(a) General. When TSA determines that additional security measures are necessary to respond to a threat assessment or to a specific threat against civil aviation, TSA issues a Security Directive setting forth mandatory measures.
(b) Compliance. Each repair station must comply with each Security Directive TSA issues to the repair station within the time prescribed. Each repair station that receives a Security Directive must—
(1) Acknowledge receipt of the Security Directive as directed by TSA;
(2) Specify the method by which security measures have been or will be implemented to meet the effective date; and
(3) Notify TSA to obtain approval of alternative measures if the repair station is unable to implement the measures in the Security Directive.
(c) Availability. Each repair station that receives a Security Directive and each person who receives information from a Security Directive must—
(1) Restrict the availability of the Security Directive and the information contained in the document to persons who have an operational need to know; and
(2) Refuse to release the Security Directive or the information contained in the document to persons other than those who have an operational need to know without the prior written consent of TSA.
(d) Comments. Each repair station that receives a Security Directive may comment on the Security Directive by submitting data, views, or arguments in writing to TSA. TSA may amend the Security Directive based on comments received. Submission of a comment does not delay the effective date of the Security Directive.