L-17-203, Use of Encryption Software for Electronic Transmission of Safeguards Information
ML17215A234 | |
Person / Time | |
---|---|
Site: | Davis Besse |
Issue date: | 08/01/2017 |
From: | Bezilla M FirstEnergy Nuclear Operating Co |
To: | Document Control Desk, Office of Nuclear Reactor Regulation |
References | |
L-17-203 | |
Download: ML17215A234 (11) | |
Text
FENOC' 5501 North State Route 2 Oak Harbor, Ohio 43449 FirstEnergy Nuclear Operating Company Mark B. Bezilla 419-321-7676 Vice President, Nuclear August 1, 2017 L-17-203 10 CFR 73.22 ATIN: Document Control Desk U.S. Nuclear Regulatory Commission Washington, DC 20555-0001
SUBJECT:
Davis-Besse Nuclear Power Station, Unit No. 1 Docket No. 50-346, License Number NPF-3 Use of Encryption Software for Electronic Transmission of Safeguards Information Pursuant to the requirements of 10 CFR 73.22(f)(3) and the guidance provided in NRC Regulatory Issue Summary 2002-15, Revision 1, "NRC Approval of Commercial Data Encryption Systems for the Electronic Transmission of Safeguards Information," dated January 26, 2006, the FirstEnergy Nuclear Operating Company (FENOC) requests approval to process and transmit Safeguards Information (SGI) at the Davis-Besse Nuclear Power Station (DBNPS) using Symantec Endpoint Encryption version 11.1.2, or the latest validated version. This version of encryption product was developed with PGP Cryptographic Engine Software Version 4.3 and complies with Federal Information Processing Standard (FIPS) 140-2 as validated by the National Institute of Standards and Technology (NIST) Consolidated Certificate No. 0053 (Enclosure).
An information protection system for SGI that meets the requirements of 10 CFR 73.22 has been established and is being maintained. Written procedures are in place which describe: access controls; where and when encrypted communications can be made; how encryption keys, codes, and passwords will be protected from compromise; actions to be taken if the encryption keys, codes or passwords are, or are suspected to have been compromised; and how the identity and, access authorization of the recipient will be verified.
FENOC intends to exchange SGI with the NRC, the Nuclear Energy Institute (NEI), and other SGI holders who have received NRC approval to use PGP software. Processing SGI on electronic systems is performed in accordance with the provisions of 10 CFR 73.22(g). The DBNPS will maintain a single (one) public key named with the following syntax:
LastName FirstName SiteName.asc.
Mr. Adam A. Webert, Supervisor - Nuclear Security Support, is responsible for the overall implementation of the SGI encryption program at the DBNPS.
. Davis-Besse Nuclear Power Station, Unit No. 1 L-17-203 Page2 There are no regulatory commitments contained in this letter. If there are any questions or if additional information is required, please contact Mr. Patrick J. McCloskey, Manager- Regulatory Compliance, at (419) 321-7274.
Sincerely, t?JU6t?.//
Mark B. Bezm{"V
Enclosure:
FIPS 140-2 Consolidated Certificate No. 0053 cc: NRC Region Ill Administrator NRC Resident Inspector NRC Project Manager
Enclosure L-17-203 FIPS 140-2 Consolidated Certificate No. 0053 8 pages follow
FIPS 140-2 Consolidated Validation Certificate
............ + *
..*"~ ,...............
+ ..... .....
- - 6 ...
j The National Institute of Standards The Communications Security and Technology of the United States Establishment of the Government of America of Canada Consolidated Certificate No. 0053 The National Institute of Standards and Technology, as the United States FIPS 140-2 Cryptographic Module Validation Authority; and the Communications Security Establishment Canada, as the Canadian FIPS 140-2 Cryptographic Module Validation Authority; hereby validate the FIPS 140-2 testing results of the cryptographic modules listed below in accordance with the Derived Test Requirements for FIPS 140-2, Security Requirements for Cryptographic Modules. FIPS 140-2 specifies the security requirements that are to be satisfied by a cryptographic module utilized within a security system protecting Sensitive Information (Vnited States) or Protected Information (Canada) within computer and telecommunications systems (including voice systems).
Products which use a cryptographic module identified below may be labeled as complying with the requirements of FIPS 140-2 so long as the product, throughout its life-cycle, continues to use the validated version of the cryptographic module as specified in this consolidated certificate.
The validation report contains additional details concerning test results. No reliability test has been performed and no warranty of the products by both agencies is either expressed or implied.
FIPS 140-2 provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range and potential applications and environments in which cryptographic modules may be employed. The security requirements cover eleven areas related to the secure design and implementation of a cryptographic module.
The scope of conformance achieved by the cryptographic modules as tested are identified and listed on the Cryptographic Module Validation Program website. The website listing is the official list of validated cryptographic modules. Each validation entry corresponds to a uniquely assigned certificate number. Associated with each certificate number is the module name(s), module versioning information, applicable caveats, module type, date of initial validation and applicable revisions, OveraD Level, individual Levels if different than the Overall Level, FIPS-approved and other algorithms, vendor contact information, a vendor provided description and the accredited Cryptographic Module Testing laboratory which performed the testing.
Chief, Computer Security Division Director, Architecture and Technology Assurance National Institute of Standards and Technology Communications Security Establishment Canada Page 1 of8 6/1/2015
htt(2://csrc. nist.gov/grou(2s/STM/cmv(2/documents/140-1 /140val-all. htm Certificate Validation I Module Name(s) Vendor Name Version Information Number Posting Date 2356 05/19/2015 Kernel Mode Cryptographic Microsoft Corporation Software Versions: 6.3.9600 and Primitives Library (cng.sys) in 6.3.9600.17042 Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series 2365 5/4/2015 Cisco Systems 5508 Wireless LAN Cisco Systems, Inc. Hardware Version: 5508 with 5508 Controller FIPS kit (AIR-CT5508FIPSKIT=)
and CN56XX; Firmware Version:
8.0 with SNMP Stack v15.3, OPENSSL-0.9.8g-8.0.0, QUICKSEC-2.0-8.0 and FP-CRYPT0-7.0.0 2366 5/4/2015 FortiGate-60C/600/80C and Fortinet, Inc. Hardware Versions: C40M93 [1],
FortiWiFi-60C/600 C1AB28 [2], C4BC61 [3], C40M95
[4], and C1AB32 [5] with Tamper Evident Seal Kits: Fl PS-SEAL-BLUE [3] or FIPS-SEAL~REO
[1,2,4,5]; Firmware Version: 5.0, build0305, 141216 2367 5/4/2015 FortiGate-1000, FortiGate-200B, Fortinet, Inc. Hardware Versions: C4LL40 [1],
FortiGate-2000, FortiGate-300C, C4C024 [2], C4KV72 [3], C4HY50 FortiGate-600C and FortiGate-800C [4], C4HZ51 [5] and C4LH81 [6] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [2] or FIPS-SEAL-REO
[1,3,4,5,6]; Firmware Version: 5.0, build0305, 141216 2368 5/4/2015 FortiGate-1000C, FortiGate-1240B, Fortinet, Inc. Hardware Versions: C4HR40 [1],
FortiGate-31408 and FortiGate- C4CN43 [2], C4XC55 [3] and 3240C C4KC75 [4] with Tamper Evident Seal Kits: FIPS-SEAL-REO [1,3,4]
or FIPS-SEAL-BLUE [2]; Firmware Version: FortiOS 5.0, build0305, 141216 Page 2 of 8 6/1/2015
htt1r//csrc.nist.gov/grou12s/STM/cmv12/documents/140-1/140val-all.htm Certificate Validation I Module Name(s) Vendor Name Version Information Number Posting Date 2369 5/4/2015 FortiGate-1500D and 3700D Fortinet, Inc. Hardware Versions: C1AA64 [1] and C1AA92 [2] with Tamper Evident Seal Kits: FIPS-SEAL-RED [1,2];
Firmware Version: FortiOS 5.0, build0305, 141216 2370 5/4/2015 FortiOS' 5.0 Fortinet, Inc. Firmware Version: 5.0, build0305, 141216 2371 5/4/2015 FortiGate-3600C and FortiGate- Fortinet, Inc. Hardware Versions: C4MH12, 3950B [C4DE23 with P06698-02] with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Version:
FortiOS 5.0, build0305,141216 2372 05/05/2015 FortiGate-5140B Chassis with Fortinet, Inc. Hardware Version: Chassis:
FortiGate/FortiSwitch 5000 Series P09297-01; Blades: P4CJ36-04, Blades P4EV74, C4LG17 and P4EX84; AMC Component: P4FC12; Air Filter: PN P10938-01; Front Filler Panel: PN P10945-01: ten; Rear Filler Panel: PN P10946-01:
fourteen; Tamper Evident Seal Kit:
FIPS-SEAL-RED; Firmware Version: FortiOS 5.0, build0305, 141216 2373 05/05/2015 Neopost Postal Security Device Neopost Technologies, S.A. Hardware Version: A0014227-B; (PSD) Firmware Version: a30.00; P/N:
A0038091-A 2374 05/08/2015 Avaya WLAN 9100 Access Points Avaya Inc. Hardware Versions: P/Ns WA0912200-E6GS [1],
WAP913200-E6GS [2],
WAP913300-E6GS [2],
WAP917300-E6GS [2]; Enclosure (Form Factor): WA0912200-E6GS
[1], WAB910003-E6 [2]; SKU WLB910001-E6; Firmware Version:
AOS-7.1 2375 05/20/2015 HP P-Class Smart Array RAID Hewlett-Packard Development Hardware Versions: P230i, P430, Controllers Company, LP. P431, P731 m, P830, and P830i; Firmware Version: 1.66 Page 3 of 8 6/1/2015
http://csrc.nist.gov/g roups/STM/cmvp/documents/140-1 /140val-all. htm Certificate Validation I Module Name(s) Vendor Name Version Information Number Posting Date 2376 05/21/2015 Aegis Secure Key 3.0 Apricorn Inc. Hardware Version: RevD; Firmware Cryptographic Module Version: 6.5 2377 5/21/2015 Symantec PGP Cryptographic Symantec Corporation Software Version: 4.3 Engine 2379 05/21/2015 Ciena 6500 Packet-Optical Ciena Corporation Hardware Version: 1.0; Firmware Platform 4x1 OG Version: 1.10 2380 05/21/2015 Samsung UFS (Universal Flash Samsung Electronics Co., Ltd. Hardware Versions: KLUAG2G180-Storage) Shark SEO 8082, KLU8G4G180-8081, KLUCGBG180-8081; Firmware Version: 0102 Page 4 of 8 6/1/2015
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1 /140val-all. htm Certificate Validation I Module Name(s) Vendor Name Version Information Number Posting Date 2381 05/21/2015 Brocade MLXe, Brocade Brocade Communications Hardware Versions: {[BR-MLXE Netlron CER 2000 Ethernet Systems, Inc. MR-M-AC (P/N: 80-1006853-01),
Routers and Brocade CES 2000 BR-MLXE-4-MR-M-DC (P/N: 80-Routers and Switches 1006854-01 ), BR-MLXE-8-MR-M-AC (P/N: 80-1004809-04), BR-MLXE-8-MR-M-DC (P/N: 80-1004811-04), BR-MLXE-16-MR-M-AC (P/N: 80-1006820-02), BR-MLXE-16-MR-M-DC (P/N: 80-1006822-02), BR-MLXE-4-MR2-M-AC (P/N: 80-1006870-01), BR-MLXE-4-MR2-M-DC (P/N: 80-1006872-01 ), BR-MLXE-8-MR2-M-AC (P/N: 80-1007225-01), BR-MLXE-8-MR2-M-DC (P/N: 80-1007226-01 ), BR-MLXE-16-MR2-M-AC (P/N: 80-1006827-02), BR-MLXE-16-MR2-M-DC (P/N: 80-1006828-02)] with Component P/Ns 80-1006778-01, 80-1005643-01, 80-1003891-02, 80-1002983-01,80-1003971-01,80-1003972-01, 80-1003811-02, 80-1002756-03, 80-1004114-01,80-1004113-01,80-1004112-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01, Nl-CER-2048F-ADVPREM-AC (P/N: 80-1003769-07), Nl-CER-2048F-ADVPREM-DC (P/N: 80-1003770-08), Nl-CER-2048FX-ADVPREM-AC (P/N: 80-1003771-07), Nl-CER-2048FX-ADVPREM-DC (P/N: 80-1003772-08), Nl-CER-2024F-ADVPREM-AC (P/N: 80-1006902-02), Nl-CER-2024F-ADVPREM-DC (P/N: 80-1006904-02), Nl-CER-2024C-ADVPREM-AC (P/N: 80-1007032-02), Nl-CER-2024C-ADVPREM-DC (PIN: 80-1007034-02), Nl-CER-2048C-ADVPREM-AC (P/N: 80-Page 5 of 8 61112015
httg://csrc.nist.gov/grouQs/STM/cmvg/documents/140-1/140val-all.htm Certificate Validation I Module Name(s) Vendor Name Version Information Number Posting Date 1007039-02), Nl-CER-2048C-ADVPREM-DC (P/N: 80-1007040-02), Nl-CER-2048CX-ADVPREM-AC (P/N: 80-1007041-02), Nl-CER-2048CX-ADVPREM-DC (P/N: 80-1007042-02), BR-CER-2024F-4X-RT-DC (P/N: 80-1007212-01), BR-CER-2024C-4X-RT-DC (P/N: 80-1007213-01 ), BR-CER-2024F-4X-RT-AC (P/N: 80-1006529-01), BR-CER-2024C-4X-RT-AC (P/N: 80-1006530-01 ), Nl-CER-2024C-2X10G (P/N: 80-1003719-03), BR-CES-2024C-4X-AC (P/N: 80-1000077-01 ), BR-CES-2024C-4X-DC (P/N: 80-1007215-01), BR-CES-2024F-4X-AC (PIN: 80-1000037-01 }, BR-CES-2024F-4X-DC (P/N:
80-1007214-01), RPS9 (P/N: 80-1003868-01) and RPS9DC (P/N: 80-1003869-02)} with FIPS Kit XBR-000195; Firmware Version: Multi-Service Ironware R05.7.00 2382 05/21/2015 HGST Ultrastar 7K6000 TCG HGST, Inc. Hardware Versions: P/Ns Enterprise HDDs HUS726060AL5215 (0001);
HUS726060AL4215 (0001 );
HUS726050AL5215 (0001);
HUS726050AL4215 (0001);
HUS726040AL5215 (0001);
HUS726040AL4215 (0001);
HUS726030AL5215 (0001);
HUS726030AL4215 (0001);
HUS726020AL5215 (0001);
HUS726020AL4215 (0001);
Firmware Version: R519 2383 05/21/2015 HP Virtual Connect 16Gb 24-Port Hewlett-Packard Company Hardware Version: 40-1000779-08 FC Module Rev C (80-1007799-04); Firmware Version: VC 4.40 Page 6 of 8 6/1/2015
htt12://csrc. nist.gov/grou12s/STM/cmv12/documents/140-1 /140val-all. htm Certificate Validation I Module Name(s) Vendor Name Version Information Number Posting Date 2384 05/21/2015 Brocade DCX, DCX 8510-8, DCX- Brocade Communications Hardware Versions: {[DCX 4S and DCX 8510-4 Backbones, Systems, Inc. Backbone (P/Ns 80-1001064-10, 80-6510 FC Switch, 6520 FC Switch 1006751-01, 80-1004920-04 and 80-
-and 7800 Extension Switch 1006752-01 ), DCX-4S Backbone (P/Ns 80-1002071-10, 80-1006773-01, 80-1002066-1 O and 80-1006772-01 ), DCX 8510-4 Backbone (P/Ns 80-1004697-04, 80-1006963-01, 80-1005158-04 and 80-1006964-01),
DCX 8510-8 Backbone (P/Ns 80-1004917-04 and 80-1007025-01 )]
with Blades (P/Ns 80-1001070-07, 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1006771-01, 80-1001071-02, 80-1006750-01, 80-1005166-02, 80-
,j005187-02, 80-1001066-01, 80-1006936-01, 80-1001067-01, 80-1006779-01, 80-1001453-01, 80-1006823-01, 80-1003887-01, 80-1007000-01, 80-1002839-03, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05),
6510 FC Switch (P/Ns 80-1005232-03, 80-1005267-03, 80-1005268-03, 80-1005269-03, 80-1005271-03 and 80-1005272-03), 6520 FC Switch (P/Ns 80-1007245-03, 80-1007246-03, 80-1007242-03, 80-1007244-03, 80-1007257-03), 7800 Extension Switch (P/Ns 80-1002607-07, 80-1006977-02, 80-1002608-07, 80-1006980-02, 80-1002609-07 and 80-1006979-02)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.2.1 (P/N 63-1001421-01) 2385 05/22/2015 µMACE Motorola Solutions, Inc. Hardware Version: P/N AT58Z04; Firmware Version: R01.07.01 Page 7 of 8 6/1/2015
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1 /140val-all. htm Certificate Validation I Module Name(s) Vendor Name Version Information Number Posting Date 2386 05/22/2015 Hitachi Virtual Storage Platform Hitachi, Ltd. Hardware Version: R800L 1; (VSP) Encryption Engine Firmware Version: 02.09.28.00 and 02.09.32.00 2387 05/22/2015 HP XP7 Encryption Ready Disk Hewlett-Packard Company Hardware Version: R800L 1; Adapter (eDKA) Level1 Firmware Version: 02.09.28.00 and 02.09.32.00 2388 05/28/2015 IOS Common Cryptographic Cisco System, Inc. Firmware Version: Rel 5 Module (IC2M) Rel5 Page 8 of 8 6/1/2015