|
---|
Category:Inspection Report
MONTHYEARIR 05000483/20240032024-10-23023 October 2024 Integrated Inspection Report 05000483/2024003 IR 05000483/20240132024-10-21021 October 2024 Design Basis Assurance Inspection (Programs) Inspection Report 05000483/2024013 IR 05000483/20244012024-10-0909 October 2024 Material Control and Accounting Program Inspection Report 05000483/2024401 Public IR 05000483/20244032024-08-28028 August 2024 Security Baseline Inspection 05000483-2024-403 IR 05000483/20240052024-08-14014 August 2024 Updated Inspection Plan for Callaway Plant (Report 05000483/2024005) IR 05000483/20253012024-08-0505 August 2024 Notification of NRC Initial Operator Licensing Examination 05000483/2025301 IR 05000483/20240022024-07-18018 July 2024 And Independent Spent Fuel Storage Installation Integrated Inspection Report 05000483/2024002 and 07201045/2024001 IR 05000483/20244022024-05-0606 May 2024 Security Baseline Inspection Report 05000483/2024402 (Full Report) IR 05000483/20240112024-05-0101 May 2024 NRC Post-Approval Site Inspection for License Renewal (Phase 2) Report 05000483/2024011 IR 05000483/20240012024-04-16016 April 2024 Integrated Inspection Report 05000483/2024001 IR 05000483/20244042024-04-0909 April 2024 Cyber Security Inspection Report 05000483/2024404 IR 05000483/20230062024-02-28028 February 2024 Annual Assessment Letter for Callaway Plant Report 05000483/2023006 IR 05000483/20230042024-01-19019 January 2024 – Integrated Inspection Report 05000483/2023004 IR 05000483/20230102023-11-15015 November 2023 NRC License Renewal Phase 1 Inspection Report 05000483 2023010 IR 05000483/20233012023-11-0909 November 2023 NRC Examination Report 05000483-2023301 ML23293A2652023-10-24024 October 2023 3rd Quarter 2023 Integrated Inspection Report IR 05000483/20240122023-10-24024 October 2023 Information Request for the Cybersecurity Baseline Inspection, Notification to Perform Inspection (05000483/2024012) IR 05000483/20234012023-09-13013 September 2023 NRC Security Baseline Inspection Report 05000483/2023401 IR 05000483/20230052023-08-23023 August 2023 Updated Inspection Plan for Callaway Nuclear Power Plant, Unit 1 (Report 05000483/2023005) - Mid Cycle Letter 2023 IR 05000483/20230022023-07-10010 July 2023 Integrated Inspection Report 05000483/2023002 IR 05000483/20230112023-06-15015 June 2023 Comprehensive Engineering Team Inspection (CETI) Inspection Report 05000483/2023011 ML23122A3172023-05-0808 May 2023 Review of the Spring 2022 Steam Generator Tube Inservice Inspections IR 05000483/20230012023-04-12012 April 2023 Integrated Inspection Report 05000483/2023001 IR 05000483/20234022023-03-29029 March 2023 NRC Security Baseline Inspection Report 05000483/2023402 IR 05000483/20220062023-03-0101 March 2023 Annual Assessment Letter for Callaway Plant (Report 05000483/2022006) ML23019A0802023-01-19019 January 2023 Notification of Comprehensive Engineering Team Inspection (05000483/2023011) and Request for Information IR 05000483/20220042023-01-12012 January 2023 Integrated Inspection Report 05000483/2022004 IR 05000483/20220132022-11-15015 November 2022 Design Basis Assurance Inspection (Programs) Inspection Report 05000483/2022013 IR 05000483/20220032022-10-17017 October 2022 Integrated Inspection Report 05000483/2022003 IR 05000483/20220102022-10-12012 October 2022 Biennial Problem Identification and Resolution Inspection Report 05000483-2022010 - Draft IR 05000483/20224032022-09-27027 September 2022 Security Baseline Inspection Report 05000483/2022403 IR 05000483/20220052022-08-23023 August 2022 Updated Inspection Plan for Callaway Plant (Report 05000483/2022005) IR 05000483/20220112022-08-0202 August 2022 Triennial Fire Protection Inspection Report 05000483/2022011 IR 05000483/20220022022-07-27027 July 2022 Integrated Inspection Report 05000483/2022002 ML22157A0572022-06-0606 June 2022 Notification of NRC Design Bases Assurance Inspection (Programs) (05000483/2022013) and Request for Information IR 05000483/20220402022-05-0606 May 2022 95001 Supplemental Inspection Report 05000483/2022040 and Follow-Up Assessment Letter IR 05000483/20224012022-05-0505 May 2022 Cyber Security Inspection Report 05000483/2022401 IR 05000483/20220012022-04-26026 April 2022 Integrated Inspection Report 05000483/2022001 IR 05000483/20223012022-04-12012 April 2022 NRC Examination Report 05000483/2022301 ML22082A2012022-03-28028 March 2022 Notification of an NRC Fire Protection Baseline Inspection (NRC Inspection Report 05000483/2022011) and Request for Information IR 05000483/20224042022-03-24024 March 2022 Final Security Baseline Inspection Report 05000483/2022404 (Letter) IR 05000483/20210062022-03-0202 March 2022 Annual Assessment Letter for Callaway Plant (Report 05000483/2021006) IR 05000483/20210042022-01-0707 January 2022 Integrated Inspection Report - 05000483/2021004 IR 05000483/20224022021-11-30030 November 2021 Information Request for the Cyber Security Baseline Inspection, Notification to Perform Inspection 05000483/2022402 IR 05000483/20210032021-11-0808 November 2021 Integrated Inspection Report 05000483/2021003 IR 05000483/20214202021-10-29029 October 2021 NRC Security Baseline Inspection Cover Letter 050004832021420 IR 05000483/20214022021-10-26026 October 2021 Security Baseline Inspection Report 05000483/2021402 IR 05000483/20210052021-09-0101 September 2021 Mid-Cycle Inspection Plan Transmittal Letter for Callaway Plant (Report 05000483/2021005) IR 05000483/20210022021-08-0505 August 2021 Integrated Inspection Report 05000483/2021002 and Independent Spent Fuel Storage Installation Report 07201045/2021001 IR 05000483/20214012021-05-26026 May 2021 Security Baseline Inspection Report 05000483/2021401 2024-08-05
[Table view] Category:Letter
MONTHYEARIR 05000483/20240032024-10-23023 October 2024 Integrated Inspection Report 05000483/2024003 IR 05000483/20240132024-10-21021 October 2024 Design Basis Assurance Inspection (Programs) Inspection Report 05000483/2024013 IR 05000483/20244012024-10-0909 October 2024 Material Control and Accounting Program Inspection Report 05000483/2024401 Public ULNRC-06901, Concurrent Inoperability of Control Room Air Conditioning System Train and Opposite Train Emergency Diesel Generator Results in Condition Prohibited by Technical Specifications Limiting (Letter)2024-10-0101 October 2024 Concurrent Inoperability of Control Room Air Conditioning System Train and Opposite Train Emergency Diesel Generator Results in Condition Prohibited by Technical Specifications Limiting (Letter) ML24247A3042024-09-11011 September 2024 Regulatory Audit Questions for License Renewal Commitments 34 and 35 (EPID L-2024-LRO-0009) - Non-Proprietary IR 05000483/20244032024-08-28028 August 2024 Security Baseline Inspection 05000483-2024-403 IR 05000483/20240052024-08-14014 August 2024 Updated Inspection Plan for Callaway Plant (Report 05000483/2024005) IR 05000483/20253012024-08-0505 August 2024 Notification of NRC Initial Operator Licensing Examination 05000483/2025301 ML24212A2822024-08-0202 August 2024 Regulatory Audit Summary Concerning Review of Request No. C3R-01 for Proposed Alternative to ASME Code, Section XI Requirements for Containment Building Inspections IR 05000483/20240022024-07-18018 July 2024 And Independent Spent Fuel Storage Installation Integrated Inspection Report 05000483/2024002 and 07201045/2024001 ML24185A1032024-07-16016 July 2024 2024 Biennial Problem Identification and Resolution Inspection Report ULNRC-06892, Independent Spent Fuel Storage Installation Registration of Dry Spent Fuel Storage Canister HGMPC00062024-06-26026 June 2024 Independent Spent Fuel Storage Installation Registration of Dry Spent Fuel Storage Canister HGMPC0006 ULNRC-06891, Independent Spent Fuel Storage Installation, Registration of Dry Spent Fuel Storage Canister HGMPC00052024-06-26026 June 2024 Independent Spent Fuel Storage Installation, Registration of Dry Spent Fuel Storage Canister HGMPC0005 ULNRC-06884, Independent Spent Fuel Storage Installation, Registration of Dry Spent Fuel Storage Canister HGMPC00022024-06-12012 June 2024 Independent Spent Fuel Storage Installation, Registration of Dry Spent Fuel Storage Canister HGMPC0002 ULNRC-06886, Independent Spent Fuel Storage Installation, Registration of Dry Spent Fuel Storage Canister HGMPC00042024-06-12012 June 2024 Independent Spent Fuel Storage Installation, Registration of Dry Spent Fuel Storage Canister HGMPC0004 ULNRC-06885, Independent Spent Fuel Storage Installation, Registration of Dry Spent Fuel Storage Canister HGMPC00032024-06-12012 June 2024 Independent Spent Fuel Storage Installation, Registration of Dry Spent Fuel Storage Canister HGMPC0003 ML24144A0492024-06-11011 June 2024 Requests for Relief from ASME OM Code Pump and Valve Testing Requirements for Fifth 120-Month Inservice Testing Interval ML24158A5222024-06-0606 June 2024 Application to Revise Technical Specifications to Adopt Tstf-569, Rev. 2, Revise Response Time Testing Definition (LDCN 24-0008) ML24178A1132024-06-0606 June 2024 Ameren Missouris Intent to Adopt Revision 1 to Amendment 0 of Certificate of Compliance No. 1040 as Applicable to the ISFSI at the Callaway Plant Site ML24143A1632024-05-23023 May 2024 Independent Spent Fuel Storage Installation Registration of Dry Spent Storage Canister HGMPC0001 ULNRC-06882, Independent Spent Fuel Storage Installation Registration of Dry Spent Fuel Storage Canister HGMPC00122024-05-16016 May 2024 Independent Spent Fuel Storage Installation Registration of Dry Spent Fuel Storage Canister HGMPC0012 ML24137A2342024-05-16016 May 2024 Independent Spent Fuel Storage Installation - Registration of Dry Spent Fuel Storage Canister HGMPC0011 ML24122A1502024-05-0707 May 2024 Audit Plan to Support Review of Steam Generator License Renewal Response to Commitment Nos 34 and 35 ULNRC-06877, Final Safety Analysis Report Revision OL-27 and Technical Specification Bases Revision 252024-05-0606 May 2024 Final Safety Analysis Report Revision OL-27 and Technical Specification Bases Revision 25 IR 05000483/20244022024-05-0606 May 2024 Security Baseline Inspection Report 05000483/2024402 (Full Report) IR 05000483/20240112024-05-0101 May 2024 NRC Post-Approval Site Inspection for License Renewal (Phase 2) Report 05000483/2024011 ULNRC-06856, CFR 50.59 and 10 CFR 72.48 Summary Report2024-05-0101 May 2024 CFR 50.59 and 10 CFR 72.48 Summary Report ULNRC-06869, Submittal of Callaway, Unit 1, 2023 Annual Radiological Environmental Operating Report2024-04-30030 April 2024 Submittal of Callaway, Unit 1, 2023 Annual Radiological Environmental Operating Report ML24122A1132024-04-30030 April 2024 Submittal of Callaway, Unit 1, 2023 Annual Radioactive Effluent Release Report ULNRC-06876, Registration of Dry Spent Fuel Storage Canister HGMPC00102024-04-25025 April 2024 Registration of Dry Spent Fuel Storage Canister HGMPC0010 ML24108A1082024-04-17017 April 2024 Independent Spent Fuel Storage Installation Registration of Dry Spent Fuel Storage Canister HGMPC0009 ULNRC-06871, Independent Spent Fuel Storage Installation, Registration of Dry Spent Fuel Storage Canister HGMPC00072024-04-17017 April 2024 Independent Spent Fuel Storage Installation, Registration of Dry Spent Fuel Storage Canister HGMPC0007 ULNRC-06872, Independent Spent Fuel Storage Installation, Registration of Dry Spent Fuel Storage Canister HGMPC00082024-04-17017 April 2024 Independent Spent Fuel Storage Installation, Registration of Dry Spent Fuel Storage Canister HGMPC0008 ULNRC-06866, Submittal of Cycle 26 Commitment Change Summary Report2024-04-17017 April 2024 Submittal of Cycle 26 Commitment Change Summary Report IR 05000483/20240012024-04-16016 April 2024 Integrated Inspection Report 05000483/2024001 IR 05000483/20244042024-04-0909 April 2024 Cyber Security Inspection Report 05000483/2024404 ML24088A3212024-04-0101 April 2024 Notification of Commercial Grade Dedication Inspection (05000483/2024013) and Request for Information ML24086A5132024-03-26026 March 2024 CFR 50.46 Annual Report Regarding ECCS Evaluation Model Revisions ULNRC-06863, Submittal of Annual Exposure Report for 20232024-03-20020 March 2024 Submittal of Annual Exposure Report for 2023 ML24079A1622024-03-19019 March 2024 Re Nuclear Property Insurance Reporting ML24066A1932024-03-0707 March 2024 2024 Callaway Plant Notification of Biennial Problem Identification and Resolution Inspection and Request for Information ULNRC-06852, Owners Activity Reports (OAR-1 Forms) for Cycle/Refuel 262024-03-0505 March 2024 Owners Activity Reports (OAR-1 Forms) for Cycle/Refuel 26 IR 05000483/20230062024-02-28028 February 2024 Annual Assessment Letter for Callaway Plant Report 05000483/2023006 ML24052A3662024-02-26026 February 2024 Regulatory Audit Plan in Support of Proposed Alternative to ASME Code, Section XI Requirements for Containment Building Inspections ULNRC-06858, Completion of License Renewal Activities Prior to Entering the Period of Extended Operation2024-02-21021 February 2024 Completion of License Renewal Activities Prior to Entering the Period of Extended Operation ML24036A1712024-02-20020 February 2024 Exemption from Select Requirements of 10 CFR Part 73 (EPID L-2023-LLE-0079 (Security Notifications, Reports, and Recordkeeping and Suspicious Activity Reporting)) ULNRC-06853, Submittal of 2023 Fitness for Duty Performance Data Per Per 10 CFR 26.7172024-01-29029 January 2024 Submittal of 2023 Fitness for Duty Performance Data Per Per 10 CFR 26.717 ML24008A0552024-01-19019 January 2024 Acceptance of Requested Licensing Action - Proposed Alternative to the Requirements of the ASME Code (EPID L-2023-LLR- 0061) IR 05000483/20230042024-01-19019 January 2024 – Integrated Inspection Report 05000483/2023004 ML23353A1712024-01-18018 January 2024 Issuance of Amendment No. 237 to Clarify Support System Requirements for the Residual Heat Removal System and Control Room Air Conditioning System Under Technical Specifications 3.4.8, 3.7.11, and 3.9.6 2024-09-11
[Table view] |
Text
April 09, 2024
SUBJECT:
CALLAWAY PLANT - CYBER SECURITY INSPECTION REPORT 05000483/2024404
Dear Fadi Diya:
On March 28, 2024, the U.S. Nuclear Regulatory Commission (NRC ) completed an inspection at Callaway Plant and discussed the results of this inspection with Eric Herr, Vice President &
Chief Informatio n Officer Security, Cyb er Se curity, and other members of your staff. The results of this inspection are documented in the enclosed report.
No findings or violations of more than minor significance were identified during thi s inspection.
This letter, its enclosure, and yo ur response (if any) wil l be made available for publi c inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 1 0 of the Code of Federal Regulations 2.390, Publ ic Inspections, Exemp tions, Requests for Withholding.
Sincerely, Nicholas H. Taylor, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket No. 05000483 License No. NPF-30
Enclosure:
As stated
Inspection Report
Docket No. 05000483
License No. NPF-30
Report No. 05000483/2024404
Enterprise Identifier: I-2024-404-0011
Licensee: Ameren Missouri
Facility: Callaway Plant
Location: Steedman, MO
Inspection Dates: March 24, 2024, to March 28, 2024
Inspectors: S. Graves, Senior Reactor Inspector N. Okonkwo, Reactor Inspector T. Siddiky, Information Technology Specialist T. Coleman, Contractor SME
Approved By: Nicholas H. Taylor, Chief Engineering Branch 2 Division of Operating Reactor Safety
Enclosure
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at Callaway Plant, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations
No findings or violations of more than minor significance were identified.
Additional Tracking Items
None.
INSPECTION SCOPES
Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS
The inspectors reviewed implementation of Callaway Plants Cyber Security Plan (CSP) and focused on evaluating changes to the program, critical systems, and CDAs.
Cybersecurity (1 Sample)
- (1) The following IP sections were completed and constitute completion of 1 sample:
- 03.01, Review Ongoing Monitoring and Assessment Activities
- 03.02, Verify Defense-in-Depth Protective Strategies (Partial)
- 03.03, Review of Configuration Management Change Control (Partial)
- 03.05, Evaluation of Corrective Actions
The following systems were modified and reviewed:
- Thermocouple Core Cooling Monitor
- Iris Scan Biometric Identification System
In addition to the systems and programs that have been added or modified since the last cyber security inspection, the following systems were selected for inspection.
- Security Issues and Event Management System (SIEM)
- Boundary Devices, including Scanning Kiosks
INSPECTION RESULTS
No findings were identified.
EXIT MEETINGS AND DEBRIEFS
The inspectors verified no proprietary information was retained or documented in this report.
- On March 28, 2024, the inspectors presented the cyber security inspection results to Eric Herr, Vice President & Chief Information Officer Security, Cyber Security, and other members of the licensee staff.
DOCUMENTS REVIEWED
Inspection Type Designation Description or Title Revision or
Procedure Date
71130.10 Corrective Action Condition Report (CR) 202402206, 202400072, 202105183, 202303889,
Documents 202306933, 202201234, 202105572, 202100338,
2001842, 201906506, 202203606, 202305271,
2400712
Corrective Action Condition Report (CR) 202402124, 202402128, 202402125, 202402131,
Documents 202402168, 202402187
Resulting from
Inspection
Drawings 8600-X-90455 IRISCAN Interconnecting Diagram 08
J-373-00029 Met Tower Block Diagram 003
656B3282 Network Topology E
Engineering MP 21-0019 Change MET Tower workstations to meet cyber
Changes security requirements
MP 19-0002 TCCM upgrade
MP 22-0021 Iris Scan Upgrade
Miscellaneous IDS Diode Vendor Documentation - 05.01 GigaTAP
G Series Data Sheet
220331_FinalDrillPackage 3/31/2022 Cyber Security Incident Response Drill 3/31/2022
Executive Summary/ Final Report
230801_FinalDrillPackage Cyber Security Incident Response Drill Package 08/01/2023
2004736.500 CY 26 Upgrade IRIS SCAN Workstations 0
EWUB3001, EWUB3002 and HFSUB3001
AC121 Event Package 2 Incident Status, Activity Log, and Contact Lo Sheet 1/31/2024
for flS190.0014 Event
CA3248 Quarterly Callout Form 003
Callaw-1 Cyber Security Plan for AmerenUE (Union Electric 02
Company) Callaway Plant Unit 1
Inspection Type Designation Description or Title Revision or
Procedure Date
Callaway Cyber Security CLS / SIEM Analysis, Updates, and Patching N/A
Qualification Standard
Configuration CLS SIEM ruleset
OGM Job 22510575.500 Baseline review analysis for Iris Scan 8/2023
SDP-PI-CYBER Cyber Security 14
T25.0015 6 Callaway Energy Center Cyber Security 09/14/2020
Assessment Team Training, Rev. 20200914
135172 Instruction Manual for Iris Access System 005
Whitepaper Items Rescoped as Non-CDA Due to the NEI
Whitepapers
J-2049-00000 Thermocouple Core Cooling Monitor Operations 001
and Maintenance Manual
J-2049-00009 Thermocouple Core Cooling Monitor ALS 009
Communication Protocols
Procedures APA-ZZ-00500 Appendix 15 Adverse Condition - ADCN-4, Administrative 035
Correction.
APA-ZZ-01108 Cyber Security Program 010
APA-ZZ-01108 Addendum A CDA-Related Removable Media and Removable / 13
Portable Device Management.
DTI-CS-002 Virus Scanning Station (Kiosk) DTI 07
DTI-CS-014 Vulnerability Scan and Assessment 007
DTI-CS-018 Non-Engineering Configuration Control CDA 002
Change Process
DTI-CS-020 CLS/SIEM and NIDS Analysis, Updates, and 002
Testing
DTI-CS-026 CDA Baseline Configuration Review 000
EDP-RP-DR001 Thermocouple Cooling Monitor Disaster Recovery 001
EDP-ZZ-01108 Example of SIEM qual standard - specific tool CLS / N/A
SIEM Analysis, Updates, and Patching
EDP-ZZ-01108 Cyber Security Program Implementation. 015
EDP-ZZ-01108 Addendum 1 Digital Assessment Process 016
EDP-ZZ-01108 Addendum 2 Security Control Implementation Strategy 011
Inspection Type Designation Description or Title Revision or
Procedure Date
EDP-ZZ-01108 Addendum 3 Callaway Ongoing Monitoring for Critical Digital 014
Assets
EDP-ZZ-01108 Addendum 3 Callaway Ongoing Monitoring for Critical Digital 013
Assets
EDP-ZZ-01108 Addendum 4 Cyber Security Threat and Vulnerability Notification 006
Assessment Process
EDP-ZZ-01108 Addendum 7 Cyber Security Drill Program 004
EDP-ZZ-01108 Addendum 8 Centralized Cyber Security Monitoring System 005
EDP-ZZ-01108 Appendix A Cyber Security Defensive Strategy 006
EDP-ZZ-01108 Addendum 9 Threat Detection Software Configuration and 003
Update
EDP-ZZ-01108 Addendum 5 Callaway Cyber Security Incident Response 008
Procedure
Self-Control Assessment RDXY0001
Assessments SA 202200120-063 Cyber Security Effectiveness Review (PM1009161) 01/10/2024
Job 23505943
SA-202305963-003 Cyber Security Self-Assessment 10/29/2023
Work Orders Job 22004736/900, 23505943/500, 24000329/500,
24501859/500
7