|
---|
Category:Inspection Report
MONTHYEARIR 05000263/20230042024-01-31031 January 2024 Integrated Inspection Report 05000263/2023004 IR 05000263/20244012024-01-22022 January 2024 Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000263/2024401 IR 05000263/20234022023-12-13013 December 2023 Security Baseline Inspection Report 05000263/2023402 IR 05000263/20230032023-11-13013 November 2023 Integrated Inspection Report 05000263/2023003 and 07200058/2023001 IR 05000263/20230102023-09-0707 September 2023 Commercial Grade Dedication Inspection Report 05000263/2023010 IR 05000263/20230052023-08-30030 August 2023 Updated Inspection Plan for Monticello Nuclear Generating Plant (Report 05000263/2023005) IR 05000263/20230022023-08-0707 August 2023 Plantintegrated Inspection Report 05000263/2023002 IR 05000263/20235012023-07-13013 July 2023 Emergency Preparedness Inspection Report 05000263/2023501 IR 05000263/20230012023-05-0404 May 2023 Integrated Inspection Report 05000263/2023001 IR 05000263/20234012023-05-0404 May 2023 Security Baseline Inspection Report 05000263/2023401 IR 05000263/20220062023-03-0101 March 2023 Annual Assessment Letter for Monticello Nuclear Generating Plant, Unit 1 (Report 05000263/2022006) IR 05000263/20220042023-01-17017 January 2023 Integrated Inspection Report 05000263/2022004 IR 05000263/20220122022-12-15015 December 2022 Triennial Inspection of Evaluation of Changes, Tests and Experiments Baseline Inspection Report 05000263/2022012 IR 05000263/20220132022-11-21021 November 2022 Biennial Problem Identification and Resolution Inspection Report 05000263/2022013 IR 05000263/20223012022-11-21021 November 2022 NRC Initial License Examination Report 05000263/2022301 IR 05000263/20220032022-11-17017 November 2022 Reissue - Monticello Nuclear Generating Plant - Integrated Inspection Report 05000263/2022003 ML22307A1822022-11-14014 November 2022 Integrated Inspection Report 05000263/2022003 IR 05000263/20224032022-10-19019 October 2022 Security Baseline Inspection Report 05000263/2022403 (Public) IR 05000263/20220052022-08-29029 August 2022 Updated Inspection Plan for Monticello Nuclear Generating Plant (Report 05000263/2022005) IR 05000263/20220022022-07-28028 July 2022 Integrated Inspection Report 05000263/2022002 IR 05000263/20220012022-05-10010 May 2022 Generation Plant - Integrated Inspection Report 05000263/2022001 IR 05000263/20224022022-05-0505 May 2022 Security Baseline Inspection Report 05000263/2022402; Independent Spent Fuel Storage Installation Security Inspection Report 07200058/2022401 IR 05000263/20224012022-03-28028 March 2022 Generation Plant - Cyber Security Inspection Report 05000263/2022401 IR 05000263/20210062022-03-0202 March 2022 Annual Assessment Letter for Monticello Nuclear Generating Plant, Unit 1 (Report 05000263/2021006) IR 05000263/20210042022-01-28028 January 2022 Integrated Inspection Report 05000263/2021004 and 07200058/2021001 IR 05000263/20214022021-12-16016 December 2021 Triennial Material Control and Accounting Report 05000263/2021402 IR 05000263/20214202021-11-15015 November 2021 Security Baseline Inspection Report Cover Letter 05000263 2021420 IR 05000263/20210032021-10-27027 October 2021 Plan, Integrated Inspection Report 05000263/2021003 IR 05000263/20210102021-10-0808 October 2021 Design Basis Assurance Inspection (Teams) Inspection Report 05000263/2021010 IR 05000263/20210112021-09-29029 September 2021 Plan - Temporary Instruction 2515/194 Inspection; Ibspection Report 05000263/2021011 IR 05000263/20215012021-09-0101 September 2021 Emergency Preparedness Biennial Exercise Inspection Report 05000263/2021501 IR 05000263/20210052021-09-0101 September 2021 Updated Inspection Plan for Monticello Nuclear Generating Plant 2 (Report 05000263/2021005) IR 05000263/20210022021-08-0303 August 2021 Integrated Inspection Report 05000263/2021002 IR 05000263/20210012021-04-30030 April 2021 Integrated Inspection Report 05000263/2021001 IR 05000263/20200062021-03-0404 March 2021 Annual Assessment Letter for the Monticello Nuclear Generating Plant (Report 05000263/2020006) IR 05000263/20200102021-03-0202 March 2021 Reissue - Monticello Nuclear Generating Plant - Biennial Problem Identification and Resolution Inspection Report 05000263/2020010 IR 05000263/20200042021-01-20020 January 2021 Integrated Inspection Report 05000263/2020004 ML21013A4222021-01-13013 January 2021 Biennial Problem Identification and Resolution Inspection Report 05000263/2020010 IR 05000263/20203012020-12-0909 December 2020 NRC Initial License Examination Report 05000263/2020301 IR 05000263/20204022020-12-0303 December 2020 Security Baseline Inspection Report 05000263/2020402 (Cover Letter Only) IR 05000263/20200152020-11-0909 November 2020 NRC Inspection Report 05000263/2020015 IR 05000263/20200032020-11-0909 November 2020 Integrated Inspection Report 05000263/2020003 IR 05000263/20200132020-10-13013 October 2020 Design Basis Assurance Inspection (Programs) Inspection Report 05000263/2020013 IR 05000263/20204012020-09-22022 September 2020 Security Baseline Inspection Report 05000263/2020401 (Cover Letter Only) IR 05000263/20200052020-09-0101 September 2020 Updated Inspection Plan for Monticello Nuclear Generating Plant (Report 05000263/2020005) IR 05000263/20200022020-08-0303 August 2020 Integrated Inspection Report 05000263/2020002 IR 05000263/20200142020-06-30030 June 2020 License Renewal Phase IV Report 05000263/2020014 IR 05000263/20200122020-05-26026 May 2020 Inspection of the Implementation of EA-13-09: Order Modifying Licenses with Regard to Reliable Hardened Containment Vents Capable of Operation Under Severe Accident Conditions Report 05000263/2020012 IR 05000263/20200012020-05-0404 May 2020 Integrated Inspection Report 05000263/2020001 IR 05000263/20200112020-03-31031 March 2020 Triennial Fire Protection Inspection Report 05000263/2020011 2024-01-31
[Table view] Category:Letter
MONTHYEARML24025A9362024-01-31031 January 2024 Exemption from Select Requirements of 10 CFR Part 73 (EPID L-2023-LLE-0055 (Security Notifications, Reports, and Recordkeeping and Suspicious Activity Reporting)) IR 05000263/20230042024-01-31031 January 2024 Integrated Inspection Report 05000263/2023004 ML24024A0722024-01-24024 January 2024 Independent Spent Fuel Storage Installation, Onticello, Supplement to Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications Implementation IR 05000263/20244012024-01-22022 January 2024 Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000263/2024401 L-MT-23-054, Subsequent License Renewal Application Supplement 82024-01-11011 January 2024 Subsequent License Renewal Application Supplement 8 L-MT-23-047, License Amendment Request: Revision to the MNGP Pressure Temperature Limits Report to Change the Neutron Fluence Methodology and Incorporate New Surveillance Capsule Data2023-12-29029 December 2023 License Amendment Request: Revision to the MNGP Pressure Temperature Limits Report to Change the Neutron Fluence Methodology and Incorporate New Surveillance Capsule Data L-MT-23-056, Subsequent License Renewal Application Response to Request for Additional Information and Request for Confirmation of Information - Set 1 Part 22023-12-18018 December 2023 Subsequent License Renewal Application Response to Request for Additional Information and Request for Confirmation of Information - Set 1 Part 2 ML23349A0572023-12-15015 December 2023 and Independent Spent Fuel Storage Installation, Revision to Correspondence Service List for Northern States Power - Minnesota IR 05000263/20234022023-12-13013 December 2023 Security Baseline Inspection Report 05000263/2023402 L-MT-23-042, 2023 Annual Report of Changes in Emergency Core Cooling System Evaluation Models Pursuant to 10 CFR 50.462023-12-11011 December 2023 2023 Annual Report of Changes in Emergency Core Cooling System Evaluation Models Pursuant to 10 CFR 50.46 L-MT-23-052, Subsequent License Renewal Application Supplement 72023-11-30030 November 2023 Subsequent License Renewal Application Supplement 7 L-MT-23-051, Update to the Technical Specification Bases2023-11-28028 November 2023 Update to the Technical Specification Bases L-MT-23-049, Subsequent License Renewal Application Response to Request for Additional Information and Request for Confirmation of Information - Set 12023-11-21021 November 2023 Subsequent License Renewal Application Response to Request for Additional Information and Request for Confirmation of Information - Set 1 ML23319A3182023-11-15015 November 2023 Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications Implementation IR 05000263/20230032023-11-13013 November 2023 Integrated Inspection Report 05000263/2023003 and 07200058/2023001 L-MT-23-043, 10 CFR 50.55a(z)(1) Request Regarding OMN-17, Revision 1. VR-092023-11-13013 November 2023 10 CFR 50.55a(z)(1) Request Regarding OMN-17, Revision 1. VR-09 L-MT-23-038, License Amendment Request to Revise Monticello Technical Specification Surveillance Requirement 3.8.6.62023-11-10010 November 2023 License Amendment Request to Revise Monticello Technical Specification Surveillance Requirement 3.8.6.6 L-MT-23-046, Subsequent License Renewal Application Response to Request for Additional Information Round 2 - Set 12023-11-0909 November 2023 Subsequent License Renewal Application Response to Request for Additional Information Round 2 - Set 1 ML23291A1102023-10-23023 October 2023 Environmental Audit Summary and RCIs and RAIs ML23285A3062023-10-12012 October 2023 Implementation of the Fleet Standard Emergency Plan for the Monticello Nuclear Generating Plant and the Prairie Island Nuclear Generating Plant L-MT-23-041, Subsequent License Renewal Application Response to Request for Confirmation of Information Set 22023-10-0303 October 2023 Subsequent License Renewal Application Response to Request for Confirmation of Information Set 2 L-MT-23-037, Subsequent License Renewal Application Response to Request for Additional Information Set 32023-09-22022 September 2023 Subsequent License Renewal Application Response to Request for Additional Information Set 3 ML23262B0372023-09-19019 September 2023 Response to NRC Request for Additional Information Regarding the 2023 Monticello and Prairie Island Plant Decommissioning Funding Status Reports ML23248A2092023-09-18018 September 2023 Proposed Alternative VR-11 to the Requirements of the ASME OM Code Associated with Periodic Verification Testing of MO-2397, Reactor Water Cleanup Inboard Isolation Valve ML23256A1682023-09-13013 September 2023 Independent Spent Fuel Storage Installation and Monticello Nuclear Generating Plant - Voluntary Security Clearance Program 2023 Insider Threat Program Self-Inspection IR 05000263/20230102023-09-0707 September 2023 Commercial Grade Dedication Inspection Report 05000263/2023010 L-MT-23-036, Subsequent License Renewal Application Response to Request for Additional Information Set 2 and Supplement 62023-09-0505 September 2023 Subsequent License Renewal Application Response to Request for Additional Information Set 2 and Supplement 6 ML23214A2412023-08-31031 August 2023 Letter: Aging Management Audit - Monticello Unit 1 - Subsequent License Renewal Application IR 05000263/20230052023-08-30030 August 2023 Updated Inspection Plan for Monticello Nuclear Generating Plant (Report 05000263/2023005) L-MT-23-035, Subsequent License Renewal Application Supplement 52023-08-28028 August 2023 Subsequent License Renewal Application Supplement 5 ML23241A9732023-08-21021 August 2023 Request for Scoping Comments Concerning the Environmental Review of Monticello Nuclear Generating Plant, Unit 1, Subsequent License Renewal Application (Docket No. 50-263) L-MT-23-034, Subsequent License Renewal Application Response to Request for Additional Information Set 12023-08-15015 August 2023 Subsequent License Renewal Application Response to Request for Additional Information Set 1 ML23222A0122023-08-10010 August 2023 Independent Spent Fuel Storage Installation and Monticello Nuclear Generating Plant - Changes in Foreign Ownership, Control or Influence ML23215A1312023-08-0909 August 2023 License Renewal Regulatory Audit Regarding the Environmental Review of the Subsequent License Renewal Application IR 05000263/20230022023-08-0707 August 2023 Plantintegrated Inspection Report 05000263/2023002 L-MT-23-028, 2023 Refueling Outage 90-Day Inservice Inspection (ISI) Summary Report2023-07-31031 July 2023 2023 Refueling Outage 90-Day Inservice Inspection (ISI) Summary Report L-MT-23-032, 10 CFR 50.55a(z)(2) Request Regarding MO-2397, VR-112023-07-31031 July 2023 10 CFR 50.55a(z)(2) Request Regarding MO-2397, VR-11 ML23198A0412023-07-28028 July 2023 LRA Availability Letter ML23206A2342023-07-25025 July 2023 Independent Spent Fuel Storage Installation, and Monticello Nuclear Generating Plant, Changes in Foreign Ownership, Control or Influence ML23201A0352023-07-24024 July 2023 Notification of an NRC Biennial Licensed Operator Requalification Program Inspection and Request for Information ML23202A0032023-07-21021 July 2023 Independent Spent Fuel and Independent Spent Fuel Storage Installation, Monticello Nuclear Generating Plant, Submittal of Quality Assurance Topical Report (NSPM-1) L-MT-23-031, Subsequent License Renewal Application Supplement 4 and Responses to Request for Confirmation of Information - Set 12023-07-18018 July 2023 Subsequent License Renewal Application Supplement 4 and Responses to Request for Confirmation of Information - Set 1 ML23195A1732023-07-14014 July 2023 Revision of Standard Practice Procedures Plan IR 05000263/20235012023-07-13013 July 2023 Emergency Preparedness Inspection Report 05000263/2023501 2024-01-31
[Table view] |
Text
March 28, 2022
SUBJECT:
MONTICELLO NUCLEAR GENERATING PLANT-CYBER SECURITY INSPECTION REPORT 05000263/2022401
Dear Mr. Domingos:
On February 22, 2022, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Monticello Nuclear Generating Plant and discussed the results of this inspection with Mr. K. Nyberg, Director of Site Performance and Support and other members of your staff.
The results of this inspection are documented in the enclosed report.
No findings or violations of more than minor significance were identified during this inspection.
This letter, its enclosure, and your response (if any) will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.
Sincerely, Signed by Skokowski, Richard on 03/28/22 Richard A. Skokowski, Chief Engineering Branch 3 Division of Reactor Safety Docket No. 05000263 License No. DPR-22
Enclosure:
As stated
Inspection Report
Docket Number: 05000263 License Number: DPR-22 Report Number: 05000263/2022401 Enterprise Identifier: I-2022-401-0023 Licensee: Northern States Power Company, Minnesota Facility: Monticello Nuclear Generating Plant Location: Monticello, MN Inspection Dates: February 14, 2022 to February 18, 2022 Inspectors: A. Dahbur, Senior Reactor Inspector J. Gilliam, Senior Reactor Inspector A. Prada, Cyber Security Analyst (Contractor)
C. Priester, Cyber Security Analyst (Contractor)
Approved By: Richard A. Skokowski, Chief Engineering Branch 3 Division of Reactor Safety Enclosure
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at Monticello Nuclear Generating Plant, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations
No findings or violations of more than minor significance were identified.
Additional Tracking Items
None.
INSPECTION SCOPES
Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS
The inspectors reviewed implementation of Monticello Generating Plants Cyber Security Plan (CSP) and focused on evaluating changes to the program, critical systems, and Critical
===Digital Assets (CDAs).
Cybersecurity (1 Sample)===
- (1) The following IP sections were completed and constitute completion of 1 sample:
- 03.01, Review Ongoing Monitoring and Assessment Activities
- 03.02, Verify Defense-in-Depth Protective Strategies
- 03.03, Review of Configuration Management Change Control
- 03.04, Review of Cyber Security Program
- 03.05, Evaluation of Corrective Actions In addition to the systems and programs that have been added or modified since the last cyber security inspection, the following systems were selected for inspection.
Unit 1
- CMP- Computer, Important-to-Safety
- HPC- High Pressure Coolant Injection, Safety-Related
- SIN- Security Instrumentation, Security
- SEL- Security Facility Electrical, Security
INSPECTION RESULTS
No findings were identified.
EXIT MEETINGS AND DEBRIEFS
The inspectors verified no proprietary information was retained or documented in this report.
On February 22, 2022, the inspectors presented the cyber security inspection results to Mr. K. Nyberg, Director of Site Performance and Support and other members of the licensee staff.
DOCUMENTS REVIEWED
Inspection Type Designation Description or Title Revision or
Procedure Date
71130.10 Corrective Action 01000060470 Acronis Backups on the Security Computer System 02/10/2022
Documents 501000003112 Cyber Kiosk Defense-in-Depth 09/27/2017
501000003132 CDA Media Sanitization 09/08/2017
501000015940 Wrong Level CDA Media 09/20/2018
501000030162 Media Cabinet Unlocked 07/29/2019
501000030182 Feeder Motor Protection Relay Missing 07/30/2019
501000041636 CSAT Evaluation of X-Ray 06/17/2020
501000058604 Unauthorized USB Media Used on CDA 11/23/2021
501000058844 FSA Cyber21-Review SecCompRm Door Access 12/06/2021
501000058971 Corrective Action: Cyber Security Vulnerabilities 2021-11 12/10/2021
501000058971 Condition Evaluation - November 2021 Vulnerabilities 01/06/2022
501000059900 Condition Evaluation - December 2021 Vulnerabilities 01/26/2022
501000060137 Spare HGU Order Cancelled 01/27/2022
Corrective Action 501000060470 22Cyber - Security Computer Backups 02/11/2022
Documents 501000060567 22Cyber - MM WO Lacking Parts Info 02/15/2022
Resulting from 501000060600 22Cyber - Acronis Backup Version on SCS 02/15/2022
Inspection 501000060601 22Cyber - CP-FWL-07 CDA Assessment 02/15/2022
501000060668 22Cyber - CP-FWL-07 Control D4.3 02/17/2022
501000060669 22Cyber - CAS Printer Control D5.1 02/17/2022
Drawings M-124 NH-36250 High Pressure Coolant Injection System 87
NX-8292-12-6 Shutdown HPCI System 79
Miscellaneous 1400858 AT-0175 Action Request Record Report - CYB SEC PLAN 10/09/2016
D4.3 PASSWORD REQUIRMENTS
1401049 AT-0175 Action Request Record Report - CYB SEC PLAN 11/23/2016
D4.7 AUTHENTICATOR MGMT
CASF DEV FEL- Compliance Assessment Summary Form - Generator 1
MISC Electrical
CASF DEV SEL- Compliance Assessment Summary Form - Hand Geometry 0
HGU Units
CASF DEV SIN- Compliance Assessment Summary Form - Alarm Processing 0
APU-20180406 Units
Inspection Type Designation Description or Title Revision or
Procedure Date
CASF DEV SIN- Compliance Assessment Summary Form - CCTV Cameras 3
CAMERA-
210618
CASF DEV SIN- Compliance Assessment Summary Form - Proximity Card 0
CRDR-20150527 Readers
CASF DEV SIN- Compliance Assessment Summary Form - Security 3
IMUX-20210326 Multiplexer
CASF DEV SIN- Compliance Assessment Summary Form - Keyboard Video 0
KVM-20170911 Mouse Switch
CASF DEV SIN- Compliance Assessment Summary Form - Security Network 2
NS-20181112 Switches
CASF DEV SIN- Compliance Assessment Summary Form - Security 2
PC-20210504 Workstations
CASF DEV SIN- Compliance Assessment Summary Form - Security 2
SVR-20181112 Computer System Servers
CASF DEV SIN- Compliance Assessment Summary Form - CCTV Video 1
VIDEO-20190111 Equipment
CASF DEV-SIN- Compliance Assessment Summary Form - Intrusion 0
CYBER- Prevention / SIEM / NAS
20150916
Cyber Security Letter from Rockwell Collins 11/27/2017
Test Description
FAT SCS-
CSTDF-202734
Addendum
Cyber Security AIM Security Computer Cyber Security Test Description July 2014
Test Description (FAT)
FAT SCS-
CSTDF-
2734.01
CYBER-PLN Xcel Energy, INC. Cyber Security Plan 0
PBD-KIOSK Cyber Security Program Basis Document 2
SCS-CSTDF Security Computer System Hardening 07/01/2014
2734.01
Inspection Type Designation Description or Title Revision or
Procedure Date
SCS-VDD- Rockwell Collins Version Description Document 8
203217.08
Switch Config Switch Configurations of NS1 & NS2 02/15/2022
Procedures C.5-3302 Alternate Pressure Control 25
FG-IT-CSP-06-02 IT Cyber Administrative Maintenance Guide for Kiosk 3
FP-IT-CSP-05 Cyber Security Audit and Logging Procedure 2
FP-IT-CSP-06 Cyber Security Malicious Code Protection Procedure 7
FP-IT-CSP-07 Cyber Security Portable Computing Device Procedure 6
FP-IT-CSP-11 Cyber Security Incident and Response Procedure 5
FP-IT-CSP-16 Cyber Security Program Training Procedure 5
FP-IT-CSP-21 Cyber Security CDA Media Protection Procedure 6
FP-IT-CSP-22 Cyber Security Vulnerability Assessment Procedure 0
FP-IT-CSP-24 Cyber Security Ongoing Monitoring Procedure 0
FP-IT-CSP-25 Cyber Security CDA Management Procedure 5
FP-IT-CSP-31 Cyber Security Incident Response Exercise / Drill Procedure 1
FP-IT-CSP-65 Cyber Security CDA Access Control Procedure 1
FP-IT-SQA-01 Software Quality Assurance (SQA) Program 20
FP-IT-SQA-05 Computer Work Order 16
FP-IT-SQA-10 The Software Testing Phase 11
FP-SC-GEN-08 Supply Chain Requests 21
FP-SC-WHS-07 Material Control 1
Work Orders CWO- Computer Work Order - Implement SCS Final Configuration 03/27/2018
611000000786
CWO- Computer Work Order 16
611000001953
CWO- Computer Work Order 16
611000002133
CWO- Computer Work Order - SCS VMWare Upgrade 02/25/2021
611000003181
CWO- Monthly OCA Camera Cyber Maintenance 09/29/2021
611000003610
CWO- Monthly OCA Camera Cyber Maintenance 11/24/2021
611000003618
Inspection Type Designation Description or Title Revision or
Procedure Date
CWO- Metadefender Core 12/21/2021
611000003716
CWO- Metadefender Core 01/04/2022
611000003728
CWO-SCS Computer Work Order - Service Pack 5 (SP5) 07/01/2019
611000001974 Implementation
Service Pack 5
_SP5_
Implementation
WM-WO-0156 Noble Gas Monitor Work Order 04/23/2020
WO-00494225 EC22668 Security Card Reader / IMUX Replacement 09/03/2014
Task 07
7