(a) Applicability of this section. This section applies to part 145 certificated repair stations located—
(1) On airport. On an air operations area or security identification display area of an airport covered by an airport security program under 49 CFR part 1542 in the United States, or on the security restricted area of any commensurate airport outside the United States regulated by a government entity; or
(2) Adjacent to an airport. Adjacent to an area of the airport described in paragraph (a)(1) of this section if there is an access point between the repair station and the airport of sufficient size to allow the movement of large aircraft between the repair station and the area described in paragraph (a)(1) of this section.
(b) Security Measures. Each repair station described in paragraph (a) of this section must carry out the following measures:
(1) Provide TSA with the name and means of contact on a 24-hour basis of a person or persons designated by the repair station with responsibility for—
(i) Compliance with the regulations in this part;
(ii) Serving as the primary point(s) of contact for security-related activities and communications with TSA;
(iii) Maintaining a record of all employees responsible for controlling keys or other means used to control access to aircraft described in paragraph (b)(2) of this section; and
(iv) Maintaining all records necessary to comply with paragraph (b)(3) of this section.
(2) When not attended, prevent the unauthorized operation of all large aircraft capable of flight, by using one or more of the means listed in paragraphs (b)(2)(i) through (iv) of this section. In these examples, a key, if used, must only be available to an individual authorized by the repair station who has successfully undergone a check as described in paragraph (b)(3) of this section.
(i) Block the path of the aircraft such that it cannot be moved, and control the vehicle key if a vehicle is used to block the path.
(ii) Park the aircraft in a locked hangar and control the key to the hangar.
(iii) Move stairs away from the aircraft and shut and, if feasible, lock all cabin and/or cargo doors, and control the key.
(iv) Other means approved in writing by TSA.
(3) Verify background information of those individuals who are designated as the TSA point(s) of contact and those who have access to any keys or other means used to prevent the operation of large aircraft described in paragraph (b)(2) of this section by one or more of the following means:
(i) Verify an employee's employment history. The repair station obtains the employee's employment history for the most recent five year period or the time period since the employee's 18th birthday, whichever period is shorter. The repair station verifies the employee's employment history for the most recent 5-year period via telephone, email, or in writing. If the information is verified telephonically, the repair station must record the date of the communication and with whom the information was verified. If there is a gap in employment of six months or longer, without a satisfactory explanation of the gap, employment history is not verified. The repair station must retain employment history verification records for at least 180 days after the individual's employment ends. The repair station must maintain these records electronically or in hardcopy, and provide them to TSA upon request.
(ii) Confirm an employee holds an airman certificate issued by the Federal Aviation Administration.
(iii) Confirm an employee of a repair station located within the United States has obtained a security threat assessment or comparable security threat assessment pursuant to part 1540, subpart C of this chapter, such as by holding a SIDA identification media issued by an airport operator that holds a complete program under 49 CFR part 1542.
(iv) Confirm an employee of a repair station located outside the United States has successfully completed a security threat assessment commensurate to a security threat assessment described in part 1540, subpart C of this chapter.
(v) Other means approved in writing by TSA.
(a) General. When TSA determines that additional security measures are necessary to respond to a threat assessment or to a specific threat against civil aviation, TSA issues a Security Directive setting forth mandatory measures.
(b) Compliance. Each repair station must comply with each Security Directive TSA issues to the repair station within the time prescribed. Each repair station that receives a Security Directive must—
(1) Acknowledge receipt of the Security Directive as directed by TSA;
(2) Specify the method by which security measures have been or will be implemented to meet the effective date; and
(3) Notify TSA to obtain approval of alternative measures if the repair station is unable to implement the measures in the Security Directive.
(c) Availability. Each repair station that receives a Security Directive and each person who receives information from a Security Directive must—
(1) Restrict the availability of the Security Directive and the information contained in the document to persons who have an operational need to know; and
(2) Refuse to release the Security Directive or the information contained in the document to persons other than those who have an operational need to know without the prior written consent of TSA.
(d) Comments. Each repair station that receives a Security Directive may comment on the Security Directive by submitting data, views, or arguments in writing to TSA. TSA may amend the Security Directive based on comments received. Submission of a comment does not delay the effective date of the Security Directive.