ML16238A049
| ML16238A049 | |
| Person / Time | |
|---|---|
| Site: | Perry  |
| Issue date: | 09/06/2016 |
| From: | Kimberly Green Plant Licensing Branch III |
| To: | Hamilton D FirstEnergy Nuclear Operating Co |
| Green K | |
| References | |
| CAC MF8298 | |
| Download: ML16238A049 (3) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 Mr. David B. Hamilton Site Vice President September 6, 2016 FirstEnergy Nuclear Operating Company Mail Stop A-PY-A290 P.O. Box 97, 10 Center Road Perry, OH 44081-0097
SUBJECT:
PERRY NUCLEAR POWER PLANT, UNIT NO. 1 - USE OF ENCRYPTION SOFTWARE FOR ELECTRONIC SUBMISSION OF SAFEGUARDS INFORMATION (CAC NO. MF8298)
Dear Mr. Hamilton:
By letter dated July 11, 2016 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML16196A059), FirstEnergy Nuclear Operating Company (FENOC),
on behalf of the Perry Nuclear Power Plant (PNPP), Unit 1, requested that the U.S. Nuclear Regulatory Commission (NRC) approve the use of Symantec Encryption Desktop Version 10.4, for the electronic transmission of safeguards information (SGI) in accordance with Title 10 of the Code of Federal Regulations (10 CFR) Paragraph 73.22(f)(3).
Section 73.22(f) of 10 CFR, "External transmission of documents and material," describes requirements for the transmission of SGI outside an authorized place of use or storage. 10 CFR 73.22(f)(3) states, in part:
Except under emergency or extraordinary conditions, Safeguards Information shall be transmitted outside an authorized place of use or storage only by NRC approved secure electronic devices, such as facsimiles or telephone devices, provided that transmitters and receivers implement processes that will provide high assurance that Safeguards Information is protected before and after the transmission or electronic mail through the internet, provided that the information is encrypted by a method (Federal Information Processing Standard [FIPS] 140-2 or later) approved by the appropriate NRC Office; the information is produced by a self contained secure automatic data process system; and transmitters and receivers implement the information handling processes that will provide high assurance that Safeguards Information is protected before and after transmission.
Guidance to licensees on the electronic transmission of SGI is provided in the NRC Regulatory Issue Summary (RIS) 2002-15, Revision 1, "NRC Approval of Commercial Data Encryption Products for the Electronic Transmission of Safeguards Information," dated January 26, 2006 (ADAMS Accession No. ML050460031).
As stated in FENOC's letter, Symantec Encryption Desktop Version 10.4 was developed with PGP Software Developer's Kit (SOK) Cryptographic Module Software Version 4.2.1 and complies with Federal Information Processing Standard (FIPS) 140-2 as validated by the National Institute of Standards and Technology (NIST) Consolidated Certificate No. 0014. A copy of the certificate was enclosed with FENOC's letter.
The NRC approves only those cryptographic algorithms approved by NIST. Based on the NIST validation that the encryption software complies with FIPS 140-2, the NRC staff finds that the use of Symantec Encryption Desktop Version 10.4 is acceptable to use for electronic transmission of SGI in accordance with 10 CFR 73.22(f)(3). Thus, the staff approves the use of this software, in accordance with 10 CFR 73.22(f)(3), at PNPP, Unit 1. If NIST no longer approves certain cryptographic algorithms, the NRC also does not approve use of that cryptographic algorithm.
If you have any questions, please contact me at 301-415-1627.
Docket No. 50-440 cc: Distribution via Listserv Sincerely, Kimberly J. Green, Senior Project Manager Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation
ML16238A049 OFFICE N RR/DORL/LPL3-1 /PM N RR/DORL/LPL3-1 /LA NSIR/DSO/ISB/BC NAME KGreen SRohrer DParsons DATE 8/25/2016 8/26/2016 8/24/2016 OFFICE OGC N RR/DORL/LPL3-1 /BC NRR/DORL/LPL3-1 /PM NAME JBielecki DWrona KGreen DATE 9/02/2016 9/02/2016 9/06/2016