IR 05000461/2010402
| ML11129A285 | |
| Person / Time | |
|---|---|
| Site: | Clinton  |
| Issue date: | 03/11/2010 |
| From: | Eric Duncan Plant Support Branch II |
| To: | Pardee C Exelon Generation Co, Exelon Nuclear |
| References | |
| FOIA/PA-2011-0187 IR-10-402 | |
| Download: ML11129A285 (14) | |
Text
..P REG&/.
,,Vk REGq UNITED STATES NUCLEAR REGULATORY COMMISSION
REGION III
rch 11, 2010
SUBJECT:
CLINTON POWER STATION NRC SECURITY BASELINE INSPECTION REPORT 05000461/2010402(DRS)
Dear Mr. Pardee:
On February 4, 2010, the U. S. Nuclear Regulatory Commission (NRC) completed a security baseline inspection at your Clinton Power Station. The inspection covered one or more of the key attributes of the security cornerstone of the NRC's Reactor Oversight Process. The enclosed inspection report documents the inspection results, which were discussed on February 4, 2010, with Mr. F. A. Kearney and other members of your staff.
The inspection examined activities conducted under your license as they relate to security and compliance with the Commission's rules and regulations and with the conditions of your license.
The inspector reviewed selected procedures and records, observed activities, and interviewed personnel.
No findings of significance were identified.
In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records System (PARS) component of NRC's Agencywide Documents Access and Management System (ADAMS), accessible from the NRC Web site at http://www.nrc.qov/reading-rm/adams.html (the Public Electronic Reading Room).
However, because of the security-related concerns contained in the enclosure, and in accordance with 10 CFR 2.390, a copy of this letter's enclosure will not be available for public inspection.
EIcLosu)ntains 0tive en Unc-RsAified N Nn-aegua sisIn fraknWsen s'eparated~dhstasradcm'~~~
,.
01lil ýS ,ý R -- ~f---- T Should you have any questions concerning this inspection, we will be pleased to discuss them with you.
Sincerely, IRA!
Eric Duncan, Chief Plant Support Branch Division of Reactor Safety Docket Nos. 50-461 License Nos. NPF-62 Nonpublic Enclosure: Inspection Report 05000461/2010402(DRS)
w/Attachment: Supplemental kInformation cc w/encl: S. Coker, NSIR/DSO/DDSO/ST C. Williamson, Clinton Station Security Manager J. Klinger, State Liaison Officer Illinois Emergency Management Agency cc w/o encl: Distribution via ListServ AL JSE iFJF LY SEC RITYA'ELA Epj N~fRM~ATIQN-
qfb# S0" CU_ý-L CE NýATAI
SUMMARY OF FINDINGS
IR 05000461/2010402(DRS); 02/01/2010 - 02/04/2010, Clinton Power Station;
Routine Security Baseline Inspection.
This report covers a 1 week period of announced routine baseline inspection on security.
The inspection was conducted by one Region III physical security inspector. No findings of significance were identified. The NRC's program for overseeing the safe operation of commercial nuclear power reactors is described in NUREG-1649, "Reactor Oversight Process."
A. Inspector-Identified and Self-Revealed Findings
Cornerstone: Physical Protection
No findings of significance were identified.
Licensee-Identified Violations
None.
(3 L
FF1 ýUE N -CU 1RA T IdIFOO(TI-6
REPORT DETAILS
SAFEGUARDS
Cornerstone: Physical Protection (PP)
S02 Access Control (71130.02)
a. Inspection Scope
The inspector evaluated this area by: reviewing program procedures, implementing procedures, and records; conducting interviews with responsible personnel and plant employees; and performing walkdowns.
The inspector verified that:
- (1) the licensee's Access Control program complied with the NRC-approved security plan and regulatory requirements;
- (2) the licensee had control measures and equipment in place to detect and prevent the introduction of contraband into the Protected Area (PA); and
- (3) the licensee's identification and authorization processes ensured that only those personnel that have been properly screened are granted unescorted access to the PA and Vital Area (VA).
The inspector conducted the following specific inspection activities:
reviewed and evaluated licensee event reports, safeguards log entries and corrective action documents dated between February 2009 and February 2010 which were associate with Access Control; verified that:
- (a) the licensee had a procedure that adequately described the method to immediately notify security to block badges for personnel who have had their access suspended;
- (b) individuals responsible for implementing personnel access denial procedures were knowledgeable of how to effectively implement the procedures;
- (c) identified procedure changes have not reduced the effectiveness of any of the security plans; and
- (d) the licensee implemented and maintained measures, as necessary, to protect badging and/or other access control activities; verified that:
- (a) in-processing searches of personnel, packages, and vehicles at access locations during peak ingress times were performed in compliance with established procedures;
- (b) any collateral duty that security personnel conducting access control or search activities may perform did not adversely impact their ability to perform their primary duty in ac6ordance with the security plan and implementing procedures;
- (c) the licensee had sufficient staffing for processing personnel and equipment at the access control points in accordance with the
0AFl I
security plan and implementing procedures; and
- (d) the licensee properly implemented processes for control of packages and materials, and for material that was exempted from search; verified that the licensee manually controlled access to VAs when electronic controls were not in service; and verified that: (a),the licensee had a program in place for controlling and accounting for hard keys to PA and VA, and for the replacement or changing of lock cores if a key was lost or compromised;
- (b) personnel granted escorted access to the PA were badged to indicate that an escort was required; had registered his or her name, date, time, purpose of visit, employment affiliation, citizenship, and name of the individual visited; and the licensee had records of the escorted access retained for 3 years;
- (c) the licensee had control of all locations (designed and used for access) where packages, personnel, and vehicles could be brought into the protected area;
- (d) access control personnel identified authorized packages and could identify unauthorized packages and materials; and
- (e) the licensee implemented and maintained control functions for vehicles delivering hazardous material within the site's PA.
The inspector routinely reviewed access control program-related issues during baseline inspection activities to verify that they were being entered into the licensee's corrective action system at an appropriate threshold, that adequate attention was being given to timely corrective actions, and that adverse trends were identified and adequately addressed.
The inspector completed 16 of the required 16 samples.
b. Findings
No findings of significance were identified.
S06 Protection of Safeguards Information (71130.06)
a. Inspection Scope
The inspector evaluated this area by: reviewing procedures and records; and by conducting interviews with responsible personnel and plant employees.
The inspector verified that licensee's information protection system effectively protected Safeguards Information (SGI) as defined in 10 CFR 73.21, 10 CFR 73.22, and 10 CFR 73.23 and prevented unauthorized disclosure.
OIFFý IA US ONLY-SCUrlTY "DAN6R'MýIA ON
OF ICA Si/ L S(EXC'R Y--REkAT-II&1VI'ATION The inspector conducted the following specific inspection activities:
verified that the licensee established, implemented, and-maintained an information protection system that included the applicable measures for Safeguards Information as specified in 10 CFR 73.22 and subsequently published U. S. Nuclear Regulatory Commission Orders; verified that only authorized personnel were provided access to SGI and that the licensee's process for authorizing access to SGI was based on the criteria specified in 10 CFR 73.22; verified for the protection of SGI that:
- (a) the licensee stored unattended SGI in storage containers with locks that possessed the characteristics identified in 10 CFR 73.2, Definitions, "Security Storage Containers" and "Locks;"
- (b) the licensee's security storage containers used to store SGI did not bear identifying marks that indicated or identified the sensitivity of the information contained within;
- (c) access to the combination to the licensee's security storage containers used to store SGI was controlled to preclude access to individuals not authorized access to SGI;
- (d) the licensee implemented measures for the control of SGI while in-use or outside of a locked security storage container and that the measures required SGI to remain under the control of an individual who was authorized access to SGI; and
- (e) the licensee reviewed security-related information against the criteria for SGI and properly designated, protected and controlled SGI in accordance with regulations and site procedures; verified for marking of SGI that the licensee:
- (a) implemented a process to ensure that documents or other matter, containing SGI, were conspicuously marked on the top and bottom of each page, i.e., "Safeguards Information;"
- (b) implemented a process to ensure that the first page of documents containing SGI bear the name, title, and organization of the individual authorized to make an SGI determination, and who has determined that the document or other matter contains SGI; the date the determination was made; and indicates that unauthorized disclosure will be subject to civil and criminal sanctions;
- (c) used a process to prepare documents containing SGI for delivery to the NRC which included marking of-transmittal letters or memoranda to indicate that attachments or enclosures contain SGI but that the transmittal document or other matter does not (i.e., "when separated from SGI attachment or enclosure, this document is decontrolled."); and
- (d) used a process to prepare documents containing SGI for delivery to the NRC which included portion marking in accordance with the regulation; verified for processing, reproducing, and transmitting SGI that:
- (a) the licensee's stand-alone computers or computer systems used to process SGI were not connected to a network that was accessible by users not authorized access to SGI;
- (b) the licensee's computers used to process SGI that were not located within an approved security storage container had a removable information storage medium that contains a bootable operating system (used to initialize the
F\\GFFCI US ON - ýEC IYTy/RE6TýINQRM`t1Q
SE'U 1-Y, T Rý computer);
- (c) the licensee locked removable storage mediums from SGI computers in a security storage container when not in use;
- (d) equipment used by the licensee to reproduce SGI did not allow unauthorized access to SGI by means of retained memory or network connectivity;
- (e) the licensee's processes for transporting SGI outside of an authorized place of use or storage included the following measures: 1) documents were packaged in two sealed envelopes or wrappers to conceal the presence of SGI; 2) the inner envelope or wrapper contained the name and address of the intended recipient and was marked on both sides, top, and bottom with the words "Safeguards Information"; and 3) the outer envelope or wrapper was opaque, addressed to the recipient, contained the address of sender, and had no markings or indication of the SGI contained within; and
- (f) the licensee's processes for the electronic transmission of SGI outside of an authorized place of use or storage included the use of NRC approved secure electronic devices, such as facsimiles ortelephone devices or electronic mail that was encrypted by (Federal Information Processing Standard (FIPS) 140-2 or later) a method that has been approved by the NRC; verified for removal from SGI category and SGI destruction that:
- (a) the licensee implemented a process for the removal of documents, or other matter from the SGI category when the information no longer met the criteria of SGI;
- (b) the licensee's processes for decontrolling SGI included measures to obtain the authority to remove the information from the SGI category through NRC approval or through consultation with the organization or individual who made the original SGI determination; and
- (c) the licensee established a process for the destruction of SGI and that its method of destruction precluded reconstruction by means available to the public at large; and verified that the licensee was conducting security program reviews in accordance with 10 CFR 73.55(m) and that the licensee's program for the protection of SGI was included in a review as required by the regulation.
The inspector reviewed protection of SGI-related issues during baseline inspection activities to verify that they were being entered into the licensee's corrective action system at an appropriate threshold, that adequate attention was being given to timely corrective actions, and that adverse trends were identified and adequately addressed.
The inspector completed 22 of the required 22 samples.
b. Findings
No findings of significance were identified.
OTHER ACTIVITIES
4OA1 Performance Indicator Verification
a. Inspection Scope
Cornerstone: Security
The inspector sampled licensee submittals for the performance indicator (PI) listed below for the period from February 2009 through February 2010. To verify the accuracy of the PI data reported during that period, PI definitions and guidance contained in NEI 99-02, "Regulatory Assessment Indicator Guideline," Revision 5, were used to verify the basis for reporting each data element. A sample of plant records related to security events, security shift activity logs, and maintenance records were reviewed. The following PI was reviewed:
Protected Area Security Equipment The inspector completed 1 of 1 sample.
b. Findinqs No findings of significance were identified.
40A3 Event Followup
.1 (Closed) LER 05000461/2009-002-00, Contractor Falsified Information for Unescorted
Access Authorization On September 14, 2009, a contract employee did not fully disclose relevant details of employment history. in the employee's request for unescorted access. On September 18, 2009, the licensee obtained additional information related to the contract employee's previous employment history, conducted an investigation, and, upon completion, confirmed the contract employee did not fully disclose the relevant details of the previous employment. On September 18, 2009, the contract employee's unescorted access was terminated. The LER was reviewed by the inspector's and no findings of significance were identified and no violation of NRC requirements occurred. This LER is closed
,7 ý )L E I-/E ýA
40A6 Meetings Exit Meetinq The inspector presented the inspection results to Mr. F. A. Kearney and other members of licensee management at the conclusion of the inspection on February 4, 2010. The inspector asked the licensee whether any materials examined during the inspection should be considered proprietary. No proprietary information was identified.
ATTACHMENT:
SUPPLEMENTAL INFORMATION
KEY POINTS OF CONTACT
Licensee
- F. Kearney, Site Vice President
- M. Kanavos, Plant Manager
- M. Hiter, Security Analyst
- S. Gackstetter, Regulatory Assurance Manager
- C. Williamson, Security Manager
- J. Waddell, Security Supervisor
- D. Montgomery, Access Authorization
Nuclear Regulatory Commission
- B. Kemker, Senior Resident Inspector
- D. Lords, Resident Inspector
LIST OF ITEMS OPENED, CLOSED, AND DISCUSSED
Opened
None
Closed
- 05000461/2009-002-00 LER Contractor Falsified Information for Unescorted Access Authorization (Section 40A3.1)
Discussed
None
-1- Attachmen