Text

12/15/23, 8:39 AM blob:https://www.fdms.gov/1c1b7c17-f2df-41b7-9ca5-a766cebbdba9 blob:https://www.fdms.gov/1c1b7c17-f2df-41b7-9ca5-a766cebbdba9 1/1 PUBLIC SUBMISSION As of: 12/15/23, 8:39 AM Received: December 11, 2023 Status: Pending_Post Tracking No. lq1-ioi8-7dj4 Comments Due: December 11, 2023 Submission Type: Web Docket: NRC-2023-0173 Suspicious Activity Reports Comment On: NRC-2023-0173-0001 Draft Regulatory Guide: Suspicious Activity Reports Document: NRC-2023-0173-DRAFT-0003 Comment on FR Doc # 2023-23796 Submitter Information Email:txc@nei.org Organization:Nuclear Energy Institute General Comment NEI Comments on Draft Regulatory Guide DG-5080, Physical Security Event Notifications, Reports, and Records, (Docket ID: NRC-2023-0171-0001); Draft Regulatory Guide DG-5081, Preemption Authority, Enhanced Weapons Authority, and Firearms Background Checks, (Docket ID: NRC-2023-0172-0001); and Draft Regulatory Guide DG-5082, Suspicious Activity Reports Under 10 CFR Part 73 (Docket ID: NRC-2023-0173-0001)

Attachments 12-11-23_NRC_Industry Comments on DG-5080_DG-5081_DG-5082 SUNSI Review Complete Template=ADM-013 E-RIDS=ADM-03 ADD: Stanley Gardocki, Bridget Curran, Phil Brochman, Mary Neely Comment (1)

Publication Date:10/27/2023 Citation: 88 FR 73769

Charlotte Shields Senior Project Manager, Nuclear Security & Incident Preparedness Phone: 202.739.8112 Email: CLS@nei.org December 11, 2023 Office of Administration Mail Stop: TWFN-7-A60M U.S. Nuclear Regulatory Commission Washington, DC 20555-0001 ATTN: Program Management, Announcements and Editing Staff

Subject:

NEI Comments on Draft Regulatory Guide DG-5080, Physical Security Event Notifications, Reports, and Records, (Docket ID: NRC-2023-0171-0001); Draft Regulatory Guide DG-5081, Preemption Authority, Enhanced Weapons Authority, and Firearms Background Checks, (Docket ID:

NRC-2023-0172-0001); and Draft Regulatory Guide DG-5082, Suspicious Activity Reports Under 10 CFR Part 73 (Docket ID: NRC-2023-0173-0001)

Project Number: 689 Submitted via Regulations.gov

Dear Program Management,

Announcements and Editing Staff:

The Nuclear Energy Institute (NEI),1 on behalf of our members, hereby submits comments to the U.S.

Nuclear Regulatory Commission (NRC) on Draft Regulatory Guide DG-5080, Physical Security Event Notifications, Reports, and Records, Draft Regulatory Guide DG-5081, Preemption Authority, Enhanced Weapons Authority, and Firearms Background Checks, and Draft Regulatory Guide DG-5082, Suspicious Activity Reports Under 10 CFR Part 73. Some of these comments have been previously discussed with the NRC staff in public meetings conducted on May 10 - 11, 2023; August 23, 2023; and November 28, 2023. The comments reflect input from operators of power reactor, fuel cycle, and research and test reactor facilities.

The most significant comments on each draft regulatory guide (DG) are presented below:

1 The Nuclear Energy Institute (NEI) is responsible for establishing unified policy on behalf of its members relating to matters affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues. NEIs members include entities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect and engineering firms, fuel cycle facilities, nuclear materials licensees, and other organizations involved in the nuclear energy industry.

Program Management, Announcements, and Editing Staff December 11, 2023 Page 2 Nuclear Energy Institute DG-5080, Physical Security Event Notifications, Reports, and Records Concerning two new definitions added to 10 CFR 73.2, Definitions, the guidance should clarify:

o Under Section C.1, Time of Discovery, a definition of the term cognizant individual should be provided.

o Additional guidance should be included in the RG to clarify the term disease causing agents.

o The DG should include guidance as to whether an event should be reported under 10 CFR 73.1200 or 10 CFR 95.

The guidance pertaining to reporting the theft or diversion of a Category I, II, or III quantity of strategic special nuclear material (SSNM), or a Category II or III quantity of special nuclear material (SNM) seems inconsistent with requirements in 10 CFR 73.1200(c)(1)(i)(A).

The guidance on what facilities are subject to the 15-minute notification requirements under 10 CFR 73.1200(a) seems inconsistent with the staff position discussed in NRC Bulletin 2005-02, Emergency Preparedness and Response Actions for Security-based Events.

The guidance should permit licensees subject to the reporting requirements of 10 CFR 73.1200(o)(6) or (o)(8) to establish communications from a location deemed appropriate by the licensee, similar to the ability for licensees subject to the reporting requirements of 10 CFR 73.1200(o)(5) or (o)(7). This flexibility is extremely important when considering the safety of licensee personnel during a security-related event.

DG-5081, Preemption Authority, Enhanced Weapons Authority, and Firearms Background Checks The guidance appears to allow a licensee to not make an NRC notification if an affected individual reports a disqualifying event or condition to security management within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />; this understanding contradicts the notification requirement in 10 CFR 73.17(g)(2).

DG-5082, Suspicious Activity Reports Under 10 CFR Part 73 The guidance appears inconsistent with the rule language regarding local FAA control tower.

Program Management, Announcements, and Editing Staff December 11, 2023 Page 3 Nuclear Energy Institute Greater clarity is needed on the examples provided for elicitation of non-public information, aggressive noncompliance, and actual or attempted unauthorized recording or imaging.

The entirety of our comments on the DGs are contained in Attachment 1 (DG-5080), Attachment 2 (DG-5081), and Attachment 3 (DG-5082). We appreciate your consideration of our comments.

Please contact me with any questions or comments at CLS@nei.org.

Sincerely, Charlotte Shields, Senior Project Manager

NEI Comments on Draft Regulatory Guide DG-5080, Physical Security Event Notifications, Reports, and Records

NEI Comments on Draft Regulatory Guide DG-5081, Preemption Authority, Enhanced Weapons Authority, and Firearms Background Checks

NEI Comments on Draft Regulatory Guide DG-5082, Suspicious Activity Reports Under 10 CFR Part 73 c:

Mr. Philip Brochman, NSIR/DPCP/MSB, NRC Mr. Stanley Gardocki, RES/DE/RGPMB, NRC Mr. Stewart Schneider, NMSS/REFS/RRPB, NRC Ms. Shana Helton, NMSS/DFM, NRC Mr. Mo Shams, NRR/DANU, NRC NEI Comments on Draft Regulatory Guide DG-5080, Physical Security Event Noti"cations, Reports, and Records Proposed Revision to Regulatory Guide 5.62 Item #

Comment/Observation Issue Proposed Resolution 1

Footnote 2, bottom of page 3:

The NRC staff has temporarily withdrawn NUREG-1304. The NRC staff intends to hold a question-and-answer workshop with the public, licensees, and other interested stakeholders following implementation of 10 CFR 73.1200, 73.1205, and 73.1210. This workshop and the development of a revised NUREG 1304 will occur subsequent to the 300-day compliance period for licensees to implement these new physical security event noti"cation regulations.

The 300-day compliance period ends January 8, 2024. It is unclear if workshops will be scheduled after the January 8, 2024, compliance date, or after the varying compliance dates that licensees have stated in approved exemption requests.

How will the NRC capture Questions and Answers identi"ed and addressed for licensees that did not submit an exemption?

Create an FAQ-type webpage, similar to what the NRC used for Controlled Unclassi"ed Information (CUI) implementation, to capture the Q&As for subsequent reference. This will allow for prompt documentation of staff positions and promote implementation and inspection consistency.

2 Page 7, Reason for Revision, last sentence of second paragraph:

Says revisions to this regulatory guide as Revision 1 Revision 1 is incorrect.

Should be Revision 3 3

Page 8, "rst bullet, 15-minutes:

Includes in accordance with a licensees safeguards contingency plan or protective strategy based upon a security condition Security condition is a de"ned term, excludes hostile action events, and is not aligned with the wording in 10CFR 73.1200(a) or (b).

Replace security condition with an imminent or actual hostile action against a licensees facility.

Item #

Comment/Observation Issue Proposed Resolution 4

Page 9, last three sub-bullets under 15-minute noti"cation requirements in 10 CFR 73.1200(a) identi"es ISFSIs, MRSs, and GROAs as licensees this applies to.

Note below GROAs: Power reactor facilities and production facilities that are in a decommissioning status and have removed all spent nuclear fuel from the facilitys spent fuel pool (e.g., to an ISFSI, MRS, or a GROA) need not report events under 10 CFR 73.1200(a).

However, such licensees should instead consider whether the event should be reported under 10 CFR 73.1200(c), (e), or (g).

The 3 sub-bullets contradict the note, and cause confusion as to which licensees need not report. Additionally, NRC Bulletin 2005-02 aligns with the exclusion of licensees identi"ed in the note on page 8.

This appears to be a change in staff position.

Revise the paragraph describing the applicability of the 15-minute noti"cation requirement to be clear that licensees currently contained within the note need not report events under 73.1200(a).

5 Page 12, 4th darkened bullet for 24-hour recordkeeping:

The 24-hour recordkeeping requirements n 10 CFR 73.1210 There is a typo with n.

Replace n with in.

6 Page 15 - Establishment of a Communications Channel With the NRC:

Second paragraph under 10 CFR 73.1200(o)(6) or (o)(8) does not offer the same discretion as the "rst paragraph under 10 CFR 73.1200(o)(5) or (o)(7).

To promote the safety of response personnel and provide "exibility in meeting the requirements of 10 CFR 73.1200(o)(6) or (o)(8), a licensee should be able to staff the channel from a location it deems appropriate, the same as for the requirements under 10 CFR 73.1200(o)(5) or (o)(7).

Add this last sentence to the second paragraph under Establishment of a Communications Channel With the NRC (for 10 CFR 73.1200(o)(6) or (o)(8)):

The licensee may staff the channel from a location it deems appropriate.

7 Page 15 discussion related to Reporting of an Emergency Declaration. Last two sentences provide confusing words with the terms should typically and However.

The words should typically in the second to last sentence under Reporting of an Emergency Declaration, has caused some readers to be confused about reporting Change from:

Under 10 CFR 73.1200(r), a licensee or its movement control center who has declared an emergency related to a facility or a Item #

Comment/Observation Issue Proposed Resolution priorities, and starting the last sentence with however leads some to believe that the previous statement is being contradicted.

shipment of material must make the appropriate noti"cations required by 10 CFR 50.72, Immediate noti"cation requirements for operating nuclear power reactors; 10 CFR 63.73, Reports of de"ciencies; 10 CFR 70.50, Reporting requirements; or 10 CFR 72.75, Reporting requirements for speci"c events and conditions. The NRC staff expects that reporting of an emergency declaration should typically take precedence over any physical security event noti"cations required under 10 CFR 73.1200 (e.g.,

noti"cation of State officials of an emergency declaration). However, under 10 CFR 73.1200(s), a licensee with multiple noti"cation obligations (e.g., an event requiring both an emergency declaration and a physical security event noti"cation) may make such noti"cations in a single communication to the NRC HOC.

Change to:

Under 10 CFR 73.1200(r), a licensee or its movement control center who has declared an emergency related to a facility or a shipment of material must make the appropriate noti"cations required by 10 CFR 50.72, Immediate noti"cation requirements for operating nuclear power reactors; 10 CFR 63.73, Reports of Item #

Comment/Observation Issue Proposed Resolution de"ciencies; 10 CFR 70.50, Reporting requirements; or 10 CFR 72.75, Reporting requirements for speci"c events and conditions. The NRC staff expects that reporting of an emergency declaration should take precedence over any physical security event noti"cations required under 10 CFR 73.1200 (e.g., noti"cation of State officials of an emergency declaration).

Additionally, under 10 CFR 73.1200(s),

Elimination of duplication, a licensee with multiple noti"cation obligations (e.g., an event requiring both an emergency declaration and a physical security event noti"cation) may make such noti"cations in a single communication to the NRC HOC.

(See Section C. Staff Regulatory Guidance 7 and 7.3).

8 Page 17 - on complying with the requirements of 1205(c), 8th sub bullet under third darkened bullet on the page: uses of the term procedure important to security The term procedure important to security is unde"ned and ambiguous. Additionally, it does not exclude items in implementing procedures that are outside of a regulatory requirement (e.g., items that support excellence initiatives) or administrative in nature.

Change from: whether this event or condition is a recurring failure of an SSC or procedure important to security.

Change to:

o whether this event is a recurring failure of an SSC; o Whether this event or condition is a recurring failure of a security plan implementing procedure, and associated with a regulatory function or requirement; Item #

Comment/Observation Issue Proposed Resolution 9

Page 18 (and throughout) - use of the term conditions adverse to security Conditions adverse to security is a new and unde"ned term.

Add to the Glossary:

Conditions adverse to security Is synonymous to security-related conditions adverse to quality.

10 Page 18 and Page 20 Retention for records:

3 years from the date of the report or until termination of the license, whichever is later.

AND 3 years or until the license is terminated, whichever is later.

Previous 73.71 retention requirements were for 3 years after the last entry is made in each log or until termination of the license. The addition of whichever is later is new, and the retention of hard copy safeguards documentation related to security events, for potentially greater than 40 plus years, does not appear to have a justi"cation provided for the additional cost, burden and infrastructure potentially needed to support retention for this time frame.

Address the basis for the expanded retention of records in the RG and address this change through proper rulemaking channels for "nal clarity and resolution.

11 Page 21 - the Time of Discovery discussion in the RG restates the de"nition in 10 CFR 73.2 with no further clari"cation.

Time of discovery de"nition in 10 CFR 73.2 is restated in the RG; however, there is no guidance on who is considered to be a cognizant individual. That guidance is provided in other NRC documents (e.g., RG 5.76 and NUREG 2203, and in NRC Response in SECY-18-0058) as well as NRC-endorsed documents (NEI 03-12).

NUREG-2203 Glossary of Security Terms for Nuclear Power Reactors identi"es discovery (time of): a speci"c time at which a supervisor or manager makes a To promote consistent understanding among NRC and licensee personnel, we recommend that guidance be added on who is considered to be a cognizant individual, ideally to Section C and the Glossary. For example, a Glossary de"nition could be:

Cognizant individual means a supervisor or manager quali"ed to make a determination that a veri"ed degradation of a security safeguards measure or a contingency situation exists.

Item #

Comment/Observation Issue Proposed Resolution determination that a veri"ed degradation of a security safeguards measure or a contingency situation exists.

Regulatory Guide 5.76, Physical Protection Programs at Nuclear Power Reactors and NEI 03-12, Template for the Security Plan, Training and Quali"cation Plan, Safeguards Contingency Plan, [and Independent Spent Fuel Storage Installation Security Program], Revision 7, (NRC-endorsed), identify time of discovery as: A speci"c time at which a supervisor or manager makes a determination that a veri"ed degradation of a security safeguards measure or a contingency situation exists.

NRC Response to Public Comments (SECY-18-0058), Comment K-8: Industry recognizes for many events and most conditions, the time of discovery begins when a cognizant individual such as a manager, [or] supervisor for the security function has been noti"ed and NRC Response:

The NRC agrees with the comment.

NRCs slide 27 from public meeting on 11/28/23, provides an example that is also aligned with previous de"nitions.

Item #

Comment/Observation Issue Proposed Resolution 12 Page 21 - Section 2.1 - Malevolent Intent Considerations: the (e.g.) examples are of existing formal processes that not all licensees have in place.

This leads those licensees to infer that they must establish one of these formal processes to be able to determine malevolent intent.

Change from: Licensees may use applicable existing processes (e.g.,

behavioral observation, psychological assessment, human reliability) to evaluate whether malevolent intent is present in assessing whether an event is reportable under 10 CFR 73.1200.

Change to: Licensees may use applicable existing processes, procedures and/or practices to evaluate whether malevolent intent is present in assessing whether an event is reportable under 10 CFR 73.1200.

13 Page 21 2.1 Malevolent Intent Considerations Last bullet on bottom of page 21 Under 10 CFR 73.1200(c)(1)(i)(C) and (D), 10 CFR 73.1200(e)(1)(vi), or 10 CFR 73.1200(g)(1)(ii) and (iii), whether the potential unauthorized operation, manipulation, or tampering events involved an error due to human performance or malevolent intent.

Section 2.1, "rst paragraph at top of page 22:

If a licensee concludes that malevolent intent was not present for such an event, then the event should not be reported under 10 CFR 73.1200, but instead recorded as a decrease in effectiveness under 10 CFR 73.1210(f) (see Staff Regulatory Guidance position 18.2, example (9)). If a licensee cannot reach a conclusion before the timeliness requirement for the event The discussion on page 22, from Section 2.1 does not align with the Staff Regulatory Guidance position 18.2, example (9) that it refers readers to.

Section 2.1, Malevolent Intent Considerations has 2 bulleted items:

First is the actual or attempted introduction of contraband was unintentional or involved malevolent intent.

Second is whether the potential unauthorized operation, manipulation, or tampering events involved an error due to human performance or malevolent intent.

The Staff Regulatory Guidance position 18.2, example (9), that readers are referred to only pertains to contraband events.

Change from: Licensees may use any applicable existing processes (e.g.,

behavioral observation, psychological assessment, human reliability) to evaluate whether malevolent intent is present in assessing whether an event is reportable under 10 CFR 73.1200. However, licensees must still meet reporting timeliness requirements. Examples of when a licensee may need to determine malevolent intent include, but are not limited to, the following:

• Under 10 CFR 73.1200(e)(1)(iii) or (iv),

whether the actual or attempted introduction of contraband was unintentional or involved malevolent intent.

• Under 10 CFR 73.1200(c)(1)(i)(C) and (D),

10 CFR 73.1200(e)(1)(vi), or 10 CFR Item #

Comment/Observation Issue Proposed Resolution is exceeded, then the licensee should notify the NRC pursuant to 10 CFR 73.1200.

Staff Regulatory Guidance position 18.2, example (9), page 39:

(9) An event involving the actual or attempted introduction of contraband at or inside a PA, VA, or MAA, where the licensee has assessed that malevolent intent was not present.

Staff Regulatory Guidance position 18.2 does not provides examples that discuss an unauthorized operation, manipulation or tampering event.

If the affected equipment had no bearing on the security program, the event would not meet the 73.1205(f) recording requirements as it would not represent a decrease in the physical security program effectiveness.

Not all events would be a decrease in effectiveness to meet the 24-hour recording requirements of 10 CFR 73.1210(f).

73.1200(g)(1)(ii) and (iii), whether the potential unauthorized operation, manipulation, or tampering events involved an error due to human performance or malevolent intent.

If a licensee concludes that malevolent intent was not present for such an event, then the event should not be reported under 10 CFR 73.1200, but instead recorded as a decrease in effectiveness under 10 CFR 73.1210(f) (see Staff Regulatory Guidance position 18.2, example (9)). If a licensee cannot reach a conclusion before the timeliness requirement for the event is exceeded, then the licensee should notify the NRC pursuant to 10 CFR 73.1200.

Change to:

Licensees may use any applicable existing processes, procedures and/or practices to evaluate whether malevolent intent is present in assessing whether an event is reportable under 10 CFR 73.1200. However, licensees must still meet reporting timeliness requirements. Examples of when a licensee may need to determine malevolent intent include, but are not limited to, the following:

Item #

Comment/Observation Issue Proposed Resolution

• Under 10 CFR 73.1200(e)(1)(iii) or (iv),

whether the actual or attempted introduction of contraband was unintentional or involved malevolent intent.

(See Staff Regulatory Guidance position 18.2, example (9)).

• Under 10 CFR 73.1200(c)(1)(i)(C) and (D),

10 CFR 73.1200(e)(1)(vi), or 10 CFR 73.1200(g)(1)(ii) and (iii), whether the potential unauthorized operation, manipulation, or tampering events involved an error due to human performance or malevolent intent. (see Staff Regulatory Guidance position 18.2, example (XX)).

If a licensee concludes that malevolent intent was not present for such an event, then the event should not be reported under 10 CFR 73.1200, but instead evaluated to determine if the event meets the threshold for recording the event within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> in accordance with in 10 CFR 73.1210(f).

If a licensee cannot reach a conclusion before the timeliness requirement for the event is exceeded, then the licensee should notify the NRC pursuant to 10 CFR 73.1200.

Add:

Item #

Comment/Observation Issue Proposed Resolution An additional example in Staff Regulatory Guidance position 18.2, to address the second bullet in Section 2.1, of potential unauthorized operation, manipulation, or tampering events involved an error due to human performance which result in a decrease in effectiveness such as:

An event involving unauthorized manipulation of security equipment, where the licensee has assessed that malevolent intent was not present.

14 Page 23, position 6 - Considerations for Contraband and Prohibited Items, 4th paragraph:

Items possessed by authorized persons for authorized purposes associated with a transportation activity outside the facility should not be considered contraband. For example, licensees should not consider as contraband:

weapons possessed by local, state, or Federal law enforcement personnel performing escort duties; explosives possessed by law enforcement personnel performing escort duties; weapons possessed by authorized licensee escort personnel, or weapons possessed by vehicle operators under applicable state law (e.g., the vehicle operator has a concealed carry permit).

The inclusion of or weapons possessed by vehicle operators under applicable state law (e.g., the vehicle operator has a concealed carry permit) makes it unclear if the weapon is contraband or not, is dependent on if they declare it or not, and/or if it only applies to the reporting aspect of the weapon.

Provide clari"cation on declared versus undeclared; considered contraband or not; and applicability to reporting.

15 Page 28, Staff Regulatory Guidance position 18.1, 1st paragraph after example (8):

DG-5080 language is not aligned with the requirements in 10 CFR 73.1200(c)(1)(i)(A).

It appears the draft RG is changing a We propose that the NRC eliminate the wording in question on Page 28 of DG-5080, as it is incongruent with the requirements in 10 CFR 73.1200(c)(1)(i)(A). The draft RG is Item #

Comment/Observation Issue Proposed Resolution DG-5080 states: For notifications required under 10 CFR 73.1200(c)(1)(i)(A), licensees should report the theft or diversion of any quantity of SSNM or SNM (emphasis added).

10 CFR 73.1200(c)(1)(i)(A): The theft or diversion of a Category I, II, or III quantity of SSNM or a Category II or III quantity of special nuclear material (SNM) regulatory requirement without going through rulemaking.

The industry also has concerns with blanket terms such as any, as this lacks a formal regulatory basis. Further, this kind of wording is not aligned with the NRCs stated goals of setting requirements at a reasonable assurance of adequate protection level and making risk-informed decisions.

not the appropriate place to change the intent of code language.

The NRC should consider a reporting threshold that is quantified and measurable.

16 Page 29, bottom of page has:

Notes: An authorized weapon that is recovered within the 4-hour timeliness requirement for this event noti"cation should be recorded as an uncontrolled weapon in the decrease in effectiveness events under 10 CFR 73.1200(f)

(see Staff Regulatory Guidance position 18.2, example (8)).

Reference to 73.1200(f) is incorrect.

Reference should be 73.1210(f).

Update to re"ect correct reference.

17 Page 44 has notes for the glossary section. Note (1) (1) For additional security terms, users may consult NUREG-2203, Glossary of Security Terms for Nuclear Power Reactors (Ref. 27).

The very RG that points to de"nitions in 73.2, also points to another applicable NRC document, NUREG-2203, which contains de"nitions that the industry and the NRC are and have been aligned to throughout the entire history of this rulemaking effort. The industry is unclear on what impediment prevents the NRC from incorporating clari"cation, that exists in multiple other NRC related documents, Provide in Revision 3 to RG 5.62 clari"cation for time of discovery in the following areas:

Section C. Staff Regulatory Guidance, 1.

Time of Discovery discussion Glossary As follows:

Time of discovery Has the same meaning as the term is de"ned in 10 CFR 73.2.

Additionally, further clari"cation on Item #

Comment/Observation Issue Proposed Resolution into revision 3 of RG 5.62. (see public comment #15 for related NRC documents.)

considerations for a cognizant individual has the same meaning as found in RG 5.76, NUREG 2203 and NEI 03-12 revision 7.

OR ADD to the glossary, the term:

cognizant individual has the same meaning as de"ned in RG 5.76, NUREG 2203 and NEI 03-12 Revision 7, a speci"c time at which a supervisor or manager makes a determination that a veri"ed degradation of a security safeguards measure or a contingency situation exists.

18 Contraband, Section C. Staff Regulatory Guidance, position 6. Considerations for Contraband and Prohibited Items:

The RG restates the new de"nition of contraband - In 10 CFR 73.2 the term contraband is de"ned to mean unauthorized "rearms, explosives, incendiaries, or other dangerous materials (e.g., disease-causing agents) that can cause acts of sabotage against a licensees facility. NRC regulations prohibit the This term contraband was not de"ned in the prior versions of 10 CFR 73.2, nor was a de"nition provided in any of the four proposed and supplemental proposed rules published for public comment between 2006 and 2015 leading up to promulgation of the "nal rule on March 14, 2023.1 Additionally, the proposed revision 3 of RG 5.62 does not include a discussion or clari"cation on what constitutes other Provide a staff position on what constitutes other dangerous materials (e.g., disease-causing agents) and the expectation to search for it as required by10 CFR 73.55(g),

and/or to simply report it if discovered. This position needs to be consistent with the description of the Design Basis Threat (DBT) in 10 CFR 73.1.

Additionally, the NRC needs to address the de"nition of contraband through proper 1 Power Reactor Security Requirements; Proposed Rule, 71 Fed. Reg. 62664 (Oct. 26, 2006); Enhanced Weapons, Firearms Background Checks, and Security Event Notifications; Proposed Rule, 76 Fed. Reg. 6200 (Feb. 3, 2011); Enhanced Weapons, Firearms Background Checks, and Security Event notifications; Supplemental Proposed Rule, 78 Fed. Reg. 2214 (Jan. 10, 2013); Enhanced Weapons, Firearms Background Checks, and Security Event Notifications; Supplemental Proposed Rule, 80 Fed. Reg. 57106 (Sept. 22, 2015).

Item #

Comment/Observation Issue Proposed Resolution introduction of contraband items into a licensees PA, VA, or MAA.

This portion of the contraband de"nition -

other dangerous materials (e.g. disease causing agents) - is a new requirement for power reactors.

dangerous materials or disease causing agents.

rulemaking channels for "nal clarity and resolution.

19 Contraband, Section C. Staff Regulatory Guidance, position 6. Considerations for Contraband and Prohibited Items:

The term contraband was not de"ned in the prior versions of 10 CFR 73.2, nor was a de"nition provided in any of the four proposed and supplemental proposed rules published for public comment between 2006 and 2015 leading up to promulgation of the "nal rule on March 14, 2023.2 The discussion of public comments addresses the overlap in the new requirements of the "nal rule and 10 CFR Part 95:

NRC Response to Public Comments (SECY-18-0058),

Comment K-5:

the proposed Appendix G,Section I(j) on the loss or theft of classi"ed information is inconsistent with the NRCs current equivalent requirements in 10 CFR 95.57(a) and (b)

Provide a staff position that: Licensees that possess or conduct activities involving classi"ed national security information or classi"ed Restricted Data (RD) complying with the requirements of 10 CFR 95, need not report contraband events under 10 CFR 73.1200 requirements.

Additionally, the NRC needs to address the de"nition of contraband through proper rulemaking channels for "nal clarity and resolution.

2 Power Reactor Security Requirements; Proposed Rule, 71 Fed. Reg. 62664 (Oct. 26, 2006); Enhanced Weapons, Firearms Background Checks, and Security Event Notifications; Proposed Rule, 76 Fed. Reg. 6200 (Feb. 3, 2011); Enhanced Weapons, Firearms Background Checks, and Security Event notifications; Supplemental Proposed Rule, 78 Fed. Reg. 2214 (Jan. 10, 2013); Enhanced Weapons, Firearms Background Checks, and Security Event Notifications; Supplemental Proposed Rule, 80 Fed. Reg. 57106 (Sept. 22, 2015).

Item #

Comment/Observation Issue Proposed Resolution reconsider these noti"cation requirements...

NRC Response: The NRC agrees that the classi"ed information reporting events described in the proposed rule in Appendix G to 10 CFR Part 73, Section I.(j), are duplicative of the NRCs current reporting requirements in 10 CFR Part 95; Moreover, 10 CFR 95.5, De"nitions, de"nes the term Restricted Data (RD);

Accordingly, the NRC has revised the "nal rule language in 10 CFR 73.1200 to remove the provisions on reporting the loss or theft of classi"ed information that were in the proposed rule Appendix G to 10 CFR Part 73, Section I.(j)...;

Finally, the NRC has revised the "nal rule language in 10 CFR 73.2 by adding a cross-reference to the de"nition of Restricted Data under 10 CFR 95.5.

The NRC did include a cross reference to RD in 10 CFR 73.2; however, through the inappropriate inclusion of an expanded de"nition of contraband, additional requirements were imposed on licensees subject to Part 95 requirements.

20 Throughout the entire document - use of terms report and noti"cation(s).

With respect to 73.1200, 73.1205 and 73.1210, the use of the terms report and noti"cation(s) in the DG is not consistent Where elaborating on the requirements in 73.1200, 73.1205 and 73.1210, update the DG to use the term - either report or noti"cation(s) - appearing in the Item #

Comment/Observation Issue Proposed Resolution with the associated wording in 73.1200, 73.1205 and 73.1210.

associated portion of the new rule (i.e.,

make them consistent).

21 Pages 16 - 18, 10 CFR 73.1205 Written Follow-Up Reports discussion.

10 CFR 73.71(e) Duplicate reports are not required for events that are also reportable in accordance with §§ 50.72 and 50.73 of this chapter.

The discussion regarding Written Follow-Up Reports in DG-5080, does not provide clari"cation on whether duplicate reports are required if an event is reportable under 50.72 and 73.1200.

Previously, 73.71(e) provided an exception for the duplicate reports.

Provide clari"cation within DG-5080 on duplicate reporting requirements, and address this change through proper rulemaking channels for final clarity and resolution.

NEI Comments on Draft Regulatory Guide (DG), DG-5081, Preemption Authority, Enhanced Weapons Authority, and Firearms Background Checks Proposed Revision to Regulatory Guide RG 5.86 Item #

Comment/Observation Issue Proposed Resolution 1

Page 18 - second to last paragraph, last sentence starting with However However, under the exception in 10 CFR 73.17(g)(2), licensees are not required to notify the NRC if the affected individual (i.e., security personnel) noti"es the licensees security management within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> of the identi"cation or occurrence of any Federal or State disqualifying status condition or disqualifying event that would prohibit the individual from possessing, receiving, or using "rearms or ammunition.

The exception provided in the RG does not exist in 10 CFR 73.17(g)(2).

Remove this exception from the RG so it aligns with 10 CFR 73.17.

2 Page 40 - section 6.8, Training Security Personnel on Disqualifying Events and Appealing Adverse Firearms Background Checks captures training required to be included within their NRC-approved training and quali"cation plans per 10 CFR 73.17(j).

The discussion in DG-5081 is not clear on which requirements under 10 CFR 73.17(j) require training on an annual frequency.

Recommended change:

The NRC regulations in 10 CFR 73.17(j) set forth the requirements for licensees to include, within their NRC-approved training and qualification plans, information on the identification or occurrence of any Federal or State disqualifying status conditions or disqualifying events that would prohibit personnel from possessing, receiving, or using firearms or ammunition. This training must be provided to affected security personnel on an annual basis.

This training requirement is intended to assist security personnel in understanding their continuing obligation to promptly report disqualifying conditions or events and thus to encourage self-identification as required by 10 CFR 73.17(h). The obligation to report disqualifying status conditions and disqualifying events remains as long as the security personnels official duties require access to covered weapons.

Licensees must also provide security personnel with information on how to appeal a denied NICS response to the FBI or to provide the FBI with additional information to resolve a delayed NICS response. (See Staff Regulatory Guidance position 6.13 for additional information).

The training requirements established under 10 CFR 73.17(j) must be provided to affected security personnel on an annual basis. (Reference 10 CFR 73, Appendix B.

VI. A. 7.)

NEI Comments on Draft Regulatory Guide DG-5082, Suspicious Activity Reports Under 10 CFR Part 73 Proposed Revision to Regulatory Guide 5.87 Item #

Comment/Observation Issue Proposed Resolution 1

Page 3 footnote The NRC staff has temporarily withdrawn NUREG-1304. The NRC staff intends to hold a question-and-answer workshop with the public, licensees, and other interested stakeholders following implementation of 10 CFR 73.1200, 73.1205, and 73.1210. This workshop and the development of a revised NUREG 1304 will occur subsequent to the 300-day compliance period for licensees to implement these new physical security event noti"cation regulations.

The 300-day compliance period ends January 8, 2024. It is unclear if workshops will be scheduled after the January 8, 2024, compliance date, or after the varying compliance dates that licensees have stated in approved exemption requests.

How will the NRC capture Questions and Answers identi"ed and addressed for licensees that did not submit an exemption?

Create an FAQ-type webpage, similar to what the NRC used for Controlled Unclassi"ed Information (CUI) implementation, to capture the Q&As for subsequent reference. This will allow for prompt documentation of staff positions and promote implementation and inspection consistency.

2 Page 8 & 9 - FAA discussion and the reference to Appendix A-2.1.

10 CFR 73.1215(c)(3)(iv); 73.1215(c)(5)(ii);

73.1215(c)(8)(ii) all refer to local FAA control tower.

Appendix A: A-2.1 provides recommendations on different FAA contacts, which are not the local FAA control tower.

The DG-5082 language is not aligned with requirements in 10 CFR 73.1215(c)(3)(iv),

10 CFR 73.1215(c)(5)(ii), and 10 CFR 73.1215(c)(8)(ii).

The NRC staff should remove the text regarding contacts to the FAA from DG-5082.

3 Page 16 - Elicitation of Sensitive Non-public Information: Elicitation refers to a process used by individuals with malevolent intent to There are instances where a vendor requests information about a speci"c piece of equipment or equipment Modify the last sentence of example (8) from:

Item #

Comment/Observation Issue Proposed Resolution gather classi"ed or sensitive non-public information through their interactions with people. Such information can be extracted knowingly or unknowingly (e.g., through casual conversations).

Example (8): In considering whether these requests are suspicious, a licensee may take into account the nature of the relationship with the questioner, the degree of speci"city or probing in the questions, and whether repeated attempts are made to obtain the information. A licensee may consider repeated attempts by the same individual to obtain sensitive non-public information, after such requests have been denied by the licensee, as potentially suspicious activity. A licensee may wish to consider the legitimate role played by members of the press and other media in gathering information for the public when determining if such questioning is a potentially suspicious activity.

parameters, and they do not know that the information is classi"ed.

A licensee may wish to consider the legitimate role played by members of the press and other media in gathering information for the public when determining if such questioning is a potentially suspicious activity.

To:

A licensee may wish to consider the legitimate role played by members of the press and other media in gathering information for the public when determining if such questioning is a potentially suspicious activity. Similarly, the circumstances surrounding an information request from a vendor (supplier) should also be considered when determining if the inquiry is suspicious.

4 Page 20, 5.7: Aggressive Actions to Gather Information - Enrichment Facilities Examples:

(1)(a) Willful unauthorized departure from a tour group, or (1)(a): DG-5082 provides no clari"cation on the meaning of departure - e.g., line-of-sight is not maintained or length of time separated from a tour group.

(3) The new de"nition of contraband in 10 CFR 73.2, which includes electronic devices or unauthorized electronic Provide clari"cation on what constitutes departure from a tour group.

The new "nal de"nition of contraband in 10 CFR 73.2 was not made available for public review and comment. The NRC should revise the de"nition of contraband through a formal rulemaking and align it with the Item #

Comment/Observation Issue Proposed Resolution (3)(a) through (d)

Licensees should report suspicious activities involving the attempted unauthorized introduction of the following electronic devices or recording media inside a 10 CFR Part 95 security area containing RD technology, information, or materials:

(4) Consistent with 10 CFR 73.1215(f)(1)(ii),

licensees should report activities involving the actual or attempted unauthorized recording or imaging of RD sensitive technology, equipment, or material inside a 10 CFR Part 95 security area under the requirements of 10 CFR 95.57(a).

media, leads to inconsistent event reporting determinations vis--vis the requirements in 10 CFR 95.57. The note(s) under (3)(d) identify certain items to be considered as contraband and reported as suspicious activity under 10 CFR 73.1215(f) AND to record it under 10 CFR 95.57; the two requirements are not the same.

Example (4) appears to imply that if a cell phone crosses the threshold of a 10 CFR Part 95 security area, it is reportable under the requirements of 10 CFR 95.57(a). This new requirement is not aligned with current agreements put in place between licensees, the NRC and applicable the CSAs. Additionally, this RG, associated with the requirements of 10 CFR 73.1215, appears to provide clari"cation for 10 CFR 95, which is not the proper venue for clari"cation.

requirements in 10 CFR 95.57. In the meantime, affected licensees should be allowed to continue to meet the requirements of 10 CFR Part 95 using current procedures and practices.

(4) We propose that the NRC remove the language in example 4 and simply state that events reported under the requirements of 10 CFR 95.57(a), need not be duplicated in 73.1215(f).