Text

March 1, 2011 Mr. Christopher E. Earls, Director Nuclear Energy Institute 1776 I Street, NW, Suite 400 Washington, DC 20006

SUBJECT:

TEMPLATE FOR THE CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE

Dear Mr. Earls:

In your letter dated February 28, 2011 (Agencywide Documents Access and Management System (ADAMS) Accession Number ML110600211), the Nuclear Energy Institute (NEI) provided the Nuclear Regulatory Commission (NRC) staff with a proposed template for licensees use to develop their cyber security plan implementation schedules. The NRC staff met with NEI and industry representatives on several occasions to discuss the template. Based on a technical review, the NRC staff has identified no issues with the cyber security plan implementation schedule template at this time.

The NRC staff understands that the template was written generically, and licensees that use the template to develop their proposed implementation schedules may need to make changes to ensure the submitted schedule accurately accounts for site-specific activities. As site specific schedules are developed, it is important to note that in addition to the full program implementation date outlined in the schedule, the milestones that need to be accomplished by December 31, 2012 are of particular importance to the NRC.

It is our understanding that the NEI and the Cyber Security Task Force are working to ensure that operating reactor licensees and new reactor applicants will submit to the NRC an implementation schedule update consistent with the February 28, 2011 version of the template.

The NRC staff has communicated the need for this change to individual licensees and applicants via a request for additional information.

Should you or your staff have any questions, please contact Craig Erlanger at (301) 415-5374.

Sincerely, Richard P. Correia, Director /RA/

Division of Security Policy Office of Nuclear Security and Incident Response

March 1, 2011 Mr. Christopher E. Earls, Director Nuclear Energy Institute 1776 I Street, NW, Suite 400 Washington, DC 20006

SUBJECT:

TEMPLATE FOR THE CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE

Dear Mr. Earls:

In your letter dated February 28, 2011 (Agencywide Documents Access and Management System (ADAMS) Accession Number ML110600211), the Nuclear Energy Institute (NEI) provided the Nuclear Regulatory Commission (NRC) staff with a proposed template for licensees use to develop their cyber security plan implementation schedules. The NRC staff met with NEI and industry representatives on several occasions to discuss the template. Based on a technical review, the NRC staff has identified no issues with the cyber security plan implementation schedule template at this time.

The NRC staff understands that the template was written generically, and licensees that use the template to develop their proposed implementation schedules may need to make changes to ensure the submitted schedule accurately accounts for site-specific activities. As site specific schedules are developed, it is important to note that in addition to the full program implementation date outlined in the schedule, the milestones that need to be accomplished by December 31, 2012 are of particular importance to the NRC.

It is our understanding that the NEI and the Cyber Security Task Force are working to ensure that operating reactor licensees and new reactor applicants will submit to the NRC an implementation schedule update consistent with the February 28, 2011 version of the template.

The NRC staff has communicated the need for this change to individual licensees and applicants via a request for additional information.

Should you or your staff have any questions, please contact Craig Erlanger at (301) 415-5374.

Sincerely, Richard P. Correia, Director /RA/

Division of Security Policy Office of Nuclear Security and Incident Response ADAMS ACCESSION NO. ML110070348 OFFICE NSIR/DSP NSIR/DSP/ NSIR/DSP/D NAME M. Coflin C. Erlanger R. Correia DATE 3/ 1 /11 3/ 1 /11 3/ 1 /11 OFFICIAL RECORD COPY