IR 05000331/2014403: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
| Line 3: | Line 3: | ||
| issue date = 05/14/2014 | | issue date = 05/14/2014 | ||
| title = Temporary Instruction 220/004, Inspection of Implementation of Interim Cyber Security Milestones 1-7, IR 05000331-14-403 | | title = Temporary Instruction 220/004, Inspection of Implementation of Interim Cyber Security Milestones 1-7, IR 05000331-14-403 | ||
| author name = Daley R | | author name = Daley R | ||
| author affiliation = NRC/RGN-III/DRS/EB3 | | author affiliation = NRC/RGN-III/DRS/EB3 | ||
| addressee name = Anderson R | | addressee name = Anderson R | ||
| addressee affiliation = NextEra Energy Duane Arnold, LLC | | addressee affiliation = NextEra Energy Duane Arnold, LLC | ||
| docket = 05000331, 07200032 | | docket = 05000331, 07200032 | ||
| Line 18: | Line 18: | ||
=Text= | =Text= | ||
{{#Wiki_filter: | {{#Wiki_filter:May 14, 2014 | ||
==SUBJECT:== | |||
DUANE ARNOLD ENERGY CENTER TEMPORARY INSTRUCTIO N 2201/004, "INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1 - 7" INSPECTION REPORT 05000331/2014403 | |||
==Dear Mr. Anderson:== | ==Dear Mr. Anderson:== | ||
On April 11, 2014, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at your Duane Arnold Energy Center. The inspection covered the interim cyber security Milestones 1 - 7 of the security cornerstone. The enclosed inspection report documents the inspection results, which were discussed on April 11, 2014, with you and other members of your staff. The inspection examined activities conducted under your license as they relate to cyber security and compliance with the Commission's rules and regulations and with the conditions of your license. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel. | On April 11, 2014, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at your Duane Arnold Energy Center. The inspection covered the interim cyber security Milestones 1 - 7 of the security cornerstone. The enclosed inspection report documents the inspection results, which were discussed on April 11, 2014, with you and other members of your staff. The inspection examined activities conducted under your license as they relate to cyber security and compliance with the Commission's rules and regulations and with the conditions of your license. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel. | ||
Two NRC-identified finding of very low significance (Green) were identified during this inspection. The findings were determined to involve violations of NRC requirements. Further, one licensee | Two NRC-identified finding of very low significance (Green) were identified during this inspection. The findings were determined to involve violations of NRC requirements. Further, one licensee-identified violation which was determined to be of very low significance (Green) is listed in Section 4OA7 of this report. The NRC is treating these violations as Non-Cited Violations (NCVs) consistent with Section 2.3.2 of the Enforcement Policy. | ||
-identified violation which was determined to be of very low significance (Green) is listed in Section 4OA7 of this report. The NRC is treating these violations as Non | |||
-Cited Violations (NCVs) consistent with Section 2.3.2 of the Enforcement Policy. | |||
However, in accordance with the Security Issues Forum (SIF) | However, in accordance with the Security Issues Forum (SIF) | ||
Charter, the NRC may exercise enforcement discretion during inspection of the interim cyber security measures for licensees who demonstrate a "good | Charter, the NRC may exercise enforcement discretion during inspection of the interim cyber security measures for licensees who demonstrate a "good-faith interpretation and attempt to implement" Milestones 1 - 7. This discretion applies to licensees who have tried to implement the new requirements, but failed to be in full compliance. Before discretion is considered or granted for any issue, licensees must accept the finding, put the finding into their Corrective Action Program (CAP), and take appropriate corrective action once identified. | ||
-faith interpretation and attempt to implement" Milestones 1 - 7. This discretion applies to licensees who have tried to implement the new requirements, but failed to be in full compliance. Before discretion is considered or granted for any issue, licensees must accept the finding, put the finding into their Corrective Action Program (CAP), and take appropriate corrective action once identified. | |||
These issues were discussed and reviewed during the SIF Meeting conducted on April 23, 2014. The results of the SIF Panel review concluded that although these issues constituted violations of your facility operating license (FOL) and Title 10, Code of Federal Regulations (CFR), Part 73,Enclosure contains Sensitive Unclassified Non | These issues were discussed and reviewed during the SIF Meeting conducted on April 23, 2014. The results of the SIF Panel review concluded that although these issues constituted violations of your facility operating license (FOL) and Title 10, Code of Federal Regulations (CFR), Part 73,Enclosure contains Sensitive Unclassified Non-Safeguards Information. When separated from enclosure, this transmittal document is decontrolled. Section 54, "Protection of Digital Computer and Communication Systems and Networks," t he NRC is not pursuing enforcement action because of your "good-faith" attempt to interpret and implement Milestones 1 | ||
-Safeguards Information. When separated from enclosure, this transmittal document is decontrolled. Section 54, "Protection of Digital Computer and Communication Systems and Networks," t he NRC is not pursuing enforcement action because of your "good | |||
-faith" attempt to interpret and implement Milestones 1 | |||
- 7 and because of your prompt corrective actions to enter these issues into your CAP. | - 7 and because of your prompt corrective actions to enter these issues into your CAP. | ||
Upon completion of all corrective actions, you are requested to provide written notification to the NRC's regional office as to the method and date of closure for the identified issue(s). In accordance with Title 10, Code of Federal Regulations (CFR) "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records System (PARS) component of NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading | Upon completion of all corrective actions, you are requested to provide written notification to the NRC's regional office as to the method and date of closure for the identified issue(s). In accordance with Title 10, Code of Federal Regulations (CFR) "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records System (PARS) component of NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).However, the material enclosed herewith contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response | ||
-rm/adams.html (the Public Electronic Reading Room).However, the material enclosed herewith contains Security | |||
-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security | |||
-Related Information is necessary to provide an acceptable response, please mark your entire response | |||
"Security-Related Information | "Security-Related Information | ||
- Withhold Under 10 CFR 2.390" in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response. | - Withhold Under 10 CFR 2.390" in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response. | ||
| Line 47: | Line 40: | ||
Sincerely, | Sincerely, | ||
/RA/ | /RA/ | ||
Robert C. Daley, Chief Engineering Bran ch 3 Division of Reactor Safety Docket No(s).: 50 | Robert C. Daley, Chief Engineering Bran ch 3 Division of Reactor Safety Docket No(s).: 50-331; 72-032 License No.: DPR-49 Nonpublic Enclosure: | ||
-331; 72-032 License No.: DPR | |||
-49 Nonpublic Enclosure: | |||
==Inspection Report== | ==Inspection Report== | ||
Revision as of 12:31, 21 June 2019
| ML14134A222 | |
| Person / Time | |
|---|---|
| Site: | Duane Arnold  |
| Issue date: | 05/14/2014 |
| From: | Robert Daley Engineering Branch 3 |
| To: | Richard Anderson NextEra Energy Duane Arnold |
| Stuart Sheldon | |
| References | |
| IR-14-403 | |
| Download: ML14134A222 (4) | |
Text
May 14, 2014
SUBJECT:
DUANE ARNOLD ENERGY CENTER TEMPORARY INSTRUCTIO N 2201/004, "INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1 - 7" INSPECTION REPORT 05000331/2014403
Dear Mr. Anderson:
On April 11, 2014, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at your Duane Arnold Energy Center. The inspection covered the interim cyber security Milestones 1 - 7 of the security cornerstone. The enclosed inspection report documents the inspection results, which were discussed on April 11, 2014, with you and other members of your staff. The inspection examined activities conducted under your license as they relate to cyber security and compliance with the Commission's rules and regulations and with the conditions of your license. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel.
Two NRC-identified finding of very low significance (Green) were identified during this inspection. The findings were determined to involve violations of NRC requirements. Further, one licensee-identified violation which was determined to be of very low significance (Green) is listed in Section 4OA7 of this report. The NRC is treating these violations as Non-Cited Violations (NCVs) consistent with Section 2.3.2 of the Enforcement Policy.
However, in accordance with the Security Issues Forum (SIF)
Charter, the NRC may exercise enforcement discretion during inspection of the interim cyber security measures for licensees who demonstrate a "good-faith interpretation and attempt to implement" Milestones 1 - 7. This discretion applies to licensees who have tried to implement the new requirements, but failed to be in full compliance. Before discretion is considered or granted for any issue, licensees must accept the finding, put the finding into their Corrective Action Program (CAP), and take appropriate corrective action once identified.
These issues were discussed and reviewed during the SIF Meeting conducted on April 23, 2014. The results of the SIF Panel review concluded that although these issues constituted violations of your facility operating license (FOL) and Title 10, Code of Federal Regulations (CFR), Part 73,Enclosure contains Sensitive Unclassified Non-Safeguards Information. When separated from enclosure, this transmittal document is decontrolled. Section 54, "Protection of Digital Computer and Communication Systems and Networks," t he NRC is not pursuing enforcement action because of your "good-faith" attempt to interpret and implement Milestones 1
- 7 and because of your prompt corrective actions to enter these issues into your CAP.
Upon completion of all corrective actions, you are requested to provide written notification to the NRC's regional office as to the method and date of closure for the identified issue(s). In accordance with Title 10, Code of Federal Regulations (CFR) "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records System (PARS) component of NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).However, the material enclosed herewith contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response
"Security-Related Information
- Withhold Under 10 CFR 2.390" in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.
Sincerely,
/RA/
Robert C. Daley, Chief Engineering Bran ch 3 Division of Reactor Safety Docket No(s).: 50-331;72-032 License No.: DPR-49 Nonpublic Enclosure:
Inspection Report
05000331/2014403 w/Attachment: Supplemental Information cc w/encl:
J. Schwertfeger, Duane Arnold Energy Center Security Manager B. Westreich, NSIR R. Felts, NSIR S. Coker, NSIR J. Rogge, RI S. Shaeffer, RII J. Dixon, RIV N. Coleman, OE M. Rasmusson, State Liaison Officer, State of Iowa