The ARMS Act mandates the TSA to implement rigorous, risk-informed covert testing programs, establish formal procedures for promptly fixing identified security vulnerabilities, and report annually to Congress and the public on testing results.
Eli Crane
Representative
AZ-2
The Aviation Risk Mitigation and Security (ARMS) Act mandates significant changes to how the TSA tests and improves aviation security. It requires the TSA to establish formal, risk-informed covert testing programs to identify vulnerabilities in screening operations. Furthermore, the bill establishes strict timelines for analyzing, fixing, and retesting any identified security weaknesses. Finally, the TSA must provide annual reports to Congress and the public detailing testing results and progress on security enhancements.
New ARMS Act Forces TSA to Publish Airport Security Fail Rates, Sets 90-Day Deadline to Fix Weaknesses
The new Aviation Risk Mitigation and Security Act, or ARMS Act, is essentially a mandate for the Transportation Security Administration (TSA) to get serious about finding and fixing security gaps at airports. Starting within 180 days, the bill requires the TSA to establish a systematic, data-driven covert testing program designed by headquarters. This isn't just about random spot checks; the testing must be based on yearly updates of real-world threats and designed to produce measurable data on where our current passenger and baggage screening systems are failing.
The Security Report Card: What Happens When They Fail?
If these covert tests uncover a vulnerability—say, a specific way a prohibited item gets past a checkpoint—the bill sets up a strict timeline for accountability. The TSA Administrator has 90 days to conduct a "root cause analysis" to figure out why the failure happened. After that analysis, they get another 150 days to decide on a fix, prioritize it, and start implementing changes. If they decide not to fix a vulnerability, they have to write down exactly why. This is important because it forces the agency to document its risk tolerance. The biggest win for travelers? Once a fix is implemented, the TSA must retest that specific operation within 180 days to confirm the problem is actually solved. If the fix doesn’t work, they have to go back to the drawing board.
Public Scrutiny for Major Hubs
One of the most significant changes for the public is the new transparency requirement for major airports. Every year, the TSA must publish an unclassified public summary of the covert testing performance at all "Category X" airports. If you’re flying out of a massive hub—think the busiest airports handling the most flights and passengers—you’ll be able to see the total number of covert tests conducted there, along with the overall pass rate and failure rate, expressed as percentages. While they won't release specific details that could compromise security, this high-level data provides a new degree of public accountability. It’s like getting a security report card for the airports you use most often.
The Fine Print and Practical Challenges
While the push for transparency is strong, the bill leaves one key term undefined: "Category X airport." This designation, which determines which airports are subject to the mandatory annual public reporting, is left up to the TSA's discretion. This vagueness could allow the agency to strategically omit certain underperforming airports from the public summary, which is something to watch out for. Furthermore, implementing this structured testing and remediation process will place a significant administrative and operational burden on the TSA, requiring them to overhaul their current testing methods and adhere to tough deadlines. However, for the traveling public, this systematic approach, reinforced by a mandatory review by the Government Accountability Office (GAO) within three years, offers a clear path toward more effective and reliable airport security.