Text

THIS PRELIMINARY PROPOSED RULE LANGUAGE AND ACCOMPANYING DISCUSSION IS BEING RELEASED TO SUPPORT INTERACTIONS WITH STAKEHOLDERS AND THE ADVISORY COMMITTEE ON REACTOR SAFEGUARDS (ACRS). THIS LANGUAGE HAS NOT BEEN SUBJECT TO COMPLETE NRC MANAGEMENT OR LEGAL REVIEW, AND ITS CONTENTS SHOULD NOT BE INTERPRETED AS OFFICIAL AGENCY POSITIONS. THE NRC STAFF PLANS TO CONTINUE WORKING ON THE CONCEPTS AND DETAILS PROVIDED IN THIS DOCUMENT AND WILL CONTINUE TO PROVIDE OPPORTUNITIES FOR PUBLIC PARTICIPATION AS PART OF THE RULEMAKING ACTIVITIES.

THE STAFF IS PRIMARILY SEEKING INSIGHTS REGARDING THE CONCEPTS IN THIS PRELIMINARY LANGUAGE AND SECONDARILY SEEKING INSIGHTS RELATED TO DETAILS SUCH AS NUMERICAL VALUES FOR VARIOUS CRITERIA.

STAFF DISCUSSION OF PART 73 ACCESS AUTHORIZATION - PRELIMINARY RULE LANGUAGE (June 2021)

Preliminary Language Discussion

§ 73.120 - Access Authorization The existing regulatory framework for access authorization under 10 CFR 73.55, 10 CFR 73.56, and 10 CFR 73.57, is sufficient to provide reasonable assurance that individuals subject to this program are trustworthy and reliable such that they do not constitute an unreasonable risk to the public health and safety or common defense and security, regardless of the reactor technology.

The proposed language under § 73.120 will provide flexibility through the use of a graded approach, commensurate with risk and consequence to public health and safety, for Part 53 applicants who demonstrate in an analysis that the offsite consequences meet the criterion defined in

§ 53.830(a)(2)(i). Applicants satisfying the criterion in 10 CFR 53.830(a)(2)(i) shall establish, implement, and maintain their access authorization program in accordance with the requirements of requirements of

§ 73.120. Applicants not satisfying the criterion shall establish, implement, and maintain a full access authorization program, including an insider mitigation program, in accordance with 10 CFR 73.56.

Moreover, for applicants satisfying the criterion, the proposed requirements model the existing access authorization programs for non-power reactors and/or material licensees by applying the most important program elements associated with power reactors access authorization program under 10 CFR 73.56.

Although research and test reactors currently do not have many specific access authorization requirements in NRC regulations other than those associated with fingerprinting of individuals for criminal history checks, there are alternate security measures and license conditions in place for these facilities that would be applied in the proposed 10 CFR 73.120 for advanced reactors.

(a) Introduction and Scope. (1) Each applicant for an operating license for an advanced nuclear reactor under 10 CFR part 53, who meets the criterion in 10 CFR 53.830(a)(2)(i), shall establish, maintain, and implement an access authorization program in accordance with this section as part of its Commission-approved Physical Security Plan. Applicants not meeting the criterion in 10 CFR 53.830(a)(2)(i) shall establish, maintain, and implement an access authorization program in accordance with the requirements of 10 CFR 73.56.

(2) [Reserved]

Under this proposed approach, should an applicant for an advanced reactor design demonstrate that an offsite release would not exceed doses defined in the first tier safety criteria of §§53.210(b)(1) and 53.210(b)(2), the applicant could choose to implement the access authorization program requirements under the proposed 10 CFR 73.120. The staff notes that the eligibility criterion (as defined in 10 CFR 53.830(a)(2)(i)) is consistent with one of the eligibility criteria being proposed as part of the limited-scope advanced reactor security rulemaking - the most bounding criteria. As that rulemaking evolves, so will this criterion for consistency.

(b) Applicability. (1) The following individuals shall be subject to an access authorization program under this section:

General applicability statement for those individuals who will be subject to an access authorization program in accordance with this section and as specified in paragraph (b) of 10 CFR 73.120.

Individuals noted in this section are required to be trustworthy and reliable, such that they do not

constitute an unreasonable risk to public health and safety or the common defense and security.

(i)

Any individual to whom a licensee intends to grant unescorted access to a nuclear power plant protected area, vital area, material access area, or controlled access area where the material is used or stored; This applicability statement considers individuals specified in 10 CFR 73.56(b)(i) for power reactors and the orders/additional security measures (ASM) and/or license conditions for nonpower reactors whom the licensee intends to grant unescorted access to the facilities most sensitive areas.

(ii)

Any individual whose duties and responsibilities permit the individual to take actions by electronic means, either on site or remotely, that could adversely impact the licensee's or applicant's operational safety, security, or emergency preparedness; This is consistent with 10 CFR 73.56(b)(ii) - No change.

This applicability statement is to include those individuals who may be offsite (or on site) (e.g.,

remote operators or information technology staff) and have virtual access to important plant operational and communication systems in the access authorization program based upon assigned duties and responsibilities to have such access. These individuals will be reinvestigated periodically in accordance with (C)(3) of this proposed section.

This requirement is consistent with the intent of current § 73.56, which is to ensure that anyone who has unescorted access to equipment that is important to the operational safety and security of plant operations must be trustworthy and reliable. An individual who may have remote access to plant equipment and communication systems may have trusted privileges greater than the trusted and authorized personnel at the plant site.

(iii) Any individual who has responsibilities for implementing a licensee's or applicant's protective strategy, including armed security This requirement is consistent with 10 CFR 73.56(b)(1)(iii) and intended to ensure that security

force officers, alarm station operators, and tactical response team leaders but not including Federal, State, or local law enforcement personnel; and personnel responsible for protection of the nuclear power plant are included in the licensees access authorization program. This requirement includes a clarification that offsite law enforcement are not subject to the licensee access authorization program.

10 CFR 73.56(b)(1)(iii) specifies that these individuals shall be subject to an access authorization program because of their critical responsibilities with respect to plant security and, therefore, the need to ensure that they are trustworthy and reliable.

(iv) The licensee or applicant access authorization program reviewing official or contractor or vendor access authorization program reviewers.

This is consistent with § 73.56(b)(1)(iv) to ensure individuals responsible for access authorization decisions are trustworthy and reliable.

(2)

The licensee or applicant may subject other individuals, including employees of a contractor or a vendor who are designated in access authorization program procedures, to an access authorization program that meets the requirements of this section.

This is consistent with 10 CFR 73.56(b)(2).

(c)

General Performance Objectives and Requirements. Each licensee's or applicants access authorization program under this section must provide reasonable assurance that the individuals who are specified in paragraph (b) of this section are trustworthy and reliable, such that they do not constitute an unreasonable risk to public health and safety or the common defense and security. The design and implementation of the licensees access authorization program shall establish and maintain the capabilities for meeting the following performance requirements:

The proposed language establishes general performance objectives and requirements providing reasonable assurance that the individuals who are specified in paragraph (b) of this section are trustworthy and reliable. This is consistent with the access authorization program requirements for nuclear power reactors under 10 CFR 73.56.

The proposed language also provides licensees and applicants flexibility in establishing their access authorization program to meet various specific performance objectives.

(1) Background investigation. Background investigations shall be completed for any individual whom a licensee or applicant intends to grant unescorted access. Background investigations shall include the This section is consistent with the background investigation elements under 10 CFR 73.56(d)(1-7).

This requirement is also consistent with security

program elements contained under § 73.56(d) of this part.

measures applied to non-power reactor licensees.

Background investigations include important elements to establish trustworthiness and reliability of an individual, such that they do not constitute an unreasonable risk to public health and safety or the common defense and security. These include Informed consent Personal History Disclosure Verification of True Identity Employment History Evaluation Unemployment/Military Service/Education Credit History Evaluation Character and Reputation Evaluation Criminal History Review (2) Behavioral observation. Behavioral observation shall be performed to detect behaviors or activities that may constitute an unreasonable risk to the safety and security of the licensees facility. The access authorization program shall ensure that the individuals specified in paragraph (b) are subject to behavioral observation. Behavioral observation shall include self-reporting of legal actions in accordance with § 73.56(g) of this part.

This paragraph outlines the roles and responsibilities of individuals subject to behavior observation. The purpose of behavior observation is to increase the likelihood that potentially adverse behavior patterns and actions are detected, communicated, and evaluated before there is an opportunity for such behavior patterns or acts to result in detrimental consequences.

This proposed requirement is a scaled version of the full behavioral observation program as required under 10 CFR 73.56(f). Commensurate with the lower risk and consequence of an advanced reactor meeting certain eligibility requirements, this provision does not require the establishment of a full training program for behavioral observation (i.e., initial and refresher training including knowledge checks) as required for power reactors under § 73.56. However, this requirement would provide licensees flexibility to consider behavioral observation of individuals granted

unescorted access to the advanced reactor site that may be similar to the Department of Homeland Securitys program, You see something you say something or a commensurate corporate behavioral awareness program. This is less stringent requirement for advanced reactor licensees but equally effective.

(3) Unescorted access. Unescorted access shall be granted only after the licensee has verified an individual is trustworthy and reliable. A list of persons currently approved for unescorted access to a protected area, vital area, material access area, or controlled access area must be maintained at all times.

Unescorted access determinations shall be reviewed annually in accordance with § 73.56(i)(1)(iv). Criminal history updates shall be completed within 10 years of the last review.

This requirement is a scalable approach for granting and maintaining unescorted access. The major component not included from 10 CFR 73.56 is the need for a psychological assessment and reassessment under 10 CFR 73.56(e) for granting unescorted access and 10 CFR 73.56(i)(v)(B) for individuals who perform one or more of the job functions described in (b)(ii) of that section for maintaining unescorted access.

Moreover, the criminal history updates shall be completed within 10 years of the last review. In comparison, the reinvestigation periodicity for personnel at an operating nuclear power plant, is a 3-year or 5-year check based upon job function. In addition, no credit check re-evaluation would be required for these individuals.

(4) Termination of unescorted access. Unescorted access shall be promptly terminated when a licensee determines this access is no longer required or a reviewing official determines an individual is no longer trustworthy and reliable in accordance with this section.

(5) Determination basis for access. Any unescorted access determination shall be made by a reviewing official who will determine whether to permit, deny, unfavorably terminate, maintain, or administratively withdraw an individual's unescorted This requirement is consistent with the intent of 10 CFR 73.56(h)(1)(i) and does not include language related to certifying unescorted access authorization.

access based on an evaluation of all of the information collected to meet the requirements of this section.

(6) Review Procedures. Review procedures shall be established in accordance with § 73.56(l) of this part, to include provisions for the notification of individuals who are denied unescorted access or who are unfavorably terminated.

This is consistent with 10 CFR 73.56(l).

This section is a direct pointer to the applicable requirement.

(7) Protection of Information. A system of files and procedures shall be established and maintained in accordance with § 73.56(m) of this part to ensure personal information is not disclosed to unauthorized persons.

This is consistent with 10 CFR 73.56(m)

This section is a direct pointer to the applicable requirement.

(8) Audits and corrective action. Procedures for use of audits and corrective actions shall be established in accordance with

§ 73.56(n) of this part to ensure the continuing effectiveness of the access authorization program and to ensure that the access authorization program and program elements are in compliance with the requirements of this section.

This is consistent with 10 CFR 73.56(n).

This section is a direct pointer to the applicable requirement.

(9) Records. Records used or created to establish an individuals trustworthiness and reliability or to document access determination must be maintained in accordance with § 73.56(o) of this part.

This is consistent with 10 CFR 73.56(o).

This section is a direct pointer to the applicable requirement.