ML11203B269: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
(Created page by program invented by StriderTol)
Line 15: Line 15:


=Text=
=Text=
{{#Wiki_filter:UNITED STATES NUCLEAR REGULATORY COMMISSION REGION II 245 PEACHTREE CENTER AVENUE NE, SUITE 1200 ATLANTA, GEORGIA 30303
{{#Wiki_filter:UNITED STATES NUCLEAR REGULATORY COMMISSION REGION II 245 PEACHTREE CENTER AVENUE NE, SUITE 1200 ATLANTA, GEORGIA 30303-1257 July 20, 2011 Mr. R. M. Krich Vice President, Nuclear Licensing Tennessee Valley Authority 1101 Market Street, LP 3R-C Chattanooga, TN 37402-2801
-1257 July 20, 2011 Mr. R. M. Krich Vice President, Nuclear Licensing Tennessee Valley Authority 1101 Market Street, LP 3R
-C Chattanooga, TN 37402
-2801


==SUBJECT:==
==SUBJECT:==
UPDATE OF NUCLEAR REGULATORY COMMISSION (NRC) DISTRIBUTION LIST FOR DOCUMENTS CONTAINING SAFEGUARDS (SGI), OFFICIAL USE ONLY (OUO), AND ROUTINE INFORMATION (WATTS BAR NUCLEAR PLANT)
UPDATE OF NUCLEAR REGULATORY COMMISSION (NRC) DISTRIBUTION LIST FOR DOCUMENTS CONTAINING SAFEGUARDS (SGI), OFFICIAL USE ONLY (OUO), AND ROUTINE INFORMATION (WATTS BAR NUCLEAR PLANT)


==Dear Mr. Krich:==
==Dear Mr. Krich:==


I am writing to request current information on those individuals authorized to receive documents containing Safeguards (SGI), Official Use Only (OUO), and Routine information on issues relating to your facility. Safeguards information is a special category of sensitive unclassified information authorized by Section 147 of the Atomic Energy Act of 1954, as amended (the Act), to be protected. While SGI is considered sensitive unclassified information, it is handled and protected more like classified confidential information than like other sensitive unclassified information (e.g., privacy and proprietary information).
I am writing to request current information on those individuals authorized to receive documents containing Safeguards (SGI), Official Use Only (OUO), and Routine information on issues relating to your facility. Safeguards information is a special category of sensitive unclassified information authorized by Section 147 of the Atomic Energy Act of 1954, as amended (the Act),
Access to SGI is controlled by a valid need
to be protected. While SGI is considered sensitive unclassified information, it is handled and protected more like classified confidential information than like other sensitive unclassified information (e.g., privacy and proprietary information).
-to-know basis. It is the responsibility of the NRC to maintain the integrity of SGI distribution, therefore we are currently in the process of verifying the identity, and contact information of individuals designated to receive documents with SGI, OUO, and Routine information for your facility.
Access to SGI is controlled by a valid need-to-know basis. It is the responsibility of the NRC to maintain the integrity of SGI distribution, therefore we are currently in the process of verifying the identity, and contact information of individuals designated to receive documents with SGI, OUO, and Routine information for your facility.
You are requested to provide an updated distribution list of those persons who should receive documents containing SGI, OUO, and Routine information within 20 days of the date of this letter to: ATTN: Document Control Desk, Washington, D.C. 20555
You are requested to provide an updated distribution list of those persons who should receive documents containing SGI, OUO, and Routine information within 20 days of the date of this letter to: ATTN: Document Control Desk, Washington, D.C. 20555-0001; with a copy to the Regional Administrator Region II, so that we can verify and/or update our distribution information.
-0001; with a copy to the Regional Administrator Region II, so that we can verify and/or update our distribution information.
Please ensure that each list clearly specifies the individuals who are authorized to receive matter specific correspondence. To facilitate this request, I have enclosed a copy of the NRCs official distribution list on file, which has been organized by category. Additionally, you will find NRC Regulatory Issue Summary 2005-26 defining control of sensitive unclassified non-safeguards information related to nuclear power reactors, and NRC Regulatory Issue Summary 2003-08, Summary of Safeguards Information Requirements.
Please ensure that each list clearly specifies the individuals who are authorized to receive matter specific correspondence. To facilitate this request, I have enclosed a copy of the NRC's official distribution list on file, which has been organized by category. Additionally, you will find NRC Regulatory Issue Summary 2005
-26 defining control of sensitive unclassified non-safeguards information related to nuclear power reactors, and NRC Regulatory Issue Summary 2003-08, Summary of Safeguards Information Requirements.
 
TVA 2  In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter and its enclosures will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records (PARS) component of NRC's document system (ADAMS). ADAMS is accessible from the NRC Web site at http://ww.nrc.gov/reading
-rm/adams.html (the Public Electronic Room).


TVA                                              2 In accordance with 10 CFR 2.390 of the NRCs Rules of Practice, a copy of this letter and its enclosures will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records (PARS) component of NRCs document system (ADAMS). ADAMS is accessible from the NRC Web site at http://ww.nrc.gov/reading-rm/adams.html (the Public Electronic Room).
Should you have any questions concerning this letter, please contact us.
Should you have any questions concerning this letter, please contact us.
Sincerely,
Sincerely,
      /RA/   Michael E. Ernstes, Chief Plant Support Branch 2 Division of Reactor Safety Docket No.:
                                              /RA/
50-390 License No.:
Michael E. Ernstes, Chief Plant Support Branch 2 Division of Reactor Safety Docket No.: 50-390 License No.: NPF-90
NPF-90


==Enclosures:==
==Enclosures:==
: 1. Current Official Distribution List
: 1. Current Official Distribution List
: 2. NRC Regulatory Issue Summary 2005
: 2. NRC Regulatory Issue Summary 2005-26
-26 3. NRC Regulatory Issue Summary 2003
: 3. NRC Regulatory Issue Summary 2003-08
-08  


_________________________
_________________________                 G SUNSI REVIEW COMPLETE G FORM 665 ATTACHED OFFICE           RII: DRS       RII: DRS       RII: DRP SIGNATURE         RA             RA             RA NAME             J. CALLOWAY     M. ERNSTES     EGUTHRIE DATE                 07/15/2011     07/20/2011     07/19/2011 E-MAIL COPY?         YES       NO YES         NO YES         NO YES     NO YES       NO  YES      NO YES     NO
G SUNSI REVIEW COMPLETE G FORM 665 ATTACHED OFFICE RII: DRS RII: DRS RII: DRP     SIGNATURE RA RA RA     NAME J. CALLOWAY M. ERNSTES EGUTHRIE     DATE 07/15/2011 07/20/2011 07/19/2011 E-MAIL COPY?
YES NO       YES NO       YES NO       YES NO      YES NO       YES NO       YES NO OFFICIAL DISTRIBUTION LIST WATTS BAR NUCLEAR PLANT Enclosure 1 ROUTINE DISTRIBUTION:
cc w/encl  D. E. Grissette Site Vice President Watts Bar Nuclear Plant Tennessee Valley Authority Electronic Mail Distribution G. A. Boerschig Plant Manager Watts Bar Nuclear Plant, MOB 2R
-WBN Tennessee Valley Authority Electronic Mail Distribution C. J. Riedl Acting Manager, Licensing Watts Bar Nuclear Plant, ADM 1L
-WBN Tennessee Valley Authority P.O. Box 2000 Spring City, TN  37381 J. W. Shea Manager, Corp. Nuclear Licensing
- WBN Tennessee Valley Authority Electronic Mail Distribution E. J. Vigluicci Assistant General Counsel Tennessee Valley Authority Electronic Mail Distribution W. D. Crouch Licensing Manager, Unit 2


Watts Bar Nuclear Plant, EQB 1B
OFFICIAL DISTRIBUTION LIST WATTS BAR NUCLEAR PLANT ROUTINE DISTRIBUTION:
-WBN Tennessee Valley Authority P.O. Box 2000 Spring City, TN   37381 County Mayor P.O. Box 156 Decatur, TN   37322 County Executive 375 Church Street Suite 215 Dayton, TN   37321
cc w/encl D. E. Grissette                              Tennessee Department of Environment &
Site Vice President                          Conservation Watts Bar Nuclear Plant                      Division of Radiological Health Tennessee Valley Authority                    401 Church Street Electronic Mail Distribution                  Nashville, TN 37243 G. A. Boerschig                              Senior Resident Inspector Plant Manager                                U.S. Nuclear Regulatory Commission Watts Bar Nuclear Plant, MOB 2R-WBN          Watts Bar Nuclear Plant Tennessee Valley Authority                    U.S. Nuclear Regulatory Commission Electronic Mail Distribution                  1260 Nuclear Plant Road Spring City, TN 37381-2000 C. J. Riedl Acting Manager, Licensing                    Ann Harris Watts Bar Nuclear Plant, ADM 1L-WBN          341 Swing Loop Tennessee Valley Authority                    Rockwood, TN 37854 P.O. Box 2000 Spring City, TN 37381 J. W. Shea Manager, Corp. Nuclear Licensing - WBN Tennessee Valley Authority Electronic Mail Distribution E. J. Vigluicci Assistant General Counsel Tennessee Valley Authority Electronic Mail Distribution W. D. Crouch Licensing Manager, Unit 2 Watts Bar Nuclear Plant, EQB 1B-WBN Tennessee Valley Authority P.O. Box 2000 Spring City, TN 37381 County Mayor P.O. Box 156 Decatur, TN 37322 County Executive 375 Church Street Suite 215 Dayton, TN 37321 Enclosure 1


Tennessee Department of Envi r onment & Conservation
OFFICIAL DISTRIBUTION LIST WATTS BAR NUCLEAR PLANT OFFICIAL USE ONLY (OUO) DISTRIBUTION cc w/encl D. E. Grissette Site Vice President Watts Bar Nuclear Plant Tennessee Valley Authority P. O. Box 2000 Spring City, TN 37381 C. J. Riedl Acting Manager, Licensing Watts Bar Nuclear Plant, ADM 1L-WBN Tennessee Valley Authority P.O. Box 2000 Spring City, TN 37381 Mark Findlay General Manager, Security Operations Tennessee Valley Authority 1101 Market Street, EB 10B-C Chattanooga, TN 37402-2801 A. S. Bhatnagar Senior Vice President Nuclear Generation Development and Construction Tennessee Valley Authority 1101 Market Street, LP 6A Chattanooga, TN 37402-2801 J. B. Wilcox Manager, Site Security (WBN)
Watts Bar Nuclear Plant Tennessee Valley Authority P.O. Box 2000 Spring City, TN 37381-2000 Enclosure 1


Division of Radiological Health 401 Church Street Nashville, TN   37243 Senior Resident Inspector U.S. Nuclear Regulatory Commission Watts Bar Nuclear Plant U.S. Nuclear Regulatory Commission 1260 Nuclear Plant Road Spring City, TN   37381
OFFICIAL DISTRIBUTION LIST WATTS BAR NUCLEAR PLANT SAFEGUARDS (SGI) DISTRIBUTION:
-2000 Ann Harris 341 Swing Loop
cc w/encl D. E. Grissette Site Vice President Watts Bar Nuclear Plant Tennessee Valley Authority P. O. Box 2000 Spring City, TN 37381 C. J. Riedl Acting Manager, Licensing Watts Bar Nuclear Plant, ADM 1L-WBN Tennessee Valley Authority P.O. Box 2000 Spring City, TN 37381 Mark Findlay General Manager, Security Operations Tennessee Valley Authority 1101 Market Street, EB 10B-C Chattanooga, TN 37402-2801 A. S. Bhatnagar Senior Vice President Nuclear Generation Development and Construction Tennessee Valley Authority 1101 Market Street, LP 6A Chattanooga, TN 37402-2801 J. B. Wilcox Manager, Site Security (WBN)
Watts Bar Nuclear Plant Tennessee Valley Authority P.O. Box 2000 Spring City, TN 37381-2000 Enclosure 1


Rockwood, TN  37854
UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION WASHINGTON, D.C. 20555-0001 November 7, 2005 NRC REGULATORY ISSUE


OFFICIAL DISTRIBUTION LIST WATTS BAR NUCLEAR PLANT Enclosure 1 OFFICIAL USE ONLY (OUO) DISTRIBUTION cc w/encl  D. E. Grissette Site Vice President Watts Bar Nuclear Plant Tennessee Valley Authority P. O. Box 2000 Spring City, TN  37381
==SUMMARY==
2005-26 CONTROL OF SENSITIVE UNCLASSIFIED NONSAFEGUARDS INFORMATION RELATED TO NUCLEAR POWER REACTORS ADDRESSEES All holders of operating licenses for nuclear power reactors and holders of and applicants for certificates for reactor designs.
INTENT The U.S. Nuclear Regulatory Commission (NRC) is issuing this regulatory issue summary (RIS) to inform the addressees of the appropriate handling of information that warrants controls because of continuing concerns about terrorist attacks against the critical infrastructure of the United States. The NRC intends to balance its responsibility to preserve public access to information and support meaningful participation in NRCs regulatory processes against its responsibility to withhold information that might unnecessarily compromise the security of nuclear facilities. Licensees for operating nuclear power plants and reactor facility designers may need to assess their document control procedures to ensure they protect sensitive information. Although no specific action or written response is required, the NRC encourages the addressees for this RIS, vendors and contractors, and others who may possess sensitive information to destroy, mark, or otherwise control the information to avoid inadvertently providing assistance to those who might use the information for malevolent acts.
BACKGROUND INFORMATION NRC traditionally has given the public access to a significant amount of information about the facilities and materials the agency regulates. Openness has been and remains a cornerstone of NRCs regulatory philosophy. The Atomic Energy Act, subsequent legislation, and various NRC regulations have given the public the right to participate in the licensing and oversight process for nuclear power reactors and other NRC licensees. To participate in a meaningful way, the public must have access to information about the design and operation of regulated facilities and use of nuclear materials. However, NRC and other Government agencies have always withheld some information from public disclosure for reasons of security, personal privacy, or commercial or trade secret protection. In light of increased terrorist activity worldwide, NRC reexamined its document disclosure policies.
ML051430228 Enclosure 2


C. J. Riedl Acting Manager, Licensing Watts Bar Nuclear Plant, ADM 1L
RIS 2005-26 Page 2 of 5 Since the events of September 11, 2001, NRC has issued advisories and taken specific actions regarding the security of its licensed facilities. NRC has also assessed and revised its policies and practices for control of information so that information that could reasonably be expected to be useful to terrorists in planning or executing an attack against nuclear power plants or other NRC-licensed facilities will be withheld from public disclosure. The most recent and detailed guidance on the control of information related to operating nuclear power plants is provided in the Commission paper SECY-04-0191, Withholding Sensitive Unclassified Information Concerning Nuclear Power Reactors From Public Disclosure, dated October 19, 2004, and the associated staff requirements memorandum dated November 9, 2004. Also see SECY-05-0091, Task Force Report on Public Disclosure of Security-Related Information, dated May 18, 2005, and the associated staff requirements memorandum dated June 30, 2005.
-WBN Tennessee Valley Authority P.O. Box 2000 Spring City, TN  37381
The NRC staff is preparing similar guidance for materials licensees and expects to make it available to the public in early 2006.


Mark Findlay General Manager, Security Operations Tennessee Valley Authority 1101 Market Street, EB 10B
==SUMMARY==
-C Chattanooga, TN  37402
OF ISSUE Considering the various reviews, legislation, and other changes since September 11, 2001, the NRC staff believes that clarifying NRCs current procedures and policies regarding the control of information will be beneficial to stakeholders. NRC will continue to make available to the public most of the information that the agency receives from or sends to its licensees. In addition, the public will have access to a large amount of information included in various reports produced by the NRC staff. Much of NRCs information also will be readily available to the public via the NRC Web site (www.nrc.gov) and the NRCs electronic document management system (ADAMS) (www.nrc.gov/reading-rm/adams.html). In addition, other information may be released to the public in response to formal or informal requests. The exceptions for certain information to be withheld from public disclosure for reasons other than security (e.g., privacy, proprietary, and pre-decisional information) have not changed as a result of recent events. The appropriate handling of Safeguards Information (SGI) is discussed in RIS-2003-08, Protection of Safeguards Information From Unauthorized Disclosure, dated April 30, 2003, and more specific SGI designation guidance documents.
-2801  A. S. Bhatnagar Senior Vice President Nuclear Generation Development and Construction Tennessee Valley Authority 1101 Market Street, LP 6A Chattanooga, TN  37402
NRC withheld from public disclosure some information related to protecting operating nuclear power plants although it does not meet the existing criteria for designation as SGI. This type of information was recognized before September 11, 2001, and, when submitted to NRC by a licensee, was withheld from public disclosure according to the provisions of 10 CFR 2.390(d)(1). This regulation states:
-2801  J. B. Wilcox Manager, Site Security (WBN)
(d) The following information is considered commercial or financial information within the meaning of §9.17(a)(4) of this chapter and is subject to disclosure only in accordance with the provisions of §9.19 of this chapter.
Watts Bar Nuclear Plant Tennessee Valley Authority P.O. Box 20 00 Spring City, TN  37381
(1) Correspondence and reports to or from the NRC which contain information or records concerning a licensees or applicants physical protection, classified matter protection, or material control and accounting program for special nuclear material not otherwise designated as Safeguards Information or classified as National Security Information or Restricted Data.
-2000 OFFICIAL DISTRIBUTION LIST WATTS BAR NUCLEAR PLANT Enclosure 1 SAFEGUARDS (SGI) DISTRIBUTION
Enclosure 2
: cc w/encl  D. E. Grissette Site Vice President Watts Bar Nuclear Plant Tennessee Valley Authority P. O. Box 2000 Spring City, TN  37381


C. J. Riedl Acting Manager, Licensing Watts Bar Nuclear Plant, ADM 1L
RIS 2005-26 Page 3 of 5 NRC expects that licensees will continue to request NRC withhold some information citing 10 CFR 2.390(d)(1) and that the volume of material requested to be withheld from public disclosure under this provision will increase as the NRC staff and licensees implement the guidance in this RIS. NRC changed its procedures shortly after September 11, 2001, to withhold from public disclosure various categories of documents likely to include individual records that warrant withholding under 10 CFR 2.390. The NRC staff will assess the need to withhold such document categories if licensees routinely identify specific documents containing sensitive information. The NRC staff will interact with licensees on a case-by-case basis regarding the use of the provisions of 10 CFR 2.390(d)(1) to assure that information is properly controlled, under either Section 2.390(d)(1) or one of the other Freedom of Information Act (FOIA) exemptions that might be applicable. Licensees that identify information to be withheld from public disclosure in accordance with 10 CFR 2.390(d)(1) or other provision in the regulation should use the same general practices as used for proprietary commercial or financial information. As shown on the attached diagram, the cover letter should clearly state that the document includes sensitive information and the affected pages should include the marking Security-Related Information  Withhold Under 10 CFR 2.390. Unlike the requirements for withholding proprietary information, licensees are not required to provide an affidavit for sensitive information withheld under 10 CFR 2.390(d) and related to (1) physical protection or (2) material control and accounting.
-WBN Tennessee Valley Authority P.O. Box 2000 Spring City, TN  37381
Most information received and generated by NRC deals with design, operations, or other matters not directly related to the physical security of nuclear facilities or radioactive materials.
This information, if not protected as proprietary or under another exception, is generally made available to the public. After September 11, 2001, NRC and other Government agencies responded to concerns that some information easily available on public Web sites or by other means might be useful to terrorists. SECY-04-0191 provides the primary NRC guidance on whether information related to operating nuclear power plants should be withheld from public disclosure in light of the post-September 11 concerns. The NRC staff has posted the guidance and related material within the public reading room (http://www.nrc.gov/reading-rm.html) on the NRC Web site, and stakeholders can ask questions or make suggestions about the guidance and the examples.
As discussed in SECY-04-0191, other Government agencies have issued regulations or guidance for protecting information that could be reasonably expected to be useful to terrorists in planning or executing an attack on critical infrastructure.
* Protected critical infrastructure information (PCII) is information related to the security of critical infrastructure that is voluntarily provided to the Department of Homeland Security (DHS).
* Critical energy infrastructure information (CEII) is defined in Federal Energy Regulatory Commission (FERC) regulations as information related to energy-related infrastructure (e.g., hydroelectric dams and electric transmission systems).
* Sensitive security information (SSI) is defined in Transportation Safety Administration (TSA) and Department of Transportation (DOT) regulations as information about the security of transportation assets, including pipelines.
Enclosure 2


Mark Findlay General Manager, Security Operations Tennessee Valley Authority 1101 Market Street, EB 10B
RIS 2005-26 Page 4 of 5 Licensees may need to assess and revise their procedures for handling sensitive unclassified nonsafeguards information in their normal activities and interactions with parties other than NRC. During discussions of existing practices with various licensees, the NRC staff discovered that licensees vary in how they treat and protect information that was previously unprotected but now is considered sensitive. Some licensees have instituted more restrictive controls. Some have determined that their routine business practices provide an appropriate level of protection for the sensitive information.
-C Chattanooga, TN  37402
As described in 10 CFR 2.390, information deemed sensitive because it relates to physical protection or material control and accounting is protected in much the same way as commercial or financial information. As with proprietary information, licensees are expected to have sufficient internal controls to keep the information confidential. Possible methods to prevent the inadvertent release of sensitive unclassified nonsafeguards information include marking documents as described in 10 CFR 2.390, restricting access to electronic recordkeeping systems, and controlling the reproduction, distribution, and destruction of potentially sensitive records. NRC uses the marking Security-Related Information  Withhold Under 10 CFR 2.390 and encourages the use of this marking by licensees and others possessing information deemed sensitive using the guidance in SECY-04-0191. Licensees should ensure that similar controls are in place when sensitive information is provided to outside parties such as contractors or other Government agencies. The NRC staff posted information on NRCs Web site (http://www.nrc.gov/reading-rm.html) and included a feedback form for questions or suggestions on how to effectively control sensitive information.
-2801  A. S. Bhatnagar Senior Vice President Nuclear Generation Development and Construction Tennessee Valley Authority 1101 Market Street, LP 6A Chattanooga, TN  37402
BACKFIT DISCUSSION This RIS requires no action or written response. Any action on the part of addressees to assess and revise their document control procedures in accordance with the guidance contained in this RIS is strictly voluntary and, therefore, is not a backfit under 10 CFR 50.109.
-2801  J. B. Wilcox Manager, Site Security (WBN)
Consequently, the NRC staff did not perform a backfit analysis.
Watts Bar Nuclear Plant Tennessee Valley Authority P.O. Box 2000 Spring City, TN  37381
FEDERAL REGISTER NOTIFICATION A notice of opportunity for public comment on this RIS was not published in the Federal Register because it is informational and pertains to a staff position that does not represent a departure from current regulatory requirements and practice. NRC intends to work with the Nuclear Energy Institute, industry representatives, members of the public, and other stakeholders in modifying related guidance documents.
-2000 ML051430228 UNITED STATES NUCLE AR RE GULATOR Y COM MISS ION OFFICE OF NUC LEAR REAC TOR REGU LATION WASHINGTON, D.C. 20555-0001 November 7, 2005 NRC REGUL AT ORY ISSUE SUMMA RY 2005-26 CONTROL OF SENSITIVE UNCLASSIFIED NONSAFEGUA RDS INFORMATION RELATED TO NU CLEAR POWER REA CTORS ADDRESSEES All hold ers of operating li censes for nucle ar power re actors and hol ders of and appl icants for certificates for reactor d esigns.INTENT The U.S. Nuclear Regulator y Commission (NRC) is issuing this regulatory issue summ ary (RIS)to inform the addres sees of the appropriate hand ling of inform ation that warrants controls because of conti nuing concerns about terrorist a ttacks against the cri tical infrastructu re of the Unite d State s. The N RC in tends to bal ance i ts resp onsib ilit y to p reserv e publ ic acc ess to informat ion a nd sup port me aningful parti cipat ion i n NRC's regu latory proce sses a gainst its responsibil ity to w ithhold i nformation that might unn ecessarily compromise the security of nucle ar facil ities. Lic ensee s for ope rating nucle ar pow er pla nts an d reac tor faci lity desi gners may need t o assess their doc ument contro l procedu res to en sure th ey protec t sensit ive information. Al though no speci fic action or w ritten response is required, th e NRC enco urages the addr essees f or this RI S, vendor s and cont ractor s, and ot hers who ma y possess sensitive information to dest roy, mark, or other wise control the information to avoid inadvertently providin g assistance to those who might use the in formation for malevol ent acts.BA CKGROU ND INF ORMA TION NRC traditi onally has given th e public access to a si gnificant amount of in formation about the facilities a nd materials the agency regul ates. Openness has been and remains a co rnerstone of NRC's regula tory phil osophy. The Atomic Energy Act, subsequent l egislation, a nd variou s NRC regulatio ns have giv en the publ ic the right to participate i n the lice nsing and ov ersight process for nucle ar power re actors and othe r NRC lic ensees. To parti cipate in a meaningful way, the public mus t have acce ss to information about the desi gn and operatio n of regulated facilit ies and use of nucle ar mat erials. However, NRC an d other G overnme nt agen cies have alway s withhel d some information from public dis closure for reason s of security, p ersonal priv acy, or comme rcial or trad e secre t prote ction. In l ight of i ncreas ed terr orist activ ity worldw ide, NRC re examined i ts document dis closure pol icies.
SMALL BUSINESS REGULATORY ENFORCEMENT FAIRNESS ACT OF 1996 The NRC has determined that this action is not a rule and thus is not subject to the Small Business Regulatory Enforcement Fairness Act of 1996.
RIS 2005-26 Pag e 2 of 5 Since the e vents of Septembe r 11, 2001, NR C has issue d adviso ries and taken s pecific action s regarding the securi ty of its li censed facili ties. NRC has also as sessed and re vised i ts policie s and pr actice s for con trol o f informat ion s o that informat ion th at cou ld rea sonab ly b e exp ected to be useful to terrori sts in plan ning or exec uting an attack again st nuclear po wer plan ts or other NRC-licen sed faciliti es wil l be wi thheld from publi c disclosu re. The most recent and detail ed guidance on the control of inf ormation related to operat ing nuclear power plants is provided in the Commission paper SECY 0191, "Withholding Sensi tive Uncl assified Information Concerning Nu clear Pow er Reactors From Public Di sclosure," dated October 19, 2004 , and the associated sta ff requirements memorandum dated November 9, 2004. Also see SECY-05-009 1, "Task F orce R eport o n Publ ic Di sclos ure of S ecuri ty-Re lated Informati on,"dated May 18, 20 05, an d the a ssoci ated s taff requir ements memoran dum dat ed Jun e 30, 2 005. The NRC staff is preparing similar guidance f or materials licensees and expects to mak e it availab le to the pu blic in early 200 6.
Enclosure 2


==SUMMARY==
RIS 2005-26 Page 5 of 5 PAPERWORK REDUCTION ACT STATEMENT This RIS does not contain information collections and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.).
OF ISSUE Considerin g the various review s, legislati on, and other c hanges since S eptember 11, 200 1, the NRC staff believ es that clari fying NRC's current procedures and poli cies regarding the control of information wi ll be ben eficial to stakeho lders. NRC will continue to make availab le to the publi c most o f the in formatio n that the age ncy r eceiv es from o r send s to i ts li censee s. In addit ion, t he pub lic w ill have acces s to a large a mount o f informat ion i nclud ed in vari ous re ports produced by the NRC sta ff. Much of NRC's information als o will be readil y avai lable to th e public v ia the NRC Web site (www.n rc.gov) and the NRC's el ectronic docume nt management system (ADAM S) (www.nrc.gov/reading-rm/adams.html
CONTACT Please direct any questions about this matter to the technical contacts listed below or to the appropriate Office of Nuclear Reactor Regulation (NRR) project manager.
). In additi on, other informatio n may be released to the public in response to form al or informal request
                                            /RA/ By Patrick L. Hiland For/
: s. The exceptions for cert ain infor mation to be withhe ld from public disc losure f or reas ons othe r than se curity (e.g., privacy, proprietary, a nd pre-decisi onal information) have not changed as a res ult of recent ev ents. The appropriate ha ndling of Safeguards Informatio n (SGI) is dis cussed in R IS-2003-08, "Prote ction of Safegua rds Infor mation From U nautho rize d Dis closu re," da ted Ap ril 3 0, 200 3, and more speci fic SGI d esigna tion gu idanc e docu ments. NRC wi thheld from publi c disclosu re some information related to prote cting operating nu clear power pl ants although i t does not meet th e existi ng criteria for desi gnation as SGI. Thi s type of infor mation was recog nized bef ore Sept ember 11, 2001, and, when su bmitt ed to NRC by a licensee, w as withhe ld from public disclosure according to the provisio ns of 10 CFR 2.390(d)(1). This re gulation states: (d) The follow ing information i s considered commercial or financial i nformation with in the meaning of §9.17(a)(4) o f this chapter and is subject to disclosure only in accordance with the pr ovis ions of §9.19 of this chapt er.(1) Corresponden ce and reports to or from the NRC which co ntain information or records concerni ng a license e's or appl icant's phy sical protec tion, classi fied matter protection, or mate rial control and accounti ng program for special nuclear materia l not otherw ise d esigna ted as Safegua rds Infor mation or cl assifi ed as Natio nal S ecuri ty Information or Restri cted Data.
Michael J. Case, Director Division of Inspection and Regional Support Office of Nuclear Reactor Regulation Technical Contacts: William Reckley, NRR           Margie Kotzalas, NRR 301-415-1323                 301-415-2737 E-mail: wdr@nrc.gov         E-mail: mxk5@nrc.gov
RIS 2005-26 Pag e 3 of 5 NRC expe cts that lice nsees wi ll contin ue to request NRC withhol d some information citing 10 CFR 2.390(d)(1) and that the volume of material requested to be withheld fr om public disclosure under this pro vision will increase as the NRC staff and l icensees i mplement the guidan ce in this RIS. N RC ch anged i ts proc edures shortl y after Septe mber 11 , 2001 , to withhol d from public di sclosure v arious categorie s of documents li kely to inc lude indi vidual record s that warra nt wi thhol ding u nder 1 0 CFR 2.390. The N RC sta ff will asses s the n eed to withhol d such documen t categories if li censees routin ely ide ntify specific documents contai ning sensitive information. The NRC staf f will interact with licensees on a case-by-case basis regarding the use of the provisions of 10 CFR 2.390(d)(1) to assu re that informat ion is properly controlled, u nder either S ection 2.390(d
)(1) or one of the o ther Freedom of Information Act (FOIA) exemptions that m ight be applicable. Licensees that identify inf ormation to be withheld from public dis closure in accordance w ith 10 CFR 2.390(d)(1) or oth er provisi on in the regulation sho uld use the same general prac tices as used for proprietary commercial or financi al in formatio n. As show n on th e attac hed di agram, th e cov er let ter sho uld c learl y sta te that the document includes s ensitive information and the affected pages shoul d include the marking "Security-R elated Information
- Withhold Under 10 CFR 2.390."  Unl ike the requirements for wi thholding prop rietary in formation, license es are not requi red to provi de an affidavit for sensiti ve information withhel d under 10 C FR 2.390(d) an d related to (1) physica l prot ecti on o r (2) mate rial con trol and acc ount ing.Most informatio n receive d and generated by NRC deals w ith design, op erations, or oth er matters not di rectly relat ed to t he phy sical securi ty of n uclea r facil ities or rad ioact ive materi als. This information, i f not protected as p roprietary o r under another exception, is generally made availab le to the pu blic. After Sep tember 11, 2001, NRC and oth er Government agenc ies responded to c oncerns that some information easi ly ava ilable o n public Web sites or by other means might be use ful to terrorists. S ECY-04-0191 provides the primary N RC guidance on whether information relate d to operating nuclear power plants should be withheld from public disclosure in light of the post-September 11 concerns. The N RC staff has posted th e guidance and related material w ithin the p ublic readi ng room (http://ww w.nrc.gov/readi ng-rm.html) on the NRC Web site, and stakehol ders can ask questi ons or make suggestions about the guida nce and th e exa mples. As discussed in SECY-04-0191, other Gov ernment agencies have issu ed regulations or guidan ce for pr otecti ng inform ation that c ould be rea sonab ly e xpec ted to be use ful to t errori sts in planni ng or executi ng an attack on criti cal infrastructure.
*Protected criti cal infrastructure information (PCII) i s information rel ated to the sec urity of criti cal i nfrastru cture t hat is vol untari ly p rovi ded to the De partmen t of Home land Securi ty (DHS). *Criti cal e nergy infrastr ucture informa tion (CEII) i s defin ed in Feder al En ergy R egulat ory Commission (FE RC) regulation s as information related to ene rgy-related in frastructure (e.g., hy droel ectric dams a nd el ectric transmi ssion syste ms).*Sensitiv e security information (SSI) i s defined in Transportation Sa fety Administrati on (TSA) and Departmen t of Transportation (DOT) regul ations as i nformation about the security of trans portation asse ts, includi ng pipeline
: s.
RIS 2005-26 Pag e 4 of 5 Licensees may need to asse ss and revi se their proce dures for handli ng sensitiv e unclassi fied nonsafeguards information in their n ormal activ ities and interactions with parti es other than NRC. Duri ng discussion s of existin g practices w ith vario us license es, the NRC staff discovered that license es vary in how they treat and protect information that was pre viously unprotected bu t now is con sider ed sen sitiv e. Som e lic ensee s hav e ins titute d more restri ctiv e cont rols. Some have determi ned that their routine busi ness practices provide an appropria te level of protection for the s ensit ive informat ion. As described in 10 CF R 2.390, informatio n deemed sensi tive beca use it relate s to physi cal protection or mate rial control and accounti ng is protected i n much the same way as commercial or fina ncial inf ormat ion. As with pr oprieta ry infor mation , license es are expe cted to have sufficient internal controls to keep the information c onfidential.
Possible methods to prev ent the inadverten t release of sens itive un classified no nsafeguards information i nclude marking documents as de scribed in 10 CFR 2.39 0, restricting acce ss to electroni c recordkeeping system s, and co ntrollin g the re produc tion, dis tribut ion, and de struc tion of potent ially sensit ive records. NRC uses the marking "Sec urity-Rela ted Information - Withhold Unde r 10 CFR 2.39 0" and encoura ges the use of this marking by lic ensees and o thers possessi ng informat ion d eemed s ensit ive using t he gui dance in SE CY-04-0191. Lice nsees shoul d ensu re that similar controls are i n place w hen sensiti ve information is provi ded to outsid e parties suc h as contractors or other Government agencies. T he NRC staff posted inf ormation on NRC's Web site (http://www.n rc.gov/reading-rm.html) an d include d a feedback form for questions o r suggesti ons on how to effecti vely contro l sen sitiv e infor mation. BA CKFIT DISCU SSION This R IS requi res no actio n or w ritten respo nse. A ny ac tion o n the p art of ad dresse es to assess and rev ise their do cument control p rocedures in accordance w ith the guidan ce contai ned i n this RIS i s stric tly v olunt ary a nd, the refore, i s not a backfit under 10 CFR 50.10 9. Consequently , the NRC sta ff did not perform a backfit anal ysis.FEDERAL REGISTER NOTIF ICA TION A notice of opp ortunity for pub lic comment on this RIS w as not publi shed in the Federal Register becau se it is in formatio nal a nd per tains to a s taff posi tion t hat do es not repres ent a departure from current regul atory requirements and practice. NRC inte nds to work w ith the Nuclear Ene rgy Institute, in dustry represe ntatives, membe rs of the publi c, and other stakeholders in modifying rela ted guidance d ocuments.SMAL L BUSINESS REGULA TORY ENFOR CEMENT FA IRNESS A CT OF 1996 The NRC has determined that this act ion is not a rule and thus is not subject to the Small Busin ess Re gulato ry En forcemen t Fair ness A ct of 199 6.
RIS 2005-26 Pag e 5 of 5 PAPERWORK REDUCTION A CT STA TEMENT This RIS does not contain i nformation colle ctions and, th erefore, is not sub ject to the require ments o f the Pa perw ork Red uctio n Act o f 1995 (44 U.S.C. 350 1 et se q.).CONTACT Please di rect any questi ons about thi s matter to the tech nical conta cts listed b elow or to the approp riate Office of N uclea r Reac tor Regu latio n (NRR) proje ct mana ger./RA/ By Patrick L. Hiland For
/Michael J. Case, Di rector Divi sion of Inspe ction and R egiona l Sup port Office of Nuclear Reacto r Regulation Technical Co ntacts: W illiam Reckley, NRR Margie Kotzalas, NRR 301-415-1323 301-415-2737 E-mail: wdr@nrc.gov E-mail: mxk5@nrc.gov


==Attachment:==
==Attachment:==
M arking diagram for documents withhel d under 10 C FR 2.390 Note: NRC generic communica tions may b e found on the N RC publi c Web site, http://www.nrc.gov, under E lectronic Re ading Room/Docu ment Collecti ons.
Marking diagram for documents withheld under 10 CFR 2.390 Note: NRC generic communications may be found on the NRC public Web site, http://www.nrc.gov, under Electronic Reading Room/Document Collections.
Security-Re lated Information Withhold Under 10 CFR 2.390 Subject XXXXXXXXXX XXXXXXXXXX XXXXXXXXXX
Enclosure 2


XXXXXXXXXX Attachment
Attachment RIS-2005-26 Page 1 of 1 SUGGESTED MARKINGS Withhold From Public Disclosure In Accordance With 10 CFR 2.390 Overall page marking on the top of all pages Security-Related Information Withhold Under 10 CFR 2.390 Ensure Subject Line is non-sensitive Subject XXXXXXXXXX XXXXXXXXXX XXXXXXXXXX XXXXXXXXXX Appropriate Controls Access:                      Need-to-know in order to perform official licensee functions.
Storage:                    Openly within licensee facilities with electronic or other access controls, for example, key cards, guards, alarms.
Mail:                        U.S. Postal Service first class mail, single opaque envelope with no markings to indicate 10 CFR 2.390 contents.
Electronic Transmission:            Over encrypted phone, facsimile, computer, if available; otherwise over non-encrypted circuits where recipient will be present to receive the transmission.
Enclosure 2


RIS-2005-26
RIS 2003-08 Page 1 of 4


Pag e 1 of 1 SUGGESTED MA RKINGS Withhold From Pub lic Disclosure In Ac cordance With 1 0 CFR 2.390
==SUMMARY==
OF SAFEGUARDS INFORMATION REQUIREMENTS I. AUTHORITY The Atomic Energy Act of 1954, as amended, 42 U.S.C. §§ 2011 et seq. (Act), grants the Nuclear Regulatory Commission broad and unique authority to prohibit the unauthorized disclosure of Safeguards Information upon a determination that the unauthorized disclosure of such information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of materials or facilities subject to NRC jurisdiction.
Section 147 of the Act, 42 U.S.C. § 2167.
For licensees and any other person, whether or not a licensee (primarily 10 C.F.R. Part 50 reactor licensees, 10 C.F.R. Part 70 licensees for special nuclear material, and their employees and contractors) subject to the requirements in 10 C.F.R. Part 73, Safeguards Information is defined by NRC regulation as follows:
Safeguards Information means information not otherwise classified as National Security Information or Restricted Data which specifically identifies a licensee's or applicant's detailed, (1) security measures for the physical protection of special nuclear material, or (2) security measures for the physical protection and location of certain plant equipment vital to the safety of production or utilization facilities.
10 C.F.R. § 73.2.
Specific requirements for the protection of Safeguards Information are contained in 10 C.F.R. § 73.21. Access to Safeguards Information is limited as follows:
(c) Access to Safeguards Information. (1) Except as the Commission may otherwise authorize, no person may have access to Safeguards Information unless the person has an established "need to know" for the information and is:
(i) An employee, agent, or contractor of an applicant, a licensee, the Commission, or the United States Government. However, an individual to be authorized access to Safeguards Information by a nuclear power reactor applicant or licensee must undergo a Federal Bureau of Investigation criminal history check to the extent required by 10 CFR 73.57; (ii) A member of a duly authorized committee of the Congress; (iii) The Governor of a State or designated representatives; (iv) A representative of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement who has been certified by the NRC; Enclosure 3
 
RIS 2003-08 Page 2 of 4 (v) A member of a state or local law enforcement authority that is responsible for responding to requests for assistance during safeguards emergencies; or (vi) An individual to whom disclosure is ordered pursuant to § 2.744(e) of this chapter [10 CFR 2.744(e)].
(2) Except as the Commission may otherwise authorize, no person may disclose Safeguards Information to any other person except as set forth in paragraph (c)(1) of this section.
10 C.F.R. § 73.21(c).
The need to know requirement is specified by NRC regulation as follows:
Need to know means a determination by a person having responsibility for protecting Safeguards Information that a proposed recipient's access to Safeguards Information is necessary in the performance of official, contractual, or licensee duties of employment.
10 C.F.R. § 73.2.
Thus, unless otherwise authorized by the Commission, NRC regulations limit access to Safeguards Information to certain specified individuals who have been determined to have a need to know, i.e., specified individuals whose access has been determined to be necessary in the performance of official, contractual or licensee duties of employment.
Furthermore, except as otherwise authorized by the Commission, no person may disclose Safeguards Information to any other person unless that other person is one of the specified persons listed in 10 C.F.R. § 73.21(c)(1) and that person also has a need to know.
10 C.F.R. § 73.21(c)(2). These regulations and prohibitions on unauthorized disclosure of Safeguards Information are applicable to all licensees and all individuals:
This part [10 C.F.R. Part 73] prescribes requirements for the protection of Safeguards Information in the hands of any person, whether or not a licensee of the Commission, who produces, receives, or acquires Safeguards Information.
10 C.F.R. § 73.1(b)(7).
The Commissions statutory authority to protect and prohibit the unauthorized disclosure of Safeguards Information is even broader than is reflected in these regulations. Section 147 of the Act grants the Commission explicit authority to issue such orders, as necessary to prohibit the unauthorized disclosure of safeguards information . . . . This authority extends to information concerning special nuclear material, source material, and byproduct material, as well as production and utilization facilities.
Enclosure 3


Over all page marking on the top of all pa ges Ensure Subjec t Line is non-se nsitive Appropriate Controls Access: Need-to-know i n order to perform official licensee functions.
RIS 2003-08 Page 3 of 4 The Act explicitly provides: Any person, whether or not a licensee of the Commission, who violates any regulations adopted under this section shall be subject to the civil monetary penalties of Section 234 of this Act. Section 147a of the Act. Section 234a of the Act provides for a civil monetary penalty not to exceed $120,000 for each violation. See 10 C.F.R. § 2.205(j) (2003). Furthermore, a willful violation of any regulation or order governing Safeguards Information is a felony subject to criminal penalties in the form of fines or imprisonment, or both. See Sections 147b and 223a of the Act.
Storage: Openly w ithin li censee facili ties wi th electronic or other acces s controls, for exa mple, key cards , guards, alarms.
The NRC Enforcement Policy outlines potential NRC actions against both licensees and individuals for violations of the regulations and Orders using criteria that evaluate both the details and severity of the violation.
Mail: U.S. P ostal Serv ice fir st cla ss mai l, si ngle o paque e nvel ope w ith no markings to indi cate 10 CFR 2.390 contents.
II. DISCUSSION All licensees and all other persons who now have, or in the future may have, access to Safeguards Information must comply with all applicable requirements delineated in regulations and Orders governing the handling and unauthorized disclosure of Safeguards Information. As stipulated in 10 C.F.R. § 73.21(a), licensees and persons who produce, receive or acquire Safeguards Information are required to ensure that Safeguards Information is protected against unauthorized disclosure. To meet this requirement, licensees and persons subject to 10 C.F.R. § 73.21(a) shall establish and maintain an information protection system governing the proper handling and unauthorized disclosure of Safeguards Information. All licensees should be aware that since the requirements of 10 C.F.R. § 73.21(a) apply to all persons who receive Safeguards Information, they apply to all contractors whose employees may have access to Safeguards Information and they must either adhere to the licensees policies and procedures on Safeguards Information or develop, maintain and implement their own information protection system, but the licensees remain responsible for the conduct of their contractors. The elements of the required information protection system are specified in 10 C.F.R. § 73.21(b) through (i). The information protection system must address, at a minimum, the following: the general performance requirement that each person who produces, receives, or acquires Safeguards Information shall ensure that Safeguards Information is protected against unauthorized disclosure; protection of Safeguards Information at fixed sites, in use and in storage, and while in transit; inspections, audits and evaluations; correspondence containing Safeguards Information; access to Safeguards Information; preparation, marking, reproduction and destruction of documents; external transmission of documents; use of automatic data processing systems; and removal of the Safeguards Information category.
Electronic Tran smission: Over encryp ted phone, facsimi le, computer, if av ailable;otherwise over non-encrypted circuits where recipient will be present to re ceive the transmission.
As noted above, in addition to the responsibility of each licensee to ensure that all of its employees, contractors and subcontractors, and their employees comply with applicable requirements, all contractors, subcontractors, and individual employees also are individually responsible for complying with applicable requirements and all are subject to civil and criminal sanctions for failures to comply. The NRC considers that violations of the requirements applicable to the handling of Safeguards Information are a serious breach of adequate protection of the public health and safety and the common defense and security of the United States.
RIS 2003-08 Page 1 of 4
Enclosure 3


==SUMMARY==
RIS 2003-08 Page 4 of 4 As a result, the staff intends to use the NRC Enforcement Policy, including the discretion to increase penalties for violations, to determine appropriate sanctions against licensees and individuals who violate these requirements. In addition, the Commission may use its discretion, based on the severity of the violation, to further increase the penalty for any violation up to the statutory maximum. Willful violations of these requirements will also be referred to the Department of Justice for a determination of whether criminal penalties will be pursued.
OF SAFEGUARDS INFORMATION REQUIREMENTSI. AUTHORITYThe Atomic Energy Act of 1954, as amended, 42 U.S.C. §§ 2011 et seq. (Act), grants theNuclear Regulatory Commission broad and unique authority to prohibit the unauthorizeddisclosure of Safeguards Information upon a determination that the unauthorized disclosure of such information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of materials or facilities subject to NRC jurisdiction.
Enclosure 3}}
Section 147 of the Act, 42 U.S.C. § 2167. For licensees and any other person, whether or not a licensee (primarily 10 C.F.R. Part 50reactor licensees, 10 C.F.R. Part 70 licensees for special nuclear material, and their employeesand contractors) subject to the requirements in 10 C.F.R. Part 73, Safeguards Information is defined by NRC regulation as follows:Safeguards Information means information not otherwise classified as NationalSecurity Information or Restricted Data which specifically identifies a licensee's or applicant's detailed, (1) security measures for the physical protection of special nuclear material, or (2) security measures for the physical protection and location of certain plant equipment vital to the safety of production or utilization facilities. 10 C.F.R. § 73.2.Specific requirements for the protection of Safeguards Information are contained in10 C.F.R. § 73.21. Access to Safeguards Information is limited as follows: (c) Access to Safeguards Information.  (1) Except as the Commission mayotherwise authorize, no person may have access to Safeguards Information unless the person has an established "need to know" for the information and is: (i) An employee, agent, or contractor of an applicant, a licensee, theCommission, or the United States Government. However, an individual to be authorized access to Safeguards Information by a nuclear power reactor applicant or licensee must undergo a Federal Bureau of Investigation criminal history check to the extent required by 10 CFR 73.57; (ii) A member of a duly authorized committee of the Congress; (iii) The Governor of a State or designated representatives; (iv) A representative of the International Atomic Energy Agency (IAEA) engagedin activities associated with the U.S./IAEA Safeguards Agreement who has beencertified by the NRC; RIS 2003-08 Page 2 of 4 (v) A member of a state or local law enforcement authority that is responsible forresponding to requests for assistance during safeguards emergencies; or(vi) An individual to whom disclosure is ordered pursuant to § 2.744(e) of thischapter [10 CFR 2.744(e)]. (2) Except as the Commission may otherwise authorize, no person may discloseSafeguards Information to any other person except as set forth in paragraph (c)(1) of this section. 10 C.F.R. § 73.21(c).The "need to know" requirement is specified by NRC regulation as follows:Need to know means a determination by a person having responsibility forprotecting Safeguards Information that a proposed recipient's access toSafeguards Information is necessary in the performance of official, contractual, or licensee duties of employment.10 C.F.R. § 73.2.Thus, unless otherwise authorized by the Commission, NRC regulations limit access toSafeguards Information to certain specified individuals who have been determined to have a "need to know," i.e., specified individuals whose access has been determined to be necessary in the performance of official, contractual or licensee duties of employment. Furthermore, except as otherwise authorized by the Commission, no person may discloseSafeguards Information to any other person unless that other person is one of the specified persons listed in 10 C.F.R. § 73.21(c)(1) and that person also has a "need to know."
10 C.F.R. § 73.21(c)(2). These regulations and prohibitions on unauthorized disclosure of Safeguards Information are applicable to all licensees and all individuals:This part [10 C.F.R. Part 73] prescribes requirements for the protection of Safeguards Information in the hands of any person, whether or not a licensee of the Commission, who produces, receives, or acquires Safeguards Information.10 C.F.R. § 73.1(b)(7).The Commission's statutory authority to protect and prohibit the unauthorized disclosure ofSafeguards Information is even broader than is reflected in these regulations. Section 147 of the Act grants the Commission explicit authority to "issue such orders, as necessary to prohibit the unauthorized disclosure of safeguards information . . . ."  This authority extends to information concerning special nuclear material, source material, and byproduct material, as well as production and utilization facilities.
RIS 2003-08 Page 3 of 4The Act explicitly provides: "Any person, whether or not a licensee of the Commission, who violates any regulations adopted under this section shall be subject to the civil monetary penalties of Section 234 of this Act."  Section 147a of the Act. Section 234a of the Actprovides for a civil monetary penalty not to exceed $120,000 for each violation. S ee10 C.F.R. § 2.205(j) (2003). Furthermore, a willful violation of any regulation or order governingSafeguards Information is a felony subject to criminal penalties in the form of fines or imprisonment, or both.
See Sections 147b and 223a of the Act. The NRC Enforcement Policy outlines potential NRC actions against both licensees andindividuals for violations of the regulations and Orders using criteria that evaluate both the details and severity of the violation. II. DISCUSSIONAll licensees and all other persons who now have, or in the future may have, access to Safeguards Information must comply with all applicable requirements delineated in regulations and Orders governing the handling and unauthorized disclosure of Safeguards Information. As stipulated in 10 C.F.R. § 73.21(a), licensees and persons who produce, receive or acquire Safeguards Information are required to ensure that Safeguards Information is protected against unauthorized disclosure. To meet this requirement, licensees and persons subject to 10 C.F.R. § 73.21(a) shall establish and maintain an information protection system governing the proper handling and unauthorized disclosure of Safeguards Information. All licensees should be aware that since the requirements of 10 C.F.R. § 73.21(a) apply to all persons who receive Safeguards Information, they apply to all contractors whose employees may haveaccess to Safeguards Information and they must either adhere to the licensee's policies andprocedures on Safeguards Information or develop, maintain and implement their own information protection system, but the licensees remain responsible for the conduct of their contractors. The elements of the required information protection system are specified in 10 C.F.R. § 73.21(b) through (i). The information protection system must address, at a minimum, the following: the general performance requirement that each person who produces, receives, or acquires Safeguards Information shall ensure that Safeguards Information is protected against unauthorized disclosure; protection of Safeguards Information at fixed sites, in use and in storage, and while in transit; inspections, audits and evaluations; correspondence containing Safeguards Information; access to Safeguards Information; preparation, marking, reproduction and destruction of documents; external transmission of documents; use of automatic data processing systems; and removal of the Safeguards Information category.As noted above, in addition to the responsibility of each licensee to ensure that all of itsemployees, contractors and subcontractors, and their employees comply with applicable requirements, all contractors, subcontractors, and individual employees also are individually responsible for complying with applicable requirements and all are subject to civil and criminal sanctions for failures to comply. The NRC considers that violations of the requirements applicable to the handling of Safeguards Information are a serious breach of adequate protection of the public health and safety and the common defense and security of the United States.
RIS 2003-08 Page 4 of 4As a result, the staff intends to use the NRC Enforcement Policy, including the discretion to increase penalties for violations, to determine appropriate sanctions against licensees and individuals who violate these requirements. In addition, the Commission may use its discretion,based on the severity of the violation, to further increase the penalty for any violation up to thestatutory maximum. Willful violations of these requirements will also be referred to the Department of Justice for a determination of whether criminal penalties will be pursued.}}

Revision as of 17:08, 12 November 2019

Update of Nuclear Regulatory Commission Distribution List for Documents Containing Safeguards (Sgi), Official Use Only (Ouo), & Routine Information (Watts Bar Nuclear Plant)
ML11203B269
Person / Time
Site: Watts Bar Tennessee Valley Authority icon.png
Issue date: 07/20/2011
From: Ernstes M
NRC/RGN-II/DRS/PSB2
To: Krich R
Tennessee Valley Authority
References
Download: ML11203B269 (16)
v  d  e


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION REGION II 245 PEACHTREE CENTER AVENUE NE, SUITE 1200 ATLANTA, GEORGIA 30303-1257 July 20, 2011 Mr. R. M. Krich Vice President, Nuclear Licensing Tennessee Valley Authority 1101 Market Street, LP 3R-C Chattanooga, TN 37402-2801

SUBJECT:

UPDATE OF NUCLEAR REGULATORY COMMISSION (NRC) DISTRIBUTION LIST FOR DOCUMENTS CONTAINING SAFEGUARDS (SGI), OFFICIAL USE ONLY (OUO), AND ROUTINE INFORMATION (WATTS BAR NUCLEAR PLANT)

Dear Mr. Krich:

I am writing to request current information on those individuals authorized to receive documents containing Safeguards (SGI), Official Use Only (OUO), and Routine information on issues relating to your facility. Safeguards information is a special category of sensitive unclassified information authorized by Section 147 of the Atomic Energy Act of 1954, as amended (the Act),

to be protected. While SGI is considered sensitive unclassified information, it is handled and protected more like classified confidential information than like other sensitive unclassified information (e.g., privacy and proprietary information).

Access to SGI is controlled by a valid need-to-know basis. It is the responsibility of the NRC to maintain the integrity of SGI distribution, therefore we are currently in the process of verifying the identity, and contact information of individuals designated to receive documents with SGI, OUO, and Routine information for your facility.

You are requested to provide an updated distribution list of those persons who should receive documents containing SGI, OUO, and Routine information within 20 days of the date of this letter to: ATTN: Document Control Desk, Washington, D.C. 20555-0001; with a copy to the Regional Administrator Region II, so that we can verify and/or update our distribution information.

Please ensure that each list clearly specifies the individuals who are authorized to receive matter specific correspondence. To facilitate this request, I have enclosed a copy of the NRCs official distribution list on file, which has been organized by category. Additionally, you will find NRC Regulatory Issue Summary 2005-26 defining control of sensitive unclassified non-safeguards information related to nuclear power reactors, and NRC Regulatory Issue Summary 2003-08, Summary of Safeguards Information Requirements.

TVA 2 In accordance with 10 CFR 2.390 of the NRCs Rules of Practice, a copy of this letter and its enclosures will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records (PARS) component of NRCs document system (ADAMS). ADAMS is accessible from the NRC Web site at http://ww.nrc.gov/reading-rm/adams.html (the Public Electronic Room).

Should you have any questions concerning this letter, please contact us.

Sincerely,

/RA/

Michael E. Ernstes, Chief Plant Support Branch 2 Division of Reactor Safety Docket No.: 50-390 License No.: NPF-90

Enclosures:

1. Current Official Distribution List
2. NRC Regulatory Issue Summary 2005-26
3. NRC Regulatory Issue Summary 2003-08

_________________________ G SUNSI REVIEW COMPLETE G FORM 665 ATTACHED OFFICE RII: DRS RII: DRS RII: DRP SIGNATURE RA RA RA NAME J. CALLOWAY M. ERNSTES EGUTHRIE DATE 07/15/2011 07/20/2011 07/19/2011 E-MAIL COPY? YES NO YES NO YES NO YES NO YES NO YES NO YES NO

OFFICIAL DISTRIBUTION LIST WATTS BAR NUCLEAR PLANT ROUTINE DISTRIBUTION:

cc w/encl D. E. Grissette Tennessee Department of Environment &

Site Vice President Conservation Watts Bar Nuclear Plant Division of Radiological Health Tennessee Valley Authority 401 Church Street Electronic Mail Distribution Nashville, TN 37243 G. A. Boerschig Senior Resident Inspector Plant Manager U.S. Nuclear Regulatory Commission Watts Bar Nuclear Plant, MOB 2R-WBN Watts Bar Nuclear Plant Tennessee Valley Authority U.S. Nuclear Regulatory Commission Electronic Mail Distribution 1260 Nuclear Plant Road Spring City, TN 37381-2000 C. J. Riedl Acting Manager, Licensing Ann Harris Watts Bar Nuclear Plant, ADM 1L-WBN 341 Swing Loop Tennessee Valley Authority Rockwood, TN 37854 P.O. Box 2000 Spring City, TN 37381 J. W. Shea Manager, Corp. Nuclear Licensing - WBN Tennessee Valley Authority Electronic Mail Distribution E. J. Vigluicci Assistant General Counsel Tennessee Valley Authority Electronic Mail Distribution W. D. Crouch Licensing Manager, Unit 2 Watts Bar Nuclear Plant, EQB 1B-WBN Tennessee Valley Authority P.O. Box 2000 Spring City, TN 37381 County Mayor P.O. Box 156 Decatur, TN 37322 County Executive 375 Church Street Suite 215 Dayton, TN 37321 Enclosure 1

OFFICIAL DISTRIBUTION LIST WATTS BAR NUCLEAR PLANT OFFICIAL USE ONLY (OUO) DISTRIBUTION cc w/encl D. E. Grissette Site Vice President Watts Bar Nuclear Plant Tennessee Valley Authority P. O. Box 2000 Spring City, TN 37381 C. J. Riedl Acting Manager, Licensing Watts Bar Nuclear Plant, ADM 1L-WBN Tennessee Valley Authority P.O. Box 2000 Spring City, TN 37381 Mark Findlay General Manager, Security Operations Tennessee Valley Authority 1101 Market Street, EB 10B-C Chattanooga, TN 37402-2801 A. S. Bhatnagar Senior Vice President Nuclear Generation Development and Construction Tennessee Valley Authority 1101 Market Street, LP 6A Chattanooga, TN 37402-2801 J. B. Wilcox Manager, Site Security (WBN)

Watts Bar Nuclear Plant Tennessee Valley Authority P.O. Box 2000 Spring City, TN 37381-2000 Enclosure 1

OFFICIAL DISTRIBUTION LIST WATTS BAR NUCLEAR PLANT SAFEGUARDS (SGI) DISTRIBUTION:

cc w/encl D. E. Grissette Site Vice President Watts Bar Nuclear Plant Tennessee Valley Authority P. O. Box 2000 Spring City, TN 37381 C. J. Riedl Acting Manager, Licensing Watts Bar Nuclear Plant, ADM 1L-WBN Tennessee Valley Authority P.O. Box 2000 Spring City, TN 37381 Mark Findlay General Manager, Security Operations Tennessee Valley Authority 1101 Market Street, EB 10B-C Chattanooga, TN 37402-2801 A. S. Bhatnagar Senior Vice President Nuclear Generation Development and Construction Tennessee Valley Authority 1101 Market Street, LP 6A Chattanooga, TN 37402-2801 J. B. Wilcox Manager, Site Security (WBN)

Watts Bar Nuclear Plant Tennessee Valley Authority P.O. Box 2000 Spring City, TN 37381-2000 Enclosure 1

UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION WASHINGTON, D.C. 20555-0001 November 7, 2005 NRC REGULATORY ISSUE

SUMMARY

2005-26 CONTROL OF SENSITIVE UNCLASSIFIED NONSAFEGUARDS INFORMATION RELATED TO NUCLEAR POWER REACTORS ADDRESSEES All holders of operating licenses for nuclear power reactors and holders of and applicants for certificates for reactor designs.

INTENT The U.S. Nuclear Regulatory Commission (NRC) is issuing this regulatory issue summary (RIS) to inform the addressees of the appropriate handling of information that warrants controls because of continuing concerns about terrorist attacks against the critical infrastructure of the United States. The NRC intends to balance its responsibility to preserve public access to information and support meaningful participation in NRCs regulatory processes against its responsibility to withhold information that might unnecessarily compromise the security of nuclear facilities. Licensees for operating nuclear power plants and reactor facility designers may need to assess their document control procedures to ensure they protect sensitive information. Although no specific action or written response is required, the NRC encourages the addressees for this RIS, vendors and contractors, and others who may possess sensitive information to destroy, mark, or otherwise control the information to avoid inadvertently providing assistance to those who might use the information for malevolent acts.

BACKGROUND INFORMATION NRC traditionally has given the public access to a significant amount of information about the facilities and materials the agency regulates. Openness has been and remains a cornerstone of NRCs regulatory philosophy. The Atomic Energy Act, subsequent legislation, and various NRC regulations have given the public the right to participate in the licensing and oversight process for nuclear power reactors and other NRC licensees. To participate in a meaningful way, the public must have access to information about the design and operation of regulated facilities and use of nuclear materials. However, NRC and other Government agencies have always withheld some information from public disclosure for reasons of security, personal privacy, or commercial or trade secret protection. In light of increased terrorist activity worldwide, NRC reexamined its document disclosure policies.

ML051430228 Enclosure 2

RIS 2005-26 Page 2 of 5 Since the events of September 11, 2001, NRC has issued advisories and taken specific actions regarding the security of its licensed facilities. NRC has also assessed and revised its policies and practices for control of information so that information that could reasonably be expected to be useful to terrorists in planning or executing an attack against nuclear power plants or other NRC-licensed facilities will be withheld from public disclosure. The most recent and detailed guidance on the control of information related to operating nuclear power plants is provided in the Commission paper SECY-04-0191, Withholding Sensitive Unclassified Information Concerning Nuclear Power Reactors From Public Disclosure, dated October 19, 2004, and the associated staff requirements memorandum dated November 9, 2004. Also see SECY-05-0091, Task Force Report on Public Disclosure of Security-Related Information, dated May 18, 2005, and the associated staff requirements memorandum dated June 30, 2005.

The NRC staff is preparing similar guidance for materials licensees and expects to make it available to the public in early 2006.

SUMMARY

OF ISSUE Considering the various reviews, legislation, and other changes since September 11, 2001, the NRC staff believes that clarifying NRCs current procedures and policies regarding the control of information will be beneficial to stakeholders. NRC will continue to make available to the public most of the information that the agency receives from or sends to its licensees. In addition, the public will have access to a large amount of information included in various reports produced by the NRC staff. Much of NRCs information also will be readily available to the public via the NRC Web site (www.nrc.gov) and the NRCs electronic document management system (ADAMS) (www.nrc.gov/reading-rm/adams.html). In addition, other information may be released to the public in response to formal or informal requests. The exceptions for certain information to be withheld from public disclosure for reasons other than security (e.g., privacy, proprietary, and pre-decisional information) have not changed as a result of recent events. The appropriate handling of Safeguards Information (SGI) is discussed in RIS-2003-08, Protection of Safeguards Information From Unauthorized Disclosure, dated April 30, 2003, and more specific SGI designation guidance documents.

NRC withheld from public disclosure some information related to protecting operating nuclear power plants although it does not meet the existing criteria for designation as SGI. This type of information was recognized before September 11, 2001, and, when submitted to NRC by a licensee, was withheld from public disclosure according to the provisions of 10 CFR 2.390(d)(1). This regulation states:

(d) The following information is considered commercial or financial information within the meaning of §9.17(a)(4) of this chapter and is subject to disclosure only in accordance with the provisions of §9.19 of this chapter.

(1) Correspondence and reports to or from the NRC which contain information or records concerning a licensees or applicants physical protection, classified matter protection, or material control and accounting program for special nuclear material not otherwise designated as Safeguards Information or classified as National Security Information or Restricted Data.

Enclosure 2

RIS 2005-26 Page 3 of 5 NRC expects that licensees will continue to request NRC withhold some information citing 10 CFR 2.390(d)(1) and that the volume of material requested to be withheld from public disclosure under this provision will increase as the NRC staff and licensees implement the guidance in this RIS. NRC changed its procedures shortly after September 11, 2001, to withhold from public disclosure various categories of documents likely to include individual records that warrant withholding under 10 CFR 2.390. The NRC staff will assess the need to withhold such document categories if licensees routinely identify specific documents containing sensitive information. The NRC staff will interact with licensees on a case-by-case basis regarding the use of the provisions of 10 CFR 2.390(d)(1) to assure that information is properly controlled, under either Section 2.390(d)(1) or one of the other Freedom of Information Act (FOIA) exemptions that might be applicable. Licensees that identify information to be withheld from public disclosure in accordance with 10 CFR 2.390(d)(1) or other provision in the regulation should use the same general practices as used for proprietary commercial or financial information. As shown on the attached diagram, the cover letter should clearly state that the document includes sensitive information and the affected pages should include the marking Security-Related Information Withhold Under 10 CFR 2.390. Unlike the requirements for withholding proprietary information, licensees are not required to provide an affidavit for sensitive information withheld under 10 CFR 2.390(d) and related to (1) physical protection or (2) material control and accounting.

Most information received and generated by NRC deals with design, operations, or other matters not directly related to the physical security of nuclear facilities or radioactive materials.

This information, if not protected as proprietary or under another exception, is generally made available to the public. After September 11, 2001, NRC and other Government agencies responded to concerns that some information easily available on public Web sites or by other means might be useful to terrorists. SECY-04-0191 provides the primary NRC guidance on whether information related to operating nuclear power plants should be withheld from public disclosure in light of the post-September 11 concerns. The NRC staff has posted the guidance and related material within the public reading room (http://www.nrc.gov/reading-rm.html) on the NRC Web site, and stakeholders can ask questions or make suggestions about the guidance and the examples.

As discussed in SECY-04-0191, other Government agencies have issued regulations or guidance for protecting information that could be reasonably expected to be useful to terrorists in planning or executing an attack on critical infrastructure.

  • Protected critical infrastructure information (PCII) is information related to the security of critical infrastructure that is voluntarily provided to the Department of Homeland Security (DHS).
  • Critical energy infrastructure information (CEII) is defined in Federal Energy Regulatory Commission (FERC) regulations as information related to energy-related infrastructure (e.g., hydroelectric dams and electric transmission systems).
  • Sensitive security information (SSI) is defined in Transportation Safety Administration (TSA) and Department of Transportation (DOT) regulations as information about the security of transportation assets, including pipelines.

Enclosure 2

RIS 2005-26 Page 4 of 5 Licensees may need to assess and revise their procedures for handling sensitive unclassified nonsafeguards information in their normal activities and interactions with parties other than NRC. During discussions of existing practices with various licensees, the NRC staff discovered that licensees vary in how they treat and protect information that was previously unprotected but now is considered sensitive. Some licensees have instituted more restrictive controls. Some have determined that their routine business practices provide an appropriate level of protection for the sensitive information.

As described in 10 CFR 2.390, information deemed sensitive because it relates to physical protection or material control and accounting is protected in much the same way as commercial or financial information. As with proprietary information, licensees are expected to have sufficient internal controls to keep the information confidential. Possible methods to prevent the inadvertent release of sensitive unclassified nonsafeguards information include marking documents as described in 10 CFR 2.390, restricting access to electronic recordkeeping systems, and controlling the reproduction, distribution, and destruction of potentially sensitive records. NRC uses the marking Security-Related Information Withhold Under 10 CFR 2.390 and encourages the use of this marking by licensees and others possessing information deemed sensitive using the guidance in SECY-04-0191. Licensees should ensure that similar controls are in place when sensitive information is provided to outside parties such as contractors or other Government agencies. The NRC staff posted information on NRCs Web site (http://www.nrc.gov/reading-rm.html) and included a feedback form for questions or suggestions on how to effectively control sensitive information.

BACKFIT DISCUSSION This RIS requires no action or written response. Any action on the part of addressees to assess and revise their document control procedures in accordance with the guidance contained in this RIS is strictly voluntary and, therefore, is not a backfit under 10 CFR 50.109.

Consequently, the NRC staff did not perform a backfit analysis.

FEDERAL REGISTER NOTIFICATION A notice of opportunity for public comment on this RIS was not published in the Federal Register because it is informational and pertains to a staff position that does not represent a departure from current regulatory requirements and practice. NRC intends to work with the Nuclear Energy Institute, industry representatives, members of the public, and other stakeholders in modifying related guidance documents.

SMALL BUSINESS REGULATORY ENFORCEMENT FAIRNESS ACT OF 1996 The NRC has determined that this action is not a rule and thus is not subject to the Small Business Regulatory Enforcement Fairness Act of 1996.

Enclosure 2

RIS 2005-26 Page 5 of 5 PAPERWORK REDUCTION ACT STATEMENT This RIS does not contain information collections and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.).

CONTACT Please direct any questions about this matter to the technical contacts listed below or to the appropriate Office of Nuclear Reactor Regulation (NRR) project manager.

/RA/ By Patrick L. Hiland For/

Michael J. Case, Director Division of Inspection and Regional Support Office of Nuclear Reactor Regulation Technical Contacts: William Reckley, NRR Margie Kotzalas, NRR 301-415-1323 301-415-2737 E-mail: wdr@nrc.gov E-mail: mxk5@nrc.gov

Attachment:

Marking diagram for documents withheld under 10 CFR 2.390 Note: NRC generic communications may be found on the NRC public Web site, http://www.nrc.gov, under Electronic Reading Room/Document Collections.

Enclosure 2

Attachment RIS-2005-26 Page 1 of 1 SUGGESTED MARKINGS Withhold From Public Disclosure In Accordance With 10 CFR 2.390 Overall page marking on the top of all pages Security-Related Information Withhold Under 10 CFR 2.390 Ensure Subject Line is non-sensitive Subject XXXXXXXXXX XXXXXXXXXX XXXXXXXXXX XXXXXXXXXX Appropriate Controls Access: Need-to-know in order to perform official licensee functions.

Storage: Openly within licensee facilities with electronic or other access controls, for example, key cards, guards, alarms.

Mail: U.S. Postal Service first class mail, single opaque envelope with no markings to indicate 10 CFR 2.390 contents.

Electronic Transmission: Over encrypted phone, facsimile, computer, if available; otherwise over non-encrypted circuits where recipient will be present to receive the transmission.

Enclosure 2

RIS 2003-08 Page 1 of 4

SUMMARY

OF SAFEGUARDS INFORMATION REQUIREMENTS I. AUTHORITY The Atomic Energy Act of 1954, as amended, 42 U.S.C. §§ 2011 et seq. (Act), grants the Nuclear Regulatory Commission broad and unique authority to prohibit the unauthorized disclosure of Safeguards Information upon a determination that the unauthorized disclosure of such information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of materials or facilities subject to NRC jurisdiction.

Section 147 of the Act, 42 U.S.C. § 2167.

For licensees and any other person, whether or not a licensee (primarily 10 C.F.R. Part 50 reactor licensees, 10 C.F.R. Part 70 licensees for special nuclear material, and their employees and contractors) subject to the requirements in 10 C.F.R. Part 73, Safeguards Information is defined by NRC regulation as follows:

Safeguards Information means information not otherwise classified as National Security Information or Restricted Data which specifically identifies a licensee's or applicant's detailed, (1) security measures for the physical protection of special nuclear material, or (2) security measures for the physical protection and location of certain plant equipment vital to the safety of production or utilization facilities.

10 C.F.R. § 73.2.

Specific requirements for the protection of Safeguards Information are contained in 10 C.F.R. § 73.21. Access to Safeguards Information is limited as follows:

(c) Access to Safeguards Information. (1) Except as the Commission may otherwise authorize, no person may have access to Safeguards Information unless the person has an established "need to know" for the information and is:

(i) An employee, agent, or contractor of an applicant, a licensee, the Commission, or the United States Government. However, an individual to be authorized access to Safeguards Information by a nuclear power reactor applicant or licensee must undergo a Federal Bureau of Investigation criminal history check to the extent required by 10 CFR 73.57; (ii) A member of a duly authorized committee of the Congress; (iii) The Governor of a State or designated representatives; (iv) A representative of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement who has been certified by the NRC; Enclosure 3

RIS 2003-08 Page 2 of 4 (v) A member of a state or local law enforcement authority that is responsible for responding to requests for assistance during safeguards emergencies; or (vi) An individual to whom disclosure is ordered pursuant to § 2.744(e) of this chapter [10 CFR 2.744(e)].

(2) Except as the Commission may otherwise authorize, no person may disclose Safeguards Information to any other person except as set forth in paragraph (c)(1) of this section.

10 C.F.R. § 73.21(c).

The need to know requirement is specified by NRC regulation as follows:

Need to know means a determination by a person having responsibility for protecting Safeguards Information that a proposed recipient's access to Safeguards Information is necessary in the performance of official, contractual, or licensee duties of employment.

10 C.F.R. § 73.2.

Thus, unless otherwise authorized by the Commission, NRC regulations limit access to Safeguards Information to certain specified individuals who have been determined to have a need to know, i.e., specified individuals whose access has been determined to be necessary in the performance of official, contractual or licensee duties of employment.

Furthermore, except as otherwise authorized by the Commission, no person may disclose Safeguards Information to any other person unless that other person is one of the specified persons listed in 10 C.F.R. § 73.21(c)(1) and that person also has a need to know.

10 C.F.R. § 73.21(c)(2). These regulations and prohibitions on unauthorized disclosure of Safeguards Information are applicable to all licensees and all individuals:

This part [10 C.F.R. Part 73] prescribes requirements for the protection of Safeguards Information in the hands of any person, whether or not a licensee of the Commission, who produces, receives, or acquires Safeguards Information.

10 C.F.R. § 73.1(b)(7).

The Commissions statutory authority to protect and prohibit the unauthorized disclosure of Safeguards Information is even broader than is reflected in these regulations. Section 147 of the Act grants the Commission explicit authority to issue such orders, as necessary to prohibit the unauthorized disclosure of safeguards information . . . . This authority extends to information concerning special nuclear material, source material, and byproduct material, as well as production and utilization facilities.

Enclosure 3

RIS 2003-08 Page 3 of 4 The Act explicitly provides: Any person, whether or not a licensee of the Commission, who violates any regulations adopted under this section shall be subject to the civil monetary penalties of Section 234 of this Act. Section 147a of the Act. Section 234a of the Act provides for a civil monetary penalty not to exceed $120,000 for each violation. See 10 C.F.R. § 2.205(j) (2003). Furthermore, a willful violation of any regulation or order governing Safeguards Information is a felony subject to criminal penalties in the form of fines or imprisonment, or both. See Sections 147b and 223a of the Act.

The NRC Enforcement Policy outlines potential NRC actions against both licensees and individuals for violations of the regulations and Orders using criteria that evaluate both the details and severity of the violation.

II. DISCUSSION All licensees and all other persons who now have, or in the future may have, access to Safeguards Information must comply with all applicable requirements delineated in regulations and Orders governing the handling and unauthorized disclosure of Safeguards Information. As stipulated in 10 C.F.R. § 73.21(a), licensees and persons who produce, receive or acquire Safeguards Information are required to ensure that Safeguards Information is protected against unauthorized disclosure. To meet this requirement, licensees and persons subject to 10 C.F.R. § 73.21(a) shall establish and maintain an information protection system governing the proper handling and unauthorized disclosure of Safeguards Information. All licensees should be aware that since the requirements of 10 C.F.R. § 73.21(a) apply to all persons who receive Safeguards Information, they apply to all contractors whose employees may have access to Safeguards Information and they must either adhere to the licensees policies and procedures on Safeguards Information or develop, maintain and implement their own information protection system, but the licensees remain responsible for the conduct of their contractors. The elements of the required information protection system are specified in 10 C.F.R. § 73.21(b) through (i). The information protection system must address, at a minimum, the following: the general performance requirement that each person who produces, receives, or acquires Safeguards Information shall ensure that Safeguards Information is protected against unauthorized disclosure; protection of Safeguards Information at fixed sites, in use and in storage, and while in transit; inspections, audits and evaluations; correspondence containing Safeguards Information; access to Safeguards Information; preparation, marking, reproduction and destruction of documents; external transmission of documents; use of automatic data processing systems; and removal of the Safeguards Information category.

As noted above, in addition to the responsibility of each licensee to ensure that all of its employees, contractors and subcontractors, and their employees comply with applicable requirements, all contractors, subcontractors, and individual employees also are individually responsible for complying with applicable requirements and all are subject to civil and criminal sanctions for failures to comply. The NRC considers that violations of the requirements applicable to the handling of Safeguards Information are a serious breach of adequate protection of the public health and safety and the common defense and security of the United States.

Enclosure 3

RIS 2003-08 Page 4 of 4 As a result, the staff intends to use the NRC Enforcement Policy, including the discretion to increase penalties for violations, to determine appropriate sanctions against licensees and individuals who violate these requirements. In addition, the Commission may use its discretion, based on the severity of the violation, to further increase the penalty for any violation up to the statutory maximum. Willful violations of these requirements will also be referred to the Department of Justice for a determination of whether criminal penalties will be pursued.

Enclosure 3

Retrieved from "https://kanterella.com/w/index.php?title=ML11203B269&oldid=2115026"