airport operators and air carriers with an additional option for providing the Cybersecurity Implementation Plans (CIP) and Cybersecurity Assessment Plans (CAP) to TSA. Specifically, the updated NAM allows airport operators to maintain the CIP and CAP locally and make them available for TSA review and inspection either on-site or by other TSA-approved inspection methods. With the updated NAM, airports now have three options: 1) submission by password-protected e-mail as outlined in the EA; 2) through the TSA secure portal once it is deployed for use (expected in early August); and now 3) by maintaining it locally and making it available for inspection at TSA's request.
As with the secure portal option under the original NAM, airports that wish to maintain their CIPs and CAPs locally must attest to their completion to TSA and must also begin implementation of the CIP prior to TSA final approval. If airports that chose to wait for the secure portal now wish to maintain their CIP locally, they must attest once again to TSA that the CIP has been completed and make clear the option the airport has chosen for compliance. Airports that submitted via password-protected e-mail also have the option to chose the secure portal or to maintain the documents locally. TSA will be issuing an updated Frequently Asked Questions (FAQ) document in the near future that will further detail how airports can switch between the available options.
As always, please do not hesitate to contact us if you have any questions or need any further information.