ML110100739
| ML110100739 | |
| Person / Time | |
|---|---|
| Site: | Diablo Canyon  |
| Issue date: | 01/10/2011 |
| From: | Wang A Plant Licensing Branch IV |
| To: | Parker L, Soenen P Pacific Gas & Electric Co |
| Wang, A B, NRR/DORL/LPLIV, 415-1445 | |
| References | |
| TAC ME4290, TAC ME4291 | |
| Download: ML110100739 (2) | |
Text
From:
Wang, Alan Sent:
Monday, January 10, 2011 2:52 PM To:
Soenen, Philippe R; Larry Parker Cc:
Lent, Susan; Burkhardt, Janet
Subject:
FW: Diablo Canyon Power Plant Cyber Security Plan (ME4290 And ME4291)
Philippe and Larry, By letter dated November July 22, 2010 (Agencywide Documents Access and Management System, Accession No. ML102150081), Pacific Gas and Electric Company (PG&E, the licensee), resubmitted a request to amend the Facility Operating License Nos. DPR-80 and DPR-82 for Diablo Canyon Power Plant Units No.1 and 2 (DCPP). The licensee requested approval of the DCPP Cyber Security Plan (CSP), provided a proposed CSP Implementation Schedule, and included a proposed revision to the Facility Operating Licenses to incorporate the provisions for implementing and maintaining in effect the provisions of the approved CSP. The licensee stated that the amendment requests were based on a generic template developed by the Nuclear Energy Institute (NEI) in concert with the industry.
The U.S. Nuclear Regulatory Commission (NRC) staff has determined that the following additional information is needed for the NRC staff to complete our review of the CSP and the proposed CSP Implementation Schedule. This request was discussed with Larry Parker of your staff on January 10, 2011, and it was agreed that a response would be provided within 30 days of receipt of this e-mail. If circumstances result in the need to revise the requested response date, please contact me at (301) 415-1445 or via e-mail at Alan.Wang@nrc.gov or James Polickosiki at (301) 415-5430 or via e-mail at James.Polickoski@nrc.gov.
Diablo Canyon Power Plant Request for Additional Information (RAI)
RAI 1 Cyber Security Assessment and Authorization Title 10 of the Code of Federal Regulations (10 CFR) Section 73.54(d)(2) requires the licensee to Evaluate and manage cyber risks and 10 CFR 73.54(f) requires that The licensee shall develop and maintain written policies and implementing procedures to implement the cyber security plan. Furthermore, in the Nuclear Energy Institute (NEI) 08-09 Rev. 6, Appendix A, Section 3.1.1 states: [Site/Licensee] develops, disseminates, periodically reviews in accordance with 10 CFR 73.55(m), and updates:
A formal, documented, cyber security assessment and authorization [policy/procedure]
that defines and addresses: the purpose, scope, roles, responsibilities, management commitment, and coordination among [departments]; and the implementation of the cyber security controls in Appendices D and E of NEI 08-09, Revision 6.
However, in the CSP on page 4, Section 3.1.1, in the first line of the bullet, the word program is substituted for [policy/procedure].
Clarify that you will have a formal, documented policy or procedure covering the listed topics under cyber security assessment and authorization.
Alan Wang Project Manager (DCPP)
Nuclear Regulatory Commission Division of Operating Reactor Licensing