ML080940158
| ML080940158 | |
| Person / Time | |
|---|---|
| Site: | Hatch  |
| Issue date: | 11/07/2005 |
| Revision: | 0 |
| From: | Case M J NRC/NRR/ADRO/DIRS |
| To: | |
| References | |
| RIS-05-026 | |
| Download: ML080940158 (6) | |
See also: RIS 2005-26
Text
ML051430228 November 7, 2005NRC REGULATORY ISSUE SUMMARY 2005-26CONTROL OF SENSITIVE UNCLASSIFIED NONSAFEGUARDSINFORMATION RELATED TO NUCLEAR POWER REACTORSADDRESSEESAll holders of operating licenses for nuclear power reactors and holders of and applicants forcertificates for reactor designs.INTENTThe U.S. Nuclear Regulatory Commission (NRC) is issuing this regulatory issue summary (RIS)to inform the addressees of the appropriate handling of information that warrants controlsbecause of continuing concerns about terrorist attacks against the critical infrastructure of theUnited State The NRC intends to balance its responsibility to preserve public access toinformation and support meaningful participation in NRC's regulatory processes against itsresponsibility to withhold information that might unnecessarily compromise the security ofnuclear facilitie Licensees for operating nuclear power plants and reactor facility designersmay need to assess their document control procedures to ensure they protect sensitiveinformatio Although no specific action or written response is required, the NRC encouragesthe addressees for this RIS, vendors and contractors, and others who may possess sensitiveinformation to destroy, mark, or otherwise control the information to avoid inadvertentlyproviding assistance to those who might use the information for malevolent acts.BACKGROUND INFORMATIONNRC traditionally has given the public access to a significant amount of information about thefacilities and materials the agency regulate Openness has been and remains a cornerstoneof NRC's regulatory philosoph The Atomic Energy Act, subsequent legislation, and variousNRC regulations have given the public the right to participate in the licensing and oversightprocess for nuclear power reactors and other NRC licensee To participate in a meaningfulway, the public must have access to information about the design and operation of regulatedfacilities and use of nuclear material However, NRC and other Government agencies havealways withheld some information from public disclosure for reasons of security, personalprivacy, or commercial or trade secret protectio In light of increased terrorist activityworldwide, NRC reexamined its document disclosure policie RIS 2005-26 Page 2 of 5Since the events of September 11, 2001, NRC has issued advisories and taken specific actionsregarding the security of its licensed facilitie NRC has also assessed and revised its policiesand practices for control of information so that information that could reasonably be expected tobe useful to terrorists in planning or executing an attack against nuclear power plants or otherNRC-licensed facilities will be withheld from public disclosur The most recent and detailedguidance on the control of information related to operating nuclear power plants is provided inthe Commission paper SECY-04-0191, "Withholding Sensitive Unclassified InformationConcerning Nuclear Power Reactors From Public Disclosure," dated October 19, 2004, and theassociated staff requirements memorandum dated November 9, 200 Also seeSECY-05-0091, "Task Force Report on Public Disclosure of Security-Related Information,"dated May 18, 2005, and the associated staff requirements memorandum dated June 30, 2005. The NRC staff is preparing similar guidance for materials licensees and expects to make itavailable to the public in early 2006.SUMMARY OF ISSUEConsidering the various reviews, legislation, and other changes since September 11, 2001, theNRC staff believes that clarifying NRC's current procedures and policies regarding the controlof information will be beneficial to stakeholder NRC will continue to make available to thepublic most of the information that the agency receives from or sends to its licensee Inaddition, the public will have access to a large amount of information included in various reportsproduced by the NRC staf Much of NRC's information also will be readily available to thepublic via the NRC Web site (www.nrc.gov) and the NRC's electronic document managementsystem (ADAMS) (www.nrc.gov/reading-rm/adams.html). In addition, other information may bereleased to the public in response to formal or informal request The exceptions for certaininformation to be withheld from public disclosure for reasons other than security (e.g., privacy,proprietary, and pre-decisional information) have not changed as a result of recent event Theappropriate handling of Safeguards Information (SGI) is discussed in RIS-2003-08, "Protectionof Safeguards Information From Unauthorized Disclosure," dated April 30, 2003, and morespecific SGI designation guidance document NRC withheld from public disclosure some information related to protecting operating nuclearpower plants although it does not meet the existing criteria for designation as SG This type ofinformation was recognized before September 11, 2001, and, when submitted to NRC by alicensee, was withheld from public disclosure according to the provisions of 10 CFR2.390(d)(1). This regulation states:(d) The following information is considered commercial or financial information within themeaning of §9.17(a)(4) of this chapter and is subject to disclosure only in accordancewith the provisions of §9.19 of this chapter.(1) Correspondence and reports to or from the NRC which contain information orrecords concerning a licensee's or applicant's physical protection, classified matterprotection, or material control and accounting program for special nuclear material nototherwise designated as Safeguards Information or classified as National SecurityInformation or Restricted Dat RIS 2005-26 Page 3 of 5NRC expects that licensees will continue to request NRC withhold some information citing10 CFR 2.390(d)(1) and that the volume of material requested to be withheld from publicdisclosure under this provision will increase as the NRC staff and licensees implement theguidance in this RI NRC changed its procedures shortly after September 11, 2001, towithhold from public disclosure various categories of documents likely to include individualrecords that warrant withholding under 10 CFR 2.39 The NRC staff will assess the need towithhold such document categories if licensees routinely identify specific documents containingsensitive informatio The NRC staff will interact with licensees on a case-by-case basisregarding the use of the provisions of 10 CFR 2.390(d)(1) to assure that information is properlycontrolled, under either Section 2.390(d)(1) or one of the other Freedom of Information Act(FOIA) exemptions that might be applicabl Licensees that identify information to be withheldfrom public disclosure in accordance with 10 CFR 2.390(d)(1) or other provision in theregulation should use the same general practices as used for proprietary commercial orfinancial informatio As shown on the attached diagram, the cover letter should clearly statethat the document includes sensitive information and the affected pages should include themarking "Security-Related Information - Withhold Under 10 CFR 2.390." Unlike therequirements for withholding proprietary information, licensees are not required to provide anaffidavit for sensitive information withheld under 10 CFR 2.390(d) and related to (1) physicalprotection or (2) material control and accounting.Most information received and generated by NRC deals with design, operations, or othermatters not directly related to the physical security of nuclear facilities or radioactive materials. This information, if not protected as proprietary or under another exception, is generally madeavailable to the publi After September 11, 2001, NRC and other Government agenciesresponded to concerns that some information easily available on public Web sites or by othermeans might be useful to terrorist SECY-04-0191 provides the primary NRC guidance onwhether information related to operating nuclear power plants should be withheld from publicdisclosure in light of the post-September 11 concern The NRC staff has posted the guidanceand related material within the public reading room (http://www.nrc.gov/reading-rm.html) on theNRC Web site, and stakeholders can ask questions or make suggestions about the guidanceand the example As discussed in SECY-04-0191, other Government agencies have issued regulations orguidance for protecting information that could be reasonably expected to be useful to terroristsin planning or executing an attack on critical infrastructure.*Protected critical infrastructure information (PCII) is information related to the security ofcritical infrastructure that is voluntarily provided to the Department of Homeland Security(DHS). *Critical energy infrastructure information (CEII) is defined in Federal Energy RegulatoryCommission (FERC) regulations as information related to energy-related infrastructure (e.g., hydroelectric dams and electric transmission systems).*Sensitive security information (SSI) is defined in Transportation Safety Administration(TSA) and Department of Transportation (DOT) regulations as information about thesecurity of transportation assets, including pipeline RIS 2005-26 Page 4 of 5Licensees may need to assess and revise their procedures for handling sensitive unclassifiednonsafeguards information in their normal activities and interactions with parties other thanNR During discussions of existing practices with various licensees, the NRC staff discoveredthat licensees vary in how they treat and protect information that was previously unprotected butnow is considered sensitiv Some licensees have instituted more restrictive control Somehave determined that their routine business practices provide an appropriate level of protectionfor the sensitive informatio As described in 10 CFR 2.390, information deemed sensitive because it relates to physicalprotection or material control and accounting is protected in much the same way as commercialor financial informatio As with proprietary information, licensees are expected to havesufficient internal controls to keep the information confidentia Possible methods to prevent theinadvertent release of sensitive unclassified nonsafeguards information include markingdocuments as described in 10 CFR 2.390, restricting access to electronic recordkeepingsystems, and controlling the reproduction, distribution, and destruction of potentially sensitiverecord NRC uses the marking "Security-Related Information - Withhold Under10 CFR 2.390" and encourages the use of this marking by licensees and others possessinginformation deemed sensitive using the guidance in SECY-04-019 Licensees should ensurethat similar controls are in place when sensitive information is provided to outside parties suchas contractors or other Government agencie The NRC staff posted information on NRC'sWeb site (http://www.nrc.gov/reading-rm.html) and included a feedback form for questions orsuggestions on how to effectively control sensitive informatio BACKFIT DISCUSSIONThis RIS requires no action or written respons Any action on the part of addressees toassess and revise their document control procedures in accordance with the guidancecontained in this RIS is strictly voluntary and, therefore, is not a backfit under 10 CFR 50.109. Consequently, the NRC staff did not perform a backfit analysis.FEDERAL REGISTER NOTIFICATIONA notice of opportunity for public comment on this RIS was not published in the FederalRegister because it is informational and pertains to a staff position that does not represent adeparture from current regulatory requirements and practic NRC intends to work with theNuclear Energy Institute, industry representatives, members of the public, and otherstakeholders in modifying related guidance documents.SMALL BUSINESS REGULATORY ENFORCEMENT FAIRNESS ACT OF 1996The NRC has determined that this action is not a rule and thus is not subject to the SmallBusiness Regulatory Enforcement Fairness Act of 199 RIS 2005-26 Page 5 of 5PAPERWORK REDUCTION ACT STATEMENTThis RIS does not contain information collections and, therefore, is not subject to therequirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.).CONTACTPlease direct any questions about this matter to the technical contacts listed below or to theappropriate Office of Nuclear Reactor Regulation (NRR) project manager./RA/ By Patrick L. Hiland For/Michael J. Case, DirectorDivision of Inspection and Regional SupportOffice of Nuclear Reactor RegulationTechnical Contacts:William Reckley, NRRMargie Kotzalas, NRR301-415-1323301-415-2737E-mail: wdr@nrc.govE-mail: mxk5@nrc.gov
Attachment:
Marking diagram for documents withheld under 10 CFR 2.390Note: NRC generic communications may be found on the NRC public Web site,http://www.nrc.gov, under Electronic Reading Room/Document Collection Security-Related InformationWithhold Under 10 CFR 2.390SubjectXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXAttachment RIS-2005-26 Page 1 of 1SUGGESTED MARKINGSWithhold From Public Disclosure In Accordance With 10 CFR 2.390 Overall page marking on the top of all pagesEnsure Subject Line is non-sensitiveAppropriate ControlsAccess:Need-to-know in order to perform official licensee functions.Storage:Openly within licensee facilities with electronic or other accesscontrols, for example, key cards, guards, alarms.Mail:U.S. Postal Service first class mail, single opaque envelope withno markings to indicate 10 CFR 2.390 contents.Electronic Transmission:Over encrypted phone, facsimile, computer, if available;otherwise over non-encrypted circuits where recipient willbe present to receive the transmission.