ML17341B028: Difference between revisions
Jump to navigation
Jump to search
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (StriderTol Bot change) |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
| number = ML17341B028 | | number = ML17341B028 | ||
| issue date = 12/07/2017 | | issue date = 12/07/2017 | ||
| title = | | title = NRR E-mail Capture - (External_Sender) Oyster Creek Cyber Security | ||
| author name = Helker D | | author name = Helker D | ||
| author affiliation = Exelon Corp | | author affiliation = Exelon Corp | ||
| addressee name = Lamb J | | addressee name = Lamb J | ||
| addressee affiliation = NRC/NRR/DORL/LSPB | | addressee affiliation = NRC/NRR/DORL/LSPB | ||
| docket = 05000219 | | docket = 05000219 | ||
| Line 15: | Line 15: | ||
=Text= | =Text= | ||
{{#Wiki_filter: | {{#Wiki_filter:1 NRR-DMPSPEm Resource From: | ||
<david.helker@exeloncorp.com> | Helker, David P:(GenCo-Nuc) <david.helker@exeloncorp.com> | ||
Sent:Thursday, December 07, 2017 1:36 PM To:Lamb, John Cc:Barstow, James:(GenCo-Nuc); Neff, David B:(GenCo-Nuc); Ruark, Joseph:(GenCo-Nuc) | Sent: | ||
Thursday, December 07, 2017 1:36 PM To: | |||
Lamb, John Cc: | |||
Barstow, James:(GenCo-Nuc); Neff, David B:(GenCo-Nuc); Ruark, Joseph:(GenCo-Nuc) | |||
==Subject:== | ==Subject:== | ||
[External_Sender] OC cyber | [External_Sender] OC cyber security | ||
: 1. Oyster Creek will maintain Cyber Security Program governance procedures. | : John, These are the key items that are in place for Milestones 1 thru 7, and will be maintained through the extended due date period. These items implement several programmatic controls required for Milestone 8 compliant programs. | ||
: 2. Oyster Creek has implemented the Exelon Fleet solution for control of Portable Media and Portable Devices (PMMD) that fully complies with Cyber Security Control D1.19 and SFAQ 16-05. This includes the upgraded Kiosks and level specific and hardened Portable Media. This is an upgrade to the interim solution implemented to address the PMMD NCV identified during the PI&R Inspection of the Cyber Security findings. | : 1. Oyster Creek will maintain Cyber Security Program governance procedures. | ||
: 3. Oyster Creek will implement an administrative program document to govern maintenance of the commitment to retain the MS1-7 controls and control future configuration changes during operation, shutdown and decommissioning. The document is planned to be approved by 12/31/17. (CC-OC-60, OCNGS Nuclear Cyber Security Program Impacts From Plant Decommissioning. ) | : 2. Oyster Creek has implemented the Exelon Fleet solution for control of Portable Media and Portable Devices (PMMD) that fully complies with Cyber Security Control D1.19 and SFAQ 16-05. This includes the upgraded Kiosks and level specific and hardened Portable Media. This is an upgrade to the interim solution implemented to address the PMMD NCV identified during the PI&R Inspection of the Cyber Security findings. | ||
: 4. Future modifications where possible will not introduce new digital devices so as to not introduce any new threat/attack vector pathways or vulnerabilities. Exelon configuration control requirements will be applied to all future digital mods. | : 3. Oyster Creek will implement an administrative program document to govern maintenance of the commitment to retain the MS1-7 controls and control future configuration changes during operation, shutdown and decommissioning. The document is planned to be approved by 12/31/17. (CC-OC-60, OCNGS Nuclear Cyber Security Program Impacts From Plant Decommissioning. ) | ||
: 5. Repair and replacement activities will avoid adverse impact on the existing cyber security protections and will retain the existing digital configurations for all CDAs. | : 4. Future modifications where possible will not introduce new digital devices so as to not introduce any new threat/attack vector pathways or vulnerabilities. Exelon configuration control requirements will be applied to all future digital mods. | ||
: 6. The existing data diode and PMMD controls will be maintained through operation and decommissioning which provide significant protections against an internet based cyber attack. | : 5. Repair and replacement activities will avoid adverse impact on the existing cyber security protections and will retain the existing digital configurations for all CDAs. | ||
: 7. The CDA Vulnerability Assessment/ Scanning program, the Operating Experience Assessment program, and the Corrective Action program will continue to be implemented to take appropriate corrective actions to maintain the current level of Cyber Security Protections | : 6. The existing data diode and PMMD controls will be maintained through operation and decommissioning which provide significant protections against an internet based cyber attack. | ||
: 8. Oyster Creek has implemented supply chain cyber security protections and will implement future changes to this program as the Exelon Fleet evaluates industry improvement in this area. | : 7. The CDA Vulnerability Assessment/ Scanning program, the Operating Experience Assessment program, and the Corrective Action program will continue to be implemented to take appropriate corrective actions to maintain the current level of Cyber Security Protections | ||
: 8. Oyster Creek has implemented supply chain cyber security protections and will implement future changes to this program as the Exelon Fleet evaluates industry improvement in this area. | |||
Let me know if anything else is needed. | |||
Dave This Email message and any attachment may contain information that is proprietary, legally privileged, confidential and/or subject to copyright belonging to Exelon Corporation or its affiliates ("Exelon"). This Email is intended solely for the use of the person(s) to which it is addressed. If you are not an intended recipient, or the employee or agent responsible for delivery of this Email to the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this Email is strictly prohibited. If you have received this message in error, please immediately notify the sender and permanently delete this Email and any copies. | |||
Exelon policies expressly prohibit employees from making defamatory or offensive statements and infringing any copyright or any other legal right by Email communication. Exelon will not accept any liability in respect of such communications. -EXCIP | |||
Hearing Identifier: | |||
NRR_DMPS Email Number: | |||
34 Mail Envelope Properties (CY4PR05MB328893ECE5F9BBD35C5492CFE3330) | |||
==Subject:== | ==Subject:== | ||
[External_Sender] OC cyber security Sent Date: | |||
Created By: | 12/7/2017 1:35:54 PM Received Date: | ||
12/7/2017 1:49:58 PM From: | |||
Post Office: | Helker, David P:(GenCo-Nuc) | ||
Created By: | |||
Options | david.helker@exeloncorp.com Recipients: | ||
"Barstow, James:(GenCo-Nuc)" <James.Barstow@exeloncorp.com> | |||
Tracking Status: None "Neff, David B:(GenCo-Nuc)" <david.neff@exeloncorp.com> | |||
Tracking Status: None "Ruark, Joseph:(GenCo-Nuc)" <Joseph.Ruark@exeloncorp.com> | |||
Tracking Status: None "Lamb, John" <John.Lamb@nrc.gov> | |||
Tracking Status: None Post Office: | |||
CY4PR05MB3288.namprd05.prod.outlook.com Files Size Date & Time MESSAGE 3121 12/7/2017 1:49:58 PM Options Priority: | |||
Standard Return Notification: | |||
No Reply Requested: | |||
No Sensitivity: | |||
Normal Expiration Date: | |||
Recipients Received:}} | |||
Latest revision as of 12:26, 7 January 2025
| ML17341B028 | |
| Person / Time | |
|---|---|
| Site: | Oyster Creek |
| Issue date: | 12/07/2017 |
| From: | David Helker Exelon Corp |
| To: | John Lamb Special Projects and Process Branch |
| References | |
| Download: ML17341B028 (2) | |
Text
1 NRR-DMPSPEm Resource From:
Helker, David P:(GenCo-Nuc) <david.helker@exeloncorp.com>
Sent:
Thursday, December 07, 2017 1:36 PM To:
Lamb, John Cc:
Barstow, James:(GenCo-Nuc); Neff, David B:(GenCo-Nuc); Ruark, Joseph:(GenCo-Nuc)
Subject:
[External_Sender] OC cyber security
- John, These are the key items that are in place for Milestones 1 thru 7, and will be maintained through the extended due date period. These items implement several programmatic controls required for Milestone 8 compliant programs.
- 1. Oyster Creek will maintain Cyber Security Program governance procedures.
- 2. Oyster Creek has implemented the Exelon Fleet solution for control of Portable Media and Portable Devices (PMMD) that fully complies with Cyber Security Control D1.19 and SFAQ 16-05. This includes the upgraded Kiosks and level specific and hardened Portable Media. This is an upgrade to the interim solution implemented to address the PMMD NCV identified during the PI&R Inspection of the Cyber Security findings.
- 3. Oyster Creek will implement an administrative program document to govern maintenance of the commitment to retain the MS1-7 controls and control future configuration changes during operation, shutdown and decommissioning. The document is planned to be approved by 12/31/17. (CC-OC-60, OCNGS Nuclear Cyber Security Program Impacts From Plant Decommissioning. )
- 4. Future modifications where possible will not introduce new digital devices so as to not introduce any new threat/attack vector pathways or vulnerabilities. Exelon configuration control requirements will be applied to all future digital mods.
- 5. Repair and replacement activities will avoid adverse impact on the existing cyber security protections and will retain the existing digital configurations for all CDAs.
- 6. The existing data diode and PMMD controls will be maintained through operation and decommissioning which provide significant protections against an internet based cyber attack.
- 7. The CDA Vulnerability Assessment/ Scanning program, the Operating Experience Assessment program, and the Corrective Action program will continue to be implemented to take appropriate corrective actions to maintain the current level of Cyber Security Protections
- 8. Oyster Creek has implemented supply chain cyber security protections and will implement future changes to this program as the Exelon Fleet evaluates industry improvement in this area.
Let me know if anything else is needed.
Dave This Email message and any attachment may contain information that is proprietary, legally privileged, confidential and/or subject to copyright belonging to Exelon Corporation or its affiliates ("Exelon"). This Email is intended solely for the use of the person(s) to which it is addressed. If you are not an intended recipient, or the employee or agent responsible for delivery of this Email to the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this Email is strictly prohibited. If you have received this message in error, please immediately notify the sender and permanently delete this Email and any copies.
Exelon policies expressly prohibit employees from making defamatory or offensive statements and infringing any copyright or any other legal right by Email communication. Exelon will not accept any liability in respect of such communications. -EXCIP
Hearing Identifier:
NRR_DMPS Email Number:
34 Mail Envelope Properties (CY4PR05MB328893ECE5F9BBD35C5492CFE3330)
Subject:
[External_Sender] OC cyber security Sent Date:
12/7/2017 1:35:54 PM Received Date:
12/7/2017 1:49:58 PM From:
Helker, David P:(GenCo-Nuc)
Created By:
david.helker@exeloncorp.com Recipients:
"Barstow, James:(GenCo-Nuc)" <James.Barstow@exeloncorp.com>
Tracking Status: None "Neff, David B:(GenCo-Nuc)" <david.neff@exeloncorp.com>
Tracking Status: None "Ruark, Joseph:(GenCo-Nuc)" <Joseph.Ruark@exeloncorp.com>
Tracking Status: None "Lamb, John" <John.Lamb@nrc.gov>
Tracking Status: None Post Office:
CY4PR05MB3288.namprd05.prod.outlook.com Files Size Date & Time MESSAGE 3121 12/7/2017 1:49:58 PM Options Priority:
Standard Return Notification:
No Reply Requested:
No Sensitivity:
Normal Expiration Date:
Recipients Received: