PRIA Logo
Start Free Watch
Back to search
GovernmentHomeland Security & Emergency Management

TSA & Transportation Security

16 min read·Updated Apr 21, 2026

TSA & Transportation Security

The Transportation Security Administration (TSA) was created 77 days after the September 11 attacks by the Aviation and Transportation Security Act (ATSA, 2001) and is responsible for screening the approximately 800 million passengers and their baggage who fly through 440+ commercial airports each year in the United States. TSA employs roughly 60,000 transportation security officers — the blue-uniformed agents who staff airport checkpoints — making it one of the largest federal workforces. For most travelers, TSA's biggest practical impact is time: standard screening lines average 15–30 minutes at major airports, while TSP PreCheck enrollees (30+ million members, $78 for 5 years) typically clear in under 5 minutes using dedicated lanes without removing shoes, laptops, or liquids. Global Entry ($100/5 years) adds expedited customs reentry. REAL ID enforcement, fully phased in by 2025, means driver's licenses from compliant states (now all states) are required for domestic air travel — non-compliant IDs will be rejected. TSA also collects a $5.60 September 11 security fee per one-way trip, embedded in every airline ticket, generating approximately $4 billion annually for aviation security operations.

Current Law (2026)

ParameterValue
AgencyTransportation Security Administration (TSA), within DHS
TSA PreCheck enrollment fee$78 for 5 years
Global Entry$100 for 5 years
Passenger screeningAll airline passengers and carry-on baggage
Federal Air Marshal ServiceOperates on domestic and international flights
Surface transportationTSA has security authority over rail, transit, trucking, pipelines
VIPR teamsVisible Intermodal Prevention and Response — deployed to any transport mode
  • 6 U.S.C. § 1101-1104 — Transportation security definitions, training consortium, immunity for good-faith suspicious activity reports
  • 6 U.S.C. § 1112 — VIPR teams (Visible Intermodal Prevention and Response — deployable security teams for any transportation mode)
  • 6 U.S.C. § 1113 — Surface transportation security inspectors (training, hiring, compliance oversight)
  • 6 U.S.C. § 1114 — Security technology information sharing (sharing performance data on security technologies)
  • 6 U.S.C. § 1116 — National explosives detection canine team training program (expanding K-9 teams)
  • 6 U.S.C. § 1117 — Roles of DHS and DOT (Secretary of Homeland Security is the primary federal official for transportation security)
  • 6 U.S.C. § 1118 — Biometrics expansion (TSA and CBP biometric assessment report)
  • 6 U.S.C. § 1119 — Voluntary use of credentialing (TWIC card satisfies multiple security credential requirements)
  • 6 U.S.C. § 1115 — TSA personnel limitations (statutory workforce caps do not apply to employees performing duties required by the Implementing Recommendations of the 9/11 Commission Act)
  • 6 U.S.C. § 1131-1143 — Public transportation security (risk assessments, grant programs, training, exercises for transit systems)
  • 6 U.S.C. § 1142 — Public transportation employee protections (whistleblower protections for transit workers who report safety or security problems; retaliation prohibited)
  • 6 U.S.C. § 1161-1172 — Railroad security (national risk assessment and strategy; mandatory vulnerability assessments and security plans for high-risk railroads; Amtrak systemwide security upgrades; fire/life safety improvements; security training programs; background checks; international railroad security; model state legislation)
  • 6 U.S.C. § 1181-1186 — Over-the-road bus security (mandatory security assessments and plans for high-risk bus operators; grant program; security exercises and training; research and development)
  • 6 U.S.C. § 1201-1208 — Hazardous materials transportation security (railroad routing and tracking of security-sensitive materials; highway hazmat routing; motor carrier hazmat tracking; hazmat security inspections; transportation security card for hazmat licensing; pipeline security inspections and enforcement; pipeline security and incident recovery plans)

How It Works

TSA screens approximately 2.5 million passengers daily at 440+ airports — its most visible function — using document verification, physical screening (walk-through metal detectors or advanced imaging technology), and baggage inspection (X-ray and CT scanners). The Federal Air Marshal Service places armed officers on selected domestic and international flights. TSA PreCheck ($78 for 5 years) lets pre-vetted U.S. citizens and lawful permanent residents skip the shoe-removal, laptop-out routine; Global Entry ($100 for 5 years, managed by CBP) adds expedited customs processing on international returns; NEXUS and SENTRI serve cross-border travelers at Canadian and Mexican borders. Since May 2025, TSA has enforced full REAL ID requirements at checkpoints — a REAL ID-compliant state driver's license (look for the star), U.S. passport, or military ID is required to clear security; non-compliant travelers face additional screening or denial.

Beyond aviation, TSA's surface division covers passenger rail (Amtrak, commuter rail), mass transit, freight rail, over-the-road buses, trucking, and pipelines — but without universal passenger screening. Surface security instead relies on legally binding security directives for high-risk operators, vulnerability assessments, inspections, and Visible Intermodal Prevention and Response (VIPR) teams — mobile forces of TSA inspectors, Federal Air Marshals, behavior detection officers, and explosives detection canine units that deploy to train stations, bus terminals, ports, and special events. The 9/11 Commission Act (2007) established mandatory vulnerability assessments and security plans for high-risk railroads (§§ 1161-1172) and long-distance bus operators (§§ 1181-1186), including background checks for workers in security-sensitive positions and dedicated Amtrak security funding. Workers needing unescorted access to secure maritime port areas must hold a Transportation Worker Identification Credential (TWIC) — a $125.25 card requiring a security threat assessment — while hazmat truck drivers and pipeline workers require the Hazardous Materials Endorsement threat assessment (§§ 1201-1208). TSA conducts pipeline security inspections under § 1207 and requires operators to maintain security and incident recovery plans under § 1208 — authority that became critical after the Colonial Pipeline ransomware attack in 2021.

How It Affects You

If you fly commercially: The most immediately useful thing to know is that TSA PreCheck ($78 for 5 years, renewable online) will consistently save you 15–30 minutes at security in most airports. PreCheck lanes don't require removing shoes, laptops, belts, or light jackets — and they're almost always shorter than standard lanes. Global Entry ($100 for 5 years, through CBP) includes PreCheck plus expedited customs on international returns. Many travel credit cards reimburse the enrollment fee as a cardholder benefit. Since May 7, 2025, TSA enforces full REAL ID requirements at checkpoints — your state driver's license must be REAL ID-compliant (look for the star symbol in the upper corner) or you need an alternative: U.S. passport, military ID, or enhanced driver's license from certain states. Non-compliant travelers face additional screening or checkpoint denial. If your ID is non-compliant, apply for your state's REAL ID-compliant card (typically requires a birth certificate, Social Security card, and two proofs of address) or renew your passport. Also note: TSA's Credential Authentication Technology (CAT-2) facial recognition units are now deployed at approximately 400 airports. Participation is technically optional — you can request manual ID verification — but you need to ask proactively; the opt-out is not prominently offered. File complaints or feedback at tsa.gov/contact-center.

If you're a transportation worker who needs security credentials: TSA administers Security Threat Assessments (STAs) for several transportation worker credentials. The TWIC (Transportation Worker Identification Credential) — required for unescorted access to secure maritime port areas and certain vessels — costs $125.25, takes 7–9 weeks to process, and requires fingerprinting at an enrollment center (find one at tsa.gov/for-industry/twic). A criminal history check will screen for permanent disqualifying offenses (certain drug trafficking convictions, terrorism, murder) and temporary disqualifying offenses. If you're in trucking and carry hazardous materials, TSA administers the Hazardous Materials Endorsement threat assessment for CDL holders. Airport workers needing SIDA (Security Identification Display Area) badges go through airport-specific background check programs administered locally but subject to TSA standards (49 CFR Part 1542). If you're denied a credential, you have a right to appeal — the process is described in your denial notice. TSA's OmniConnect credentialing system tracks all worker credentials. For TWIC-specific issues, contact TSA's helpdesk at 1-866-DHS-2-TSA (1-866-347-2872).

If you operate a transit agency or rail system: TSA's surface transportation authority means you have mandatory obligations — not just optional resources. TSA security directives for passenger rail and transit are legally binding; failure to comply can result in civil penalties. TSA offers free Baseline Assessment for Security Enhancement (BASE) reviews — an onsite assessment of your system's security posture against TSA standards and best practices. Request a BASE review through your TSA regional transportation security inspector (find contacts at tsa.gov/for-industry/surface). Beyond BASE reviews, TSA's Intermodal Security Training and Exercise Program (I-STEP) provides free training and exercise support. Transit security grant funding flows through DHS's Homeland Security Grant Program (see Homeland Security Grants) — specifically the Transit Security Grant Program (TSGP), with applications through FEMA. Workers who report safety or security problems are protected from employer retaliation under 49 U.S.C. § 20109 (rail) and § 60130 (pipeline).

If you operate a pipeline or critical energy infrastructure: After the Colonial Pipeline ransomware attack in May 2021, TSA issued a series of security directives that transformed pipeline security from voluntary guidelines to mandatory compliance requirements. Current TSA pipeline security directives require: designation of a Cybersecurity Coordinator available 24/7; reporting of cybersecurity incidents to CISA within 24 hours; specific cybersecurity mitigation measures including network segmentation, access controls, and detection capabilities; and a Cybersecurity Incident Response Plan. TSA conducts pipeline security inspections under 49 U.S.C. § 1207 and can issue civil penalties for non-compliance. Pipeline operators must also maintain security and recovery plans under § 1208. Coordinate cybersecurity compliance with CISA, which receives the incident reports and provides threat intelligence. TSA's pipeline security guidance and directive updates are published at tsa.gov/for-industry/pipeline.

State Variations

TSA is a federal agency with nationwide authority — no state can override TSA security requirements. However, states interact with TSA in several ways:

  • Airport law enforcement: Local police provide law enforcement at airports; TSA provides screening
  • Transit security: State and local transit agencies implement TSA security directives
  • State opt-out: Airports may apply to use private screening companies instead of federal TSA screeners under the Screening Partnership Program (about 20 airports currently do this)

Implementing Regulations

  • 49 CFR Part 1544 — Aircraft Operator Security: Air Carriers and Commercial Operators (36 sections — the TSA's binding security requirements for every U.S.-certificated airline and commercial charter operator). Key provisions:

    • § 1544.101 — Adoption requirement: each scheduled passenger airline, public charter, and twelve-five operator (operators of aircraft with 12,500+ lb max certificated takeoff weight) must adopt and implement a security program meeting Part 1544's requirements; the Full Program (for scheduled carriers) is the most stringent, covering all of subparts C, D, and E
    • § 1544.103 — Security program content: each program must provide for the safety of persons and property on flights against criminal violence and air piracy; must include procedures for screening, access control, security coordinator designation, law enforcement support, and crew notification; programs are treated as Sensitive Security Information (SSI) — they are not public documents and may not be disclosed even to employees who don't have a need to know
    • § 1544.105 — TSA approval: each airline's security program must be submitted to and approved by TSA; TSA may require amendments; airlines must implement TSA-directed amendments within the timeframe TSA specifies — which may be immediate if TSA determines a threat requires urgent response
    • § 1544.201 — Passenger and carry-on screening: each aircraft operator must use measures in its security program to prevent the carriage of weapons, explosives, incendiaries, and other prohibited items; screening must be conducted before passengers board — the airline, not TSA, is the party directly responsible for compliance with Part 1544's screening requirements (TSA enforces those requirements against the airline)
    • § 1544.203 — Checked baggage screening: airlines must use explosives detection procedures for checked baggage before it is loaded; may not accept baggage that has not been screened per the security program
    • § 1544.205 — Cargo screening: airlines operating under the Full Program must ensure cargo is screened or accepted only from known shipper programs before loading; third-party screening under TSA-certified programs is permitted
    • § 1544.215 — Security coordinators: each airline must designate an Aircraft Operator Security Coordinator (AOSC) at the corporate level available 24 hours/day, 7 days/week; the AOSC is the airline's primary contact with TSA for security issues and coordinates with TSA, law enforcement, and airport security on security incidents
    • § 1544.219 — Carriage of accessible weapons by law enforcement: law enforcement officers with accessible weapons may travel on commercial flights under protocols in the security program; they must notify the pilot in command before boarding; Part 1544 is the federal authorization for armed law enforcement air travel
    • § 1544.221 — Prisoner transport: transport of prisoners under armed escort is permitted under specific conditions — the number of armed escorts, seating requirements, and prior airline notification requirements must be in the security program
    • § 1544.223 — Federal Air Marshals: airlines must transport Federal Air Marshals on duty status; the Air Marshal may carry an accessible weapon; airlines may not disclose the presence of an Air Marshal on a flight to anyone not with a need to know
    • § 1544.225 — Aircraft and facility security: airlines must use procedures in their security programs to control access to aircraft and related facilities (gates, jet bridges, ramp areas) — access must be limited to authorized persons; challenge procedures for unknown individuals in secure areas are required

    Part 1544 is the foundational post-9/11 aviation security mandate for airlines. The security programs required under Part 1544 are TSA's primary tool for ensuring that all scheduled carriers implement equivalent security baselines — eliminating the pre-9/11 variation in carrier security practices. Because the security programs themselves are SSI, travelers cannot review them, but their effects are visible at every departure gate: boarding pass checks, ID verification, aircraft access control, and crew notification protocols all flow from Part 1544 requirements. Airlines that fail to comply face civil penalties under 49 CFR Part 1503 (up to $15,000+ per violation per day) and, for systematic failures, security directives requiring immediate corrective action.

  • 49 CFR Part 1546 — Foreign air carrier security (security programs for foreign carriers operating in U.S.)

  • 49 CFR Part 1540 — Civil aviation security general rules (applicability, terms, inspection authority)

  • 49 CFR Part 1542 — Airport security (access control, identification systems, security programs)

  • 49 CFR Part 1570–1572 — General rules and security threat assessments (credentialing and background checks for transportation workers). Part 1572 specifically governs the two major worker credentialing programs:

    • § 1572.103 — Disqualifying criminal offenses for both the Hazardous Materials Endorsement (HME) and Transportation Worker Identification Credential (TWIC): permanent disqualifying offenses include espionage, sedition, treason, terrorism, murder, federal or state explosives violations, and certain other violent crimes — these can never be waived; temporary disqualifying offenses include drug trafficking, extortion, arson, kidnapping, and certain firearms violations committed within the past 7 years — these disqualify an applicant for 7 years after conviction or release, whichever is later; a prior "not guilty by reason of insanity" finding also disqualifies
    • § 1572.105 — Immigration eligibility: applicants must be U.S. nationals, lawful permanent residents, refugees, asylees, or other specified non-immigrant categories; undocumented individuals and those whose status is uncertain do not qualify for either the HME or TWIC
    • § 1572.15 — HME Security Threat Assessment (STA) procedures: every CDL holder who wants to transport hazardous materials requiring placarding must submit to TSA's fingerprint-based criminal history records check (CHRC), intelligence check, and immigration check; states must require the STA before issuing or renewing the hazmat endorsement; disqualified applicants lose their HME and must surrender it to the state; TSA charges a fee (see Subpart E) currently approximately $86.50 per STA, paid to TSA or to the state if it collects fingerprints
    • § 1572.17/1572.21 — TWIC STA procedures: applicants for a TWIC (required for unescorted access to secure maritime port areas, outer continental shelf facilities, and certain vessels) must submit biographical data, fingerprints, and consent to all three background checks; TSA's OmniConnect system manages TWIC enrollment; approved applicants receive a smart card credential with biometric (fingerprint) data embedded; TWICs are valid for 5 years (§ 1572.23) and must be renewed before expiration; TSA charges a separate TWIC fee (Subpart F) currently approximately $125.25
    • § 1572.107 — Other screening analyses: TSA may deny credentials based on searches of Interpol databases, terrorist watchlists and related databases, state and local law enforcement records, and foreign government records — threat analysis is not limited to formal criminal convictions; TSA may also obtain waiver-ineligible threat information from intelligence community sources
    • § 1572.109 — Mental capacity: an applicant who has been adjudicated as lacking mental capacity or involuntarily committed to a mental health facility is disqualified; the disqualification can be waived upon evidence of restoration of rights or mental capacity

    The HME program applies to approximately 1.7 million CDL holders who carry hazardous materials placards. The TWIC program covers approximately 2.6 million workers at U.S. seaports, liquefied natural gas facilities, and related maritime locations. Both programs are administered through TSA's Identity Verification Service, which connects to the FBI's CHRC system and DHS's watchlist databases. A worker denied a credential has the right to correct erroneous records (through CHRC review or FBI fingerprint amendment) and may seek a waiver for temporary disqualifying offenses if the threat the offense poses is outweighed by the applicant's need for the credential. TWIC reader regulations (49 CFR Part 1585, finalized 2016) require high-risk vessels and maritime facilities to actively verify TWICs using card readers rather than visual inspection alone.

  • 49 CFR Part 1503 — Investigative and enforcement procedures: TSA's civil penalty process for violations of its security regulations. Key provisions:

    • § 1503.201 — Reports of violations: any person who knows of a TSA security requirement violation should report it to TSA field personnel; TSA may also initiate investigations on its own initiative
    • § 1503.203 — Investigations: the TSA Administrator (or a designated official) may conduct investigations, hold hearings, issue subpoenas, and require testimony under oath; TSA inspectors have authority to enter and inspect regulated facilities during reasonable hours
    • § 1503.301 — Warning notices and letters of correction: when a violation does not warrant a civil penalty (first-time, minor, or technical violation), TSA may issue a warning notice; letters of correction are used when the person corrects the deficiency before TSA initiates formal penalty action
    • § 1503.401 — Maximum civil penalty amounts: civil penalties for violating TSA requirements can reach $10,000–$15,000 per violation per day for individuals and substantially more for operators; the exact cap depends on the category of violation (aviation security vs. surface transportation vs. hazmat) and is adjusted for inflation under the Federal Civil Penalties Inflation Adjustment Act
    • § 1503.413 — Notice of Proposed Civil Penalty (NOCP): TSA commences formal civil penalty proceedings by serving a Notice of Proposed Civil Penalty specifying the alleged violation, the facts underlying it, and the amount proposed; the respondent has 30 days to respond by requesting an informal conference, paying the proposed penalty, or requesting a formal hearing
    • § 1503.421 — Streamlined civil penalty procedures: for certain categories of minor security violations (prohibited items at checkpoints, specific access control violations), TSA may use a streamlined Notice of Violation process — a faster, lower-cost process capped at $10,000 per violation with limited formal hearing rights; TSA uses these for the most common checkpoint infractions
    • Subpart G — Rules of Practice in TSA Civil Penalty Actions: formal civil penalty cases (above the streamlined threshold) are heard by an ALJ under APA § 554; parties may present evidence, call witnesses, and cross-examine; the ALJ issues a decision subject to appeal to the full Department of Transportation and then to federal circuit court

    Civil penalties are TSA's primary enforcement lever against regulated entities — airlines, airports, hazmat carriers, pipeline operators, and transit systems. For individual travelers, penalty amounts are much smaller (typically $250–$2,000 for prohibited items), and TSA routinely resolves checkpoint violations through warning notices rather than formal proceedings. For operators with systematic non-compliance, the formal NOCP-to-ALJ pipeline can take 12–18 months but can result in orders requiring systemic remediation as well as financial penalties.

Pending Legislation

  • HR 7941Pay TSA Act of 2026: locks 9/11 Security Fee into DHS trust fund for TSA, funding available during lapses. Status: Introduced.

Recent Developments

TSA has been deploying Credential Authentication Technology (CAT) units that use facial recognition to verify traveler identity at checkpoints — reducing reliance on manual document checking. CT scanners are replacing legacy X-ray machines for carry-on baggage, allowing passengers to leave electronics in bags. TSA PreCheck enrollment has expanded to include online renewal and more enrollment locations.

The Trump FY2027 budget proposed cutting TSA funding and requiring privatization of security operations at small airports, reigniting debate over the federal role in aviation security screening.

  • REAL ID full enforcement at TSA checkpoints (May 2025): TSA implemented full REAL ID enforcement at airport security checkpoints on May 7, 2025. Travelers without a REAL ID-compliant state ID, enhanced driver's license, or acceptable alternative (passport, military ID) face additional screening procedures or denial of checkpoint access. The first weeks of enforcement produced significant disruption at major airports, with long lines and travelers learning their state IDs were non-compliant. TSA estimated 25-30% of travelers attempted to use non-compliant IDs in the first month; most had passports or other acceptable alternatives, but a meaningful fraction required enhanced screening resolution.
  • Facial recognition expansion and privacy concerns: TSA's Credential Authentication Technology (CAT) units with facial recognition capabilities have been deployed at approximately 400 airports as of 2026. The CAT-2 units use live facial capture matched against photo IDs and CBP traveler databases. TSA maintains that facial recognition use is optional — travelers may request manual ID verification. However, opt-out rates are very low in practice, and civil liberties organizations (ACLU, EFF) have documented that "optional" facial recognition becomes effectively mandatory given social and time pressure at security checkpoints. Congress has considered legislation requiring affirmative consent for biometric capture at TSA checkpoints; no bill has passed.
  • Air Marshal program and staffing review: DOGE reviewed the Federal Air Marshal Service (FAMS) as a high-cost, potentially redundant program. FAMS employs approximately 2,500 air marshals at significant cost (approximately $500,000 per marshal annually including training, travel, and benefits); DHS has studied whether diverting those resources to hardened cockpit door requirements and armed pilot programs would achieve equivalent security outcomes. The Trump administration proposed reducing FAMS staffing while expanding armed pilot training; airlines and pilot unions have mixed views on armed flight deck officers. No final decision on FAMS restructuring has been announced.
  • TSA PreCheck and Global Entry expansion: TSA PreCheck enrollment reached approximately 25 million members as of 2026; CBP's Global Entry (which includes PreCheck) has 15 million members. The OBBBA included a provision allowing TSA PreCheck enrollment fees to be paid through HSA and FSA accounts (as qualifying security-related travel expenses), reducing the after-tax cost of enrollment. TSA has partnered with airlines and credit card companies for complimentary PreCheck enrollment offers, accelerating program growth. TSA's automated PreCheck screening (removing shoes/belts only for standard screening, not for PreCheck lanes) has significantly improved throughput at major hub airports.