LIC-04-0063, Use of Encryption Software for Electronic Transmission of Safeguards Information
| ML041540346 | |
| Person / Time | |
|---|---|
| Site: | Fort Calhoun  |
| Issue date: | 05/28/2004 |
| From: | Herman J Omaha Public Power District |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation, Office of Nuclear Security and Incident Response |
| References | |
| LIC-04-0063 | |
| Download: ML041540346 (2) | |
Text
Omaha Public Power Distnc 444 South 16th Street Afall Omaha ANE 68102-2247 May 28, 2004 LIC-04-0063 U. S. Nuclear Regulatory Commission Attention: Document Control Desk Washington, DC 20555-0001
References:
- 1.
Docket No. 50-285
- 2.
10 CFR 73.21, Requirements for the protection of safeguards information.
- 3.
NRC Regulatory Issue Summary 2002-15, NRC Approval of Commercial Data Encryption Systems for the Electronic Transmission of Safeguards Information
SUBJECT:
Use of Encryption Software for Electronic Transmission of Safeguards Information Pursuant to the requirements of 10 CFR 73.21(g)(3), the Omaha Public Power District (OPPD) requests approval to process and transmit Safeguards Information (SGI) using PGP Software (Enterprise, Corporate, or Personal) Desktop Version 8.0 or the latest validated version, developed with PGP SDK 3.0.3. National Institute of Standards and Technology Certificate 394 validates compliance of this SDK with FIPS 140-2 requirements.
An information protection system for SGI that meets the requirements of 10 CFR 73.21(b) through (i) has been established and is being maintained. Prior to the first use of encryption software for SGI material, written procedures shall be in place to describe, as a minimum: access controls; where and when encrypted communications can be made; how encryption keys, codes and passwords will be protected from compromise; actions to be taken if the encryption keys, codes or passwords are, or are suspected to have been, compromised (for example, notification of all authorized users); and how the identity and access authorization of the recipient will be verified.
OPPD intends to exchange SGI with the NRC, Nuclear Energy Institute (NEI), and other SGI holders who have received NRC approval to use PGP software.
Alan J. Clark, Manager -
Security and Emergency Planning is responsible for the overall implementation of the SGI encryption program at OPPD. Jean Chamberlain, Manager -
Nuclear Process Computing Services is responsible for collecting, safeguarding, and disseminating the software tools needed for encryption and disseminating the software tools needed for encryption and decryption of SGI.
Emplomnent with Equal Opportunity
U. S. Nuclear Regulatory Commission LIC-04-0063 Page 2 Pursuant to 10 CFR 73.21(g)(3), the transmission of encrypted material to other authorized SGI holders, who have received NRC approval to use PGP software, would be considered a protected telecommunications system. The transmission and dissemination of unencrypted SGI is subject to the provisions of 10 CFR 73.21(g)(1) and (2).
If you have any questions or require additional information, please contact Dr. R. L.
Jaworski at (402) 533-6833.
Sincerely,
(/ 9 fn B. Hernan anager - Nuclear Licensing JBH/TRB/trb c:
Scott Morris, NRC/NISR Lynn Silvious, NRC/NSIR Louis Grosman, NRC/OCIO James Davis, NEI B. S. Mallett, NRC Regional Administrator, Region IV A. B. Wang, NRC Project Manager J. G. Kramer, NRC Senior Resident Inspector