46 U.S. Code § 70102. United States facility and vessel vulnerability assessments

(a)Initial Assessments.—
The Secretary shall conduct an assessment of vessel types and United States facilities on or adjacent to the waters subject to the jurisdiction of the United States to identify those vessel types and United States facilities that pose a high risk of being involved in a transportation security incident.
(b)Facility and Assessments.—
(1) Based on the information gathered under subsection (a) of this section, the Secretary shall conduct a detailed vulnerability assessment of the facilities and vessels that may be involved in a transportation security incident. The vulnerability assessment shall include the following:
(A)
Identification and evaluation of critical assets and infrastructures.
(B)
Identification of the threats to those assets and infrastructures.
(C)
Identification of weaknesses in physical security, security against cybersecurity risks, passenger and cargo security, structural integrity, protection systems, procedural policies, communications systems, transportation infrastructure, utilities, contingency response, and other areas as determined by the Secretary.
(2)
Upon completion of an assessment under this subsection for a facility or vessel, the Secretary shall provide the owner or operator with a copy of the vulnerability assessment for that facility or vessel.
(3)
The Secretary shall update each vulnerability assessment conducted under this section at least every 5 years.
(4)
In lieu of conducting a facility or vessel vulnerability assessment under paragraph (1), the Secretary may accept an alternative assessment conducted by or on behalf of the owner or operator of the facility or vessel if the Secretary determines that the alternative assessment includes the matters required under paragraph (1).
(c)Sharing of Assessment Integration of Plans and Equipment.—The owner or operator of a facility, consistent with any Federal security restrictions, shall—
(1)
make a current copy of the vulnerability assessment conducted under subsection (b) available to the port authority with jurisdiction of the facility and appropriate State or local law enforcement agencies; and
(2)
integrate, to the maximum extent practical, any security system for the facility with compatible systems operated or maintained by the appropriate State, law enforcement agencies, and the Coast Guard.
(Added Pub. L. 107–295, title I, § 102(a), Nov. 25, 2002, 116 Stat. 2068; amended Pub. L. 108–458, title IV, § 4072(b), Dec. 17, 2004, 118 Stat. 3730; Pub. L. 111–281, title VIII, § 822, Oct. 15, 2010, 124 Stat. 3003; Pub. L. 115–254, div. J, § 1805(d)(1), Oct. 5, 2018, 132 Stat. 3535.)
Applicability of Amendment

Amendment of section by section 1805(d) of Pub. L. 115–254 applicable to assessments or security plans, or updates to such assessments or plans, submitted after the date that the cybersecurity risk assessment model is developed under section 1805(a) of Pub. L. 115–254, set out as a note under section 70112 of this title. See 2018 Amendment notes below.

Amendments

2018—Subsec. (b)(1). Pub. L. 115–254, § 1805(d)(1)(A), struck out “and by not later than December 31, 2004” after “subsection (a) of this section” in introductory provisions.

Subsec. (b)(1)(C). Pub. L. 115–254, § 1805(d)(1)(B), inserted “security against cybersecurity risks,” after “physical security,”.

2010—Subsec. (c). Pub. L. 111–281 added subsec. (c).

2004—Subsec. (b)(1). Pub. L. 108–458 substituted “and by not later than December 31, 2004, the Secretary” for “, the Secretary” in introductory provisions.

Effective Date of 2018 Amendment

Pub. L. 115–254, div. J, § 1805(d)(3), Oct. 5, 2018, 132 Stat. 3535, provided that:

“The amendments made by this subsection [amending this section and section 70103 of this title] shall apply to assessments or security plans, or updates to such assessments or plans, submitted after the date that the cybersecurity risk assessment model is developed under subsection (a) [46 U.S.C. 70112 note].”
Coordination with TSA on Maritime Facilities

Pub. L. 115–254, div. J, § 1803, Oct. 5, 2018, 132 Stat. 3533, provided that:

“The Secretary of Homeland Security shall—
“(1)
provide the Administrator of the TSA [Transportation Security Administration] with updates to vulnerability assessments required under section 70102(b)(3) of title 46, United States Code, to avoid any duplication of effort between the Coast Guard and the TSA; and
“(2)
identify any security gaps between authorities of operating entities within the Department of Homeland Security that a threat could exploit to cause a transportation security incident (as defined in section 70101 of title 46, United States Code).”
Definitions

Pub. L. 115–254, div. J, § 1802, Oct. 5, 2018, 132 Stat. 3533, provided that:

“In this division [see section 1801 of Pub. L. 115–254, set out as a Short Title of 2018 Amendment note under section 101 of this title]:
“(1)Appropriate committees of .—The term ‘appropriate committees of Congress’ means—
“(A)
the Committee on Commerce, Science, and Transportation of the Senate;
“(B)
the Committee on Homeland Security and Governmental Affairs of the Senate;
“(C)
the Committee on Homeland Security of the House of Representatives; and
“(D)
the Committee on Transportation and Infrastructure of the House of Representatives.
“(2)TSA.—
The term ‘TSA’ means the Transportation Security Administration.”