ML16076A051
| ML16076A051 | |
| Person / Time | |
|---|---|
| Site: | Millstone, Kewaunee, Surry, North Anna, 07200002, 07200055  |
| Issue date: | 04/01/2016 |
| From: | Darryl Parsons NRC/NSIR/DSO/ISB |
| To: | Clark G Dominion Energy Kewaunee, Dominion Nuclear Connecticut, Virginia Electric & Power Co (VEPCO) |
| Rob Norman | |
| Shared Package | |
| ML16076A049 | List: |
| References | |
| Download: ML16076A051 (3) | |
Text
April 1, 2016 Ms. Gianna C. Clark Vice President - Nuclear Support Services Dominion Energy Kewaunee, Inc.
Dominion Nuclear Connecticut, Inc.
Virginia Electric and Power Company 5000 Dominion Boulevard, 2SE Glen Allen, VA 23060
SUBJECT:
DOMINION ENERGY KEWAUNEE, INC.; DOMINION NUCLEAR CONNECTICUT, INC.; VIRGINIA ELECTRIC AND POWER COMPANY; KEWAUNEE POWER STATION; MILLSTONE POWER STATION UNITS 1, 2, AND 3; NORTH ANNA POWER STATION UNITS 1 AND 2; SURRY POWER STATION UNITS 1 AND 2; AND ASSOCIATED INDEPENDENT SPENT FUEL STORAGE INSTALLATIONS USE OF ENCRYPTION SOFTWARE FOR ELECTRONIC TRANSMISSION OF SAFEGUARDS INFORMATION
Dear Ms. Clark:
By letter dated February 18, 2016, Dominion Resources Services, Inc. requested U.S. Nuclear Regulatory Commission (NRC) approval to use Symantec Encryption Desktop 10.3.2, which was developed by Symantec PGP Software Development Kit 4.2.1. A copy of the Consolidated Validation Certificate No. 0014 was enclosed with the Dominion letter.
Paragraph 73.22(f) of Title 10 of the Code of Federal Regulations (10 CFR), External transmission of documents and material, prescribes requirements for the transmission of safeguards information (SGI) outside an authorized place of use or storage.
Paragraph 73.22(f)(3) of 10 CFR states, in part:
Except under emergency or extraordinary conditions, Safeguards Information shall be transmitted outside an authorized place of use or storage only by NRC approved secure electronic devices, such as facsimiles or telephone devices, provided that transmitters and receivers implement processes that will provide high assurance that Safeguards Information is protected before and after the transmission or electronic mail through the internet, provided that the information is encrypted by a method (Federal Information Processing Standard [FIPS] 140-2 or later) approved by the appropriate NRC Office; the information is produced by a self contained secure automatic data process system; and transmitters and receivers implement the information handling processes that will provide high assurance that Safeguards Information is protected before and after transmission.
G. Clark The NRC staff finds the use of Symantec Encryption Desktop 10.3.2 is acceptable for processing and transmitting SGI electronically for stated sites provided that:
- 1. Symantec Encryption Desktop 10.3.2 has been developed with Symantec PGP Software Development Kit 4.2.1, which has been validated by the National Institute of Technology (NIST) Certificate Number 1681, to meet FIPS 140-2.
- 2. NIST-validated cryptographic algorithms are used to encrypt data for electronic transmission. These algorithms are listed in the certificate with algorithm certificate numbers. The NIST website, http://csrc.nist.gov/groups/STM/cmvp/documents/
140-1/140val-all.htm, should be checked to ensure that the cryptographic algorithms selected for encrypting data are continuously approved by NIST. The NRC approves only those cryptographic algorithms approved by NIST. Thus, if NIST no longer approves certain cryptographic algorithms, the NRC also does not approve use of that cryptographic algorithm.
- 3. Dominion NRC-licensed facilities may replace the current version of encryption product that is approved by the NRC with a newer version of encryption product without prior approval from the NRC, provided that the addressees document that the newer version of encryption product, i.e., document that the FIPS validation certificate of the newer version of encryption product, is the same as the current version of encryption product.
The NRC point of contact regarding the use of encryption software for the processing and transmission of SGI is Robert L. Norman, Sr. Program Manager for SGI, Division of Security Operations. Mr. Norman can be reached at (301) 415-2278 or via email at Robert.Norman@nrc.gov.
Sincerely,
/RA/
Darryl Parsons, Chief Information Security Branch Division of Security Operations Office of Nuclear Security and Incident Response Docket Nos. 50-305, 50-245/336/423 50-338/339, 50-280/281, 72-2/16/47/55/56/64 cc: Richard Guzman, NRR/DORL
G. Clark The NRC staff finds the use of Symantec Encryption Desktop 10.3.2 is acceptable for processing and transmitting SGI electronically for stated sites provided that:
- 1. Symantec Encryption Desktop 10.3.2 has been developed with Symantec PGP Software Development Kit 4.2.1, which has been validated by the National Institute of Technology (NIST) Certificate Number 1681, to meet FIPS 140-2.
- 2. NIST-validated cryptographic algorithms are used to encrypt data for electronic transmission. These algorithms are listed in the certificate with algorithm certificate numbers. The NIST website, http://csrc.nist.gov/groups/STM/cmvp/documents/
140-1/140val-all.htm, should be checked to ensure that the cryptographic algorithms selected for encrypting data are continuously approved by NIST. The NRC approves only those cryptographic algorithms approved by NIST. Thus, if NIST no longer approves certain cryptographic algorithms, the NRC also does not approve use of that cryptographic algorithm.
- 3. Dominion NRC-licensed facilities may replace the current version of encryption product that is approved by the NRC with a newer version of encryption product without prior approval from the NRC, provided that the addressees document that the newer version of encryption product, i.e., document that the FIPS validation certificate of the newer version of encryption product, is the same as the current version of encryption product.
The NRC point of contact regarding the use of encryption software for the processing and transmission of SGI is Robert L. Norman, Sr. Program Manager for SGI, Division of Security Operations. Mr. Norman can be reached at (301) 415-2278 or via email at Robert.Norman@nrc.gov.
Sincerely,
/RA/
Darryl Parsons, Chief Information Security Branch Division of Security Operations Office of Nuclear Security and Incident Response Docket Nos. 50-305, 50-245/336/423 50-338/339, 50-280/281, 72-2/16/47/55/56/64 cc: Richard Guzman, NRR/DORL Accession No.: ML16076A051 OFFICE NSIR/ISB NSIR/DSO/TA NSIR/DSO/ISB/BC NAME RNorman MRalph DParsons DATE 03/ 11 /2016 03/ 15 /2016 03/ 28 /2016 OFFICIAL RECORD COPY
April 1, 2016 Ms. Gianna C. Clark Vice President - Nuclear Support Services Dominion Energy Kewaunee, Inc.
Dominion Nuclear Connecticut, Inc.
Virginia Electric and Power Company 5000 Dominion Boulevard, 2SE Glen Allen, VA 23060
SUBJECT:
DOMINION ENERGY KEWAUNEE, INC.; DOMINION NUCLEAR CONNECTICUT, INC.; VIRGINIA ELECTRIC AND POWER COMPANY; KEWAUNEE POWER STATION; MILLSTONE POWER STATION UNITS 1, 2, AND 3; NORTH ANNA POWER STATION UNITS 1 AND 2; SURRY POWER STATION UNITS 1 AND 2; AND ASSOCIATED INDEPENDENT SPENT FUEL STORAGE INSTALLATIONS USE OF ENCRYPTION SOFTWARE FOR ELECTRONIC TRANSMISSION OF SAFEGUARDS INFORMATION
Dear Ms. Clark:
By letter dated February 18, 2016, Dominion Resources Services, Inc. requested U.S. Nuclear Regulatory Commission (NRC) approval to use Symantec Encryption Desktop 10.3.2, which was developed by Symantec PGP Software Development Kit 4.2.1. A copy of the Consolidated Validation Certificate No. 0014 was enclosed with the Dominion letter.
Paragraph 73.22(f) of Title 10 of the Code of Federal Regulations (10 CFR), External transmission of documents and material, prescribes requirements for the transmission of safeguards information (SGI) outside an authorized place of use or storage.
Paragraph 73.22(f)(3) of 10 CFR states, in part:
Except under emergency or extraordinary conditions, Safeguards Information shall be transmitted outside an authorized place of use or storage only by NRC approved secure electronic devices, such as facsimiles or telephone devices, provided that transmitters and receivers implement processes that will provide high assurance that Safeguards Information is protected before and after the transmission or electronic mail through the internet, provided that the information is encrypted by a method (Federal Information Processing Standard [FIPS] 140-2 or later) approved by the appropriate NRC Office; the information is produced by a self contained secure automatic data process system; and transmitters and receivers implement the information handling processes that will provide high assurance that Safeguards Information is protected before and after transmission.
G. Clark The NRC staff finds the use of Symantec Encryption Desktop 10.3.2 is acceptable for processing and transmitting SGI electronically for stated sites provided that:
- 1. Symantec Encryption Desktop 10.3.2 has been developed with Symantec PGP Software Development Kit 4.2.1, which has been validated by the National Institute of Technology (NIST) Certificate Number 1681, to meet FIPS 140-2.
- 2. NIST-validated cryptographic algorithms are used to encrypt data for electronic transmission. These algorithms are listed in the certificate with algorithm certificate numbers. The NIST website, http://csrc.nist.gov/groups/STM/cmvp/documents/
140-1/140val-all.htm, should be checked to ensure that the cryptographic algorithms selected for encrypting data are continuously approved by NIST. The NRC approves only those cryptographic algorithms approved by NIST. Thus, if NIST no longer approves certain cryptographic algorithms, the NRC also does not approve use of that cryptographic algorithm.
- 3. Dominion NRC-licensed facilities may replace the current version of encryption product that is approved by the NRC with a newer version of encryption product without prior approval from the NRC, provided that the addressees document that the newer version of encryption product, i.e., document that the FIPS validation certificate of the newer version of encryption product, is the same as the current version of encryption product.
The NRC point of contact regarding the use of encryption software for the processing and transmission of SGI is Robert L. Norman, Sr. Program Manager for SGI, Division of Security Operations. Mr. Norman can be reached at (301) 415-2278 or via email at Robert.Norman@nrc.gov.
Sincerely,
/RA/
Darryl Parsons, Chief Information Security Branch Division of Security Operations Office of Nuclear Security and Incident Response Docket Nos. 50-305, 50-245/336/423 50-338/339, 50-280/281, 72-2/16/47/55/56/64 cc: Richard Guzman, NRR/DORL
G. Clark The NRC staff finds the use of Symantec Encryption Desktop 10.3.2 is acceptable for processing and transmitting SGI electronically for stated sites provided that:
- 1. Symantec Encryption Desktop 10.3.2 has been developed with Symantec PGP Software Development Kit 4.2.1, which has been validated by the National Institute of Technology (NIST) Certificate Number 1681, to meet FIPS 140-2.
- 2. NIST-validated cryptographic algorithms are used to encrypt data for electronic transmission. These algorithms are listed in the certificate with algorithm certificate numbers. The NIST website, http://csrc.nist.gov/groups/STM/cmvp/documents/
140-1/140val-all.htm, should be checked to ensure that the cryptographic algorithms selected for encrypting data are continuously approved by NIST. The NRC approves only those cryptographic algorithms approved by NIST. Thus, if NIST no longer approves certain cryptographic algorithms, the NRC also does not approve use of that cryptographic algorithm.
- 3. Dominion NRC-licensed facilities may replace the current version of encryption product that is approved by the NRC with a newer version of encryption product without prior approval from the NRC, provided that the addressees document that the newer version of encryption product, i.e., document that the FIPS validation certificate of the newer version of encryption product, is the same as the current version of encryption product.
The NRC point of contact regarding the use of encryption software for the processing and transmission of SGI is Robert L. Norman, Sr. Program Manager for SGI, Division of Security Operations. Mr. Norman can be reached at (301) 415-2278 or via email at Robert.Norman@nrc.gov.
Sincerely,
/RA/
Darryl Parsons, Chief Information Security Branch Division of Security Operations Office of Nuclear Security and Incident Response Docket Nos. 50-305, 50-245/336/423 50-338/339, 50-280/281, 72-2/16/47/55/56/64 cc: Richard Guzman, NRR/DORL Accession No.: ML16076A051 OFFICE NSIR/ISB NSIR/DSO/TA NSIR/DSO/ISB/BC NAME RNorman MRalph DParsons DATE 03/ 11 /2016 03/ 15 /2016 03/ 28 /2016 OFFICIAL RECORD COPY