ML053320256
| ML053320256 | |
| Person / Time | |
|---|---|
| Issue date: | 12/23/2005 |
| From: | Zimmerman R Office of Nuclear Security and Incident Response |
| To: | Coyle M Nuclear Energy Institute |
| Lee E NSIR/DNS 301-415-8099 | |
| References | |
| NEI 04-04, Rev 1, NSIR-05-0351 | |
| Download: ML053320256 (2) | |
Text
December 23, 2005 Mr. Michael T. Coyle Vice President, Nuclear Operations Nuclear Generation Division Nuclear Energy Institute 1776 I Street, NW, Suite 400 Washington, DC 20006-3708
SUBJECT:
NRC ACCEPTANCE OF NEI 04-04, CYBER SECURITY PROGRAM FOR POWER REACTORS, REVISION 1
Dear Mr. Coyle:
The purpose of this letter is to inform you that the U.S. Nuclear Regulatory Commission (NRC) staff finds that Nuclear Energy Institute (NEI) 04-04, Cyber Security Program for Power Reactors, Revision 1, dated November 18, 2005, is an acceptable method for establishing and maintaining a cyber security program at nuclear power plants. Additionally, the NRC staff finds that the recommendations provided in the Appendices to NEI 04-04, Revision 1, are an acceptable way to implement the program described in the body of the document.
On June 6, 2005, you submitted NEI 04-04, Revision 0, dated February 28, 2005, on behalf of the industry for NRC staff endorsement. Since that time, the NRC staff has worked closely with the Nuclear Security Working Groups Cyber Security Task Force (the TASK Force) to resolve a number of technical and programmatic concerns and comments. The staff based its concerns and comments on NUREG/CR-6847, Cyber Security Self-Assessment Method for U.S. Nuclear Power Plants, NUREG/CR-6852, An Examination of Cyber Security at Several U.S. Nuclear Power Plants, International Standard ISO/IEC 17799, "Information Technology -
Code of Practice for Information Security Management (ISO/IEC 17799)," and current cyber security practices described in various National Institute of Standards and Technology special publications, and System/Admin Audit Network Security Institutes technical papers.
Subsequently, in a letter dated November 18, 2005, Mr. Jim W. Davis, Director of Operations for the Nuclear Generation Division, NEI, on behalf of the Task Force submitted NEI 04-04, Revision 1, to replace NEI 04-04, Revision 0. The staff reviewed NEI 04-04, Revision 1, and determined that all of the staffs concerns and comments have been adequately addressed.
If you have any questions regarding this matter, please contact Mr. Scott Morris of my staff at (301) 415-7083.
Sincerely,
/RA/
Roy P. Zimmerman, Director Office Of Nuclear Security and Incident Response
December 23, 2005 Mr. Michael T. Coyle Vice President, Nuclear Operations Nuclear Generation Division Nuclear Energy Institute 1776 I Street, NW, Suite 400 Washington, DC 20006-3708
SUBJECT:
NRC ACCEPTANCE OF NEI 04-04, CYBER SECURITY PROGRAM FOR POWER REACTORS, REVISION 1
Dear Mr. Coyle:
The purpose of this letter is to inform you that the U.S. Nuclear Regulatory Commission (NRC) staff finds that Nuclear Energy Institute (NEI) 04-04, Cyber Security Program for Power Reactors, Revision 1, dated November 18, 2005, is an acceptable method for establishing and maintaining a cyber security program at nuclear power plants. Additionally, the NRC staff finds that the recommendations provided in the Appendices to NEI 04-04, Revision 1, are an acceptable way to implement the program described in the body of the document.
On June 6, 2005, you submitted NEI 04-04, Revision 0, dated February 28, 2005, on behalf of the industry for NRC staff endorsement. Since that time, the NRC staff has worked closely with the Nuclear Security Working Groups Cyber Security Task Force (the TASK Force) to resolve a number of technical and programmatic concerns and comments. The staff based its concerns and comments on NUREG/CR-6847, Cyber Security Self-Assessment Method for U.S. Nuclear Power Plants, NUREG/CR-6852, An Examination of Cyber Security at Several U.S. Nuclear Power Plants, International Standard ISO/IEC 17799, "Information Technology -
Code of Practice for Information Security Management (ISO/IEC 17799)," and current cyber security practices described in various National Institute of Standards and Technology special publications, and System/Admin Audit Network Security Institutes technical papers.
Subsequently, in a letter dated November 18, 2005, Mr. Jim W. Davis, Director of Operations for the Nuclear Generation Division, NEI, on behalf of the Task Force submitted NEI 04-04, Revision 1, to replace NEI 04-04, Revision 0. The staff reviewed NEI 04-04, Revision 1, and determined that all of the staffs concerns and comments have been adequately addressed.
If you have any questions regarding this matter, please contact Mr. Scott Morris of my staff at (301) 415-7083.
Sincerely, (Original Signed by:)
Roy P. Zimmerman, Director Office Of Nuclear Security and Incident Response DISTRIBUTION:
RidsResOd RidsNrrOd RidsOgcMail DNS r/f NSIR-05-0351 ADAMS: ML053320256
- see previous concurrence
- 3005 OFFICE RSS/DNS SC:RSS/DNS PD:NSPPD/DNS D:DNS/NSIR OGC D:NSIR NAME ELee:jph*
SAMorris*
VOrdaz*
GTracy*
JGoldberg RZimmerman DATE 12/ 2 /05 12/ 5 /05 12/ 15 /05 12/15/05 12/23/05 12/23/05 OFFICIAL RECORD COPY