It has been 14 years since the 9/11 Commission Report was issued, in which many recommendations were made to improve security in the U.S. The Transportation Security Administration (TSA) has still not yet implemented three of these recommendations, although it has been reported that the TSA will issue a final rule for one of those three recommendations this summer, establishing security training for transit, freight and bus workers. TSA Surface Division Director Sonya Proctor noted that the final rule for employee vetting guidelines and Surface Transportation Vulnerability Assessment and Security Plans will be forthcoming.

On Dec. 16, 2016, TSA issued a notice of proposed rulemaking, Security Training for Surface Transportation Employees, and in addition to requiring security training, TSA also proposed expanding its current requirements for rail security coordinators and reporting of significant security concerns to include bus components of higher-risk public transportation systems and higher-risk over-the-road bus companies. The notice received 31 comments from the public, including some industry stakeholders commenting that the rule was unnecessary due to other agencies, like the Federal Railroad Association (FRA), already adequately regulating security training programs, or due to existing security training procedures of companies. Furthermore, other commentators expressed concern regarding the timelines, such as the 60-day limit required to train an employee who serves a security-sensitive function and the 24-hour requirement to report any initial discovery of a potential threat. However, there were many comments in support of the proposed rule, suggesting coordination with other agencies.

The 9/11 Commission Report was published on July 22, 2004, as a result of the Aviation and Transportation Security Act in 2001, which created the TSA and called for strategic plans to describe how the TSA would provide security for critical parts of U.S. transportation. Specifically, the Report suggested 42 recommendations for the TSA, including three recommendations to develop a risk-based surface transportation security strategy, as the Report recognized that surface transportation poses significant risk of attacks, as railroads and mass transit remain difficult to protect due to their accessibility.

TSA has faced criticism for its delay in implementing these 14-year-old recommendations, including from Acting Department of Homeland Security (DHS) Inspector General John Kelly and Sen. Cory Booker (D-N.J.). In a DHS Office of Inspector General (OIG) Audit published on Sept. 9, 2016, the OIG found that the "TSA lacks an intelligence-driven, risk-based security strategy that informs security and resource decisions across all transportation modes." Furthermore, the Senate Committee on Science, Commerce, and Transportation, on March 29, 2017, reintroduced the Surface Transportation and Maritime Security Act to Address TSA Vulnerabilities (S.763), which is intended to address concerns raised by the OIG and other independent watchdog agencies that "TSA is not adequately positioned to identify security risks across the different modes of transportation."

The final rule, once effective this summer, will leave only two outstanding recommendations left for the TSA to implement all of the 9/11 Commission Report’s 42 recommendations.