|
|---|
Category:Inspection Plan
MONTHYEARML24232A2262024-08-19019 August 2024
Information Request, Security IR 2024404
ML24232A2412024-08-19019 August 2024
Information Request, ISFSI Security IR 2024401
IR 05000445/20240052024-08-15015 August 2024
Updated Inspection Plan for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2024005 and 05000446/2024005)
ML24205A2162024-07-23023 July 2024
September 2024 Emergency Preparedness Program Inspection - Request for Information
ML24185A1382024-07-0202 July 2024
Inservice Inspection Request for Information
IR 05000445/20230062024-02-28028 February 2024
Annual Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 Reports 05000445/2023006 and 05000446/2023006
IR 05000445/20230052023-08-23023 August 2023
Updated Inspection Plan for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2023005 and 05000446/2023005)- Mid Cycle Letter 2023
ML23068A3782023-03-0909 March 2023
Notification of an NRC Fire Protection Baseline Inspection (NRC Inspection Report 05000445/2023011 and 05000446/2023011) and Request for Information
IR 05000445/20220062023-03-0101 March 2023
Annual Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2022006 and 05000446/2022006)
IR 05000445/20220052022-08-22022 August 2022
Updated Inspection Plan for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2022005 and 05000446/2022005)
IR 05000445/20224012022-06-28028 June 2022
Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000445/2022401; 05000446/2022401
ML22124A3042022-05-0505 May 2022
Notification of NRC Triennial Heat Exchanger/Sink Performance Inspection (05000445/2022003 and 05000446/2022003) and Request for Information
IR 05000445/20210062022-03-0202 March 2022
Annual Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2021006 and 05000446/2021006)
ML21253A2332021-09-0909 September 2021
Request for Information: Comanche Peak Nuclear Power Plant, Units 1 and 2 (05000445 and 05000446); Occupation Radiation Safety (71124.01, 71124.02, 7511)
ML21245A3072021-09-0202 September 2021
Request for Information ML21245A307
IR 05000445/20210052021-09-0101 September 2021
Mid-Cycle Inspection Plan Transmittal Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2021005 and 05000446/2021005)
ML21176A1292021-06-25025 June 2021
CPNPP FFD Inspection Doc Request 2021
ML21103A3982021-04-13013 April 2021
CP Security Inspection Information Request 2021403
ML21027A4322021-01-27027 January 2021
Information Request, Security IR 2021401
ML20309A3602020-11-0404 November 2020
Notification of NRC Design Bases Assurance Inspection (Teams) (Inspection Report 05000445/2021011 and 05000446/2021011) and Initial Request for Information
IR 05000445/20200052020-09-0101 September 2020
Updated Inspection Plan for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2020005 and 05000446/2020005)
ML20139A1452020-05-18018 May 2020
Notification of NRC Design Bases Assurance Inspection (Programs) (05000445/2020010 and 05000446/2020010) and Initial Request for Information
ML20055E1052020-03-0303 March 2020
CP2019006 Annual Assessment Letter
ML20045E3512020-02-13013 February 2020
Information Request February 13, 2020 Notification of Inspection and Request for Information Comanche Peak Unit 2 NRC Inspection Report 05000446/2020002
IR 05000445/20190052019-08-30030 August 2019
Updated Inspection Plan for Comanche Peak, Units 1 and 2, Reports 05000445/2019005 and 05000446/2019005
IR 05000445/20180062019-03-0404 March 2019
Annual Assessment Letter for Comanche Peak, Units 1 and 2 (Report 05000445/2018006 and 05000446/2018006)
ML19043A9442019-02-20020 February 2019
2019 CP Brq RFI Letter
IR 05000445/20180052018-08-31031 August 2018
Updated Inspection Plan for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2018005 and 05000446/2018005)
IR 05000445/20170062018-03-0101 March 2018
Annual Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2017006 and 05000446/2017006)
IR 05000445/20170052017-08-28028 August 2017
Updated Inspection Plan for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2017005 and 05000446/2017005)
IR 05000445/20160062017-03-0101 March 2017
Annual Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2016006 and 05000446/2016006)
ML16302A1002016-10-27027 October 2016
Notification of Inspection (NRC Inspection Report 05000445/2017002 and 05000446/2017002) and Request for Information
IR 05000445/20160052016-09-12012 September 2016
Errata for Mid-Cycle Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2016005 and 05000446/2016005)
IR 05000445/20164012016-08-31031 August 2016
Non-Public Security Inspection Plan for Comanche Peak Nuclear Power Plant (NRC Physical Security Inspection Report Numbers 05000445/2016401 and 05000446/2016401)
ML16239A2522016-08-31031 August 2016
Mid-Cycle Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2016005 and 05000446/2016005)
IR 05000445/20150062016-03-0202 March 2016
Annual Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2015006 and 05000446/2015006)
IR 05000445/20150052015-09-0101 September 2015
Mid-Cycle Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2015005 and 05000446/2015005)
IR 05000445/20154012015-09-0101 September 2015
Non-Public Security Inspection Plan for Comanche Peak Nuclear Power Plant (NRC Physical Security Inspection Report Numbers 05000445/2015401 and 05000446/2015401)
IR 05000445/20144022014-09-0202 September 2014
Non-Public Security Inspection Plan for Comanche Peak Nuclear Power Plant (NRC Physical Security Inspection Report Numbers 05000445/2014402 and 05000446/2014402)
IR 05000445/20140062014-09-0202 September 2014
Mid-Cycle Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2014006 and 05000446/2014006)
IR 05000445/20130012014-03-0404 March 2014
IR 05000445-13-001 & 05000446-13-001, 02/12/2014, Comanche Peak, Units 1 & 2, Annual Assessment Inspection Plan
ML13282A5002013-10-0909 October 2013
Notification of NRC Triennial Fire Protection Baseline Inspection (NRC Inspection Report 05000445-14-008 and 05000446-14-008) and Request for Information
IR 05000445/20130062013-09-0303 September 2013
(Report 05000445/2013006 and 05000446/2013006)
IR 05000445/20128012013-03-0404 March 2013
Annual Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2012801 and 05000446/2012801)
ML13060A4352013-03-0101 March 2013
Notification of NRC Component Design Bases Inspection IR 05000445-13-007 and 05000446-13-007, and Initial Request for Information
IR 05000445/20120062012-09-0404 September 2012
Mid-Cycle Letter for Comanche Peak Nuclear Power Plant Units 1 and 2 (Reports 05000445/2012006 and 05000446/2012006)
IR 05000445/20120012012-03-0505 March 2012
Annual Assessment Letter for Comanche Peak Nuclear Power Plant Units 1 and 2 (Report 05000445/2012001 and 05000446/2012001)
ML1124306442011-09-0101 September 2011
Mid-Cycle Performance Review and Inspection Plan - Comanche Peak Nuclear Power Plant - Units 1 and 2
CP-201101031, Transmittal of Unit 1 Inservice Inspection Program Plan, Revision 0 (Unit 1: ASME Code XI 1998 Edition, 1999 and 2000 Addenda, Interval Start - August 13, 2010, Third Interval)2011-08-0202 August 2011
Transmittal of Unit 1 Inservice Inspection Program Plan, Revision 0 (Unit 1: ASME Code XI 1998 Edition, 1999 and 2000 Addenda, Interval Start - August 13, 2010, Third Interval)
CP-201101030, Transmittal of Unit 1 Inservice Inspection Program Plan, Revision 6, (Unit 1: ASME Code XI 1998 Edition, 1999 and 2000 Addenda, Interval Start - August 13, 2000, Second Interval)2011-08-0202 August 2011
Transmittal of Unit 1 Inservice Inspection Program Plan, Revision 6, (Unit 1: ASME Code XI 1998 Edition, 1999 and 2000 Addenda, Interval Start - August 13, 2000, Second Interval)
2024-08-19
[Table view]
Category:Request for Additional Information (RAI)
MONTHYEARML24204A0022024-07-18018 July 2024
NRR E-mail Capture - Request for Additional Information Comanche Peak Request for Exemption from 10 CFR 50.71(e)(4) Final Safety Analysis Update Schedule
ML24192A1862024-07-10010 July 2024
Notification of Inspection (NRC Inspection Report 05000445/2024003 and 05000446/2024003) and Request for Information
ML24052A0122024-02-16016 February 2024
NRR E-mail Capture - Comanche Peak - Draft Request for Additional Information - Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications
ML24036A0122024-02-0202 February 2024
NRR E-mail Capture - Comanche Peak - Request for Additional Information - License Amendment Request to Extend the Allowed Outage Time for an Inoperable Emergency Diesel Generator
ML24033A2642024-02-0202 February 2024
NRR E-mail Capture - Comanche Peak - Revised Draft Request for Additional Information - License Amendment Request to Extend the Allowed Outage Time for an Inoperable Emergency Diesel Generator
ML24019A0742024-01-19019 January 2024
NRR E-mail Capture - Comanche Peak - Draft Request for Additional Information - License Amendment Request to Extend the Allowed Outage Time for an Inoperable Emergency Diesel Generator
ML24018A1072024-01-18018 January 2024
– Notification of Commercial Grade Dedication Inspection (05000445/2024012 and 05000446/2024012) and Request for Information
ML23256A1492023-09-11011 September 2023
Email from Mark Yoo (NRC) to Ken Peters (Vistra) - Comanche Peak LRA - Request for Additional Information - Set 4
ML23256A1502023-09-11011 September 2023
Request for Additional Information Requests - Comanche Peak - Set 4
ML23213A2162023-08-0202 August 2023
Vistra Operations Company, LLC Notification of License Renewal Inspection and Request for Information
ML23188A0452023-07-0707 July 2023
Request for Additional Information Requests - Comanche Peak - Set 3
ML23188A0442023-07-0707 July 2023
Email from Mark Yoo (NRC) to Ken Peters (Vistra) - Comanche Peak LRA - Request for Additional Information - Set 3
ML23181A0212023-06-29029 June 2023
Request for Additional Information Requests - Comanche Peak - Set 2
ML23181A0202023-06-29029 June 2023
Email from Mark Yoo (NRC) to Ken Peters (Vistra) - Comanche Peak LRA - Request for Additional Information - Set 2
ML23167A0232023-06-14014 June 2023
Request for Additional Information (RAI) for the Review of the Comanche Peak Initial License Renewal Application (Lra), Set 1
ML23167A0222023-06-14014 June 2023
Email: Request for Additional Information (RAI) Letter for the Review of the Comanche Peak Initial License Renewal Application, Set 1
ML23145A2322023-05-25025 May 2023
LRA - Request for Confirmation of Information - Set 2
ML23132A2542023-05-23023 May 2023
Supplemental Information Needed for Acceptance of Requested Licensing Action LAR to Adopt 10 CFR 50.69,Risk-Informed Categorization & Treatment of Structures,Systems & Components for Nuclear Power Reactors EPID L-2023-LLA-0057
ML23143A1372023-05-23023 May 2023
LRA - Request for Confirmation of Information - Set 1
ML23068A0562023-05-0909 May 2023
Request for Additional Information - Comanche Peak License Renewal Application Environmental Review
ML23068A0732023-04-13013 April 2023
Requests for Confirmation of Information for the Environmental Review of the Comanche Peak Nuclear Power Plant, Units 1 and 2, Licensed Renewal Application (EPID Number: L-2022-LNE-0004) (Docket Numbers 50-445 and 50-446)
ML23103A4682023-04-11011 April 2023
NRR E-mail Capture - Comanche Peak – Request for Additional Information - License Amendment Request to Apply the Westinghouse Full Spectrum Loss of Coolant Accident Evaluation Model
ML23086B9852023-03-27027 March 2023
NRR E-mail Capture - Comanche Peak – Draft Request for Additional Information - Request to Apply the Westinghouse Full Spectrum Loss of Coolant Accident Evaluation Model
ML23010A1442023-01-0909 January 2023
Inservice Inspection Request for Information
ML22325A2742022-11-21021 November 2022
NRR E-mail Capture - Comanche Peak - Request for Additional Information - Proposed Alternative P-1 Regarding IST of Safeguards Building Sump Pumps
ML22318A3102022-11-10010 November 2022
NRR E-mail Capture - Comanche Peak - Draft Request for Additional Information - Proposed Alternative P-1 Regarding IST of Safeguards Building Sump Pumps
ML22230B1092022-08-17017 August 2022
NRR E-mail Capture - Comanche Peak Unit 2 - Request for Additional Information - 2RE19 Inspection Summary Report for Steam Generator Tubing
ML22220A1942022-08-0808 August 2022
NRR E-mail Capture - Comanche Peak Unit 2 - Draft Request for Additional Information - 2RE19 Inspection Summary Report for Steam Generator Tubing
IR 05000445/20224012022-06-28028 June 2022
Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000445/2022401; 05000446/2022401
ML22083A0262022-03-23023 March 2022
NRR E-mail Capture - Comanche Peak - Request for Additional Information - Request to Adopt TSTF 505 Revision 2
ML21286A7912021-10-13013 October 2021
NRR E-mail Capture - Comanche Peak - Request for Additional Information - Request to Adopt TSTF-577 Revision 1
ML21253A2242021-09-0909 September 2021
Request for Information Occupational Radiation Safety Inspection (71124.01, 71124.02, and 71151) from 10/18-22/2021
ML21253A2332021-09-0909 September 2021
Request for Information: Comanche Peak Nuclear Power Plant, Units 1 and 2 (05000445 and 05000446); Occupation Radiation Safety (71124.01, 71124.02, 7511)
ML21245A3072021-09-0202 September 2021
Request for Information ML21245A307
ML21166A3382021-06-22022 June 2021
Supplemental Information Needed for Acceptance of Requested Licensing Action LAR to Adopt TSTF-505, Rev. 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b
ML21165A1022021-06-13013 June 2021
Pi&R; Request for Information
ML21103A3982021-04-13013 April 2021
CP Security Inspection Information Request 2021403
ML20225A0932020-08-12012 August 2020
Notification of Inspection 05000445/2020004 and 05000446/2020004 and Request for Information
ML20105A1072020-04-13013 April 2020
NRR E-mail Capture - Comanche Peak - Request for Additional Information - Exigent Amendment Request for One Time Change to Unit 2 Steam Generator Inspection Frequency
ML20104A0022020-04-11011 April 2020
NRR E-mail Capture - Comanche Peak Unit 2 - Request for Additional Information - Proposed Alternative to ASME OM Code for Deferral of Snubber Testing (SNB-1) and Visual Examinations (SNB-2)
ML20045E3512020-02-13013 February 2020
Information Request February 13, 2020 Notification of Inspection and Request for Information Comanche Peak Unit 2 NRC Inspection Report 05000446/2020002
ML19346B3812019-12-11011 December 2019
NRR E-mail Capture - Comanche Peak RAIs - Quality Assurance Program Reduction in Commitment
ML19319A5432019-11-14014 November 2019
NRR E-mail Capture - Draft Comanche Peak RAIs - Quality Assurance Program Reduction in Commitment
ML19058A3592019-02-27027 February 2019
NRR E-mail Capture - Comanche Peak Nuclear Power Plant, Unit Nos. 1 and 2 - Final Request for Additional Information Concerning License Amendment Request to Revise the Emergency Plan
IR 05000445/20170072018-02-0808 February 2018
Notification of Nrc Design Bases Assurance Inspection (Programs) (05000445/2017007 and 05000446/2017007)
ML17276B8622017-10-0303 October 2017
Notification of NRC Design Bases Assurance Inspection (Programs)(05000445/2017007 and 05000446/2017007) and Initial Request for Information
ML17087A2032017-03-28028 March 2017
NRR E-mail Capture - Comanche Peak, Unit 2 - Final Request for Additional Information Regarding Request No. 2B3-1
ML17066A2372017-03-0707 March 2017
Notification of NRC Triennial Fire Protection Baseline Inspection (05000445/2017008 and 05000446/2017008) and Request for Information
ML17048A4172017-02-17017 February 2017
Notification of NRC Inspection of the Implementation of Mitigation Strategies and Spent Fuel Pool Instrumentation Orders and Emergency Preparedness Communication/ Staffing/Multi-Unit Dose Assessment...
ML16034A1962016-02-0808 February 2016
Independent Spent Fuel Storage Installation - Request for Additional Information, Application for Order Approving Transfer of Facility Operating Licenses and Conforming Amendment
2024-07-18
[Table view] |
Text
June 28, 2022
SUBJECT:
COMANCHE PEAK NUCLEAR POWER PLANT, UNITS 1 AND 2 -
INFORMATION REQUEST FOR THE CYBER-SECURITY BASELINE INSPECTION, NOTIFICATION TO PERFORM INSPECTION 05000445/2022401; 05000446/2022401
Dear Mr. Peters,
On October 24, 2022, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline inspection in accordance with Inspection Procedure (IP) 71130.10, Cyber-Security, at your Comanche Peak Nuclear Power Plant. The inspection evaluates and verifies your ability to meet the requirements of the NRCs Cyber-Security Rule, Title 10, Code of Federal Regulations (CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and Networks.
Experience has shown that baseline inspections are extremely resource intensive, both for the NRC inspectors and the licensee staff. To minimize the inspection impact on the site and to ensure a productive inspection for both parties, we have enclosed a request for documents needed for the inspection. These documents have been divided into four groups.
The first group specifies information necessary to assist the inspection team in choosing the focus areas (i.e., sample set) to be inspected by the cyber-security inspection procedure. This information should be made available via electronic means (e.g., compact disc or other electronic means) and delivered to the regional office no later than August 1, 2022. The inspection team will review this information and, by August 22, 2022, will request the specific items that should be provided for review.
The second group of additional requested documents will assist the inspection team in the evaluation of the critical systems and critical digital assets, defensive architecture, and the areas of your cyber security program selected for the cyber-security inspection. This information will be requested for review in the regional office prior to the inspection by September 19, 2022. The third group of requested documents consists of those items that the inspection team will review, or need access to, during the inspection. Please have this information available by the first day of the onsite inspection, October 24, 2022.
The fourth group of information is necessary to aid the inspection team in tracking issues identified during the inspection. It is requested that this information be provided to the lead inspector as the information is generated during the inspection. It is important that these documents are up to date and complete to minimize the number of additional documents requested during the preparation and/or the onsite portions of the inspection.
The lead inspector for this inspection is Greg Pick. We understand that our regulatory contact for this inspection is Jim Barnette at 817-408-0934 (m) or via email james.barnette@luminant.com of your organization. If there are any questions about the inspection or the material requested, please contact the lead inspector Greg Pick at 817-504-2105 (m) or via e-mail at greg.pick@nrc.gov.
PAPERWORK REDUCTION ACT STATEMENT This letter contains mandatory information collections that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). The Office of Management and Budget (OMB)
approved these information collections (approval number 3150-0011). Send comments regarding this information collection to the Information Services Branch, Office of the Chief Information Officer, Mail Stop: T6 A10M, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by e-mail to Infocollects.Resource@nrc.gov, and to the Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202, (3150-0011) Office of Management and Budget, Washington, DC 20503.
PUBLIC PROTECTION NOTIFICATION The NRC may not conduct nor sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid OMB control number.
This letter and its enclosure will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations (10 CFR) 2.390, Public Inspections, Exemptions, Requests for Withholding. Your cooperation and support during this inspection will be appreciated.
Sincerely, Greg A. Pick Senior Reactor Inspector Engineering Branch 2 Division of Operating Reactor Safety Signed by Pick, Gregory on 06/28/22 Dockets: 50-445; 50-446 Licenses: NPF-87; NPF-89 Enclosure:
Comanche Peak Nuclear Power Plant Cyber-Security Inspection Document Request cc w/encl: Distribution via LISTSERV
ML22179A303 SUNSI Review ADAMS:
Non-Publicly Available Non-Sensitive Keyword:
By: GAP Yes No Publicly Available Sensitive NRC-002 OFFICE DORS/EB2:SRI NAME GPick SIGNATURE Gap DATE 6/28/2022
Enclosure Inspection Report:
05000445/2022401; 05000446/2022401 Inspection Dates:
October 24 - 28, 2022 Inspection Procedure:
IP 71130.10, Cyber-Security, dated January 1, 2022 Reference:
ML21330A088, Guidance Document for Development of the Request for Information (RFI) and Notification Letter for Full-Implementation of the Cyber-Security Inspection, Revision 1 NRC Inspectors:
Greg Pick, (Lead)
Stella Opara-Ogunmola 817-504-2105 301-287-9286 greg.pick@nrc.gov stella.opara@nrc.gov Marcus Chisolm 817-200-1426 marcus.chisolm@nrc.gov NRC Contractors:
Casey Priester Alan Konkal frederick.priester@nrc.gov alan.konkal@nrc.gov I.
Information Requested for In-Office Preparation The initial request for information (Table RFI#1) provides the team with the general information necessary to select appropriate components and cyber security program elements to develop a site-specific inspection plan. The initial request for information is used to identify the list of critical systems and critical digital assets plus operational and management security control portions of the cyber security program to be chosen as the sample set to be inspected. Please provide the information listed in Table RFI#1 to the regional office by August 1, 2022, or sooner, to facilitate the selection of the specific items that will be reviewed.
The team will examine the returned documentation from the initial request for information and select specific critical systems and critical digital assets to provide for a more deliberate, focused second request for information. The team will submit the second request by August 22, 2022, which will identify the critical systems and critical digital assets that will be utilized to evaluate the defensive architecture and the areas of your cyber security program selected for the inspection. We request that the information for the second request be made available for review by September 19, 2022.
All requests for information shall follow the referenced guidance document ADAMS Accession No. ML21330A088. If a secure document management service is utilized, it is recommended that a separate folder be used corresponding to each item listed below. It is recommended that multiple documents within each folder be individually entered and also combined into a ZIP file that is uploaded into the same folder. Documents should be identified by both document number and noun name. Electronic media on compact disc
or paper records (hard copy) are also acceptable. The preferred file format for all lists is a searchable Excel spreadsheet file. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
Table RFI#1 Section 3, Paragraph Number/Title:
IP Ref
A list of all Identified Critical Systems and Critical Digital Assets,-
highlight/note any. additions, deletions, reclassifications due to new guidance from white papers, changes to NEI 10-04, 13-10, etc. since the last cyber security inspection.
Overall
A list of EP and Security onsite and offsite digital communication systems Overall
Network Topology Diagrams to include information and data flow for critical systems in levels 2, 3 and 4 (If available)
Overall
Ongoing Monitoring and Assessment program documentation 03.01(a)
The most recent effectiveness analysis of the Cyber Security Program 03.01(b)
Vulnerability screening/assessment and scan program documentation 03.01(c)
Cyber Security Incident response documentation, including incident detection, response, and recovery documentation as well as contingency plan development, implementation and including any program documentation that requires testing of security boundary device functionality 03.02(a)
and 03.04(b)
Device Access and Key Control documentation 03.02(c)
Password/Authenticator documentation 03.02(c)
User Account/Credential documentation 03.02(d)
11 Portable Media and Mobile Device control documentation, including kiosk security control assessment/documentation 03.02(e)
Design change/ modification program documentation and a List of all design changes completed since the last cyber security inspection, 03.03(a)
Table RFI#1 Section 3, Paragraph Number/Title:
IP Ref including either a summary of the design change or the 50.59 documentation for the change.
Supply Chain Management documentation including any security impact analysis for new acquisitions 03.03(a),
(b) and (c)
Configuration Management documentation including any security impact analysis performed due to configuration changes since the last inspection 03.03(a)
and (b)
Cyber Security Plan and any 50.54(p) analysis to support changes to the plan since the last inspection 03.04(a)
Cyber Security Metrics tracked (if applicable)
03.06 (b)
Provide documentation describing any cyber security changes to the access authorization program since the last cyber security inspection.
Overall
Provide a list of all procedures and policies provided to the NRC with their descriptive name and associated number (if available)
Overall
Performance testing report (if applicable)
03.06 (a)
In addition to the above information please provide the following:
(1) Electronic copy of the UFSAR and technical specifications (2) Name(s) and phone numbers for the regulatory and technical contacts (3) Current management and engineering organizational charts II.
Additional Information Requested to be Available Prior to Inspection As stated in Section I above, the team will examine the documentation requested from Table RFI#1 and submit the list of critical systems and critical digital assets to your staff by August 22, 2022 (i.e., RFI#2). The additional information requested for the specific systems and equipment is identified in Table RFI#2. Please provide the Table RFI#2 information to the lead inspector by September 19, 2022. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
Table RFI#2 Section 3, Paragraph Number/Title:
IP Ref For the system(s) chosen for inspection provide:
Ongoing Monitoring and Assessment activity performed on the system(s)
03.01(a)
All Security Control Assessments for the selected system(s)
03.01(a)
All vulnerability screenings/assessments associated with or scans performed on the selected system(s) since the last cyber security inspection 03.01(c)
Documentation (including configuration files and rules sets) for Network-based Intrusion Detection/Protection Systems (NIDS/NIPS),
Host-based Intrusion Detection Systems (HIDS), and Security Information and Event Management (SIEM) systems for system(s)
chosen for inspection )
03.02(b)
Documentation (including configuration files and rule sets) for intra-security level firewalls and boundary devices used to protect the selected system(s)
03.02(c)
Copies of all periodic reviews of the access authorization list for the selected systems since the last inspection 03.02(d)
Baseline configuration data sheets for the selected CDAs 03.03(a)
Documentation on any changes, including Security Impact Analyses, performed on the selected system(s) since the last inspection 03.03(b)
Copies of the purchase order documentation for any new equipment purchased for the selected systems since the last inspection 03.03(c)
Copies of any reports/assessment for cyber security drills performed since the last inspection.
03.02(a)
03.04(b)
Copy of the individual recovery plan(s) for the selected system(s)
including documentation of the results the last time the backups were executed.
03.02(a)
03.04(b)
Corrective actions taken because of cyber security incidents/issues to include previous NRC violations and Licensee Identified Violations since the last cyber security inspection 03.05
III.
Information Requested to be Available on First Day of Inspection For the critical systems and critical digital assets identified in Section II, provide the following request for information (i.e., Table 1ST Week Onsite) to the team by October 24, 2022, the first day of the inspection.
Table 1ST Week Onsite Section 3, Paragraph Number/Title:
IP Ref
Any cyber security event reports submitted in accordance with 10 CFR 73.77 since the last cyber security inspection 03.05
Updated Copies of corrective actions taken because of cyber security incidents/issues, to include previous NRC violations and Licensee Identified Violations since the last cyber security inspection, as well as vulnerability-related corrective actions 03.05 In addition to the above information please provide the following:
(1) Copies of the following documents do not need to be solely available to the inspection team as long as the inspectors have easy and unrestrained access to them.
a.
Updated Final Safety Analysis Report (if not previously provided)
b.
Original FSAR Volumes c.
Original SER and Supplements d.
FSAR Question and Answers e.
Quality Assurance Plan f.
Technical Specifications (if not previously provided)
g.
Latest IPE/PRA Report (2) Vendor Manuals, Assessment and Corrective Actions:
a.
The most recent Cyber-Security Quality Assurance (QA) audit and/or self-assessment b.
Corrective action documents (e.g., condition reports, including status of corrective actions) generate because of the most recent Cyber-Security Quality Assurance (QA) audit and/or self-assessment
IV.
Information Requested To Be Provided Throughout the Inspection (1) Copies of any corrective action documents generated because of the inspection teams questions or queries during the inspection (2) Copies of the list of questions submitted by the inspection team members and the status/resolution of the information requested (provided daily during the inspection to each inspection team member)
If you have any questions regarding the information requested, please contact the inspection team leader.
