ML041800222
| ML041800222 | |
| Person / Time | |
|---|---|
| Site: | South Texas  |
| Issue date: | 06/16/2004 |
| From: | Bhalchandra Vaidya NRC/NRR/DLPM |
| To: | Head S South Texas |
| References | |
| TAC MC3218, TAC MC3219 | |
| Download: ML041800222 (6) | |
Text
June 16, 2004 Mr. Scott M. Head Manager, Licensing South Texas Project Nuclear Operating Company P. O. Box 289 Wadsworth, TX 77483
SUBJECT:
SOUTH TEXAS PROJECT ELECTRIC GENERATING COMPANY, UNITS 1 AND 2 - USE OF ENCRYPTION SOFTWARE FOR SECURE TRANSMISSION OF SAFEGUARDS INFORMATION (TAC NOS. MC3218 AND MC3219)
Dear Mr. Head:
By letter dated May 12, 2004, you requested approval to use encryption software for the transmission of Safeguards Information (SGI) for South Texas Project Electric Generating Company, Units 1 and 2. Specifically, you requested approval for the use of Pretty Good Protection (PGP) Software (Enterprise, Corporate, or Personal) Desktop Version 8.0 or the latest validated version developed with PGP Software Development Kit (SDK) 3.0.3 for encryption of sensitive unclassified SGI.
Title 10 of the Code of Federal Regulations (10 CFR) Section 73.21(g)(3) states, in part,
... Safeguards Information shall be transmitted only by protected telecommunication circuits (including facsimile) approved by the NRC. The Nuclear Regulatory Commission (NRC) considers those encryption systems that the National Institute of Standards and Technology (NIST) has determined conform to the Security Requirements for Cryptographic Modules in Federal Information Processing Standard (FIPS) 140-2, as being acceptable. The Secretary of Commerce has made use of Cryptographic Module Validation Program products mandatory and binding for Federal agencies when a Federal agency determines that cryptography is necessary for protecting sensitive information.
PGP Software Corporate Desktop Version 8.0 was developed with PGP SDK 3.0.3. NIST Certificate, Number 394, validates compliance of this software development tool with FIPS 140-2 requirements. Therefore, the NRC staff finds the use of this encryption software acceptable for processing and transmitting SGI electronically for your site. Later versions of PGP Software Corporate Desktop are also acceptable provided that:
- 1.
They were developed using a software development tool i.e., PGP SDK 3.0.3 that meets and is validated by NIST to FIPS 140-2 requirements.
- 2.
You notify the NRC of your intention to update your encryption software 30 days prior to its first use. When notifying the NRC, include a description of the new software you will be using and provide a statement indicating NIST certification of the software development tool.
S. M. Head It is important to remind you that in accordance with 10 CFR 73.21(a), you are required to establish and maintain an information protection system that satisfies 10 CFR 73.21(b) through (i). Compliance with the provisions of 10 CFR 73.21, including the use of encryption software for transmittal of SGI, is mandatory and inspectable.
Additionally, only one public key is to be generated per site. The PGP file containing the public key must be named according to the following syntax: LastName_FirstName_SiteName.asc.
This naming convention represents the organizational point of contact indicated as owning the key-pair.
As stated in letter dated May 5, 2004, from R. P. Zimmerman, NRC, Office of Nuclear Security and Incident Response, to Stephen D. Floyd, Nuclear Energy Institute (NEI), please provide the public key for transmitting sensitive, unclassified SGI and the point of contact information (name, telephone number and e-mail address) to NEI and the NRC points of contact provided below. Once this information has been provided, we will provide a copy of the NRC public key to your point of contact. All SGI holders must employ an appropriate credentialing process to verify that individuals providing public keys are legitimate users. Private keys must be controlled as SGI.
The NRC point of contact for all transmittals related to the review and approval of the supplemental responses to the security orders is Mr. Bhalchandra K. Vaidya, Project Manager, Security Plan Review Team, Division of Licensing Project Management, who can be reached at (301)415-3308, or via e-mail at bkv@nrc.gov. For transmittal of other SGI, and for public key coordination, the NRC point of contact is Mr. Louis Grosman, Office of the Chief Information Officer, who can be contacted at (301)415-5826, or via e-mail at lhg@nrc.gov. As coordinated with the NEI, the industry point of contact for public key coordination is Mr. James W. Davis, who can be reached at (202)739-8105 and via e-mail at jwd@nei.org.
Encrypted SGI information shall be transmitted as attachments to an e-mail directed to sprt@nrc.gov. The e-mail message must also contain the name of the NRC staff member who is to receive the attachments.
If you have any questions, please contact me at (301)415-3308.
Sincerely,
/RA/
Bhalchandra K. Vaidya, Project Manager Security Plan Review Team Division of Licensing Project Management Office of Nuclear Reactor Regulation Docket Nos. 50-498 and 50-499 cc: See next page
ML041700222 OFFICE SPRT/PM SPRT/LA NSIR/DNS/SC OCIO/PMAS SPRT/SC NAME BVaidya CHawes SMorris LHGrosman JNakoski RFretz for DATE 6/16/04 6/16/04 6/16/04 6/16/04 6/16/04
South Texas Project, Units 1 & 2 cc:
Senior Resident Inspector U.S. Nuclear Regulatory Commission P. O. Box 910 Bay City, TX 77414 A. Ramirez/C. M. Canady City of Austin Electric Utility Department 721 Barton Springs Road Austin, TX 78704 Mr. L. K. Blaylock Mr. W. C. Gunst City Public Service Board P. O. Box 1771 San Antonio, TX 78296 Mr. C. A. Johnson/A. C. Bakken AEP Texas Central Company P. O. Box 289 Mail Code: N5022 Wadsworth, TX 77483 INPO Records Center 700 Galleria Parkway Atlanta, GA 30339-3064 Regional Administrator, Region IV U.S. Nuclear Regulatory Commission 611 Ryan Plaza Drive, Suite 400 Arlington, TX 76011 D. G. Tees/R. L. Balcom Texas Genco, LP P. O. Box 1700 Houston, TX 77251 Judge, Matagorda County Matagorda County Courthouse 1700 Seventh Street Bay City, TX 77414 A. H. Gutterman, Esq.
Morgan, Lewis & Bockius 1111 Pennsylvania Avenue, NW Washington, DC 20004 Mr. T. J. Jordan, Vice President Engineering & Technical Services STP Nuclear Operating Company P. O. Box 289 Wadsworth, TX 77483 S. M. Head, Manager, Licensing Nuclear Quality & Licensing Department STP Nuclear Operating Company P. O. Box 289, Mail Code: N5014 Wadsworth, TX 77483 Environmental and Natural Resources Policy Director P. O. Box 12428 Austin, TX 78711-3189 Jon C. Wood Matthews & Branscomb 112 East Pecan, Suite 1100 San Antonio, TX 78205 Arthur C. Tate, Director Division of Compliance & Inspection Bureau of Radiation Control Texas Department of Health 1100 West 49th Street Austin, TX 78756 Brian Almon Public Utility Commission William B. Travis Building P. O. Box 13326 1701 North Congress Avenue Austin, TX 78701-3326
South Texas Project, Units 1 & 2 Susan M. Jablonski Office of Permitting, Remediation and Registration Texas Commission on Environmental Quality MC-122 P.O. Box 13087 Austin, TX 78711-3087 Mr. Terry Parks, Chief Inspector Texas Department of Licensing and Regulation Boiler Division P. O. Box 12157 Austin, TX 78711 Mr. Ted Enos 4200 South Hulen Suite 630 Ft. Worth, Texas 76109 Mr. James J. Sheppard President and Chief Executive Officer STP Nuclear Operating Company South Texas Project Electric Generating Station P. O. Box 289 Wadsworth, TX 77483