|
|---|
Category:Inspection Report
MONTHYEARIR 05000424/20240032024-10-30030 October 2024
– Integrated Inspection Report 05000424/2024003 and 05000425/2024003
IR 05000424/20240052024-08-26026 August 2024
Updated Inspection Plan for Vogtle Electric Generating Plant, Units 1 and 2 - Report 05000424/2024005 and 05000425/2024005
IR 05000424/20244012024-08-15015 August 2024
4 - Security Baseline Inspection Report 05000424-2024401, 05000425-2024401, 05200025-2024402, and 05200026-2024403 - Cover Letter
ML24212A1442024-08-0101 August 2024
Integrated Inspection Report 05200025/2024002 and 05200026/2024002
IR 05000424/20240022024-07-29029 July 2024
Integrated Inspection Report 05000424/2024002 and 05000425/2024002
IR 05000424/20244042024-07-26026 July 2024
Material Control and Accounting Program Inspection Report 05000424/2024404 and 05000425/2024404 (Cover Letter)
ML24194A0342024-07-12012 July 2024
Review of the Refueling Outage 1R24 Steam Generator Tube Inspection Report
ML24191A3792024-07-10010 July 2024
– Initial Test Program and Operational Programs Inspection Report 05200026/2024011
ML24130A2412024-05-13013 May 2024
Integrated Inspection Report 05200025/2024001 and 05200026/2024001
ML24127A2372024-05-0909 May 2024
Initial Test Program and Operational Programs Inspection Report 05200026/2024010
IR 05000424/20240012024-04-23023 April 2024
–Integrated Inspection Report 05000424/2024001 and 05000425/2024001
IR 05000424/20230062024-02-28028 February 2024
Annual Assessment Letter for Vogtle Electric Generating Plant Units 1 and 2 - NRC Inspection Report 05000424-2023006 and 05000425-2023006
IR 05000424/20240102024-02-14014 February 2024
– Fire Protection Team Inspection Report 0500424/2024010 and 05000425/2024010
IR 05000202/20300042024-02-13013 February 2024
Integrated Inspection Report 052000250/2023004 and 05200026/2023004
IR 05000424/20230042024-02-0505 February 2024
Integrated Inspection Report 05000424-2023004 and 05000425-2023004
ML24032A0252024-02-0505 February 2024
NRC Initial Test Program and Operational Programs Integrated Inspection Report 05200026-2023009
ML24031A6102024-01-31031 January 2024
Cyber Security Inspection Report 05200026/2024401 - Public
IR 05000424/20244032024-01-26026 January 2024
Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000424/2024403; 05000425/2024403
ML23312A3502023-11-14014 November 2023
– Integrated Inspection Report 05200026/2023003
ML23318A4582023-11-14014 November 2023
Integrated Inspection Report 05200025/2023003
IR 05000424/20234022023-11-0606 November 2023
– Security Baseline Inspection Report 05000424/2023402 and 05000425/2023402
IR 05000424/20230032023-10-27027 October 2023
Integrated Inspection Report 05000424/2023003 and 05000425/2023003
ML23254A2032023-09-13013 September 2023
– Initial Test Program and Operational Programs Inspection Report 05200025/2023013
IR 05000424/20230912023-09-0505 September 2023
Plan Units 1 and 2 - NRC Investigation Report 2-2022-006 and Notice of Violation - NRC Inspection Report 05000424/2023091 and 05000425/2023091
ML23234A3002023-09-0101 September 2023
NRC Integrated Inspection Report 05200026/2023003
IR 05000424/20230052023-08-29029 August 2023
Updated Inspection Plan for Vogtle Electric Generating Plant, Units 1 & 2 - Report 05000424/2023005 and 05000425/2023005
ML23223A0022023-08-14014 August 2023
Integrated Inspection Report 05200025/2023002
IR 05000424/20230112023-08-11011 August 2023
Biennial Problem Identification and Resolution Inspection Report 05000424/2023011 and 05000425/2023011
ML23215A0822023-08-0404 August 2023
(Vego), Unit 3 – Initial Test Program and Operational Programs Integrated 05200025/2023011 Inspection Report
ML23212B0612023-07-31031 July 2023
Security Baseline Inspection Report 05200025/2023401
IR 05000424/20234012023-07-31031 July 2023
Security Baseline Inspection Report 05000424/2023401 and 05000425/2023401 (Cover Letter)
ML23216A0962023-07-26026 July 2023
Document Request for Vogtle 1 & 2 RP Inspection, Report No. 05000424/2023003 and 05000425/2023003
IR 05000424/20230022023-07-24024 July 2023
Integrated Inspection Report 05000424/2023002 and 05000425/2023002
ML23198A3802023-07-19019 July 2023
NRC Integrated Inspection Report 05200026/2023002
ML23199A0892023-07-18018 July 2023
Initial Test Program and Operational Programs Integrated Inspection Report 05200026/2023007
IR 05000424/20233012023-06-30030 June 2023
– NRC Operator License Examination Report 05000424/2023301 and 05000425/2023301
ML23128A2932023-05-11011 May 2023
NRC Integrated Inspection Report 05200026/2023001
ML23129A0222023-05-10010 May 2023
Integrated Report 05200025/2023001
ML23128A3492023-05-0909 May 2023
– Initial Test Program and Operational Programs Integrated Inspection Report 05200026/2023006
ML23121A3202023-05-0404 May 2023
NRC Initial Test Program and Operational Programs Integrated Inspection Report 05200025/2023010
IR 05000424/20040252023-04-28028 April 2023
Public Meeting Summary - Vogtle Electric Generating Plant, Units 1, 2, 3, & 4 Docket No. 5000424, 5000425, 5200025, 5200026, Meeting Number 20230375
IR 05000424/20230012023-04-26026 April 2023
Integrated Inspection Report 05000424/2023001 and 05000425/2023001
IR 05000424/20230902023-03-30030 March 2023
NRC Inspection Report 05000424/2023090 and 05000425/2023090, and Investigation Report 2-2022-006; and Apparent Violation
ML23083B3702023-03-24024 March 2023
Security Baseline Inspection Report 05200026/2023401
IR 05000424/20220062023-03-0101 March 2023
Annual Assessment Letter for Vogtle Electric Generating Plant Units 1 and 2, NRC Inspection Reports 05000424/2022006 and 05000425/2022006
ML23044A3902023-02-14014 February 2023
Integrated Inspection Report05200025 2022007
ML23040A0422023-02-0909 February 2023
NRC Initial Test Program and Operational Programs Integrated Inspection Report 05200025/2022008
ML23040A3612023-02-0909 February 2023
– NRC Initial Test Program and Operational Programs Integrated Inspection Report 05200026/2022008
ML23033A3972023-02-0707 February 2023
NRC Integrated Inspection Report 05200026/2022007
IR 05000424/20220042023-01-23023 January 2023
Integrated Inspection Report 05000424/2022004 and 05000425/2022004
2024-08-26
[Table view]
Category:Letter
MONTHYEARNL-24-0385, Request for Action Matrix Deviation Due to Recent Events Impacting the Unplanned Scram with Complications Performance Indicator2024-10-31031 October 2024
Request for Action Matrix Deviation Due to Recent Events Impacting the Unplanned Scram with Complications Performance Indicator
IR 05000424/20240032024-10-30030 October 2024
– Integrated Inspection Report 05000424/2024003 and 05000425/2024003
NL-24-0392, Response to Requests for Additional Information Related to Proposed Alternative GEN-ISI-AL T-2024-0022024-10-28028 October 2024
Response to Requests for Additional Information Related to Proposed Alternative GEN-ISI-AL T-2024-002
NL-24-0386, License Amendment Request: Changes to Technical Specification 3.7.6, Main Control Room Emergency Habitability System (Ves) Air Storage Tanks Response to Request for Additional Information2024-10-28028 October 2024
License Amendment Request: Changes to Technical Specification 3.7.6, Main Control Room Emergency Habitability System (Ves) Air Storage Tanks Response to Request for Additional Information
NL-24-0366, Core Operating Limits Report, Cycle 26, Version 12024-10-25025 October 2024
Core Operating Limits Report, Cycle 26, Version 1
ML24297A6482024-10-23023 October 2024
5 to the Updated Final Safety Analysis Report, Technical Specification Bases Changes, Technical Requirements Manual Changes, Summary Report and Revised NRC Commitments Report
ML24269A2502024-09-26026 September 2024
Acknowledgement of the Withdrawal of the Requested Exemption and License Amendment Request to Remove Tier 1 and Tier 2* Requirements
NL-24-0369, Withdrawal of License Amendment Request and Exemption Request: Remove Tier 1 and Tier 2 Requirements2024-09-25025 September 2024
Withdrawal of License Amendment Request and Exemption Request: Remove Tier 1 and Tier 2 Requirements
NL-24-0350, Core Operating Limits Report, Cycle 24, Version 22024-09-25025 September 2024
Core Operating Limits Report, Cycle 24, Version 2
ML24243A0072024-09-10010 September 2024
– Correction of Amendment Nos. 223 and 206 Regarding Revision to Technical Specifications to Adopt TSTF-339-A, Relocate Technical Specification Parameters to the COLR Consistent with WCAP-14483
ML24102A2642024-09-0909 September 2024
– Exemption Request Regarding Final Safety Analysis Report Update Schedule (EPID L-2024-LLE-0013) - Letter
NL-24-0337, Interim 10 CFR 21.21(a)(2) Report Regarding Operation Technology, Inc., ETAP Software Error in Transient Stability Program2024-09-0909 September 2024
Interim 10 CFR 21.21(a)(2) Report Regarding Operation Technology, Inc., ETAP Software Error in Transient Stability Program
ML24249A2942024-09-0606 September 2024
Correction of Amendment Nos. 218 and 201 Regarding Revision to Technical Specifications to Use Online Monitoring Methodology
05200025/LER-2024-002, Manual Reactor Protection System and Automatic Safeguards Actuation Due to an Unexpected Change in Position of a Main Feedwater Pump Minimum Flow Control Valve2024-09-0505 September 2024
Manual Reactor Protection System and Automatic Safeguards Actuation Due to an Unexpected Change in Position of a Main Feedwater Pump Minimum Flow Control Valve
IR 05000424/20240052024-08-26026 August 2024
Updated Inspection Plan for Vogtle Electric Generating Plant, Units 1 and 2 - Report 05000424/2024005 and 05000425/2024005
ML24235A1952024-08-22022 August 2024
Updated Inspection Plan for Vogtle Electric Generating Plant, Units 3 and 4 - Report 05200025/2024005 and 05200026/2024005
IR 05000424/20244012024-08-15015 August 2024
4 - Security Baseline Inspection Report 05000424-2024401, 05000425-2024401, 05200025-2024402, and 05200026-2024403 - Cover Letter
NL-24-0299, Exemption Request: Final Safety Analysis Report Update Schedule, Response to Request for Additional Information2024-08-14014 August 2024
Exemption Request: Final Safety Analysis Report Update Schedule, Response to Request for Additional Information
05000425/LER-2024-001, Manual Actuation of the Reactor Protection System Due to a Rod Control Fuse Opening Causing a Misaligned Shutdown Rod2024-08-0909 August 2024
Manual Actuation of the Reactor Protection System Due to a Rod Control Fuse Opening Causing a Misaligned Shutdown Rod
ML24218A1842024-08-0707 August 2024
Examination Report and Cover Letter
05200026/LER-2024-001, Manual Reactor Protection System Actuation Due to Procedure Not Optimally Sequenced to Reset the Rapid Power Reduction Signal2024-08-0606 August 2024
Manual Reactor Protection System Actuation Due to Procedure Not Optimally Sequenced to Reset the Rapid Power Reduction Signal
ML24212A1442024-08-0101 August 2024
Integrated Inspection Report 05200025/2024002 and 05200026/2024002
IR 05000424/20240022024-07-29029 July 2024
Integrated Inspection Report 05000424/2024002 and 05000425/2024002
IR 05000424/20244042024-07-26026 July 2024
Material Control and Accounting Program Inspection Report 05000424/2024404 and 05000425/2024404 (Cover Letter)
NL-24-0282, License Amendment Request and Exemption Request: Remove Tier 1 and Tier 2* Requirements2024-07-25025 July 2024
License Amendment Request and Exemption Request: Remove Tier 1 and Tier 2* Requirements
NL-24-0126, – Units 3 and 4, License Amendment Request: Changes to Technical Specification 3.7.6, Main Control Room Emergency Habitability System (Ves) Action a and SR 3.7.6.62024-07-25025 July 2024
– Units 3 and 4, License Amendment Request: Changes to Technical Specification 3.7.6, Main Control Room Emergency Habitability System (Ves) Action a and SR 3.7.6.6
ML24204A0722024-07-23023 July 2024
Issuance of Amendment No. 225, Regarding LAR to Revise TS 3.7.9 for a one-time Change to Support Nuclear Service Cooling Water Transfer Pump Repairs - Emergency Circumstances
NL-24-0286, Emergency Request to Revise Technical Specification 3.7.9 for a One-Time Change to Support a Unit 1 Nuclear Service Cooling Water Transfer Pump Repair2024-07-20020 July 2024
Emergency Request to Revise Technical Specification 3.7.9 for a One-Time Change to Support a Unit 1 Nuclear Service Cooling Water Transfer Pump Repair
NL-24-0261, 10 CFR 50.46 ECCS Evaluation Model Annual Report for 20232024-07-19019 July 2024
10 CFR 50.46 ECCS Evaluation Model Annual Report for 2023
ML24191A4562024-07-19019 July 2024
Request for Relief and Alternative Requirements for Squib (Explosively Actuated) Valves First Test Interval
ML24194A0342024-07-12012 July 2024
Review of the Refueling Outage 1R24 Steam Generator Tube Inspection Report
ML24191A3792024-07-10010 July 2024
– Initial Test Program and Operational Programs Inspection Report 05200026/2024011
NL-24-0227, Proposed Inservice Inspection Alternative GEN-ISI-AL T-2024-03 for Pressurizer Welds in Accordance with 10 CFR 50.55a(z)(1)2024-07-0303 July 2024
Proposed Inservice Inspection Alternative GEN-ISI-AL T-2024-03 for Pressurizer Welds in Accordance with 10 CFR 50.55a(z)(1)
NL-24-0234, Application to Revise Technical Specifications to Adopt TSTF-589, Eliminate Automatic Diesel Generator Start During Shutdown2024-06-28028 June 2024
Application to Revise Technical Specifications to Adopt TSTF-589, Eliminate Automatic Diesel Generator Start During Shutdown
NL-24-0143, Proposed Alternative to Use ASME Code Case N-752, Risk-Informed Categorization and Treatment for Repair/ Replacement Activities in2024-06-27027 June 2024
Proposed Alternative to Use ASME Code Case N-752, Risk-Informed Categorization and Treatment for Repair/ Replacement Activities in
NL-24-0087, License Amendment Request: Changes to Technical Specification 3.7.6, Main Control Room Emergency Habitability System (Ves) Air Storage Tanks2024-06-21021 June 2024
License Amendment Request: Changes to Technical Specification 3.7.6, Main Control Room Emergency Habitability System (Ves) Air Storage Tanks
NL-24-0201, Proposed Inservice Inspection Alternative GEN-ISI-ALT-2024-002 for Steam Generator Welds in Accordance with 10 CFR 50.55a(z)(1)2024-06-18018 June 2024
Proposed Inservice Inspection Alternative GEN-ISI-ALT-2024-002 for Steam Generator Welds in Accordance with 10 CFR 50.55a(z)(1)
NL-24-0243, Registration of Spent Fuel Cask Use2024-06-18018 June 2024
Registration of Spent Fuel Cask Use
ML24163A0632024-06-12012 June 2024
2024 Licensed Operator Re-qualification Inspection Notification Letter Vogtle, Units 3 & 4
ML24155A1772024-06-0505 June 2024
Regulatory Audit in Support of Review of the LAR to Revise Emergency Diesel Generator Frequency and Voltage Ranges for Technical Specification 3.8.1, Surveillance Requirements
NL-24-0202, SNC Response to Regulatory Issue Summary 2024-01: Preparation and Scheduling of Operator Licensing Examinations2024-05-24024 May 2024
SNC Response to Regulatory Issue Summary 2024-01: Preparation and Scheduling of Operator Licensing Examinations
ML24141A0482024-05-17017 May 2024
EN 56958_1 Ametek Solidstate Controls, Inc
ML24094A1402024-05-16016 May 2024
Staff Response to Request for Revision to NRC Staff Assessment of Updated Seismic Hazard Information and Latest Understanding of Seismic Hazards at the Vogtle Plant Site Following the NRC Process for the Ongoing Assessment of Natural Hazard
ML24130A2412024-05-13013 May 2024
Integrated Inspection Report 05200025/2024001 and 05200026/2024001
ML24120A1812024-05-13013 May 2024
Request for Withholding Information from Public Disclosure Responses to NRC Request for Additional Information for Refueling Outage IR24 Steam Generator Tube Inspection Report – Enclosure 2
ML24101A2112024-05-11011 May 2024
Expedited Issuance of Amendment No. 198 Change to Technical Specification 5.5.13, Ventilation Filter Testing Program (VFTP)
NL-24-0191, Annual Radiological Environmental Operating Reports for 20232024-05-10010 May 2024
Annual Radiological Environmental Operating Reports for 2023
ML24127A2372024-05-0909 May 2024
Initial Test Program and Operational Programs Inspection Report 05200026/2024010
NL-24-0194, Revised Request for Relief and Alternative Requirements for Squib Valves First Test Interval (V34-IST-ALT-03-R1)2024-05-0707 May 2024
Revised Request for Relief and Alternative Requirements for Squib Valves First Test Interval (V34-IST-ALT-03-R1)
ML24120A2832024-04-30030 April 2024
Project Manager Reassignment
2024-09-09
[Table view] |
Text
SUBJECT:
VOGTLE ELECTRIC GENERATING PLANT - INFORMATION REQUEST FOR THE CYBER-SECURITY BASELINE INSPECTION, NOTIFICATION TO PERFORM INSPECTION 05000424/2022401; 05000425/2022401
Dear Mrs. Gayheart:
On June 27, 2022, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline inspection in accordance with Inspection Procedure (IP) 71130.10 Cyber-Security, Revision 0, at your Vogtle Electric Generating Plant. The inspection will be performed to evaluate and verify your ability to provide assurance that your digital computer and communication systems and networks associated with safety, security, or emergency preparedness (SSEP) functions are adequately protected against cyber-attacks in accordance with Title 10 of the Code of Federal Regulations (10 CFR) 73.54 and the U.S. Nuclear Regulatory Commission (NRC) approved cyber security plan (CSP). The onsite portion of the inspection will take place during the week of June 27, 2022.
Experience has shown that baseline inspections are extremely resource intensive, both for the NRC inspectors and the licensee staff. To minimize the inspection impact on the site and to ensure a productive inspection for both parties, we have enclosed a request for documents needed for the inspection. These documents have been divided into four groups.
The first group specifies information necessary to assist the inspection team in choosing the focus areas (i.e., sample set) to be inspected by the cyber-security IP. This information should be made available electronically no later than April 29, 2022. The inspection team will review this information and, by May 13, 2022, will request the specific items that should be provided for review. This second group of additional requested documents will assist the inspection team in the evaluation of the critical systems and critical digital assets (CSs/CDAs), defensive architecture, and the areas of the licensees CSP selected for the cyber-security inspection. We request that the information provided from the second RFI be made available to the regional office prior to the inspection by June 17, 2022. March 28, 2022 The third group of requested documents consists of those items that the inspection team will review, or need access to, during the inspection. Please have this information available by the first day of the onsite inspection, June 27, 2022.
The fourth group of information is necessary to aid the inspection team in tracking issues identified as a result of the inspection. It is requested that this information be provided to the lead inspector as the information is generated during the inspection. It is important that all these documents are up to date and complete in order to minimize the number of additional documents requested during the preparation and/or the onsite portions of the inspection.
The lead inspector for this inspection is Philipp Braaten. We understand that our regulatory contact for this inspection is Kevin Walden of your organization. If there are any questions about the inspection or the material requested, please contact the lead inspector at (404) 997-4651 or via e-mail at Philipp.braaten@nrc.gov.
This letter does not contain new or amended information collection requirements subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection requirements were approved by the Office of Management and Budget, control number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget control number.
In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding, of the NRC's "Rules of Practice," a copy of this letter and its enclosure will be available electronically for public inspection in the NRCs Public Document Room or from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
Sincerely, Gerald McCoy, Branch Chief Engineering Branch 2 Division of Reactor Safety Docket Nos. 05000424; 05000425 License Nos. NPF-68; NPF-81 Enclosure:
Vogtle Electric Generating Plant Cyber-Security Inspection Document Request cc w/encl: Distribution via LISTSERV Signed by McCoy, Gerald on 03/28/22
ML22084A021 X Non-Sensitive X Publicly Available X SUNSI Review Sensitive Non-Publicly Available OFFICE RII/DRS RII/DRS NAME P. Braaten G. McCoy
DATE 03/28/2022 03/28/2022
VOGTLE ELECTRIC GENERATING PLANT CYBER-SECURITY INSPECTION DOCUMENT REQUEST
Inspection Report: 05000424/2022401; 05000425/2022401
Inspection Dates: June 27-July 1, 2022
Inspection Procedure: IP 71130.10, Cyber-Security, Revision 0 (Effective: 01/01/2022)
Reference: Guidance Document for Development of the Request for Information (RFI) and Notification Letter for Full-Implementation of the Cyber-Security Inspection, Rev. 2 (Issued: 11/22/2021)
NRC Inspectors:Philipp Braaten, Lead Melana Singletary 404-997-4651 404-997-4752 philipp.braaten@nrc.gov melana.singletary@nrc.gov
NRC Contractors: Al Konkal Alex Prada 561-989-0210 301-415-7000 alan.konkal@nrc.gov alexander.prada@nrc.gov
I. Information Requested for In-Office Preparation
The initial request for information (i.e., first RFI) concentrates on providing the inspection team with the general information necessary to select appropriate components and CSP elements to develop a site-specific inspection plan. The first RFI is used to identify the list of critical systems and critical digital assets (CSs/CDAs) plus operational and management (O&M) security control portions of the CSP to be chosen as the sample set required to be inspected by the cyber-security IP. The first RFIs requested information is specified below in Table RFI #1. The Table RFI #1 information is requested to be provided to the regional office by April 29, 2022, or sooner, to facilitate the selection of the specific items that will be reviewed during the onsite inspection weeks.
The inspection team will examine the returned documentation from the first RFI and identify/select specific systems and equipment (e.g., CSs/CDAs) to provide a more focused follow-up request to develop the second RFI. The inspection team will submit the specific systems and equipment list to your staff by May 13, 2022, which will identify the specific systems and equipment that will be utilized to evaluate the CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the cyber-security inspection. We request that the additional information provided from the second RFI be made available to the regional office prior to the inspection by June 17, 2022. All requests for information shall follow the guidance document U.S. NRC - Guidance Document for Development of the Request for Information (RFI)
and Notification Letter for Full Implementation of the Cyber-Security Inspection, referenced above.
VOGTLE ELECTRIC GENERATING PLANT CYBER-SECURITY INSPECTION DOCUMENT REQUEST
The required Table RFI 1 information shall be provided electronically to the lead inspector by April 29, 2022. The preferred file format for all lists is a searchable Excel spreadsheet file. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
Table RFI #1
Paragraph Number/Title: IP Ref
A list of all Identified Critical Systems and Critical Digital Assets, -
1 highlight/note any additions, deletions, reclassifications due to new Overall guidance from white papers, changes to NEI 10-04, 13-10, etc. since the last cyber security inspection.
2 A list of EP and Security onsite and offsite digital communication Overall systems.
3 Network Topology Diagrams to include information and data flow for Overall critical systems in levels 2, 3, and 4 (If available).
4 Ongoing Monitoring and Assessment program documentation. 03.01(a)
5 The most recent effectiveness analysis of the Cyber Security Program. 03.01(b)
6 Vulnerability screening/assessment and scan program documentation. 03.01(c)
Cyber Security Incident Response program documentation, including incident detection, response, and recovery documentation as well as 03.02(a)
7 contingency plan development, implementation, and including any and program documentation that requires testing of security boundary 03.04(b)
device functionality.
8 Device Access and Key Control program documentation. 03.02(c)
9 Password/Authenticator program documentation. 03.02(c)
10 User Account/Credential and Authentication program documentation. 03.02(d)
11 Portable Media and Mobile Device control program documentation, 03.02(e)
including kiosk security control assessment/documentation.
Design change/ modification program documentation and a list of all 12 design changes completed since the last cyber security inspection, 03.03(a)
including either a summary of the design change or the 50.59 documentation for the change.
13 Supply Chain Management program documentation including a list of 03.03(a),
security impact analysis for new acquisitions. (b) and (c)
VOGTLE ELECTRIC GENERATING PLANT CYBER-SECURITY INSPECTION DOCUMENT REQUEST
Table RFI #1
Paragraph Number/Title: IP Ref
Configuration Management program documentation including a list of 03.03(a)
14 security impact analysis performed due to configuration changes since and (b)
the last cyber inspection.
15 Cyber Security Plan and any 50.54(p) analysis to support changes to 03.04(a)
the plan since the last inspection.
16 Cyber Security Performance Metrics tracked (if applicable). 03.06(b)
17 Provide documentation describing any cyber security changes to the Overall access authorization program since the last cyber security inspection.
18 Provide a list of all cyber security procedures and policies with their Overall descriptive name and associated number.
19 Performance testing report (if applicable). 03.06(a)
20 Electronic Copy of UFSAR and Technical Specifications Overall
Based on this information, the inspection team will identify and select specific systems and equipment (e.g., CSs/CDAs) from the information requested by Table RFI #1 and submit a list of specific systems and equipment to your staff by May 13, 2022, for the second RFI (i.e., RFI #2).
II. Additional Information Requested to be Available Prior to Inspection.
As stated in Section I above, the inspection team will examine the returned documentation requested from Table RFI #1 and submit the list of specific systems and equipment to your staff by May 13, 2022 for the second RFI (i.e., RFI #2). The second RFI will request additional information required to evaluate the CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the cyber-security inspection. The additional information requested for the specific systems and equipment is identified in Table RFI #2. All requested information shall follow the guidance document referenced above.
The Table RFI 2 information shall be provided to the lead inspector by June 17, 2022.
The preferred file format for all lists is a searchable Excel spreadsheet. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
VOGTLE ELECTRIC GENERATING PLANT CYBER-SECURITY INSPECTION DOCUMENT REQUEST
Table RFI #2
Paragraph Number/Title: Items
For the system(s) chosen for inspection provide:
1 Ongoing Monitoring and Assessment activity performed on the 03.01(a)
selected system(s).
2 All Security Control Assessments for the selected system(s).* 03.01(a)
All vulnerability screenings/assessments associated with or scans 3 performed on the selected system(s) since the last cyber security 03.01(c)
inspection.*
Documentation (including configuration files and rules sets) for Network-based Intrusion Detection/Protection Systems (NIDS/NIPS),
4 Host-based Intrusion Detection Systems (HIDS), and Security 03.02(b)
Information and Event Management (SIEM) systems for system(s)
chosen for inspection).
Documentation (including configuration files and rule sets) for intra-5 security level firewalls and boundary devices used to protect the 03.02(c)
selected system(s).
6 Copies of all periodic reviews of the access authorization list for the 03.02(d)
selected systems since the last cyber inspection.
7 Baseline configuration data sheets for the selected CDAs. * 03.03(a)
8 Documentation on any changes, including Security Impact Analyses, 03.03(b)
performed on the selected system(s) since the last inspection.
9 Copies of the purchase order documentation for any new equipment 03.03(c)
purchased for the selected systems since the last inspection.
Copies of any reports/assessment for cyber security drills performed 03.02(a)
10 since the last inspection. 03.04(b)
Copy of the individual recovery plan(s) for the selected system(s) 03.02(a)
11 including documentation of the results the last time the backups were executed. 03.04(b)
List of Corrective actions taken as a result of cyber security 12 incidents/issues to include previous NRC violations and Licensee 03.05 Identified Violations since the last cyber security inspection.
- Some selected systems may have a large number of CDAs. For these systems reach out to the team leader for a specific selection of CDAs when responding to this request.
VOGTLE ELECTRIC GENERATING PLANT CYBER-SECURITY INSPECTION DOCUMENT REQUEST
III. Information Requested to be Available on First Day of Inspection
For the specific systems and equipment identified in Section II above, provide the following RFI (i.e., Table Week Onsite) to the team by June 27, 2022, the first day of the inspection. All requested information shall follow the guidance document referenced above.
The preferred file format for all lists is a searchable Excel spreadsheet file. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
Table Week Onsite
Paragraph Number/Title: Items
1 Any cyber security event reports submitted in accordance with 10 03.04(a)
CFR 73.77 since the last cyber security inspection.
Updated copies of corrective actions taken as a result of cyber 2 security incidents/issues, to include previous NRC violations and 03.05 Licensee Identified Violations since the last cyber security inspection, as well as vulnerability-related corrective actions.
The most recent Cyber-Security Quality Assurance audit and/or 3 self-assessment and a list of Corrective Actions generated as a result
IV. Information Requested to Be Provided Throughout the Inspection
(1) Copies of any corrective action documents generated as a result of the inspection teams questions or queries during the inspection.
(2) Copies of the list of questions submitted by the inspection team members and the status/resolution of the information requested (provided daily during the inspection to each inspection team member).
If you have any questions regarding the information requested, please contact the inspection team leader.
5
