ML18018B146

From kanterella
Jump to navigation Jump to search
OMB 3150-0002, Draft Supporting Statement for 10 CFR Part 73, Physical Protection of Plants and Materials, Information Collection Renewal
ML18018B146
Person / Time
Issue date: 03/22/2018
From: Rebecca Stone
NRC/NSIR/DPCP
To:
Shared Package
ML18018B144 List:
References
OMB 3150-0002
Download: ML18018B146 (34)


Text

DRAFT SUPPORTING STATEMENT FOR 10 CFR PART 73 PHYSICAL PROTECTION OF PLANTS AND MATERIALS (3150-0002)

EXTENSION Description of the Information Collection The U.S. Nuclear Regulatory Commission (NRC) regulations in 10 CFR Part 73 prescribe requirements for the establishment and maintenance of a system for physical protection of special nuclear material (SNM) at fixed sites, SNM in transit and of plants in which SNM is utilized. Part 73 contains reporting and recordkeeping requirements which are necessary to help ensure that an adequate level of protection is provided for nuclear facilities and nuclear material, such as:

  • Development and maintenance of security documents, including a physical security plan, training and qualification plan, safeguards contingency plan, cyber security plan, and security implementing procedures;
  • Notifications to the NRC regarding safeguards and cyber security events;
  • Notifications to state governors and tribes of shipments of irradiated reactor fuel;
  • Requirements for conducting criminal history records checks of individuals granted unescorted access to a nuclear power facility, a non-power reactor, or access to Safeguards Information.

A. Justification

1. Need for and Practical Utility of the Information The regulations are issued pursuant to the Atomic Energy Act of 1954, as amended, and Title II of the Energy Reorganization Act of 1974, as amended. In general, the reports and records are necessary for one or more of the following reasons:
  • Information describing the content and planned operation of the licensee's physical protection system (e.g., Cyber Security Plan, Security Plan, Contingency Plan, or Training and Qualification Plan). This information is essential to enable the NRC to make a determination about the adequacy of the licensee's planned system in meeting regulatory requirements.

o For a Cyber Security Plan, this information includes descriptions of how a licensee protects computer and communication systems and networks against cyber attacks, up to and including the design basis threat in 73.1.

o For a Physical Security Plan, this includes the capabilities to detect, assess, interdict, and neutralize threats up to and including the design basis threat in 73.1.

o For a Safeguards Contingency Plan, this includes a description of how licensee personnel implement their physical protection program to defend against threats to their facility, up to and including the design basis threat 73.1.

o For a Training and Qualification Plan, this includes information on the criteria for the selection, training, equipping, testing, and qualification of individuals who will be responsible for protecting special nuclear materials, nuclear facilities, and 1

nuclear shipments.

access authorizations, equipment performance logs). This information is needed to permit the NRC to make a determination as to reasonable assurance that the physical protection system operates in accordance with the regulatory requirements.

  • Information notifying the NRC of the occurrence of and circumstances surrounding abnormal events (e.g., report of theft, sabotage, or overdue shipment). This information is needed to enable the NRC to fulfill its responsibilities to respond to, investigate, and correct situations which adversely affect public health and safety or the common defense and security.

Specific requirements in Part 73 are described at the end of this supporting statement in Description of Requirements.

2. Agency Use of the Information The information included in the applications, reports, and records is reviewed by the NRC staff to assess the adequacy of the applicant's physical plant, equipment, organization, training, experience, procedures, and plans for protection of public health and safety and the common defense and security. The NRC review and the findings form the basis for NRC licensing decisions related to special nuclear material.

The agency has developed a series of regulatory guides for materials and plant protections and provides guidance on how to meet the requirements above. They can be found at http://www.nrc.gov/reading-rm/doc-collections/reg-guides/protection/rg/. Additionally, staff has worked with industry to develop a mutually-agreed upon template (NEI 03-12) to help ensure consistency in in the submittal of the plans described above. The document is designated as safeguards information and, as such, is not publicly available. A list of applicable guidance documents can be found in a table at the end of this supporting statement.

3. Reduction of Burden Through Information Technology There are no legal obstacles to reducing the burden associated with this information collection. The NRC encourages respondents to use information technology when it would be beneficial to them.

The NRC has issued Guidance for Electronic Submissions to the NRC which provides direction for the electronic transmission and submittal of documents to the NRC. Electronic transmission and submittal of documents can be accomplished via the following avenues:

the Electronic Information Exchange (EIE) process, which is available from the NRC's Electronic Submittals Web page, by Optical Storage Media (OSM) (e.g. CD-ROM, DVD),

by facsimile or by e-mail. It is estimated that approximately 90% of the potential responses are filed electronically. Due to the classification level of some documents, licensees choose to submit some documents as a hard-copy.

However, all (100%) of fingerprint submissions from the 61 power reactor facilities and 4 decommissioning reactor facilities are submitted electronically. Other licensees continue to submit fingerprints through non-electronic means.

2

4. Effort to Identify Duplication and Use Similar Information Section 73.38(d) eliminates duplication by specifying that background investigations do not apply to Federal, State or local law enforcement personnel who are performing escort duties.

Section 73.38(g) eliminates duplication by specifying that individuals who have a valid unescorted access authorization pursuant to an NRC order or regulation within 5 years of the effective date of the SNF in transit final will not be required to have a new fingerprint-based FBI criminal history records check.

5. Effort to Reduce Small Business Burden It is possible for licensees who use special nuclear material be small businesses. Since the consequences to the common defense and security or to the health and safety of the public of inadequate safeguards for special nuclear material are the same for large and small entities, it is not possible to reduce the burden on small businesses by less frequent or less complete reports, records, plans, and procedures. The NRC staff estimates that none of the current licensees who use SNM and are subject to Part 73 information collection requirements are small businesses.
6. Consequences to Federal Program or Policy Activities if the Collection is Not Conducted or is Conducted Less Frequently If the information collection was not conducted or was conducted less frequently, the NRC would not be notified in time to provide rapid response and quick assistance in achieving timely resolution of safeguards events. Reports are submitted and evaluated as events occur. Applications for new licenses and amendments may be submitted at any time.

Information submitted in previous applications may be referenced without being resubmitted.

7. Circumstances Which Justify Variation from OMB Guidelines Certain sections of Part 73 vary from the OMB Guidelines by requiring that licensees submit reports to the NRC in less than 30 days. Sections 73.26, 73.27, 73.37, 73.67, and 73.71 require immediate notifications to response forces, NRC, and local law enforcement authorities, communications between convoys and movement control centers, and immediate notifications of consignees and shippers. These notification requirements are needed to permit response forces, NRC, law enforcement authorities, shippers, and consignees to confirm the integrity of shipments or to determine whether there has been a loss or diversion of special nuclear material and to initiate prompt action for recovery of such material.

Certain other sections of Part 73 vary from the OMB Guidelines by requiring that licensees retain records for more than 3 years. Various sections require retention of records for 5 years, or for extended periods such as duration of possession of the material, duration of employment, or 5 years after termination of access authorization.

These requirements are necessary to ensure that procedures for handling and safeguarding nuclear materials are available throughout the period in which the licensee possesses the material or operates the facility. Other records are required for inspection or for reconstruction of events in the event of a safeguards incident. Retention periods for all recordkeeping requirements are listed on the burden spreadsheet uploaded as a 3

supplementary document.

8. Consultations Outside the NRC Opportunity for public comment on the information collection requirements for this clearance package has been published in the Federal Register.
9. Payment or Gift to Respondents Not applicable.
10. Confidentiality of Information Confidential and proprietary information is protected in accordance with NRC regulations at 10 CFR 9.17(a) and 10 CFR 2.390(b).

Certain information designated as Safeguards Information is prohibited from public disclosure in accordance with the provisions of the Atomic Energy Act of 1954, as amended, Chapter 12, Section 147, or designated as classified National Security Information, in accordance with Executive Order 12958.

The NRC only collects the fingerprints, either on hardcopy cards or electronically.

The NRC digitizes fingerprints captured via card and passes the fingerprints electronically to the FBI. The FBI runs the fingerprints and provides the criminal history report to the NRC. The NRC then passes the report on to the licensee, but does not retain a copy of this report. The NRC practice is to destroy the fingerprint cards after approximately a month. The cards are destroyed in accordance with federal guidelines. The NRC system keeps a record of all the submissions, but can only produce a copy of that record for a year; after a year, NRC cannot print out a copy. NRC personnel in the Division of Facilities and Security (DFS) handle the fingerprint cards. These individuals are trained and know how to process and protect privacy information. This information collection is listed in the NRCs annual Republication of Privacy Act Systems of Records Notice under the heading of NRC-39, Personnel Security Files and Associated Records (81 FR 81320). The NRC does not disclose or share the information with anyone (except the initial submittal of fingerprints to the FBI and passing on the FBI report to the licensee).

11. Justification for Sensitive Questions Part 73 requires licensees to obtain criminal history records about individuals who are applying for or currently possess unescorted access to a nuclear power facility or a nonpower reactor. This sensitive information is necessary because the licensees need to determine whether the individual is qualified to gain and maintain unescorted access to the site. Reviewing officials use the sensitive information to evaluate an individuals trustworthiness and reliability. Licensees must inform any affected individual that the fingerprints will be used to secure a review of his/her criminal history record, and inform the individual of proper procedures for challenging or explaining the record. To protect this 4

sensitive information, each licensee must establish and maintain a system of files and procedures to protect the personal information.

Section 73.57(f)(2) requires licensees to protect information obtained from individual criminal history records:

The licensee may not disclose the record or personal information collected and maintained to persons other than the subject individual, his/her representative, or to those who have a need to have access to the information in performing assigned duties in the process of granting or denying unescorted access to the nuclear power facility, the nonpower reactor or access to Safeguards Information. No individual authorized to have access to the information may re-disseminate the information to any other individual who does not have a need to know.

12. Estimated Burden and Burden Hour Cost The estimated burden is based on the following respondents:
  • 3 Category I fuel facilities,
  • 4 Category II and III facilities,
  • 60 power reactor facilities,
  • 10 decommissioning reactor facilities,
  • 31 research and test reactors, and
  • 102 other entities who mark and handle Safeguards Information.

The estimated number of annual respondents is 210.

The overall estimated annual burden is 541,406 hours0.0047 days <br />0.113 hours <br />6.712963e-4 weeks <br />1.54483e-4 months <br /> at an estimated annual cost of

$412M (541,406 hrs x $263/hr). This includes 22,591 hours0.00684 days <br />0.164 hours <br />9.771825e-4 weeks <br />2.248755e-4 months <br /> for reporting; 42,963 hours0.0111 days <br />0.268 hours <br />0.00159 weeks <br />3.664215e-4 months <br /> for third-party notification; and 475,852 hours0.00986 days <br />0.237 hours <br />0.00141 weeks <br />3.24186e-4 months <br /> for recordkeeping. Detailed burden tables have been uploaded as a supplementary document (Excel spreadsheet).

Burden Summary Responses Hours Cost at $263/hr Reporting 40,819.3 22,591.1 $ 5,941,464 Recordkeeping 210.0 475,852.2 $125,149,136 Third Party Disclosure 136,957.2 42,963.0 $ 11,299,277 Total 177,986.5 541,406.4 $142,389,878 The $263 hourly rate used in the burden estimates is based on the Nuclear Regulatory Commissions fee for hourly rates as noted in 10 CFR 170.20 Average cost per professional staff-hour. For more information on the basis of this rate, see the Revision Of Fee Schedules; Fee Recovery For Fiscal Year 2017 (82 FR 30682; June 30, 2017).

13. Estimate of Other Additional Costs The NRC has determined that the records storage cost is roughly proportional to the recordkeeping burden cost. Based on a typical clearance, the records storage cost has been determined to be equal to .0004% of the recordkeeping burden cost. Therefore, the records storage cost for this clearance is estimated to be $50,141 (476,627 recordkeeping hours x $263 x .0004).

5

In addition, the cost to licensees for processing fingerprint cards is $10 per card. The total cost for processing fingerprint cards is $388,340 (38,834 cards x $10/card).

The total additional costs to licensees for recordkeeping and fingerprint card processing is

$438,481($50,141 + $388,340).

14. Estimated Annualized Cost to Federal Government The staff has developed estimates of annualized costs to the Federal Government related to the conduct of this collection of information. These estimates are based on staff experience and subject matter expertise and include the burden needed to review, analyze, and process the collected information and any relevant operational expenses. The estimated cost to the government for review of required reports and records is approximately $1,183,500 (4,500 hours0.00579 days <br />0.139 hours <br />8.267196e-4 weeks <br />1.9025e-4 months <br /> at $263/hr) and is based on the NRC fee rate.
15. Reason for Change in Burden or Cost The estimated burden has decreased from 551,995 hours0.0115 days <br />0.276 hours <br />0.00165 weeks <br />3.785975e-4 months <br /> to 542,103 hours0.00119 days <br />0.0286 hours <br />1.703042e-4 weeks <br />3.91915e-5 months <br />, for a total decrease of 9,892 hours0.0103 days <br />0.248 hours <br />0.00147 weeks <br />3.39406e-4 months <br />.

BURDEN CHANGE Current Burden in ROCIS 2018 Estimates Changes Hours Responses Hours Responses Hours Responses Reporting 21,394 30,793 22,591 40,819 1,197 10,026 Recordkeeping 495,159 581 475,852 210 (19,307) (371)

Third Party Disclosure 35,442 123,686 42,963 136,957 7,521 13,271 Total 551,995 155,060 541,406 177,986 (10,589) 22,926 Reasons for the change are as follows:

Removal of burden for completed requirements:

A number of one time requirements were contained in the Power Reactor Cyber Security Requirements, Final Rule (approved by OMB in October 2015). An estimated 8,103 hours0.00119 days <br />0.0286 hours <br />1.703042e-4 weeks <br />3.91915e-5 months <br /> of burden were reduced to the completion of one-time requirements associated with this rule.

In addition, 789 hours0.00913 days <br />0.219 hours <br />0.0013 weeks <br />3.002145e-4 months <br /> of burden associated with the RTR confirmatory action letter has been removed. CAL implementation plans were submitted for this CAL when the compensatory measures were first issued back in 2003 and 2005 and there are currently no ongoing submissions. Compensatory measures have been incorporated into the physical security plan. Burden for ongoing recordkeeping is captured under estimates to establish and maintain NRC-approved physical protection, training and qualification and safeguards contingency plans.

Change in the number of licensees:

The previous renewal listed 61 power reactor sites, 4 decommissioning reactor facilities, 6

and 20 category II and III facilities. The current totals are 60 power reactor sites, 10 decommissioning sites, and 4 category II and III facilities. As a result, the burden decreased.

The NRC staff corrected the total number of respondents to the Part 73 information collection. The previous submission included 200 state contacts; however, no Part 73 requirements apply to these entities. The total number of respondents was reduced from 581 to 210. This did not affect the overall burden because, although they were previously reported as respondents in the supporting statement, the 200 state contacts were not included in the previous burden tables.

Some requirements were identified as third-party disclosure requirements that were previously listed on the reporting and recordkeeping tables. For example, requirements to label documents as containing Safeguards Information were moved from the recordkeeping table to the third-party disclosure table. As a result, the burden on the reporting and recordkeeping tables decreased, while the burden on the third-party disclosure table increased. Overall, this did not affect the total burden for the Part 73 information collection; however, this greatly increased the number of responses. These requirements, when included on the recordkeeping table, did not add any additional recordkeeping responses (each recordkeeper is counted only once). When each disclosure is counted on the third-party disclosure table, the number of responses greatly increased. The number of third-party disclosures increased by 13,271 responses.

Finally, there is a change in cost because the hourly rate decreased from $272/hour to

$263/hour.

16. Publication for Statistical Use None.
17. Reasons for Not Displaying the Expiration Date The recordkeeping and reporting requirements for this information collection are associated with regulations and are not submitted on instruments such as forms or surveys. For this reason, there are no data instruments on which to display an OMB expiration date. Further, amending the regulatory text of the CFR to display information that, in an annual publication, could become obsolete would be unduly burdensome and too difficult to keep current.
18. Exceptions to the Certification Statement None.

B. COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS None.

7

DESCRIPTION OF INFORMATION COLLECTION REQUIREMENTS CONTAINED IN 10 CFR PART 73 PHYSICAL PROTECTION OF PLANTS AND MATERIALS (3150-0002)

Section 73.5 provides that the Commission may grant exemptions from the requirements of the regulations in Part 73 under specified conditions, upon the application of any interested person or on its own initiative. Applications under this section are examined by the NRC staff to determine whether the requested exemption is authorized by law and whether it will not endanger life or property or the common defense and security, and to determine if it is otherwise in the public interest.

Section 73.20(c) requires that each affected licensee establish, maintain, and follow NRC-approved safeguards physical protection and safeguards contingency plans that describe how the licensee will comply with the requirements of paragraphs (a) and (b) of this section. The required plans are used to review the adequacy of a licensee's intended security system for compliance and enforcement purposes.

Section 73.22(b) requires that each affected licensee make a trustworthiness and reliability determination based on a background check (or other means as approved by the Commission) for each individual seeking access to SGI, except for the categories of individuals enumerated in 10 CFR 73.59.

Section 73.22(d) requires that each document or other matter that contains Safeguards Information be marked to indicate the presence of such information in a conspicuous manner on the top and bottom of each page and that the first page of the document or other matter also contain the name, title, and organization of the individual authorized to make a Safeguards Information determination, and who has determined that the document or other matter contains Safeguards Information; the date the determination was made; and an indication that unauthorized disclosure will be subject to civil and criminal sanctions. Transmittal letters or memoranda to or from the NRC which do not in themselves contain Safeguards Information must be marked to indicate that attachments or enclosures contain Safeguards Information but that the transmittal does not. Transmittal documents or other media containing Safeguards Information must include the name and title of the certifying official and the date it was designated as SGI. Portion marking is required for correspondence to and from the NRC (i.e.,

cover letters, but not attachments) that contains Safeguards Information. The portion marking must be sufficient to allow the recipient to identify and distinguish those sections of the transmittal document or other information containing the Safeguards Information from non-Safeguards Information. Documents or other matter containing or transmitting Safeguards Information, at a minimum, must include the words Safeguards Information to ensure identification of protected information for the protection of facilities and material covered by Section 73.22.

Section 73.22(f) requires that when documents or other matter containing Safeguards Information are transmitted outside an authorized place of use or storage, they must be packaged in two sealed envelopes or wrappers to preclude disclosure of the presence of Safeguards Information. The inner envelope or wrapper must contain the name and address of the intended recipient and be marked on both sides, top and bottom, with the words ASafeguards Information. The outer envelope or wrapper must be opaque, addressed to the intended recipient, contain the address of the sender, and may not bear any markings or indication that the document or other matter contains Safeguards Information.

Section 73.23(b) requires that a trustworthiness and reliability determination based on a background 8

check (or other means as approved by the Commission) be made for each individual seeking access to Safeguards Information designated as SGI-M, except for the categories of individuals enumerated in 73.59, Relief from fingerprinting, identification and criminal history records checks and background checks for designated categories of individuals.

Section 73.23(d) requires that a document or other matter containing Safeguards Information designated as SGI-M be marked in a conspicuous manner on the top and bottom of each page to indicate the presence of Safeguards Information designated as SGI-M. In addition, the first page of Safeguards Information designated as SGI-M documents must include the name, title, and organization of the individual authorized to make a Safeguards Information designated as SGI-M determination, and who has determined that the document contains Safeguards Information designated as SGI-M; the date the determination was made; and an indication that unauthorized disclosure will be subject to civil and criminal sanctions. Transmittal letters or memoranda to or from the NRC that do not contain Safeguards Information designated as SGI-M must be marked to indicate that attachments or enclosures contain Safeguards Information designated as SGI-M but that the transmittal document does not. Transmittal documents forwarding Safeguards Information designated as SGI-M must alert the recipient that Safeguards Information designated as SGI-M is enclosed. Certification that a document or other matter contains Safeguards Information designated as SGI-M must include the name and title of the certifying official and the date designated. Portion marking showing which portions of the document contain Safeguards Information designated as SGI-M and which do not is required for transmittal documents to and from the NRC. The marking of documents containing or transmitting Safeguards Information designated as SGI-M must, at a minimum, include the words ASafeguards Information-- Modified Handling.

Section 73.23(f) requires that documents or other matter containing Safeguards Information designated as SGI-M transmitted outside an authorized place of use or storage, the Safeguards Information designated as SGI-M be packaged in two sealed envelopes or wrappers. The inner envelope or wrapper must contain the name and address of the intended recipient and be marked on both sides, top and bottom, with the words ASafeguards Information--Modified Handling. The outer envelope or wrapper must be opaque, addressed to the intended recipient, must include the address of the sender, and must not bear any markings or indication that the document contains Safeguards Information designated as SGI-M.

Section 73.24(b)(1) requires that licensees maintain a log of the arrival at the final destination of each shipment. The record is necessary to ensure that there are not two or more shipments of SNM in transit at the same time which together would constitute a formula quantity, and to ensure verification of the arrival of the shipment.

Section 73.25(b) requires procedures in support of the physical protections system and plan required by Section 73.20. The information collection associated with this requirement is contained in Section 73.20.

Section 73.25(c) requires procedures in support of the physical protections system and plan required by Section 73.20. The information collection associated with this requirement is contained in Section 73.20.

Section 73.25(d) requires procedures in support of the physical protections system and plan required by Section 73.20. The information collection associated with this requirement is contained in Section 73.20.

Section 73.26(b)(3) requires that, prior to each shipment, licensees provide information to NRC concerning the identity of the shipper, consignee, carriers, transfer points, modes of shipment, and security arrangements for the shipment. The information is needed to permit NRC to ensure that 9

adequate measures will be taken to protect the material in transit.

Section 73.26(c) describes the records retention schedule for records associated with sections 73.25, 73.26, and 73.27. This requirement is not an information collection but provides added detail to information collections listed elsewhere in this part. Any burden associated with records retention is recorded under the information collection containing the recordkeeping requirement.

Section 73.26(d)(3) requires that licensees maintain a written management system to provide for the development, revision, implementation, and enforcement of transportation physical protection procedures. The information collection associated with this requirement is contained in Section 73.20(c).

Section 73.26(d)(4) requires that licensees maintain documentation of qualification and re-qualification of members of the security organization. The record of initial qualification must be maintained for the term of employment and the record of re-qualification must be retained for three years. The information is reviewed by NRC inspectors to ensure that security organization members are properly qualified in accordance with the site training and qualification plan and implementing procedures.

Section 73.26(e)(1) references the requirement for a written contingency plan. The contingency plan is required by Section 73.20. The information collection associated with this requirement is contained in Section 73.20.

Section 73.26(e)(2) requires that upon detection of abnormal presence or activity of persons or vehicles attempting to penetrate a moving convoy or persons attempting to gain access to a parked cargo vehicle or upon evidence or indication of penetration of the cargo vehicle, the armed escorts or other personnel inform local law enforcement agencies of the threat and request assistance.

Section 73.26(f)(2) requires licensees to (1) call remote location at least every 30 minutes to report status of shipment; (2) if call is not received, licensee commander shall request assistance from local law enforcement agencies and notify shipment movement control center and initiate appropriate contingency plan; (3) upon departure from transfer point, escorts shall notify the licensee of the latest status immediately thereafter departure. Calling the remote location every 30 minutes is a part of the security staffs normal duties and is not reported as part of the burden.

Section 73.26(g)(1) requires a numbered picture badge identification procedure to be used to identify all individuals who will have custody of a shipment of nuclear material. All security officers assigned to duties involving shipments of nuclear material are required as a normal part of their duties to wear numbered picture badges and as such this is not reported as part of the burden; thus, the information collection is for the procedure only.

Section 73.26(h)(5) requires procedures in support of the physical protections system and plan required by Section 73.20. The information collection associated with this requirement is contained in Section 73.20.

Section 73.26(h)(6) requires that licensees document the results of an annual audit of the transportation security program, along with recommendations for improvements, and that the documentation be retained as a record for 3 years. The records are reviewed by the NRC inspectors to ensure that the effectiveness of the physical security system is evaluated by licensee personnel independent of security management and supervision.

Section 73.26(i)(1) requires that licensees prepare a detailed route plan showing the routes to be taken, refueling and rest stops, and call-in times to the movement control center. This document is used to plan the movement of the shipment so that it is made on primary highways with minimum use of 10

secondary roads, and to ensure that adequate measures for support and communications are available to protect the shipment.

Section 73.26(i)(5) requires the establishment of procedures in support of the physical protections system. The information collection associated with this requirement is contained in Section 73.20.

Sections 73.26(i)(6) requires that calls to the movement control center be made at least every half hour to convey the status and position of the shipment and that, in the event that no communication is received from the shipment or escort personnel at a designated call-in time, the licensee must notify law enforcement authorities and the NRC immediately and initiate appropriate contingency plans. This notification is necessary so that the NRC can ensure that timely response or investigation actions may be undertaken. Calling the remote location every 30 minutes is a part of the security staffs normal duties and is not reported as part of the burden.

Section 73.26(j)(6) requires the establishment of procedures in support of the physical protections system. The information collection associated with this requirement is contained in Section 73.20.

Section 73.26(k)(2) requires the establishment of procedures in support of the physical protections system. The information collection associated with this requirement is contained in Section 73.20.

Section 73.26(k)(4) requires that, in the event that no communication is received from the shipment or escort personnel at a designated call-in time, the licensee must notify law enforcement authorities and the NRC immediately and initiate appropriate contingency plans. This notification is necessary so that the NRC can ensure that timely response or investigation actions may be undertaken. The information collection associated with this requirement is captured under Section 73.26(i)(6) as the requirement is the same, only transportation type varies.

Section 73.27(a)(1) requires that a licensee who delivers formula quantities of SSNM to a carrier for transport must immediately notify the consignee by telephone, telegraph, or teletype, of the time of departure of the shipment and method of transportation, including names of carriers, and the estimated time of arrival at destination. This information is needed to ensure that the consignee is aware that the shipment is en route so the consignee can carry out the safeguards transportation protection plan.

Section 73.27(a)(2) requires that, in the case of a free on board shipment, the licensee shipper must obtain written certification from the consignee who is to take delivery at the f.o.b. point that the required physical protection arrangements have been made. This information is needed to ensure that the safeguards transportation protection plan will be carried out.

Section 73.27(a)(3) requires that a shipper make arrangements to obtain immediate notification from the consignee of the arrival of a shipment at its destination or of any shipment that is lost or unaccounted for after the estimated time of arrival at its destination. This information is required so that the licensee can promptly notify the NRC of any missing material so that a trace investigation may be initiated.

Section 73.27(b) requires a licensee who receives a shipment of formula quantities of SSNM to immediately notify the shipper and the NRC of the arrival of the shipment at its destination, or of the failure of a shipment to arrive at its destination at the estimated time. In the latter event, the shipper must also notify the NRC of the actions being taken to trace the shipment. This information is needed to ensure that accountability is maintained for SSNM in transit, so that appropriate measures may be taken to initiate a trace and undertake recovery action if necessary.

Section 73.27(c) requires that in the case of a lost or unaccounted for shipment, the licensee who made the physical protection arrangements must conduct a trace investigation and file with the NRC a report 11

of the investigation as specified in Section 73.71. This information is needed to permit the NRC to determine whether all appropriate measures have been taken to trace and recover the material. The information collection associated with this requirement is contained in Section 73.71.

Section 73.37(a) requires licensees to provide notification to the appropriate response forces of any spent fuel shipment sabotage attempts as part of the physical protections system and plan required by Section 73.20. The information collection associated with this requirement is contained in Section 73.20.

Section 73.37(b)(1)(ii) requires that licensees preplan and coordinate spent nuclear fuel shipments. The information collection associated with this requirement is contained in Section 73.72.

Section 73.37(b)(1)(iv) requires licensees to preplan and coordinate SNF with the governor of a State, or the governor's designee, of a shipment of SNF through, or across their boundary.

Section 73.37(b)(1)(vi) requires licensees to preplan and coordinate with the NRC to obtain advance approval of the routes used for road and rail shipments of SNF, and of any U.S. ports where vessels carrying spent fuel shipments are scheduled to stop.

Section 73.37(b)(2) requires that licensees provide for notification of the NRC in advance of each shipment of spent nuclear fuel. The notification requirements are found in Section 73.72. The information collection associated with this requirement is contained in Section 73.72.

Section 73.37(b)(2)(i-iii) requires licensees to notify State(s) prior to the shipment of SNF within or through a State. In addition, requires licensees to notify the Tribal official or Tribal officials designee of each participating Tribe referenced in 10 CFR 71.97(c)(3) prior to the transport of spent fuel within or across the Tribal reservation. This section also requires licensees to notify State(s) prior to the delivery for transport the licensed material outside the confines of the licensees facility or other place of use or storage.

Section 73.37(b)(2)(iv) requires a licensees to notify by telephone a responsible individual in the office of the governor or in the office of the governor's designee and the office of the Tribal official or in the office of the Tribal official's designee of any schedule change that differs by more than 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> from the schedule information previously furnished under paragraph (b)(2)(iii) of this section, and shall inform that individual of the number of hours of advance or delay relative to the written schedule information previously furnished.

Section 73.37(b)(2)(v) requires licensees who cancel a shipment for which advance notification has been sent shall send a cancellation notice to the governor or to the governors designee of each State previously notified, each Tribal official or the Tribal officials designee previously notified, and to the NRCs Director, Division of Security Policy, Office of Nuclear Security and Incident Response. The licensee shall state in the notice that it is a cancellation and identify the advance notification that is being canceled.

Section 73.37(b)(2)(vi) requires licensees to retain a copy of the preplanning and coordination activities, advance notification, and any revision or cancellation notice as a record for 3 years.

Section 73.37(b)(3)(iv) requires the movement control center personnel and escorts to maintain a written log for each spent fuel shipment, which will include information describing the shipment and significant events that occur during the shipment. The log will be available for review by authorized NRC personnel for a period of at least 3 years following completion of the shipment.

12

Section 73.37(b)(3)(v) requires the licensee to develop, maintain, revise and implement written transportation physical protection procedures.

Section 73.37(b)(3)(vi) requires the licensee to retain as a record the transportation physical protection procedures for 3 years after the close of period for which the licensee possesses the spent nuclear fuel.

Section 73.37(b)(3)(vii)(B) requires as a part of the transportation physical protection system that shipment escorts make calls to the movement control center at random intervals, not to exceed 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />, to advise of the status of the shipment for road and rail shipments, and for sea shipments while shipment vessels are docked at U.S. ports.

Section 73.37(b)(3)(vii)(C) requires that at least one armed escort remains alert at all times, maintain constant visual surveillance of the shipment, and periodically reports to the movement control center at regular pre-set intervals during periods when the shipment vehicle is stopped, or the shipment vessel is docked.

Section 73.37(b)(4)(iii) requires the licensee to retain the contingency and response procedures as a record for three years after the close of period for which the licensee possesses the special nuclear material under each license for which the plan is used and superseded material for three years after each change.

Section 73.37(g)(iii) requires State officials, state employees, Tribal officials, Tribal employees, and other individuals who receive schedule information to protect the information against unauthorized disclosure.

Section 73.38(a)(2) requires the licensee to establish, implement, and maintain its access authorization program.

Section 73.38(c)(2)(v) requires a 3 year recordkeeping requirement pertaining to documentation for access authorization for any individual who has an active Federal security clearance. -

Section 73.38(d) requires the licensee to conduct background investigations before allowing an individual to act as an armed escort or have unescorted access to spent reactor fuel in transit Section 73.38(d)(1) requires the licensees not to initiate any element of a background investigation without the informed and signed consent of the subject individual.

Section 73.38(d)(2) requires any individual who is required to have a background investigation under the licensees access authorization program to disclose personal history information that is necessary to make a determination of the individuals trustworthiness and reliability.

Section 73.38(d)(3) requires the licensee to conduct fingerprints and an FBI investigation and criminal history records check in accordance with Section 73.57. The form is FD-258, which is indicated as an acceptable method for submitting fingerprints. The fingerprint card Form FD-258, covered under OMB Clearance 1110-0046 states the following as the Authority for the collection of information:

Authority: The FBI's acquisition, preservation, and exchange of information requested by this form is generally authorized under 28 U.S.C. Depending on the nature of your application, supplemental authorities include numerous Federal statutes, hundreds of State statutes 13

pursuant to Pub.L.92-544, Presidential executive orders, regulations and/or orders of the Attorney General of the United States, or other authorized authorities. Examples include, but are not limited to: 5 U.S.C. 9101; Pub.L. 94-29; Pub.L. 101-604; and Executive Orders 10450 and Executive Orders 10450 and 12968. Providing the requested information is voluntary; however, failure to furnish the information may affect timely completion or approval of your application.

This requires the licensee to transmit the fingerprints to the NRC.

Section 73.38(d)(5)(iv)(A) requires the licensee to document if a previous employer, educational institution, or any other entity with which the individual claims to have been engaged fails to provide information or indicates an inability or unwillingness to provide information the licensee shall obtain a confirmation of employment, educational enrollment and attendance, or other form of engagement claimed by the individual from at least one alternate source that has not been previously used.

Section 73.38(d)(5)(vi) requires the licensee when obtaining information on employment history to document any telephone calls.

Section 73.38(f)(5) requires the licensee to retain all fingerprint and criminal history records received from the FBI, or a copy if the file has been transferred, on an individual (including data indicating no record) for 5 years from the date the individual no longer requires unescorted access or access authorization relative to spent nuclear fuel in transit.

Section 73.38(i) requires any individual who has applied for an access authorization or is maintaining an access authorization to report to the reviewing official, his or her supervisor, or other management personnel designated in licensee procedures any legal action(s) taken by a law enforcement authority or court of law to which the individual has been subject that could result in incarceration or a court order that requires a court appearance.

Section 73.38(j) requires the licensee to develop, implement, and maintain written procedures for conducting background investigations for persons who are applying for unescorted access authorization for spent nuclear fuel in transit; for updating background investigations for persons who are applying for reinstatement of unescorted access or access authorization; to ensure that persons who have been denied unescorted access or access authorization are not allowed access to spent nuclear fuel in transit or information relative to spent nuclear fuel in transit; and for the notification of individuals who are denied unescorted access or access authorization for spent nuclear fuel in transit.

Section 73.38(l) requires the licensee to maintain records of background investigations 5 years from the date the individual no longer requires access to spent nuclear fuel. This section also requires a copy of the access authorization program procedures as a record for 5 years after it is no longer needed. In addition, the licensee must retain the list of persons approved for unescorted access for 5 years after the list is superseded or replaced.

Section 73.40 Requires that licensees provide physical protection at a fixed site, or contiguous sites where licensed activities are conducted against radiological sabotage, or against theft of special nuclear material, or against both in accordance with the applicable sections of this part for each specific class of facility or material licensee. If applicable, the licensees are required to establish and maintain physical security in accordance with security plans approved by the NRC. The information collection associated with this requirement is contained in Section 73.20.

Section 73.45 requires that the licensee's fixed site physical protection system (required by 73.20) contain certain provisions, procedures, and plans. The information collection associated with this 14

requirement is contained in Section 73.20.

Section 73.46(b)(1) requires that, if a contract guard force is utilized, the licensee have a written agreement with the contractor that contains provisions showing that the licensee is responsible to NRC for maintaining safeguards in accordance with NRC regulations and the licensee's security plan, that NRC may inspect, copy, and remove copies of required reports and documents, and that the licensee must demonstrate the capability of the security force, including contractor personnel, to perform their assigned duties. This requirement is necessary to ensure that the licensee makes the security force contractor aware of its responsibilities.

Section 73.46(b)(3) requires that the licensee have a management system that includes written security procedures which document the structure of the security organization and which detail the duties of the Tactical Response Team, guards, watchmen, and other individuals responsible for security. The licensee must also have provisions for written approval of such procedures and any revisions thereto by the individual with overall responsibility for the security function. These procedures are necessary to ensure that a management system is in place, that responsibilities and duties are set forth clearly, and that the security organization is adequate to provide protection in accordance with the security plan.

Section 73.46(b)(4) requires that the licensee document the results of each weapons qualification and re-qualification, the annual physical fitness performance test or the quarterly administered site specific content-based test. These records verify that qualification and re-qualification have occurred and provide a record of individual performances. The burden for this information collection has been listed together with Sections 73.46(b)(4),(7),(8) & 73.46(b)(11)(i).

Section 73.46(b)(7) requires that licensees document the qualification and re-qualification of Tactical Response Team members, armed response personnel, and guards in day and night firing. These records verify that qualification and re-qualification have occurred and provide a record of individual performances. The burden for this information collection has been listed together with Sections 73.46(b)(4),(7),(8) & 73.46(b)(11)(i).

Section 73.46(b)(8) requires that licensees document the training of Tactical Response Team members in response tactics. These records verify that training has occurred and provide a record of individual performances. The burden for this information collection has been listed together with Sections 73.46(b)(4),(7),(8) & 73.46(b)(11)(i).

Section 73.46(b)(9) requires that the licensee notify NRC at least 60 days in advance of a scheduled training exercise for the security force which is required to be observed by NRC. The licensee must also document the results of all exercises. The notification requirement allows the NRC to arrange for NRC inspectors to observe the exercise. The documentation verifies that the exercise was conducted and provides a record of security force performance.

Section 73.46(b)(10)(iii) requires that the licensee obtain a written certification by an examining physician that there are no contraindications to individual's participation in the physical fitness training program.

Section 73.46(b)(11)(i) requires that the licensee retain a record of each security force member's attempt to qualify or re-qualify by meeting or exceeding the applicable qualification criteria. This is a repetition of the requirement in Section 73.46(b)(4) and is not, itself, an information collection.

Section 73.46(b)(11)(iii) requires that prior to participation in the physical performance testing each security force member must obtain a medical clearance from a licensed practitioner stating that there are no medical contraindications to the individual's participation in such testing.

15

Section 73.46(b)(12) and 73.46(b)(12)(i) when taken together require the submission of the site specific content-based tests for NRC's approval. This information is incorporated into the Licensee's Physical Protection Plan and may be used by NRC to inspect the physical performance testing programs to ensure that they are adequate to protect the health and safety of the public. The burden for this information collection is incorporated into that of Section 73.46(b)(4).

Section 73.46(b)(12)(ii) requires that, prior to the administration of the site specific content-based physical fitness tests and annually thereafter, a physical examination be conducted and a written certification, that there are no medical contraindications to participation in the tests, be obtained from a licensed physician.

Section 73.46(d)(3) requires procedures in support of the physical protections system and plan required by Section 73.20. The information collection associated with this requirement is contained in Section 73.20.

Section 73.46(d)(10) requires that the licensee must maintain records of the findings of teams conducting drum scanning and tamper sealing of containers of contaminated waste. These records verify that the scanning was conducted and document the scan readings for later use in review of the waste shipments if needed.

Section 73.46(d)(11) requires that licensee teams must verify and certify the contents of containers of SSNM being prepared for shipment offsite. These records verify the weight, assay, and tamper seal integrity of the containers.

Section 73.46(d)(13) specifies that licensees must require that individuals provided escorted access to protected areas register their name, date, time, purpose of visit and employment affiliation, citizenship, and name of the individual to be visited in a log. The log serves as a record of visitors permitted access, serves as a document that may be inspected to verify that access control requirements are being followed, and facilitates any subsequent investigation of irregular events.

Section 73.46(g)(5) requires procedures in support of the physical protections system and plan required by Section 73.20. The information collection associated with this requirement is contained in Section 73.20.

Section 73.46(g)(6) requires the documentation and reporting to management of the results of an annual independent review and audit of the security program. The records are reviewed by NRC inspectors to ensure that the effectiveness of the security program is evaluated by licensee personnel independent of security management and supervision and that the results of the review are reported to higher management. These records must be retained for 3 years.

Section 73.46(h)(1) restates and provides details on the requirement in Section 73.20 to have a safeguards and contingency plan. The information collection associated with this requirement is contained in Section 73.20.

Section 73.46(h)(2) requires that licensees establish and document a response agreement with local law enforcement authorities. The agreement is used to verify law enforcement response capabilities and to ensure a clear understanding by both parties of what is expected and what law enforcement assistance will be provided in case of an emergency.

Section 73.46(h)(3) requires that the basis for the determination of the size and availability of an additional force of guards or armed response personnel be included in the physical protection plans submitted to NRC as required by Section 73.20. The information collection associated with this requirement is contained in Section 73.20.

16

Section 73.46(h)(4)(iii)(B) requires that licensees inform local law enforcement agencies of any detected threat and request assistance. This notification requirement is necessary to ensure that law enforcement assistance is obtained to help neutralize any threat to vital areas or material access areas.

Section 73.50(a)(3) requires that certain licensees who possess, use, or store formula quantities of SSNM must maintain written security procedures that document the structure of the security organization and detail the duties of guards, watchmen, and other individuals responsible for security.

Section 73.50(a)(4) requires that licensees document the qualification and re-qualification of guards, watchmen, and other members of the security organization. These records verify that qualification and re-qualification have occurred and provide a record of individual performances.

Section 73.50(c)(5) specifies that licensees must require that individuals provided escorted access to protected areas register their name, date, time, purpose of visit and employment affiliation, citizenship, name and badge number of the escort, and name of the individual to be visited in a log. The log serves as a record of visitors permitted access, serves as a document that may be inspected to verify that access control requirements are being followed, and facilitates any subsequent investigation of irregular events.

Section 73.50(g)(1) requires that licensees maintain an NRC-approved safeguards contingency plan for dealing with threats, thefts, and radiological sabotage related to SSNM and nuclear facilities. The information collection associated with this requirement is contained in Section 73.20.

Section 73.50(g)(2) requires that licensees establish and document a response agreement with local law enforcement authorities. The agreement is used to verify law enforcement response capabilities and to ensure a clear understanding by both parties of what is expected and what law enforcement assistance will be provided in case of an emergency.

Section 73.50(g)(3)(iii)(B) requires that licensees inform local law enforcement agencies of any detected threat and request assistance. This notification requirement is necessary to ensure that law enforcement assistance is obtained to help neutralize any threat to vital areas or material access areas.

Section 73.50(h) lists requirements for the NRC-approved training and qualification plan, which is required by Section 73.20. The information collection associated with this requirement is contained in Section 73.20.

Section 73.51(d)(5) requires procedures in support of the physical protections system and plan required by Section 73.20.

Section 73.51(d)(6) requires a licensee to establish a documented liaison with local law enforcement or designated response force to be included in the security plan.

Section 73.51(d)(10) requires procedures in support of the physical protections system and plan required by Section 73.20.

Section 73.51(d)(12) requires the licensee to review the physical protection program every 24 months by individuals independent of both physical protection program management and personnel who have direct responsibility for implementation of the physical protection program. The review must include an evaluation of the effectiveness of the physical protection system and verification of the liaison established with the designated response force or local law enforcement agency.

Section 73.54(intro) provides the submittal deadline for NRC-approved cyber security plans. One-time burden associated with creating and submitting cyber security plans is captured in this requirement.

17

This requirement is complete.

Section 73.54(b)(1) requires analysis of digital computer and communications systems. This analysis is contained in the cyber security plan required by Section 73.54(e) and the information collection associated with this requirement is contained in that section.

Section 73.54(e) requires licensees to establish, implement, and maintain an NRC-approved cyber-security plan that describes how the requirements will be implemented and accounts for the site-specific conditions that affect implementation. The cyber-security plan must include measures for incident response and recovery for cyber attacks and must describe how the licensee will maintain the capability for timely detection and response to cyber attacks, mitigate the consequences of cyber attacks correct exploited vulnerabilities, and restore affected systems, networks, and/or equipment affected by cyber attacks.

Section 73.54(f) requires licensees to develop and maintain written policies in support of the cyber security plan required by Section 73.54(e). The information collection associated with this requirement is contained in Section 73.54(e).

Section 73.55(b)(6) describes the requirement for a performance evaluation program. The information collection associated with this requirement is contained in Section 73.55(c)(4), as the performance evaluation program is documented in the training and qualifications plan.

Section 73.55(b)(7) requires licensees to document the access authorization program in the security plan. The information collection associated with this requirement is contained in 73.55(c)(3).

Section 73.55(b)(8) requires licensees to establish, maintain, and implement a cyber security program.

The information collection associated with this requirement is contained in Section 73.54(e).

Section 73.55(b)(9) requires licensees to document an insider mitigation program in the security plan.

This is a one-time requirement connected to Section 75.55(a). This requirement is complete.

Section 73.55(b)(10) requires licensees to develop corrective action measures. The information collection associated with this requirement is contained in Section 73.55(m).

Section 73.55(b)(11) requires that plan and procedure implementation be coordinated to preclude conflict. The information collection associated with this requirement is contained in Section 73.58(d),

which requires the communication of potential conflicts.

Section 73.55(c)(1) requires licensees to include certain descriptions in security plans. The information collection associated with this requirement is contained in 73.55(c)(3).

Section 73.55(c)(3) requires licensees to establish and maintain a physical security plan, which includes analyses and site-specific information identified in this part as included in the security plan.

Section 73.55(c)(4) requires licensees to establish, implement, and maintain a training and qualifications plan.

Section 73.55(c)(5) requires licensees to establish, implement, and maintain a safeguards contingency plan.

Section 73.55(c)(6) repeats the requirement for licensees to establish, implement, and maintain a cyber security plan. The information collection associated with this requirement is contained in Section 73.54(e).

18

Section 73.55(c)(7) requires licensees to establish, implement, and maintain written procedures that implement Commission requirements and security plans.

Section 73.55(e)(1) requires that licensees describe barriers, barrier systems, and their functions in their security plans. The information collection associated with this requirement is contained in 73.55(c)(3).

Section 73.55(e)(2) lists records retention requirements for barrier analyses and descriptions. The information collection associated with this requirement is contained in 73.55(c)(3).

Section 73.55(e)(8)(iv) requires a description to be included in the security plan. The information collection associated with this requirement is contained in 73.55(c)(3).

Section 73.55(e)(10)(ii)(A) requires licensees to identify areas from which a waterborne vehicle must be restricted and to coordinate with local, State, and Federal agencies having jurisdiction over waterway approaches to ensure that waterway approach routes are controlled. This is a one-time requirement connected to Section 75.55(a), which requires revised documentation to support the revised requirements of this part. This requirement is complete for current power reactor licensees.

Section 73.55(f) requires reactor licensees to document in site procedures the process used to develop and identify target sets, including the analyses and methodologies used to determine and group the target set equipment or elements, to include target set equipment or elements that are not contained within the protected or vital areas. The information collection associated with this requirement is contained in Section 73.55(c)(7).

Section 73.55(g)(5)(ii) requires licensees to develop procedures for emergency conditions. This is a one-time requirement connected to Section 75.55(a). This requirement is complete.

Section 73.55(g)(6)(i)(B) requires reactor licensees to maintain a record (name and affiliation) of all individuals to whom access control devices have been issued and inventory appropriate access control devices at least annually.

Section 73.55(g)(6)(ii)(C) requires licensees to maintain a record (name and areas to which unescorted access is granted) of all individuals to whom photo identification badge/key-cards have been issued.

Section 73.55(g)(6)(iii) requires licensees to issue passwords and combinations to access control personnel.

Section 73.55(g)(7)(i)(A) requires licensees to implement procedures. This is a one-time requirement connected to Section 75.55(a). This requirement is complete for current power reactor licensees.

Section 73.55(g)(7)(i)(C) requires licensees to maintain a visitor control register into which all pertinent visitor information must be written.

Section 73.55(g)(8)(v) requires licensees to describe visitor to escort ratios and implementing procedures for protected and vital areas in physical security plans. This is a one-time requirement connected to Section 75.55(a). This requirement is complete for current power reactor licensees.

Section 73.55(h)(2)(ii) requires licensees to describe the vehicle search process in implementing procedures. This is a one-time requirement connected to Section 75.55(a). This requirement is complete for current power reactor licensees.

19

Section 73.55(h)(3)(iv) requires licensees to describe the vehicle search process in implementing procedures. This is a one-time requirement connected to Section 75.55(a). This requirement is complete for current power reactor licensees.

Section 73.55(h)(3)(v) requires licensees to describe items to be excepted from search in implementing procedures. This is a one-time requirement connected to Section 75.55(a). This requirement is complete for current power reactor licensees.

Section 73.55(i)(4)(ii)(H) requires licensees to maintain a record of all alarm annunciations, the cause of the alarm, and the disposition of each alarm.

Section 73.55(i)(6)(iii) requires licensees to describe how lighting requirements are met in their security plans. This is a one-time requirement connected to Section 75.55(a). This requirement is complete for current power reactor licensees.

Section 73.55(j)(6) Requires that licensees account for areas where communication might be interrupted in implementing procedures. This is a one-time requirement connected to Section 75.55(a).

This requirement is complete for current power reactor licensees.

Section 73.55(k)(5) requires licensees to document the number of armed responders in their security plans. The information collection associated with this requirement is contained in 73.55(c)(3).

Section 73.55(k)(6) requires licensees to document the number of armed security officers in their security plans. The information collection associated with this requirement is contained in 73.55(c)(3).

Section 73.55(k)(7) requires licensees to have procedures to reconstitute the documented number of available armed response personnel required to implement the protective strategy. This is a one-time requirement connected to Section 75.55(a). This requirement is complete for current power reactor licensees.

Section 73.55(k)(8) requires licensees to establish, maintain, and implement a written protective strategy to be documented in procedures. The information collection associated with this requirement is contained in 73.55(c)(7).

Section 73.55(k)(8)(iii) requires that licensees notify law enforcement agencies upon receipt of an alarm or other indication of a threat.

Section 73.55(k)(9) requires licensees to document and maintain current agreements with law enforcement agencies to include estimated response times and capabilities.

Section 73.55(l)(3) requires licensees to describe in the security plans the operational and administrative controls to be implemented for the receipt, inspection, movement, storage, and protection of unirradiated mixed-oxide fuel assemblies and to develop a Material Control and Accountability Program to focus on recordkeeping which describes the inventory and location of the SSNM within the assemblies. The information collections associated with this requirement are contained in Section 73.55(c)(7).

Section 73.55(l)(7) Requires that requests for use of MOX fuel assemblies containing greater than 20 weight percent PuO2 be reviewed and approved by the Commission before receipt of MOX fuel assemblies.

Section 73.55(m) requires licensees to document and maintain written reports offering results and recommendations following onsite physical protection program reviews and audits, managements 20

findings regarding program effectiveness, and any actions taken as a result of recommendations from prior reviews and to enter findings from onsite physical protection program reviews, audits, and assessments into the site corrective action program.

Section 73.55(n)(1) requires licensees to establish, maintain, and implement a maintenance testing and calibration program that is described in the physical security plan and implementing procedures to include the criteria for determining when problems, failures, deficiencies, and other findings are documented in the site corrective action plan. The information collections associated with this requirement are contained in Section 73.55(c)(7).

Section 73.55(n)(7) requires licensees to specify in implementing procedures a program for testing or verifying the operability of devices or equipment located in hazardous areas, which must define alternate measures to be taken to ensure the timely completion of testing or maintenance when the hazardous condition or other restrictions are no longer applicable. This is a one-time requirement connected to Section 75.55(a). This requirement is complete for current power reactor licensees.

Section 73.55(o) requires that licensees identify and describe in the security plans criteria and measures to compensate for degraded or inoperable equipment, systems, and components to meet the requirements of this section. The information collection associated with this requirement is contained in 73.55(c)(3).

Section 73.55(p)(1) requires licensees to get approval, at a minimum, from a licensed senior operator prior to suspending safeguards measures during an emergency and requires licensees who suspend safeguards due to severe weather to get approval from the security supervisor and a licensed senior operator prior to taking this action. The information collection associated with this requirement is contained in 73.55(p)(3).

Section 73.55(p)(3) requires licensees to document the suspension of safeguard measures in accordance with Section 73.71.

Section 73.55(q)(2) lists records retention requirements for information collections identified elsewhere in this part. There is no information collection for this requirement.

Section 73.55(q)(3) requires licensees to retain any written agreement with a contracted security force for its duration.

Section 73.55(q)(4) requires licensees to retain all audit reports for three years, and make them available for inspection. The information collection associated with this requirement is contained in Section 73.55(m).

Section 73.55(r) describes the process by which licensees may submit requests for alternative measures in accordance with 10 CFR 50.4 and 10 CFR 50.90. There is no information collection for this section.

Section 73.56(a)(4) allows licensees or applicants to accept, in part or whole, an access authorization program implemented by a contractor or vendor to satisfy appropriate elements of the licensees access authorization program in accordance with the requirements of this section. To be acceptable, contractors and vendors (C/Vs) must develop, implement, and maintain authorization programs or program elements that meet the requirements of Section 73.56.

Section 73.56(d) requires a documented background investigation in order to grant an individual unescorted access to the protected or vital area of a nuclear power plant. This section requires entities subject to this section to obtain written consent from individuals who are applying for unescorted access 21

authorization before initiating the background investigation. The paragraph also requires licensees, applicants, and contractors/vendors to inform the individual of his or her right to review information that is collected to assure its accuracy and that withdrawal of consent will withdraw the individuals current application for access authorization, and other licensees applicants, and contractors/vendors will have access to information documenting the withdrawal. Licensees, applicants and contractors/vendors must complete any background investigation elements that were in progress when an applicant withdraws his or her consent. The licensee must record the individuals application for unescorted access authorization, his or her withdrawal of consent for the background investigation, the reason given for the withdrawal, if any, and any pertinent information collected from the background investigation elements that were completed. This section requires individuals who are applying for unescorted access authorization to disclose the personal history information that is required by the licensees, applicants or contractors/vendors authorization program, and any other information that may be necessary for the reviewing official to make a determination of the individuals trustworthiness and reliability.

Section 73.56(e) requires that a psychological assessment be completed and requires licensees to develop procedures to provide communication between the licensed psychologist or psychiatrist and other medical personnel; requires the licensed clinical psychologist or psychiatrist conducting the psychological assessment to inform the reviewing official of any indications or information related to a medical condition that could adversely impact the individuals fitness for duty or trustworthiness and reliability. If the licensed psychologist or psychiatrist identifies or discovers any information that could adversely impact the fitness for duty or trustworthiness and reliability of those individuals who are currently granted unescorted access authorization status, he or she must inform the reviewing official of the discovery within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> and the results of the evaluation and a recommendation shall be provided to the licensees or applicants reviewing official.

Section 73.56(f) requires that each person subject to the behavior observation program to report any concerns arising from behavioral observation.

Section 73.56(g) requires individuals who have applied for or are maintaining unescorted access authorization to promptly report to the reviewing official any formal actions taken against the individual by a law enforcement authority or court of law. This would include an arrest, indictment, the filing of charges or a conviction. Licensees must inform individuals of this obligation in writing prior to granting unescorted access or certifying unescorted access authorization.

Section 73.56(i) requires licensees, applicants and contractors/vendors to complete a criminal history update, credit history re-evaluation, and psychological re-assessment of the individual within five years of the date on which these elements were last completed, or more frequently, based on job assignment and requires licensees, applicants and contractors/vendors to administratively withdraw an individuals unescorted access authorization if the criminal history update, credit history re-evaluation, psychological re-assessment, and supervisory review have not been completed.

Section 73.56(j) requires licensees to establish, implement, and maintain a list of individuals who are authorized to have unescorted access to specific nuclear power plant vital areas to assist in limiting access to those vital areas during non-emergency conditions. The list must be approved by a cognizant licensee or applicant manager or supervisor who is responsible for directing the work activities of the individual who is granted unescorted access to each vital area, and updated and re-approved no less frequently than every 31 days.

Section 73.56(k) requires licensees, applicants, and contractors/vendors to conduct background checks on individuals who collect, process, or have access to the sensitive personal information required under this section increasing the scope of individuals who are subject to background checks.

22

Section 73.56(l) requires licensees to include review and notification procedures in their access authorization program. The information collection associated with this requirement is contained in 73.55(c)(7).

Section 73.56(m) requires licensees and contractors/vendors who collect personal information about an individual for the purpose of complying with this section to establish and maintain a system of files and procedures to protect the personal information.

Section 73.56(m)(1) requires licensees and contractors/vendors to obtain a signed consent from the subject individual that authorizes the disclosure of the personal information collected and maintained under this section before disclosing the personal information and requires licensees to disclose personal information to other licensees and applicants, or their authorized representatives, such as contractors or vendors, who are legitimately seeking the information for unescorted access or unescorted access authorization determinations under this section and who have obtained signed consent to release this information from the subject individual.

Section 73.56(m)(2) requires licensees, and contractors/vendors to provide copies of all records pertaining to a denial or unfavorable termination of unescorted access authorization to the subject individual or his or her designated representative upon written request.

Section 73.56(m)(4) requires procedures for the secure storage and handling of personal information.

The information collection associated with this requirement is contained in 73.55(c)(7).

Section 73.56(n)(1) requires that licensees ensure that their entire access authorization programs are audited nominally every 24 months.

Section 73.56(n)(2) requires that if a licensee or applicant relies upon a contractor/vendor program or program element to meet the requirements of this section, and if the contractor/vendor personnel providing the access authorization program service are off site or, if they are on site but not under the direct daily supervision or observation of the personnel of the licensee or applicant, then the licensee or applicant must audit the contractor/vendor program or program element on a nominal 12-month frequency. Also, it requires that any authorization program services that are provided to contractors/vendors by subcontractor personnel who are off site or are not under the direct daily supervision or observation of the contractors/vendors personnel must be audited on a nominal 12-month frequency. The information collection associated with this requirement is contained in 73.56(n)(1).

Section 73.56(n)(6) specifies how the audits required by Sections 73.56(n)(1) and (n)(2) should be documented. The information collection associated with this requirement is contained in 73.56(n)(1).

Section 73.57(a) requires that each applicant for a license to operate a nuclear power reactor as well as each entity who has provided written notice to the Commission of intent to file an application for licensing, certification, permitting, or approval of a product subject to regulation by the Commission shall submit a fingerprint card for individuals who have access to Safeguards Information and nuclear power plant licensees shall fingerprint each individual who has or will have access to Safeguards Information or who will require unescorted access to the nuclear power facility.

Section 73.57(b)(1) requires that licensees must fingerprint each individual who is permitted or seeking unescorted access to the nuclear power facility, the nonpower reactor facility in according with Section 73.57(g), or access to Safeguards Information.

Section 73.57(b)(3) requires that each nuclear power reactor licensee or nonpower reactor licensee notify fingerprinted individuals that the fingerprints will be used to secure a review of his/her criminal 23

history record, and inform the individual of proper procedures for revising the record or including explanation in the record.

Section 73.57(b)(6) requires that nuclear power reactor licensees or nonpower reactor licensees must submit fingerprints to the Attorney General of the United States through the NRC. The information collection associated with this requirement is contained in 73.57(b)(1).

Section 73.57(d) provides the instructions for submitting the fingerprint cards. The information collection associated with this requirement is contained in 73.57(a).

Section 73.57(d)(1) requires that nuclear power reactor licensees or nonpower reactor licensees must obtain, complete, and send to the NRC one fingerprint record (FD Form-258) for each individual requiring unescorted access. The section also requires that licensees establish procedures to minimize the rejection rate of fingerprint cards. The information collection associated with this requirement is contained in 73.57(b)(1).

Section 73.57(d)(2) requires the NRC to review applications for completeness and return incomplete applications or applications containing evident errors to licensees. The information collection associated with this requirement is contained in 73.57(b)(1).

Section 73.57(e)(1) requires that, prior to any adverse action, the licensee must make available to the individual the contents of records obtained from the FBI for the purpose of assuring correct and complete information, and must retain a record of receipt by the individual of this notification for 1 year from the date of the notification. If, after reviewing the record, an individual believes that it is incorrect or incomplete, and wishes changes, corrections, or updating, or to explain any matter in the record, the individual may initiate challenge procedures. Additionally, an individual participating in an NRC adjudication and seeking to obtain Safeguards Information for use in that adjudication may appeal a final adverse determination by the NRC.

Section 73.57(f)(1) requires nuclear power reactor licensees or nonpower reactor licensees to establish and maintain a system of files and procedures to protect criminal history records and personal information from unauthorized disclosure.

Section 73.57(f)(3) allows nuclear power reactor licensees or nonpower reactor licensees to transfer records to another licensee upon the individuals written request and verification of personal information by the gaining licensee.

Section 73.57(f)(4) requires nuclear power reactor licensees or nonpower reactor licensees to make records available to the NRC in order to determine compliance with the regulations and laws.

Section 73.57(f)(5) requires nuclear power reactor licensees or nonpower reactor licensees to retain all fingerprint and criminal history records, or a copy of the records, on an individual for 1 year after termination or denial of unescorted access to the nuclear power reactor facility or nonpower reactor facility.

Section 73.57(g)(1) requires an NRC approved reviewing official to review an individuals criminal history record before granting unescorted access to a nuclear power reactor facility or nonpower reactor facility or access to Safeguards Information. The information collection associated with this requirement is contained in 73.57(b)(1).

24

Section 73.57(g)(2)(i) and section 73.57(g)(2)(ii) require nuclear power reactor licensees or nonpower reactor licensees to obtain fingerprints for criminal history records checks for each individual seeking or permitted unescorted access to vital areas or special nuclear material in the nonpower reactor facility.

The information collection associated with this requirement is contained in 73.57(b)(1).

Section 73.58(b) requires licensees to assess and manage the potential for adverse effects on safety and security prior to implementing changes to plant configurations, procedures, facility conditions or security. As a result, licensees would need to maintain Safety/Security interface written procedures.

Section 73.58(d) requires licensees to communicate identified adverse interactions to the appropriate licensee personnel and to take compensatory and/or mitigative actions to maintain safety and security.

Section 73.60(e) requires the licensee to establish, maintain, and follow an NRC-approved safeguards contingency plan. The information collection associated with this requirement is contained in Section 73.20.

Section 73.67(a) requires the physical protection system provide response to indications of unauthorized removal of special nuclear material and notification of the appropriate response forces of its removal in order to facilitate its recovery.

Section 73.67(c) requires the licensee to submit a security plan or amended security plan describing how the licensee will comply with the physical protection requirements of the regulations. The information collection associated with this requirement is contained in Section 73.20.

Section 73.67(d)(11) requires response procedures in support of the physical protection program. The information collection associated with this requirement is contained in Section 73.20.

Section 73.67(e)(1) requires that a licensee shipping SNM of moderate strategic significance provide advance notification to the receiver of any planned shipments specifying the mode of transport, estimated time of arrival, location of the nuclear material transfer point, name of the carrier, and transport identification. The licensee must also receive confirmation from the receiver prior to commencement of the shipment that the receiver will be ready to accept the shipment at the planned time and location and acknowledges the specified mode of transport. This information alerts the intended receiver of an impending shipment. The required notification and confirmation ensure that the shipper has preplanned the transportation of the material and that the receiver is ready to accept the material. It also helps ensure positive control of the material during transport and helps ensure traceability of any missing material.

Section 73.67(e)(3) requires that a licensee who arranges for the in-transit physical protection of SNM of moderate strategic significance, or who takes delivery of the material free on board the point at which it is delivered to a carrier for transport, must establish and maintain written response procedures for dealing with thefts or threats of thefts of the material. The licensee must retain a copy of the procedures as a record. The information is used by the licensee to provide instructions to employees for dealing with contingencies and is inspected by NRC to ensure that the licensee has developed adequate procedures for dealing with thefts or threats of thefts. Licensees must make arrangements to be notified immediately of the arrival of the shipment at its destination, or of any such shipment that is lost or unaccounted for after the estimated time of arrival at its destination. This information is used by the licensee to determine that a shipment either arrived safely or is missing. Such notification gives the licensee a basis for initiating a trace investigation, which is required in the event a shipment becomes delayed or lost. Licensees must notify the NRC Operations Center within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the discovery of the loss of the shipment and within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after recovery of or accounting for such lost shipment, in accordance with Section 73.71. This notification permits NRC to initiate or terminate a trace investigation if necessary.

25

Sections 73.67(e)(4), 73.67(e)(5), and 73.67(e)(6)(i) list the records retention requirements for records required by 73.67(c) and (e). Burden for records retention is captured under each specific requirement.

Section 73.67(e)(6)(ii) requires that a licensee notify the exporter who delivered the material to a carrier for transport of the arrival of such material. This information is used by the licensee to determine that a shipment either arrived safely or is missing. Such notification gives the licensee a basis for initiating a trace investigation in the event a shipment becomes delayed or lost.

Section 73.67(e)(7)(i) requires that, upon request by the NRC, a shipper provide additional information regarding a planned shipment. This information, if requested, is used by the NRC to determine whether it is necessary to issue Orders to licensees in the event that it appears to the NRC that two or more shipments of SNM of moderate strategic significance, constituting in the aggregate an amount equal to or greater than a formula quantity of SSNM, may be en route at the same time.

Section 73.67(e)(7)(ii) requires that the receiver, or the shipper if the receiver is not a licensee, notify the NRC by telephone within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> after the arrival of the shipment at its final destination, or after the shipment has left the United States as an export. This notification permits the NRC to confirm the integrity of the shipment at the time of receipt or exit from the United States.

Section 73.67(f)(4) requires response procedures in support of the physical protection program. The information collection associated with this requirement is contained in Section 73.20.

Section 73.67(g)(1) and (2) requires that a licensee shipping SNM of low strategic significance provide advance notification to the receiver of any planned shipments specifying the mode of transport, estimated time of arrival, location of the nuclear material transfer point, name of the carrier, and transport identification. The licensee must also receive confirmation from the receiver prior to commencement of the shipment that the receiver will be ready to accept the shipment at the planned time and location and acknowledges the specified mode of transport. The receiving licensee must notify the shipper of the receipt of the material in accordance with Section 74.15. The required notifications and confirmation ensure that the shipper has preplanned the transportation of the material and that the receiver is ready to accept the material. It also helps ensure positive control of the material during transport and helps ensure traceability of any missing material.

Section 73.67(g)(3)(i) requires response procedures in support of the physical protection program. The information collection associated with this requirement is contained in Section 73.20.

Section 73.67(g)(3)(ii) requires that a shipper of SNM of low strategic significance must make arrangements to be notified immediately of the arrival of the shipment at its destination, or of any such shipment that is lost or unaccounted for after the estimated time of arrival at its destination. This information is used by the licensee to determine that a shipment either arrived safely or is missing.

Such notification gives the licensee a basis for initiating a trace investigation in the event a shipment becomes delayed or lost.

Section 73.67(g)(3)(iii) requires that a licensee notify the NRC Operations Center within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the discovery of the loss of the shipment and within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after recovery of or accounting for such lost shipment, in accordance with Section 73.71. This notification permits the NRC to initiate or terminate a trace investigation if necessary.

Section 73.67(g)(4) Lists the records retention requirements for materials export records. Burden associated with records retention is reported under each specific requirement.

26

Section 73.67(g)(5)(i) Lists the records retention requirements for materials import records. Burden associated with records retention is reported under each specific requirement.

Section 73.67(g)(5)(ii) requires that a licensee notify the person who delivered the material to a carrier for transport of the arrival of such material. This information is used by the licensee to determine that a shipment either arrived safely or is missing. Such notification gives the licensee a basis for initiating a trace investigation in the event a shipment becomes delayed or lost.

Section 73.70(a) requires that the licensee keep a record of the names and addresses of all authorized individuals. This information serves as a means of identifying those who have responsibility for surveillance of SNM, and of limiting the number of individuals with such responsibility. It identifies persons who had access in the event an investigation proves necessary and serves as a means of verification for inspection purposes to ensure that designation and access control procedures are being properly conducted.

Section 73.70(b) requires that the licensee keep a record of the names, addresses, and badge numbers of all individuals authorized to have access to vital equipment or SNM, and the vital areas and material access areas to which authorization is granted. This record provides formal access authorization control. It provides verification that access control requirements are being met and serves to limit the number of individuals with such access.

Section 73.70(c) requires that the licensee keep a register of visitors, vendors, and other individuals not employed by the licensee. The information collections associated with this requirement are contained in Sections 73.46, 73.50, and 73.55.

Section 73.70(d) requires that the licensee keep a log of all individuals granted access to a vital area except those individuals entering or exiting the reactor control room. This record provides a means of determining who had access to vital areas. It is inspected to assess licensee performance in minimizing unnecessary access. It also can provide data to aid an investigation of an irregular event.

Section 73.70(e) requires that the licensee keep documentation of all routine security tours and inspections, and of all tests, inspections, and maintenance performed on physical barriers, intrusion alarms, communications equipment, and other security related equipment. This requirement provides a record of security tours, tests and maintenance and is used to ensure that the frequency of tests and prompt maintenance of failures is verifiable by inspection. It also provides a maintenance history of equipment useful in evaluating operating performance.

Section 73.70(f) requires that the licensee keep a record at each onsite alarm annunciation location of each alarm, false alarm, alarm check, and tamper indication. In addition, details of response by facility guards and watchmen to each alarm, intrusion, or other security incident must be recorded. This record provides verification that alarms are operating properly, that licensees respond properly, and that operational checks are conducted in accordance with the regulations. It also provides a means of evaluating the long term reliability of the alarm system. This includes all types of signals sent to the alarm systems main computer which incorporates authorized door openings and closings.

Section 73.70(g) requires that the licensee keep a record of shipments of SNM subject to the requirements of Part 73, including names of carriers, major roads to be used, flight numbers for air shipments, dates and expected times of departure and arrival of shipments, verification of communications equipment on board the transfer vehicle, names of individuals who are to communicate with the transport vehicle, container seal descriptions and identification, and other details to confirm compliance with protection requirements. Information obtained during the course of the shipment such as reports of all communications, change of shipping plan, including monitor changes, trace investigations, and others, must also be recorded. These records serve as a part of the material 27

control system by providing a record of bulk inventory change at any given plant. They also provide an audit trail and experience base for evaluating the transportation process at a later time.

Section 73.70(h) requires that the licensee maintain written procedures for controlling access to protected areas and for controlling access to keys for locks used to protect SNM. This record serves to aid access control and lock and key control. It also serves as a record that may be inspected, of the licensee's performance in minimizing access and providing adequate control of key and lock operations.

Section 73.71(a) requires that each licensee subject to the provisions of Section 73.25, 73.26, 73.27(c),

73.37, 73.67(e), or 73.67(g) notify the NRC Operations Center within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the discovery of the loss of any shipment of SNM or spent fuel and within one 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after recovery of or accounting for such lost shipment. This notification permits NRC to initiate or terminate a trace investigation if necessary. Each such licensee must follow the initial telephonic notification with a written report to the NRC within 60 days. This report permits NRC to analyze and evaluate the event and subsequent recovery efforts. The initial telephonic notification and written report must be followed by a follow-up telephonic notification and written report to NRC if any significant supplemental information is discovered or if corrections to previous reports are necessary. Copies of the written reports must be retained as a record for 3 years.

Section 73.71(b) requires that each licensee subject to the provisions of Sections 73.20, 73.37, 73.50, 73.55, 73.60, or 73.67 notify the NRC Operations Center within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the discovery of the theft or attempted theft or unlawful diversion of SNM.

Each licensee subject to the provisions of Sections 73.20, 73.37, 73.50, 73.55, 73.60, 73.51 or possessing SSNM and subject to 73.67 must notify the NRC Operations Center within one hour after the discovery of the following:

(a) an event involving actual or attempted significant physical damage to a power reactor or any facility possessing SSNM or its equipment or carrier equipment transporting nuclear fuel or spent nuclear fuel, or to the nuclear fuel or spent nuclear fuel a facility or carrier possesses; (b) an event involving actual or attempted interruption of normal operation of a licensed nuclear power reactor through the unauthorized use of or tampering with its machinery, components, or controls including the security system; (c) an actual entry of an unauthorized person into a protected area, material access area, controlled access area, vital area, or transport; or an event involving any failure, degradation, or the discovered vulnerability in a safeguard system that could allow unauthorized or undetected access to one of the above areas for which compensatory measures have not been employed.

Each licensee subject to the provisions of Sections 73.20, 73.37, 73.50, 73.55, or 73.60, must notify the NRC Operations Center within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the discovery of an event involving actual or attempted introduction of contraband into one of the above areas. The Commission requires the reports made pursuant to 73.71 so that the Commission may be aware of events in order to determine their significance, whether a change in a licensee's safeguards plan is needed, and whether a report to Congress is necessary in accordance with Section 208 of the Energy Reorganization Act of 1974, as amended. The safeguards event reports are also needed for the development of a database whereby generic problems can be identified and feedback given to licensees for improving their safeguards systems.

Section 73.71(c) requires that each licensee subject to the provisions of Sections 73.20, 73.37, 73.50, 73.51, 73.55, 73.60, or possessing SSNM and subject to Section 73.67(d) must maintain a current log 28

and record the safeguards events described in paragraphs II(a) and (b) of Appendix G to Part 73 within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> of discovery by a licensee employee or member of the licensee's contract security organization.

Section 73.71(d) provides guidance for the submission of 60-day reports required under the forgoing provisions of Section 73.71. It provides that power reactor licensees should submit the written report using NRC Form 366, "Licensee Event Report." Other licensees must submit the written report in letter format. NRC Form 366 has previously been cleared under OMB No. 3150-0104, which should be referred to for additional supporting information, burden and cost data. It is necessary for both the licensee and the NRC to maintain copies of the reports for the following reasons. The licensee must maintain copies to perform the yearly security audit required by Section 73.46(g)(6) for fuel facilities and Section 73.55(g)(4) for power reactors. This audit evaluates the effectiveness of the security system at these facilities. Also, in order to maintain the level of security deemed adequate by NRC, the licensee must observe and analyze the operational aspects of its security system. This can only be done through the maintenance and analysis of such records as those for security events. The NRC maintains copies of security event records to conduct analyses to identify and characterize generic and facility-specific precursors to certain safeguards events. Improving the ability of the NRC to identify generic precursors or defects provides the agency with a capability to initiate corrective action, if needed, prior to a vulnerability having a detrimental effect on public health and safety.

Section 73.72 requires that licensees shipping a formula quantity of SSNM, SNM of moderate strategic significance, or irradiated reactor fuel required to be protected pursuant to Section 73.37, must provide advance written notification to NRC at least 10 days prior to shipment, along with shipment details and itinerary, and must notify NRC by telephone of the transmittal of the advance notice and of any changes to the shipment itinerary. This requirement is necessary to allow the NRC to review shipment details and schedule appropriate monitoring of the shipment. It also serves as a means to verify shipment details during the inspection process.

Section 73.73 requires that licensees exporting SNM of low strategic significance to provide advance written notification to the NRC at least 10 days prior to shipment, along with shipment details and itinerary, and may notify the NRC by telephone of any changes to the shipment details or itinerary. This requirement is necessary to allow the NRC to review shipment details and schedule appropriate monitoring of the shipment. It also serves as a means to verify shipment details during the inspection process.

Section 73.74 requires that licensees importing SNM of low strategic significance from a country not a party to the Convention on the Physical Protection of Nuclear Material must provide advance written notification to NRC at least 10 days prior to shipment, along with shipment details and itinerary, and may notify the NRC by telephone of any changes to the shipment details or itinerary. This requirement is necessary to allow the NRC to review shipment details and schedule appropriate monitoring of the shipment. It also serves as a means to verify shipment details during the inspection process.

Section 73.77(a)(1) requires licensees subject to the provisions of 10 CFR 73.54 to make a telephonic notification of the cyber security events identified at 10 CFR 73.77(a)(1) to the NRC Headquarters Operations Center via the Emergency Notification System within one hour after discovery. Notifications must be made according to 10 CFR 73.77(c).

Section 73.77(a)(2) requires licensees subject to the provisions of 10 CFR 73.54 to make a telephonic notification of the cyber security events identified at 10 CFR 73.77(a)(2)(i)-(iii) to the NRC Headquarters Operations Center via the Emergency Notification System within four hours after discovery.

Notifications must be made according to 10 CFR 73.77(c).

29

Section 73.77(a)(3) requires licensees subject to the provisions of 10 CFR 73.54 to make a telephonic notification of the cyber security events identified at 10 CFR 73.77(a)(3) to the NRC Headquarters Operations Center via the Emergency Notification System within eight hours after discovery.

Notifications must be made according to 10 CFR 73.77(c).

Section 73.77(b) requires licensees subject to the provisions of 10 CFR 73.54 to record cyber security events identified at 10 CFR 73.77(b) in the site corrective action program within twenty-four hours after discovery.

Sections 73.77(c)(1)-(4) describes the notification process. Burden for these notifications is captured under 73.77(a) (1) - (3).

Section 73.77(d) requires licensees making an initial telephonic notification of cyber security events to the NRC according to the provisions of 10 CFR 73.77(a)(1), (a)(2)(i), and (a)(2)(iii) to also submit a written security follow-up report to the NRC within 60 days of the telephonic notification using NRC Form 366, Licensee Event Report. Licensees are not required to submit a written security follow-up report following a telephonic notification made under 10 CFR 73.77(a)(2)(iii) and (a)(3).

Section 73.77(d)(12) requires licensees to maintain a copy of the written security follow-up report of an event submitted under section 73.77 as a record for a period of three years from the date of the report or until the Commission terminates the license for which the records were developed, whichever comes first.

Appendix B sets the minimum training and qualification criteria for security personnel. Much of the information in this Appendix repeats requirements listed earlier in this part with a greater level of detail.

Where the Appendix identifies new or additional requirements, they are captured below.

Appendix B Section VI B.4.a.1 requires licensees to obtain and retain a written certification from the licensed physician that no medical conditions were disclosed by the medical examination that would preclude the individuals ability to participate in the physical fitness tests or meet the physical fitness attributes or objectives associated with assigned duties.

Appendix B Section VI B.4.b.4 requires licensees to have documentation by a qualified training instructor the physical fitness qualification of each armed member of the security organization, this documentation must be attested to by a security supervisor. The information collection for this requirement includes the requalification requirement contained in Appendix B Section VI B.5.b.

Appendix B Section VI B.5.b. requires licensees to have documentation by a qualified training instructor the physical fitness requalification of each armed member of the security organization, this documentation must be attested to by a security supervisor. The information collection associated with this requirement is contained in Appendix B Section VI B.4.b.4.

Appendix B Section VI C.2.b requires licensee training instructors to document on-the-job training and security supervisors to attest to an individuals on-the-job training.

Appendix B Section VI C.3.a requires licensees to develop, implement, and maintain a documented Performance Evaluation Program (PEP). The PEP shall be referenced in the Training and Qualifications Plan. This is a one-time requirement connected to Section 75.55(a).

Appendix B Section VI C.3.g requires licensees to document all findings, deficiencies, and failures identified during tactical response drills and force-on-force exercises deemed to adversely affect or decrease the effectiveness of the protective strategy and physical protection in the licensees corrective 30

action program.

Appendix B Section VI C.3.h. requires documentation of scenarios and participants for drills and exercises. The information collection associated with this requirement is contained in Appendix B Section VI C.3.g.

Appendix B Section VI C.3.i. requires that findings, deficiencies, and failures identified in drills and exercises be entered into the corrective action program. The information collection associated with this requirement is contained in Appendix B Section VI C.3.g.

Appendix B Section VI C.3.m. requires licensees to develop and document scenarios for drills and exercises. The information collection associated with this requirement is contained in Appendix B Section VI C.3.g.

Appendix B Section VI C.3.n.1 requires licensees to develop and document multiple scenarios for use in conducting quarterly tactical response drills and annual force-on-force exercises. The information collection associated with this requirement is contained in Appendix B Section VI C.3.g.

Appendix B Section VI E.1.b. requires that licensees only use firearms instructors that are certified from a national or state recognized entity and that the certification specify the weapon type(s) for which the instructor is qualified to teach and that licensees only use firearms instructors who are recertified in accordance with the standards recognized by the certifying national or state entity, but in no case shall recertification exceed three (3) years.

Appendix B Section VI E.1.d requires licensees to include in the training and qualification plan the following additional standards: target identification and engagement, weapon malfunctions, cover and concealment, and weapon familiarization. This is a one-time requirement whose burden is included in 73.55(a).

Appendix B Section VI F.1.b. requires licensees to document and retain the results of weapons qualification and requalification.

Appendix B Section VI F.2 requires that a licensees written training and qualification plan must describe the firearms used, the firearms qualification program, and other tactical training required to implement the Commission-approved security plans, licensee protective strategy, and implementing procedures. This is a one-time requirement whose burden is included in Section 73.55(a).

Appendix B Section VI F.5.a requires licensees to re-qualify armed members of the security organization for each assigned weapon at least annually in accordance with Commission requirements and the Commission-approved training and qualification plan and document and retain the results as a record. The information collection associated with this requirement is Appendix B,Section VI F.1.b.

Appendix B Section VI G.3.a requires licensees to include in the training and qualifications plan a firearms maintenance and accountability program to ensure weapons and ammunition are properly maintained, function as designed, and are properly stored and accounted for. This is a one-time requirement whose burden is included in Section 73.55(a).

Appendix B Section VI H.1 requires licensees to retain all reports, records, or other documentation required by this appendix in accordance with the requirements of Section 73.55(r). The burden for this requirement is included in each specific recordkeeping requirement 31

Appendix C describes the specific requirements for the safeguards contingency plan required by Sections 73.20 and 73.55(c)(5). There are no additional information collections in Appendix C.

Appendix G provides clarification of the requirements for reporting safeguards events. Safeguards experience is a vehicle for providing licensees with feedback about the effectiveness of safeguards systems. Some safeguards events require immediate response by the NRC. Under Section 73.71, these events are required to be reported within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> of detection of their occurrence to assure timely response by NRC regional and headquarters staff, followed by a written report within 60 days. Other safeguards events, while of less significance, must be reported in order to determine trends in deficiencies in safeguards systems. NRC has established a program for the collection and analysis of all pertinent safeguards data. This data is immediately entered into the NRC data base and analysis is begun as soon as the data is entered. Upon completion of the analysis, appropriate action and response are initiated. In order to achieve program objectives, a standardized level of detail is required for the evaluation of safeguards events. The results of the analyses are used to improve regulations for these facilities, for preparing for inspections, and to give feedback to licensees for improving their safeguards systems.

Confirmatory Action Letter (CAL), dated October 28, 2002, requires research and test reactors (currently called non-power reactors) to establish a physical security and access authorization program.

CAL implementation plans were submitted for this CAL when the compensatory measures were first issued back in 2003 and 2005 and there are currently no ongoing submissions. Compensatory measures have been incorporated into the physical security plan. Burden for ongoing recordkeeping is captured under estimates to establish and maintain NRC-approved physical protection, training and qualification and safeguards contingency plans.

32

GUIDANCE DOCUMENTS FOR INFORMATION COLLECTION REQUIREMENTS CONTAINED IN 10 CFR PART 73 PHYSICAL PROTECTION OF PLANTS AND MATERIALS (3150-0002)

Title Accession number or link NRC Regulatory Guides (RG) - Materials https://www.nrc.gov/reading-rm/doc-and Plant Protection (Division 5) collections/reg-guides/protection/rg/

RG 1.206 Combined Operating ML070630003 Application for New Reactors RG 5.52, Standard Format and Content of ML003739235 a Licensee Physical Protection Plan for Strategic Special Nuclear Material at Fixed Sites (Other than Nuclear Power Plants)

RG 5.54 Standard Format and Content of Safeguards Information a Safeguards Contingency Plan for Power Plants RG 5.55, Standard Format and Content of ML003739256 Safeguards Contingency Plans for Fuel Cycle Facilities RG 5.59. Standard Format and Content ML100341301 for a Licensee Physical Security Plan for the Protection of Special Nuclear Material of Moderate or Low Strategic Significance RG 5.62 Reporting of Safeguards Events ML003739271 RG 5.71 Cyber Security Programs for ML090340159 Nuclear Facilities RG 5.79 Protection of Safeguards ML103270219 Information RG 5.81 Target Set Identification and ML102720056 Development for Nuclear Power Reactors NUREG-0561, Physical Protection of ML13120A230 Shipments of Irradiated Reactor Fuel, Rev 2

33

NUREG-1619 Standard Review Plan for ML020720453 Physical Protection Plans for the Independent Storage of Spent Fuel and High Level Radioactive Waste Generic Letter 91-03 Reporting of ML031140131 Safeguards Events NEI 03-12 Template for the Physical ML112800379 plus a Safeguards Security Plan, Training and Qualification Information Document Plan, Safeguards Contingency Plan, [and Independent Spent Fuel Storage Installation Security Program]

NEI 08-09 (NRC endorsed) Cyber ML101180437 Security Plan for Nuclear Power Reactors NEI 11-08 Guidance on Submitting ML12216A194 Security Plan Changes NEI 99-02 Regulatory Assessment ML092931123 Performance Indicator Guideline 34