ML041480148
| ML041480148 | |
| Person / Time | |
|---|---|
| Site: | Grand Gulf, Arkansas Nuclear, River Bend, Waterford  |
| Issue date: | 05/25/2004 |
| From: | Burford F Entergy Operations |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| CNRO 2004-00034 | |
| Download: ML041480148 (4) | |
Text
Entergy Entergy Operations, Inc.
1340 Echelon Parkway Jackson, Mississippi 39213-8298 Tel 601-368-5758 F. G. Burford Acting Director Nuclear Safety & Licensing CNRO 2004-00034 May 25, 2004 Via Overnight Delivery U. S. Nuclear Regulatory Commission Attention: Document Control Desk One White Flint North 11555 Rockville Pike Rockville, MD 20852-2738 301-415-7000
SUBJECT:
Use of Encryption Software for Electronic Transmission of Safeguards Information Arkansas Nuclear One Units 1 and 2 Docket Nos. 50-313 and 50-368 License Nos. DPR-51 and NPF-6 Grand Gulf Nuclear Station Docket No. 50-416 License No. NPF-29 Waterford 3 Steam Electric Station Docket No. 50-382 License No. NPF-38 River Bend Station Docket No. 50-458 License No. NPF-47
REFERENCES:
- 1. 10 CFR 73.21
Dear Sir or Madam:
Pursuant to the requirements of 10 CFR 73.21 (g)(3), Entergy Nuclear South (Entergy) requests approval to process and transmit Safeguards Information (SGI) using PGP Software (Enterprise, Corporate, or Personal) Desktop Version 8.0 or the latest validated version, developed with PGP SDK 3.0.3. National Institute of Standards and Technology Certificate 394 validates compliance of this SDK with FIPS 140-2 requirements.
An information protection system for SGI that meets the requirements of 10 CFR 73.21 (b) through (i) has been established and is being maintained. Prior to the first use of encryption software for SGI material, written procedures shall be in place to describe, as a minimum:
access controls; where and when encrypted communications can be made; how encryption keys, codes and passwords will be protected from compromise; actions to be taken if the encryption keys, codes or passwords are, or are suspected to have been, compromised (for example, notification of all authorized users); and how the identity and access authorization of the recipient will be verified.
And'
CNRO 2004-00034 Page 2 of 3 Entergy intends to exchange SGI with the NRC, Nuclear Energy Institute (NEI), and other SGI holders who have received NRC approval to use PGP software. Mr. Mike Higgins, Security Superintendent, Arkansas Nuclear One is responsible for the overall implementation of the SGI encryption program at Entergy Nuclear South. He is also responsible for collecting, safeguarding, and disseminating the software tools needed for encryption and decryption of SGI.
Pursuant to 10 CFR 73.21 (g)(3), the transmission of encrypted material to other authorized SGI holders, who have received NRC approval to use PGP software, would be considered a protected telecommunications system. The transmission and dissemination of unencrypted SGI is subject to the provisions of 10 CFR 73.21(g)(1) and (2).
If you have any questions or require additional information, please contact Mr. Les England at 601-368-5766.
This letter includes new commitments as summarized in the Attachment.
Sincerely, FGB/A/a Attachment cc:
w/a Mr. J. L. Blount (ECH)
Mr. J. R. McGaha (ECH)
Mr. W. R. Campbell (ECH)
Mr. N. S. Reynolds (W&S)
Mr. J. P. DeRoy (ECH)
Mr. G. J. Taylor (ECH)
Mr. W. A. Eaton (ECH)
Mr. J. E. Venable (W3)
Mr. J. S. Forbes (ANO)
Mr. M. J. Wetterhahn (W&S)
Mr. P. D. Hinnenkamp (RBS)
Mr. G. A. Williams (GGNS)
CNRO 2004-00034 Page 3 of 3 cc:
(Continued) All w/a Mr. Scott Morris, NRC/NISR Mr. Louis Grosman, NRC/OCIO Mr. T. W. Alexion, P.M., (ANO-1))
Mr. D. G. Holland, P.M., (ANO-2)
Mr. N. Kalyanam, P.M., (W-3)
Mr. B. K. Vaidya, P.M., (GGNS)
Mr. M. K. Webb, P.M.,(RBS)
Office of Nuclear Reactor Regulation U. S. Nuclear Regulatory Commission Mail Stop 07-D-01 Washington, DC 20555-0001 Mr. Lynn Silvious, NRC/NSIR Mr. James Davis, NEI Mr. P. J. Alter, SRI, RBS Mr. R. W. Deese, SRI, ANO Mr. M. C. Hay, SRI, W-3 Mr. T. L. Hoeg, SRI, GGNS (SRls via Company Mail)
Regional Administrator U. S. Nuclear Regulatory Commission, Region IV 611 Ryan Plaza Drive, Suite 400 Arlington, TX 76011-8064
Attachment to CNRO-2004-00034 List of Regulatory Commitments The following table identifies those actions committed to by Entergy in this document. Any other statements in this submittal are provided for information purposes and are not considered to be regulatory commitments.
TYPE SCHEDULED (Check one)
COMPLETION ONE-TIME CONTINUING DATE (If COMMITMENT ACTION COMPLIANCE Required)
Prior to the first use of encryption software for X
July 12, 2004 SGI material, written procedures shall be in place to describe, as a minimum: access controls; where and when encrypted communications can be made; how encryption keys, codes and passwords will be protected from compromise; actions to be taken if the encryption keys, codes or passwords are, or are suspected to have been, compromised (for example, notification of all authorized users);
and how the identity and access authorization of the recipient will be verified.