Daily Rules, Proposed Rules, and Notices of the Federal Government
TSA invites interested persons to participate in this rulemaking by submitting written comments, data, or views. We also invite comments relating to the economic, environmental, energy, recordkeeping, or federalism impacts that might result from adopting the proposals in this document. See
With each comment, please identify the docket number at the beginning of your comments. TSA encourages commenters to provide their names and addresses. The most helpful comments reference a specific portion of the rulemaking, explain the reason for any recommended change, and include supporting data. You may submit comments and material electronically, in person, or by mail as provided under
If you want TSA to acknowledge receipt of your comments submitted by mail, include with your comments a self-addressed, stamped postcard on which the docket number appears. We will stamp the date on the postcard and mail it to you.
TSA will file in the public docket address, as well as items sent to the address or email under
Do not submit comments that include trade secrets, confidential commercial or financial information, or SSI to the public regulatory docket. Please submit such comments separately from other comments on the rulemaking. Comments containing this type of information should be appropriately marked as containing such information and submitted by mail to the address listed in
TSA will not place comments containing SSI in the public docket and will handle them in accordance with applicable safeguards and restrictions on access. TSA will hold documents containing SSI, confidential business information, or trade secrets in a separate file to which the public does not have access, and place a note in the public docket explaining that commenters have submitted such documents. TSA may include a redacted version of the comment in the public docket. If an individual requests to examine or copy information that is not in the public docket, TSA will treat it as any other request under the Freedom of Information Act (FOIA) (5 U.S.C. 552) and the Department of Homeland Security's (DHS') FOIA regulation found in 6 CFR part 5.
Please be aware that anyone is able to search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment (or signing the comments, if submitted on behalf of an association, business, labor union,
You may review TSA's electronic public docket on the Internet at
You may obtain an electronic copy using the Internet by
(1) Searching the Federal Docket Management System (FDMS) Web page at
(2) Accessing the Government Printing Office's Web page at
(3) Visiting TSA's Security Regulations Web page at
In addition, copies of the rulemaking document are available by writing or calling the individual in the
Civil aviation remains a target of terrorist activity worldwide. Terrorists continue to seek opportunities to destroy public confidence in the safety and security of travel, deny the ability of the public to move and travel freely, and damage international economic security.
TSA is proposing to issue regulations to provide for the security of maintenance and repair work conducted on aircraft and aircraft components at domestic and foreign repair stations, of the aircraft and aircraft components located at these repair stations, and of the repair station facilities as required by Vision 100—Century of Aviation Reauthorization Act, codified at 49 U.S.C. 44924 (Vision 100).
For purposes of this rulemaking, “repair stations” are those facilities certificated by the FAA to perform maintenance, repair, overhaul, or alterations on U.S. aircraft or aircraft components, including engines, hydraulics, avionics, safety equipment, airframes, and interiors. According to the FAA, there are 4,227 domestic repair stations located in the United States and 694 foreign repair stations located outside the United States that have an FAA certificate under part 145 of the FAA's rules.
In addition, for purposes of this rulemaking, the term “component” includes any article, airframe, aircraft engine, propeller, appliance, or part that is under repair. The term is used broadly to encompass both articles and appliances as defined by the FAA.
Aircraft repair stations vary widely in size, type of repair work performed, number of employees, and proximity to an airport. The FAA issues ratings to certificated repair stations for the work that can be performed at the repair station.
Repair stations are closely regulated and monitored by the FAA and both the FAA and the air carriers inspect work done at repair stations. FAA performance standards for foreign and domestic repair stations are the same. While the FAA has implemented extensive safety requirements for both foreign and domestic repair stations, supplementing those requirements with specific security measures for both foreign and domestic repair stations would further reduce the likelihood that terrorists would be able to gain access to aircraft under repair at a repair station. As terrorist organizations continue to seek new and creative means of using aircraft to undermine the security and safety of the traveling public, the importance of requiring all aircraft repair stations to have measures in place to prevent persons from commandeering, tampering, or sabotaging aircraft has increased as well. Enhancement of repair station security will mitigate the potential threat that an aircraft could be used as a weapon or that an aircraft could be destroyed.
This rulemaking sets forth proposed regulations to require all FAA certificated repair stations to adopt and carry out a standard security program. The proposed regulations list performance standards for security measures that would be included in the standard security program. The proposed regulations also would require repair stations to carry out Security Directives issued by TSA in the event of a specific threat.
In addition, the proposed regulations codify the scope of TSA's authority to conduct inspections of both domestic and foreign repair stations. The proposed regulations also provide procedures for TSA to notify repair stations of deficiencies in their security program and to determine whether a particular repair station represents an immediate risk to security. Finally, the proposal contains a process whereby a repair station may seek review of a determination by TSA that security deficiencies have not been addressed or that the repair station poses an immediate risk to security.
Vision 100 requires DHS to promulgate security regulations for domestic and foreign aircraft repair
• TSA must complete a security review and audit of foreign repair stations certificated by the FAA no later than six months after regulations are issued.
• TSA must notify the FAA of any security issues or vulnerabilities identified during the audit and require foreign repair stations to address any such issues or vulnerabilities within 90 days. If, after 90 days, TSA determines that the foreign repair station does not maintain and carry out effective security measures, TSA must notify the FAA and the FAA must suspend the repair station's certificate until such time as TSA determines that the repair station does maintain and carry out effective security measures.
• TSA must notify the FAA if TSA determines that a foreign repair station poses an immediate risk to security and the FAA must revoke the repair station's certificate. TSA must establish an appeal procedure to be used when a certificate is revoked.
TSA is proposing regulations to:
• Codify TSA's inspection authority.
• Require foreign and domestic repair stations certificated by the FAA under part 145 of the FAA's rules to allow TSA and DHS officials to enter, inspect, audit, and test property, facilities, and records relevant to repair stations.
• Require foreign and domestic repair stations certificated by the FAA to adopt and carry out a standard security program issued by TSA to safeguard the security of the repair station, the repair work conducted at the repair station, and all aircraft and aircraft components at the repair station.
• Require each security program to describe the specific measures the repair station has implemented to identify individuals authorized access to the repair station, aircraft, and aircraft components; control access to the repair station, aircraft, and aircraft components; challenge individuals who are not authorized access and use escort measures for authorized visitors; provide security awareness training to all employees; verify employee background information; designate a security coordinator; and establish a contingency plan.
• Require each repair station to comply with Security Directives issued by TSA.
• Establish a process to notify the FAA to suspend a certificate upon written notification by TSA that a repair station has not corrected security deficiencies identified during a security audit within 90 days and to permit appeal of a certificate suspension.
• Establish a process to notify the FAA to revoke a certificate upon written notification by TSA that a repair station is an immediate risk to security and to permit appeal of a certificate revocation.
In developing these proposals, TSA has consulted with FAA officials responsible for repair station safety matters.
The security regulations proposed in this NPRM are designed to build upon the extensive certification and safety requirements for repair stations instituted by the FAA. The FAA certificates repair stations, as well as repairmen who work in repair stations.
While these quality control measures provide a significant layer of protection and oversight of the components and aircraft under repair, the proposed regulations would supplement those measures by requiring that FAA certificated repair stations also adopt and carry out a security program that would include procedures to control access to the repair station itself, the components and aircraft under repair, and the work being performed; verify the identity of repair station employees; and establish a security coordinator to serve as the point of contact for security-related matters.
On February 27, 2004, TSA held a public listening session to receive input from stakeholders and other interested parties on repair station security issues. TSA also invited written comments to be submitted by March 29, 2004.
• Security measures that are currently deployed.
• Existing security vulnerabilities.
• Standards that should be in place to prevent unauthorized access, tampering, and any other security breaches.
• Current security system costs.
• Whether security requirements should be tailored to the type of authorization the repair station holds, number of employees, proximity to an airport, number of repairs completed, or other characteristics.
• Whether aircraft operators should play a role in ensuring that repair stations maintain a secure workplace.
• Whether any repair station operator has experienced a breach in security.
Twelve parties, representing air carriers, repair station operators and employees, manufacturers, and unions, spoke during the public meeting.
TSA also received 21 written comments, representing the views of repair station operators and employees, unions, air carriers, aircraft owners, and manufacturers regarding potential security regulations. The majority of those submitting written comments also supported the need for security regulations, and agreed that the regulations should be tailored to reflect the particular characteristics of a repair station. Some commenters suggested that TSA include general security criteria for domestic and foreign repair stations and others offered recommendations regarding specific provisions that should be included in the regulations, such as access controls, personnel identification, employee background checks, and security awareness training. The comments provide valuable input as to how repair station security issues should be addressed and the proposal reflects many of the issues, as well as the recommendations, contained in these initial comments. TSA looks forward to receiving further comments on the proposed regulations.
In addition to the information gathered during the public listening session and through written comments, TSA visited repair stations to conduct research on the physical characteristics of repair stations, the type of repair work performed, and the extent of security measures that had been implemented. The following site visits were conducted:
• June 2005—1 repair station in Hamburg, Germany, and 1 repair station in Amsterdam, the Netherlands.
• August 2005—5 repair stations in Singapore.
• November 2006—9 repair stations in the state of Arizona.
• December 2006—3 repair stations in Naples, Italy.
• January 2007—3 repair stations in the state of Georgia.
• May 2007—1 repair station in Singapore and 1 repair station in Guangzhou, China.
• July 2007—1 repair station in Teterboro, New Jersey.
• May 2008—3 repair stations in Bogota, Colombia.
These repair station site visits provided valuable insight into the different types of facilities certificated by the FAA, the different types of repair work conducted at the facilities, and the different types of security measures deployed by the various facilities. All of the stations visited had some security measures in place. For example, one foreign repair station had over 10,000 employees with many buildings and its own airport. This facility had perimeter fencing, security guards, and surveillance cameras to control access to the facility. Its employees were required to display identification media. Another foreign repair station had only seven employees and was located at an industrial park. That facility was planning to install surveillance cameras to be monitored by a private security company. In two countries the government had mandated security requirements for certain repair stations.
In the United States, one domestic repair station facility with 40 employees relied on personal recognition to identify individuals authorized entry into the facility, while another domestic repair station with fifteen employees used identification media and surveillance cameras. By conducting these site visits, TSA was able to study security measures already deployed and develop a proposal that reflects repair station diversity.
TSA proposes to add a new part 1554 to its regulations, entitled “Aircraft Repair Station Security.” The new part would require aircraft repair stations that are certificated by the FAA under 14 CFR part 145, both domestic and foreign, to adopt and carry out a standard security program. The regulations would require repair stations to safeguard the security of the aircraft and components located at the station, the maintenance and repair work performed there, as well as the repair station's facilities as required by 49 U.S.C. 44924. For a more detailed discussion of the proposed regulations, see the Section-by-Section Analysis portion of this preamble.
TSA is also proposing changes to its regulations regarding the protection of sensitive security information (SSI) to specify that a repair station security program is categorized as SSI and that the repair station operator or owner is subject to the SSI requirements described in 49 CFR part 1520.
FAA certificated repair stations, whether located at airports that have a TSA security program,
The proposed regulations list the general security requirements that each repair station would be required to carry out in the standard security program. The standard security program would require each repair station to include (1) a description of access controls for the facility as well as for the aircraft and/or aircraft components; (2) a description of the measures used to identify employees and others who are authorized to access aircraft and/or aircraft components; (3) a description of the procedures to challenge unauthorized individuals; (4) a description of security awareness training for employees; (5) the name of the designated security coordinator; (6) a contingency plan; and (7) a description of the means used to verify employee background information. The complete security program contents are discussed in the Section by Section analysis.
These requirements are consistent with the recommendations included in the written comments received by TSA,
Recognizing that a “one size fits all” approach would not appropriately address the diversity in repair station characteristics, TSA believes that repair stations should have some flexibility regarding the particular equipment, facilities, and measures that would be listed in the standard security program and used to comply with the proposed regulations. While TSA would provide a standard security program which would contain the majority of security measures that a repair station must adopt to comply with the proposed regulations, certain measures in the standard security program that the repair station must adopt may differ depending upon risk factors considered by TSA.
TSA would not require repair stations that are not located on or adjacent to an airport to implement the same physical security measures in the standard security program as those repair stations that are located on or adjacent to an airport. In adopting this approach, TSA considered the security risks of repair station operations to determine whether there were any factors that could increase the security risks of a repair station. The factors TSA considered were (1) size and type of aircraft to which employees had access; (2) the type of repair work permitted by the FAA certificate; (3) whether the repair station was located on an airport and the type of airport; and (4) the number of employees at the repair station.
Based on the information acquired during the repair stations site visits, an examination of FAA safety requirements, and discussions with FAA safety inspectors, TSA determined that while all of the characteristics examined had some effect on security risks, repair stations that are located on or adjacent to an airport could pose a higher security risk. TSA found that at airport locations, there was greater accessibility to aircraft and proximity to a runway, thereby increasing the possibility that an aircraft could be commandeered and used as a weapon or sabotaged. At off-airport locations, TSA found that repair station employees had little, if any, access to operational aircraft or runways. Repair station employees at off airport locations typically are not the last individuals with access to aircraft prior to the reintroduction of the aircraft into service. TSA believes that it would be difficult for an individual to damage an aircraft at a repair station location that is only rated to repair aircraft components if the individual does not have access to aircraft. FAA safety regulations require inspection of the repair work and the component before it is installed in an aircraft and before the aircraft is deemed to be airworthy. Thus, TSA believes it is less likely that a terrorist would attempt to target an aircraft by sabotaging a component at an off airport location.
This assessment of the greater risk posed by repair stations located on or adjacent to an airport was also supported by several commenters. One commenter noted that repair stations located within an airport posed the greatest risk to security because of the larger number of entry points in such a location. Another explained that repair facilities located off airport generally only work on aircraft components and that the multiple layers of testing and oversight already conducted by the FAA serves as an important security function as well. Another commenter agreed, stating that repair stations that do not have access to aircraft do not pose a security risk because the airworthiness of the components are tested before they are released into service.
Based on this risk assessment, TSA would specify particular security measures in the standard security program that would apply to repair stations on or adjacent to an airport, but that would not be required for other repair stations. TSA believes that this approach would be consistent with its efforts to strengthen security measures at the non public areas of the airport.
In addition, TSA would not require repair stations on or adjacent to airports that only serve aircraft with a maximum certificated take-off weight (MTOW) of 12,500 pounds or less to include the same security measures in the standard security program as repair stations located on or adjacent to airports that serve larger aircraft. TSA has long recognized that aircraft with a MTOW over 12,500 pounds pose a greater risk to security because such aircraft are of sufficient size and weight to inflict significant damage and loss of lives.
TSA is aware that the FAA may certificate repair stations operating on a Federal government facility, such as a U.S. military base. TSA believes that the security at such a facility would likely meet and exceed the security requirements proposed herein. Therefore, TSA would not apply its requirements to any FAA certificated repair station at which the Federal government has assumed responsibility for security measures.
The issue of requiring drug and alcohol testing of repair station employees was raised during the public listening session. TSA is not proposing to include drug and alcohol testing as part of its security program requirements. TSA notes that the FAA has instituted alcohol and drug testing as part of its safety regulations.
TSA believes that the standard security program would be useful to repair stations that have not developed or implemented a security program, particularly small repair stations that may lack the resources to create their own security program. Further, the standard security program would provide consistency in format and content for the thousands of security programs that would be implemented under this proposal. TSA anticipates requesting comment from repair stations on the standard security program before a final rule is adopted and will make a draft of the standard security program available for review and comment by the repair stations subject to the regulations either electronically, through meetings, or both.
To assess the security risks of a repair station and to establish the priority by which repair stations must be inspected, TSA would require each repair station to provide a brief profile, to include general information as to location, such as whether the repair station is located
Further, the profile will assist TSA in determining which measures included in the standard security program must be implemented to address the higher risk posture of repair stations that are located on or adjacent to an airport.
The proposed regulations would codify TSA's inspection authority and would require repair stations to permit TSA and DHS officials to enter, inspect, and test property, facilities, and records relevant to repair stations. The purpose of the inspection would be to assess threats to aviation security, enforce TSA security regulations, directives, and requirements, evaluate all aspects of the repair station security program, verify whether the security program is being implemented and whether it is effective, as well as to identify and correct security deficiencies. Such oversight is also necessary to monitor continuing compliance with the security requirements. Since the inspection program is critical to the enforcement of the security program requirement, TSA's inspection authority would extend to all repair stations. TSA would initiate foreign repair station inspections by giving priority to those foreign repair stations that pose the greatest risk to aviation security as required by Vision 100, and that have identified themselves through the profile as being located on or adjacent to an airport and as performing repair work on large aircraft.
Pursuant to the inspection process and consistent with Vision 100, TSA is proposing to notify the repair station and the FAA of any deficiencies in a security program and to permit the repair station 90 days to correct such deficiencies. If the deficiencies are not corrected within 90 days, TSA would notify the FAA that it must suspend the repair station's certificate until such time as TSA determines that the deficiencies are resolved. The proposed regulations also contain a process whereby a repair station may request further review of TSA's determination regarding security deficiencies.
The proposed regulation contains a specific process whereby a repair station that poses an immediate risk to security is identified and the FAA is notified of such a determination. The FAA must revoke the certificate of a station that TSA determines poses an immediate risk to security. Whether the threat is immediate would be evaluated on a case by case basis considering existing and potential circumstances as information is received and analyzed. The proposal provides a repair station with the opportunity to obtain the releasable materials upon which the determination was made and to seek review of such a determination.
Protection of Sensitive Security Information (SSI), as codified at 49 CFR part 1520, would apply to each repair station required to adopt and carry out a security program. Airport and aircraft operator security programs and plans, amendments, security directives and information circulars, technical specifications of security screening and detection systems and devices, among other types of information, all constitute SSI under current § 1520.5 and are prohibited from public disclosure. TSA is proposing to amend its part 1520 rules to include a repair station security program as SSI. This change would prevent the public disclosure of the security measures implemented and utilized by a repair station covered under the new rules because such disclosure would pose a threat to transportation security. It would also ensure that the repair station standard security program is protected just as other TSA required security programs are protected.
TSA proposes to amend § 1520.7 to include repair station operators as covered persons subject to its SSI requirements. This change would require that repair station operators adhere to the SSI rules and protect SSI from public dissemination. Access to SSI is strictly limited to those persons with a need to know, as defined in 49 CFR 1520.11. In general, a person has a need to know specific SSI when he or she requires access to the information in order to carry out transportation security activities that are government-approved, -accepted, -funded, -recommended, or -directed, including for purposes of training on, and supervision of, such activities or to provide legal or technical advice regarding security-related requirements. Accordingly, the protection of SSI would apply to each repair station standard security program pursuant to part 1554.
Section 1554.1 of the proposed regulation sets forth the scope and purpose of new part 1554. The proposed regulations would apply to all repair stations, both domestic and foreign, that are certificated by the FAA pursuant to 14 CFR part 145. The purpose of the proposed regulations would be to safeguard the security of domestic and foreign aircraft repair stations as required by 49 U.S.C. 44924. The requirements would not apply to any FAA certificated repair station at which the U.S. government has assumed responsibility for security measures.
Section 1554.3 of the proposed rule sets forth the definitions of certain terms used in this part. The term “repair station” is defined as any maintenance facility that is certificated by FAA pursuant to 14 CFR part 145 to perform maintenance, preventive maintenance, repair, overhaul, or alterations of an aircraft, airframe, aircraft engine, propeller, appliance, or component part.
Section 1554.5 would codify TSA's authority to inspect repair stations and would require repair stations to permit TSA and DHS officials to enter, inspect, and test property, facilities, and records relevant to repair stations. This section would allow TSA to assess threats, enforce regulations, security directives, and requirements, inspect all facilities and equipment, test the adequacy of security measures, verify the implementation of security measures, review security programs and other records, and perform such other duties as appropriate. This section also would allow TSA to request evidence of compliance, including copies of records in English.
The proposed regulatory language is consistent with the inspection authority currently codified at 49 CFR 1542.5 and 1546.3, which apply to certain U.S. airports and foreign air carriers. TSA has established protocols and procedures on conducting inspections outside the United States through its Foreign Airport and Foreign Air Carrier Assessment Programs. These established procedures require advance notice to the facility to be inspected and coordination with the U.S. Department of State and the appropriate foreign government authorities. TSA inspectors are required to have TSA identification media and credentials with them when inspecting facilities and must display them when requested to do so. TSA will use these established procedures when conducting inspections of foreign repair stations.
TSA is also amenable to working with the U.S. Department of State and foreign government authorities to facilitate inspections of U.S. repair stations that are certificated by a foreign government authority. TSA currently permits such inspections of U.S. airports and air carriers by foreign government authorities consistent with ICAO Annex 17, Section 2.1.
TSA has kept ICAO apprised of the rulemaking and will continue its efforts to harmonize its regulations with those of other countries through its participation in ICAO.
Section 1554.101 would require each repair station to adopt and carry out a security program designed to safeguard aircraft and aircraft components located within the repair station, the maintenance and repair work performed there, and the facility itself. Repair stations would be required to use the TSA standard security program unless otherwise authorized by TSA.
This section would also require a repair station to submit a profile. The purpose of the profile would be to provide basic information regarding repair station operations to assist TSA in determining what measures the repair station must include in its security program to meet the security requirements. The profile would also assist TSA in prioritizing repair stations for purposes of conducting inspections. TSA would make the profile template available to all repair stations either through the TSA web site, by mail, or both. The profile would request the following types of information:
• Identification of the repair stations, such as FAA certificate number, repair station name as it appears on the FAA certificate, and repair station address.
• Description of location (on or adjacent to an airport, off airport in a business location, off airport private residence).
• Security coordinator who will serve as the TSA point of contact.
• If on an airport, the name and three letter designator of the airport.
• Total number of employees.
• Number of employees authorized unescorted access to aircraft over 12,500 MTOW.
The name and location of each repair station would assist TSA in identifying the repair station and determining its proximity to an airport since, as explained above, TSA would consider such repair stations to be a higher risk than those that are not located on or adjacent to an airport. The profile information would also help TSA to prioritize its inspections. Repair stations would also be required to update their profile information within 30 calendar days if a change in the information submitted occurs. This requirement would enable TSA to maintain current information on each regulated repair station and make certain that it is appraised of changes that could impact the security posture of a repair station. Repair stations would not be required to alert TSA to changes in total number of employees or number of employees who work on large aircraft to prevent the submission of a new profile every time an employee is hired or terminated.
Section 1554.103 would describe the general requirements describing the measures that each repair station must adopt in the standard security program. The standard security program must include:
(1) A description of the measures used to identify individuals who are authorized to enter the repair station to prevent unauthorized individuals from entering the repair station;
(2) a description of the measures used to control access to the repair station and to detect and prevent the entry, presence, and movement of unauthorized individuals and vehicles into or within the repair station;
(3) a description of the measures used to control access to the aircraft and/or aircraft components to allow only authorized individuals to have such access;
(4) a description of the measures used to challenge any individual entering the repair station to ascertain the authority of the individual to enter or be present in the repair station and measures to escort an individual who does not have unescorted authority while within the repair station;
(5) a description of the measures to train all individuals with authorized access to aircraft and components on the provisions of this part and the security program;
(6) a description of the measures used to verify employee background information through confirmation of prior employment and any other means as appropriate to validate employee information;
(7) the name, 24-hour contact information, duties, and training requirements of the designated security coordinator who will serve as the primary and immediate contact for security-related activities and communications with TSA;
(8) a contingency plan;
(9) a diagram with dimensions detailing boundaries and pertinent physical features of the repair station;
(10) a list and description of all entry points; and
(11) an emergency response contact list.
The regulations also would require that the security program be in writing, and signed by the repair station operator, owner, or other authorized person. Each repair station would not have to submit the security program to TSA, but would have to make it available to TSA upon request or during an inspection.
The individual standard security program requirements are discussed below.
The proposed regulations would require the repair station to adopt and
• Number of employees and number of shifts.
• Physical size of the repair station.
• Number of visitors.
• Proximity of other businesses or operations.
• Type of work, size of aircraft, and length of runway.
• Number of entry points into the repair station.
• Airport security features.
• Other factors that increase ability of unauthorized individuals or vehicles to access the repair station.
For example, a repair station with 50 employees who work multiple shifts at a repair station, located adjacent to an airport with many access points, might be required to adopt and carry out the personnel identification media system. Such a repair station would be considered to be a higher risk because of its proximity to an airport. Further, the large number of employees working multiple shifts would make it difficult for employees to rely solely on personal recognition as workers from different shifts may not be able to recognize each other. A repair station located in a residence with a single employee would not be required to adopt the personnel identification media system in the security program. TSA would not anticipate requiring a repair station located at an airport to adopt a personnel identification media system if employees were required to obtain and display airport identification media.
The standard security program would specify the access control security requirements for all repair stations. Such requirements would include measures to control access to the facility and to the aircraft and components within the repair station, to challenge any individuals to determine if they are authorized to enter or be present in the facility, and to respond if unauthorized individuals or vehicles are discovered.
Acceptable access control measures would be specified in the security program. Such measures would cover a broad spectrum, including standard locks with key control, card swipe access locks, cipher locks, locks with coded keys, biometric access cards, fencing, security guards, surveillance cameras, and motion detectors.
As part of the standard security program, the repair station would be required to describe all of the entry points to the facility and the specific access control measures used for each. During the inspection process, TSA would determine whether the access control measures deployed at the entry point are appropriate. A repair station located on or adjacent to an airport that performs substantial maintenance on large aircraft would be required to have more stringent access controls. Such controls could include such measures as card swipe access locks, security guards, electronically monitored access or motion detectors, fencing or a combination of such controls. A repair station located in a private residence or in a small component shop in an industrial park would be required to have less sophisticated controls, such as standard locks with key control and an inventory system to track the number of keys. A repair station would be able to select the above or other measures that would provide a appropriate level of security.
Access controls would also be required to restrict unauthorized access to components located within the facility, such as locked storage containers and inventory control of keys.
In addition, the security program would include measures to control access to aircraft, such as requiring repair stations located on or adjacent to an airport to secure large aircraft by locking or disabling the aircraft, keeping the aircraft in a secure hangar during non-operational hours, fencing, surveillance cameras, lighting, and security guards.
The security program would describe the procedures to be followed when challenging individuals who cannot be readily identified. Only those individuals who are designated and trained in escort procedures would be permitted to escort visitors to the repair station. The responsibilities of the escort would be specified in the security program. At a small facility with few employees, the ability to observe individuals present within the facility may be sufficient to ensure that access to repair work and/or components is controlled. At large repair station facilities, such as those that use a personnel identification media system, employees may have to escort individuals as part of their responsibilities.
The security program would include measures to conduct initial and recurrent security training programs, such as providing guidance to repair station personnel on how to implement and maintain the security measures included in the security program. The security program would also specify that the training curriculum be updated to reflect current security requirements. The repair station would be required to maintain records of initial and recurrent security training for each employee. The standard security program would include a model curriculum that the repair station could modify based on the specific security requirements applicable to that repair station.
The security program would include the measures by which the repair station verifies the employment history of its employees and conducts background checks, to the extent permitted by the laws of the country in which the repair station is located. The employment history, length of employment, and measures used to verify the individual's employment would be listed in the security program.
Each repair station would be required to designate a security coordinator who would serve as the immediate and primary point of contact for security-related activities and communications with TSA. Each repair station would include the name, responsibilities, and contact information of the security coordinator in the security program and would also specify the training curriculum required for the security coordinator. The security coordinator would not necessarily need to be on-site at the repair station, but they must be able to coordinate incident management at any time.
The security program would include a contingency plan to include the specific measures that would be taken to address security-related incidents. The security program would include such items as the names of the repair station employees designated to perform specific tasks, the name and contact information for any contingency response organizations that would assist the repair station, a description of the
The proposed regulations would also require that each security program include a diagram of the repair station detailing the boundaries and describing the physical features of the repair station. The security program would also include a list and description of all entry points into the repair station that would be supplied by the repair station operator. These requirements would assist TSA in assessing the security vulnerability of the repair station and determining whether security measures are appropriate. The security program would also include emergency response contact information.
Section 1554.103(b) would require that the security program be in writing, and hand-signed by the repair station operator, owner, or other authorized person. The security program would be required to be accessible to employees at the repair station facility and be written in English and in the official language of the repair station's country. The security program could be accessible electronically so long as it meets all of the requirements. This section would also include a requirement that repair stations must restrict the distribution, disclosure, and availability of sensitive security information as described in 49 CFR part 1520.
Section 1554.103(c) would require a repair station to notify TSA of any amendment to the standard security program and would require that the repair station acknowledge receipt and adopt an emergency amendment issued by TSA within the time prescribed in the emergency amendment. If the repair station cannot implement the emergency amendment, the repair station must immediately notify TSA to obtain approval of alternative measures. They may contact their TSA inspector or the TSA Repair Stations Office at TSA headquarters.
This section would require a repair station to comply with any Security Directive issued by TSA mandating security measures. Security Directives may be issued when TSA determines that additional or specific security measures are necessary to respond to a threat assessment or a specific threat against aviation. Upon receipt of a Security Directive, the repair station would be required to comply with the measures in the time prescribed or immediately notify TSA if it is unable to implement the specified security measures so that the repair station can obtain approval of alternative measures. The repair station would also be required to restrict the availability of a Security Directive to only those individuals with an operational need to know.