ML20008D804
| ML20008D804 | |
| Person / Time | |
|---|---|
| Issue date: | 09/30/1980 |
| From: | Dwyer P NRC OFFICE OF NUCLEAR MATERIAL SAFETY & SAFEGUARDS (NMSS) |
| To: | |
| References | |
| NUREG-0721, NUREG-721, NUDOCS 8010230006 | |
| Download: ML20008D804 (78) | |
Text
___
NUREG-0721 Acceptance Criteria for the Physical Protection Upgrade Rule Requirements for Fixed Sites Manuscript Completed: September 1980 Date Published: September 1980 P. Dwyer Division of Safeguards Office of. Nuclear Material Safety and Safeguards U.S. Nuclear Regulatory Commission Washington, D.C. 20555
,f.
.w, s...../
D%MM% G
ABSTRACT This document has been developed as a tool to assist in providing consistent evaluation of upgraded physical security plans submitted in response to the Physical Protection Upgrade Rule, effective fiarch 25, 1980.
It presents a means for assuring licensee compliance with every regulatory requirement of particular significance to the protection of the public health and safety. Acceptance criteria are included to determine the extent to which each licensee meets the regulatory requirements.
The format parallels Regulatory Guide 5.52,
" Standard Format and Content of a Licensee Physical Protection Plan for Strategic Special fluclear Material at Fixed Sites (Other Than Nuclear Power Plants)".
l t
111
TABLE OF CONTENTS i
.Page ABSTRACT..........................................................jii AC KN OWL E DG EM EN T................................................... x i i i INTRODUCTION...............................
1 GENERAL ISSUES 1.
Ove rv f ew o f Si te an d Fa ci l i ty............................. 5 2.
Design Basis Threat.......................................
5 3.
Local Law Enforcement Agency Commi tments..................
5 4.
Contingency Plans.........................................
6 5.
Guard Force Quali fication and Training.................... 6 6.
S e c u r i ty Ma n a g eme n t....................................... 6 7.
Qual i ty As s urance P rog rams................................
7 8.
Tes ti n g and Ins pec tion....................................
7 9.
Maintenance Programs......................................
8
- 10. S e c u r i ty A u d i t s........................................... 9 11.
S e c u r i ty Re c o r d s..........................................
9 12.
Reports to NRC............................................
10 13.
S chedu l e for Impl emen ta t i on...............................
10 14.
Redundancy and Diversity..................................
10 15.
Physical Protection Sys tem Integri ty......................
11 16.
Physical Protection System Power Sources..................
11
- 17. Alarm Stations............................................
12 SPECIFIC SYSTEM PERFORMANCE 18.
Prevent Unauthorized Access of Persons and Materials Into Material Access Areas and Vital Areas..............
15 18.1 Entry Control Through Material Access Area and Vi tal Area Entry Portals......................
15 18.2 Entry Through Remainder of Material Access Area and Vi tal Area Boundary......................
21 v
. ~.. -
TABLE OF CONTENTS (ContinueQ Page 19.
Permit Only Authorized Activities and Conditions Within Protected Areas, Material Access Areas, a n d V i t a l A re a s........................................ 2 3 19.1 Permit Only Authorized Activities and Condi tions Wi thin Protected Areas................ 23 19.2 Permit Only Authorized Activities _ and Conditions Within Material Access Areas an d Vi tal A reas............................. 25
- 20. _ Permit Only Authorized Placement and Movement i
of SSNM Wi thin Material Access Areas.................... 27 20.1 Establishment of Authorized Placement and Movemen t of SSNM............................. 27 20.2 Establishment of ' Current Knowledge of SSNM......... 27 20.3 Prevention of Unauthorized Placement and Movemen t o f S SN M................................. 28 21.
Permit-Removal of Only Authorized and Confirmed Forms and Amounts of SSNM From Material Access Areas..................................................
33 21.1 Control of SSNM Removal Through Material
' Access Area' Portals..............................
33 21.2. Removal of SSNM Through Remainder of Boundary...... 40 22.
Provide for Authorized Access and Assure Detection of and Response to Unauthorized Penetration of Protected Areas........................................
43 22.1 Entry Control Through Protected Area Entry Portals..........................................
43 22.2 Entry Control Through Remainder of Protected
~ A re a B a r ri e r..................................... 4 8 23.
Response.................................................
51 2 3.1. C ommun i ca t i on s.....................................
51 23.2 E f fe c t i ve Res pon s e.................................
52 SPECIFIC COMPONENT PERFORMANCE-vi'
TABLE OF CONTENTS (Continued)
Page
- 1. Admittance Authorization Criteria and Schedules.............. 57
- 2. Admittance Authorization and Verification Procedures......... 57
- 3. Ai r a nd Ut il i ty Inl et Ba rriers............................... 57
- 4. Annunciation 3ystems.........................................
57
- Computer-Assisted
- Individual Alarm
- Multiplexed Alarm 5. A re a Zo n i n g.................................................. 5 7
- 6. Balanced Magnetic Switches...................................
57
- 7. Breakwire Systems............................................
58
- 8. Bu r i e d L i n e Sen so rs.......................................... 58
- Seismic
- Magnetic
- Geophone String
- Piezoelectric String
- 9. Ca pa c i ta n c e Al a rms.........................................
58
- 10. CCTV Moni to rin g/Survei l l ance................................ 58
- 11. CCTV Systems................................................
58
- 12. Central and Secondary Alarm Stations........................
59 l
- 13. Close-out Inspection by Third Party.........................
59 l
- 14. Coded Credential System.....................................
59
' - Active Electronic Badge Reader
- Capacitance-Code Badge Reader
- Electric Circuit Badge Reader
- Magnetic-Code Badge Reader
- Magnetic-Strip Badge Reader
- Metallic-Strip Badge Reader
- Optical-Code Badge Reader
- Passive Electric Badge Reader
- 15. Commercial Telephone System.................................
60 vii
i l-r i
l TABLE OF CONTENTS (Continued)
Page
]
l
. 16. Contingency Plans and Procedures.........................
60 i
- 17. Controlled Security Lighting.............................
60-1
- 18. Data Link via Radio Frequency.............................
60 i
1
- 19. Di rect Li ne Telephone / Intercom............................ 60
- 20. Di rect Moni tori ng/ Surveil l ance...........................
61
- 21. Doors and Associated Hardware............................
61 i
l 2 2. Du re s s Al a rms............................................
61 t
- 23. E-Field Fence............................................
61 i
l
- 24. Electret Sensor and Tilt Switch Fence Systems............
61
- 25. Emergency Access Procedures..............................
62 2 6. Eme rg e n cy Ba tte ry Sys tem.................................
62
- 27. Emergency Evacua tion Procedures........................... 62
- 28. Emergency Exits..........................................
62
- 29. Emcrgency Generator Systems..............................
62
- 30. Equipment Checks and Maintenance.........................
63
~31. E s c o r t s.................................................. 6 3
- 32. Explosive Detector - Hand Held, Package Search........... 63
- 33. Explosive Detector - Hand Held, Personnel Search.........
64
- 34. Explosive Detector - Hand Held, Vehicle Search........... 64
- 35. - Expl os i ve Detector, Vol ume............................... 64
-36. Explosive Detector' - Wal k ' Through........................ 64 i
- 37. Fence Systems............................................
64 l
t viii-
TABLE OF CONTENTS (Continued)
Page
- 38. Fl oo rs, Roo fs, and Wal 1 s.............................. 65
- 39. Functi onal Zoni ng..................................... 65
- 40. Gates and Associated Hardware.........................
65
- 41. Guard Force Personal Equipment........................ 65
- 42. Guard Force Qual i fication............................. 66
- 43. Guard Patrol s and Intervention........................ 66
- 44. Guard Post Assignments................................
66
- 45. Ha rdwi re V i deo Sys tems................................ 66
- 46. Infrared Beam Sys teas, Exterior....................... 66
- 47. Interface Between Alarm Stations and Sensors.......... 67
- Individual Hardwire Alarms
- Multiplexed Hardwire Alarms
- Hardwire Command Signals
- 48. Isolation Zones..<....................................
67
- 49. K-9s, Used for Package or Vehicle Search.............. 67
- 50. Local Audible or Visible Alarms....................... 68 51 Locks (Keyed, Keyless)................................ 68
- 52. Ma nual Al a rm Reco rdi ng................................ 68
- 53. Mas ter ( Fi xed )- Ra di o................................. 68
- 54. Microwave Systems, Exterior..............
............ 69
- 55. Mobile Radio.......................................... 69
- 56. Motion Detectors...................................... 69
- Interior Infrared Beam Systems
- Interior Microwave Systems
- Ultrasonic and Sonic Systems t
l 5 7. Mul t i -Ma n Ru l e........................................ 70 i
ix l
t I
l i
l l
l TA3LE OF CONTENTS (Continued)
Page
- 58. Night Vision Devices......................................
70
- 59. Pat-Down Search...........................................
70 1
- 60. Personal Identi fication Numbers and Passwords............. 70 t
i l
- 61. Photo Identification Badges...............................
70 i
i
- 62. Physical Controls and Procedures for Keys, Locks, l
Combi nations, and Ci pher Sys tems.......................... 71 l
- 63. Portable Radio............
............................... 71
- 64. Posi ti ve Personnel Identi ty Veri fi cation.................. 71
- Fingerprints j
- Handwriti'ng
- Hand Geometry 1
l
- Voice Prints
- 65. Response Vehicles........................................ 71 l
- 66. Sally Ports, Pedestrian...................................
72 l
- 67. Sally Ports, Vehicle...........
72 i
i l
- 68. Shielding Detectors.......................................
72 l
- Volume 1
I l
l l
- 69. Shielding Detectors i
Walk-Through.......................................
72 i
i
- 70. SNM Containers...........................................
73
- 71. SNM Detectors........................................
... 73
- Hand-Held, Package Search
- 72. S N M De te c to rs............................................. 7 3
- Hand-Held, Personnel Search
- 73. SNM Detectors.............................................
73
- Volume
- 74. SNM Detectors....................
........................ 73
- Walk-Through-i x
w
+ -
TABLE OF CONTENTS (Continued)
Page 7a.
SNM Hol ding / Storage Areas............................... 74 76.
SNM Identi fication/ Authorization Procedures.............. 74
- 77. SNM Liquid and Solid Waste Handling Procedures........... 74
- 78. _ S N M S c ra p Re mo va l P ro c e du re s............................. 75 79.
SNii Shipping and Receiving Procedures.................... 75 80.
Tampe r-Indi cating Ci rcui t ry.............................. 76 81.
Tamper-Indicating Seals and Tamper-Seal Inspection....... 76
- 82. Team Zoning.............................................. 76
- Two-Man Rule (see #57, Multi-Man Rule) 83.
Uninterrupti bl e Power Sys tems............................ 76 84.
V a u l t s.................................................... 7 7 85.
V i b ra ti o n S e n s o r 3........................................ 7 7 86.
Vi sual Ins pection, Package Search........................ 77 87.
Visual Inspection, Vehicle Search........................
77 88.
Weapons..................................................
77
- Handgun
- Semiautomatic
- Shotgun 89.
Weapons Detector.........................................
78
- Hand-Held, Package and Personnel Search
- 90. - Weapons Detector.........................................
78..
- Volume I
- 91. We a pon s De tec tor.........................................
78
- Walk-Through 92.
Windows and Associated Hardware..........................
78 i
93.
X-Ray Package and Container Search.......................
78 xi
4 ACKNOWLEDGEMENT This is to acknowledge the contribution Dr. Lance Lessler has made in the development of this NUREG. His involvement in the formulative stages of document development led to refinement of the format and substance of the NUREG.
Further acknowledgement is given to Mr. C. K. Nulsen, Section Leader, Fuel Cycle and Theft Section, Regulatory Improvements Branch, and Mr. L. J. Evans, Jr., Chief, Regulatory Improvements Branch, for their time contributed in reviewing the document and formulating constructive comments.
xiii
4 4
1 INTRODUCTION
. BACKGROUND l
173.20(e)(1) of the Physical Protection Upgrade Rule requires licensees subject to the provisions of the rule to submit revised fixed site safeguards physical protection plans within 150 days after the effective date of the rule, (March-25,1980).
A large' body of guidance material has been developed which details methods of meeting and implementing the " Upgrade Rule" requirements.
This guidance material has been collectively published as NUREG 0669, the
" Fixed Site Physical Protection Upgrade Rule Guidance Compendium".
NUREG 0721 has been developed b aid the Nuclear Regulatory Commission evaluation process of revised plans in a manner consistent with the regulatory policy developed in i
the guidance and to assure licensee compliance with every regulatory requirement of particular significance to the protection of the public health and safety.
The acceptance criteria in this document is presented in the same order as the 4
information in a licensee's security plan.
The criteria are a condensation of NRC policy as stated in the rule itself and the regulatory guides, NUREG's, and Licensee Safeguards Guidance Group Bulletins which comprise NUREG 0669.
Use of this document will:
1) facilitate evaluation of a licensee's revised plan by a) presenting concise " bullets" of information on regulatory policy l
pertaining to each chapter of a licensee's plan and b) leading an evaluator to more specific applicable documentation if required and
- 2) assist in providing a consistent, non-biased evaluation of security plans to assure that key regulatory requirements are satisfied.
USE OF THIS DOCUMENT This document is divided into three parts:
I) General Issues, II) Specific System Performance, and III) Component Specific Performance.
Part I is divided into seventeen chapters which parallel the first seventeen chapters of a licensee's security plan.
Each chapter contains general-acceptance criteria, in a " bullet" format, for meeting the provisions of the Upgrade Rule.
The licensee must meet the acceptance criteria which apply to the particular physical protection systems and subsystems he has chosen to use in order to provide an acceptable physical security system.
Part II is divided into six chapters, paralleling Chapters 18-23 of a -licensee's security plan.
This part presents specific system performance levels and, hence, is more detailed than Part I.
Each chapter is divided into major sub-headings.
Following each sub-heading is a~ reference to the applicable part of a licensee's plan, (e.g., PROCEDURES AND CONTROLS FOR l
INiRODUCTION OF VEHICLES - (SFC 18.1.2.3), refers to Section 18.1.2.3 of a L
licensee's plan or Section 18.1.2.3 of the Standard Format and Content Guide -
R.G. 5.52.)
Under each major sub-heading are listed:
- 1) the intended purpose l
of the system with respect to the overall security' plan, 2) the safeguards components or. procedures which may be used to meet the system's designated pur-pose, 3) the" regulatory reference upon which the ' system requirement is based,
2 l
and 4) general acceptance criteria for the performance of the system which, if utilized by a licensee, must be met to provide an acceptable physical security system.
Part III contains component specific performance information for each safeguards component or procedure identified under a system.
The components are listed in alphabetical order. The information listed under each component should be interpreted as guidelines for judging the performance level of a specific component or procedure based upon regulatory policy and standard security practice.
l
i i
{
3 s
I 1
1 t
1 1
f t
1 1
l' PART I i
.]
GENERAL ISSUES 2
1 o
B 1
t T
l a
4 t
P r
t I'
I J
e e
i 1
U
.x b'
i 1
e t'
l T
y g-+.c
-7w-
.g+---
.-p-pi jew, y.
gg.wg waweawe 4..my
..y.-
,g9 p3,u,
-y,,.-
r,m.,p
5 1.0 - Overview of Site and Facility The licensee must:
provide a map showing the general facility layout, outstanding topography features, e
and location of local law enforcement agencies which will respond in the event of an emergency, locate vital areas and material access areas within protected areas and separated e
by two physical barriers from offsite and one from within the protected area.
e provide a physical barrier at the perimeter of the protected area which is separated from physical barriers to VA's and MAA's.
maintain isolation zones in outdoor areas adjacent to the physical barrier e
at the perimeter to the PA.
e locate parking facilities outside of the isolation zone and exterior to the PA.
e locate the CAS within a building so that its interior is not visible from the perimeter of the PA.
s provide emergency exits which exit into controlled access areas.
2.0 - Design Easis Threat The licensee must:
e affirm the intent to prevent with high assurance the theft of special nuclear material and to protect against radiological sabotage by the threat defined in s 73.1.
e support the above affirmation with a written physical security plan which meets the capability statements of 6 73.20 and B 77,15.
3.0 - Local Law Enforcement Commitments The licensee must:
o establish and document response arrangements made with local law enforcement authorities.
be capable of informing LLEA of a threat and requesting assistance if required.
e e
determine LLEA capabilities, including response time of off-site forces, and use this as a factor in determining required on-site response.
6 4.0 - Contingency Plans The licensee must:
affirm the txistence of a predetermined plan to respond to safeguards contingency e
- events, meet the criteria presented in Appendix C,10 CFR 73 with regards to contingency e
plans.
e include as part of an approved contingency plan submitted in accordance with Appendix C,10 CFR 73:
(a) documented response arrangements with local law enforcement agencies (b) affirmation that a minimum of five guards will be available for asse;sment and response (c) documentation on how a threat will be assessed to determine whether a real threat exists and the extent of the threat upon detection of abnormal pre-sence or activity of persons or vehicles within an isolation zone, pA, MAA, or VA or upon evidence or ind' cation of intrusion into the PA, MAA, or VA.
l (d) documentation that all guards will be instructed in the use of force against the design basis threat (173.20).
5.0 - Guard Force Qualification and Training l
The licensee must:
affirm the existence of a security organization composed of trained and quali-e fied personnel for the purpose of rapidly and effectively responding to safe-guards contingencies and emergencies.
prohibit an individual from acting as a guard, watchman, armed response person, e
or other member of the security organization unless the individual has been trained, equipped and qualified to perform each assigned security job duty in accordance with an approved Guard Force Training and Qualification Plan submitted l
in accordance with Appendix B, 10 CFR 73.
e affirm the capability of carrying out the assigned security job / duty in accordance with Appendix B, 10 CFR 73 at NRC request.
e requalify, in accordance with Appendix B,10 CFR, security organization members at least every 12 months and document the requalification.
6.0 - Security Management The licensee must:
affirm the establishment of a security organization and management system to e
provide trained and qualified personnel to carry out assigned duties and responsibilities.
7 e have on duty at all times at least one full time member of the security manage-ment organization with authority to direct the physical protection activities of the security organization.
e provide a managenent system to assure development, revision, implementa-tion and enforcement of security procedures.
This system should include v ritten documentation of security organization structure and detailing duties of security organization members.
e affirm that security management is not involved in the yearly review of the security program.
Results of the review should be documented and reported to the licensee's plant management at least o' e level higher than that having day-to-day plant operations responsibility.
7.0 - Quality Assurance Programs The licensee must:
e affirm the existence of a quality control program to assure that components and procedures used in implementing the Upgrade Rule conform with U.S. NRC regulatory position.
Such a program should generally include an individual designated as compliance officer or equivalent.
8.0 - Testing and Inspection 8.1 - Testing and Inspection During Installation The licensee must:
e affirm the existence of a testing and maintenance program during installation for intrusion alarms, emergency exit alarms, communications equipment, physical barriers and other physical protection related devices and equipment, e affirm the use of testing and inspections during the installation and construction of physical protection related subsystems and components to assure that they comply with their respective design criteria and performance specifications.
8.2 - Pre-Operational Tests and Inspections The licensee must:
e in addition to the provisions of 8.1, provide for preoperational tests and inspections of physical protection related subsystems and components to demonstrate their effectiveness and availability with respect to their respective design criteria and performance specifications.
8 8.3 - Operational Tests and Inspections l
The licensee must:
e in addition to the provisions of 8.1 and 8.2, provide for operational tests and inspections of physical protection related subsystems and components to assure their maintenance in an operable and effective condition including:
(a) testing of each intrusion alarm at the beginning and end of any period that it is used.
If the period of continuous use is longer than seven days, the intrusion alarm should be tested at least once every seven
- days, i
(b) testing of communications equipment required for communications on-site, including duress alarms for performance not less frequently than once at the beginning of each security personnel work shift.
Comunications equipment required for communications off-site should be tested for performance not less than once a day.
9.0 - Maintenance Programs The licensee must:
e establish and maintain, or arrange for a physical protection system that includes a testing and maintenance program of all devices affecting the effectiveness, reliability, and availability of the physical protection system including a demonstration that any defects of such activities and devices will be promptly detected and corrected for the total period of time they are required as part of the physical protection system.
l I
e establish a preventive maintenance program for physical protection related subsystems and components to assure their continued maintenance in an operable and effective condition.
1 e develop and employ corrective action procedures and compensatory measures to assure that the effectiveness of the physical protection system is not reduced by failure or other contingencies-affecting the operation of the security-related equipment or structures.
e ensure that repairs and maintenance are performed by at least two individuals working as a team who have been trained in the operation and performance of the equipment. The security organization should be notified before and after service is performed and should conduct performance verification tests after the service has been completed.
e conduct audits of the maintenance program at least every 12 months by individu-als independent of security management and security supervision.
~___
i i
9 4
10.0 - Tacurity Audits 1
4 The licensee must:
e review the security program at least every 12 months by individuals independent of both security management and security supervision, e include as part of the review, a review and audit of security procedures and practices, evaluation of the effectiveness of the physical protection system, i
audit of the physical protection system testing and maintenance program, and an audit of the commitment established for response by local law enforcement authorities.
e document, and report to the licensee's plant management and to corporate managenent at least one level higher than that having responsibility for the day-to-day plant operations, the results of the review, audit, and evaluation along with recommendations, corrections and improvements, it any.
o keep reports available at the plant for inspection for a period of five years.
I 11.0 - Security Records I
The licensee must:
e maintain records in accordance with 173.70 which should include:
(a) names and addresses of all authorized individuals.
(b) names, addresses, and badge numbers of all individuals authorized to have access to vital equipment or SNM and the VA's and MAA's to which 4
j access is granted.
(c) register of visitors, vendors, and other individuals not employed pur-suant to 573.50(c)(5) and 573.55(d)(6).
(d) log name, badge number, time and reason for entry, time of-exit, for individuals granted access to normally unoccupied vital areas.
(e) documentation of all routine ' security tours and inspections and main-tenance performed on physical barriers, intrusion alarms, communication equipment and other security related equipment.
(f) a record of each on-site alarm annunciation, location of each alarm, false alarms, alarr checks and tamper indications that identifies the type of alarm, location, alarm circuit, date, and time.
In addition, details of response by facility guards and watchmen to each alarm intrusion or other security incident should be recorded.
i
(
10 12.0 - Reports to the NRC i
l The licensee must:
i e report safeguards events to the NRC in accordance with Regulatory Guide j
901-4 (Division 5) Reporting of Physical Security Events.
e establish procedures for furnishing to the NRC reports of changes made 4
in the licensee's physical protection plan.
2 13.0 - Schedule for Implementation I
The licensee must:
e within 150 days after the effective date of the Upgrade Rule,(March 25,1980),
submit a revise 6 fixed site safeguards physical protection plan and, if i
appropriate, a revised safeguards transportation protection plan describing i
how the licensee will comply with the requirements of 573.20(a).
1 e within 360 days after the effective date of the Upgrade Rule (March 25,1980) or 90 days after security plan approval, whichever is later, implement the i
approved plan except for activities specifically identified by the licensee which involve new construction, significant physical modification of existing structures or major equipment installation, for which 540 days after the Upgrade Rule effective date or 180 days after the plan is approved whichever
{
is later, will be allowed.
14.0 - Redundancy and Diversity 4
i I.
The licensee must:
i
)
e establish and maintain or arrange for a physical protection system that is designed with sufficient redundancy and diversity to assure maintenance of 4
j the capabilities described in 573.45.
e assure that a single adversary action cannot destroy the capability of the j
security organization to notify off-site response forces of the need for assistance.
e prohibit, within any given period of time, a member of the security organiza-tion from being assigned to or having direct operational control over more 1
than one of the redundant elements of a physical protection subsystem if
.such assignment or control could result in the loss of effectiveness of the subsystem.
For CAS/SAS operators there should be at least one full shift i
(eight hours). intervening between the rotation of one operator between the CAS and the SAS.
11 e perform at least two separate searches for concealed SSNM on each individual exiting a material access area.
For individuals exiting an area that con-tains only alloyed or encapsulated SSNM, the second search may be conducted in a random manner, e annunciate all alarms required pursuant to 573.4.'e) in both a continuously manned central alarm station and at least one other independer.* continuously manned onsite station so that a single act cannot remove the capability of calling for assistance or responding to an alarm.
e maintain all alarms required pursuant to s73.46(e) operable from independent power sources in the event of loss of normal power.
e locate VA's and MAA's within PA's so that access to viiil equipment and to strategic special nuclear material requires passage through at least two physical barriers.
e monitor by CCTV in both the CAS and SAS, vaults and process areas that contain SSNM that has not been alloyed or encapsulated.
Additional means should be employed which require that an individual other than an alarm station operator be present at or have knowledge of access to such unoccupied vaults or process areas.
l 15.0 - Security System Integrity The licensee must:
1 e affinq that all alarm devices including transmission lines to annunciators shall be tamper indicatir.g 60d self-checking, e.g., an automatic indication shall be provided wher, a failure of the alarm system or a component occurs, when there it an citempt to compromise the system or when the system is on standby power.
(Note: See NUREG/CR
" Design Concepts for Independent Central Alarm Station and Secondary Alarm Station Intrusion Detection Systems for Fixed-Site Nuclear Facilities" for further information on supervisory circuitry).
16.0 - Physical Protection System Power Sources The licensee must:
provide independent power sources for ali alarms described in 173.46(e) to e
maintain operation 'n the event of lor,s of normal power.
e provide independent power sources for non-portable ccmmunications equipment controlled by the licensee to maintain operation in the event of loss of normal power.
12 e affirm that switchover to standby power for alarm systems is automatic and does not cause false alarms on annunciator modules.
(flote: See flVREG/CR-0509, "Emer Systems" for additional details)gency Power Supplies for Physical Security i
j 17.0 - Alarm Stations The licensee must:
e provide a continuously manned central alarm station located within the pro-tected area and at least one other continuously manned on-site station necessarily within the protected area so that a single act cannot remove the capability of calling for assistarae or responding to an alarm.
annunciate all alarms required pursuant to 173.46(e) in both the CAS and e
the SAS.
e designate and maintain the alarm stations as controlled access areas, e provide bullet-resisting walls, doors, ceilings, floors, and windows for alarm stations equivalent to a UL level IV rating.
lomte the CAS within a building so that its interior is not visible from e
the perimeter of the protected area.
l e prohibit operational activities within the CAS which might interfere with the execution of an alarm response function.
This would include prohibiting night telephone switchocards and facility paging systems.
(flote: See fiUREG/CR-0543, " Central Alarm Station and Secondary Alarm Station Planning Document" for detailed information).
l l
l
A ea 13 l
h PART II SPECIFIC SYSTEM PERFORMANCE i
i i
f i
f t
1 4
8 s
i i
i y
&-%mp-+9 g
y- - - + - -
m -,-
y y
4 A " ' "
A'7' ' '
M'-'*
9"l*P" T'P
P-**"-'PTC*'T
'-T T
F 1
- ' " - *"--1't'""r 4T' 5 T-F-'*e
15 18.0 PREVENT UNAUTHORIZED ACCESS OF PERSONS AND MATERIALS INTO MATERIAL
_ ACCESS AREAS AND VITAL AREAS 1
ENTRY CONTROL THROUGH MAA AND VA ENTRY PORTALS - (SFC 18.1)
Entry Authorization Procedures - (SFC 18.1.1)
Purpose:
To establish standards to be used in granting admittance authorization for personnel, vehicles, and material into MAAs and VAs.
Entry authorization procedures and controls are the mechanism for defining who and what will be permitted into MAAs and VAs.
Components:
Admittance Authorization Criteria and Schedules.
Rule Ref:
973.45(b)(2)(i),S73.46(d)(9)
General Acceptance Criteria The licensee must:
e provide entry authorization procedures for all types of entry I
situations encountered at the facility.
e ensure that development of procedures are under the control of i
and limited to upper level management or security management.
i e
prohibit one individual from being able to procedurally alter the subsystem without approval from upper level management.
j' e-maintain admittance authorization procedures in writing and I
stored in a controlled environment.
PROCEDURES AND CONTROLS TO PREVENT UNAUTHORIZE* ACCESS BY DECEIT FOR PERSONNEL ENTRY THROUGH MAA AND VA ENTRY PORTALS (SFC 18.1.2.1)
Identification and Authorization Verification - (SFC 18.1.2.lA)
Purpose:
Identification and authorization verification ensures that only authorized personnel are allowed access to MAAs or VAs and that unauthorized access by deceit is prevented.
Components:
Coded Credential Systems, Personal ID Numbers / Passwords, Photo ID Badges, Admittance Authorization /Vecification Procedures.
Rule Ref:
973.45(b)(2)(ii), 673.46(d)(9)
[
General Acceptance Criteria The-licensee must:
e establish a unique correspondence between specific attributes or knowledge possessed by individuals desiring entry and pre-established attributes, or knowledge possessed by individuals approved for entry.
Such attributes or knowledge may include facial appearance, fingerprint, voiceprint,. personal ID numbers or passwords, coded credentials, etc., or any combination thereof.
l
l 16 I
l l
l e
update authorizations within 24 hrs of notification of a lost or stolen credential, or upon change of personnel employment or status.
e ensure that the probability that two individuals possess the same set of identifying attributes is vanishingly low.
e verify the presence and location of nersonnel desiring entrance l
against pre-established time schedules.
e ensure that credentials are difficult to compromise.
This includes consideration of ease of reproduction of authorization, l
credentials or attributes and control of pre-established attributes i
used in the identification / verification process.
I e
provide procedures which detect unauthorized deceitful attempts at entry with a probability of detection of at least 90% with a 95% confidence level.
False rejection rate should be no greater than 5%.
e provide a comparable backup means of identification or authoriza-tion verification in the event the primary system fails.
l e
limit access to stored authorizations and personnel identification j
attributes to a small number of security personnel or upper level management on a need to know basis.
e prohibit one individual from implementing records changes.
l e
ensure that the two-man rule concept is employed within all MAA's at all times.
e provide an indication to security personnel upon loss of power or automatic switchover to emergency nm;e if applicable.
e be capable of operating effectively under the following environ-mental conditions:
(1) All weather conditions prevelent to the operating area of the subsystem to include temperature extremes possible upon loss of heating or cooling systems.
(2) All lighting levels which may be encountered and may impact comparison of photographic or video images.
(3) Accoustic disturbances.
(4) Vibration.
(5) Accumulation of debris or films on card readers or optical equipment.
(6) Moisture.
(7) Electromagnetic interference.
Escort Procedures - (SFC 18.1.2.1.8)
I
Purpose:
Escort proc.:aures provide a means of allowing MAA/VA access to i idividuals not normally granted access to those areas while maintaining control over the individual.
l Rule Ref:
973.45(b)(2)(fi),$73.46(d)(9)
General Acceptance Criteria The licensee must:
e escort non-employees requiring occasional access by either a member of the security organization or a licensee employee who has current authorization to enter the MAA/VA.
17 e
limit unescorted access to individuals who are authorized l
access to the material and equipment -in MAA's and VA's and who require access to perform their duties.
l e
for individuals not employed by the licensee but requiring l
frequent and extended unescorted MAA/VA acu,,s, provide such j
individuals with picture badges at entrance to the facility PA which indicate:
(1) non-employee, no escort required l
(2) areas for which access is authorized (3) period of which access is authorized l
e assign escorts on a random basis.
l l
e provide written training in escort procedures which will ensure that individuals requiring escort will be accompanied by a designated escort at all times, including during times of l
transfer of escort responsibility.
l Interim Response to Detections of Unauthorized Entry Attempts Through l
Deceit -(SFC 18.1.2.1C) l l
Purpose:
Interim response procedures provide for control of deceitful unauthorized entry attempts during the period between detection and assessment of the entry and arrival of l
response force sufficient to counter the threat.
Rule Ref:
E73.45(b)(2)(ii), 973.46(h)(4).
General Acceptance Criteria The licensee must:
e ensure that interim response procedures are part of written j
training procedures received by all members of the guard force, and that all members are well versed in the procedures.
e instruct the guard force in the use of available duress alarms under situations of potential deceitful entry attempts i
sufficiently to insure their proper use during emergency situations.
e detain the individual attempting deceitful entry in a manner which does not indicate detection of unauthorized access.
e isolate the unauthorized individual as much as possible from other personnel in the area to prevent their possible personal injury during subsequent interaction with the individual.
e prohibit entry or exit from the MAA/VA during the interim 7
response period.
18 PROCEDURES AND CONTROLS FOR INTRODUCED MATERIALS - (SFC 18.1.2.2)
Material Authorization / Verification - (SFC 18.1.2. 2A)
Purpose:
Material Authorization / Verification ensures effective control of material presented for introduction into MAA's/VA's and prevents the introduction of unauthorized material through deceit.
Components:
.\\dmittance Authorization Criteria and Schedules, Admittance Aethorization/ Verification Procedures, Explosive Detectors, Weepon Detectors, Visual Inspection, X-Ray Package / Container Search Rule Ref.
973.45(b)(2)(i), (ii), 673.46(d)(9)
General Acceptalice Criteria The licensee must:
verify the identity of all material entering the MAA/VA and check e
its authorization against pre-established schedules.
9 develop written admittance authorization criteria which detail types of material which may be authorized access and types of material which are prohibited in MAA's/VA's.
search packages prior to entry into an MAA for firearms, explosives, e
i cendiary devices and all other prohibited materials through the a
use of direct observations, firearms and metal detectors, explosive detectors or X-ray equipment.
e detect firearms with at least an 85% effective detection rate.
(See R.G. 5.7, Entry / Exit Control to PA's, VA's, and MAA's 4 or further details.)
detect dynamite, TNT, and similar nitrogen containing compounds in a e
minimum amount of 200 gms and non-ferrous metal with at least a 90%
effective detection rate.
(See R.G. 5.7, Entry / Exit Control to PA's, VA's, and MAA's for further details. )
prohibit any item or material determined to be of questionable e
nature by search personnel into the MAA/VA until responsible security personnel are satisfied that the material is not of a questionable nature.
be capable of operating effectively under the environmental conditions e
as stated in 18.1.2.1.
provide that annunciation by detection equipment is both aural and e
visual with an aural intensity at least 15dB above ambient noise levels me.csured 10 ft. from the alarm.
conduct detection rate testing for equipment quarterly (approximately e
every 90 days) to determine compliance with performance criterion.
(See R.G. 5.7, " Entry / Exit Control to PA's VA's, and MAA's" for additional information.)
conduct operational testing for equipment daily, preferably at the e
beginning of each shift to determine detector operation.
(See R.G. 5.7, " Entry / Exit Control to PA's, VA's and MAA's" for additional information.)
insure that individuals involved in inspections or searches receive e
written training in these procedures (to ir.clude established action
19 to be taken by guara.: when suspect contraband is detected and insure that performance leve's specified in NUREG 0464, " Site Security Personnel Training Marual" are met.
Interim Response to Deteccions Unauthorized Material Introduction By Deceit - (SFC 18.1.2.2B)
Refer to 18.1.2.1C fo interim response criteria.
PROCEDURES AND CONTROLS OR INTRODUCTION OF VEHICLES - (SFC 18.1.2.3)
Authorization / Verification for Vehicles - (SFC 18.1.2.3A)
Purpose:
Authorization / Verification for vehicles ensures effective control of vehicles requiring entry into MAA's/VA's and prevents the introduction, through deceit, of unauthorized material located on the vehicle.
Component:
Admittance Authorization Criteria and Schedules, Ad 'tance l
Authorization / Verification Procedures, Visual Inspection, l
Explosive Detector, Use of K-9's - Vehicle Search.
l Rule Ret:
673.45(b)(2)(i), (ii), 973.46(d)9) l General Acceptance Criteria The licensee must:
o ensure that 18.1.2.2 applies except for the following:
prior to entry into an MAA/VA, vehicles are search for firearms, explosives and incendiary devices through the use of visual observation, hand-held explosive devices, or K-9.
BYPASS OF ADMITTANCE PROCEDURES AND CONTROLS BY STEALTH OR FORCE - (SFC 18.1.4)
Barrier System for Portals - (SFC 18.1.4A)
Purpose:
Barrier systems for MAA/VA portals delay unauthorized access to MAA s/VA's through stealth or force to allow arrival of response force capable of countering the threat.
Components:
Pedestrian Sallyports, Doors and Associated Hardware, Emergency Exits, Locks.
General Acceptance Criteria The licensee must:
e provide penetration delay times for portals sufficient to prevent removal of stored SSNM prior to arrival of response l
personnel capable of neutralizing the design basis threat
t 20 I
stated in 10 CFR Part 73.1.
In general, a minimum of five (5) guards must be available at the facility to fulfill assessment and resperme requirements.
e provide portals for vaults containing strategic special nuclear material, other than alloys, fuel elements, or fuel assemblies which are capable of preventing entry to ' stored SSNM by single action in a. forced entry attempt, except as such single action
'would both destroy the portal and render contained SSNM incapable of being removed.
e construct MAA's processing SSNM other than alloys, fuel elements or fuel assemblies with barriers that provide significant delay to penetration.
The barrier should be constructed of a material that resists cutting, drilling, and puncture by small hand tools or tool substitutes.
e ensure that all unoccupied MAA's/VA's are locked and protected by an intrusion alarm subsystem which will alr.rm upon entry or exit of a person anywhere into the area.
(For process MAA's, only the location of SSNM within the area should be so alarmed.)
Detection of Unauthorized Portal Entry Attempts by Stealth or Force -
(SFC 18.1.4B)
Purpose:
This detection capability provides timely detection and assessment of stealthful or forceful unauthorized entry attempts sufficient to permit arrival of response capable of countering the threat.
Components:
Guard Intervention, Balanced Magnetic Switches, CCTV Systems.
Rule Ref:
673.45(b)(O(ii),S73.46(e)(3)
General Acceptance Criteria The licensee must:
e ensure that members of the guard force perform according to l
procedures outlined in NUREG-0464, " Site Sccurity Personnel l
Training Manual" in the event of detection of stealthful or l
forceful penetration attempts.
e
_ instruct entry / exit control point, EECP, operators in the use j
l of available duress alarms under this situation and ensure a level of performance by operators sufficient to effectively operate the alarm.
e tamper safe and provide wit' line supervision equipatnt used for detection or assessment.
e ensure that equipment used for detection or assessment is l
capable of operating effectively under the environmental conditions stated in 18.1.2.1.
e -
for equipment, provide.an indication to security personnel upon loss of power or' automatic switchover to emergency power.
e provide ~a comparable backup means of detection and assessment in the event of primary system failure.
l
l l
21 t
e require that an individual other than an alarm station operator I
be present at or have knowledge of access to unoccupied vaults or process areas containing unencapsulated or unalloyed SSNM.
ENTRY THROUGH REMAINDER OF MAA/VA BOUNDARY - (SFC 18.2)
DETECTION OF UNAUTHORIZED ENTRY THROUGH MAA/VA BOUNDARY THROUGH STEALTH OR FORCE - (SFC 18.2.1)
Intrusion Detection Systems - (SFC 18.2.1)
Purpose:
This detection capability is used to detect attempts at unauthorized entry to MAA's/VA's by stealth or force through the remainder of the boundary (i.e., other than entry / exit control points), in sufficient time to allow arrival of response force capable of countering the threat.
r Components:
Interior Microwave Systems, Ultrasonic and Sonic Motion l
Detectors, Interior Infrared Systems, CCTV Systems, Breakwire Systems, Vibration Sensors, Capacitance Alarms, Guard Patrols, Visual Surveillance.
Rule Ref:
673.45(b)(1)(ii), 673.46(e)(3)
General Acceptance Criteria The licensee must:
o ensure that all unoccupied vital areas and material access areas are protected by an intrusion alarm system which should alarm upon entry of a person anywhere into the area, upon exit from the area, and upon movement of an individual within the area.
For process MAA's only the location of SSNM should be so alarmed.
The term, "anywhere" should be interpreted as meaning that an approach to the area or location from any direction will be detected.
e detect personnel weighing a minimum of 35 kg traveling at a rate between 0.15 and 5 meters per second, whether walking, running, jumping, crawling, or rolling.
e equip all enclosures containing subcomponents of an alarm
?ystem with tamper switches or triggering mechanisms that alarm we,9never the enclosure is opened.
e wire ~ tamper switches when used, so that they can be continuously monitored in-both the access and secure mode.
e mount controls or switches not used in normal daily operation of the alarm system and which affect the sensitivity of the system inside tamper resistant enclosures.
e monitor by CCTV in both the CAS and SAS vaults and process areas containing.SSNM that has not been alloyed or encapsulated.
22 DETER BOUNDARY PENETRATION ATTEMPT BY STEALTH OR FORCE - (SFC 18.2.2 )
Barrier System for MAA/VA boundary (excluding portals) -(SFC 18.2.2 )
Purpose:
Deterrance of MAA/VA boundary penetration attempts provides for MAA and VA boundary barriers that channel persons and material to entry con +ral points and deny unauthorized penetration attempts by persons and material such that detection and response will prevent the penetration.
Components:
Vault, Windows and Associated Fixtures, Walls, Roofs, Floors, Air and Utility Inlet Barriers, Isolation Zones, Guard Intervention.
Rule Ref:
973.45(b)(1)(i), 673.46(c)
General Performance Criteria The licensee must:
require passage through at least two separate physical barriers e
for access to vital equipment and SSNM located in VA's and MAA's.
e construct barriers for process MAA's which contain SSNM other l
than alloys, fuel elements or fuel assemblies such that they provide "significant delay" to insider " pass-through" penetration.
This means that all openings in the MAA barrier, such as areas under doors, thru-fans, ventilation ducts and pipe pass-throughs that lead to an accessible area outside the MAA should be l
completely closed off of specially protected and that toe barrier should be constructed or a material that resists cutting, i
drilling and puncture by small hand tools or tool substitutes.
e ensure.that walls, doors, ceilings, floors, and windows of the CAS and SAS are bullet-resisting.
Bullet-resisting means protection against complete penetration or passage of fragment of projectiles or spalling (fragmentation) of the protective material to the degree that injury would not be caused to a person standing directly behind the bullet resisting barrier.
(For additional guidelines see UL-752, " Bullet-Resisting l
Equipment.")
i l
23 19.0 PERMIT ONLY AUTHORIZED ACTIVITIES AND CONDITIONS WITHIN PROTECTED AREAS, MATERIAL ACCESS AREAS, AND VITAL AREAS PERMIT ONLY AUTHORIZED ACTIVITIES AND CONDITIONS WITHIN THE PROTECTED AREA -
(SFC 19.1)
Establishment of Authcrized Activities / Conditions - (SFC 19.1.1)
Purpose:
The establishment of authorized activities / conditions within the PA enables members of the guard force to identify unauthorized activities / conditions, i.e., activities / conditions which pose a potential threat to safeguarding a facility.
Components:
Area Zoning, Functional Zoning.
Rule Ref:
S73.45(c)(1)(i), (ii), 673.46(d)(1), (3), (4), (6), (7),
(8)
General Acceptance Criteria The licensee must:
o maintain authorized activities / conditions in writing and include as part of a basic training and testing program for management security personnel and all members of the guard force.
e require that these activities / conditions be agreed upon by more than one member of upper level management prior to implementation and require concurrence from more than one member of upper level management prior to any alteration.
e establish authorized activities / conditions for both routine and non-routine situations.
e disseminate authorized activities / conditions to facility' personnel only on a need-to-know basis.
l PREVENTION OF UNAUTHORIZED ACTIVITIES AND CONDITIONS WITHIN THE PROTECTED AREA -
(SFC 19.1.2)
Detect Unauthorized Activities and Conditions -(SFC 19.1.2)
Purpose:
This detection capability contributes to the prevention of unauthorized activities / conditions within the PA through sensing or detecting of unauthorized activities / conditions and subsequent assessment and appropriate response.
Components:
Tamper-Indicating Circuitry, CClV Systems, CCTV Monitoring /
Surveillance, Visual Surveillance, Guard Patrol / Intervention Microwave P<rtems, Exterior, Infrared Systems-Exterior,
'E-Field Fence Fystems, Electret Fence Systems and Tilt-Switch Fence Systems, Buried Line Sensors.
Rule Ref:
973.45(c)(1)(iii), 673.46(c)(3), (4), 673.46(e)(1), (2)
i 24
~
General Acceptance-Criteria The licensee must:
e operate throughout the environmental conditions stated in 18.1.2.1.
As a minimum, outdoor systems should be capable of effective' operation between -35 C and +50 C.
locate all equipment sensitivity adjustments within tamper-e l
indicating containers.
e be capable of meeting the typical design requirements for fire safety of nationally recognized testing laboratories such as Underwriters Laboratory (UL) or Factory Mutuals (FM) for all components-sensors', electronic processing equipment, power.
supplies alarm monitors.
e provide for automatic switchover to emergency battery and generator or emergency battery power without causing an intrusion i
alarm in the event primary power is interrupted be capable of sustaining operation while under emergency power a
for a minimum of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> without replacing or recharging batteries or refueling generators.
If sufficient battery or fuel capacity is not attainable for 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> operation, additional batteries or fuel should be stored on site expressly for augmenting power supply.
If emergency power is furnished by battery, all i
batteries (including stored batteries) should be maintained at full charge by automatic battery charging circuitry.
supervise all signal lines connecting alarm relays with alarm e
monitors.
be capable, under normal environmental conditions including e
seasonal extremes, of averaging one or loss false alarms per week per segment for the total perimeter alarm system and be capable of averaging one or less nuisance alarms per week per segment while maintaining detection sensitivity as stated under component specific standards.
If a segment can be fully observed at all times, either visibly or through CCTV, then the allowable false alarm rate and nuisance alarm rate may be increased to one per day.
detect an. intruder with at least 90% probability for each e
Segment of the protected area perimeter for the intruder types defined under-component specific standards.
segment the perimeter such that an individuti standing at one e-end of a segment has a clear-view of the entire segment.
In no case should.a segment exceed 200 meters in length.
e ensure that each perimeter segment can independently and uniquely indicate intrusion and have the capability of being placed-into the access mode independently of other segments.
l
l 25 PERMIT ONLY AUTHORIZED ACTIVITIES / CONDITIONS WITHIN MATERIAL ACCESS AREAS /
VITAL AREAS - (SFC 19.2, 19.3)
Establishment of Authorized Activities / Conditions (SFC 19.2.1, 19.3.1)
Purpose:
The establishment of authorized activities / conditions within the MAA/VA enables members of the guard force to identify unauthorized physical security-related activities /
conditions, i.e., activities / conditions which pose a potential threat to a facility's safeguards.
Components:
Area Zoning, Functional Zoning.
Rule Ref:
973.45(c)(1)(i), (ii), 673.46(c)(5), (6), 973.46(d)(2),
(3),(9)
General Acceptarte Criteria The licensee must:
comply with the criteria presented in section 19.1 Establishment o
of Authorized Activities Conditions Within PA's.
PREVENT UNAUTHORIZED ACTIVITIES / CONDITIONS WITHIN MAA's/VA's - (SFC 19.2.2, 19.3.2)
Detect Unauthorized Activities / Conditions - (SFC 19.2.2, SFC 19.3.2)
Purpose:
This detection capability prevcnts unauthorized activities /
conditions within the MAA/VA through the sensing or detecting of unauthorized activities / conditions and subsequent assessment and response.
Components:
Tamper Indicating Circuitry, Capacitance Alarms, Interior Microwave Systems, Interior Infrared Systems, Ultrasonic and Sonic Systems, CCTV Systems, CCTV Monitoring / Surveillance, Direct Monitoring / Surveillance, Area Zoning, Functional Zoning, Team Zoning, Close Out Inspections', Gur d Patrols /
Intervention, Multiman Rule.
i Rule Ref:
973.45(c)(1)(iii), 673.46(e)(2), (3)
General Acceptance Criteria The licensee must:
protect unoccupied storage areas containing enriched uranium e
scrap (enriched to 20% or greater) in the form of small pieces, cuttings, chips,. solutions, or in other forms which result from a manufacturing process, contained in 30 gallon or larger containers with a uranium-235 content of less than 0.25 grams per liter by a guard or watchman who patrols at intervals not exceeding 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> or by intrusion alarms.
protect all unoccupied vital areas and material access areas by e
an intrusion alarm subsystem which will alarm upon the entry of a person anywhere into the area, upon exit from the area, and
26 upon movement of a person anywhere within the area except that for process material access areas only the location of SSNM within the area need be so alarmed.
e place under the surveillance of CCTV which is monitored in both alarm stations, vaults and process areas that contain SSNM that has not been alloyed or encapsulated.
e ensure that the two man rule concept is followed in all MAA's at all times.
27 20.0 PERMIT ONLY AUTHORIZED PLACEMENT AND MOVEMENT OF SSNM WITHIN MATERIAL ACCESS AREAS Establishment of Authorized Placement and Movement of SSNM - (SFC 20.1)
Purpose:
The establishment of authorized placement and movement of SSNM both limits activities involving SSNM and helps to detect unauthorized activities.
The criteria includes 3
but is not limited to definition of:
- 1) authorized SSNM locations and schedules for movement, 2) procedures associated i
with placement and movement, and 3) work rules for involved personnel.
j Components:
Authorization Criteria and Schedules, Functional Zoning, Team Zoning, Multi-Man Rule.
Rule Ref:
973.45(d)(1)(i), 973.46(c),(5), (6)
General Acceptance Criteria The licensee must:
e control the movement and placement of all types of material encountered within the MAA under all types of conditions, including emergencies, shipping and receiving control of product and samples, and handling of scrap and waste.
i e
develop procedures for and determinations of authorized movement /
placement of SSNM which address movement and placement of SSNM down to the level of packages and containers, sealed or unsealed, and maintain them under the control of and limited to upper level management or security management, e
develop work rules to protect against insiders (individually, or in collusion) to prevent any small group of individuals from moving SSNM to unauthorized locations.
' using g eain zoning work rules, prohibit a single individual from t
o being 'able to procedurally alter the subsystem without written approval from upper level management.
e maintain procedures in writing and store in a secure controlled environment.
4 e
ensure that procedures for movement and placement of SSNM are consistent with the licensee's fundamental nuclear material control (FNMC) plans.
e ensure that the two-man rule concept is followed in all MAA's at all times develop work rules (functional zoning) which restrict individuals e
to the tasks they may perform within an MAA.
Establishment of Current Knowledge of SSNM - (SFC 20.2) 4
Purpose:
The establishment of current knowledge of SSNM details the type, quantity and location of SSNM within the MAA to assure detection of gross occurrences of unauthorized movement or placement of SSNM.
t
,-,-,e
---r v
, - ~ - - -
l l
28 l
l Components:
SNM Liquid and Solid Waste Handling Procedures CCTV l
Monitoring / Surveillance, Functional Zoning, Team Zoning, l
Multi-Man Rule, Guard Patrols / Intervention, SNM Shipping l
and Receiving Procedures.
Rule Ref:
973.45(d)(1)(ii); 973.46(d)(5), (6), (9), (10), (11),
(12), 973.46(e)(3), (9)
General Acceptance Criteria:
Tt,e licensee must:
l o
ensure that all placements of SSNM in storage, or withdrawls from storage, or movements from one material balance area (MBA) l or item control area (ICA) to another such area within the MAA will be:
(1) checked for consistency with current authorizations as to the type, destination and amount of material being roved, l
and the personnel involved in the movement.
(2) accompanied by recordation of the type, quantity and points of origin and destination of the material being moved, with signatures of all personnel involved in handling the material.
(3) preceded by a procedure to verify the identity of the material being moved.
(4) observed by at least one person following functional work rules who is not responsible for either sending or receiving the material in the current transaction.
e include special provisions for disposition of SNM during emergencies.
e qualify all third party observors to make independent determinations of SNM movement / placement parameters as necessary.
PREVENTION OF UNAUTHORIZED PLACEMENT AND MOVEMENT OF SSNM WITHIN MAA'S
- (SFC 20.3)
Delay Unauthorized Placement and Movement of SSNM within MAA's -(SFC 20.3A)
Purpose:
To delay. attempts at unauthorized placement or movement of SSNM by persons acting by stealth or force within the MAA during periods when the MAA is occupied by-authorized l
personnel. The object of the delay is to lengthen the i
time required for an individual to gain unauthorized access to SSNM in forms and quantities which lend themselves to unauthorized movement / placement, sufficiently to permit detection and response (as described in SFC 20.38).
Components:
Vaults, Locks, SNM Containers Rule Ref:
973.45(d)(1)(iii), 973.46(c)(5) l
1 i
29 General Acceptance Criteria:
The licensee must:
e-store SSNM other than alloys, fuel elements or fuel assemblies in a vault within an MAA if the material can be used directly in the manufacture of a nuclear explosive device.
e.
store SSNM other than alloys, fuel elements, or fuel assemblies in tamper-indicating containers.
e process SSNM other than alloys fuel elements, or fuel assemblies only in material access areas constructed with barriers that provide significant delay to insider penetration.
This means that all openings in the MAA barrier, such as areas under doors, through fans, ventilation ducts, and pipe ssthroughs, that lead to accessible areas outside the MAA should be specially protected.
In addition, the barrier should resist curting, drilling, and puncture by small hand tools.
o keep in locked compartments or locked process equipment SSNM while " undergoing processing" except if it is actually being i
processed, handled, worked on, or directly observed by personnel.
Detect Unauthorized Movement / Placement of SSNM within the MAA by Deceit, Stealth or Force - (SFC 20.38)
Purpose:
This detection capability senses unauthorized placement i
and movement of SSNM within.the MAA by persons acting
~
through deceit, stealth, or force during periods when the MAA is occupied by autnorized personnel such that detection may occur during the attempted unauthorized movement or placement.
Components:
Capacitance Alarms, CCTV Systems, CCTV Monitoring /
Surveillance, Guard Patrol / Intervention, Interior (Passives) Infrared Systems, Interior Microwave Systems.
General Acceptance Criteria The licensee must:
e protect SSNM within the MAA which is not personally attended by
, a sensing system (e.g., interior intrusion alarm systems, surveillance devices / procedures) having the following characteristics:
(1) The sensor subsystem for each SSNM holding / storage area within the MAA is capable of detecting" attempts at unauthorized removal with at least a 90% probability of detection, with a confidence of 95%, as determined through l
trial procedures similar to those described in R.G. 5.44,
" Perimeter: Intrusion Alarm Systems (Rev. 2)."
(2). Environmentally caused nuisance alarms should occur no more frequently than once per week for each SNM holding /
storage area protected.
Similarly, for false alarm rates for each such area.
k i
m
,,p
.y w-
l l
l 30 l
(3) There are provisions for automatic switchover to an emergency power system, and the equipment enclosures are protected l
with tamper-indicating circuitry.
(4) All lines are supervised.
(5) All alarm signals are annunciated and displayed at both the CAS and SAS.
(6) The sensing system operates effectively under all natural or man-made environmental conditions prevalent at the location of the SSNM being protected as detailed under l
Part III specific component standards.
l (7) At least two authorized individuals have. knowledge of switch-l ing to the access mode, and procedures are established to l
assure the system is switched back to active status at the l
appropriate times.
l (8) Installation is such as to accommodate normal traffic in the vicinity of the SNM holding / storage area protected by the alarm.
(9) The system alarms or other indication is provided upon:
(a) Switchover to, or loss of, emergency power, (b) Tampering with sensing system components, l-(c) Failure of any components causing loss of function, (d) Unauthorized access to sensitivity controls or controls l
for switching to access mode, e
protect by intrusion alarm all unoccupied material access areas which will alarm upon the entry of a person anywhere into the areas, upon exit from the area, and upon movement of an individual within the area, except that for process material access areas, only the location of the strategic special nuclear material within the area is required to be so alarmed.
e monitor vaults and process areas that contain unalloyed or unencapsulated SSNM by CCTV that is monitored in both alarm l
stations.
j e
provide detection of unauthorized movement or placement of SSNM through deceit through the following.
(1) Verification procedures consistent with those described in SFC 20.2 observed directly or indirectly by a member of the security organization.
(2) Records of movements and placements of SSNM held by the security organization until completion of a satisfactory material balance for the site.
(3) Use of functional and team zoning work rules which restrict l
the functions one individual may perform within an MAA and to ensure the use of the two-man rule concept.
I i
i
31 Interim Response to Detection of Unauthorized Movement / Placement of SSNM -
(SFC 20.3C)
Purpose:
To initiate a response to detections of unauthorizao movement or placement of SSNM within the MAA in a manner that will assure the continued protection of the SSNM during a period of assessment and until the arrival of a response force sufficient to neutralize the threat and restore the SSNM to authorized placement or control.
Rule Ref:
b;3.4S(d)(iv),S73.46(h)
General Acceptance Criteria The licensee must:
o meet the acceptance criteria described previously for SFC 18.1.2.1C.
i 33 21.
PERMIT REMOVAL OF ONLY AUTHORIZED AND CONFIRMED FORMS AND AMOUNTS OF SSNM FROM MATERIAL ACCESS AREAS l
CONTROL OF SSNM REMOVAL THROUGH MAA PORTALS - (SFC-21.1)
SSNM Removal Authorization Procedures - (SFC 21.1.1) l
Purpose:
To establish criteria and procedures for determining (a) personnel authorized to participate in preparation of material for removal and implementation of removal procedures, (b) the required circumstances for such removal, and (c) the types and quantities of SSNM (i.e., product, scrap, sample, waste) to be removed at given times.
Components:
Authorization Criteria and Schedules, Functional Zening, Team Zoning, Multi-Man Rules Rule Ref:
973.45(e)(2)(i); S73.46(d)(9)
General Acceptance Criteria The licensee must:
e ensure that all determinations for authorization of specific personnel to participate in SSNM removal from the MAA be consistent with the component specific work rules described in Section III.
e prohib.t procedures for initiating shipping orders for SSNM product or sample from being under the control of a single individual.
All shipping orders must be countersigned by at least two individuals, neither of which is authorized to participate in the implementation of such orders through the use of functional zoning.
e require that changas in procedures for developing authorization be made only by upper level or security management and that approval for such changes be made by at least two such individuals.
e provide for updating of authorizations to take into account changes in work assignments, terminations, and other personnel actions, no later than 24 hrs after notification of such actions.
These changes must be immediately available to persons assigned to authorization verification.
e ensure that determinations that a particular type and quantity of SSNM is authorized to be shipped are preceded by (a) verifica-tion that the receiver is qualified to receive the material, (b) appropriate arrangements with the carrier to satisfy the' applicable requirements of Part 73 for physical protection of the SSNM while in transit.
e maintain procedures developed for processing authorizations for personnel and for SSNM remov?.1 iD writing and store them in a secure controlled environmr.n to prevent the unauthorized alteration or destructicc3 Of uttr,rizations.
34 verify authorizations at the time of presentation on a random e
basis by contacting the originating office.
SSNMREMOVALPR0pEDURESANDCONTROLS-(SFC21.1.2) e Verification of Authorization and Identification of SSNM Presented for Removal - (SFC 21.1.2.lA)
Purpose:
To identify the SSNM being presented for removal from the
.MAA, verify the identity / authorization of personnel removing the SSNM and the type / quantity of SSNM being removed, and confirm the type / quantity of SSNM being removed.
Componer:s:
SNM Identification / Authorization Procedures, SNM Shipping /
Receiving Procedures Rule Ref:
973.45(e)(2)(ii), 973.46(d)(9)
General Acceptance Criteria The licensee must:
permit only those individuals specifically authorized to part-e icipate in the measurement, packaging or other handling of SSNM product or samples being prepared for removal from the MAA.
Their identities are to be established and verified in a manner similar to that preceding their entry into the MAA as decribed in SFC 18.1.2.1.
[ Criteria similar to that for SFC 18.1.2.1.
apply.]
measure SSNM being prepared for removal prior to placing in e
tamper-safe sealed containers, and document the contents of each container in a manner that precludes tampering.
convey documentation attesting to the type and quantity of e
material contained in each SSNM package prepared for removal to the portal security personnel independently of the persons affecting the removal.
perform measuring and packaging of SSNM for removal from the e
MAA by or in the, presence of at least two persons neither of whom is authorized access to material process areas or has participated in previous intermediate packaging steps.
e tamper-seal all material packaged for removal from the MAA immediately after completion of packaging, subject the material to a gross weighing, and occument the gross weight of the package in a manner that precludes tampering.
accompany sealed items prepared for removal from the MAA by e
documentation indicating a unique identification of the item certified type, and quantity of material contained.
~
e exam ae SSNM packaged for removal from the MAA through the MAA exit control point (portal) by at least two security organization members who will verify that the type and quantity of material indicated on the containers or items correspond to the type and quantity of material stated in the authorizations for the material's removal and with the information on the transfer documentation.
e accompany'all material presented for removal from the MAA at the MAA exit control point (portal) by appropriate documentation
35 regarding the proposed transfer which contains the essential elements described in Section C.2 of R.G. 5.49, " Internal Transfers of Special Nuclear Material," for transfers to other MAAs at the same facility, or in the Form 741 (DOE), required to be filled out for transfers to other facilities.
e store all documentation regarding removal of SSNM from the MAA in a secure controlled area when not attended, and insure that forms used for such documentation are fully accounted for
-through serialization.
e ensure that areas used for preparing SSNM for shipment and areas used for packaging and screening trash and wastes are controlled access areas that are separated from processing and storage areas.
Detect Attempts at Unauthorized Removal of SSNM Through MAA Portal by Deceit - (SFC 2.1.1.2.1.B)
Purpose:
To detect possible attempts at falsification of SSNM transfer documentation or loss of integrity of SSNM containerization for SSNM presented at the MAA portal for removal from the MAA.
l Components:
Tamper-Indicating Seals and Tamper-Seal Inspection, Rule Ref:
673.45(e)(1)(ii), 973.46(d)(11)
General Acceptance Criteria The licensee must:
e provide a tamper sealing system that includes the features (a) through (h) described in Section C. 2 of R. G. 5.15, " Security Seals for the Protection and Control of Special Nuclear Material."
e ensure that documentation attesting to the procedures used in the packaging of SSNM for removal from the MAA refers to specific serial numbers of seals applied just prior to removal.
e train and test security personnel at the MAA portal to inspect the specific types of containers and seals used for removal of SSNH to detect any evidence of tampering with seals or. containers.
e train and test security personnel at the MAA portal to positively determine the authenticity of documentation and seals used for the removal of SSNM.
e ensure that the integrity and authenticity of seals is confirmed at the time the material is presented for removal without unreasonable delay.
Interim Response to Detections of Attempts at Unauthorized Removal of SSNM (SFC 21.1.2.1C)
Purpose:
To initiate a response to detections of attempts at unauthorized removal of SSNM product or samples in a manner that will delay the actual removal of the SSNM from the MAA until arrival of a response force sufficient to neutralize the threat and restore the material to its authorized placement or control.
Rule Ref:
673.45(2)(iii),673.46(h).
I r
36 General Acceptance Criteria:
The same criteria will apply here as are described in Subsystem C for SFC 13.1.2.1 PROCEDURES AND CONTR01S FOR SCRAP REMOVAL - (SFC 21.1.2.2)
Identification / Authorization Verification for Scrap Removal from l
MAA - (SFC 21.1.2.2A)
Purpose:
To identify scrap material being presented for removal from the MAA, verify the identity / authorizations of personnel removing the scrap material and the types /
quantities of SSNM contained in the scrap, and confirm the-type and quantity of SSNM contained.
Components:
SNM Identification / Authorization Procedures, SNM Shipping and Receiving Procedures, SNM Scrap Removal Procedures Rule Ref:
673.45(e)(2)(ii), 673.46(d)(9)
General Acceptance Criteria:
The licensee must:
l e
employ procedures similar to those for removal of SSNM product and samples for identification, verification, and confirmation relative to SSNM scrap removal.
Criteria similar to those for SSNM product and samples removal apply described in Subsystem A for SFC'21.1.2.1.
Detection of Unauthorized SSNM Removal Involving Scrap Removal from MAA
- (SFC 21.1.2.2.B)
Purpose:
To detect attempts at falsification of SSNM scrap transfer documentation, loss of integrity of SSNM scrap containeri-l zation, or concealment of gross quantities of SSNM in scrap presented for removal at the MAA exit control point.
Components:
SNM Scrap Removal Procedures Rule Ref:
973.45(e)(1)(ii), S73.46(d)(11)
General Acceptance Criteria:
l The licensee must:
l e
ensure that the same criteria are met for this subsystem as are met by the detection system for removal of SSNM product and l
sample, Subsystem B for SFC 21.1.7.1.
l l
Interim Response to Detections of Unauthorized SSNM Removal Involved with l
Scrap Removal-(SFC 21.1.2.2C) i Purposa:
To initiate a response to detections of attempts at unauthorized removal of SSNM from the MAA in the process
[
of scrap removal in a manner that will delay the actual removal of the SSNM until-arrival of a response force
37 sufficient to neutralize the threat and restore the SSNM to its authorized placement or control.
Rule Ref:
973.45(e)(2)(iii), 973.46(h)
General Acceptance Criteria:
The same criteria apply as are prescribed for interim response for SFC 18.1.2.1C.
PROCEDURES AND CONTROLS FOR WASTE REMOVAL - (SFC 21.1.2.3)
Identification / Authorization Verification for SSNM Waste Removal from MAA - (SFC 21.1.2.3A)
Purpose:
To identify the SNM waste material being presented for removal from the MAA, verify the identity / authorization of personnel participating in preparing such material for removal and the type / quantity of material being removed, and confirm the type and quantity of waste material being removed.
Components:
SNM Liquid and Solid Waste Handling Procedures, SNM Shipping /
Receiving Procedures Rule Ref:
973.45(e)(2)(ii) 673.46(d)(9)
General Acceptance Criteria:
The licensee must:
o meet the same criteria for SNM waste removal as for removal of SSNM product and sample material as described for SFC 21.1.2.1.
e ensure that in addition to the above referenced criteria, the subject procedures will include overcheck procedures to be implemented at the MAA exit control point in conformance with procedures described in Section C.2(d) of R.G. 5.7, " Entry / Exit Control for Protected Areas, Vital Areas and Material Access Areas," and Section C. 1 of R.G.
5.57, " Shipping and Receiving Control of Strategic Special Nuclear Material."
Detection of Unauthorized SSNM Removal from MAA through Deceit in the Removal of Waste (SFC 21.1.2.3B).
Purpose:
To detect attempts at falsification of SSNM transfer documentation, loss of integrity of SSNM waste container-ization, or concealment of gross quantities of SSNM in waste material presented for removal at the MAA exit control point.
Components:
SNM Liquid and Solid Waste Handling Procedures, SNM Shipping /
Receiving Procedures Rule Ref:
973.45(e)(2)(i)(ii), 973.46(d)(11)
General Acceptance Criteria:
The licensee must:
o meet the same criteria for these procedures as are to be met for similar procedures applied to the removal of SSNM product and sample material, as set forth in SFC 21.1.2.1(c).
l l
I l
l l
38 i
i Interim Response to Detections of Attempts at Unauthorized Removal of SSNM - (SFC 21.1.2.3C)
Purpose:
To initiate a response to detections of attempts at i
unauthorized removal of SSNM through deceit in the process of waste removal, that will delay the actual removal of the SSNM from the MAA until arrival of a response force sufficient to neutralize the threat and restore the material to its authorized placement or control.
Rule Ref:
673.45(e)(2)(iii), 973.46(h)
General Acceptance Criteria:
The licensee must:
i e
meet-the same criteria as prescribed for similar response j
measures for detection of unauthorized removal of SSNM product l
or sample material, as set forth in SFC 18.1.2.1.C.
l REMOVAL PROCEDURES AND CONTROLS-EMERGENCY CONDITIONS - (SFC 21.1.3)
Purpose:
To maintain control over SSNM removal during emergency conditions.
1 Components:
Emergency Evacuation Procedures l
Rule Ref:
673.45(g)(2)
General Acceptance Criteria:
The licensee must:
provide all security equipment required for use in verifying e
authorizations, controlling portals, and otherwise controlling authorized and unauthorized removal of SSNM from the MAA with automatic switchover to emergency power in case of power loss.
e where normal security procedures cannot be carried out due to emergency conditions, employ alternative procedures meeting the criteria set forth for each security subsystem, or suspend normal activities until the emergency condition terminates.
when emergency conditions occur necessitating evacuation of o
personnel from the MAA, ensure that personnel evacuated from the MAA are kept under observation and segregated from other personnel until it can be established that they have not removed SSNM from the MAA during the evacuation procedure.
BYPASS OF REMOVAL PROCEDURES - (SFC 21.1.4) j Portal Barrier System For MAA Exit Control Points - (SFC 21.1.4A)
Purpose:
To delay personnel from exiting MAAs until (1) it can be established that such personnel are not attempting to remove SSNM from the MAA without authorization, or (2) response forces arrive in response to detections of attempted unauthorized removal of SSNM, through stealth or 1
force at MAA personnel exit control points; to delay penetration of personnel through MAA exit control points intended only for materials, l
39 Components:
Pedestrian Sally Ports, Doors Rule Ref:
573.45(e)(1)(i), 973.46(c)
General
.ceptance Criteria:
The li...',see must:
sonstruct portals at MAA exit control points such that o
they resist pen 'tration by. personnel for a period allowing arrival of response forces following detection of possible unauthorized removal of SSNM.
The delay times estimated for portals used for such purposes are to be determined on the assumption that tools used for penetration are to include only those normally available within the MAA, and in accordance with calculations and estimates presented in the " Barrier Penetration Handbook," developed by Sandia Laboratories (SAND-77-0777, November, 1977).
provide structures which channel personnel exiting through MAA e
exit control points through detection procedures capable of detecting concealed SNM on their person or in hand carried packages.
construct partitions, walls, and other barriers used as passage-e ways to channel personnel in the immediate area of MAA exit '
control points into pedestrian sally ports or other structures for purposes of assuring detection of unau.horized removal of SSNM from the MAA such that they offer penetration resistance at least equal to or greater than the remainder of the MAA perimeter and the doors used for the exit control points.
Estimates of delay time are to be made as described above.
Detect Attempts at Removing SSNM by Stealth or Force. - (SFC 21.1.4B)
Purpose:
To detect attempts by persons leaving the MAA through exit control points to bypass established MAA removal procedures
~for the purpose of unauthorized removal of SSNM from the MAA.
Components:
CCTV Systems, CCTV Monitoring / Surveillance Procedures, Direct Monitoring / Surveillance, Pedestrian Sally Ports Rule Ref:
973.45 (e)(1)(ii), 973.46(e)(2)(3)
General' Acceptance Criteria:
The licensee must:
implement procedures and employ devices which provide positive e-control over persons exiting the MAA through established exit control points so that a conscious action is required on the part.of security personnel to allow persons to exit, or ensure that devices controlling personnel exitways'are inoperable unless removal procedures have been accomplished.
employ. personnel where necessary to assure that detection e
devices, such'as doorway monitors, are. properly used by exiting personnel to avoid practical vulnerabilities (such as passing material through very quickly, etc. ).
m ;..
e n
40 prohibit one security force member from gaining exclusive e
control over equipment or procedures established for the
-detection of unauthorized removal.
' ensure that devices or procedures employed to detect attempts e
at penetration of barriers at MAA exit control points during periods when the MAA is closed meet the same criteria as-those established for detection of unauthorized activities and conditions (Ref. SFC 19.2.2A).
enclose all equipment used for the control of personnel exiting e
the MAA in tamper-indicating enclosures, with remote annunciation of tamper-indicating alarms in the CAS and SAS.
REMOVAL OF SSNM THROUGH REMAINDER OF BOUNDARY - (SFC 21.2)
Perimeter Barrier to Delay SSNM Removal from MAA -SFC 21.2A
Purpose:
To prevent passthrough of SSNM from inside the MAA to an area accessible from outside the MAA through cutting, drilling or puncture of the MAA perimeter barrier.
Component:
Doors and Associated Hardware, Windows and Associated Hardware, Walls, Roofs, Floors, Emergency Exits, Air and Utility Inlet Barriers, SNM Holding / Storage Areas Rule Ref:
973.45(e)(1)(i), 673.46(c)
General' Acceptance Criteria:
The licensee must:
construct perimeter barrier system for the MAA of material e
which resists' cutting, drilling or puncture by small tools or tool. substitutes which may be found in the MAA for MAAs which contain SSNM which has not been encapsulated or alloyed.
The degree of resistance intended is that which is sufficient to delay penetration sufficiently to allow detection before SSNM is removed from the-MAA.
Delay times should be estimated.on the basis of data contained in the Barrier Penetration Handbook (SAND-77-0777).
prohibit openings through which quantities of SSNM may be passed e
from inside the MAA into an area accessible from outside the MAA associated with any doors, windows, air or utility inlet barriers, or other portions of the MAA perimeter barrier system (other than at MAA entry or exit ' control points).
inspect MAA perimeter barriers periodically, at least once per e
week, to assure.that they are kept in good repair and have not
-been penetrated.
Detect Penetration by Stealth or Force of MAA Perimeter Barrier From Inside MAA
Purpose:
To detect attempts at penetration by stealth or force of the MAA perimeter barrier subsystem from the inside, when the MAA is occupied by authorized personnel.
4
.._.,..._,.....m.2
- - - ~ ~ - ' - - - - ^ ' - ~ - - -
m 41 Components:
(Same as for detection of unauthorized activities and conditions -Ref. SFC 19.2.2A).
Rule Ref:
S73.45(e)(1),573.46(c)(5)
General Acceptance Criteria:
The licensee must:
e ensure that the same criteria are met as are described for detection of unauthorized activities and conditions (SFC Ref.
19.2.2A).
l
43 22.
PROVIDE FOR AUTHORIZED ACCESS AND ASSURE DETECTION OF AND RESPONSE TO UNAUTHORIZED PENETRATION OF THE PA ENTRY CONTROL THROUGH PA ENTRY PORTALS - (SFC 22.1)
Development and Maintenance of Entry Authorization Procedures (SFC 22.1.1)
Purpose:
Proper development and maintenance of entry authorization procedures for the PA ensure that only au..orized personnel gain access through entry portals to the protected area.
Components:
Admittance Authorization Criteria and Schedules, Admittance Authorization / Verification Procedures Rule Ref:
973.45(f)(2)(i), 973.46(d)(4)
General Acceptance Criteria The licensee must:
o provide entry authorization procedures for all types of entry situations encountered at the facility.
o keep the development of procedures under the control of and l
limited to upper level management or se-nrity personnel.
l e
ensure that no one individual is able to procedurally alter the subsystem.
e maintain procedures used to develop the subsystem in writing and located in a controlled environment.
l-ENTRY PROCEDURES AND CONTROLS FOR PERSONNEL AND VEHICLES THROUGH PA ENTRY PORTALS - (SFC 22.1.2, SFC 22.1.2.1)
Personnel Identification / Authorization Verification-(SFC 22.1.2.1A)
Purpose:
These procedures ensure that only authorized personnel are allowed access to PA's.
Components:
Coded Credential Systems, Personal ID Numbers / Passwords, Photo ID Badges, Admittance Authorization / Verification Procedures Rule Ref:
973.45(f)(2)(ii), 973.46(d)(1),(4),(13)
General Acceptance Criteria The licensee must:
establish a unique correspondence between specific attributes or o
knowledge possessed by individuals desiring entry and pre-established attributes, or knowledge possessed by individuals approved for entry.
Such attributes or knowledge may include facial appearance, fingerprint, voiceprint, personnel ID number or passwords, coded credentials, etc., or any combination thereof.
update in a timely manner authorizations when authorizations e
are changed or credentials are lost or stolen.
verify the presence and location of personnel desiring entrance e
against pre-established time schedules.
44 e
consider ease of reproduction of authorization credentials or attributes and control of pre-established attributes used in the identification / verification process to provide a subsystem whicF is difficult to compromise.
e detect unauthorized deceitful attempts at entry with a probability of detection of at least 90% with a 95% confidence level.
False rejection. rate should be no greater than 5%.
e provide a comparable backup means of identification or author-ization verification in the event the primary system fails, e
limit access to stored authorizations and personnel identification attributes to a small number of security personnel or upper level management on a need to know basis.
e ensure that procedures for changing records involve more than one authorized individual.
e provide an indication to security personnel upon loss of power or automatic switchover to emergency power if applicable.
e operate effectively under the following environmental conditions:
(1) All weather conditions prevelent to the operating area of the subsystem to include temperature extremes possible upon loss of heating or cooling systems.
4 (2) All lighting levels which may be encountered and may impact comparison of photographic or video images.
(3) Accoustic disturbances (4) Vibration.
(5) Accumulation of debris or films on card readers or optical equipment.
l (6) Moisture.
(7) Electromagnetic interference.
Detect Contraband on or in Authorized Vehicles. - (SFC 22.1.2.18)
Purpose:
This detection capability contributes to preventing the deceitful introduction of unauthorized material into Pa's through concealment on or in a vehicle.
Components:
Explosive Detectors-lhnd Held, Vehicle Search; Use of K-9,-Vehicle Search; Vesual Inspection-Vehicle Search.
General Acceptance Criter: 1 The licensee aust:
a search all vehicles, except U.S. DOE vehicles engaged in transporting special nuclear material and emergency vehicles i
under emergency conditions, for firearms, explosive and incendiary devices prior to entry into the protected area.
Vehicle areas to be searched shall include the cab, engine compartment, undercarriage and cargo area.
e exercise positive control over designated licensee vehicles to assure that they are used only by authorized persons and for authorized purposes.
e escort all vehicles, except designated licensee vehicles, requiring entry into the PA by a member of the security organi-zation while within the protected area and to the extent l
l
45 practicable ensure that they are off-loaded in an area that is not. adjacent to a vital area.
provide both aural and visual annunciation of detection equipment.
e Detect Contraband on Authorized Personnel. - (SFC 22.1.2.1C)
Purpose:
Detection of contraband on authorized personnel prevents the introduction of unauthorized material into the Protected Area which may be used by the insider in a subsequent attempt at theft or radiological sabotage.
Components:
Explosives Detectors, Volume; Explosive Detectors, Walk-Through; Weapons Detector, Volume; Weapons Detector, Wa;k Through; Pat-Down Search; Explosive Detector, nand-Held, Personnel Search; Veapons Detector, Hand-Held, Personnel 1
Search.
Rule Ref:
673.45(f)(2)(ii),573.46(d)(4)
General Acceptance Criteria The licensee must:
e search all individuals at the protected area entrance for firearms, explosives, and incendiary devices.
U.S.
DOE couriers engaged in the transport of SNM need not be searched.
Licensee employees having an NRC or U.S.
00E access author-ization should be searched on a random basis, instruct and test all search personnel in proper search e
procedures including written instruction and training in the identification of firearms, explosives and incendiary devices.
prohibit any item or material determined to be of a questionable e
nature by search personnel from entrance into the PA until responsible security personnel are satisfied that the material is not of a threatening nature.
e ensure that all search detection equipment gives an aural local annunciation.
request individuals desiring entrance to the PA to remove bulky e
outer-clothing which might hinder an effective search.
take the following action in the event search equipment indicates e
the presence of firearms, explosives, or incendiary devices:
(a) Request that the individual empty his or her pockets, again be tested by search equipment, and allow entrance if there is no further indication of the presence of firearms, explosives, or incendiary devices.
(b) Conduct a physical search if the equipment continues to indicate the presence of firearms, explosive, or incendiary device is found.
4 1
l 1
i
l l
46 l
l PROCEDURES AND CONTROLS'FOR INTRODUCTION OF MATERIAL INTO THE PROTECTED AREA.
l
-(SFC 22.1.2.2)
I Verification of Material Authorizations- (SFC 22.1.2.2A)
Purpose:
This subsystem ensures.that only authorized material is granted access to protected areas.
Components:
Admittance Authoriloiiun/Veritication Proceaures Rule Ref:
973.45(f)(2)(i), 973.46(d)(3) l Generel Acceptance Criteria:
The licensee must:
l e
maintain a current written list of hand-carried packages, material, and equipment authorized entry into the protected area.
e search all hand-carried packages at the point of personnel and vehicle access into a protected area for firearms, explosives and incendiary devices except those packages carried by persons l
having an NRC or DOE access authorization which shall be searched l
on a random. basis when the person carrying them is selected for search.
e check all packages and material for delivery into the protected area for proper identification and authorization and search on a random basis for firearms, explosives, and incendiary devices prior to admittance into the protected area, except those-l-
Commission approved delivery and inspection activities specifi-cally designated by the licensee to be carried out within MAA's, VA's or PA's for reasons of safety, security, or operational necessity.
Verification of Quantity and Type of Material - (SFC 22.1.2.2B)
Purpose:
Verification of quantity and type of material ensures that nuclear material presented for introduction to the PA -is verified through admittance authorization controls.
Components:
Admittance Authorization Criteria and Schedules, Visual Inspection, Tamper Seals and Tamper Seal Inspection Rule Ref:
973.45(f)(2)(ii),S73.46(d)(3),(5),(6).
General Acceptance Criteria:
The licensee must:
e check material presented for PA admittance against pre-established schedules which spe;:fy type and quantity of material authorized access.
e visually inspect material at PA entrance to ensure that the material is consistent with authorization paperwork.
e visually inspect all tamper seals, if used, to determine if the material has been tampered with since the previous authorization i
point.
l i
,,r-
+,i-_.
w-
~,
e c., m e--,
w-
I 47 Detection of Unauthorized Introduction of Material By Deceit -
(SFC 22.1.2.2C)
Purpose:
This detection capability constitutes material search l
procedures used at PA entrance to help prevent introduction l
of unauthorized material which might be used in a subsequent attempt at theft or radiological sabotage.
Components:
Weapons Detector, Hand-Held Package Search; Explosives l
Detector, Hand-Held Package Search; X-Ray Equipment; l
Visual Inspection, Package Search Rule Ref:
S73.45(f)(2)(ii),973.46(d)(3)
General Acceptance Criteria:
The licensee must:
submit to suitable detection equipment all ';;1d carried packages e
j or material that cannot be readily opened or otherwise effectively searched.
e search all hand-carried packages at PA EECP's by direct observ-ation, by the use of firearms detectors or explosives detectors, or by the use of X-ray equipment for concealed firearms, I
explosives, incendiary devices or other items that could be used for theft or sabotage purposes.
e prohibit access to the PA of any item or material determined to be of a questionable nature by search personnel until responsible security personnel are satisfied that the material is not of a l
threatening nature.
e ensure that the following measures are implemented prior to entry, if size, weight, packaging, or other characteristics prohibit effective search by direct observation, detection equipment, of X-ray:
(1)- Escort the material to its destination by a member of the security organization.
(2) Prohibit initial off-loading or unpackaging of material adjacent to a vital or material access area.
(3) Provide for observance of off-loading or unpackaging by at least two authorized individuals, one of whom is a member of the security organization, for the purpose of ensuring that only authorized material has been delivered and that there are no concealed fireams, explosive, or incendiary
- devices, e
search at a minimum random sample rate of 10% all delivered packages or material prior to PA entry for firearms, explosives, or incendiary devices PREVENTION OF BYPASS OF ENTRY PROCEDURES AND CONTROLS AT PA PORTALS -
(SFC 22.1.4)
Barriers at Portals - (SFC 22.1.4A)
Purpose:
Barriers at portals help to detect stealthful or forceful attempts of unauthorized entry at PA portals to permit a
I i
l 48 L
i i
response that will prevent the penetration or prevent the l
penetration and satisfy the general performance objective l
and requirem ats of S73.20(a).
Components:
Gates and /.ociated Hardware, Sallyports, Pedestrian, l
Sally-Port, Vehicular, Locks j
Rule Ref:
673.45(f)(1)(i), 973.46(c)
General Acceptance Criteria The licensee must:
e provide positive control over all PA portals.
I e
monitor PA portals to detect unauthorized entry attempts.
Such monitoring may be accomplished by direct guard monitoring /
surveillance, remote monitoring / surveillance, or alarm systems.
e maintain equipment used for remote detection and assessment in operable conditon.
e provide sufficient lighting levels at all times to monitor and observe PA portals.
As a minimum, lighting levels should not be less than 0.2 footcandle measured horizontally at ground level.
provide duress alarms for all manned access control points in e
the protected area barrier.
ENTRY CONTROL THROUGH REMAINDER OF PROTECTED AREA BARRIER - (SFC 22.2)
Barrier at PA Perimeter-(SFC 22.2A)
Purpose:
The barrier system at the orotected area perimeter is intended to help detect ano delay an adversary attempting entrance to the protected area soificiently to permit a response that will prevent the penetration or prevent the penetration and satisfy the general performance objective and requirements of $73.20(a).
Components:
Fence Systems, Walls, Roofs, Isolation Zones Rule Ref:
973.45(f)(1)(i), 673.46(c)
General Acceptance Criteria:
The licensee must:
e provide barriers at the protected area perimeter to channel persons, vehicles, and material to protected area entry control points.
provide barriers which delay any unauthorized penetration e
attempts or the introduction of unauthorized vehicles or materials sufficient to assist detection and assessment and permit a response that will prevent the penetration or prevent such penetration and satisfy ~ the general performance objective l
and requirements of $73.20(a).
e separate the physical barriers at the perimeter of the protected area from any other barrier designated'as a physical barrier for a vital area or material access area within the protected area.
_a 49 l
maintain isolation zones in outdoor areas adjacent to the e
physical barrier at the perimeter of the protected area.
Detection of Unauthorized Penetration of PA Barrier-(SFC 22.2B)
{
Purpose:
Detection of unauthorized penetrations of the PA barrier permit assessment and response to the penetration sufficient to prevent the penetration or prevent such penetration and satisfy the general performance objective and requirements of 973.20(a).
Components:
Buried Line Sensors, CCTV Monitoring / Surveillance, Cont-rolled Security Lighting, Direct Monitoring / Surveillance, E-field Fence, Electret Sensor and Tilt Switch Fence Systems, Guard Patrols / Intervention.
Infrared Beam Systems, Exterior, Microwave Systems, Exterior.
Rule Ref:
'973.45(f)(1(ii), 973.46(e)(1)
General Acceptance Criteria-The licensee must:
e provide isolation zones adjacent to physical barrier at the PA perimeter large enough to permit observation of the activities of people on either side of the barrier in the event of its penetration.
e provide an intrusion alarm subsystem which annunciates in both alarm stations with the capability of detecting an intrusion through the isolation zone and permitting response action.
Proper detection probability is defined as the ability to detect an intruder with at least 90% probability in each segment of the isolation zone, with 95% confidence.
See Appendix A, R.G.5.44, Perimeter Intrusion Alarms, for example testing
- methods, e
lock and alarm all emergency exits in the protected area to prevent entry from the outside and provide loci-1 visible and audible alarm annunciations.
e be capable of observing isolation zones and the physical barrier at the perimeter of the protected area preferably by means of closed circuit television or by other suitable means which limit exposure of respo'nding personnel to possible attack.
e conduct operability tests on all segments of the isolation zone at least once each 7 days.
The operability testing should result in 100% detections on all segments.
test' the perimeter intrusion alarm system at least quarterly e
against its manufacturer's design specifications.
Interim Response to Detections of Unauthorized Penetration of the PA L;rrier. - (SFC 22.2C) turposes:
Interim response measures are measures which either prevent j
. penetration.of. the isolation zone or contain the situation until arrival of off-site forces suft!cient to counter the threat.
50 Components:
Guard Patrols / Intervention Rule Ref:
73.45(g)(3)(ii), g73.46(h)
General Acceptance Criteria:
The licensee must:
o meet the " General Acceptance Criteri,3" for Section SFC 18.1.2.1.C.
t i
i l
l 9
J
51 23.
RESPONSE
COMUNICATIONS - (SFC 23.1)
Communications Between Onsite Forces - (SFC 23.1.1)
Purpose:
Communication subsystem (s) between onsite forces are necessary to transmit rapid and accurate security inform-ation among onsite forces for routine security operation, assessment of a coMingency, and response to a contingency.
Components:
Master (Fixed) Rad) a, Portable Radios, Mobile Radios, Commercia. Telephone System, Direct Line Telephone / Intercom, Duress Alarms Rule Ref:
673.45(g)(4)(i),S'3.46(f)(1)
General Acceptance Criteria The licensee must:
e test communications equipment required for communications onsite, including duress alarms, for performance not less frequently than once at the beginning of each security personnel work shift.
o be capable of maintaining continuous communication between each guard, watchman, or armed response individual on duty with an individual in each continuously manned alarm station who shall be capable of calling for assistance from other guacds, watchmen, and armed response personnel.
provide all manned access control points in the protected area e
barrier, all security patrols and guard stations within the protected area, and both alarm stations with duress alarms.
e maintain non portable communications equipment operable from independant power sources in the event of loss of normal power.
Communications Between Onsite and Offsite Forces - (SFC 23.1.2)
Purpose:
Communications subystem(s) between onsite and offsite forces are necessary to transmit rapid and accurate detection and assessment information to offsite assistance forces.
Components:
Master (Fixed) Radios, Mobile Radios, Commercial Telephone Systems, Direct Line Telephone / Intercom Rule Ref:
673.45(g)(4)(ii), 673.46(f)(1),(2),(3).
General Acceptance Criteria:
The licensee must:
o
-assure that a single adversary action cannot destroy the capabil-ity of the security organization to notify offsite response forces of the need for assistance.
provide the CAS and the SAS with both conventional telephone e
service and radio or microwave transmitted tv.-way voice communication either directly or through ar. intermediary for
52 the capability of communication with the law enforcement authorities.
i maintain non portable communications equipment operable from independant power _ sources in the event of loss of normal power.
e upon detection of abnormal presence or activity of persons or vehicles within an isolation zone, a protected area, a material access area, or a vital area, or upon evidence or indication of-intrusion into a PA, MAA, or VA, take immediate concurrent measures to neutralize the threat by informing local law enforcement agencies of the threat and requesting assistance.
e performance test communications equipment required for communi-cations off-site not less than ors.e a day.
t EFFECTIVE RESPONSE - (SFC 23.2)
ONSITE RESPONSE - (SFC 23.2.1) 9 Guard Force Training / Qualification - (SFC 23.2.1A) j i
j
Purpose:
Guard force training / qualification ensures that trained and qualified personnel carry out assigned duties and responsibilities for both routine security operations and responses to emergencies and safeguards contingencies.
Rule Ref:
973.45(g)(1)(i), 973.46(b)(1),(4)
\\
\\
General Acceptance Criteria:
The licensee must:
be capable of demonstrating the ability of physical security e
personnel to perform their assigned duties and responsibilities, i
including demonstration of the ability of contractor personnel.
have a management system which provides for the development, e
revision, implementation, and enforcement of security procedures.
prohibit an individual to act as a guard, watchman, armed e
response person, or other member of the security organization l
unless such individual has been trained, equipped and qualified to perform each assigned security job duty in accordance with Appendix B,110 CFR 73.
See NUREG 0674, " Security Personnel Training and Qualification Criteria" for specific information.
e requalify each guard, watchman, armed response person, or other member of the security organization, whether a licensee or contractor employee, in accordance with Appendix B, 10 CFR 73 at least every 12 months.
instruct every guard and all armed response personnel to prevent e
or impede acts of radiological sabotage or theft of strategic special nuclear material by using force sufficient to counter the force directed at him including the use of deadly force when the guard or other armed response personnel has a reasonable belief that it is necessary in self-defense or in the defense of others.
e have available a minimum of five (5)~ guards to fulfill assessment and response requirements.
In addition a force of guards or v r
l 53 armed response personnel also must be available to provide assistance as necessary.
The size and availability of the i
additional force should be determined on the basis of site-l specific considerations that could affect the ability of the total onsite response force to engage and impede the adversary force until offsite assistance arrives.
Equipment and Procedures - (SFC 23.2.1B)
Purpose:
Guard force equipment and procedures help provide for response by assigned security organization personnel which is sufficiently rapid and effective to achieve the predeter-mined objective of the response.
Components:
Duress Alarms, Guards Force Personal Equipment, Portable Radio, Weapons-Handgun, Semiautomatic, Shotgun Rule Ref:
673.45(g)(3); 973.46(b)(6),(e)(4)
General Acceptance Criteria:
The licensee must:
I equip guards and armed response force personnel witF. armament e
maintained on-site which must include handguns, shotguns, and semiautomatic rifles as described in Appendix B, 10 CFR 73.
provide communications equipment to each guard, watchman, or e
armed response individual on duty.
See Section SFC 23.1.1A for specific information.
provide all manned access control points in the PA barrier, all e
security partrols & guard stations within the PA, and both alarm stations with duress alarms.
meet all requirements for equipping members of the guard force e
as stated in Appendix B, 10 CFR 73.
0FFSITE RESPONSE - (SFC 23.2.2)
Offsite Response Force - (SFC 23.2.2)
Purpose:
Offsite response forces provide additional response capability in the event of a contingency which can not be sufficiently countered by the onsite response force.
Rule Ref:
973.45(g)(2), S73.46(h)(2),(4)(iii)(B).
General Acceptance Criteria:
The licensee must:
e establish and document response arrangements that have been made with local law enforcement authorities.
e determine and document response time of local law enforcement agencies.
l l
l 1
l l
55 PART Ill SPECIFIC COMPONENT PERFORMANCE I
l
-- s.
57 1.
Admittance Authorization Criteria and Schedules e
Should relate to easily observable or verifiable tspects of SNM movement and placement and involved personnel.
e Should detail specific persons,- materials, locations, and times for movement and placement of SNM.
e Should be verified by security personnel at least on a random basis.
2.
Admittance Authorization / Verification Procedures e
Procedural oocuments should be reviewed, updated, and destroyed on a timely basis, e
Access to procedural documents should be tightly controlled.
3.
Air and Utility Inlet Barriers e
Inlets should be smaller than 96 sq. inches (man-size).
e Inlets should not terminate at ground level heights.
e Barriers should provide penetration resistance equivalent or greater than adjacent barriers.
e Barriers should be welded to inlets.
4.
Annunciation Systems - Computer Assisted, Individual Alarm, Multiplexed Alarm e
Should annunciate both aurally and visibly in both alarm stations, o
Station operator should be able to discern the location of the alarming sensor from the annunciation system.
e The system should be conveniently located to the alarm station operator.
e The system should indicate the status (secure / access / alarm / tamper) of sensors within an alarm zone.
e Intrusion alarms should be capable of being controlled (activated or deactivated) from either the CAS or SAS thereby assuring no functional subservience of one alarm' station over the other.
e A priority structure should be pre-established either manually or through a computer to accommodate concurrent alarms.
e The alarm station operator duties should be such that primary attention can be afforded security monitors, e
The annunciation system should provide as a minimum the following infor-mation in the event of an alarm: date, time, sensor location.
5.
Area Zoning Should be formulated using facility site geometry, safeguards features, e
and personnel responsibility and capability information.
Should impact safety systems or responses to emergencies as little as e
possible.
Should model the safeguards system as concentric zones surrounding SNM or e
vital areas so that a number of zones must be crossed by an adversary to reach his target and to exit.
Safeguards should be located in each zone or at the barriers forming the e
boundaries between zones.
Should refer.to clearly delineated boundaries easily discernible to e
security personnel and other authorized individuals.
6.
Balance Magnetic Switches
- Should alarm upon door opening of < lcm.
e Alarms should annunciate-in both the CAS and SAS.
e Switches should be tested for operation at least once every seven days.
e
0 58 I
Switches should not be installed on ferrous metal surfaces.
o l
e Access to associated wiring should be controlled to prevent adversary access.
7.
Breakwire Systems e
The wire used in a breakwire system should be no larger than 24 AWG, should not exceed four pounds in tensile strength, and should be capable of carrying a current of 60 milliamperes with a temperature rise of not l
more than 1 C.
e Breakwire systems should be used in conjunction with volumetric-type detectors to ensure adequate coverage of areas.
8.
Buried Lines Sensor Systems e
Should be capable of detecting an individual weighing more than 35 kilograms crossing the sensitive area of the system at a minimum speed of 1.15 meter per second whether walking, crawling, or rolling.
e Should employ techniques to eliminate nuisance alarms from wind and other adverse environmental phenomena.
l Should be installed in two separate parallel lines at a distance of 1.5 e
to 2 meters apart.
i e
All electronics and associated circuitry which is buried in the ground should be a durable, moistureproof, rodent-resistant material.
If installed in rocky soil, all rocks should be removed during backfilling e
l to prevent damage to sensors.
If the frostline exceeds 10 cm, a buried line sensor system should not j
l e
be used unless the soil is specifically prepared to eliminate freezing above the sensor.
l 9.
Capacitance Alarms Should be able to detect an intruder moving within 15 cm (6 inches) of 1
e the surface under protection or an intruder touching the surface while wearing a heavy insulated glove.
10.
CCTV Monitoring / Surveillance Should limit the number of monitors which one operator must observe to e
no more than six.
Monitors should be located such that control manipulation does not obstruct e
the observer's line of vision.
If one monitor is used to monitor more than one camera, an automatic o
interruptible timed sequence rotation should be used, Should limit the duty period for an observer to one hour and provide for e
a break period between monitoring duty periods.
Should provide for backt.,, monitoring capabilities when environmental e
conditions preclude visual surveillance via the monitors.
e Should provide sufficient detail of the area under surveillance to determine unauthorized activities within the area.
11.
CCTV Systemt l
e Should have~ "fficient resolution to adequately survey the area and 1
l remotely recognize unauthorized acts.
i Should be provided with adequate lighting levels.
e e
Should have no obstructions within the field of view.
o
-Should be monitored in the CAS and SAS.
Should be maintained on a schedule supported by mean-time-between-failure e
l (MTBF) data.
59 e
Video transmission mechanism should be isolated and protected from transients.
e For optimum monitoring, the maximum vertical viewing angle between the observer and the monitor is 30.
e For. optimum monitoring of sensitive areas, no more than four cameras should be automatically sequenced into one monitor, o
Automatic scanning of the MAA is not recommended unless areas of high sensitivity are constantly in the camera's field of view.
The transmission system should have a bandwidth and signal-to-noise ratio e
compatible with the camera.
e Renmmended interior lighting level is 50 fc or more.
Mon. tors used for personnel identification should be no smaller than 12".
e e
TV cameras should have a minimum of 525 lines per frame (2:1 interlace) with a 10 MHz bandwidth.
12.
Central and Secondary Alarm Stations e
The CAS should be located within the PA and within a building such that the interior of the alarm station is not visible from outside the PA.
e The CAS and SAS shoni:1 each have independent control of the security system in the event one alarm station is disabled.
e The CAS and SAS shoJ1d be designed with diversity and-redundancy such
[
that a single act cannot remove the capability of calling for assistance or responding to the alarm.
e Both alarm stations should be controlled access areas.
l Both alarm stations should be hardened with bullet-resistant walls, doors, e
l ceiling, floor and window or equivalent protection.
e Both alarm stations should be provided with duress alarms.
e Both alarm stations should monitor by CCTV vaults and process areas that contain SSNM that has not been alloyed or encapsulated.
e Alarm station operators should not be rotated from one station to the other without at least one 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> intervening shift.
o Alarm station activities should be limited to security functions and not include such activities as facility paging or telephone switchboard i
operations.
13.
Close Out Inspection by a Third Party Should be performed after any equipment maintenance or repair in areas e
designated as requiring close-out inspections.
i e
Should be performed by a technically competent individual who has not been involved in the repair or maintenance of the equipment.
Assignment of individuals performing close-out inspections should be e
rotated on a random basis.
Records should be maintained of close-out inspections which indicate e
date, time, individual performing inspection and result of inspection.
Inspections should be performed immediately following the task completion.
e 14.
Coded Credential Systems Credentials should be retained on-site when personnel leave the facility.
e The number of uniq'ue authorization and identification codes should be e
4 much larger than the number of personnel enrolled in the system to prevent successful entry through random encoding.
e Credentials used for MAA/VA access should be specially coded to specifically indicate MAA/VA access and supplemented by other documentation if the badge'is also used for granting PA access.
60 15.
Commercial Telephone System e
Should be used to augment.the~ facility security communication system, and l
not be used as a facility's primary security communication system.
e Should not be used to meet duress alarm requirements.
'16.
Contingency Plans and Procedures l
e Should meet the requirements of 10 CFR 73, Appendix C.
e Should include pre-established arrangements with local law enforcement agencies.
l e
Should provide a minimum of five guards to fulfill assessment and response requirements, o
Should delineate a command and control structure to ensure. proper execu-tion of the cor.tingency plan.
17.
Controlled Security Lighting i
e Should provide illumination of isolation zones and all exterior areas I
within the protected area at a level not less than 0.2 footcandle measured horizontally at ground level.
Safeguards credit may be oiven tnwards this provision if such measures as roof-mounted observation posts are used.
l e
Should be under the control of only authorized individuals and measures should be implemented which prohibit unauthorized access to the master controls of the security lighting system.
o Should illuminate areas such that entry attempts by intruders are discouraged or deterred and'the probability of intruder detection should entry be attempted is maximized.
Should ir.r.lude supplementary portable lighting or searchlights to permit s
exploration inside and outside the PA, and to backup fixed lighting j
systems during emergencies.
o Should provide protection for luminaries, supports, distribution systems and auxiliary equipment by locating them within the PA where they are not readily accessible.
Should be adequately maintained to assure lighting reliability.
e e
Should provide for operating procedures for use during both normal and emergency situations, e.
Further information is provided in NUREG/CR-1327, " Security Lighting Planning Document for Nuclear Fixed Site Facilities."
18.
Data Link Via Radio Frequency e
Should be able to operate on more than one frequency.
e Should be a coded transmission which is difficult to. compromise.
e Should not interfemwith on-site communications systems and vice versa.
e Should be able to operate unde environmental extremes encountered at the facility, e
Should not be made inoperable due to environmental interference such as j
lightning.
19.
Direct Line' Telephone / Intercom e
May be used for communication either between on-site forces or between on-site and off-site forces.
e Should be secured to prohibit unauthorized use.
e Should be used only in conjunction with an alternate communications system.
l e
Supporting hardware and cables should be installed as much as possible to l
prohibit unauthorized access to the hardware and cable, this would include
- such measures as installation of cable in buried conduit.
r
'e Should be performance tested at least once per shift if used for on-site communication-or at least once per day if used for off-site communication.
e Should not be considered as part of a duress alarm system.
___~ _-.
61 20.
Direct Monitoring / Surveillance e
Should provide unobstructed view of the entire area under surveillance.
- >;1ould provide adequate break periods to ensure a high level of concentration.
e Should be the sole responsibility of the-surveilling individual who e
should have no~ duties which distract from this function.
21.
Doors and Associated Hardware T
The door frame should be anchored to the wall to equal the penetration resistance of the wall and door, The locking mechanism should provide a penetration time comparable to the o
penetration resistance of the door.
o Hinges should be welded and located on the inside of the door, e
The door should be composite construction.
22.
Duress Alarms e
Should be located at all manned access contrc1 points or guard stations within the PA boundary and in both the Cent J Alarm Station and Secondary Alarm Station.
e Should annunciate in both alarm stations.
e Should be installed and located such that an alarm can be initiated in a covert manner.
e Should not annunc.iate locally.
Should be performance tested at the beginning of each security personnel e
work shift.
e Alarm annunciation should discriminate between duress alarm locations.
Should not be comprised of commercial or direct line telephone systems.
s 23.
E-Field Fence Systems Should be able to detect an individual weighing a minimum of 35 kilograms e
at least 0.5 meter from the sensing wire whether crawling and rolling under the lower sensor wire, stepping and jumping between the field and sensing wires, or jumping over the top sensing wire of the system.
Both the field and sensing wires should be supervised to prevent the e
unom.ected cutting or bypassing of the system through electronic or clandestine means.
The system should employ techniques to minimi::e alarms caused by high e
winds, thunderstorm-related electrical phenomena, and small animals.
e The E-Field sensor should consist of a mini.num of one field wire and two sensing wires.
One sensing wire should be located no more than 0.45 meter above ground, the second sensing wire should be located approximately 2.6 meters above ground and the field wire located between the two sensing wires at a height.of approximately 1.5 meters.
e The surrounding terrain within 3 meters of the E-Field wires should be free of all shrubs, trees, and undergrowth.
The control unit should be well grounded using a 1 meter or longer grounding e
rod or equivalent electrical ground.
When mounted to a chain link fence, the fence should also be well grounded approximately every 23 meters using a 1-meter or longer grounding rod or equivalent electrical ground.
24.
Electret Fence System and Tilt Switch Fence Systems e
Should only be used as a secondary or backup perimeter intrusion alarm system when other types of perimeter alarm systems (see R.G. 5.44, Perimeter Intrusion Alarm Systems) do not operate properly in the environment and after the NRC's approval has been received.
j
62 If an Electret Fence System or Tilt Switch Fence System is approved for use, the system:
e Should detect an intruder weighing more than 35 kilograms attempting to climb the fence.
e Should detect any attempt to cut or lift the fence more than 15 cm above grade.
Should not generate false alarms due to wind vibration of the fence from e
a wind force of up to 48 kilometer / hours.
25.
Emergency Access Procedures e
Emergency access procedures should be initiated from alarm equipment only accessible from within the facility.
e Emergency access should require approval from the security operations center.
e Entry point control personnel should be notified in advance of arrival of emergency vehicle and personnel so that they may verify vehicle description and number of emergency personnel requiring access.
e Once within the facility all emergency vehicles and personnel should
)
be under guard escort.
26.
Emergency Battery System o
Should be located within a controlled area.
e Should be rechargeable.
Should be designed to carry the required load until input power can be restored.
This should be a minimum of eight hours.
e Should be functionally tested once a week.
e Switchover to the EBS should provide an indication in the CAS/SAS.
27.
Emergency Evacuation Procedures e
Shoula be initiated only from within the facility.
l e
Should be tested once every six months.
e Should evacuate personnel to controlled holding areas.
Should include briefing of personnel on exit routes and procedures.
e Should include effective screening for personnel exiting MAA's.
e e
Should include security surveillance of evacuation routes.
e Evacuation routes should be conspicuously marked.
l 28.
Emergency Exits Should be locked to prevent entry from the outside.
l e
Should be alarmed to provide both local visible and audible alarm e
annunciation and alarm annunciation in the CAS/SAS.
Should empty into controlled access areas.
e Should be composite construction.
e e
Should be tested at least once every seven days.
J9.
Emergency Generator System Should be designed to carry the required load until input power is e
restored after a commercial or normal power failure.
Should be capable of operating for 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> on a full fuel tank, e
e Should be functionally tested at least once per week.
e Should be located
' thin a controlled area.
e Fuel tanks should be maintai ed at full level.
l
63 30.
Equipment Checks / Maintenance e
All equipment checks / maintenance should be authorized and scheduled by.
~
facility management.
e
.Close-out inspections should be performed by individuals trained in the operation and performance of the equipment.after equipment maintenance has been accomplished.
e Records should be kept of regular maintenance inspections, requests for service, repairs, adjustments, replacements, or additions to equipment, including records of trouble calls indicating date of call and nature of repairs completed.
e Yearly audits should be perforned of the checks and maintenance program.
e Records of performance audits'should be retained five years.
31. Escorts A numbered picture badge identification subsystem should be used for all e
individuals authorized access to the protected area without escort.
e An individual not employed by the licensee but who requires frequent and extended access to protected, material access, or vital areas may be l
authorized access to such areas without escort provided that he receives a picture badge upon entrance into the protected area and returns.the badge upon exit and that the badge indicates (1) non-employee - no escort required,-(ii) areas to which access is authorized and (iii) period for which access is authorized.
e
' All vehicles, except designated licensee vehicles requiring entry to the protected area should be escorted by a member of the security organiza-tion while within the protected area.
e Individuals not permitted by the licensee to enter protected areas without escort should be escorted by a watchman, or other individual designated i
by the licensee while in the protected area and shall be badged to indicate that an escort is required.
In addition, the individual should be required to register his name, date, time, purpose of visit and employment affilia-tion, citizenship and name of the individual to be visited.
32.
Explosive Detectors - Hand Held, Package Search e
At the point of access into the protected area all hand carried packages should be searched for explosive devices except packages. carried by persons having a-NRC or DOE access author 1zation which shall be searched on a random basis when the person carrying them is selected for. search.
e All packages and material for delivery into the protected area should be searched on a random basis for explosives prior to admittance to the PA except those Commission approved' delivery and inspection activities specifically designated by the. licensee to be carried out within material i
access, vital, or protected areas for reasons of safety, security, or-operational necessity, o
Explosive detectors ~ should be capable of detecting with at least a 90%
effective detection rate dynamite, TNT and similar nitrogen-containing compounds in-a minimum amount of 200 grams. The false alarm' rate should not exceed 1% when the' detector sensitivity is adjusted 'to this detection level.
e Operators should be trained and tested in proper search techniques and explosives recognition.
e The area used for conducting the search should be environmentally con-trolled to minimize: false alarms due to such factors as cigarette smoke.
e The detector should be tested for operation using a calibration standard at least at the beginning of each shift.
t F
y
.--e
l l
l l
64 33.
Explosive Detectors, Hand Held, Personnel Search Should have the same detection capability as volume or walk-through e
explosives detectors.
e Should be conducted its a controlled environment such that factors which might cause a false alarm, e.g., cigarette smoke, scented toiletries, are kept to a minimum.
Search personnel should receive written instruction and testing on search e
procedures and identification of contraband.
l Should be a thorough search covering all parts of the body.
e 1
34.
Explosive Detector - Hand Held, Vehicle Search e
Should be capable of detecting, with at least a 90% effective detection rate, dynamite, TNT, and similar nitrogen-containing compounds in a minimum amount of 200 grams.
i e
Should be conducted in a remote area " clean" of material which might cause false alarms.
Should require that the vehicle motor be switched off during the search e
and the vehicle operator be removed from the area and searched prior to vehicle search.
Search personnel should receive written procedures in proper search e
techniques and in identification of contraband items.
e A Level I search of vehicles desiring entrance to pas should be conducted as a minimum.
A Level I search includes a general examination of a j
vehicle's main compartments (engine, truck, cargo, passenger, cab, undercarriage, etc.) and may be supported with the use of a Special Nuclear Material detector and/or explosive detector.
Failure of the vehicle to pass this search could result in certain alternatives (access denial, arrest, Level 2, 3, or 4 searches or impoundment as appropriate.
See NUREG 0484, Vehicle Access and Control Planning Document).
E.
36.
Explosive Detector, Volume. Walk-Throuuh Explosive searches should have the capability of dotecting, with at least e
90% effective detection rate, dynamite, TNT, and similar nitrogen-containing '
compounds in a minimum amount of 200 grams (see Appendix, R.G. 5.7,
" Entry / Exit Control for Protected Areas, Vital Areas, and Material Access Areas.)
Should be mounted in a booth or similar structure to both confine personnel e
i during the explosive search and control atmospheric conditions as much as
- possible, e Should screen personnel on an individual basis.
Explosive searches using walk through detectors should be under the e
surveillance of a member of the guard force to prohibit attempts to toss or throw explosives through the detector.
37.
Fence Systems l
i e
If used as a physical barrier, should be constructed of No.11 American wire guage, or heavier wire fabric, topped by three strands or more of barbed wire or similar material on brackets angled outward between 30 and 45 from the vertical, with an overall height of not less than eight feet, including the barbed topping.
e Should be maintained such that the surface under the fence does not erode to the extent that access under the fence is permitted.
e Should be cleared of vegetation or obstructions which might interfere with assessment of the fence.
e Should not contain openings which are greater than or equal to 96 sq.
inches.
e Should be well' anchored-to supporting posts, especially at ground level.
l 65 38.
Floors, Rc'fs, Walls e
For alarm stations should be bullet-resisting.
i e
Should contain no openings, other than entry / exit portals, which will allow man-sized access, i.e., 96 sq. inches.
e May be considered physical barriers if constructed of stone, brick, cinder 4
block, concrete, steel or comparable material (openings in which are secured by grates, doors, or covers of construction and fastening of sufficient strength such that the integrity is not lessened by any open-j ing).
l e
MAA's used to process SSNM other than alloys, fuel elements, or fuel i
assemblies, shou'd be constructed with floors, roofs, and walls which provide significent delay to penetration by an " insider".
This means that all openings in the MAA barrier such as areas under doors, through s
fans, ventilation ducts, and pipe passthroughs that lead to an accessible area outside the MAA should be completely closed off or specially protected.
39.
Functional Zoning e
Should be used when the safeguards system can be modeled as a single zone or barrier, or concentric zones surrounding the SNM or VA with diverse safeguards within the zone (s) or at barriers.
e Work rules should be established so that a different class of employee controls each different type of safeguard, for example, performs one type of duty or function.
e Personnel should not be permitted to rotate duties between different groups durir.g one shift.
Should be formulated using facility site geometry, safeguards features, e
and personnel responsibility and capability information.
~ Should be easily veritied by security personnel.
e e
Rotations of assignments should not be predictable by participants in SNM movement / placement activities (that is, no participant should be able to pre' dict the time and/or nature of his next assignment until shortly 1
before reassignment becomes effective).
40.
Gates and Associated Hardware Penetration delay times of gates should be equivalent to that of adjacent o
barriers.
e The surface beneath the gate should be prepared such that erosion or corrosion does not provide passage under the gate.
e Positive control should be exercised over the gate at all times either through a locking mechanism or stationing a member of the guard force at the gate.
e Gates should be-located in full view of assessment 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> a day.
i Should operate under all. environmental conditions normally encountered at e
the facility.
41.
Guard Force Personal Equipment
- i e
Should include duress alarm and portable communication equipment.
' e
,The guard force should have available to them such weapons as handguns, shotguns and semiautomatic rifles.
A training and qualification plan should be implemented which ensures e
that' members of the guard force will be able to properly use the equipment.
i.
g, w
a w-me y,
4 w,
my--
w-n
~-
9--'w
66 Should be maintained through a regular testing and maintenance e
- program, Should be stored in a manner such that equipment is readily accessible if o
needed.
Should be protected through both physical and procedural means which o
prohibit unauthorized access to the equipment.
- 42. Guard Force Qualification An individual should not'be permitted to act as a guard, watchman, armed e
response person, or other member of the security organization unless such individual has been trained, equipped, and qualified to perform each assigned security job duty in accordance with Appendix B of 10 CFR Part 73, " General Criteria for Security Personnel ".
Physical security personnel, whether licensee or contractor employees, e
should be capable of demonstrating to the NRC at NRC request assigned duties and responsibilities in accordance with 10 CFR Part 73, " General Criteria for Security Personnel ".
Each guard, watchman, armed response person, or other aiember of the e
security organization, whether licensee or contractor employee, should requalify in accordance with Appendix B, 10 CFR Part 73 at least every 12 months.
Such requalification should be documented.
43.
Guard Patrols / Intervention Members of the guard force should be instructed on the use of force which e
may be used to counter unauthorized entrance attempts.
Procedures should be established which outline meisures to be taken in e
the event of stealthful or forceful entrance attempts.
A minimum of five guards should be available at the facility to fulfill e
assessment and response requirements.
Patrols should be random in nature and ir.clude unscheduled routes.
e Knowledge of specific assignments should be limited and controlled.
e Members of the guard force should receive prior training and testing e
in recognition of unauthorized conditions while patrolling.
44.
Guard Post Assignments e
Guard post assignments should be randomized.
e Advance knowledge of specific guard assignments should be limited.
Specific guard post assignments should be assigned to individual guards e
at the beginning of each shift.
45.
Hardwire Video Systems Should employ balanced line isolation transformers at the end of each e
line to minimize electromagnetic interference.
Should be designed such that excessive signal loss due to impedance e
mismatch is minimized.
Transmission lines should be contained within the protected area.
e Cabling and connections should be environmentally protected and sealed.
e See NUREG-0178, " Basic Considerations for Assembling a Closed Circuit e
Television System" for addit ional information.
46.
Infrared Beam Systems, Exterior Should be multibeam modulated type consisting of a minimum of three e
transmitters and three receivers per unit.
Should be capable of detecting an individual weighing a minimum of e
35 kilograms passing between the transmitters and receivers at a rate between 0.15 and 5 meters per second, whether walking, running, jumping, crawling, or rolling.
67 e
The system should be able to operate with the detection capability stated abose with a 13db insertion loss due to atmospheric attenuation (for example, fog) at maximum range (100 meters).
The system should be installed so that, at any point, the lowest beam is e
no higher than 21 cm above orade and the highest beam at least 2.6 meters above ground.
The beams should overlap such that an individual could not intrude between e
the beams and remain undetected.
The ground between infrared posts should be prepared to prevent tunneling e
under the lower beam within at least 15 cm of the surface.
e The maximum distance between transmitter and receiver should be selected to permit proper operation during conditions of atmospheric attenuation typical for the site, generally a maximum of 100 meters.
47.
Interface Between Alarm Stations and Sensors e
Transmission lines should be encased in conduit if installed underground.
e Should be shielded to protect against EMI.
Should be compatible with sensors and annunciation equipment to ensure e
that:
- 1) sensor stimulous will produce a signal transmission and 2) signal transmissions will produce an annunciation.
Should accommodate simultaneous alarms from all sensors on a given circuit.
e Should be designed such that one cut to a single transmission line will not e
disable more than 25% of the system.
l 48.
Isolation Zones Should be maintained in outdoor areas adjacent to the physical barrier at e
the PA.
Should be large enough to permit observation of the activities of people e
on either side of the PA barrier in the event of its penetration.
e Should not contain parking facilities.
Should be provided with illumination not less than 0.2 footcandle measured e
horizontally at ground level.
49.
K-95, Use of, Package-Vehicle Search K-9 should be used only if it can be shown to detect firearms or explosives e
with equal or greater confidence than existing alternatives, e
Because of the limit of duration of an animal's effectiveness, K-9s should be used only as a secondary aid in search procedures.
A set of trained and tested backup individuals or other detection devices e
or equipment should be immediately available to serve as a substitute in the event of an animal's illness or other sign of abnormal behavior.
e K-9 and handler should be recertified on a regular basis (at least yearly.)
e Only one handler should be assigned to one animal.
e Animal training should be updated on a regular basis.
e Animals should be kenneled away from odors that may impair sense of smell.
e The area used for the search should be isolated as much as possible to ensure the area is clear of odors or material which might impair the efficiency of the animal.
e Length of work shift should be regulated to ensure maximum detection sensitivity of the animal.
e Vehicle engine should be turned off during search.
68 All possible areas available for secreting explosives should be searched, e
for example, the under carriage, spare tire racks, wheel wells, hubcaps, etc.
The handler should receive substantial training in search procedures to e
be followed in the event of a find, and procedures in animal handling.
Records should be maintained pertaining to animal performance, retraining e
schedules, recertification schedules, etc.
50.
Local Audible or Visible Alarms e
All emergency exits in each protected, material access and vital area should be alarmed to provide local audible and visible alarms.
e All criticality alarms should provide local audible / visible alarms.
Local audible / visible alarms should provide an aural annunciation at e
least 15dB above ambient noise level at a distance 10 feet from the alarm.
Facility personnel should receive instructions in proper procedures to e
follow in the event of an alarm and tested to ensure an adeouate per-formance level approximately every six months.
The alarm should be reset only by a guard or authorized individual with e
CAS/SAS verification required.
51.
Locks (Keyed / Keyless) f All keys, locks, combinations, and related equipment used to control e
access to MAAs/VAs should be controlled to reduce possibility of compromise.
Whenever there is evidence that a key lock, combination, or related e
equipment may have been compromised, it should be changed.
Upon termination of employment of any employee, keys, locks, combinations, e
and related equipment to which that employee had access should be changed.
Electronic or mechanical keyless locks should have a key lock override o
which is controlled by upper level security management.
Locks should satisfy all applicable federal and industrial standards as e
referenced in Reg. Guide 5.12, " General Use of Locks in the Protection and Control of Facilities and Special Nuclear Materials."
The delay time used in the determination of acceptability is the penetra-e tion time associated with the composite arrangement of lock and enclosure or other structure securing the SSNM or its container.
Penetration times for locks can be obtained from the Barrier Technology Handbook (SAND 77-0777, Nov. 1977).
Generally, the penetration time used will be either (a) the penetration time for the lock or (b) the penetration time for bypassing the lock, whichever is less.
52.
Manual Alarm Recording e
True alarms, tamper indicating alarms, false alarms, and alarm checks 3aould be recorded.
e Should include the following information:
- 1) type of alarm, 2) time of annunciation, 3) source and location of alarm, 4) cause of alarm,
- 5) response to alarm.
Alarms should be recorded immediately following the response.
e e
The security shift supervisor should verify the log information.
All personnel responsible for logging alarms should receive training e
and testing in the procedure to ensure a satisfactory performance level.
- 53. Master (Fixed) Radi_o_
e Should be located in both the CAS and the SAS.
Should provide direct communication with offsite law enforcement authorities.
e e
Should transmit at a modulated frequency to minimize problems which might be caused by unauthorized transmissions.
e Should be able to operate on more than one frequency.
69 e
Should be able to communicate with off-site law enforcement authorities at all times including severe weather conditions.
e Should be performance tested not less than once a day.
e Should remain operable from independent power sources in the event of loss of normal power.
e Should have a backup means for communication with off-site forces in the event of failure of the master fixed radio.
54 Microwave Systems, Exterior e
Should be capable of detecting an intruder weighing a minimum of 35 kilograms passing between the transmitter and receiver at a rate between 0.15 and 5 meters per second whether walking, running, jumping, crawling, or rolling.
e The beam should be modulated-and the receiver should be frequency selective to decrease susceptibility to receiver capture.
e Should be installed on even terrain clear of trees, tall grass, or bushes.
Successive microwave links and corners should overlap at least 3 meters e
to eliminate the dead spot (areas where movement is not detected) below and immediately in front of transmitters and receivers.
The overlap of successive links should be so arranged so that receiver units are within the area protected by the microwave beam.
55.
Mobile Radio Should be able to operate on more than one frequency.
e e
Should transmit a modulated frequency to minimize problems which might be caused by unauthorized transmissions.
e Should be performance tested not less frequently than once at the beginning of each security persornel work shift.
e Should be secured to prohibit unauthorized access or unauthorized removal.
e Should have a range sufficient for all on-site communication but in general not less than two miles.
56.
Motion Detectors A.
Interior Infrared Systems Positioning of the sensor head such that it looks directly at intermittent e
2 sources of heat such as radiators, heating / cooling ducts, or ventilators should be avoided.
e The sensor head should be positioned such that the most likely path for an intruder is across the field of coverage rather than into it or away from it.
Should detect a small individual moving at a rate of 0.3 meter (1 foot) e per second or faster anywhere in the secured area.
o Should stabilize within 2 minutes after turn-on and be incapable of defeat by IR absorbent or reflective material placed between the intruder j
and IR heads.
e Should not false alarm if visible light strikes the IR head.
Should not be susceptible to changes in temperature due to a heating or e
air conditioning system being turned on or off.
B.
Interior Microwave Systems e
Should.not have located within its field of view, small moving metal objects such as hanging signs, venetian blinds, and fans or sources of electromagnetic energy, such as flourescent lighting.
i e
Adjacent units'should operate at different frequencies to avoid interference.
i
70 C.
Ultrasonic and Sonic Systems e
Should be rigidly mounted on a vibration-free surface.
e Should not be located near air ducts, fans, and loose fitting doors and
- windows, Transceiver-type units should be located so that the most likely intruder o
movements are either toward or away from the transceiver rather than l
perpendicular to the transceiver.
For optimum results, ultrasonic transceivers should be placed no higher e
than 2.5 meters (8 feet) above the floor.
Should detect a small individual moving anywhere in the secured area at e
l any velocity between 6 and 180 meters (20 and 600 feet) per minute in any position and direction.
57 Multiman Rule The multiman rule should be enforced anytime an individual is in an area e
j with special nuclear material or vital equipment.
l e
Is required for all MAAs.
e Persons operating under the multiman rule should work in full view of each other at all times and have sufficient knowledge of each other's j
tasks to detect any unauthorized activities.
Individuals should be randomly assigned to multiman teams at the beginning l
e l
of each shift.
58 Night Vision Devices e
May be used to augment guard force night-time assessment capabilities.
e Monocular viewers are preferable to binocular viewers to minimize fac1al illumination.
e Members of the guard force should receive formal training in use of night vision devices if they are included as part of his equipment.
59.
Pat-Down Search e
Both male and female guards should be available for conducting pat-down searches.
e Pat-down searches are normally conducted in conjunction with detection equipment after an alarm has been received using detection equipment.
e Should be a thorough search of the body sufficient to detect concealed contraband.
e Personnel should be required to open coats, remove hats, or raise arms to facilitate the search.
60.
Personal ID Numbers / Passwords e
Choice of numbers / passwords should be such that gaining access through a c
j random guess is-prevented.
e Numbers / passwords should be arbitrarily assigned to personnel.
e Access to codes assigned should be limited to a small number of management or security personnel on a need-to-know basis.
l e
Confidentiality of codes should be protected at all times.
61.
Photo Identification Badges o
Should be updated-on a periodic basis.
71 Personnel desiring access should be asked to remove articles (such as o
sungiasses) which may make facial comparison difficult.
Images should be of sufficient quality to allow the guard force to make e
meaningful comparisons.
e Should be difficult to reproduce.
62.
Physical Controls and Procedures for Keys, Locks, Combinations and Cipher Systems All keys, locks, combinations, etc.,should be stored in a controlled e
location with limited access.
e Should be under the control of one authorized individual plus one alternate.
A physical inventory of keys, locks, combinations, etc.,should be per-e formed at least once every six months.
A physical inventory should include recording of:
- 1) the total e
number of locks and corresponding keys and cards, 2) the number of key or cards issued and the number of keys or cards on har.2, 3) a comprehensive list of locks by ID numbers, their location, ID numbers of corresponding key or cards, and 4) a list of personnel authorized access to keys or cards, Issuance of keys, cards, etc., should be tightly controlled to include e
only those individuals required to use them to perform official duties.
l e
Issued keys should not be allowed off site.
o Combinations on locks should be changed:
- 1) when a lock appears to have been compromised or unauthorized access to the immediate area is suspected,
- 2) when there is duty reassignment or termination of personnel having access to the lock and 3) routinely at least once a year.
63, Portable Radio Should be able to operate on more than one frequency.
e e
Should transtr,a modulated frequency to minimize problems which might be caused by unauthorized transmissions.
Should be performance tested not less frequently than once at the beginning e
of each security personnel work shift.
Should have a range sufficient for all onsite communication situations, e
but not less than.5 mile.
Should include training in proper use of the portable radio which includes e
identification of authorized transmission techniques.
Positive Personnel Identity Verification - Fingerprint, Handwriting, 64.
Hand Geometry, Voice Print The personnel reference file used by the identifier should be kept in a e
secure location.
Backup verification procedures should be available in the event of equip-e ment failure or inability to identify an individual.
False acceptance rate for the identifier should be less than 1%.
o The identifier should detect successive failures of one individual and e
provide indication to security personnel when this occurs.
The identifier should have an anti-passback feature to prohibit more e
than one individual from gaining access through the same " credentials".
The identification area should be observed when occupied either direc*1v e
or through CCTV.
65.
Response Vehicles Designated licensee vehicles should be limited in their use' to on-site o-plant functions and should remain in the protected area except for operational, maintenance, security, and emergency purposes.
The licensee should exercise positive control over all designated e
licensee vehicles' to assure that they are used only by authorized persons and for authorizcd purposes.
72 e
All corrective and preventive maintenance will be rerformed on-site by facility mechanics and replacement parts kept in stock at all
- times, e
Locations where response vehicles are housed should be chosen based upon tactical considerations.
66.
Sallyports, Pedestrian Should have equal or greater penetration resistance than adjacent barriers.
e Should contain personnel being screened or searched until procedures are e
completed and access authorized.
Should require positive action by EECP operator to permit MAA/VA access.
e Should have design features which prohibit personnel from gaining access e
through "piggybacking."
Should contain features for communication between individuals within the e
sallyport and individuals located outside the sallyport.
Should be under the surveillance of a member of the guard force.
e Provisions should be made for emergency conditions under which emergency e
access or egress is required.
Only one individual at a time should be screened within the sallyport.
o Provisions should be made to ensure access / egress in the event of e
failure of the portal drive mechanism.
67.
Sallyports, Vehicular Should operate under all environmental conditions normally encountered at e
the facility.
Should be of sufficient size to contain vehicular traffic normally requiring e
access to the PA/MAA.
Inner sallyport gates should be locked and contain the vehicle and e
driver until both have been screened or searched.
Should be under the surveillance of a member of the guard force while in e
use.
Should provide equal or greater resistance to penetration than adjacent e
barriers.
68., 69.
Shielding Detectors - Volume. Walk through e
Should be capable of detecting with at least a 907 effective detection rate a minimum of 100 grams of nonferrous metal (shielding) concealed anywhere on an individual.
e Personnel being searched should be free of metal.
e Only one person should be searched at a time.
e The area used for conducting the shielding material search should be free of moving metalic parts and sources of electromagnetic energy wnich might cause false alarms in the unit.
Volume-type units should detect shielding material anywhere within its e
volume, i.e., no motion through a field is necessary.
e Routine and preventive maintenance should be performed +o assure continued and proper functioning of equipment at all times.
Should be tested using a calibration standard at least at the beginning e
of each work shift.
e Walk-through type units should detect shielding material as it moves through the detector field, i.e., motion through the field is necessary for detection.
73 70 SNM Containers e
Should limit the form of SNM within to a subcritical size.
Should provide integrity such that SNM is not released unintentionally, e
does not build up excessive internal gas pressures, and does not pose a combustion hazard.
Containers used w/gloveboxes should be free of burrs or sharp edges that e
could puncture gloves or plastic bags.
When relied upon to provide delay, e
the SNM containers should be lockable.
Penetration time associated with the container, or its lock, should correspond to penetration techniques which do not also destroy the usefulness or accessibility of the material contained within.
- 71., 72.
SNM Detectors - Hand Held, Package Search, Personnel Search e
All vehicles, materials, and packages, including trash, wastes, tools, and equipment exiting from a material access area should be searched for concealed SSNM by a team of at least two individuals who are not authorized access to that material access area.
e Areas used for screening exiting material should be controlled access areas and separated from processing and storage areas.
e SNM detectors used for package / personnel search should be capable of detecting plutonium, uranium-233, or uranium enriched to 90% in the uranium-235 isotope in accordance with the testing and operational requirements of R.G. 5.27, "Special Nuclear Material Doorway Monitor".
e The detector operation should be tested with a calibration standard at least at the beginning of each work shift.
e Members of the guard force should be instructed and tested in proper search techniques.
e Each individual exiting a material access area should undergo at least two separate searches for concealed SSNM.
For individuals exiting an area that contains only alloyed or encapsulated SSNM, the second search may be conducted in a random manner.
73., 74.
SNM Detectors, Volume, Walkthrough e
Doorway monitors used to detect plutonium should be capable of detecting a minimum of 0.5 gram of plutonium-239 encased in a minimum of 3mm of brass at a 90% confidence limit.
The false alarm rate should be less than 0.1%.
Doorway monitors used to detect uranium-233 should be capable of detecting e
within 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> of purification a minimum of 1 gram of uranium-233 contain-ing between 7 and 10 ppm of uranium-232 encased in a minimum of 3 mm of brass at a 90% confidence limit. The false alarm rate should be less than 0.1%.
Doorway monitors used to detect uranium-235 should be capable of detecting e
a minimum of 3 grams of uranium-235 contained in uranium enriched to 20%
or more in the uranium-235 isotope encased in a minimum of 3mm of brass at a 50% confidence limit.
The false alarm rate should be less than 0.1%.
e Detector elements should be designed and positioned so that detection sensitivity is as uniform as possible over the detection area, in no case should any areas where SNM is not detectible be permitted.
e Power, sensitivity, and other controls of the doorway monitor should be tamper-safed when unattended.
74 e
Signal lines connecting alarm relays to the alarm monitor should be supervised.
Doorway monitors should be used in locations of minimum background and e
minimum background fluctuation.
e Doorway monitors should be tested by passing an appropriate calibraticn source through the doorway monitor no less frequently than once per day.
In addition, a functional perfonnance test shoulrl be carried out at least once per week. Acceptable functional test procedures are discussed in Appendix A, to R.G. 5.27, "Special Nuclear Material Doorway Monitors".
e Operating instructions should be posted near the doonvay monitor, if attended, or at the monitoring point if the doorway is unattended which clearly indicate the procedures for use of the doorway monitor and the procedure for setting thresholds, if appropriate.
In addition, the operating instructions should indicate what corrective action is to be i
taken and who is to be notified in the event of a malfunction 75.
SNM Holding / Storage Area e
Enriched uranium scrap (enriched to 20% or greater) contained in 30 gallon or larger containers with a uranium-235 content of less than 0.25 grams per liter may be stored within a locked and separately fenced area
)
within a larger protected area provided that the storage area fence is no closer than 25 feet to the perimeter of the protected area.
e SSNM other than alloys, fuel elements or fuel assemblies should be kept in locked compartments while undergoing processing except when personally attended.
e SSNM other than alloys, fuel elements or fuel assemblies that can be used directly in the manufacture of a nuclear explosive device should be stored in a vault when not undergoing processing.
e Unoccupied storage areas for enriched uranium scrap should be protected by a guard or watchman who should patrol at intervals not exceeding 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> or by intrusion alarms.
76.
SNM Identification / Authorization Procedures e
Delegation of SNM removal identification / authorization and schedules should be made in writing e
Schedules for authorized removal of SNM should include:
- 1) type and quantity of SNM to be removed, 2) time of removal, and 3) person (s) f authorized to remove the material.
e Containers and items containing SNM should be clearly labeled as to type and quantity, be uniquely identified and be tamper sealed.
Transfer. documents authorizing material removal should be pre-numbered e
and controlled.
The -identity of personnel removing SNM should be positively verified.
e-77.
SNM Liquid and Solid Waste Handling procedures Areas used for preparing SNM waste for removal from a material access e
area should be isolated from material processing and storage' areas and designated as controlled' access areas.
Prior to exiting an MAA all SNM waste containers should be drum scanned e
y
--i-ye--
ya n
ty
-ya yy-py-
-m+
t-y-
s-wpn
-+----+,-,w-u:-
-7 M-
75 or subjected to some other means of assay by at least two individuals working and recording as a team who do not have access to material processing and storage areas.
e At the point of collection, SNM solid waste should be searegated accord-ing to the type of assay required and packaged separately in tamper-sealed containers.
e Each completed package prepared for removal should be weighed individually and recorded.
e Prior to removal from the MAA, portal security should check: 1) container integrity, 2) seal identification number, 3) manifest information, 4) verification of transfer authorization and schedule, and 5) identity of persons authorized to remove waste.
j e
Procedures should be established to provide for the condition when assay l
indicates a quantity of SNM higher than an acceptable quantity.
l e
See R.G. 5.57, " Shipping and Receiving Control of SSNM" for additio:ial infomation.
i 78.
SNM Scrap Removal procedures e
Areas used for preparing SNM scrap for removal from a MAA should be isolated from material processing and storage areas and be designated as a controlled access area.
e At its point of generation, SNM-bearing scrap should be segregated into categories according to assay type and scrap recovery method and then packaged separately in tamper-indicating sealed primary containers.
e Each completed package prepared for removal should be weighed and its weight recorded.
e SNM scrap being prepared for shipment off-site should be packed and placed in tamper-indicating sealed shipping containers while under the observation of at least two individuals working as a team who shall verify and certify the contents of each shipping container through witnessing of gross weight measurements and non-destructive assay or sampling as appropriate.
e Upon removal from the MAA, portal security should check the following:
- 1) container integrity, 2) seal identification numbers, 3) shipping manifest information, 4) verification of transfer authorization and schedules, 5) identity of persons authorized to remove SNM scrap.
79.
SNM-Shipping / Receiving Procedures e
Areas used for prepar.ing SSNM for shipment should be-separated from processing and storage areas and be designated as controlled access i
area.
o SSNM being prepared for shipment off-site should be packed and placed j
in sealed containers while under the observation of at least two
?
individuals who should verify and certify the contents of each shipping container through witnessing gross weight measurements and non-destructive assays as appropriate.
e SSNM to'be shipped or received should be under continuous surveillance during transfer between storage and carrier.
e The identity of the carrier should be positively verified prior to per-mitting access to the protected area.
e There should be a sufficient number of armed security personnel and equipment at the tiansfer point to effectively implement contingency plans if the need arises.
e See R.G. 5.57, " Shipping and Receiving Control of SSNM" for additional information.
76 l
l l
80 Tamper-Indicating Circuitry s'
For most security operations it is recommended that a.c. and d.c. line l
supervisory units provide an alarm response at the annunciator in no more l
than 1 second as a result of:
l (a) 5% or greater change in normal line current when it consists of direct current from 0.5 milliamperes to 30 milliamperes.
(b) 10% or greater change in normal line current when it consists of direct current from 10 microamperes to 0.5 milliamperes.
(c) 5% or greater change of any component (s) (a.c. or d.c. voltage or i
current, a.c phase or frequency duration) in a complex signal upon l
which the security integrity of the system is dependent (for frequencies l
up to 100 HZ), or j
(d) 15% or greater change of any component (s) (a.c. or d.c. voltage or l
current, a.c. phase, or frequency duration) in a complex signal upon which the security integrity of the system is dependent (for i
frequencies above 100 Hz).
e Tamper switches should be used to protect all enclosures for equipment.
e Tamper indicating devices 'should remain in operation even through the system itself may be placed in the access mode.
e All sensitivity controls should be located within tamper-resistant i
enclosures.
e If processing electronics is separated from the sensor elements and not
{
located within the detection area of the sensor elements, the signal lines linking the sensors to the processing electronics should also be supervised.
81 Tamper Indicating Seals and Tamper Seal Inspection e
Seals should meet standards described in Section C. of R.G. 5.10,
" Selection and Use of Pressure-Sensitive Seals on Containers for On-site Storage of Special Nuclear Material."
e Seals should be resistant to environmental deterioration.
e Seals should be difficult to counterfeit.
82 Team Zoning Work rules should limit the ability of one pair of employees,to, work,
o together in only one zon,e or on only one type of safeguard witnin a given period of time.
Work rules should hinder safety systems or responses to emergencies as e
little as possible.
e Team zoning should be enforced through the use of entry portal safeguards systems and surveillance to assure teams remain together.
e Work rules should be based upon site geometry, safeguards features, and information on personnel responsibilities and capabilities.
l e
Personnel should not be allowed to rotate between teams on a frequent basis, that is, more than once per week.
83.
Uninterruptible Power Systems e
Should be located within a protected area.
o Should be designed to carry the required load until input power is restc+eu.
e Should be functionally tested once per week.
77 84.
Vaults Should be capable of preventing entry to stored SSNM by a single action e
in a forced entry attempt except if the action would destroy the vault barrier and make the contained SSNM incapable of being removed and shall provide sufficient delay to prevent removal of stored SNM prior to arrival of response personnel capable of neutralizing the design basis threat of 10 CFR Part 73.1.
e Should be windowless.
e Should be under the surveillance of closed circuit television that is monitored in both alarm stations.
An individual other than an alarm station operator should be present at e
or have knowledge of access to unoccupied vaults.
85.
Vibration Sensors e
Should be rigidly mounted on vibration-free surfaces.
Should alarm when three to six blows to the surfaces protected by the o
sensors are made by a one pound hammer or weight.
86.
Visual Inspection, Package Search Individuals performing the search should receive written training in e
identifying explosive or incendiary devices.
The interior of all packages should be inspected if the package does not e
have associated paperwork which verifies its authorization for entrance to the MAA/VA.
87.
Visual Inspection, Vehicle Search Search personnel should receive written instructions in proper search e
techniques which include information on contraband identification.
e As a minimum, a Level I type of search should be conducted.
This includes a general examination of a vehicle's main compartments, (engine, truck, cargo, passenger, cab, undercarriage, etc.) and may be supported with the use of a special nuclear material detector and/or explosive detector.
Failure of the vehicle to pass this search could result in certain alternatives (access denial, arrest, Level 2, 3, or 4 searches, or impoundment as appropriate.
See NUREG 0484, " Vehicle Access and Control Planning Document.")
- 88. Weapons-Handguns, Semiautomatics, Shotguns Should be provided for use in accordance with 10 CFR 73, Appendix B, e
Section 7.
e Personnel who may be required to use firearms in the execution of their l
assigned duties should be qualified and requalified in accordance with 10 CFR 73, Appendix B, Section V.
e Should be stored in a manner that will permit ready access if required and prohibit unauthorized access.
e Ammunition to support the use of weapons should be stored in the same l
manner as the weaponry itself.
e Should be tested and maintained to ensure proper operation at all times.
Weapons should be operationally tested at least once per week.
e Storage areas should be strategically located to take into account diversity of location and susceptibility to attack.
.78 89.
Weapons Detectors, Hand Held, Personnel Search e
snoula have the same detection capability as volume or walk-through weapons detectors.
e Should be capable of discriminating between typical firearm and non-firearm masses of metal.
e Should be a thorough. search covering all parts of the body.
e Search personnel should receive written instructions and testing on search methods and identification of contraband.
90., 91. Weapons Detectors, Volume, Walk-through Weapons detectors used for firearms searches should be capable of detecting with at least an 85% effective detection rate one of the following located anywhere on an individual:
(1) Colt.25 automatic, (2) Titan.25 automatic, 1
(3) General Precision Model 20.22 caliber, (4) CDM.22 short, or (5) the calibration standard specified in NILECJ-STD-0601.00, " Walk Through Metal Detectors for Use in Weapons Detection." The false alarm rate should not 1
exceed 10% when adjusted to the detection level specified above.
(See 1
Appendix A, R.G. 5.7, Entry / Exit Control to Protected Areas, Vital Areas, and Material Access Areas.)
Should not be located near moving metalic parts or in the vicinity of e
electromagnetic field which might produce false alarming in the detector.
This includes RF transmissions by guard force communication equipment.
I Personnel should be encouraged not to carry or wear articles that may I
j e
cause a detector to alarm.
Walk-through detectors should be monitored by a member of the guard force e
to prohibit the tossing or pass through of material.
92.
Windows and Associated Hardware e
Should be bullet-resistant in the CAS/SAS.
Should provide equivalent or greater delay time than surrounding walls.
e e
Should be located so that the interior of the central alarm station is not visible from outside the PA.
93.
X-Ray Package / Container Search The X-ray search system should be compatible with maximum package dimensions o
encountered.
Individuals involved in the search should receive written training in e
weapon, explosives, and bomb recognition.
l i
[mu 335 U.S. CUCLEAD ME EULATORY COMMISSION BCLIOGRAPHIC DATA
- SHEET NUREG-0721 TLE AND SUBTITLE & dad VWume No.,if apprepnerr)
- 2. (Leeve e/mi fcptanca Criteria for the Physical Protection Upgrade Rule tuirements for Fixed Sites
- 3. RECIPLENT3 ACCES$10N NO.
\\
iTHoRU)
- 5. D ATE REPORT COMPLETED MonTM l YEAR
,Dwyer September 1980 EGFORMING ORG ANIZATION NAME AND MAILING ADDRESS //ncluoe 2,p Cooel DATE REPORT ISSUE 0 bulatory Improvements Branch uouTw l YEAR ision of Safeguards, NMSS September 1980 Nuclear Regulatory Commission 6.(Leave clea*>
hington, D.~C.
20555
- 8. (Lsave Donakl SPONSORING ORG ANIZ ATION N AME AND MAILING ADDRESS //ncluoe Zep Coorl
/ision of Safeguards
- 10. PROJE CTfT ASK/ WORK UNIT NO PPSAS # 222443 fice of Nuclear Material Safety and Safeguards
- 13. CONTRACT NO S Nuclear Regulatory Commission ihington, D.C.
20555 N/A TYPE OF REPORT eE AICD C OV E RE D (/nc/dstre onfFs/
l
[ormation Guide pVPP"EMENTARY NOTES
- 14. (Leave o'an * /
l BSTR ACT C00 svords'or less)
A s document has been developed as a tool to assist in providing consistent evaluation of traded physical security plans submitted in respo,nse to the Physical Protection Upgrade e, effective March 25, 1980.
It presents a means for assuring licensee compliance
,h every regulatory requirement of particular significance to the protection of the
'lic health and safety. Acceptance criteria are included to determine the extent which each licensee meets the regulatory requirements. The format parallels ulatory Guide 5.52, " Standard Format and Content of a Licensee Physical Protection n for Strategic Special Nuclear Material at Fixed Sites (Other Than Nuclear Power nts).
- EY WOMOS AND DOCUMENT AN ALYSIS 17a. OESCRIFTORS aptance criteria, bical Protection Upgrade Rule I
IDENTIFIE RS/OPEN EN DE D TERMS V AILABILITY STATEMENT
- 19. SE CUR TY CLASS (Thss repor:1 '
21 NO, OF DAGES U
78 kmited 2o SEcVRIM PASS (Dis per/
22 PRICE t
s 7 -..,m n -u
_ _ _ _ _ _