|
|---|
Category:Inspection Plan
MONTHYEARIR 05000333/20240052024-08-29029 August 2024
Updated Inspection Plan for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2024005)
ML24018A0012024-01-18018 January 2024
Notification of Commercial Grade Dedication Inspection (05000333/2024010) and Request for Information
IR 05000333/20230052023-08-31031 August 2023
Updated Inspection Plan for James A. FitzPatrick Nuclear Power Plant (Report 05000333/2023005)
ML23164A0322023-06-13013 June 2023
Request for Information for a Biennial Problem Identification and Resolution Inspection; Inspection Report 05000333/2023010
IR 05000333/20234012023-06-0101 June 2023
Information Request for the Cyber Security Baseline Inspection, Notification to Perform Inspection 05000333/2023401
IR 05000333/20220062023-03-0101 March 2023
Annual Assessment Letter for James A. FitzPatrick Nuclear Power Plant (Report 05000333/2022006)
ML22321A0102022-11-17017 November 2022
Notification of Conduct of a Fire Protection Team Inspection
IR 05000333/20220052022-08-31031 August 2022
Updated Inspection Plan for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2022005)
IR 05000333/20210062022-03-0202 March 2022
Annual Assessment Letter for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2021006)
ML22005A0232022-01-0505 January 2022
Information Request for a Triennial Baseline Design Bases Assurance Inspection (Team); Inspection Report 05000333/2022010
IR 05000333/20210052021-09-0101 September 2021
Updated Inspection Plan for the James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2021005)
IR 05000333/20200062021-03-0303 March 2021
Annual Assessment Letter for James A. FitzPatrick Nuclear Power Plant (Report 05000333/2020006)
ML21041A1932021-02-10010 February 2021
Request for Information for a Triennial Baseline Design-Basis Capability of Power-Operated Valves Under 10 CFR 50.55a Requirements Inspection; Inspection Report (05000333/2021011)
IR 05000333/20200052020-08-31031 August 2020
Updated Inspection Plan for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2020005)
IR 05000333/20190062020-03-0303 March 2020
Annual Assessment Letter for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2019006)
ML19326A9262019-11-22022 November 2019
Notification of Conduct of a Fire Protection Team Inspection
IR 05000333/20190052019-08-28028 August 2019
Updated Inspection Plan (Inspection Report 05000333/2019005)
IR 05000333/20180062019-03-0404 March 2019
Annual Assessment Letter for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2018006)
IR 05000333/20180052018-08-28028 August 2018
Updated Inspection Plan (Inspection Report 05000333/2018005)
IR 05000333/20170062018-02-28028 February 2018
Annual Assessment Letter for James A. Fitzpatrick Nuclear Power Plant (Reports 05000333/2017006, 05000333/2017402, and 05000333/2017501)
IR 05000333/20170052017-08-28028 August 2017
Updated Inspection Plan for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2017005)
IR 05000333/20160062017-03-0101 March 2017
Annual Assessment Letter for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2016006)
IR 05000333/20160052016-08-31031 August 2016
Mid-Cycle Assessment Letter for James A. FitzPatrick Nuclear Power Plant (Report 05000333/2016005)
IR 05000333/20150062016-03-0202 March 2016
2015 Annual Assessment Letter for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2015006)
IR 05000333/20150052015-09-0101 September 2015
Mid-Cycle Assessment Letter for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2015005)
IR 05000333/20140012015-03-0404 March 2015
2014 Annual Assessment Letter for James A. FitzPatrick Nuclear Power Plant (Report 05000333/2014001)(w/Inspection Plan)
ML14247A4532014-09-0404 September 2014
Fitzp Notification of Conduct of a Triennial Fire Protection Baseline Inspection - 90 Day Letter Rev 1
IR 05000333/20140062014-09-0202 September 2014
Mid-Cycle Assessment Letter and Inspection Plan 2014 (ROP-15) - James A. FitzPatrick Nuclear Power Plant (Report 05000333/2014006)
ML14177A7752014-06-24024 June 2014
Notification of Conduct of a Triennial Fire Protection Baseline Inspection
IR 05000333/20130012014-03-0404 March 2014
2013 Annual Assessment Letter for James A. FitzPatrick Nuclear Power Plant (Report 05000333/2013001)(w/Inspection Plan)
IR 05000333/20130062013-09-0303 September 2013
Mid-Cycle Performance Review and Inspection Plan 2013 (ROP-14) - James A. FitzPatrick Nuclear Power Plant (Report 05000333/2013006)
IR 05000333/20120012013-03-0404 March 2013
Annual Assessment Letter for James A. Fitzpatrick Nuclear Power Plant (Report 05000333-12-001)
ML12244A3412012-09-0404 September 2012
Mid-Cycle Performance Review and Inspection Plan - 2013 James A. FitzPatrick Nuclear Power Plant
IR 05000333/20110012012-03-0505 March 2012
Annual Assessment Letter (Report 05000333/2011001)
ML1124208192011-09-0101 September 2011
Mid-Cycle Performance Review and Inspection Plan 2011 - James A. Fitzpatrick Nuclear Power Plant
IR 05000333/20100012011-03-0404 March 2011
Annual Assessment Letter for James A. FitzPatrick Nuclear Power Plant (Report 05000333/2010001)
ML1024402772010-09-0101 September 2010
Mid-Cycle Performance Review and Inspection Plan 2010 - James A. Fitzpatrick Nuclear Power Plant
ML1006214222010-03-0303 March 2010
Annual Assessment Letter - James A. Fitzpatrick, (IR 05000333-10-001)
ML0924401472009-09-0101 September 2009
Mid-Cycle Performance Review and Inspection Plan - James A. FitzPatrick Nuclear Power Plant
IR 05000333/20090012009-03-0404 March 2009
Annual Assessment Letter, James A. FitzPatrick Nuclear Power Plant (Report 05000333/2009001)
ML0824703132008-09-0202 September 2008
Mid-Cycle Performance Review and Inspection Plan, James A. Fitzpatrick
IR 05000333/20080012008-03-0303 March 2008
Annual Assessment Letter - James A. FitzPatrick Nuclear Power Plant (Report 05000333/2008001)
ML0734709442007-12-13013 December 2007
ROP 8 - Fitzpatrick - Change to Inspection Plan, 12/13/07
ML0724309402007-08-31031 August 2007
Mid-Cycle Performance Review and Inspection Plan - James A. FitzPatrick Nuclear Power Plant
IR 05000333/20070012007-03-0202 March 2007
Annual Assessment Letter - James A. Fitzpatrick Nuclear Power Plant (Report 05000333-07-001)
ML0606202432006-03-0202 March 2006
Annual Assessment Letter - James A. FitzPatrick Nuclear Power Station (Report 05-333/2006001)
ML0506105112005-03-0202 March 2005
Annual Assessment Letter 2005001-Fitzpatrick
ML0424402522004-08-30030 August 2004
FitzPatrick Station ROP5 Mid-Cycle Performance Review and Inspection Plan
ML0323902312003-08-27027 August 2003
2003 - Mid-Cycle Performance Review and Inspection Plan for FitzPatrick Nuclear Power Plant
ML0305807282003-03-0303 March 2003
2003 - Annual Assessment Letter - Fitzpatrick Nuclear Power Plant (50-333/2003-001)
2024-08-29
[Table view]
Category:Letter
MONTHYEARIR 05000333/20240032024-11-12012 November 2024
Integrated Inspection Report 05000333/2024003
ML24317A1432024-11-0404 November 2024
Constellation Energy Generation, LLC, 2024 Annual Report - Guarantees of Payment of Deferred Premiums
IR 05000333/20240902024-10-29029 October 2024
Final Significance Determination of a White Finding with Assessment Follow-Up and Notice of Violation; Inspection Report 05000333/2024090
JAFP-24-0055, Response to Request for Additional Information for License Amendment Request to Add Temporary Change to TS 3.3.2.1, Condition C, Control Rod Block Instrumentation2024-10-29029 October 2024
Response to Request for Additional Information for License Amendment Request to Add Temporary Change to TS 3.3.2.1, Condition C, Control Rod Block Instrumentation
IR 05000333/20244022024-10-28028 October 2024
Material Control and Accounting Program Inspection Report 05000333/2024402 (Cover Letter Only)
ML24276A1332024-10-17017 October 2024
Issuance of Amendment No. 357 Revise Technical Specifications to Adopt TSTF-529, Clarify Use and Application Rules, Revision-4, and Administrative Changes
ML24282B0302024-10-11011 October 2024
Project Manager Assignment
RS-24-093, Response to Request for Additional Information - Alternative Request to Utilize Code Case OMN-32, Alternative Requirements for Range and Accuracy of Pressure, Flow, and Differential Pressure Instruments Used in Pump Tests2024-10-10010 October 2024
Response to Request for Additional Information - Alternative Request to Utilize Code Case OMN-32, Alternative Requirements for Range and Accuracy of Pressure, Flow, and Differential Pressure Instruments Used in Pump Tests
ML24207A0192024-10-0909 October 2024
SE Addendum Related to the License Amendment No. 338 for Implementation of the Alternative Source Term (DPO-2021-001)
ML24275A2442024-10-0303 October 2024
Reassignment of the U.S. Nuclear Regulatory Commission Branch Chief, Division of Operating Reactor Licensing
JAFP-24-0051, Reply to Preliminary White Finding and Apparent Violation in NRC Inspection Report 05000333/2024011; EA-24-0882024-10-0303 October 2024
Reply to Preliminary White Finding and Apparent Violation in NRC Inspection Report 05000333/2024011; EA-24-088
ML24270A0742024-09-30030 September 2024
Individual Notice of Consideration of Issuance of Amendments to Renewed Facility Operating Licenses, Proposed No Significant Hazards Consideration Determination, & Opportunity for a Hearing (EPID L-2024-LLA-0134) - LTR
ML24270A1452024-09-26026 September 2024
Notice of Enforcement Discretion for James A. Fitzpatrick Nuclear Power Plant
JAFP-24-0046, Request for Enforcement Discretion for Technical Specification (TS) 3.3.2.1 Control Rod Block Instrumentation2024-09-25025 September 2024
Request for Enforcement Discretion for Technical Specification (TS) 3.3.2.1 Control Rod Block Instrumentation
JAFP-24-0047, License Amendment Request – Temporary Addition to TS 3.3.2.1 Condition C, Control Rod Block Instrumentation to Support Upgrade to Rod Worth Minimizer Software2024-09-25025 September 2024
License Amendment Request – Temporary Addition to TS 3.3.2.1 Condition C, Control Rod Block Instrumentation to Support Upgrade to Rod Worth Minimizer Software
JAFP-24-0045, Supplemental Information for License Amendment Request to Revise Technical Specifications to Adopt TSTF-529, Clarify Use and Application Rules, Revision 4, and Administrative Changes to the Technical Specifications2024-09-20020 September 2024
Supplemental Information for License Amendment Request to Revise Technical Specifications to Adopt TSTF-529, Clarify Use and Application Rules, Revision 4, and Administrative Changes to the Technical Specifications
IR 05000333/20240112024-09-19019 September 2024
Follow-up to Inspection Procedure 71153 Report 05000333/2024011 and Preliminary White Finding and Apparent Violation
JAFP-24-0044, Core Operating Limits Report Cycle 272024-09-16016 September 2024
Core Operating Limits Report Cycle 27
JAFP-24-0043, Revision to Commitment Relating to Resolution of Anchor Darling Double Disc Gate Valve Part 21 Issues2024-09-12012 September 2024
Revision to Commitment Relating to Resolution of Anchor Darling Double Disc Gate Valve Part 21 Issues
ML24165A0382024-09-0404 September 2024
Issuance of Amendment No. 356 Update Fuel Handling Accident Analysis
05000333/LER-2024-002, Reactor Protection System Electric Power Monitoring System Trip Caused Primary Containment Isolation2024-09-0404 September 2024
Reactor Protection System Electric Power Monitoring System Trip Caused Primary Containment Isolation
IR 05000333/20240052024-08-29029 August 2024
Updated Inspection Plan for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2024005)
05000333/LER-2024-001-01, EDG Lube Oil Check Valve Bonnet Cap Leak Due to Failed Gasket2024-08-21021 August 2024
EDG Lube Oil Check Valve Bonnet Cap Leak Due to Failed Gasket
ML24222A6772024-08-0909 August 2024
Response to Request for Additional Information for Application to Revise Technical Specifications to Adopt TSTF-591-A, Revise Risk Informed Completion Time (RICT) Program Revision 0 and Revise 10 CFR 50.69 License Condition
IR 05000333/20240022024-08-0707 August 2024
Integrated Inspection Report 05000333/2024002
JAFP-24-0034, 10 CFR 50.46 Annual Report2024-07-31031 July 2024
10 CFR 50.46 Annual Report
ML24208A0492024-07-30030 July 2024
Notice of Consideration of Issuance of Amendments to Facility Operating Licenses and Proposed No Significant Hazards Consideration Determination (Letter)
JAFP-24-0036, Supplement to License Amendment Request to Update the Technical Specification Bases to Change the Fuel Handling Accident Analysis2024-07-29029 July 2024
Supplement to License Amendment Request to Update the Technical Specification Bases to Change the Fuel Handling Accident Analysis
JAFP-24-0033, Response to Request for Information Pertaining to a Licensed Operator Positive Fitness-For-Duty Test2024-07-23023 July 2024
Response to Request for Information Pertaining to a Licensed Operator Positive Fitness-For-Duty Test
IR 05000333/20244032024-07-18018 July 2024
Biennial Problem Identification and Resolution Inspection Report 05000333/2024403 (Cover Letter Only)
IR 05000333/20244012024-07-15015 July 2024
Security Baseline Inspection 05000333/2024401
RS-24-070, Independent Spent Fuel Storage Installation, Nine Mile Point, Units 1 and 2, Quad Cities, Units 1 and 2, R. E. Ginna - Nuclear Radiological Emergency Plan Document Revisions2024-07-12012 July 2024
Independent Spent Fuel Storage Installation, Nine Mile Point, Units 1 and 2, Quad Cities, Units 1 and 2, R. E. Ginna - Nuclear Radiological Emergency Plan Document Revisions
ML24190A1932024-07-0909 July 2024
Correction Letter of Amendment No. 355 Revise Technical Specifications Section 3.4.3.1, Safety Relief Valves Setpoint Lower Tolerance
IR 05000333/20240102024-07-0808 July 2024
Commercial Grade Dedication Inspection Report 05000333/2024010
ML24184A1662024-07-0303 July 2024
Senior Reactor and Reactor Operator Initial License Examinations
ML24136A1162024-06-26026 June 2024
Issuance of Amendment No. 355 Revise Technical Specifications Section 3.4.3.1, Safety Relief Valves Setpoint Lower Tolerance
ML24176A2412024-06-24024 June 2024
Licensed Operator Positive Fitness-for-Duty Test
JAFP-24-0027, EDG Lube Oil Check Valve Bonnet Cap Leak Due to Failed Gasket2024-06-24024 June 2024
EDG Lube Oil Check Valve Bonnet Cap Leak Due to Failed Gasket
05000333/LER-2024-001, EDG Lube Oil Check Valve Bonnet Cap Leak Due to Failed Gasket2024-06-24024 June 2024
EDG Lube Oil Check Valve Bonnet Cap Leak Due to Failed Gasket
RS-24-061, Constellation Energy Generation, LLC, Response to NRC Regulatory Issue Summary 2024-01, Preparation and Scheduling of Operator Licensing Examinations2024-06-14014 June 2024
Constellation Energy Generation, LLC, Response to NRC Regulatory Issue Summary 2024-01, Preparation and Scheduling of Operator Licensing Examinations
JAFP-24-0026, Supplement to License Amendment Request to Modify Technical Specification Surveillance Requirement (SR) 3.4.3.1 Safety Relief Valves (Srvs) Setpoint Lower Tolerance2024-06-12012 June 2024
Supplement to License Amendment Request to Modify Technical Specification Surveillance Requirement (SR) 3.4.3.1 Safety Relief Valves (Srvs) Setpoint Lower Tolerance
ML24079A0762024-05-23023 May 2024
Issuance of Amendments to Adopt TSTF 264
IR 05000333/20240012024-05-0909 May 2024
Integrated Inspection Report 05000333/2024001
JAFP-24-0023, 2023 Annual Radiological Environmental Operating Report2024-05-0909 May 2024
2023 Annual Radiological Environmental Operating Report
RS-24-041, Alternative Request to Utilize Code Case OMN-32, Alternative Requirements for Range and Accuracy of Pressure, Flow, and Differential Pressure Instruments Used in Pump Tests2024-04-30030 April 2024
Alternative Request to Utilize Code Case OMN-32, Alternative Requirements for Range and Accuracy of Pressure, Flow, and Differential Pressure Instruments Used in Pump Tests
JAFP-24-0020, 2023 Annual Radioactive Effluent Release Report2024-04-25025 April 2024
2023 Annual Radioactive Effluent Release Report
JAFP-24-0019, 2023 REIRS Transmittal of NRC Form 52024-04-18018 April 2024
2023 REIRS Transmittal of NRC Form 5
ML24106A0152024-04-15015 April 2024
Request for Withholding Information from Public Disclosure Response to Request for Additional Information for License Amendment Request to Update the Technical Specification Bases to Change the Fuel Handling
ML24107A6972024-04-12012 April 2024
Engine Systems, Inc Part 21 Report Re EMD Cylinder Liner Water Leak
ML24103A2042024-04-12012 April 2024
Constellation Energy Generation, LLC, Application to Revise Technical Specifications to Adopt TSTF-591-A, Revise Risk Informed Completion Time (RICT) Program Revision 0 and Revise 10 CFR 50.69 License Condition
2024-09-04
[Table view] |
Text
June 1, 2023
SUBJECT:
JAMES A. FITZPATRICK NUCLEAR POWER PLANT-INFORMATION REQUEST FOR THE CYBER SECURITY BASELINE INSPECTION, NOTIFICATION TO PERFORM INSPECTION 05000333/2023401
Dear David Rhoades:
On October 23, 2023, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline inspection in accordance with Inspection Procedure (IP) 71130.10, Cyber Security, dated December 14, 2021, at FitzPatrick. The inspection will be performed to evaluate and verify your ability to meet the requirements of the NRCs Cyber Security Rule, Title 10 of the Code of Federal Regulations (10 CFR) Part 73, Section 54, Protection of Digital Computer and Communication Systems and Networks. The onsite portion of the inspection will take place October 23 through 27, 2023.
Experience has shown that baseline inspections are extremely resource intensive, both for the NRC inspectors and the licensee staff. In order to minimize the inspection impact on the site and to ensure a productive inspection for both parties, we have enclosed a request for documents needed for the inspection. These documents have been divided into four groups.
The first group specifies information necessary to assist the inspection team in choosing the focus areas (i.e., sample set) to be inspected by IP 71130.10. This information should be made available either on an online repository (preferred) or digital media (CD/DVD) no later than July 14, 2023. The inspection team will review this information and, by August 18, 2023, will request the specific items that should be provided for review.
The second group of additional requested documents will assist the inspection team in the evaluation of the critical systems and critical digital assets (CSs/CDAs), defensive architecture, and the areas of the licensees Cyber Security Program selected for the cyber security inspection. This information will be requested for review in the regional office prior to the inspection by September 15, 2023, as identified above. The third group of requested documents consists of those items that the inspection team will review, or need access to, during the inspection. Please have this information available by the first day of the onsite inspection, October 23, 2023.
The fourth group of information is necessary to aid the inspection team in tracking issues identified as a result of the inspection. It is requested that this information be provided to the lead inspector as the information is generated during the inspection. It is important that all of these documents are up to date and complete in order to minimize the number of additional documents requested during the preparation and/or the onsite portions of the inspection.
The lead inspector for this inspection is Louis Dumont. We understand that our regulatory contact for this inspection is Steven Juravich of your organization. If there are any questions about the inspection or the material requested, please contact the lead inspector at (610) 337-5183 or via email at louis.dumont@nrc.gov.
This letter does not contain new or amended information collection requirements subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection requirements were approved by the Office of Management and Budget, control number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget control number.
In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding, of the NRC's "Rules of Practice," a copy of this letter and its enclosure will be available electronically for public inspection in the NRCs Public Document Room or from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC website at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
Sincerely, Glenn T. Dentel, Chief Engineering Branch 2 Division of Operating Reactor Safety
Docket No. 05000333 License No. DPR-59
Enclosure:
Cyber Security Inspection Document Request
cc: Distribution via ListServ
Glenn T.
Dentel Digitally signed by Glenn T. Dentel Date: 2023.06.01 15:33:04 -04'00'
ML23152A004
SUNSI Review
Non-Sensitive Sensitive
Publicly Available Non-Publicly Available
OFFICE RI/DORS RI/DORS
NAME LDumont GDentel
DATE 5/31/2023 5/31/2023
JAMES A. FITZPATRICK NUCLEAR POWER PLANT CYBER SECURITY INSPECTION DOCUMENT REQUEST Enclosure Inspection Report:
05000333/2023401 Inspection Dates:
October 23 - 27, 2023 Inspection Procedure:
IP 71130.10, Cyber Security, dated December 14, 2021
(ADAMS Accession Number: ML21271A106)
Reference:
Guidance Document for Development of the Request for Information (RFI) and Notification Letter for IP 71130.10, Cyber Security (ML21330A088)
NRC Inspectors:
Louis Dumont, Lead Tanvir Siddiky (610) 337-5183 Tanvir.siddiky@nrc.gov Louis.Dumont@nrc.gov
Timothy Hennessey (610) 337-5135 Timothy.hennessey@nrc.gov
NRC Contractors:
Balla Barro
Balla.barro@nrc.gov
I.
Information Requested for In-Office Preparation The initial request for information (i.e., first RFI) concentrates on providing the inspection team with the general information necessary to select appropriate components and Cyber Security Program (CSP) elements to develop a site-specific inspection plan.
The first RFI is used to identify the list of critical systems and critical digital assets (CSs/CDAs) plus operational and management security control portions of the CSP to be chosen as the sample set required to be inspected by the cyber security inspection procedure. The first RFIs requested information is specified below in Table RFI #1. The Table RFI #1 information is requested to be provided to the regional office by July 14, 2023, or sooner, to facilitate the selection of the specific items that will be reviewed during the onsite inspection weeks.
The inspection team will examine the returned documentation from the first RFI and identify/select specific systems and equipment (e.g., CSs/CDAs) to provide a more focused follow-up request to develop the second RFI. The inspection team will submit the specific systems and equipment list to your staff by August 18, 2023, which will identify the specific systems and equipment that will be utilized to evaluate the CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the cyber security inspection. We request that the additional information provided from the second RFI be made available to the regional office prior to the inspection by September 15, 2023.
JAMES A. FITZPATRICK NUCLEAR POWER PLANT CYBER SECURITY INSPECTION DOCUMENT REQUEST
The required Table RFI #1 information shall be provided on an online repository (preferred) or digital media (CD/DVD) to the lead inspector by July 14, 2023. The preferred file format for all lists is a searchable Excel spreadsheet file. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
Table RFI #1 Section 3, Paragraph Number/Title:
IP Ref
A list of all Identified Critical Systems and Critical Digital Assets -
highlight/note any additions, deletions or reclassifications due to new guidance from white papers, changes to NEI 10-04, 13-10, etc. since the last cyber security inspection.
Overall
A list of EP and Security onsite and offsite digital communication systems Overall
Network Topology Diagrams to include information and data flow for critical systems in levels 2, 3 and 4 (If available)
Overall
Ongoing Monitoring and Assessment program documentation 03.01(a)
The most recent effectiveness analysis of the Cyber Security Program 03.01(b)
Vulnerability screening/assessment and scan program documentation 03.01(c)
Cyber Security Incident response documentation, including incident detection, response, and recovery documentation as well as contingency plan development and implementation, including any program documentation that requires testing of security boundary device functionality 03.02(a)
and 03.04(b)
8 Device Access and Key Control documentation 03.02(c)
Password/Authenticator documentation 03.02(c)
User Account/Credential documentation 03.02(d)
11 Portable Media and Mobile Device control documentation, including kiosk security control assessment/documentation 03.02(e)
Design change/modification program documentation and a list of all design changes that affected CDAs that have actually been installed and completed since the last cyber security inspection, including either a summary of the design change or the 50.59 documentation of the change.
03.03(a)
Supply Chain Management documentation including any security impact analysis for new acquisitions 03.03(a),
(b) and (c)
Configuration Management documentation including any security impact analysis performed due to configuration changes since the last inspection 03.03(a)
and (b)
Cyber Security Plan and any 50.54(p) analysis to support changes to the plan since the last inspection 03.04(a)
Cyber Security Metrics tracked (if applicable)
03.06 (b)
Provide documentation describing any cyber security changes to the access authorization program since the last cyber security inspection.
Overall
Provide a list of all procedures and policies provided to the NRC with their descriptive name and associated number (if available)
Overall
Performance testing report (if applicable)
03.06 (a)
JAMES A. FITZPATRICK NUCLEAR POWER PLANT CYBER SECURITY INSPECTION DOCUMENT REQUEST
In addition to the above information please provide the following:
(1) Electronic copy of the Updated Final Safety Analysis Report (UFSAR) and technical specifications.
(2) Name(s) and phone numbers for the regulatory and technical contacts.
(3) Current management and engineering organizational charts.
Based on this information, the inspection team will identify and select specific systems and equipment (e.g., CSs/CDAs) from the information requested by Table RFI #1 and submit a list of specific systems and equipment to your staff by August 18, 2023, for the second RFI (i.e., RFI #2).
II.
Additional Information Requested to be Available Prior to Inspection.
As stated in Section I above, the inspection team will examine the returned documentation requested from Table RFI #1 and submit the list of specific systems and equipment to your staff by August 18, 2023, for the second RFI (i.e., RFI #2). The second RFI will request additional information required to evaluate the CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the cyber security inspection. The additional information requested for the specific systems and equipment is identified in Table RFI #2.
The Table RFI #2 information shall be provided to the lead inspector by September 15, 2023. The preferred file format for all lists is a searchable Excel spreadsheet. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
Table RFI #2 Section 3, Paragraph Number/Title:
Items For the system(s) chosen for inspection provide:
1 Ongoing Monitoring and Assessment activity performed on the system(s)
03.01(a)
2 All Security Control Assessments for the selected system(s)
03.01(a)
All vulnerability screenings/assessments associated with or scans performed on the selected system(s) since the last cyber security inspection 03.01(c)
Documentation (including configuration files and rules sets) for Network-based Intrusion Detection/Protection Systems (NIDS/NIPS), Host-based Intrusion Detection Systems (HIDS), and Security Information and Event Management (SIEM) systems for system(s) chosen for inspection)
03.02(b)
Documentation (including configuration files and rule sets) for intra-security level firewalls and boundary devices used to protect the selected system(s)
03.02(c)
6 Copies of all periodic reviews of the access authorization list for the selected systems since the last inspection 03.02(d)
7 Baseline configuration data sheets for the selected CDAs 03.03(a)
JAMES A. FITZPATRICK NUCLEAR POWER PLANT CYBER SECURITY INSPECTION DOCUMENT REQUEST
8 Documentation on any changes, including Security Impact Analyses, performed on the selected system(s) since the last inspection 03.03(b)
9 Copies of the purchase order documentation for any new equipment purchased for the selected systems since the last inspection 03.03(c)
10 Copies of any reports/assessment for cyber security drills performed since the last inspection.
03.02(a)
03.04(b)
11 Copy of the individual recovery plan(s) for the selected system(s) including documentation of the results the last time the backups were executed.
03.02(a)
03.04(b)
Corrective actions taken as a result of cyber security incidents/issues to include previous NRC violations and Licensee Identified Violations since the last cyber security inspection 03.05 13 For the selected systems, provide design change/modification packages including completed work orders since the last cyber security inspection 03.03(a)
III.
Information Requested to be Available on First Day of Inspection For the specific systems and equipment identified in Section II above, provide the following RFI (i.e., Table 1ST Week Onsite) to the team by October 23, 2023, the first day of the inspection.
Table 1ST Week Onsite Section 3, Paragraph Number/Title:
Items`
1 Any cyber security event reports submitted in accordance with 10 CFR 73.77 since the last cyber security inspection 03.04(b)
Updated Copies of corrective actions taken as a result of cyber security incidents/issues, to include previous NRC violations and Licensee Identified Violations since the last cyber security inspection, as well as vulnerability-related corrective actions 03.05 In addition to the above information please provide the following:
(1) Copies of the following documents do not need to be solely available to the inspection team as long as the inspectors have easy and unrestrained access to them.
a. Updated Final Safety Analysis Report, if not previously provided; b. Original Cyber Security Safety Evaluation Report and Supplements; c. Quality Assurance (QA) Plan; d. Technical Specifications, if not previously provided; and e. Latest individual plant examination/probabilistic Risk assessment report.
JAMES A. FITZPATRICK NUCLEAR POWER PLANT CYBER SECURITY INSPECTION DOCUMENT REQUEST
(2) Vendor Manuals, Assessment and Corrective Actions:
a. The most recent Cyber Security QA audit and/or self-assessment; and b. Corrective action documents (e.g., condition reports, including status of corrective actions) generated as a result of the most recent Cyber Security QA audit and/or self-assessment.
IV.
Information Requested To Be Provided Throughout the Inspection (1) Copies of any corrective action documents generated as a result of the inspection teams questions or queries during the inspection.
(2) Copies of the list of questions submitted by the inspection team members and the status/resolution of the information requested (provided daily during the inspection to each inspection team member).
If you have any questions regarding the information requested, please contact the inspection team leader.
