Skip to main content

Justice Manual

Justice Manual
Title 1: Organization and Functions

1-24.000 - Crisis Management Program for United States Attorneys’ Offices

1-24.000 - Crisis Management Program for United States Attorneys’ Offices

Responding appropriately to public safety crises, including suspected or confirmed acts of terrorism and extraordinary criminal events that demand a coordinated federal law enforcement response, is a critical function of the United States Attorneys’ Offices (USAOs), and the Department of Justice as a whole. The Attorney General directed the establishment of the Crisis Management Coordinator (CMC) program in USAOs to improve the Department’s ability to handle critical incidents swiftly and appropriately.[Footnote 1] This section describes the district-level response a USAO shall take in the event of a critical incident. Any prior guidance inconsistent with this provision is hereby superseded.

  1. Definition of a Critical Incident. A critical incident is an incident determined by a U.S. Attorney to be of such a significant nature, scope, and impact that it demands an immediate coordinated federal law enforcement response and for which USAOs may need to respond on behalf of the Department, such as a suspected act of terrorism or a mass casualty event. The term “critical incident” does not include natural disasters, which federal agencies respond to through processes different from those described in this provision.
  2. Coordination with FBI. For any incident to which the FBI responds and the USAO believes could be a critical incident, even where state, Tribal, or local law enforcement ultimately take the investigative lead, the USAO must ensure proper coordination with the FBI. A member of the USAO Critical Incident Response Team (CIRT), as defined below, must contact the local FBI Field Division as soon as possible when the USAO believes a critical incident may be unfolding.
  3. Critical Incident Response Plan.
    1. Each USAO must create and maintain a Critical Incident Response Plan (CIRP) that provides the protocol for the USAO’s support for a coordinated law enforcement response to a critical incident by the FBI or other law enforcement agencies. This plan will complement and support the Crisis Response Plan (CRP) of the applicable FBI Field Office and its implementing appendices and incident-specific annexes. The decision whether to activate the Critical Incident Response Plan lies with the United States Attorney.
    2. The CIRP identifies the roles and responsibilities of key USAO personnel during the critical incident (the CIRT), including oversight of the legal support and prosecutive actions, coordination with law enforcement on investigative requirements, and public affairs activities.
    3. The CIRP is also used to train the CIRT to ensure that the CIRT can effectively carry out the requirements of the CIRP during a critical incident.
    4. All USAOs and their counterpart FBI offices will conduct exercises of their coordinated CIRP and FBI CRP protocols to ensure effective joint operations in response to critical incidents.
  4. Using the Critical Incident Response Plan in Response to a Critical Incident.
    1. The CIRP should be activated when a critical incident occurs or is suspected to have occurred. USAOs should make appropriate notifications upon activation of the CIRP, including to law enforcement authorities and federal court personnel.
    2. Whenever a critical incident takes place, the following notifications must be made:
    • NSD Counterterrorism Section (CTS). Whenever the CIRP is implemented and the event is a known, suspected, or possible terrorist or weapons of mass destruction event, or involves a known, suspected, or possible act of violence against the President, Vice President, member of the Cabinet, or other Secret Service protectee, the USAO must contact NSD’s CTS through its designated CTS Regional Coordinator.
    • Urgent Report/Notification to EOUSA. Critical incident notifications must also be reported as an Urgent Report through the USA-Report system, consistent with the broad notification requirements under Justice Manual sections 1-13.130, 1-13.140, and 3-15.160. Districts must also report any activation of any part of the District Emergency Plan (DEPLAN), which includes the CIRP.
    • Justice Command Center (JCC). If the U.S. Attorney is unable to reach appropriate DOJ officials directly, contact should be made through the JCC. All DOJ attorneys can be reached via the JCC 24 hours a day, seven days a week.
    • Continuing obligation. The U.S. Attorney has an obligation to keep the Attorney General, the Deputy Attorney General, and relevant parties within the Department apprised of the situation as the critical incident develops.
    • Notification of relevant federal law enforcement authorities. Whenever the CIRP is implemented, the USAO should notify all appropriate federal law enforcement agency representatives within the district. This should include the FBI and ATF Special Agents in Charge (SAC), United States Marshal, and other federal law enforcement officials as appropriate.
    • Notification of federal court personnel. Whenever the CIRP is implemented, the USAO should notify the Chief Judge of the affected federal court.
    • Notice to state and local authorities depending on the incident. Whenever the CIRP is implemented, the USAO should consider notifying the appropriate state and local government and law enforcement authorities.
  5. Roles and Responsibilities in Preparation for and During a Critical Incident
    1. U.S. Attorney. Every U.S. Attorney must ensure his/her office can provide a timely and effective legal response during any critical incident. As part of this responsibility, each U.S. Attorney must:
      1. Appoint a senior Assistant United States Attorney (AUSA) as the Crisis Management Coordinator (CMC) for the district. The U.S. Attorney shall ensure the CMC is an AUSA with sufficient experience and judgment to prepare for and perform the functions demanded during a critical incident. The CMC must understand emergency management and critical incident response policies, procedures, and laws, and be able to advise the USAO during the response to a critical incident. The CMC may be the same AUSA who serves as the National Security/Anti-Terrorism Advisory Council (ATAC) Coordinator; and
      2. During any critical incident, ensure that the CMC is leading the USAO’s implementation of all appropriate activities of the CIRP.
    2. Crisis Management Coordinator. The CMC is responsible for ensuring the USAO can timely and effectively respond to a critical incident.
      1. Before a Critical Incident
        1. The CMC is generally responsible for the preparation and implementation of the USAO's CIRP, including the establishment of a CIRT to provide the appropriate legal response to a critical incident and to have the procedures, communication protocols, and other logistical support in place to aid that response. The CMC also serves as an adviser to the U.S. Attorney on critical incident response;
        2. The CMC will coordinate at least one exercise of the CIRP annually. The USAO, the CMC, and the FBI CMC will jointly plan the exercise, involving other stakeholders as necessary. All members of the CIRT identified in the plan should participate in the exercise. The exercise may combine aspects of the CIRP with other USAO elements of the DEPLAN as part of the same exercise. The CMC will send a copy of the exercise after-action review to the EOUSA Emergency Watch Center, usaeo.emergency@usdoj.gov; and
        3. The CMC will review the CIRP annually, make necessary revisions, and ensure EOUSA has an up-to-date copy of the USAO’s CIRP.
      2. During a critical incident, the CMC will play one of two possible roles if the CMC and National Security/ATAC Coordinator are not the same AUSA:
        1. if a critical incident is not believed to be a terrorist attack, the CMC shall lead coordination of the USAO’s critical incident response. Coordination includes advising federal, state, and local partners in all phases of the investigation, including the collection and preservation of evidence, to increase the probability of successful prosecutions. The CMC or another AUSA on behalf of the USAO must also provide legal advice to on-scene commanders and assist in obtaining all necessary legal process to support an investigation; or
        2. if a critical incident is a possible or known terrorist attack, the CMC shall assist the USAO’s National Security/ATAC Coordinator as appropriate.
    3. National Security/ATAC Coordinator.
      1. Before a critical incident, the National Security/ATAC Coordinator shall assist the CMC (if not the same person) as the CMC prepares and implements the USAO’s CIRP. Specifically, the National Security/ATAC Coordinator must advise the CMC of the national security needs of the district and its partners. To that end, the National Security/ATAC Coordinator shall:
        1. ensure that attorneys regularly update the United States Attorney and senior managers on national security-related developments; and
        2. notify and regularly update NSD through the CTS Regional Coordinator or other designated CTS attorney.
      2. During a critical incident, the National Security/ATAC Coordinator will play one of two possible roles if the CMC and National Security/ATAC Coordinator are not the same AUSA:
        1. if a critical incident is a possible terrorist attack, the USAO’s National Security/ATAC Coordinator shall lead coordination of the district’s response. Coordination includes providing legal advice to on-scene commanders and assisting in obtaining all necessary legal process to support an investigation; working with federal, state, and local partners in all phases of the investigation, including the collection and preservation of evidence, and if applicable, proposed disruption scenarios; or
        2. if, or at such time as, a critical incident has been determined not to be a terrorist attack, the National Security/ATAC Coordinator shall assist the CMC as appropriate.
    4. EOUSA.  
      As part of its overall responsibilities to support the U.S. Attorneys’ offices, EOUSA exercises oversight responsibility for the administrative, logistical, and program management aspects of the critical incident response program generally. This includes providing and periodically updating a template CIRP to assist USAOs in the drafting and updating of CIRPs.
    5. NSD.
      1. Before a critical incident, NSD shall:
        1. provide training to National Security/ATAC Coordinators and other national security prosecutors about known or potential acts of terrorism;
        2. assist and participate in exercises that involve responding to a threat or act of terrorism; and
        3. provide EOUSA guidance as necessary in EOUSA’s periodic updating of the CIRP template.
      2. During a critical incident that is a possible terrorist attack, NSD shall, in consultation with the U.S. Attorney:
        1. assess the USAO’s needs for an NSD attorney or other assistance; and
        2. deploy NSD personnel to the scene of the critical incident to assist the National Security/ATAC Coordinator with leading the response to the critical incident as appropriate.

[Footnote 1] Attorney General Memorandum, U.S. Department of Justice Critical Incident Response Plan, January 11, 1996; May 24, 1996 (Doc. RMS 127735), available from Department of Justice Executive Secretariat.

[added January 2025]