Use of Encryption Software for Electronic Transmission of Safeguards Information

ML041610398
Person / Time
Site:	Comanche Peak
Issue date:	06/02/2004
From:	Blevins M TXU Electric
To:	Document Control Desk, Office of Nuclear Reactor Regulation, Office of Nuclear Security and Incident Response
References
CPSES-200401431, RIS-02-015, TXX-04095
Download: ML041610398 (3)
v • d • e

Text

ft TXU

,VSW TXU Power Mike Blevins Comanche Peak Steam Senior Vice President Electric Station & Principal Nuclear Officer P. O. Box 1002 (E01)

Glen Rose, TX 76043 Tel: 254 897 5209 Fax: 254 897 6652 mike.blevins~txu.com Ref: 10CFR73.21 NRC RIS-2002-15 CPSES-200401431 Log # TXX-04095 June 2, 2004 U. S. Nuclear Regulatory Commission Attention: Document Control Desk Washington, D.C. 20555-0001

SUBJECT:

USE OF ENCRYPTION SOFTWARE FOR ELECTRONIC TRANSMISSION OF SAFEGUARDS INFORMATION DOCKET NOS. 50-445 AND 50-446

REFERENCE:

10CFR73.21 NRC Regulatory Issue Summary, RIS-2002-15 Gentlemen:

Pursuant to the requirements of 10 CFR 73.21 (g)(3), TXU Generating Company LP (TXU Power) requests approval to process and transmit Safeguards Information (SGI) using PGP Software (Enterprise, Corporate, or Personal) Desktop Version 8.0 or the latest validated version, developed with PGP SDK 3.0.3. National Institute of Standards and Technology Certificate 394 validates compliance of this SDK with FIPS 140-2 requirements.

A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway

• Comanche Peak

• Diablo Canyon

• Palo Verde

• South Texas Project . Wolf Creek 3S&g

TXX-04095 Page 2 of 3 An information protection system for SGI that meets the requirements of 10 CFR 73.21(b) through (i) has been established and is being maintained. Prior to the first use of encryption software for SGI material, written procedures shall be in place to describe, as a minimum: access controls; where and when encrypted communications can be made; how encryption keys, codes and passwords will be protected from compromise; actions to be taken if the encryption keys, codes or passwords are, or are suspected to have been, compromised (for example, notification of all authorized users); and how the identity and access authorization of the recipient will be verified.

TXU Power intends to exchange SGI with the NRC, Nuclear Energy Institute (NEI), and other SGI holders who have received NRC approval to use PGP software. TXU Power/

Mr. Donald Alps, Security Manager is responsible for the overall implementation of the SGI encryption program at TXU Power. TXU Power/ Ms. Jane Lacy, Nuclear Support Assistant and Mr. Neil Harris, Principal Nuclear Technologist is responsible for collecting, safeguarding, and dissemination the software tools needed for encryption and disseminating the software tools needed for encryption and decryption of SGI.

Pursuant to 10 CFR 73.21 (g)(3), the transmission of encrypted material to other authorized SGI holders, who have received NRC approval to use PGP software, would be considered a protected telecommunications system. The transmission and dissemination of unencrypted SGI is subject to the provisions of 10 CFR 73.21 (g)(l) and (2).

Should you have any questions or require additional information, please contact Mr. Don Alps, Security Manager at 254-897-5432. This communication contains no new or revised commitments.

Sincerely, TXU Generation Company LP By: TXU Generation Management Company LLC, Its General Partner Mike Blevins

TXX-04095 Page 3 of 3 do - B. S. Mallett, Region IV M. C. Thadani, NRR W. D. Johnson, Region IV Resident Inspectors, CPSES Scott Morris, NRC/NISR Lynn Silvious, NRC/NSIR Louis Grosman, NRC/OCIO James Davis, NEI