ML080940074: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
(StriderTol Bot change)
 
(One intermediate revision by the same user not shown)
Line 19: Line 19:
{{#Wiki_filter:ML051430228
{{#Wiki_filter:ML051430228
UNITED STATES
UNITED STATES
NUCLE AR RE GULATOR Y COM MISS ION OFFICE OF NUC LEAR REAC TOR REGU LATION WASHINGTON, D.C. 20555-0001
NUCLEAR REGULATORY COMMISSION
November 7, 2005 NRC REGUL AT ORY ISSUE SUMMA
OFFICE OF NUCLEAR REACTOR REGULATION
RY 2005-26
WASHINGTON, D.C. 20555-0001
CONTROL OF SENSITIVE UNCLASSIFIED NONSAFEGUA
November 7, 2005
RDS INFORMATION RELATED TO NU
NRC REGULATORY ISSUE SUMMARY 2005-26
CLEAR POWER REA
CONTROL OF SENSITIVE UNCLASSIFIED NONSAFEGUARDS
CTORS ADDRESSEES
INFORMATION RELATED TO NUCLEAR POWER REACTORS
All hold ers of operating li
ADDRESSEES
censes for nucle
All holders of operating licenses for nuclear power reactors and holders of and applicants for
ar power re
certificates for reactor designs.
actors and hol
INTENT
ders of and appl
The U.S. Nuclear Regulatory Commission (NRC) is issuing this regulatory issue summary (RIS)
icants for
to inform the addressees of the appropriate handling of information that warrants controls
certificates for reactor d
because of continuing concerns about terrorist attacks against the critical infrastructure of the
esigns.INTENT The U.S. Nuclear Regulator
United States.  The NRC intends to balance its responsibility to preserve public access to
y Commission (NRC) is issuing this regulatory issue summ
information and support meaningful participation in NRCs regulatory processes against its
ary (RIS)to inform the addres
responsibility to withhold information that might unnecessarily compromise the security of
sees of the appropriate hand
nuclear facilitiesLicensees for operating nuclear power plants and reactor facility designers
ling of inform
may need to assess their document control procedures to ensure they protect sensitive
ation that warrants controls
information.  Although no specific action or written response is required, the NRC encourages
because of conti
the addressees for this RIS, vendors and contractors, and others who may possess sensitive
nuing concerns  
information to destroy, mark, or otherwise control the information to avoid inadvertently
about terrorist a
providing assistance to those who might use the information for malevolent acts.
ttacks against the cri
BACKGROUND INFORMATION
tical infrastructu
NRC traditionally has given the public access to a significant amount of information about the
re of the Unite d State s.  The N RC in tends to bal ance i ts resp onsib ilit y to p reserv e publ ic acc ess to informat ion a nd sup port me aningful parti cipat ion i n NRC's regu latory proce sses a gainst its responsibil
facilities and materials the agency regulates.  Openness has been and remains a cornerstone
ity to w ithhold i nformation that might unn
of NRCs regulatory philosophy.  The Atomic Energy Act, subsequent legislation, and various
ecessarily
NRC regulations have given the public the right to participate in the licensing and oversight
compromise the  
process for nuclear power reactors and other NRC licensees.  To participate in a meaningful
security of
way, the public must have access to information about the design and operation of regulated
nucle ar facil itiesLic ensee s for ope rating nucle ar pow er pla nts an d reac tor faci lity desi gners may need t
facilities and use of nuclear materials.  However, NRC and other Government agencies have
o assess their doc
always withheld some information from public disclosure for reasons of security, personal
ument contro l procedu res to en sure th ey protec t sensit ive information.  Al
privacy, or commercial or trade secret protection.  In light of increased terrorist activity
though no speci
worldwide, NRC reexamined its document disclosure policies.
fic action or w
Enclosure 2
ritten response
 
is required, th
RIS 2005-26  
e NRC enco
Page 2 of 5
urages the addr essees f or this RI
Since the events of September 11, 2001, NRC has issued advisories and taken specific actions
S, vendor s and cont
regarding the security of its licensed facilities.  NRC has also assessed and revised its policies
ractor s, and ot hers who ma
and practices for control of information so that information that could reasonably be expected to
y possess sensitive
be useful to terrorists in planning or executing an attack against nuclear power plants or other
information to dest
NRC-licensed facilities will be withheld from public disclosure.  The most recent and detailed
roy, mark, or other
guidance on the control of information related to operating nuclear power plants is provided in
wise control the information to avoid inadvertently
the Commission paper SECY-04-0191, Withholding Sensitive Unclassified Information
providin g assistance to  
Concerning Nuclear Power Reactors From Public Disclosure, dated October 19, 2004, and the
those who  
associated staff requirements memorandum dated November 9, 2004.  Also see
might use the in
SECY-05-0091, Task Force Report on Public Disclosure of Security-Related Information,
formation for malevol
dated May 18, 2005, and the associated staff requirements memorandum dated June 30, 2005.  
ent acts.BA CKGROU ND INF ORMA TION NRC traditi
The NRC staff is preparing similar guidance for materials licensees and expects to make it
onally has given th
available to the public in early 2006.
e public access to a si
SUMMARY OF ISSUE
gnificant amount of in
Considering the various reviews, legislation, and other changes since September 11, 2001, the
formation about the
NRC staff believes that clarifying NRCs current procedures and policies regarding the control
facilities a
of information will be beneficial to stakeholders.  NRC will continue to make available to the
nd materials  
public most of the information that the agency receives from or sends to its licensees.  In
the agency regul
addition, the public will have access to a large amount of information included in various reports
ates.  Openness  
produced by the NRC staff.  Much of NRCs information also will be readily available to the
has been and
public via the NRC Web site (www.nrc.gov) and the NRCs electronic document management
remains a co
system (ADAMS) (www.nrc.gov/reading-rm/adams.html).  In addition, other information may be
rnerstone of NRC's regula
released to the public in response to formal or informal requests.  The exceptions for certain
tory phil osophy.  The  
information to be withheld from public disclosure for reasons other than security (e.g., privacy,
Atomic Energy  
proprietary, and pre-decisional information) have not changed as a result of recent events.  The
Act, subsequent l
appropriate handling of Safeguards Information (SGI) is discussed in RIS-2003-08, Protection
egislation, a
of Safeguards Information From Unauthorized Disclosure, dated April 30, 2003, and more
nd variou s NRC regulatio
specific SGI designation guidance documents.   
ns have giv
NRC withheld from public disclosure some information related to protecting operating nuclear
en the publ
power plants although it does not meet the existing criteria for designation as SGI.  This type of
ic the right to  
information was recognized before September 11, 2001, and, when submitted to NRC by a
participate i
licensee, was withheld from public disclosure according to the provisions of 10 CFR
n the lice
2.390(d)(1).  This regulation states:
nsing and ov
(d) The following information is considered commercial or financial information within the
ersight process for nucle
meaning of §9.17(a)(4) of this chapter and is subject to disclosure only in accordance
ar power re
with the provisions of §9.19 of this chapter.
actors and othe
(1) Correspondence and reports to or from the NRC which contain information or
r NRC lic ensees.  To parti
records concerning a licensees or applicants physical protection, classified matter
cipate in  
protection, or material control and accounting program for special nuclear material not
a meaningful
otherwise designated as Safeguards Information or classified as National Security
way, the public mus
Information or Restricted Data.
t have acce
Enclosure 2
ss to information  
 
about the desi
RIS 2005-26  
gn and operatio
Page 3 of 5
n of regulated
NRC expects that licensees will continue to request NRC withhold some information citing
facilit ies and use
10 CFR 2.390(d)(1) and that the volume of material requested to be withheld from public
of nucle ar mat erials.  However, NRC an
disclosure under this provision will increase as the NRC staff and licensees implement the
d other G overnme nt agen cies have alway s withhel d some information  
guidance in this RIS.  NRC changed its procedures shortly after September 11, 2001, to
from public dis
withhold from public disclosure various categories of documents likely to include individual
closure for reason
records that warrant withholding under 10 CFR 2.390.  The NRC staff will assess the need to
s of security, p
withhold such document categories if licensees routinely identify specific documents containing
ersonal priv acy, or comme rcial or trad e secre t prote ction.  In l ight of i ncreas ed terr orist activ ity worldw ide, NRC re
sensitive information.  The NRC staff will interact with licensees on a case-by-case basis
examined i
regarding the use of the provisions of 10 CFR 2.390(d)(1) to assure that information is properly
ts document dis
controlled, under either Section 2.390(d)(1) or one of the other Freedom of Information Act
closure pol
(FOIA) exemptions that might be applicable.  Licensees that identify information to be withheld
icies.
from public disclosure in accordance with 10 CFR 2.390(d)(1) or other provision in the
RIS 2005-26
regulation should use the same general practices as used for proprietary commercial or
Pag e 2 of 5 Since the e
financial information.  As shown on the attached diagram, the cover letter should clearly state
vents of Septembe
that the document includes sensitive information and the affected pages should include the
r 11, 2001, NR
marking Security-Related Information Withhold Under 10 CFR 2.390.  Unlike the
C has issue
requirements for withholding proprietary information, licensees are not required to provide an
d adviso ries and taken s
affidavit for sensitive information withheld under 10 CFR 2.390(d) and related to (1) physical
pecific action
protection or (2) material control and accounting.
s regarding the securi
Most information received and generated by NRC deals with design, operations, or other
ty of its li
matters not directly related to the physical security of nuclear facilities or radioactive materials.  
censed facili
This information, if not protected as proprietary or under another exception, is generally made
ties.  NRC  
available to the public.  After September 11, 2001, NRC and other Government agencies
has also as
responded to concerns that some information easily available on public Web sites or by other
sessed and re
means might be useful to terrorists.  SECY-04-0191 provides the primary NRC guidance on
vised i ts policie
whether information related to operating nuclear power plants should be withheld from public
s and pr actice s for con trol o f informat
disclosure in light of the post-September 11 concerns.  The NRC staff has posted the guidance
ion s o that informat ion th at cou ld rea sonab ly b e exp ected to be useful to terrori
and related material within the public reading room (http://www.nrc.gov/reading-rm.html) on the
sts in plan
NRC Web site, and stakeholders can ask questions or make suggestions about the guidance
ning or exec
and the examples.   
uting an attack again
As discussed in SECY-04-0191, other Government agencies have issued regulations or
st nuclear po
guidance for protecting information that could be reasonably expected to be useful to terrorists
wer plan ts or other
in planning or executing an attack on critical infrastructure.
NRC-licen sed faciliti
*
es wil l be wi thheld from publi
Protected critical infrastructure information (PCII) is information related to the security of
c disclosu
critical infrastructure that is voluntarily provided to the Department of Homeland Security
re.  The most recent  
(DHS).  
and detail
*
ed guidance on the control of inf
Critical energy infrastructure information (CEII) is defined in Federal Energy Regulatory
ormation related to operat
Commission (FERC) regulations as information related to energy-related infrastructure
ing nuclear power plants is provided in
(e.g., hydroelectric dams and electric transmission systems).
the Commission
*
paper SECY
Sensitive security information (SSI) is defined in Transportation Safety Administration
-04-0191, "Withholding Sensi
(TSA) and Department of Transportation (DOT) regulations as information about the
tive Uncl assified Information
security of transportation assets, including pipelines.
Concerning Nu
Enclosure 2
clear Pow er Reactors From  
 
Public Di sclosure," dated
RIS 2005-26  
October 19, 2004 , and the associated sta
Page 4 of 5
ff requirements memorandum dated  
Licensees may need to assess and revise their procedures for handling sensitive unclassified
November 9, 2004.  Also
nonsafeguards information in their normal activities and interactions with parties other than
see SECY-05-009 1, "Task F
NRC.  During discussions of existing practices with various licensees, the NRC staff discovered
orce R eport o n Publ ic Di sclos ure of S ecuri ty-Re lated Informati
that licensees vary in how they treat and protect information that was previously unprotected but
on,"dated May 18, 20 05, an d the a ssoci ated s taff requir
now is considered sensitiveSome licensees have instituted more restrictive controls.  Some
ements memoran dum dat ed Jun e 30, 2 005. The NRC staff
have determined that their routine business practices provide an appropriate level of protection
is preparing similar guidance f
for the sensitive information.   
or materials licensees and expects to mak
As described in 10 CFR 2.390, information deemed sensitive because it relates to physical
e it availab le to the pu
protection or material control and accounting is protected in much the same way as commercial
blic in early 200 6.SUMMARY OF ISSUE
or financial information.  As with proprietary information, licensees are expected to have
Considerin
sufficient internal controls to keep the information confidential.  Possible methods to prevent the
g the various
inadvertent release of sensitive unclassified nonsafeguards information include marking
review s, legislati
documents as described in 10 CFR 2.390, restricting access to electronic recordkeeping
on, and other c
systems, and controlling the reproduction, distribution, and destruction of potentially sensitive
hanges since S
records.  NRC uses the marking Security-Related Information Withhold Under
eptember 11, 200
10 CFR 2.390 and encourages the use of this marking by licensees and others possessing
1, the NRC staff believ
information deemed sensitive using the guidance in SECY-04-0191.  Licensees should ensure
es that clari
that similar controls are in place when sensitive information is provided to outside parties such
fying NRC's
as contractors or other Government agencies.  The NRC staff posted information on NRCs
current procedures
Web site (http://www.nrc.gov/reading-rm.html) and included a feedback form for questions or
and poli cies regarding the
suggestions on how to effectively control sensitive information.   
control of information wi
BACKFIT DISCUSSION
ll be ben eficial to stakeho
This RIS requires no action or written responseAny action on the part of addressees to
lders.  NRC
assess and revise their document control procedures in accordance with the guidance
will continue to  
contained in this RIS is strictly voluntary and, therefore, is not a backfit under 10 CFR 50.109.  
make availab
Consequently, the NRC staff did not perform a backfit analysis.
le to the publi c most o f the in formatio n that the age ncy r eceiv es from o r send s to i ts li censee s.  In addit ion, t he pub lic w ill have acces s to a large a mount o f informat
FEDERAL REGISTER NOTIFICATION
ion i nclud ed in vari ous re ports produced by
A notice of opportunity for public comment on this RIS was not published in the Federal
the NRC sta
Register because it is informational and pertains to a staff position that does not represent a
ff.  Much of NRC's
departure from current regulatory requirements and practice.  NRC intends to work with the
information als
Nuclear Energy Institute, industry representatives, members of the public, and other
o will be readil
stakeholders in modifying related guidance documents.
y avai lable to th
SMALL BUSINESS REGULATORY ENFORCEMENT FAIRNESS ACT OF 1996
e public v ia the NRC
The NRC has determined that this action is not a rule and thus is not subject to the Small
Web site (www.n
Business Regulatory Enforcement Fairness Act of 1996.  
rc.gov) and the  
Enclosure 2
NRC's el ectronic docume
 
nt management
RIS 2005-26  
system (ADAM
Page 5 of 5
S) (www.nrc.gov/reading-rm/adams.html
PAPERWORK REDUCTION ACT STATEMENT
).  In additi
This RIS does not contain information collections and, therefore, is not subject to the
on, other informatio
requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.).
n may be released to the public in response to form
CONTACT
al or informal request
Please direct any questions about this matter to the technical contacts listed below or to the
s.  The exceptions for cert
appropriate Office of Nuclear Reactor Regulation (NRR) project manager.
ain infor mation to be withhe
/RA/ By Patrick L. Hiland For/
ld from public disc
Michael J. Case, Director
losure f or reas ons othe r than se curity (e.g., privacy, proprietary, a
Division of Inspection and Regional Support
nd pre-decisi
Office of Nuclear Reactor Regulation
onal information) have not  
Technical Contacts:
changed as a res
William Reckley, NRR
ult of recent ev
ents.  The
appropriate ha
ndling of Safeguards Informatio
n (SGI) is dis
cussed in R
IS-2003-08, "Prote
ction of Safegua
rds Infor mation From U nautho rize d Dis closu re," da ted Ap ril 3 0, 200 3, and more speci fic SGI d esigna tion gu idanc e docu ments.  NRC wi thheld from publi
c disclosu
re some information  
related to prote
cting operating nu
clear power pl ants although i
t does not meet th
e existi ng criteria for desi
gnation as SGI.  Thi
s type of infor mation was recog
nized bef ore Sept ember 11, 2001, and, when su
bmitt ed to NRC by a
licensee, w
as withhe ld from public  
disclosure  
according to the  
provisio ns of 10 CFR
2.390(d)(1).  This re
gulation states: (d) The follow
ing information i
s considered
commercial or  
financial i
nformation with
in the meaning of §9.17(a)(4) o
f this chapter and
is subject to  
disclosure  
only in accordance
with the pr ovis ions of §9.19 of this chapt er.(1) Corresponden
ce and reports  
to or from the NRC  
which co ntain information
or records concerni
ng a license
e's or appl
icant's phy
sical protec
tion, classi
fied matter
protection, or mate
rial control
and accounti
ng program for special  
nuclear materia
l not otherw ise d esigna ted as Safegua rds Infor mation or cl assifi ed as Natio nal S ecuri ty Information or Restri
cted Data.  
RIS 2005-26
Pag e 3 of 5 NRC expe cts that lice
nsees wi ll contin ue to request NRC
withhol d some information  
citing 10 CFR 2.390(d)(1) and that the volume of
material requested to be withheld fr
om public disclosure  
under this pro
vision will increase as  
the NRC staff and l
icensees i
mplement the
guidan ce in this RIS.  N RC ch anged i ts proc edures shortl y after Septe mber 11 , 2001 , to withhol d from public di
sclosure v
arious categorie
s of documents li
kely to inc
lude indi vidual record s that warra nt wi thhol ding u nder 1 0 CFR 2.390.  The N RC sta ff will asses s the n eed to withhol d such documen
t categories if li
censees routin
ely ide ntify specific  
documents contai
ning sensitive information.  The NRC staf
f will interact with licensees on a case-by-case basis
regarding the use of
the provisions of 10 CFR 2.390(d)(1) to assu
re that informat
ion is properly
controlled, u
nder either S
ection 2.390(d
)(1) or one of the o
ther Freedom of Information  
Act (FOIA) exemptions that m
ight be applicable.  Licensees that identify inf
ormation to be withheld
from public dis
closure in  
accordance w
ith 10 CFR
2.390(d)(1) or oth
er provisi
on in the regulation sho
uld use the  
same general prac
tices as used
for proprietary  
commercial or
financi al in formatio n.  As show n on th e attac hed di agram, th e cov er let ter sho uld c learl y sta te that the document  
includes s
ensitive information and  
the affected pages shoul
d include the marking "Security-R
elated Information  
- Withhold Under 10 CFR
2.390." Unl
ike the requirements for wi
thholding prop
rietary in
formation, license
es are not requi
red to provi
de an affidavit for sensiti
ve information  
withhel d under 10 C
FR 2.390(d) an
d related to  
(1) physica
l prot ecti on o r (2) mate rial con trol and acc ount ing.Most informatio
n receive d and generated  
by NRC deals w ith design, op
erations, or oth
er matters not di rectly relat ed to t he phy sical securi ty of n uclea r facil ities or rad ioact ive materi als. This information, i
f not protected as p
roprietary o
r under another  
exception, is generally
made availab le to the pu
blic.  After Sep
tember 11, 2001, NRC and oth
er Government agenc
ies responded to c
oncerns that some
information easi
ly ava ilable o n public Web sites or by other
means might be use
ful to terrorists.  S
ECY-04-0191  
provides the primary N
RC guidance  
on whether information relate
d to operating nuclear power plants should be withheld from
public disclosure  
in light of the  
post-September 11  
concerns.  The N
RC staff has posted th
e guidance
and related  
material w
ithin the p
ublic readi
ng room (http://ww
w.nrc.gov/readi
ng-rm.html) on the
NRC Web site, and stakehol
ders can ask questi
ons or make suggestions  
about the guida
nce and th e exa mples.  As discussed
in SECY-04-0191, other Gov
ernment agencies  
have issu ed regulations
or guidan ce for pr otecti ng inform ation that c ould be rea sonab ly e xpec ted to be use ful to t errori sts in planni ng or executi
ng an attack on criti
cal infrastructure.
*Protected criti
cal infrastructure  
information (PCII) i
s information rel
ated to the sec
urity of criti cal i nfrastru cture t hat is vol untari ly p rovi ded to the De partmen t of Home land Securi ty (DHS). *Criti cal e nergy infrastr ucture informa tion (CEII) i s defin ed in Feder al En ergy R egulat ory Commission (FE
RC) regulation
s as information  
related to ene
rgy-related in
frastructure (e.g., hy droel ectric dams a nd el ectric transmi ssion syste ms).*Sensitiv e security  
information (SSI) i
s defined in  
Transportation Sa
fety Administrati
on (TSA) and Departmen
t of Transportation (DOT) regul
ations as i
nformation about the
security of trans
portation asse
ts, includi
ng pipeline
s.
RIS 2005-26
Pag e 4 of 5 Licensees may
need to asse
ss and revi
se their proce
dures for handli
ng sensitiv
e unclassi
fied nonsafeguards information
in their n
ormal activ
ities and  
interactions  
with parti
es other than
NRC.  Duri
ng discussion
s of existin
g practices w
ith vario us license
es, the NRC  
staff discovered
that license
es vary in how they treat and
protect information  
that was pre
viously unprotected bu
t now is con sider ed sen sitiv eSom e lic ensee s hav e ins titute d more restri ctiv e cont rols.  Some have determi
ned that their  
routine busi
ness practices
provide an appropria
te level of protection
for the s ensit ive informat ion.  As described
in 10 CF R 2.390, informatio
n deemed sensi
tive beca use it relate
s to physi
cal protection or mate
rial control
and accounti
ng is protected i
n much the same  
way as commercial
or fina ncial inf ormat ion.  As with pr
oprieta ry infor mation , license es are expe
cted to have sufficient internal
controls to keep
the information c
onfidential.   
Possible methods to prev
ent the inadverten
t release of sens
itive un classified no
nsafeguards information i
nclude marking
documents as de
scribed in  
10 CFR 2.39
0, restricting acce
ss to electroni
c recordkeeping
system s, and co ntrollin g the re produc tion, dis tribut ion, and de
struc tion of potent ially sensit
ive records.  NRC  
uses the marking "Sec
urity-Rela
ted Information - Withhold Unde
r 10 CFR 2.39
0" and encoura
ges the use of this  
marking by lic
ensees and o
thers possessi
ng informat ion d eemed s ensit ive using t he gui dance in SE CY-04-0191.  Lice nsees shoul d ensu re that similar  
controls are i
n place w hen sensiti
ve information  
is provi ded to outsid
e parties suc
h as contractors or other
Government agencies.  T
he NRC staff posted inf
ormation on NRC's
Web site (http://www.n
rc.gov/reading-rm.html) an
d include d a feedback form for questions o
r suggesti ons on how to effecti
vely contro l sen sitiv e infor mationBA CKFIT DISCU SSION This R IS requi res no actio n or w ritten respo nseA ny ac tion o n the p art of ad dresse es to assess and rev
ise their do
cument control p
rocedures in  
accordance w
ith the guidan
ce contai ned i n this RIS i s stric tly v olunt ary a nd, the refore, i s not a backfit under 10 CFR 50.10 9. Consequently , the NRC sta
ff did not perform a backfit anal
ysis.FEDERAL REGISTER
NOTIF ICA TION A notice of opp
ortunity for pub
lic comment on
this RIS w
as not publi
shed in the  
Federal Register becau se it is in formatio nal a nd per tains to a s taff posi tion t hat do es not repres ent a departure from current regul
atory requirements
and practice.  NRC inte
nds to work w
ith the Nuclear Ene
rgy Institute, in
dustry represe
ntatives, membe
rs of the publi
c, and other
stakeholders in
modifying rela
ted guidance d
ocuments.SMAL L BUSINESS
REGULA TORY ENFOR
CEMENT FA IRNESS A CT OF 1996
The NRC has determined that this act
ion is not a rule and thus is not subject to the Small
Busin ess Re gulato ry En forcemen t Fair ness A ct of 199 6.
RIS 2005-26
Pag e 5 of 5 PAPERWORK REDUCTION A
CT STA TEMENT This RIS does  
not contain i
nformation colle
ctions and, th
erefore, is not sub
ject to the
require ments o f the Pa perw ork Red uctio n Act o f 1995 (44 U.S.C. 350 1 et se q.).CONTACT Please di rect any questi
ons about thi
s matter to the tech
nical conta
cts listed b
elow or to the approp riate Office of N
uclea r Reac tor Regu latio n (NRR) proje ct mana ger./RA/ By Patrick
L. Hiland For
/Michael J. Case, Di
rector Divi sion of Inspe ction and R egiona l Sup port Office of Nuclear Reacto
r Regulation
Technical Co
ntacts: W illiam Reckley, NRR
Margie Kotzalas, NRR
Margie Kotzalas, NRR
301-415-1323
301-415-1323
Line 545: Line 207:
E-mail: wdr@nrc.gov
E-mail: wdr@nrc.gov
E-mail: mxk5@nrc.gov
E-mail: mxk5@nrc.gov
Attachment:  M
Attachment:  Marking diagram for documents withheld under 10 CFR 2.390
arking diagram for documents  
Note:  NRC generic communications may be found on the NRC public Web site,
withhel d under 10 C
http://www.nrc.gov, under Electronic Reading Room/Document Collections.
FR 2.390 Note:  NRC  
Enclosure 2
generic communica
 
tions may b
Security-Related Information
e found on the N
Withhold Under 10 CFR 2.390
RC publi c Web site, http://www.nrc.gov, under E
Subject
lectronic Re
XXXXXXXXXX
ading Room/Docu
ment Collecti
ons.
Security-Re
lated Information
Withhold Under 10 CFR
2.390 Subject XXXXXXXXXX
XXXXXXXXXX
XXXXXXXXXX
XXXXXXXXXX
XXXXXXXXXX
XXXXXXXXXX
XXXXXXXXXX
Attachment
Attachment
RIS-2005-26
RIS-2005-26
 
Page 1 of 1
Pag e 1 of 1 SUGGESTED MA
SUGGESTED MARKINGS
RKINGS Withhold From Pub
Withhold From Public Disclosure In Accordance With 10 CFR 2.390
lic Disclosure In
                                                                                                                  Overall page marking on the top of all pages
Ac cordance With 1
Ensure Subject Line is non-sensitive
0 CFR 2.390
Appropriate Controls
           
Access:
           
Need-to-know in order to perform official licensee functions.
           
Storage:
           
Openly within licensee facilities with electronic or other access
           
controls, for example, key cards, guards, alarms.
           
Mail:
           
U.S. Postal Service first class mail, single opaque envelope with
           
no markings to indicate 10 CFR 2.390 contents.
           
Electronic Transmission:
      Over
Over encrypted phone, facsimile, computer, if available;
all page marking on  
otherwise over non-encrypted circuits where recipient will
the top of all pa
be present to receive the transmission.
ges Ensure Subjec t Line is non-se nsitive Appropriate Controls
Enclosure 2
Access: Need-to-know i
n order to perform official
licensee  
functions.
Storage: Openly w ithin li censee facili
ties wi th electronic
or other acces
s controls, for exa
mple, key cards , guards, alarms.
Mail: U.S. P ostal Serv ice fir st cla ss mai l, si ngle o paque e nvel ope w ith no markings to indi
cate 10 CFR  
2.390 contents.
Electronic Tran
smission: Over encryp
ted phone, facsimi
le, computer, if av
ailable;otherwise over non-encrypted circuits where recipient will
be present to re
ceive the transmission.
}}
}}

Latest revision as of 17:23, 14 January 2025

Control of Sensitive Unclassified Nonsafeguards Information Related to Nuclear Power Reactors
ML080940074
Person / Time
Site: Brunswick  Duke Energy icon.png
Issue date: 11/07/2005
From: Michael Case
Office of Nuclear Reactor Regulation
To:
References
RIS-05-026
Download: ML080940074 (6)
v  d  e


See also: RIS 2005-26

Text

ML051430228

UNITED STATES

NUCLEAR REGULATORY COMMISSION

OFFICE OF NUCLEAR REACTOR REGULATION

WASHINGTON, D.C. 20555-0001

November 7, 2005

NRC REGULATORY ISSUE SUMMARY 2005-26

CONTROL OF SENSITIVE UNCLASSIFIED NONSAFEGUARDS

INFORMATION RELATED TO NUCLEAR POWER REACTORS

ADDRESSEES

All holders of operating licenses for nuclear power reactors and holders of and applicants for

certificates for reactor designs.

INTENT

The U.S. Nuclear Regulatory Commission (NRC) is issuing this regulatory issue summary (RIS)

to inform the addressees of the appropriate handling of information that warrants controls

because of continuing concerns about terrorist attacks against the critical infrastructure of the

United States. The NRC intends to balance its responsibility to preserve public access to

information and support meaningful participation in NRCs regulatory processes against its

responsibility to withhold information that might unnecessarily compromise the security of

nuclear facilities. Licensees for operating nuclear power plants and reactor facility designers

may need to assess their document control procedures to ensure they protect sensitive

information. Although no specific action or written response is required, the NRC encourages

the addressees for this RIS, vendors and contractors, and others who may possess sensitive

information to destroy, mark, or otherwise control the information to avoid inadvertently

providing assistance to those who might use the information for malevolent acts.

BACKGROUND INFORMATION

NRC traditionally has given the public access to a significant amount of information about the

facilities and materials the agency regulates. Openness has been and remains a cornerstone

of NRCs regulatory philosophy. The Atomic Energy Act, subsequent legislation, and various

NRC regulations have given the public the right to participate in the licensing and oversight

process for nuclear power reactors and other NRC licensees. To participate in a meaningful

way, the public must have access to information about the design and operation of regulated

facilities and use of nuclear materials. However, NRC and other Government agencies have

always withheld some information from public disclosure for reasons of security, personal

privacy, or commercial or trade secret protection. In light of increased terrorist activity

worldwide, NRC reexamined its document disclosure policies.

Enclosure 2

RIS 2005-26

Page 2 of 5

Since the events of September 11, 2001, NRC has issued advisories and taken specific actions

regarding the security of its licensed facilities. NRC has also assessed and revised its policies

and practices for control of information so that information that could reasonably be expected to

be useful to terrorists in planning or executing an attack against nuclear power plants or other

NRC-licensed facilities will be withheld from public disclosure. The most recent and detailed

guidance on the control of information related to operating nuclear power plants is provided in

the Commission paper SECY-04-0191, Withholding Sensitive Unclassified Information

Concerning Nuclear Power Reactors From Public Disclosure, dated October 19, 2004, and the

associated staff requirements memorandum dated November 9, 2004. Also see

SECY-05-0091, Task Force Report on Public Disclosure of Security-Related Information,

dated May 18, 2005, and the associated staff requirements memorandum dated June 30, 2005.

The NRC staff is preparing similar guidance for materials licensees and expects to make it

available to the public in early 2006.

SUMMARY OF ISSUE

Considering the various reviews, legislation, and other changes since September 11, 2001, the

NRC staff believes that clarifying NRCs current procedures and policies regarding the control

of information will be beneficial to stakeholders. NRC will continue to make available to the

public most of the information that the agency receives from or sends to its licensees. In

addition, the public will have access to a large amount of information included in various reports

produced by the NRC staff. Much of NRCs information also will be readily available to the

public via the NRC Web site (www.nrc.gov) and the NRCs electronic document management

system (ADAMS) (www.nrc.gov/reading-rm/adams.html). In addition, other information may be

released to the public in response to formal or informal requests. The exceptions for certain

information to be withheld from public disclosure for reasons other than security (e.g., privacy,

proprietary, and pre-decisional information) have not changed as a result of recent events. The

appropriate handling of Safeguards Information (SGI) is discussed in RIS-2003-08, Protection

of Safeguards Information From Unauthorized Disclosure, dated April 30, 2003, and more

specific SGI designation guidance documents.

NRC withheld from public disclosure some information related to protecting operating nuclear

power plants although it does not meet the existing criteria for designation as SGI. This type of

information was recognized before September 11, 2001, and, when submitted to NRC by a

licensee, was withheld from public disclosure according to the provisions of 10 CFR 2.390(d)(1). This regulation states:

(d) The following information is considered commercial or financial information within the

meaning of §9.17(a)(4) of this chapter and is subject to disclosure only in accordance

with the provisions of §9.19 of this chapter.

(1) Correspondence and reports to or from the NRC which contain information or

records concerning a licensees or applicants physical protection, classified matter

protection, or material control and accounting program for special nuclear material not

otherwise designated as Safeguards Information or classified as National Security

Information or Restricted Data.

Enclosure 2

RIS 2005-26

Page 3 of 5

NRC expects that licensees will continue to request NRC withhold some information citing

10 CFR 2.390(d)(1) and that the volume of material requested to be withheld from public

disclosure under this provision will increase as the NRC staff and licensees implement the

guidance in this RIS. NRC changed its procedures shortly after September 11, 2001, to

withhold from public disclosure various categories of documents likely to include individual

records that warrant withholding under 10 CFR 2.390. The NRC staff will assess the need to

withhold such document categories if licensees routinely identify specific documents containing

sensitive information. The NRC staff will interact with licensees on a case-by-case basis

regarding the use of the provisions of 10 CFR 2.390(d)(1) to assure that information is properly

controlled, under either Section 2.390(d)(1) or one of the other Freedom of Information Act

(FOIA) exemptions that might be applicable. Licensees that identify information to be withheld

from public disclosure in accordance with 10 CFR 2.390(d)(1) or other provision in the

regulation should use the same general practices as used for proprietary commercial or

financial information. As shown on the attached diagram, the cover letter should clearly state

that the document includes sensitive information and the affected pages should include the

marking Security-Related Information Withhold Under 10 CFR 2.390. Unlike the

requirements for withholding proprietary information, licensees are not required to provide an

affidavit for sensitive information withheld under 10 CFR 2.390(d) and related to (1) physical

protection or (2) material control and accounting.

Most information received and generated by NRC deals with design, operations, or other

matters not directly related to the physical security of nuclear facilities or radioactive materials.

This information, if not protected as proprietary or under another exception, is generally made

available to the public. After September 11, 2001, NRC and other Government agencies

responded to concerns that some information easily available on public Web sites or by other

means might be useful to terrorists. SECY-04-0191 provides the primary NRC guidance on

whether information related to operating nuclear power plants should be withheld from public

disclosure in light of the post-September 11 concerns. The NRC staff has posted the guidance

and related material within the public reading room (http://www.nrc.gov/reading-rm.html) on the

NRC Web site, and stakeholders can ask questions or make suggestions about the guidance

and the examples.

As discussed in SECY-04-0191, other Government agencies have issued regulations or

guidance for protecting information that could be reasonably expected to be useful to terrorists

in planning or executing an attack on critical infrastructure.

Protected critical infrastructure information (PCII) is information related to the security of

critical infrastructure that is voluntarily provided to the Department of Homeland Security

(DHS).

Critical energy infrastructure information (CEII) is defined in Federal Energy Regulatory

Commission (FERC) regulations as information related to energy-related infrastructure

(e.g., hydroelectric dams and electric transmission systems).

Sensitive security information (SSI) is defined in Transportation Safety Administration

(TSA) and Department of Transportation (DOT) regulations as information about the

security of transportation assets, including pipelines.

Enclosure 2

RIS 2005-26

Page 4 of 5

Licensees may need to assess and revise their procedures for handling sensitive unclassified

nonsafeguards information in their normal activities and interactions with parties other than

NRC. During discussions of existing practices with various licensees, the NRC staff discovered

that licensees vary in how they treat and protect information that was previously unprotected but

now is considered sensitive. Some licensees have instituted more restrictive controls. Some

have determined that their routine business practices provide an appropriate level of protection

for the sensitive information.

As described in 10 CFR 2.390, information deemed sensitive because it relates to physical

protection or material control and accounting is protected in much the same way as commercial

or financial information. As with proprietary information, licensees are expected to have

sufficient internal controls to keep the information confidential. Possible methods to prevent the

inadvertent release of sensitive unclassified nonsafeguards information include marking

documents as described in 10 CFR 2.390, restricting access to electronic recordkeeping

systems, and controlling the reproduction, distribution, and destruction of potentially sensitive

records. NRC uses the marking Security-Related Information Withhold Under

10 CFR 2.390 and encourages the use of this marking by licensees and others possessing

information deemed sensitive using the guidance in SECY-04-0191. Licensees should ensure

that similar controls are in place when sensitive information is provided to outside parties such

as contractors or other Government agencies. The NRC staff posted information on NRCs

Web site (http://www.nrc.gov/reading-rm.html) and included a feedback form for questions or

suggestions on how to effectively control sensitive information.

BACKFIT DISCUSSION

This RIS requires no action or written response. Any action on the part of addressees to

assess and revise their document control procedures in accordance with the guidance

contained in this RIS is strictly voluntary and, therefore, is not a backfit under 10 CFR 50.109.

Consequently, the NRC staff did not perform a backfit analysis.

FEDERAL REGISTER NOTIFICATION

A notice of opportunity for public comment on this RIS was not published in the Federal

Register because it is informational and pertains to a staff position that does not represent a

departure from current regulatory requirements and practice. NRC intends to work with the

Nuclear Energy Institute, industry representatives, members of the public, and other

stakeholders in modifying related guidance documents.

SMALL BUSINESS REGULATORY ENFORCEMENT FAIRNESS ACT OF 1996

The NRC has determined that this action is not a rule and thus is not subject to the Small

Business Regulatory Enforcement Fairness Act of 1996.

Enclosure 2

RIS 2005-26

Page 5 of 5

PAPERWORK REDUCTION ACT STATEMENT

This RIS does not contain information collections and, therefore, is not subject to the

requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.).

CONTACT

Please direct any questions about this matter to the technical contacts listed below or to the

appropriate Office of Nuclear Reactor Regulation (NRR) project manager.

/RA/ By Patrick L. Hiland For/

Michael J. Case, Director

Division of Inspection and Regional Support

Office of Nuclear Reactor Regulation

Technical Contacts:

William Reckley, NRR

Margie Kotzalas, NRR

301-415-1323

301-415-2737

E-mail: wdr@nrc.gov

E-mail: mxk5@nrc.gov

Attachment: Marking diagram for documents withheld under 10 CFR 2.390

Note: NRC generic communications may be found on the NRC public Web site,

http://www.nrc.gov, under Electronic Reading Room/Document Collections.

Enclosure 2

Security-Related Information

Withhold Under 10 CFR 2.390

Subject

XXXXXXXXXX

XXXXXXXXXX

XXXXXXXXXX

XXXXXXXXXX

Attachment

RIS-2005-26

Page 1 of 1

SUGGESTED MARKINGS

Withhold From Public Disclosure In Accordance With 10 CFR 2.390

Overall page marking on the top of all pages

Ensure Subject Line is non-sensitive

Appropriate Controls

Access:

Need-to-know in order to perform official licensee functions.

Storage:

Openly within licensee facilities with electronic or other access

controls, for example, key cards, guards, alarms.

Mail:

U.S. Postal Service first class mail, single opaque envelope with

no markings to indicate 10 CFR 2.390 contents.

Electronic Transmission:

Over encrypted phone, facsimile, computer, if available;

otherwise over non-encrypted circuits where recipient will

be present to receive the transmission.

Enclosure 2

Retrieved from "https://kanterella.com/w/index.php?title=ML080940074&oldid=5333075"