|
---|
Category:Letter
MONTHYEARIR 05000250/20240032024-11-13013 November 2024 Integrated Inspection Report - 05000250/2024003 & 05000251/2024003 & Notice of Violation L-2024-187, Supplement to the Response to Requests for Additional Information Regarding License Amendment Request (278) to Facilitate a Transition to 24-Month Fuel Cycles2024-11-12012 November 2024 Supplement to the Response to Requests for Additional Information Regarding License Amendment Request (278) to Facilitate a Transition to 24-Month Fuel Cycles L-2024-188, Supplement to License Amendment Request 277, Updated Spent Fuel Pool Criticality Analysis2024-11-12012 November 2024 Supplement to License Amendment Request 277, Updated Spent Fuel Pool Criticality Analysis ML24305A1482024-11-0606 November 2024 Westinghouse Topical Report - Request for Withholding Information from Public Disclosure L-2024-184, Radiological Emergency Plan Revision 772024-11-0505 November 2024 Radiological Emergency Plan Revision 77 ML24276A2162024-11-0101 November 2024 Request for Withholding Information from Public Disclosure L-2024-173, Response to Requests for Additional Information Regarding Turkey Point License Amendment Request (278) to Facilitate a Transition to 24-Month Fuel Cycles2024-10-31031 October 2024 Response to Requests for Additional Information Regarding Turkey Point License Amendment Request (278) to Facilitate a Transition to 24-Month Fuel Cycles L-2024-176, Annual 10 CFR 140.21 Licensee Guarantees of Payment of Deferred Premiums2024-10-30030 October 2024 Annual 10 CFR 140.21 Licensee Guarantees of Payment of Deferred Premiums ML24291A2882024-10-24024 October 2024 Westinghouse Topical Report - Request for Withholding Information from Public Disclosure L-2024-175, Cycle 34 Core Operating Report2024-10-24024 October 2024 Cycle 34 Core Operating Report L-2024-177, Revised Response to Requests for Additional Information Regarding Turkey Point License Amendment Request 277, Updated Spent Fuel Pool Criticality Analysis2024-10-22022 October 2024 Revised Response to Requests for Additional Information Regarding Turkey Point License Amendment Request 277, Updated Spent Fuel Pool Criticality Analysis ML24276A2302024-10-16016 October 2024 Westinghouse Topical Report – Request for Withholding Information from Public Disclosure L-2024-169, Supplement to License Amendment Request to Adopt Common Emergency Plan with Site- Specific Annexes2024-10-15015 October 2024 Supplement to License Amendment Request to Adopt Common Emergency Plan with Site- Specific Annexes ML24289A2372024-10-15015 October 2024 Transmittal of Revision 1 Additional Errata Pages for WCAP-18830-P (Proprietary) and WCAP-18830-NP (Non-Proprietary), Turkey Point Fuel Storage Criticality Analysis for 24 Month Cycles L-2024-118, Fleet License Amendment Request to Relocate Staff Qualifications from Technical Specifications to the Quality Assurance Topical Report (FPL-1)2024-10-0808 October 2024 Fleet License Amendment Request to Relocate Staff Qualifications from Technical Specifications to the Quality Assurance Topical Report (FPL-1) IR 05000250/20243012024-10-0303 October 2024 NRC Operator License Examination Report 05000250/2024301 and 05000251/2024301 L-2024-157, Response to Requests for Additional Information Regarding License Amendment Request (278) to Facilitate a Transition to 24-Month Fuel Cycles2024-10-0303 October 2024 Response to Requests for Additional Information Regarding License Amendment Request (278) to Facilitate a Transition to 24-Month Fuel Cycles L-2024-147, Submission of Periodic Reports2024-10-0101 October 2024 Submission of Periodic Reports L-2024-158, Supplemental Information to License Amendment Request to Adopt Common Emergency Plan with Site-Specific Annexes2024-09-25025 September 2024 Supplemental Information to License Amendment Request to Adopt Common Emergency Plan with Site-Specific Annexes ML24269A1292024-09-24024 September 2024 Response to Requests for Additional Information Regarding Turkey Point License Amendment Request 277, Updated Spent Fuel Pool Criticality Analysis ML24260A2262024-09-18018 September 2024 NRC Examination Results Summary - Examination Reports: 05000250/2024301 and 05000251/2024301 ML24262A2272024-09-18018 September 2024 Transmittal of Additional Errata Pages for WCAP-18830-P (Proprietary) and WCAP-18830-NP (Non-Proprietary), Turkey Point Fuel Storage Criticality Analysis for 24 Month Cycles ML24158A0052024-09-17017 September 2024 Completion of Subsequent License Renewal Site Specific Environmental Review and Modification to Subsequent Renewed Facility Operating Licenses L-2024-136, Supplement to License Amendment Request to Adopt Common Emergency Plan with Site-Specific Annexes2024-09-16016 September 2024 Supplement to License Amendment Request to Adopt Common Emergency Plan with Site-Specific Annexes ML24207A0342024-09-13013 September 2024 – Exemption from Certain Requirements of 10 CFR 50.46 for Use of Axiom Fuel Rod Cladding – Letter ML24256A1132024-09-13013 September 2024 Regulatory Audit Summary Related to the Review of Regarding the Updated Spent Fuel Pool Criticality Safety Analysis License Amendment Request IR 05000250/20240052024-08-23023 August 2024 Updated Inspection Plan for Turkey Point Units 3 & 4 - Report 05000250/2024005 and 05000251/2024005 ML24234A0062024-08-22022 August 2024 Project Manager Assignment L-2024-106, Fifth and Sixth 10-Year Inservice Testing Interval Relief Request No. VR-022024-08-12012 August 2024 Fifth and Sixth 10-Year Inservice Testing Interval Relief Request No. VR-02 L-2024-122, Core Operating Limits Report2024-08-12012 August 2024 Core Operating Limits Report ML24163A0012024-08-0505 August 2024 LTR-24-0119-1-1 Response to Nh Letter Regarding Review of NextEras Emergency Preparedness Amendment Review L-2024-089, Notification of Deviation from Pressurized Water Owners Group (PWROG) Report WCAP- 17 451-P. Revision 1. Reactor Internals Guide Tube Wear - Westinghouse Domestic Fleet Operational Projections2024-07-25025 July 2024 Notification of Deviation from Pressurized Water Owners Group (PWROG) Report WCAP- 17 451-P. Revision 1. Reactor Internals Guide Tube Wear - Westinghouse Domestic Fleet Operational Projections L-2024-125, Notice of Intent to Provide Supplemental Information to License Amendment Request to Adopt Common Emergency Plan with Site-Specific Annexes2024-07-24024 July 2024 Notice of Intent to Provide Supplemental Information to License Amendment Request to Adopt Common Emergency Plan with Site-Specific Annexes ML24184B2822024-07-16016 July 2024 – Request to Use a Later Code Edition and Addenda of the American Society of Mechanical Engineers Boiler and Pressure Vessel Code, Section XI ML24193A2432024-07-12012 July 2024 – Interim Audit Summary Report in Support of Review of License Amendment Requests Regarding Fleet Emergency Plan L-2024-114, Quality Assurance Topical Report (FPL-1 Revision 31 Annual Submittal2024-07-10010 July 2024 Quality Assurance Topical Report (FPL-1 Revision 31 Annual Submittal 05000250/LER-2024-002-01, Condition Prohibited by Technical Specifications2024-07-10010 July 2024 Condition Prohibited by Technical Specifications ML24173A1902024-06-28028 June 2024 Withdrawal of an Amendment Request ML24159A2652024-06-26026 June 2024 Correction of Safety Evaluation for Issuance of Amendment Nos. 298 & 291 Regarding Revising the Fire Protection Program in Support of Reactor Coolant Pump Seal Replacement Project L-2024-100, Withdrawal of License Amendment Request 274, Reactor Protection System, Engineered Safety Features Actuation System, and Nuclear Instrumentation System Replacement Project2024-06-19019 June 2024 Withdrawal of License Amendment Request 274, Reactor Protection System, Engineered Safety Features Actuation System, and Nuclear Instrumentation System Replacement Project L-2024-102, Official Service List Update2024-06-19019 June 2024 Official Service List Update ML24149A2862024-06-12012 June 2024 NextEra Fleet - Proposed Alternative Frr 23-01 to Use ASME Code Case N-752-1, Risk-Informed Categorization and Treatment for Repair/Replacement Activities in Class 2 and 3 Systems Section X1, Division 1 (EPID L-2023-LLR-0009) - Letter IR 05000250/20244012024-06-0505 June 2024 – Security Baseline Inspection Report 05000250-2024401, 05000251-2024401 and 07200062-2024401 L-2024-076, Reply to Notice of Violation; NOV 05000250, 05000251/2024010-052024-05-29029 May 2024 Reply to Notice of Violation; NOV 05000250, 05000251/2024010-05 L-2024-082, 2023 Annual Radiological Environmental Operating Report2024-05-15015 May 2024 2023 Annual Radiological Environmental Operating Report IR 05000250/20240012024-05-10010 May 2024 Integrated Inspection Report 05000250/2024001 and 05000251/2024001 ML24135A0942024-05-0909 May 2024 Periodic Update to the Updated Final Safety Analysis Report L-2024-060, 10 CFR 50.59(d)(2) Evaluation and 10 CFR 50.71(e)(2) Technical Specification Bases Summaries Report2024-05-0909 May 2024 10 CFR 50.59(d)(2) Evaluation and 10 CFR 50.71(e)(2) Technical Specification Bases Summaries Report ML24127A1862024-05-0909 May 2024 Request for Withholding Information from Public Disclosure ML24127A0632024-05-0606 May 2024 Supplemental Information to License Amendment Request to Adopt Common Emergency Plan with Site-Specific Annexes 2024-09-25
[Table view] Category:Request for Additional Information (RAI)
MONTHYEARML24282A6722024-10-0808 October 2024 NRR E-mail Capture - Turkey Point Nuclear Generating Unit Nos. 3 and 4 - Request for Additional Information - Transition to 24-Month Fuel Cycles (L-2023-LLA-0161) ML24261B8062024-09-17017 September 2024 NRR E-mail Capture - Turkey Point Nuclear Generating Unit Nos. 3 and 4 - Request for Additional Information - Transition to 24-Month Fuel Cycles (L-2023-LLA-0161) ML24250A0242024-09-0606 September 2024 NRR E-mail Capture - Turkey Point Nuclear Generating Unit Nos. 3 and 4 - Request for Additional Information - Transition to 24-Month Fuel Cycles (L-2023-LLA-0161) ML24250A0852024-09-0606 September 2024 NRR E-mail Capture - Turkey Point Nuclear Generating Unit Nos. 3 and 4 - Request for Additional Information - Transition to 24-Month Fuel Cycles (L-2023-LLA-0161) ML24234A0842024-08-21021 August 2024 Notification of Inspection and Request for Information ML24234A0142024-08-20020 August 2024 NRR E-mail Capture - Turkey Point Nuclear Generating Unit Nos. 3 and 4 - Request for Additional Information - Spent Fuel Storage License Amendment Request (LAR) (L-2023-LLA-0142) ML24193A2432024-07-12012 July 2024 – Interim Audit Summary Report in Support of Review of License Amendment Requests Regarding Fleet Emergency Plan IR 05000250/20240102024-01-0505 January 2024 Focused Engineering Inspection 05000250/2024010 and 05000251/2024010 ML23226A0752023-08-14014 August 2023 NRR E-mail Capture - Turkey Point Nuclear Generating Unit Nos. 3 and 4 - Request for Additional Information - RCP LAR (L-2022-LLA-0128) ML23173A1522023-06-22022 June 2023 Request for Additional Information NextEra Fleet Emergency Plan Amendment Request ML23129A8322023-05-0505 May 2023 NRR E-mail Capture - Turkey Point Nuclear Generating Unit Nos. 3 and 4 - Request for Additional Information - RCP LAR (L-2022-LLA-0128) ML23038A1892023-02-0303 February 2023 RP RFI April 2023 ML22311A5582022-11-22022 November 2022 Supplemental Information Needed for Acceptance of Requested Licensing Action Amendment Request for Cep ML22311A4752022-11-0707 November 2022 NRR E-mail Capture - Turkey Point Nuclear Generating Unit Nos. 3 and 4 - Request for Additional Information - ITS IR 05000250/20234012022-10-19019 October 2022 Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000250/2023401 and 05000251/2023401 ML22255A0502022-09-15015 September 2022 Supplemental Information Needed for Acceptance of Requested Licensing Action License Amendment Request to Replace Instrumentation with Digital Systems ML22229A5332022-08-18018 August 2022 Notification of Target Set Inspection and Request for Information (NRC Inspection Report No. 05000250 2022402 and 05000251 2022402) ML22181A0562022-06-30030 June 2022 NRR E-mail Capture - Request for Additional Information - Turkey Point U3 Sgtir (L-2022-LRO-0070) ML22081A0292022-03-21021 March 2022 NRR E-mail Capture - Turkey Point Nuclear Generating Unit No. 3 - Request for Additional Information - Icw Alternative ML22068A2352022-03-17017 March 2022 Licensed Operator Positive Fitness-For-Duty Test ML22074A0932022-03-14014 March 2022 RP RFI March 2022 ML21342A2932021-12-21021 December 2021 Supplemental Information Needed for Acceptance of Requested License Amendment Request Concerning Technical Specification Conversion to NUREG-1431, Revision 5 ML21298A0572021-10-25025 October 2021 NRR E-mail Capture - Final: Tpn Request for Additional Information - Round 2 Concerning Relief Request 10 - Extension EPID: L-2021-LLR-0077 ML21291A1272021-10-14014 October 2021 NRR E-mail Capture - Request for Additional Information - Fifth Ten-Year Inservice Inspection Interval Relief Request No.10 - Extension (L-2021-LLR-0077) ML21270A1652021-09-27027 September 2021 NRR E-mail Capture - Turkey Point Request for Additional Information Concerning Full Spectrum LOCA Methodology - EPID L-2021-LLA-0070 ML21252A2142021-09-0101 September 2021 NRR E-mail Capture - Final: Turkey Point Units 3 and 4 - Request for Additional Information Concerning Relief Requests 8 and 9 ML21238A3282021-08-26026 August 2021 RP RFI October 2020 ML20315A0182020-11-10010 November 2020 Notification of Inspection and Request for Information for NRC Problem Identification and Resolution Inspection ML20149K6262020-05-27027 May 2020 NRR E-mail Capture - Turkey Point Unit 4 - Request for Additional Information Concerning 2019 Steam Generator Tube Inspections ML20122A1172020-05-0101 May 2020 NRR E-mail Capture - Final: Turkey Point Units 3 and 4 Request for Additional Information Concerning Emergency Action Level Scheme Change (EPID L-2019-LLA-0271) (FPL: L-2019-203) ML20104B2232020-04-0909 April 2020 NRR E-mail Capture - Action: Turkey Point Unit 3 - Request for Additional Information Concerning Deferral of Steam Generator Inservice Inspections ML20084G5622020-03-20020 March 2020 NRR E-mail Capture - Turkey Point Containment Radiation Monitors Request for Additional Information ML20028C7372019-12-0202 December 2019 Notification of Inspection and Request for Information ML19184A1002019-07-0303 July 2019 NRR E-mail Capture - Turkey Point Nuclear Generating Unit Nos. 3 and 4, Request for Additional Information Regarding License Amendment Request 266 ML19101A3312019-04-11011 April 2019 Requests for Additional Information for the Safety Review of the Turkey Point Subsequent License Renewal Application - Set 11 (EPID No. L-2018-RNW-0002) - Enclosure ML19087A2112019-03-28028 March 2019 Requests for Additional Information for the Safety Review of the Turkey Point Subsequent License Renewal Application - Set 10 (EPID No. L-2018-RNW-0002) - Enclosure ML19073A0042019-03-14014 March 2019 Safety RAIs - Set 10 - Draft ML19053A6122019-02-22022 February 2019 Response Date Extension for RAIs Set 8, Revision 1, for the Safety Review of the Turkey Point Subsequent License Renewal Application ML19037A3982019-02-0606 February 2019 Requests for Additional Information for the Safety Review of the Turkey Point Subsequent License Renewal Application - Set 9 (EPID No. L-2018-RNW-0002) - Enclosure ML19032A3972019-02-0101 February 2019 SLRA Request for Additional Information RAIs 3.5.2.2.2.6 Revision 1 Set 8 Final ML19016A2332019-01-16016 January 2019 NRR E-mail Capture - Request for Additional Information - Turkey Point LAR 265 PRA - NFPA RCP Seals - EPID L-2018-LLA-0280 ML18341A0052019-01-15015 January 2019 Requests for Additional Information for the Safety Review of the Turkey Point Subsequent License Renewal Application - Set 8 (EPID No. L-2018-RNW-0002) - Enclosure ML18341A0042019-01-15015 January 2019 Requests for Additional Information for the Safety Review of the Turkey Point Subsequent License Renewal Application - Set 8 (EPID No. L-2018-RNW-0002) - E-Mail ML18348A5852018-12-13013 December 2018 Emergency Preparedness Inspection and Request for Information ML18318A4332018-11-19019 November 2018 Supplemental Information Needed for Acceptance of License Amendment Request to Revise NFPA 805 License Condition for Reactor Coolant Pump Seals ML18292A7462018-10-31031 October 2018 Requests for Additional Information for the Safety Review of the Turkey Point Subsequent License Renewal Application; Set 7 (EPID No. L-2018-RNW-0002) - Enclosure ML18269A2282018-10-0404 October 2018 Request for Additional Information for the Safety Review of the Turkey Point Subsequent License Renewal Application - Set 6 (EPID No. L-2018-RNW-0002) - Enclosure ML18269A2102018-10-0101 October 2018 Requests for Additional Information for the Safety Review of the Turkey Point Subsequent License Renewal Application - Set 4 (EPID L-2018-RNW-0002) - Enclosure ML18243A0072018-09-17017 September 2018 Requests for Additional Information for the Safety Review of the Turkey Point Subsequent License Renewal Application - Set 3 (EPID No. L-2018-RNW-0002) - Email ML18259A0002018-09-17017 September 2018 Requests for Additional Information for the Safety Review of the Turkey Point Subsequent License Renewal Application; Set 3 (EPID No. L-2018-RNW-0002) - Enclosure 2 2024-09-06
[Table view] |
Text
SUBJECT:
TURKEY POINT NUCLEAR PLANT - INFORMATION REQUEST FOR THE CYBER-SECURITY BASELINE INSPECTION, NOTIFICATION TO PERFORM INSPECTION 05000250/2023401 AND 05000251/2023401
Dear Mr. Coffey:
On January 30, 2023, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline inspection in accordance with Inspection Procedure (IP) 71130.10 Cyber-Security, Revision 0 at your Turkey Point Nuclear Power Plant. The inspection will be performed to evaluate and verify your ability to provide assurance that your digital computer and communication systems and networks associated with safety, security, or emergency preparedness (SSEP) functions are adequately protected against cyber-attacks in accordance with Title 10 of the Code of Federal Regulations (10 CFR) 73.54 and the U.S. Nuclear Regulatory Commission (NRC)
approved cyber security plan (CSP). The onsite portion of the inspection will take place during the week of January 30, 2023.
Experience has shown that baseline inspections are extremely resource intensive, both for the NRC inspectors and the licensee staff. In order to minimize the inspection impact on the site and to ensure a productive inspection for both parties, we have enclosed a request for documents needed for the inspection. These documents have been divided into four groups.
The first group specifies information necessary to assist the inspection team in choosing the focus areas (i.e., sample set) to be inspected by the cyber-security IP. This information should be made available electronically no later than November 25, 2022. The inspection team will review this information and, by December 9, 2022, will request the specific items that should be provided for review. The second group of additional requested documents will assist the inspection team in the evaluation of the critical systems and critical digital assets (CSs/CDAs),
defensive architecture, and the areas of the licensees CSP selected for the cyber-security inspection. This information will be requested for review in the regional office prior to the inspection by January 13, 2023, as identified above.
October 19, 2022 The third group of requested documents consists of those items that the inspection team will review, or need access to, during the inspection. Please have this information available by the first day of the onsite inspection, January 30, 2023.
The fourth group of information is necessary to aid the inspection team in tracking issues identified as a result of the inspection. It is requested that this information be provided to the lead inspector as the information is generated during the inspection. It is important that all of these documents are up to date and complete in order to minimize the number of additional documents requested during the preparation and/or the onsite portions of the inspection.
The lead inspector for this inspection is Melana Singletary. We understand that our regulatory contact for this inspection is David Stoia, Regulatory Affairs Engineer of your organization. If there are any questions about the inspection or the material requested, please contact the lead inspector at (404) 997-4572 or via e-mail at melana.singletary@nrc.gov.
This letter does not contain new or amended information collection requirements subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection requirements were approved by the Office of Management and Budget, control number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget control number.
In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding, of the NRCs Rules of Practice, a copy of this letter and its enclosure will be available electronically for public inspection in the NRCs Public Document Room or from the Publicly Available Records (PARS) component of the NRCs Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
Sincerely, Gerry McCoy, Branch Chief Engineering Branch 2 Division of Reactor Safety Docket Nos. 50-250 & 50-251 License Nos. DPR-31 & DPR-41 Enclosure:
Turkey Point Nuclear Plant Cyber-Security Inspection Document Request cc w/encl: Distribution via LISTSERV Signed by McCoy, Gerald on 10/19/22
ML22290A160 X SUNSI Review X Non-Sensitive Sensitive X Publicly Available Non-Publicly Available OFFICE RII/DRS RII/DRS NAME M. Singletary G. McCoy DATE 10/18/2022 10/19/2022
Enclosure Inspection Report:
05000250/2023401; 05000251/2023401 Inspection Dates:
January 30 - February 3, 2023 Inspection Procedure:
IP 71130.10, Cyber-Security, Revision 0 (Effective: 01/01/2022)
Reference:
Guidance Document for Development of the Request for Information (RFI) and Notification Letter for Full-Implementation of the Cyber-Security Inspection, Rev. 2 (Issued: 11/22/2021)
NRC Inspectors:
Melana Singletary, Lead Ellery Coffman 404-997-4752 404-997-4633 Melana.Singletary@nrc.gov Ellery.Coffman@nrc.gov NRC Contractors:
Casey Priester Balla Barro 301-415-7000 301-415-7000 Frederick.Priester@nrc.gov Balla.Barro@nrc.gov I.
Information Requested for In-Office Preparation The initial request for information (i.e., first RFI) concentrates on providing the inspection team with the general information necessary to select appropriate components and CSP elements to develop a site-specific inspection plan. The first RFI is used to identify the list of critical systems and critical digital assets (CSs/CDAs) plus operational and management (O&M) security control portions of the CSP to be chosen as the sample set required to be inspected by the cyber-security IP. The first RFIs requested information is specified below in Table RFI #1. The Table RFI #1 information is requested to be provided to the regional office by November 25, 2022, or sooner, to facilitate the selection of the specific items that will be reviewed during the onsite inspection weeks.
The inspection team will examine the returned documentation from the first RFI and identify/select specific systems and equipment (e.g., CSs/CDAs) to provide a more focused follow-up request to develop the second RFI. The inspection team will submit the specific systems and equipment list to your staff by December 9, 2022, which will identify the specific systems and equipment that will be utilized to evaluate the CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the cyber-security inspection. We request that the additional information provided from the second RFI be made available to the regional office prior to the inspection by January 13, 2023. All requests for information shall follow the guidance document U.S. NRC - Guidance Document for Development of the Request for Information (RFI) and Notification Letter for Full Implementation of the Cyber-Security Inspection, referenced above.
The required Table RFI 1 information shall be provided electronically to the lead inspector by November 25, 2022. The preferred file format for all lists is a searchable Excel spreadsheet file. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
Table RFI #1 Paragraph Number/Title:
IP Ref
A list of all Identified Critical Systems and Critical Digital Assets, -
highlight/note any additions, deletions, reclassifications due to new guidance from white papers, changes to NEI 10-04, 13-10, etc. since the last cyber security inspection.
Overall
A list of EP and Security onsite and offsite digital communication systems.
Overall
Network Topology Diagrams to include information and data flow for critical systems in levels 2, 3, and 4 (If available).
Overall
Ongoing Monitoring and Assessment program documentation.
03.01(a)
The most recent effectiveness analysis of the Cyber Security Program.
03.01(b)
Vulnerability screening/assessment and scan program documentation.
03.01(c)
Cyber Security Incident Response program documentation, including incident detection, response, and recovery documentation as well as contingency plan development, implementation, and including any program documentation that requires testing of security boundary device functionality.
03.02(a)
and 03.04(b)
Device Access and Key Control program documentation.
03.02(c)
Password/Authenticator program documentation.
03.02(c)
User Account/Credential and Authentication program documentation.
03.02(d)
11 Portable Media and Mobile Device control program documentation, including kiosk security control assessment/documentation.
03.02(e)
Design change/ modification program documentation and a list of all design changes completed since the last cyber security inspection, including either a summary of the design change or the 50.59 documentation for the change.
03.03(a)
Supply Chain Management program documentation including a list of security impact analysis for new acquisitions.
03.03(a),
(b) and (c)
Table RFI #1 Paragraph Number/Title:
IP Ref
Configuration Management program documentation including a list of security impact analysis performed due to configuration changes since the last cyber inspection.
03.03(a)
and (b)
Cyber Security Plan and any 50.54(p) analysis to support changes to the plan since the last inspection.
03.04(a)
Cyber Security Performance Metrics tracked (if applicable).
03.06(b)
Provide documentation describing any cyber security changes to the access authorization program since the last cyber security inspection.
Overall
Provide a list of all cyber security procedures and policies with their descriptive name and associated number.
Overall
Performance testing report (if applicable).
03.06(a)
Electronic Copy of UFSAR and Technical Specifications Overall Based on this information, the inspection team will identify and select specific systems and equipment (e.g., CSs/CDAs) from the information requested by Table RFI #1 and submit a list of specific systems and equipment to your staff by December 9, 2022 for the second RFI (i.e., RFI #2).
II.
Additional Information Requested to be Available Prior to Inspection.
As stated in Section I above, the inspection team will examine the returned documentation requested from Table RFI #1 and submit the list of specific systems and equipment to your staff by December 9, 2022 for the second RFI (i.e., RFI #2). The second RFI will request additional information required to evaluate the CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the cyber-security inspection. The additional information requested for the specific systems and equipment is identified in Table RFI #2. All requested information shall follow the guidance document referenced above.
The Table RFI 2 information shall be provided to the lead inspector by January 13, 2023. The preferred file format for all lists is a searchable Excel spreadsheet. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
Table RFI #2 Paragraph Number/Title:
Items For the system(s) chosen for inspection provide:
Ongoing Monitoring and Assessment activity performed on the selected system(s).
03.01(a)
All Security Control Assessments for the selected system(s).*
03.01(a)
All vulnerability screenings/assessments associated with or scans performed on the selected system(s) since the last cyber security inspection.*
03.01(c)
Documentation (including configuration files and rules sets) for Network-based Intrusion Detection/Protection Systems (NIDS/NIPS),
Host-based Intrusion Detection Systems (HIDS), and Security Information and Event Management (SIEM) systems for system(s)
chosen for inspection).
03.02(b)
Documentation (including configuration files and rule sets) for intra-security level firewalls and boundary devices used to protect the selected system(s).
03.02(c)
Copies of all periodic reviews of the access authorization list for the selected systems since the last cyber inspection.
03.02(d)
Baseline configuration data sheets for the selected CDAs. *
03.03(a)
Documentation on any changes, including Security Impact Analyses, performed on the selected system(s) since the last inspection.
03.03(b)
Copies of the purchase order documentation for any new equipment purchased for the selected systems since the last inspection.
03.03(c)
Copies of any reports/assessment for cyber security drills performed since the last inspection.
03.02(a)
03.04(b)
Copy of the individual recovery plan(s) for the selected system(s)
including documentation of the results the last time the backups were executed.
03.02(a)
03.04(b)
List of Corrective actions taken as a result of cyber security incidents/issues to include previous NRC violations and Licensee Identified Violations since the last cyber security inspection.
03.05
- Some selected systems may have a large number of CDAs. For these systems reach out to the team leader for a specific selection of CDAs when responding to this request.
III.
Information Requested to be Available on First Day of Inspection For the specific systems and equipment identified in Section II above, provide the following RFI (i.e., Table Week Onsite) to the team by January 30, 2023, the first day of the inspection. All requested information shall follow the guidance document referenced above.
The preferred file format for all lists is a searchable Excel spreadsheet file. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
Table Week Onsite Paragraph Number/Title:
Items
Any cyber security event reports submitted in accordance with 10 CFR 73.77 since the last cyber security inspection.
03.04(a)
Updated copies of corrective actions taken as a result of cyber security incidents/issues, to include previous NRC violations and Licensee Identified Violations since the last cyber security inspection, as well as vulnerability-related corrective actions.
03.05
The most recent Cyber-Security Quality Assurance audit and/or self-assessment and a list of Corrective Actions generated as a result IV.
Information Requested to Be Provided Throughout the Inspection (1) Copies of any corrective action documents generated as a result of the inspection teams questions or queries during the inspection.
(2) Copies of the list of questions submitted by the inspection team members and the status/resolution of the information requested (provided daily during the inspection to each inspection team member).
If you have any questions regarding the information requested, please contact the inspection team leader.