L-16-225, Use of Encryption Software for Electronic Transmission of Safeguards Information
| ML16196A059 | |
| Person / Time | |
|---|---|
| Site: | Perry  |
| Issue date: | 07/11/2016 |
| From: | Hamilton D FirstEnergy Nuclear Operating Co |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| L-16-225 | |
| Download: ML16196A059 (7) | |
Text
FE NOC' FirstEnergy Nuclear Operating Company David B. Hamilton Vice President July 11, 2016 L-16-225 United States Nuclear Regulatory Commission Document Control Desk Washington, D.C. 20555-0001
SUBJECT:
Perry Nuclear Power Plant Docket No. 50-440, License No. NPF-58 Perry Nuclear Power Plant PO. Box 97 10 Center Road Perry. Ohio 44081 440-280-5382 10 CFR 73.22 Use of Encryption Software for Electronic Transmission of Safeguards Information Pursuant to the requirements of 10 CFR 73.22(f)(3) and the guidance provided in NRC Regulatory Issue Summary 2002-15, Revision 1 "NRC Approval of Commercial Data Encryption Systems for the Electronic Transmission of Safeguards Information", dated January 26, 2006, the FirstEnergy Nuclear Operating Company (FENOC), on behalf of the Perry Nuclear Power Plant (PNPP), requests NRC approval to use Symantec Encryption Desktop version 10.4. This version of encryption product was developed with PGP Software Developer's Kit (SOK)
Cryptographic Module Software Version 4.2.1 and complies with Federal Information Processing Standard (FIPS) 140-2 as validated by the National Institute of Standards and Technology (NIST) Consolidated Certificate No. 0014 (Enclosure A).
An information protection system for safeguards information (SGI) that meets the requirements of 10 CFR 73.22 has been established and is being maintained. Written procedures are in place which describe: access controls; where and when encrypted communications can be made; how encryption keys, codes and passwords will be protected from compromise; actions to be taken if the encryption keys, codes or passwords are, or are suspected to have been compromised; and how the identity and access authorization of the recipient will be verified.
FENOC intends to exchange SGI with the NRC, Nuclear Energy Institute (NEI), and other SGI holders who have received NRC approval to use PGP software. Processing Safeguards Information on electric systems is performed in accordance with the provisions of 10 CFR 73.22(g). Perry Nuclear Power Plant will maintain a single (one) public key named with the following syntax:
LastName _FirstName _ SiteName. asc.
Mr. Jeffrey Archer, Supervisor - Nuclear Security Support, is responsible for the overall implementation of the SGI encryption program at PNPP.
Perry Nuclear Power Plant L-16-225 Page 2 There are no regulatory commitments contained in this letter. If there are any questions, or if additional information is required, please contact Mr. Nicola Conicella, Manager - Regulatory Compliance, at (440) 280-5415.
Sincerely, David B. Hamilton
Enclosure:
A. FIPS 140-2 Consolidated Certificate No. 0014 cc:
NRC Region Ill Administrator NRC Resident Inspector NRR Project Manager
Enclosure A L-16-225 FIPS 140-2 Consolidated Certificate No. 0014
FIP 140-2 Con olidated Validation C rtificate The National Institute of Standards and Technology of the United States of America The Communication Security Establishment of the Government of Canada Con o idated C rt1 1cate No 0014 The National Institute of Standards and Technology. as the United States FIPS 140-2 Cryptographic Module Validation Authority. and the Communications Security Establishment Canada as the Canadian FIPS 140-2 Cryptographic Module Validation Authority. hereby validate the FIPS 140-2 testing results of the cryptographic modules listed below in accordance with the Derived Test Requirements for FIPS 140-2. Security Requirements for Cryptographic Modules FIPS 140-2 specifies the security requirements that are to be sat1sf1ed by a cryptographic module utilized w1th1n a security system protecting Sensitive Information (United States) or Protected Information (Canada) within computer and telecommunications systems (including voice systems)
Products which use a cryptographic module 1dent1f1ed below may be labeled as complying with the requirements of FIPS 140-2 so long as the product, throughout its life-cycle. continues to use the validated version of the cryptographic module as spec1f1ed rn this consolidated cert1f1cate The validation report contains add1t1onal details concerning test results No reliab1l1ty test has been performed and no warranty of the products by both agencies 1s either expressed or 1mpl1ed FIPS 140-2 provides four increasing. qual1tat1ve levels of security Level 1 Level 2. Level 3 and Level 4 These levels are intended to cover the wide range and potential appl1cat1ons and envrronments tn which cryptographic modules may be employed The security requirements cover eleven areas related to the secure design and 1mplementat1on of a cryptographic module The scope of conformance achieved by the cryptographic modules as tested are 1dent1f1ed and listed on the Cryptographic Module Validation Program website The website listing 1s the off1c1al list of validated cryptographic modules Each validation entry corresponds to a uniquely assigned cert1f1cate number Associated with each cert1f1cate number 1s the module name(s). module vers1on1ng information. applicable caveats module type. date of m1t1al validation and applicable rev1s1ons. Overall Level. tnd1v1dual Levels 1f different than the Overall Level. Fl PS-approved and other algorithms. vendor contact information. a vendor provided description and the accredited Cryptographic Module Testing laboratory which performed the testing the United States Chief, Computer Security 01v1s1on National Institute of Sta['dards and Technology Pa ' I of 4 Signed on behalf of the Goyernment of Canada
/ '
- .c 7 kl l.C Director, Architecture and Technology Assurance Communications Security Establishment Canada 2/291201 2
Certificate Number 1670 1671 1672 1673 Page 2 of 4 Validation I Posting Date 02/02/2012 02/06/2012 02/06/2012 02/06/2012 http://csrc.nist.gov/groups/STM/cmvp/documents/140-1 /140val-all. htm Module Name(s)
Vendor Name CAT862 Dolby JPEG 2000/MPEG-Dolby Laboratories, Inc.
2 Media Block IDC CryptoCore Module Sensage, Inc.
IBM z/OS Version 1 Release 13 IBM Corporation ICSF PKCS#11 Cryptographic Module Secure Router 2330 Avaya, Inc.
Version Information Hardware Versions: PIN CAT862Z, Revisions FIPS_1.0, FIPS_1.1,
FIPS_ 1.2 and FIPS_ 1.3; Firmware Version: 4.4.0.37 Software Version: 1.0 Hardware Version: CPACF (P/N COP) and optional 4765-001 (P/N 45D6048); Software Version: ICSF level HCR7780 w/ APAR OA36882 and RACF level HRF7780; Firmware Version: CPACF (FC3863 w/ System Driver Level 86E) and optional 4765-001 (e1ced7a0)
Hardware Version: Chassis: 2330, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01Rev02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01 ); Firmware Version:
10.3.0.100 2/29/2012
httQ ://cs re. nist.gov/grou12s/STM/cmv12/documents/140-1 /140val-all. htm Certificate Validation I Module Name(s)
Vendor Name Version Information Number Posting Date 1674 02/06/2012 Secure Router 4134 Avaya, Inc.
Hardware Version: Chassis: 4134, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011 ); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); 1-port HSSI Medium Card (Part Number: 333-70290-01 Rev 9); 1-port Channelized I Clear Channel T3 Medium Card (Part Number: 333-70280-01 Rev 8); 8-port T1/E1 Medium Card (Part Number: 333-70275-01 Rev 01.0012); 10-port Gigabit Ethernet (GbE) Medium Card (Part Number:
333-70330-01 Rev 01.0023); 24-port Fast Ethernet (FE) Medium Card (Part Number: 333-70325-01 Rev 15); 24-port Fast Ethernet/Power over Ethernet (FE/PoE) Medium Card (Part Number: 333-70325-02 Rev 01.0017); Firmware Version:
10.3.0.100 1675 02/06/2012 Uplogix 430 [1] and 3200 [2]
Uplogix, Inc.
Hardware Versions: (43-1002-50 and 43-1102-50) (1] and (37-0326-03 and 37-0326-04) [2]; Firmware Version: 4.3.5.19979 1677 02/09/2012 McAfee Endpoint Encryption Disk McAfee, Inc.
Software Version: 6.1.3 Driver Cryptographic Module 1.0 1678 02/09/2012 StarSign Crypto USB Token Giesecke & Devrient Hardware Version: P5CC081 ;
powered by Sm@rtCafe Expert 6.0 Firmware Version: Sm@rtCafT Expert 6.0 1679 02/14/2012 CN1000 Fibre Channel Encryptor Senetas Corporation Ltd.
Hardware Version: A5175B; Firmware Version: 1.9.3 1680 02/14/2012 Absolute Encryption Engine Absolute Software Corporation Software Version: 1.2.0.46 Page 3 of4 2/29/2012
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1 /140val-all. htm Certificate Validation I Module Name(s)
Vendor Name Version Information Number Posting Date 1681 02/28/2012 PGP Software Developer's Kit Symantec Corporation Software Version: 4.2.1 (SDK) Cryptographic Module 1682 02/14/2012 Voltage IBE Cryptographic Module Voltage Security, Inc.
Software Version: 4.0 1683 02/15/2012 Communication Server Lene! Systems International, Inc.
Software Versions: 5.12.110, 6.0.148, 6.1.22, 6.3.249 or 6.4.500 1684 02/24/2012 PGP Cryptographic Engine Symantec Corporation Software Version: 4.2.1 Page 4 of 4 2129/2012
FE NOC' FirstEnergy Nuclear Operating Company David B. Hamilton Vice President July 11, 2016 L-16-225 United States Nuclear Regulatory Commission Document Control Desk Washington, D.C. 20555-0001
SUBJECT:
Perry Nuclear Power Plant Docket No. 50-440, License No. NPF-58 Perry Nuclear Power Plant PO. Box 97 10 Center Road Perry. Ohio 44081 440-280-5382 10 CFR 73.22 Use of Encryption Software for Electronic Transmission of Safeguards Information Pursuant to the requirements of 10 CFR 73.22(f)(3) and the guidance provided in NRC Regulatory Issue Summary 2002-15, Revision 1 "NRC Approval of Commercial Data Encryption Systems for the Electronic Transmission of Safeguards Information", dated January 26, 2006, the FirstEnergy Nuclear Operating Company (FENOC), on behalf of the Perry Nuclear Power Plant (PNPP), requests NRC approval to use Symantec Encryption Desktop version 10.4. This version of encryption product was developed with PGP Software Developer's Kit (SOK)
Cryptographic Module Software Version 4.2.1 and complies with Federal Information Processing Standard (FIPS) 140-2 as validated by the National Institute of Standards and Technology (NIST) Consolidated Certificate No. 0014 (Enclosure A).
An information protection system for safeguards information (SGI) that meets the requirements of 10 CFR 73.22 has been established and is being maintained. Written procedures are in place which describe: access controls; where and when encrypted communications can be made; how encryption keys, codes and passwords will be protected from compromise; actions to be taken if the encryption keys, codes or passwords are, or are suspected to have been compromised; and how the identity and access authorization of the recipient will be verified.
FENOC intends to exchange SGI with the NRC, Nuclear Energy Institute (NEI), and other SGI holders who have received NRC approval to use PGP software. Processing Safeguards Information on electric systems is performed in accordance with the provisions of 10 CFR 73.22(g). Perry Nuclear Power Plant will maintain a single (one) public key named with the following syntax:
LastName _FirstName _ SiteName. asc.
Mr. Jeffrey Archer, Supervisor - Nuclear Security Support, is responsible for the overall implementation of the SGI encryption program at PNPP.
Perry Nuclear Power Plant L-16-225 Page 2 There are no regulatory commitments contained in this letter. If there are any questions, or if additional information is required, please contact Mr. Nicola Conicella, Manager - Regulatory Compliance, at (440) 280-5415.
Sincerely, David B. Hamilton
Enclosure:
A. FIPS 140-2 Consolidated Certificate No. 0014 cc:
NRC Region Ill Administrator NRC Resident Inspector NRR Project Manager
Enclosure A L-16-225 FIPS 140-2 Consolidated Certificate No. 0014
FIP 140-2 Con olidated Validation C rtificate The National Institute of Standards and Technology of the United States of America The Communication Security Establishment of the Government of Canada Con o idated C rt1 1cate No 0014 The National Institute of Standards and Technology. as the United States FIPS 140-2 Cryptographic Module Validation Authority. and the Communications Security Establishment Canada as the Canadian FIPS 140-2 Cryptographic Module Validation Authority. hereby validate the FIPS 140-2 testing results of the cryptographic modules listed below in accordance with the Derived Test Requirements for FIPS 140-2. Security Requirements for Cryptographic Modules FIPS 140-2 specifies the security requirements that are to be sat1sf1ed by a cryptographic module utilized w1th1n a security system protecting Sensitive Information (United States) or Protected Information (Canada) within computer and telecommunications systems (including voice systems)
Products which use a cryptographic module 1dent1f1ed below may be labeled as complying with the requirements of FIPS 140-2 so long as the product, throughout its life-cycle. continues to use the validated version of the cryptographic module as spec1f1ed rn this consolidated cert1f1cate The validation report contains add1t1onal details concerning test results No reliab1l1ty test has been performed and no warranty of the products by both agencies 1s either expressed or 1mpl1ed FIPS 140-2 provides four increasing. qual1tat1ve levels of security Level 1 Level 2. Level 3 and Level 4 These levels are intended to cover the wide range and potential appl1cat1ons and envrronments tn which cryptographic modules may be employed The security requirements cover eleven areas related to the secure design and 1mplementat1on of a cryptographic module The scope of conformance achieved by the cryptographic modules as tested are 1dent1f1ed and listed on the Cryptographic Module Validation Program website The website listing 1s the off1c1al list of validated cryptographic modules Each validation entry corresponds to a uniquely assigned cert1f1cate number Associated with each cert1f1cate number 1s the module name(s). module vers1on1ng information. applicable caveats module type. date of m1t1al validation and applicable rev1s1ons. Overall Level. tnd1v1dual Levels 1f different than the Overall Level. Fl PS-approved and other algorithms. vendor contact information. a vendor provided description and the accredited Cryptographic Module Testing laboratory which performed the testing the United States Chief, Computer Security 01v1s1on National Institute of Sta['dards and Technology Pa ' I of 4 Signed on behalf of the Goyernment of Canada
/ '
- .c 7 kl l.C Director, Architecture and Technology Assurance Communications Security Establishment Canada 2/291201 2
Certificate Number 1670 1671 1672 1673 Page 2 of 4 Validation I Posting Date 02/02/2012 02/06/2012 02/06/2012 02/06/2012 http://csrc.nist.gov/groups/STM/cmvp/documents/140-1 /140val-all. htm Module Name(s)
Vendor Name CAT862 Dolby JPEG 2000/MPEG-Dolby Laboratories, Inc.
2 Media Block IDC CryptoCore Module Sensage, Inc.
IBM z/OS Version 1 Release 13 IBM Corporation ICSF PKCS#11 Cryptographic Module Secure Router 2330 Avaya, Inc.
Version Information Hardware Versions: PIN CAT862Z, Revisions FIPS_1.0, FIPS_1.1,
FIPS_ 1.2 and FIPS_ 1.3; Firmware Version: 4.4.0.37 Software Version: 1.0 Hardware Version: CPACF (P/N COP) and optional 4765-001 (P/N 45D6048); Software Version: ICSF level HCR7780 w/ APAR OA36882 and RACF level HRF7780; Firmware Version: CPACF (FC3863 w/ System Driver Level 86E) and optional 4765-001 (e1ced7a0)
Hardware Version: Chassis: 2330, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01Rev02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01 ); Firmware Version:
10.3.0.100 2/29/2012
httQ ://cs re. nist.gov/grou12s/STM/cmv12/documents/140-1 /140val-all. htm Certificate Validation I Module Name(s)
Vendor Name Version Information Number Posting Date 1674 02/06/2012 Secure Router 4134 Avaya, Inc.
Hardware Version: Chassis: 4134, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011 ); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); 1-port HSSI Medium Card (Part Number: 333-70290-01 Rev 9); 1-port Channelized I Clear Channel T3 Medium Card (Part Number: 333-70280-01 Rev 8); 8-port T1/E1 Medium Card (Part Number: 333-70275-01 Rev 01.0012); 10-port Gigabit Ethernet (GbE) Medium Card (Part Number:
333-70330-01 Rev 01.0023); 24-port Fast Ethernet (FE) Medium Card (Part Number: 333-70325-01 Rev 15); 24-port Fast Ethernet/Power over Ethernet (FE/PoE) Medium Card (Part Number: 333-70325-02 Rev 01.0017); Firmware Version:
10.3.0.100 1675 02/06/2012 Uplogix 430 [1] and 3200 [2]
Uplogix, Inc.
Hardware Versions: (43-1002-50 and 43-1102-50) (1] and (37-0326-03 and 37-0326-04) [2]; Firmware Version: 4.3.5.19979 1677 02/09/2012 McAfee Endpoint Encryption Disk McAfee, Inc.
Software Version: 6.1.3 Driver Cryptographic Module 1.0 1678 02/09/2012 StarSign Crypto USB Token Giesecke & Devrient Hardware Version: P5CC081 ;
powered by Sm@rtCafe Expert 6.0 Firmware Version: Sm@rtCafT Expert 6.0 1679 02/14/2012 CN1000 Fibre Channel Encryptor Senetas Corporation Ltd.
Hardware Version: A5175B; Firmware Version: 1.9.3 1680 02/14/2012 Absolute Encryption Engine Absolute Software Corporation Software Version: 1.2.0.46 Page 3 of4 2/29/2012
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1 /140val-all. htm Certificate Validation I Module Name(s)
Vendor Name Version Information Number Posting Date 1681 02/28/2012 PGP Software Developer's Kit Symantec Corporation Software Version: 4.2.1 (SDK) Cryptographic Module 1682 02/14/2012 Voltage IBE Cryptographic Module Voltage Security, Inc.
Software Version: 4.0 1683 02/15/2012 Communication Server Lene! Systems International, Inc.
Software Versions: 5.12.110, 6.0.148, 6.1.22, 6.3.249 or 6.4.500 1684 02/24/2012 PGP Cryptographic Engine Symantec Corporation Software Version: 4.2.1 Page 4 of 4 2129/2012