JAFP-16-0180, License Amendment Request - Cyber Security Plan Implementation Schedule

From kanterella
(Redirected from ML16343A947)
Jump to navigation Jump to search

License Amendment Request - Cyber Security Plan Implementation Schedule
ML16343A947
Person / Time
Site: FitzPatrick Constellation icon.png
Issue date: 12/08/2016
From: Brian Sullivan
Entergy Nuclear Operations
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
CAC MF6367, JAFP-16-0180, TAC ME4267, TAC MF3456
Download: ML16343A947 (19)


Text

Entergy Nuclear Northeast Entergy Nuclear Operations, Inc.

James A. FitzPatrick NPP P.O. Box 110 Lycoming, NY 13093 Tel 315-342-3840 Brian R. Sullivan Site Vice President - JAF JAFP-16-0180 December 8, 2016 U.S. Nuclear Regulatory Commission Attn: Document Control Desk Washington, DC 20555-0001

Subject:

License Amendment Request - Cyber Security Plan Implementation Schedule James A. FitzPatrick Nuclear Power Plant Docket No. 50-333 License No. DPR-59

References:

1. NRC Internal Memorandum to Barry Westreich from Russell Felts, Review Criteria for 10 CFR 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests, ML13295A467, dated October 24, 2013
2. NRC letter, Issuance of Amendment Re: License Amendment Request -

Cyber Security Plan (TAC No. ME4267), ML11152A011, dated August 19, 2011

3. NRC letter, Issuance of Amendment Re: Cyber Security Plan Implementation Schedule Milestone 8 (TAC No. MF3456),

ML14202A372, dated December 1, 2014

4. NRC letter, Issuance of Amendment Re: Cyber Security Plan Implementation Schedule (CAC No. MF6367), ML16062A388, dated April 6, 2016

Dear Sir or Madam:

Pursuant to 10 CFR 50.4 and 10 CFR 50.90, Entergy Operations, Inc. (ENOI) hereby requests an amendment to the Renewed Facility Operating Licenses for James A. FitzPatrick Nuclear Power Plant (JAF). In accordance with the guidelines provided by Reference 1, this request proposes a change to the JAF Cyber Security Plan Milestone 8 full implementation date as set forth in the Cyber Security Plan Implementation Schedule approved by References 2, 3 and 4. provides an evaluation of the proposed change. Attachment 2 contains proposed marked-up operating license pages for the Physical Protection license condition for JAF to reference the commitment change provided in this submittal. Attachment 3 contains the proposed revised operating license pages. Attachment 4 contains a change to the date of Implementation Milestone 8.

JAFP-16-0180 Page 2 of 2 The proposed changes have been evaluated in accordance with 10 CFR 50.91 (a)(1) using criteria in 10 CFR 50.92(c), and it has been determined that the changes involve no significant hazards consideration. The bases for these determinations are included in Attachment 1.

ENOI requests this license amendment be effective as of its date of issuance. Although this request is neither exigent nor emergency, your review and approval is requested prior to December 15, 2017.

The revised commitment contained in this submittal is summarized in Attachment 5. Should you have any questions concerning this letter, or require additional information, please contact William C. Drews at 315-349-6562.

I declare under penalty of perjury that the foregoing is true and correct. Executed on December 8, 2016.

Brian R. Sullivan Site Vice President BRS/WCD/mh Attachments: 1. Analysis of Proposed Operating License Change

2. Proposed JAF Operating License Changes (mark-up)
3. Revised JAF Operating License Pages
4. Revised Cyber Security Plan Implementation Schedule
5. List of Revised Regulatory Commitments cc: NRG Regional Administrator, Region 1 NRG Resident Inspector NRA Project Manager New York State Department of Public Service NYSERDA President and CEO

JAFP-16-0180 Attachment 1 Analysis of Proposed Operating License Change (Pages 6)

JAFP-16-0180 Attachment 1 Analysis of Proposed Operating License Change 1.0

SUMMARY

DESCRIPTION This license amendment request (LAR) includes a proposed change to the James A. FitzPatrick Nuclear Plant (JAF) Cyber Security Plan (CSP) Implementation Schedule Milestone 8 (full implementation) date and a proposed revision to the existing operating license Physical Protection license condition.

2.0 DETAILED DESCRIPTION In Reference 1, the NRC provided criteria to be used for evaluation of a license amendment request to revise the Cyber Security Implementation Schedule Milestone 8 date. The information requested by Reference 1 is discussed in the next section. In Reference 2 Entergy Nuclear Operations, Inc. (ENOI) notified the NRC of intent to permanently cease power operations at JAF in late 2016 or early 2017. Since this notification, JAF has continued to maintain the previously implemented cyber security Milestones 1-7, however work toward achieving Milestone 8 was suspended. Subsequently, several unanticipated significant developments have occurred, including restructuring of the New York State energy market, followed in August 2016 by ENOI and Exelon Corporation agreeing to the sale of JAF and transfer of the operating license to Exelon (Reference 3). The sale and license transfer is presently expected to complete in April 2017. Accordingly, the effort to complete Milestone 8 requirements is being reviewed by the two companies and expected to be reinitiated in March 2017, after the JAF refueling outage scheduled for January-February 2017. Additionally, the next refueling outage is scheduled for September-October 2018. Due to the extended period of suspension of Milestone 8 work (November 2015 to March 2017) and 2018 refueling outage, ENOI is requesting rescheduling of the Milestone 8 due date by 18 months, from December 15, 2017 to June 15, 2019.

3.0 TECHNICAL EVALUATION

In November 2009, and in subsequent LARs in accordance with 10 CFR 73.54 (nuclear cyber security rule), JAF submitted a proposed schedule for achieving full compliance with the cyber security rule. The schedule was approved and consists of eight milestones, with interim Milestones 1 through 7 being completed by December 31, 2012 and subsequently inspected for compliance by the NRC during April 2015 (Reference 4). Presently, Milestone 8 (full compliance with the rule) is required to be completed by December 15, 2017, however as described in the previous section, the work to achieve Milestone 8 was suspended in November 2015, and will not substantially resume until March 2017.

The following is JAFs discussion of the eight evaluation criteria required by Reference 1.

1 Identification of the specific requirement or requirements of the CSP that the licensee needs additional time to implement.

ENOI requests that full implementation of CSP requirements per Milestone 8 be rescheduled from December 15, 2017 to June 15, 2019. During this additional period the requirements of Milestones 1-7 will be maintained.

2 Detailed justification that describes the reason additional time is required to implement the specific requirement or requirements identified.

In November 2015 ENOI notified the NRC of intent to permanently cease power operations at JAF in late 2016 or early 2017 (Reference 2). After this notification JAF continued to maintain the previously implemented Milestone 1-7 actions, but suspended work toward achieving Milestone 8. However, in August 2016 ENOI and Exelon Corporations agreed to the sale of JAF and transfer of the operating license to Exelon (Reference 3). Additional time is required as described above in Section 2.0 to achieve Milestone 8 because of the previous suspension of work and refueling outages scheduled to occur in January-February 2017 and September-October 2018.

Page 1 of 6

JAFP-16-0180 Attachment 1 Analysis of Proposed Operating License Change 3 Proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available.

The proposed completion date for Milestone 8 is June 15, 2019.

4 Evaluation of the impact that the additional time to implement the requirements will have on the effectiveness of the overall cyber security program in the context of milestones already completed.

Because of the cyber security protections provided by the actions completed pursuant to Milestones 1 through 7 and maintenance of these actions, the program will be continue to be effective in significantly mitigating the risk of the design basis threat (DBT) via cyber means. Most notably, safety-related, important-to-safety, and security Critical Digital Assets (CDA) will continue to be deterministically isolated from external networks; stringent control of portable media and mobile devices connected to CDAs will continue, including use of standalone scanning kiosks, and implementation of technical cyber security controls and security officer observation for CDAs that support physical security target set functions.

Additionally, although not required until Milestone 8, ENOI has implemented procedures governing CDA configuration management, cyber security incident response and recovery, cyber security training, identification of rogue connections, and CDA physical protections.

5 Description of the methodology for prioritizing completion of work for CDAs associated with significant SSEP consequences and with reactivity effects in the balance of plant.

Because CDAs are plant components, work prioritization follows the normal work management process that places the highest priority on apparent conditions adverse to quality in system, structure, and component (SSC) design function and related factors such as safety risk and nuclear defense-in-depth, as well as threats to continuity of electric power generation in the balance-of-plant (BOP). Further, in regard to deterministic isolation and control of portable media and mobile devices (PMMD) for safety-related, important-to-safety (including BOP), and security CDAs, maintenance of one-way or air-gapped configurations and implementation of control of PMMD remains high priority. This prioritization enabled timely completion of cyber security Interim Milestones 3 and 4. High focus continues to be maintained on prompt attention to any emergent issue with CDAs that would potentially challenge the established cyber protective barriers. Further, strong engagement with the NEI Cyber Security Task Force (CSTF) will continue and developments communicated through mechanisms such as Security Frequently Asked Questions (SFAQs) will receive timely attention and prioritization.

6 Discussion of the cyber security program performance up to the date of the license amendment request.

No compromise of SSEP function by cyber means has been identified. As documented in Reference 4, an NRC inspection of JAF compliance with Milestones 1-7 was conducted March 16-19, 2015, and findings were designated as low-level (Green Non-Cited, granted enforcement discretion). Additionally, an annual JAF Quality Assurance (QA) audit has been conducted each year since 2013 pursuant to the JAF Physical Security Plan and physical security program review required by 10 CFR 73.55(m). The QA audit includes review of cyber security program implementation. There have been no significant findings related to overall cyber security program performance and effectiveness during these audits.

Page 2 of 6

JAFP-16-0180 Attachment 1 Analysis of Proposed Operating License Change 7 Discussion of cyber security issues pending in the CAP.

No cyber security issues that would constitute a threat to proper CDA function or that would call into question cyber security program effectiveness are currently pending in the Corrective Action Program.

8 Discussion of modifications completed to support the cyber security program and a discussion of pending cyber security modifications.

Modifications completed include those required to deterministically isolate Level 3 and 4 CDAs, as required by nuclear cyber security implementation schedule interim Milestone 3. A modification is scheduled for the May 2017 equipment outage to install an additional physical barrier for a CDA inside the protected area (PA) that supports a physical security target set function. Planning has commenced for modifications to be installed during the September-October 2018 refueling outage to implement, where feasible, automated intrusion monitoring, detection, prevention and eradication systems per the requirements of the JAF Cyber Security Plan Section 4.4 and NEI 08-09, Revision 6, Appendices D-2, D-3, D-5, E-3, E-6, E-7, E-8, and E-10.

Page 3 of 6

JAFP-16-0180 Attachment 1 Analysis of Proposed Operating License Change This LAR includes markups and the proposed change to the existing operating license condition for "Physical Protection" (Attachments 2 and 3) for JAF, respectively. This LAR also contains the proposed Revised CSP Implementation Schedule (Attachment 4) and revised list of regulatory commitments (Attachment 5).

4.0 REGULATORY EVALUATION

4.1 Applicable Regulatory Requirements/Criteria 10 CFR 73.54 requires licensees to maintain and implement a cyber security plan (CSP). James A. FitzPatrick Nuclear Power Plant (JAF) Facility Operating License No. DPR-59, includes a Physical Protection license condition that requires Entergy Operations, Inc. (ENOI) to fully implement and maintain in effect all provisions of the Commission-approved CSP, including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

4.2 Significant Safety Hazards Consideration ENOI is requesting an amendment to the JAF Facility Operating License to revise the Physical Protection license condition as it relates to the CSP. This change includes a proposed change to a CSP Implementation Schedule milestone date and a proposed revision to the JAF Facility Operating License to include the proposed deviation. Specifically, ENOI is proposing a change to the Implementation Milestone 8 completion date.

ENOI has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, "Issuance of Amendment," as discussed below:

1. Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No.

The proposed change to the CSP Implementation Schedule is administrative in nature.

This change does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The proposed change does not require any plant modifications which affect the performance capability of the structures, systems, and components relied upon to mitigate the consequences of postulated accidents and has no impact on the probability or consequences of an accident previously evaluated.

Therefore, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.

Page 4 of 6

JAFP-16-0180 Attachment 1 Analysis of Proposed Operating License Change

2. Does the proposed change create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No.

The proposed change to the CSP Implementation Schedule is administrative in nature.

This proposed change does not alter accident analysis assumptions, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The proposed change does not require any plant modifications which affect the performance capability of the structures, systems, and components relied upon to mitigate the consequences of postulated accidents and does not create the possibility of a new or different kind of accident from any accident previously evaluated.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any accident previously evaluated.

3. Does the proposed change involve a significant reduction in a margin of safety?

Response: No.

Plant safety margins are established through limiting conditions for operation, limiting safety system settings, and safety limits specified in the technical specifications. The proposed change to the CSP Implementation Schedule is administrative in nature. In addition, the milestone date delay for full implementation of the CSP has no substantive impact because other measures have been taken which provide adequate protection during this period of time. Because there is no change to established safety margins as a result of this change, the proposed change does not involve a significant reduction in a margin of safety.

Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Based on the above, ENOI concludes that the proposed change presents no significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of no significant hazards consideration is justified.

4.3 Conclusion In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

Page 5 of 6

JAFP-16-0180 Attachment 1 Analysis of Proposed Operating License Change

5.0 ENVIRONMENTAL CONSIDERATION

The proposed amendment provides a change to the CSP Implementation Schedule. The proposed amendment meets the eligibility criterion for a categorical exclusion set forth in 10 CFR 51.22(c)(12). Therefore, pursuant to 10 CFR 51.22(b) no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.

6.0 REFERENCES

1. NRC Internal Memorandum to Barry Westreich from Russell Felts, Review Criteria for 10 CFR 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests, dated October 24, 2013 (ML13295A467)
2. Letter, from ENOI (J. Ventosa) to NRC, Notification of Permanent Cessation of Power Operations, JAFP-15-0133, dated November 18, 2015 (ML15322A273)
3. Letter from Exelon (J. Bradley Fewell) and ENOI (Brian Sullivan) to NRC, Application for Order Approving Transfer of Renewed Facility Operating License and Proposed Conforming License Amendment, dated August 18, 2016 (ML16235A081)
4. NRC Inspection Report for James A. FitzPatrick Nuclear Power Plant - NRC Temporary Instruction 2201/004, Inspection of Implementation of Interim Cyber Security Milestones 1-7, IR 05000333/2015405, dated April 8, 2015 (ML15099A536)

Page 6 of 6

JAFP-16-0180 Attachment 2 Proposed JAF Operating License Changes (mark-up)

(Pages 2)

(4) ENO pursuant to the Act and 10 CFR Parts 30, 40, and 70 to receive, possess, and use, at any time, any byproduct, source and special nuclear material without restriction to chemical or physical form, for sample analysis or instrument calibration; or associated with radioactive apparatus, components or tools.

(5) Pursuant to the Act and 10 CFR Parts 30 and 70, to possess, but not separate, such byproduct and special nuclear materials as may be produced by the operation of the facility.

C. This renewed operating license shall be deemed to contain and is subject to the conditions specified in the following Commission regulations in 10 CFR Chapter I: Part 20, Section 30.34 of Part 30, Section 40.41 of Part 40, Sections 50.54 and 50.59 of Part 50, and Section 70.32 of Part 70; and is subject to all applicable provisions of the Act and to the rules, regulations, and orders of the Commission now or hereafter in effect; and is subject to the additional conditions specified or incorporated below:

(1) Maximum Power Level ENO is authorized to operate the facility at steady state reactor core power levels not in excess of 2536 megawatts (thermal).

(2) Technical Specifications The Technical Specifications contained in Appendix A, as revised through Amendment No. 311, are hereby incorporated in the renewed operating license. The licensee shall operate the facility in accordance with the Technical Specifications.

(3) Fire Protection ENO shall implement and maintain in effect all provisions of the approved fire protections program as described in the Final Safety Analysis Report for the facility and as approved in the SER dated November 20, 1972; the SER Supplement No. 1 dated February 1, 1973; the SER Supplement No. 2 dated October 4, 1974; the SER dated August 1, 1979; the SER Supplement dated October 3, 1980; the SER Supplement dated February 13, 1981; the NRC Letter dated February 24, 1981; Technical Specification Amendments 34 (dated January 31, 1978), 80 (dated May 22, 1984), 134 (dated July 19, 1989), 135 (dated September 5, 1989), 142 (dated October 23, 1989), 164 (dated August 10, 1990), 176 (dated January 16, 1992), 177 (dated February 10, 1992), 186 (dated February 19, 1993),

190 (dated June 29, 1993), 191 (dated July 7, 1993), 206 (dated February 28, 1994) and 214 (dated June 27, 1994); and NRC Exemptions and associated safety evaluations dated April 26, 1983, July 1, 1983, January 11, 1985, April 30, 1986, September 15, 1986 and September 10, 1992 subject to the following provision:

Amendment 311 Renewed License No. DPR-59

Safeguards Contingency Plan, Revision 0, submitted by letter dated October 26, 2004, as supplemented by letter dated May 17, 2006.

ENO shall fully implement and maintain in effect all provisions of the Commission approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). ENO CSP was approved by License Amendment No. 300, as supplemented by changes approved by License Amendment Nos. 303, 308, and 311, and .

ENO has been granted Commission authorization to use stand alone preemption authority under Section 161A of the Atomic Energy Act, 42 U.S.C. 2201a with respect to the weapons described in Attachment 1,Section II contained in its application submitted by letter dated August 30, 2013, as supplemented by letters dated November 12, 2013, and July 11, 2014. ENO shall fully implement and maintain in effect the provisions of the Commission approved authorization.

E. Power Uprate License Amendment Implementation The licensee shall complete the following actions as a condition of the approval of the power uprate license amendment.

(1) Recirculation Pump Motor Vibration Perform monitoring of recirculation pump motor vibration during initial Cycle 13 power ascension for uprated power conditions.

(2) Startup Test Program The licensee will follow a startup testing program, during Cycle 13 power ascension, as described in GE Licensing Topical Report NEDC-31897P-1, Generic Guidelines for General Electric Boiling Water Reactor Power Uprate. The Startup test program includes system testing of such process control systems as the feedwater flow and main steam pressure control systems. The licensee will collect steady-state operational data during various portions of the power ascension to the higher licensed power level so that predicted equipment performance characteristics can be verified. The licensee will do the startup testing program in accordance with its procedures. The licensees approach is in conformance with the test guidelines of GE Licensing Topical Report NEDC-31897P-1, Generic Guidelines for General Electric Boiling Water Reactor Power Uprate. June 1991 (proprietary), GE Licensing Topical Report NEDO-31897, Generic Guidelines for General Electric Boiling Water Reactor Power Uprate. February 1992 (nonproprietary), and NEDC-31897P-AA, Class III (proprietary), May 1992.

(3) Human Factors The licensee will review the results of the Cycle 13 startup test program to determine any potential effects on operator training. Training issues identified Amendment 311 Renewed License No. DPR-59

JAFP-16-0180 Attachment 3 Revised JAF Operating License Pages (Pages 2)

(4) ENO pursuant to the Act and 10 CFR Parts 30, 40, and 70 to receive, possess, and use, at any time, any byproduct, source and special nuclear material without restriction to chemical or physical form, for sample analysis or instrument calibration; or associated with radioactive apparatus, components or tools.

(5) Pursuant to the Act and 10 CFR Parts 30 and 70, to possess, but not separate, such byproduct and special nuclear materials as may be produced by the operation of the facility.

C. This renewed operating license shall be deemed to contain and is subject to the conditions specified in the following Commission regulations in 10 CFR Chapter I: Part 20, Section 30.34 of Part 30, Section 40.41 of Part 40, Sections 50.54 and 50.59 of Part 50, and Section 70.32 of Part 70; and is subject to all applicable provisions of the Act and to the rules, regulations, and orders of the Commission now or hereafter in effect; and is subject to the additional conditions specified or incorporated below:

(1) Maximum Power Level ENO is authorized to operate the facility at steady state reactor core power levels not in excess of 2536 megawatts (thermal).

(2) Technical Specifications The Technical Specifications contained in Appendix A, as revised through Amendment No. , are hereby incorporated in the renewed operating license. The licensee shall operate the facility in accordance with the Technical Specifications.

(3) Fire Protection ENO shall implement and maintain in effect all provisions of the approved fire protections program as described in the Final Safety Analysis Report for the facility and as approved in the SER dated November 20, 1972; the SER Supplement No. 1 dated February 1, 1973; the SER Supplement No. 2 dated October 4, 1974; the SER dated August 1, 1979; the SER Supplement dated October 3, 1980; the SER Supplement dated February 13, 1981; the NRC Letter dated February 24, 1981; Technical Specification Amendments 34 (dated January 31, 1978), 80 (dated May 22, 1984), 134 (dated July 19, 1989), 135 (dated September 5, 1989), 142 (dated October 23, 1989), 164 (dated August 10, 1990), 176 (dated January 16, 1992), 177 (dated February 10, 1992), 186 (dated February 19, 1993),

190 (dated June 29, 1993), 191 (dated July 7, 1993), 206 (dated February 28, 1994) and 214 (dated June 27, 1994); and NRC Exemptions and associated safety evaluations dated April 26, 1983, July 1, 1983, January 11, 1985, April 30, 1986, September 15, 1986 and September 10, 1992 subject to the following provision:

Amendment Renewed License No. DPR-59

Safeguards Contingency Plan, Revision 0, submitted by letter dated October 26, 2004, as supplemented by letter dated May 17, 2006.

ENO shall fully implement and maintain in effect all provisions of the Commission approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). ENO CSP was approved by License Amendment No. 300, as supplemented by changes approved by License Amendment Nos. 303, 308, 311, and .

ENO has been granted Commission authorization to use stand alone preemption authority under Section 161A of the Atomic Energy Act, 42 U.S.C. 2201a with respect to the weapons described in Attachment 1,Section II contained in its application submitted by letter dated August 30, 2013, as supplemented by letters dated November 12, 2013, and July 11, 2014. ENO shall fully implement and maintain in effect the provisions of the Commission approved authorization.

E. Power Uprate License Amendment Implementation The licensee shall complete the following actions as a condition of the approval of the power uprate license amendment.

(1) Recirculation Pump Motor Vibration Perform monitoring of recirculation pump motor vibration during initial Cycle 13 power ascension for uprated power conditions.

(2) Startup Test Program The licensee will follow a startup testing program, during Cycle 13 power ascension, as described in GE Licensing Topical Report NEDC-31897P-1, Generic Guidelines for General Electric Boiling Water Reactor Power Uprate. The Startup test program includes system testing of such process control systems as the feedwater flow and main steam pressure control systems. The licensee will collect steady-state operational data during various portions of the power ascension to the higher licensed power level so that predicted equipment performance characteristics can be verified. The licensee will do the startup testing program in accordance with its procedures. The licensees approach is in conformance with the test guidelines of GE Licensing Topical Report NEDC-31897P-1, Generic Guidelines for General Electric Boiling Water Reactor Power Uprate. June 1991 (proprietary), GE Licensing Topical Report NEDO-31897, Generic Guidelines for General Electric Boiling Water Reactor Power Uprate. February 1992 (nonproprietary), and NEDC-31897P-AA, Class III (proprietary), May 1992.

(3) Human Factors The licensee will review the results of the Cycle 13 startup test program to determine any potential effects on operator training. Training issues identified Amendment Renewed License No. DPR-59

JAFP-16-0180 Attachment 4 Revised Cyber Security Plan Implementation Schedule (Page 1)

JAFP-16-0180 Attachment 4 Revised Cyber Security Plan Implementation Schedule Completion

  1. Implementation Milestone Basis Date 8 Full implementation of James June 15, 2019 By the completion date, the JAF Cyber A. FitzPatrick (JAF) Cyber Security Plan will be fully implemented Security Plan for all safety, for all SSEP functions in accordance security, and emergency with 10 CFR 73.54. This date also preparedness (SSEP) functions bounds the completion of all individual will be achieved. asset security control design remediation actions including those that require a refueling outage for implementation.

Page 1 of 1

JAFP-16-0180 Attachment 5 List of Revised Regulatory Commitments (Page 1)

JAFP-16-0180 Attachment 5 List of Revised Regulatory Commitments The following table identifies those actions committed to by James A. FitzPatrick Nuclear Power Plant in this document. Any other statements in this submittal are provided for information purposes and are not considered to be regulatory commitments.

TYPE (Check One) SCHEDULED COMPLETION COMMITMENT DATE ONE-TIME CONTINUING ACTION COMPLIANCE (If Required)

Full implementation of JAF Cyber Security Plan for all safety, security, and X June 15, 2019 emergency preparedness functions will be achieved.

Page 1 of 1