ML16090A069
| ML16090A069 | |
| Person / Time | |
|---|---|
| Site: | Millstone, Kewaunee, Surry, North Anna, 07200002, 07200055  |
| Issue date: | 04/07/2016 |
| From: | Darryl Parsons NRC/NSIR/DSO/ISB |
| To: | Clark G Dominion Energy Kewaunee, Dominion Nuclear Connecticut, Nuclear Support Services, Virginia Electric & Power Co (VEPCO) |
| R Norman | |
| Shared Package | |
| ML16090A063 | List: |
| References | |
| Download: ML16090A069 (3) | |
Text
April 7, 2016 Ms. Gianna C. Clark Vice President - Nuclear Support Services Dominion Energy Kewaunee, Inc.
Dominion Nuclear Connecticut, Inc.
Virginia Electric and Power Company 5000 Dominion Boulevard, 2SE Glen Allen, VA 23060
SUBJECT:
DOMINION ENERGY KEWAUNEE, INC.; DOMINION NUCLEAR CONNECTICUT, INC.; VIRGINIA ELECTRIC AND POWER COMPANY; KEWAUNEE POWER STATION; MILLSTONE POWER STATION UNITS 1, 2, AND 3; NORTH ANNA POWER STATION UNITS 1 AND 2; SURRY POWER STATION UNITS 1 AND 2; AND ASSOCIATED INDEPENDENT SPENT FUEL STORAGE INSTALLATIONS USE OF ENCRYPTION SOFTWARE FOR ELECTRONIC TRANSMISSION OF SAFEGUARDS INFORMATION
Dear Ms. Clark:
By letter dated November 5, 2015, Dominion Resources Services, Inc. requested U.S. Nuclear Regulatory Commission (NRC) approval to use CCORE Module by Cellcrypt Limited to transmit Safeguards Information (SGI) via mobile telephone devices. Your request for NRC approval was accompanied with an attachment that contained the validation Certificate Number 1310.
The previously issued National Institute of Standards and Technology (NIST) Certificate Number 1310 is no longer compliant with Federal Information Processing Standards (FIPS) 140-2, Security Requirements for Cryptographic Modules. Paragraph 73.22(f) of Title 10 of the Code of Federal Regulations (10 CFR), External transmission of documents and material, prescribes requirements for the transmission of SGI outside an authorized place of use or storage. Paragraph 73.22(f)(3) of 10 CFR states, in part:
Except under emergency or extraordinary conditions, Safeguards Information shall be transmitted outside an authorized place of use or storage only by NRC approved secure electronic devices, such as facsimiles or telephone devices, provided that transmitters and receivers implement processes that will provide high assurance that Safeguards Information is protected before and after the transmission or electronic mail through the internet, provided that the information is encrypted by a method (Federal Information Processing Standard [FIPS] 140-2 or later) approved by the appropriate NRC Office; the information is produced by a self contained secure automatic data process system; and transmitters and receivers implement the information handling processes that will provide high assurance that Safeguards Information is protected before and after transmission.
G. Clark The NRC staff finds the use of CCORE Module by Cellcrypt Limited unacceptable for processing and transmitting SGI electronically. The NRC approves only those cryptographic algorithms approved by NIST. Thus, if NIST no longer approves certain cryptographic algorithms, the NRC also does not approve use of that cryptographic algorithm.
The NRC point of contact regarding the use of encryption software for the processing and transmission of SGI is Robert L. Norman, Senior Program Manager for SGI, Division of Security Operations. Mr. Norman can be reached at (301) 415-2278 or via email at Robert.Norman@nrc.gov.
Sincerely,
/RA/
Darryl Parsons, Chief Information Security Branch Division of Security Operations Office of Nuclear Security and Incident Response Docket Nos. 50-305, 50-245/336/423 50-338/339, 50-280/281, 72-2/16/47/55/56/64 cc: Richard Guzman, NRR/DORL
G. Clark The NRC staff finds the use of CCORE Module by Cellcrypt Limited unacceptable for processing and transmitting SGI electronically. The NRC approves only those cryptographic algorithms approved by NIST. Thus, if NIST no longer approves certain cryptographic algorithms, the NRC also does not approve use of that cryptographic algorithm.
The NRC point of contact regarding the use of encryption software for the processing and transmission of SGI is Robert L. Norman, Senior Program Manager for SGI, Division of Security Operations. Mr. Norman can be reached at (301) 415-2278 or via email at Robert.Norman@nrc.gov.
Sincerely,
/RA/
Darryl Parsons, Chief Information Security Branch Division of Security Operations Office of Nuclear Security and Incident Response Docket Nos. 50-305, 50-245/336/423 50-338/339, 50-280/281, 72-2/16/47/55/56/64 cc: Richard Guzman, NRR/DORL Accession No.: ML16090A069 OFFICE NSIR/ISB NSIR/DSO/TA NSIR/DSO/ISB/BC NAME RNorman MRalph DParsons DATE 03/23/2016 03/23/2016 03/28/2016 OFFICIAL RECORD COPY
April 7, 2016 Ms. Gianna C. Clark Vice President - Nuclear Support Services Dominion Energy Kewaunee, Inc.
Dominion Nuclear Connecticut, Inc.
Virginia Electric and Power Company 5000 Dominion Boulevard, 2SE Glen Allen, VA 23060
SUBJECT:
DOMINION ENERGY KEWAUNEE, INC.; DOMINION NUCLEAR CONNECTICUT, INC.; VIRGINIA ELECTRIC AND POWER COMPANY; KEWAUNEE POWER STATION; MILLSTONE POWER STATION UNITS 1, 2, AND 3; NORTH ANNA POWER STATION UNITS 1 AND 2; SURRY POWER STATION UNITS 1 AND 2; AND ASSOCIATED INDEPENDENT SPENT FUEL STORAGE INSTALLATIONS USE OF ENCRYPTION SOFTWARE FOR ELECTRONIC TRANSMISSION OF SAFEGUARDS INFORMATION
Dear Ms. Clark:
By letter dated November 5, 2015, Dominion Resources Services, Inc. requested U.S. Nuclear Regulatory Commission (NRC) approval to use CCORE Module by Cellcrypt Limited to transmit Safeguards Information (SGI) via mobile telephone devices. Your request for NRC approval was accompanied with an attachment that contained the validation Certificate Number 1310.
The previously issued National Institute of Standards and Technology (NIST) Certificate Number 1310 is no longer compliant with Federal Information Processing Standards (FIPS) 140-2, Security Requirements for Cryptographic Modules. Paragraph 73.22(f) of Title 10 of the Code of Federal Regulations (10 CFR), External transmission of documents and material, prescribes requirements for the transmission of SGI outside an authorized place of use or storage. Paragraph 73.22(f)(3) of 10 CFR states, in part:
Except under emergency or extraordinary conditions, Safeguards Information shall be transmitted outside an authorized place of use or storage only by NRC approved secure electronic devices, such as facsimiles or telephone devices, provided that transmitters and receivers implement processes that will provide high assurance that Safeguards Information is protected before and after the transmission or electronic mail through the internet, provided that the information is encrypted by a method (Federal Information Processing Standard [FIPS] 140-2 or later) approved by the appropriate NRC Office; the information is produced by a self contained secure automatic data process system; and transmitters and receivers implement the information handling processes that will provide high assurance that Safeguards Information is protected before and after transmission.
G. Clark The NRC staff finds the use of CCORE Module by Cellcrypt Limited unacceptable for processing and transmitting SGI electronically. The NRC approves only those cryptographic algorithms approved by NIST. Thus, if NIST no longer approves certain cryptographic algorithms, the NRC also does not approve use of that cryptographic algorithm.
The NRC point of contact regarding the use of encryption software for the processing and transmission of SGI is Robert L. Norman, Senior Program Manager for SGI, Division of Security Operations. Mr. Norman can be reached at (301) 415-2278 or via email at Robert.Norman@nrc.gov.
Sincerely,
/RA/
Darryl Parsons, Chief Information Security Branch Division of Security Operations Office of Nuclear Security and Incident Response Docket Nos. 50-305, 50-245/336/423 50-338/339, 50-280/281, 72-2/16/47/55/56/64 cc: Richard Guzman, NRR/DORL
G. Clark The NRC staff finds the use of CCORE Module by Cellcrypt Limited unacceptable for processing and transmitting SGI electronically. The NRC approves only those cryptographic algorithms approved by NIST. Thus, if NIST no longer approves certain cryptographic algorithms, the NRC also does not approve use of that cryptographic algorithm.
The NRC point of contact regarding the use of encryption software for the processing and transmission of SGI is Robert L. Norman, Senior Program Manager for SGI, Division of Security Operations. Mr. Norman can be reached at (301) 415-2278 or via email at Robert.Norman@nrc.gov.
Sincerely,
/RA/
Darryl Parsons, Chief Information Security Branch Division of Security Operations Office of Nuclear Security and Incident Response Docket Nos. 50-305, 50-245/336/423 50-338/339, 50-280/281, 72-2/16/47/55/56/64 cc: Richard Guzman, NRR/DORL Accession No.: ML16090A069 OFFICE NSIR/ISB NSIR/DSO/TA NSIR/DSO/ISB/BC NAME RNorman MRalph DParsons DATE 03/23/2016 03/23/2016 03/28/2016 OFFICIAL RECORD COPY