PLA-5758, Use of Encryption Software for Electronic Transmission of Safeguards
| ML041590396 | |
| Person / Time | |
|---|---|
| Site: | Susquehanna  |
| Issue date: | 05/27/2004 |
| From: | Shriver B Susquehanna |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| PLA-5758 | |
| Download: ML041590396 (1) | |
Text
%
Bryce L. Shriver PPL Susquehanna, LLC Senior Vice President and 769 Salem Boulevard Chief Nuclear Officer Berwick, PA 18603 pp Tel. 570.542.3120 Fax 570.542.1504I blshriver~pplweb.com P
MAY 2 7 200 U.S. Nuclear Regulatory Commission Attn: Document Control Desk Washington, DC 20555-0001 SUSQUEHANNA STEAM ELECTRIC STATION USE OF ENCRYPTION SOFTWARE FOR ELECTRONIC TRANSMISSION OF SAFEGUARDS INFORMATION Docket No. 50-387 PLA-5758 and 50-388
References:
- 1) 10 CFR 73.21, "Requiremzents for the Protection of Safeguards Infonnation "
- 2) NRC Regulatory Issue Sunmmary 2002-15, "NRC Approval of Conzmnercial Data
- Encrption Systems for the Electronic Transmission of Safeguards Infonnation Pursuant to the requirements of 10 CFR 73.21(g)(3)j PPL Susquehanna, LLC (PPL) requests approval to process and transmit Safeguards Information (SGI) using PGP Software (Enterprise, Corporate, or Personal) Desktop Version 8.0 or the latest validated version, developed with PGP SDK 3.0.3. National Institute of Standards and Technology Certificate 394 validates compliance of this SDK with FIPS 140-2 requirements.
An information protection system for SGI that meets the requirements of 10 CFR 73.21(b) through (i) has been established and is being maintained. Prior to the first use of encryption software for SGI material, written procedures shall be in place to describe, as a minimum: access controls; where and when encrypted communications can be made; how encryption keys, codes and passwords will be protected from compromise; actions to be taken if the encryption keys, codes or passwords are, or are suspected to have been, compromised (for example, notification of all authorized users); and how the identity and access authorization of the recipient will be verified.
PPL intends to exchange SGI with the NRC, Nuclear Energy Institute (NEI), and other SGI holders who have received NRC approval to use PGP software. Mr. Brian P.
McBride, Security Support Supervisor, is responsible for the overall implementation of the SGI encryption program at PPL. Mr. Brian P. McBride, Security Support Supervisor, is also responsible for collecting, safeguarding, and disseminating the software tools needed for encryption and decryption of SGI.
Document Control Desk PLA-5758 Pursuant to 10 CFR 73.21(g)(3), the transmission of encrypted material to other authorized SGI holders, who have received NRC approval to use PGP software, would be considered a protected telecommunications system. The transmission and dissemination of unencrypted SGI is subject to the provisions of 10 CFR 73.21(g)(1) and (2).
Should you have any questions or require additional information, please contact Mr.
Brian P. McBride, Security Support Supervisor, at (570) 542-3977 Sincerely, A
4 Bryce L. Shriver Copy: NRC Region 1 R. Guzman, NRC Project Manager S. Hansell, NRC Sr. Resident Inspector R. Janati DEP/BRP S. Morris, NRC Nuclear Security and Incident Response L. Silvious, NRC Nuclear Security and Incident Response L. Grosman, NRC Office of Chief Information Officer J. Davis, NEI