|
---|
Category:Letter
MONTHYEARML24029A2752024-01-29029 January 2024 Request to Reschedule Evaluated Force-on-Force Drill IR 05000498/20230042024-01-29029 January 2024 Integrated Inspection Report 05000498/2023004 and 05000499/2023004 ML24024A1162024-01-24024 January 2024 STP Unit 2 Request for Information IR 05000498/20244042024-01-18018 January 2024 Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000498/2024404; 05000499/2024404 IR 05000498/20230032023-12-28028 December 2023 Acknowledgment of Reply to a Notice of Violation (NRC Inspection Report 05000498/2023003 and 05000499/2023003) ML23360A1692023-12-26026 December 2023 FEMA, Submittal of Radiological Emergency Preparedness Final Report for the South Texas Project Medical Services Drill Evaluated on August 31, 2023 NOC-AE-230040, Supplement to Proposed Alternate Frequency to Containment Unbonded Post-Tensioning System Inservice Inspection (Relief Request RR-ENG-4-06)2023-12-14014 December 2023 Supplement to Proposed Alternate Frequency to Containment Unbonded Post-Tensioning System Inservice Inspection (Relief Request RR-ENG-4-06) NOC-AE-230039, Docket Nos. Stn 50-498, Stn 50-499 - Reply to a Notice of Violation, NRC Inspection Report 05000498/2023003 and 05000499/20230032023-12-12012 December 2023 Docket Nos. Stn 50-498, Stn 50-499 - Reply to a Notice of Violation, NRC Inspection Report 05000498/2023003 and 05000499/2023003 ML23326A2592023-12-0505 December 2023 Review of the Fall 2022 Steam Generator Tube Inspection Report ML23339A1902023-12-0505 December 2023 Update Foreign Ownership, Control, or Influence (FOCI) IR 05000498/20234012023-12-0404 December 2023 Security Baseline Inspection Report 05000498/2023401 and 05000499/2023401 ML23324A0102023-11-16016 November 2023 Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications Implementation ML23310A2282023-11-13013 November 2023 Integrated Inspection Report 05000498/2023003 and 05000499/2023003, and Notice of Violation ML23311A2082023-11-0909 November 2023 Reassignment of U.S. Nuclear Regulatory Commission Branch Chief in the Division of Operating Reactor Licensing for Plant Licensing Branch IV ML23298A0002023-11-0101 November 2023 the Associated Independent Spent Fuel Storage Installation - Issuance of Amendment Nos. 226 and 211 Related to Order Approving Indirect Transfer of Licenses and Conforming License Amendments ML23303A0782023-10-30030 October 2023 Submittal of Supplemental Information in Response to Order Consenting to License Transfers and Approval of Draft Conforming License Amendments ML23279A0342023-10-30030 October 2023 Associated Independent Spent Fuel Storage Installation - Order Approving Indirect Transfer of Licenses and Draft Conforming License Amendments (EPID L-2023-LLM-0004) (Letter) IR 05000498/20234032023-10-26026 October 2023 Material Control and Accounting Program Inspection Report 05000498/2023403 and 05000499/2023403 (Cover Letter) ML23317A1262023-10-12012 October 2023 South. Texas Project Physical Security Plan, Training and Qualification Plan, Safeguards Contingency Plan, and Independent Spent Fuel Storage Installation Security Program Revision 26 ML23279A1382023-10-0505 October 2023 Responses to Requests for Additional Information Related to Application for Order Approving Indirect Transfer of Control of Licenses ML23271A1942023-10-0303 October 2023 Notification of Commercial Grade Dedication Inspection (05000498/2024013 and 05000499/2024013) and Request for Information ML23270B2592023-09-27027 September 2023 Update Foreign Ownership, Control, or Influence ML23263B1132023-09-20020 September 2023 Operator Licensing Examination Schedule Revision 1 IR 05000498/20243012023-09-0707 September 2023 Notification of NRC Initial Operator Licensing Examination 05000498/2024301; 05000499/2024301 IR 05000498/20233012023-09-0101 September 2023 NRC Examination Report 05000498/2023301 and 05000499/2023301 ML23243B0562023-08-31031 August 2023 Supplemental Information to Application for Order Approving Indirect Transfer of Control of Licenses ML23236A6042023-08-24024 August 2023 Annual Dose Report for 2022 IR 05000498/20230052023-08-22022 August 2023 Updated Inspection Plan for South Texas Project Electric Generating Station, Units 1 and 2 (Report 05000498/2023005 and 05000499/2023005) - Mid Cycle Letter ML23229A5262023-08-17017 August 2023 Inservice Inspection Summary Report - 1 RE24, ML23229A5892023-08-17017 August 2023 Voluntary Response to Regulatory Issue Summary (RIS) 2023-02, Scheduling Information for the Licensing of Accident Tolerant, Increased Enrichment, and Higher Burnup Fuels ML23229A4992023-08-17017 August 2023 Supplement to Proposed Alternate Frequency to Containment Unbonded Post-Tensioning System Inservice Inspection (Relief Request RR-ENG-4-06) ML23228A2102023-08-15015 August 2023 Closure of Investigation (OI 4-22-19) ML23222A0322023-08-10010 August 2023 Report of Changes Made to Quality Assurance Program for Radioactive Material Packages ML23221A3002023-08-0909 August 2023 RE22 Inspection Summary Report for Steam Generator Tubinq, Rev. 1 (Epld L-2023-LRO-0029) ML23222A2792023-08-0909 August 2023 Submittal of Update Foreign Ownership, Control, or Influence (FOCI) IR 05000498/20230022023-07-28028 July 2023 Integrated Inspection Report 05000498/2023002 and 05000499/2023002 ML23198A0532023-07-24024 July 2023 Request for Withholding Information from Public Disclosure ML23188A1612023-07-14014 July 2023 the Associated ISFSI - Notice of Consideration of Approval of Indirect Transfer of Licenses and Conforming Amendments and Opportunity to Request a Hearing (EPID L-2023-LLM-0004) - Letter ML23193A9932023-07-11011 July 2023 Submittal of Update Foreign Ownership, Control or Influence (FOCI) ML23192A0482023-07-11011 July 2023 NRC Initial Operator Licensing Examination Approval 05000498/2023301; 05000499/2023301 NOC-AE-230039, Submittal of Update Foreign Ownership, Control or Influence (FOCI)2023-07-11011 July 2023 Submittal of Update Foreign Ownership, Control or Influence (FOCI) ML23180A2822023-06-29029 June 2023 Operator Licensing Examination Schedule ML23177A2522023-06-26026 June 2023 Units 1, 2 & Independent Spent Fuel Storage Installation - Biennial Submittal of Technical Specification Bases Changes, Commitment Changes, 10 CFR 50.59 Evaluation Summary, and 10 CFR 72.48 Evaluation Summary ML23166B0802023-06-14014 June 2023 Update Foreign Ownership, Control, or Influence (FOCI) ML23163A1762023-06-12012 June 2023 Application for Order Approving Indirect Transfer of Control of Licenses 2024-01-29
[Table view] Category:Request for Additional Information (RAI)
MONTHYEARML24024A1162024-01-24024 January 2024 STP Unit 2 Request for Information ML23334A0062023-11-29029 November 2023 NRR E-mail Capture - South Texas Project - Request for Additional Information - Proposed Alternative to ASME BPV Code Requirements ML23319A4442023-11-15015 November 2023 NRR E-mail Capture - South Texas Project - Draft Request for Additional Information - Proposed Alternative to ASME BPV Code Requirements ML23278A1532023-10-0505 October 2023 NRR E-mail Capture - South Texas Project Request for Additional Information - Request for Indirect Transfer of Licenses and Conforming Amendments (L-2023-LLM-0004) ML23264A0972023-09-21021 September 2023 NRR E-mail Capture - South Texas Project - Request for Additional Information - License Amendment Request to Revise the Alternate Source Term Dose Calculation (L-2023-LLA-0047) ML23255A2862023-09-12012 September 2023 NRR E-mail Capture - South Texas Project Draft Request for Additional Information License Amendment Request to Revise the Alternate Source Term Dose Calculation (L-2023-LLA-0047) ML23145A1872023-05-24024 May 2023 July 2023 Emergency Preparedness Program Inspection - Request for Information ML22255A1542022-09-13013 September 2022 Operating Company Information Request for the Cyber Security Baseline Inspection 05000498/2022401 and 05000499/2022401 ML22206A0142022-07-20020 July 2022 NRR E-mail Capture - South Texas Project - Request for Additional Information - 10 CFR 20.2002 Alternate Disposal Request ML22194A0502022-07-0707 July 2022 NRR E-mail Capture - South Texas Project - Updated Draft Request for Additional Information - 10 CFR 20.2002 Alternate Disposal Request ML22194A0492022-06-0808 June 2022 NRR E-mail Capture - South Texas Project - Draft Request for Additional Information - 10 CFR 20.2002 Alternate Disposal Request ML22123A3272022-05-0303 May 2022 STP EP Exercise Inspection July 2022 RFI ML22084A0762022-04-0404 April 2022 Notification of NRC Design Bases Assurance Inspection (Team) (05000498/2022012 and 05000499/2022012) and Request for Information ML21286A5732021-10-18018 October 2021 Notification of NRC Design Bases Assurance Inspection (Programs) (05000498/2022011 and 05000499/2022011) and Request for Information ML21166A2392021-06-16016 June 2021 Notification of Inspection (NRC Inspection Report 05000498/2021003 and 05000499/2021003) and Request for Information ML21160A1522021-06-0909 June 2021 Request for Information NRC Inspection 2021-003 Public Radiation Safety ML21133A2372021-05-0505 May 2021 Request for Additional Information: STP EP Exercise Inspection - July 2021 ML21039A8902021-02-0808 February 2021 NRR E-mail Capture - South Texas Project - Request for Additional Information - 1RE22 Inspection Summary Report for Steam Generator Tubing ML21029A3312021-01-29029 January 2021 NRR E-mail Capture - South Texas Project - Draft Request for Additional Information - 1RE22 Inspection Summary Report for Steam Generator Tubing ML20280A5452020-08-17017 August 2020 STP 2020 PIR Request for Information ML20111A0052020-04-17017 April 2020 NRR E-mail Capture - South Texas Project - Request for Additional Information - Proposed Alternative to ASME OM Code 2012 Edition - Relief Request PRR-01 ML20070N0222020-03-10010 March 2020 NRC Selection for Onsite Review ML20057G4612020-02-26026 February 2020 05000498/499 Request for Information - Occupational Radiation Safety Inspection ML20045E2172020-02-13013 February 2020 Licensed Operator Positive Fitness-For-Duty Test ML20036F5862020-02-0404 February 2020 Request for Additional Information - Proposed Alternative to ASME Code Requirements for the Repair of Essential Cooling Water System Class 3 Buried Piping (EPID L-2019-LLR-0096)Redacted ML19165A1032019-06-14014 June 2019 NRR E-mail Capture - Draft RAI for STP TS 3.8.1.1 Sbdg SR Change ML19081A1512019-03-21021 March 2019 NRR E-mail Capture - Draft Round 2 RAI - Sbdg Voltage and Frequency LAR (L-2018-LLA-0078) ML18283B9522018-10-10010 October 2018 NRR E-mail Capture - Final RAI - South Texas Standby DG TS Change (L-2018-LLA-0078) ML18263A1432018-09-12012 September 2018 NRR E-mail Capture - Final RAI for South Texas Project RR-ENG-E-16 (L-2018-LLR-0097) ML18197A4172018-07-17017 July 2018 Notification of NRC Triennial Heat Sink Performance Inspection (05000498/2018003 and 05000499/2018003) and Request for Information ML18003B4222018-01-0303 January 2018 NRR E-mail Capture - Final Request for Additional Information Amendment Request to Modify the Emergency Response Organization for South Texas Project ML17229B4672017-08-16016 August 2017 Notification of NRC Inspection 05000499/2017008 and Request for Information ML17132A0712017-05-15015 May 2017 Information Request the Cyber Security Baseline Inspection, Notification to Perform Inspection 05000498/2017407; 05000499/2017407 ML17103A6272017-04-13013 April 2017 Notification of Evaluations of Changes, Tests, and Experiments Inspection (05000498/2017007 and 05000499/2017007) and Request for Information ML16351A1502016-12-16016 December 2016 Correction Letter Closeout of Request for Information Questions That Are No Longer Applicable Associated with the Resolution of Generic Safety Issue 191 (CAC Nos. MF2400 - MF2409) ML16302A4532016-12-12012 December 2016 Closeout of Request for Additional Information Questions That Are No Longer Applicable, Resolution of Generic Safety Issue (GSI) 191 (CAC Nos. MF2400-MF2409) ML16343A0422016-12-0808 December 2016 Request for Additional Information for the Review of the South Texas Project, Units 1 and 2 License Renewal Application (CAC NOS. ME4936, ME4937) ML16340A1022016-12-0505 December 2016 Requests for Additional Information for the Review of the South Texas Project License Renewal Application (CAC Nos. ME4936 and ME4937) ML16246A0952016-09-15015 September 2016 Correction to 8/26/16 Request for Additional Information Enclosure, License Amendment Request to Revise Technical Specification 5.3.2 to Allow Operation with 56 Full-Length Control Rod Assemblies ML16214A2912016-08-26026 August 2016 Summary of June 28-30, 2016, Regulatory Audit at Westinghouse in Rockville, MD, License Amendment Request to Revise Technical Specification 5.3.2 to Allow Operation with 56 Full-Length Control Rod Assemblies ML16187A0522016-07-0707 July 2016 Request for Additional Information Regarding License Renewal Application ML16141B0812016-05-31031 May 2016 Audit Summary, Risk Audit on April 12-13, 2016, at Alumni Center at the University of Texas, Austin, Tx; Pilot Generic Safety Issue 191 Submittal and Exemption Request, and Draft Request for Additional Information ML16125A2902016-05-26026 May 2016 Request for Additional Information, Risk Review, Exemption and License Amendment Request for a Risk-Informed Approach to Resolve Generic Safety Issue (GSI)-191 (CAC Nos. MF2400-MF2409) ML16127A4522016-05-12012 May 2016 Supplemental Information Needed for Acceptance of Requested Licensing Action, Amendment Request to Revise Technical Specification 5.3.2 to Allow Operation with 56 Full-Length Control Rod Assemblies ML16104A3522016-04-22022 April 2016 Requests for Additional Information Set 35 for the Review of the South Texas Project License Renewal Application (Tac Nos. ME4936, ME4937) ML16082A5072016-04-11011 April 2016 Request for Additional Information, Phased Response Requested, Exemption and License Amendment Request for a Risk-Informed Approach to Resolve Generic Safety Issue (GSI)-191 (CAC Nos. MF2400-MF2409) ML16082A4842016-03-22022 March 2016 NRR E-mail Capture - South Texas Project Units 1 & 2, Draft Request for Additional Information for Risk Review for GSI-191 ML16081A0042016-03-18018 March 2016 NRR E-mail Capture - South Texas Project Units 1 & 2, Draft Request for Additional Information for Thermal-hydraulic Review for GSI-191 ML16053A1872016-03-0101 March 2016 Request for Additional Information, Request to Revise Technical Specification 6.8.3.j, Containment Leakage Rate Testing Program, to Extend Integrated Leak Rate Test Interval from 10 to 15 Years (CAC MF6176-MF6177) ML16060A2872016-02-29029 February 2016 NRR E-mail Capture - Request for Additional Information - STP LRA Safety Review 2024-01-24
[Table view] |
See also: IR 05000498/2017407
Text
May 15, 2017
Mr. G. T. Powell
Executive Vice President and CNO
STP Nuclear Operating Company
P.O. Box 289
Wadsworth, TX 77483
SUBJECT: SOUTH TEXAS PROJECT ELECTRIC GENERATING STATION,
UNITS 1 AND 2 - INFORMATION REQUEST THE CYBER SECURITY BASELINE INSPECTION,
NOTIFICATION TO PERFORM INSPECTION
05000498/2017407; 05000499/2017407
Dear Mr. Powell:
On July 24, 2017, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline inspection at the
South Texas Project Electric Generating Station. This inspection evaluates and verifies your ability to
meet the full implementation requirements of the NRCs Cyber Security Rule, Title 10, Code of Federal
Regulations (CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and
Networks. The onsite portion of the inspection will take place during the weeks of July 24, 2017, and
August 7, 2017.
Experience has shown that baseline inspections are extremely resource intensive, both for the NRC
inspectors and the licensee staff. In order to minimize the inspection impact on the site and to ensure a
productive inspection for both parties, we have enclosed a request for documents needed for the
inspection. These documents have been divided into four groups.
The first group specifies information necessary to assist the team in choosing the focus areas
(i.e., sample set) to be inspected in accordance with the cyber security inspection procedure. This
information should be made available using a compact disc and delivered to the regional office no later
than June 5, 2017. The inspection team will review this information and by the end of the planned
information gathering visit on June 22, 2017, will request the specific items that should be provided for
review.
The second group of requested documents will assist the team in their evaluation of the critical systems
and critical digital assets, defensive architecture, and the areas of the cyber security program selected
for inspection. This information will be requested for review in the regional office prior to the
inspection by July 7, 2017, as identified above.
G. Powell 2
The third group of requested documents consists of those items that the team will review or need
access to during the inspection. Please have this information available by the first day of the onsite
inspection July 24, 2017.
The fourth group of information is necessary to aid the team in tracking issues identified as a result of
the inspection. It is requested that this information be provided to the lead inspector as the information
is generated during the inspection. It is important that all of these documents are up to date and
complete in order to minimize the number of additional documents requested during the preparation
and/or the onsite portions of the inspection.
The lead inspector for this inspection is Greg Pick. We understand that our regulatory contact for this
inspection is Marilyn Kistler of your organization. If there are any questions about the inspection or the
material requested, please contact Greg at 817 200-1270 or by e-mail at greg.pick@nrc.gov.
This letter does not contain new or amended information collection requirements subject to the
Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection requirements
were approved by the Office of Management and Budget, control number 3150-0011. The NRC may not
conduct or sponsor, and a person is not required to respond to, a request for information or an
information collection requirement unless the requesting document displays a currently valid Office of
Management and Budget control number.
In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding, of the
NRC's "Rules of Practice," a copy of this letter and its enclosure will be available electronically for public
inspection in the NRCs Public Document Room or from the Publicly Available Records (PARS)
component of the NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is
accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic
Reading Room).
Sincerely,
/RA John Mateychick Acting for/
Gregory E. Werner, Chief
Engineering Branch 2
Division of Reactor Safety
Docket Nos. 50-498 and 50-499
License Nos. NPF-76 and NPF-80
Enclosure:
South Texas Project Electric Generating Station -
Cyber Security Inspection Document Request
cc w/ encl: Electronic Distribution
South Texas Project Electric Generating Station -
Cyber Security Inspection Document Request
Inspection Report: 05000498/2017407; 05000499/2017407
Inspection Dates: Weeks of July 24, 2017, and August 7, 2017
Inspection Procedure: IP 71130.10, Cyber Security, (In review process at time of request)
Reference 1: Guidance Document for Development of the Request for Information
(RFI) and Notification Letter for Full-Implementation of the Cyber
Security Inspection (draft) dated February 2017
NRC Inspectors: Greg Pick, Lead Samuel Graves
817-200-1270 817-200-1102
greg.pick@nrc.gov samuel.graves@nrc.gov
Shiattin Makor
817-200-1507
shiattin.makor@nrc.gov
NRC Contractors: Alan Konkal Casey Priester
561-989-0210 301-230-4590
alan.konkal@nrc.gov frederick.priester@nrc.gov
I. Information Requested for In-Office Preparation
The initial request for information (i.e., first request for information) provides the team with the
general information necessary to select appropriate components and cyber security program
elements to develop a site-specific inspection plan. The team will use the first set of
information requested to identify the list of critical systems and critical digital assets plus
operational and management security control portions of the Cyber Security Plan to be chosen
as the sample set required to be inspected during this inspection. The first information
request is specified in Table RFI #1. Provide the first set of information to the team leader in the
regional office by June 5, 2017, or sooner, to facilitate the selection of the specific items that will
be reviewed during the onsite inspection weeks.
The team will examine the returned documentation from the first information request and
select specific systems and equipment to provide a more focused second request for
information. The team will submit the second information request to your staff by the end of
the information gathering visit on June 22, 2017, which will identify the specific systems and
equipment that will be utilized to evaluate the critical systems and critical digital assets,
defensive architecture, and the areas of the cyber security program selected for the cyber
security inspection. All requests for information shall follow the guidance in Reference 1.
The required Table RFI #1 information shall be provided on compact disc (CD) to the lead
inspector by June 5, 2017. Please provide four copies of each CD submitted (i.e., one for each
Enclosure
inspector/contractor). The preferred file format for all lists is a searchable Excel spreadsheet file
on a CD. These CDs should be indexed and hyperlinked to facilitate ease of use. If you have any
questions regarding this information, please call the inspection team leader as soon as possible.
Table RFI #1
Section 3,
Paragraph Number/Title: Items
1 List All Identified Critical Systems and Critical Digital Assets All
List All Facility and Site Ethernet - Transmission Control Protocol/Internet All
2
Protocol (TCP/IP)-Based Local Area Networks (LANs)
3 List All Facility and Site Non-Ethernet-TCP/IP-Based LANs All
4 Network Topology Diagrams All
8 List All Network Security Boundary Devices All
9 List All Plant Wired and Wireless Industrial Networks All
11.a.1)
11 Network Intrusion Detection System Documentation
11.a.2)
12.a.1)
12 Security Information and Event Management Documentation
12.a.2)
14 List Onsite and External/Offsite Digital Communications Systems and Devices All
17.a
17 Mobile Device Control
17.b
18 Portable Media Control All
19.a
19 Software Management
19.b.1)
24 Device Access and Key Control 24.a
27 Cyber Security Assessment and Cyber Security Incident Response Teams All
In addition to the above information please provide the following:
(1) Electronic copy of the UFSAR and technical specifications
(2) Name(s) and phone numbers for the regulatory and technical contacts
(3) Current management and engineering organizational charts
Based on this information, the team will identify and select specific systems and equipment
(e.g., critical systems and critical digital assets) from the information requested by Table RFI #1
and submit a list of specific systems and equipment to your staff by the end of the information
gathering visit on June 22, 2017, for the second information request (i.e., Table RFI #2).
2
II. Additional Information Requested to be Available Prior to Inspection
As stated in Section I above, the team will examine the returned documentation requested from
the initial information request and submit the list of specific systems and equipment to your
staff by the end of the information gathering visit on June 22, 2017, for the second request for
information (i.e., Table RFI #2). This second information request obtains additional documents
required to evaluate the critical systems and critical digital assets, defensive architecture, and
the areas of the cyber security program selected for the cyber security inspection. All requested
information shall follow Reference 1.
The Table RFI 2 information shall be provided on CD to the lead inspector by July 7, 2017. Please
provide four copies of each CD submitted (i.e., one for each inspector/contractor). The
preferred file format for all lists is a searchable Excel spreadsheet file on a CD. These CDs should
be indexed and hyperlinked to facilitate ease of use. If you have any questions regarding this
information, please call the inspection team leader as soon as possible.
Table RFI #2
Section 3,
Paragraph Number/Title: Items
5 Plant Computer System Block Diagram All
6 Plant Security System Block Diagram All
7 Systems that are distributed Block Diagrams All
10.a.1)
10 Host-Based Intrusion Detection System Documentation
10.a.2)
List All Maintenance and Test Equipment Used To Administer CDA All
13
Operation, Support, Maintenance, and Service
15 Configuration Management All
16.a.
16.b.1)
16 Supply Chain Management
16.b.5)
16.b.6)
17.c
17 Mobile Device Control
17.d
19.b.2)
19 Software Management
19.b.3)
23 Work Control All
24.b
24 Device Access and Key Control
24.c
3
Table RFI #2
Section 3,
Paragraph Number/Title: Items
25 Password/Authenticator Policy All
26 User Account/Credential Policy All
III. Information Requested to be Available on First Day of Inspection
For the specific systems and equipment identified in Section II above, provide the following
request for information (i.e., Table 1ST Week Onsite) on CD by July 24, 2017, the first day of the
inspection. All requested information shall follow the guidance in Reference 1.
Please provide four copies of each CD submitted (i.e., one for each inspector/contactor). The
preferred file format for all lists is a searchable Excel spreadsheet file on a CD. These CDs should
be indexed and hyperlinked to facilitate ease of use. If you have any questions regarding this
information, please call the inspection team leader as soon as possible.
Table 1ST Week Onsite
Section 3,
Paragraph Number/Title: Items
10.a.3)
10 Host-Based Intrusion Detection System Documentation thru
10.a.12)
11.a.3)
11 Network Intrusion Detection System Documentation thru
11.a.15)
12.a.3)
12 Security Information and Event Management Documentation thru
12.a.14)
16.b.2)
16 Supply Chain Management 16.b.3)
16.b.4)
20 Cyber Security Event Notifications All
21 Inventory Management and Control All
22 Vendor Access and Monitoring All
4
In addition to the above information please provide the following:
(1) Copies of the following documents do not need to be solely available to the inspection
team as long as the inspectors have easy and unrestrained access to them.
a. Updated Final Safety Analysis Report, if not previously provided;
b. Original FSAR Volumes;
c. Original SER and Supplements;
d. FSAR Question and Answers;
e. Quality Assurance Plan;
f. Technical Specifications, if not previously provided;
g. Latest IPE/PRA Report; and
(2) Vendor Manuals, Assessments, and Corrective Actions:
a. The most recent cyber security quality assurance audit and/or
self-assessment; and
b. Corrective action documents (e.g., condition reports, including status of
corrective actions) generate as a result of the most recent cyber security
quality assurance audit and/or self-assessment.
IV. Information Requested To Be Provided Throughout the Inspection
(1) Copies of any corrective action documents generated as a result of the inspection
teams questions or queries during the inspection.
(2) Copies of the list of questions submitted by the inspection team members and the
status/resolution of the information requested (provided daily during the inspection to
each inspection team member).
If you have any questions regarding the information requested, please contact the team leader.
5
ML17132A071
SUNSI Review: ADAMS: Non-Publicly Available Non-Sensitive Keyword: NRC-002
By: GAP Yes No Publicly Available Sensitive
OFFICE SRI:EB2 BC:EB2
NAME G. Pick G. Werner
SIGNATURE /RA/ /RA/J.
Mateychick for
DATE 05/08/2017 05/15/2017