Do all computers containing SSI need to be “TSA approved?”

No. All covered persons (e.g., airlines, pipelines) must take reasonable steps to safeguard SSI in their possession or control from unauthorized disclosure (49 C.F.R. § 1520.9). Covered persons must limit access to SSI to other covered persons who have a need to know the information. Therefore, any stakeholder computer system that provides such access limitations to SSI would be acceptable. Please refer to the SSI Best Practices Guide for Non-DHS Employees for more information.