Similar Documents at Hatch |
|---|
Category:Inspection Report
MONTHYEARIR 05000321/20240102024-11-0606 November 2024
NRC Inspection Report 05000321/2024010 and 05000366/2024010
IR 05000321/20240032024-10-30030 October 2024
Edwin I Hatch, Units 1 and 2 - Integrated Inspection Report 05000321/2024003 and 05000366/2024003
IR 05000321/20244012024-10-10010 October 2024
Security Baseline Inspection Report 05000321-2024401 and 05000366-2024401
IR 05000321/20240912024-08-27027 August 2024
NRC Investigation Report 2-2023-003 and NOV - NRC Inspection Report 05000321/2024091 and 05000366/2024091
IR 05000321/20240052024-08-26026 August 2024
Updated Inspection Plan for Edwin I. Hatch Nuclear Plant, Units 1 and 2 - Report 05000321/2024005 and 05000366/2024005
IR 05000321/20240022024-08-0808 August 2024
Edwin I Hatch Nuclear Plants, Units 1 and 2 – Integrated Inspection Report 05000321-2024002 and 05000366-2024002
IR 05000321/20240902024-05-15015 May 2024
NRC Inspection Report 05000321-2024090 and 05000366-2024090, Investigation Report 2-2023-003; and Apparent Violation
IR 05000032/20240112024-04-25025 April 2024
Notification of Edwin I. Hatch Nuclear Plant - Comprehensive Engineering Team Inspection (CETI) Baseline Inspection Report 0500032/2024011 and 05000366/2024011
IR 05000321/20240012024-04-22022 April 2024
Integrated Inspection Report 05000321/2024001 and 05000366/2024001
IR 05000321/20230062024-02-28028 February 2024
Annual Assessment Letter Edwin I. Hatch Nuclear Plant Units 1 and 2 - Nrc Inspection Report 05000321/2023006 and 05000366/2023006
IR 05000321/20230042024-01-31031 January 2024
Integrated Inspection Report 05000321/2023004 and 05000366/2023004
IR 05000321/20234022023-11-29029 November 2023
– Security Baseline Inspection Report 05000321/2023402, 05000366/2023402, and 07200036/2023401
IR 05000321/20230112023-11-17017 November 2023
– Biennial Problem Identification and Resolution Inspection Report 050003212023011 and 050003662023011
IR 05000321/20230032023-11-0202 November 2023
– Integrated Inspection Report 05000321/2023003, and 05000366/2023003
IR 05000321/20234012023-10-17017 October 2023
Security Baseline Inspection Report 05000321 2023401 and 05000366 2023401
IR 05000321/20230052023-08-27027 August 2023
Updated Inspection Plan for Edwin I. Hatch Nuclear Plant, Units 1 & 2 - Report 05000321/2023005 and 05000366/2023005
IR 05000321/20230022023-08-0808 August 2023
Integrated Inspection Report 07200036/2023001, 05000321/2023002, and 05000366/2023002
IR 05000321/20234032023-06-27027 June 2023
Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000321 2023403 and 05000366 2023403
IR 05000321/20230102023-06-0909 June 2023
– Focused Engineering Inspection Report 05000321 2023010 and 05000366 2023010
IR 05000321/20233012023-05-0101 May 2023
Plant– Notification of Licensed Operator Initial Examination 05000321/2023301, and 05000366/2023301
IR 05000321/20230012023-04-26026 April 2023
– Integrated Inspection Report 05000321/2023001 and 05000366/2023001
IR 05000321/20220062023-03-0101 March 2023
Annual Assessment Letter Edwin I. Hatch Nuclear Plant, Units 1 and 2 - NRC Inspection Report 05000321/2022006 and 05000366/2022006
IR 05000321/20220042023-02-0101 February 2023
Integrated Inspection Report 05000321/2022004 and 05000366/2022004
IR 05000321/20224202022-12-16016 December 2022
Cover Letter - Edwin I. Hatch Nuclear Plant, Units 1 & 2 – Security Baseline Inspection Report 05000321/2022420 and 05000366/2022420
IR 05000321/20224042022-11-28028 November 2022
Security Baseline Inspection Report 05000321/2022404 and 05000366/2022404
IR 05000366/20220032022-11-0808 November 2022
Integrated Inspection Report 05000321 /2022003 and 05000366/2022003
IR 05000321/20224032022-10-31031 October 2022
Security Baseline Inspection Report 05000321/2022403 and 05000366/2022403
IR 05000321/20224012022-10-28028 October 2022
Material Control and Accounting Program Inspection Report 05000321/2022401 and 05000366/2022401 Cover Letter
IR 05000321/20220052022-08-23023 August 2022
Updated Inspection Plan for Edwin I. Hatch Nuclear Plant, Units and 2 Report 05000321/2022005 and 05000366/2022005
IR 05000321/20220022022-08-0303 August 2022
Integrated Inspection Report 05000321/2022002 and 05000366/2022002
IR 05000321/20224022022-07-19019 July 2022
Security Baseline Inspection Report 05000321/2022402 and 05000366/2022402
IR 05000321/20220112022-07-13013 July 2022
Fire Protection Team Inspection Report 05000321/2022011 and 05000366/2022011
IR 05000321/20220102022-05-20020 May 2022
Triennial Inspection of Evaluation of Changes, Tests and Experiments Baseline Inspection Report 05000321/2022010 and 05000366/2022010
ML22129A1452022-05-10010 May 2022
IR 2022001 Final
IR 05000321/20210062022-03-0202 March 2022
Annual Assessment Letter for Erwin I. Hatch Nuclear Plant, Units 1 and 2 (Report No. 05000321/2021006 and 05000366/2021006)
IR 05000321/20210042022-02-0404 February 2022
Integrated Inspection Report 05000321/2021004 and 05000366/2021004
IR 05000321/20213022022-01-21021 January 2022
NRC Operator License Examination Report 05000321/2021302 and 05000366/2021302
IR 05000321/20214022021-12-0606 December 2021
Security Baseline Inspection Report 05000321/2021402 and 05000366/2021402
IR 05000321/20210032021-10-19019 October 2021
Integrated Inspection Report 05000321/2021003 and 05000366/2021003
IR 05000321/20214012021-10-0606 October 2021
Security Baseline Inspection Report 05000321/2021401, 05000366/2021401
IR 05000321/20210052021-08-23023 August 2021
Updated Inspection Plan for Edwin I. Hatch Nuclear Plant, Units 1 and 2 (Report 05000321/2021005 and 05000366/2021005)
IR 05000321/20210022021-08-0404 August 2021
Integrated Inspection Report 05000321/2021002 and 05000366/2021002
IR 05000321/20200112021-07-15015 July 2021
Temporary Instruction 2515/193 Inspection Report 05000321/2020011 and 05000366/2020011
IR 05000321/20210112021-06-25025 June 2021
Design Bases Assurance Inspection - U.S. Nuclear Regulatory Commission Inspection Report 05000321/2021011 and 05000366/2021011
ML21165A1142021-06-14014 June 2021
Operation of an Independent Spent Fuel Storage Installation Report 07200036/2021001
IR 05000321/20210012021-05-0606 May 2021
Integrated Inspection Report 05000321/2021001 and 05000366/2021001
IR 05000321/20200062021-03-0303 March 2021
Annual Assessment Letter for Edwin I. Hatch Nuclear Plant - Report 05000321/2020006 and 05000366/2020006
IR 05000321/20200042021-02-10010 February 2021
Integrated Inspection Report 05000321/2020004 and 05000366/2020004 and Independent Spent Fuel Storage Installation Report 07200036/2020003
IR 05000321/20204022021-01-14014 January 2021
Cyber Security Inspection Report 05000321/2020402 and 05000366/2020402 - Cover Letter (Public)
IR 05000321/20210102021-01-13013 January 2021
Notification of Edwin I. Hatch Nuclear Plant Design Bases Assurance Inspection U.S. Nuclear Regulatory Commission Inspection Report 05000321/2021010 and 05000366/2021010
2024-08-08
[Table view]
Category:Letter
MONTHYEARIR 05000321/20240102024-11-0606 November 2024
NRC Inspection Report 05000321/2024010 and 05000366/2024010
ML24299A2222024-10-31031 October 2024
Audit Summary for License Amendment Request to Revise Renewed Facility Operating Licenses to Adopt an Alternative Seismic Method for Categorization of Structures, Systems, and Components
NL-24-0357, Notification of Deviation from the Inspection Frequency Requirements of the Boiling Water Reactor Vessel and Internals Project (BWRVIP) BWR Jet Pump Assembly Inspection and Flaw Evaluation Guidelines2024-10-30030 October 2024
Notification of Deviation from the Inspection Frequency Requirements of the Boiling Water Reactor Vessel and Internals Project (BWRVIP) BWR Jet Pump Assembly Inspection and Flaw Evaluation Guidelines
IR 05000321/20240032024-10-30030 October 2024
Edwin I Hatch, Units 1 and 2 - Integrated Inspection Report 05000321/2024003 and 05000366/2024003
ML24292A1602024-10-22022 October 2024
Request for Withholding Information from Public Disclosure License Amendment Request to Revise Technical Specification Surveillance Requirements to Increase Safety/Relief Valve Setpoints
ML24290A0792024-10-18018 October 2024
SLR Environmental Preapplication Meeting Summary
ML24303A4102024-10-17017 October 2024
Dir Results Letter to NRC - Hatch - Hurricane Helene
IR 05000321/20244012024-10-10010 October 2024
Security Baseline Inspection Report 05000321-2024401 and 05000366-2024401
ML24256A0282024-09-12012 September 2024
2024 Hatch Requal Inspection Corporate Notification Letter
NL-23-0930, Application to Revise Technical Specifications to Adopt TSTF-591, Revise Risk Informed Completion Time (RICT) Program2024-09-11011 September 2024
Application to Revise Technical Specifications to Adopt TSTF-591, Revise Risk Informed Completion Time (RICT) Program
NL-24-0337, Interim 10 CFR 21.21(a)(2) Report Regarding Operation Technology, Inc., ETAP Software Error in Transient Stability Program2024-09-0909 September 2024
Interim 10 CFR 21.21(a)(2) Report Regarding Operation Technology, Inc., ETAP Software Error in Transient Stability Program
ML24249A1362024-09-0404 September 2024
EN 57304 - Westinghouse Electric Company, LLC, Final Report - No Embedded Files. Notification of the Potential Existence of Defects Pursuant to 10 CFR Part 21
NL-24-0334, 0 to the Updated Final Safety Analysis Report, Technical Specifications Bases Changes, Technical Requirements Manual Changes, License Renewal 10 CFR 54 .37(b) Changes, 10 CFR 50.59 Summary Report & Revised Nrc2024-09-0303 September 2024
0 to the Updated Final Safety Analysis Report, Technical Specifications Bases Changes, Technical Requirements Manual Changes, License Renewal 10 CFR 54 .37(b) Changes, 10 CFR 50.59 Summary Report & Revised Nrc
IR 05000321/20240912024-08-27027 August 2024
NRC Investigation Report 2-2023-003 and NOV - NRC Inspection Report 05000321/2024091 and 05000366/2024091
IR 05000321/20240052024-08-26026 August 2024
Updated Inspection Plan for Edwin I. Hatch Nuclear Plant, Units 1 and 2 - Report 05000321/2024005 and 05000366/2024005
NL-24-0313, Application to Revise Technical Specifications Surveillance Requirements to Increase Safety/Relief Valves Setpoint Response to Request for Additional Information2024-08-23023 August 2024
Application to Revise Technical Specifications Surveillance Requirements to Increase Safety/Relief Valves Setpoint Response to Request for Additional Information
IR 05000321/20240022024-08-0808 August 2024
Edwin I Hatch Nuclear Plants, Units 1 and 2 – Integrated Inspection Report 05000321-2024002 and 05000366-2024002
NL-24-0290, Response to Request for Additional Information Related to Request for Specific Exemption2024-07-26026 July 2024
Response to Request for Additional Information Related to Request for Specific Exemption
NL-24-0276, Post-Audit Supplement to License Amendment Request to Revise Renewed Facility Operating Licenses to Adopt an Alternative Seismic Method for Categorization of Structures, Systems, and Components2024-07-26026 July 2024
Post-Audit Supplement to License Amendment Request to Revise Renewed Facility Operating Licenses to Adopt an Alternative Seismic Method for Categorization of Structures, Systems, and Components
NL-24-0261, 10 CFR 50.46 ECCS Evaluation Model Annual Report for 20232024-07-19019 July 2024
10 CFR 50.46 ECCS Evaluation Model Annual Report for 2023
ML24198A1252024-07-16016 July 2024
Edwin I Hatch Nuclear Plant Units 1 - 2 Notification of Conduct of Title 10 of the Code of Federal Regulations 50
NL-24-0260, Inservice Inspection Program Owner’S Activity Report (OAR-1) for Refueling Outage 1R312024-07-0909 July 2024
Inservice Inspection Program Owner’S Activity Report (OAR-1) for Refueling Outage 1R31
05000321/LER-2024-003, Reactor Core Isolation Cooling (RCIC) System Inoperable Due to Mispositioned Link2024-07-0303 July 2024
Reactor Core Isolation Cooling (RCIC) System Inoperable Due to Mispositioned Link
05000321/LER-2024-002-01, Incorrectly Installed Temporary Modification Results in Multiple Conditions Prohibited by Plant Technical Specifications2024-07-0303 July 2024
Incorrectly Installed Temporary Modification Results in Multiple Conditions Prohibited by Plant Technical Specifications
NL-24-0143, Proposed Alternative to Use ASME Code Case N-752, Risk-Informed Categorization and Treatment for Repair/ Replacement Activities in2024-06-27027 June 2024
Proposed Alternative to Use ASME Code Case N-752, Risk-Informed Categorization and Treatment for Repair/ Replacement Activities in
NL-24-0239, Response to Apparent Violation in NRC Inspection Report 05000321, 366/2024090: EA-23-1392024-06-17017 June 2024
Response to Apparent Violation in NRC Inspection Report 05000321, 366/2024090: EA-23-139
ML24163A0532024-06-14014 June 2024
Audit Plan - Alternative Seismic Method LAR
NL-24-0148, Report of Changes to Emergency Plan and Summary of 50.54(q) Analysis2024-06-0404 June 2024
Report of Changes to Emergency Plan and Summary of 50.54(q) Analysis
ML24149A0492024-06-0404 June 2024
SNC Fleet - Regulatory Audit in Support of Review of the License Amendment Request to Revise TS 1.1, Use and Application Definitions, and Add New Technical Specification 5.5.21 and 5.5.17, Online Monitoring Program,
NL-24-0202, SNC Response to Regulatory Issue Summary 2024-01: Preparation and Scheduling of Operator Licensing Examinations2024-05-24024 May 2024
SNC Response to Regulatory Issue Summary 2024-01: Preparation and Scheduling of Operator Licensing Examinations
IR 05000321/20240902024-05-15015 May 2024
NRC Inspection Report 05000321-2024090 and 05000366-2024090, Investigation Report 2-2023-003; and Apparent Violation
NL-24-0191, Annual Radiological Environmental Operating Reports for 20232024-05-10010 May 2024
Annual Radiological Environmental Operating Reports for 2023
05000321/LER-2024-002, Manual Reactor Trip Due to Loss of Feedwater2024-05-0909 May 2024
Manual Reactor Trip Due to Loss of Feedwater
NL-24-0195, Response to Request for Additional Information Regarding License Amendment Request to Revise Technical Specifications to Adopt Risk Informed Completion Times for Residual Heat Removal Service Water.2024-05-0707 May 2024
Response to Request for Additional Information Regarding License Amendment Request to Revise Technical Specifications to Adopt Risk Informed Completion Times for Residual Heat Removal Service Water.
NL-24-0064, Units 1 & 2 and Hatch Nuclear Plant - Units 1 & 2 License Amendment Request to Revise Technical Specification 1.1 and Add Online Monitoring Program to Technical Specification 5.52024-05-0303 May 2024
Units 1 & 2 and Hatch Nuclear Plant - Units 1 & 2 License Amendment Request to Revise Technical Specification 1.1 and Add Online Monitoring Program to Technical Specification 5.5
IR 05000032/20240112024-04-25025 April 2024
Notification of Edwin I. Hatch Nuclear Plant - Comprehensive Engineering Team Inspection (CETI) Baseline Inspection Report 0500032/2024011 and 05000366/2024011
NL-24-0165, Annual Non-Radiological Environmental Operating Reports and Annual Radioactive Effluent Release Reports for 20232024-04-25025 April 2024
Annual Non-Radiological Environmental Operating Reports and Annual Radioactive Effluent Release Reports for 2023
05000366/LER-2024-002, Incorrectly Installed Temporary Modification Results in a Condition Prohibited by Plant Technical Specifications2024-04-24024 April 2024
Incorrectly Installed Temporary Modification Results in a Condition Prohibited by Plant Technical Specifications
ML23032A3322024-04-24024 April 2024
Issuance of Amendments Nos. 322 and 267, Regarding LAR to Relax Required Number of Fully Tensioned Reactor Pressure Vessel Head Closure Studs in TS Table 1.1-1, Modes
IR 05000321/20240012024-04-22022 April 2024
Integrated Inspection Report 05000321/2024001 and 05000366/2024001
NL-24-0026, Application to Revise Technical Specifications Surveillance Requirements to Increase Safety/Relief Valves Setpoint2024-04-19019 April 2024
Application to Revise Technical Specifications Surveillance Requirements to Increase Safety/Relief Valves Setpoint
05000321/LER-2024-001, Primary Containment Penetration Exceeded Maximum Allowable Primary Containment Leakage Rate (La)2024-04-0909 April 2024
Primary Containment Penetration Exceeded Maximum Allowable Primary Containment Leakage Rate (La)
NL-24-0115, Response to Request for Additional Information Exemption Requests for Physical.2024-04-0404 April 2024
Response to Request for Additional Information Exemption Requests for Physical.
NL-24-0116, Nuclear Property Insurance Coverage as of April 1, 2024 and Licensee Guarantees of Payment of Deferred.2024-03-29029 March 2024
Nuclear Property Insurance Coverage as of April 1, 2024 and Licensee Guarantees of Payment of Deferred.
ML23275A2402024-03-22022 March 2024
SNC Fleet - Issuance of Environmental Assessment and Finding of No Significant Impact Regarding Exemption from the Requirements of 10 CFR Part 73, Section 73.2, Definitions (EPID Nos. L-2023-LLE-0018 & L-2023-LLE-0021) - Letter
NL-24-0062, Report of Changes to Emergency Plan and Summary of 50.54(q) Analysis2024-03-12012 March 2024
Report of Changes to Emergency Plan and Summary of 50.54(q) Analysis
ML24069A0012024-03-0909 March 2024
– Correction of Amendment No. 266 Regarding License Amendment Request Regarding Relocation of Specific Surveillance Frequencies to a Licensee-Controlled Program (TSTF-425, Revision 3)
NL-24-0089, Correction of Technical Specification Omission2024-03-0909 March 2024
Correction of Technical Specification Omission
ML24047A0362024-03-0404 March 2024
Response to Hatch and Vogtle FOF Dates Change Request (2025)
NL-24-0061, Cycle 32 Core Operating Limits Report Version 12024-03-0101 March 2024
Cycle 32 Core Operating Limits Report Version 1
2024-09-09
[Table view] |
Text
SUBJECT:
EDWIN I. HATCH NUCLEAR PLANT UNITS 1 & 2 - INFORMATION REQUEST FOR THE CYBER-SECURITY BASELINE INSPECTION, NOTIFICATION TO PERFORM INSPECTION 05000321/2023403 AND 05000366/2023403
Dear Sonny Dean:
On October 02, 2023, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline inspection in accordance with Inspection Procedure (IP) 71130.10 Cyber-Security, Revision 0, at your Hatch Nuclear Plant Units 1 & 2. The inspection will be performed to evaluate and verify your ability to provide assurance that your digital computer and communication systems and networks associated with safety, security, or emergency preparedness (SSEP) functions are adequately protected against cyber-attacks in accordance with Title 10 of the Code of Federal Regulations (10 CFR) 73.54 and the U.S. Nuclear Regulatory Commission (NRC) approved cyber security plan (CSP). The onsite portion of the inspection will take place during the week of October 02, 2023.
Experience has shown that baseline inspections are extremely resource intensive, both for the NRC inspectors and the licensee staff. To minimize the inspection impact on the site and to ensure a productive inspection for both parties, we have enclosed a request for documents needed for the inspection. These documents have been divided into four groups.
The first group specifies information necessary to assist the inspection team in choosing the focus areas (i.e., sample set) to be inspected by the cyber-security IP. This information should be made available electronically no later than July 28, 2023. The inspection team will review this information and, by August 4, 2023, will request the specific items that should be provided for review. This second group of additional requested documents will assist the inspection team in the evaluation of the critical systems and critical digital assets (CSs/CDAs), defensive architecture, and the areas of the licensees CSP selected for the cyber-security inspection. We request that the information provided from the second RFI be made available to the regional office prior to the inspection by September 8, 2023.
June 27, 2023 The third group of requested documents consists of those items that the inspection team will review, or need access to, during the inspection. Please have this information available by the first day of the onsite inspection, October 02, 2023.
The fourth group of information is necessary to aid the inspection team in tracking issues identified as a result of the inspection. It is requested that this information be provided to the lead inspector as the information is generated during the inspection. It is important that all of these documents are up to date and complete in order to minimize the number of additional documents requested during the preparation and/or the onsite portions of the inspection.
The lead inspector for this inspection is William Monk. We understand that our regulatory contacts for this inspection are Scott Junkin and Jimmy Collins, Licensing Managers of your organization. If there are any questions about the inspection or the material requested, please contact the lead inspector at (404) 997-4579 or via e-mail at william.monk@nrc.gov.
This letter does not contain new or amended information collection requirements subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection requirements were approved by the Office of Management and Budget, control number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget control number.
In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding, of the NRC's "Rules of Practice," a copy of this letter and its enclosure will be available electronically for public inspection in the NRCs Public Document Room or from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
Sincerely, Daniel Bacon, Branch Chief Engineering Branch 2 Division of Reactor Safety Docket Nos. 50-321; 50-366 License Nos. DPR-57; NPF-5 Enclosure:
Edwin I. Hatch Nuclear Plant Units 1 & 2 Cyber-Security Inspection Document Request cc w/encl: Distribution via LISTSERV Signed by Bacon, Daniel on 06/27/23
ML23178A001 X
SUNSI Review X
Non-Sensitive
Sensitive X
Publicly Available
Non-Publicly Available OFFICE RII/DRS RII/DRS RII/DRS NAME W. Monk J. Montgomery D. Bacon DATE 06/272023 06/272023 06/27/2023
H. B. ROBINSON STEAM ELECTRIC PLANT UNIT 2 CYBER-SECURITY INSPECTION DOCUMENT REQUEST Enclosure Inspection Report:
05000321/2023-403 and 05000366/2023-403 Inspection Dates:
October 02 - 06, 2023 Inspection Procedure:
IP 71130.10, Cyber-Security, Revision 0 (Effective: 01/01/2022)
Reference:
Guidance Document for Development of the Request for Information (RFI) and Notification Letter for Full-Implementation of the Cyber-Security Inspection, Rev. 2 (Issued: 11/22/2021)
NRC Inspectors:
William Monk, Lead Jonathan Montgomery 404-909-4579 404-997-4880 william.monk@nrc.gov jonathan.montgomery@nrc.gov NRC Contractors:
Al Konkal Michael Shock 561-989-0210 301-415-7000 alan.konkal@nrc.gov michael.shock@nrc.gov I.
Information Requested for In-Office Preparation The initial request for information (i.e., RFI #1) concentrates on providing the inspection team with the general information necessary to select appropriate components and CSP elements to develop a site-specific inspection plan. RFI #1 is used to identify the list of critical systems and critical digital assets (CSs/CDAs) plus operational and management (O&M) security control portions of the CSP to be chosen as the sample set required to be inspected by the cyber-security IP. RFI #1s requested information is specified below in Table: RFI #1 and requested to be provided electronically to the inspection team by July 28, 2023, or sooner, to facilitate the selection of the specific items that will be reviewed during the onsite inspection weeks.
The inspection team will examine the returned documentation from RFI #1 and identify/select specific systems and equipment (e.g., CSs/CDAs) to provide a more focused follow-up request to develop the second RFI. The inspection team will submit the specific systems and equipment list to your staff by August 4, 2023, which will identify the specific systems and equipment that will be utilized to evaluate the CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the cyber-security inspection. We request that the additional information provided from RFI
- 2 be made available to the inspection team by September 8, 2023. All requests for information shall follow the guidance document U.S. NRC - Guidance Document for Development of the Request for Information (RFI) and Notification Letter for Full Implementation of the Cyber-Security Inspection, referenced above.
H. B. ROBINSON STEAM ELECTRIC PLANT UNIT 2 CYBER-SECURITY INSPECTION DOCUMENT REQUEST
The required Table: RFI #1 information shall be provided electronically to the lead inspector by July 28, 2023. The preferred file format for all lists is a searchable Excel spreadsheet file. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
Table: RFI #1 Paragraph Number/Title:
IP Ref
A list of all identified Critical Systems and Critical Digital Assets -
highlight/note any additions, deletions, reclassifications due to new guidance from white papers, changes to NEI 10-04, 13-10, etc. since the last cyber security inspection.
Overall
A list of EP and Security onsite and offsite digital communication systems.
Overall
Network Topology Diagrams to include information and data flow for critical systems in Levels 2, 3, and 4 (if available).
Overall
Ongoing Monitoring and Assessment (OM&A) program documentation.
03.01(a)
The most recent effectiveness analysis and self-assessments of the Cyber Security Program.
03.01(b)
Password/Authenticator program documentation.
03.02(c)
Design change/ modification program documentation and a list, with descriptions, of all design changes that affected CDAs that have actually been installed and completed since the last two cyber security inspections, including either a summary of the design change or the 50.59 documentation for the change.
03.03(a)
Supply Chain Management program documentation, including any security impact analysis for new acquisitions.
03.03(a),
(b) and (c)
Cyber Security Plan and any 50.54(p) analysis to support changes to the plan since the last cyber inspection.
03.04(a)
Cyber Security Performance Metrics tracked (if applicable).
03.06(b)
11 Provide a list of all procedures and policies provided to the NRC with their descriptive name and associated number (if available).
Overall
Performance testing report (if applicable).
03.06(a)
Corrective actions taken as a result of cyber security incidents/issues to include previous NRC violations and Licensee Identified Violations since two last cyber security inspections.
03.05
H. B. ROBINSON STEAM ELECTRIC PLANT UNIT 2 CYBER-SECURITY INSPECTION DOCUMENT REQUEST
In addition to the above information, please provide the following:
(1) electronic copy of the UFSAR and technical specifications.
(2) name(s) and phone numbers for the regulatory and technical contacts.
(3) current management and engineering organizational charts.
Based on this information, the inspection team will identify and select specific systems and equipment (e.g., CSs/CDAs) from the information requested by Table RFI #1 and submit a list of specific systems and equipment to your staff by August 4, 2023, for the second RFI (i.e., RFI #2).
II.
Additional Information Requested to be Available Prior to Inspection.
As stated in Section I above, the inspection team will examine the returned documentation requested from Table: RFI #1 and submit the list of specific systems and equipment to your staff by August 4, 2023, for the second RFI (i.e., RFI #2). RFI #2 will request additional information required to evaluate the CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the cyber-security inspection. The additional information requested for the specific systems and equipment is identified in Table: RFI #2 and requested information shall follow the guidance document referenced above.
The Table: RFI #2 information shall be provided to the lead inspector by September 8, 2023. The preferred file format for all lists is a searchable Excel spreadsheet. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
Table: RFI #2 Paragraph Number/Title:
Items For the Critical Systems / CDAs chosen for inspection provide:
Ongoing Monitoring and Assessment activity performed on the selected inspection samples critical systems.
03.01(a)
All Security Control Assessments for the selected critical systems.
03.01(a)
All vulnerability screenings/assessments associated with or scans performed on the selected critical systems since the last cyber security inspection.
03.01(c)
Documentation (including configuration files and rules sets) for Network-based Intrusion Detection/Protection Systems (NIDS/NIPS),
Host-based Intrusion Detection Systems (HIDS), and Security 03.02(b)
H. B. ROBINSON STEAM ELECTRIC PLANT UNIT 2 CYBER-SECURITY INSPECTION DOCUMENT REQUEST
Table: RFI #2 Paragraph Number/Title:
Items Information and Event Management (SIEM) systems for the critical systems chosen for inspection.
Documentation (including configuration files and rule sets) for intra-security level firewalls and boundary devices used to protect the selected critical systems.
03.02(c)
Copies of all periodic reviews of the access authorization (AA) list for the selected systems since the last cyber inspection.
03.02(d)
Baseline configuration data sheets for the selected CDAs.
03.03(a)
Documentation on any changes, including Security Impact Analyses, performed on the selected critical systems since the last inspection.
03.03(b)
Copies of the purchase order documentation for any new equipment purchased for the selected systems since the last inspection.
03.03(c)
Copies of any reports/assessment for cyber security drills performed since the last inspection.
03.02(a)
03.04(b)
Copy of the individual recovery plan(s) for the selected critical systems including documentation of the results the last time the backups were executed.
03.02(a)
03.04(b)
Vulnerability screening/assessment and scan program documentation.
03.01(c)
Cyber Security Incident Response documentation, including incident detection, response, and recovery documentation as well as contingency plan development, implementation, and including any program documentation that requires testing of security boundary device functionality.
03.02(a)
and 03.04(b)
Device Access and Key Control program documentation.
03.02(c)
User Account/Credential documentation.
03.02(d)
Portable Media and Mobile Device (PMMD) control documentation, including kiosk security control assessment/documentation.
03.02(e)
Configuration Management documentation including any security impact analysis performed due to configuration changes since the last cyber inspection.
03.03(a)
and (b)
H. B. ROBINSON STEAM ELECTRIC PLANT UNIT 2 CYBER-SECURITY INSPECTION DOCUMENT REQUEST
Table: RFI #2 Paragraph Number/Title:
Items
Provide documentation describing any cyber security changes to the access authorization program (AAP) since the last cyber security inspection.
Overall III.
Information Requested to be Available on First Day of Inspection For the specific systems and equipment identified in Section II above, provide the following RFI (i.e., Table: Week Onsite) to the team by October 02, 2023, the first day of the inspection. All requested information shall follow the guidance document referenced above.
The preferred file format for all lists is a searchable Excel spreadsheet file. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
Table: Week Onsite Paragraph Number/Title:
Items
Any cyber security event reports submitted in accordance with 10 CFR 73.77, since the last cyber security inspection.
03.04(a)
Updated copies of corrective actions taken as a result of cyber security incidents/issues, to include previous NRC violations and Licensee Identified Violations since the last cyber security inspection, as well as vulnerability-related corrective actions.
03.05 In addition to the above information please provide the following:
(1) Copies of the following documents do not need to be solely available to the inspection team as long as the inspectors have easy and unrestrained access to them.
a.
Updated Final Safety Analysis Report (UFSAR), if not previously provided b.
Original FSAR Volumes c.
Original SER and Supplements d.
FSAR Question and Answers e.
Quality Assurance (QA) Plan f.
Technical Specifications, if not previously provided g.
Latest IPE/PRA Report (2) Vendor Manuals, Assessment and Corrective Actions:
H. B. ROBINSON STEAM ELECTRIC PLANT UNIT 2 CYBER-SECURITY INSPECTION DOCUMENT REQUEST
a.
The most recent Cyber-Security Quality Assurance (QA) audit and/or self-assessment; and b.
Corrective action documents (e.g., condition reports, including status of corrective actions) generated as a result of the most recent Cyber-Security Quality Assurance (QA) audit and/or self-assessment.
IV.
Information Requested to Be Provided Throughout the Inspection (1) Copies of any corrective action documents generated as a result of the inspection teams questions or queries during the inspection.
(2) Copies of the list of questions submitted by the inspection team members and the status/resolution of the information requested (provided daily during the inspection to each inspection team member during daily de-brief meetings).
If you have any questions regarding the information requested, please contact the inspection team leader.
