ML14325A526
| ML14325A526 | |
| Person / Time | |
|---|---|
| Site: | Oconee, Mcguire, Catawba, Harris, Brunswick, Crystal River, Robinson, McGuire, 07200006, 07200040, 07200003, 07200060, Levy County, 05200022, 05200023, Lee  |
| Issue date: | 12/02/2014 |
| From: | Geoffrey Miller Plant Licensing Branch II |
| To: | Kapopoulos E Duke Energy Carolinas |
| Miller G | |
| References | |
| Download: ML14325A526 (3) | |
Text
Mr. Ernest J. Kapopoulos Vice President UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 December 2, 2014 Corporate Governance and Operations Support Duke Energy Carolinas, LLC
. 526 South Church Street Charlotte, NC 28202 0
SUBJECT:
DUKE ENERGY CAROLINAS, LLC-USE OF ENCRYPTION SOFlWARE FOR ELECTRONIC TRANSMISSION OF SAFEGUARDS INFORMATION
Dear Mr. Kapopoulos:
By letter dated October 28, 2014 (Agencywide Documents Access and Management System Accession No. ML14310A184), you requested approval to process and transmit Safeguards Information (SGI) using the Pretty Good Privacy (PGP), Version 10.3, encryption product. This request was applicable for use at Oconee Nuclear Station, McGuire Nuclear Station, Catawba Nuclear Station, Lee Nuclear Station, Brunswick Nuclear Plant, Crystal River Nuclear Plant, Harris Nuclear Plant, Robinson Nuclear Plant, Levy Nuclear Plant, and the Nuclear General Office. In support of this request, you submitted a copy of National Institute of Standards and Technology (NIST) Consolidated Certificate No. 0014 which shows that this software development tool complies with Federal Information Processing Standards (FIPS) 140-2, "Security Requirements for Cryptographic Modules."
The U.S. Nuclear R~gulatory Commission (NRC) staff finds the use of the PGP encryption product, Version 10.3 for the aforementioned sites to be acceptable provided that you periodically check the NIST website, http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140crt/FIPS140ConsolidatedCertlist0014.pdf, to ensure that the cryptographic algorithm is continuously approved by NIST. The NRC approves only those cryptographic algorithms approved by NIST. Thus, if NIST no longer approves certain cryptographic algorithms, the NRC approval of that cryptographic algorithm would no longer be valid.
Title 10 of the Code of Federal Regulations Paragraph 73.22(f)(3), states in part,.
"... Safeguards Information shall be transmitted outside an authorized place of use or storage only by NRC approved secure electronic devices." The Secretary of Commerce has made use of Cryptographic Module Validation Program products mandatory and binding for Federal agencies when a Federal agency determines that cryptography is necessary for protecting*
sensitive information.
E. Kapopoulos
- 2.-
The public key should be named according to the following syntax:
LastName_FirstName_Organization.asc.
This naming convention represents the organizational point of contact indicated as owning the key. Please provide the public key for transmitting SGI and
- the point of contact information (name, telephone number and e-mail address) to the NRC point of contact provided below. All SGI holders must employ an appropriate credentialing process to verify that individuals provided with public keys are legitimate users. Private keys must be controlled as SGI.
The NRC technical point of contact regarding the use of mobile telephone devices to transmit SGI, by licensees, is Mr. Robert Norman, Senior Security Program Manager, Information Security Branch, Division of Security Operations, Office of Nuclear Security and Incident Response. He can be reached at (301) 415-2278 or via e-mail at Robert. Norman@nrc.gov.
If you have any questions or concerns regarding this approval, please contact me at (301) 415-2481 or via e-mail at ed.miller@nrc.gov.
Si&,jAu1 G. Edward Miller, Project Manager Plant Licensing Branch 11-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos.
50-413, 50-414,72-045, 50-369, 50-370,72-038, 50-269, 50-270, 50-287,72-004, 72-040,52-018, 52-019, 50-400, 52-22, 52-23, 50-325, 50-324,72-006, 50-261,72-003, 72-060, 50-302,52-029, 52-030 cc:
Distribution via Listserv (Part 50 dockets)
- via phone
- via e-mail OFFICE N RR/DORL/LPLII-1/PM N RR/DORULPLII-1/LA N RR/DORULPLII-2/PM NRR/DORULPLII-2/PM NAME GEMiller SFigueroa MBarillas AHon DATE 12/01/14 11/25/14 11/25/14 11/25/14 OFFICE NRR/DORULPLIV-2 NRO/DNRLILB4 NMSS/DSFM/SFLB/PM NRR/DORL/LPLII-1/BC NAME MOrenak DHabib*
JNguyen*
RPascarelli DATE 12/01/14 11/25/14 12/01/14 12/02/14 OFFICE NSI R/DSOIISB/PM NSI R/DSO/ISB/BC NAME RNorman*
GWest**
I DATE 11/27/14 12/01/14
.