§ 107.303 - Security Directives and Information Circulars.  

(a) The Administrator may issue an Information Circular to notify airport operators of security concerns. When the Administrator determines that additional security measures are necessary to respond to a threat assessment or to a specific threat against civil aviation, the Administrator issues a Security Directive setting forth mandatory measures.

(b) Each airport operator shall comply with each Security Directive issued to the airport operator within the time prescribed in the Security Directive.

(c) Each airport operator that receives a Security Directive shall—

(1) Within the time prescribed in the Security Directive, verbally acknowledge receipt of the Security Directive to the Administrator.

(2) Within the time prescribed in the Security Directive, specify the method by which the measures in the Security Directive have been implemented (or will be implemented, if the Security Directive is not yet effective).

(d) In the event that the airport operator is unable to implement the measures in the Security Directive, the airport operator shall submit proposed alternative measures and the basis for submitting the alternative measures to the Administrator for approval. The airport operator shall submit the proposed alternative measures within the time prescribed in the Security Directive. The airport operator shall implement any alternative measures approved by the Administrator.

(e) Each airport operator that receives a Security Directive may comment on the Security Directive by submitting data, views, or arguments in writing to the Administrator. The Administrator may amend the Security Directive based on comments received. Submission of a comment does not delay the effective date of the Security Directive.

(f) Each airport operator that receives a Security Directive or an Information Circular and each person who receives information from a Security Directive or an Information Circular shall:

(1) Restrict the availability of the Security Directive or Information Circular, and information contained in either document, to those persons with an operational need-to-know.

(2) Refuse to release the Security Directive or Information Circular, and information contained in either document, to persons other than those who have an operational need to know without the prior written consent of the Administrator.