CP-201000904, License Amendment Request (LAR) 10-002, for Approval of Cyber Security Plan

From kanterella
(Redirected from ML102030124)
Jump to navigation Jump to search

License Amendment Request (LAR)10-002, for Approval of Cyber Security Plan
ML102030124
Person / Time
Site: Comanche Peak  Luminant icon.png
Issue date: 07/15/2010
From: Flores R
Luminant Generation Co, Luminant Power
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
CP-201000904, LAR 10-002, TXX-10097
Download: ML102030124 (17)
v  d  e


Text

Enclosures 1 and 2 - Security Related Information - Withhold under 10 CFR 2.390 Rafael Flores Senior Vice President

& Chief Nuclear Officer rafael.flores@luminant.com Luminant Luminant Power P.O. Box 1002 6322 North FM 56 Glen Rose, TX 76043 T 254 897 5590 C 817 559 0403 F 254 897 6652 CP-201000904 TXX-10097 Ref:

10 CFR 50.90 July 15, 2010 U. S. Nuclear Regulatory Commission Attn: Document Control Desk Washington, DC 20555

SUBJECT:

COMANCHE PEAK NUCLEAR POWER PLANT (CPNPP) DOCKET NOS. 50-445 AND 50-446, LICENSE AMENDMENT REQUEST (LAR)10-002, FOR APPROVAL OF THE" CPNPP CYBER SECURITY PLAN

REFERENCES:

1.

Nuclear Energy Institute (NEI) 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors," dated April 2010

2.

Letter logged TXX-09133 dated November 19, 2009, from Rafael Flores to the NRC submitting License Amendment Request (LAR)09-010, for Approval of the CPNPP Cyber Security Plan

3.

Letter logged TXX-09149 dated December 21, 2009, from Rafael Flores to the NRC supplementing License Amendment Request (LAR)09-010, for Approval of the CPNPP Cyber Security Plan

4.

Letter dated May 20, 2010, from NRC to Rafael Flores requesting a revised Cyber Security Plan Submittal (TAC Nos. ME2672 and ME2673)

5.

Letter dated May 5, 2010, from NRC to NEI concluding that the template provided in NEI 08-09, Revision 6 dated April 2010, would be acceptable for use by licensees with the exception of the definition of "cyber attack." Adams Accession Number:

ML101190371

6.

Letter dated June 7, 2010, from NRC to NEI approving by letter the definition of cyber attack for incorporation in submittals of cyber security plans based on NEI 08-09, Revision 6. Adams Accession Number: ML101550052

Dear Sir or Madam:

Luminant Power previously submitted License Amendment Request (LAR)09-010 for approval via the letter logged TXX-09133 (Reference 2), as supplemented by the letter logged TXX-09149 (Reference 3).

Subsequently, the NRC replied on May 20, 2010 (Reference 4), requesting Luminant Power provide a revised submittal addressing generic concerns the NRC Staff had with the guidance provided in NEI 08-09, Revision 3. Luminant Power hereby withdraws in its entirety, the existing LAR submitted previously with Reference 2 and Reference 3, and resubmits the revised Cyber Security Plan consistent with NEI 08-09, Revision 6 (Reference 1).

Based on a technical review of the document, the NRC staff concluded that the template provided in NEI 08-09, Revision 6 would be acceptable for use by licensees to comply with the requirements of 10 CFR 73.54 with the exception of the definition of "cyber attack" (Reference 5). The NRC staff reviewed and approved by letter (Reference 6), a definition for "cyber attack" to be used in submissions based on NEI 08-09, Revision 6. The proposed license amendment along with the revised Cyber Security Plan and A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway

  • Comanche Peak
  • Diablo Canyon
  • Palo Verde. San Onofre. South Texas Project - Wolf Creek uk k,

U. S. Nuclear Regulatory Commission TXX-10097 Page 2 of 3 07/15/2010 Proposed Implementation Schedule are described below.

Pursuant to 10CFR50.90 and 10CFR50.4, Luminant Generation Company LLC (Luminant Power) hereby requests an amendment to the Facility Operating License (FOL) for Comanche Peak Nuclear Power Plant (CPNPP), Unit 1 Operating License (NPF-87) and CPNPP Unit 2 Operating License (NPF-89). This change request applies to both Units. This submittal requests NRC approval of the CPNPP Cyber Security Plan, provides a Proposed Implementation Schedule, and adds a sentence to the existing FOL Physical Protection license condition to require CPNPP to fully implement and maintain in effect all provisions of the Commission approved Cyber Security Plan. The proposed change is consistent with Nuclear Energy Institute (NEI) 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors." provides a detailed description of the proposed change, a technical analysis of the proposed change, Luminant Power's determination that the proposed changes do not involve a significant hazard consideration, a regulatory analysis of the proposed changes and an environmental evaluation. provides the marked-up copy of the proposed FOL change. Attachment 3 provides retyped FOL pages which incorporate the requested changes. provides a copy of the proposed CPNPP Cyber Security Plan which is a standalone document.

that will be incorporated by reference into the CPNPP Licensee Physical Security Plan upon approval.. provides a copy of the CPNPP Cyber Security Plan Proposed Implementation Schedule. The proposed schedule includes the regulatory commitment date for completion of all cyber security related modifications and entry to the maintenance phase of the NRC approved Cyber Security Program. The proposed schedule also contains intermediate implementation milestones and associated schedule dates.

Although these dates are not regulatory commitments, they will be managed and tracked by CPNPP internal programs to ensure the final committed completion date is met. provides a Deviation Table which includes a description of changes to the un-bracketed text of NEI 08-09, Revision 6.

Enclosures 1 and 2 contain security related information which could reasonably be expected to be useful to potential adversaries. Luminant Power requests that Enclosures 1 and 2 be withheld from public disclosure in accordance with 10CFR2.390.

Luminant Power requests an implementation period of 120 days following NRC approval of the license amendment to issue the CPNPP Cyber Security Plan.

In accordance with 10CFR50.91(b), Luminant Power is providing the State of Texas with a copy of this proposed amendment.

This communication contains the following regulatory commitment which will be completed as noted:

Number Commitment Due Date 3834209 Implement all cyber security related modifications 9/30/2014 (outage and non-outage) and enter the maintenance (License Condition) phase of the NRC approved Cyber Security Program.

The commitment number is used by Luminant Power for the internal tracking of CPNPP regulatory commitments.

U. S. Nucdear Regulatory Commission TXX-10097 Page 3 of 3 07/15/2010 Should you have any questions, please contact Mr. Jim Barnette at (254) 897-5866.

I state under penalty of perjury that the foregoing is true and correct.

Executed on July 15, 2010.

Sincerely, Luminant Generation Company, LLC Rafael Flores By:

Fred W. Madden Director, Oversight and Regulatory Affairs JEB Attachments

1. Description and Assessment
2. Proposed Facility Operating License Changes (Mark-Up)
3. Retyped Facility Operating License Changes Enclosures
1. CPNPP Cyber Security Plan
2. CPNPP Cyber Security Plan Proposed Implementation Schedule
3. Deviation Table (Description of Changes to Un-Bracketed Text of NEI 08-09, Revision 6) c -

E. E. Collins, Region IV B. K. Singal, NRR Resident Inspectors, CPNPP Alice Hamilton Rogers, P.E.

Inspection Unit Manager Texas Department of State Health Services Mail Code 1986 P. 0. Box 149347 Austin TX 78714-9347

ATTACHMENT 1 to TXX-10097 DESCRIPTION AND ASSESSMENT to TXX-10097 Page 2 of 6 07/1512010 LICENSEE'S EVALUATION

1.0 DESCRIPTION

2.0 PROPOSED CHANGE

3.0 BACKGROUND

4.0 TECHNICAL ANALYSIS

5.0 REGULATORY ANALYSIS

5.1 No Significant Hazards Consideration 5.2 Applicable Regulatory Requirements/ Criteria

6.0 ENVIRONMENTAL CONSIDERATION

7.0 PRECEDENTS

8.0 REFERENCES

to TXX-10097 Page 3 of 6 07/15/2010

1.0 DESCRIPTION

By this letter, Luminant Generation Company LLC (Luminant Power) requests an amendment to the Comanche Peak Nuclear Power Plant (CPNPP) Unit 1 Operating License (NPF-87) and CPNPP Unit 2 Operating License (NPF-89) by incorporating the attached change into the CPNPP Unit 1 and 2 Facility Operating Licenses. License Amendment Request (LAR)10-002 is a request to revise Facility Operating Licenses (OLs) for Comanche Peak Nuclear Power Plant (CPNPP)

Units 1 and 2.

2.0 PROPOSED CHANGE

The LAR includes a proposed sentence to be added to the existing FOL Physical Protection license condition to require Luminant Power to fully implement and maintain in effect all provisions of the Commission approved plan as required in 10 CFR 73.54. The LAR submittal also includes the proposed Luminant Power CPNPP Cyber Security Plan and the CPNPP Cyber Security Plan Proposed Implementation Schedule. 10 CFR 73.54 specifically requires currently operating licensees to submit a Plan that satisfies the requirements of the Rule, and a proposed Plan implementation schedule.

3.0 BACKGROUND

Federal Register notice 74 FR 13926 issued the final rule that amended 10 CFR Part 73 (Reference 1). Cyber security requirements are codified as new § 73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by

§ 73.1(a)(1(v). These requirements are substantial improvements upon the requirements imposed by EA-02-026 (Reference 2).

4.0 TECHNICAL ANALYSIS

Nuclear Energy Institute (NEI) 08-09, Revision 6, April 2010, "Cyber Security Plan for Nuclear Power Plants" (Reference 3) has been issued for use by licensees in development of their own cyber security plans. Based on a technical review of the document, the NRC staff concluded that the template provided in NEI 08-09, Revision 6 would be acceptable for use by licensees to comply with the requirements of 10 CFR 73.54 with the exception of the definition of "cyber attack" (Reference 4). The NRC staff reviewed and approved by letter, a definition for "cyber attack" to be used in submissions based on NEI 08-09, Revision 6 (Reference 5).

This LAR includes a proposed Plan (Enclosure 1) that is consistent with the template provided in NEI 08-09, Revision 6. In addition, the LAR includes proposed changes to the existing Facility Operating License conditions for "Physical Protection" (Attachment 2). A proposed Implementation Schedule as required by 10 CFR 73.54 is provided in Enclosure 2. Enclosure 3 provides a description of the changes to the un-bracketed text of NEI 08-09, Revision 6.

to TXX-10097 Page 4 of 6 07/15/2010

5.0 REGULATORY ANALYSIS

5.1 No Significant Hazards Consideration Federal Register Notice 74 FR 13926 issued the final rule that amended 10 CFR Part 73.

Cyber security requirements are codified as new 10 CFR 73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by 10 CFR 73.1(a)(1)(v). This application requests NRC approval of the Cyber Security Plan for Comanche Peak Nuclear Power Plant (hereafter referred to as the Cyber Security Plan) in accordance with 10 CFR 73.54 and proposes changes to section 2.H of the Facility Operating License Nos. NPF-87 and NPF-89 for the Comanche Peak Nuclear Power Plant Unit 1 and Unit 2 respectively to incorporate the provisions for implementing and maintaining in effect the provisions of the approved Cyber Security Plan. The Cyber Security Plan is consistent with the template provided in NEI 08-09, Revision 6, April 2010, "Cyber Security Plan for Nuclear Power Plants," and provides a description of how the requirements of the Rule will be implemented at CPNPP.

Luminant Power has evaluated whether or not a significant hazards consideration is involved with the proposed amendment(s) by focusing on the three standards set forth in 10 CFR 50.92, "Issuance of Amendment," as discussed below:

1.

Do the proposed changes involve a significant increase in the probability or consequences of an accident previously evaluated?

Response

No The proposed amendment incorporates a new requirement in the Facility Operating License (FOL) to implement and maintain a Cyber Security Plan as part of the facility's overall program for physical protection. Inclusion of the Cyber Security Plan in the FOL itself does not involve any modifications to the safety-related structures, systems or components (SSCs). Rather, the Cyber Security Plan describes how the requirements of 10 CFR 73.54 are to be implemented to identify, evaluate, and mitigate cyber attacks up to and including the design basis cyber attack threat, thereby achieving high assurance that the facility's digital computer and communications systems and networks are protected from cyber attacks. The addition of the Cyber Security Plan to the Physical Security Plan will not alter previously evaluated final Safety Analysis Report (FSAR) design basis accident analysis assumptions, add any accident initiators, or affect the function of the plant safety-related SSCs as to how they are operated, maintained, modified, tested, or inspected.

Therefore, the proposed changes do not involve a significant increase in the probability or consequences of an accident previously evaluated.

to TXX-10097 Page 5 of 6 07/15/2010

2.

Do the proposed changes create the possibility of a new or different kind of accident from any accident previously evaluated?

Response

No This proposed amendment provides assurance that safety-related SSCs are protected from cyber attacks. Implementation of 10 CFR 73.54 and the inclusion of a plan in the FOL do not result in the need of any new or different FSAR design basis accident analysis. It does not introduce new equipment that could create a new or different kind of accident, and no new equipment failure modes are created. As a result, no new accident scenarios, failure mechanisms, or limiting single failures are introduced as a result of this proposed amendment.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.

3.

Do the proposed changes involve a significant reduction in a margin of safety?

Response

No The margin of safety is associated with the confidence in the ability of the fission product barriers (i.e., fuel cladding, reactor coolant pressure boundary, and containment structure) to limit the level of radiation to the public. The proposed amendment would not alter the way any safety-related SSC functions and would not alter the way the plant is operated. The amendment provides assurance that safety-related SSCs are protected from cyber attacks. The proposed amendment would not introduce any new uncertainties or change any existing uncertainties associated with any safety limit. The proposed amendment would have no impact on the structural integrity of the fuel cladding, reactor coolant pressure boundary, or containment structure. Based on the above considerations, the proposed amendment would not degrade the confidence in the ability of the fission product barriers to limit the level of radiation to the public. Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Therefore the proposed change does not involve a reduction in a margin of safety.

Based on the above evaluations, Luminant Power concludes that the proposed amendment(s) present no significant hazards under the standards set forth in 10CFR50.92(c) and accordingly, a finding of "no significant hazards consideration" is justified.

Attachment i to TXX-10097 Page 6 of 6 07/15/2010 5.2 Applicable Regulatory Requirements/ Criteria This LAR is submitted pursuant to 10 CFR §73.54 which requires licensees currently licensed to operate a nuclear power plant under 10 CFR Part 50 to submit a Cyber Security Plan as specified in §50.4 and §50.90.

In conclusion, based on the considerations discussed above, (1) tlhere is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

6.0 ENVIRONMENTAL CONSIDERATION

The proposed amendment establishes the licensing basis for the CPNPP Unit I and Unit 2 Cyber Security Program and will be a part of the Physical Security Plan. This proposed amendment will not involve any significant construction impacts. Pursuant to 10 CFR 51.22(c)(12), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.

7.0 PRECEDENTS None

8.0 REFERENCES

8.1 Federal Register Notice, Final Rule 10 CFR Part 73, Power Reactor Security Requirements, published on March 27, 2009, 74 FR 13926..

8.2 EA-02-026, Order Modifying Licenses, Safeguards and Security Plan Requirements, issued February 25, 2002.

8.3 NEI 08-09, Revision 6, April 2010, "Cyber SecurityPlan for Nuclear Power Reactors."

8.4 Letter dated May 5, 2010 from NRC to NEI concluding that the template provided in NEI 08-09, Revision 6 dated April 2010, would be acceptable for use by licensees with the exception of the definition of "cyber attack." Adams Accession No.: ML101190371 8.5 Letter dated June 7, 2010 from NRC to NEI approving by letter the definition of cyber attack for incorporation in submittals of cyber security plans based on NEI 08-09, Revision 6. Adams Accession No.: ML101550052

ATTACHMENT 2 to TXX-10097 PROPOSED FACILITY OPERATING LICENSE CHANGES (MARK-UP)

Pages 8 (Unit 1) 8 (Unit 2)

.-V (3)

Luminant Generation Company LLC shall promptly notify the NRC of any attempts by subsurface mineral rights owners to exercise mineral rights, including any legal proceeding initiated by mineral rights owners against Luminant Generation Company LLC.

G.

Luminant Generation Company LLC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report through Amendment 78 and as approved in the SER (NUREG-0797) and its supplements through SSER 24, subject to the following provision:

Luminant Generation Company LLC may make changes to the approved fire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

H.

Luminant Generation Company LLC shall fully implement and maintain in effect all provisions of the physical security, training and qualification, and safeguards contingency plans, previously approved by the Commission, and all amendments made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plans, which contain safeguards information protected under 10 CFR 73.21, are entitled: "Comanche Peak Steam Electric Station Physical Security Plan" with revisions submitted through May 15, 2006, with limited approvals as provided for in the Safety Evaluation by the office of Nuclear Reactor Regulation dated December 5, 2000; "Comanche Peak Steam Electric Station Security Training and Qualification Plan" with revisions submitted through May 15, 2006; and "Comanche Peak Steam Electric Station Safeguards Contingency Plan" with revisions submitted through May 15, 2006 The licensees shall have and maintain financial pr ection of such type and in such amounts as the Commission shall require i accordance with Section 170 of the Atomic Energy Act of 1954, as amended, o cover public liability claims.

J.

NOT USED Luminant Generation Company LLC shall fully implement and maintain in effect all provisions of the Comanche Peak Nuclear Power Plant Cyber Security Plan approved by the Commission by letter dated [insert date], and all amendments made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plan is withheld from public disclosure in accordance with 10 CFR 2.390.

Amendment No. 68,-8 2,-0,

, 139 Revised by letter dated March 15, 2007 i

t H.

Luminant Generation Company LLC shall fully implement and maintain in effect all provisions of the physical security, guard training and qualification, and safeguards contingency plans, previously approved by the Commission, and all amendments made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plans, which contain safeguards information protected under 10 CFR 73.21, are entitled: "Comanche Peak Steam Electric Station Physical Security Plan" with revisions submitted through May 15, 2006, with limited approvals as provided for in the Safety Evaluation by the Office of Nuclear Reactor Regulation dated December 5, 2000; "Comanche Peak Steam Electric Station Security Training and Qualification Plan" with revisions submitted through May 15, 2006; and "Comanche Peak Steam Electric Station Safeguards Contingency Plan" with revisions submitted through May 15, 2006 I.

The licensee shall have and maintain financial protection of s h type and in such amounts as the Commission shall require in accorda e with Section 170 of the Atomic Energy Act of 1954, as amended, to cove ublic liability claims.

J.

NOT USED K.

This license is effective as of the date of iss nce and shall expire at Midnight on February 2, 2033.

Luminant Generation Company LLC shall fully mplement and maintain in effect all provisions of he Comanche Peak Nuclear Power Plant Cyber FOR E NUCLEAR REGULATORY COMMISSION 3ecurity Plan approved by the Commission by letter dated [insert date], and all amendments made original signed by:

)ursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plan is withheld from public Thomas E. Murley, Director lisclosure in accordance with 10 CFR 2.390.

Office of Nuclear Reactor Regulation Attachments/Appendices:

1.

Appendix A - Technical Specifications (NUREG-1468)

2.

Appendix B - Environmental Protection Plan

3.

Appendix C - Antitrust Conditions Date of Issuance: April 6,,1993 Amendment No. 68,,-8248, 139 Revised by letter dated July 26, 2007

ATTACHMENT 3 to TXX-10097 RETYPED FACILITY OPERATING LICENSE CHANGES Pages 8 (Unit 1) 8 (Unit 2)

(3)

Luminant Generation Company LLC shall promptly notify the NRC of any attempts by subsurface mineral rights owners to exercise mineral rights, including any legal proceeding initiated by mineral rights owners against Luminant Generation Company LLC.

G.

Luminant Generation Company LLC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report through Amendment 78 and as approved in the SER (NUREG-0797) and its supplements through SSER 24, subject to the following provision:

Luminant Generation Company LLC may make changes to the approved fire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

H.

Luminant Generation Company LLC shall fully implement and maintain in effect all provisions of the physical security, training and qualification, and safeguards contingency plans, previously approved by the Commission, and all amendments made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plans, which contain safeguards information protected under 10 CFR 73.21, are entitled: "Comanche Peak Steam Electric Station Physical Security Plan" with revisions submitted through May 15, 2006, with limited approvals as provided for in the Safety Evaluation by the office of Nuclear Reactor Regulation dated December 5, 2000; "Comanche Peak Steam Electric Station Security Training and Qualification Plan" with revisions submitted through May 15, 2006; and "Comanche Peak Steam Electric Station Safeguards Contingency Plan" with revisions submitted through May 15, 2006. Luminant Generation Company LLC shall fully implement and maintain in effect all provisions of the Comanche Peak Nuclear Power Plant Cyber Security Plan approved by the Commission by letter dated [insert date], and all amendments made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plan is withheld from public disclosure in accordance with 10 CFR 2.390.

The licensees shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

J.

NOT USED Amendment No. 68, 82, 90, 139, Revised by letter dated March 15, 2007 H.

Luminant Generation Company LLC shall fully implement and maintain in effect all provisions of the physical security, guard training and qualification, and safeguards contingency plans, previously approved by the Commission, and all amendments made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plans, which contain safeguards information protected under 10 CFR 73.21, are entitled: "Comanche Peak Steam Electric Station Physical Security Plan" with revisions submitted through May 15, 2006, with limited approvals as provided for in the Safety Evaluation by the Office of Nuclear Reactor Regulation dated December 5, 2000; "Comanche Peak Steam Electric Station Security Training and Qualification Plan" with revisions submitted through May 15, 2006; and "Comanche Peak Steam Electric Station Safeguards Contingency Plan" with revisions submitted through May 15, 2006. Luminant Generation Company LLC shall fully implement and maintain in effect all provisions of the Comanche Peak Nuclear Power Plant Cyber Security Plan approved by the Commission by letter dated [insert date], and all amendments made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The plan is withheld from public disclosure in accordance with 10 CFR 2.390.

1.

The licensee shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

J.

NOT USED K.

This license is effective as of the date of issuance and shall expire at Midnight on February 2, 2033.

FOR THE NUCLEAR REGULATORY COMMISSION original signed by:

Thomas E. Murley, Director Office of Nuclear Reactor Regulation Attach ments/Appendices:

1.

Appendix A - Technical Specifications (NUREG-1468)

2.

Appendix B - Environmental Protection Plan

3.

Appendix C - Antitrust Conditions Date of Issuance: April 6, 1993 Amendment No. 68, 82, 89, 0, 139, Revised by letter dated July 26, 2007

ENCLOSURE 3 to TXX-10097 DEVIATION TABLE (Description of Changes to Un-Bracketed Text of NEI 08-09, Revision 6)

CPNPP NEI 08-09 REVISION 6 DEVIATION TABLE (Description of Changes to Un-Bracketed Text of NEI 08-09, Revision 6)

Comment NEI 08-09 Deviation Justification R6 Section

1.

Appendix Changed text as follows:

.A contingency plan does not protect a CDA from attack. It A

A Cyber Security Contingency Plan mitigates CDAs from mitigates the impact of an attack.

Section adverse impacts from cyber attack. Refer to Appendix E 4.7 of NEI 08-09, Revision 6, for additional Cyber Security Contingency Plan cyber security controls.

2.

Appendix Replaced:

Deleted "operating the CDAs in manual mode" based on its conflict A

Procedures for operating the CDAs in manual mode with the Technical Specification Limiting Conditions for Operation as Section with external electronic communications connections defined under 10 CFR 50.36. This bullet implies an action that would 4.7 severed until secure conditions can be restored likely violate the Tech Specs, violate established plant operating procedures, and significantly deviate from the plant operating with:

conditions assumed in the FSAR (as updated) accident analyses; assumes an authority not authorized under 10 CFR 55 for Operator Procedures for severing external electronic Licenses; and provides direction not allowed under 10 CFR 50.54(i) communications connections, where allowed, until and (j). The plant operating guidelines are established under 10 secure conditions can be restored CFR Part 50, and the Tech Spec 5.4.1 and the QA program requirements for procedures, not Part 73 requirements. Instructions for operating. CDAs in manual mode are addressed in the applicable Station Operating Procedures.

3.

Appendix Changed text as follows:

A

° Instructions for locating the processes and procedures CPNPP is not going to maintain current versions of these documents Section for the backup and secure storage of information; within the contingency plan. These documents are maintained 4.7

  • Instructions for locating complete and up-to-date logical current per the station Configuration Management Program.

diagrams depicting network connectivity;

- Instructions for locating current configuration information for components;

4.

Appendix Cyber Attack - Change definition to read:

Definition changed based on NEI recommendation - reference NRC B

Any event in.which there-is reason tobelieve that an -:

approval letter to NEI (ML# 101550052)

Glossary adversary has committed or caused, or attempted to commit or cause, or has made a credible threat to commit or cause malicious exploitation of a CDA Page lof 1

Retrieved from "https://kanterella.com/w/index.php?title=CP-201000904,_License_Amendment_Request_(LAR)_10-002,_for_Approval_of_Cyber_Security_Plan&oldid=5295741"