ML080940074: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (StriderTol Bot change) |
||
| Line 17: | Line 17: | ||
=Text= | =Text= | ||
{{#Wiki_filter:UNITED STATES | {{#Wiki_filter:ML051430228 | ||
UNITED STATES | |||
NUCLEAR REGULATORY COMMISSION | |||
OFFICE OF NUCLEAR REACTOR REGULATION | |||
WASHINGTON, D.C. 20555-0001 | |||
November 7, 2005 | |||
NRC REGULATORY ISSUE SUMMARY 2005-26 | |||
CONTROL OF SENSITIVE UNCLASSIFIED NONSAFEGUARDS | |||
INFORMATION RELATED TO NUCLEAR POWER REACTORS | |||
ADDRESSEES | ADDRESSEES | ||
All holders of operating licenses for nuclear power reactors and holders of and applicants for | All holders of operating licenses for nuclear power reactors and holders of and applicants for | ||
| Line 32: | Line 33: | ||
to inform the addressees of the appropriate handling of information that warrants controls | to inform the addressees of the appropriate handling of information that warrants controls | ||
because of continuing concerns about terrorist attacks against the critical infrastructure of the | because of continuing concerns about terrorist attacks against the critical infrastructure of the | ||
United States. The NRC intends to balance its responsibility to preserve public access to | United States. The NRC intends to balance its responsibility to preserve public access to | ||
information and support meaningful participation in NRCs regulatory processes against its | information and support meaningful participation in NRCs regulatory processes against its | ||
responsibility to withhold information that might unnecessarily compromise the security of | responsibility to withhold information that might unnecessarily compromise the security of | ||
nuclear facilities. Licensees for operating nuclear power plants and reactor facility designers | nuclear facilities. Licensees for operating nuclear power plants and reactor facility designers | ||
may need to assess their document control procedures to ensure they protect sensitive | may need to assess their document control procedures to ensure they protect sensitive | ||
information. Although no specific action or written response is required, the NRC encourages | information. Although no specific action or written response is required, the NRC encourages | ||
the addressees for this RIS, vendors and contractors, and others who may possess sensitive | the addressees for this RIS, vendors and contractors, and others who may possess sensitive | ||
information to destroy, mark, or otherwise control the information to avoid inadvertently | information to destroy, mark, or otherwise control the information to avoid inadvertently | ||
| Line 43: | Line 44: | ||
BACKGROUND INFORMATION | BACKGROUND INFORMATION | ||
NRC traditionally has given the public access to a significant amount of information about the | NRC traditionally has given the public access to a significant amount of information about the | ||
facilities and materials the agency regulates. Openness has been and remains a cornerstone | facilities and materials the agency regulates. Openness has been and remains a cornerstone | ||
of NRCs regulatory philosophy. The Atomic Energy Act, subsequent legislation, and various | of NRCs regulatory philosophy. The Atomic Energy Act, subsequent legislation, and various | ||
NRC regulations have given the public the right to participate in the licensing and oversight | NRC regulations have given the public the right to participate in the licensing and oversight | ||
process for nuclear power reactors and other NRC licensees. To participate in a meaningful | process for nuclear power reactors and other NRC licensees. To participate in a meaningful | ||
way, the public must have access to information about the design and operation of regulated | way, the public must have access to information about the design and operation of regulated | ||
facilities and use of nuclear materials. However, NRC and other Government agencies have | facilities and use of nuclear materials. However, NRC and other Government agencies have | ||
always withheld some information from public disclosure for reasons of security, personal | always withheld some information from public disclosure for reasons of security, personal | ||
privacy, or commercial or trade secret protection. In light of increased terrorist activity | privacy, or commercial or trade secret protection. In light of increased terrorist activity | ||
worldwide, NRC reexamined its document disclosure policies. | worldwide, NRC reexamined its document disclosure policies. | ||
Enclosure 2 | |||
RIS 2005-26 | |||
Page 2 of 5 | |||
Since the events of September 11, 2001, NRC has issued advisories and taken specific actions | Since the events of September 11, 2001, NRC has issued advisories and taken specific actions | ||
regarding the security of its licensed facilities. NRC has also assessed and revised its policies | regarding the security of its licensed facilities. NRC has also assessed and revised its policies | ||
and practices for control of information so that information that could reasonably be expected to | and practices for control of information so that information that could reasonably be expected to | ||
be useful to terrorists in planning or executing an attack against nuclear power plants or other | be useful to terrorists in planning or executing an attack against nuclear power plants or other | ||
NRC-licensed facilities will be withheld from public disclosure. The most recent and detailed | NRC-licensed facilities will be withheld from public disclosure. The most recent and detailed | ||
guidance on the control of information related to operating nuclear power plants is provided in | guidance on the control of information related to operating nuclear power plants is provided in | ||
the Commission paper SECY-04-0191, Withholding Sensitive Unclassified Information | the Commission paper SECY-04-0191, Withholding Sensitive Unclassified Information | ||
Concerning Nuclear Power Reactors From Public Disclosure, dated October 19, 2004, and the | Concerning Nuclear Power Reactors From Public Disclosure, dated October 19, 2004, and the | ||
associated staff requirements memorandum dated November 9, 2004. Also see | associated staff requirements memorandum dated November 9, 2004. Also see | ||
SECY-05-0091, Task Force Report on Public Disclosure of Security-Related Information, | SECY-05-0091, Task Force Report on Public Disclosure of Security-Related Information, | ||
dated May 18, 2005, and the associated staff requirements memorandum dated June 30, 2005. | dated May 18, 2005, and the associated staff requirements memorandum dated June 30, 2005. | ||
The NRC staff is preparing similar guidance for materials licensees and expects to make it | The NRC staff is preparing similar guidance for materials licensees and expects to make it | ||
available to the public in early 2006. | available to the public in early 2006. | ||
| Line 73: | Line 73: | ||
Considering the various reviews, legislation, and other changes since September 11, 2001, the | Considering the various reviews, legislation, and other changes since September 11, 2001, the | ||
NRC staff believes that clarifying NRCs current procedures and policies regarding the control | NRC staff believes that clarifying NRCs current procedures and policies regarding the control | ||
of information will be beneficial to stakeholders. NRC will continue to make available to the | of information will be beneficial to stakeholders. NRC will continue to make available to the | ||
public most of the information that the agency receives from or sends to its licensees. In | public most of the information that the agency receives from or sends to its licensees. In | ||
addition, the public will have access to a large amount of information included in various reports | addition, the public will have access to a large amount of information included in various reports | ||
produced by the NRC staff. Much of NRCs information also will be readily available to the | produced by the NRC staff. Much of NRCs information also will be readily available to the | ||
public via the NRC Web site (www.nrc.gov) and the NRCs electronic document management | public via the NRC Web site (www.nrc.gov) and the NRCs electronic document management | ||
system (ADAMS) (www.nrc.gov/reading-rm/adams.html). In addition, other information may be | system (ADAMS) (www.nrc.gov/reading-rm/adams.html). In addition, other information may be | ||
released to the public in response to formal or informal requests. The exceptions for certain | released to the public in response to formal or informal requests. The exceptions for certain | ||
information to be withheld from public disclosure for reasons other than security (e.g., privacy, | information to be withheld from public disclosure for reasons other than security (e.g., privacy, | ||
proprietary, and pre-decisional information) have not changed as a result of recent events. The | proprietary, and pre-decisional information) have not changed as a result of recent events. The | ||
appropriate handling of Safeguards Information (SGI) is discussed in RIS-2003-08, Protection | appropriate handling of Safeguards Information (SGI) is discussed in RIS-2003-08, Protection | ||
of Safeguards Information From Unauthorized Disclosure, dated April 30, 2003, and more | of Safeguards Information From Unauthorized Disclosure, dated April 30, 2003, and more | ||
specific SGI designation guidance documents. | specific SGI designation guidance documents. | ||
NRC withheld from public disclosure some information related to protecting operating nuclear | NRC withheld from public disclosure some information related to protecting operating nuclear | ||
power plants although it does not meet the existing criteria for designation as SGI. This type of | power plants although it does not meet the existing criteria for designation as SGI. This type of | ||
information was recognized before September 11, 2001, and, when submitted to NRC by a | information was recognized before September 11, 2001, and, when submitted to NRC by a | ||
licensee, was withheld from public disclosure according to the provisions of 10 CFR | licensee, was withheld from public disclosure according to the provisions of 10 CFR | ||
2.390(d)(1). This regulation states: | 2.390(d)(1). This regulation states: | ||
(d) The following information is considered commercial or financial information within the | |||
meaning of §9.17(a)(4) of this chapter and is subject to disclosure only in accordance | |||
with the provisions of §9.19 of this chapter. | |||
(1) Correspondence and reports to or from the NRC which contain information or | |||
records concerning a licensees or applicants physical protection, classified matter | |||
protection, or material control and accounting program for special nuclear material not | |||
otherwise designated as Safeguards Information or classified as National Security | |||
Information or Restricted Data. | |||
Enclosure 2 | |||
RIS 2005-26 | |||
Page 3 of 5 | |||
NRC expects that licensees will continue to request NRC withhold some information citing | NRC expects that licensees will continue to request NRC withhold some information citing | ||
10 CFR 2.390(d)(1) and that the volume of material requested to be withheld from public | 10 CFR 2.390(d)(1) and that the volume of material requested to be withheld from public | ||
disclosure under this provision will increase as the NRC staff and licensees implement the | disclosure under this provision will increase as the NRC staff and licensees implement the | ||
guidance in this RIS. NRC changed its procedures shortly after September 11, 2001, to | guidance in this RIS. NRC changed its procedures shortly after September 11, 2001, to | ||
withhold from public disclosure various categories of documents likely to include individual | withhold from public disclosure various categories of documents likely to include individual | ||
records that warrant withholding under 10 CFR 2.390. The NRC staff will assess the need to | records that warrant withholding under 10 CFR 2.390. The NRC staff will assess the need to | ||
withhold such document categories if licensees routinely identify specific documents containing | withhold such document categories if licensees routinely identify specific documents containing | ||
sensitive information. The NRC staff will interact with licensees on a case-by-case basis | sensitive information. The NRC staff will interact with licensees on a case-by-case basis | ||
regarding the use of the provisions of 10 CFR 2.390(d)(1) to assure that information is properly | regarding the use of the provisions of 10 CFR 2.390(d)(1) to assure that information is properly | ||
controlled, under either Section 2.390(d)(1) or one of the other Freedom of Information Act | controlled, under either Section 2.390(d)(1) or one of the other Freedom of Information Act | ||
(FOIA) exemptions that might be applicable. Licensees that identify information to be withheld | (FOIA) exemptions that might be applicable. Licensees that identify information to be withheld | ||
from public disclosure in accordance with 10 CFR 2.390(d)(1) or other provision in the | from public disclosure in accordance with 10 CFR 2.390(d)(1) or other provision in the | ||
regulation should use the same general practices as used for proprietary commercial or | regulation should use the same general practices as used for proprietary commercial or | ||
financial information. As shown on the attached diagram, the cover letter should clearly state | financial information. As shown on the attached diagram, the cover letter should clearly state | ||
that the document includes sensitive information and the affected pages should include the | that the document includes sensitive information and the affected pages should include the | ||
marking Security-Related Information Withhold Under 10 CFR 2.390. Unlike the | marking Security-Related Information Withhold Under 10 CFR 2.390. Unlike the | ||
requirements for withholding proprietary information, licensees are not required to provide an | requirements for withholding proprietary information, licensees are not required to provide an | ||
affidavit for sensitive information withheld under 10 CFR 2.390(d) and related to (1) physical | affidavit for sensitive information withheld under 10 CFR 2.390(d) and related to (1) physical | ||
protection or (2) material control and accounting. | protection or (2) material control and accounting. | ||
Most information received and generated by NRC deals with design, operations, or other | Most information received and generated by NRC deals with design, operations, or other | ||
matters not directly related to the physical security of nuclear facilities or radioactive materials. | matters not directly related to the physical security of nuclear facilities or radioactive materials. | ||
This information, if not protected as proprietary or under another exception, is generally made | This information, if not protected as proprietary or under another exception, is generally made | ||
available to the public. After September 11, 2001, NRC and other Government agencies | available to the public. After September 11, 2001, NRC and other Government agencies | ||
responded to concerns that some information easily available on public Web sites or by other | responded to concerns that some information easily available on public Web sites or by other | ||
means might be useful to terrorists. SECY-04-0191 provides the primary NRC guidance on | means might be useful to terrorists. SECY-04-0191 provides the primary NRC guidance on | ||
whether information related to operating nuclear power plants should be withheld from public | whether information related to operating nuclear power plants should be withheld from public | ||
disclosure in light of the post-September 11 concerns. The NRC staff has posted the guidance | disclosure in light of the post-September 11 concerns. The NRC staff has posted the guidance | ||
and related material within the public reading room (http://www.nrc.gov/reading-rm.html) on the | and related material within the public reading room (http://www.nrc.gov/reading-rm.html) on the | ||
NRC Web site, and stakeholders can ask questions or make suggestions about the guidance | NRC Web site, and stakeholders can ask questions or make suggestions about the guidance | ||
and the examples. | and the examples. | ||
As discussed in SECY-04-0191, other Government agencies have issued regulations or | As discussed in SECY-04-0191, other Government agencies have issued regulations or | ||
guidance for protecting information that could be reasonably expected to be useful to terrorists | guidance for protecting information that could be reasonably expected to be useful to terrorists | ||
in planning or executing an attack on critical infrastructure. | in planning or executing an attack on critical infrastructure. | ||
* | * | ||
Protected critical infrastructure information (PCII) is information related to the security of | |||
critical infrastructure that is voluntarily provided to the Department of Homeland Security | |||
* | (DHS). | ||
* | |||
Critical energy infrastructure information (CEII) is defined in Federal Energy Regulatory | |||
* | Commission (FERC) regulations as information related to energy-related infrastructure | ||
(e.g., hydroelectric dams and electric transmission systems). | |||
* | |||
Sensitive security information (SSI) is defined in Transportation Safety Administration | |||
(TSA) and Department of Transportation (DOT) regulations as information about the | |||
security of transportation assets, including pipelines. | |||
Enclosure 2 | |||
RIS 2005-26 | |||
Page 4 of 5 | |||
Licensees may need to assess and revise their procedures for handling sensitive unclassified | Licensees may need to assess and revise their procedures for handling sensitive unclassified | ||
nonsafeguards information in their normal activities and interactions with parties other than | nonsafeguards information in their normal activities and interactions with parties other than | ||
NRC. During discussions of existing practices with various licensees, the NRC staff discovered | NRC. During discussions of existing practices with various licensees, the NRC staff discovered | ||
that licensees vary in how they treat and protect information that was previously unprotected but | that licensees vary in how they treat and protect information that was previously unprotected but | ||
now is considered sensitive. Some licensees have instituted more restrictive controls. Some | now is considered sensitive. Some licensees have instituted more restrictive controls. Some | ||
have determined that their routine business practices provide an appropriate level of protection | have determined that their routine business practices provide an appropriate level of protection | ||
for the sensitive information. | for the sensitive information. | ||
As described in 10 CFR 2.390, information deemed sensitive because it relates to physical | As described in 10 CFR 2.390, information deemed sensitive because it relates to physical | ||
protection or material control and accounting is protected in much the same way as commercial | protection or material control and accounting is protected in much the same way as commercial | ||
or financial information. As with proprietary information, licensees are expected to have | or financial information. As with proprietary information, licensees are expected to have | ||
sufficient internal controls to keep the information confidential. Possible methods to prevent the | sufficient internal controls to keep the information confidential. Possible methods to prevent the | ||
inadvertent release of sensitive unclassified nonsafeguards information include marking | inadvertent release of sensitive unclassified nonsafeguards information include marking | ||
documents as described in 10 CFR 2.390, restricting access to electronic recordkeeping | documents as described in 10 CFR 2.390, restricting access to electronic recordkeeping | ||
systems, and controlling the reproduction, distribution, and destruction of potentially sensitive | systems, and controlling the reproduction, distribution, and destruction of potentially sensitive | ||
records. NRC uses the marking Security-Related Information Withhold Under | records. NRC uses the marking Security-Related Information Withhold Under | ||
10 CFR 2.390 and encourages the use of this marking by licensees and others possessing | 10 CFR 2.390 and encourages the use of this marking by licensees and others possessing | ||
information deemed sensitive using the guidance in SECY-04-0191. Licensees should ensure | information deemed sensitive using the guidance in SECY-04-0191. Licensees should ensure | ||
that similar controls are in place when sensitive information is provided to outside parties such | that similar controls are in place when sensitive information is provided to outside parties such | ||
as contractors or other Government agencies. The NRC staff posted information on NRCs | as contractors or other Government agencies. The NRC staff posted information on NRCs | ||
Web site (http://www.nrc.gov/reading-rm.html) and included a feedback form for questions or | Web site (http://www.nrc.gov/reading-rm.html) and included a feedback form for questions or | ||
suggestions on how to effectively control sensitive information. | suggestions on how to effectively control sensitive information. | ||
BACKFIT DISCUSSION | BACKFIT DISCUSSION | ||
This RIS requires no action or written response. Any action on the part of addressees to | This RIS requires no action or written response. Any action on the part of addressees to | ||
assess and revise their document control procedures in accordance with the guidance | assess and revise their document control procedures in accordance with the guidance | ||
contained in this RIS is strictly voluntary and, therefore, is not a backfit under 10 CFR 50.109. | contained in this RIS is strictly voluntary and, therefore, is not a backfit under 10 CFR 50.109. | ||
Consequently, the NRC staff did not perform a backfit analysis. | Consequently, the NRC staff did not perform a backfit analysis. | ||
FEDERAL REGISTER NOTIFICATION | FEDERAL REGISTER NOTIFICATION | ||
A notice of opportunity for public comment on this RIS was not published in the Federal | A notice of opportunity for public comment on this RIS was not published in the Federal | ||
Register because it is informational and pertains to a staff position that does not represent a | Register because it is informational and pertains to a staff position that does not represent a | ||
departure from current regulatory requirements and practice. NRC intends to work with the | departure from current regulatory requirements and practice. NRC intends to work with the | ||
Nuclear Energy Institute, industry representatives, members of the public, and other | Nuclear Energy Institute, industry representatives, members of the public, and other | ||
stakeholders in modifying related guidance documents. | stakeholders in modifying related guidance documents. | ||
SMALL BUSINESS REGULATORY ENFORCEMENT FAIRNESS ACT OF 1996 | SMALL BUSINESS REGULATORY ENFORCEMENT FAIRNESS ACT OF 1996 | ||
The NRC has determined that this action is not a rule and thus is not subject to the Small | The NRC has determined that this action is not a rule and thus is not subject to the Small | ||
Business Regulatory Enforcement Fairness Act of 1996. | Business Regulatory Enforcement Fairness Act of 1996. | ||
Enclosure 2 | |||
RIS 2005-26 | |||
Page 5 of 5 | |||
PAPERWORK REDUCTION ACT STATEMENT | PAPERWORK REDUCTION ACT STATEMENT | ||
This RIS does not contain information collections and, therefore, is not subject to the | This RIS does not contain information collections and, therefore, is not subject to the | ||
| Line 193: | Line 196: | ||
Please direct any questions about this matter to the technical contacts listed below or to the | Please direct any questions about this matter to the technical contacts listed below or to the | ||
appropriate Office of Nuclear Reactor Regulation (NRR) project manager. | appropriate Office of Nuclear Reactor Regulation (NRR) project manager. | ||
/RA/ By Patrick L. Hiland For/ | |||
Michael J. Case, Director | |||
Division of Inspection and Regional Support | |||
Office of Nuclear Reactor Regulation | |||
Technical Contacts: William Reckley, NRR | Technical Contacts: | ||
William Reckley, NRR | |||
Margie Kotzalas, NRR | |||
Attachment: Marking diagram for documents withheld under 10 CFR 2.390 | 301-415-1323 | ||
Note: NRC generic communications may be found on the NRC public Web site, | 301-415-2737 | ||
E-mail: wdr@nrc.gov | |||
E-mail: mxk5@nrc.gov | |||
Attachment: Marking diagram for documents withheld under 10 CFR 2.390 | |||
Note: NRC generic communications may be found on the NRC public Web site, | |||
http://www.nrc.gov, under Electronic Reading Room/Document Collections. | http://www.nrc.gov, under Electronic Reading Room/Document Collections. | ||
Enclosure 2 | |||
Security-Related Information | |||
Withhold Under 10 CFR 2.390 | |||
Subject | |||
XXXXXXXXXX | |||
XXXXXXXXXX | |||
XXXXXXXXXX | |||
XXXXXXXXXX | |||
Attachment | |||
RIS-2005-26 | |||
Page 1 of 1 | |||
SUGGESTED MARKINGS | |||
Withhold From Public Disclosure In Accordance With 10 CFR 2.390 | |||
Overall page marking on the top of all pages | |||
Ensure Subject Line is non-sensitive | |||
Appropriate Controls | |||
Access: | Access: | ||
Storage: | Need-to-know in order to perform official licensee functions. | ||
Storage: | |||
Mail: | Openly within licensee facilities with electronic or other access | ||
controls, for example, key cards, guards, alarms. | |||
Electronic Transmission: | Mail: | ||
U.S. Postal Service first class mail, single opaque envelope with | |||
no markings to indicate 10 CFR 2.390 contents. | |||
Electronic Transmission: | |||
Over encrypted phone, facsimile, computer, if available; | |||
otherwise over non-encrypted circuits where recipient will | |||
be present to receive the transmission. | |||
Enclosure 2 | |||
}} | }} | ||
Latest revision as of 17:23, 14 January 2025
| ML080940074 | |
| Person / Time | |
|---|---|
| Site: | Brunswick  |
| Issue date: | 11/07/2005 |
| From: | Michael Case Office of Nuclear Reactor Regulation |
| To: | |
| References | |
| RIS-05-026 | |
| Download: ML080940074 (6) | |
See also: RIS 2005-26
Text
UNITED STATES
NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR REACTOR REGULATION
WASHINGTON, D.C. 20555-0001
November 7, 2005
NRC REGULATORY ISSUE SUMMARY 2005-26
CONTROL OF SENSITIVE UNCLASSIFIED NONSAFEGUARDS
INFORMATION RELATED TO NUCLEAR POWER REACTORS
ADDRESSEES
All holders of operating licenses for nuclear power reactors and holders of and applicants for
certificates for reactor designs.
INTENT
The U.S. Nuclear Regulatory Commission (NRC) is issuing this regulatory issue summary (RIS)
to inform the addressees of the appropriate handling of information that warrants controls
because of continuing concerns about terrorist attacks against the critical infrastructure of the
United States. The NRC intends to balance its responsibility to preserve public access to
information and support meaningful participation in NRCs regulatory processes against its
responsibility to withhold information that might unnecessarily compromise the security of
nuclear facilities. Licensees for operating nuclear power plants and reactor facility designers
may need to assess their document control procedures to ensure they protect sensitive
information. Although no specific action or written response is required, the NRC encourages
the addressees for this RIS, vendors and contractors, and others who may possess sensitive
information to destroy, mark, or otherwise control the information to avoid inadvertently
providing assistance to those who might use the information for malevolent acts.
BACKGROUND INFORMATION
NRC traditionally has given the public access to a significant amount of information about the
facilities and materials the agency regulates. Openness has been and remains a cornerstone
of NRCs regulatory philosophy. The Atomic Energy Act, subsequent legislation, and various
NRC regulations have given the public the right to participate in the licensing and oversight
process for nuclear power reactors and other NRC licensees. To participate in a meaningful
way, the public must have access to information about the design and operation of regulated
facilities and use of nuclear materials. However, NRC and other Government agencies have
always withheld some information from public disclosure for reasons of security, personal
privacy, or commercial or trade secret protection. In light of increased terrorist activity
worldwide, NRC reexamined its document disclosure policies.
Enclosure 2
Page 2 of 5
Since the events of September 11, 2001, NRC has issued advisories and taken specific actions
regarding the security of its licensed facilities. NRC has also assessed and revised its policies
and practices for control of information so that information that could reasonably be expected to
be useful to terrorists in planning or executing an attack against nuclear power plants or other
NRC-licensed facilities will be withheld from public disclosure. The most recent and detailed
guidance on the control of information related to operating nuclear power plants is provided in
the Commission paper SECY-04-0191, Withholding Sensitive Unclassified Information
Concerning Nuclear Power Reactors From Public Disclosure, dated October 19, 2004, and the
associated staff requirements memorandum dated November 9, 2004. Also see
SECY-05-0091, Task Force Report on Public Disclosure of Security-Related Information,
dated May 18, 2005, and the associated staff requirements memorandum dated June 30, 2005.
The NRC staff is preparing similar guidance for materials licensees and expects to make it
available to the public in early 2006.
SUMMARY OF ISSUE
Considering the various reviews, legislation, and other changes since September 11, 2001, the
NRC staff believes that clarifying NRCs current procedures and policies regarding the control
of information will be beneficial to stakeholders. NRC will continue to make available to the
public most of the information that the agency receives from or sends to its licensees. In
addition, the public will have access to a large amount of information included in various reports
produced by the NRC staff. Much of NRCs information also will be readily available to the
public via the NRC Web site (www.nrc.gov) and the NRCs electronic document management
system (ADAMS) (www.nrc.gov/reading-rm/adams.html). In addition, other information may be
released to the public in response to formal or informal requests. The exceptions for certain
information to be withheld from public disclosure for reasons other than security (e.g., privacy,
proprietary, and pre-decisional information) have not changed as a result of recent events. The
appropriate handling of Safeguards Information (SGI) is discussed in RIS-2003-08, Protection
of Safeguards Information From Unauthorized Disclosure, dated April 30, 2003, and more
specific SGI designation guidance documents.
NRC withheld from public disclosure some information related to protecting operating nuclear
power plants although it does not meet the existing criteria for designation as SGI. This type of
information was recognized before September 11, 2001, and, when submitted to NRC by a
licensee, was withheld from public disclosure according to the provisions of 10 CFR 2.390(d)(1). This regulation states:
(d) The following information is considered commercial or financial information within the
meaning of §9.17(a)(4) of this chapter and is subject to disclosure only in accordance
with the provisions of §9.19 of this chapter.
(1) Correspondence and reports to or from the NRC which contain information or
records concerning a licensees or applicants physical protection, classified matter
protection, or material control and accounting program for special nuclear material not
otherwise designated as Safeguards Information or classified as National Security
Information or Restricted Data.
Enclosure 2
Page 3 of 5
NRC expects that licensees will continue to request NRC withhold some information citing
10 CFR 2.390(d)(1) and that the volume of material requested to be withheld from public
disclosure under this provision will increase as the NRC staff and licensees implement the
guidance in this RIS. NRC changed its procedures shortly after September 11, 2001, to
withhold from public disclosure various categories of documents likely to include individual
records that warrant withholding under 10 CFR 2.390. The NRC staff will assess the need to
withhold such document categories if licensees routinely identify specific documents containing
sensitive information. The NRC staff will interact with licensees on a case-by-case basis
regarding the use of the provisions of 10 CFR 2.390(d)(1) to assure that information is properly
controlled, under either Section 2.390(d)(1) or one of the other Freedom of Information Act
(FOIA) exemptions that might be applicable. Licensees that identify information to be withheld
from public disclosure in accordance with 10 CFR 2.390(d)(1) or other provision in the
regulation should use the same general practices as used for proprietary commercial or
financial information. As shown on the attached diagram, the cover letter should clearly state
that the document includes sensitive information and the affected pages should include the
marking Security-Related Information Withhold Under 10 CFR 2.390. Unlike the
requirements for withholding proprietary information, licensees are not required to provide an
affidavit for sensitive information withheld under 10 CFR 2.390(d) and related to (1) physical
protection or (2) material control and accounting.
Most information received and generated by NRC deals with design, operations, or other
matters not directly related to the physical security of nuclear facilities or radioactive materials.
This information, if not protected as proprietary or under another exception, is generally made
available to the public. After September 11, 2001, NRC and other Government agencies
responded to concerns that some information easily available on public Web sites or by other
means might be useful to terrorists. SECY-04-0191 provides the primary NRC guidance on
whether information related to operating nuclear power plants should be withheld from public
disclosure in light of the post-September 11 concerns. The NRC staff has posted the guidance
and related material within the public reading room (http://www.nrc.gov/reading-rm.html) on the
NRC Web site, and stakeholders can ask questions or make suggestions about the guidance
and the examples.
As discussed in SECY-04-0191, other Government agencies have issued regulations or
guidance for protecting information that could be reasonably expected to be useful to terrorists
in planning or executing an attack on critical infrastructure.
Protected critical infrastructure information (PCII) is information related to the security of
critical infrastructure that is voluntarily provided to the Department of Homeland Security
(DHS).
Critical energy infrastructure information (CEII) is defined in Federal Energy Regulatory
Commission (FERC) regulations as information related to energy-related infrastructure
(e.g., hydroelectric dams and electric transmission systems).
Sensitive security information (SSI) is defined in Transportation Safety Administration
(TSA) and Department of Transportation (DOT) regulations as information about the
security of transportation assets, including pipelines.
Enclosure 2
Page 4 of 5
Licensees may need to assess and revise their procedures for handling sensitive unclassified
nonsafeguards information in their normal activities and interactions with parties other than
NRC. During discussions of existing practices with various licensees, the NRC staff discovered
that licensees vary in how they treat and protect information that was previously unprotected but
now is considered sensitive. Some licensees have instituted more restrictive controls. Some
have determined that their routine business practices provide an appropriate level of protection
for the sensitive information.
As described in 10 CFR 2.390, information deemed sensitive because it relates to physical
protection or material control and accounting is protected in much the same way as commercial
or financial information. As with proprietary information, licensees are expected to have
sufficient internal controls to keep the information confidential. Possible methods to prevent the
inadvertent release of sensitive unclassified nonsafeguards information include marking
documents as described in 10 CFR 2.390, restricting access to electronic recordkeeping
systems, and controlling the reproduction, distribution, and destruction of potentially sensitive
records. NRC uses the marking Security-Related Information Withhold Under
10 CFR 2.390 and encourages the use of this marking by licensees and others possessing
information deemed sensitive using the guidance in SECY-04-0191. Licensees should ensure
that similar controls are in place when sensitive information is provided to outside parties such
as contractors or other Government agencies. The NRC staff posted information on NRCs
Web site (http://www.nrc.gov/reading-rm.html) and included a feedback form for questions or
suggestions on how to effectively control sensitive information.
BACKFIT DISCUSSION
This RIS requires no action or written response. Any action on the part of addressees to
assess and revise their document control procedures in accordance with the guidance
contained in this RIS is strictly voluntary and, therefore, is not a backfit under 10 CFR 50.109.
Consequently, the NRC staff did not perform a backfit analysis.
FEDERAL REGISTER NOTIFICATION
A notice of opportunity for public comment on this RIS was not published in the Federal
Register because it is informational and pertains to a staff position that does not represent a
departure from current regulatory requirements and practice. NRC intends to work with the
Nuclear Energy Institute, industry representatives, members of the public, and other
stakeholders in modifying related guidance documents.
SMALL BUSINESS REGULATORY ENFORCEMENT FAIRNESS ACT OF 1996
The NRC has determined that this action is not a rule and thus is not subject to the Small
Business Regulatory Enforcement Fairness Act of 1996.
Enclosure 2
Page 5 of 5
PAPERWORK REDUCTION ACT STATEMENT
This RIS does not contain information collections and, therefore, is not subject to the
requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.).
CONTACT
Please direct any questions about this matter to the technical contacts listed below or to the
appropriate Office of Nuclear Reactor Regulation (NRR) project manager.
/RA/ By Patrick L. Hiland For/
Michael J. Case, Director
Division of Inspection and Regional Support
Office of Nuclear Reactor Regulation
Technical Contacts:
301-415-1323
301-415-2737
E-mail: wdr@nrc.gov
E-mail: mxk5@nrc.gov
Attachment: Marking diagram for documents withheld under 10 CFR 2.390
Note: NRC generic communications may be found on the NRC public Web site,
http://www.nrc.gov, under Electronic Reading Room/Document Collections.
Enclosure 2
Security-Related Information
Withhold Under 10 CFR 2.390
Subject
XXXXXXXXXX
XXXXXXXXXX
XXXXXXXXXX
XXXXXXXXXX
Attachment
Page 1 of 1
SUGGESTED MARKINGS
Withhold From Public Disclosure In Accordance With 10 CFR 2.390
Overall page marking on the top of all pages
Ensure Subject Line is non-sensitive
Appropriate Controls
Access:
Need-to-know in order to perform official licensee functions.
Storage:
Openly within licensee facilities with electronic or other access
controls, for example, key cards, guards, alarms.
Mail:
U.S. Postal Service first class mail, single opaque envelope with
no markings to indicate 10 CFR 2.390 contents.
Electronic Transmission:
Over encrypted phone, facsimile, computer, if available;
otherwise over non-encrypted circuits where recipient will
be present to receive the transmission.
Enclosure 2