Editorial Notes
References in Text
The date of enactment of the TSA Modernization Act, referred to in subsecs. (b)(1)(C) and (w)(3)(A), is the date of enactment of title I of div. K of Pub. L. 115–254, which was approved Oct. 5, 2018.
The Aviation and Transportation Security Act, referred to in subsec. (r)(1), is Pub. L. 107–71, Nov. 19, 2001, 115 Stat. 597. For complete classification of this Act to the Code, see Short Title of 2001 Amendment note set out under section 101 of this title and Tables.
The Implementing Recommendations of the 9/11 Commission Act of 2007, referred to in subsec. (s)(3)(B), is Pub. L. 110–53, Aug. 3, 2007, 121 Stat. 266. Section 1410 of the Act is classified to section 1139 of Title 6, Domestic Security. For complete classification of this Act to the Code, see Short Title of 2007 Amendment note set out under section 101 of Title 6 and Tables.
The date of enactment of the Implementing Recommendations of the 9/11 Commission Act of 2007, referred to in subsec. (s)(3)(F), is the date of enactment of Pub. L. 110–53, which was approved Aug. 3, 2007.
The date of the enactment of this subsection, referred to in subsec. (x)(1), is the date of enactment of Pub. L. 117–81, which was approved Dec. 27, 2021.
Section 6411 of the National Defense Authorization Act for Fiscal Year 2022, referred to in subsec. (x)(2)(A), is section 6411 of div. F of Pub. L. 117–81, Dec. 27, 2021, 135 Stat. 2409, which is not classified to the Code.
Section 6414 of the National Defense Authorization Act for Fiscal Year 2022, referred to in subsec. (x)(2)(B), is section 6414 of div. F of Pub. L. 117–81, Dec. 27, 2021, 135 Stat. 2412, which is not classified to the Code.
Section 6415 of the National Defense Authorization Act for Fiscal Year 2022, referred to in subsec. (x)(2)(C), is section 6415 of Pub. L. 117–81, which is set out as a note under section 44901 of this title.
Amendments
2022—Subsec. (o). Pub. L. 117–286 substituted “chapter 4 of title 5” for “the Inspector General Act of 1978 (5 U.S.C. App.)”.
2021—Subsec. (x). Pub. L. 117–81 added subsec. (x).
2018—Pub. L. 115–254, § 1904(a)(3), substituted “Administrator” for “Under Secretary” wherever appearing in subsecs. (c) to (n), (p), (q), and (r).
Subsec. (a). Pub. L. 115–254, § 1904(a)(1), substituted “Department of Homeland Security” for “Department of Transportation”.
Subsec. (b). Pub. L. 115–254, § 1904(a)(2), amended subsec. (b) generally. Prior to amendment, text read as follows:
“(1) Appointment.—The head of the Administration shall be the Under Secretary of Transportation for Security. The Under Secretary shall be appointed by the President, by and with the advice and consent of the Senate.
“(2) Qualifications.—The Under Secretary must—
“(A) be a citizen of the United States; and
“(B) have experience in a field directly related to transportation or security.
“(3) Term.—The term of office of an individual appointed as the Under Secretary shall be 5 years.”
Subsec. (f)(15), (16). Pub. L. 115–254, § 1988(c), added par. (15) and redesignated former par. (15) as (16).
Subsec. (g)(1). Pub. L. 115–254, § 1904(b)(1)(A)(i)(I), substituted “Subject to the direction and control of the Secretary of Homeland Security” for “Subject to the direction and control of the Secretary” in introductory provisions.
Subsecs. (g)(1)(D), (3), (j)(1)(D). Pub. L. 115–254, § 1904(b)(1)(A)(i)(II), (ii), (B), inserted “of Homeland Security” after “Secretary”.
Subsec. (k). Pub. L. 115–254, § 1904(b)(1)(C), substituted “functions assigned” for “functions transferred, on or after the date of enactment of the Aviation and Transportation Security Act,”.
Subsec. (l)(4)(B). Pub. L. 115–254, § 1904(b)(1)(D), substituted “Administrator of the Federal Aviation Administration under subparagraph (A)” for “Administrator under subparagraph (A)”.
Subsec. (n). Pub. L. 115–254, § 1909, inserted par. (1) designation and heading before “The personnel management system”, added pars. (2) and (3), and realigned margins.
Pub. L. 115–254, § 1904(b)(1)(E), substituted “Department of Homeland Security” for “Department of Transportation”.
Subsec. (o). Pub. L. 115–254, § 1904(b)(1)(F), substituted “Department of Homeland Security” for “Department of Transportation”.
Subsec. (p)(4). Pub. L. 115–254, § 1904(b)(1)(G), substituted “Secretary of Homeland Security” for “Secretary of Transportation”.
Subsec. (s)(3)(B). Pub. L. 115–254, § 1904(b)(1)(H)(i), inserted closing parenthesis after “Act of 2007”.
Subsec. (s)(4). Pub. L. 115–254, § 1904(b)(1)(H)(ii)(I), substituted “Submission of plans” for “Submissions of plans to Congress” in heading.
Subsec. (s)(4)(A). Pub. L. 115–254, § 1904(b)(1)(H)(ii)(IV)(bb), which directed amendment of subpar. (A) by substituting “The” for “After December 31, 2015, the”, was executed by making the substitution for “After December 31, 2005, the” to reflect the probable intent of Congress.
Pub. L. 115–254, § 1904(b)(1)(H)(ii)(IV)(aa), substituted “In general” for “Subsequent versions” in heading.
Pub. L. 115–254, § 1904(b)(1)(H)(ii)(II), (III), redesignated subpar. (B) as (A) and struck out former subpar. (A). Prior to amendment, text of subpar. (A) read as follows: “The Secretary of Homeland Security shall submit the National Strategy for Transportation Security, including the transportation modal security plans, developed under this subsection to the appropriate congressional committees not later than April 1, 2005.”
Subsec. (s)(4)(B). Pub. L. 115–254, § 1904(b)(1)(H)(ii)(III), redesignated subpar. (C) as (B). Former subpar. (B) redesignated (A).
Subsec. (s)(4)(B)(ii)(III)(cc). Pub. L. 115–254, § 1904(b)(1)(H)(ii)(V), substituted “for the Department of Homeland Security” for “for the Department”.
Subsec. (s)(4)(C) to (E). Pub. L. 115–254, § 1904(b)(1)(H)(ii)(III), redesignated subpars. (D) and (E) as (C) and (D), respectively. Former subpar. (C) redesignated (B).
Subsec. (t). Pub. L. 115–254, § 1904(b)(1)(I), redesignated subsec. (u) as (t).
Subsec. (t)(1)(D), (E). Pub. L. 115–254, § 1904(b)(1)(J)(i), redesignated subpar. (E) as (D) and struck out former subpar. (D). Prior to amendment, text of subpar. (D) read as follows: “The term ‘Secretary’ means the Secretary of Homeland Security.”
Subsec. (t)(2). Pub. L. 115–254, § 1904(b)(1)(J)(ii), inserted “of Homeland Security” after “Plan, the Secretary”.
Subsec. (t)(4)(B). Pub. L. 115–254, § 1904(b)(1)(J)(iii), inserted “of Homeland Security” after “agency within the Department” and after “Secretary”.
Subsec. (t)(6). Pub. L. 115–254, § 1904(b)(1)(J)(iv), amended par. (6) generally. Prior to amendment, text read as follows:
“(A) In general.—Not later than 150 days after the date of enactment of this subsection, and annually thereafter, the Secretary shall submit to the appropriate congressional committees, a report containing the Plan.
“(B) Annual report.—Not later than 1 year after the date of enactment of this subsection, the Secretary shall submit to the appropriate congressional committees a report on updates to and the implementation of the Plan.”
Subsec. (t)(7), (8). Pub. L. 115–254, § 1904(b)(1)(J)(v), inserted “of Homeland Security” after “Secretary”.
Subsec. (u). Pub. L. 115–254, § 1904(b)(1)(I), redesignated subsec. (v) as (u). Former subsec. (u) redesignated (t).
Subsec. (u)(1)(B). Pub. L. 115–254, § 1904(b)(1)(K)(i)(I), inserted “or the Administrator” after “Secretary of Homeland Security”.
Subsec. (u)(1)(C)(ii). Pub. L. 115–254, § 1904(b)(1)(K)(i)(II), substituted “Secretary of Defense’s designee” for “Secretary’s designee”.
Subsec. (u)(3)(B) to (E), (4)(A), (5). Pub. L. 115–254, § 1904(b)(1)(K)(i)(III), (ii), (iii), inserted “of Homeland Security” after “Secretary” wherever appearing.
Subsec. (u)(7)(A). Pub. L. 115–254, § 1904(b)(1)(K)(iv)(I), substituted “The Secretary of Homeland Security” for “Not later than December 31, 2008, and annually thereafter, the Secretary” in introductory provisions.
Subsec. (u)(7)(D). Pub. L. 115–254, § 1904(b)(1)(K)(iv)(II), struck out subpar. (D). Text read as follows: “Not later than 180 days after the enactment of the Implementing Recommendations of the 9/11 Commission Act of 2007, the Secretary shall provide a report to the public describing the enforcement process established under this subsection.”
Subsec. (v). Pub. L. 115–254, § 1904(b)(1)(I), redesignated subsec. (w) as (v). Former subsec. (v) redesignated (u).
Subsec. (w). Pub. L. 115–254, § 1905, added subsec. (w). Former subsec. (w) redesignated (v).
Pub. L. 115–254, § 1903, amended subsec. (w) generally. Prior to amendment, subsec. (w) related to authorization of appropriations for railroad, over-the-road bus and trucking, and hazardous material and pipeline security for fiscal years 2008 through 2011.
2016—Subsec. (u)(1)(A). Pub. L. 114–301, § 2(d)(1), substituted “subsection (s)(4)(E)” for “subsection (t)”.
Subsec. (u)(7) to (9). Pub. L. 114–301, § 2(d)(2), (3), redesignated pars. (8) and (9) as (7) and (8), respectively, and struck out former par. (7) which related to surveys and reports.
2009—Subsec. (r)(4). Pub. L. 111–83 added par. (4).
2007—Subsecs. (o) to (s). Pub. L. 110–161 redesignated subsecs. (p) to (s) as (o) to (r), respectively, and struck out former subsec. (o). Text of former subsec. (o) read as follows: “The acquisition management system established by the Administrator of the Federal Aviation Administration under section 40110 shall apply to acquisitions of equipment, supplies, and materials by the Transportation Security Administration, or, subject to the requirements of such section, the Under Secretary may make such modifications to the acquisition management system with respect to such acquisitions of equipment, supplies, and materials as the Under Secretary considers appropriate, such as adopting aspects of other acquisition management systems of the Department of Transportation.”
Subsec. (t). Pub. L. 110–161 redesignated subsec. (t) as (s).
Subsec. (t)(1)(B). Pub. L. 110–53, § 1202(a), amended subpar. (B) generally. Prior to amendment, subpar. (B) read as follows: “transportation modal security plans.”
Subsec. (t)(3)(B). Pub. L. 110–53, § 1202(b)(1), inserted “, based on risk assessments conducted or received by the Secretary of Homeland Security (including assessments conducted under the Implementing Recommendations of the 9/11 Commission Act of 2007” after “risk-based priorities”.
Subsec. (t)(3)(D). Pub. L. 110–53, § 1202(b)(2), substituted “local, and tribal” for “and local” and “cooperation and participation by private sector entities, including nonprofit employee labor organizations,” for “private sector cooperation and participation”.
Subsec. (t)(3)(E). Pub. L. 110–53, § 1202(b)(3), substituted “prevention, response, and recovery” for “response and recovery” and inserted “and threatened and executed acts of terrorism outside the United States to the extent such acts affect United States transportation systems” before period at end.
Subsec. (t)(3)(F). Pub. L. 110–53, § 1202(b)(4), inserted at end “Transportation security research and development projects shall be based, to the extent practicable, on such prioritization. Nothing in the preceding sentence shall be construed to require the termination of any research or development project initiated by the Secretary of Homeland Security or the Secretary of Transportation before the date of enactment of the Implementing Recommendations of the 9/11 Commission Act of 2007.”
Subsec. (t)(3)(G) to (I). Pub. L. 110–53, § 1202(b)(5), added subpars. (G) to (I).
Subsec. (t)(4)(C)(i). Pub. L. 110–53, § 1202(c)(1)(A), inserted “, including the transportation modal security plans” before period at end.
Subsec. (t)(4)(C)(ii), (iii). Pub. L. 110–53, § 1202(c)(1)(B), added cls. (ii) and (iii) and struck out former cl. (ii). Text of former cl. (ii) read as follows: “Each progress report under this subparagraph shall include, at a minimum, recommendations for improving and implementing the National Strategy for Transportation Security and the transportation modal security plans that the Secretary, in consultation with the Secretary of Transportation, considers appropriate.”
Subsec. (t)(4)(E). Pub. L. 110–53, § 1202(c)(2), added subpar. (E) and struck out former subpar. (E). Text of former subpar. (E) read as follows: “In this subsection, the term ‘appropriate congressional committees’ means the Committee on Transportation and Infrastructure and the Select Committee on Homeland Security of the House of Representatives and the Committee on Commerce, Science, and Transportation and the Committee on Homeland Security and Governmental Affairs of the Senate.”
Subsec. (t)(5)(B)(iv), (v). Pub. L. 110–53, § 1202(d), added cl. (iv) and redesignated former cl. (iv) as (v).
Subsec. (t)(6), (7). Pub. L. 110–53, § 1202(e), added pars. (6) and (7).
Subsec. (u). Pub. L. 110–53, § 1203(a), added subsec. (u).
Subsec. (v). Pub. L. 110–53, § 1302(a), added subsec. (v).
Subsec. (w). Pub. L. 110–53, § 1503(a), added subsec. (w).
2004—Subsec. (t). Pub. L. 108–458 added subsec. (t).
2003—Subsec. (q)(1). Pub. L. 108–7 inserted “or other Federal agency” after “Transportation Security Administration”.
2002—Subsec. (l)(2)(B). Pub. L. 107–296, § 1707, inserted “for a period not to exceed 90 days” after “effective” and “ratified or” before “disapproved”.
Subsec. (s). Pub. L. 107–296, § 1601(b), added subsec. (s).
Statutory Notes and Related Subsidiaries
Change of Name
Pub. L. 115–254, div. K, title I, § 1994, Oct. 5, 2018, 132 Stat. 3646, provided that:
“References relating to the Under Secretary of Transportation for Security in statutes, Executive orders, rules, regulations, directives, or delegations of authority that precede the effective date of this Act [meaning the date of enactment of
Pub. L. 115–254,
Oct. 5, 2018] shall be deemed to refer, as appropriate, to the
Administrator of the
Transportation Security Administration.”
Effective Date of 2004 Amendment
Pub. L. 108–458, title IV, § 4082, Dec. 17, 2004, 118 Stat. 3732, provided that:
“This title [enacting
section 44925 of this title, amending this section, sections 44903, 44904, 44909, 44917, 44923, 46301 to 46303, and 48301 of this title, and sections 70102 and 70103 of Title 46, Shipping, and enacting provisions set out as notes under sections 44703, 44901, 44913, 44917, 44923, 44925, and 44935 of this title,
section 2751 of Title 22, Foreign Relations and Intercourse, and
section 70101 of Title 46] shall take effect on the date of enactment of this Act [
Dec. 17, 2004].”
Transfer of Functions
For transfer of functions, personnel, assets, and liabilities of the Transportation Security Administration of the Department of Transportation, including the functions of the Secretary of Transportation, and of the Under Secretary of Transportation for Security, relating thereto, to the Secretary of Homeland Security, and for treatment of related references, see sections 203(2), 551(d), 552(d), and 557 of Title 6, Domestic Security, and the Department of Homeland Security Reorganization Plan of November 25, 2002, as modified, set out as a note under section 542 of Title 6.
Authorization of Transportation Security Administration Personnel Details
Pub. L. 117–81, div. F, title LXIV, § 6413, Dec. 27, 2021, 135 Stat. 2412, provided that:
“(a) Coordination.—
Pursuant to sections
106(m) and
114(m) of title
49, United States Code, the
Administrator of the
Transportation Security Administration may provide
Transportation Security Administration personnel, who are not engaged in front line transportation security efforts, to other components of the Department and other Federal agencies to improve coordination with such components and agencies to prepare for, protect against, and respond to public health threats to the transportation security system of the United States.
“(b) Briefing.—
Not later than 180 days after the date of the enactment of this Act [
Dec. 27, 2021], the
Administrator shall brief the
appropriate congressional committees regarding efforts to improve coordination with other components of the
Department of Homeland Security and other Federal agencies to prepare for, protect against, and respond to public health threats to the transportation security system of the United States.”
Aviation Security
Pub. L. 117–81, div. F, title LXIV, § 6423(b), Dec. 27, 2021, 135 Stat. 2420, provided that:
“(1) In general.—Not later than 60 days after the date of the enactment of this Act [Dec. 27, 2021], the Administrator of the Transportation Security Administration shall develop and implement guidelines with respect to domestic and last point of departure airports to—
“(A)
ensure the inclusion, as appropriate, of air carriers, domestic airport operators, and other transportation security stakeholders in the development and implementation of security directives and emergency amendments;
“(B)
document input provided by air carriers, domestic airport operators, and other transportation security stakeholders during the security directive and emergency amendment, development, and implementation processes;
“(C)
define a process, including timeframes, and with the inclusion of feedback from air carriers, domestic airport operators, and other transportation security stakeholders, for cancelling or incorporating security directives and emergency amendments into security programs;
“(D)
conduct engagement with foreign partners on the implementation of security directives and emergency amendments, as appropriate, including recognition if existing security measures at a last point of departure airport are found to provide commensurate security as intended by potential new security directives and emergency amendments; and
“(E)
ensure that new security directives and emergency amendments are focused on defined security outcomes.
“(2) Briefing to congress.—
Not later than 90 days after the date of the enactment of this Act [
Dec. 27, 2021], the
Administrator of the
Transportation Security Administration shall brief the Committee on Homeland Security of the
House of Representatives and the Committee on Commerce, Science, and Transportation of the
Senate on the guidelines described in paragraph (1).
“(3) Decisions not subject to judicial review.—
Notwithstanding any other provision of law, any action of the
Administrator of the
Transportation Security Administration under paragraph (1) is not subject to judicial review.”
Emergency TSA Employee Leave Fund
Pub. L. 117–2, title VII, § 7104, Mar. 11, 2021, 135 Stat. 100, provided that:
“(a) Establishment; Appropriation.—
There is established in the
Transportation Security Administration (in this section referred to as the ‘Administration’) the Emergency TSA Employee Leave Fund (in this section referred to as the ‘Fund’), to be administered by the
Administrator of the Administration, for the purposes set forth in subsection (b). In addition to amounts otherwise available, there is appropriated for fiscal year 2021, out of any money in the Treasury not otherwise appropriated, $13,000,000, which shall be deposited into the Fund and remain available through
September 30, 2022.
“(b) Purpose.—Amounts in the Fund shall be available to the Administration for the use of paid leave under this section by any employee of the Administration who is unable to work because the employee—
“(1)
is subject to a Federal, State, or local quarantine or isolation order related to COVID–19;
“(2)
has been advised by a health care provider to self-quarantine due to concerns related to COVID–19;
“(3)
is caring for an individual who is subject to such an order or has been so advised;
“(4)
is experiencing symptoms of COVID–19 and seeking a medical diagnosis;
“(5)
is caring for a son or daughter of such employee if the school or place of care of the son or daughter has been closed, if the school of such son or daughter requires or makes optional a virtual learning instruction model or requires or makes optional a hybrid of in-person and virtual learning instruction models, or the child care provider of such son or daughter is unavailable, due to COVID–19 precautions;
“(6)
is experiencing any other substantially similar condition;
“(7)
is caring for a family member with a mental or physical disability or who is 55 years of age or older and incapable of self-care, without regard to whether another individual other than the employee is available to care for such family member, if the place of care for such family member is closed or the direct care provider is unavailable due to COVID–19; or
“(8)
is obtaining immunization related to COVID–19 or is recovering from any injury, disability, illness, or condition related to such immunization.
“(c) Limitations.—
“(1) Period of availability.—
Paid leave under this section may only be provided to and used by an employee of the Administration during the period beginning on the date of enactment of this section [Mar. 11, 2021] and ending on September 30, 2021.
“(2) Total hours; amount.—Paid leave under this section—
“(A)
shall be provided to an employee of the Administration in an amount not to exceed 600 hours of paid leave for each full-time employee, and in the case of a part-time employee, employee on an uncommon tour of duty, or employee with a seasonal work schedule, in an amount not to exceed the proportional equivalent of 600 hours to the extent amounts in the Fund remain available for reimbursement;
“(B)
shall be paid at the same hourly rate as other leave payments; and
“(C)
may not be provided to an employee if the leave would result in payments greater than $2,800 in aggregate for any biweekly pay period for a full-time employee, or a proportionally equivalent biweekly limit for a part-time employee.
“(3) Relationship to other leave.—Paid leave under this section—
“(A)
is in addition to any other leave provided to an employee of the Administration; and
“(B)
may not be used by an employee of the Administration concurrently with any other paid leave.
“(4) Calculation of retirement benefit.—
Any paid leave provided to an employee of the Administration under this section shall reduce the total service used to calculate any Federal civilian retirement benefit.”
Transmittals to Congress
Pub. L. 115–254, div. K, title I, § 1910, Oct. 5, 2018, 132 Stat. 3550, provided that:
“With regard to each report, legislative proposal, or other communication of the Executive Branch related to the TSA and required to be submitted to
Congress or the appropriate committees of
Congress, the
Administrator shall transmit such communication directly to the appropriate committees of
Congress.”
[For definitions of terms used in section 1910 of Pub. L. 115–254, set out above, see section 1902 of Pub. L. 115–254, set out as a Definitions of Terms in Title I of Div. K of Pub. L. 115–254 note under section 101 of this title.]
Third Party Testing and Verification of Screening Technology
Pub. L. 115–254, div. K, title I, § 1911, Oct. 5, 2018, 132 Stat. 3550, provided that:
“(a) In General.—
In carrying out the responsibilities under
section 114(f)(9) [probably means
section 114(f)(9) of Title 10, United States Code], the
Administrator shall develop and implement, not later than 1 year after the date of enactment of this Act [
Oct. 5, 2018], a program to enable a vendor of related security screening technology to obtain testing and verification, including as an alternative to the TSA’s
test and evaluation process, by an appropriate third party, of such technology before procurement or deployment.
“(b) Detection Testing.—
“(1) In general.—
The third party testing and verification program authorized under subsection (a) shall include detection testing to evaluate the performance of the security screening technology system regarding the probability of detection, the probability of false alarm, and such other indicators that the system is able to meet the TSA’s mission needs.
“(2) Results.—
The results of the third party detection testing under paragraph (1) shall be considered final if the results are approved by the Administration in accordance with approval standards developed by the
Administrator.
“(3) Coordination with final testing.—
To the extent practicable, but without compromising the integrity of the TSA
test and evaluation process, the
Administrator shall coordinate the third party detection testing under paragraph (1) with any subsequent, final Federal Government testing.
“(4) International standards.—To the extent practicable and permissible under law and considering the national security interests of the United States, the Administrator shall—
“(A)
share detection testing information and standards with appropriate international partners; and
“(B)
coordinate with the appropriate international partners to align TSA testing and evaluation with relevant international standards to maximize the capability to detect explosives and other threats.
“(c) Operational Testing.—
“(1) In general.—
Subject to paragraph (2), the third party testing and verification program authorized under subsection (a) shall include operational testing.
“(2) Limitation.—
Third party operational testing under paragraph (1) may not exceed 1 year.
“(d) Alternative.—Third party testing under subsection (a) shall replace as an alternative, at the discretion of the Administrator, the testing at the TSA Systems Integration Facility, including testing for—
“(1)
health and safety factors;
“(4)
environmental factors;
“(6)
reliability, maintainability, and availability factors; and
“(e) Testing and Verification Framework.—
“(1) In general.—The Administrator shall—
“(A)
establish a framework for the third party testing and for verifying a security technology is operationally effective and able to meet the TSA’s mission needs before it may enter or re-enter, as applicable, the operational context at an airport or other transportation facility;
“(B)
use phased implementation to allow the TSA and the third party to establish best practices; and
“(C)
oversee the third party testing and evaluation framework.
“(2) Recommendations.—
The
Administrator shall request ASAC’s Security Technology Subcommittee, in consultation with representatives of the security manufacturers industry, to develop and submit to the
Administrator recommendations for the third party testing and verification framework.
“(f) Field Testing.—
The
Administrator shall prioritize the field testing and evaluation, including by third parties, of security technology and equipment at airports and on site at security technology manufacturers whenever possible as an alternative to the TSA Systems Integration Facility.
“(g) Appropriate Third Parties.—
“(1) Citizenship requirement.—An appropriate third party under subsection (a) shall be—
“(A)
if an individual, a citizen of the United States; or
“(B)
if an entity, owned and controlled by a citizen of the United States.
“(2) Waiver.—
The
Administrator may waive the requirement under paragraph (1)(B) if the entity is a United States subsidiary of a parent company that has implemented a foreign ownership, control, or influence mitigation
plan that has been approved by the
Defense Security Service [now Defense Counterintelligence and Security
Agency] of the
Department of Defense before applying to provide third party testing. The
Administrator may reject any application to provide third party testing under subsection (a) submitted by an entity that requires a waiver under this paragraph.
“(3) Conflicts of interest.—The Administrator shall ensure, to the extent possible, that an entity providing third party testing under this section does not have a contractual, business, or other pecuniary interest (exclusive of any such testing) in—
“(A)
the security screening technology subject to such testing; or
“(B)
the vendor of such technology.
“(h) GAO Review.—
“(1) In general.—
Not later than 2 years after the date of enactment of this Act [Oct. 5, 2018], the Comptroller General of the United States shall submit to the appropriate committees of Congress a study on the third party testing program developed under this section[.]
“(2) Review.—The study under paragraph (1) shall include a review of the following:
“(A)
Any efficiencies or gains in effectiveness achieved in TSA operations, including technology acquisition or screening operations, as a result of such program.
“(B)
The degree to which the TSA conducts timely and regular oversight of the appropriate third parties engaged in such testing.
“(C) The effect of such program on the following:
“(i)
The introduction of innovative detection technologies into security screening operations.
“(ii)
The availability of testing for technologies developed by small to medium sized businesses.
“(D) Any vulnerabilities associated with such program, including with respect to the following:
“(ii)
Any conflicts of interest between the appropriate third parties engaged in such testing and the entities providing such technologies to be tested.
“(iii)
Waste, fraud, and abuse.”
[For definitions of terms used in section 1911 of Pub. L. 115–254, set out above, see section 1902 of Pub. L. 115–254, set out as a Definitions of Terms in Title I of Div. K of Pub. L. 115–254 note under section 101 of this title.]
Transportation Security Administration Systems Integration Facility
Pub. L. 115–254, div. K, title I, § 1912, Oct. 5, 2018, 132 Stat. 3552, provided that:
“(a) In General.—
The
Administrator shall continue to operate the
Transportation Security Administration Systems Integration Facility (referred to in this section as the ‘TSIF’) for the purposes of testing and evaluating advanced transportation security screening technologies related to the mission of the TSA.
“(b) Requirements.—The TSIF shall—
“(1)
evaluate the technologies described in subsection (a) to enhance the security of transportation systems through screening and threat mitigation and detection;
“(2)
test the technologies described in subsection (a) to support identified mission needs of the TSA and to meet requirements for acquisitions and procurement;
“(3)
to the extent practicable, provide original equipment manufacturers with test
plans to minimize requirement interpretation disputes and adhere to provided test
plans;
“(4)
collaborate with other technical laboratories and facilities for purposes of augmenting the capabilities of the TSIF;
“(5)
deliver advanced transportation security screening technologies that enhance the overall security of domestic transportation systems; and
“(6) to the extent practicable, provide funding and promote efforts to enable participation by a small business concern (as the term is described under section 3 of the Small Business Act (15 U.S.C. 632)) that—
“(A)
has an advanced technology or capability; but
“(B)
does not have adequate resources to participate in testing and evaluation processes.
“(c) Staffing and Resource Allocation.—The Administrator shall ensure adequate staffing and resource allocations for the TSIF in a manner that—
“(1)
prevents unnecessary delays in the testing and evaluation of advanced transportation security screening technologies for acquisitions and procurement determinations;
“(2)
ensures the issuance of final paperwork certification no later than 45 days after the date such testing and evaluation has concluded; and
“(3)
ensures collaboration with technology stakeholders to close capabilities gaps in transportation security.
“(d) Deadline.—
“(1) In general.—
The
Administrator shall notify the appropriate committees of
Congress if testing and evaluation by the TSIF of an advanced transportation security screening technology under this section exceeds 180 days from the delivery date.
“(2) Notification.—The notification under paragraph (1) shall include—
“(A)
information relating to the delivery date;
“(B)
a justification for why the testing and evaluation process has exceeded 180 days; and
“(C)
the estimated date for completion of such testing and evaluation.
“(3) Definition of delivery date.—In this subsection, the term ‘delivery date’ means the date that the owner of an advanced transportation security screening technology—
“(A)
after installation, delivers the technology to the TSA for testing and evaluation; and
“(B)
submits to the
Administrator, in such form and manner as the
Administrator prescribes, a signed notification of the delivery described in subparagraph (A).
“(e) Retesting and Evaluation.—
Advanced transportation security screening technology that fails testing and evaluation by the TSIF may be retested and evaluated at the discretion of the
Administrator.
“(f) Rule of Construction.—
Nothing in this section may be construed to affect the authority or responsibility of an officer of the Department, or an officer of any other Federal department or
agency, with respect to research, development, testing, and evaluation of technologies, including such authorities or responsibilities of the Undersecretary [probably should be “Under Secretary”] for Science and Technology of the Department and Assistant Secretary of the Countering Weapons of Mass Destruction Office of the Department.”
[For definitions of terms used in section 1912 of Pub. L. 115–254, set out above, see section 1902 of Pub. L. 115–254, set out as a Definitions of Terms in Title I of Div. K of Pub. L. 115–254 note under section 101 of this title.]
Public Area Security Working Group
Pub. L. 115–254, div. K, title I, § 1931, Oct. 5, 2018, 132 Stat. 3569, provided that:
“(a) Definitions.—In this section:
“(2) Surface transportation asset.—The term ‘surface transportation asset’ includes—
“(A) facilities, equipment, or systems used to provide transportation services by—
“(iii) an owner or operator of—
“(B)
other transportation facilities, equipment, or systems, as determined by the Secretary.
“(b) Public Area Security Working Group.—
“(1) Working group.—The Administrator, in coordination with the National Protection and Programs Directorate, shall establish a working group to promote collaborative engagement between the TSA and public and private stakeholders to develop non-binding recommendations for enhancing security in public areas of transportation facilities (including facilities that are surface transportation assets), including recommendations regarding the following:
“(A)
Information sharing and interoperable communication capabilities among the TSA and
public and private stakeholders with respect to terrorist or other threats.
“(B)
Coordinated incident response procedures.
“(C)
The prevention of terrorist attacks and other incidents through strategic planning, security training, exercises and drills, law enforcement patrols, worker vetting, and suspicious activity reporting.
“(D)
Infrastructure protection through effective construction design barriers and installation of advanced surveillance and other security technologies.
“(2) Annual report.—
“(A) In general.—Not later than 1 year after the date the working group is established under paragraph (1), the Administrator shall submit to the appropriate committee of Congress [probably should be “appropriate committees of Congress”] a report, covering the 12-month period preceding the date of the report, on—
“(i)
the organization of the working group;
“(ii)
the activities of the working group;
“(iv)
the findings of the working group, including any recommendations.
“(B) Publication.—
The
Administrator may publish a public version of such report that describes the activities of the working group and such related matters as would be informative to the public, consistent with
section 552(b) of title 5, United States Code.
“(3) Nonapplicability of faca.—
The
Federal Advisory Committee Act (
5 U.S.C. App.) shall not apply to the working group established under subsection (a) [probably should be “paragraph (1)”] or any subcommittee thereof.
“(c) Technical Assistance.—
“(1) In general.—The Secretary shall—
“(A)
inform owners and operators of surface transportation assets about the availability of technical assistance, including vulnerability assessment tools and cybersecurity guidelines, to help protect and enhance the resilience of public areas of such assets; and
“(B)
upon request, and subject to the availability of appropriations, provide such technical assistance to owners and operators of surface transportation assets.
“(2) Best practices.—
Not later than 1 year after the date of enactment of this Act [Oct. 5, 2018], and periodically thereafter, the Secretary shall publish on the Department website and widely disseminate, as appropriate, current best practices for protecting and enhancing the resilience of public areas of transportation facilities (including facilities that are surface transportation assets), including associated frameworks or templates for implementation.
“(d) Review.—
“(1) In general.—Not later than 1 year after the date of enactment of this Act, the Administrator shall—
“(A)
review of [sic] regulations, directives, policies, and procedures issued by the
Administrator regarding the transportation of a firearm and ammunition; and
“(B)
submit to the appropriate committees of
Congress a report on the findings of the review under subparagraph (A), including, as appropriate, information on any
plans to modify any regulation, directive, policy, or procedure based on the review.
“(2) Consultation.—In preparing the report under paragraph (1), the Administrator shall consult with—
[For definitions of terms used in section 1931 of Pub. L. 115–254, set out above, see section 1902 of Pub. L. 115–254, set out as a Definitions of Terms in Title I of Div. K of Pub. L. 115–254 note under section 101 of this title.]
Public Area Best Practices
Pub. L. 115–254, div. K, title I, § 1932, Oct. 5, 2018, 132 Stat. 3571, provided that:
“(a) In General.—The Administrator shall, in accordance with law and as received or developed, periodically submit information, on any best practices developed by the TSA or appropriate transportation stakeholders related to protecting the public spaces of transportation infrastructure from emerging threats, to the following:
“(1)
Federal Security Directors at airports.
“(2)
Appropriate security directors for other modes of transportation.
“(3)
Other appropriate transportation security stakeholders.
“(b) Information Sharing.—The Administrator shall, in accordance with law—
“(1)
in coordination with the Office of the Director of National Intelligence and industry partners, implement improvements to the Air Domain Intelligence and Analysis Center to encourage increased participation from stakeholders and enhance government and industry security information sharing on transportation security threats, including on cybersecurity threat awareness;
“(2) expand and improve the City and Airport Threat Assessment or similar program to public and private stakeholders to capture, quantify, communicate, and apply applicable intelligence to inform transportation infrastructure mitigation measures, such as—
“(A)
quantifying levels of risk by airport that can be used to determine risk-based security mitigation measures at each location; and
“(B)
determining random and surge employee inspection operations based on changing levels of risk;
“(3)
continue to disseminate Transportation Intelligence Notes, tear-lines, and related intelligence products to appropriate transportation security stakeholders on a regular basis; and
“(4)
continue to conduct both regular routine and threat-specific classified briefings between the TSA and appropriate transportation sector stakeholders on an individual or group basis to provide greater information sharing between public and private sectors.
“(c) Mass Notification.—
The
Administrator shall encourage security stakeholders to utilize mass notification systems, including the Integrated Public Alert Warning System of the
Federal Emergency Management Agency and social media platforms, to disseminate information to transportation community employees, travelers, and the general public, as appropriate.
“(d) Public Awareness Programs.—
The Secretary, in coordination with the
Administrator, shall expand public programs of the
Department of Homeland Security and the TSA that increase security threat awareness, education, and training to include transportation network public area employees, including airport and transportation vendors, local hotels, cab and limousine companies, ridesharing companies, cleaning companies, gas station attendants, cargo operators, and general aviation members.”
[For definitions of terms used in section 1932 of Pub. L. 115–254, set out above, see section 1902 of Pub. L. 115–254, set out as a Definitions of Terms in Title I of Div. K of Pub. L. 115–254 note under section 101 of this title.]
Surface Transportation Security Assessment and Implementation of Risk-Based Strategy
Pub. L. 115–254, div. K, title I, § 1964, Oct. 5, 2018, 132 Stat. 3604, provided that:
“(a) Security Assessment.—
“(1) In general.—
Not later than 1 year after the date of enactment of this Act [
Oct. 5, 2018], the
Administrator shall complete an assessment of the vulnerabilities of and risks to surface transportation systems.
“(2) Considerations.—In conducting the security assessment under paragraph (1), the Administrator shall, at a minimum—
“(A)
consider appropriate intelligence;
“(B)
consider security breaches and attacks at domestic and international surface transportation facilities;
“(C)
consider the vulnerabilities and risks associated with specific modes of surface transportation;
“(D) evaluate the vetting and security training of—
“(i)
employees in surface transportation; and
“(ii)
other individuals with access to sensitive or secure areas of surface transportation networks; and
“(E) consider input from—
“(i)
representatives of different modes of surface transportation;
“(ii)
representatives of critical infrastructure entities;
“(iii)
the Transportation Systems Sector Coordinating Council; and
“(iv)
the heads of other relevant Federal departments or agencies.
“(b) Risk-based Surface Transportation Security Strategy.—
“(1) In general.—Not later than 180 days after the date the security assessment under subsection (a) is complete, the Administrator shall use the results of the assessment—
“(A) to develop and implement a cross-cutting, risk-based surface transportation security strategy that includes—
“(i)
all surface transportation modes;
“(ii)
a mitigating strategy that aligns with each vulnerability and risk identified in subsection (a);
“(iii)
a planning process to inform resource allocation;
“(iv)
priorities, milestones, and performance metrics to measure the effectiveness of the risk-based surface transportation security strategy; and
“(v)
processes for sharing relevant and timely intelligence threat information with appropriate stakeholders;
“(B) to develop a management oversight strategy that—
“(i)
identifies the parties responsible for the implementation, management, and oversight of the risk-based surface transportation security strategy; and
“(ii)
includes a
plan for implementing the risk-based surface transportation security strategy; and
“(C)
to modify the risk-based budget and resource allocations, in accordance with section 1965(c) [set out as a note below], for the Transportation Security Administration.
“(2) Coordinated approach.—In developing and implementing the risk-based surface transportation security strategy under paragraph (1), the Administrator shall coordinate with the heads of other relevant Federal departments or agencies, and stakeholders, as appropriate—
“(A)
to evaluate existing surface transportation security programs, policies, and initiatives, including the explosives detection canine teams, for consistency with the risk-based security strategy and, to the extent practicable, avoid any unnecessary duplication of effort;
“(B)
to determine the extent to which stakeholder security programs, policies, and initiatives address the vulnerabilities and risks to surface transportation systems identified in subsection (a); and
“(C)
subject to subparagraph (B), to mitigate each vulnerability and risk to surface transportation systems identified in subsection (a).
“(c) Report.—
“(1) In general.—Not later than 180 days after the date the security assessment under subsection (a) is complete, the Administrator shall submit to the appropriate committees of Congress and the Inspector General of the Department a report that—
“(A)
describes the process used to complete the security assessment;
“(B)
describes the process used to develop the risk-based security strategy;
“(C)
describes the risk-based security strategy;
“(D)
includes the management oversight strategy;
“(E) includes—
“(i)
the findings of the security assessment;
“(ii)
a description of the actions recommended or taken by the
Administrator to mitigate the vulnerabilities and risks identified in subsection (a), including interagency coordination;
“(iii)
any recommendations for improving the coordinated approach to mitigating vulnerabilities and risks to surface transportation systems; and
“(iv)
any recommended changes to the National Infrastructure Protection
Plan, the modal annexes to such
plan, or relevant surface transportation security programs, policies, or initiatives; and
“(F)
may contain a classified annex.
“(2) Protections.—
In preparing the report, the
Administrator shall take appropriate actions to safeguard information described by
section 552(b) of title 5, United States Code, or protected from disclosure by any other law of the United States.
“(d) Updates.—
Not less frequently than semiannually, the
Administrator shall report to or brief the appropriate committees of
Congress on the vulnerabilities of and risks to surface transportation systems and how those vulnerabilities and risks affect the risk-based security strategy.”
[For definitions of terms used in section 1964 of Pub. L. 115–254, set out above, see section 1902 of Pub. L. 115–254, set out as a Definitions of Terms in Title I of Div. K of Pub. L. 115–254 note under section 101 of this title.]
Risk-Based Budgeting and Resource Allocation
Pub. L. 115–254, div. K, title I, § 1965, Oct. 5, 2018, 132 Stat. 3606, provided that:
“(a) Report.—In conjunction with the submission of the Department’s annual budget request to the Office of Management and Budget, the Administrator shall submit to the appropriate committees of Congress a report that describes a risk-based budget and resource allocation plan for surface transportation sectors, within and across modes, that—
“(1)
reflects the risk-based surface transportation security strategy under section 1964(b) [set out as a note above]; and
“(2)
is organized by appropriations account, program, project, and initiative.
“(b) Budget Transparency.—
In submitting the annual budget of the United States Government under
section 1105 of title 31, United States Code, the President shall clearly distinguish the resources requested for surface transportation security from the resources requested for aviation security.
“(c) Resource Reallocation.—
“(1) In general.—
Not later than 15 days after the date on which the
Transportation Security Administration allocates any resources or personnel, including personnel sharing, detailing, or assignment, or the use of facilities, technology systems, or vetting resources, for a nontransportation security purpose or National Special Security Event (as defined in section 2001 of
Homeland Security Act of 2002 (
6 U.S.C. 601)), the Secretary shall provide the notification described in paragraph (2) to the appropriate committees of
Congress.
“(2) Notification.—A notification described in this paragraph shall include—
“(A)
the reason for and a justification of the resource or personnel allocation;
“(B)
the expected end date of the resource or personnel allocation; and
“(C)
the projected cost to the Transportation Security Administration of the personnel or resource allocation.
“(d) 5-year Capital Investment Plan.—
Not later than 180 days after the date of enactment of this Act [
Oct. 5, 2018], the
Administrator shall submit to the Committee on Commerce, Science, and Transportation of the
Senate and the Committee on Homeland Security of the
House of Representatives a 5-year capital investment
plan, consistent with the 5-year technology investment
plan under section 1611 of title XVI of the
Homeland Security Act of 2002 [
6 U.S.C. 563], as amended by section 3 of the Transportation Security Acquisition Reform Act (
Public Law 113–245;
128 Stat. 2871).”
[For definitions of terms used in section 1965 of Pub. L. 115–254, set out above, see section 1902 of Pub. L. 115–254, set out as a Definitions of Terms in Title I of Div. K of Pub. L. 115–254 note under section 101 of this title.]
Transparency
Pub. L. 115–254, div. K, title I, § 1967, Oct. 5, 2018, 132 Stat. 3607, provided that:
“(a) Regulations.—
“(1) In general.—
Not later than 180 days after the date of enactment of this Act [
Oct. 5, 2018], and every 180 days thereafter, the
Administrator [of the
Transportation Security Administration] shall publish on a public website information regarding the status of each regulation relating to surface transportation security that is directed by law to be issued and that has not been issued if not less than 2 years have passed since the date of enactment of the law.
“(2) Contents.—The information published under paragraph (1) shall include—
“(A)
an updated rulemaking schedule for the outstanding regulation;
“(B)
current staff allocations;
“(C)
data collection or research relating to the development of the rulemaking;
“(D)
current efforts, if any, with security experts, advisory committees, and other stakeholders; and
“(E)
other relevant details associated with the development of the rulemaking that impact the progress of the rulemaking.
“(b) Inspector General Review.—Not later than 180 days after the date of enactment of this Act, and every 2 years thereafter until all of the requirements under titles XIII [6 U.S.C. 1111 et seq.], XIV [6 U.S.C. 1131 et seq.], and XV [6 U.S.C. 1151 et seq.] of the Implementing Recommendations of the 9/11 Commission Act of 2007 (6 U.S.C. 1111 et seq.) and under this title [see Tables for classification] have been fully implemented, the Inspector General of the Department shall submit to the appropriate committees of Congress [Committees on Commerce, Science, and Transportation and Homeland Security and Governmental Affairs of the Senate and Committee on Homeland Security of the House of Representatives] a report that—
“(1)
identifies the requirements under such titles of that Act and under this title that have not been fully implemented;
“(2)
describes what, if any, additional action is necessary; and
“(3)
includes recommendations regarding whether any of the requirements under such titles of that Act or this title should be amended or repealed.”
TSA Counterterrorism Asset Deployment
Pub. L. 115–254, div. K, title I, § 1968(a), Oct. 5, 2018, 132 Stat. 3608, provided that:
“(1) In general.—
If the
Administrator [of the
Transportation Security Administration] deploys any counterterrorism personnel or resource, such as explosive detection sweeps, random bag inspections, or patrols by Visible Intermodal Prevention and Response teams, to enhance security at a transportation system or transportation facility for a period of not less than 180 consecutive days, the
Administrator shall provide sufficient notification to the system or facility operator, as applicable, not less than 14 days prior to terminating the deployment.
“(2) Exception.—This subsection shall not apply if the Administrator—
“(A)
determines there is an urgent security need for the personnel or resource described in paragraph (1); and
“(B)
notifies the appropriate committees of Congress [Committees on Commerce, Science, and Transportation and Homeland Security and Governmental Affairs of the Senate and Committee on Homeland Security of the House of Representatives] of the determination under subparagraph (A).”
Risk Scenarios
Pub. L. 115–254, div. K, title I, § 1986, Oct. 5, 2018, 132 Stat. 3621, provided that:
“(a) In General.—
The
Administrator shall annually develop, consistent with the transportation modal security
plans required under
section 114(s) of title 49, United States Code, risk-based priorities based on risk assessments conducted or received by the Secretary across all transportation modes that consider threats, vulnerabilities, and consequences.
“(b) Scenarios.—
The
Administrator shall ensure that the risk-based priorities identified under subsection (a) are informed by an analysis of terrorist attack scenarios for each transportation mode, including cyber-attack scenarios and intelligence and open source information about current and evolving threats.
“(c) Report.—Not later than 120 days after the date that annual risk-based priorities are developed under subsection (a), the Administrator shall submit to the appropriate committees of Congress a report that includes the following:
“(1)
Copies of the risk assessments for each transportation mode.
“(2)
A summary that ranks the risks within and across modes.
“(3)
A description of the risk-based priorities for securing the transportation sector that identifies and prioritizes the greatest security needs of such transportation sector, both across and within modes, in the order that such priorities should be addressed.
“(4)
Information on the underlying methodologies used to assess risks across and within each transportation mode and the basis for any assumptions regarding threats, vulnerabilities, and consequences made in assessing and prioritizing risks within each such mode and across modes.
“(d) Classification.—
The information provided under subsection (c) may be submitted in a classified format or unclassified format, as the
Administrator considers appropriate.”
[For definitions of terms used in section 1986 of Pub. L. 115–254, set out above, see section 1902 of Pub. L. 115–254, set out as a Definitions of Terms in Title I of Div. K of Pub. L. 115–254 note under section 101 of this title.]
Integrated and Unified Operations Centers
Pub. L. 115–254, div. K, title I, § 1987, Oct. 5, 2018, 132 Stat. 3622, provided that:
“(a) Framework.—
Not later than 120 days after the date of enactment of this Act [
Oct. 5, 2018], the
Administrator, in consultation with the heads of other appropriate offices or components of the Department, shall make available to
public and private stakeholders a framework for establishing an integrated and unified operations center responsible for overseeing daily operations of a transportation facility that promotes coordination for responses to terrorism, serious incidents, and other purposes, as determined appropriate by the
Administrator.
“(b) Report.—
Not later than 1 year after the date of enactment of this Act, the
Administrator shall brief the appropriate committees of
Congress regarding the establishment and activities of integrated and unified operations centers at transportation facilities at which the TSA has a presence.”
[For definitions of terms used in section 1987 of Pub. L. 115–254, set out above, see section 1902 of Pub. L. 115–254, set out as a Definitions of Terms in Title I of Div. K of Pub. L. 115–254 note under section 101 of this title.]
Information Sharing and Cybersecurity
Pub. L. 115–254, div. K, title I, § 1989, Oct. 5, 2018, 132 Stat. 3624, provided that:
“(a) Federal Security Directors.—
“(b) Plan to Improve Information Sharing.—
“(1) In general.—
Not later than 180 days after the date of enactment of this Act [
Oct. 5, 2018], the
Administrator shall develop a
plan to improve intelligence information sharing with State and local transportation entities that includes best practices to ensure that the information shared is actionable, useful, and not redundant.
“(2) Contents.—The plan required under paragraph (1) shall include the following:
“(A)
The incorporation of best practices for information sharing.
“(B)
The identification of areas of overlap and redundancy.
“(C)
An evaluation and incorporation of stakeholder input in the development of such
plan.
“(D)
The integration of any recommendations of the Comptroller General of the United States on information sharing.
“(3) Solicitation.—
The
Administrator shall solicit on an annual basis input from appropriate stakeholders, including State and local transportation entities, on the quality and quantity of intelligence received by such stakeholders relating to information sharing.
“(c) Best Practices Sharing.—
“(1) In general.—
Not later than 180 days after the date of enactment of this Act [
Oct. 5, 2018], the
Administrator shall establish a mechanism to share with State and local transportation entities best practices from across the law enforcement spectrum, including Federal, State, local, and tribal entities, that relate to employee training, employee professional development, technology development and deployment, hardening tactics, and passenger and employee awareness programs.
“(2) Consultation.—The Administrator shall solicit and incorporate stakeholder input—
“(A)
in developing the mechanism for sharing best practices as required under paragraph (1); and
“(B)
not less frequently than annually on the quality and quantity of information such stakeholders receive through the mechanism established under such paragraph.
“(d) Cybersecurity.—
“(1) In general.—The Administrator, in consultation with the Secretary, shall—
“(A)
not later than 120 days after the date of enactment of this Act [
Oct. 5, 2018], implement the Framework for Improving Critical Infrastructure Cybersecurity (referred to in this section as the ‘Framework’ developed by the
National Institute of Standards and Technology, and any update to such Framework under section 2 of the
National Institute of Standards and Technology Act (
15 U.S.C. 272), to manage the
agency’s cybersecurity risks; and
“(B)
evaluate, on a periodic basis, but not less often than biennially, the use of the Framework under subparagraph (A).
“(2) Cybersecurity enhancements to aviation security activities.—
The Secretary, in consultation with the Secretary of Transportation, shall, upon request, conduct cybersecurity vulnerability assessments for airports and air carriers.
“(3) TSA trusted traveler and credentialing program cyber evaluation.—
“(A) Evaluation required.—Not later than 120 days after the date of enactment of this Act, the Secretary shall—
“(i)
evaluate the cybersecurity of TSA trusted traveler and credentialing programs that contain personal information of specific individuals or information that identifies specific individuals, including the Transportation Worker Identification Credential and PreCheck programs;
“(ii)
identify any cybersecurity risks under the programs described in clause (i); and
“(iii)
develop remediation
plans to address the cybersecurity risks identified under clause (ii).
“(B) Submission to congress.—
Not later than 30 days after the date the evaluation under subparagraph (A) is complete, the Secretary shall submit to the appropriate committees of
Congress information relating to such evaluation, including any cybersecurity vulnerabilities identified and remediation
plans to address such vulnerabilities. Such submission shall be provided in a classified form.
[For definitions of terms used in section 1989 of Pub. L. 115–254, set out above, see section 1902 of Pub. L. 115–254, set out as a Definitions of Terms in Title I of Div. K of Pub. L. 115–254 note under section 101 of this title.]
Safeguarding and Disposal of Personal Information of Registered Traveler Program Participants
Pub. L. 114–4, title V, § 536, Mar. 4, 2015, 129 Stat. 67, provided that:
“(a) Any company that collects or retains personal information directly from any individual who participates in the Registered Traveler or successor program of the Transportation Security Administration shall hereafter safeguard and dispose of such information in accordance with the requirements in—
“(1)
the National Institute for Standards and Technology Special Publication 800–30, entitled ‘Risk Management Guide for Information Technology Systems’;
“(2)
the National Institute for Standards and Technology Special Publication 800–53, Revision 3, entitled ‘Recommended Security Controls for Federal Information Systems and Organizations’; and
“(3)
any supplemental standards established by the
Administrator of the
Transportation Security Administration (referred to in this section as the
‘Administrator’).
“(b)
The airport authority or air carrier operator that sponsors the company under the Registered Traveler program shall hereafter be known as the ‘Sponsoring Entity’.
“(c)
The
Administrator shall hereafter require any company covered by subsection (a) to provide, not later than 30 days after the date of enactment of this Act [
Mar. 4, 2015], to the Sponsoring Entity written certification that the procedures used by the company to safeguard and dispose of information are in compliance with the requirements under subsection (a). Such certification shall include a description of the procedures used by the company to comply with such requirements.”
Registered Traveler Programs and Biometrically-Secure Cards
Pub. L. 110–161, div. E, title V, § 571, Dec. 26, 2007, 121 Stat. 2093, provided that:
“Effective no later than ninety days after the date of enactment of this Act [Dec. 26, 2007], the Transportation Security Administration shall permit approved members of Registered Traveler programs to satisfy fully the required identity verification procedures at security screening checkpoints by presenting a biometrically-secure Registered Traveler card in lieu of the government-issued photo identification document required of non-participants: Provided, That if their identity is not confirmed biometrically, the standard identity and screening procedures will apply: Provided further, That if the Assistant Secretary (Transportation Security Administration) determines this is a threat to civil aviation, then the Assistant Secretary (Transportation Security Administration) shall notify the Committees on Appropriations of the Senate and House of Representatives five days in advance of such determination and require Registered Travelers to present government-issued photo identification documents in conjunction with a biometrically-secure Registered Traveler card.”
Congressional Oversight of Security Assurance for Public and Private Stakeholders
Pub. L. 110–53, title XII, § 1203(b), Aug. 3, 2007, 121 Stat. 385, as amended by Pub. L. 115–254, div. K, title I, § 1904(b)(2), Oct. 5, 2018, 132 Stat. 3545, provided that:
“(1) In general.—Except as provided in paragraph (2), the Secretary [of Homeland Security] shall provide a semiannual report to the Committee on Homeland Security and Governmental Affairs, the Committee on Commerce, Science, and Transportation, and the Committee on Banking, Housing, and Urban Affairs of the Senate and the Committee on Homeland Security and the Committee on Transportation and Infrastructure of the House of Representatives that includes—
“(B)
a description of the measures the Secretary has taken to ensure proper treatment and security for any classified information to be shared with the
public and private stakeholders under the
Plan; and
“(2) No report required if no changes in stakeholders.—
The Secretary is not required to provide a semiannual report under paragraph (1) if no stakeholders have been added to or removed from the group of persons with whom
transportation security information is shared under the
plan [probably should be
“Plan”] since the end of the period covered by the last preceding semiannual report.”
Specialized Training
Pub. L. 110–53, title XVI, § 1611, Aug. 3, 2007, 121 Stat. 485, provided that:
“The
Administrator of the
Transportation Security Administration shall provide advanced training to transportation security officers for the development of specialized security skills, including behavior observation and analysis, explosives detection, and document examination, in order to enhance the effectiveness of layered transportation security measures.”
Inapplicability of Personnel Limitations After Fiscal Year 2007
Pub. L. 110–53, title XVI, § 1612, Aug. 3, 2007, 121 Stat. 485, provided that:
“(a) In General.—
Notwithstanding any provision of law, any statutory limitation on the number of employees in the Transportation Security Administration, before or after its transfer to the Department of Homeland Security from the Department of Transportation, does not apply after fiscal year 2007.
“(b) Aviation Security.—Notwithstanding any provision of law imposing a limitation on the recruiting or hiring of personnel into the Transportation Security Administration to a maximum number of permanent positions, the Secretary of Homeland Security shall recruit and hire such personnel into the Administration as may be necessary—
“(1)
to provide appropriate levels of aviation security; and
“(2)
to accomplish that goal in such a manner that the average aviation security-related delay experienced by airline passengers is reduced to a level of less than 10 minutes.”
Lease of Property to Transportation Security Administration Employees
Pub. L. 109–90, title V, § 514, Oct. 18, 2005, 119 Stat. 2084, provided that:
“Notwithstanding
section 3302 of title 31, United States Code, for fiscal year 2006 and thereafter, the
Administrator of the
Transportation Security Administration may impose a reasonable charge for the lease of real and personal property to
Transportation Security Administration employees and for use by
Transportation Security Administration employees and may credit amounts received to the appropriation or fund initially charged for operating and maintaining the property, which amounts shall be available, without fiscal year limitation, for expenditure for property management, operation, protection, construction, repair, alteration, and related activities.”
Similar provisions were contained in the following prior appropriation act:
Pub. L. 108–334, title V, § 516, Oct. 18, 2004, 118 Stat. 1318.
Acquisition Management System of the Transportation Security Administration
Pub. L. 109–90, title V, § 515, Oct. 18, 2005, 119 Stat. 2084, provided that:
“For fiscal year 2006 and thereafter, the acquisition management system of the Transportation Security Administration shall apply to the acquisition of services, as well as equipment, supplies, and materials.”
Similar provisions were contained in the following prior appropriation act:
Pub. L. 108–334, title V, § 517, Oct. 18, 2004, 118 Stat. 1318.
Registered Traveler Program Fee
Pub. L. 109–90, title V, § 540, Oct. 18, 2005, 119 Stat. 2088, provided that:
“For fiscal year 2006 and thereafter, notwithstanding
section 553 of title 5, United States Code, the
Secretary of Homeland Security shall impose a fee for any registered traveler program undertaken by the
Department of Homeland Security by notice in the Federal Register, and may modify the fee from time to time by notice in the Federal Register:
Provided, That such fees shall not exceed the aggregate costs associated with the program and shall be credited to the
Transportation Security Administration registered traveler fee account, to be available until expended.”
Enhanced Security Measures
Pub. L. 107–71, title I, § 109, Nov. 19, 2001, 115 Stat. 613, as amended by Pub. L. 107–296, title XIV, § 1403(b), Nov. 25, 2002, 116 Stat. 2306, provided that:
“(a) In General.—The Under Secretary of Transportation for Security [now the Administrator of the Transportation Security Administration] may take the following actions:
“(1)
Require effective 911 emergency call capability for telephones serving passenger aircraft and passenger trains.
“(2)
Establish a uniform system of identification for all State and local law enforcement personnel for use in obtaining permission to carry weapons in aircraft cabins and in obtaining access to a secured area of an airport, if otherwise authorized to carry such weapons.
“(3)
Establish requirements to implement trusted passenger programs and use available technologies to expedite the security screening of passengers who participate in such programs, thereby allowing security screening personnel to focus on those passengers who should be subject to more extensive screening.
“(4)
In consultation with the Commissioner of the Food and Drug Administration, develop alternative security procedures under which a medical product to be transported on a flight of an air carrier would not be subject to an inspection that would irreversibly damage the product.
“(5)
Provide for the use of technologies, including wireless and wire line data technologies, to enable the private and secure communication of threats to aid in the screening of passengers and other individuals on airport property who are identified on any State or Federal security-related data base for the purpose of having an integrated response coordination of various authorized airport security forces.
“(6)
In consultation with the
Administrator of the
Federal Aviation Administration, consider whether to require all pilot licenses to incorporate a photograph of the license holder and appropriate biometric imprints.
“(7)
Provide for the use of voice stress analysis, biometric, or other technologies to prevent a person who might pose a danger to air safety or security from boarding the aircraft of an air carrier or foreign air carrier in air transportation or intrastate air transportation.
“(8)
Provide for the use of technology that will permit enhanced instant communications and information between airborne passenger aircraft and appropriate individuals or facilities on the ground.
“(9)
Require that air carriers provide flight attendants with a discreet, hands-free, wireless method of communicating with the pilots.
“(b) Report.—
Not later than 6 months after the date of enactment of this Act [
Nov. 19, 2001], and annually thereafter until the Under Secretary [now the
Administrator of the
Transportation Security Administration] has implemented or decided not to take each of the actions specified in subsection (a), the Under Secretary shall transmit to
Congress a report on the progress of the Under Secretary in evaluating and taking such actions, including any legislative recommendations that the Under Secretary may have for enhancing transportation security.”
[For definitions of terms used in section 109 of Pub. L. 107–71, set out above, see section 133 of Pub. L. 107–71, set out as a note under section 40102 of this title.]