IR 05000255/2015407

From kanterella
(Redirected from ML15289A409)
Jump to navigation Jump to search
IR 05000255/2015407, on 09/14/2015 - 09/17/2015, Palisades Nuclear Plant, Unit 1; Temporary Instruction 2201/004; Inspection of Implementation of Interim Cyber Security Milestones 1 - 7. - Cover Letter Only (Akd)
ML15289A409
Person / Time
Site: Palisades Entergy icon.png
Issue date: 10/14/2015
From: Robert Daley
Engineering Branch 3
To: Vitale A
Entergy Nuclear Operations
References
IR 2015407
Download: ML15289A409 (3)


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION ber 14, 2015

SUBJECT:

PALISADES NUCLEAR PLANT, UNIT 1 - INSPECTION OF TEMPORARY INSTRUCTION 2201/004, INSPECTION OF IMPLEMENTATION OF INTERIM CYBER SECURITY MILESTONES 1 - 7 INSPECTION REPORT 05000255/2015407

Dear Mr. Vitale:

On September 17, 2015, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at your Palisades Nuclear Plant. The inspection covered the interim cyber security Milestones 1 - 7 of the security cornerstone. The enclosed inspection report documents the inspection results, which were discussed on September 17, 2015, with Mr. P. Russell and other members of your staff.

The inspection examined activities conducted under your license as they relate to cyber security and compliance with the Commissions rules and regulations, and with the conditions of your license. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel.

One NRC-identified finding of very low significance (Green) was identified during this inspection. The finding was determined to involve violation of NRC requirements. Further, two licensee-identified violations which were determined to be of very low significance (Green)

are listed in Section 4OA7 of this report. The NRC is treating these violations as Non-Cited Violations (NCVs) consistent with Section 2.3.2 of the Enforcement Policy. However, In accordance with the Security Issues Forum (SIF) Charter, the NRC can exercise enforcement discretion during inspection of interim cyber security measures for licensees who demonstrate a good-faith interpretation and attempt to implement Milestones 1 - 7. This discretion applies to licensees who have tried to implement the new requirements, but failed to be in full compliance.

Before discretion is considered or granted for any issue, licensees must accept the finding, put the finding into their Corrective Action Program, and take appropriate corrective action once identified.

These issues were discussed and reviewed during the SIF Meeting conducted on September 30, 2015. The results of the SIF Panel review concluded that although these issues constituted violations of your facility operating license, and Title 10, Code of Federal Regulations (CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and Networks, the NRC is exercising enforcement discretion. The NRC is not taking enforcement action for these violations because they meet the criteria established in an NRC Enclosure contains Sensitive Unclassified Non-Safeguards Information. When separated from enclosure, this transmittal document is decontrolled. memorandum from Barry C. Westreich, Director, Cyber Security Directorate, Office of Nuclear Security and Incident Response, to each regional office and Director, Division of Reactor Safety, Subject: Enhanced Guidance for Licensee Near-Term Corrective Actions to Address Cyber Security Inspection Findings and Licensee Eligibility for Good-Faith Attempt Discretion, dated July 1, 2013 (Agencywide Documents Access and Management System (ADAMS)

Accession Number ML13178A203). Consistent with the NRC Memorandum, upon completion of all corrective actions, you are requested to provide written notification to the NRCs regional office as to the method and date of closure for the identified issue(s).

In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding, of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRCs Public Document Room or from the Publicly Available Records (PARS)

component of the NRC's ADAMS. ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).

However, the material enclosed herewith contains Security-Related Information in accordance with 10 CFR 2.390(d)(1) and its disclosure to unauthorized individuals could present a security vulnerability. Therefore, the material in the enclosure will not be made available electronically for public inspection in the NRC Public Document Room or from the PARS component of NRC's ADAMS. If you choose to provide a response and Security-Related Information is necessary to provide an acceptable response, please mark your entire response Security-Related Information - Withhold from public disclosure under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). In accordance with 10 CFR 2.390(b)(1)(ii), the NRC is waiving the affidavit requirements for your response.

Sincerely,

/RA/

Robert C. Daley, Chief Engineering Branch 3 Division of Reactor Safety Docket No. 50-255 License No. DPR-20 Nonpublic Enclosure:

IR 05000255/2015407 cc w/encl: K. Yale, State Liaison Officer, State of Michigan DISTRIBUTION w/encl:

B. Westreich, NSIR S. Shaeffer, RII R. Felts, NSIR G. Werner, RIV J. Rogge, RI N. Coleman, OE cc w/o encl: Distribution via LISTSERV