The TSA’s new rule goes into effect on July 30, 2024. The TSA rule has several parts, all of which are relevant to flight training providers. AOPA has compiled easy to understand information concerning each of these parts. Below you will find information on applicability, step by step guidance to complying with the various parts of the rule, and answers to frequently asked questions. You can also contact AOPA’s Pilot Information Center at 1-800-USA-AOPA for more information.
AOPA has developed step by step guidance to complying with TSA’s Flight Training Security Program (FTSP). While the previous version of the rule contained distinctions based on the weight of the aircraft, the rule no longer contains these distinctions. Thus, information on this page applies to all flight training providers who wish to provide flight training to non-U.S. citizen or non-U.S. nationals.
Any questions about the FTSP may also be directed to AOPA’s Pilot Information Center by calling 1-800-USA-AOPA or by emailing [email protected]. The TSA FTSP Help Desk is available at (571) 227-1004 or [email protected].
Contents:
The TSA rule requires flight training providers to provide security awareness training to employees who have direct contact with a flight school student (regardless of citizenship or nationality) and to issue and maintain records of this training. This rule applies to any person working or volunteering for a flight training provider who has direct contact with flight training students or candidates. New flighting training providers or employees must complete the initial training within 60 days of being hired or certificated.
According to the TSA rule, flight training provider employees, including instructors, not in compliance may be subject to civil penalties under federal regulations. TSA may also deal with violators by issuing verbal warnings and/or written notices. TSA considers each day a person operates in violation to the requirements of the rule an additional occurrence subject to penalty.
As a flight training provider, you have several options to fulfill requirements for initial security awareness training:
The purpose of the TSA refresher security awareness training is to make flight training providers and their employees aware of security-related incidents, measures, and procedures that affect their local airport and flight school. This means they should be aware of any new security measures or procedures, new threats posed by or incidents involving general aviation aircraft, and any new guidelines or recommendations concerning the security of general aviation aircraft, airports, or flight schools. Refresher security awareness training must include all the elements from the initial security awareness training but additionally must provide additional information about recent security developments. Each flight training provider must ensure that everyone who received the initial training receives refresher security awareness training at least every two years .
The requirements for refresher training differ from the initial, as laid out in 49 CFR 1552.13 (c).
And it is not the intent of TSA for the initial training alone to be used repeatedly. While refresher security awareness training should include the initial training, completing that only would not fulfill the requirements for recurrent training under 1552.23 because of the difference in content requirements for initial training and refresher training. Refresher training should also include information specific to the flight school (as laid out in 1552.13(c)), including security protocols, examples of security incidents, etc.
Refresher security awareness training can be completed from two options:
Flight training providers are required to document initial and refresher security awareness training in accordance with TSA regulations (a.k.a. certificate of completion), and must be able to produce documentation on request from TSA. There is no need to send completion certificates to TSA.
According to the TSA rule (49 CFR 1552.15), the record of completion issued for security awareness training must include the following:
Flight training providers must retain records of security training for at least one year after the person is no longer an employee. Flight schools should keep these records in a secure and accessible place. Flight training providers must also provide any retained records to current and former employees upon request at no charge. A flight training provider need not provide the syllabus or curricula to a current or former employee and can instead provide a statement certifying that the training met the requirements of the regulation.
This rule also requires a flight school to allow officials authorized by TSA to inspect the records required under this section. TSA officials will be conducting inspections of flight schools to ensure that they are complying with this rule. Flight schools that are not in compliance may be subject to civil penalties under 49 U.S.C. 46301 and 49 CFR Part 1503. To help prepare for a TSA inspection, see AOPA's Flight School Checklist for TSA Inspections.
The new rule requires that each flight training provider designate and use a primary Security Coordinator. The flight training provider must give the TSA this person’s name, title, phone number, and email address no later than November 1, 2024. If any of this information changes, the flight training provider must tell the TSA within five days.
The Security Coordinator must be accessible to the TSA on a 24/7 basis. The Security Coordinator is the primary contact for intelligence information and security-related activities and communications. He or she also coordinates security practices internally and with appropriate government agencies. He or she must have the knowledge and resources to quickly contact the TSA, the Federal Bureau of Investigation, and local law enforcement.
In addition to U.S. Citizenship or Nationality, endorsees of the Department of Defense are also exempt from the Security Threat Assessment. To confirm this, a flight training provider must use the FTSP Portal to confirm the endorsee’s government issued photo identification matches the information on the Department of Defense endorsement.
A candidate (the flight student) must participate in the Flight Training Security Program and undergo a security threat assessment if:
A non-U.S. citizen or non-U.S. national is NOT required to participate in the FTSP and undergo a security threat assessment if:
If this rule applies to you, follow the steps below before you begin providing flight training.
The candidate should provide advance notice to you that he or she intends to start flight training.
If the candidate does not possess the correct visa, or has questions pertaining to his or her visa status or the appropriate visas for flight training, please check with DHS. If he or she is trying to obtain a visa from outside the U.S. call 603-339-0888. If he or she is in the U.S. and has questions about status and/or permissible activities, call 800-375-5283.
If your flight school is not already registered with TSA, request an account at TSA’s provider website. Click the link “New Provider Account” and follow the instructions. Click here for more guidance on registering with TSA.
Note: Each flight school MUST have one provider admin (administrator of flight training provider account) but can have any number of provider agents (standard flight training account), including zero. Follow these guidelines to determine your provider type:
If you are a/an… |
Register as a… |
|---|---|
| Individual CFI or Part 61 provider | Provider Admin |
| Flight instructor employee registered with a Part 141 or Part 142 flight school | Provider Agent |
| Flight instructor employee registered with a Part 141 or Part 142 flight school AND an individual CFI who provides flight instruction under Part 61 | Provider Agent with Part 141 or Part 142 flight school AND Provider Admin for instruction on a Part 61 basis |
Click here to learn more about provider type definitions.
The candidate should have already created an FTSP Portal account. This is how they will complete a security threat assessment and receive a Determination of Eligibility. They must receive this Determination of Eligibility. To receive this, the candidate provides the TSA with biographic and biometric information, identity verification documents, and a fee. After reviewing these documents, the TSA may issue a Determination of Eligibility to the candidate, which is good for five years unless there are grounds to revoke it.
When a candidate is ready to train, a flight training provider will notify the TSA through the FTSP Portal. The flight training provider will provide information such as the candidate’s name, the rating or certificate he or she will train for, and other details surrounding the training. See § 1552.51. Once the information is submitted, the TSA will acknowledge receipt. A flight training provider can begin providing training if more than 30 days have elapsed since the TSA acknowledged receipt of the information. The flight training provider must also take a photograph of the candidate and upload it to the FTSP when the candidate arrives for training.
While candidates need not obtain new determinations of eligibility every time they want to commence flight training, flight training providers must alert the TSA as provided in the preceding paragraph each time a candidate request flight training.
TSA has clarified the applicability of the security awareness training. Current and active instructors must take the training. However, current and inactive instructors are not required to take the training, but it is recommended. Expired instructors are not required to complete the training. The deadline for TSA's security awareness training was January 18, 2005. Compliance is still required for active instructors who have yet to complete this training.
Yes, as an active ground school instructor who has direct contact with flight students, you are required to complete initial and yearly refresher security awareness training.
Yes, this is a correct interpretation. Think of the endorsement as a replacement of the copy of the proof of citizenship. If you had a copy of my birth certificate from private training, and now I want to do an instrument rating, no need to run a new Xerox copy just because I'm doing a new rating.
The flight training provider may not provide training to a candidate who has been denied by the FTSP. If the flight training provider has already initiated training for a candidate, and TSA notifies the flight training provider that the candidate poses a threat to aviation or national security, the flight training provider must stop the training immediately. TSA will contact the flight training provider both electronically (e-mail) and by telephone and provide further instructions.
A provider admin is the administrator of a flight training provider account. Only one provider admin is allowed per flight training provider. The administrator user ID has access to all of the same screens and functionality as the provider agent but is also able to change flight training provider information, such as the telephone number of the school. Each school MUST have one provider admin.
A provider agent is the standard flight training provider account. This type of account allows the user to validate candidate requests, submit and review Category 4 candidate information, upload candidate photographs, and mark candidate training requests as completed. The provider agent account does not have access to change school information. A school may have any number of provider agents, including zero.