Update of Nuclear Regulatory Commission (NRC) Distribution List for Documents Containing Safeguards (Sgi), Official Use Only (Ouo), and Routine Information - (Sequoyah Nuclear Plant)

ML11206B145
Person / Time
Site:	Sequoyah
Issue date:	07/20/2011
From:	Ernstes M NRC/RGN-II/DRS/PSB2
To:	Krich R Tennessee Valley Authority
References
RIS-2003-08, RIS-2005-26
Download: ML11206B145 (16)
v • d • e

See also: RIS 2003-08

Text

UNITED STATES

NUCLEAR REGULATORY COMMISSION

REGION II

245 PEACHTREE CENTER AVENUE NE, SUITE 1200

ATLANTA, GEORGIA 30303-1257

July 20, 2011

Mr. R. M. Krich

Vice President, Nuclear Licensing

Tennessee Valley Authority

1101 Market Street, LP 3R-C

Chattanooga, TN 37402-2801

SUBJECT:

UPDATE OF NUCLEAR REGULATORY COMMISSION (NRC) DISTRIBUTION

LIST FOR DOCUMENTS CONTAINING SAFEGUARDS (SGI), OFFICIAL USE

ONLY (OUO), AND ROUTINE INFORMATION (SEQUOYAH NUCLEAR PLANT)

Dear Mr. Krich:

I am writing to request current information on those individuals authorized to receive documents

containing Safeguards (SGI), Official Use Only (OUO), and Routine information on issues

relating to your facility. Safeguards information is a special category of sensitive unclassified

information authorized by Section 147 of the Atomic Energy Act of 1954, as amended (the Act),

to be protected. While SGI is considered sensitive unclassified information, it is handled and

protected more like classified confidential information than like other sensitive unclassified

information (e.g., privacy and proprietary information).

Access to SGI is controlled by a valid need-to-know basis. It is the responsibility of the NRC to

maintain the integrity of SGI distribution, therefore we are currently in the process of verifying

the identity, and contact information of individuals designated to receive documents with SGI,

OUO, and Routine information for your facility.

You are requested to provide an updated distribution list of those persons who should receive

documents containing SGI, OUO, and Routine information within 20 days of the date of this

letter to: ATTN: Document Control Desk, Washington, D.C. 20555-0001; with a copy to the

Regional Administrator Region II, so that we can verify and/or update our distribution

information.

Please ensure that each list clearly specifies the individuals who are authorized to receive

matter specific correspondence. To facilitate this request, I have enclosed a copy of the NRCs

official distribution list on file, which has been organized by category. Additionally, you will find

NRC Regulatory Issue Summary 2005-26 defining control of sensitive unclassified non-

safeguards information related to nuclear power reactors, and NRC Regulatory Issue Summary

2003-08, Summary of Safeguards Information Requirements.

TVA

2

In accordance with 10 CFR 2.390 of the NRCs Rules of Practice, a copy of this letter and its

enclosures will be available electronically for public inspection in the NRC Public Document

Room or from the Publicly Available Records (PARS) component of NRCs document system

(ADAMS). ADAMS is accessible from the NRC Web site at http://ww.nrc.gov/reading-

rm/adams.html (the Public Electronic Room).

Should you have any questions concerning this letter, please contact us.

Sincerely,

/RA/

Michael E. Ernstes, Chief

Plant Support Branch 2

Division of Reactor Safety

Docket No.: 50-327, 50-328

License No.: DPR-77, DPR-79

Enclosures:

1. Current Official Distribution List

2. NRC Regulatory Issue Summary 2005-26

3. NRC Regulatory Issue Summary 2003-08

TVA

2

In accordance with 10 CFR 2.390 of the NRCs Rules of Practice, a copy of this letter and its

enclosures will be available electronically for public inspection in the NRC Public Document

Room or from the Publicly Available Records (PARS) component of NRCs document system

(ADAMS). ADAMS is accessible from the NRC Web site at http://ww.nrc.gov/reading-

rm/adams.html (the Public Electronic Room).

Should you have any questions concerning this letter, please contact us.

Sincerely,

/RA/

Michael E. Ernstes, Chief

Plant Support Branch 2

Division of Reactor Safety

Docket No.: 50-327, 50-328

License No.: DPR-77, DPR-79

Enclosures:

1. Current Official Distribution List

2. NRC Regulatory Issue Summary 2005-26

3. NRC Regulatory Issue Summary 2003-08

X PUBLICLY AVAILABLE

G NON-PUBLICLY AVAILABLE

G SENSITIVE

X NON-SENSITIVE

ADAMS: X Yes

ACCESSION NUMBER: _________________________

X SUNSI REVIEW COMPLETE X FORM 665 ATTACHED

OFFICE

RII: DRS

RII: DRS

RII: DRP

SIGNATURE

RA

RA

RA

NAME

J. CALLOWAY

M. ERNSTES

EGUTHRIE

DATE

007/18/2011

07/20/2011

07/19/2011

E-MAIL COPY?

YES

NO YES

NO YES

NO

YES

NO YES

NO YES

NO YES

NO

OFFICIAL

RECORD

COPY DOCUMENT

NAME:

G:\\DRSII\\PSBII\\SGI

PROTECTION

LETTERS\\2011

SGI

DISTRIBUTION

UPDATE\\SEQUOYAH SGI PROTECTION LTR UPDATE 2011.DOCX

OFFICIAL DISTRIBUTION LIST

SEQUOYAH NUCLEAR PLANT

Enclosure 1

ROUTINE DISTRIBUTION:

cc w/encl

M. D. Skaggs

Site Vice President

Sequoyah Nuclear Plant

Tennessee Valley Authority

Electronic Mail Distribution

K. Langdon

Plant Manager

Sequoyah Nuclear Plant

Tennessee Valley Authority

Electronic Mail Distribution

G. M. Cook

Manager

Licensing

Sequoyah Nuclear Plant

Electronic Mail Distribution

Dan Green

Manager, Corp. Nuclear Licensing - SQN

Tennessee Valley Authority

Electronic Mail Distribution

E. J. Vigluicci

Assistant General Counsel

Tennessee Valley Authority

Electronic Mail Distribution

County Mayor

Hamilton County

Hamilton County Courthouse

208 Courthouse

625 Georgia Avenue

Chattanooga, TN 37402-2801

Tennessee Department of Environment &

Conservation

Division of Radiological Health

401 Church Street

Nashville, TN 37243

Senior Resident Inspector

U.S. Nuclear Regulatory Commission

Sequoyah Nuclear Plant

2600 Igou Ferry Road

Soddy Daisy, TN 37379-3624

Ann Harris

341 Swing Loop

Rockwood, TN 37854

OFFICIAL DISTRIBUTION LIST

SEQUOYAH NUCLEAR PLANT

Enclosure 1

OFFICIAL USE ONLY (OUO) DISTRIBUTION

cc w/encl

M. D. Skaggs

Site Vice President

Sequoyah Nuclear Plant

Tennessee Valley Authority

P.O. Box 2000

Soddy-Daisy, TN 37384-2000

G. M. Cook

Manager

Licensing

Sequoyah Nuclear Plant

Tennessee Valley Authority

P.O. Box 2000

Soddy Daisy, TN 37384-2000

Mark Findlay

General Manager, Security Operations

Tennessee Valley Authority

1101 Market Street, EB 10B-C

Chattanooga, TN 37402-2801

S. S. Young

Manager

Site Security Operations

Sequoyah Nuclear Plant

Tennessee Valley Authority

P.O. Box 2000

Soddy Daisy, TN 37384-2000

OFFICIAL DISTRIBUTION LIST

SEQUOYAH NUCLEAR PLANT

Enclosure 1

SAFEGUARDS (SGI) DISTRIBUTION:

cc w/encl

M. D. Skaggs

Site Vice President

Sequoyah Nuclear Plant

Tennessee Valley Authority

P.O. Box 2000

Soddy-Daisy, TN 37384-2000

G. M. Cook

Manager

Licensing

Sequoyah Nuclear Plant

Tennessee Valley Authority

P.O. Box 2000

Soddy Daisy, TN 37384-2000

Mark Findlay

General Manager, Security Operations

Tennessee Valley Authority

1101 Market Street, EB 10B-C

Chattanooga, TN 37402-2801

S. S. Young

Manager

Site Security Operations

Sequoyah Nuclear Plant

Tennessee Valley Authority

P.O. Box 2000

Soddy Daisy, TN 37384-2000

ML051430228

UNITED STATES

NUCLEAR REGULATORY COMMISSION

OFFICE OF NUCLEAR REACTOR REGULATION

WASHINGTON, D.C. 20555-0001

November 7, 2005

NRC REGULATORY ISSUE SUMMARY 2005-26

CONTROL OF SENSITIVE UNCLASSIFIED NONSAFEGUARDS

INFORMATION RELATED TO NUCLEAR POWER REACTORS

ADDRESSEES

All holders of operating licenses for nuclear power reactors and holders of and applicants for

certificates for reactor designs.

INTENT

The U.S. Nuclear Regulatory Commission (NRC) is issuing this regulatory issue summary (RIS)

to inform the addressees of the appropriate handling of information that warrants controls

because of continuing concerns about terrorist attacks against the critical infrastructure of the

United States. The NRC intends to balance its responsibility to preserve public access to

information and support meaningful participation in NRCs regulatory processes against its

responsibility to withhold information that might unnecessarily compromise the security of

nuclear facilities. Licensees for operating nuclear power plants and reactor facility designers

may need to assess their document control procedures to ensure they protect sensitive

information. Although no specific action or written response is required, the NRC encourages

the addressees for this RIS, vendors and contractors, and others who may possess sensitive

information to destroy, mark, or otherwise control the information to avoid inadvertently

providing assistance to those who might use the information for malevolent acts.

BACKGROUND INFORMATION

NRC traditionally has given the public access to a significant amount of information about the

facilities and materials the agency regulates. Openness has been and remains a cornerstone

of NRCs regulatory philosophy. The Atomic Energy Act, subsequent legislation, and various

NRC regulations have given the public the right to participate in the licensing and oversight

process for nuclear power reactors and other NRC licensees. To participate in a meaningful

way, the public must have access to information about the design and operation of regulated

facilities and use of nuclear materials. However, NRC and other Government agencies have

always withheld some information from public disclosure for reasons of security, personal

privacy, or commercial or trade secret protection. In light of increased terrorist activity

worldwide, NRC reexamined its document disclosure policies.

Enclosure 2

RIS 2005-26

Page 2 of 5

Since the events of September 11, 2001, NRC has issued advisories and taken specific actions

regarding the security of its licensed facilities. NRC has also assessed and revised its policies

and practices for control of information so that information that could reasonably be expected to

be useful to terrorists in planning or executing an attack against nuclear power plants or other

NRC-licensed facilities will be withheld from public disclosure. The most recent and detailed

guidance on the control of information related to operating nuclear power plants is provided in

the Commission paper SECY-04-0191, Withholding Sensitive Unclassified Information

Concerning Nuclear Power Reactors From Public Disclosure, dated October 19, 2004, and the

associated staff requirements memorandum dated November 9, 2004. Also see

SECY-05-0091, Task Force Report on Public Disclosure of Security-Related Information,

dated May 18, 2005, and the associated staff requirements memorandum dated June 30, 2005.

The NRC staff is preparing similar guidance for materials licensees and expects to make it

available to the public in early 2006.

SUMMARY OF ISSUE

Considering the various reviews, legislation, and other changes since September 11, 2001, the

NRC staff believes that clarifying NRCs current procedures and policies regarding the control

of information will be beneficial to stakeholders. NRC will continue to make available to the

public most of the information that the agency receives from or sends to its licensees. In

addition, the public will have access to a large amount of information included in various reports

produced by the NRC staff. Much of NRCs information also will be readily available to the

public via the NRC Web site (www.nrc.gov) and the NRCs electronic document management

system (ADAMS) (www.nrc.gov/reading-rm/adams.html). In addition, other information may be

released to the public in response to formal or informal requests. The exceptions for certain

information to be withheld from public disclosure for reasons other than security (e.g., privacy,

proprietary, and pre-decisional information) have not changed as a result of recent events. The

appropriate handling of Safeguards Information (SGI) is discussed in RIS-2003-08, Protection

of Safeguards Information From Unauthorized Disclosure, dated April 30, 2003, and more

specific SGI designation guidance documents.

NRC withheld from public disclosure some information related to protecting operating nuclear

power plants although it does not meet the existing criteria for designation as SGI. This type of

information was recognized before September 11, 2001, and, when submitted to NRC by a

licensee, was withheld from public disclosure according to the provisions of 10 CFR 2.390(d)(1). This regulation states:

(d) The following information is considered commercial or financial information within the

meaning of §9.17(a)(4) of this chapter and is subject to disclosure only in accordance

with the provisions of §9.19 of this chapter.

(1) Correspondence and reports to or from the NRC which contain information or

records concerning a licensees or applicants physical protection, classified matter

protection, or material control and accounting program for special nuclear material not

otherwise designated as Safeguards Information or classified as National Security

Information or Restricted Data.

Enclosure 2

RIS 2005-26

Page 3 of 5

NRC expects that licensees will continue to request NRC withhold some information citing

10 CFR 2.390(d)(1) and that the volume of material requested to be withheld from public

disclosure under this provision will increase as the NRC staff and licensees implement the

guidance in this RIS. NRC changed its procedures shortly after September 11, 2001, to

withhold from public disclosure various categories of documents likely to include individual

records that warrant withholding under 10 CFR 2.390. The NRC staff will assess the need to

withhold such document categories if licensees routinely identify specific documents containing

sensitive information. The NRC staff will interact with licensees on a case-by-case basis

regarding the use of the provisions of 10 CFR 2.390(d)(1) to assure that information is properly

controlled, under either Section 2.390(d)(1) or one of the other Freedom of Information Act

(FOIA) exemptions that might be applicable. Licensees that identify information to be withheld

from public disclosure in accordance with 10 CFR 2.390(d)(1) or other provision in the

regulation should use the same general practices as used for proprietary commercial or

financial information. As shown on the attached diagram, the cover letter should clearly state

that the document includes sensitive information and the affected pages should include the

marking Security-Related Information Withhold Under 10 CFR 2.390. Unlike the

requirements for withholding proprietary information, licensees are not required to provide an

affidavit for sensitive information withheld under 10 CFR 2.390(d) and related to (1) physical

protection or (2) material control and accounting.

Most information received and generated by NRC deals with design, operations, or other

matters not directly related to the physical security of nuclear facilities or radioactive materials.

This information, if not protected as proprietary or under another exception, is generally made

available to the public. After September 11, 2001, NRC and other Government agencies

responded to concerns that some information easily available on public Web sites or by other

means might be useful to terrorists. SECY-04-0191 provides the primary NRC guidance on

whether information related to operating nuclear power plants should be withheld from public

disclosure in light of the post-September 11 concerns. The NRC staff has posted the guidance

and related material within the public reading room (http://www.nrc.gov/reading-rm.html) on the

NRC Web site, and stakeholders can ask questions or make suggestions about the guidance

and the examples.

As discussed in SECY-04-0191, other Government agencies have issued regulations or

guidance for protecting information that could be reasonably expected to be useful to terrorists

in planning or executing an attack on critical infrastructure.

Protected critical infrastructure information (PCII) is information related to the security of

critical infrastructure that is voluntarily provided to the Department of Homeland Security

(DHS).

Critical energy infrastructure information (CEII) is defined in Federal Energy Regulatory

Commission (FERC) regulations as information related to energy-related infrastructure

(e.g., hydroelectric dams and electric transmission systems).

Sensitive security information (SSI) is defined in Transportation Safety Administration

(TSA) and Department of Transportation (DOT) regulations as information about the

security of transportation assets, including pipelines.

Enclosure 2

RIS 2005-26

Page 4 of 5

Licensees may need to assess and revise their procedures for handling sensitive unclassified

nonsafeguards information in their normal activities and interactions with parties other than

NRC. During discussions of existing practices with various licensees, the NRC staff discovered

that licensees vary in how they treat and protect information that was previously unprotected but

now is considered sensitive. Some licensees have instituted more restrictive controls. Some

have determined that their routine business practices provide an appropriate level of protection

for the sensitive information.

As described in 10 CFR 2.390, information deemed sensitive because it relates to physical

protection or material control and accounting is protected in much the same way as commercial

or financial information. As with proprietary information, licensees are expected to have

sufficient internal controls to keep the information confidential. Possible methods to prevent the

inadvertent release of sensitive unclassified nonsafeguards information include marking

documents as described in 10 CFR 2.390, restricting access to electronic recordkeeping

systems, and controlling the reproduction, distribution, and destruction of potentially sensitive

records. NRC uses the marking Security-Related Information Withhold Under

10 CFR 2.390 and encourages the use of this marking by licensees and others possessing

information deemed sensitive using the guidance in SECY-04-0191. Licensees should ensure

that similar controls are in place when sensitive information is provided to outside parties such

as contractors or other Government agencies. The NRC staff posted information on NRCs

Web site (http://www.nrc.gov/reading-rm.html) and included a feedback form for questions or

suggestions on how to effectively control sensitive information.

BACKFIT DISCUSSION

This RIS requires no action or written response. Any action on the part of addressees to

assess and revise their document control procedures in accordance with the guidance

contained in this RIS is strictly voluntary and, therefore, is not a backfit under 10 CFR 50.109.

Consequently, the NRC staff did not perform a backfit analysis.

FEDERAL REGISTER NOTIFICATION

A notice of opportunity for public comment on this RIS was not published in the Federal

Register because it is informational and pertains to a staff position that does not represent a

departure from current regulatory requirements and practice. NRC intends to work with the

Nuclear Energy Institute, industry representatives, members of the public, and other

stakeholders in modifying related guidance documents.

SMALL BUSINESS REGULATORY ENFORCEMENT FAIRNESS ACT OF 1996

The NRC has determined that this action is not a rule and thus is not subject to the Small

Business Regulatory Enforcement Fairness Act of 1996.

Enclosure 2

RIS 2005-26

Page 5 of 5

PAPERWORK REDUCTION ACT STATEMENT

This RIS does not contain information collections and, therefore, is not subject to the

requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.).

CONTACT

Please direct any questions about this matter to the technical contacts listed below or to the

appropriate Office of Nuclear Reactor Regulation (NRR) project manager.

/RA/ By Patrick L. Hiland For/

Michael J. Case, Director

Division of Inspection and Regional Support

Office of Nuclear Reactor Regulation

Technical Contacts:

William Reckley, NRR

Margie Kotzalas, NRR

301-415-1323

301-415-2737

E-mail: wdr@nrc.gov

E-mail: mxk5@nrc.gov

Attachment: Marking diagram for documents withheld under 10 CFR 2.390

Note: NRC generic communications may be found on the NRC public Web site,

http://www.nrc.gov, under Electronic Reading Room/Document Collections.

Enclosure 2

Security-Related Information

Withhold Under 10 CFR 2.390

Subject

XXXXXXXXXX

XXXXXXXXXX

XXXXXXXXXX

XXXXXXXXXX

Attachment

RIS-2005-26

Page 1 of 1

SUGGESTED MARKINGS

Withhold From Public Disclosure In Accordance With 10 CFR 2.390

Overall page marking on the top of all pages

Ensure Subject Line is non-sensitive

Appropriate Controls

Access:

Need-to-know in order to perform official licensee functions.

Storage:

Openly within licensee facilities with electronic or other access

controls, for example, key cards, guards, alarms.

Mail:

U.S. Postal Service first class mail, single opaque envelope with

no markings to indicate 10 CFR 2.390 contents.

Electronic Transmission:

Over encrypted phone, facsimile, computer, if available;

otherwise over non-encrypted circuits where recipient will

be present to receive the transmission.

Enclosure 2

RIS 2003-08

Page 1 of 4

SUMMARY OF SAFEGUARDS INFORMATION REQUIREMENTS

I. AUTHORITY

The Atomic Energy Act of 1954, as amended, 42 U.S.C. §§ 2011 et seq. (Act), grants the

Nuclear Regulatory Commission broad and unique authority to prohibit the unauthorized

disclosure of Safeguards Information upon a determination that the unauthorized disclosure of

such information could reasonably be expected to have a significant adverse effect on the

health and safety of the public or the common defense and security by significantly increasing

the likelihood of theft, diversion, or sabotage of materials or facilities subject to NRC jurisdiction.

Section 147 of the Act, 42 U.S.C. § 2167.

For licensees and any other person, whether or not a licensee (primarily 10 C.F.R. Part 50

reactor licensees, 10 C.F.R. Part 70 licensees for special nuclear material, and their employees

and contractors) subject to the requirements in 10 C.F.R. Part 73, Safeguards Information is

defined by NRC regulation as follows:

Safeguards Information means information not otherwise classified as National

Security Information or Restricted Data which specifically identifies a licensee's

or applicant's detailed, (1) security measures for the physical protection of

special nuclear material, or (2) security measures for the physical protection and

location of certain plant equipment vital to the safety of production or utilization

facilities.

10 C.F.R. § 73.2.

Specific requirements for the protection of Safeguards Information are contained in

10 C.F.R. § 73.21. Access to Safeguards Information is limited as follows:

(c) Access to Safeguards Information. (1) Except as the Commission may

otherwise authorize, no person may have access to Safeguards Information

unless the person has an established "need to know" for the information and is:

(i) An employee, agent, or contractor of an applicant, a licensee, the

Commission, or the United States Government. However, an individual to be

authorized access to Safeguards Information by a nuclear power reactor

applicant or licensee must undergo a Federal Bureau of Investigation criminal

history check to the extent required by 10 CFR 73.57;

(ii) A member of a duly authorized committee of the Congress;

(iii) The Governor of a State or designated representatives;

(iv) A representative of the International Atomic Energy Agency (IAEA) engaged

in activities associated with the U.S./IAEA Safeguards Agreement who has been

certified by the NRC;

Enclosure 3

RIS 2003-08

Page 2 of 4

(v) A member of a state or local law enforcement authority that is responsible for

responding to requests for assistance during safeguards emergencies; or

(vi) An individual to whom disclosure is ordered pursuant to § 2.744(e) of this

chapter [10 CFR 2.744(e)].

(2) Except as the Commission may otherwise authorize, no person may disclose

Safeguards Information to any other person except as set forth in paragraph

(c)(1) of this section.

10 C.F.R. § 73.21(c).

The need to know requirement is specified by NRC regulation as follows:

Need to know means a determination by a person having responsibility for

protecting Safeguards Information that a proposed recipient's access to

Safeguards Information is necessary in the performance of official, contractual,

or licensee duties of employment.

10 C.F.R. § 73.2.

Thus, unless otherwise authorized by the Commission, NRC regulations limit access to

Safeguards Information to certain specified individuals who have been determined to have a

need to know, i.e., specified individuals whose access has been determined to be necessary

in the performance of official, contractual or licensee duties of employment.

Furthermore, except as otherwise authorized by the Commission, no person may disclose

Safeguards Information to any other person unless that other person is one of the specified

persons listed in 10 C.F.R. § 73.21(c)(1) and that person also has a need to know.

10 C.F.R. § 73.21(c)(2). These regulations and prohibitions on unauthorized disclosure of

Safeguards Information are applicable to all licensees and all individuals:

This part [10 C.F.R. Part 73] prescribes requirements for the protection of

Safeguards Information in the hands of any person, whether or not a licensee of

the Commission, who produces, receives, or acquires Safeguards Information.

10 C.F.R. § 73.1(b)(7).

The Commissions statutory authority to protect and prohibit the unauthorized disclosure of

Safeguards Information is even broader than is reflected in these regulations. Section 147 of

the Act grants the Commission explicit authority to issue such orders, as necessary to prohibit

the unauthorized disclosure of safeguards information . . . . This authority extends to

information concerning special nuclear material, source material, and byproduct material, as

well as production and utilization facilities.

Enclosure 3

RIS 2003-08

Page 3 of 4

The Act explicitly provides: Any person, whether or not a licensee of the Commission, who

violates any regulations adopted under this section shall be subject to the civil monetary

penalties of Section 234 of this Act. Section 147a of the Act. Section 234a of the Act

provides for a civil monetary penalty not to exceed $120,000 for each violation. See

10 C.F.R. § 2.205(j) (2003). Furthermore, a willful violation of any regulation or order governing

Safeguards Information is a felony subject to criminal penalties in the form of fines or

imprisonment, or both. See Sections 147b and 223a of the Act.

The NRC Enforcement Policy outlines potential NRC actions against both licensees and

individuals for violations of the regulations and Orders using criteria that evaluate both the

details and severity of the violation.

II. DISCUSSION

All licensees and all other persons who now have, or in the future may have, access to

Safeguards Information must comply with all applicable requirements delineated in regulations

and Orders governing the handling and unauthorized disclosure of Safeguards Information. As

stipulated in 10 C.F.R. § 73.21(a), licensees and persons who produce, receive or acquire

Safeguards Information are required to ensure that Safeguards Information is protected against

unauthorized disclosure. To meet this requirement, licensees and persons subject to

10 C.F.R. § 73.21(a) shall establish and maintain an information protection system governing

the proper handling and unauthorized disclosure of Safeguards Information. All licensees

should be aware that since the requirements of 10 C.F.R. § 73.21(a) apply to all persons who

receive Safeguards Information, they apply to all contractors whose employees may have

access to Safeguards Information and they must either adhere to the licensees policies and

procedures on Safeguards Information or develop, maintain and implement their own

information protection system, but the licensees remain responsible for the conduct of their

contractors. The elements of the required information protection system are specified in

10 C.F.R. § 73.21(b) through (i). The information protection system must address, at a

minimum, the following: the general performance requirement that each person who produces,

receives, or acquires Safeguards Information shall ensure that Safeguards Information is

protected against unauthorized disclosure; protection of Safeguards Information at fixed sites,

in use and in storage, and while in transit; inspections, audits and evaluations; correspondence

containing Safeguards Information; access to Safeguards Information; preparation, marking,

reproduction and destruction of documents; external transmission of documents; use of

automatic data processing systems; and removal of the Safeguards Information category.

As noted above, in addition to the responsibility of each licensee to ensure that all of its

employees, contractors and subcontractors, and their employees comply with applicable

requirements, all contractors, subcontractors, and individual employees also are individually

responsible for complying with applicable requirements and all are subject to civil and criminal

sanctions for failures to comply. The NRC considers that violations of the requirements

applicable to the handling of Safeguards Information are a serious breach of adequate

protection of the public health and safety and the common defense and security of the United

States.

Enclosure 3

RIS 2003-08

Page 4 of 4

As a result, the staff intends to use the NRC Enforcement Policy, including the discretion to

increase penalties for violations, to determine appropriate sanctions against licensees and

individuals who violate these requirements. In addition, the Commission may use its discretion,

based on the severity of the violation, to further increase the penalty for any violation up to the

statutory maximum. Willful violations of these requirements will also be referred to the

Department of Justice for a determination of whether criminal penalties will be pursued.

Enclosure 3