Up until yesterday the CISA web pages for the Chemical
Facility Anti-Terrorism Standards (CFATS) all carried ‘last published’ date
information near the top of the page. Yesterday that information was removed
from the CFATS web site pages.
page for the CFATS program was last previously changed on September 14th,
2020. On that date the following information was included just below the page
“Original release date: July 06,
2009 | Last revised: September 14, 2020”
That information was removed from the page yesterday.
Now CISA ‘owns’ their web site and can put whatever
information they want on their pages, presumably so long as the sites are
factually correct. And this ‘dating’ information has come and gone on the CFATS
web site frequently. So why this complaint?
The CFATS web site provides information to the general
public and the regulated public about the CFATS program. It explains the ins
and outs of the CFATS regulations and describes changes that are both being
considered for the program and those that have been made. When changes are made
to the web pages, they reflect changes in the program that people should be
Unfortunately, CISA does an absolutely awful job of
announcing or explaining changes to their web site. For example, the change to
the landing page that was made on September 14th, was the removal of
the Twitter® handle for Brian Harrel (@CISAHarrell) in the second paragraph of
the page. This was done because Harrell is no longer part of CISA, having
returned to the private sector. Fortunately, with the change in the ‘last
revised’ date, I was able to go back and compare the previous version of the
page and find out what changed.
With 45 separate pages being currently listed on the CISA ‘site map’ as being associated with ‘Chemical
Security’ there is no way that the average person (or even a CFATS geek like
me) can keep up with each page by inspection to see when data changes. Changes
to the ‘last revised’ date provides a tool that can be used to make that ‘inspection’
I really think that CISA owes it to the regulated community to
provide an announcement when changes are made to the site (probably on the CFATS Knowledge Center, which, BTW, is
not listed on the CISA site map since it is independently maintained by the
Infrastructure Security Compliance Division). Lacking that, a return to
including date of change information on each page should be the minimum
standard that CISA uses for web site maintenance.