ML17354A630
| ML17354A630 | |
| Person / Time | |
|---|---|
| Site: | Palisades, Indian Point, Grand Gulf, Pilgrim, Arkansas Nuclear, River Bend, Vermont Yankee, Waterford, Big Rock Point, FitzPatrick  |
| Issue date: | 01/22/2018 |
| From: | O'Banion M Plant Licensing Branch IV |
| To: | Jury K Entergy Services |
| O'Banion D, NRR/DORL/LPLIV | |
| References | |
| EPID L-2017-LRO-0058 | |
| Download: ML17354A630 (3) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 January 22, 2018 Mr. Keith Jury Vice President, Regulatory Assurance Entergy Services, Inc.
1340 Echelon Parkway M-ECH-62 Jackson, MS 39213
SUBJECT:
ARKANSAS NUCLEAR ONE, UNITS 1 AND 2; GRAND GULF NUCLEAR STATION, UNIT 1; INDIAN POINT NUCLEAR GENERATING, UNITS 1, 2,
Dear Mr. Jury:
AND 3; PALISADES NUCLEAR PLANT; PILGRIM NUCLEAR POWER STATION; RIVER BEND STATION, UNIT 1; VERMONT YANKEE NUCLEAR POWER STATION; AND WATERFORD STEAM ELECTRIC STATION, UNIT 3 -
USE OF ENCRYPTION SOFTWARE FOR ELECTRONIC TRANSMISSION OF SAFEGUARDS INFORMATION (EPID L-2017-LR0-0058)
By letter dated November 9, 2017 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML173138223), Entergy Nuclear Operations, Inc. and Entergy Operations, Inc. (the licensee, Entergy) requested that the U.S. Nuclear Regulatory Commission (NRC) approve the use of Symantec Endpoint Encryption by PGP Technology, 11.1, or the latest validated version, to process and transmit safeguards information (SGI) at Arkansas Nuclear One, Units 1 and 2; Grand Gulf Nuclear Station, Unit 1; Indian Point Nuclear Generating, Units 1, 2, and 3; Palisades Nuclear Plant; Pilgrim Nuclear Power Station; River Bend Station, Unit 1; Vermont Yankee Nuclear Power Station; and Waterford Steam Electric Station, Unit 3. This request was made pursuant to paragraph 73.22(f)(3), "External transmission of documents and material," of Title 10 of the Code of Federal Regulations (10CFR).
The regulations in 10 CFR 73.22(f)(3) describe requirements for the transmission of SGI outside an authorized place of use or storage. The regulations in 10 CFR 73.22(f)(3) state, in part:
Except under emergency or extraordinary conditions, Safeguards Information shall be transmitted outside an authorized place of use or storage only by NRC approved secure electronic devices, such as facsimiles or telephone devices, provided that transmitters and receivers implement processes that will provide high assurance that Safeguards Information is protected before and after the transmission or electronic mail through the internet, provided that the information is encrypted by a method (Federal Information Processing Standard [FIPS] 140-2 or later) approved by the appropriate NRC Office; the information is produced by a self contained secure automatic data process system; and transmitters and receivers implement the information handling processes that will provide high assurance that Safeguards Information is protected before and after transmission.
Guidance to licensees on the electronic transmission of SGI is provided in NRC Regulatory Issue Summary {RIS) 2002-15, Revision 1, "NRC Approval of Commercial Data Encryption Products for the Electronic Transmission of Safeguards Information," dated January 26, 2006 (ADAMS Accession No. ML050460031 ).
As stated in Entergy's letter, Symantec Endpoint Encryption by PGP Technology, 11.1, was developed with PGP Cryptographic Engine Software, Version 4.3, and complies with FIPS 140-2 requirements, as validated by the National Institute of Standards and Technology (NIST) Consolidated Certificate No. 0053. A copy of the certificate was enclosed with Entergy's letter.
The NRC approves only those cryptographic algorithms approved by NIST. Based on the NIST validation that the encryption software complies with FIPS 140-2, the NRC staff determines that the use of Symantec Endpoint Encryption, Version 11.1, is acceptable to use for electronic transmission of SGI in accordance with 10 CFR 73.22(f)(3). As described in RIS 2002-15, newer versions of encryption software may be used without prior NRC approval, provided that it is documented that the newer version uses the same cryptographic module as the current version. Therefore, in accordance with 10 CFR 73.22{f)(3), the staff approves the use of Symantec Endpoint Encryption, Version 11.1 at Arkansas Nuclear One, Units 1 and 2; Grand Gulf Nuclear Station, Unit 1; Indian Point Nuclear Generating, Units 1, 2, and 3; Palisades Nuclear Plant; Pilgrim Nuclear Power Station; River Bend Station, Unit 1; Vermont Yankee Nuclear Power Station; and Waterford Steam Electric Station, Unit 3. If NIST no longer approves certain cryptographic algorithms, the NRC also does not approve use of that cryptographic algorithm.
If you have any questions, please call me at 301-415-1233 or via e-mail at Margaret. O'Banion@nrc.gov.
Docket No. 50-313, 50-368, 50-416,50-003, 50-247, 50-286, 50-255, 50-293, 50-458, 50-271, and 50-382 cc: Listserv Sincerely,
,* m(ffe;#Wv Margaret W. O'Banion, Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation
ML17354A630 OFFICE NRR/DORL/LPL4/PM NAME MO'Banion (LJK for)
DATE 12/22/2017 OFFICE OGC-NLO NAME AWase DATE 01/16/2018 RidsNrrPMGrandGulf Resource RidsNrrPMRiverBend Resource RidsNrrPMWaterford Resource RidsNmssDuwpRdb Resource RidsRgn1 MailCenter Resource RidsRgn3MailCenter Resource RidsRgn4MailCenter Resource JParrott, NMSS KConway, NMSS DParsons, NSIR RNorman, NSIR
- via e-mail NRR/DORL/LPL4/LA NSI R/DSO/ISB/BC*
PBlechman DParsons 12/21/2017 01/03/2018 NRR/DORL/LPL4/BC NRR/DORL/LPL4/PM RPascarelli MO'Banion 01/18/2018 01/22/2018