H.R. 4126: Aviation Risk Mitigation and Security Act

This bill, known as the Aviation Risk Mitigation and Security Act (or ARMS Act), aims to enhance the security of aviation operations in the United States by directing the Transportation Security Administration (TSA) to implement covert testing and improve risk mitigation strategies. Below are the key components of the bill explained in layman's terms:

Covert Testing Program

Within 180 days of the bill becoming law, the TSA is required to set up a system for undercover testing of aviation security operations. This testing will focus on:

• Identifying vulnerabilities in airport passenger and baggage screening processes.
• Conducting an ongoing program using specific threat scenarios based on annual assessments to evaluate the security operations' effectiveness each year.

Annual Risk Assessment

The testing will be informed by annual evaluations of emerging threats, ensuring that it remains relevant and effective in identifying weaknesses in security measures.

The TSA must:

• Perform at least three covert tests annually at each major airport categorized as Category X, specifically designed to uncover systemic issues.
• Maintain thorough documentation of testing methods and procedures to ensure valid and actionable results.

Mitigation Process

When vulnerabilities are found, the TSA must have a process to address them:

• After identifying a vulnerability, a root cause analysis must be completed within 90 days.
• The TSA will decide on mitigation strategies within 150 days after the analysis, with an emphasis on prioritizing vulnerabilities based on the potential risk reduction they offer.
• If vulnerabilities are not addressed, the TSA must provide justifications for the decision.
• Once actions are taken to mitigate vulnerabilities, retesting must occur within 180 days to assess effectiveness.

Annual Reporting Requirements

The TSA is mandated to compile and submit detailed reports on the outcomes of covert testing:

• Reports are to be generated annually by November 30.
• The reports will summarize vulnerabilities identified, status updates on mitigation efforts, results from retesting, and any justifications for remaining vulnerabilities that were not addressed.
• While these reports will be public, they may include classified information that will be provided as an annex.
• Additionally, the TSA must publish a summary of the performance data from covert testing at major airports on its public website, providing aggregate statistics without compromising specific details of the tests.

GAO Review

Finally, three years after the enactment of the bill, the Government Accountability Office (GAO) will review and report on the effectiveness of the TSA's covert testing processes. This aims to ensure that vulnerabilities in aviation security are being adequately assessed and addressed.

Relevant Companies

None found