ML15247A148
ML15247A148 | |
Person / Time | |
---|---|
Issue date: | 09/11/2015 |
From: | Westreich B Office of Nuclear Security and Incident Response |
To: | Earls C Nuclear Energy Institute |
Lee E | |
References | |
NEI 13-10, Rev 3 | |
Download: ML15247A148 (2) | |
Text
September 11, 2015 Christopher E. Earls, Sr. Director Engineering and Licensing Nuclear Energy Institute 1201 F Street NW, Ste 1100 Washington, DC 20004
SUBJECT:
NUCLEAR ENERGY INSTITUTE 13-10, CYBER SECURITY CONTROL ASSESSMENTS, REVISION 3, DATED SEPTEMBER 2015
Dear Mr. Earls:
In your letter dated September 3, 2014 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML15247A139), you requested that the U.S. Nuclear Regulatory Commission (NRC) staff review and endorse the Nuclear Energy Institutes (NEIs) guidance document NEI 13-10, Cyber Security Control Assessments, Revision 3, dated September 2015 (ADAMS ML15247A140). The NRC staff completed its review of the template and the examples based on NEI 13-10, Revision 0 that the NRC found acceptable for use on February 3, 2014 (ADAMS ML14031A158) and NEI 08-09 Cyber Security Plan for Nuclear Power Reactors, Revision 6, dated April 2010.
The purpose of the NEI 13-10, Revision 3 is to include guidance for classifying critical digital assets based on their capabilities and to provide guidance on performing cyber security assessments that address the required technical security controls provided in the licensees cyber security plans for the different classes of the CDAs.
Staff has concluded that NEI 13-10, Revision 3 is acceptable for use by licensees to address the required cyber security controls provided in their cyber security plans. The licensees use of NEI 13-10 to implement cyber security programs to comply with their NRC approved cyber security plans is subject to NRCs inspections.
Please contact Russell Felts at (301) 287-3734 or Eric Lee at (301) 287-3461 if you have any questions.
Sincerely,
/RA/
Barry Westreich, Director Cyber Security Directorate Office of Nuclear Security and Incident Response
Christopher E. Earls, Sr. Director Engineering and Licensing Nuclear Energy Institute 1201 F Street NW, Ste 1100 Washington, DC 20004
SUBJECT:
NUCLEAR ENERGY INSTITUTE 13-10, CYBER SECURITY CONTROL ASSESSMENTS, REVISION 3, DATED SEPTEMBER 2015
Dear Mr. Earls:
In your letter dated September 3, 2014 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML15247A139), you requested that the U.S. Nuclear Regulatory Commission (NRC) staff review and endorse the Nuclear Energy Institutes (NEIs) guidance document NEI 13-10, Cyber Security Control Assessments, Revision 3, dated September 2015 (ADAMS ML15247A140). The NRC staff completed its review of the template and the examples based on NEI 13-10, Revision 0 that the NRC found acceptable for use on February 3, 2014 (ADAMS ML14031A158) and NEI 08-09 Cyber Security Plan for Nuclear Power Reactors, Revision 6, dated April 2010.
The purpose of the NEI 13-10, Revision 3 is to include guidance for classifying critical digital assets based on their capabilities and to provide guidance on performing cyber security assessments that address the required technical security controls provided in the licensees cyber security plans for the different classes of the CDAs.
Staff has concluded that NEI 13-10, Revision 3 is acceptable for use by licensees to address the required cyber security controls provided in their cyber security plans. The licensees use of NEI 13-10 to implement cyber security programs to comply with their NRC approved cyber security plans is subject to NRCs inspections.
Please contact Russell Felts at (301) 287-3343 or Eric Lee at (301) 287-3461 if you have any questions.
Sincerely, Barry Westreich, Director Cyber Security Directorate Office of Nuclear Security and Incident Response Distribution:
E. Lee, NSIR ADAMS #: ML15247A148 OFFICE CSD/NSIR DD:CSD/NSIR D:CSD/NSIR NAME E. Lee R. Felts B. Westreich DATE 09/11/15 09/ /15 09/11/15