Text

UNITED STATES NUCLEAR REGULATORY COMMISSION ADVISORY COMMITTEE ON REACTOR SAFEGUARDS WASHINGTON, DC 20555 - 0001 November 8, 2018 Ms. Margaret M. Doane Executive Director for Operations U.S. Nuclear Regulatory Commission Washington, DC 20555-0001

SUBJECT:

DRAFT DIGITAL INSTRUMENTATION & CONTROLS INTERIM STAFF GUIDANCE DIGITAL I&C ISG-06, LICENSING PROCESS, REVISION 2

Dear Ms. Doane:

During the 658th meeting of the Advisory Committee on Reactor Safeguards, November 1-2, 2018, we reviewed the staff's September 11, 2018, letter regarding disposition of the conclusion and recommendations in our ISG-06 letter of July 18, 2018.

The discussion portion of our July 18, 2018 letter addressed our concerns regarding Control of Access. In our letter, we state that:

The staff has ensured that four of the five fundamental digital design principles are addressed in draft ISG-06, Revision 2. However, we remained concerned that the fifth critical fundamental design principle for the architecture design of DI&C applications, Control of Access, is not included. In addition to using design approaches and administrative controls to restrict internal plant access to systems, Control of Access also means preventing remote electronic access to in-plant systems and networks from sources external to the plant. Plant and system data transmission should be configured to be one-way from in-plant to external recipients using only hardware-based processes, which neither use nor are configured by software. This is a continuing concern. We urge the staff to formally incorporate this principle into the licensing design evaluation process.

In the September 11, 2018 response to our letter, the staff documented that draft ISG-06, Revision 2, was issued for public comment. The staff stated that this draft ISG incorporated language to address our recommended configuration management concern, and after resolution of public comments, the NRC staff would provide an updated draft ISG-06, Revision 2, to us for review. However, the staffs response was silent on our documented concern regarding Control of Access.

During our review of the draft ISG-06 updated with public comments, we noted that our concern for Control of Access was not incorporated into the document. Therefore, we request that the staff provide the documented basis as to why they did not incorporate the fifth fundamental

design principle for the architecture design of DI&C applications, Control of Access, and provide any additional changes that would help ensure prevention of remote electronic access to in-plant systems and networks from sources external to the plant.

Sincerely,

/RA/

Michael L. Corradini Chairman REFERENCES

1. Advisory Committee on Reactor Safeguards, Draft Instrumentation & Controls Interim Staff Guidance, Digital I&C-ISG-06, Licensing Process, Revision 2, July 18, 2018 (ML18198A442).

2. U.S. Nuclear Regulatory Commission, Draft Interim Staff Guidance DI&C-ISG-06, Licensing Process, Revision 2, July 31, 2018 (ML18123A118).

3. U.S. Nuclear Regulatory Commission, Draft Interim Staff Guidance DI&C-ISG-06, Licensing Process, Revision 2, April 24, 2018 (ML18114A383).

4. U.S. Nuclear Regulatory Commission, Interim Staff Guidance DI&C-ISG-06, Licensing Process, Revision 1, January 19, 2011 (ML110140103).

5. U.S. Nuclear Regulatory Commission, Integrated Action Plan to Modernize Digital Instrumentation and Controls Regulatory Infrastructure, Revision 2, January 31, 2018 (ML17277B643).

November 8, 2018

SUBJECT:

DRAFT DIGITAL INSTRUMENTATION & CONTROLS INTERIM STAFF GUIDANCE DIGITAL I&C ISG-06, LICENSING PROCESS, REVISION 2 Accession No: ML18312A392 Publicly Available Y Sensitive N Viewing Rights: NRC Users or ACRS Only or See Restricted distribution *via email OFFICE ACRS/TSB SUNSI Review ACRS/TSB ACRS ACRS NAME KWeaver KWeaver MBanks AVeil (ABellinger for) MCorradini (ABellinger (MSnodderly for) (MSnodderly for) (MSnodderly for) for)

DATE 11/8/2018 11/8/2018 11/8/2018 11/8/2018 11/8/2018 OFFICIAL RECORD COPY