ML053480146
ML053480146 | |
Person / Time | |
---|---|
Issue date: | 12/22/2005 |
From: | Chris Miller NRC/NMSS/IMNS |
To: | Brach E, Camper L, Jun Lee, Pierson R, Reamer C, Rothschild T, Schlueter J NRC/NMSS/DHLWRS, NRC/NMSS/DWMEP, NRC/NMSS/FCSS, NRC/NMSS/SFPO, NRC/OGC, NRC/OIP, NRC/STP |
FPC | |
Shared Package | |
ML053480073 | List: |
References | |
RIS-05-031 | |
Download: ML053480146 (8) | |
See also: RIS 2005-31
Text
UNITED STATES
NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR MATERIAL SAFETY AND SAFEGUARDS
WASHINGTON, D.C. 20555-0001
December 22, 2005
NRC REGULATORY ISSUE SUMMARY 2005-31
CONTROL OF SECURITY-RELATED SENSITIVE UNCLASSIFIED NON-
SAFEGUARDS INFORMATION HANDLED BY INDIVIDUALS, FIRMS,
AND ENTITIES SUBJECT TO NRC REGULATION OF THE USE OF
SOURCE, BYPRODUCT, AND SPECIAL NUCLEAR MATERIAL
ADDRESSEES
All licensees, certificate holders, applicants, and other entities (hereafter referred to as
licensees and others) subject to regulation by the U.S. Nuclear Regulatory Commission (NRC)
of the use of source, byproduct, and special nuclear material, except for those as covered by
provisions of Regulatory Issue Summary (RIS) 2005-26 for nuclear power reactors.
INTENT
This RIS sets forth procedures that licensees and others are encouraged to follow when
handling documents and/or when submitting documents to the NRC that contain security-
related sensitive information, other than classified or safeguards information, that could be
useful, or could reasonably be expected to be useful, to a terrorist in a potential attack.
Attached to this RIS are screening criteria that licensees and others should use to identify
security-related sensitive information.
No specific action nor written response is required.
BACKGROUND
NRC traditionally has given the public access to a significant amount of information about the
facilities and materials the Agency regulates. Openness has been and remains a cornerstone
of NRCs regulatory philosophy. The Atomic Energy Act, subsequent legislation, and various
NRC regulations have given the public the right to participate in the licensing and oversight
process for NRC licensees. To participate in a meaningful way, the public must have access to
information about the design and operation of regulated facilities and use of nuclear materials.
However, NRC and other Government agencies have always withheld some information from
public disclosure for reasons of security, personal privacy, or commercial or trade secret
protection.
Page 2 of 5
In the post-September 11, 2001, environment, NRC, like many other agencies, has found it
necessary to be more judicious in determining what information to voluntarily release, so as not
to inadvertently provide assistance to those who might use certain information for malevolent
acts. NRC has issued orders and advisories and taken specific actions regarding the security
of its licensed facilities and has also assessed and revised its policies and practices for making
information available to the public. One of the actions NRC took was to suspend public access
to documents in its electronic Agency-wide Documents Access and Management System
(ADAMS) on October 25, 2004. Subsequently, NRC screened those documents to determine
whether they contained security-related sensitive information. Based on this screening, a large
number of documents were returned to public access in ADAMS. This screening process
continues as requests for specific documents are received and as new documents are created
by NRC and received from licensees and others.
To facilitate this screening process, NRC has developed screening criteria for conducting its
reviews. In November 2005, NRC issued guidance (NRC RIS 2005-26) for assessing whether
documents associated with reactor licensees should be made publicly available. As part of the
continuing efforts in this area, NRC has now developed the attached criteria for screening from
public disclosure security-related sensitive information associated with various NRC-regulated
activities of persons handling source, byproduct, and special nuclear material.
This RIS and its attachments do not apply to classified information or Safeguards Information.
Classified information (Confidential, Secret, Top Secret) is withheld from the public by law.
Safeguards Information is withheld because it provides details of security measures at nuclear
facilities. Handling requirements for classified information and Safeguards Information are set
forth in various NRC orders, regulations, and generic communications (e.g., requirements for
the handling and protection of Safeguards Information are discussed in RIS-2003-08,
Protection of Safeguards Information from Unauthorized Disclosure, dated April 30, 2003).
Sensitive (but unclassified, non-safeguards) information covers a range of information for which
the loss, misuse, modification, or unauthorized access can reasonably be foreseen to harm the
public interest, commercial or financial interests of an entity, the conduct of NRC and Federal
Programs, or the personal privacy of individuals. As noted above, this RIS covers security-
related information which, if released, could cause harm to the public interest as it could be
useful, or could reasonably be expected to be useful, to a terrorist in a potential attack.
Specifically, information that should be protected under this RIS is described in Attachment 2.
In addition, licensees and others should use the procedures set forth below to protect
information designated for protection by other federal, State, or local agencies.
SUMMARY OF ISSUE
This RIS:
1) Informs licensees and others of the screening criteria that NRC uses to identify and
protect security-related sensitive information in documents generated by the Agency
and in documents received from licensees and others;
2) Encourages licensees and others to identify security-related sensitive information
contained in documents submitted to NRC, by using the screening criteria in
Attachment 2 and marking procedures; and
Page 3 of 5
3) Encourages licensees and others that may possess security-related sensitive
information to control the information, to limit the risk that the information might fall into
the hands of those who would use it for malevolent acts.
Specifically, protection of the information should be implemented in the following manner:
1. Screening of Future Documents Submitted to NRC
To assure that future submittals containing security-related sensitive information are not
made publicly available in ADAMS, while still making other appropriate information
available to the public, NRC is encouraging licensees and others to screen submittals in
accordance with the guidance in Attachment 2. If practical, documents submitted to
NRC should avoid including security-related sensitive information to permit releasing the
document to the public in its entirety.
2. Marking and Submitting Documents Containing Security-Related Sensitive Information
If it is necessary to include security-related sensitive information in a submitted
document, the submittal should be marked to indicate the presence of such information
as follows:
a) The cover letter should clearly state that the attached documents contain
security-related sensitive information. When separated from the attached
documents, if the cover letter itself does not contain security-related sensitive
information, the cover letter itself is uncontrolled.
b) As shown in Attachment 1 (Section A), the top of every page of a letter or
document that contains security-related sensitive information should include the
marking Security-Related Information Withhold Under 10 CFR 2.390 (note
that NRCs procedure for these documents is to mark them as Official Use Only
- Security-Related Information). For the pages having security-related sensitive
information, an additional marking (e.g., an editorial notebox) should be included
adjacent to the material meeting the screening criteria in Attachment 2.
Information on suggested handling and methods of submittal of security-related
sensitive information is also contained in Attachment 1 (Section B).
Licensees and others can submit both a public and a non-public version of a document,
when security-related documents need to be submitted. The public version could have
the security-related sensitive information marked out or removed with a notation that
the information was withheld on the basis that it is Security-Related Information. This
is similar to what is sometimes done to protect proprietary information under 10 CFR
2.390, except that an affidavit is not needed. Alternatively, security-related sensitive
information could be segregated from the main body of the document and included only
in attachments to the submittal. Only the attachments containing security-related
sensitive information would be marked for withholding from public disclosure. Using this
approach, the public version need not be marked as containing security-related sensitive
information.
Page 4 of 5
3. Protection of Security-Related Sensitive Information
Documents that contain security-related sensitive information should be protected from
public disclosure, using methods similar to that for protecting proprietary information.
To the extent practicable, any existing documents containing security-related sensitive
information that licensees or others have previously made available to the public should
be withdrawn from public access. As with proprietary information, licensees and others
should have sufficient internal controls to prevent release of information. Possible
methods to prevent the inadvertent release of security-related sensitive information
include marking documents Security-Related Information - Withhold Under 10 CFR
2.390, restricting access to electronic recordkeeping systems that contain such
information, and controlling the reproduction, distribution, and destruction of potentially
sensitive records. Licensees and others should ensure that similar controls are in place
when security-related sensitive information is provided to outside parties such as
contractors or other Government agencies, and that the information is made available
only to such parties who have a need to know the information to perform their jobs and
who are made aware of the security-related nature of the information.
This RIS, the attached screening criteria, and additional explanatory material, as appropriate,
are also posted on the NRC Web site at http://www.nrc.gov/reading-rm/sensitive-info.html)
(note that the criteria for fuel cycle facilities in this website and in this RIS supercedes
information at http://www.nrc.gov/materials/fuel-cycle-fac/review-criteria-fuel-cycle.html).
The NRC staff will interact with licensees and others on a case-by-case basis to resolve
questions regarding the application of the procedures and screening criteria set forth in this RIS
and its attachments.
NRC will continue to make available to the public as much information as possible. Much of
NRCs information is readily available to the public via the NRC Web site (www.nrc.gov) and
NRCs ADAMS system (www.nrc.gov/reading-rm/adams.html). In addition, other information
may be released to the public in response to formal and/or informal requests. Although the
security-related sensitive information screening criteria were developed with the principles of
the Freedom of Information Act (FOIA) in mind, a review for security-related sensitive
information does not substitute for a FOIA review. FOIA requests will continue to be reviewed
and processed independently from the security-related sensitive information review process.
BACKFIT DISCUSSION
This RIS requires no action nor written response and is, therefore, not a backfit under 10 CFR 70.76, 72.62, or 76.76. Consequently, the NRC staff did not perform a backfit analysis.
FEDERAL REGISTER NOTIFICATION
A notice of opportunity for public comment on this RIS was not published in the Federal
Register because it is informational and does not represent a departure from current regulatory
requirements and practice.
Page 5 of 5
SMALL BUSINESS REGULATORY ENFORCEMENT FAIRNESS ACT OF 1996
NRC has determined that this action is not subject to the Small Business Regulatory
Enforcement Fairness Act of 1996.
PAPERWORK REDUCTION ACT STATEMENT
This RIS does not contain information collections and, therefore, is not subject to the
requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501, et seq.).
Please direct any questions about this matter to the technical contacts listed below.
/RA/
Charles L. Miller, Director
Division of Industrial and Medical
Nuclear Safety
Office of Nuclear Material Safety
and Safeguards
Technical Contacts:
Spent Fuel Storage and
Materials IMNS/Regional Transportation Fuel Cycle
Paul Goldberg, NMSS/IMNS Joe Sebrosky, NMSS/SFPO Patricia Silva, NMSS/FCSS
301-415-7842 301-415-1132 301-415-8029
E-mail: pfg@nrc.gov E-mail: jms3@nrc.gov E-mail: pas6@nrc.gov
Decommissioning HLWRS Import/Export
Ted Carter, NMSS/DWMEP Alexander Sapountzis Stephen Dembek
301-415-6668 301-415-7822 301-415-2342
E-mail: thc1@nrc.gov E-mail: aps@nrc.gov E-mail: sxd@nrc.gov
Attachments:
1. Suggested Markings; Withhold From Public Disclosure in Accordance With 10 CFR 2.390
2. NMSS Guidance on Screening Criteria for Security-Related Sensitive Unclassified Non-
Safeguards Information
3. List of Recently Issued NMSS Generic Communications
Page 5 of 5
SMALL BUSINESS REGULATORY ENFORCEMENT FAIRNESS ACT OF 1996
NRC has determined that this action is not a rule and thus is not subject to the Small Business
Regulatory Enforcement Fairness Act of 1996.
PAPERWORK REDUCTION ACT STATEMENT
This RIS does not contain information collections and, therefore, is not subject to the
requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501, et seq.).
Please direct any questions about this matter to the technical contacts listed below.
/RA/
Charles L. Miller, Director
Division of Industrial and Medical
Nuclear Safety
Office of Nuclear Material Safety
and Safeguards
Technical Contacts:
Spent Fuel Storage and
Materials IMNS/Regional Transportation Fuel Cycle
Paul Goldberg, NMSS/IMNS Joe Sebrosky, NMSS/SFPO Patricia Silva, NMSS/FCSS
301-415-7842 301-415-1132 301-415-8029
E-mail: pfg@nrc.gov E-mail: jms3@nrc.gov E-mail: pas6@nrc.gov
Decommissioning HLWRS Import/Export
Ted Carter, NMSS/DWMEP Alexander Sapountzis Stephen Dembek
301-415-6668 301-415-7822 301-415-2342
E-mail: thc1@nrc.gov E-mail: aps@nrc.gov E-mail: sxd@nrc.gov
Attachments:
1. Suggested Markings; Withhold From Public Disclosure in Accordance With 10 CFR 2.390
2. NMSS Guidance on Screening Criteria for Security-Related Sensitive Unclassified Non-
Safeguards Information
3. List of Recently Issued NMSS Generic Communications
DISTRIBUTION:
OFFICE IMNS/RGB IMNS/MSIB TECH ED IMNS/RGB IMNS/RGB
NAME FCardile AMcIntosh EKraus CAbrams SMoore
DATE 12/12/05 12/15/05 12/8/05 12/20/05 12/21/05
OFFICE D:SFPO D:FCSS D:HLWRS D:DWMEP OIS
NAME WBrach RPierson WReamer LCamper BShelton
DATE 12/19/05 12/20/05 12/19/05 12/19/05 12/20/05
OFFICE D:IP D:STP NSIR OGC D:IMNS
NAME JDunnLee JSchlueter MWeber TRothschild CMiller
DATE 12/20/05 12/21/05 12/19/05 12/16/05 12/22/05
Attachment 1
Page 1 of 2
SUGGESTED MARKINGS AND HANDLING
This attachment provides information on suggested markings for pages of a document that
contains security-related sensitive information (Section A) and suggested handling of such
documents (Section B).
A. Page Markings
Overall page marking on the top of all pages of
a document that contains security-related
sensitive information
Security-Related Information Note that a cover letter should clearly state
Withhold Under 10 CFR 2.390 that attached documents contain security-
related sensitive information - - However,
this marking is also needed on the cover
letter only if it itself contains security-
related sensitive information.
Subject
Ensure Subject Line is non-sensitive
XXXXXXXXXX
XXXXXXXXXX
XXXXXXXXXX
XXXXXXXXXX
Attachment 1
Page 2 of 2
B. Appropriate Controls for Handling Documents
Access: Need-to-know in order to perform official licensee, applicant or
entity functions.
Storage: Openly within licensee, applicant, or other entity facilities with
electronic or other access controls, for example, key cards,
guards, alarms.
Mail: U.S. Postal Service first class mail, registered mail, express mail,
or certified mail in single opaque envelope with no external
markings to indicate 10 CFR 2.390 contents.
Electronic Transmission: Over phone if the recipient is confirmed as being authorized to
access the information; over facsimile if it is confirmed that a
recipient who is authorized to access the information will be
present to receive the transmission; over encrypted computer e-
mail (using computer software such as SecureZip).
Note that NRC is using SecureZip when transmitting security-
related sensitive information by e-mail to licensees and others to
encrypt electronic information. Users will be prompted for a
password to access a free download of the reader.