ML18108A187
| ML18108A187 | |
| Person / Time | |
|---|---|
| Site: | Browns Ferry  |
| Issue date: | 04/18/2018 |
| From: | Scott Shaeffer NRC/RGN-II/DRS/EB2 |
| To: | James Shea Tennessee Valley Authority |
| References | |
| IR 2018411 | |
| Download: ML18108A187 (4) | |
See also: IR 05000259/2018411
Text
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION
UNITED STATES
NUCLEAR REGULATORY COMMISSION
REGION II
245 PEACHTREE CENTER AVENUE NE, SUITE 1200
ATLANTA, GEORGIA 30303-1257
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION
April 18, 2018
Mr. Joseph W. Shea
Vice President, Nuclear Licensing
Tennessee Valley Authority
Chattanooga, TN 37402-2801
SUBJECT: BROWNS FERRY NUCLEAR PLANT - INFORMATION REQUEST FOR THE
CYBER-SECURITY BASELINE SECURITY INSPECTION, NOTIFICATION TO
PERFORM INSPECTION 05000259/2018411, 05000260/2018411, AND
Dear Mr. Shea:
On September 17, 2018, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline
inspection in accordance with Inspection Procedure (IP) 71130.10P Cyber-Security,
Revision 0 at Browns Ferry Nuclear Plant. The inspection will be performed to evaluate and
verify your ability to meet the Milestone 8 (i.e., full implementation) requirements of the NRCs
Cyber-Security Rule, Title 10, Code of Federal Regulations (CFR), Part 73, Section 54,
Protection of Digital Computer and Communication Systems and Networks. The onsite portion
of the inspection will take place during the weeks of September 17, 2018, and October 1, 2018.
Experience has shown that baseline inspections are extremely resource intensive, both for the
NRC inspectors and the licensee staff. In order to minimize the inspection impact on the site
and to ensure a productive inspection for both parties, we have enclosed a request for
documents needed for the inspection. These documents have been divided into four groups.
The first group specifies information necessary to assist the inspection team in choosing the
focus areas (i.e., sample set) to be inspected by the cyber-security IP. This information should
be made available via secure site (i.e., SharePoint, Certrec) no later than June 17, 2018. The
inspection team will review this information and will request any additional specific items that
should be provided for review to aid in inspection planning and preparation.
The second group of additional requested documents will assist the inspection team in the
evaluation of the critical systems and critical digital assets (CSs/CDAs), defensive architecture,
and the areas of the licensees CSP selected for the cyber-security inspection. This information
will be requested for review via secure site (i.e., SharePoint, Certrec) before July 9, 2018.
The third group of requested documents consists of those items that the inspection team will
review, or need access to, during the inspection. Please have this information available by the
first day of the onsite inspection, August 14, 2018.
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION
J. Shea
2
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION
The fourth group of information is necessary to aid the inspection team in tracking issues
identified during or as a result of the inspection. It is requested that this information be provided
to the lead inspector as the information is generated during the inspection. It is important that
all of these documents are up to date and complete in order to minimize the number of
additional documents requested during the preparation and/or the onsite portions of the
inspection. The lead inspector for this inspection is Mr. Rodney Fanner. We understand that
our regulatory contact for this inspection is Mr. Jim Polickoski of your organization. If there are
any questions about the inspection or the material requested, please contact the lead inspector
at 404-997-4638 or via e-mail at Rodney.fanner@nrc.gov.
This letter does not contain new or amended information collection requirements subject to the
Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection
requirements were approved by the Office of Management and Budget, control number 3150-
0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a
request for information or an information collection requirement unless the requesting document
displays a currently valid Office of Management and Budget control number.
In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding,
of the NRC's "Rules of Practice," a copy of this letter and its enclosure will not be available
electronically for public inspection in the NRCs Public Document Room or from the Publicly
Available Records (PARS) component of the NRC's Agencywide Documents Access and
Management System (ADAMS). ADAMS is accessible from the NRC Web site at
http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
Sincerely,
/RA/
Scott M. Shaeffer, Chief
Engineering Branch 2
Division of Reactor Safety
Docket Nos.: 50-259, 50-260, 50-296
License Nos.: DPR-33, DPR-52, DPR-68
Enclosure:
Security Inspection Document Request
cc: See Page 3
SUNSI REVIEW COMPLETE
FORM 665 ATTACHED
OFFICE
RII/DRS/EB1
RII/DRS/EB1
SIGNATURE
RJF2
SMS
NAME
R. Fanner
S. Shaeffer
DATE
4/ 17/ 2018
4/17/2018
E-MAIL COPY?
YES
NO
YES
NO