ML13120A191: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
| Line 17: | Line 17: | ||
=Text= | =Text= | ||
{{#Wiki_filter: OFFICIAL USE ONLY - SECURITY RELATED INFORMATION | {{#Wiki_filter:OFFICIAL USE ONLY | ||
LIMITED INTERNAL DISTRIBUTION PERMITTED | - SECURITY RELATED INFORMATION | ||
UNITED STATES NUCLEAR REGULATORY COMMISSION REGION II 245 PEACHTREE CENTER AVENUE NE, SUITE 1200 ATLANTA, GEORGIA 30303-1257 | |||
Enclosure transmitted herewith contains SUNSI. When separated from enclosure, this | |||
transmittal document is decontrolled | |||
LIMITED INTERNAL | |||
DISTRIBUTION PERMITTED | |||
OFFICIAL USE ONLY | |||
- SECURITY-RELATED INFORMATION | |||
April 24, 2013 | |||
Mr. T. A. Lynch | |||
Vice President | Vice President | ||
Southern Nuclear Operating Company, Inc. | Southern Nuclear Operating Company, Inc. | ||
Joseph M. Farley Nuclear Plant | Joseph M. Farley Nuclear Plant | ||
P.O. Drawer 470, BIN B500 Ashford, AL 36312 SUBJECT: JOSEPH M FARLEY NUCLEAR PLANT - NOTIFICATION OF CYBER SECURITY TI MILESTONES 1-7 INSPECTION AND REQUEST FOR | |||
P.O. Drawer 470, BIN B500 | |||
Ashford, AL 36312 | |||
SUBJECT: JOSEPH M FARLEY NUCLEAR PLANT - NOTIFICATION OF CYBER SECURITY TI MILESTONES 1-7 INSPECTION AND REQUEST FOR | |||
INFORMATION (NRC INSPECTION REPORT NO. 05000348/2013404 AND | INFORMATION (NRC INSPECTION REPORT NO. 05000348/2013404 AND | ||
05000364/2013404) Dear Mr. Lynch: | |||
05000364/2013404) | |||
Dear Mr. Lynch: | |||
The purpose of this letter is to notify you that the U.S. Nuclear Regulatory Commission (NRC) | The purpose of this letter is to notify you that the U.S. Nuclear Regulatory Commission (NRC) | ||
| Line 31: | Line 49: | ||
NRC office of Nuclear Security and Incident Response (NSIR). The inspection will be | NRC office of Nuclear Security and Incident Response (NSIR). The inspection will be | ||
conducted in accordance with Temporary Instruction (TI) 2201/004, "Inspection of | conducted in accordance with Temporary Instruction (TI) 2201/004, "Inspection of | ||
Implementation of Interim Cyber Security Milestones 1-7." The TI inspection will be performed to evaluate and verify your ability to meet the interim milestone requirements of the NRC's Cyber Security Rule, Title 10, Code of Federal Regulations (CFR), Part 73, Section 54, "Protection of Digital Computer and Communication Systems and Networks." In accordance with 10 CFR 73.54, each nuclear power plant licensee was required to submit a proposed cyber security plan (CSP) and implementation schedule for NRC review and approval. On December 14, 2009, by letter (ML093080517) to the Nuclear Energy Institute | Implementation of Interim Cyber Security Milestones 1-7." The TI inspection will be performed | ||
(NEI), the NRC provided their expectations for the proposed implementation schedule. On January 5, 2011, by letter (ML110060093) to the NRC, NEI issued an initial "Template for the Cyber Security Plan Implementation Schedule" (ML110060097). On February 28, 2011, by letter (ML110600206) to the NRC, NEI provided a revised, "Template for the Cyber Security Plan Implementation Schedule." The purpose of the letter's attachment was to provide the | to evaluate and verify your ability to meet the interim milestone requirements of the NRC's Cyber Security Rule, Title 10, Code of Federal Regulations (CFR), Part 73, Section 54, "Protection of Digital Computer and Communication Systems and Networks." In accordance with 10 CFR 73.54, each nuclear power plant licensee was required to submit a proposed cyber security plan (CSP) and implementation schedule for NRC review and approval. On December 14, 2009, by letter (ML093080517) to the Nuclear Energy Institute | ||
licensee with a generically written | (NEI), the NRC provided their expectations for the proposed implementation schedule. On | ||
January 5, 2011, by letter (ML110060093) to the NRC, NEI issued an initial "Template for the | |||
Cyber Security Plan Implementation Schedule" (ML110060097). On February 28, 2011, by | |||
letter (ML110600206) to the NRC, NEI provided a revised, "Template for the Cyber Security Plan Implementation Schedule." The purpose of the letter's attachment was to provide the | |||
licensee with a generically written templat | |||
e to develop their proposed CSP implementation schedule. Utilization of the generic template required the licensee to make conforming changes to ensure the submitted schedule accurately accounted for site-specific activities. The CSP, | |||
implementation schedule, and other applicable information for your facility provided the | implementation schedule, and other applicable information for your facility provided the | ||
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION T. Lynch 2 OFFICIAL USE ONLY - SECURITY RELATED INFORMATION implementation aspects, including the key intermediate milestone attributes and dates as well as the full implementation dates. The implementation aspects were described based in part on | OFFICIAL USE ONLY | ||
- SECURITY RELATED INFORMATION | |||
T. Lynch 2 | |||
OFFICIAL USE ONLY | |||
- SECURITY RELATED INFORMATION | |||
implementation aspects, including the key intermediate milestone attributes and dates as well as the full implementation dates. The implementation aspects were described based in part on | |||
letters to NRC dated July 16, 2010 (ML110880218) and supplemented by letters dated March | letters to NRC dated July 16, 2010 (ML110880218) and supplemented by letters dated March | ||
28, 2011 (ML11088021) and April 21, 2011 (ML111020258). By reference to NRC safety | 28, 2011 (ML11088021) and April 21, 2011 (ML111020258). By reference to NRC safety | ||
evaluation report dated July 28, 2011 (ML11178A018) license condition 2.D was modified for facility operating licenses NFP-2 and NPF-8 for Farley Units 1 and 2 to ensure that the CSP would be implemented and maintained consistent with NRC requirements. | evaluation report dated July 28, 2011 (ML11178A018) license condition 2.D was modified for facility operating licenses NFP-2 and NPF-8 for Farley Units 1 and 2 to ensure that the CSP would be implemented and maintained consistent with NRC requirements. | ||
On April 23, 2013, during a conversation between Mr. B. Arens of your staff, and Mr. J. Patel, | On April 23, 2013, during a conversation between Mr. B. Arens of your staff, and Mr. J. Patel, | ||
NRC RII, our respective staffs confirmed arrangements for a three day information gathering | NRC RII, our respective staffs confirmed arrangements for a three day information gathering | ||
onsite visit and a one-week onsite inspection. The subject TI inspection provides a programmatic level review and verification of the licensee's site-specific implementation of Interim Milestones 1 through 7. The schedule for the onsite TI Inspection for the Interim | onsite visit and a one-week onsite inspection. The subject TI inspection provides a | ||
programmatic level review and verification of the licensee's site-specific implementation of Interim Milestones 1 through 7. The schedule for the onsite TI Inspection for the Interim | |||
Milestones 1 through 7 is as follows: | Milestones 1 through 7 is as follows: | ||
* Information gathering visit: July 9 - 11, 2013 * Onsite inspection: July 22 - 26, 2013 The purpose of the information gathering visit is to: (1) obtain information and documentation | |||
needed to support the TI inspection; (2) become | * Information gathering visit: July 9 - 11, 2013 | ||
* Onsite inspection: July 22 - 26, 2013 | |||
The purpose of the information gathering visit is to: (1) obtain information and documentation | |||
needed to support the TI inspection; (2) become fa | |||
miliar with the Farley Nuclear Plant Cyber | |||
Security Program and plant layout; and (3) arrange administrative details, such as office space, availability of knowledgeable office personnel and to ensure unescorted site access privileges. | |||
In order to assure a productive TI inspection, we have enclosed a request for documents | In order to assure a productive TI inspection, we have enclosed a request for documents | ||
| Line 53: | Line 90: | ||
(July 9, 2013). Group III consists of those items that the inspectors will review, or need access to, during the TI inspection. Group III also lists the information necessary to aid the inspectors in tracking questions and answers identified as a result of the TI inspection. It is requested that | (July 9, 2013). Group III consists of those items that the inspectors will review, or need access to, during the TI inspection. Group III also lists the information necessary to aid the inspectors in tracking questions and answers identified as a result of the TI inspection. It is requested that | ||
this information be provided to the lead inspector as the information is generated during the | this information be provided to the lead inspector as the information is generated during the | ||
TI inspection. It is important that all of these documents are up to date and complete in order to minimize the number of additional documents requested during the preparation and/or the onsite portions of the TI inspection. This letter does not contain new or amended information collection requirements subject to the | TI inspection. It is important that all of these documents are up to date and complete in order to minimize the number of additional documents requested during the preparation and/or the onsite portions of the TI inspection. | ||
This letter does not contain new or amended information collection requirements subject to the | |||
Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection | Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection | ||
requirements were approved by the Office of Management and Budget, control number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget control number | requirements were approved by the Office | ||
of Management and Budget, control number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget control number. | |||
Your cooperation and support during this inspection will be appreciated. If you have questions concerning this inspection, or the inspection team's information or logistical needs, please | |||
contact Mr. Patel at (404) 997-4577, or me at (404) 997-4511. | |||
OFFICIAL USE ONLY | |||
- SECURITY RELATED INFORMATION | |||
T. Lynch 3 | |||
OFFICIAL USE ONLY | |||
- SECURITY RELATED INFORMATION | |||
In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be | |||
available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records (PARS) component | |||
of NRC's document system, ADAMS. | |||
ADAMS is accessible from the NRC Website at http://www.nrc.gov/reading-rm/adams.html | |||
(the Public Electronic Reading Room). However, because of the security-related concerns contained in the enclosure, and in accordance with 10 CFR 2.390, a copy of this letters enclosure will not be available for public inspection. | |||
Sincerely, | |||
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION T. Lynch 4 OFFICIAL USE ONLY - SECURITY RELATED INFORMATION cc: Keith Wooten | /RA/ Michael F. King, Chief | ||
Engineering Branch 2 | |||
Division of Reactor Safety | |||
Docket No.: 50-348, 50-364 License No.: NPF-2, NPF-8 | |||
Enclosure: Document Request For Cyber Security Temporary Instruction | |||
(TI) 2201/004 Interim Milestones 1-7 | |||
Inspection | |||
(OFFICIAL USE ONLY) | |||
cc: (See page 4) | |||
_________________________ | |||
G SUNSI REVIEW COMPLETE | |||
G FORM 665 ATTACHED OFFICE RII:DRS RII:DRS SIGNATURE RA RA NAME PATEL KING DATE 4/24/2013 4/ 24/2013 4/ /2013 4/ /2013 4/ /2013 4/ /2013 4/ /2013 E-MAIL COPY? YES NO YES NO YES NO YES NO YES NO YES NO YES NO | |||
OFFICIAL USE ONLY | |||
- SECURITY RELATED INFORMATION | |||
T. Lynch 4 | |||
OFFICIAL USE ONLY | |||
- SECURITY RELATED INFORMATION | |||
cc: Keith Wooten | |||
Project Manager | Project Manager | ||
Nuclear Fleet Security | Nuclear Fleet Security | ||
Southern Nuclear Operating Company, Inc. | Southern Nuclear Operating Company, Inc. | ||
40 Iverness Center Parkway Birmingham, AL 35242 | |||
40 Iverness Center Parkway | |||
Birmingham, AL 35242 | |||
David Burford | David Burford | ||
Manager | Manager | ||
Nuclear Fleet Security Southern Nuclear Operating Company, Inc. 40 Iverness Center Parkway | Nuclear Fleet Security | ||
Southern Nuclear Operating Company, Inc. | |||
40 Iverness Center Parkway | |||
Birmingham, AL 35242 | Birmingham, AL 35242 | ||
L. B. Hogg Nuclear Licensing Southern Nuclear Operating Company, Inc. | L. B. Hogg Nuclear Licensing | ||
Southern Nuclear Operating Company, Inc. | |||
40 Inverness Center Parkway | 40 Inverness Center Parkway | ||
Birmingham, AL 35242 | Birmingham, AL 35242 | ||
S. P. McGavin Security Manager Joseph M. Farley Nuclear Plant | S. P. McGavin Security Manager | ||
Joseph M. Farley Nuclear Plant | |||
7388 North State Highway 95 | 7388 North State Highway 95 | ||
Columbia, AL 36319 | Columbia, AL 36319 | ||
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION | OFFICIAL USE ONLY | ||
- SECURITY RELATED INFORMATION | |||
5 OFFICIAL USE ONLY | |||
- SECURITY RELATED INFORMATION | |||
Letter to T. A. Lynch from Michael F. King dated April 24, 2013 | |||
SUBJECT: JOSEPH M FARLEY NUCLEAR PLANT - NOTIFICATION OF CYBER SECURITY TI MILESTONES 1-7 INSPECTION AND REQUEST FOR | SUBJECT: JOSEPH M FARLEY NUCLEAR PLANT - NOTIFICATION OF CYBER SECURITY TI MILESTONES 1-7 INSPECTION AND REQUEST FOR | ||
INFORMATION (NRC INSPECTION REPORT NO. 05000348/2013404 AND 05000364/2013404) | INFORMATION (NRC INSPECTION REPORT NO. 05000348/2013404 AND | ||
Distribution: RidsNrrPMFarley Resource | 05000364/2013404) | ||
B. Westreich, NSIR (hard copy w/ encl) RIDSNRRDIRS | |||
Distribution W/O OUO: PUBLIC | Distribution: | ||
RidsNrrPMFarley Resource | |||
B. Westreich, NSIR (hard copy w/ encl) RIDSNRRDIRS | |||
Distribution W/O OUO: | |||
PUBLIC | |||
}} | }} | ||
Revision as of 20:01, 17 July 2018
| ML13120A191 | |
| Person / Time | |
|---|---|
| Site: | Farley  |
| Issue date: | 04/24/2013 |
| From: | King M F NRC/RGN-II/DRS/EB2 |
| To: | Lynch T A Southern Nuclear Operating Co |
| References | |
| IR-13-404 | |
| Download: ML13120A191 (6) | |
See also: IR 05000348/2013404
Text
OFFICIAL USE ONLY
- SECURITY RELATED INFORMATION
UNITED STATES NUCLEAR REGULATORY COMMISSION REGION II 245 PEACHTREE CENTER AVENUE NE, SUITE 1200 ATLANTA, GEORGIA 30303-1257
Enclosure transmitted herewith contains SUNSI. When separated from enclosure, this
transmittal document is decontrolled
LIMITED INTERNAL
DISTRIBUTION PERMITTED
OFFICIAL USE ONLY
- SECURITY-RELATED INFORMATION
April 24, 2013
Mr. T. A. Lynch
Vice President
Southern Nuclear Operating Company, Inc.
Joseph M. Farley Nuclear Plant
P.O. Drawer 470, BIN B500
Ashford, AL 36312
SUBJECT: JOSEPH M FARLEY NUCLEAR PLANT - NOTIFICATION OF CYBER SECURITY TI MILESTONES 1-7 INSPECTION AND REQUEST FOR
INFORMATION (NRC INSPECTION REPORT NO. 05000348/2013404 AND
Dear Mr. Lynch:
The purpose of this letter is to notify you that the U.S. Nuclear Regulatory Commission (NRC)
Region II (RII) staff will conduct an inspection of the Cyber Security Milestones 1-7 requirements specified by the conditions of your operating license at the Farley Nuclear Plant on July 22 - 26, 2013. The inspection team will be led by Mr. Jigar Patel, Reactor Inspector, of the NRC RII
office. The team will be composed of personnel from the NRC RII office and personnel from the
NRC office of Nuclear Security and Incident Response (NSIR). The inspection will be
conducted in accordance with Temporary Instruction (TI) 2201/004, "Inspection of
Implementation of Interim Cyber Security Milestones 1-7." The TI inspection will be performed
to evaluate and verify your ability to meet the interim milestone requirements of the NRC's Cyber Security Rule, Title 10, Code of Federal Regulations (CFR), Part 73, Section 54, "Protection of Digital Computer and Communication Systems and Networks." In accordance with 10 CFR 73.54, each nuclear power plant licensee was required to submit a proposed cyber security plan (CSP) and implementation schedule for NRC review and approval. On December 14, 2009, by letter (ML093080517) to the Nuclear Energy Institute
(NEI), the NRC provided their expectations for the proposed implementation schedule. On
January 5, 2011, by letter (ML110060093) to the NRC, NEI issued an initial "Template for the
Cyber Security Plan Implementation Schedule" (ML110060097). On February 28, 2011, by
letter (ML110600206) to the NRC, NEI provided a revised, "Template for the Cyber Security Plan Implementation Schedule." The purpose of the letter's attachment was to provide the
licensee with a generically written templat
e to develop their proposed CSP implementation schedule. Utilization of the generic template required the licensee to make conforming changes to ensure the submitted schedule accurately accounted for site-specific activities. The CSP,
implementation schedule, and other applicable information for your facility provided the
OFFICIAL USE ONLY
- SECURITY RELATED INFORMATION
T. Lynch 2
OFFICIAL USE ONLY
- SECURITY RELATED INFORMATION
implementation aspects, including the key intermediate milestone attributes and dates as well as the full implementation dates. The implementation aspects were described based in part on
letters to NRC dated July 16, 2010 (ML110880218) and supplemented by letters dated March
28, 2011 (ML11088021) and April 21, 2011 (ML111020258). By reference to NRC safety
evaluation report dated July 28, 2011 (ML11178A018) license condition 2.D was modified for facility operating licenses NFP-2 and NPF-8 for Farley Units 1 and 2 to ensure that the CSP would be implemented and maintained consistent with NRC requirements.
On April 23, 2013, during a conversation between Mr. B. Arens of your staff, and Mr. J. Patel,
NRC RII, our respective staffs confirmed arrangements for a three day information gathering
onsite visit and a one-week onsite inspection. The subject TI inspection provides a
programmatic level review and verification of the licensee's site-specific implementation of Interim Milestones 1 through 7. The schedule for the onsite TI Inspection for the Interim
Milestones 1 through 7 is as follows:
- Information gathering visit: July 9 - 11, 2013
- Onsite inspection: July 22 - 26, 2013
The purpose of the information gathering visit is to: (1) obtain information and documentation
needed to support the TI inspection; (2) become fa
miliar with the Farley Nuclear Plant Cyber
Security Program and plant layout; and (3) arrange administrative details, such as office space, availability of knowledgeable office personnel and to ensure unescorted site access privileges.
In order to assure a productive TI inspection, we have enclosed a request for documents
needed to ensure the inspectors are adequately prepared. These documents have been
divided into three groups (I, II, & III). Group I lists information necessary to aid the inspectors in planning for the TI inspection prior to the information gathering visit. It is requested that this information be provided to the lead inspector via mail no later than June 12, 2013. Group II lists
information and possible areas for discussion necessary to assist the inspectors during the
TI inspection. It is requested this information be available during the information gathering visit
(July 9, 2013). Group III consists of those items that the inspectors will review, or need access to, during the TI inspection. Group III also lists the information necessary to aid the inspectors in tracking questions and answers identified as a result of the TI inspection. It is requested that
this information be provided to the lead inspector as the information is generated during the
TI inspection. It is important that all of these documents are up to date and complete in order to minimize the number of additional documents requested during the preparation and/or the onsite portions of the TI inspection.
This letter does not contain new or amended information collection requirements subject to the
Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection
requirements were approved by the Office
of Management and Budget, control number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget control number.
Your cooperation and support during this inspection will be appreciated. If you have questions concerning this inspection, or the inspection team's information or logistical needs, please
contact Mr. Patel at (404) 997-4577, or me at (404) 997-4511.
OFFICIAL USE ONLY
- SECURITY RELATED INFORMATION
T. Lynch 3
OFFICIAL USE ONLY
- SECURITY RELATED INFORMATION
In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be
available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records (PARS) component
of NRC's document system, ADAMS.
ADAMS is accessible from the NRC Website at http://www.nrc.gov/reading-rm/adams.html
(the Public Electronic Reading Room). However, because of the security-related concerns contained in the enclosure, and in accordance with 10 CFR 2.390, a copy of this letters enclosure will not be available for public inspection.
Sincerely,
/RA/ Michael F. King, Chief
Engineering Branch 2
Division of Reactor Safety
Docket No.: 50-348, 50-364 License No.: NPF-2, NPF-8
Enclosure: Document Request For Cyber Security Temporary Instruction
(TI) 2201/004 Interim Milestones 1-7
Inspection
(OFFICIAL USE ONLY)
cc: (See page 4)
_________________________
G SUNSI REVIEW COMPLETE
G FORM 665 ATTACHED OFFICE RII:DRS RII:DRS SIGNATURE RA RA NAME PATEL KING DATE 4/24/2013 4/ 24/2013 4/ /2013 4/ /2013 4/ /2013 4/ /2013 4/ /2013 E-MAIL COPY? YES NO YES NO YES NO YES NO YES NO YES NO YES NO
OFFICIAL USE ONLY
- SECURITY RELATED INFORMATION
T. Lynch 4
OFFICIAL USE ONLY
- SECURITY RELATED INFORMATION
cc: Keith Wooten
Project Manager
Nuclear Fleet Security
Southern Nuclear Operating Company, Inc.
40 Iverness Center Parkway
Birmingham, AL 35242
David Burford
Manager
Nuclear Fleet Security
Southern Nuclear Operating Company, Inc.
40 Iverness Center Parkway
Birmingham, AL 35242
L. B. Hogg Nuclear Licensing
Southern Nuclear Operating Company, Inc.
40 Inverness Center Parkway
Birmingham, AL 35242
S. P. McGavin Security Manager
Joseph M. Farley Nuclear Plant
7388 North State Highway 95
Columbia, AL 36319
OFFICIAL USE ONLY
- SECURITY RELATED INFORMATION
5 OFFICIAL USE ONLY
- SECURITY RELATED INFORMATION
Letter to T. A. Lynch from Michael F. King dated April 24, 2013
SUBJECT: JOSEPH M FARLEY NUCLEAR PLANT - NOTIFICATION OF CYBER SECURITY TI MILESTONES 1-7 INSPECTION AND REQUEST FOR
INFORMATION (NRC INSPECTION REPORT NO. 05000348/2013404 AND
Distribution:
RidsNrrPMFarley Resource
B. Westreich, NSIR (hard copy w/ encl) RIDSNRRDIRS
Distribution W/O OUO:
PUBLIC