This Act may be cited as the “Aviation Employee Screening and Security Enhancement Act of 2017”.

In this Act:

(a) In general.—Not later than 180 days after the date of the enactment of this Act, the Administrator, in consultation with the Aviation Security Advisory Committee (established under section 44946 of title 49, United States Code), shall submit to the appropriate congressional committees and the Comptroller General of the United States a cost and feasibility study of a statistically significant number of Category I, II, III, IV, and X airports assessing the impact if all employee access points from non-secured areas to secured areas of such airports are comprised of the following:

(1) A secure door utilizing card and pin entry or biometric technology.

(2) Surveillance video recording, capable of storing video data for at least 30 days.

(3) Advanced screening technologies, including at least one of the following:

(A) Magnetometer (walk-through or hand-held).

(B) Explosives detection canines.

(C) Explosives trace detection swabbing.

(D) Advanced imaging technology.

(E) X-ray bag screening technology.

(b) Contents.—The study required under subsection (a) shall include information related to the employee screening costs of those category I, II, III, IV, and X airports which have already implemented practices of screening 100 percent of employees accessing secured areas of airports, including the following:

(1) Costs associated with establishing an operational minimum number of employee entry and exit points.

(2) A comparison of estimated costs and effectiveness associated with implementing the security features specified in subsection (a) to—

(A) the Federal Government; and

(B) airports and the aviation community.

(c) Comptroller general assessment.—

(1) IN GENERAL.—Upon completion of the study required under subsection (a), the Comptroller General of the United States shall review such study to assess the quality and reliability of such study.

(2) ASSESSMENT.—Not later than 60 days after the receipt of the study required under subsection (a), the Comptroller General of the United States shall report to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs and the Committee on Commerce, Science, and Transportation of the Senate on the results of the review required under paragraph (1).

(a) Cooperative efforts to enhance airport security awareness.—Not later than 180 days after the date of the enactment of this Act, the Administrator shall work with air carriers, foreign air carriers, airport operators, labor unions representing credentialed employees, and the Aviation Security Advisory Committee to enhance security awareness of credentialed airport populations regarding insider threats to aviation security and best practices related to airport access controls.

(b) Credentialing standards.—

(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Administrator shall, in consultation with air carriers, foreign air carriers, airport operators, labor unions representing credentialed employees, and the Aviation Security Advisory Committee, assess credentialing standards, policies, and practices to ensure that insider threats to aviation security are adequately addressed.

(2) REPORT.—Not later than 30 days after completion of the assessment required under paragraph (1), the Administrator shall report to the appropriate congressional committees on the results of such assessment.

(c) SIDA applications.—

(1) SOCIAL SECURITY NUMBERS REQUIRED.—Not later than 60 days after the date of the enactment of this Act, the Administrator shall require airport operators to submit the social security number of an individual applying for a credential granting access to the Security Identification Display Area to strengthen security vetting effectiveness. An applicant who does not provide such applicant’s social security number may be denied such a credential.

(2) SCREENING NOTICE.—The Administrator shall issue requirements for airport operators to include in applications for access to a Security Identification Display Area a notice informing applicants that an employee holding a credential granting access to a Security Identification Display Area may be screened at any time while gaining access to, working in, or leaving a Security Identification Display Area.

(a) In general.—The Administrator shall work with airport operators and the Aviation Security Advisory Committee to identify advanced technologies, including biometric identification technologies, for securing employee access to the secured areas and sterile areas of airports.

(b) Rap back vetting.—Not later than 180 days after the date of the enactment of this Act, the Administrator shall ensure that all credentialed aviation worker populations currently requiring a fingerprint-based criminal record history check are continuously vetted through the Federal Bureau of Investigation’s Rap Back Service, in order to more rapidly detect and mitigate insider threats to aviation security.

(c) Insider threat education and mitigation.—Not later than 180 days after the date of the enactment of this Act, the Administrator shall identify means of enhancing the Administration’s ability to leverage the resources of the Department of Homeland Security and the intelligence community to educate Administration personnel on insider threats to aviation security and how the Administration can better mitigate such insider threats.

(d) Playbook operations.—The Administrator shall ensure that Administration-led employee physical inspection efforts of aviation workers, known as Playbook operations, are targeted, strategic, and focused on providing the greatest level of security effectiveness.

(e) Covert testing.—

(1) IN GENERAL.—The Administrator shall conduct covert testing of Administration-led employee inspection operations at airports and measure existing levels of security effectiveness. The Administrator shall provide—

(A) the results of such testing to the airport operator for the airport that is the subject of any such testing, and, as appropriate, to air carriers and foreign air carriers that operate at the airport that is the subject of such testing; and

(B) recommendations and technical assistance for air carriers, foreign air carriers, and airport operators to conduct their own employee inspections, as needed.

(2) ANNUAL REPORTING.—The Administrator shall annually, for each of fiscal years 2018 through 2022, submit to the appropriate congressional committees a report on the frequency, methodology, strategy, and effectiveness of employee inspection operations at airports.

(f) Centralized database.—Not later than 180 days after the date of the enactment of this Act, the Administrator, in consultation with the Aviation Security Advisory Committee, shall—

(1) establish a national database of individuals who have had either their airport or airport operator-issued badge revoked for failure to comply with aviation security requirements;

(2) determine the appropriate reporting mechanisms for air carriers, foreign air carriers, and airport operators to—

(A) submit to the Administration data regarding individuals described in paragraph (1); and

(B) access the database established pursuant to such paragraph; and

(3) establish a process to allow individuals whose names were mistakenly entered into such database to correct the record and have their names removed from such database.

The Department of Homeland Security is the lead interagency coordinator pertaining to insider threat investigations and mitigation efforts at airports. The Department shall make every practicable effort to coordinate with other relevant Government entities, as well as the security representatives of air carriers, foreign air carriers, and airport operators, as appropriate, when undertaking such investigations and efforts.

Not later than 90 days after the date of the enactment of this Act, the Administrator shall submit to the appropriate congressional committees a plan to conduct recurring reviews of the operational, technical, and management security controls for Administration information technology systems at airports.

No additional funds are authorized to carry out the requirements of this Act. Such requirements shall be carried out using amounts otherwise authorized.