Researchers at the Oak Ridge National Laboratory (ORNL) Center for Infrastructure Security Analysis (CISA) have developed and deployed an updated version of the Chemical Security Assessment Tool (CSAT) Personnel Surety Program (PSP) Nightly Processes, Version 1.31. The new version incorporates new code with dynamic properties to replace hard-coded strings.
The U.S. Department of Homeland Security (DHS) sponsors ORNL CISA and CSAT as part of its effort to comply with the requirements of the Chemical Facility Anti-Terrorism Standards (CFATS) Act of 2014 and the CFATS PSP. The CFATS PSP ensures that personnel with access to restricted areas at high-risk chemical facilities are vetted; at-risk chemical facilities are required to submit plans for personnel surety in their Site Security Plans on the CSAT system. Users at the facilities then submit names of personnel to CSAT for vetting. CSAT sends the collected personnel information to a DHS Transportation Security Administration (TSA) web service. The TSA is responsible for vetting the personnel and visitors at the high-risk chemical facilities.
The previous version of PSP Nightly Processes was developed to send out a hard-coded string in each message payload. The hard-coded string represented the organization originating the messages, in this case the NPPD (i.e., the DHS National Protection and Programs Directorate). The TSA requested that CSAT update this string to send the name of the current organization, CISA (i.e., the DHS Cybersecurity and Infrastructure Security Agency). CSAT Researchers Adam Bengston and Kellen O’Connor replaced the hard-coded string with a dynamic property that can easily be changed in the future and set the property to “CISA.”
Last Updated: January 14, 2021 - 7:46 pm