ML052240219
| ML052240219 | |
| Person / Time | |
|---|---|
| Site: | South Texas  |
| Issue date: | 08/19/2005 |
| From: | Jaffe D NRC/NRR/DLPM/LPD4 |
| To: | Sheppard J South Texas |
| Jaffe D, NRR/DLPM, 415-1439 | |
| References | |
| TAC MC4299, TAC MC4300 | |
| Download: ML052240219 (6) | |
Text
August 19, 2005 Mr. James J. Sheppard President and Chief Executive Officer STP Nuclear Operating Company South Texas Project Electric Generating Station P. O. Box 289 Wadsworth, TX 77483
SUBJECT:
SOUTH TEXAS PROJECT, UNITS 1 AND 2 - RE: APPROVAL FOR USE OF PRETTY GOOD PROTECTION SOFTWARE DESKTOP VERSION 8.0.3 FOR ELECTRONIC PROCESSING AND TRANSMISSION OF SAFEGUARDS INFORMATION (TAC NOS. MC4299 AND MC4300)
Dear Mr. Sheppard:
By letter dated December 1, 2004 (Agencywide Documents Access and Management System (ADAMS) Accession Number ML043420294), Mr. Scott Head notified the U.S. Nuclear Regulatory Commission (NRC) that South Texas Project, Units 1 and 2 (STP) would begin use of Pretty Good Protection (PGP) Software (Enterprise, Corporate, or Personal) Desktop Version 8.0.3, the latest validated version developed with PGP Software Development Kit (SDK) 3.0.3 for encryption of sensitive unclassified Safeguards Information (SGI). National Institute of Standards and Technology (NIST) Certificate Number 394 shows that this software development tool complies with Federal Information Processing Standard (FIPS) 140-2, "Security Requirements for Cryptographic Modules." By letter dated September 10, 2004 (ADAMS Accession Number ML042640272), Mr. Scott Head requested immediate approval for the use of PGP Software Desktop Version 8.1. Subsequently, by letter dated August 8, 2005 (ADAMS Accession Number ML052240270), Mr. Head withdrew his request to use PGP Software Desktop Version 8.1.
The NRC staff finds the use of PGP Software Corporate Desktop Version 8.0.3 or newer versions of encryption software acceptable for processing and transmitting SGI electronically for your site provided that:
1.
The PGP software has been developed using a software development tool, PGP SDK 3.0.3, which has been validated by NIST Certificate Number 394, to meet FIPS 140-2.
2.
NIST-validated Cryptographic Algorithms are used to encrypt data for electronic transmission. These algorithms are listed in the certificate with algorithm certificate numbers. The NIST website, http://csrc.nist.gov/cryptval/140-1/1401val.htm, should be checked to ensure that the Cryptographic Algorithms selected for encrypting data are continuously approved by NIST. The NRC approves only those Cryptographic Algorithms approved by NIST. Thus, if NIST no longer approves certain Cryptographic Algorithms, the NRC also does not approve use of that Cryptographic Algorithm.
James J. Sheppard 3.
Only one public key is to be generated per site. The PGP file containing the public key must be named according to the following syntax:
LastName_FirstName_SiteName.asc. This naming convention represents the organizational point of contact indicated as owning the key-pair.
Title 10 of the Code of Federal Regulations (10 CFR) Section 73.21(g)(3) states, in part,
... Safeguards Information shall be transmitted only by protected telecommunications circuits (including facsimile) approved by the NRC.... The NRC considers those encryption systems that NIST has determined to be in conformance with the Security Requirements for Cryptographic Modules in FIPS 140-2, as being acceptable. The Secretary of Commerce has made use of Cryptographic Module Validation Program products mandatory and binding for Federal agencies when a Federal agency determines that cryptography is necessary for protecting sensitive information.
Additionally, in accordance with 10 CFR 73.21(a), STP Nuclear Operating Company is required to establish and maintain an information protection system that satisfies 10 CFR 73.21(b) through (i). Compliance with the provisions of 10 CFR 73.21, including the use of encryption software for transmittal of SGI, is mandatory and inspectible.
As stated in the letter dated May 5, 2004, from R. P. Zimmerman, NRC, Office of Nuclear Security and Incident Response, to Stephen D. Floyd, Nuclear Energy Institute (NEI) (ADAMS Accession Number ML041180613), please provide the public key for transmitting sensitive, unclassified SGI and the point of contact information (name, telephone number, and e-mail address) to NEI and the NRC points of contact provided below. Once this information has been provided, we will provide a copy of the NRC public key to your point of contact. All SGI holders must employ an appropriate credentialing process to verify that individuals provided with public keys are legitimate users. Private keys must be controlled as SGI.
The NRC technical point of contact regarding the use of PGP is Eric Lee, Security Specialist, Division of Nuclear Security, who can be reached at (301) 415-8099, or via e-mail at exl@nrc.gov. For public key coordination, the NRC point of contact is Mr. Louis Grosman, Office of the Chief Information Officer, who can be contacted at (301) 415-5826, or via e-mail at lhg@nrc.gov. As coordinated with NEI, the industry point of contact for public key coordination is Mr. James W. Davis, who can be reached at (202) 739-8105 or via e-mail at jwd@nei.org.
Sincerely,
/RA/
David H. Jaffe, Senior Project Manager, Section 1 Project Directorate IV Division of Licensing Project Management Office of Nuclear Reactor Regulation Docket Nos. 50-498 and 50-499 cc: See next page
J. J. Sheppard 3.
Only one public key is to be generated per site. The PGP file containing the public key must be named according to the following syntax:
LastName_FirstName_SiteName.asc. This naming convention represents the organizational point of contact indicated as owning the key-pair.
Title 10 of the Code of Federal Regulations (10 CFR) Section 73.21(g)(3) states, in part,
... Safeguards Information shall be transmitted only by protected telecommunications circuits (including facsimile) approved by the NRC.... The NRC considers those encryption systems that NIST has determined to be in conformance with the Security Requirements for Cryptographic Modules in FIPS 140-2, as being acceptable. The Secretary of Commerce has made use of Cryptographic Module Validation Program products mandatory and binding for Federal agencies when a Federal agency determines that cryptography is necessary for protecting sensitive information.
Additionally, in accordance with 10 CFR 73.21(a), STP Nuclear Operating Company is required to establish and maintain an information protection system that satisfies 10 CFR 73.21(b) through (i). Compliance with the provisions of 10 CFR 73.21, including the use of encryption software for transmittal of SGI, is mandatory and inspectible.
As stated in the letter dated May 5, 2004, from R. P. Zimmerman, NRC, Office of Nuclear Security and Incident Response, to Stephen D. Floyd, Nuclear Energy Institute (NEI) (ADAMS Accession Number ML041180613), please provide the public key for transmitting sensitive, unclassified SGI and the point of contact information (name, telephone number, and e-mail address) to NEI and the NRC points of contact provided below. Once this information has been provided, we will provide a copy of the NRC public key to your point of contact. All SGI holders must employ an appropriate credentialing process to verify that individuals provided with public keys are legitimate users. Private keys must be controlled as SGI.
The NRC technical point of contact regarding the use of PGP is Eric Lee, Security Specialist, Division of Nuclear Security, who can be reached at (301) 415-8099, or via e-mail at exl@nrc.gov. For public key coordination, the NRC point of contact is Mr. Louis Grosman, Office of the Chief Information Officer, who can be contacted at (301) 415-5826, or via e-mail at lhg@nrc.gov. As coordinated with NEI, the industry point of contact for public key coordination is Mr. James W. Davis, who can be reached at (202) 739-8105 or via e-mail at jwd@nei.org.
Sincerely,
/RA/
David H. Jaffe, Senior Project Manager, Section 1 Project Directorate IV Division of Licensing Project Management Office of Nuclear Reactor Regulation Docket Nos. 50-498 and 50-499 cc: See next page DISTRIBUTION:
PUBLIC RidsNrrPMDJaffe LGrosman (lhg)
PDIV-1 r/f RidsNrrLADBaxley RidsOgcRp RidsNrrDlpmLpdiv1 (DTerao)
ELee (exl)
RidsAcrsAcnwMailCenter RidsRgn4MailCenter ACCESSION NO: ML052240219 OFFICE PDIV-1/PM PDIV-1/LA PDIV-1/SC NSIR:DNS:RSS/SC NAME DJaffe DJohnson for DBaxley DTerao DHuyck for SMorris DATE 8/16/05 8/16/05 8/19/05 8/17/05 OFFICIAL RECORD COPY
South Texas Project, Units 1 & 2 June 2005 cc:
Senior Resident Inspector U.S. Nuclear Regulatory Commission P. O. Box 910 Bay City, TX 77414 C. Kirksey/C. M. Canady City of Austin Electric Utility Department 721 Barton Springs Road Austin, TX 78704 Mr. J. J. Nesrsta Mr. R. K. Temple City Public Service Board P. O. Box 1771 San Antonio, TX 78296 INPO Records Center 700 Galleria Parkway Atlanta, GA 30339-3064 Regional Administrator, Region IV U.S. Nuclear Regulatory Commission 611 Ryan Plaza Drive, Suite 400 Arlington, TX 76011 Jack A. Fusco/Michael A. Reed Texas Genco, LP 12301 Kurland Drive Houston, TX 77034 Judge, Matagorda County Matagorda County Courthouse 1700 Seventh Street Bay City, TX 77414 A. H. Gutterman, Esq.
Morgan, Lewis & Bockius 1111 Pennsylvania Avenue, NW Washington, DC 20004 E. D. Halpin Vice President Oversight STP Nuclear Operating Company P. O. Box 289 Wadsworth, TX 77483 S. M. Head, Manager, Licensing STP Nuclear Operating Company P. O. Box 289, Mail Code: N5014 Wadsworth, TX 77483 Environmental and Natural Resources Policy Director P. O. Box 12428 Austin, TX 78711-3189 Jon C. Wood Cox Smith Matthews 112 East Pecan, Suite 1800 San Antonio, TX 78205 Director Division of Compliance & Inspection Bureau of Radiation Control Texas Department of State Health Services 1100 West 49th Street Austin, TX 78756 Brian Almon Public Utility Commission William B. Travis Building P. O. Box 13326 1701 North Congress Avenue Austin, TX 78701-3326 Susan M. Jablonski Office of Permitting, Remediation and Registration Texas Commission on Environmental Quality MC-122 P.O. Box 13087 Austin, TX 78711-3087
South Texas Project, Units 1 & 2 June 2005 Mr. Terry Parks, Chief Inspector Texas Department of Licensing and Regulation Boiler Division P. O. Box 12157 Austin, TX 78711 Mr. Ted Enos 4200 South Hulen Suite 630 Ft. Worth, Texas 76109 Mr. James W. Davis Director of Operations Nuclear Energy Institute 1776 I Street, N.W., Suite 400 Washington, DC 20006-3708