DCL-04-058, Use of Encryption Software for Electronic Transmission of Safeguards Information
| ML041630144 | |
| Person / Time | |
|---|---|
| Site: | Diablo Canyon  |
| Issue date: | 06/04/2004 |
| From: | Becker J Pacific Gas & Electric Co |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| DCL-04-058 | |
| Download: ML041630144 (2) | |
Text
Pacific Gas and Electric Company James R. Becker Diablo Canyon Power Plant Vice President-Diablo Canyon PO. Box 56 Operations and Station Director Avila Beach, CA 93424 805.545.3462 June 4, 2004 Fax: 805.545.4234 PG&E Letter DCL-04-058 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555-0001 Docket No. 50-275, OL-DPR-80 Docket No. 50-323, OL-DPR-82 Diablo Canyon Units I and 2 Use of Encryption Software for Electronic Transmission of Safeguards Information
Dear Commissioners and Staff:
Pursuant to the requirements of 10 CFR 73.21(g)(3), Pacific Gas & Electric Company (PG&E) requests approval to process and transmit Safeguards Information (SGI) using PGP Software (Enterprise, Corporate, or Personal) Desktop Version 8.0 or the latest validated version, developed with PGP Software Development Kit (SDK) 3.0.3. National Institute of Standards and Technology Certificate 394 validates compliance of this SDK with Federal Information Processing Standard (FIPS) 140-2 requirements.
An information protection system for SGI that meets the requirements of 10 CFR 73.21 (b) through (i) has been established and is being maintained. Prior to the first use of encryption software for SGI material, written procedures shall be in place to describe, as a minimum: access controls; where and when encrypted communications can be made; how encryption keys, codes and passwords will be protected from compromise; actions to be taken if the encryption keys, codes, or passwords are, or are suspected to have been, compromised (for example, notification of all authorized users); and how the identity and access authorization of the recipient will be verified.
PG&E intends to exchange SGI with the NRC, Nuclear Energy Institute (NEI), and other SGI holders who have received NRC approval to use PGP software.
Mr. Ronald Todaro, the DCPP Security Manager is responsible for the overall implementation of the SGI encryption program at DCPP and is responsible for collecting, safeguarding, and disseminating the software tools needed for encryption and decryption of SGI.
A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway
- Comanche Peak
- Diablo Canyon
- Palo Verde
- South Texas Project
- Wolf Creek
U.S. Nuclear Regulatory Commission June 4, 2004 Page 2 PG&E Letter DCL-04-058 Pursuant to 10 CFR 73.21 (g)(3), the transmission of encrypted material would be considered a protected telecommunications operation to other authorized SGI holders who have received NRC approval to use PGP software. The transmission and dissemination of unencrypted SGI is subject to the provisions of 10 CFR 73.21 (g)(1) and 10 CFR 73.21 (g)(2).
Should you have any questions or require additional information, please contact Ronald Todaro at 805-545-4309.
Sincer.ely, James R cker Vice President - Diablo Canyon Operations and Station Director swh/3449 cc:
James W. Davis, NEI Louis H. Grosman, NRC/OCIO Bruce S. Mallett, NRC Region IV Scott A. Morris, NRC/NISR David L. ProuIx, NRC Senior Resident Inspector Girija S. Shukla, NRC Lynn A. Silvious, NRC/NSIR Diablo Distribution A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway
- Comanche Peak
- Diablo Canyon.
Palo Verde
- South Texas Project
- Wolf Creek