Redacted Version of License Amendment Request for Approval of the Revised STP Cyber Security Plan Implementation Schedule

ML14142A013
Person / Time
Site:	South Texas
Issue date:	05/08/2014
From:	Meier M South Texas
To:	Document Control Desk, Office of Nuclear Reactor Regulation
References
NOC-AE-14003132, STI: 33870100, TAC ME4461, TAC ME4462
Download: ML14142A013 (26)
v • d • e

Text

Nuclear Operating Company South Tewas Proect Ekcnc GeperatinqSafhI? P0 &-w 219 fdtm4rth. 7&s 77483 May 8, 2014 NOC-AE-14003132 10 CFR 50.90 U. S. Nuclear Regulatory Commission Attention: Document Control Desk Washington, DC 20555-0001 South Texas Project Units 1 and 2 Docket Nos. STN 50-498 and STN 50-499 Redacted Version of License Amendment Request for Approval of the Revised STP Cyber Security Plan Implementation Schedule (TAC NOS. ME4461 AND ME4462)

Reference:

Letter from Mike Meier dated May 8, 2014, to the NRC, "License Amendment Request for Approval of the Revised STP Cyber Security Plan Implementation Schedule (TAC Nos. ME4461 AND ME4462)" (NOC-AE-14003110)

In the referenced letter, STP Nuclear Operating Company (STPNOC) submitted a License Amendment Request (LAR) to propose a change to the STP Cyber Security Plan Milestone 8 full Implementation date. With this submittal STPNOC provides a redacted version of the LAR.

The redacted version of the LAR does not contain security related information (SRI) and is suitable for public disclosure.

The Enclosure with this letter contains the Proposed Change, Technical Evaluation, the revised schedule as Attachment 1 with the SRI redacted. The Description, Background, Regulatory Analysis, Environmental Considerations, References, Attachment 2 and Attachment 3 are not SRI documents.

There are no new commitments in this letter.

If there are any questions regarding the proposed (361) 972-8385.

Vice President, Corporate Services mk

Enclosure:

Proposed revision to the STP Cyber Security Plan (CSP) Milestone 8 full implementation date (Redacted)

STI: 33870100

NOC-AE-14003132 Page 2 of 2 cc: (paper copy) (electronic copy)

Regional Administrator, Region IV Steven P. Frantz, Esquire U. S. Nuclear Regulatory Commission A. H. Gutterman, Esquire 1600 East Lamar Boulevard Morgan, Lewis & Bockius LLP Arlington, TX 76011-4511 Balwant K. Singal Balwant K. Singal Stewart Bailey Senior Project Manager Jack Davis U.S. Nuclear Regulatory Commission Robert Elliott One White Flint North (MS 8 B1) Michael Markley 11555 Rockville Pike John Stang Rockville, MD 20852 U. S. Nuclear Regulatory Commission NRC Resident Inspector John Ragan U. S. Nuclear Regulatory Commission Chris O'Hara P. 0. Box 289, Mail Code: MN116 Jim von Suskil Wadsworth, TX 77483 NRG South Texas LP Jim Collins L. D. Blaylock City of Austin Kevin Polio Electric Utility Department Cris Eugster 721 Barton Springs Road City Public Service Austin, TX 78704 Peter Nemeth Crain Caton & James, P.C.

C. Mele City of Austin Richard A. Ratliff Robert Free Texas Department of State Health Services

EncloRsure and Attachment I contain Security Related Information Withhold From Public NOC-AE-14003132 DiSclosure in Accordance With 10 CFR 2.390 Enclosure ENCLOSURE Evaluation of the Proposed Change

Subject:

Proposed revision to the STP Cyber Security Plan (CSP) Milestone 8 full implementation date (Redacted)

1.0 DESCRIPTION

2.0 PROPOSED CHANGE

3.0 BACKGROUND

4.0 TECHNICAL ANALYSIS

5.0 REGULATORY ANALYSIS

5.1 No Significant Hazards Consideration 5.2 Applicable Regulatory Requirements/Criteria

6.0 ENVIRONMENTAL CONSIDERATION

7.0 PRECEDENTS

8.0 REFERENCES

ATTACHMENTS:

1. STP Cyber Security Plan Implementation Schedule for Milestone 8 (Redacted)

2. Proposed Operating License Pages for Unit 1 and Unit 2

3. Revised Operating License Pages for Unit 1 and Unit 2

Enclocure and Attachm;Fent 1 contain Security NOC-AE-14003132 Related Informnation Withhold Fromn Public Enclosure DiSclocure in Accordance With 10 CFR 2.390 Page 1 of 15

1.0 DESCRIPTION

By this letter, STP Nuclear Operating Company (STPNOC) requests an amendment to the South Texas Project Unit 1 Operating License (NPF-76) and South Texas Project (STP) Unit 2 Operating License (NPF-80). The proposed change would revise the Operating Licenses for the South Texas Project Units 1 and 2.

/

2.0 PROPOSED CHANGE

The proposed amendment would revise the STP Cyber Security Plan (CSP) Milestone 8 full implementation date as set forth in the STP Cyber Security Plan Implementation Schedule. This License Amendment Request (LAR) proposes additional text that will add the amendment number for this LAR to the existing cyber security license condition in Paragraph 2.H of Operating License Nos. NPF-76 and NPF-80 for STP Units 1 and 2 respectively.

The current license condition requires STPNOC to fully implement the CSP by

=] in accordance with the implementation schedule submitted on July 27, 2010 (Reference 8.1). The proposed change amends the sentence in the existing Operating License Physical Protection license condition to require STPNOC to complete full implementation of Milestone 8, of the Commission approved plan byF

3.0 BACKGROUND

Cyber security requirements are codified in 10 CFR 73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by 10 CFR 73.1 (a)(1)(v). 10 CFR 73.54 specifically requires operating licensees implement a CSP that satisfies the requirements of the Rule in accordance with an NRC approved CSP implementation schedule.

On July 26, 2011, the NRC issued amendments to the STPNOC Unit 1 and Unit 2 Operating License (Reference 8.2) in response to a License Amendment Request for Approval of Cyber Security Plan dated July 27, 2010 as supplemented by letters dated September 23, 2010 (ADAMS Accession No. ML102770095), November 30, 2010 (ADAMS Accession No. ML103400100), April 4, 2011, April 28, 2011 (ADAMS Accession No. ML11123A216), May 18, 2011 (ADAMS Accession No. ML11144A149),

and June 28, 2011, STP Nuclear Operating Company requested changes to the operating licenses for South Texas Project (STP), Units 1 and 2.

The Operating License amendments approved the STP CSP and associated implementation schedule, and revised paragraph 2.H of the Operating License for Unit 1 and Unit 2 to provide a license condition to require STPNOC to fully implement and maintain in effect all provisions of the NRC-approved Cyber Security Plan implementation schedule. Any change to the NRC-approved CSP implementation schedule requires prior NRC approval pursuant to 10 CFR 50.90.

E~ncloSUre and Atachment 1 contain SecUrity NOC-AE-14003132 Related information Withhold From Public Enclosure DiscloSUre in Accordare W.Vith 10 CFR IN390 Page 2 of 15 STPNOC underestimated the scope of analysis involved with identification of critical digital assets and determination of the security controls to apply to those assets. The first seven milestones of the STP CSP Implementation Plan are complete. Higher priority activities are planned for completion by the current Milestone 8 date. Implementation of the remainder of the STP CSP Implementation Schedule will require an extension of the Milestone 8 full implementation date.

4.0 TECHNICAL ANALYSIS

The Enclosure proposes a change to the Milestone 8 full implementation date of the STP CSP Implementation Schedule. In addition, the request includes proposed changes to the existing Operating License conditions for "Physical Protection" (Attachment 1 to the Enclosure). The current license condition requires STPNOC to fully implement the STP CSP by I fin accordance with the implementation schedule submitted in correspondence to the NRC dated July 27, 2010. (Reference 8.1). The revised implementation schedule proposes a date of I The following technical analysis provides information concerning eight criteria that serves to explain the current status of the STPNOC Cyber Security Program and the need for the Milestone 8 date revision. The analysis clearly describes how prioritization of STPNOC's completed and planned implementation actions will provide assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by 10 CFR 73.1 (a)(1)(v) at STPNOC until the full program is implemented by the proposed date.

E=--In-lr and Attachment , contain Seurity NOC-AE-14003132 Related

.n..rmat;oe n Withhold Frotm Public Enclosure DiGGIGSUrc On Accordance With 10 CFR 2.390 Page 3 of 15

E~ncloSUre and Attachment I Gcontain SecUrity NOC-AE-14003132 Rolated Information Withhold From Public Enclosure D*scGosure in Accordance 'Nith 10 CFR 2.390 Page 4 of 15

Enclo-sure and Attachment 1 contain SecUrity NOC-AE-14003132 Rea OdIFomation WAithheld From~ Public Enclosure Accordance With 10 CFR 2.390 DiSclosure Fin Page 5 of 15

EnclGosure and Attachment 1 contain Security NOC-AE-14003132 RltdInformation WAithheld From Public Enclosure D~iscloSure On AccordanGe Wimth 10 CFR 2.390 Page 6 of 15

EnclIosure and Attachment 1 contain Security NOC-AE-14003132 Related information Withhold F=rom ,Public Enclosure DiscloSUre in Accordance nWth 10 CFR 2.300 Page 7 of 15

u Enclosure and Attachment contain Security NOC-AE-14003132 Related nformatiorn Withhold FroFm Public Enclosure IDisclosure in Accordance Wimth 10 CFR 2.390 Page 8 of 15

Enclosure and Attachment I contain Security NOC-AE-14003132 Replated Information W.ithhold Froem PublicG Enclosure D)Sisclosure in Accordance Wimth ID CFR 2.390 Page 9 of 15

Enloue anRd Attachmnent I contain Security NOC-AE-14003132 RltdInformation Withhold From~ Public Enclosure DiSclosure in Accordance With 10 CFR 2.390 Page 10 of 15

Enclo.'SUre and Attachment 1 coentain SccUrity NOC-AE-1 4003132 Related Informat-ion VIAlithhold From Public Enclosure DilosursVeIn AccordanceVluIth 10 CFR 2.390 Page 11 of 15

Enclosure and At.achmenthcodntain 9ePubit' NOC-AE-14003132 Related Informnation 'Withheld From Public Enclosure Disclo-sure- in Accordance With 10 CFR 2.390 Page 12 of 15

5.0 REGULATORY ANALYSIS

5.1 No Significant Hazards Consideration STPNOC has evaluated whether or not a significant hazards consideration is involved with the proposed amendment(s) by focusing on the three standards set forth in 10CFR50.92, "Issuance of amendment", as discussed below:

1. Do the proposed changes involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No The amendment proposes a change to the STP CSP Milestone 8 full implementation date as set forth in the STP CSP Implementation Schedule. The revision of the full implementation date for the STP CSP does not involve modifications to any safety-related structures, systems, or components (SSCs). Rather, the implementation schedule provides a timetable for fully implementing the STP CSP. The CSP describes how the requirements of 10 CFR 73.54 are to be implemented to identify, evaluate, and mitigate cyber attacks up to and including the design basis cyber attack threat, thereby achieving high assurance that the facility's digital computer and communications systems and networks are protected from cyber attacks. The revision of the STP CSP

Einclosure and Attachment I contain Security NOC-AE-14003132 Related Infomation Withhold From Public Enclosure Dicclpsurc in AccraedancGe With 10 CFR 2.390 Page 13 of 15 Implementation Schedule will not alter previously evaluated design basis accident analysis assumptions, add any accident initiators, modify the function of the plant safety-related SSCs, or affect how any plant safety-related SSCs are operated, maintained, modified, tested, or inspected.

Therefore, the proposed changes do not involve a significant increase in the probability or consequences of an accident previously evaluated.

2. Do the proposed changes create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No The implementation of the STP CSP does not introduce new equipment that could create a new or different kind of accident, and no new equipment failure modes are created. No new accident scenarios, failure mechanisms, or limiting single failures are introduced as a result of this proposed amendment.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.

3. Do the proposed changes involve a significant reduction in a margin of safety?

Response: No The margin of safety is associated with the confidence in the ability of the fission product barriers (i.e., fuel cladding, reactor coolant pressure boundary, and containment structure) to limit the level of radiation to the public. The proposed amendment does not alter the way any safety-related SSC functions and does not alter the way the plant is operated.

The STP CSP provides assurance that safety-related SSCs are protected from cyber attacks. The proposed amendment does not introduce any new uncertainties or change any existing uncertainties associated with any safety limit. The proposed amendment has no effect on the structural integrity of the fuel cladding, reactor coolant pressure boundary, or containment structure. Based on the above considerations, the proposed amendment does degrade the confidence in the ability of the fission product barriers to limit the level of radiation to the public.

Therefore the proposed change does not involve a reduction in a margin of safety.

Based on the above evaluations, STPNOC concludes that the proposed amendment(s) present no significant hazards under the standards set forth in 10CFR50.92(c) and, accordingly, a finding of "no significant hazards consideration" is justified.

5.2 Applicable Regulatory Requirements/Criteria

,-ncosue and tachment. contain Security NOC-AE-14003132 Related Information WfAithh'ld Fnrom Public Enclosure Disclosure inFAccordancR W!th 10 CFR 2.390 Page 14 of 15 The STP CSP and associated implementation schedule for STPNOC Units 1 and 2 were approved by the NRC on July 26, 2011 via License Amendments 197 for Unit 1 and 185 for Unit 2. License Amendments 197 for Unit 1 and 185 for Unit 2 approved the STP CSP and associated implementation schedule, and revised paragraph 2.H of the Operating License to provide a license condition to require STPNOC to fully implement and maintain in effect all provisions of the NRC-approved Cyber Security Plan. Any change to the NRC-approved CSP Implementation Schedule requires prior NRC approval pursuant to 10 CFR 50.90.

In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

6.0 ENVIRONMENTAL CONSIDERATION

The proposed amendment revises the full implementation schedule Milestone 8 date for the STP Unit I and Unit 2 Cyber Security Program. This proposed amendment will not involve any significant construction impacts. Pursuant to 10 CFR 51.22(c)(1 2), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.

7.0 PRECEDENTS None.

8.0 REFERENCES

8.1 Letter NOC-AE-1002568 dated July 27, 2010, from G. T. Powell to the NRC, "Submittal of License Amendment Request for Approval of the Cyber Security Plan" 8.2 Letter AE-NOC-11002124 dated July 26, 2011, from the NRC to Edward D.

Halpin approving the STP Cyber Security Plan and proposed Cyber Security Plan Implementation Schedule 8.3 Letter NOC-AE-10002602 dated September 23, 2010, from Charles T. Bowman to the NRC, "Notification Letter Designating South Texas Project Balance of Plant Systems Within the Cyber Security Rule Scope" 8.4 Letter NOC-AE-1 0002618 dated November 30, 2010, from A. Wayne Harrison, "Update to Notification Letter Designating South Texas Project Balance of Plant Systems Within the Cyber Security Rule Scope" 8.5 Letter NOC-AE-1 1002661 dated April 4, 2011, from Gerald T. Powell to the NRC, "Response to the Request for Additional Information Regarding Revision to the

EncloSUre and Attachment 1 contain Security NOC-AE-14003132 Related no nWithhold From Public Enclosure DisIclosure in Accor danc.e With 10 CFR 2.390 Page 15 of 15 Facility Operating License and Request for Review and Approval of the Cyber Security Plan (TAC Nos. ME4461 and ME4462)"

8.6 NEI 08-09, Revision 6, April 2010, "Cyber Security Plan for Nuclear Power Reactors".

8.7 Memorandum dated July 1, 2013 from Barry Westreich of the Cyber Security Directorate to Tom Blount, Director, Division of Reactor Safety, Region IV, "Enhanced Guidance for Licensee Near-Term Corrective Actions to Address Cyber Security Inspection Findings and Licensee Eligibility for 'Good-Faith' Attempt Discretion"

Attachment 1 STP Cyber Security Plan Implementation Schedule for Milestone 8

Enclosure and Attachment I contain Security' NOC-AE-14003132 Related ,Format.ion Withhold From Public Attachment 1 Dioseure in Accordance With 10 CFR 2.390 Page 1 of 1 I # Im lm ntto Ml sti Co peto Dat BasisI management, operational experience, etc) are currently in place and are well established within the nuclear industry.

7 Ongoing monitoring and assessment activities No later than The ongoing monitoring and assessment activities as commence, as described in Section 4.4, December 31, 2012 described in Section 4.4, "Ongoing Monitoring and "Ongoing Monitoring and Assessment" of the Assessment" of the Cyber Security Plan will be implemented CSP, for those target set CDAs whose security for the controls applied to target set CDAs. This action controls have been implemented. results in the commencement of the cyber security program for target set related CDAs.

8 Full implementation of STP Nuclear Operating {] By the completion date, STP Nuclear Operating Company Company Cyber Security Plan for all SSEP Cyber Security Plan will be fully implemented for all SSEP functions will be achieved, functions in accordance with 10 CFR 73.54. This date also bounds the completion of all individual asset security control design remediation actions including those that require a refuel outage for implementation.

The full implementation date includes the addition into scope of the Balance of Plant (BOP) SSCs that could directly or indirectly affect reactivity and could result in an unplanned reactor shutdown or transient.

Attachment 2 Proposed Operating License Pages For Unit I and Unit 2

SOUTH TEXAS LICENSE (4) The facility has been granted a schedular exemption from Section 50.71 (e)(3)(i) of 10 CFR 50 to extend the date for submittal of the updated Final Safety Analysis Report to no later than one year after the date of issuance of a low power license for the South Texas Project, Unit 2. This exemption is effective until August 1990. The staffs environmental assessment was published on December 16, 1987 (52 FR 47805).

E. Fire Protection STPNOC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report through Amendment No. 55 and the Fire Hazards Analysis Report through Amendment No. 19, and submittals dated April 29, May 7, 8 and 29, June 11, 25 and 26, 1987; February 3, March 3, and November 20, 2009; January 20, 2010; and as approved in the SER (NUREG-0781) dated April 1986 and its Supplements, subject to the following provision:

STPNOC may make changes to the approved fire protection program without prior approval of the Commission, only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

F. Physical Security STPNOC shall fully implement and maintain in effect all provisions of the physical security, training and qualification, and safeguards contingency plans previously approved by the Commission and all amendments and revisions to such plans made pursuant to the authority under 10 CFR 50.90 and 10 CFR 50.54(p).

The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822), and the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "South Texas Project Electric Generating Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letters dated May 17 and 18, 2006.

STPNOC shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). STPNOC CSP was approved by License Amendment No. 197 Oinid supplem'eted.by .Licens amendment No. XXX.

G. Not Used H. Financial Protection The Owners shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

Amendment No. 197 NPF 76-9

(2) The facility was previously granted exemption from the criticality monitoring requirements of 10 CFR 70.24 (See Materials License No.

SNM-1983 dated August 30,1988 and Section III.E. of the SER dated August 30, 1988). The South Texas Project Unit 2 is hereby exempted from the criticality monitoring provisions of 10 CFR 70.24 as applied to fuel assemblies held under this license.

(3) The facility requires a temporary exemption from the scheduler requirements of the decommissioning planning rule, 10 CFR 50.33(k) and 10 CFR 50.75. The justification for this exemption is contained in Section 22.2 of Supplement 6 to the Safety Evaluation Report. The staffs environmental assessment was published on December 16, 1988 (53 FR 50604). Therefore, pursuant to 10 CFR 50.12(a)(1), 50. 12(a)(2)(ii) and

50. 12(a)(2)(v), the South Texas Project, Unit 2 is hereby granted a temporary exemption from the schedular requirements of 10 CFR 50.33(k) and 10 CFR 50.75 and is required to submit the decommissioning plan for both South Texas Project, Units 1 and 2 on or before July 26, 1990.

E. Fire Protection STPNOC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report through Amendment No. 62 and the Fire Hazards Analysis Report through Amendment No. 19, and submittals dated April 29, May 7, 8 and 29, June 11, 25, and 26, 1987; February 3, March 3, and November 20, 2009; January 20, 2010; and as approved in the SER (NUREG-0781) dated April 1986 and its Supplements, subject to the following provisions:

STPNOC may make changes to the approved fire protection program without prior approval of the Commission, only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

F. Physical Security The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822), and the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "South Texas Project Electric Generating Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letters dated May 17 and 18, 2006.

STPNOC shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). STPNOC CSP was approved by License Amendment No. 185 Jndw lerited!myLicens*

KmendmentNo.XXX.

Amendment No. 185 NPF 80-8

Attachment 3 Revised Operating License Pages For Unit 1 and Unit 2

SOUTH TEXAS LICENSE (4) The facility has been granted a schedular exemption from Section 50.71 (e)(3)(i) of 10 CFR 50 to extend the date for submittal of the updated Final Safety Analysis Report to no later than one year after the date of issuance of a low power license for the South Texas Project, Unit 2. This exemption is effective until August 1990. The staffs environmental assessment was published on December 16, 1987 (52 FR 47805).

E. Fire Protection STPNOC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report through Amendment No. 55 and the Fire Hazards Analysis Report through Amendment No. 19, and submittals dated April 29, May 7, 8 and 29, June 11, 25 and 26, 1987; February 3, March 3, and November 20, 2009; January 20, 2010; and as approved in the SER (NUREG.0781) dated April 1986 and its Supplements.

subject to the following provision:

STPNOC may make changes to the approved fire protection program without prior approval of the Commission, only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

F. Physical Security STPNOC shall fully implement and maintain in effect all provisions of the physical security, training and qualification, and safeguards contingency plans previously approved by the Commission and all amendments and revisions to such plans made pursuant to the authority under 10 CFR 50.90 and 10 CFR 50.54(p).

The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822), and the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "South Texas Project Electric Generating Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letters dated May 17 and 18, 2006.

STPNOC shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). STPNOC CSP was approved by License Amendment No. 197 and supplemented by License Amendment No. XXX.

G. Not Used H. Financial Protection The Owners shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims.

Amendment No. 4-97 NPF 76-9

(2) The facility was previously granted exemption from the criticality monitoring requirements of 10 CFR 70.24 (See Materials License No.

SNM-1983 dated August 30, 1988 and Section III.E. of the SER dated August 30, 1988). The South Texas Project Unit 2 is hereby exempted from the criticality monitoring provisions of 10 CFR 70.24 as applied to fuel assemblies held under this license.

(3) The facility requires a temporary exemption from the scheduler requirements of the decommissioning planning rule, 10 CFR 50.33(k) and 10 CFR 50.75. The justification for this exemption is contained in Section 22.2 of Supplement 6 to the Safety Evaluation Report. The staffs environmental assessment was published on December 16, 1988 (53 FR 50604). Therefore, pursuant to 10 CFR 50.12(a)(1), 50. 12(a)(2)(ii) and

50. 12(a)(2)(v), the South Texas Project, Unit 2 is hereby granted a temporary exemption from the schedular requirements of 10 CFR 50.33(k) and 10 CFR 50.75 and is required to submit the decommissioning plan for both South Texas Project, Units 1 and 2 on or before July 26, 1990.

E. Fire Protection STPNOC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Final Safety Analysis Report through Amendment No. 62 and the Fire Hazards Analysis Report through Amendment No. 19, and submittals dated April 29, May 7, 8 and 29, June 11, 25, and 26, 1987; February 3, March 3, and November 20, 2009; January 20, 2010; and as approved in the SER (NUREG-0781) dated April 1986 and its Supplements, subject to the following provisions:

STPNOC may make changes to the approved fire protection program without prior approval of the Commission, only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

F. Physical Security The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822), and the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "South Texas Project Electric Generating Station Security, Training and Qualification, and Safeguards Contingency Plan, Revision 2" submitted by letters dated May 17 and 18, 2006.

STPNOC shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). STPNOC CSP was approved by License Amendment No. 185 and supplemented by License Amendment No. XXX.

Amendment No. 4-6 NPF 80-8