Private sector entities that manage critical infrastructure may need a priority rating authorization to secure their operations under the Defense Production Act (DPA).
This guide summarizes when and how private sector entities can apply for this authorization, especially in the context of national emergencies or to enhance critical infrastructure protection and restoration.
Eligible for Priority Rating Authorization
Critical Infrastructure
Systems and assets crucial to U.S. national security, economic security, public health, or safety. This includes both physical and cyber-based systems, such as:
- Energy facilities
- Water systems
- Telecommunications
- Health services
Protection
Measures taken to reduce threats, vulnerabilities, or the impacts of incidents like terrorist attacks.
Restoration
Efforts to return services and performance capabilities after they have been damaged or degraded.
Federal Oversight
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) coordinates national efforts to protect critical infrastructure.
This involves:
- Collaborating with Sector Risk Management Agencies (SRMAs) responsible for specific sectors like energy, health, or transportation.
- Assisting private entities and government levels to plan and mitigate risks.
Sector Risk Management Agencies (SRMAs)
| Sector | Sector Risk Management Agencies (SRMA) |
|---|---|
| Chemical | Department of Homeland Security (DHS) |
| Commercial Facilities | Department of Homeland Security (DHS) |
| Communications | Department of Homeland Security (DHS) |
| Critical Manufacturing | Department of Homeland Security (DHS) |
| Dams Sector | Department of Homeland Security (DHS) |
| Defense Industrial Base Sector | Department of Defense (DOD) |
| Emergency Services | Department of Homeland Security (DHS) |
| Energy Sector | Department of Energy (DOE) |
| Financial Services | Department of the Treasury |
| Food and Agriculture | U.S. Department of Agriculture (USDA) & Department of Health and Human Services (HHS) |
| Government Services and Facilities | Department of Homeland Security (DHS) & General Services Administration (GSA) |
| Healthcare and Public Health | Department of Health and Human Services (HHS) |
| Information Technology | Department of Homeland Security (DHS) |
| Nuclear Reactors, Materials, and Waste | Department of Homeland Security (DHS) |
| Transportation Systems | Department of Homeland Security (DHS) & Department of Transportation (DOT) |
| Water and Wastewater Systems | Environmental Protection Agency (EPA) |
How to Apply for a Priority Rating Authorization
- Determine Your Sector: Identify which sector your entity belongs to (e.g., Energy, Healthcare) and which SRMA oversees it.
- Engagement with SRMA:
- If already engaged with sector-specific risk management activities through your SRMA, initiate your request for priority rating authorization through them.
- If not recognized by an SRMA but believe you qualify, contact the appropriate SRMA directly.
- Making Your Request: In the priority rating authorization template, demonstrate that your operations are essential for national security or are at risk due to a national emergency or significant event. Provide details on any existing protection activities or the impacts of service disruptions.
Key Points to Remember
Engagement is Crucial
Active participation in sector risk management activities is expected for all critical infrastructure entities.
Documentation Matters
When applying, ensure your request is detailed, highlighting how your entity contributes to or impacts national security.
More Information
Full Guidance
For details on priority rating authorizations for private entities, view the full guidance.
For more information or to start your authorization process, contact the relevant SRMA affiliated with your sector.