ML041670676
| ML041670676 | |
| Person / Time | |
|---|---|
| Site: | Cooper  |
| Issue date: | 06/14/2004 |
| From: | Bhalchandra Vaidya NRC/NRR/DLPM |
| To: | Edington R Nebraska Public Power District (NPPD) |
| vaidya B, NRR/DLPM, 415-3308 | |
| References | |
| TAC MC3319 | |
| Download: ML041670676 (4) | |
Text
June 14, 2004 Mr. Randall K. Edington Vice President-Nuclear and CNO Nebraska Public Power District P. O. Box 98 Brownville, NE 68321
SUBJECT:
COOPER NUCLEAR STATION - USE OF ENCRYPTION SOFTWARE FOR SECURE TRANSMISSION OF SAFEGUARDS INFORMATION (TAC NO. MC3319)
Dear Mr. Edington:
By letter dated May 28, 2004, you requested approval to use encryption software for the transmission of Safeguards Information (SGI) for Cooper Nuclear Station. Specifically, you requested approval for the use of Pretty Good Protection (PGP) Software Corporate Desktop Version 8.0 or the latest validated version developed with PGP Software Development Kit (SDK) 3.0.3 for encryption of sensitive unclassified SGI.
Title 10 of the Code of Federal Regulations (10 CFR) Section 73.21(g)(3) states, in part,
... Safeguards Information shall be transmitted only by protected telecommunication circuits (including facsimile) approved by the NRC. The Nuclear Regulatory Commission (NRC) considers those encryption systems that the National Institute of Standards and Technology (NIST) has determined conform to the Security Requirements for Cryptographic Modules in Federal Information Processing Standard (FIPS) 140-2, as being acceptable. The Secretary of Commerce has made use of Cryptographic Module Validation Program products mandatory and binding for Federal agencies when a Federal agency determines that cryptography is necessary for protecting sensitive information.
PGP Software Corporate Desktop Version 8.0 was developed with PGP SDK 3.0.3 NIST Certificate, Number 394, validates compliance of this software development tool with FIPS 140-2 requirements. Therefore, the NRC staff finds the use of this encryption software acceptable for processing and transmitting SGI electronically for your site. Later versions of PGP Software Corporate Desktop are also acceptable provided that:
- 1.
They were developed using a software development tool e.g., PGP SDK 3.0.3 that meets and is validated by NIST to FIPS 140-2 requirements.
- 2.
You notify the NRC of your intention to update your encryption software 30 days prior to its first use. When notifying the NRC, include a description of the new software you will be using and provide a statement indicating NIST certification of the software development tool.
R. K. Edington It is important to remind you that in accordance with 10 CFR 73.21(a), you are required to establish and maintain an information protection system that satisfies 10 CFR 73.21(b) through (i). Compliance with the provisions of 10 CFR 73.21, including the use of encryption software for transmittal of SGI, is mandatory and inspectable. We recognize that you have made a regulatory commitment to implement procedures to control the transmission of SGI.
However, this commitment addresses requirements of 10 CFR 73.21(b) - (i) that are regulatory obligations and not commitments.
Additionally, only one public key is to be generated per site. The PGP file containing the public key must be named according to the following syntax: LastName_FirstName_SiteName.asc.
This naming convention represents the organizational point of contact indicated as owning the key-pair.
As stated in letter dated May 5, 2004, from R. P. Zimmerman, NRC, Office of Nuclear Security and Incident Response, to Stephen D. Floyd, Nuclear Energy Institute (NEI), please provide the public key for transmitting sensitive, unclassified SGI and the point of contact information (name, telephone number and e-mail address) to NEI and the NRC points of contact provided below. Once this information has been provided, we will provide a copy of the NRC public key to your point of contact. All SGI holders must employ an appropriate credentialing process to verify that individuals providing public keys are legitimate users. Private keys must be controlled as SGI.
The NRC point of contact for all transmittals related to the review and approval of the supplemental responses to the security orders is Mr. Bhalchandra K. Vaidya, Project Manager, Security Plan Review Team, Division of Licensing Project Management, who can be reached at (301)415-3308, or via e-mail at bkv@nrc.gov. For transmittal of other SGI, and for public key coordination, the NRC point of contact is Mr. Louis Grosman, Office of the Chief Information Officer, who can be contacted at (301)415-5826, or via e-mail at lhg@nrc.gov. As coordinated with the NEI, the industry point of contact for public key coordination is Mr. James W. Davis, who can be reached at (202)739-8105 and via e-mail at jwd@nei.org.
Encrypted SGI information shall be transmitted as attachments to an e-mail directed to sprt@nrc.gov. The e-mail message must also contain the name of the NRC staff member who is to receive the attachments.
If you have any questions, please contact me at (301)415-3308.
Sincerely,
/RA/
Bhalchandra K. Vaidya, Project Manager Security Plan Review Team Division of Licensing Project Management Office of Nuclear Reactor Regulation Docket No. 50-298 cc: See next page
ML041670676 OFFICE SPRT/PM SPRT/LA NSIR/DNS/SC OCIO/PMAS SPRT/SC NAME BVaidya CHawes SMorris LHGrosman JNakoski:RF for DATE 06/10/04 06/10/04 06/14/04 06/14/04 06/14/04
June 2004 Cooper Nuclear Station cc:
Mr. William J. Fehrman President and Chief Executive Officer Nebraska Public Power District 1414 15th Street Columbus, NE 68601 Mr. Clay C. Warren Vice President of Strategic Programs Nebraska Public Power District 1414 15th Street Columbus, NE 68601 Mr. John R. McPhail, General Counsel Nebraska Public Power District P. O. Box 499 Columbus, NE 68602-0499 Mr. Paul V. Fleming Licensing Manager Nebraska Public Power District P.O. Box 98 Brownville, NE 68321 Mr. Michael J. Linder, Director Nebraska Department of Environmental Quality P. O. Box 98922 Lincoln, NE 68509-8922 Chairman Nemaha County Board of Commissioners Nemaha County Courthouse 1824 N Street Auburn, NE 68305 Ms. Cheryl K. Rogers, Program Manager Nebraska Health & Human Services System Division of Public Health Assurance Consumer Services Section 301 Centennial Mall, South P. O. Box 95007 Lincoln, NE 68509-5007 Mr. Ronald A. Kucera, Director of Intergovernmental Cooperation Department of Natural Resources P.O. Box 176 Jefferson City, MO 65102 Senior Resident Inspector U.S. Nuclear Regulatory Commission P. O. Box 218 Brownville, NE 68321 Regional Administrator, Region IV U.S. Nuclear Regulatory Commission 611 Ryan Plaza Drive, Suite 400 Arlington, TX 76011 Jerry Uhlmann, Director State Emergency Management Agency P. O. Box 116 Jefferson City, MO 65101 Chief, Radiation and Asbestos Control Section Kansas Department of Health and Environment Bureau of Air and Radiation 1000 SW Jackson Suite 310 Topeka, KS 66612-1366 Mr. Daniel K. McGhee Bureau of Radiological Health Iowa Department of Public Health 401 SW 7th Street Suite D Des Moines, IA 50309 Mr. Scott Clardy, Director Section for Environmental Public Health P.O. Box 570 Jefferson City, MO 65102-0570 Jerry C. Roberts, Director of Nuclear Safety Assurance Nebraska Public Power District P.O. Box 98 Brownville, NE 68321