ML041180614
| ML041180614 | |
| Person / Time | |
|---|---|
| Site: | Nuclear Energy Institute |
| Issue date: | 05/05/2004 |
| From: | Zimmerman R NRC/NSIR/DNS |
| To: | Floyd S Nuclear Energy Institute |
| Peralta J NSIR/DNS 301-415-6689 | |
| Shared Package | |
| ML041180611 | List: |
| References | |
| Download: ML041180614 (2) | |
Text
Enclosure 1
[Date____________]
U.S. Nuclear Regulatory Commission Attention: Document Control Desk Washington, DC 20555-0001
References:
- 1. 10 CFR 73.21
Subject:
Use of Encryption Software for Electronic Transmission of Safeguards Information Docket No(s): [_______________________]
Pursuant to the requirements of 10 CFR 73.21(g)(3), [company/licensee] requests approval to process and transmit Safeguards Information (SGI) using [data encryption software that has been tested and approved by the National Institute of Standards and Technology (NIST) in accordance with the criteria of Federal Information Processing Standard (FIPS) 140-1 and FIPS 140-2].
An information protection system for SGI that meets the requirements of 10 CFR 73.21(b) through (i) has been established and is being maintained. Prior to the first use of encryption software for SGI material, written procedures shall be in place to describe, as a minimum:
access controls; where and when encrypted communications can be made; how encryption keys, codes and passwords will be protected from compromise; actions to be taken if the encryption keys, codes or passwords are, or are suspected to have been, compromised (for example, notification of all authorized users); and how the identity and access authorization of the recipient will be verified.
[Licensee/company] intends to exchange SGI with [identify the intended recipient(s) of the encrypted SGI data.] [Licensee individual (name, title)] is responsible for the overall implementation of the SGI encryption program at [licensee/company]. [Licensee/company individual (name, title)] is responsible for collecting, safeguarding, and disseminating the software tools needed for encryption and decryption of SGI.
Pursuant to 10 CFR 73.21(g)(3), the transmission of encrypted material to other authorized SGI holders, who have received NRC approval to use [data encryption software], would be considered a protected telecommunications system. The transmission and dissemination of unencrypted SGI is subject to the provisions of 10 CFR 73.21(g)(1) and (2).
Should you have any questions or require additional information, please contact [Company point of contact, and phone number].
Sincerely,
[Name]
cc:
[Company list]
Scott Morris, NRC/NSIR Lynn Silvious, NRC/NSIR Louis Grosman, NRC/OCIO James Davis, NEI
[APPROPRIATE NRC REGIONAL CONTACT]