ML042180387

From kanterella
Jump to navigation Jump to search

NMC Approval Letter - Duane Arnold Energy Center, Kewaunee, Palisades, Monticello, Point Beach, Units 1 & 2 & Prairie Island, Units 1 & 2 - Use of Encryption Software for Secure Transmission of Safeguards Information (TAC Nos. MC3355 - MC33
ML042180387
Person / Time
Site: Monticello, Palisades, Kewaunee, Point Beach, Prairie Island, Duane Arnold  Entergy icon.png
Issue date: 07/06/2004
From: Bhalchandra Vaidya
NRC/NRR/DLPM
To: Weinkam E
Nuclear Management Co
References
+sispmjr200506, -RFPFR, FOIA/PA-2005-0236, TAC MC3355, TAC MC3356, TAC MC3357, TAC MC3358, TAC MC3359, TAC MC3360, TAC MC3361, TAC MC3362
Download: ML042180387 (5)
v  d  e


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001

~*41 July 6,2004 Mr. Edward J. Weinkam Director, Regulatory Services Nuclear Management Company, LLC 700 First Street Hudson, WI 54016

SUBJECT:

DUANE ARNOLD ENERGY CENTER, KEWAUNEE NUCLEAR POWER PLANT, PALISADES NUCLEAR PLANT, MONTICELLO NUCLEAR GENERATING PLANT, POINT BEACH NUCLEAR PLANT, UNITS 1 AND 2, AND PRAIRIE ISLAND NUCLEAR GENERATING PLANT, UNITS 1 AND 2 -

USE OF ENCRYPTION SOFTWARE FOR SECURE TRANSMISSION OF SAFEGUARDS INFORMATION (TAC NOS. MC3355, MC3356, MC3358, MC3357, MC3359, MC3360, MC3361, AND MC3362)

Dear Mr. Weinkam:

By letter dated June 3, 2004, you requested approval to use encryption software for the transmission of Safeguards Information (SGI) for Duane Arnold Energy Center, Kewaunee Nuclear Power Plant, Palisades Nuclear Plant, Monticello Nuclear Generating Plant, Point Beach Nuclear Plant, Units 1 and 2, and Prairie Island Nuclear Generating Plant, Units I and 2.

Specifically, you requested approval for the use of PGP Software (Enterprise, Corporate, or Personal) Desktop Version 8.0 or the latest validated version developed with PGP SDK 3.0.3 for encryption of sensitive unclassified SGI.

Title 10 of the Code of Federal Regulations (10 CFR) Section 73.21 (g)(3) states, in part,

"... Safeguards Information shall be transmitted only by protected telecommunication circuits (including facsimile) approved by the NRC." The Nuclear Regulatory Commission (NRC) considers those encryption systems that the National Institute of Standards and Technology (NIST) has determined conform to the Security Requirements for Cryptographic Modules in Federal Information Processing Standard (FIPS) 140-2, as being acceptable. The Secretary of Commerce has made use of Cryptographic Module Validation Program products mandatory and binding for Federal agencies when a Federal agency determines that cryptography is necessary for protecting sensitive information.

PGP Software Corporate Desktop Version 8.0 was developed with PGP SDK 3.0.3. NIST Certificate, Number 394, validates compliance of this software development tool with FIPS 140-2 requirements. Therefore, the NRC staff finds the use of this encryption software acceptable for processing and transmitting SGI electronically for your site. Later versions of PGP Software Corporate Desktop are also acceptable provided that:

1.

They were developed using a software development tool e.g., PGP SDK 3.0.3 that meets and is validated by NIST to FIPS 140-2 requirements.

E. J. Weinkam-2.

You notify the NRC of your intention to update your encryption software 30 days prior to its first use. When notifying the NRC, include a description of the new software you will be using and provide a statement indicating NIST certification of the software development tool.

It is important to remind you that in accordance with 10 CFR 73.21 (a), you are required to establish and maintain an Information protection system that satisfies 10 CFR 73.21 (b) through (i). Compliance with the provisions of 10 CFR 73.21, including the use of encryption software for transmittal of SGI, is mandatory and inspectable.

Additionally, only one public key is to be generated per site. The PGP file containing the public key must be named according to the following syntax: LastName_FirstName._SiteName.asc.

This naming convention represents the organizational point of contact indicated as owning the key-pair.

As stated in letter dated May 5, 2004, from R. P. Zimmerman, NRC, Office of Nuclear Security and Incident Response, to Stephen D. Floyd, Nuclear Energy Institute (NEI), please provide the public key for transmitting sensitive, unclassified SGI and the point of contact information (name, telephone number and e-mail address) to NEI and the NRC points of contact provided below. Once this Information has been provided, we will provide a copy of the NRC public key to your point of contact. All SGI holders must employ an appropriate credentialing process to verify that individuals providing public keys are legitimate users. Private keys must be controlled as SGI.

The NRC point of contact for all transmittals related to the review and approval of the supplemental responses to the security orders is Mr. Bhalchandra K. Vaidya, Project Manager, Security Plan Review Team, Division of Licensing Project Management, who can be reached at (301)415-3308, or via e-mail at bkv~nrc.gov. For transmittal of other SGI, and for public key coordination, the NRC point of contact is Mr. Louis Grosman, Office of the Chief Information Officer, who can be contacted at (301)415-5826, orvia e-mail at Ihg~nrc.gov. As coordinated with the NEI, the industry point of contact for public key coordination Is Mr. James W. Davis, who can be reached at (202)739-8105 and via e-mail at jwd nei.org.

E. J. Weinkam Encrypted SGI information shall be transmitted as attachments to an e-mail directed to sprt@nrc.gov. The e-mail message must also contain the name of the NRC staff member who is to receive the attachments.

If you have any questions, please contact me at (301)415-3308.

Sincerely, Bhalchandra K. Vaidya, Project Manager Security Plan Review Team Division of Licensing Project Management Office of Nuclear Reactor Regulation Docket Nos. 50-331, 72-32, 50-305, 50-255, 72-7, 50-263, 50-266, 50-301, 72-5, 50-282, 50-306, and 72-10 cc: See next page

ML OFFICE SPRT/PM SPRT/LA NSIRIDNS/SC OCIO/PMAS NMSS/SFPO J SPRTS NAME BVaidya c9JA SMorp 0

P JNakoski(

DATE 6_3 1 f 4.

Duane Arnold Energy Center cc:

Mr. John Paul Cowan Executive Vice President &

Chief Nuclear Officer Nuclear Management Company, LLC 700 First Street Hudson, Ml 54016 John Bjorseth Plant Manager Duane Arnold Energy Center 3277 DAEC Road Palo, IA 52324 Steven R. Catron Manager, Regulatory Affairs Duane Arnold Energy Center 3277 DAEC Road Palo, IA 52324 U. S. Nuclear Regulatory Commission Resident Inspector's Office Rural Route #1 Palo, IA 52324 Daniel McGhee Utilities Division Iowa Department of Commerce Lucas Office Buildings, 5th floor Des Moines, IA 50319 Chairman, Linn County Board of Supervisors 930 1 st Street SW Cedar Rapids, IA 52404 Craig G. Anderson Senior Vice President, Group Operations 700 First Street Hudson, WI 54016 Mark A. Peifer Site Vice President Duane Arnold Energy Center Nuclear Management Company, LLC 3277 DAEC Road Palo, IA 52324-0351 Regional Administrator, Region III U. S. Nuclear Regulatory Commission 2443 Warrenville Road, Suite 210 Lisle, IL 60532-4352 Jonathan Rogoff Vice President, Counsel & Secretary Nuclear Management Company, LLC 700 First Street Hudson, WI 54016 Bruce Lacy Nuclear Asset Manager Alliant Energy/interstate Power and Light Company 3277 DAEC Road Palo, IA 52324

Retrieved from "https://kanterella.com/w/index.php?title=ML042180387&oldid=5397367"