Security Plan Guidance

Changes and Highlights

Revisions: This is a living document subject to ongoing improvement. Feedback or suggestions for improvement from registered select agent entities or the public are welcomed. Submit comments directly to the Federal Select Agent Program (FSAP) at:

Revision History:

  • October 12, 2012: Initial posting
  • April 11, 2013 (Revision 1): The revisions are primarily changes to correct editorial errors from previous version.
  • July 3, 2013 (Revision 2): Appendix added to document.
  • September 2017 (Revision 3): Added Tier 1 requirements.


Section 11 of the select agent regulations (42 CFR § 73.11, 7 CFR § 331.11, and 9 CFR § 121.11) requires a registered entity to develop and implement a written security plan that is:

  1. Sufficient to safeguard the select agent or toxin against unauthorized access, theft, loss, or release, and
  2. Designed according to a site-specific risk assessment, providing graded protection.

The purpose of this guidance document is to assist an entity in developing and implementing its site-specific security plan. As used in this document, the word “must” means a regulatory requirement. The use of the word “should” or “consider” is a suggested method to meet that requirement based on generally recognized security “best practices.” Implementation is performance-based and entities may find other ways to meet a regulatory requirement.

This document addresses the select agent regulations with regard to security with one exception: Entities with Tier 1 BSAT have pre-access suitably and ongoing suitability assessment requirements which are addressed in the Guidance for Suitability Assessments.

Download full Security Plan Guidance [PDF version PDF]

Download Security Plan Guidance Template [PDF version DOCX]