33 CFR Navigation and Navigable Waters CHAPTER I COAST

33 CFRNavigation and Navigable Waters

CHAPTER I

COAST GUARD, DEPARTMENT OFHOMELAND SECURITY

SUBCHAPTER H -- MARITIME SECURITY

Part 101—Maritime Security: General

Part 103—Maritime Security: Area Maritime Security

Part 104—Maritime Security: Vessels

Part 105—Maritime Security: Facilities

Part 106—Maritime Security: Outer ContinentalShelf (OCS) Facilities

As amended by the Final Rules

http://www.gpoaccess.gov/fr/index.htmlPart 101: USCG–2003–14792, 68 FR 60447, October 22, 2003Part 103: USCG-2003-14733, 68 FR 60471, October 22, 2003Part 104: USCG-2003-14749, 68 FR 60482, October 22, 2003Part 105: USCG-2003-14732, 68 FR 60514, October 22, 2003Part 106: USCG-2003-14759, 68 FR 60558, October 22, 2003

2

Part 101—Maritime Security: General33 CFR, Ch. I, Subchapter H


CHAPTER ICOAST GUARD, DEPARTMENT

OF HOMELAND SECURITYSUBCHAPTER H -- MARITIME

SECURITY

PART 101—

MARITIME SECURITY:

GENERAL

Subpart A -- GeneralSec.101.100 Purpose.101.105 Definitions.101.110 Applicability.101.115 Incorporation by reference.101.120 Alternatives.101.125 Approved Alternative

Security Programs.101.130 Equivalent security

measures.Subpart B -- Maritime Security

(MARSEC) Levels101.200 MARSEC Levels.101.205 Department of Homeland

Security alignment.Subpart C -- Communication (Port-

Facility-Vessel)101.300 Preparedness

communications.101.305 Reporting.101.310 Additional communication

devices.Subpart D -- Control Measures for

Security101.400 Enforcement.101.405 Maritime Security

(MARSEC) Directives.101.410 Control and Compliance

Measures.101.415 Penalties.101.420 Right to appeal.

Subpart E -- Other Provisions101.500 Procedures for authorizing

a Recognized SecurityOrganization (RSO).

[RESERVED]101.505 Declaration of Security

(DoS).101.510 Assessment Tools.101.515 Personal Identification.

Authority: 33 U.S.C. 1226, 1231; 46U.S.C. Chapter 701; 50 U.S.C. 191,192; Executive Order 12656, 3 CFR1988 Comp., p. 585; 33 CFR 1.05–1,6.04–11, 6.14, 6.16, and 6.19;Department of Homeland SecurityDelegation No. 0170.1.Source: USCG–2003–14792, 68 FR39278, July 1, 2003.

Subpart A—General§ 101.100 Purpose.

(a) The purpose of thissubchapter is:

(1) To implement portions of themaritime security regime required bythe Maritime Transportation SecurityAct of 2002, as codified in 46 U.S.C.Chapter 701;

(2) To align, where appropriate,the requirements of domestic maritimesecurity regulations with theinternational maritime securitystandards in the InternationalConvention for the Safety of Life at Sea,1974 (SOLAS Chapter XI–2) and theInternational Code for the Security ofShips and of Port Facilities, parts A andB, adopted on 12 December 2002; and

(3) To ensure securityarrangements are as compatible aspossible for vessels tradinginternationally.

(b) For those maritime elements ofthe national transportation systemwhere international standards do notdirectly apply, the requirements in thissubchapter emphasize cooperation andcoordination with local port communitystakeholders, and are based on existingdomestic standards, as well asestablished industry security practices.

(c) The assessments and plansrequired by this subchapter are intendedfor use in implementing securitymeasures at various MARSEC Levels.The specific security measures and theirimplementation are planning criteriabased on a set of assumptions madeduring the development of the security

3

Complete text as amended by the Final Rule Coast Guard, DHS

assessment and plan. Theseassumptions may not exist during anactual transportation security incident.§ 101.105 Definitions.

Unless otherwise specified, asused in this subchapter:

Alternative Security Programmeans a third-party or industryorganization developed standard thatthe Commandant has determinedprovides an equivalent level of securityto that established by this subchapter.

Area Commander means the U.S.Coast Guard officer designated by theCommandant to command a CoastGuard Area as described in 33 CFR part3.

Area Maritime Security (AMS)Assessment means an analysis thatexamines and evaluates theinfrastructure and operations of a porttaking into account possible threats,vulnerabilities, and existing protectivemeasures, procedures and operations.

Area Maritime Security (AMS)Committee means the committeeestablished pursuant to 46 U.S.C.70112(a)(2)(A). This committee can bethe Port Security Committee establishedpursuant to Navigation and VesselInspection Circular (NVIC) 09–02,available from the cognizant Captain ofthe Port (COTP) or at http://www.uscg.mil/hq/g-m/nvic.

Area Maritime Security (AMS)Plan means the plan developedpursuant to 46 U.S.C. 70103(b). Thisplan may be the Port Security plandeveloped pursuant to NVIC 09–02provided it meets the requirements ofpart 103 of this subchapter.

Area of Responsibility (AOR)means a Coast Guard area, district,marine inspection zone or COTP zonedescribed in 33 CFR part 3.

Audit means an evaluation of asecurity assessment or security planperformed by an owner or operator, theowner or operator's designee, or anapproved third-party, intended toidentify deficiencies, non-conformitiesand/or inadequacies that would renderthe assessment or plan insufficient.

Barge means a non-self-propelledvessel (46 CFR 24.10–1).

Barge fleeting facility means a

commercial area, subject to permittingby the Army Corps of Engineers, asprovided in 33 CFR part 322, part 330,or pursuant to a regional general permit,the purpose of which is for the makingup, breaking down, or staging of bargetows.

Breach of security means anincident that has not resulted in atransportation security incident, inwhich security measures have beencircumvented, eluded, or violated.

Bulk or in bulk means a commoditythat is loaded or carried on board avessel without containers or labels, andthat is received and handled withoutmark or count.

Bunkers means a vessel's fuelsupply.

Captain of the Port (COTP) meansthe local officer exercising authority forthe COTP zones described in 33 CFRpart 3. The COTP is the FederalMaritime Security Coordinatordescribed in 46 U.S.C. 70103(a)(2)(G)and also the Port Facility SecurityOfficer as described in the ISPS Code,part A.

Cargo means any goods, wares, ormerchandise carried, or to be carried,for consideration, whether directly orindirectly flowing to the owner,charterer, operator, agent, or any otherperson interested in the vessel, facility,or OCS facility, except dredge spoils.

Cargo vessel means a vessel thatcarries, or intends to carry, cargo asdefined in this section.

Certain Dangerous Cargo (CDC)means the same as defined in 33 CFR160.204.

Commandant means theCommandant of the U.S. Coast Guard.

Company means any person orentity that owns any facility, vessel, orOCS facility subject to the requirementsof this subchapter, or has assumed theresponsibility for operation of anyfacility, vessel, or OCS facility subjectto the requirements of this subchapter,including the duties and responsibilitiesimposed by this subchapter.

Company Security Officer (CSO)means the person designated by theCompany as responsible for the securityof the vessel or OCS facility, includingimplementation and maintenance of thevessel or OCS facility security plan, and

4


for liaison with their respective vesselor facility security officer and the CoastGuard.

Contracting Government meansany government of a nation that is asignatory to SOLAS, other than the U.S.

Cruise ship means any vessel over100 gross register tons, carrying morethan 12 passengers for hire whichmakes voyages lasting more than 24hours, of which any part is on the highseas. Passengers from cruise ships areembarked or disembarked in the U.S.or its territories. Cruise ships do notinclude ferries that hold Coast GuardCertificates of Inspection endorsed for“Lakes, Bays, and Sounds”, that transitinternational waters for only shortperiods of time on frequent schedules.

Dangerous goods and/orhazardous substances, for the purposesof this subchapter, means cargoesregulated by parts 126, 127, or 154 ofthis chapter.

Dangerous substances or devicesmeans any material, substance, or itemthat reasonably has the potential tocause a transportation security incident.

Declaration of Security (DoS)means an agreement executed betweenthe responsible Vessel and FacilitySecurity Officer, or between VesselSecurity Officers in the case of a vessel-to-vessel activity, that provides a meansfor ensuring that all shared securityconcerns are properly addressed andsecurity will remain in place throughoutthe time a vessel is moored to the facilityor for the duration of the vessel-to-vessel activity, respectively.

District Commander means theU.S. Coast Guard officer designated bythe Commandant to command a CoastGuard District described in 33 CFR part3.

Drill means a training event thattests at least one component of theAMS, vessel, or facility security planand is used to maintain a high level ofsecurity readiness.

Exercise means a comprehensivetraining event that involves several ofthe functional elements of the AMS,vessel, or facility security plan and testscommunications, coordination,resource availability, and response.

Facility means any structure orfacility of any kind located in, on, under,

or adjacent to any waters subject to thejurisdiction of the U.S. and used,operated, or maintained by a public orprivate entity, including any contiguousor adjoining property under commonownership or operation.

Facility Security Assessment(FSA) means an analysis that examinesand evaluates the infrastructure andoperations of the facility taking intoaccount possible threats, vulnerabilities,consequences, and existing protectivemeasures, procedures and operations.

Facility Security Officer (FSO)means the person designated asresponsible for the development,implementation, revision andmaintenance of the facility security planand for liaison with the COTP andCompany and Vessel Security Officers.

Facility Security Plan (FSP)means the plan developed to ensure theapplication of security measuresdesigned to protect the facility and itsservicing vessels or those vesselsinterfacing with the facility, theircargoes, and persons on board at therespective MARSEC Levels.

Ferry means a vessel which islimited in its use to the carriage of deckpassengers or vehicles or both, operateson a short run on a frequent schedulebetween two or more points over themost direct water route, other than inocean or coastwise service.

Foreign vessel means a vessel offoreign registry or a vessel operatedunder the authority of a country, exceptthe U.S., that is engaged in commerce.

General shipyard facility means--(1) For operations on land, any

structure or appurtenance theretodesigned for the construction, repair,rehabilitation, refurbishment, orrebuilding of any vessel, includinggraving docks, building ways, ship lifts,wharves, and pier cranes; the landnecessary for any structures orappurtenances; and the equipmentnecessary for the performance of anyfunction referred to in this definition;and

(2) For operations other than onland, any vessel, floating drydock, orbarge used for, or a type that is usuallyused for, activities referred to inparagraph (1) of this definition.

Gross register tons (GRT) means

5


the gross ton measurement of the vesselunder 46 U.S.C. chapter 145,Regulatory Measurement. For a vesselmeasured under only 46 U.S.C. chapter143, Convention Measurement, thevessel's gross tonnage, ITC is used toapply all thresholds expressed in termsof gross register tons.

Gross tonnage, ITC (GT ITC)means the gross tonnage measurementof the vessel under 46 U.S.C. chapter143, Convention Measurement. Underinternational conventions, thisparameter may be referred to as “grosstonnage (GT).”

Hazardous materials meanshazardous materials subject toregulation under 46 CFR parts 148,150, 151, 153, or 154, or 49 CFR parts171 through 180.

Infrastructure means facilities,structures, systems, assets, or servicesso vital to the port and its economy thattheir disruption, incapacity, ordestruction would have a debilitatingimpact on defense, security, theenvironment, long-term economicprosperity, public health or safety of theport.

International voyage means avoyage between a country to whichSOLAS applies and a port outside thatcountry. A country, as used in thisdefinition, includes every territory forthe internal relations of which acontracting government to theconvention is responsible or for whichthe United Nations is the administeringauthority. For the U.S., the term“territory” includes the Commonwealthof Puerto Rico, all possessions of theUnited States, and all lands held by theU.S. under a protectorate or mandate.For the purposes of this subchapter,vessels solely navigating the GreatLakes and the St. Lawrence River asfar east as a straight line drawn fromCap des Rosiers to West Point, AnticostiIsland and, on the north side ofAnticosti Island, the 63rd meridian, areconsidered on an “internationalvoyage” when on a voyage between aU.S. port and a Canadian port.

ISPS Code means the InternationalShip and Port Facility Security Code,as incorporated into SOLAS.

Maritime Security (MARSEC)Directive means an instruction issued

by the Commandant, or his/her delegee,mandating specific security measuresfor vessels and facilities that may beinvolved in a transportation securityincident.

Maritime Security (MARSEC)Level means the level set to reflect theprevailing threat environment to themarine elements of the nationaltransportation system, including ports,vessels, facilities, and critical assets andinfrastructure located on or adjacent towaters subject to the jurisdiction of theU.S.

MARSEC Level 1 means the levelfor which minimum appropriateprotective security measures shall bemaintained at all times.

MARSEC Level 2 means the levelfor which appropriate additionalprotective security measures shall bemaintained for a period of time as aresult of heightened risk of atransportation security incident.

MARSEC Level 3 means the levelfor which further specific protectivesecurity measures shall be maintainedfor a limited period of time when atransportation security incident isprobable or imminent, although it maynot be possible to identify the specifictarget.

Master means the holder of a validlicense that authorizes the individual toserve as a Master, operator, or personin charge of the rated vessel. For thepurposes of this subchapter, Master alsoincludes the Person in Charge of aMODU, and the operator of anuninspected towing vessel.

OCS Facility means any artificialisland, installation, or other complex ofone or more structures permanently ortemporarily attached to the subsoil orseabed of the OCS, erected for thepurpose of exploring for, developing orproducing oil, natural gas or mineralresources. This definition includes allmobile offshore drilling units(MODUs) not covered under part 104of this subchapter, when attached to thesubsoil or seabed of offshore locations,but does not include deepwater ports,as defined by 33 U.S.C. 1502, orpipelines.

Operator, Uninspected TowingVessel means an individual who holdsa license described in 46 CFR

6


15.805(a)(5) or 46 CFR 15.810(d).Owner or operator means any

person or entity that owns, or maintainsoperational control over, any facility,vessel, or OCS facility subject to thissubchapter. This includes a towingvessel that has operational control ofan unmanned vessel when theunmanned vessel is attached to thetowing vessel and a facility that hasoperational control of an unmannedvessel when the unmanned vessel is notattached to a towing vessel and ismoored to the facility; attachmentbegins with the securing of the firstmooring line and ends with the casting-off of the last mooring line.

Passenger vessel means—(1) On an international voyage,

a vessel carrying more than 12passengers including at least onepassenger-for-hire; and

(2) On other than aninternational voyage:

(i) A vessel of at least 100 grossregister tons carrying more than 12passengers, including at least onepassenger-for-hire;

(ii) A vessel of less than 100gross register tons carrying more than6 passengers, including at least onepassenger-for-hire;

(iii) A vessel that is chartered andcarrying more than 12 passengers;

(iv) A submersible vessel that iscarrying at least one passenger-for-hire;or

(v) A wing-in-ground craft,regardless of tonnage, that is carryingat least one passenger-for-hire.

Passenger-for-hire means apassenger for whom consideration iscontributed as a condition of carriageon the vessel, whether directly orindirectly flowing to the owner,charterer, operator, agent, or any otherperson having an interest in the vessel.

Public access facility means afacility--

(1) That is used by the publicprimarily for purposes such asrecreation, entertainment, retail, ortourism, and not for receiving vesselssubject to part 104;

(2) That has minimalinfrastructure for servicing vesselssubject to part 104 of this chapter; and

(3) That receives only:

(i) Vessels not subject to part104 of this chapter, or

(ii) Passenger vessels, except:(A) Ferries certificated to carry

vehicles;(B) Cruise ships; or(C) Passenger vessels subject to

SOLAS Chapter XI.Registered length means the

registered length as defined in 46 CFRpart 69.

Restricted areas mean theinfrastructures or locations identified inan area, vessel, or facility securityassessment or by the operator thatrequire limited access and a higherdegree of security protection. The entirefacility may be designated the restrictedarea, as long as the entire facility isprovided the appropriate level ofsecurity.

Review and approval means theprocess whereby Coast Guard officialsevaluate a plan or proposal to determineif it complies with this subchapter and/or provides an equivalent level ofsecurity.

Screening means a reasonableexamination of persons, cargo, vehicles,or baggage for the protection of thevessel, its passengers and crew. Thepurpose of the screening is to securethe vital government interest ofprotecting vessels, harbors, andwaterfront facilities from destruction,loss, or injury from sabotage or othercauses of similar nature. Such screeningis intended to ensure that dangeroussubstances and devices, or other itemsthat pose a real danger of violence or athreat to security are not present.

Security sweep means awalkthrough to visually inspectunrestricted areas to identify unattendedpackages, briefcases, or luggage anddetermine that all restricted areas aresecure.

Security system means a device ormultiple devices designed, installed andoperated to monitor, detect, observe orcommunicate about activity that maypose a security threat in a location orlocations on a vessel or facility.

Sensitive security information(SSI) means information within thescope of 49 CFR part 1520.

SOLAS means the InternationalConvention for the Safety of Life at Sea

7


Convention, 1974, as amended.Survey means an on-scene

examination and evaluation of thephysical characteristics of a vessel orfacility, and its security systems,processes, procedures, and personnel.

Transportation security incident(TSI) means a security incident resultingin a significant loss of life,environmental damage, transportationsystem disruption, or economicdisruption in a particular area.

Unaccompanied baggage meansany baggage, including personal effects,that is not being brought on board onbehalf of a person who is boarding thevessel.

Vessel-to-facility interface meansthe interaction that occurs when a vesselis directly and immediately affected byactions involving the movement ofpersons, cargo, vessel stores, or theprovisions of facility services to or fromthe vessel.

Vessel-to-port interface means theinteraction that occurs when a vessel isdirectly and immediately affected byactions involving the movement ofpersons, cargo, vessel stores, or theprovisions of port services to or fromthe vessel.

Vessel Security Assessment (VSA)means an analysis that examines andevaluates the vessel and its operationstaking into account possible threats,vulnerabilities, consequences, andexisting protective measures,procedures and operations.

Vessel Security Plan (VSP) meansthe plan developed to ensure theapplication of security measuresdesigned to protect the vessel and thefacility that the vessel is servicing orinteracting with, the vessel's cargoes,and persons on board at the respectiveMARSEC Levels.

Vessel Security Officer (VSO)means the person onboard the vessel,accountable to the Master, designatedby the Company as responsible forsecurity of the vessel, includingimplementation and maintenance of theVessel Security Plan, and for liaisonwith the Facility Security Officer andthe vessel's Company Security Officer.

Vessel stores means—(1) Materials that are on board a

vessel for the upkeep, maintenance,

safety, operation or navigation of thevessel; and

(2) Materials for the safety orcomfort of the vessel's passengers orcrew, including any provisions for thevessel's passengers or crew.

Vessel-to-vessel activity means anyactivity not related to a facility or portthat involves the transfer of cargo,vessel stores, or persons from onevessel to another.

Waters subject to the jurisdictionof the U.S. , for purposes of thissubchapter, includes all watersdescribed in section 2.36(a) of thischapter; the Exclusive Economic Zone,in respect to the living and non-livingresources therein; and, in respect tofacilities located on the OuterContinental Shelf of the U.S., the waterssuperjacent thereto.§ 101.110 Applicability.

Unless otherwise specified, thissubchapter applies to vessels,structures, and facilities of any kind,located under, in, on, or adjacent towaters subject to the jurisdiction of theU.S.§ 101.115 Incorporation byreference.

(a) Certain material isincorporated by reference into thissubchapter with the approval of theDirector of the Federal Register under5 U.S.C. 552(a) and 1 CFR part 51. Toenforce any edition other than thatspecified in paragraph (b) of thissection, the Coast Guard must publishnotice of change in the Federal Registerand the material must be available tothe public. All approved material is onfile at the Office of the Federal Register,800 North Capitol Street, NW., Suite700, Washington, DC, and at the Officeof the Coast Guard Port SecurityDirectorate (G–MP), Coast GuardHeadquarters, 2100 Second Street, SW.,Washington, DC 20593–0001, and isavailable from the sources indicated inparagraph (b) of this section.

(b) The materials approved forincorporation by reference in thissubchapter are as follows:International MaritimeOrganization (IMO)

8


Publication Section, 4 AlbertEmbankment, London SE1 7SR,United Kingdom.

Conference resolution 1, Adoption ofamendments to the Annex to theInternational Convention for theSafety of Life at Sea, 1974, andamendments to Chapter XI ofSOLAS 1974, adopted December12, 2002, (SOLAS Chapter XI-1 orSOLAS Chapter XI-2).101.120; 101.310; 101.410;101.505; 104.105; 104.115;104.120; 104.297; 104.400.

Conference resolution 2, Adoption ofthe International Code for theSecurity of Ships and of PortFacilities, parts A and B, adopted onDecember 12, 2002 (ISPS Code).101.410; 101.505; 104.105;104.115; 104.120; 104.297;104.400.

§ 101.120 Alternatives.(a) Alternative Security

Agreements. (1) The U.S. may concludein writing, as provided in SOLASChapter XI–2, Regulation 11(Incorporated by reference, see§101.115), a bilateral or multilateralagreements with other ContractingGovernments to SOLAS on AlternativeSecurity Arrangements covering shortinternational voyages on fixed routesbetween facilities subject to thejurisdiction of the U.S. and facilities inthe territories of those ContractingGovernments.

(2) As further provided inSOLAS Chapter XI–2, Regulation 11,a vessel covered by such an agreementshall not conduct any vessel-to-vesselactivity with any vessel not covered bythe agreement.

(b) Alternative SecurityPrograms. (1) Owners and operators ofvessels and facilities required to havesecurity plans under part 104, 105, or106 of this subchapter, other thanvessels that are subject to SOLASChapter XI, may meet an AlternativeSecurity Program that has beenreviewed and approved by theCommandant (G–MP) as meeting therequirements of part 104, 105, or 106,

as applicable.(2) Owners or operators must

implement an approved AlternativeSecurity Program in its entirety to bedeemed in compliance with either part104, 105, or 106.

(3) Owners or operators whohave implemented an AlternativeSecurity Program must send a letter tothe appropriate plan approval authorityunder part 104, 105, or 106 of thissubchapter identifying whichAlternative Security Program they haveimplemented, identifying those vesselsor facilities that will implement theAlternative Security Program, andattesting that they are in full compliancetherewith. A copy of this letter shall beretained on board the vessel or kept atthe facility to which it pertains alongwith a copy of the Alternative SecurityProgram and a vessel, facility, or OuterContinental Shelf facility specificsecurity assessment report generatedunder the Alternative Security Program.

(4) Owners or operators shallmake available to the Coast Guard,upon request, any information relatedto implementation of an approvedAlternative Security Program.

(c) Approval of AlternativeSecurity Programs. You must submit tothe Commandant (G–MP) for reviewand approval the Alternative SecurityProgram and the following informationto assess the adequacy of the proposedAlternative Security Program:

(1) A list of the vessel and facilitytype that the Alternative SecurityProgram is intended to apply;

(2) A security assessment for thevessel or facility type;

(3) Explanation of how theAlternative Security Program addressesthe requirements of parts 104, 105, or106, as applicable; and

(4) Explanation of how ownersand operators must implement theAlternative Security Program in itsentirety, including performing anoperational and vessel or facilityspecific assessment and verification ofimplementation.

(d) Amendment of ApprovedAlternative Security Programs. (1)Amendments to an Alternative SecurityProgram approved under this sectionmay be initiated by—

9


(i) The submitter of anAlternative Security Program underparagraph (c) of this section; or

(ii) The Coast Guard upon adetermination that an amendment isneeded to maintain the security of avessel or facility. The Coast Guard willgive the submitter of an AlternativeSecurity Program written notice andrequest that the submitter proposeamendments addressing any mattersspecified in the notice. The submitterwill have at least 60 days to submit itsproposed amendments.

(2) Proposed amendments mustbe sent to the Commandant (G-MP). Ifinitiated by the submitter, the proposedamendment must be submitted at least30 days before the amendment is to takeeffect unless the Commandant (G-MP)allows a shorter period. TheCommandant (G-MP) will approve ordisapprove the proposed amendment inaccordance with paragraph (f) of thissection.

(e) Validity of AlternativeSecurity Program. An AlternativeSecurity Program approved under thissection is valid for 5 years from the dateof its approval.

(f) The Commandant (G-MP)will examine each submission forcompliance with this part, and either:

(1) Approve it and specify anyconditions of approval, returning to thesubmitter a letter stating its acceptanceand any conditions;

(2) Return it for revision,returning a copy to the submitter withbrief descriptions of the requiredrevisions; or

(3) Disapprove it, returning acopy to the submitter with a briefstatement of the reasons fordisapproval.§ 101.125 Approved AlternativeSecurity Programs.

The following have beenapproved, by the Commandant (G-MP),as Alternative Security Programs, whichmay be used by vessel or facility ownersor operators to meet the provisions ofparts 104, 105, or 106 of thissubchapter, as applicable:

(a) American GamingAssociation Alternative Security

Program, dated September 11, 2003.(b) American Waterways

Operators Alternative Security Programfor Tugboats, and Towboats and Barges,dated September 24, 2003.

(c) Passenger Vessel AssociationIndustry Standards for Security ofPassenger Vessels and Small PassengerVessels, dated September 17, 2003.§ 101.130 Equivalent securitymeasures.

(a) For any measure required bypart 104, 105, or 106 of this subchapter,the owner or operator may substitute anequivalent security measure that hasbeen approved by the Commandant (G–MP) as meeting or exceeding theeffectiveness of the required measure.The Commandant (G–MP) may requirethat the owner or operator provide datafor use in assessing the effectiveness ofthe proposed equivalent securitymeasure.

(b) Requests for approval ofequivalent security measures should bemade to the appropriate plan approvalauthority under parts 104, 105 or 106of this subchapter.

Subpart B—Maritime Security(MARSEC) Levels

§ 101.200 MARSEC Levels.(a) MARSEC Levels advise the

maritime community and the public ofthe level of risk to the maritimeelements of the national transportationsystem. Ports, under direction of thelocal COTP, will respond to changes inthe MARSEC Level by implementingthe measures specified in the AMS Plan.Similarly, vessels and facilities requiredto have security plans under part 104,105, or 106 of this subchapter shallimplement the measures specified intheir security plans for the applicableMARSEC Level.

(b) Unless otherwise directed,each port, vessel, and facility shalloperate at MARSEC Level 1.

(c) The Commandant will set theMARSEC Level consistent with theequivalent Homeland SecurityAdvisory System (HSAS) Threat

10


Condition and that Threat Condition'sscope of application. Notwithstandingthe HSAS, the Commandant retainsdiscretion to adjust the MARSEC Levelwhen necessary to address anyparticular security concerns orcircumstances related to the maritimeelements of the national transportationsystem.

(d) The COTP may temporarilyraise the MARSEC Level for the port,a specific marine operation within theport, or a specific industry within theport, when necessary to address anexigent circumstance immediatelyaffecting the security of the maritimeelements of the transportation systemin his/her area of responsibility.§ 101.205 Department ofHomeland Security alignment.

The MARSEC Levels are alignedwith the Department of HomelandSecurity's Homeland Security AdvisorySystem (HSAS), established byHomeland Security PresidentialDirective 3. Table 101.205, titled“Relation between HSAS andMARSEC Levels” in this section,shows this alignment.Table 101.205 RelationBetween Homeland SecurityAdvisory System (HSAS) andMaritime Security (MARSEC)Levels

MARSEC Level 1HSAS Low: GreenHSAS Guarded: BlueHSAS Elevated: Yellow

MARSEC Level 2HSAS High: Orange

MARSEC Level 3HSAS Severe: Red

Subpart C—Communication(Port—Facility—Vessel)

§ 101.300 Preparednesscommunications.

(a) Notification of MARSECLevel change. The COTP will

communicate any changes in theMARSEC Levels through a localBroadcast Notice to Mariners, anelectronic means, if available, or asdetailed in the AMS Plan.

(b) Communication of threats.When the COTP is made aware of athreat that may cause a transportationsecurity incident, the COTP will, whenappropriate, communicate to the portstakeholders, vessels, and facilities inhis or her AOR the following details:

(1) Geographic area potentiallyimpacted by the probable threat;

(2) Any appropriate informationidentifying potential targets;

(3) Onset and expected durationof probable threat;

(4) Type of probable threat; and(5) Required actions to minimize

risk.(c) Attainment. (1) Each owner

or operator of a vessel or facilityrequired to have a security plan underparts 104 or 105 of this subchapteraffected by a change in the MARSECLevel must ensure confirmation to theirlocal COTP the attainment of measuresor actions described in their securityplan and any other requirementsimposed by the COTP that correspondwith the MARSEC Level beingimposed by the change.

(2) Each owner or operator of afacility required to have a security planunder part 106 of this subchapteraffected by a change in the MARSECLevel must must confirm to theircognizant District Commander theattainment of measures or actionsdescribed in their security plan and anyother requirements imposed by theDistrict Commander or COTP thatcorrespond with the MARSEC Levelbeing imposed by the change.§ 101.305 Reporting.

(a) Notification of suspiciousactivities. An owner or operatorrequired to have a security plan underpart 104, 105, or 106 of this subchaptershall, without delay, report activitiesthat may result in a transportationsecurity incident to the NationalResponse Center at the following tollfree telephone: 1–800–424–8802,direct telephone: 202–267–2675, fax:

11


202–267–2165, TDD: 202–267–4477,or Email: [email protected].

Any other person or entity is alsoencouraged to report activities that mayresult in a transportation securityincident to the National ResponseCenter.

(b) Notification of breaches ofsecurity. An owner or operator requiredto have a security plan under parts 104,105, or 106 of this subchapter shall,without delay, report breaches ofsecurity to the National ResponseCenter via one of the means listed inparagraph (a) of this section.

(c) Notification oftransportation security incident (TSI).(1) Any owner or operator required tohave a security plan under part 104 or105 of this subchapter shall, withoutdelay, report a TSI to their local COTPand immediately thereafter beginfollowing the procedures set out in theirsecurity plan, which may includecontacting the National ResponseCenter via one of the means listed inparagraph (a) of this section.

(2) Any owner or operatorrequired to have a security plan underpart 106 of this subchapter shall,without delay, report a TSI to theircognizant District Commander andimmediately thereafter begin followingthe procedures set out in their securityplan, which may include contacting theNational Response Center via one ofthe means listed in paragraph (a) of thissection.

(d) Callers to the NationalResponse Center should be prepared toprovide as much of the followinginformation as possible:

(1) Their own name and contactinformation;

(2) The name and contactinformation of the suspicious orresponsible party;

(3) The location of the incident,as specifically as possible; and

(4) The description of theincident or activity involved.§ 101.310 Additionalcommunication devices.

(a) Alert Systems. Alert systems,such as the ship security alert systemrequired in SOLAS Chapter XI–2,

Regulation 6 (Incorporated byreference, see §101.115), may be usedto augment communication and may beone of the communication methodslisted in a vessel or facility security planunder part 104, 105, or 106 of thissubchapter.

(b) Automated IdentificationSystems (AIS). AIS may be used toaugment communication, and may beone of the communication methodslisted in a vessel security plan under part104 of this subchapter. See 33 CFR part164 for additional information on AISdevice requirements.

Subpart D—Control Measures forSecurity

§ 101.400 Enforcement.(a) The rules and regulations in

this subchapter are enforced by theCOTP under the supervision andgeneral direction of the DistrictCommander, Area Commander, and theCommandant. All authority and powervested in the COTP by the rules andregulations in this subchapter is alsovested in, and may be exercised by, theDistrict Commander, Area Commander,and the Commandant.

(b) The COTP, DistrictCommander, Area Commander, orCommandant may assign theenforcement authority described inparagraph (a) of this section to any otherofficer or petty officer of the CoastGuard or other designees authorized bythe Commandant.

(c) The provisions in thissubchapter do not limit the powersconferred upon Coast Guardcommissioned, warrant, or pettyofficers by any other law or regulation,including but not limited to 33 CFRparts 6, 160, and 165.§ 101.405 Maritime Security(MARSEC) Directives.

(a)(1) When the Coast Guarddetermines that additional securitymeasures are necessary to respond to athreat assessment or to a specific threatagainst the maritime elements of thenational transportation system, theCoast Guard may issue a MARSECDirective setting forth mandatory

12


measures. Only the Commandant or his/her delegee may issue MARSECDirectives under this section. Prior toissuing a MARSEC Directive, theCommandant or his/her delegee willconsult with those Federal agencieshaving an interest in the subject matterof that MARSEC Directive. AllMARSEC Directives issued under thissection shall be marked as sensitivesecurity information (SSI) inaccordance with 49 CFR part 1520.

(2) When a MARSEC Directiveis issued, the Coast Guard willimmediately publish a notice in theFederal Register, and affected ownersand operators will need to go to theirlocal COTP or cognizant DistrictCommander to acquire a copy of theMARSEC Directive. COTPs andDistrict Commanders will requireowners or operators to prove that theyare a person required by 49 CFR1520.5(a) to restrict disclosure of andaccess to sensitive security information,and that under 49 CFR 1520.5(b), theyhave a need to know sensitive securityinformation.

(b) Each owner or operator of avessel or facility to whom a MARSECDirective applies is required to complywith the relevant instructions containedin a MARSEC Directive issued underthis section within the time prescribedby that MARSEC Directive.

(c) Each owner or operator of avessel or facility required to have asecurity plan under parts 104, 105 or106 of this subchapter that receives aMARSEC Directive must:

(1) Within the time prescribed inthe MARSEC Directive, acknowledgereceipt of the MARSEC Directive totheir local COTP or, if a facilityregulated under part 106 of thissubchapter, to their cognizant DistrictCommander; and

(2) Within the time prescribed inthe MARSEC Directive, specify themethod by which the measures in theMARSEC Directive have beenimplemented (or will be implemented,if the MARSEC Directive is not yeteffective).

(d) In the event that the owneror operator of a vessel or facilityrequired to have a security plan underpart 104, 105, or 106 of this subchapter

is unable to implement the measures inthe MARSEC Directive, the owner oroperator must submit proposedequivalent security measures and thebasis for submitting the equivalentsecurity measures to the COTP or, if afacility regulated under part 106 of thissubchapter, to their cognizant DistrictCommander, for approval.

(e) The owner or operator mustsubmit the proposed equivalent securitymeasures within the time prescribed inthe MARSEC Directive. The owner oroperator must implement anyequivalent security measures approvedby the COTP, or, if a facility regulatedunder part 106 of this subchapter, bytheir cognizant District Commander.§ 101.410 Control and ComplianceMeasures.

(a) The COTP may exerciseauthority pursuant to 33 CFR parts 6,160 and 165, as appropriate, to rectifynon-compliance with this subchapter.COTPs or their designees are theofficers duly authorized to exercisecontrol and compliance measures underSOLAS Chapter XI–2, Regulation 9,and the ISPS Code (Incorporated byreference, see §101.115).

(b) Control and compliancemeasures for vessels not in compliancewith this subchapter may include, butare not limited to, one or more of thefollowing:

(1) Inspection of the vessel;(2) Delay of the vessel;(3) Detention of the vessel;(4) Restriction of vessel

operations;(5) Denial of port entry;(6) Expulsion from port;(7) Lesser administrative and

corrective measures; or(8) Suspension or revocation of

a security plan approved by the U.S.,thereby making that vessel ineligible tooperate in, on, or under waters subjectto the jurisdiction of the U.S. inaccordance with 46 U.S.C. 70103(c)(5).

(c) Control and compliancemeasures for facilities not incompliance with this subchapter mayinclude, but are not limited to, one ormore of the following:

(1) Restrictions on facility

13


access;(2) Conditions on facility

operations;(3) Suspension of facility

operations;(4) Lesser administrative and

corrective measures; or(5) Suspension or revocation of

security plan approval, thereby makingthat facility ineligible to operate in, on,under or adjacent to waters subject tothe jurisdiction of the U.S. inaccordance with 46 U.S.C. 70103(c)(5).

(d) Control and compliancemeasures under this section may beimposed on a vessel when it has calledon a facility or at a port that does notmaintain adequate security measures toensure that the level of security to beachieved by this subchapter has notbeen compromised.§ 101.415 Penalties.

(a) Civil and criminal penalty.Violation of any order or otherrequirement imposed under section101.405 of this part is punishable bythe civil and criminal penaltiesprescribed in 33 U.S.C. 1232 or 50U.S.C. 192, as appropriate.

(b) Civil penalty. As provided in46 U.S.C. 70117, any person who doesnot comply with any other applicablerequirement under this subchapter,including a Maritime SecurityDirective, shall be liable to the U.S. fora civil penalty of not more than $25,000for each violation. Enforcement andadministration of this provision will bein accordance with 33 CFR 1.07.§ 101.420 Right to appeal.

(a) Any person directly affectedby a decision or action taken by a COTPunder this subchapter, may appeal thataction or decision to the cognizantDistrict Commander according to theprocedures in 46 CFR 1.03–15.

(b) Any person directly affectedby a decision or action taken by aDistrict Commander, whether madeunder this subchapter generally orpursuant to paragraph (a) of this section,with the exception of those decisionsmade under § 101.410 of this subpart,may appeal that decision or action tothe Commandant (G-MP), according to

the procedures in 46 CFR 1.03-15.Appeals of District Commanderdecisions or actions made under §101.410 of this subpart should be madeto the Commandant (G-MOC),according to the procedures in 46 CFR1.03-15.

(c) Any person directly affectedby a decision or action taken by theCommanding Officer, Marine SafetyCenter, under this subchapter, mayappeal that action or decision to theCommandant (G–MP) according to theprocedures in 46 CFR 1.03–15.

(d) Decisions made byCommandant (G–MP), whether madeunder this subchapter generally orpursuant to the appeal provisions of thissection, are considered final agencyaction.

Subpart E—Other Provisions§ 101.500 Procedures forauthorizing a Recognized SecurityOrganization (RSO). [Reserved]

§ 101.505 Declaration of Security(DoS).

(a) The purpose of a DoS, asdescribed in SOLAS Chapter XI–2,Regulation 10, and the ISPS Code(Incorporated by reference, see§101.115), is to state the agreementreached between a vessel and a facility,or between vessels in the case of avessel-to-vessel activity, as to therespective security measures each mustundertake during a specific vessel-to-facility interface, during a series ofinterfaces between the vessel and thefacility, or during a vessel-to-vesselactivity.

(b) Details as to who mustcomplete a DoS, when a DoS must becompleted, and how long a DoS mustbe retained are included in parts 104through 106 of this subchapter. A DoSmust, at a minimum, include theinformation found in the ISPS Code,part B, appendix 1 (Incorporated byreference, see § 101.115).

(c) All vessels and facilitiesrequired to comply with parts 104, 105,and 106 of this subchapter must, at aminimum, comply with the DoSrequirements of the MARSEC Level set

14


for the port.(d) The COTP may also require

a DoS be completed for vessels andfacilities during periods of critical portoperations, special marine events, orwhen vessels give notification of ahigher MARSEC Level than that set inthe COTP's Area of Responsibility(AOR).§ 101.510 Assessment tools.

Ports, vessels, and facilitiesrequired to conduct securityassessments by part 103, 104, 105, or106 of this subchapter may use anyassessment tool that meets the standardsset out in part 103, 104, 105, or 106, asapplicable. These tools may include:

(a) DHS/TSA's vulnerabilityself-assessment tool located at http://www.tsa.gov/risk; and

(b) USCG assessment tools,available from the cognizant COTP orat http://www.uscg.mil/hq/g-m/nvic, asset out in the following:

(1) Navigation and VesselInspection Circular titled, “Guidelinesfor Port Security Committees, and PortSecurity Plans Required for U.S. Ports”(NVIC 9–02);

(2) Navigation and VesselInspection Circular titled, “SecurityGuidelines for Vessels”, (NVIC 10–02);and

(3) Navigation and VesselInspection Circular titled, “SecurityGuidelines for Facilities”, (NVIC 11–02).§ 101.515 Personal identification.

(a) Any personal identificationcredential accepted under the accesscontrol provisions of this subchaptermust, at a minimum, meet the followingrequirements:

(1) Be laminated or otherwisesecure against tampering;

(2) Contain the individual's fullname (full first and last names, middleinitial is acceptable);

(3) Contain a photo thataccurately depicts that individual'scurrent facial appearance; and

(4) Bear the name of the issuingauthority.

(b) The issuing authority inparagraph (a)(4) of this section must be:

(1) A government authority, oran organization authorized to act onbehalf of a government authority; or

(2) The individual's employer,union, or trade association.

(c) Vessel, facility, and OCSfacility owners and operators mustpermit law enforcement officials, in theperformance of their official duties, whopresent proper identification inaccordance with this section to enter orboard that vessel, facility, or OCSfacility at any time, without delay orobstruction. Law enforcement officials,upon entering or boarding a vessel,facility, or OCS facility, will, as soonas practicable, explain their mission tothe Master, owner, or operator, or theirdesignated agent.

15




OF HOMELAND SECURITYSUBCHAPTER H — MARITIME

SECURITY

PART 103—MARITIMESECURITY: AREA MARITIME

SECURITY

Subpart A — GeneralSec.103.100 Applicability.103.105 Definitions.

Subpart B — Federal MaritimeSecurity Coordinator (FMSC)Designation and Authorities

103.200 Designation of the FederalMaritime Security Coordinator(FMSC).

103.205 Authority of the COTP asthe Federal Maritime SecurityCoordinator (FMSC).

Subpart C — Area MaritimeSecurity (AMS) Committee

103.300 Area Maritime Security(AMS) Committee.

103.305 Composition of an AreaMaritime Security (AMS)Committee.

103.310 Responsibilities of the AreaMaritime Security (AMS)Committee.

Subpart D — Area MaritimeSecurity (AMS) Assessment

103.400 General.103.405 Elements of the Area

Maritime Security (AMS)Assessment.

103.410 Persons involved in the AreaMaritime Security (AMS)Assessment.

Subpart E — Area MaritimeSecurity (AMS) Plan

103.500 General.103.505 Elements of the Area

Maritime Security (AMS) Plan.103.510 Area Maritime Security

(AMS) Plan review andapproval.

103.515 Exercises.103.520 Recordkeeping.

Authority: 33 U.S.C. 1226, 1231; 46U.S.C. 70102, 70103, 70104, 70112;50 U.S.C. 191; 33 CFR 1.05–1, 6.04–11, 6.14, 6.16, and 6.19; Departmentof Homeland Security Delegation No.0170.1.Source: USCG-2003-14733, 68 FR39290, July 1, 2003, unless otherwisenoted.

Subpart A—General§ 103.100 Applicability.

This part applies to all vessels andfacilities located in, on, under, or adja-cent to waters subject to the jurisdic-tion of the U.S.§ 103.105 Definitions.

Except as specifically stated in thissubpart, the definitions in part 101 ofthis subchapter apply to this part.

Subpart B—Federal MaritimeSecurity Coordinator (FMSC)Designation and Authorities

§ 103.200 Designation of theFederal Maritime Security Coordi-nator (FMSC).

The COTPs are the Federal Mari-time Security Coordinators for theirrespective COTP zones described in 33CFR part 3, including all ports and ar-eas located therein.§ 103.205 Authority of the COTPas the Federal Maritime SecurityCoordinator (FMSC).

(a) Without limitation to the au-thority vested in the COTP by statuteor regulation, and in addition to author-ity prescribed elsewhere in this part, theCOTP as the FMSC is authorized to:

(1) Establish, convene, and di-rect the Area Maritime Security (AMS)Committee;

(2) Appoint members to theAMS Committee;

(3) Develop and maintain, in co-ordination with the AMS Committee,the AMS Plan;

(4) Implement and exercise theAMS Plan; and

(5) Maintain the records requiredby §103.520 of this part.

(b) The authorizations in para-

16

Part 103—Maritime Security: Area Maritime Security33 CFR, Ch. I, Subchapter H

graph (a) of this section do not limitany other existing authority of theCOTP.

Subpart C—Area MaritimeSecurity (AMS) Committee

§ 103.300 Area Maritime Security(AMS) Committee.

(a) The AMS Committee is es-tablished under the direction of theCOTP and shall assist in the develop-ment, review, and update of the AMSPlan for their area of responsibility. Forthe purposes of this subchapter, PortSecurity Committees that were estab-lished prior to July 1, 2003, accordingto guidance issued by the Coast Guard,may be considered AMS Committees,provided they conform to the proce-dures established by this part and sat-isfy the membership requirements of§103.305 of this part.

(b) The AMS Committee willoperate under terms specified in a writ-ten charter. At a minimum, the chartermust address:

(1) The AMS Committee’s pur-pose and geographic area of responsi-bility;

(2) Rules for membership;(3) The AMS Committee’s orga-

nizational structure and proceduralrules of order;

(4) Frequency of meetings, toinclude not less than once in a calendaryear or when requested by a majorityof the AMS Committee members;

(5) Guidelines for public accessto AMS Committee meetings andrecords; and

(6) Rules for handling and pro-tecting classified, sensitive security,commercially sensitive, and proprietaryinformation.§ 103.305 Composition of an AreaMaritime Security (AMS) Commit-tee.

(a) An AMS Committee will becomposed of not less than sevenmembers having an interest in thesecurity of the area and who may beselected from—

(1) The Federal, Territorial, orTribal government;

(2) The State government andpolitical subdivisions thereof;

(3) Local public safety, crisismanagement and emergency responseagencies;

(4) Law enforcement and secu-rity organizations;

(5) Maritime industry, includinglabor;

(6) Other port stakeholders hav-ing a special competence in maritimesecurity; and

(7) Port stakeholders affected bysecurity practices and policies.

(b) At least seven of the mem-bers must each have 5 or more years ofexperience related to maritime or portsecurity operations.

(c) Members appointed underthis section serve for a term of not morethan 5 years. In appointing members,the COTP should consider the skillsrequired by §103.410 of this part. Priorto the appointment of an individual toa position on the AMS Committee, theCOTP may require an appropriate se-curity background examination of thecandidate member.§ 103.310 Responsibilities of theArea Maritime Security (AMS)Committee.

(a) The AMS Committee shall:(1) Identify critical port infra-

structure and operations;(2) Identify risks (threats, vulner-

abilities, and consequences);(3) Determine mitigation strate-

gies and implementation methods;(4) Develop and describe the

process to continually evaluate overallport security by considering conse-quences and vulnerabilities, how theymay change over time, and what addi-tional mitigation strategies can be ap-plied; and

(5) Provide advice to, and assistthe COTP in, developing the AMS Plan.

(b) The AMS Committee shallalso serve as a link for communicatingthreats and changes in MARSEC Lev-els, and disseminating appropriate se-curity information to port stakeholders.

Subpart D—Area MaritimeSecurity (AMS) Assessment

§ 103.400 General.(a) The Area Maritime Security

(AMS) Committee will ensure that a

17

Coast Guard, DHSComplete text as amended by the Final Rule

risk based AMS Assessment, is com-pleted and meets the requirementsspecified in §103.310 of this part and§101.510 of this subchapter, incorpo-rating the elements specified in§103.405 of this part.

(b) AMS Assessments can becompleted by the COTP, the AMS Com-mittee, a Coast Guard Port SecurityAssessment team, or by another thirdparty approved by the AMS Commit-tee.

(c) Upon completion of each AMSAssessment, a written report, which isdesignated sensitive security informa-tion, must be prepared consisting of:

(1) A summary of how the AMSAssessment was conducted;

(2) A description of each vulner-ability and consequences found duringthe AMS Assessment; and

(3) A description of risk reduc-tion strategies that could be used toensure continued operation at an accept-able risk level.§ 103.405 Elements of the AreaMaritime Security (AMS) Assess-ment.

(a) The AMS Assessment mustinclude the following elements:

(1) Identification of the criticalMarine Transportation System infra-structure and operations in the port;

(2) Threat assessment that iden-tifies and evaluates each potential threaton the basis of various factors, includ-ing capability and intention;

(3) Consequence and vulnerabil-ity assessment for each target/scenariocombination; and

(4) A determination of the re-quired security measures for the threeMARSEC Levels.

(b) In order to meet the elementslisted in paragraph (a) of this section,an AMS Assessment should considereach of the following:

(1) Physical security of infra-structure and operations at the port;

(2) Structures considered criticalfor the continued operation of the port;

(3) Existing security systems andequipment available to protect maritimepersonnel;

(4) Procedural policies;(5) Radio and telecommunica-

tion systems, including computer sys-tems and networks;

(6) Relevant transportation infra-structure;

(7) Utilities;(8) Security resources and capa-

bilities; and(9) Other areas that may, if dam-

aged, pose a risk to people, infrastruc-ture, or operations within the port.

(c) AMS Assessments are sensi-tive security information and must beprotected in accordance with 49 CFRpart 1520.

§ 103.410 Persons involved in theArea Maritime Security (AMS)Assessment.

The persons carrying out the AMSAssessment must have the appropriateskills to evaluate the security of the portin accordance with this part. This in-cludes being able to draw upon expertassistance in relation to:

(a) Knowledge of current secu-rity threats and patterns;

(b) Recognition and detection ofdangerous substances, and devices;

(c) Recognition, on a non-dis-criminatory basis, of characteristics andbehavioral patterns of persons who arelikely to threaten security;

(d) Techniques used to circum-vent security measures;

(e) Methods used to cause atransportation security incident;

(f) Effects of dangerous sub-stances and devices on structures andport services;

(g) Port security requirements;(h) Port business practices;(i) Contingency planning, emer-

gency preparedness, and response;(j) Physical security measures;(k) Radio and telecommunica-

tions systems, including computer sys-tems and networks;

(l) Transportation and civil en-gineering;

(m) Vessel and port operations;and

(n) Knowledge of the impact,including cost impacts of implement-ing security measures on port opera-tions.

Subpart E—Area Maritime

18

Part 103—Maritime Security: Area Maritime Security33 CFR, Ch. I, Subchapter H

Security (AMS) Plan§ 103.500 General.

(a) The Area Maritime Security(AMS) Plan is developed by the COTP,in consultation with the AMSCommittee, and is based on an AMSAssessment that meets the provisionsof subpart D of this part. The AMS Planmust be consistent with the NationalMaritime Transportation Security Planand the National TransportationSecurity Plan.

(b) Portions of the AMS Planmay contain sensitive securityinformation, and those portions must bemarked as such and protected inaccordance with 49 CFR part 1520.§ 103.505 Elements of the AreaMaritime Security (AMS) Plan.

The AMS Plan should address thefollowing elements, as applicable:

(a) Details of both operationaland physical measures that are in placein the port at MARSEC Level 1;

(b) Details of the additional se-curity measures that enable the port toprogress, without delay, to MARSECLevel 2 and, when necessary, toMARSEC Level 3;

(c) Details of the security inci-dent command-and-response structure;

(d) Details for regular audit ofthe AMS Plan, and for its amendmentin response to experience or changingcircumstances;

(e) Measures to prevent the in-troduction of dangerous substances anddevices into designated restricted areaswithin the port;

(f) Measures to prevent unau-thorized access to designated restrictedareas within the port;

(g) Procedures and expectedtimeframes for responding to securitythreats or breaches of security, includ-ing provisions for maintaining infra-structure and operations in the port;

(h) Procedures for responding toany security instructions the CoastGuard announces at MARSEC Level 3;

(i) Procedures for evacuationwithin the port in case of security threatsor breaches of security;

(j) Procedures for periodic planreview, exercise, and updating;

(k) Procedures for reportingtransportation security incidents (TSI);

(l) Identification of, and meth-ods to communicate with, Facility Se-curity Officers (FSO), Company Secu-rity Officers (CSO), Vessel SecurityOfficers (VSO), public safety officers,emergency response personnel, and cri-sis management organization represen-tatives within the port, including 24-hour contact details;

(m) Measures to ensure the secu-rity of the information contained in theAMS Plan;

(n) Security measures designedto ensure effective security of infra-structure, special events, vessels, pas-sengers, cargo, and cargo handlingequipment at facilities within the portnot otherwise covered by a Vessel orFacility Security Plan, approved underpart 104, 105, or 106 of this subchap-ter;

(o) Procedures to be taken whena vessel is at a higher security level thanthe facility or port it is visiting;

(p) Procedures for responding ifa vessel security alert system on boarda vessel within or near the port has beenactivated;

(q) Procedures for communicat-ing appropriate security and threat in-formation to the public;

(r) Procedures for handling re-ports from the public and maritime in-dustry regarding suspicious activity;

(s) The jurisdiction of Federal,State, Indian Tribal, and local govern-ment agencies and law enforcemententities over area security related mat-ters;

(t) Security resources availablefor incident response and theircapabilities;

(u) Procedures for responding toa TSI;

(v) Procedures to facilitate therecovery of the Marine TransportationSystem after a TSI; and

(w) Identification of any facilityotherwise subject to part 105 of thissubchapter that the COTP hasdesignated as a public access facilitywithin the area, the security measuresthat must be implemented at the variousMARSEC Levels, and who isresponsible for implementing thosemeasures.

19


§ 103.510 Area Maritime Security(AMS) Plan review and approval.

Each AMS Plan will be submittedto the cognizant District Commanderfor review and then forwarded to theArea Commander for approval.§ 103.515 Exercises.

(a) The COTP shall coordinatewith the Area Maritime Security (AMS)Committee to conduct or participate inan exercise at least once each calendaryear, with no more than 18 monthsbetween exercises, to test theeffectiveness of the AMS Plan.

(b) An exercise may consist ofany of the following:

(1) A tabletop exercise tovalidate the AMS Plan. No equipmentor personnel deployment is required;

(2) A field training exerciseconsisting of personnel deployment anduse of security equipment; or

(3) A combination of§103.515(b)(1) and (b)(2).

(c) Upon review by thecognizant District Commander, and

approval by the cognizant AreaCommander, the requirements of thissection may be satisfied by—

(1) Participation of the COTPand appropriate AMS Committeemembers or other appropriate portstakeholders in an emergency responseor crisis management exerciseconducted by another governmentalagency or private sector entity, providedthat the exercise addresses componentsof the AMS Plan;

(2) An actual increase inMARSEC Level; or

(3) Implementation of enhancedsecurity measures enumerated in theAMS Plan during periods of criticalport operations or special marineevents.§ 103.520 Recordkeeping.

(a) All records pertaining to theArea Maritime Security (AMS)Assessment and AMS Plan will beretained by the COTP for 5 years.

(b) Exercise documentation willbe kept by the COTP for 2 years.

20

Part 104—Maritime Security: Vessels33 CFR, Ch. I, Subchapter H




SECURITY

PART 104—MARITIMESECURITY: VESSELS

Subpart A -- GeneralSec.104.100 Definitions.104.105 Applicability.104.110 Exemptions.104.115 Compliance dates.104.120 Compliance documentation.104.125 Noncompliance.104.130 Waivers.104.135 Equivalents.104.140 Alternative Security

Programs.104.145 Maritime Security

(MARSEC) Directive.104.150 Right to appeal.

Subpart B -- Vessel SecurityRequirements

104.200 Owner or operator.104.205 Master.104.210 Company Security Officer

(CSO).104.215 Vessel Security Officer

(VSO).104.220 Company or vessel

personnel with security duties.104.225 Security training for all

other vessel personnel.104.230 Drill and exercise

requirements.104.235 Vessel recordkeeping

requirements.104.240 Maritime Security

(MARSEC) Level coordinationand implementation.

104.245 Communications.104.250 Procedures for interfacing

with facilities and other vessels.104.255 Declaration of Security

(DoS).104.260 Security systems and

equipment maintenance.104.265 Security measures for

access control.104.270 Security measures for

restricted areas.104.275 Security measures for

handling cargo.104.280 Security measures for

delivery of vessel stores andbunkers.

104.285 Security measures formonitoring.

104.290 Security incidentprocedures.

104.292 Additional requirements—passenger vessels and ferries.

104.295 Additional requirements—cruise ships.

104.297 Additional requirements—vessels on international voyages.Subpart C -- Vessel Security

Assessment (VSA)104.300 General.104.305 Vessel Security Assessment

(VSA) requirements.104.310 Submission requirements.

Subpart D -- Vessel Security Plan(VSP)

104.400 General.104.405 Format of the Vessel

Security Plan (VSP).104.410 Submission and approval.104.415 Amendment and audit.

Authority: 33 U.S.C. 1226, 1231; 46U.S.C. Chapter 701; 50 U.S.C. 191;33 CFR 1.05–1, 6.04–11, 6.14, 6.16,and 6.19; Department of HomelandSecurity Delegation No. 0170.1.Source: USCG-2003-14749, 68 FR39302, July 1, 2003, unless otherwisenoted.

Subpart A—General§ 104.100 Definitions.

Except as specifically stated in thissubpart, the definitions in part 101 ofthis subchapter apply to this part.§ 104.105 Applicability.

(a) This part applies to the owneror operator of any:

(1) Mobile Offshore DrillingUnit (MODU), cargo, or passengervessel subject to the InternationalConvention for Safety of Life at Sea,

21


1974, (SOLAS), Chapter XI;(2) Foreign cargo vessel greater

than 100 gross register tons;(3) Self-propelled U.S. cargo

vessel greater than 100 gross registertons subject to 46 CFR subchapter I,except commercial fishing vesselsinspected under 46 CFR part 105;

(4) Vessel subject to 46 CFRchapter I, subchapter L;

(5) Passenger vessel subject to46 CFR chapter I, subchapter H;

(6) Passenger vessel certificatedto carry more than 150 passengers;

(7) Other passenger vesselcarrying more than 12 passengers,including at least one passenger-for-hire, that is engaged on an internationalvoyage;

(8) Barge subject to 46 CFRchapter I, subchapters D or O;

(9) Barge subject to 46 CFRchapter I, subchapter I, that carriesCertain Dangerous Cargoes in bulk, orthat is engaged on an internationalvoyage;

(10) Tankship subject to 46 CFRchapter I, subchapters D or O; and

(11) Towing vessel greater thaneight meters in registered length that isengaged in towing a barge or bargessubject to this part, except a towingvessel that--

(i) Temporarily assists anothervessel engaged in towing a barge orbarges subject to this part;

(ii) Shifts a barge or bargessubject to this part at a facility or withina fleeting facility;

(iii) Assists sections of a towthrough a lock; or

(iv) Provides emergencyassistance.

(b) An owner or operator of anyvessel not covered in paragraph (a) ofthis section is subject to parts 101through 103 of this subchapter.

(c) Foreign Vessels that have onboard a valid International ShipSecurity Certificate that certifies that theverifications required by part A, Section19.1, of the International Ship and PortFacility Security (ISPS) Code(Incorporated by reference, see §101.115 of this subchapter) have beencompleted will be deemed incompliance with this part, except for §§104.240, 104.255, 104.292, and

104.295, as appropriate. This includesensuring that the vessel meets theapplicable requirements of SOLASChapter XI-2 (Incorporated byreference, see § 101.115 of thissubchapter) and the ISPS Code, part A,having taken into account the relevantprovisions of the ISPS Code, part B,and that the vessel is provided with anapproved security plan.

(d) Except pursuant tointernational treaty, convention, oragreement to which the U.S. is a party,this part does not apply to any foreignvessel that is not destined for, ordeparting from, a port or place subjectto the jurisdiction of the U.S. and thatis in:

(1) Innocent passage through theterritorial sea of the U.S.; or

(2) Transit through the navigablewaters of the U.S. that form a part of aninternational strait.§ 104.110 Exemptions.

(a) This part does not apply towarships, naval auxiliaries, or othervessels owned or operated by agovernment and used only ongovernment non-commercial service.

(b) A vessel is not subject to thispart while the vessel is laid up,dismantled, or otherwise out ofcommission.§ 104.115 Compliance dates.

(a) On July 1, 2004, andthereafter, vessel owners or operatorsmust ensure their vessels are operatingin compliance with this part.

(b) On or before December 31,2003, vessel owners or operators notsubject to paragraph (c)(1) of thissection must submit to theCommanding Officer, Marine SafetyCenter, for each vessel—

(1) The Vessel Security Plandescribed in subpart D of this part forreview and approval; or

(2) If intending to operate underan approved Alternative SecurityProgram, a letter signed by the vesselowner or operator stating whichapproved Alternative Security Programthe owner or operator intends to use.

(c) On July 1, 2004, andthereafter, owners or operators of

22


foreign vessels must comply with thefollowing--

(1) Vessels subject to theInternational Convention for Safety ofLife at Sea, 1974, (SOLAS), ChapterXI, must carry on board a validInternational Ship Security Certificatethat certifies that the verificationsrequired by part A, Section 19.1, of theInternational Ship and Port FacilitySecurity (ISPS) Code (Incorporated byreference, see § 101.115 of thissubchapter) have been completed. Thisincludes ensuring that the vessel meetsthe applicable requirements of SOLASChapter XI-2 (Incorporated byreference, see § 101.115 of this chapter)and the ISPS Code, part A, having takeninto account the relevant provisions ofthe ISPS Code, part B, and that thevessel is provided with an approvedsecurity plan.

(2) Vessels not subject toSOLAS Chapter XI, may comply withthis part through an Alternative SecurityProgram or a bilateral arrangementapproved by the Coast Guard. If notcomplying with an approvedAlternative Security Program orbilateral arrangement, these vesselsmust meet the requirements ofparagraph (b) of this section.§ 104.120 Compliancedocumentation.

(a) Each vessel owner oroperator subject to this part mustensure, on or before July 1, 2004, thatcopies of the following documents arecarried on board the vessel and are madeavailable to the Coast Guard uponrequest:

(1) The approved Vessel SecurityPlan (VSP) and any approved revisionsor amendments thereto, and a letter ofapproval from the CommandingOfficer, Marine Safety Center (MSC);

(2) The VSP submitted forapproval and a currentacknowledgement letter from theCommanding Officer, MSC, stating thatthe Coast Guard is currently reviewingthe VSP submitted for approval, andthat the vessel may continue to operateso long as the vessel remains incompliance with the submitted plan;

(3) For vessels operating under

a Coast Guard-approved AlternativeSecurity Program as provided in§104.140, a copy of the AlternativeSecurity Program the vessel is using,including a vessel specific securityassessment report generated under theAlternative Security Program, asspecified in § 101.120(b)(3) of thissubchapter, and a letter signed by thevessel owner or operator, stating whichAlternative Security Program the vesselis using and certifying that the vessel isin full compliance with that program;or

(4) For foreign vessels, subjectto the International Convention forSafety of Life at Sea, 1974, (SOLAS),Chapter XI, a valid International ShipSecurity Certificate (ISSC) that atteststo the vessel’s compliance with SOLASChapter XI-2 and the ISPS Code, partA (Incorporated by reference, see §101.115 of this subchapter) and isissued in accordance with the ISPSCode, part A, section 19. As stated inSection 9.4 of the ISPS Code, part Arequires that, in order for the ISSC tobe issued, the provisions of part B ofthe ISPS Code need to be taken intoaccount.

(b) Each owner or operator of anunmanned vessel subject to this partmust maintain the documentationdescribed in paragraphs (a)(1), (2), or(3) of this section. The letter requiredby each of those paragraphs must becarried on board the vessel. The planor program required by each of thoseparagraphs must not be carried on boardthe vessel, but must be maintained in asecure location. During scheduledinspections, the plan or program mustbe made available to the Coast Guardupon request.§ 104.125 Noncompliance.

When a vessel must temporarilydeviate from the requirements of thispart, the vessel owner or operator mustnotify the cognizant COTP, and eithersuspend operations or request andreceive permission from the COTP tocontinue operating.§ 104.130 Waivers.

Any vessel owner or operator mayapply for a waiver of any requirement

23


of this part that the owner or operatorconsiders unnecessary in light of thenature or operating conditions of thevessel. A request for a waiver must besubmitted in writing with justificationto the Commandant (G–MP) at 2100Second St., SW., Washington, DC20593. The Commandant (G–MP) mayrequire the vessel owner or operator toprovide additional data for determiningthe validity of the requested waiver. TheCommandant (G–MP) may grant, inwriting, a waiver with or withoutconditions only if the waiver will notreduce the overall security of the vessel,its passengers, its crew, or its cargo, orfacilities or ports that the vessel mayvisit.§ 104.135 Equivalents.

For any measure required by thispart, the vessel owner or operator maypropose an equivalent as provided in§101.130 of this subchapter.§ 104.140 Alternative SecurityPrograms.

A vessel owner or operator mayuse an Alternative Security Program asapproved under §101.120 of thissubchapter if:

(a) The Alternative SecurityProgram is appropriate to that class ofvessel;

(b) The vessel is not subject tothe International Convention for Safetyof Life at Sea, 1974; and

(c) The Alternative SecurityProgram is implemented in its entirety.§ 104.145 Maritime Security(MARSEC) Directive.

Each vessel owner or operatorsubject to this part must comply withany instructions contained in aMARSEC Directive issued under§101.405 of this subchapter.§ 104.150 Right to appeal.

Any person directly affected by adecision or action taken under this part,by or on behalf of the Coast Guard, mayappeal as described in §101.420 of thissubchapter.

Subpart B—Vessel Security

Requirements§ 104.200 Owner or operator.

(a) Each vessel owner oroperator must ensure that the vesseloperates in compliance with therequirements of this part.

(b) For each vessel, the vesselowner or operator must:

(1) Define the securityorganizational structure for each vesseland provide all personnel exercisingsecurity duties or responsibilities withinthat structure with the support neededto fulfill security obligations;

(2) Designate, in writing, byname or title, a Company SecurityOfficer (CSO), a Vessel Security Officer(VSO) for each vessel, and identify howthose officers can be contacted at anytime;

(3) Ensure personnel receivetraining, drills, and exercises enablingthem to perform their assigned securityduties;

(4) Ensure vessel securityrecords are kept;

(5) Ensure that adequatecoordination of security issues takesplace between vessels and facilities; thisincludes the execution of a Declarationof Security (DoS);

(6) Ensure coordination of shoreleave for vessel personnel or crewchange-out, as well as access throughthe facility of visitors to the vessel(including representatives of seafarers'welfare and labor organizations), withfacility operators in advance of avessel's arrival. Vessel owners oroperators may refer to treaties offriendship, commerce, and navigationbetween the U.S. and other nations incoordinating such leave. The text ofthese treaties can be found on the U.S.Department of State's website at http://www.state.gov/s/l/24224.htm;

(7) Ensure securitycommunication is readily available;

(8) Ensure coordination with andimplementation of changes in MaritimeSecurity (MARSEC) Level;

(9) Ensure that security systemsand equipment are installed andmaintained;

(10) Ensure that vessel access,including the embarkation of persons

24


and their effects, are controlled;(11) Ensure that restricted areas

are controlled;(12) Ensure that cargo and vessel

stores and bunkers are handled incompliance with this part;

(13) Ensure restricted areas, deckareas, and areas surrounding the vesselare monitored;

(14) Provide the Master, or forvessels on domestic routes only, theCSO, with the following information:

(i) Parties responsible forappointing vessel personnel, such asvessel management companies,manning agents, contractors,concessionaires (for example, retailsales outlets, casinos, etc.);

(ii) Parties responsible fordeciding the employment of the vessel,including time or bareboat charters orany other entity acting in such capacity;and

(iii) In cases when the vessel isemployed under the terms of a charterparty, the contract details of thosedocuments, including time or voyagecharters; and

(15) Give particular considerationto the convenience, comfort, andpersonal privacy of vessel personneland their ability to maintain theireffectiveness over long periods.§ 104.205 Master.

(a) Nothing in this part isintended to permit the Master to beconstrained by the Company, the vesselowner or operator, or any other person,from taking or executing any decisionwhich, in the professional judgment ofthe Master, is necessary to maintain thesafety and security of the vessel. Thisincludes denial of access to persons—except those identified as dulyauthorized by the cognizantgovernment authority—or their effects,and refusal to load cargo, includingcontainers or other closed cargotransport units.

(b) If, in the professionaljudgment of the Master, a conflictbetween any safety and securityrequirements applicable to the vesselarises during its operations, the Mastermay give precedence to measuresintended to maintain the safety of the

vessel, and take such temporary securitymeasures as seem best under allcircumstances. In such cases:

(1) The Master must, as soon aspracticable, inform the nearest COTP.If the vessel is on a foreign voyage, theMaster must promptly inform the CoastGuard via the NRC at 1–800–424–8802, direct telephone at 202–267–2675, fax at 202–267–2165, TDD at202–267–4477, or E-mail [email protected] and ifsubject to the jurisdiction of a foreigngovernment, the relevant maritimeauthority of that foreign government;

(2) The temporary securitymeasures must, to the highest possibledegree, be commensurate with theprevailing Maritime Security(MARSEC) Level; and

(3) The owner or operator mustensure that such conflicts are resolvedto the satisfaction of the cognizantCOTP, or for vessels on internationalvoyages, the Commandant (G-MP), andthat the possibility of recurrence isminimized.§ 104.210 Company SecurityOfficer (CSO).

(a) General. (1) Each vesselowner or operator must designate inwriting a CSO.

(2) A vessel owner or operatormay designate a single CSO for all itsvessels to which this part applies, ormay designate more than one CSO, inwhich case the owner or operator mustclearly identify the vessels for whicheach CSO is responsible.

(3) A CSO may perform otherduties within the owner or operator'sorganization including the duties of aVessel Security Officer, provided he orshe is able to perform the duties andresponsibilities required of a CSO.

(4) The CSO may delegate dutiesrequired by this part, but remainsresponsible for the performance ofthose duties.

(b) Qualifications. (1) The CSOmust have general knowledge, throughtraining or equivalent job experience,in the following:

(i) Security administration andorganization of the company's vessel(s);

(ii) Vessel, facility, and port

25


operations relevant to that industry;(iii) Vessel and facility security

measures, including the meaning andthe consequential requirements of thedifferent Maritime Security (MARSEC)Levels;

(iv) Emergency preparedness andresponse and contingency planning;

(v) Security equipment andsystems and their operationallimitations;

(vi) Methods of conductingaudits, inspection and control andmonitoring techniques; and

(vii) Techniques for securitytraining and education, includingsecurity measures and procedures.

(2) In addition to knowledge andtraining in paragraph (b)(1) of thissection, the CSO must have generalknowledge through training orequivalent job experience in thefollowing, as appropriate:

(i) Relevant internationalconventions, codes, andrecommendations;

(ii) Relevant governmentlegislation and regulations;

(iii) Responsibilities andfunctions of other securityorganizations;

(iv) Methodology of VesselSecurity Assessment;

(v) Methods of vessel securitysurveys and inspections;

(vi) Instruction techniques forsecurity training and education,including security measures andprocedures;

(vii) Handling sensitive securityinformation and security relatedcommunications;

(viii)Knowledge of currentsecurity threats and patterns;

(ix) Recognition and detection ofdangerous substances and devices;

(x) Recognition ofcharacteristics and behavioral patternsof persons who are likely to threatensecurity;

(xi) Techniques used tocircumvent security measures;

(xii) Methods of physicalscreening and non-intrusiveinspections;

(xiii)Security drills and exercises,including drills and exercises withfacilities; and

(xiv) Assessment of security drillsand exercises.

(c) Responsibilities. In additionto those responsibilities and dutiesspecified elsewhere in this part, theCSO must, for each vessel for whichhe or she has been designated:

(1) Keep the vessel apprised ofpotential threats or other informationrelevant to its security;

(2) Ensure a Vessel SecurityAssessment (VSA) is carried out;

(3) Ensure a Vessel Security Plan(VSP) is developed, approved, andmaintained;

(4) Ensure the VSP is modifiedwhen necessary;

(5) Ensure vessel securityactivities are audited;

(6) Arrange for Coast Guardinspections under 46 CFR part 2;

(7) Ensure the timely or promptcorrection of problems identified byaudits or inspections;

(8) Enhance security awarenessand vigilance within the owner's oroperator's organization;

(9) Ensure relevant personnelreceive adequate security training;

(10) Ensure communication andcooperation between the vessel and theport and facilities with which the vesselinterfaces;

(11) Ensure consistency betweensecurity requirements and safetyrequirements;

(12) Ensure that when sister-vessel or fleet security plans are used,the plan for each vessel reflects thevessel-specific information accurately;

(13) Ensure compliance with anAlternative Security Program orequivalents approved under thissubchapter, if appropriate; and

(14) Ensure security measuresgive particular consideration to theconvenience, comfort, and personalprivacy of vessel personnel and theirability to maintain their effectivenessover long periods.§ 104.215 Vessel Security Officer(VSO).

(a) General. (1) A VSO mayperform other duties within the owner'sor operator's organization, provided heor she is able to perform the duties and

26


responsibilities required of the VSO foreach such vessel.

(2) For manned vessels, the VSOmust be the Master or a member of thecrew.

(3) For unmanned vessels, theVSO must be an employee of thecompany, and the same person mayserve as the VSO for more than oneunmanned vessel. If a person serves asthe VSO for more than one unmannedvessel, the name of each unmannedvessel for which he or she is the VSOmust be listed in the Vessel SecurityPlan (VSP).

(4) The VSO of any unmannedbarge and the VSO of any towing vesselinterfacing with the barge mustcoordinate and ensure theimplementation of security measuresapplicable to both vessels during theperiod of their interface.

(5) The VSO may assign securityduties to other vessel personnel;however, the VSO remains responsiblefor these duties.

(b) Qualifications. The VSOmust have general knowledge, throughtraining or equivalent job experience,in the following:

(1) Those items listed in§104.210 (b)(1) and (b)(2) of this part;

(2) Vessel layout;(3) The VSP and related

procedures, including scenario-basedresponse training;

(4) Crowd management andcontrol techniques;

(5) Operations of securityequipment and systems; and

(6) Testing and calibration ofsecurity equipment and systems, andtheir maintenance while at sea.

(c) Responsibilities. In additionto those responsibilities and dutiesspecified elsewhere in this part, theVSO must, for each vessel for whichhe or she has been designated:

(1) Regularly inspect the vesselto ensure that security measures aremaintained;

(2) Ensure maintenance andsupervision of the implementation ofthe VSP, and any amendments to theVSP;

(3) Ensure the coordination andhandling of cargo and vessel stores andbunkers in compliance with this part;

(4) Propose modifications to theVSP to the Company Security Officer(CSO);

(5) Ensure that any problemsidentified during audits or inspectionsare reported to the CSO, and promptlyimplement any corrective actions;

(6) Ensure security awarenessand vigilance on board the vessel;

(7) Ensure adequate securitytraining for vessel personnel;

(8) Ensure the reporting andrecording of all security incidents;

(9) Ensure the coordinatedimplementation of the VSP with theCSO and the relevant Facility SecurityOfficer, when applicable;

(10) Ensure security equipment isproperly operated, tested, calibrated andmaintained; and

(11) Ensure consistency betweensecurity requirements and the propertreatment of vessel personnel affectedby those requirements.§ 104.220 Company or vesselpersonnel with security duties.

Company and vessel personnelresponsible for security duties musthave knowledge, through training orequivalent job experience, in thefollowing, as appropriate:

(a) Knowledge of currentsecurity threats and patterns;

(b) Recognition and detection ofdangerous substances and devices;

(c) Recognition ofcharacteristics and behavioral patternsof persons who are likely to threatensecurity;

(d) Techniques used tocircumvent security measures;

(e) Crowd management andcontrol techniques;

(f) Security relatedcommunications;

(g) Knowledge of emergencyprocedures and contingency plans;

(h) Operation of securityequipment and systems;

(i) Testing and calibration ofsecurity equipment and systems, andtheir maintenance while at sea;

(j) Inspection, control, andmonitoring techniques;

(k) Relevant provisions of theVessel Security Plan (VSP);

27


(l) Methods of physicalscreening of persons, personal effects,baggage, cargo, and vessel stores; and

(m) The meaning and theconsequential requirements of thedifferent Maritime Security (MARSEC)Levels.§ 104.225 Security training for allother vessel personnel.

All other vessel personnel,including contractors, whether part-time, full-time, temporary, orpermanent, must have knowledge of,through training or equivalent jobexperience in the following, asappropriate:

(a) Relevant provisions of theVessel Security Plan (VSP);

(b) The meaning and theconsequential requirements of thedifferent Maritime Security (MARSEC)Levels, including emergencyprocedures and contingency plans;

(c) Recognition and detection ofdangerous substances and devices;

(d) Recognition ofcharacteristics and behavioral patternsof persons who are likely to threatensecurity; and

(e) Techniques used tocircumvent security measures.§ 104.230 Drill and exerciserequirements.

(a) General. (1) Drills andexercises must test the proficiency ofvessel personnel in assigned securityduties at all Maritime Security(MARSEC) Levels and the effectiveimplementation of the Vessel SecurityPlan (VSP). They must enable theVessel Security Officer (VSO) toidentify any related security deficienciesthat need to be addressed.

(2) A drill or exercise required bythis section may be satisfied with theimplementation of security measuresrequired by the Vessel Security Plan asthe result of an increase in theMARSEC Level, provided the vesselreports attainment to the cognizantCOTP.

(b) Drills. (1) The VSO mustensure that at least one security drill isconducted at least every 3 months,except when a vessel is out of service

due to repairs or seasonal suspensionof operation provided that in such casesa drill must be conducted within oneweek of the vessel's reactivation.Security drills may be held inconjunction with non-security drillswhere appropriate.

(2) Drills must test individualelements of the VSP, including responseto security threats and incidents. Drillsshould take into account the types ofoperations of the vessel, vesselpersonnel changes, and other relevantcircumstances. Examples of drillsinclude unauthorized entry to arestricted area, response to alarms, andnotification of law enforcementauthorities.

(3) If the vessel is moored at afacility on the date the facility hasplanned to conduct any drills, the vesselmay, but is not required to, participatein the facility's scheduled drill.

(4) Drills must be conductedwithin one week from whenever thepercentage of vessel personnel with noprior participation in a vessel securitydrill on that vessel exceeds 25 percent.

(5) Not withstanding paragraph(b)(4) of this section, vessels not subjectto SOLAS may conduct drills within 1week from whenever the percentage ofvessel personnel with no priorparticipation in a vessel security drillon a vessel of similar design and ownedor operated by the same companyexceeds 25 percent.

(c) Exercises. (1) Exercises mustbe conducted at least once each calendaryear, with no more than 18 monthsbetween exercises.

(2) Exercises may be:(i) Full scale or live;(ii) Tabletop simulation or

seminar;(iii) Combined with other

appropriate exercises; or(iv) A combination of the

elements in paragraphs (c)(2)(i) through(iii) of this section.

(3) Exercises may be vessel-specific or part of a cooperative exerciseprogram to exercise applicable facilityand vessel security plans orcomprehensive port exercises.

(4) Each exercise must testcommunication and notificationprocedures, and elements of

28


coordination, resource availability, andresponse.

(5) Exercises are a full test of thesecurity program and must include thesubstantial and active participation ofrelevant company and vessel securitypersonnel, and may include facilitysecurity personnel and governmentauthorities depending on the scope andthe nature of the exercises.§ 104.235 Vessel recordkeepingrequirements.

(a) Unless otherwise specified inthis section, the Vessel Security Officermust keep records of the activities asset out in paragraph (b) of this sectionfor at least 2 years and make themavailable to the Coast Guard uponrequest.

(b) Records required by thissection may be kept in electronicformat. If kept in an electronic format,they must be protected againstunauthorized deletion, destruction, oramendment. The following recordsmust be kept:

(1) Training. For training under§ 104.225, the date of each session,duration of session, a description of thetraining, and a list of attendees;

(2) Drills and exercises. For eachdrill or exercise, the date held,description of drill or exercise, list ofparticipants; and any best practices orlessons learned which may improve theVessel Security Plan (VSP);

(3) Incidents and breaches ofsecurity. Date and time of occurrence,location within the port, location withinthe vessel, description of incident orbreaches, to whom it was reported, anddescription of the response;

(4) Changes in MaritimeSecurity (MARSEC) Levels. Date andtime of notification received, and timeof compliance with additionalrequirements;

(5) Maintenance, calibration,and testing of security equipment. Foreach occurrence of maintenance,calibration, and testing, the date andtime, and the specific securityequipment involved;

(6) Security threats. Date andtime of occurrence, how the threat wascommunicated, who received or

identified the threat, description ofthreat, to whom it was reported, anddescription of the response;

(7) Declaration of Security(DoS). Manned vessels must keep onboard a copy of the last 10 DoSs and acopy of each continuing DoS for at least90 days after the end of its effectiveperiod; and

(8) Annual audit of the VSP. Foreach annual audit, a letter certified bythe Company Security Officer or theVSO stating the date the audit wascompleted.

(c) Any records required by thispart must be protected fromunauthorized access or disclosure.§ 104.240 Maritime Security(MARSEC) Level coordination andimplementation.

(a) The vessel owner or operatormust ensure that, prior to entering a portor visiting an Outer Continental Shelf(OCS) facility, all measures are takenthat are specified in the Vessel SecurityPlan (VSP) for compliance with theMARSEC Level in effect for the portor the OCS facility.

(b) When notified of an increasein the MARSEC Level, the vesselowner or operator must ensure:

(1) If a higher MARSEC Levelis set for the port in which the vessel islocated or is about to enter, the vesselcomplies, without undue delay, with allmeasures specified in the VSP forcompliance with that higher MARSECLevel;

(2) The COTP is notified asrequired by §101.300(c) whencompliance with the higher MARSECLevel has been implemented;

(3) For vessels in port, thatcompliance with the higher MARSECLevel has taken place within 12 hoursof the notification; and

(4) If a higher MARSEC Levelis set for the OCS facility with whichthe vessel is interfacing or is about tovisit, the vessel complies, withoutundue delay, with all measures specifiedin the VSP for compliance with thathigher MARSEC Level.

(c) For MARSEC Levels 2 and3, the Vessel Security Officer must briefall vessel personnel of identified threats,

29


emphasize reporting procedures, andstress the need for increased vigilance.

(d) An owner or operator whosevessel is not in compliance with therequirements of this section mustinform the COTP and obtain approvalprior to entering any port, prior tointerfacing with another vessel or witha facility or to continuing operations.

(e) For MARSEC Level 3, inaddition to the requirements in this part,a vessel owner or operator may berequired to implement additionalmeasures, pursuant to 33 CFR part 6,160 or 165, as appropriate, which mayinclude but are not limited to:

(1) Arrangements to ensure thatthe vessel can be towed or moved ifdeemed necessary by the Coast Guard;

(2) Use of waterborne securitypatrol;

(3) Use of armed securitypersonnel to control access to the vesseland to deter, to the maximum extentpractical, a TSI; or

(4) Screening the vessel for thepresence of dangerous substances anddevices underwater or other threats.§ 104.245 Communications.

(a) The Vessel Security Officermust have a means to effectively notifyvessel personnel of changes in securityconditions on board the vessel.

(b) Communications systemsand procedures must allow effective andcontinuous communication between thevessel security personnel, facilitiesinterfacing with the vessel, vesselsinterfacing with the vessel, and nationalor local authorities with securityresponsibilities.

(c) Communication systems andprocedures must enable vesselpersonnel to notify, in a timely manner,shore side authorities or other vesselsof a security threat or incident on board.§ 104.250 Procedures forinterfacing with facilities and othervessels.

(a) The vessel owner or operatormust ensure that there are measures forinterfacing with facilities and othervessels at all MARSEC Levels.

(b) For each U.S. flag vessel thatcalls on foreign ports or facilities, the

vessel owner or operator must ensureprocedures for interfacing with thoseports and facilities are established.§ 104.255 Declaration of Security(DoS).

(a) Each vessel owner oroperator must ensure procedures areestablished for requesting a DoS andfor handling DoS requests from afacility or other vessel.

(b) At MARSEC Level 1, theMaster or Vessel Security Officer(VSO), or their designatedrepresentative, of any cruise ship ormanned vessel carrying CertainDangerous Cargoes, in bulk, mustcomplete and sign a DoS with the VSOor Facility Security Officer (FSO), ortheir designated representative, of anyvessel or facility with which itinterfaces.

(1) For a vessel-to-facilityinterface, prior to arrival of a vessel toa facility, the FSO and Master, VSO,or their designated representatives mustcoordinate security needs andprocedures, and agree upon the contentsof the DoS for the period of time thevessel is at the facility. Upon a vessel'sarrival to a facility and prior to anypassenger embarkation ordisembarkation or cargo transferoperation, the FSO or Master, VSO, ordesignated representatives must sign thewritten DoS.

(2) For a vessel engaging in avessel-to-vessel activity, prior to theactivity, the respective Masters, VSOs,or their designated representatives mustcoordinate security needs andprocedures, and agree upon the contentsof the DoS for the period of the vessel-to-vessel activity. Upon the vessel-to-vessel activity and prior to anypassenger embarkation ordisembarkation or cargo transferoperation, the respective Masters,VSOs, or designated representativesmust sign the written DoS.

(c) At MARSEC Levels 2 and 3,the Master, VSO, or designatedrepresentative of any manned vesselrequired to comply with this part mustcoordinate security needs andprocedures, and agree upon the contentsof the DoS for the period of the vessel-

30


to-vessel activity. Upon the vessel-to-vessel activity and prior to anypassenger embarkation ordisembarkation or cargo transferoperation, the respective Masters,VSOs, or designated representativesmust sign the written DoS.

(d) At MARSEC Levels 2 and 3,the Master, VSO, or designatedrepresentative of any manned vesselrequired to comply with this part mustcoordinate security needs andprocedures, and agree upon the contentsof the DoS for the period the vessel isat the facility. Upon the vessel’s arrivalto a facility and prior to any passengerembarkation or disembarkation or cargotransfer operation, the respective FSOand Master, VSO, or designatedrepresentatives must sign the writtenDoS.

(e) At MARSEC Levels 1 and 2,VSOs of vessels that frequentlyinterface with the same facility mayimplement a continuing DoS formultiple visits, provided that:

(1) The DoS is valid for thespecific MARSEC Level;

(2) The effective period atMARSEC Level 1 does not exceed 90days; and

(3) The effective period atMARSEC Level 2 does not exceed 30days.

(f) When the MARSEC Levelincreases beyond the level contained inthe DoS, the continuing DoS becomesvoid and a new DoS must be signed andimplemented in accordance with thissection.

(g) The COTP may require at anytime, at any MARSEC Level, anymanned vessel subject to this part toimplement a DoS with the VSO or FSOprior to any vessel-to-vessel activity orvessel-to-facility interface when he orshe deems it necessary.§ 104.260 Security systems andequipment maintenance.

(a) Security systems andequipment must be in good workingorder and inspected, tested, calibratedand maintained according to themanufacturer's recommendation.

(b) The results of testingcompleted under paragraph (a) of this

section shall be recorded in accordancewith §104.235. Any deficiencies shallbe promptly corrected.

(c) The Vessel Security Plan(VSP) must include procedures foridentifying and responding to securitysystem and equipment failures ormalfunctions.§ 104.265 Security measures foraccess control.

(a) General. The vessel owner oroperator must ensure theimplementation of security measures to:

(1) Deter the unauthorizedintroduction of dangerous substancesand devices, including any deviceintended to damage or destroy persons,vessels, facilities, or ports;

(2) Secure dangerous substancesand devices that are authorized by theowner or operator to be on board; and

(3) Control access to the vessel.(b) The vessel owner or operator

must ensure that the following arespecified:

(1) The locations providingmeans of access to the vessel whereaccess restrictions or prohibitions areapplied for each Maritime Security(MARSEC) Level. “Means of access”include, but are not limited, to all:

(i) Access ladders;(ii) Access gangways;(iii) Access ramps;(iv) Access doors, side scuttles,

windows, and ports;(v) Mooring lines and anchor

chains; and(vi) Cranes and hoisting gear;(2) The identification of the

types of restriction or prohibition to beapplied and the means of enforcingthem; and

(3) The means of identificationrequired to allow individuals to accessthe vessel and remain on the vesselwithout challenge.

(c) The vessel owner or operatormust ensure that an identificationsystem is established for checking theidentification of vessel personnel orother persons seeking access to thevessel that:

(1) Allows identification ofauthorized and unauthorized persons atany MARSEC Level;

31


(2) Is coordinated, whenpracticable, with identification systemsat facilities used by the vessel;

(3) Is updated regularly;(4) Uses disciplinary measures to

discourage abuse;(5) Allows temporary or

continuing access for vessel personneland visitors, including seafarers’chaplains and union representatives,through the use of a badge or othersystem to verify their identity; and

(6) Allow certain long-term,frequent vendor representatives to betreated more as employees than asvisitors.

(d) The vessel owner or operatormust establish in the approved VesselSecurity Plan (VSP) the frequency ofapplication of any security measures foraccess control, particularly if thesesecurity measures are applied on arandom or occasional basis.

(e) MARSEC Level 1. The vesselowner or operator must ensure securitymeasures in this paragraph areimplemented to:

(1) Screen persons, baggage(including carry-on items), personaleffects, and vehicles for dangeroussubstances and devices at the ratespecified in the approved VesselsSecurity Plan (VSP), except forgovernment-owned vehicles on officialbusiness when government personnelpresent identification credentials forentry;

(2) Conspicuously post signsthat describe security measurescurrently in effect and clearly state that:

(i) Boarding the vessel isdeemed valid consent to screening orinspection; and

(ii) Failure to consent or submitto screening or inspection will result indenial or revocation of authorization toboard;

(3) Check the identification ofany person seeking to board the vessel,including vessel passengers and crew,facility employees, vendors, personnelduly authorized by the cognizantgovernment authorities, and visitors.This check includes confirming thereason for boarding by examining atleast one of the following:

(i) Joining instructions;(ii) Passenger tickets;

(iii) Boarding passes;(iv) Work orders, pilot orders, or

surveyor orders;(v) Government identification;

or(vi) Visitor badges issued in

accordance with an identificationsystem required in paragraph (c) of thissection;

(4) Deny or revoke a person'sauthorization to be on board if theperson is unable or unwilling, upon therequest of vessel personnel, to establishhis or her identity or to account for hisor her presence on board. Any suchincident must be reported in compliancewith this part;

(5) Deter unauthorized access tothe vessel;

(6) Identify access points thatmust be secured or attended to deterunauthorized access;

(7) Lock or otherwise preventaccess to unattended spaces that adjoinareas to which passengers and visitorshave access;

(8) Provide a designated securearea on board or in liaison with afacility, for conducting inspections andscreening of people, baggage (includingcarry-on items), personal effects,vehicles and the vehicle's contents;

(9) Ensure vessel personnel arenot subjected to screening, of the personor of personal effects, by other vesselpersonnel, unless security clearlyrequires it. Any such screening must beconducted in a way that takes into fullaccount individual human rights andpreserves the individual's basic humandignity;

(10) Ensure the screening of allunaccompanied baggage;

(11) Ensure checked persons andtheir personal effects are segregatedfrom unchecked persons and theirpersonal effects;

(12) Ensure embarkingpassengers are segregated fromdisembarking passengers;

(13) Ensure, in liaison with thefacility, a defined percentage of vehiclesto be loaded aboard passenger vesselsare screened prior to loading at the ratespecified in the approved VSP;

(14) Ensure, in liaison with thefacility, all unaccompanied vehicles tobe loaded on passenger vessels are

32


screened prior to loading; and(15) Respond to the presence of

unauthorized persons on board,including repelling unauthorizedboarders.

(f) MARSEC Level 2. In additionto the security measures required forMARSEC Level 1 in this section, atMARSEC Level 2, the vessel owner oroperator must also ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 2 in the approved VSP. Theseadditional security measures mayinclude:

(1) Increasing the frequency anddetail of screening of people, personaleffects, and vehicles being embarked orloaded onto the vessel as specified forMARSEC Level 2 in the approved VSP,except for government-owned vehicleson official business when governmentpersonnel present identificationcredentials for entry;

(2) X-ray screening of allunaccompanied baggage;

(3) Assigning additionalpersonnel to patrol deck areas duringperiods of reduced vessel operations todeter unauthorized access;

(4) Limiting the number ofaccess points to the vessel by closingand securing some access points;

(5) Denying access to visitorswho do not have a verified destination;

(6) Deterring waterside access tothe vessel, which may include, in liaisonwith the facility, providing boat patrols;and

(7) Establishing a restricted areaon the shoreside of the vessel, in closecooperation with the facility.

(g) MARSEC Level 3. In additionto the security measures required forMARSEC Level 1 and MARSEC Level2, the vessel owner or operator mustensure the implementation of additionalsecurity measures, as specified forMARSEC Level 3 in the approved VSP.The additional security measures mayinclude:

(1) Screening all persons,baggage, and personal effects fordangerous substances and devices;

(2) Performing one or more ofthe following on unaccompaniedbaggage:

(i) Screen unaccompanied

baggage more extensively, for example,x-raying from two or more angles;

(ii) Prepare to restrict or suspendhandling unaccompanied baggage; or

(iii) Refuse to acceptunaccompanied baggage on board;

(3) Being prepared to cooperatewith responders and facilities;

(4) Limiting access to the vesselto a single, controlled access point;

(5) Granting access to only thoseresponding to the security incident orthreat thereof;

(6) Suspending embarkationand/or disembarkation of personnel;

(7) Suspending cargooperations;

(8) Evacuating the vessel;(9) Moving the vessel; and(10) Preparing for a full or partial

search of the vessel.§ 104.270 Security measures forrestricted areas.

(a) General. The vessel owner oroperator must ensure the designation ofrestricted areas in order to:

(1) Prevent or deter unauthorizedaccess;

(2) Protect persons authorized tobe on board;

(3) Protect the vessel;(4) Protect sensitive security

areas within the vessel;(5) Protect security and

surveillance equipment and systems;and

(6) Protect cargo and vesselstores from tampering.

(b) Designation of RestrictedAreas. The vessel owner or operatormust ensure restricted areas aredesignated on board the vessel, asspecified in the approved plan.Restricted areas must include, asappropriate:

(1) Navigation bridge,machinery spaces and other controlstations;

(2) Spaces containing securityand surveillance equipment and systemsand their controls and lighting systemcontrols;

(3) Ventilation and air-conditioning systems and other similarspaces;

(4) Spaces with access to potable

33


water tanks, pumps, or manifolds;(5) Spaces containing dangerous

goods or hazardous substances;(6) Spaces containing cargo

pumps and their controls;(7) Cargo spaces and spaces

containing vessel stores;(8) Crew accommodations; and(9) Any other spaces or areas

vital to the security of the vessel.(c) The vessel owner or operator

must ensure that security measures andpolicies are established to:

(1) Identify which vesselpersonnel are authorized to have access;

(2) Determine which personsother than vessel personnel areauthorized to have access;

(3) Determine the conditionsunder which that access may take place;

(4) Define the extent of anyrestricted area;

(5) Define the times when accessrestrictions apply; and

(6) Clearly mark all restrictedareas and indicate that access to the areais restricted and that unauthorizedpresence within the area constitutes abreach of security.

(d) Maritime Security(MARSEC) Level 1. The vessel owneror operator must ensure theimplementation of security measures toprevent unauthorized access oractivities within the area. These securitymeasures may include:

(1) Locking or securing accesspoints;

(2) Monitoring and usingsurveillance equipment;

(3) Using guards or patrols; and(4) Using automatic intrusion

detection devices, which if used mustactivate an audible and/or visual alarmat a location that is continuouslyattended or monitored, to alert vesselpersonnel to unauthorized access.

(e) MARSEC Level 2. In additionto the security measures required forMARSEC Level 1 in this section, atMARSEC Level 2, the vessel owner oroperator must also ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 2 in the approved VSP. Theseadditional security measures mayinclude:

(1) Increasing the frequency and

intensity of monitoring and accesscontrols on existing restricted accessareas;

(2) Restricting access to areasadjacent to access points;

(3) Providing continuousmonitoring of each area, usingsurveillance equipment; and

(4) Dedicating additionalpersonnel to guard or patrol each area.

(f) MARSEC Level 3. In additionto the security measures required forMARSEC Level 1 and MARSEC Level2, at MARSEC Level 3, the vesselowner or operator must ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 3 in the approved VSP. Theseadditional security measures mayinclude:

(1) Restricting access toadditional areas; and

(2) Searching restricted areas aspart of a security sweep of the vessel.§ 104.275 Security measures forhandling cargo.

(a) General. The vessel owner oroperator must ensure that securitymeasures relating to cargo handling,some of which may have to be appliedin liaison with the facility or anothervessel, are specified in order to:

(1) Deter tampering;(2) Prevent cargo that is not

meant for carriage from being acceptedand stored on board the vessel;

(3) Identify cargo that isapproved for loading onto the vessel;

(4) Include inventory controlprocedures at access points to thevessel; and

(5) When there are regular orrepeated cargo operations with the sameshipper, coordinate security measureswith the shipper or other responsibleparty in accordance with an establishedagreement and procedures.

(b) Maritime Security(MARSEC) Level 1. At MARSEC Level1, the vessel owner or operator mustensure the implementation of measuresto:

(1) Unless unsafe to do so,routinely check cargo and cargo spacesprior to and during cargo handling forevidence of tampering;

34


(2) Check that cargo to be loadedmatches the cargo documentation, orthat cargo markings or containernumbers match the informationprovided with shipping documents;

(3) Ensure, in liaison with thefacility, that vehicles to be loaded onboard car carriers, RO–RO, andpassenger ships are subjected toscreening prior to loading, inaccordance with the frequency requiredin the VSP; and

(4) Check, in liaison with thefacility, seals or other methods used toprevent tampering.

(c) MARSEC Level 2. In additionto the security measures required forMARSEC Level 1 in this section, atMARSEC Level 2, the vessel owner oroperator must also ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 2 in the approved Vessel SecurityPlan (VSP). These additional securitymeasures may include:

(1) Increasing the frequency anddetail of checking cargo and cargospaces for evidence of tampering;

(2) Intensifying checks to ensurethat only the intended cargo, container,or other cargo transport units areloaded;

(3) Intensifying screening ofvehicles to be loaded on car-carriers,RO-RO, and passenger vessels;

(4) In liaison with the facility,increasing frequency and detail inchecking seals or other methods usedto prevent tampering;

(5) Increasing the frequency andintensity of visual and physicalinspections; or

(6) Coordinating enhancedsecurity measures with the shipper orother responsible party in accordancewith an established agreement andprocedures.

(d) MARSEC Level 3. In additionto the security measures for MARSECLevel 1 and MARSEC Level 2, atMARSEC Level 3, the vessel owner oroperator must ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 3 in the approved VSP. Theseadditional security measures mayinclude:

(1) Suspending loading or

unloading of cargo;(2) Being prepared to cooperate

with responders, facilities, and othervessels; or

(3) Verifying the inventory andlocation of any hazardous materialscarried on board.§ 104.280 Security measures fordelivery of vessel stores andbunkers.

(a) General. The vessel owner oroperator must ensure that securitymeasures relating to the delivery ofvessel stores and bunkers areimplemented to:

(1) Check vessel stores forpackage integrity;

(2) Prevent vessel stores frombeing accepted without inspection;

(3) Deter tampering; and(4) Prevent vessel stores and

bunkers from being accepted unlessordered. For vessels that routinely usea facility, a vessel owner or operatormay establish and implement standingarrangements between the vessel, itssuppliers, and a facility regardingnotification and the timing of deliveriesand their documentation.

(b) Maritime Security(MARSEC) Level 1. At MARSEC Level1, the vessel owner or operator mustensure the implementation of measuresto:

(1) Check vessel stores beforebeing accepted;

(2) Check that vessel stores andbunkers match the order prior to beingbrought on board or being bunkered;and

(3) Ensure that vessel stores arecontrolled or immediately and securelystowed following delivery.

(c) MARSEC Level 2. In additionto the security measures required forMARSEC Level 1 in this section, atMARSEC Level 2, the vessel owner oroperator must also ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 2 in the approved Vessel SecurityPlan (VSP). These additional securitymeasures may include:

(1) Intensifying inspection of thevessel stores during delivery; or

(2) Checking vessel stores prior

35


to receiving them on board.(d) MARSEC Level 3. In addition

to the security measures for MARSECLevel 1 and MARSEC Level 2, atMARSEC Level 3, the vessel owner oroperator must ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 3 in the approved VSP. Theseadditional security measures mayinclude:

(1) Checking all vessel storesmore extensively;

(2) Restricting or suspendingdelivery of vessel stores and bunkers;or

(3) Refusing to accept vesselstores on board.§ 104.285 Security measures formonitoring.

(a) General. (1) The vesselowner or operator must ensure theimplementation of security measuresand have the capability to continuouslymonitor, through a combination oflighting, watchkeepers, security guards,deck watches, waterborne patrols,automatic intrusion-detection devices,or surveillance equipment, as specifiedin their approved Vessel Security Plan(VSP), the—

(i) Vessel;(ii) Restricted areas on board the

vessel; and(iii) Area surrounding the vessel.(2) The following must be

considered when establishing theappropriate level and location oflighting:

(i) Vessel personnel should beable to detect activities on and aroundthe vessel, on both the shore side andthe waterside;

(ii) Coverage should facilitatepersonnel identification at accesspoints;

(iii) Coverage may be providedthrough coordination with the port orfacility; and

(iv) Lighting effects, such asglare, and its impact on safety,navigation, and other security activities.

(b) Maritime Security(MARSEC) Level 1. At MARSEC Level1, the vessel owner or operator mustensure the implementation of security

measures, which may be done incoordination with a facility, to:

(1) Monitor the vessel,particularly vessel access points andrestricted areas;

(2) Be able to conductemergency searches of the vessel;

(3) Ensure that equipment orsystem failures or malfunctions areidentified and corrected;

(4) Ensure that any automaticintrusion detection device sets off anaudible or visual alarm, or both, at alocation that is continuously attendedor monitored;

(5) Light deck and vessel accesspoints during the period between sunsetand sunrise and periods of limitedvisibility sufficiently to allow visualidentification of persons seeking accessto the vessel; and

(6) Use maximum availablelighting while underway, during theperiod between sunset and sunrise,consistent with safety and internationalregulations.

(c) MARSEC Level 2. In additionto the security measures required forMARSEC Level 1 in this section, atMARSEC Level 2, the vessel owner oroperator must also ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 2 in the approved VSP. Theseadditional security measures mayinclude:

(1) Increasing the frequency anddetail of security patrols;

(2) Increasing the coverage andintensity of lighting, alone or incoordination with the facility;

(3) Using or increasing the useof security and surveillance equipment;

(4) Assigning additionalpersonnel as security lookouts;

(5) Coordinating with boatpatrols, when provided; and

(6) Coordinating with shoresidefoot or vehicle patrols, when provided.

(d) MARSEC Level 3. In additionto the security measures for MARSECLevel 1 and MARSEC Level 2, atMARSEC Level 3, the vessel owner oroperator must ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 3 in the approved VSP. Theseadditional security measures may

36


include:(1) Cooperating with responders

and facilities;(2) Switching on all lights;(3) Illuminating the vicinity of

the vessel;(4) Switching on all surveillance

equipment capable of recordingactivities on, or in the vicinity of, thevessel;

(5) Maximizing the length oftime such surveillance equipment cancontinue to record;

(6) Preparing for underwaterinspection of the hull; and

(7) Initiating measures,including the slow revolution of thevessel's propellers, if practicable, todeter underwater access to the hull ofthe vessel.§ 104.290 Security incidentprocedures.

For each Maritime Security(MARSEC) Level, the vessel owner oroperator must ensure the VesselSecurity Officer (VSO) and vesselsecurity personnel are able to:

(a) Respond to security threats orbreaches of security and maintaincritical vessel and vessel-to-facilityinterface operations, to include:

(1) Prohibiting entry intoaffected area;

(2) Denying access to the vessel,except to those responding to theemergency;

(3) Implementing MARSECLevel 3 security measures throughoutthe vessel;

(4) Stopping cargo-handlingoperations; and

(5) Notifying shoresideauthorities or other vessels of theemergency;

(b) Evacuating the vessel in caseof security threats or breaches ofsecurity;

(c) Reporting security incidentsas required in §101.305;

(d) Briefing all vessel personnelon possible threats and the need forvigilance, soliciting their assistance inreporting suspicious persons, objects,or activities; and

(e) Securing non-criticaloperations in order to focus response

on critical operations.§ 104.292 Additionalrequirements—passenger vesselsand ferries.

(a) At all Maritime Security(MARSEC) Levels, the vessel owneror operator must ensure security sweepsare performed, prior to gettingunderway, after any period the vesselwas unattended.

(b) As an alternative to theidentification checks and passengerscreening requirements in §104.265(e)(1), (e)(3), and (e)(8), the owner oroperator of a passenger vessel or ferrymay ensure security measures areimplemented that include:

(1) Searching selected areasprior to embarking passengers and priorto sailing; and

(2) Implementing one or more ofthe following:

(i) Performing routine securitypatrols;

(ii) Providing additional closed-circuit television to monitor passengerareas; or

(iii) Securing all non-passengerareas.

(c) Passenger vessels certificatedto carry more than 2000 passengers,working in coordination with theterminal, may be subject to additionalvehicle screening requirements inaccordance with a MARSEC Directiveor other orders issued by the CoastGuard.

(d) Owners and operators ofpassenger vessels and ferries coveredby this part that use public accessfacilities, as that term is defined in §101.105 of this subchapter, mustaddress security measures for theinterface of the vessel and the publicaccess facility, in accordance with theappropriate Area Maritime SecurityPlan.

(e) At MARSEC Level 2, avessel owner or operator must ensure,in addition to MARSEC Level 1measures, the implementation of thefollowing:

(1) Search selected areas prior toembarking passengers and prior tosailing;

(2) Passenger vessels certificated

37


to carry less than 2000 passengers,working in coordination with theterminal, may be subject to additionalvehicle screening requirements inaccordance with a MARSEC Directiveor other orders issued by the CoastGuard; and

(3) As an alternative to theidentification and screeningrequirements in §104.265(e)(3) and(f)(1), intensify patrols, security sweepsand monitoring identified in paragraph(b) of this section.

(f) At MARSEC Level 3, a vesselowner or operator may, in addition toMARSEC Levels 1 and 2 measures, asan alternative to the identificationchecks and passenger screeningrequirements in §104.265(e)(3) and §104.265(g)(1), ensure that randomarmed security patrols are conducted,which need not consist of vesselpersonnel.§ 104.295 Additionalrequirements—cruise ships.

(a) At all MARSEC Levels, theowner or operator of a cruise ship mustensure the following:

(1) Screen all persons, baggage,and personal effects for dangeroussubstances and devices;

(2) Check the identification of allpersons seeking to board the vessel; thischeck includes confirming the reasonfor boarding by examining joininginstructions, passenger tickets, boardingpasses, government identification orvisitor badges, or work orders;

(3) Perform security patrols; and(4) Search selected areas prior to

embarking passengers and prior tosailing.

(b) At MARSEC Level 3, theowner or operator of a cruise ship mustensure that security briefs to passengersabout the specific threat are provided.§ 104.297 Additionalrequirements—vessels oninternational voyages.

(a) An owner or operator of aU.S. flag vessel, which is subject to theInternational Convention for Safety ofLife at Sea, 1974, (SOLAS), must bein compliance with the applicablerequirements of SOLAS Chapter XI–

1, SOLAS Chapter XI–2 and the ISPSCode, part A (Incorporated by reference,see §101.115 of this subchapter).

(b) Owners or operators of U.S.flag vessels that are required to complywith SOLAS, must ensure anInternational Ship Security Certificate(ISSC) as provided in 46 CFR §2.01–25 is obtained for the vessel. Thiscertificate must be issued by the CoastGuard.

(c) Owners or operators ofvessels that require an ISSC inparagraph (b) of this section mustrequest an inspection in writing, at least30 days prior to the desired inspectiondate to the Officer in Charge, MarineInspection for the Marine InspectionOffice or Marine Safety Office of theport where the vessel will be inspectedto verify compliance with this part andapplicable SOLAS requirements. Theinspection must be completed and theinitial ISSC must be issued on or beforeJuly 1, 2004.

Subpart C—Vessel SecurityAssessment (VSA)

§ 104.300 General.(a) The Vessel Security

Assessment (VSA) is a writtendocument that is based on the collectionof background information and thecompletion and analysis of an on-scenesurvey.

(b) A single VSA may beperformed and applied to more than onevessel to the extent that they sharephysical characteristics and operations.

(c) Third parties may be used inany aspect of the VSA if they have theappropriate skills and if the CompanySecurity Officer (CSO) reviews andaccepts their work.

(d) Those involved in a VSAshould be able to draw upon expertassistance in the following areas:

(1) Knowledge of currentsecurity threats and patterns;

(2) Recognition and detection ofdangerous substances and devices;

(3) Recognition ofcharacteristics and behavioral patternsof persons who are likely to threatensecurity;

(4) Techniques used to

38


circumvent security measures;(5) Methods used to cause a

security incident;(6) Effects of dangerous

substances and devices on vesselstructures and equipment;

(7) Vessel security requirements;(8) Vessel-to-vessel activity and

vessel-to-facility interface businesspractices;

(9) Contingency planning,emergency preparedness and response;

(10) Physical securityrequirements;

(11) Radio andtelecommunications systems, includingcomputer systems and networks;

(12) Marine engineering; and(13) Vessel and port operations.

§ 104.305 Vessel SecurityAssessment (VSA) requirements.

(a) Background. The vesselowner or operator must ensure that thefollowing background information isprovided to the person or persons whowill conduct the on-scene survey andassessment:

(1) General layout of the vessel,including the location of:

(i) Each actual or potential pointof access to the vessel and its function;

(ii) Spaces that should haverestricted access;

(iii) Essential maintenanceequipment;

(iv) Cargo spaces and storage;(v) Storage of unaccompanied

baggage; and(vi) Vessel stores;(2) Threat assessments,

including the purpose and methodologyof the assessment, for the area or areasin which the vessel operates or at whichpassengers embark or disembark;

(3) The previous VSA, if any;(4) Emergency and stand-by

equipment available to maintainessential services;

(5) Number of vessel personneland any existing security duties towhich they are assigned;

(6) Existing personnel trainingrequirement practices of the vessel;

(7) Existing security and safetyequipment for the protection ofpersonnel, visitors, passengers, and

vessels personnel;(8) Escape and evacuation routes

and assembly stations that have to bemaintained to ensure the orderly andsafe emergency evacuation of thevessel;

(9) Existing agreements withprivate security companies providingwaterside or vessel security services;and

(10) Existing security measuresand procedures, including:

(i) Inspection and controlprocedures;

(ii) Identification systems;(iii) Surveillance and monitoring

equipment;(iv) Personnel identification

documents;(v) Communication systems;(vi) Alarms;(vii) Lighting;(viii)Access control systems; and(ix) Other security systems.(b) On-scene survey. The vessel

owner or operator must ensure that anon-scene survey of each vessel isconducted. The on-scene survey is toverify or collect information requiredin paragraph (a) of this section. Itconsists of an actual survey thatexamines and evaluates existing vesselprotective measures, procedures, andoperations for:

(1) Ensuring performance of allsecurity duties;

(2) Controlling access to thevessel, through the use of identificationsystems or otherwise;

(3) Controlling the embarkationof vessel personnel and other personsand their effects, including personaleffects and baggage whetheraccompanied or unaccompanied;

(4) Supervising the handling ofcargo and the delivery of vessel stores;

(5) Monitoring restricted areas toensure that only authorized personshave access;

(6) Monitoring deck areas andareas surrounding the vessel; and

(7) The ready availability ofsecurity communications, information,and equipment.

(c) Analysis andrecommendations. In conducting theVSA, the Company Security Officer(CSO) must analyze the vessel

39


background information and the on-scene survey, and while considering therequirements of this part, providerecommendations for the securitymeasures the vessel should include inthe Vessel Security Plan (VSP). Thisincludes but is not limited to thefollowing:

(1) Restricted areas;(2) Response procedures for fire

or other emergency conditions;(3) Security supervision of

vessel personnel, passengers, visitors,vendors, repair technicians, dockworkers, etc.;

(4) Frequency and effectivenessof security patrols;

(5) Access control systems,including identification systems;

(6) Security communicationsystems and procedures;

(7) Security doors, barriers, andlighting;

(8) Any security and surveillanceequipment and systems;

(9) Possible security threats,including but not limited to:

(i) Damage to or destruction ofthe vessel or an interfacing facility orvessel by dangerous substances anddevices, arson, sabotage, or vandalism;

(ii) Hijacking or seizure of thevessel or of persons on board;

(iii) Tampering with cargo,essential vessel equipment or systems,or vessel stores;

(iv) Unauthorized access or use,including presence of stowaways;

(v) Smuggling dangeroussubstances and devices;

(vi) Use of the vessel to carrythose intending to cause a securityincident and/or their equipment;

(vii) Use of the vessel itself as aweapon or as a means to cause damageor destruction;

(viii)Attacks from seaward whileat berth or at anchor; and

(ix) Attacks while at sea; and(10) Evaluating the potential of

each identified point of access,including open weather decks, for useby individuals who might seek to breachsecurity, whether or not thoseindividuals legitimately have access tothe vessel.

(d) VSA report. (1) The vesselowner or operator must ensure that a

written VSA report is prepared andincluded as part of the VSP. The VSAreport must contain:

(i) A summary of how the on-scene survey was conducted;

(ii) Existing security measures,procedures, and operations;

(iii) A description of eachvulnerability found during theassessment;

(iv) A description of securitycountermeasures that could be used toaddress each vulnerability;

(v) A list of the key vesseloperations that are important to protect;

(vi) The likelihood of possiblethreats to key vessel operations; and

(vii) A list of identifiedweaknesses, including human factors,in the infrastructure, policies, andprocedures of the vessel.

(2) The VSA report must addressthe following elements on board orwithin the vessel:

(i) Physical security;(ii) Structural integrity;(iii) Personnel protection

systems;(iv) Procedural policies;(v) Radio and

telecommunication systems, includingcomputer systems and networks; and

(vi) Other areas that may, ifdamaged or used illicitly, pose a risk topeople, property, or operations on boardthe vessel or within a facility.

(3) The VSA report must list thepersons, activities, services, andoperations that are important to protect,in each of the following categories:

(i) Vessel personnel;(ii) Passengers, visitors, vendors,

repair technicians, facility personnel,etc.;

(iii) Capacity to maintain safenavigation and emergency response;

(iv) Cargo, particularlydangerous goods and hazardoussubstances;

(v) Vessel stores;(vi) Any vessel security

communication and surveillancesystems; and

(vii) Any other vessel securitysystems, if any.

(4) The VSA report must accountfor any vulnerabilities in the followingareas:

40


(i) Conflicts between safety andsecurity measures;

(ii) Conflicts between vesselduties and security assignments;

(iii) The impact of watch-keepingduties and risk of fatigue on vesselpersonnel alertness and performance;

(iv) Security trainingdeficiencies; and

(v) Security equipment andsystems, including communicationsystems.

(5) The VSA report must discussand evaluate key vessel measures andoperations, including:

(i) Ensuring performance of allsecurity duties;

(ii) Controlling access to thevessel, through the use of identificationsystems or otherwise;

(iii) Controlling the embarkationof vessel personnel and other personsand their effects (including personaleffects and baggage whetheraccompanied or unaccompanied);

(iv) Supervising the handling ofcargo and the delivery of vessel stores;

(v) Monitoring restricted areas toensure that only authorized personshave access;

(vi) Monitoring deck areas andareas surrounding the vessel; and

(vii) The ready availability ofsecurity communications, information,and equipment.

(e) The VSA must be documentedand the VSA report retained by thevessel owner or operator with the VSP.The VSA, the VSA report, and VSPmust be protected from unauthorizedaccess or disclosure.§ 104.310 Submissionrequirements.

(a) A completed Vessel SecurityAssessment (VSA) report must besubmitted with the Vessel Security Plan(VSP) required in §104.410 of this part.

(b) A vessel owner or operatormay generate and submit a report thatcontains the VSA for more than onevessel subject to this part, to the extentthat they share similarities in physicalcharacteristics and operations.

(c) The VSA must be reviewedand revalidated, and the VSA reportmust be updated, each time the VSP is

submitted for reapproval or revisions.

Subpart D—Vessel Security Plan(VSP)

§ 104.400 General.(a) The Company Security

Officer (CSO) must ensure a VesselSecurity Plan (VSP) is developed andimplemented for each vessel. The VSP:

(1) Must identify the CSO andVSO by name or position and provide24-hour contact information;

(2) Must be written in English,although a translation of the VSP in theworking language of vessel personnelmay also be developed;

(3) Must address eachvulnerability identified in the VesselSecurity Assessment (VSA);

(4) Must describe securitymeasures for each MARSEC Level;

(5) Must state the Master'sauthority as described in §104.205; and

(6) May cover more than onevessel to the extent that they sharesimilarities in physical characteristicsand operations, if authorized andapproved by the Commanding Officer,Marine Safety Center.

(b) The VSP must be submittedto the Commanding Officer, MarineSafety Center (MSC) 400 SeventhStreet, SW, Room 6302, NassifBuilding, Washington, DC 20590-0001, in a written or electronic format.Information for submitting the VSPelectronically can be found at http://www.uscg.mil/HQ/MSC. Owners oroperators of foreign flag vessels that aresubject to SOLAS Chapter XI mustcomply with this part by carrying onboard a valid International ShipSecurity Certificate that certifies that theverifications required by Section 19.1of part A of the ISPS Code(Incorporated by reference, see §101.115 of this subchapter) have beencompleted. As stated in Section 9.4 ofthe ISPS Code, part A requires that, inorder for the ISSC to be issued, theprovisions of part B of the ISPS Codeneed to be taken into account.

(c) The VSP is sensitive securityinformation and must be protected inaccordance with 49 CFR part 1520.

(d) If the VSP is kept in an

41


electronic format, procedures must bein place to prevent its unauthorizeddeletion, destruction, or amendment.§ 104.405 Format of the VesselSecurity Plan (VSP).

(a) A vessel owner or operatormust ensure that the VSP consists ofthe individual sections listed in thisparagraph (a). If the VSP does notfollow the order as it appears in the list,the vessel owner or operator mustensure that the VSP contains an indexidentifying the location of each of thefollowing sections:

(1) Security organization of thevessel;

(2) Personnel training;(3) Drills and exercises;(4) Records and documentation;(5) Response to change in

MARSEC Level;(6) Procedures for interfacing

with facilities and other vessels;(7) Declarations of Security

(DoS);(8) Communications;(9) Security systems and

equipment maintenance;(10) Security measures for access

control;(11) Security measures for

restricted areas;(12) Security measures for

handling cargo;(13) Security measures for

delivery of vessel stores and bunkers;(14) Security measures for

monitoring;(15) Security incident procedures;(16) Audits and Vessel Security

Plan (VSP) amendments; and(17) Vessel Security Assessment

(VSA) Report.(b) The VSP must describe in

detail how the requirements of subpartB of this part will be met.§ 104.410 Submission andapproval.

(a) In accordance with §104.115, on or before December 31,2003, each vessel owner or operatormust either:

(1) Submit one copy of theirVessel Security Plan (VSP), in English,for review and approval to the

Commanding Officer, Marine SafetyCenter (MSC) and a letter certifying thatthe VSP meets applicable requirementsof this part; or

(2) If intending to operate underan Approved Security Program, a lettersigned by the vessel owner or operatorstating which approved AlternativeSecurity Program the owner or operatorintends to use.

(b) Owners or operators ofvessels not in service on or beforeDecember 31, 2003, must comply withthe requirements in paragraph (a) of thissection 60 days prior to beginningoperations or by December 31, 2003,whichever is later.

(c) The Commanding Officer,Marine Safety Center (MSC), willexamine each submission forcompliance with this part, and either:



(3) Disapprove it, returning acopy to the submitter with a briefstatement of the reasons fordisapproval.

(d) A VSP may be submitted andapproved to cover more than one vesselwhere the vessel design and operationsare similar.

(e) Each company or vessel,owner or operator, that submits oneVSP to cover two or more vessels ofsimilar design and operation mustaddress vessel-specific information thatincludes the physical and operationalcharacteristics of each vessel.

(f) A plan that is approved by theMSC is valid for 5 years from the dateof its approval.§ 104.415 Amendment and audit.

(a) Amendments. (1)Amendments to a Vessel Security Planthat are approved by the Marine SafetyCenter (MSC) may be initiated by:

(i) The vessel owner or operator;or

(ii) The Coast Guard upon adetermination that an amendment is

42


needed to maintain the vessel's security.The Coast Guard will give the vesselowner or operator written notice andrequest that the vessel owner or operatorpropose amendments addressing anymatters specified in the notice. Thecompany owner or operator will haveat least 60 days to submit its proposedamendments. Until amendments areapproved, the company owner oroperator shall ensure temporary securitymeasures are implemented to thesatisfaction of the Coast Guard.

(2) Proposed amendments mustbe sent to the MSC at the address shownin §104.400(b) of this part. If initiatedby the company or vessel, owner oroperator, the proposed amendment mustbe submitted at least 30 days before theamendment is to take effect unless theMSC allows a shorter period. The MSCwill approve or disapprove theproposed amendment in accordancewith §104.410 of this part.

(3) Nothing in this sectionshould be construed as limiting thevessel owner or operator from thetimely implementation of suchadditional security measures notenumerated in the approved VSP asnecessary to address exigent securitysituations. In such cases, the owner oroperator must notify the MSC by themost rapid means practicable as to thenature of the additional measures, thecircumstances that prompted theseadditional measures, and the period oftime these additional measures areexpected to be in place.

(4) If the owner or operator haschanged, the Vessel Security Officer(VSO) must amend the Vessel SecurityPlan (VSP) to include the name andcontact information of the new vesselowner or operator and submit theaffected portion of the VSP for reviewand approval in accordance with§104.410 of this part.

(b) Audits. (1) The CSO or VSOmust ensure an audit of the VSP isperformed annually, beginning no laterthan one year from the initial date ofapproval and attach a letter to the VSPcertifying that the VSP meets theapplicable requirements of this part.

(2) The VSP must be audited ifthere is a change in the company's orvessel's ownership or operator, or if

there have been modifications to thevessel, including but not limited tophysical structure, emergency responseprocedures, security measures, oroperations.

(3) Auditing the VSP as a resultof modifications to the vessel may belimited to those sections of the VSPaffected by the vessel modifications.

(4) Unless impracticable due tothe size and nature of the company orthe vessel, personnel conductinginternal audits of the security measuresspecified in the VSP or evaluating itsimplementation must:

(i) Have knowledge of methodsof conducting audits and inspections,and control and monitoring techniques;

(ii) Not have regularly assignedsecurity duties; and

(iii) Be independent of anysecurity measures being audited.

(5) If the results of an auditrequire amendment of either the VSAor VSP, the VSO or CSO must submit,in accordance with §104.410 of thispart, the amendments to the MSC forreview and approval no later than 30days after completion of the audit anda letter certifying that the amended VSPmeets the applicable requirements ofthis part.

43





SECURITY

PART 105—MARITIMESECURITY: FACILITIES

Subpart A-General

Sec.105.100 Definitions.105.105 Applicability.105.106 Public access areas.105.110 Exemptions.105.115 Compliance dates.105.120 Compliance documentation.105.125 Noncompliance.105.130 Waivers.105.135 Equivalents.105.140 Alternative Security

Program.105.145 Maritime Security


Subpart B -- Facility SecurityRequirements

105.200 Owner or operator.105.205 Facility Security Officer

(FSO).105.210 Facility personnel with

security duties.105.215 Security training for all

other facility personnel.105.220 Drill and exercise

requirements.105.225 Facility recordkeeping




with vessels.105.245 Declaration of Security


equipment maintenance.105.255 Security measures for

access control.105.260 Security measures for

restricted areas.105.265 Security measures for

handling cargo.105.270 Security measures for

delivery of vessel stores andbunkers.



105.285 Additional requirements --passenger and ferry facilities.

105.290 Additional requirements --cruise ship terminals.

105.295 Additional requirements --Certain Dangerous Cargo (CDC)facilities.

105.296 Additional requirements --barge fleeting facilities.

Subpart C -- Facility SecurityAssessment (FSA)

105.300 General.105.305 Facility Security

Assessment (FSA) requirements.105.310 Submission requirements.Subpart D -- Facility Security Plan

(FSP)105.400 General.105.405 Format and content of the

Facility Security Plan (FSP).105.410 Submission and approval.105.415 Amendment and audit.Appendix A to part 105 -- Facility

Vulnerability and SecurityMeasure Summary (CG-6025).

Authority: 33 U.S.C. 1226, 1231; 46U.S.C. 70103; 50 U.S.C. 191; 33CFR 1.05–1, 6.04–11, 6.14, 6.16, and6.19; Department of HomelandSecurity Delegation No. 0170.1.Source: USCG-2003-14732, 68 FR39322, July 1, 2003, unless otherwisenoted.



(a) The requirements in this part

44

Part 105—Maritime Security: Facilities33 CFR, Ch. I, Subchapter H

apply to the owner or operator of anyU.S.:

(1) Facility subject to 33 CFRparts 126, 127, or 154;

(2) Facility that receives vesselscertificated to carry more than 150passengers, except those vessels notcarrying and not embarking ordisembarking passengers at the facility;

(3) Facility that receives vesselssubject to the International Conventionfor Safety of Life at Sea, 1974, chapterXI;

(4) Facility that receives foreigncargo vessels greater than 100 grossregister tons;

(5) Facility that receives U.S.cargo vessels, greater than 100 grossregister tons, subject to 46 CFR chapterI, subchapter I, except for thosefacilities that receive only commercialfishing vessels inspected under 46 CFRpart 105; or

(6) Barge fleeting facility thatreceives barges carrying, in bulk,cargoes regulated by 46 CFR chapter I,subchapters D or O, or CertainDangerous Cargoes.

(b) An owner or operator of anyfacility not covered in paragraph (a) ofthis section is subject to parts 101through 103 of this subchapter.

(c) This part does not apply tothe owner or operator of the followingU.S. facilities:

(1) A facility owned or operatedby the U.S. that is used primarily formilitary purposes.

(2) An oil and natural gasproduction, exploration, ordevelopment facility regulated by 33CFR parts 126 or 154 if:

(i) The facility is engaged solelyin the exploration, development, orproduction of oil and natural gas; and

(ii) The facility does not meet orexceed the operating conditions in§106.105 of this subchapter;

(3) A facility that supports theproduction, exploration, ordevelopment of oil and natural gasregulated by 33 CFR parts 126 or 154if:

(i) The facility is engaged solelyin the support of exploration,development, or production of oil andnatural gas and transports or storesquantities of hazardous materials that

do not meet or exceed those specifiedin 49 CFR 172.800(b)(1) through(b)(6); or

(ii) The facility stores less than42,000 gallons of cargo regulated by 33CFR part 154;

(4) A mobile facility regulated by33 CFR part 154; or

(5) An isolated facility thatreceives materials regulated by 33 CFRparts 126 or 154 by vessel due to thelack of road access to the facility anddoes not distribute the material throughsecondary marine transfers.§ 105.106 Public access areas.

(a) A facility serving ferries orpassenger vessels certificated to carrymore than 150 passengers, other thancruise ships, may designate an areawithin the facility as a public accessarea.

(b) A public access area is adefined space within a facility that isopen to all persons and providespedestrian access through the facilityfrom public thoroughfares to the vessel.§ 105.110 Exemptions.

(a) An owner or operator of anybarge fleeting facility subject to this partis exempt from complying with§105.265, Security measures forhandling cargo; and §105.270, Securitymeasures for delivery of vessel storesand bunkers.

(b) A public access areadesignated under § 105.106 is exemptfrom the requirements for screening ofpersons, baggage, and personal effectsand identification of persons in§ 105.255(c), (e)(1), (e)(3), (f)(1), and(g)(1) and § 105.285(a)(1).

(c) An owner or operator of anygeneral shipyard facility as defined in§ 101.105 is exempt from therequirements of this part unless thefacility:

(1) Is subject to parts 126, 127,or 154 of this chapter; or

(2) Provides any other service tovessels subject to part 104 of thissubchapter not related to construction,repair, rehabilitation, refurbishment, orrebuilding.

(d) Public access facility. (1)The COTP may exempt a public access

45


facility from the requirements of thispart, including establishing conditionsfor which such an exemption is granted,to ensure that adequate security ismaintained.

(2) The owner or operator of anypublic access facility exempted underthis section must:

(i) Comply with any COTPconditions for the exemption; and

(ii) Ensure that the cognizantCOTP has the appropriate informationfor contacting the individual withsecurity responsibilities for the publicaccess facility at all times.

(3) The cognizant COTP maywithdraw the exemption for a publicaccess facility at any time the owner oroperator fails to comply with anyrequirement of the COTP as a conditionof the exemption or any measureordered by the COTP pursuant toexisting COTP authority.

(e) An owner or operator of afacility is not subject to this part if thefacility receives only vessels to be laid-up, dismantled, or otherwise placed outof commission provided that the vesselsare not carrying and do not receivecargo or passengers at that facility.§ 105.115 Compliance dates.

(a) On or before December 31,2003, facility owners or operators mustsubmit to the cognizant COTP for eachfacility—

(1) The Facility Security Plandescribed in subpart D of this part forreview and approval; or

(2) If intending to operate underan approved Alternative SecurityProgram, a letter signed by the facilityowner or operator stating whichapproved Alternative Security Programthe owner or operator intends to use.

(b) On or before July 1, 2004,each facility owner or operator must beoperating in compliance with this part.§ 105.120 Compliancedocumentation.

Each facility owner or operatorsubject to this part must ensure, on orbefore July 1, 2004, that copies of thefollowing documentation are availableat the facility and are made available tothe Coast Guard upon request:

(a) The approved FacilitySecurity Plan (FSP), as well as anyapproved revisions or amendmentsthereto, and a letter of approval fromthe COTP dated within the last 5 years;

(b) The FSP submitted forapproval and an acknowledgementletter from the COTP stating that theCoast Guard is currently reviewing theFSP submitted for approval, and thatthe facility may continue to operate solong as the facility remains incompliance with the submitted FSP; or

(c) For facilities operating undera Coast Guard-approved AlternativeSecurity Program as provided in§105.140, a copy of the AlternativeSecurity Program the facility is using,including a facility specific securityassessment report generated under theAlternative Security Program, asspecified in § 101.120(b)(3) of thissubchapter, and a letter signed by thefacility owner or operator, stating whichAlternative Security Program thefacility is using and certifying that thefacility is in full compliance with thatprogram.§ 105.125 Noncompliance.

When a facility must temporarilydeviate from the requirements of thispart, the facility owner or operator mustnotify the cognizant COTP, and eithersuspend operations or request andreceive permission from the COTP tocontinue operating.§ 105.130 Waivers.

Any facility owner or operator mayapply for a waiver of any requirementof this part that the facility owner oroperator considers unnecessary in lightof the nature or operating conditions ofthe facility, prior to operating. A requestfor a waiver must be submitted inwriting with justification to theCommandant (G–MP) at 2100 SecondSt., SW., Washington, DC 20593. TheCommandant (G–MP) may require thefacility owner or operator to providedata for use in determining the validityof the requested waiver. TheCommandant (G–MP) may grant, inwriting, a waiver with or withoutconditions only if the waiver will notreduce the overall security of the

46


facility, its employees, visiting vessels,or ports.[USCG–2003–14732, 68 FR 39322,July 1, 2003; 68 FR 41916, July 16,2003]

§ 105.135 Equivalents.For any measure required by this

part, the facility owner or operator maypropose an equivalent as provided in§101.130 of this subchapter.§ 105.140 Alternative SecurityProgram.

(a) A facility owner or operatormay use an Alternative SecurityProgram approved under §101.120 ofthis subchapter if:

(1) The Alternative SecurityProgram is appropriate to that facility;

(2) The Alternative SecurityProgram is implemented in its entirety.

(b) A facility owner or operatorusing an Alternative Security Programapproved under §101.120 of thissubchapter must complete and submitto the cognizant COTP a FacilityVulnerability and Security MeasuresSummary (Form CG–6025) in appendixA to part 105—Facility Vulnerabilityand Security (CG–6025).§ 105.145 Maritime Security(MARSEC) Directive.

Each facility owner or operatorsubject to this part must comply withany instructions contained in aMARSEC Directive issued under§101.405 of this subchapter.§ 105.150 Right to appeal.


Subpart B—Facility SecurityRequirements

§ 105.200 Owner or operator.(a) Each facility owner or

operator must ensure that the facilityoperates in compliance with the

requirements of this part.(b) For each facility, the facility

owner or operator must:(1) Define the security

organizational structure and provideeach person exercising security dutiesand responsibilities within that structurethe support needed to fulfill thoseobligations;

(2) Designate, in writing, byname or by title, a Facility SecurityOfficer (FSO) and identify how theofficer can be contacted at any time;

(3) Ensure that a FacilitySecurity Assessment (FSA) isconducted;

(4) Ensure the development andsubmission for approval of a FacilitySecurity Plan (FSP);

(5) Ensure that the facilityoperates in compliance with theapproved FSP;

(6) Ensure that adequatecoordination of security issues takesplace between the facility and vesselsthat call on it, including the executionof a Declaration of Security (DoS) asrequired by this part;

(7) Ensure coordination of shoreleave for vessel personnel or crewchange-out, as well as access throughthe facility for visitors to the vessel(including representatives of seafarers'welfare and labor organizations), withvessel operators in advance of a vessel'sarrival. In coordinating such leave,facility owners or operators may referto treaties of friendship, commerce, andnavigation between the U.S. and othernations. The text of these treaties canbe found on the U.S. Department ofState's website at http://www.state.gov/s/l/24224.htm;

(8) Ensure, within 12 hours ofnotification of an increase in MARSECLevel, implementation of the additionalsecurity measures required for the newMARSEC Level;

(9) Ensure security forunattended vessels moored at thefacility;

(10) Ensure the report of allbreaches of security and transportationsecurity incidents to the NationalResponse Center in accordance withpart 101 of this chapter; and

(11) Ensure consistency betweensecurity requirements and safety

47


requirements.§ 105.205 Facility Security Officer(FSO).

(a) General. (1) The FSO mayperform other duties within the owner'sor operator's organization, provided heor she is able to perform the duties andresponsibilities required of the FSO.

(2) The same person may serveas the FSO for more than one facility,provided the facilities are in the sameCOTP zone and are not more than 50miles apart. If a person serves as theFSO for more than one facility, thename of each facility for which he orshe is the FSO must be listed in theFacility Security Plan (FSP) of eachfacility for which or she is the FSO.

(3) The FSO may assign securityduties to other facility personnel;however, the FSO retains theresponsibility for these duties.

(b) Qualifications. (1) The FSOmust have general knowledge, throughtraining or equivalent job experience,in the following:

(i) Security organization of thefacility;

(ii) General vessel and facilityoperations and conditions;

(iii) Vessel and facility securitymeasures, including the meaning andthe requirements of the differentMARSEC Levels;

(iv) Emergency preparedness,response, and contingency planning;

(v) Security equipment andsystems, and their operationallimitations; and

(vi) Methods of conductingaudits, inspections, control, andmonitoring techniques.

(2) In addition to knowledge andtraining required in paragraph (b)(1) ofthis section, the FSO must haveknowledge of and receive training in thefollowing, as appropriate:

(i) Relevant international lawsand codes, and recommendations;

(ii) Relevant governmentlegislation and regulations;

(iii) Responsibilities andfunctions of local, State, and Federallaw enforcement agencies;

(iv) Security assessmentmethodology;

(v) Methods of facility securitysurveys and inspections;

(vi) Instruction techniques forsecurity training and education,including security measures andprocedures;

(vii) Handling sensitive securityinformation and security relatedcommunications;

(viii)Current security threats andpatterns;

(ix) Recognizing and detectingdangerous substances and devices;

(x) Recognizing characteristicsand behavioral patterns of persons whoare likely to threaten security;

(xi) Techniques used tocircumvent security measures;

(xii) Conducting physicalsearches and non-intrusive inspections;

(xiii)Conducting security drillsand exercises, including exercises withvessels; and

(xiv) Assessing security drills andexercises.

(c) Responsibilities. In additionto those responsibilities and dutiesspecified elsewhere in this part, the FSOmust, for each facility for which he orshe has been designated:

(1) Ensure that the FacilitySecurity Assessment (FSA) isconducted;

(2) Ensure the development andimplementation of a FSP;

(3) Ensure that an annual auditis conducted, and if necessary that theFSA and FSP are updated;

(4) Ensure the FSP is exercisedper §105.220 of this part;

(5) Ensure that regular securityinspections of the facility areconducted;

(6) Ensure the securityawareness and vigilance of the facilitypersonnel;

(7) Ensure adequate training topersonnel performing facility securityduties;

(8) Ensure that occurrences thatthreaten the security of the facility arerecorded and reported to the owner oroperator;

(9) Ensure the maintenance ofrecords required by this part;

(10) Ensure the preparation andthe submission of any reports asrequired by this part;

48


(11) Ensure the execution of anyrequired Declarations of Security withMasters, Vessel Security Officers ortheir designated representatives;

(12) Ensure the coordination ofsecurity services in accordance with theapproved FSP;

(13) Ensure that securityequipment is properly operated, tested,calibrated, and maintained;

(14) Ensure the recording andreporting of attainment changes inMARSEC Levels to the owner oroperator and the cognizant COTP;

(15) When requested, ensure thatthe Vessel Security Officers receiveassistance in confirming the identity ofvisitors and service providers seekingto board the vessel through the facility;

(16) Ensure notification, as soonas possible, to law enforcementpersonnel and other emergencyresponders to permit a timely responseto any transportation security incident;

(17) Ensure that the FSP issubmitted to the cognizant COTP forapproval, as well as any plans to changethe facility or facility infrastructure priorto amending the FSP; and

(18) Ensure that all facilitypersonnel are briefed of changes insecurity conditions at the facility.§ 105.210 Facility personnel withsecurity duties.

Facility personnel responsible forsecurity duties must have knowledge,through training or equivalent jobexperience, in the following, asappropriate:

(a) Knowledge of currentsecurity threats and patterns;



(d) Techniques used tocircumvent security measures;

(e) Crowd management andcontrol techniques;

(f) Security relatedcommunications;

(g) Knowledge of emergencyprocedures and contingency plans;

(h) Operation of security

equipment and systems;(i) Testing, calibration, and

maintenance of security equipment andsystems;

(j) Inspection, control, andmonitoring techniques;

(k) Relevant provisions of theFacility Security Plan (FSP);

(l) Methods of physicalscreening of persons, personal effects,baggage, cargo, and vessel stores; and

(m) The meaning and theconsequential requirements of thedifferent MARSEC Levels.§ 105.215 Security training for allother facility personnel.

All other facility personnel,including contractors, whether part-time, full-time, temporary, orpermanent, must have knowledge of,through training or equivalent jobexperience, in the following, asappropriate:

(a) Relevant provisions of theFacility Security Plan (FSP);

(b) The meaning and theconsequential requirements of thedifferent MARSEC Levels as theyapply to them, including emergencyprocedures and contingency plans;



(e) Techniques used tocircumvent security measures.§ 105.220 Drill and exerciserequirements.

(a) General. (1) Drills andexercises must test the proficiency offacility personnel in assigned securityduties at all MARSEC Levels and theeffective implementation of the FacilitySecurity Plan (FSP). They must enablethe Facility Security Officer (FSO) toidentify any related security deficienciesthat need to be addressed.

(2) A drill or exercise required bythis section may be satisfied with theimplementation of security measuresrequired by the FSP as the result of anincrease in the MARSEC Level,provided the facility reports attainment

49


to the cognizant COTP.(b) Drills. (1) The FSO must

ensure that at least one security drill isconducted every 3 months. Securitydrills may be held in conjunction withnon-security drills, where appropriate.

(2) Drills must test individualelements of the FSP, including responseto security threats and incidents. Drillsshould take into account the types ofoperations of the facility, facilitypersonnel changes, the type of vesselthe facility is serving, and other relevantcircumstances. Examples of drillsinclude unauthorized entry to arestricted area, response to alarms, andnotification of law enforcementauthorities.

(3) If a vessel is moored at thefacility on the date the facility hasplanned to conduct any drills, thefacility cannot require the vessel orvessel personnel to be a part of orparticipate in the facility's scheduleddrill.

(c) Exercises. (1) Exercises mustbe conducted at least once each calendaryear, with no more than 18 monthsbetween exercises.

(2) Exercises may be:(i) Full scale or live;(ii) Tabletop simulation or

seminar;(iii) Combined with other

appropriate exercises; or(iv) A combination of the


(3) Exercises may be facility-specific or part of a cooperative exerciseprogram with applicable facility andvessel security plans or comprehensiveport exercises.

(4) Each exercise must testcommunication and notificationprocedures, and elements ofcoordination, resource availability, andresponse.

(5) Exercises are a full test of thesecurity program and must includesubstantial and active participation ofFSOs, and may include governmentauthorities and vessels visiting thefacility. Requests for participation ofCompany and Vessel Security Officersin joint exercises should consider thesecurity and work implications for thevessel.

§ 105.225 Facility recordkeepingrequirements.

(a) Unless otherwise specified inthis section, the Facility Security Officer(FSO) must keep records of theactivities as set out in paragraph (b) ofthis section for at least 2 years and makethem available to the Coast Guard uponrequest.

(b) Records required by thissection may be kept in electronicformat. If kept in an electronic format,they must be protected againstunauthorized deletion, destruction, oramendment. The following recordsmust be kept:


(2) Drills and exercises. For eachdrill or exercise, the date held,description of drill or exercise, list ofparticipants, and any best practices orlessons learned which may improve theFacility Security Plan (FSP);

(3) Incidents and breaches ofsecurity. For each incident or breach ofsecurity, the date and time ofoccurrence, location within the facility,description of incident or breaches, towhom it was reported, and descriptionof the response;

(4) Changes in MARSEC Levels.For each change in MARSEC Level,the date and time of notificationreceived, and time of compliance withadditional requirements;

(5) Maintenance, calibration,and testing of security equipment. Foreach occurrence of maintenance,calibration, and testing, record the dateand time, and the specific securityequipment involved;

(6) Security threats. For eachsecurity threat, the date and time ofoccurrence, how the threat wascommunicated, who received oridentified the threat, description ofthreat, to whom it was reported, anddescription of the response;

(7) Declaration of Security(DoS). A copy of each single-visit DoSand a copy of each continuing DoS forat least 90 days after the end of itseffective period; and

(8) Annual audit of the FSP. For

50


each annual audit, a letter certified bythe FSO stating the date the audit wascompleted.

(c) Any record required by thispart must be protected fromunauthorized access or disclosure.§ 105.230 Maritime Security(MARSEC) Level coordination andimplementation.

(a) The facility owner oroperator must ensure the facilityoperates in compliance with the securityrequirements in this part for theMARSEC Level in effect for the port.

(b) When notified of an increasein the MARSEC Level, the facilityowner and operator must ensure:

(1) Vessels moored to the facilityand vessels scheduled to arrive at thefacility within 96 hours of theMARSEC Level change are notified ofthe new MARSEC Level and theDeclaration of Security is revised asnecessary;

(2) The facility complies with therequired additional security measureswithin 12 hours; and

(3) The facility reportscompliance or noncompliance to theCOTP.

(c) For MARSEC Levels 2 and3, the Facility Security Officer mustinform all facility personnel aboutidentified threats, and emphasizereporting procedures and stress the needfor increased vigilance.

(d) An owner or operator whosefacility is not in compliance with therequirements of this section, mustinform the COTP and obtain approvalprior to interfacing with a vessel orcontinuing operations.

(e) At MARSEC Level 3, inaddition to the requirements in this part,a facility owner or operator may berequired to implement additionalmeasures, pursuant to 33 CFR part 6,160, or 165, as appropriate, which mayinclude but are not limited to:

(1) Use of waterborne securitypatrol;

(2) Use of armed securitypersonnel to control access to thefacility and to deter, to the maximumextent practical, a transportationsecurity incident; and

(3) Examination of piers,wharves, and similar structures at thefacility for the presence of dangeroussubstances or devices underwater orother threats.§ 105.235 Communications.

(a) The Facility Security Officermust have a means to effectively notifyfacility personnel of changes in securityconditions at the facility.

(b) Communication systems andprocedures must allow effective andcontinuous communications betweenthe facility security personnel, vesselsinterfacing with the facility, thecognizant COTP, and national and localauthorities with securityresponsibilities.

(c) At each active facility accesspoint, provide a means of contactingpolice, security control, or anemergency operations center, bytelephones, cellular phones, and/orportable radios, or other equivalentmeans.

(d) Facility communicationssystems must have a backup means forboth internal and externalcommunications.§ 105.240 Procedures forinterfacing with vessels.

The facility owner or operatormust ensure that there are measures forinterfacing with vessels at all MARSECLevels.§ 105.245 Declaration of Security(DoS).

(a) Each facility owner oroperator must ensure procedures areestablished for requesting a DoS andfor handling DoS requests from avessel.

(b) At MARSEC Level 1, afacility receiving a cruise ship or amanned vessel carrying CertainDangerous Cargo, in bulk, must complywith the following:

(1) Prior to the arrival of a vesselto the facility, the Facility SecurityOfficer (FSO) and Master, VesselSecurity Officer (VSO), or theirdesignated representatives mustcoordinate security needs andprocedures, and agree upon the contents

51


of the DoS for the period of time thevessel is at the facility; and

(2) Upon the arrival of the vesselat the facility, the FSO and Master,VSO, or their designated representative,must sign the written DoS.

(c) Neither the facility nor thevessel may embark or disembarkpassengers, nor transfer cargo or vesselstores until the DoS has been signed andimplemented.

(d) At MARSEC Levels 2 and 3,the FSOs, or their designatedrepresentatives, of facilities interfacingwith manned vessels subject to part 104,of this subchapter must sign andimplement DoSs as required in (b)(1)and (2) of this section.

(e) At MARSEC Levels 1 and 2,FSOs of facilities that frequentlyinterface with the same vessel mayimplement a continuing DoS formultiple visits, provided that:

(1) The DoS is valid for aspecific MARSEC Level;



(f) When the MARSEC Levelincreases beyond that contained in theDoS, the continuing DoS is void and anew DoS must be executed inaccordance with this section.

(g) A copy of all currently validcontinuing DoSs must be kept with theFacility Security Plan.

(h) The COTP may require, atany time, at any MARSEC Level, anyfacility subject to this part to implementa DoS with the VSO prior to any vessel-to-facility interface when he or shedeems it necessary.§ 105.250 Security systems andequipment maintenance.

(a) Security systems andequipment must be in good workingorder and inspected, tested, calibrated,and maintained according tomanufacturers' recommendations.

(b) Security systems must beregularly tested in accordance with themanufacturers' recommendations;noted deficiencies corrected promptly;

and the results recorded as required in§105.225 of this subpart.

(c) The FSP must includeprocedures for identifying andresponding to security system andequipment failures or malfunctions.§ 105.255 Security measures foraccess control.

(a) General. The facility owneror operator must ensure theimplementation of security measures to:

(1) Deter the unauthorizedintroduction of dangerous substancesand devices, including any deviceintended to damage or destroy persons,vessels, facilities, or ports;

(2) Secure dangerous substancesand devices that are authorized by theowner or operator to be on the facility;and

(3) Control access to the facility.(b) The facility owner or

operator must ensure that the followingare specified:

(1) The locations whererestrictions or prohibitions that preventunauthorized access are applied foreach MARSEC Level. Each locationallowing means of access to the facilitymust be addressed;

(2) The identification of the typeof restriction or prohibition to beapplied and the means of enforcingthem;

(3) The means of identificationrequired to allow access to the facilityand for individuals and vehicles toremain on the facility withoutchallenge; and

(4) The identification of thelocations where persons, personaleffects and vehicle screenings are to beconducted. The designated screeningareas should be covered to provide forcontinuous operations regardless of theweather conditions.

(c) The facility owner oroperator must ensure that anidentification system is established forchecking the identification of facilitypersonnel or other persons seekingaccess to the facility that:

(1) Allows identification ofauthorized and unauthorized persons atany MARSEC Level;

(2) Is coordinated, when

52


practicable, with identification systemsof vessels or other transportationconveyances that use the facility;

(3) Is updated regularly;(4) Uses disciplinary measures to

discourage abuse;(5) Allows temporary or

continuing access for facility personneland visitors, including seafarers'chaplains and union representatives,through the use of a badge or othersystem to verify their identity; and

(6) Allows certain long-term,frequent vendor representatives to betreated more as employees than asvisitors.

(d) The facility owner oroperator must establish in the approvedFacility Security Plan (FSP) thefrequency of application of any accesscontrols, particularly if they are to beapplied on a random or occasionalbasis.

(e) MARSEC Level 1. Thefacility owner or operator must ensurethe following security measures areimplemented at the facility:

(1) Screen persons, baggage(including carry-on items), personaleffects, and vehicles, for dangeroussubstances and devices at the ratespecified in the approved FSP,excluding government-owned vehicleson official business when governmentpersonnel present identificationcredentials for entry;

(2) Conspicuously post signsthat describe security measurescurrently in effect and clearly state that:

(i) Entering the facility isdeemed valid consent to screening orinspection; and

(ii) Failure to consent or submitto screening or inspection will result indenial or revocation of authorization toenter;

(3) Check the identification ofany person seeking to enter the facility,including vessel passengers and crew,facility employees, vendors, personnelduly authorized by the cognizantauthority, and visitors. This checkincludes confirming the reason for entryby examining at least one of thefollowing:

(i) Joining instructions;(ii) Passenger tickets;(iii) Boarding passes;

(iv) Work orders, pilot orders, orsurveyor orders;

(v) Government identification;or

(vi) Visitor badges issued inaccordance with an identificationsystem required in paragraph (c) of thissection;

(4) Deny or revoke a person'sauthorization to be on the facility if theperson is unable or unwilling, upon therequest of facility personnel, to establishhis or her identity or to account for hisor her presence. Any such incident mustbe reported in compliance with this part;

(5) Designate restricted areasand provide appropriate access controlsfor these areas;


(7) Deter unauthorized access tothe facility and to designated restrictedareas within the facility;

(8) Screen by hand or device,such as x-ray, all unaccompaniedbaggage prior to loading onto a vessel;and

(9) Secure unaccompaniedbaggage after screening in a designatedrestricted area and maintain securitycontrol during transfers between thefacility and a vessel.

(f) MARSEC Level 2. In additionto the security measures required forMARSEC Level 1 in this section, atMARSEC Level 2, the facility owneror operator must also ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 2 in their approved FSP. Theseadditional security measures mayinclude:

(1) Increasing the frequency anddetail of the screening of persons,baggage, and personal effects fordangerous substances and devicesentering the facility;

(2) X-ray screening of allunaccompanied baggage;

(3) Assigning additionalpersonnel to guard access points andpatrol the perimeter of the facility todeter unauthorized access;

(4) Limiting the number ofaccess points to the facility by closingand securing some access points andproviding physical barriers to impede

53


movement through the remainingaccess points;

(5) Denying access to visitorswho do not have a verified destination;

(6) Deterring waterside access tothe facility, which may include, usingwaterborne patrols to enhance securityaround the facility; or

(7) Except for government-owned vehicles on official businesswhen government personnel presentidentification credentials for entry,screening vehicles and their contents fordangerous substances and devices at therate specified for MARSEC Level 2 inthe approved FSP.

(g) MARSEC Level 3. In additionto the security measures required forMARSEC Level 1 and MARSEC Level2, the facility owner or operator mustensure the implementation of additionalsecurity measures, as specified forMARSEC Level 3 in their approvedFSP. These additional security measuresmay include:

(1) Screening all persons,baggage, and personal effects fordangerous substances and devices;

(2) Performing one or more ofthe following on unaccompaniedbaggage:

(i) Screen unaccompaniedbaggage more extensively; for example,x-raying from two or more angles;

(ii) Prepare to restrict or suspendhandling unaccompanied baggage; or

(iii) Refuse to acceptunaccompanied baggage;

(3) Being prepared to cooperatewith responders and facilities;


(5) Suspending access to thefacility;

(6) Suspending cargooperations;

(7) Evacuating the facility;(8) Restricting pedestrian or

vehicular movement on the grounds ofthe facility; or

(9) Increasing security patrolswithin the facility.§ 105.260 Security measures forrestricted areas.

(a) General. The facility owner

or operator must ensure the designationof restricted areas in order to:


(2) Protect persons authorized tobe in the facility;

(3) Protect the facility;(4) Protect vessels using and

serving the facility;(5) Protect sensitive security

areas within the facility;(6) Protect security and


(7) Protect cargo and vesselstores from tampering.

(b) Designation of RestrictedAreas. The facility owner or operatormust ensure restricted areas aredesignated within the facility. Theymust also ensure that all restricted areasare clearly marked and indicate thataccess to the area is restricted and thatunauthorized presence within the areaconstitutes a breach of security. Thefacility owner or operator may alsodesignate the entire facility as arestricted area. Restricted areas mustinclude, as appropriate:

(1) Shore areas immediatelyadjacent to each vessel moored at thefacility;

(2) Areas containing sensitivesecurity information, including cargodocumentation;

(3) Areas containing security andsurveillance equipment and systems andtheir controls, and lighting systemcontrols; and

(4) Areas containing criticalfacility infrastructure, including:

(i) Water supplies;(ii) Telecommunications;(iii) Electrical system; and(iv) Access points for ventilation

and air-conditioning systems;(5) Manufacturing or processing

areas and control rooms;(6) Locations in the facility

where access by vehicles and personnelshould be restricted;

(7) Areas designated for loading,unloading or storage of cargo andstores; and

(8) Areas containing cargoconsisting of dangerous goods orhazardous substances, including certaindangerous cargoes.

54


(c) The owner or operator mustensure that all restricted areas haveclearly established security measures to:

(1) Identify which facilitypersonnel are authorized to have access;

(2) Determine which personsother than facility personnel areauthorized to have access;


(4) Define the extent of anyrestricted area;

(5) Define the times when accessrestrictions apply;

(6) Clearly mark all restrictedareas and indicate that access to the areais restricted and that unauthorizedpresence within the area constitutes abreach of security;

(7) Control the entry, parking,loading and unloading of vehicles;

(8) Control the movement andstorage of cargo and vessel stores; and

(9) Control unaccompaniedbaggage or personal effects.

(d) MARSEC Level 1. AtMARSEC Level 1, the facility owneror operator must ensure theimplementation of security measures toprevent unauthorized access oractivities within the area. These securitymeasures may include:

(1) Restricting access to onlyauthorized personnel;

(2) Securing all access points notactively used and providing physicalbarriers to impede movement throughthe remaining access points;

(3) Assigning personnel tocontrol access to restricted areas;

(4) Verifying the identificationand authorization of all persons and allvehicles seeking entry;

(5) Patrolling or monitoring theperimeter of restricted areas;

(6) Using security personnel,automatic intrusion detection devices,surveillance equipment, or surveillancesystems to detect unauthorized entry ormovement within restricted areas;

(7) Directing the parking,loading, and unloading of vehicleswithin a restricted area;

(8) Controlling unaccompaniedbaggage and or personal effects afterscreening;

(9) Designating restricted areasfor performing inspections of cargo and

vessel stores while awaiting loading;and

(10) Designating temporaryrestricted areas to accommodate facilityoperations. If temporary restricted areasare designated, the FSP must include arequirement to conduct a security sweepof the designated temporary restrictedarea both before and after the area hasbeen established.

(e) MARSEC Level 2. In additionto the security measures required forMARSEC Level 1 in this section, atMARSEC Level 2, the facility owneror operator must also ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 2 in their approved FSP. Theseadditional security measures mayinclude:

(1) Increasing the intensity andfrequency of monitoring and accesscontrols on existing restricted accessareas;

(2) Enhancing the effectivenessof the barriers or fencing surroundingrestricted areas, by the use of patrols orautomatic intrusion detection devices;

(3) Reducing the number ofaccess points to restricted areas, andenhancing the controls applied at theremaining accesses;

(4) Restricting parking adjacentto vessels;

(5) Further restricting access tothe restricted areas and movements andstorage within them;

(6) Using continuouslymonitored and recorded surveillanceequipment;

(7) Enhancing the number andfrequency of patrols, includingwaterborne patrols undertaken on theboundaries of the restricted areas andwithin the areas; or

(8) Establishing and restrictingaccess to areas adjacent to the restrictedareas.

(f) MARSEC Level 3. In additionto the security measures required forMARSEC Level 1 and MARSEC Level2, at MARSEC Level 3, the facilityowner or operator must ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 3 in their approved FSP. Theseadditional security measures mayinclude:

55


(1) Restricting access toadditional areas;

(2) Prohibiting access torestricted areas, or

(3) Searching restricted areas aspart of a security sweep of all or part ofthe facility.§ 105.265 Security measures forhandling cargo.

(a) General. The facility owneror operator must ensure that securitymeasures relating to cargo handling,some of which may have to be appliedin liaison with the vessel, areimplemented in order to:

(1) Deter tampering;(2) Prevent cargo that is not

meant for carriage from being acceptedand stored at the facility without theknowing consent of the facility owneror operator;

(3) Identify cargo that isapproved for loading onto vesselsinterfacing with the facility;

(4) Include cargo controlprocedures at access points to thefacility;

(5) Identify cargo that isaccepted for temporary storage in arestricted area while awaiting loadingor pick up;

(6) Restrict the entry of cargo tothe facility that does not have aconfirmed date for loading, asappropriate;

(7) Ensure the release of cargoonly to the carrier specified in the cargodocumentation;

(8) When there are regular orrepeated cargo operations with the sameshipper, coordinate security measureswith the shipper or other responsibleparty in accordance with an establishedagreement and procedure; and

(9) Create, update, and maintaina continuous inventory of all dangerousgoods and hazardous substances fromreceipt to delivery within the facility,giving the location of those dangerousgoods and hazardous substances.

(b) MARSEC Level 1. AtMARSEC Level 1, the facility owneror operator must ensure theimplementation of measures to:

(1) Unless unsafe to do so,routinely check cargo, cargo transport

units, and cargo storage areas within thefacility prior to, and during, cargohandling operations for evidence oftampering;

(2) Check that cargo, containers,or other cargo transport units enteringthe facility match the delivery note orequivalent cargo documentation;

(3) Screen vehicles; and(4) Check seals and other

methods used to prevent tamperingupon entering the facility and uponstorage within the facility.

(c) MARSEC Level 2. In additionto the security measures required forMARSEC Level 1 in this section, atMARSEC Level 2, the facility owneror operator must also ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 2 in the approved FSP. Theseadditional security measures mayinclude:

(1) Conducting check of cargo,containers or other cargo transportunits, and cargo storage areas within thefacility for evidence of tampering;

(2) Intensifying checks, asappropriate, to ensure that only thedocumented cargo enters the facility, istemporarily stored there, and thenloaded onto the vessel;

(3) Intensifying the screening ofvehicles;

(4) Increasing frequency anddetail in checking of seals and othermethods used to prevent tampering;

(5) Coordinating enhancedsecurity measures with the shipper orother responsible party in accordancewith an established agreement andprocedures;

(6) Increasing the frequency andintensity of visual and physicalinspections; or

(7) Limiting the number oflocations where dangerous goods andhazardous substances, including certaindangerous cargoes, can be stored.

(d) MARSEC Level 3. In additionto the security measures required forMARSEC Level 1 and MARSEC Level2, at MARSEC Level 3, the facilityowner or operator must ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 3 in the approved FSP. Theseadditional security measures may

56


include:(1) Restricting or suspending

cargo movements or operations withinall or part of the facility or specificvessels;

(2) Being prepared to cooperatewith responders and vessels; or

(3) Verifying the inventory andlocation of any dangerous goods andhazardous substances, including certaindangerous cargoes, held within thefacility and their location.§ 105.270 Security measures fordelivery of vessel stores andbunkers.

(a) General. The facility owneror operator must ensure that securitymeasures relating to the delivery ofvessel stores and bunkers areimplemented to:

(1) Check vessel stores forpackage integrity;

(2) Prevent vessel stores frombeing accepted without inspection;

(3) Deter tampering;(4) For vessels that routinely use

a facility, establish and execute standingarrangements between the vessel, itssuppliers, and a facility regardingnotification and the timing of deliveriesand their documentation; and

(5) Check vessel stores by thefollowing means:

(i) Visual examination;(ii) Physical examination;(iii) Detection devices, such as

scanners; or(iv) Canines.(b) MARSEC Level 1. At

MARSEC Level 1, the facility owneror operator must ensure theimplementation of measures to:

(1) Screen vessel stores at therate specified in the approved FacilitySecurity Plan (FSP);

(2) Require advance notificationof vessel stores or bunkers delivery,including a list of stores, deliveryvehicle driver information, and vehicleregistration information;

(3) Screen delivery vehicles atthe frequencies specified in theapproved FSP; and

(4) Escort delivery vehicleswithin the facility at the rate specifiedby the approved FSP.

(c) MARSEC Level 2. In additionto the security measures required forMARSEC Level 1 in this section, atMARSEC Level 2, the facility owneror operator must also ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 2 in the approved FSP. Theseadditional security measures mayinclude:

(1) Detailed screening of vesselstores;

(2) Detailed screening of alldelivery vehicles;

(3) Coordinating with vesselpersonnel to check the order against thedelivery note prior to entry to thefacility;

(4) Ensuring delivery vehiclesare escorted within the facility; or

(5) Restricting or prohibiting theentry of vessel stores that will not leavethe facility within a specified period.

(d) MARSEC Level 3. In additionto the security measures for MARSECLevel 1 and MARSEC Level 2, atMARSEC Level 3, the facility ownerand operator must ensureimplementation of additional securitymeasures, as specified for MARSECLevel 3 in the approved FSP. Examplesof these additional security measuresmay include:

(1) Checking all vessel storesmore extensively;

(2) Restricting or suspendingdelivery of vessel stores; or

(3) Refusing to accept vesselstores on the facility.§ 105.275 Security measures formonitoring.

(a) General. The facility owneror operator must ensure theimplementation of security measures inthis section and have the capability tocontinuously monitor, through acombination of lighting, securityguards, waterborne patrols, automaticintrusion-detection devices, orsurveillance equipment, as specified inthe approved Facility Security Plan(FSP), the:

(1) Facility and its approaches,on land and water;

(2) Restricted areas within thefacility; and

57


(3) Vessels at the facility andareas surrounding the vessels.

(b) MARSEC Level 1. AtMARSEC Level 1, the facility owneror operator must ensure the securitymeasures in this section areimplemented at all times, including theperiod from sunset to sunrise andperiods of limited visibility. For eachfacility, ensure monitoring capabilitythat:

(1) When automatic intrusion-detection devices are used, activates anaudible or visual alarm, or both, at alocation that is continuously attendedor monitored;

(2) Is able to functioncontinually, including consideration ofthe possible effects of weather or of apower disruption;

(3) Monitors the facility area,including shore and waterside access toit;

(4) Monitors access points,barriers and restricted areas;

(5) Monitors access andmovements adjacent to vessels using thefacility, including augmentation oflighting provided by the vessel itself;and

(6) Limits lighting effects, suchas glare, and their impact on safety,navigation, and other security activities.

(c) MARSEC Level 2. In additionto the security measures for MARSECLevel 1 in this section, at MARSECLevel 2, the facility owner or operatormust also ensure the implementation ofadditional security measures, asspecified for MARSEC Level 2 in theapproved FSP. These additionalmeasures may include:

(1) Increasing the coverage andintensity of surveillance equipment,including the provision of additionalsurveillance coverage;

(2) Increasing the frequency offoot, vehicle or waterborne patrols;

(3) Assigning additional securitypersonnel to monitor and patrol; or

(4) Increasing the coverage andintensity of lighting, including theprovision of additional lighting andcoverage.

(d) MARSEC Level 3. In additionto the security measures for MARSECLevel 1 and MARSEC Level 2, atMARSEC Level 3, the facility owner

or operator must also ensureimplementation of additional securitymeasures, as specified for MARSECLevel 3 in the approved FSP. Theseadditional security measures mayinclude:

(1) Switching on all lightingwithin, or illuminating the vicinity of,the facility;

(2) Switching on all surveillanceequipment capable of recordingactivities within or adjacent to thefacility;

(3) Maximizing the length oftime such surveillance equipment cancontinue to record; or

(4) Complying with theinstructions issued by those respondingto the security incident.§ 105.280 Security incidentprocedures.

For each MARSEC Level, thefacility owner or operator must ensurethe Facility Security Officer and facilitysecurity personnel are able to:

(a) Respond to security threats orbreaches of security and maintaincritical facility and vessel-to-facilityinterface operations;

(b) Evacuate the facility in caseof security threats or breaches ofsecurity;

(c) Report security incidents asrequired in §101.305 of this subchapter;

(d) Brief all facility personnel onpossible threats and the need forvigilance, soliciting their assistance inreporting suspicious persons, objects,or activities; and

(e) Secure non-criticaloperations in order to focus responseon critical operations.§ 105.285 Additionalrequirements-passenger and ferryfacilities.

(a) At all MARSEC Levels, theowner or operator of a passenger orferry facility must ensure, incoordination with a vessel moored atthe facility, that the following securitymeasures are implemented in additionto the requirements of this part:

(1) Establish separate areas tosegregate unchecked persons andpersonal effects from checked persons

58


and personal effects;(2) Ensure that a defined

percentage of vehicles to be loadedaboard are screened prior to loading,in accordance with a MARSECDirective or other orders issued by theCoast Guard;

(3) Ensure that allunaccompanied vehicles to be loadedon passenger vessels are screened priorto loading;

(4) Deny passenger access torestricted areas unless supervised byfacility security personnel; and

(5) In a facility with a publicaccess area designated under §105.106,provide sufficient security personnel tomonitor all persons within the area.

(b) At MARSEC Level 2, inaddition to the requirements inparagraph (a) of this section, the owneror operator of a passenger or ferryfacility with a public access areadesignated under § 105.106 mustincrease the intensity of monitoring ofthe public access area.

(c) At MARSEC Level 3, inaddition to the requirements inparagraph (a) of this section, the owneror operator of a passenger or ferryfacility with a public access areadesignated under § 105.106 mustincrease the intensity of monitoring andassign additional security personnel tomonitor the public access area.§ 105.290 Additionalrequirements-cruise ship terminals.

At all MARSEC Levels, incoordination with a vessel moored atthe facility, the facility owner oroperator must ensure the followingsecurity measures:

(a) Screen all persons, baggage,and personal effects for dangeroussubstances and devices;

(b) Check the identification of allpersons seeking to board the vessel.This includes confirming the reason forboarding by examining joininginstructions, passenger tickets, boardingpasses, government identification orvisitor badges, or work orders;

(c) Designate holding, waiting,or embarkation areas to segregatescreened persons and their personaleffects awaiting embarkation from

unscreened persons and their personaleffects;

(d) Provide additional securitypersonnel to designated holding,waiting, or embarkation areas; and

(e) Deny passenger access torestricted areas unless supervised byfacility security personnel.§ 105.295 Additionalrequirements-Certain DangerousCargo (CDC) facilities.

(a) At all MARSEC Levels,owners or operators of CDC facilitiesmust ensure the implementation of thefollowing security measures in additionto the requirements of this part:

(1) Escort all visitors,contractors, vendors, and other non-facility employees at all times while onthe facility, if access identification is notprovided. Escort provisions do notapply to prearranged cargo deliveries;

(2) Control the parking, loading,and unloading of vehicles within afacility;

(3) Require security personnel torecord or report their presence at keypoints during their patrols;

(4) Search unmanned orunmonitored waterfront areas fordangerous substances and devices priorto a vessel's arrival at the facility; and

(5) Provide an alternate orindependent power source for securityand communications systems.

(b) At MARSEC Level 2, inaddition to the requirements forMARSEC Level 1, owners or operatorsof CDC facilities must ensure theimplementation of the followingsecurity measures:

(1) Release cargo only in thepresence of the Facility Security Officer(FSO) or a designated representative ofthe FSO; and

(2) Continuously patrolrestricted areas.

(c) At MARSEC Level 3, inaddition to the requirements forMARSEC Level 1 and MARSEC Level2, owners or operators of CDC facilitiesmust ensure the facilities arecontinuously guarded and restrictedareas are patrolled.§ 105.296 Additionalrequirements-barge fleeting

59


facilities.(a) At MARSEC Level 1, in

addition to the requirements of this part,an owner or operator of a barge fleetingfacility must ensure the implementationof the following security measures:

(1) Designate one or morerestricted areas within the barge fleetingfacility to handle those barges carrying,in bulk, cargoes regulated by 46 CFRchapter I, subchapters D or O, orCertain Dangerous Cargoes;

(2) Maintain a current list ofvessels and cargoes in the designatedrestricted area; and

(3) Ensure that at least onetowing vessel is available to service thefleeting facility for every 100 bargeswithin the facility.

(b) At MARSEC Level 2, inaddition to the requirements of this partand MARSEC Level 1 requirements, anowner or operator of a barge fleetingfacility must ensure security personnelare assigned to monitor or patrol thedesignated restricted area within thebarge fleeting facility.

(c) At MARSEC Level 3, inaddition to the requirements of this partand MARSEC Level 2 requirements, anowner or operator of a barge fleetingfacility must ensure that both land andwaterside perimeters of the designatedrestricted area within the barge fleetingfacility are continuously monitored orpatrolled.

Subpart C—Facility SecurityAssessment (FSA)

§ 105.300 General.(a) The Facility Security

Assessment (FSA) is a writtendocument that is based on the collectionof background information, thecompletion of an on-scene survey andan analysis of that information.

(b) A common FSA may beconducted for more than one similarfacility provided the FSA reflects anyfacility-specific characteristics that areunique.

(c) Third parties may be used inany aspect of the FSA if they have theappropriate skills and if the FacilitySecurity Officer (FSO) reviews andaccepts their work.

(d) Those involved in a FSAmust be able to draw upon expertassistance in the following areas, asappropriate:




(4) Techniques used tocircumvent security measures;

(5) Methods used to cause asecurity incident;

(6) Effects of dangeroussubstances and devices on structuresand facility services;

(7) Facility securityrequirements;

(8) Facility and vessel interfacebusiness practices;

(9) Contingency planning,emergency preparedness, and response;



(12) Marine or civil engineering;and

(13) Facility and vesseloperations.§ 105.305 Facility SecurityAssessment (FSA) requirements.

(a) Background. The facilityowner or operator must ensure that thefollowing background information, ifapplicable, is provided to the person orpersons who will conduct theassessment:

(1) The general layout of thefacility, including:

(i) The location of each activeand inactive access point to the facility;

(ii) The number, reliability, andsecurity duties of facility personnel;

(iii) Security doors, barriers, andlighting;

(iv) The location of restrictedareas;

(v) The emergency and stand-byequipment available to maintainessential services;

(vi) The maintenance equipment,

60


cargo spaces, storage areas, andunaccompanied baggage storage;

(vii) Location of escape andevacuation routes and assemblystations; and

(viii)Existing security and safetyequipment for protection of personneland visitors;

(2) Response procedures for fireor other emergency conditions;

(3) Procedures for monitoringfacility and vessel personnel, vendors,repair technicians, and dock workers;

(4) Existing contracts withprivate security companies and existingagreements with local or municipalagencies;

(5) Procedures for controllingkeys and other access preventionsystems;

(6) Procedures for cargo andvessel stores operations;

(7) Response capability tosecurity incidents;

(8) Threat assessments,including the purpose and methodologyof the assessment, for the port in whichthe facility is located or at whichpassengers embark or disembark;

(9) Previous reports on securityneeds; and

(10) Any other existing securityprocedures and systems, equipment,communications, and facility personnel.

(b) On-scene survey. The facilityowner or operator must ensure that anon-scene survey of each facility isconducted. The on-scene surveyexamines and evaluates existing facilityprotective measures, procedures, andoperations to verify or collect theinformation required in paragraph (a)of this section.

(c) Analysis andrecommendations. In conducting theFSA, the facility owner or operator mustensure that the FSO analyzes the facilitybackground information and the on-scene survey, and considering therequirements of this part, providesrecommendations to establish andprioritize the security measures thatshould be included in the FSP. Theanalysis must consider:

(1) Each vulnerability foundduring the on-scene survey includingbut not limited to:

(i) Waterside and shore-side

access to the facility and vessel berthingat the facility;

(ii) Structural integrity of thepiers, facilities, and associatedstructures;

(iii) Existing security measuresand procedures, including identificationsystems;

(iv) Existing security measuresand procedures relating to services andutilities;

(v) Measures to protect radio andtelecommunication equipment,including computer systems andnetworks;

(vi) Adjacent areas that may beexploited during or for an attack;

(vii) Areas that may, if damagedor used for illicit observation, pose arisk to people, property, or operationswithin the facility;

(viii)Existing agreements withprivate security companies providingwaterside and shore-side securityservices;

(ix) Any conflicting policiesbetween safety and security measuresand procedures;

(x) Any conflicting facilityoperations and security dutyassignments;

(xi) Any enforcement andpersonnel constraints;

(xii) Any deficiencies identifiedduring daily operations or training anddrills; and

(xiii)Any deficiencies identifiedfollowing security incidents or alerts,the report of security concerns, theexercise of control measures, or audits;


(i) Damage to or destruction ofthe facility or of a vessel moored at thefacility;

(ii) Hijacking or seizure of avessel moored at the facility or ofpersons on board;

(iii) Tampering with cargo,essential equipment or systems, orstores of a vessel moored at the facility;

(iv) Unauthorized access or useincluding the presence of stowaways;

(v) Smuggling dangeroussubstances and devices to the facility;

(vi) Use of a vessel moored at thefacility to carry those intending to causea security incident and their equipment;

61


(vii) Use of a vessel moored at thefacility as a weapon or as a means tocause damage or destruction;

(viii)Impact on the facility and itsoperations due to a blockage ofentrances, locks, and approaches; and

(ix) Use of the facility as atransfer point for nuclear, biological,radiological, explosive, or chemicalweapons;

(3) Threat assessments byGovernment agencies;

(4) Vulnerabilities, includinghuman factors, in the facility'sinfrastructure, policies and procedures;

(5) Any particular aspects of thefacility, including the vessels using thefacility, which make it likely to be thetarget of an attack;

(6) Likely consequences in termsof loss of life, damage to property, andeconomic disruption, includingdisruption to transportation systems, ofan attack on or at the facility; and

(7) Locations where accessrestrictions or prohibitions will beapplied for each MARSEC Level.

(d) FSA report. (1) The facilityowner or operator must ensure that awritten FSA report is prepared andincluded as part of the FSP. The reportmust contain:


(ii) A description of existingsecurity measures, including inspection,control and monitoring equipment,personnel identification documents andcommunication, alarm, lighting, accesscontrol, and similar systems;

(iii) A description of eachvulnerability found during the on-scenesurvey;

(iv) A description of securitymeasures that could be used to addresseach vulnerability;

(v) A list of the key facilityoperations that are important to protect;and

(vi) A list of identifiedweaknesses, including human factors,in the infrastructure, policies, andprocedures of the facility.

(2) A FSA report must describethe following elements within thefacility:

(i) Physical security;(ii) Structural integrity;

(iii) Personnel protectionsystems;

(iv) Procedural policies;(v) Radio and

telecommunication systems, includingcomputer systems and networks;

(vi) Relevant transportationinfrastructure; and

(vii) Utilities.(3) The FSA report must list the

persons, activities, services, andoperations that are important to protect,in each of the following categories:

(i) Facility personnel;(ii) Passengers, visitors, vendors,

repair technicians, vessel personnel,etc.;

(iii) Capacity to maintainemergency response;

(iv) Cargo, particularlydangerous goods and hazardoussubstances;

(v) Delivery of vessel stores;(vi) Any facility security

communication and surveillancesystems; and

(vii) Any other facility securitysystems, if any.

(4) The FSA report must accountfor any vulnerabilities in the followingareas:


(ii) Conflicts between duties andsecurity assignments;

(iii) The impact of watch-keepingduties and risk of fatigue on facilitypersonnel alertness and performance;



(5) The FSA report must discussand evaluate key facility measures andoperations, including:


(ii) Controlling access to thefacility, through the use of identificationsystems or otherwise;

(iii) Controlling the embarkationof vessel personnel and other personsand their effects (including personaleffects and baggage whetheraccompanied or unaccompanied);

(iv) Procedures for the handlingof cargo and the delivery of vessel

62


stores;(v) Monitoring restricted areas to

ensure that only authorized personshave access;

(vi) Monitoring the facility andareas adjacent to the pier; and


(e) The FSA, FSA report, andFSP must be protected fromunauthorized access or disclosure.§ 105.310 Submissionrequirements.

(a) A completed FSA report mustbe submitted with the Facility SecurityPlan required in § 105.410 of this part.

(b) A facility owner or operatormay generate and submit a report thatcontains the Facility SecurityAssessment for more than one facilitysubject to this part, to the extent thatthey share similarities in design andoperations, if authorized and approvedby the cognizant COTP.

(c) The FSA must be reviewedand validated, and the FSA report mustbe updated each time the FSP issubmitted for reapproval or revisions.

Subpart D—Facility Security Plan(FSP)

§ 105.400 General.(a) The Facility Security Officer

(FSO) must ensure a Facility SecurityPlan (FSP) is developed andimplemented for each facility for whichhe or she is designated as FSO. TheFSP:

(1) Must identify the FSO byname and position, and provide 24-hourcontact information;

(2) Must be written in English;(3) Must address each

vulnerability identified in the FacilitySecurity Assessment (FSA);

(4) Must describe securitymeasures for each MARSEC Level; and

(5) May cover more than onefacility to the extent that they sharesimilarities in design and operations, ifauthorized and approved by thecognizant COTP.

(b) The FSP must be submittedfor approval to the cognizant COTP in

a written or electronic format.Information for submitting the FSPelectronically can be found at http://www.uscg.mil/HQ/MSC.

(c) The FSP is sensitive securityinformation and must be protected inaccordance with 49 CFR part 1520.

(d) If the FSP is kept in anelectronic format, procedures must bein place to prevent its unauthorizeddeletion, destruction, or amendment.§ 105.405 Format and content ofthe Facility Security Plan (FSP).

(a) A facility owner or operatormust ensure that the FSP consists of theindividual sections listed in thisparagraph (a). If the FSP does notfollow the order as it appears in the list,the facility owner or operator mustensure that the FSP contains an indexidentifying the location of each of thefollowing sections:

(1) Security administration andorganization of the facility;



with vessels;(7) Declaration of Security



control, including designated publicaccess areas;

(11) Security measures forrestricted areas;

(12) Security measures forhandling cargo;

(13) Security measures fordelivery of vessel stores and bunkers;

(14) Security measures formonitoring;

(15) Security incident procedures;(16) Audits and security plan

amendments;(17) Facility Security Assessment

(FSA) report; and(18) Facility Vulnerability and

Security Measures Summary (FormCG–6025) in appendix A to part 105–Facility Vulnerability and Security

63


Measures Summary (CG–6025).(b) The facility owner or

operator must ensure that the FSPdescribes in detail how each of theindividual requirements of subpart B ofthis part will be met.

(c) The Facility Vulnerabilityand Security Measures Summary (FormCG–6025) must be completed usinginformation in the FSA concerningidentified vulnerabilities andinformation in the FSP concerningsecurity measures in mitigation of thesevulnerabilities.§ 105.410 Submission andapproval.

(a) On or before December 31,2003, the owner or operator of eachfacility currently in operation musteither:

(1) Submit one copy of theirFacility Security Plan (FSP) for reviewand approval to the cognizant COTPand a letter certifying that the FSP meetsapplicable requirements of this part; or

(2) If intending to operate underan Approved Security Program, a lettersigned by the facility owner or operatorstating which approved AlternativeSecurity Program the owner or operatorintends to use.

(b) Owners or operators offacilities not in service on or beforeDecember 31, 2003, must comply withthe requirements in paragraph (a) of thissection 60 days prior to beginningoperations or by December 31, 2003,whichever is later.

(c) The cognizant COTP willexamine each submission forcompliance with this part and either:



(3) Disapprove it, returning a copyto the submitter with a brief statementof the reasons for disapproval.

(d) An FSP may be submittedand approved to cover more than onefacility where they share similarities indesign and operations, if authorized and

approved by each cognizant COTP.(e) Each facility owner or

operator that submits one FSP to covertwo or more facilities of similar designand operation must address facility-specific information that includes thedesign and operational characteristicsof each facility and must complete aseparate Facility Vulnerability andSecurity Measures Summary (FormCG–6025), in appendix A to part 105—Facility Vulnerability and SecurityMeasures Summary (CG–6025), foreach facility covered by the plan.

(f) A FSP that is approved by thecognizant COTP is valid for five yearsfrom the date of its approval.§ 105.415 Amendment and audit.

(a) Amendments. (1)Amendments to a Facility Security Plan(FSP) that is approved by the cognizantCOTP may be initiated by:

(i) The facility owner oroperator; or

(ii) The cognizant COTP upon adetermination that an amendment isneeded to maintain the facility'ssecurity. The cognizant COTP, who willgive the facility owner or operatorwritten notice and request that thefacility owner or operator proposeamendments addressing any mattersspecified in the notice. The facilityowner or operator will have at least 60days to submit its proposedamendments. Until amendments areapproved, the facility owner or operatorshall ensure temporary securitymeasures are implemented to thesatisfaction of the COTP.

(2) Proposed amendments mustbe submitted to the cognizant COTP. Ifinitiated by the facility owner oroperator, the proposed amendment mustbe submitted at least 30 days before theamendment is to take effect unless thecognizant COTP allows a shorterperiod. The cognizant COTP willapprove or disapprove the proposedamendment in accordance with §105.410 of this subpart.

(3) Nothing in this sectionshould be construed as limiting thefacility owner or operator from thetimely implementation of suchadditional security measures not

64


enumerated in the approved FSP asnecessary to address exigent securitysituations. In such cases, the owner oroperator must notify the cognizantCOTP by the most rapid meanspracticable as to the nature of theadditional measures, the circumstancesthat prompted these additionalmeasures, and the period of time theseadditional measures are expected to bein place.

(4) If there is a change in the owneror operator, the Facility Security Officer(FSO) must amend the FSP to includethe name and contact information of thenew facility owner or operator andsubmit the affected portion of the FSPfor review and approval in accordancewith § 105.410 of this subpart.

(b) Audits. (1) The FSO mustensure an audit of the FSP is performedannually, beginning no later than oneyear from the initial date of approval,and attach a letter to the FSP certifyingthat the FSP meets the applicablerequirements of this part.

(2) The FSP must be audited ifthere is a change in the facility'sownership or operator, or if there havebeen modifications to the facility,including but not limited to physicalstructure, emergency responseprocedures, security measures, oroperations.

(3) Auditing the FSP as a resultof modifications to the facility may belimited to those sections of the FSPaffected by the facility modifications.

(4) Unless impracticable due tothe size and nature of the company orthe facility, personnel conductinginternal audits of the security measuresspecified in the FSP or evaluating itsimplementation must:

(i) Have knowledge of methodsfor conducting audits and inspections,and security, control, and monitoringtechniques;



(5) If the results of an audit re-quire amendment of either the FSA orFSP, the FSO must submit, in accor-dance with § 105.410 of this subpart,the amendments to the cognizant COTPfor review and approval no later than30 days after completion of the auditand a letter certifying that the amendedFSP meets the applicable requirementsof this part.

65


Facility Vulnerability and Security Measures SummaryForm CG-6025

66

Part 105—Maritime Security: Facilities33 CFR Ch. I , Subchapter H

Vulnerability and Security Measures AddendumForm CG-6025A

67


Instructions For the Form CG-6025

68

Part 105—Maritime Security: Facilities33 CFR Ch. I , Subchapter H

Key For the Form CG-6025

69





SECURITY

PART 106—MARITIMESECURITY: OUTER

CONTINENTAL SHELF (OCS)FACILITIES

Subpart A -- GeneralSec.106.100 Definitions.106.105 Applicability.106.110 Compliance dates.106.115 Compliance documentation.106.120 Noncompliance.106.125 Waivers.106.130 Equivalents.106.135 Alternative Security

Program.106.140 Maritime Security


Subpart B -- Outer ContinentalShelf (OCS) Facility Security

Requirements106.200 Owner or operator.106.205 Company Security Officer

(CSO).106.210 Facility Security Officer

(FSO).106.215 Company or OCS facility

personnel with security duties.106.220 Security training for all

other OCS facility personnel.106.225 Drill and exercise

requirements.106.230 OCS facility recordkeeping




with vessels.106.250 Declaration of Security


equipment maintenance.

106.260 Security measures foraccess control.

106.265 Security measures forrestricted areas.

106.270 Security measures fordelivery of stores and industrialsupplies.



Subpart C -- Outer ContinentalShelf (OCS) Facility Security

Assessment (FSA)106.300 General.106.305 Facility Security

Assessment (FSA) requirements.106.310 Submission requirements.

Subpart D -- Outer ContinentalShelf (OCS) Facility Security Plan

(FSP)106.400 General.106.405 Format and Content of the

Facility Security Plan (FSP).106.410 Submission and approval.106.415 Amendment and audit.

Authority: 33 U.S.C. 1226, 1231; 46U.S.C. Chapter 701; 50 U.S.C. 191;33 CFR 1.05–1, 6.04–11, 6.14, 6.16,and 6.19; Department Of HomelandSecurity Delegation No. 0170.1.Source: USCG-2003-14759, 68 FR39322, July 1, 2003, unless otherwisenoted.



The requirements in this part applyto owners and operators of any fixed orfloating facility, including MODUs notsubject to part 104 of this subchapter,operating on the Outer ContinentalShelf (OCS) of the United States for thepurposes of engaging in the exploration,development, or production of oil,natural gas, or mineral resources thatare regulated by 33 CFR subchapter N,that meet the following operating

70

Part 106—Maritime Security: Outer Continental Shelf Facilities33 CFR Ch. I , Subchapter H

conditions:(a) Hosts more than 150 persons

for 12 hours or more in each 24-hourperiod continuously for 30 days ormore;

(b) Produces greater than100,000 barrels of oil per day; or

(c) Produces greater than 200million cubic feet of natural gas per day.§ 106.110 Compliance dates.

(a) On or before December 31,2003, OCS facility owners or operatorsmust submit to the cognizant DistrictCommander for each OCS facility—

(1) The Facility Security Plandescribed in subpart D of this part forreview and approval; or

(2) If intending to operate underan approved Alternative SecurityProgram, a letter signed by the OCSfacility owner or operator stating whichapproved Alternative Security Programthe owner or operator intends to use.

(b) On or before July 1, 2004,each OCS facility owner or operatormust be operating in compliance withthis part.

(c) OCS facilities built on orafter July 1, 2004, must submit forapproval an FSP 60 days prior tobeginning operations.§ 106.115 Compliancedocumentation.

Each OCS facility owner oroperator subject to this part must ensurebefore July 1, 2004, that copies of thefollowing documentation are availableat the OCS facility and are madeavailable to the Coast Guard uponrequest:

(a) The approved FacilitySecurity Plan (FSP) and any approvedrevisions or amendments thereto, anda letter of approval from the cognizantDistrict Commander dated within thelast 5 years;

(b) The FSP submitted forapproval and current writtenacknowledgment from the cognizantDistrict Commander, stating that theCoast Guard is currently reviewing theFSP submitted for approval and that theOCS facility may continue to operateso long as the OCS facility remains incompliance with the submitted FSP; or

(c) For OCS facilities operatingunder a Coast Guard-approvedAlternative Security Program asprovided in §106.135, a copy of theAlternative Security Program the OCSfacility is using, including a facilityspecific security assessment reportgenerated under the AlternativeSecurity Program, as specified in §101.120(b)(3) of this subchapter, and aletter signed by the OCS facility owneror operator, stating which AlternativeSecurity Program the OCS facility isusing and certifying that the OCSfacility is in full compliance with thatprogram.§ 106.120 Noncompliance.

When an OCS facility musttemporarily deviate from therequirements of this part, the OCSfacility owner or operator must notifythe cognizant District Commander, andeither suspend operations or request andreceive permission from the DistrictCommander to continue operating.§ 106.125 Waivers.

Any OCS facility owner oroperator may apply for a waiver of anyrequirement of this part that the OCSfacility owner or operator considersunnecessary in light of the nature oroperating conditions of the OCSfacility. A request for a waiver must besubmitted in writing with justificationto the cognizant District Commander.The cognizant District Commander mayrequire the OCS facility owner oroperator to provide additional data foruse in determining the validity of therequested waiver. The cognizantDistrict Commander may grant awaiver, in writing, with or withoutconditions only if the waiver will notreduce the overall security of the OCSfacility, its personnel, or visitingvessels.§ 106.130 Equivalents.

For any measure required by thispart, the OCS facility owner or operatormay propose an equivalent, as providedin §101.130 of this subchapter.§ 106.135 Alternative SecurityProgram.

71


An OCS facility owner or operatormay use an Alternative SecurityProgram approved under §101.120 ofthis subchapter if:

(a) The Alternative SecurityProgram is appropriate to that OCSfacility;

(b) The OCS facility does notserve vessels on international voyages;and

(c) The Alternative SecurityProgram is implemented in its entirety.§ 106.140 Maritime Security(MARSEC) Directive.

All OCS facility owners oroperators subject to this part mustcomply with any instructions containedin a MARSEC Directive issued under§101.405 of this subchapter.§ 106.145 Right to appeal.


Subpart B—Outer ContinentalShelf (OCS) Facility Security

Requirements§ 106.200 Owner or operator.

(a) Each OCS facility owner oroperator must ensure that the OCSfacility operates in compliance with therequirements of this part.

(b) For each OCS facility, theOCS facility owner or operator must:

(1) Define the securityorganizational structure for each OCSFacility and provide each personexercising security duties orresponsibilities within that structure thesupport needed to fulfill thoseobligations;

(2) Designate in writing, byname or title, a Company SecurityOfficer (CSO) and a Facility SecurityOfficer (FSO) for each OCS Facilityand identify how those officers can becontacted at any time;

(3) Ensure that a FacilitySecurity Assessment (FSA) isconducted;

(4) Ensure the development andsubmission for approval of a Facility

Security Plan (FSP);(5) Ensure that the OCS facility

operates in compliance with theapproved FSP;

(6) Ensure that adequatecoordination of security issues takesplace between OCS facilities andvessels, including the execution of aDeclaration of Security (DoS) asrequired by this part;

(7) Ensure, within 12 hours ofnotification of an increase in MARSECLevel, implementation of the additionalsecurity measures required by the FSPfor the new MARSEC Level;

(8) Ensure all breaches ofsecurity and security incidents arereported in accordance with part 101of this subchapter; and

(9) Ensure consistency betweensecurity requirements and safetyrequirements.§ 106.205 Company SecurityOfficer (CSO).

(a) General. (1) An OCS facilityowner or operator may designate asingle CSO for all its OCS facilities towhich this part applies, or maydesignate more than one CSO, in whichcase the owner or operator must clearlyidentify the OCS facilities for whicheach CSO is responsible.

(2) A CSO may perform otherduties within the owner's or operator'sorganization, including the duties of aFacility Security Officer, provided heor she is able to perform the duties andresponsibilities required of the CSO.

(3) The CSO may delegate dutiesrequired by this part, but remainsresponsible for the performance ofthose duties.

(b) Qualifications. The CSOmust have general knowledge, throughtraining or equivalent job experience,in the following:

(1) Security administration andorganization of the OCS facility;

(2) OCS facility and vesseloperations and conditions;

(3) OCS facility and vesselsecurity measures including themeaning and consequentialrequirements of the different MARSECLevels;

(4) Emergency preparedness and

72


response and contingency planning;(5) Security equipment and

systems and their operationallimitations;

(6) Methods of conductingaudits, inspection, control, andmonitoring; and

(7) Techniques for securitytraining and education, includingsecurity measures and procedures.

(c) In addition to the knowledgeand training in paragraph (b) of thissection, the CSO must have generalknowledge, through training orequivalent job experience, in thefollowing, as appropriate:

(1) Relevant internationalconventions, codes, andrecommendations;

(2) Relevant governmentlegislation and regulations;

(3) Responsibilities andfunctions of other securityorganizations;

(4) Methodology of FacilitySecurity Assessment.

(5) Methods of OCS facilitysecurity surveys and inspections;

(6) Handling sensitive securityinformation (SSI) and security relatedcommunications;




(10) Techniques used tocircumvent security measures;

(11) Methods of physicalscreening and non-intrusiveinspections; and

(12) Conducting and assessingsecurity drills and exercises.

(d) Responsibilities. In additionto any other duties required by this part,for each OCS facility for which the CSOis responsible, the CSO must:

(1) Keep the OCS facilityapprised of potential threats or otherinformation relevant to its security;

(2) Ensure that a FacilitySecurity Assessment (FSA) is carriedout in compliance with this part;

(3) Ensure that a FacilitySecurity Plan (FSP) is developed,

approved, maintained, andimplemented in compliance with thispart;

(4) Ensure that the FSP ismodified when necessary to complywith this part;

(5) Ensure that OCS facilitysecurity activities are audited incompliance with this part;

(6) Ensure the timely correctionof problems identified by audits orinspections;

(7) Enhance security awarenessand vigilance within the owner's oroperator's organization;

(8) Ensure relevant personnelreceive adequate security training incompliance with this part;

(9) Ensure communication andcooperation between the OCS facilityand vessels that interface with it, incompliance with this part;

(10) Ensure consistency betweensecurity requirements and safetyrequirements in compliance with thispart;

(11) Ensure that if a common FSPis prepared for more than one similarOCS facility, the FSP reflects any OCSfacility specific characteristics; and

(12) Ensure compliance with anAlternative Security Program orequivalents approved under thissubchapter, if appropriate.§ 106.210 OCS Facility SecurityOfficer (FSO).

(a) General. (1) The FSO mayperform other duties within the owner'sor operator's organization, provided heor she is able to perform the duties andresponsibilities required of the FSO ofeach such OCS facility.

(2) The same person may serveas the FSO for more than one OCSfacility, provided the facilities are withina reasonable proximity to each other. Ifa person serves as the FSO for morethan one OCS facility, the name of eachOCS facility for which he or she is theFSO must be listed in the FacilitySecurity Plan (FSP) of each OCSfacility for which he or she is the FSO.

(3) The FSO may assign securityduties to other OCS facility personnel;however, the FSO remains responsiblefor these duties.

73


(b) Qualifications. The FSOmust have general knowledge, throughtraining or equivalent job experience,in the following:

(1) Those items listed in§106.205(b), and as appropriate§106.205(c), of this part;

(2) OCS facility layout;(3) The FSP and related

procedures; and(4) Operation, testing and

maintenance of security equipment andsystems.

(c) Responsibilities. In additionto any other responsibilities specifiedelsewhere in this part, the FSO must,for each OCS facility for which he orshe has been designated:

(1) Regularly inspect the OCSfacility to ensure that security measuresare maintained in compliance with thispart;

(2) Ensure the maintenance ofand supervision of the implementationof the FSP, and any amendments to theFSP, in compliance with this part;

(3) Ensure the coordination andhandling of stores and industrialsupplies in compliance with this part;

(4) Where applicable, proposemodifications to the FSP to theCompany Security Officer (CSO);

(5) Ensure that any problemsidentified during audits or inspectionsare reported to the CSO, and promptlyimplement any corrective actions;

(6) Ensure security awarenessand vigilance on board the OCS facility;

(7) Ensure adequate securitytraining for OCS facility personnel incompliance with this part;

(8) Ensure the reporting andrecording of all security incidents incompliance with this part;

(9) Ensure the coordinatedimplementation of the FSP with theCSO;

(10) Ensure that securityequipment is properly operated, tested,calibrated and maintained incompliance with this part;

(11) Ensure consistency betweensecurity requirements and the propertreatment of OCS facility personnelaffected by those requirements;

(12) Ensure that occurrences thatthreaten the security of the OCS facilityare recorded and reported to the CSO;

(13) Ensure that when changes inthe MARSEC Level are attained theyare recorded and reported to the CSO,OCS facility owner or operator, and thecognizant District Commander; and

(14) Have prompt access to a copyof the FSA, along with an approvedcopy of the FSP.§ 106.215 Company or OCSfacility personnel with securityduties.

Company or OCS facilitypersonnel responsible for securityduties must have knowledge, throughtraining or equivalent job experience,in the following, as appropriate:

(a) Knowledge of current andanticipated security threats and patterns.



(d) Recognition of techniquesused to circumvent security measures;

(e) Security relatedcommunications;

(f) Knowledge of emergencyprocedures and contingency plans;

(g) Operation of securityequipment and systems;

(h) Testing, calibration, andmaintenance of security equipment andsystems;

(i) Inspection, control, andmonitoring techniques;

(j) Methods of physicalscreenings of persons, personal effects,stores and industrial supplies;

(k) Relevant provisions of theFacility Security Plan (FSP); and

(l) The meaning and theconsequential requirements of thedifferent MARSEC Levels.§ 106.220 Security training for allother OCS facility personnel.

All other OCS facility personnel,including contractors, whether part-time, full-time, temporary, orpermanent, must have knowledge,through training or equivalent jobexperience, of the following, asappropriate:

(a) Relevant provisions of the

74


Facility Security Plan (FSP);(b) The meaning and the

consequential requirements of thedifferent MARSEC Levels includingemergency procedures and contingencyplans;



(e) Recognition of techniquesused to circumvent security measures.§ 106.225 Drill and exerciserequirements.

(a) General. (1) Drills andexercises must test the proficiency offacility personnel in assigned securityduties at all MARSEC Levels and theeffective implementation of the FacilitySecurity Plan (FSP). They must enablethe Facility Security Officer (FSO) toidentify any related security deficienciesthat need to be addressed.

(2) A drill or exercise required bythis section may be satisfied with theimplementation of security measuresrequired by the FSP as the result of anincrease in the MARSEC Level,provided the FSO reports attainment tothe cognizant District Commander.

(b) Drills. (1) From the date ofthe FSP approval, the FSO must ensurethat at least one security drill isconducted every 3 months. Securitydrills may be held in conjunction withnon-security drills, where appropriate.

(2) Drills must test individualelements of the FSP, including responseto security threats and incidents. Drillsshould take into account the types ofoperations of the OCS facility, OCSfacility personnel changes, the types ofvessels calling at the OCS facility, andother relevant circumstances. Examplesof drills include unauthorized entry toa restricted area, response to alarms, andnotification of appropriate authorities.

(3) If a vessel is conductingoperations with the OCS facility on thedate the OCS facility has planned toconduct any drills, the OCS facility mayinclude, but cannot require, the vesselor vessel personnel to participate in theOCS facility's scheduled drill.

(c) Exercises. (1) From the dateof the FSP approval, exercises must beconducted at least once each calendaryear, with no more than 18 monthsbetween exercises.

(2) Exercises may be:(i) Full scale or live;(ii) Tabletop simulation;(iii) Combined with other

appropriate exercises held; or(iv) A combination of the


(3) Exercises may be facility-specific or part of a cooperative exerciseprogram.

(4) Each exercise must testcommunication and notificationprocedures, and elements ofcoordination, resource availability, andresponse.

(5) Exercises are a full test of theFacility Security Plan and must includesubstantial and active participation ofrelevant company and OCS facilitypersonnel, and may includegovernmental authorities and vesselsdepending on the scope and the natureof the exercise.§ 106.230 OCS facilityrecordkeeping requirements.

(a) Unless otherwise specified inthis section, the Facility Security Officer(FSO) must keep records of theactivities as set out in paragraph (b) ofthis section for at least 2 years and makethem available to the Coast Guard uponrequest.

(b) Records required by thissection may be kept in electronicformat. If kept in an electronic format,they must be protected againstunauthorized access, deletion,destruction, amendment, anddisclosure. The following records mustbe kept:


(2) Drills and exercises. For eachdrill or exercise, the date held, adescription of the drill or exercise, a listof participants, and any best practicesor lessons learned which may improvethe FSP;

75


(3) Incidents and breaches ofsecurity. Date and time of occurrence,location within the OCS facility, adescription of the incident or breach,the identity of the individual to whomit was reported, and a description of theresponse;

(4) Changes in MARSEC Levels.Date and time of the notificationreceived, and the time of compliancewith additional requirements;

(5) Maintenance, calibration,and testing of security equipment. Foreach occurrence of maintenance,calibration, and testing, record the dateand time, and the specific securityequipment involved;

(6) Security threats. Date andtime of occurrence, how the threat wascommunicated, who received oridentified the threat, a description of thethreat, to whom it was reported, and adescription of the response;

(7) Declaration of Security(DoS). A copy of each DoS for at least90 days after the end of its effectiveperiod; and

(8) Annual audit of the FacilitySecurity Plan (FSP). For each annualaudit, a letter certified by the FSOstating the date the audit was conducted.§ 106.235 Maritime Security(MARSEC) Level coordination andimplementation.

(a) The OCS facility owner oroperator must ensure the OCS facilityoperates in compliance with the securityrequirements in this part for theMARSEC Level in effect for the OCSfacility.

(b) When notified of an increasein the MARSEC Level, the OCS facilityowner or operator must ensure:

(1) Vessels conductingoperations with the OCS facility andvessels scheduled to arrive at the OCSfacility within 96 hours of theMARSEC Level change are notified ofthe new MARSEC Level and theDeclaration of Security (DoS), ifapplicable, is revised as necessary;

(2) The OCS facility complieswith the required additional securitymeasures within 12 hours; and

(3) The OCS facility reportscompliance or noncompliance to the

cognizant District Commander.(c) For MARSEC Levels 2 and

3, the Facility Security Officer (FSO)must inform all OCS facility personnelabout identified threats, emphasizereporting procedures, and stress theneed for increased vigilance.

(d) An OCS facility owner oroperator whose facility is not incompliance with the requirements ofthis section must so inform thecognizant District Commander andobtain approval prior to interfacing withanother vessel or prior to continuingoperations.§ 106.240 Communications.

(a) The Facility Security Officer(FSO) must have a means to effectivelynotify OCS facility personnel ofchanges in security conditions at theOCS facility.

(b) Communication systems andprocedures must allow effective andcontinuous communications betweenthe OCS facility security personnel,vessels interfacing with the OCSfacility, the cognizant DistrictCommander, and national and localauthorities with securityresponsibilities.

(c) Facility communicationssystems must have a backup means forboth internal and externalcommunications.§ 106.245 Procedures forinterfacing with vessels.

The OCS facility owner oroperator must ensure that there aremeasures for interfacing with vessels atall MARSEC Levels.§ 106.250 Declaration of Security(DoS).

(a) Each OCS facility owner oroperator must ensure procedures areestablished for requesting a DoS andfor handling DoS requests from vessels.

(b) At MARSEC Level 1,owners or operators of OCS facilitiesinterfacing with a manned vesselcarrying Certain Dangerous Cargoes, inbulk, must:

(1) Prior to the arrival of a vesselto the OCS facility, ensure the FacilitySecurity Officer (FSO) and Master,

76


Vessel Security Officer (VSO), or theirdesignated representatives coordinatesecurity needs and procedures, andagree upon the contents of a DoS forthe period of time the vessel is at theOCS facility; and

(2) Upon the arrival of the vesselat the OCS facility, the FSO and Master,VSO, or their designatedrepresentatives, must sign the writtenDoS.

(c) Neither the OCS facility northe vessel may embark or disembarkpersonnel, or transfer stores orindustrial supplies until the DoS hasbeen signed.

(d) At MARSEC Levels 2 and 3,the FSOs of OCS facilities interfacingwith manned vessels subject to part 104of this chapter, or their designatedrepresentatives, must sign andimplement DoSs as required inparagraphs (b)(1) and (b)(2) of thissection.

(e) At MARSEC Levels 1 and 2,FSOs of OCS facilities that frequentlyinterface with the same vessel mayimplement a continuing DoS formultiple visits, provided that:

(1) The DoS is valid for aspecific MARSEC Level;



(f) When the MARSEC Levelincreases beyond that contained in theDoS, the continuing DoS is void and anew DoS must be executed inaccordance with this section.§ 106.255 Security systems andequipment maintenance.

(a) Security systems andequipment must be in good workingorder and inspected, tested, calibrated,and maintained according tomanufacturers' recommendations.

(b) Security systems must beregularly tested in accordance with themanufacturers' recommendations;noted deficiencies corrected promptly;and the results recorded as required in§106.230(b)(5) of this part.

(c) The Facility Security Plan

(FSP) must include procedures foridentifying and responding to securitysystem and equipment failures ormalfunctions.§ 106.260 Security measures foraccess control.

(a) General. The OCS facilityowner or operator must ensure theimplementation of security measures to:

(1) Deter the unauthorizedintroduction of dangerous substancesand devices, including any deviceintended to damage or destroy persons,vessels, or the OCS facility;

(2) Secure dangerous substancesand devices that are authorized by theOCS facility owner or operator to beon board; and

(3) Control access to the OCSfacility.

(b) The OCS facility owner oroperator must ensure that the followingare specified:

(1) All locations providingmeans of access to the OCS facilitywhere access restrictions or prohibitionsare applied for each security level toprevent unauthorized access;

(2) The identification of thetypes of restriction or prohibition to beapplied and the means of enforcingthem; and

(3) The means of identificationrequired to allow individuals to accessthe OCS facility and remain on the OCSfacility without challenge.

(c) The OCS facility owner oroperator must ensure that anidentification system is established forchecking the identification of OCSfacility personnel or other personsseeking access to the OCS facility that:

(1) Provides for identification ofauthorized and unauthorized persons atany MARSEC Level;

(2) Is coordinated, whenpracticable, with identification systemsused by vessels or other transportationconveyances conducting operationswith the OCS facility;

(3) Is updated regularly; and(4) Allows temporary or

continuing access for OCS facilitypersonnel and visitors through the useof a badge or other system to verify theiridentity.

77


(d) The OCS facility owner oroperator must establish in the approvedFacility Security Plan (FSP) thefrequency of application of any accesscontrols, particularly if they are to beapplied on a random or occasionalbasis.

(e) MARSEC Level 1. The OCSfacility owner or operator must ensurethe following security measures areimplemented at the facility:

(1) Screen persons and personaleffects going aboard the OCS facilityfor dangerous substances and devicesat the rate specified in the approvedFSP;

(2) Conspicuously post signsthat describe security measurescurrently in effect and clearly statingthat:

(i) Boarding an OCS facility isdeemed valid consent to screening orinspection; and

(ii) Failure to consent or submitto screening or inspection will result indenial or revocation of authorization tobe on board;

(3) Check the identification ofany person seeking to board the OCSfacility, including OCS facilityemployees, passengers and crews ofvessels interfacing with the OCSfacility, vendors, and visitors;

(4) Deny or revoke a person'sauthorization to be on board if theperson is unable or unwilling, upon therequest of OCS facility personnel, toestablish his or her identity or to accountfor his or her presence on board. Anysuch incident must be reported incompliance with this part;

(5) Deter unauthorized access tothe OCS facility;


(7) Lock or otherwise preventaccess to unattended spaces that adjoinareas to which OCS facility personneland visitors have access;

(8) Ensure OCS facilitypersonnel are not required to engage inor be subjected to screening, of theperson or of personal effects, by otherOCS facility personnel, unless securityclearly requires it;

(9) Provide a designated securearea on board, or in liaison with a vessel

interfacing with the OCS facility, forconducting inspections and screeningof people and their personal effects; and

(10) Respond to the presence ofunauthorized persons on board.

(f) MARSEC Level 2. In additionto the security measures required forMARSEC Level 1 in this section, atMARSEC Level 2, the OCS facilityowner or operator must also ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 2 in the approved FSP. Theseadditional security measures mayinclude:

(1) Increasing the frequency anddetail of screening of people andpersonal effects embarking onto theOCS facility as specified for MARSECLevel 2 in the approved FSP;

(2) Assigning additionalpersonnel to patrol deck areas duringperiods of reduced OCS facilityoperations to deter unauthorized access;

(3) Limiting the number ofaccess points to the OCS facility byclosing and securing some accesspoints; or

(4) Deterring waterside access tothe OCS facility, which may include,providing boat patrols.

(g) MARSEC Level 3. In additionto the security measures required forMARSEC Level 1 and MARSEC Level2, the OCS facility owner or operatormust ensure the implementation ofadditional security measures, asspecified for MARSEC Level 3 in theapproved FSP. The additional securitymeasures may include:

(1) Screening all persons andpersonal effects for dangeroussubstances and devices;

(2) Being prepared to cooperatewith responders;

(3) Limiting access to the OCSfacility to a single, controlled accesspoint;


(5) Suspending embarkationand/or disembarkation of personnel;

(6) Suspending the onloading ofstores or industrial supplies;

(7) Evacuating the OCS facility;or

(8) Preparing for a full or partial

78


search of the OCS facility.§ 106.265 Security measures forrestricted areas.

(a) General. The OCS facilityowner or operator must ensure thedesignation of restricted areas in orderto:


(2) Protect persons authorized tobe in the OCS facility;

(3) Protect the OCS facility;(4) Protect vessels using and

serving the OCS facility;(5) Protect sensitive security

areas within the OCS facility;(6) Protect security and


(7) Protect stores and industrialsupplies from tampering.

(b) Designation of restrictedareas. The OCS facility owner oroperator must ensure restricted areas aredesignated within the OCS facility.They must also ensure that all restrictedareas are clearly marked and indicatethat access to the area is restricted andthat unauthorized presence within thearea constitutes a breach of security. TheOCS facility owner or operator maydesignate the entire OCS facility as arestricted area. Restricted areas mustinclude, as appropriate:

(1) Areas containing sensitivesecurity information;

(2) Areas containing security andsurveillance equipment and systems andtheir controls, and lighting systemcontrols; and

(3) Areas containing criticalOCS facility infrastructure equipment,including:

(i) Water supplies;(ii) Telecommunications;(iii) Power distribution system;(iv) Access points for ventilation

and air-conditioning systems;(v) Manufacturing areas and

control rooms;(vi) Areas designated for loading,

unloading or storage of stores andindustrial supplies; and

(vii) Areas containing hazardousmaterials.

(c) The OCS facility owner or

operator must ensure that the FacilitySecurity Plan (FSP) includes measuresfor restricted areas to:

(1) Identify which OCS facilitypersonnel are authorized to have access;

(2) Determine which personsother than OCS facility personnel areauthorized to have access;


(4) Define the extent of anyrestricted area; and

(5) Define the times when accessrestrictions apply.

(d) MARSEC Level 1. AtMARSEC Level 1, the OCS facilityowner or operator must ensure theimplementation of security measures toprevent unauthorized access oractivities within the area. These securitymeasures may include:

(1) Restricting access to onlyauthorized personnel;

(2) Securing all access points notactively used and providing physicalbarriers to impede movement throughthe remaining access points;

(3) Verifying the identificationand authorization of all persons seekingentry;

(4) Using security personnel,automatic intrusion detection devices,surveillance equipment, or surveillancesystems to detect unauthorized entry toor movement within restricted areas; or

(5) Designating temporaryrestricted areas to accommodate OCSfacility operations. If temporaryrestricted areas are designated, the FSPmust include security requirements toconduct a security sweep of thedesignated temporary restricted areasboth before and after the area has beenestablished.

(e) MARSEC Level 2. In additionto the security measures required forMARSEC Level 1 in this section, atMARSEC Level 2, the OCS facilityowner or operator must also ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 2 in their approved FSP. Theseadditional security measures mayinclude:

(1) Enhancing the effectivenessof the barriers surrounding restrictedareas, for example, by the use of patrolsor automatic intrusion detection

79


devices;(2) Reducing the number of

access points to restricted areas, andenhancing the controls applied at theremaining accesses;

(3) Further restricting access tothe restricted areas and movements andstorage within them;

(4) Using continuouslymonitored and recorded surveillanceequipment;

(5) Increasing the number andfrequency of patrols, including the useof waterborne patrols; or

(6) Restricting access to areasadjacent to the restricted areas.

(f) MARSEC Level 3. In additionto the security measures required forMARSEC Level 1 and MARSEC Level2, at MARSEC Level 3, the OCSfacility owner or operator must ensurethe implementation of additionalsecurity measures, as specified forMARSEC Level 3 in their approvedFSP. These additional security measuresmay include:

(1) Restricting access toadditional areas;

(2) Prohibiting access torestricted areas; or

(3) Searching restricted areas aspart of a security sweep of all or part ofthe OCS facility.§ 106.270 Security measures fordelivery of stores and industrialsupplies.

(a) General. The OCS facilityowner or operator must ensure thatsecurity measures relating to thedelivery of stores or industrial suppliesto the OCS facility are implemented to:

(1) Check stores or industrialsupplies for package integrity;

(2) Prevent stores or industrialsupplies from being accepted withoutinspection;

(3) Deter tampering; and(4) Prevent stores and industrial

supplies from being accepted unlessordered. For any vessels that routinelyuse an OCS facility, an OCS facilityowner or operator may establish andimplement standing arrangementsbetween the OCS facility, its suppliers,and any vessel delivering stores orindustrial supplies regarding

notification and the timing of deliveriesand their documentation.

(b) MARSEC Level 1. AtMARSEC Level 1, the OCS facilityowner or operator must ensure theimplementation of measures to:

(1) Inspect stores or industrialsupplies before being accepted; and

(2) Check that stores orindustrial supplies match the order priorto being brought on board.

(c) MARSEC Level 2. In additionto the security measures required forMARSEC Level 1 in this section, atMARSEC Level 2, the OCS facilityowner or operator must also ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 2 in the approved FacilitySecurity Plan (FSP). These additionalsecurity measures may include:

(1) Intensifying inspection of thestores or industrial supplies duringdelivery; or

(2) Checking stores or industrialsupplies prior to receiving them onboard.

(d) MARSEC Level 3. In additionto the security measures for MARSECLevel 1 and MARSEC Level 2, atMARSEC Level 3, the OCS facilityowner or operator must ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 3 in the approved FSP. Theseadditional security measures mayinclude:

(1) Checking all OCS facilitystores or industrial supplies moreextensively;

(2) Restricting or suspendingdelivery of stores or industrial supplies;or

(3) Refusing to accept stores orindustrial supplies on board.§ 106.275 Security measures formonitoring.

(a) General. (1) The OCSfacility owner or operator must ensurethe implementation of securitymeasures in this section and have thecapability to continuously monitor,through a combination of lighting,watchkeepers, security guards, deckwatches, waterborne patrols, automaticintrusion-detection devices, or

80


surveillance equipment as specified intheir approved Facility Security Plan(FSP), the:

(i) OCS facility;(ii) Restricted areas on board the

OCS facility; and(iii) The area surrounding the

OCS facility.(2) The following must be

considered when establishing theappropriate level and location oflighting:

(i) OCS facility personnelshould be able to detect activities onand around OCS facilities;

(ii) Coverage should facilitatepersonnel identification at accesspoints; and

(iii) Lighting effects, such asglare, and their impact on safety,navigation, and other security activities.

(b) MARSEC Level 1. AtMARSEC Level 1, the OCS facilityowner or operator must ensure theimplementation of security measures,which may be implemented incoordination with a vessel interfacingwith the OCS facility, to:

(1) Monitor the OCS facility,particularly OCS facility access pointsand restricted areas;

(2) Be able to conductemergency searches of the OCS facility;

(3) Ensure that equipment orsystem failures or malfunctions areidentified and corrected;

(4) Ensure that any automaticintrusion detection device, sets off anaudible or visual alarm, or both, at alocation that is continuously attendedor monitored; and

(5) Light deck and OCS facilityaccess points during the period betweensunset and sunrise and periods oflimited visibility sufficiently to allowvisual identification of persons seekingaccess to the OCS facility.

(c) MARSEC Level 2. In additionto the security measures required forMARSEC Level 1 in this section, atMARSEC Level 2, the OCS facilityowner or operator must also ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 2 in the approved FSP. Theseadditional security measures mayinclude:

(1) Increasing the frequency and

detail of security patrols;(2) Using (if not already in use)

or increasing the use of security andsurveillance equipment;

(3) Assigning additionalpersonnel as security lookouts; or

(4) Coordinating with boatpatrols, when provided.

(d) MARSEC Level 3. In additionto the security measures for MARSECLevel 1 and MARSEC Level 2, atMARSEC Level 3, the OCS facilityowner or operator must ensure theimplementation of additional securitymeasures, as specified for MARSECLevel 3 in the approved FSP. Theseadditional security measures mayinclude:

(1) Cooperating withresponders;

(2) Switching on all lights;(3) Switching on all surveillance

equipment capable of recordingactivities on, or in the vicinity of, theOCS facility;

(4) Maximizing the length oftime such surveillance equipment (if notalready in use) can continue to record;or

(5) Preparing for underwaterinspection of the OCS facility.§ 106.280 Security incidentprocedures.

For each MARSEC Level, theOCS facility owner or operator mustensure the Facility Security Officer(FSO) and OCS facility securitypersonnel are able to:

(a) Respond to security threats orbreaches of security and maintaincritical OCS facility and OCS facility-to-vessel interface operations;

(b) Deny access to the OCSfacility, except to those responding toan emergency;

(c) Evacuate the OCS facility incase of security threats or breaches ofsecurity; and

(d) Report security incidents asrequired in §101.305 of this subchapter;

(e) Brief all OCS facilitypersonnel on possible threats and theneed for vigilance, soliciting theirassistance in reporting suspiciouspersons, objects, or activities; and

(f) Secure non-critical

81


operations in order to focus responseon critical operations.

Subpart C—Outer ContinentalShelf (OCS) Facility Security

Assessment (FSA)§ 106.300 General.

(a) The Facility SecurityAssessment (FSA) is a writtendocument that is based on the collectionof background information, thecompletion of an on-scene survey andan analysis of that information.

(b) A single FSA may beperformed and applied to more than oneOCS facility to the extent they sharephysical characteristics, location, andoperations.

(c) Third parties may be used inany aspect of the FSA if they have theappropriate skills and if the CompanySecurity Officer (CSO) reviews andaccepts their work.

(d) Those involved in a FSAmust be able to draw upon expertassistance in the following areas, asappropriate:

(1) Knowledge of current andanticipated security threats and patterns;



(4) Recognition of techniquesused to circumvent security measures;

(5) Methods used to cause asecurity incident;

(6) Effects of dangeroussubstances and devices on structuresand essential services;

(7) OCS facility securityrequirements;

(8) OCS facility and vesselinterface business practices;

(9) Contingency planning,emergency preparedness and response;



(12) Marine or civil engineering;

and(13) OCS facility and vessel

operations.§ 106.305 Facility SecurityAssessment (FSA) requirements.

(a) Background. The OCSfacility owner or operator must ensurethat the following backgroundinformation, if applicable, is providedto the person or persons who willconduct the assessment:

(1) The general layout of theOCS facility, including:

(i) The location of each accesspoint to the OCS facility;

(ii) The number, reliability, andsecurity duties of OCS facilitypersonnel;

(iii) Security doors, barriers, andlighting;

(iv) The location of restrictedareas;

(v) The emergency and stand-byequipment available to maintainessential services;

(vi) The essential maintenanceequipment and storage areas;

(vii) Location of escape andevacuation routes and assemblystations; and

(viii)Existing security and safetyequipment for protection of personnel;

(2) Response procedures for fireor other emergency conditions;

(3) Procedures for monitoringOCS facility and vessel personnel;

(4) Procedures for controllingkeys and other access preventionsystems;

(5) Response capability forsecurity incidents;

(6) Threat assessments,including the purpose and methodologyof the assessment, for the OCS facility'slocation;

(7) Previous reports on securityneeds; and

(8) Any other existing securityprocedures and systems, equipment,communications, and OCS facilitypersonnel.

(b) On-scene survey. The OCSfacility owner or operator must ensurethat an on-scene survey of each OCSfacility is conducted. The on-scenesurvey examines and evaluates existing

82


OCS facility protective measures,procedures, and operations to verify orcollect the information required inparagraph (a) of this section.

(c) Analysis andrecommendations. In conducting theFSA, the OCS owner or operator mustensure that the Company SecurityOfficer (CSO) analyzes the OCS facilitybackground information and the on-scene survey, and considering therequirements of this part, providesrecommendations to establish andprioritize the security measures thatshould be included in the FSP. Theanalysis must consider:

(1) Each vulnerability foundduring the on-scene survey, includingbut not limited to:

(i) Access to the OCS facility;(ii) Structural integrity of the

OCS facility;(iii) Existing security measures

and procedures, including identificationsystems;

(iv) Existing security measuresand procedures relating to essentialservices;

(v) Measures to protect radio andtelecommunication equipment,including computer systems andnetworks;

(vi) Existing agreements withprivate security companies;

(vii) Any conflicting policiesbetween safety and security measuresand procedures;

(viii)Any conflicting OCS facilityoperations and security dutyassignments;

(ix) Any deficiencies identifiedduring daily operations or training anddrills; and

(x) Any deficiencies identifiedfollowing security incidents or alerts,the report of security concerns, theexercise of control measures, or audits.


(i) Damage to or destruction ofthe OCS facility or of a vessel adjacentto the OCS facility;

(ii) Smuggling dangeroussubstances and devices;

(iii) Use of a vessel interfacingwith the OCS facility to carry thoseintending to cause a security incidentand their equipment;

(iv) Use of a vessel interfacingwith the OCS facility as a weapon or asa means to cause damage or destruction;and

(v) Effects of a nuclear,biological, radiological, explosive, orchemical attack to the OCS facility’sshoreside support system;

(3) Threat assessments byGovernment agencies;

(4) Vulnerabilities, includinghuman factors, in the OCS facility'sinfrastructure, policies and procedures;

(5) Any particular aspects of theOCS facility, including the vessels thatinterface with the OCS facility, whichmake it likely to be the target of anattack;

(6) Likely consequences, interms of loss of life, damage to property,or economic disruption, of an attack onor at the OCS facility; and

(7) Locations where accessrestrictions or prohibitions will beapplied for each MARSEC Level.

(d) FSA Report. (1) The OCSfacility owner or operator must ensurethat a written FSA report is preparedand included as a part of the FSP. Thereport must contain:


(ii) A description of existingsecurity measures, including inspection,control and monitoring equipment,personnel identification documents andcommunication, alarm, lighting, accesscontrol, and similar systems;

(iii) A description of eachvulnerability found during the on-scenesurvey;

(iv) A description of securitymeasures that could be used to addresseach vulnerability;

(v) A list of the key OCS facilityoperations that are important to protect;and

(vi) A list of identifiedweaknesses, including human factors,in the infrastructure, policies, andprocedures of the OCS facility.

(2) A FSA report must describethe following elements within the OCSfacility:

(i) Physical security;(ii) Structural integrity;(iii) Personnel protection

systems;

83


(iv) Procedural policies;(v) Radio and

telecommunication systems, includingcomputer systems and networks; and

(vi) Essential services.(3) The FSA report must list the

persons, activities, services, andoperations that are important to protect,in each of the following categories:

(i) OCS facility personnel;(ii) Visitors, vendors, repair

technicians, vessel personnel, etc.;(iii) OCS facility stores;(iv) Any security communication

and surveillance systems; and(v) Any other security systems,

if any.(4) The FSA report must account

for any vulnerabilities in the followingareas:


(ii) Conflicts between personnelduties and security assignments;

(iii) The impact of watch-keepingduties and risk of fatigue on personnelalertness and performance;



(5) The FSA report must discussand evaluate key OCS facility measuresand operations, including--


(ii) Controlling access to theOCS facility through the use ofidentification systems or otherwise;

(iii) Controlling the embarkationof OCS facility personnel and otherpersons and their effects (includingpersonal effects and baggage, whetheraccompanied or unaccompanied);

(iv) Supervising the delivery ofstores and industrial supplies;

(v) Monitoring restricted areas toensure that only authorized personshave access;

(vi) Monitoring deck areas andareas surrounding the OCS facility; and


(e) The FSA, FSA report, andFSP must be protected fromunauthorized access or disclosure.

§ 106.310 Submissionrequirements.

(a) A completed FSA report mustbe submitted with the Facility SecurityPlan (FSP) required in § 106.410 of thispart.

(b) An OCS facility owner oroperator may generate and submit areport that contains the FSA for morethan one OCS facility subject to thispart, to the extent that they sharesimilarities in physical characteristics,location and operations.

(c) The FSA must be reviewedand validated, and the FSA report mustbe updated each time the FSP issubmitted for reapproval or revisions.

Subpart D—Outer ContinentalShelf (OCS) Facility Security Plan

(FSP)§ 106.400 General.

(a) The OCS facility owner oroperator must ensure the FSO developsand implements a Facility Security Plan(FSP) for each OCS facility for whichhe or she is designated as FSO. TheFSP:

(1) Must identify the FSO byname or position and provide 24-hourcontact information;

(2) Must be written in English;(3) Must address each

vulnerability identified in the FacilitySecurity Assessment (FSA);

(4) Must describe securitymeasures for each MARSEC Level; and

(5) May cover more than oneOCS facility to the extent that they sharesimilarities in physical characteristicsand operations, if authorized andapproved by the cognizant DistrictCommander.

(b) The FSP must be submittedfor approval to the cognizant DistrictCommander in a written or electronicformat in a manner prescribed by thecognizant District Commander.

(c) The FSP is sensitive securityinformation and must be protected inaccordance with 49 CFR part 1520.

(d) If the FSP is kept in anelectronic format, procedures must bein place to prevent its unauthorizeddeletion, destruction, or amendment.

84


§ 106.405 Format and content ofthe Facility Security Plan (FSP).

(a) An OCS facility owner oroperator must ensure that the FSPconsists of the individual sections listedin this paragraph (a). If the FSP doesnot follow the order as it appears in thisparagraph, the OCS facility owner oroperator must ensure that the FSPcontains an index identifying thelocation of each of the followingsections:

(1) Security organization of theOCS facility;



with vessels;(7) Declaration of Security



control;(11) Security measures for

restricted areas;(12) Security measures for

delivery of stores and industrialsupplies;

(13) Security measures formonitoring;

(14) Security incident procedures;(15) Audits and FSP amendments;

and(16) Facility Security Assessment

(FSA) report.(b) The OCS facility owner or

operator must ensure that the FSPdescribes in detail how each of therequirements of subpart B of this partwill be met.§ 106.410 Submission andapproval.

(a) On or before December 31,2003, the owner or operator of eachOCS facility currently in operation musteither:

(1) Submit one copy of theFacility Security Plan (FSP) for reviewand approval to the cognizant DistrictCommander and a letter certifying thatthe FSP meets the applicable

requirements of this part; or(2) If intending to operate under

an Approved Security Program, submita letter signed by the OCS facility owneror operator stating which approvedAlternative Security Program the owneror operator intends to use.

(b) Owners or operators of OCSfacilities not in service on or beforeDecember 31, 2003, must comply withthe requirements in paragraph (a) of thissection 60 days prior to beginningoperations or by December 31, 2003,whichever is later.

(c) The cognizant DistrictCommander will examine eachsubmission for compliance with thispart and either:



(3) Disapprove it, returning acopy to the submitter with a briefstatement of the reasons fordisapproval.

(d) An FSP may be submittedand approved to cover more than oneOCS facility where they sharesimilarities in physical characteristics,location, and operations.

(e) Each OCS facility owner oroperator that submits one FSP to covertwo or more OCS facilities of similardesign, location, and operation mustaddress OCS facility-specificinformation that includes the physicaland operational characteristics of eachOCS facility.

(f) An FSP that is approved bythe cognizant District Commander isvalid for 5 years from the date of itsapproval. The cognizant DistrictCommander will issue an approvalletter, as indicated in §106.115 of thispart.§ 106.415 Amendment and audit.

(a) Amendments. (1)Amendments to a Facility Security Plan(FSP) that are approved by thecognizant District Commander may beinitiated by:

85


(i) The OCS facility owner oroperator; or

(ii) The cognizant DistrictCommander, upon a determination thatan amendment is needed to maintain theOCS facility's security. The cognizantDistrict Commander will give the OCSfacility owner or operator written noticeand request that the OCS facility owneror operator propose amendmentsaddressing any matters specified in thenotice. The OCS facility owner oroperator will have at least 60 days tosubmit its proposed amendments. Untilamendments are approved, the OCSfacility owner or operator shall ensuretemporary security measures areimplemented to the satisfaction of thecognizant District Commander.

(2) Proposed amendments mustbe sent to the cognizant DistrictCommander. If initiated by the OCSfacility owner or operator, the proposedamendment must be submitted at least30 days before the amendment is to takeeffect unless the cognizant DistrictCommander allows a shorter period.The cognizant District Commander willapprove or disapprove the proposedamendment in accordance with§106.410 of this subpart.

(3) Nothing in this sectionshould be construed as limiting the OCSfacility owner or operator from thetimely implementation of suchadditional security measures notenumerated in the approved FSP asnecessary to address exigent securitysituations. In such cases, the owner oroperator must notify the cognizantDistrict Commander by the most rapidmeans practicable as to the nature ofthe additional measures, thecircumstances that prompted theseadditional measures, and the period oftime these additional measures areexpected to be in place.

(4) If the owner or operator haschanged, the Facility Security Officer(FSO) must amend the Facility SecurityPlan (FSP) to include the name andcontact information of the new OCSfacility owner(s) or operator(s) andsubmit the affected portion of the FSPfor review and approval in accordancewith §106.410 of this subpart.

(b) Audits. (1) The FSO mustensure an audit of the FSP is performed

annually, beginning no later than oneyear from the initial date of approvaland attach a letter to the FSP certifyingthat the FSP meets the applicablerequirements of this part.

(2) If there is a change inownership or operations of the OCSfacility, or if there have beenmodifications to the OCS facility, theFSP must be audited including but notlimited to physical structure, emergencyresponse procedures, security measures,or operations.

(3) Auditing the FSP as a resultof modifications to the OCS facilitymay be limited to those sections of theFSP affected by the OCS facilitymodifications.

(4) Unless impracticable due tothe size and nature of the company orthe OCS facility, personnel conductinginternal audits of the security measuresspecified in the FSP or evaluating itsimplementation must:

(i) Have knowledge of methodsof conducting audits and inspections,and control and monitoring techniques;



(5) If the results of an auditrequire an amendment of either theFacility Security Assessment (FSA) orFSP, the FSO must submit, inaccordance with §106.410 of thissubpart, the amendments to thecognizant District Commander forreview and approval no later than 30days after completion of the audit anda letter certifying that the amended FSPmeets the applicable requirements ofthis part.

33 CFR Navigation and Navigable Waters CHAPTER I COAST

Documents