ML18347B457

From kanterella
Jump to navigation Jump to search
IP 81000.01 Access Authorization
ML18347B457
Person / Time
Issue date: 04/01/2019
From: Niry Simonian
NRC/NSIR/DSO/SOSB
To:
Niry Simonian 301-287-3636
Shared Package
ML18347B428, ML19090A000 List:
References
CN 19-011
Download: ML18347B457 (16)
v  d  e


Text

NRC INSPECTION MANUAL NSIR/DSO INSPECTION PROCEDURE 81000 ATTACHMENT 01 ACCESS AUTHORIZATION Effective Date: 04/01/2019 PROGRAM APPLICABILITY: IMC 2200, Appendix A 81000.01-01 INSPECTION OBJECTIVES 01.01 To verify that the licensee has developed and is implementing, or is prepared to implement, its Access Authorization (AA) program in accordance with the U.S. Nuclear Regulatory Commission (NRC)-approved security plans.

01.02 To verify that the licensee has developed and is implementing, or is prepared to implement, measures to ensure that its AA program provides assurance that individuals granted unescorted access are trustworthy, reliable, and do not constitute an unreasonable risk to public health and safety or the common defense and security.

01.03 To verify that the licensee has developed and is implementing, or is prepared to implement, measures to ensure that the behavioral observation provisions of the licensees AA program provides assurance of continued reliability and trustworthiness of personnel with unescorted access.

01.04 To verify and assess that the licensee has developed and is implementing, or is prepared to implement, provisions of the insider mitigation program that are effective in mitigating the active insider and active violent insider.

01.05 To verify that the licensees physical protection program associated with this sample is designed and implemented, or is prepared to implement, to meet the general performance objective of Title 10 of the Code of Federal Regulations (10 CFR) 73.55(b).

81000.01-02 INSPECTION REQUIREMENTS General Guidance.

This inspection procedure (IP) was developed to ensure the operational program established for implementation at a plant licensed in accordance with 10 CFR Part 50 and 10 CFR Part 52 meet all NRC requirements and objectives for operational program readiness. Note that this inspection is conducted as licensees activate the operational program. Therefore, verification through observation of activities may not be possible. In such cases, the inspector(s) should review the appropriate licensee procedures and conduct inspections of all associated areas to ensure program compliance upon implementation.

Issue Date: 04/01/19 1 81000.01

Through verification of the inspection requirements within this inspection procedure, the inspector(s) shall ensure that the licensees physical protection program associated with this sample is designed and implemented, or is prepared to implement, the general performance objective of 10 CFR 73.55(b).

In preparing to complete this IP, the inspector(s) should familiarize themselves with relevant documentation which may include, but is not limited to the licensee's security plans, site specific and/or corporate implementing procedures, security post orders, and security program reviews and audits. Specifically, the inspector should apply additional attention to recent security plan changes that could be relevant to the inspection activity.

The inspector(s) should also consider conducting a review of past security inspection reports for the facility, if applicable. Each inspector is responsible for ensuring that every sample in the inspection procedure is completed and evaluated to a level which provides assurance that licensees are meeting NRC regulatory requirements within the security program area being inspected. The guidance within this procedure is being provided as a tool which:

(1) recommends to the inspector(s) certain methods and techniques for determining licensee security program compliance and effectiveness related to an inspection requirement or; (2) clarifies certain aspects of a regulatory requirement associated with a particular inspection requirement. Where minimum sampling numbers are indicated (i.e., at least three intrusion detection system zones shall be tested, or at least 20 percent of the total personnel on a shift will be selected for weapons firing, etc.), the inspector(s) should adhere as closely as possible to the numbers identified in the guidance. The inspector(s) may expand the minimum number to aid in determining the extent of the condition, should compliance concerns arise. Completion of other recommended actions contained in this guidance should not be viewed as mandatory and is only intended to assist the inspector(s) in determining whether an inspection sample has been adequately addressed. Should questions arise regarding procedural requirements or guidance, the inspector(s) should consult with regional management, the Office of Nuclear Security and Incident Response (NSIR), or the program office, for clarification.

In assessing the licensees AA program, the inspector(s) must determine whether the licensees program obtains sufficient information on which to base an initial determination to grant a person unescorted access. The total accumulation of information about the person is the basis for the unescorted access determination. A sound determination requires the assessment of all data provided by the applicant and developed through the investigation to determine whether the applicant has been truthful in providing the information necessary for the reviewing official to decide that the applicant is trustworthy and reliable and does not constitute a risk to the health and safety of the public, and the common defense and security, including the risk of committing radiological sabotage.

In no case should a licensee make access decisions by exception through application of best effort. Best effort is limited to the effort applied to a specific past or present employer of the applicant or academic institution attended by the applicant and cannot be used to satisfy the requirements for meeting the criteria to establish trustworthiness and reliability.

After the initial decision to grant unescorted access, the licensee must ensure that each person granted unescorted access is a part of an effective behavioral observation program designed to recognize behaviors that, if left unaddressed, could have an adverse effect on the public health and safety or the common defense and security. The program may include insider mitigation attributes.

Issue Date: 04/01/19 2 81000.01

The Fitness-for-Duty (FFD) program is critically intertwined in the AA program. Therefore, the inspector(s) should include the related portions of the FFD inspection procedure to ensure that all pre-access activities are incorporated in the overall program and prevent the licensee from granting unescorted access prematurely.

The inspector(s) should review the remaining elements of the program to ensure that records are appropriately maintained and protected and that access reviews are sufficiently independent to ensure a person who has been denied unescorted access has an opportunity to present any additional information on the access decision.

The inspector(s) should review the documentation from a representative sample of AA decisions to identify: (1) cases in which unescorted access was not terminated due to failure to report arrests; (2) cases in which persons testing positive for alcohol or other prohibited substances continued to be authorized unescorted access or were returned to unescorted access status after an initial removal; and (3) the rate of for-cause referrals for other than suspected alcohol abuse.

02.01 Implementing Procedures.

a. Verify that the licensee has established measures to implement procedures to ensure that personnel denied unescorted access after January 1, 1997, are included in a common industry database. (10 CFR 73.56(o)(6)(i), 10 CFR 73.56(o)(6)(ii))

Specific Guidance.

When inspecting this requirement, the inspector(s) should review the licensees procedures to verify that the licensee has established a method to share AA information with other licensees. Specifically, the inspector(s) should verify that the licensee has procedures that outline the implementation of an information sharing mechanism to share information with other licensees pertaining to individuals who have been denied unescorted access as a result of not meeting or maintaining the trustworthiness and reliability criteria for unescorted access in accordance with 10 CFR 73.56.

b. Verify that the licensee has established measures to implement procedures to ensure that individuals performing background investigations have met criteria that are consistent with the requirements for persons undergoing background investigations.

(10 CFR 73.56(k)(1), 10 CFR 73.56(k)(2))

Specific Guidance.

To inspect this requirement, the inspector(s) should review the licensees procedures to verify that the licensee implements measures to determine the trustworthiness and reliability of personnel (background screeners and access authorization personnel) who collect and process information that will be used by a reviewing official to make unescorted access or unescorted AA determinations. At a minimum the licensees procedures should address the following: (1) verification of the individuals true identity; (2) performance of a local criminal history through a State or local court; (3) the conduct of a local credit history evaluation; (4) the conduct of an employment history evaluation covering the last 3 years; and (5) the conduct of a character and reputation evaluation.

Issue Date: 04/01/19 3 81000.01

c. Verify that the licensee has established measures to implement procedures to ensure that persons granted unescorted access are aware and remain aware of their responsibility to report any legal action(s) taken by a law enforcement authority or court of law and are notified in writing of their responsibilities. (10 CFR 73.56(g))

Specific Guidance.

To inspect this requirement, the inspector(s) should review the licensees procedures to verify that the licensee has an established legal action reporting program that includes, at a minimum, the following: (1) requirements for individuals with or who have applied for unescorted access or unescorted AA to promptly report any legal actions such as; an arrest, an indictment, the filing of charges, or a conviction; (2) a method for notifying an individual in writing of his or her obligation to report legal action; and (3) actions that recipients of a legal action report are required to take upon receipt of a report. The legal action reporting program excludes minor civil actions or misdemeanors such as parking violations or speeding tickets.

d. Verify that the licensee has established measures to implement procedures and processes that address obtaining and explaining informed consent, to include the withdrawal of consent, for individuals subject to background investigations required for unescorted access and unescorted AA. (10 CFR 73.56(d)(1))

Specific Guidance.

When inspecting this requirement, the inspector(s) should review the licensees implementing procedures and/or AA records to verify that the licensee has established a method to obtain informed consent to conduct background investigations on individuals applying for unescorted access or unescorted AA. The inspector(s) should also verify that these measures include explaining informed consent and the withdrawal of consent to individuals applying for unescorted access or unescorted AA.

e. Verify that the licensees procedures describe how it protects personal information maintained in the licensees personnel information management system.

(10 CFR 73.56(m))

Specific Guidance.

When inspecting this requirement, the inspector(s) should review the licensees procedures to verify that licensees procedures address the protection of personal information used by the licensee to process the applications of individuals seeking unescorted access or unescorted AA. The licensee procedures should address the specific measures for the protection of this information during the time the information is being used for the determination process as well as once unescorted access has been granted and the personal information is then being maintained in accordance with 10 CFR 73.56(o)(2)(i). Licensees or their contractors and vendors who implement the unescorted AA programs in accordance with these criteria should retain the records on which the AA is based or denied for the duration of the unescorted access and for 5 years following access denial or access termination from the authorizing licensees program.

Issue Date: 04/01/19 4 81000.01

02.02 Granting Unescorted Access, Reinvestigations, and Maintaining Authorization.

a. Verify that the licensee has established measures to implement adequate provisions to obtain sufficient information to determine the true identity of applicants for unescorted access. (10 CFR 73.56(d)(3))

Specific Guidance.

The inspector(s) should review licensees procedures, records, and practices to verify that the licensee demonstrates measures to validate an individuals true identity. Those measures should include the following minimum requirements: (1) a process to validate that the social security number that the individual has provided is his or hers and, in the case of foreign nationals, validate the claimed non-immigration status that the individual has provided is correct; and (2) a method to determine whether the results of the fingerprinting confirm the individuals claimed identity, if such results are available.

b. Verify that the licensee has established measures to conduct employment and education verifications and suitable inquiries within the required time constraints.

(10 CFR 73.56(h)(4))

Specific Guidance.

The inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee demonstrates methods to verify employment and education and perform suitable inquiries of applicants requesting initial unescorted access or unescorted AA in accordance with 10 CFR 73.56(h)(4). Additionally, the inspector(s) should examine the licensees processes to confirm that the licensee demonstrates methods to verify employment and education and perform suitable inquiries of individuals who have previously been granted unescorted AA, but whose access had been terminated or interrupted for a period of time.

c. Verify that the licensee has established measures to require applicants to undergo professionally accepted and standardized psychological evaluations as required.

(10 CFR 73.56(e))

Specific Guidance.

When inspecting this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee has methods in place to ensure that a psychological assessment is completed before an individual is granted unescorted access or certified unescorted AA. The inspector(s) should also review the psychological assessment(s) that the licensee uses and determine if the assessment(s) is designed to evaluate the possible adverse impact of any noted psychological characteristics on an individuals trustworthiness and reliability. While reviewing the psychological assessment(s), the inspector(s) should confirm that the licensees psychological assessment(s) include, at a minimum: (1) a standardized, objective, professionally accepted psychological test that provides information to identify indications of disturbances in personality or psychopathology that may have adverse implications for an individuals trustworthiness and reliability; (2) a licensed psychiatrist or psychologist established the predetermined thresholds of the test that will be applied in interpreting the results of the psychological test to determine whether an individual Issue Date: 04/01/19 5 81000.01

must be interviewed by a licensed psychiatrist or psychologist; and (3) the assessment(s) are conducted in accordance with the applicable ethical principles for conducting such assessments established by the American Psychological Association or American Psychiatric Association.

d. Verify that the licensee has established measures to ensure that a clinical interview by a licensed psychiatrist or psychologist is conducted for individuals who provide indication of disturbances in personality or psychopathology during the psychological assessment that may have implications on trustworthiness and reliability.

(10 CFR 73.56(e)(4))

Specific Guidance.

For the inspection of this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that clinical interviews are performed by a licensed psychiatrist or psychologist for individuals whose scores on the psychological assessments are outside of the predetermined thresholds that are indicative of disturbances in personality or psychopathology that may have implications for an individuals trustworthiness and reliability.

e. Verify that the licensee has established measures to ensure that the licensees reviewing official reviews and evaluates all of the background information required by 10 CFR 73.56 in making AA decisions for the trustworthiness and reliability of individuals applying for unescorted access or unescorted AA. (10 CFR 73.56(h)(1))

Specific Guidance.

The inspector(s) should review a sample of AA records, in particular those that have been adjudicated, to ensure that each specific program element, both individually and collectively, meet the assurance standard described in the rule.

f. Verify that the licensee has established measures to ensure that it conducts reviews of credit history summaries for the entire period identified on personal history questionnaires that are provided. (10 CFR 73.56(d)(5))

Specific Guidance.

When inspecting this requirement, the inspector(s) should review licensees procedures, records, and practices to confirm that the licensee conducts full credit history evaluations of individuals applying for unescorted AA. The licensees procedures, records, and practices should identify that a full credit evaluation includes, but is not limited to, an inquiry to detect the potential fraud or misuse of social security numbers or other financial identifiers and review an evaluation of all the information that is provided by a national credit-reporting agency about an individuals credit history.

Additional provisions should be included in the licensees AA program that stipulate methods to perform a credit history review of foreign nationals and U.S. citizens who have resided outside of the U.S. and do not have established credit history that covers at least the most recent 7 years in the U.S. The licensees credit history evaluation should also include a comparison between the data produced from an individuals credit report to the information the individual submitted on his or her personal history questionnaire.

Issue Date: 04/01/19 6 81000.01

g. Verify that the licensee has established measures to implement appropriately the standard of best effort while conducting employment history evaluations.

(10 CFR 73.56(d)(4))

Specific Guidance.

The inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee has methods in place to implement the standard of best effort.

Specifically, the licensees procedures, records, and practices should identify that employment history evaluations are completed on a best effort basis, by questioning an individuals present and former employers, and by determining the individuals activities while unemployed. In no case should a licensee make access decisions by exception.

Best effort is limited to the specific effort applied to a specific past or present employer of the applicant and cannot be used for the cumulative satisfaction of the requirements for meeting a test to establish trustworthiness and reliability.

h. Verify that the licensee has established measures to implement appropriately the requirements for submitting fingerprints, including the restrictions on requesting name searches. (10 CFR 73.56(d)(3), 10 CFR 73.57(b))

Specific Guidance.

When inspecting this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee is submitting fingerprints in accordance with requirements and exceptions set forth in both 10 CFR 73.56(d)(3) and 10 CFR 73.57(b).

i. Verify that the licensee has established measures to ensure that individuals who are members of the population that perform one or more job functions that are critical to the safe and secure operation of the licensees facility, as defined in 10 CFR 73.56(i)(1)(v)(B),

are subject to a clinical interview by a licensed psychiatrist or psychologist as part of the psychological assessment. (10 CFR 73.56(e)(4)(ii))

Specific Guidance.

When inspecting this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee requires the following individuals to undergo a clinical interview as part of the psychological assessment:

1. Individuals who have extensive knowledge of defensive strategies and design and/or implementation of the plants defensive strategies, including:

(a) Site security supervisors, (b) Site security managers, (c) Security training instructors, and (d) Corporate security managers.

2. Individuals in a position to grant an applicant unescorted access or unescorted AA, including site AA managers.

Issue Date: 04/01/19 7 81000.01

3. Individuals assigned a duty to search for contraband or other items that could be used to commit radiological sabotage.
4. Individuals who have access, extensive knowledge, or administrative control over plant digital computer and communication systems and networks as identified in 10 CFR 73.54, including:

(a) Plant network systems administrators, and (b) Information technology personnel who are responsible for securing plant network(s).

5. Individuals qualified for and assigned duties as: armed security officers, armed responders, alarm station operators, response team leaders, and armorers, as defined in the licensees or applicants security plans, and reactor operators, senior reactor operators, and non-licensed operators.
j. Verify that the licensee has established measures to reinvestigate all personnel having unescorted access to NRC-licensed facilities. (10 CFR 73.56(h)(6)(i))

Specific Guidance.

No inspection guidance.

k. Verify that the licensee has established measures to ensure that it conducts reviews and evaluations of Federal Bureau of Investigation (FBI) criminal history records before authorizing unescorted access. (10 CFR 73.57(b), 10 CFR 73.56(d)(7))

Specific Guidance.

The inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee reviews and evaluates an individuals FBI criminal history records prior to authorizing unescorted access and considers the information contained in the records in determining the individuals suitability for unescorted access in accordance with 10 CFR 73.57(b).

l. Verify that the licensee has established measures to implement AA categories and processes for determinations regarding initial unescorted access, updated unescorted access, and reinstatement of unescorted access. (10 CFR 73.56(h))

Specific Guidance.

When inspecting this requirement, the inspector(s) should review the licensees procedures to verify that the licensee has established methods for granting unescorted access and certifying unescorted AA for individuals applying for initial unescorted access. Additionally, the inspector(s) should review the licensees procedures to verify that the licensee has established methods to grant or deny unescorted access or unescorted AA to individuals who have previously been granted unescorted AA, but whose access had been terminated or interrupted for a for a period of time.

m. Verify that the licensee has provisions in place to reassess and reevaluate information received by or provided to the licensee on the day of discovery, that may have an effect Issue Date: 04/01/19 8 81000.01

on the trustworthiness or reliability of a person with unescorted access or unescorted AA. (10 CFR 73.56(g)(1))

Specific Guidance.

No inspection guidance.

n. Verify that the licensee establishes criteria in accordance with the regulations for verifying the trustworthiness and reliability of individuals who collect process or have access to background information. (10 CFR 73.56(k))

Specific Guidance.

No inspection guidance.

02.03 Behavioral Observation Program and Insider Threat Mitigation.

a. Verify that the licensee has established measures to reassess and re-approve personnel access lists for vital areas (VAs) at the prescribed frequency to confirm that personnel on the VAs access list have a continued need to access VAs.

(10 CFR 73.56(j))

Specific Guidance.

The inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee reassesses and reapproves personnel access lists for VAs at the prescribed frequency to confirm that personnel on the VA access list have a continued need to access VAs. Specifically, the licensees access list for VAs must include: (1) only individuals who have a continued need for access to those specific VAs in order to perform their duties and responsibilities; (2) must be approved by a cognizant licensee or applicant manager or supervisor who is responsible for directing the work activities of the individual who is granted unescorted access to each VA; and (3) the list is updated and re-approved no less than every 31 days.

b. Verify that the licensee has established measures to screen individuals on personnel access lists to ensure that they have a continued need for access to VAs, not just a possibility of needing unescorted access at some undefined time in the future.

(10 CFR 73.55(g)(1)(i)(D) and 10 CFR 73.56(j))

Specific Guidance.

No inspection guidance.

c. Verify that the licensee has established measures to implement provisions for conducting psychological reassessments for individuals who perform one or more job functions that are critical to the safe and secure operation of the licensees facility as identified in 10 CFR 73.56(i)(1)(v)(B) at intervals not to exceed 5 years.

(10 CFR 73.56(i)(1)(v)(B))

Issue Date: 04/01/19 9 81000.01

Specific Guidance.

When inspecting this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee implements provisions for conducting psychological reassessments within 5 years of the day on which the individual was last psychologically assessed. These individuals include:

1. Individuals who have extensive knowledge of defensive strategies and design and/or implementation of the plants defensive strategies, including:

(a) Site security supervisors, (b) Site security managers, (c) Security training instructors, and (d) Corporate security managers.

2. Individuals in a position to grant an applicant unescorted access or unescorted AA, including site AA managers.
3. Individuals assigned a duty to search for contraband or other items that could be used to commit radiological sabotage.
4. Individuals who have access, extensive knowledge, or administrative control over plant digital computer and communication systems and networks as identified in 10 CFR 73.54, including:

(a) Plant network systems administrators, and (b) Information technology personnel who are responsible for securing plant network(s).

5. Individuals qualified for and assigned duties as: armed security officers, armed responders, alarm station operators, response team leaders, and armorers, as defined in the licensees or applicants security plans, and reactor operators, senior reactor operators, and non-licensed operators.
d. Verify that the licensee has established measures to implement provisions for conducting and reviewing annual supervisory reviews. (10 CFR 73.56(i)(1)(iv))

Specific Guidance.

No inspection guidance.

e. Verify that the licensee has established measures to ensure the behavioral observation program ensures the ability to recognize behaviors or activities adverse to the safe operation and security of the facility. (10 CFR 73.56(f)(1))

Specific Guidance.

The inspector(s) should review the licensees related behavioral observation program procedures, records, and lesson plans to confirm that the licensee ensures that its program ensures the ability to recognize behaviors or activities adverse to the safe operation and security of the facility.

Issue Date: 04/01/19 10 81000.01

f. Verify that the licensees procedures include a method to validate the implementation of the licensees behavior observation program for off-site employees who maintain unescorted access. (10 CFR 73.56(f)(1))

Specific Guidance.

No inspection guidance.

02.04 Information Sharing.

a. Verify that the licensee has established measures to ensure that shared information, which may have an adverse effect on an individuals trustworthiness and reliability, is updated or provided to other licensees or industry entities in a timely fashion so informed AA decisions can be made. (10 CFR 73.56(o)(6)(i))

Specific Guidance.

When inspecting this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee implements measures to ensure that shared information which may have an adverse effect on an individuals trustworthiness and reliability is updated or provided to other licensees or industry entities in a timely fashion. Specifically, the inspector(s) should review the licensees AA program to confirm that the licensee has methods in place to ensure if/when shared information is developed about an individual; the licensee that acquired the information shall correct or augment the data and ensure it is shared with other licensees. If the information has implications for adversely affecting an individuals trustworthiness and reliability, the licensee who discovered or obtained the information, informs the reviewing official of any licensee AA program under which the individual is maintaining his or her unescorted AA or unescorted access status of the updated information on the day of the discovery.

b. Verify that the licensee or entity has established measures to ensure that violations, within its respective FFD program, for any 10 CFR Part 26 program elements are identified to any licensee having taken credit for the activities of the licensee in violation and to any licensee who may attempt to take credit for the activities of the licensee in violation. (10 CFR 26.53(g))

Specific Guidance.

When inspecting this requirement, the inspector should review the licensees processes for the sharing of FFD information related to AA to ensure that a process exists to inform other licensees or entities (whom may have taken credit for/used this licensees/entitys FFD program information) of violations within their respective FFD program.

c. Verify that the licensee has established measures to implement a method to share information pertaining to individuals who have unescorted access or unescorted AA with other licensees or entities that are required to maintain AA programs in accordance with 10 CFR 73.56. (10 CFR 73.56(o)(6))

Issue Date: 04/01/19 11 81000.01

Specific Guidance.

The inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee has methods in place to share information pertaining to individuals who have unescorted access or unescorted AA with other licensees and entities that are required to maintain AA programs. Specifically, the inspector(s) should review the licensees AA program to confirm that the licensee has methods in place to ensure the following:

1. Licensees who are authorized to add or manipulate data, within an information-sharing mechanism that is shared with other licensees, ensures that the data linked information about individuals who have applied for unescorted AA, as specified in licensee AA program documents, is retained.
2. If the shared information used for determining an individuals trustworthiness and reliability changes or new or additional information is developed about the individual, the licensee that is acquiring this information shall correct or augment the data contained within the information-sharing mechanism.
3. If changed, additional, or developed information that has implications for adversely affecting an individuals trustworthiness and reliability is discovered or obtained, the licensee who discovered or obtained the information, informs the reviewing official of any licensee AA program under which the individual is maintaining his or her unescorted AA or unescorted access status of the updated information on the day of the discovery.
4. The receiving licensees reviewing official evaluates the information and takes appropriate actions, which may include denial or unfavorable termination of unescorted AA or unescorted access.
5. If the information-sharing mechanism is unavailable and notification of change or updated information is required, the licensee takes manual actions to ensure that the information is shared, and the data is updated in the information-sharing mechanism as soon as reasonably possible.
6. Records that are maintained in the database are available for NRC review.
d. Verify that the licensee has established measures to deny access to the PA for personnel who have been denied access based on NRC requirements.

(10 CFR 73.56(h)(3))

Specific Guidance.

No inspection guidance.

e. Verify that the licensee has established measures to ensure that personnel with unescorted access or unescorted AA, who are in a licensee, contractor, or vendor FFD follow-up program, are identified to any subsequent licensee or entity to enable continuation of the follow-up activities by the receiving licensee or entity.

(10 CFR 26.69(e)(1))

Issue Date: 04/01/19 12 81000.01

Specific Guidance.

The inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee has methods in place to ensure that personnel with unescorted access or unescorted AA, who are in a licensees, contractors, or vendors FFD follow-up program, are identified to any subsequent licensee or entity to enable continuation of the follow-up activities by the receiving licensee or entity. Specifically, the inspector(s) should review the licensees AA program to confirm that when the licensee imposes FFD treatment and/or a follow-up testing plan that the licensee ensures that information documenting the treatment and/or follow-up testing plan is identified to any subsequent licensee or entity who seeks to grant authorization to the individual.

f. Verify that the licensee has established measures to implement a method to share information pertaining to the access denial of individuals with other licensees and entities that are required to maintain AA programs in accordance with 10 CFR 73.56.

(10 CFR 73.56(o)(6))

Specific Guidance.

No inspection guidance.

g. Verify that the licensee has established measures to implement backup manual procedures and processes for sharing information. (10 CFR 73.56(o)(6)(ii))

Specific Guidance.

When inspecting this requirement, the inspector(s) should review licensees procedures, records, and practices to confirm that the licensee maintains backup manual procedures and processes for sharing information. Specifically, the inspector(s) should review the licensees AA program to confirm that, in the event of a failure of the primary information sharing method occurs, the licensee maintains a backup process of manual information exchange available for short-term use.

02.05 Personnel Information Management.

a. Verify that the licensee has established measures to implement a personnel information management system to protect sensitive personal information. (10 CFR 73.56(m),

10 CFR 73.56(m)(1), and 10 CFR 73.56(m)(3)).

Specific Guidance.

When inspecting this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee implements and maintains a personnel information management system to protect sensitive personal information. Additionally, and where applicable, this includes the licensee obtaining a release (consent) form from non-citizens prior to querying the Department of Homeland Security Systematic Alien Verification for Entitlement (DHS-SAVE) database. This is applicable to unescorted and escorted access if the licensee is or has used the DHS-SAVE database.

Issue Date: 04/01/19 13 81000.01

Inspectors should also note that the DHS-SAVE database is administered by the United States Citizenship and Immigration Services (USCIS) of the DHS. The NRC has entered into a Memorandum of Understanding with USCIS for the use of the DHS-SAVE database by its licensees. The SAVE database enables NRC licensees, opting to use DHS-SAVE, to verify the legal status of non-citizens seeking access to NRC-licensed facilities. The NRC Security Order, AA, Enclosures 3 & 4, January 7, 2003, recommended the use of a Federal database to verify the immigration status of non-citizens accessing the PA of nuclear power plants. The DHS-SAVE database fulfills this recommendation.

b. Verify that the licensees information management system protects information stored or transmitted in electronic format. (10 CFR 73.56(m))

Specific Guidance.

No inspection guidance.

c. Verify that the licensees information management system prohibits unauthorized access to the information and prohibits modification of the data without proper authorization. (10 CFR 73.56(m))

Specific Guidance.

No inspection guidance.

02.06 Reviews.

Events and Logs. Review licensee event reports, safeguards log entries, and corrective action program entries for the previous 12 months (or since the last inspection) that concern the AA program, and follow up, if appropriate. (10 CFR 73.55(b)(10) and 10 CFR 73.71)

Security Program Reviews. Verify that the licensee has established measures to conduct security program reviews upon implementation of its security plan in accordance with 10 CFR 73.55(m) and that the licensees AA program is included in a review as required by the regulation. (10 CFR 73.55(m) and Security Plans)

Problem Identification and Resolution. Verify that the licensee identifies problems with the AA program and its integration with the FFD program at an appropriate threshold and enters the problems in the corrective action program. Verify that the licensee has appropriately resolved the regulatory requirement issue for a selected sample of problems with AA. If applicable, see IP 71152, Problem Identification and Resolution, for additional guidance. (10 CFR 73.55(b)(10))

Specific Guidance.

The inspector(s) should review safeguards log entries, licensee condition reports, licensee corrective action program entries, etc., for the previous 12 months to determine whether the licensee has experienced issues with the implementation of its AA program. The inspector(s) should follow-up on issues identified to ensure the licensee has taken appropriate corrective actions to prevent a re-occurrence of the Issue Date: 04/01/19 14 81000.01

issues identified. For the inspection of this requirement the inspector(s) should review the documented results of the security program reviews or audits performed by the licensee to ensure the continued effectiveness of its AA program. The inspector(s) should ensure that the reviews have been conducted in accordance with the requirements of 10 CFR 73.55(m). The inspector(s) should also request that the licensee provide a copy of the report that was developed and provided to licensee management for review. The inspector(s) should review the report to identify any findings that were identified via the review or audit to ensure the findings were entered in the licensees corrective action program.

81000.01-03 RESOURCE ESTIMATE The resource estimate for this inspection procedure is approximately 32 hours3.703704e-4 days <br />0.00889 hours <br />5.291005e-5 weeks <br />1.2176e-5 months <br /> of direct on-site inspection. The sample size for this procedure is 36.

END : Revision History for IP 81000.01, Access Authorization Issue Date: 04/01/19 15 81000.01

Attachment 1 - Revision History for IP 81000.01, Access Authorization Comment Resolution Description of Commitment Accession Number and Closed Feedback Training Required Tracking Issue Date Description of Change Form Accession No.

and Completion Number Change Notice (Pre-Decisional, Date Non-Public Information)

Training to be Researched commitments made in the last 4 ML120900536 covered at the July years and found none. IP developed to N/A 09/07/12 2013 Annual NSIR N/A support security construction inspections CN 12-020 Counterpart under IMC 2200.

Meeting.

This document has been revised as a result of updates to IP 71130.01. Upon completion ML18347B457 of a SUNSI review, the staff concluded that N/A 04/01/19 N/A ML18347B455 this IP should be decontrolled. Consistent CN 19-011 with the staffs SUNSI determination, this IP is now publicly available.

Issue Date: 04/01/19 Att1-1 81000.01

Retrieved from "https://kanterella.com/w/index.php?title=ML18347B457&oldid=1917947"