IR 05000458/2025401
| ML25350C323 | |
| Person / Time | |
|---|---|
| Site: | River Bend  |
| Issue date: | 12/19/2025 |
| From: | Greg Warnick NRC/RGN-IV/DORS/EB2 |
| To: | Hansett P Entergy Operations |
| References | |
| IR 2025401 | |
| Download: ML25350C323 (0) | |
Text
December 18, 2025
SUBJECT:
RIVER BEND STATION - CYBERSECURITY INSPECTION REPORT 05000458/2025401
Dear Phil Hansett:
On November 25, 2025, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at River Bend Station and discussed the results of this inspection with you and other members of your staff. The results of this inspection are documented in the enclosed report.
No findings or violations of more than minor significance were identified during this inspection.
This letter will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.
Sincerely, Gregory G. Warnick, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket No. 05000458 License No. NPF-47
Enclosure:
As stated
Inspection Report
Docket Number:
05000458
License Number:
Report Number:
Enterprise Identifier:
I-2025-401-0005
Licensee:
Entergy Operations, Inc.
Facility:
River Bend Station
Location:
St. Francisville
Inspection Dates:
September 28 - 30, and November 24 - 25, 2025
Inspectors:
D. Bryen, Reactor Inspector
G. Pick, Sr Reactor Inspector
M. Shock, Cybersecurity Contractor
C. Simpson, Cybersecurity Contractor
Approved By:
Gregory G. Warnick, Chief
Engineering Branch 2
Division of Operating Reactor Safety
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cybersecurity inspection at River Bend Station, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations
No findings or violations of more than minor significance were identified.
Additional Tracking Items
None.
INSPECTION SCOPES
Inspections were conducted using the appropriate portions of the inspection procedures in effect at the beginning of the inspection unless otherwise noted. Currently approved inspection procedures with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html.
Samples were declared complete when the inspection procedure requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS
71130.10 - Cybersecurity
The inspectors reviewed the implementation of River Bends cybersecurity program and focused on evaluating changes to the program, critical systems, and critical digital assets.
Cybersecurity (1 Sample)
- (1) The inspectors completed the following inspection procedure sections that constituted completion of 1 sample:
- 03.01, Review Ongoing Monitoring and Assessment Activities
- 03.02, Verify Defense-in-Depth Protective Strategies
- 03.03, Review of Configuration Management Change Control In addition, the inspectors evaluated the following systems and components.
- plant computer system
- security computer system
- firewalls, servers, and workstations
INSPECTION RESULTS
No findings were identified.
EXIT MEETINGS AND DEBRIEFS
The inspectors verified that no proprietary information was retained or documented in this report.
- On November 25, 2025, the inspectors presented the cybersecurity inspection results to Phil Hansett and other members of the licensee staff.
DOCUMENTS REVIEWED
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Corrective
Action
Documents
CR-HQN-
24-01240, 2025-00462, 2025-00618, 2025-00726
Corrective
Action
Documents
CR-RBS-
2017-07360, 2018-01596, 2018-02780, 2018-02978, 2023-00656,
23-00656, 2023-07618, 2023-07621, 2024-04008, 2025-03196,
25-03777, 2025-03778, 2025-03779, 2025-04050, 2025-04184,
25-04185, 2025-04186, 2025-04187, 2025-04188, 2025-04189,
25-04190, 2025-04192, 2025-04193, 2025-04424, 2025-04444,
25-04454, 2025-04622, 2025-04701, 2025-04701, 2025-04808,
25-05032, 2025-05057
Corrective
Action
Documents
WT-RBS-
2018-00541, 2023-00042, 2023-00159, 2024-00037, 2024-00060,
24-00065, 2025-00037, 2025-00047, 2025-00048, 2025-00049,
25-00050, 2025-00052, 2025-00053, 2025-00054, 2025-00074
Drawings
Level 2 and Boundary Devices Wiring Diagram - Defense
Architecture Level 2.5 Cabinet 0-0940-58 Computer Room
7/20/2020
Drawings
River Bend Station General Network & Systems Infrastructure
3/3/2023
Miscellaneous
Cisco Catalyst Port Security
Miscellaneous
Assessment
Entergy Kiosk Cyber Security Controls Template
Miscellaneous
DMZ Security
Process
System-subsystem design
Miscellaneous
Kiosk Level 2
Configuration
RBS-LMJ07N4BF-L2
8/19/2025
Miscellaneous
Kiosk Level 3
Configuration
RBS-LMJ07N4BH-L3
8/19/2025
Miscellaneous
Kiosk Level 4
Configuration
RBS-LMJ07N4AX-L4
8/19/2025
Miscellaneous
LCM-RBS-
23-0167
Implementation of Physical Access Control and Access Control
for Transmission Medium for CDAs located outside the protected
area
9/25/2025
Miscellaneous
RBS-CDA-
1912-00007
Boundary Devices
3/1/2021
Miscellaneous
RBS-CDA-
Servers
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
2001-00018
Miscellaneous
RBS-CDA-
2009-00009
Plant Process Computer Upgrade System
Miscellaneous
RBS-CDA-
2103-00001
Critical Digital Asset Control Assessment
Miscellaneous
Software List
rbssoftwarelist0928
Miscellaneous
Splunk Alert
Configuration
Saved Searches
Miscellaneous
SRM-CP0001-
DD0001-
0000616480
ARINC Level 4 Remediation Cabinet OPDS Data Diode -
Walkdown Sheet
8/15/2019
Miscellaneous
SRM-CP0001-
FW0001-
0000616476
Level 4 Remediation Rack Firewall
4/24/2019
Miscellaneous
SRM-CP0001-
IDS0001-
0000616475
ARINC Remediation Cabinet Intrusion Detection Appliance
Walkdown
8/15/2019
Miscellaneous
SRM-SAS-
SVR-CP0001-
0000671340
Secondary Alarm Station Admin Workstation
2/1/2020
Miscellaneous
SRM-SAS-
SVR-FW0001-
0000671338
Cisco Firewall ASA
2/2/2020
Miscellaneous
White Paper
Endpoint_Protection_14_whitepaper
Miscellaneous
White Paper
AEC-203133-10.02_AlarmEventCriteria
1/18/2018
Miscellaneous
White Paper
SIEM White Paper
Miscellaneous
White Paper
CDA Remediation Risk
Miscellaneous
White Paper
Switched Port Analyzer (SPAN) Recommendations & Best
Practices
8/5/2016
Procedures
CSWI 1236
Cyber Security Provider Machine & Kiosk Update Work
Instructions
Procedures
CSWI 1240
Media Sanitization Verification Work Instructions
Procedures
CSWI 1245
Audit CDA Baseline Configuration Work Instructions
Procedures
CSWI 1250
Change CDA Passwords Work Instructions
Inspection
Procedure
Type
Designation
Description or Title
Revision or
Date
Procedures
CSWI 1255
Review of Audit Log Records (Logical) Work Instructions
Procedures
CSWI 1280
Monthly Operational Review and Verification of the SIEM
Infrastructure Work Instructions
Procedures
CSWI 1282
SIEM Signature Definition Update and Testing Work Instructions
Procedures
CSWI 1292
Compensatory Measures when CSOC Automated Reporting is
Unavailable Work Instructions
Procedures
Nuclear Cybersecurity Program
Procedures
EN-IT-103-01
Control of Portable Digital Media Connected to Critical Digital
Assets
Procedures
EN-IT-103-02
Cybersecurity Periodic Activities
Procedures
EN-IT-103-03
Cybersecurity Assessment Process
Procedures
EN-IT-103-04
Critical Digital Asset Technical Control Requirements
Procedures
EN-IT-103-05
Critical Digital Asset Access Control
Procedures
EN-IT-103-07
Cyber Security Physical Access Requirements for Critical Digital
Assets
Procedures
EN-IT-103-08
Nuclear Cyber Incident Response
Procedures
EN-IT-103-09
System Hardening & Secure Configuration
Procedures
EN-IT-103-11
Administration of Cyber Security Portable Digital Media Program
Procedures
EN-IT-103-12
Cybersecurity Configuration and Change Management
Procedures
EN-IT-103-14
Vulnerability Management
Procedures
EN-IT-103-15
Cybersecurity Procurement & Disposal Requirements
Work Orders
00534526, 00534527, 00554575, 00561265, 00578998,
00589403, 00592485, 00593316, 00595727, 52995368,
53033631, 53034990, 53036244, 54025444, 54026728,
54026728, 54034642, 54037706, 54050155, 54050947,
54060564, 54063963, 54076768, 54081513, 54091550,
54111858, 54132403, 54141851, 54151018, 54152245,
54152848, 54155859, 54186397, 54210943, 54230798,
243192, 54246367, 54267939, 54276159, 54277313,
54151018, 54274425, 54113244, 54298100, 54287676,
54309423