License Amendment Request to Revise the Cyber Security Plan Implementation Schedule

ML16077A029
Person / Time
Site:	Cook
Issue date:	03/14/2016
From:	Lies Q Indiana Michigan Power Co
To:	Document Control Desk, Office of Nuclear Reactor Regulation
References
AEP-NRC-2016-19
Download: ML16077A029 (18)
v • d • e

Text

m INDIANA Indiana Michigan Power MICHIGAN Cook Nuclear Plant POWER One Cook Place Bridgman, Ml 49106 A unit ofAmerican Electric Power lndianaMichiganPower.com March 14, 2016 AEP-NRC-2016-19 10 CFR 50.90 U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555-0001

SUBJECT:

Donald C. Cook Nuclear Plant Units 1 and 2 Docket Nos.: 50-315 and 50-316 License Amendment Request to Revise the Cyber Security Plan Implementation Schedule

References:

1. U. S. Nuclear Regulatory Commission (NRC) Internal Memorandum to Barry Westreich from Russell Felts, "Review Criteria for Title 10 of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," dated October 24, 2013 (Agency wide Documents Access and Management System Accession No. ML13295A467).

2. Letter from J. P. Gebbie, Indiana Michigan Power Company (l&M), to NRC Document Control Desk, "Response to Request for Information Regarding a License Amendment Request for Approval of the Donald C. Cook Nuclear Plant Cyber Security Plan (TAC Nos. ME4275 and ME4276)," dated April 8, 2011 (ML11111A058).

3. Letter from NRC to l&M "Donald C. Cook Nuclear Plant, Units 1 and 2 - Issuance of Amendments re: Cyber Security Plan (TAC Nos. ME4275 AND ME4276)," dated July 28, 201 t (ML11182A178).

4. Letter from J. P. Gebbie, l&M, to NRC Document Control Desk, "License Amendment Request - -

Cyber Security Plan Implementation Schedule Milestones," dated September 11, 2012 (ML12262A480).

5. Letter from NRC to l&M "Donald C. Cook Nuclear Plant, Units 1 and 2 - Issuance of Amendments re: Revised Cyber Security Plan Implementation Schedule Milestone 6 (TAC Nos.

ME9523 and ME9524)," dated December 13, 2012(ML12318A234).

6. Letter from J. P. Gebbie, l&M, to NRC Document Control Desk, "License Amendment Request to Revise the Cyber Security Implementation Schedule,'! dated January 10, 2014(ML14015A142).

7. Letter from NRC to l&M "Donald C. Cook Nuclear Plant, Units 1 and 2 - Issuance of Amendments re: Cyber Security Implementation Schedule (TAC NOS. MF3363 and MF3364),"

dated December 18, 2014(ML14317A551).

Pursuant to 10 CFR 50.90, Indiana Michigan Power Company (l&M), the licensee for Donald C. Cook Nuclear Plant (CNP) Units 1 and 2, hereby requests an amendment to Renewed Facility Operating Licenses (FOL) DPR-58 and DPR-74. In accordance with the guidelines provided in Reference 1, this R

. So DI Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Nr~

Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

U.S. Nuclear Regulatory Commission AEP-NRC-2016-19 Page 2 request proposes a change to the CNP Cyber Security Plan (CSP) Milestone 8 full implementation date as set forth in the CNP CSP Implementation Schedule that was submitted via Reference 2 and originally approved by the U. S. Nuclear Regulatory Commission (NRC) in Reference 3. In Reference 4, l&M proposed a change to the scope of Milestone 6 of the implementation schedule. No change to the completion date for Milestone 6 was proposed. This request was approved by the NRC in Reference 5, and the license condition in each FOL was modified accordingly. In Reference 6, l&M proposed a change to the completion date of Milestone 8 of the implementation schedule. This request was approved by the NRC in Reference 7, and the license condition in each FOL was modified accordingly. to this letter provides an affirmation statement pertaining to the information contained herein. provides l&M's evaluation of the proposed FOL change, which includes a detailed description of the proposed changes, a technical analysis of the proposed changes, l&M's determination that the proposed changes do not involve a significant hazards consideration, a regulatory analysis of the proposed changes, and an environmental evaluation. Enclosures 3 and 4 provide Unit 1 and Unit 2 Renewed FOL pages, respectively, marked to show the proposed changes. Revised Unit 1 and Unit 2 Renewed FOL pages with proposed changes incorporated will be provided to the NRC Licensing Project Manager when requested.

• to this letter contains the revised regulatory commitment for the full implementation date of the CNP CSP (Milestone 8). Enclosure 6 contains a report of open corrective action program items for CSP implementation.

The current CSP Implementation Schedule . calls for full implementation (Milestone 8) by December 31, 2016. Therefore, l&M requests approval of the proposed license amendment by October 30, 2016. The proposed change will be implemented within 60 days of NRC approvaf.

In accordance with 10 CFR 50.91 (b), l&M is providing the State of Michigan with a copy of this proposed amendment.

l&M requests that Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, which contain security-related information, be withheld from public disclosure in accordance with 10 CFR 2.390.

This letter contains a revised regulatory commitment for full implementation of the CNP CSP. Should you have any questions, please contact Mr. Michael K. Scarpello, Regulatory Affairs Manager, at (269) 466-2649.

Sinc~je_

hane Lies Vice President JMT/mll Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

U. S. Nuclear Regulatory Commission AEP-NRC-2016-19 Page 3 Enciosures:

1. Affirmation

2. Evaluation of Proposed License Amendment Request to Revis~ Milestone 8 of the Donald C.

Cook Nuclear Plant Cyber Security Plan Implementation Schedule (contains Security Related Information (SRI))

3. Proposed Revision to Unit 1 Renewed Facility Operating License (mark-up)

4. Proposed Revision to Unit 2 Renewed Facility Operating License (mark-up)

5. Donald C. Cook Nuclear Plant Cyber Security Plan Revised Implementation Schedule as Regulatory Commitments (contains SRI)

6. Donald C. Cook Nuclear Plant Cyber Security Corrective Action Program Report c: R. J. Ancona - MPSC A. W. Dietrich - NRC Washington DC MDEQ - RMD/RPS NRC Resident Inspector C. D. Pederson - NRC Region Ill A. J. Williamson - Ft. Wayne AEP, w/o-enclosures Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

Enclosure 1 to AEP-NRC-2016-19 AFFIRMATION I, Q. Shane Lies, being duly sworn, state that I am Site Vice President of Indiana Michigan Power Company (l&M), that I am authorized to sign and file this request with the Nuclear Regulatory Commission on behalf of l&M, and that the statements made and the matters set forth herein pertaining to l&M are true and correct to the best of my knowledge, information, and belief.

Indiana Michigan Power Company Site Vice President SWORN TO AND SUBSCRIBED BEFORE ME THIS jtpi... DAYOF M.ax-c..h ,2016

~~;~b~B My Commission Expires 01 I~\ ld.0\-g Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

Enclosure 2 to AEP-NRC-2016-19 Evaluation of Proposed License Amendment Request to Revise Milestone 8 of the Donald C.

Cook Nuclear Plant Cyber Security Plan Implementation Schedule

1.

SUMMARY

DESCRIPTION

2. DETAILED DESCRIPTION

3. TECHNICAL EVALUATION

4. REGULATORY EVALUATION 4.1 Applicable Regulatory Requirements 4.2 Precedents 4.3 No Significant Hazards Consideration 4.4 Conclusions

5. ENVIRONMENTAL CONSIDERATION 6.REFERENCES Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

Enclosure 2 to AEP-NRC-2016-19 Page 13

4.0 REGULATORY EVALUATION

4.1 Applicable Regulatory Requirements 10 CFR 73.54 requires licensees to implement and maintain a CSP. l&M Renewed FOLs DPR-58 and DPR-74 include a Physical Protection license condition that requires l&M to fully implement and maintain in effect all provisions of the Commission-approved CSP, including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

The CSP and associated implementation schedule for CNP Units 1 and 2 were approved by the NRG on July 28, 2011, (Reference 3) via License Amendments 315 and 299, respectively and modified by an NRG-approved LAR on December 13, 2012 (Reference 4). On January 10, 2014, l&M proposed a change to the completion date of Milestone 8 of the implementation schedule (Reference 5). This request was approved by the NRG (Reference 6), and the license *condition in each FOL was modified accordingly. Any change to the NRG-approved CSP implementation schedule requires prior NRG approval pursuant to 10 CFR 50.90. This LAR is submitted pursuant to 10 CFR 50.90 requesting an amendment to the Renewed FOL regarding the implementation schedule for the CNP CSP.

4.2 Precedents Several precedents were identified where the NRG had approved the extension of a CSP full implementation date beyond that originally approved. l&M is requesting a CSP full implementation date of December 31, 2017. In the three examples below, the same December 31, 2017 CSP full

. implementation date was approved by the NRG:

1. Letter from NRG to Susquehanna Nuclear "Susquehanna Steam Electric Station, Units 1 and 2 -

Issuance of Amendments RE: Approval of Cyber Security Plan Milestone 8 (CAC Nos. MF5357 and MF5358)," dated November 2, 2015(ML15267A381)

2. Letter from NRG to Omaha Public Power District "Fort Calhoun Station, Unit No. 1 - Issuance of Amendment RE: Revision to Cyber Security Plan Implementation Schedule Completion Date (CAC No. MF5854)," dated November 19, 2015(ML15294A279)

3. Letter from NRG to Pacific Gas and Electric Company "Diablo Canyon Power Plant, Unit Nos. 1 and 2 - Issuance of Amendments Regarding Revision to the Cyber Security Plan Implementation Schedule Completion Date (TAC Nos. MF5078 and MF5079)," dated September 30, 2015 (ML15245A542) 4.3 No Significant Hazards Consideration l&M has evaluated whether a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, "Issuance of amendment,"

as discussed below:

• 1. Does the proposed change involve a significant increase in the probability of occurrence or consequences of an accident previously evaluated?

Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 14 Response: No The amendment proposes a change to the CNP Unit 1 and* Unit 2 CSPs -Milestone 8 full implementation date as set forth in the CNP CSP Implementation Schedule. The revision of the full implementation date for the CNP CSP does not involve modifications to any safety-related structures, systems or components (SSCs). Rather, the implementation schedule provides a timetable for fully implementing the CNP CSP. The* CSP describes how the requirements of 10 CFR 73.54 are to be implemented to identify, evaluate, and mitigate cyber attacks up to and including the design basis cyber attack threat, thereby achieving high assurance that the facility's digital computer and communications systems and networks are adequately protected from cyber attacks. The revision of the CNP CSP Implementation Schedule will not alter previously evaluated design basis accident analysis assumptions, add any accident initiators, modify the function of the plant safety-related SSCs, or affect how any plant safety-related SSCs are operated, maintained, modified, tested, or inspected.

There~ore, the proposed changes do not involve a significant increase in the probability or

• consequences of an accident previously evaluated.

2. Does the proposed change create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No A revision to the CSP Implementation Schedule does not require any plant modifications. The proposed revision to the CSP Implementation Schedule does not alter the plant configuration,_

require new plant equipment to be installed, alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. Revision of the CNP CSP Implementation Schedule does not introduce new equipment that could create a new or different kind of accident, and no new equipment failure modes are created. No new accident scenarios, failure mechanisms, or limiting single failures are introduced as a result of this proposed amendment.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.

3. Does the proposed change involve a significant reduction in a margin of safety?

Response: No Plant safety margins are established through limiting conditions for operation, limiting safety system settings, and safety limits specmed in the technical specifications. The proposed amendment does not alter the way any safety-related SSC functions and does not alter the way the plant is operated. The CSP, as implemented by milestones 1-7, provides assurance that safety-related SSCs are protected from cyber attacks. The proposed amendment does not introduce any new uncertainties or change any existing uncertainties associated with any Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 15 safety limit. The proposed amendment has no effect on the structural integrity of the fuel cladding, reactor coolant pressure boundary, or containment structure.

Therefore the proposed change does not involve a significant reduction in a margin of safety.

4.4 Conclusions In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in c;ompliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. l&M concludes that the proposed amendment present no significant hazards consideration under the standards set forth in 10 CFR 50.92(c) and, accordingly, a finding of "no significant hazards consideration" is justified.

5.0 ENVIRONMENTAL CONSIDERATION

The proposed amendment would change the full implementation date for the CNP CSP Implementation Schedule. Based on that information, the proposed amendment meets the eligibility criterion for categorical exclusion set forth in 10 CFR 51.22(c)(12). Therefore, pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in ,

connection with the proposed amendment.

6.0 REFERENCES

t. NRC Internal Memorandum to Barry Westreich from Russell Felts, "Review Criteria for Title 10 of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests", dated October 24, 2013 (Agency wide Documents Access and Management System Accession No. ML13295A467).

2. Letter from J. W. Roe, Nuclear Energy Institute, to S. A. Morris, Nuclear Regulatory Commission (NRC), "NEI 08-09, Revision 6, Cyber Security Plan for Nuclear Power Reactors, April 2010," dated April 28, 2010. (ML101180434).

3. Letter from NRC to L. J. Weber, Indiana Michigan Power Company (l&M), "Donald C. Cook Nuclear Plant, Units 1 and 2 - Issuance of Amendments re: Cyber Security Plan (TAC Nos. ME4275 and ME4276)," dated July 28, 2011, (ML11182A178).

4. Letter from NRC to l&M "Donald C. Cook Nuclear Plant, Units 1 and 2 - Issuance of Amendments re: Revised Cyber Security Plan Implementation Schedule Milestone 6 (TAC Nos. ME9523 and ME9524)," dated December 13, 2012(ML12318A234).

5. Letter from J. P. Gebbie, l&M, to NRC Document Control Desk, "License Amendment Request to Revise the Cyber Security Implementation Schedule," dated January 10, 2014 (ML14015A142).

Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 16

6. Letter from NRC to l&M "Donald C. Cook Nuclear Plant, Units 1 and 2 - Issuance of Amendments re: Cyber Security Implementation Schedule (TAC Nos. ME3363 and ME3364),"

dated December 18, 2014(ML12318A234).

7. NRC Internal Memorandum from Barry Westreich to C. G. Miller, et.al., "Enhanced Guidance for Licensee Near-Term Corrective Actions to Address Cyber Security Inspection Findings and Licensee Eligibility for "Good-Faith" Attempt Discretion, dated July 1, 2013 (ML13178A203).

8. Letter from NRC to l&M "Donald C. Cook Nuclear Power Station, Units 1 and 2 - Inspection of Temporary Instruction 2201/004, "Inspection of Implementation of Interim Cyber Security Milestones 1 - 7" Inspection Report 05000315/2015403; 05000316/2015403," dated August 17, 2015.

Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

Enclosure 3 to AEP-NRC-2016-19 Proposed Revision to Unit 1 Renewed- Facility Operating License Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2.and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 1 Proposed Revision to the Unit 1 Renewed Facility Operating License For Donald C. Cook Nuclear Plant Unit 1 Renewed Facility Operating License (FOL), revise the text within the current Renewed FOL license condition for Physical Protection as shown:

The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by changes appro\led by License Amendment Nos. 319, 325, and [number for this approved license amendment].

Clean copies of the affected Rene\l\fed FOL pages* with the proposed changes incorporated will be provided to the Nuclear Regulatory Commission Licensing Project Manager upon request.

Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

Enclosure 4 to AEP-NRC-2016-19 Proposed Revision to Unit 2 Renewed Facility Operating License Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 1 Proposed Revision to the Unit 2 Renewed Facility Operating License For Donald C. Cook Nuclear Plant Unit 2 Renewed Facility Operating License (FOL), revise the text within the current Renewed FOL license condition for Physical Protection as shown:

The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Cy_ber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Donald C. Gook Nuclear Plant CSP was approved by License Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303, 308, and

[number for this approved license amendment].

Clean copies of the affected Renewed FOL pages with the proposed changes incorporated will be provided to the Nuclear Regulatory Commission Licensing Project Manager upon request.

Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

Enclosure 6 to AEP-NRC-2016-19 Donald C. Cook Nuclear Plant Cyber Security Plan Corrective Action Program Report Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 1 Assignment# Current Subject Action Subject Comments Action Request (AR) Date Due AR 2015-15110-2 03/25/2016 Develop Cyber Develop the Cyber Track the development of the Cyber Security Training Security TPD Security TPD. Input's will be taken Program Description from Nuclear Energy Instituted (NEI)

(TPD) 08-09, Security Frequently Asked Questions, Benchmarking, as well as existing site processes to define the Cyber Security training program AR 2015-8390-2 03/30/2016 Critical System and Revise procedure PMP- Procedure PMP-5047-CSP-003, Critical Digital Asset 5047-CSP-003, Cyber Cyber Security Assessment Determinations Security Assessment Methodology, must be revised to Methodology incorporate steps based on the industry guidance provided in NEI 10-04, Identifying Systems and Assets Subject to the Cyber Security Rule (Revision 2) for determining the scope of systems

' and assets to be evaluated for inclusion within the Cyber Security Program. This procedure must be U1Ddated to include steps to ensure that documentation required by section 3.1.3 of the Cyber Security Plan (CSP) be produced qnd retained in accordance with the obligations of the CSP.

AR 2015-8390-3 06/30/2016 Critical System and Reevaluate all Critical All systems that fall within the Critical Digital Asset Systems and Critical scoping guidelines of NEI 10-04, Determinations Digital Assets (CDA) Identifying Systems and Assets Subject to the Cyber Security Rule (Revision 2) must be reevaluated to determine those systems which should be classified as Critical Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from.public disclosure under 10 :cFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 2 Assignment# Current Subject Action Subject Comments Action Request (AR) Date Due Systems and, subsequently, components of Critical Systems which should be classified as CDA.

AR 2015-8415-2 06/30/2016 Movement of data

• The use and Revise PMP-5047-CSP-004, between cyber security implementation of "Control of Removal Media Devices" defensive levels Removable Media (Rev.8) for the implementation of Devises (RMD) use RMD use between levels, between levels, identification method of RMDs, and use of transfer stations.

AR 2015-8415-3 06/30/2016 Movement of data Transfer station Implement transfer stations at between cyber security implementation and use. designated Kiosk locations. Create defensive levels a desktop guide with instruction for the use of transfer stations.

AR 2015-8415-6 06/30/2016 Movement of data Implement a revision to Revise PMP-2291-WMP-001, "Work between cyber security the work flow process to Management Process Flowchart" defensive levels include RMDs defensive (Rev. 38) to incorporate defensive levels level CDA identification where required during CDA management using RMDs.

AR 2015-8415-7 03/31/2016 Movement of data Cyber Security Implement awareness of defensive between cyber security defensive level levels and RMD compliance through defensive levels awareness for plant postings on Plan-It as well as personnel. communications boards.

AR 2015-8797-2 03/31/2016 Approved-use Revise procedure PMP- Incorporate steps identify and label laptops - Nuclear 5047-CSP-004, "Control Rf\/ID which include approved use Regulatory of Removable Media laptops by assigned defensive Commissio'n (NRC) and Mobile Devices" levels.

• observation AR 2015-8797-4 03/31/2016 Approved-use laptops - Submit a revision The current retention schedule NRC observation request for the Nuclear associates PMP-5047-CSP-003 and Document Control CSP-004 with. the Information Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from public ctisclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 3 Assignment# Current Subject Action Subject Comments Action Request (AR) Date Due (NDM) Document Technology department and not the Retention Schedule Site Protective Services department AR 2015-8843-1 04/05/2016 Reassess Critical Reassess Critical These systems must be reassessed Systems per NEI 10-04 Systems per NEI 10-04 to determine whether or not they are

& CSP-003 & CSP-003 Critical Systems. The methodology for determining the criticality of these systems must follow the established mechanisms provided by NEI 10-04, Revision 2, and

-- procedure PMP-504 7-CSP-003, "Cyber Security Assessment Methodology."

AR 2015-8919-1 08/31/2016 CSP milestone 5 Ensure milestone 5 Cyber Security to ensure the deficiency compliance condition regarding the CSP milestone 5 deficiencies with Operations Training tour requirements has been corrected, and the deficiency has been resolved.

AR 2015-8919-2 05/31/2016 CSP milestone 5 Evaluate Operations Implement observation and deficiency compliance with identification of obvious cyber Milestone 5 (NRC related tampering to existing insider Requirement) mitigation rounds by incorporating the appropriate elements in Appendix E Section 4.3 "Personnel Performing Maintenance and Testing Activities".

AR 2016-1584-1 3/10/2016 CSP regulatory Provide Cognitive Cyber Security Program Manager to commitment date in Technical Organization provide CTO input to the license jeopardy (CTO) Input amendment request proce~s Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 4 Assignment# Current Subject Action Subject Comments Action Request (AR) Date Due AR 2016-1584-2 3/30/2016 CSP regulatory Create recovery plan to commitment date in ensure proper jeopardy management oversight and program ownership is put in place to allow successful implementation

. Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

m INDIANA Indiana Michigan Power MICHIGAN Cook Nuclear Plant POWER One Cook Place Bridgman, Ml 49106 A unit ofAmerican Electric Power lndianaMichiganPower.com March 14, 2016 AEP-NRC-2016-19 10 CFR 50.90 U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555-0001

SUBJECT:

Donald C. Cook Nuclear Plant Units 1 and 2 Docket Nos.: 50-315 and 50-316 License Amendment Request to Revise the Cyber Security Plan Implementation Schedule

References:

1. U. S. Nuclear Regulatory Commission (NRC) Internal Memorandum to Barry Westreich from Russell Felts, "Review Criteria for Title 10 of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," dated October 24, 2013 (Agency wide Documents Access and Management System Accession No. ML13295A467).

2. Letter from J. P. Gebbie, Indiana Michigan Power Company (l&M), to NRC Document Control Desk, "Response to Request for Information Regarding a License Amendment Request for Approval of the Donald C. Cook Nuclear Plant Cyber Security Plan (TAC Nos. ME4275 and ME4276)," dated April 8, 2011 (ML11111A058).

3. Letter from NRC to l&M "Donald C. Cook Nuclear Plant, Units 1 and 2 - Issuance of Amendments re: Cyber Security Plan (TAC Nos. ME4275 AND ME4276)," dated July 28, 201 t (ML11182A178).

4. Letter from J. P. Gebbie, l&M, to NRC Document Control Desk, "License Amendment Request - -

Cyber Security Plan Implementation Schedule Milestones," dated September 11, 2012 (ML12262A480).

5. Letter from NRC to l&M "Donald C. Cook Nuclear Plant, Units 1 and 2 - Issuance of Amendments re: Revised Cyber Security Plan Implementation Schedule Milestone 6 (TAC Nos.

ME9523 and ME9524)," dated December 13, 2012(ML12318A234).

6. Letter from J. P. Gebbie, l&M, to NRC Document Control Desk, "License Amendment Request to Revise the Cyber Security Implementation Schedule,'! dated January 10, 2014(ML14015A142).

7. Letter from NRC to l&M "Donald C. Cook Nuclear Plant, Units 1 and 2 - Issuance of Amendments re: Cyber Security Implementation Schedule (TAC NOS. MF3363 and MF3364),"

dated December 18, 2014(ML14317A551).

Pursuant to 10 CFR 50.90, Indiana Michigan Power Company (l&M), the licensee for Donald C. Cook Nuclear Plant (CNP) Units 1 and 2, hereby requests an amendment to Renewed Facility Operating Licenses (FOL) DPR-58 and DPR-74. In accordance with the guidelines provided in Reference 1, this R

. So DI Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Nr~

Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

U.S. Nuclear Regulatory Commission AEP-NRC-2016-19 Page 2 request proposes a change to the CNP Cyber Security Plan (CSP) Milestone 8 full implementation date as set forth in the CNP CSP Implementation Schedule that was submitted via Reference 2 and originally approved by the U. S. Nuclear Regulatory Commission (NRC) in Reference 3. In Reference 4, l&M proposed a change to the scope of Milestone 6 of the implementation schedule. No change to the completion date for Milestone 6 was proposed. This request was approved by the NRC in Reference 5, and the license condition in each FOL was modified accordingly. In Reference 6, l&M proposed a change to the completion date of Milestone 8 of the implementation schedule. This request was approved by the NRC in Reference 7, and the license condition in each FOL was modified accordingly. to this letter provides an affirmation statement pertaining to the information contained herein. provides l&M's evaluation of the proposed FOL change, which includes a detailed description of the proposed changes, a technical analysis of the proposed changes, l&M's determination that the proposed changes do not involve a significant hazards consideration, a regulatory analysis of the proposed changes, and an environmental evaluation. Enclosures 3 and 4 provide Unit 1 and Unit 2 Renewed FOL pages, respectively, marked to show the proposed changes. Revised Unit 1 and Unit 2 Renewed FOL pages with proposed changes incorporated will be provided to the NRC Licensing Project Manager when requested.

• to this letter contains the revised regulatory commitment for the full implementation date of the CNP CSP (Milestone 8). Enclosure 6 contains a report of open corrective action program items for CSP implementation.

The current CSP Implementation Schedule . calls for full implementation (Milestone 8) by December 31, 2016. Therefore, l&M requests approval of the proposed license amendment by October 30, 2016. The proposed change will be implemented within 60 days of NRC approvaf.

In accordance with 10 CFR 50.91 (b), l&M is providing the State of Michigan with a copy of this proposed amendment.

l&M requests that Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, which contain security-related information, be withheld from public disclosure in accordance with 10 CFR 2.390.

This letter contains a revised regulatory commitment for full implementation of the CNP CSP. Should you have any questions, please contact Mr. Michael K. Scarpello, Regulatory Affairs Manager, at (269) 466-2649.

Sinc~je_

hane Lies Vice President JMT/mll Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

U. S. Nuclear Regulatory Commission AEP-NRC-2016-19 Page 3 Enciosures:

1. Affirmation

2. Evaluation of Proposed License Amendment Request to Revis~ Milestone 8 of the Donald C.

Cook Nuclear Plant Cyber Security Plan Implementation Schedule (contains Security Related Information (SRI))

3. Proposed Revision to Unit 1 Renewed Facility Operating License (mark-up)

4. Proposed Revision to Unit 2 Renewed Facility Operating License (mark-up)

5. Donald C. Cook Nuclear Plant Cyber Security Plan Revised Implementation Schedule as Regulatory Commitments (contains SRI)

6. Donald C. Cook Nuclear Plant Cyber Security Corrective Action Program Report c: R. J. Ancona - MPSC A. W. Dietrich - NRC Washington DC MDEQ - RMD/RPS NRC Resident Inspector C. D. Pederson - NRC Region Ill A. J. Williamson - Ft. Wayne AEP, w/o-enclosures Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

Enclosure 1 to AEP-NRC-2016-19 AFFIRMATION I, Q. Shane Lies, being duly sworn, state that I am Site Vice President of Indiana Michigan Power Company (l&M), that I am authorized to sign and file this request with the Nuclear Regulatory Commission on behalf of l&M, and that the statements made and the matters set forth herein pertaining to l&M are true and correct to the best of my knowledge, information, and belief.

Indiana Michigan Power Company Site Vice President SWORN TO AND SUBSCRIBED BEFORE ME THIS jtpi... DAYOF M.ax-c..h ,2016

~~;~b~B My Commission Expires 01 I~\ ld.0\-g Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

Enclosure 2 to AEP-NRC-2016-19 Evaluation of Proposed License Amendment Request to Revise Milestone 8 of the Donald C.

Cook Nuclear Plant Cyber Security Plan Implementation Schedule

1.

SUMMARY

DESCRIPTION

2. DETAILED DESCRIPTION

3. TECHNICAL EVALUATION

4. REGULATORY EVALUATION 4.1 Applicable Regulatory Requirements 4.2 Precedents 4.3 No Significant Hazards Consideration 4.4 Conclusions

5. ENVIRONMENTAL CONSIDERATION 6.REFERENCES Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

Enclosure 2 to AEP-NRC-2016-19 Page 13

4.0 REGULATORY EVALUATION

4.1 Applicable Regulatory Requirements 10 CFR 73.54 requires licensees to implement and maintain a CSP. l&M Renewed FOLs DPR-58 and DPR-74 include a Physical Protection license condition that requires l&M to fully implement and maintain in effect all provisions of the Commission-approved CSP, including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

The CSP and associated implementation schedule for CNP Units 1 and 2 were approved by the NRG on July 28, 2011, (Reference 3) via License Amendments 315 and 299, respectively and modified by an NRG-approved LAR on December 13, 2012 (Reference 4). On January 10, 2014, l&M proposed a change to the completion date of Milestone 8 of the implementation schedule (Reference 5). This request was approved by the NRG (Reference 6), and the license *condition in each FOL was modified accordingly. Any change to the NRG-approved CSP implementation schedule requires prior NRG approval pursuant to 10 CFR 50.90. This LAR is submitted pursuant to 10 CFR 50.90 requesting an amendment to the Renewed FOL regarding the implementation schedule for the CNP CSP.

4.2 Precedents Several precedents were identified where the NRG had approved the extension of a CSP full implementation date beyond that originally approved. l&M is requesting a CSP full implementation date of December 31, 2017. In the three examples below, the same December 31, 2017 CSP full

. implementation date was approved by the NRG:

1. Letter from NRG to Susquehanna Nuclear "Susquehanna Steam Electric Station, Units 1 and 2 -

Issuance of Amendments RE: Approval of Cyber Security Plan Milestone 8 (CAC Nos. MF5357 and MF5358)," dated November 2, 2015(ML15267A381)

2. Letter from NRG to Omaha Public Power District "Fort Calhoun Station, Unit No. 1 - Issuance of Amendment RE: Revision to Cyber Security Plan Implementation Schedule Completion Date (CAC No. MF5854)," dated November 19, 2015(ML15294A279)

3. Letter from NRG to Pacific Gas and Electric Company "Diablo Canyon Power Plant, Unit Nos. 1 and 2 - Issuance of Amendments Regarding Revision to the Cyber Security Plan Implementation Schedule Completion Date (TAC Nos. MF5078 and MF5079)," dated September 30, 2015 (ML15245A542) 4.3 No Significant Hazards Consideration l&M has evaluated whether a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, "Issuance of amendment,"

as discussed below:

• 1. Does the proposed change involve a significant increase in the probability of occurrence or consequences of an accident previously evaluated?

Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 14 Response: No The amendment proposes a change to the CNP Unit 1 and* Unit 2 CSPs -Milestone 8 full implementation date as set forth in the CNP CSP Implementation Schedule. The revision of the full implementation date for the CNP CSP does not involve modifications to any safety-related structures, systems or components (SSCs). Rather, the implementation schedule provides a timetable for fully implementing the CNP CSP. The* CSP describes how the requirements of 10 CFR 73.54 are to be implemented to identify, evaluate, and mitigate cyber attacks up to and including the design basis cyber attack threat, thereby achieving high assurance that the facility's digital computer and communications systems and networks are adequately protected from cyber attacks. The revision of the CNP CSP Implementation Schedule will not alter previously evaluated design basis accident analysis assumptions, add any accident initiators, modify the function of the plant safety-related SSCs, or affect how any plant safety-related SSCs are operated, maintained, modified, tested, or inspected.

There~ore, the proposed changes do not involve a significant increase in the probability or

• consequences of an accident previously evaluated.

2. Does the proposed change create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No A revision to the CSP Implementation Schedule does not require any plant modifications. The proposed revision to the CSP Implementation Schedule does not alter the plant configuration,_

require new plant equipment to be installed, alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. Revision of the CNP CSP Implementation Schedule does not introduce new equipment that could create a new or different kind of accident, and no new equipment failure modes are created. No new accident scenarios, failure mechanisms, or limiting single failures are introduced as a result of this proposed amendment.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.

3. Does the proposed change involve a significant reduction in a margin of safety?

Response: No Plant safety margins are established through limiting conditions for operation, limiting safety system settings, and safety limits specmed in the technical specifications. The proposed amendment does not alter the way any safety-related SSC functions and does not alter the way the plant is operated. The CSP, as implemented by milestones 1-7, provides assurance that safety-related SSCs are protected from cyber attacks. The proposed amendment does not introduce any new uncertainties or change any existing uncertainties associated with any Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 15 safety limit. The proposed amendment has no effect on the structural integrity of the fuel cladding, reactor coolant pressure boundary, or containment structure.

Therefore the proposed change does not involve a significant reduction in a margin of safety.

4.4 Conclusions In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in c;ompliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. l&M concludes that the proposed amendment present no significant hazards consideration under the standards set forth in 10 CFR 50.92(c) and, accordingly, a finding of "no significant hazards consideration" is justified.

5.0 ENVIRONMENTAL CONSIDERATION

The proposed amendment would change the full implementation date for the CNP CSP Implementation Schedule. Based on that information, the proposed amendment meets the eligibility criterion for categorical exclusion set forth in 10 CFR 51.22(c)(12). Therefore, pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in ,

connection with the proposed amendment.

6.0 REFERENCES

t. NRC Internal Memorandum to Barry Westreich from Russell Felts, "Review Criteria for Title 10 of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests", dated October 24, 2013 (Agency wide Documents Access and Management System Accession No. ML13295A467).

2. Letter from J. W. Roe, Nuclear Energy Institute, to S. A. Morris, Nuclear Regulatory Commission (NRC), "NEI 08-09, Revision 6, Cyber Security Plan for Nuclear Power Reactors, April 2010," dated April 28, 2010. (ML101180434).

3. Letter from NRC to L. J. Weber, Indiana Michigan Power Company (l&M), "Donald C. Cook Nuclear Plant, Units 1 and 2 - Issuance of Amendments re: Cyber Security Plan (TAC Nos. ME4275 and ME4276)," dated July 28, 2011, (ML11182A178).

4. Letter from NRC to l&M "Donald C. Cook Nuclear Plant, Units 1 and 2 - Issuance of Amendments re: Revised Cyber Security Plan Implementation Schedule Milestone 6 (TAC Nos. ME9523 and ME9524)," dated December 13, 2012(ML12318A234).

5. Letter from J. P. Gebbie, l&M, to NRC Document Control Desk, "License Amendment Request to Revise the Cyber Security Implementation Schedule," dated January 10, 2014 (ML14015A142).

Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 16

6. Letter from NRC to l&M "Donald C. Cook Nuclear Plant, Units 1 and 2 - Issuance of Amendments re: Cyber Security Implementation Schedule (TAC Nos. ME3363 and ME3364),"

dated December 18, 2014(ML12318A234).

7. NRC Internal Memorandum from Barry Westreich to C. G. Miller, et.al., "Enhanced Guidance for Licensee Near-Term Corrective Actions to Address Cyber Security Inspection Findings and Licensee Eligibility for "Good-Faith" Attempt Discretion, dated July 1, 2013 (ML13178A203).

8. Letter from NRC to l&M "Donald C. Cook Nuclear Power Station, Units 1 and 2 - Inspection of Temporary Instruction 2201/004, "Inspection of Implementation of Interim Cyber Security Milestones 1 - 7" Inspection Report 05000315/2015403; 05000316/2015403," dated August 17, 2015.

Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

Enclosure 3 to AEP-NRC-2016-19 Proposed Revision to Unit 1 Renewed- Facility Operating License Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2.and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 1 Proposed Revision to the Unit 1 Renewed Facility Operating License For Donald C. Cook Nuclear Plant Unit 1 Renewed Facility Operating License (FOL), revise the text within the current Renewed FOL license condition for Physical Protection as shown:

The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Donald C. Cook Nuclear Plant Cyber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Donald C. Cook Nuclear Plant CSP was approved by License Amendment No. 315 as supplemented by changes appro\led by License Amendment Nos. 319, 325, and [number for this approved license amendment].

Clean copies of the affected Rene\l\fed FOL pages* with the proposed changes incorporated will be provided to the Nuclear Regulatory Commission Licensing Project Manager upon request.

Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

Enclosure 4 to AEP-NRC-2016-19 Proposed Revision to Unit 2 Renewed Facility Operating License Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 1 Proposed Revision to the Unit 2 Renewed Facility Operating License For Donald C. Cook Nuclear Plant Unit 2 Renewed Facility Operating License (FOL), revise the text within the current Renewed FOL license condition for Physical Protection as shown:

The Indiana and Michigan Power Company shall fully implement and maintain in effect all provisions of the Commission-approved Cy_ber Security Plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Donald C. Gook Nuclear Plant CSP was approved by License Amendment No. 299 as supplemented by changes approved by License Amendment Nos. 303, 308, and

[number for this approved license amendment].

Clean copies of the affected Renewed FOL pages with the proposed changes incorporated will be provided to the Nuclear Regulatory Commission Licensing Project Manager upon request.

Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain security information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled

Enclosure 6 to AEP-NRC-2016-19 Donald C. Cook Nuclear Plant Cyber Security Plan Corrective Action Program Report Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 1 Assignment# Current Subject Action Subject Comments Action Request (AR) Date Due AR 2015-15110-2 03/25/2016 Develop Cyber Develop the Cyber Track the development of the Cyber Security Training Security TPD Security TPD. Input's will be taken Program Description from Nuclear Energy Instituted (NEI)

(TPD) 08-09, Security Frequently Asked Questions, Benchmarking, as well as existing site processes to define the Cyber Security training program AR 2015-8390-2 03/30/2016 Critical System and Revise procedure PMP- Procedure PMP-5047-CSP-003, Critical Digital Asset 5047-CSP-003, Cyber Cyber Security Assessment Determinations Security Assessment Methodology, must be revised to Methodology incorporate steps based on the industry guidance provided in NEI 10-04, Identifying Systems and Assets Subject to the Cyber Security Rule (Revision 2) for determining the scope of systems

' and assets to be evaluated for inclusion within the Cyber Security Program. This procedure must be U1Ddated to include steps to ensure that documentation required by section 3.1.3 of the Cyber Security Plan (CSP) be produced qnd retained in accordance with the obligations of the CSP.

AR 2015-8390-3 06/30/2016 Critical System and Reevaluate all Critical All systems that fall within the Critical Digital Asset Systems and Critical scoping guidelines of NEI 10-04, Determinations Digital Assets (CDA) Identifying Systems and Assets Subject to the Cyber Security Rule (Revision 2) must be reevaluated to determine those systems which should be classified as Critical Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from.public disclosure under 10 :cFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 2 Assignment# Current Subject Action Subject Comments Action Request (AR) Date Due Systems and, subsequently, components of Critical Systems which should be classified as CDA.

AR 2015-8415-2 06/30/2016 Movement of data

• The use and Revise PMP-5047-CSP-004, between cyber security implementation of "Control of Removal Media Devices" defensive levels Removable Media (Rev.8) for the implementation of Devises (RMD) use RMD use between levels, between levels, identification method of RMDs, and use of transfer stations.

AR 2015-8415-3 06/30/2016 Movement of data Transfer station Implement transfer stations at between cyber security implementation and use. designated Kiosk locations. Create defensive levels a desktop guide with instruction for the use of transfer stations.

AR 2015-8415-6 06/30/2016 Movement of data Implement a revision to Revise PMP-2291-WMP-001, "Work between cyber security the work flow process to Management Process Flowchart" defensive levels include RMDs defensive (Rev. 38) to incorporate defensive levels level CDA identification where required during CDA management using RMDs.

AR 2015-8415-7 03/31/2016 Movement of data Cyber Security Implement awareness of defensive between cyber security defensive level levels and RMD compliance through defensive levels awareness for plant postings on Plan-It as well as personnel. communications boards.

AR 2015-8797-2 03/31/2016 Approved-use Revise procedure PMP- Incorporate steps identify and label laptops - Nuclear 5047-CSP-004, "Control Rf\/ID which include approved use Regulatory of Removable Media laptops by assigned defensive Commissio'n (NRC) and Mobile Devices" levels.

• observation AR 2015-8797-4 03/31/2016 Approved-use laptops - Submit a revision The current retention schedule NRC observation request for the Nuclear associates PMP-5047-CSP-003 and Document Control CSP-004 with. the Information Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from public ctisclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 3 Assignment# Current Subject Action Subject Comments Action Request (AR) Date Due (NDM) Document Technology department and not the Retention Schedule Site Protective Services department AR 2015-8843-1 04/05/2016 Reassess Critical Reassess Critical These systems must be reassessed Systems per NEI 10-04 Systems per NEI 10-04 to determine whether or not they are

& CSP-003 & CSP-003 Critical Systems. The methodology for determining the criticality of these systems must follow the established mechanisms provided by NEI 10-04, Revision 2, and

-- procedure PMP-504 7-CSP-003, "Cyber Security Assessment Methodology."

AR 2015-8919-1 08/31/2016 CSP milestone 5 Ensure milestone 5 Cyber Security to ensure the deficiency compliance condition regarding the CSP milestone 5 deficiencies with Operations Training tour requirements has been corrected, and the deficiency has been resolved.

AR 2015-8919-2 05/31/2016 CSP milestone 5 Evaluate Operations Implement observation and deficiency compliance with identification of obvious cyber Milestone 5 (NRC related tampering to existing insider Requirement) mitigation rounds by incorporating the appropriate elements in Appendix E Section 4.3 "Personnel Performing Maintenance and Testing Activities".

AR 2016-1584-1 3/10/2016 CSP regulatory Provide Cognitive Cyber Security Program Manager to commitment date in Technical Organization provide CTO input to the license jeopardy (CTO) Input amendment request proce~s Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled to AEP-NRC-2016-19 Page 4 Assignment# Current Subject Action Subject Comments Action Request (AR) Date Due AR 2016-1584-2 3/30/2016 CSP regulatory Create recovery plan to commitment date in ensure proper jeopardy management oversight and program ownership is put in place to allow successful implementation

. Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5 to this letter contain sensitive information Withhold from public disclosure under 10 CFR 2.390 Upon removal of Sections 1, 2, and 3 of Enclosure 2 and Enclosure 5, this letter is decontrolled