49 CFR § 1542.101 - General requirements.
(a) No person may operate an airport subject to § 1542.103 unless it adopts and carries out a security program that—
(1) Provides for the safety and security of persons and property on an aircraft operating in air transportation or intrastate air transportation against an act of criminal violence, aircraft piracy, and the introduction of an unauthorized weapon, explosive, or incendiary onto an aircraft;
(2) Is in writing and is signed by the airport operator;
(3) Includes the applicable items listed in § 1542.103;
(4) Includes an index organized in the same subject area sequence as § 1542.103; and
(b) Each airport operator subject to § 1542.103 must maintain one current and complete copy of its security program and provide a copy to TSA upon request.
(c) Each airport operator subject to § 1542.103 must—
(1) Restrict the distribution, disclosure, and availability of sensitive security information (SSI), as defined in part 1520 of this chapter, to persons with a need to know; and
(2) Refer all requests for SSI by other persons to TSA.