NRC-2019-000079 - Resp 1 - Final. Agency Records Subject to the Request Are Enclosed

ML19063B420
Person / Time
Issue date:	02/26/2019
From:	NRC/OCIO
To:
References
FOIA, NRC-2019-000079
Download: ML19063B420 (44)
v • d • e

Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 Ms. Laura L. S. Kimberly Acting Director Information Security Oversight Office March 11, 2002 National Archives and Records Administration 700 Pennsylvania Avenue, NW Washington, DC 20408

Dear Ms. Kimberly:

In response to your February 11, 2002, request, enclosed is the NRC input for the Report on Cost Estimates for Security Classification Activities in the format specified.

If you have any questions, please contact Thomas Martin on (301) 415-8080.

Enclosure:

As stated Sincerely,

~rfL.

Deputy Executive ~ir~c;o?

for Management Services

2003 Security Costs Estimates Display

• U.S. Nuclear Regulatory Commission Allf' h

d fd II 1aures are m t ousan s o oars.

Reporting Categories FY 2001*

FY2002*

FY 2003

1. Personnel Security

• 1,137 1,323 1,248

2. Physical Security 1,506 1,660 1,766

3. Information Security (Sum of a, b & c below) 609 770 1,124

a. Classification Management 202 256 309

b. Declassification 87 110 133

c. Information Technology (Electronic Security) 320 404 682 4, Professional Education, Training and Awareness 6

8 8

5. Security Management, Oversight and Planning 428 452 468

6. Unique Items Totals: Fiscal Year Estimates

-3t680-3,686 4,213 4,614 Totals: Full-Time Equivalents (FTE) 18 19 18

• Updated to reflect actual budget.

Point of contact: Wayne G. Burnside, Division of Facilities and Security (301) 415-2211

---

.---- ------ Y---- ----. -------

- -*~

~--~

~ -~--- ----*-=-

Narrative:

1) Personnel Security;. Personnel Security costs for FY-01 and FY-02 are based on FTE** and actual budgets. Cost estimates for FY-03 are based on FTE and budget projections. It is estimated that 87% of personnel security costs (i.e., FTE plus personnel security investigations) are dedicated to classified activities. The personnel security cost projections for FY-03 are slightly lower that FY-02 costs because more security reinvestigations are planned for FY-02.

2) Physical Security - Physical Security costs for FY-01 and FY-02 are based on FTE and actual budgets. Cost estimates for FY-03 are based on FTE and budget projections. It is estimated that 60% of physical security costs (i.e., FTE plus physical security components such as guards, intrusion detection systems, and access control systems) are dedicated to classified activities. The physical security costs for FY-03 are projected to be slightly higher due to increased costs for security guard services and the cost of FTE.

3} Information Security-Information Security costs for FY-01 and FY-02 are based on FTE and actual budgets. Costs for FY-03 are based on FTE arid budget projections. The FY-03 cost increase is primarily due to additional resources and planned initiatives for Homeland Security and an increase in the cost of FTE.

4) Professional Education Training and Awareness - NRC has a very small training and awareness program, with less than one FTE assigned to it. Educational activities are expected to increase slightly.

5) Security Management, Oversight, and Planning - Costs associated with Security Management, Oversight, and Planning are related solely to FTE.

6} Unique Items - NRC has not allocated funds for unique items for 2001-2003.

.. FY-01 unit FTE cost= $107,000 FY-02 unit FTE cost= $113,000 FY-03 unit FTE cost= $117,000

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 March 11, 2003 Ms. Laura L. S. Kimberly Associate Director for Policy Information Security Oversight Office National Archives and Records Administration 700 Pennsylvania Avenue, NW Washington, DC 20408

Dear Ms. Kimberly:

In response to your February 7, 2003, r!;lquest, enclosed is the U. S. Nuclear Regulatory Commission's input for the Report on Cost Estimates for Security Classification Activities in the format specified.

If you have any questions, please contact A. Lynn Silvious on (301) 415-2214.

Enclosure:

As stated Sincerely,

/ 1 /J}1dfi_

Wllllam F. Kane fr--

Deputy Executive Direck'r for Reactor Programs I

I f, ! I I I

I l

Ms; Laura L. S. Kimberly Associate Director for Policy Information Security Oversight Office National Archives and Records Administration 700 Pennsylvania Avenue, NW Washington, DC 20408

Dear Ms. Kimberly:

In response to your February 7, 2003, request, enclosed Is the NRC input for the Report on Cost Estimates for Security Classification Activities in the format specified.

If you have any questions, please contactA. Lynn Silvious on (301) 415-2214.

Enclosure:

As stated Distribution:

EDO Control: G20030070 NSIR Ticket No. 03-0113 NSIR R/F DNS R/F INFOSEC R/F W. D. Travers, EDO C. J. Paperiello, OED

, W. F. Kane, DEDR P. G. Norry, DEDM J. W. Craig, OEDO K. D. Cyr,GC S. G. Burns, OGC J. L. Funches, CFO M. L. Springer, ADM S. Reiter, CIO C. C. Schum, OEDO Sincerely, William F. Kane Deputy Executive Director for Reactor Programs To receive a copy of this document, Indicate In the box: "C" = Copy without h

ti I

"E" C

. h tt h

/

I "N" N attac men enc osure

= OPVWlt a ac ment enc osure

= OCOPV OFFICE INFOSEC I

INFOSEC I

OCFO I

ADM/DFS NAME WGBurnside ALSilvious TMPulliam TOMartin DATE 03/

/03 03/

/03

. 03/

/03 03/

/03 OFFICE OCIO I

DNS I

D/DNS I

NSIR I

I NAME DGaUk CHaney GMTracy RPZimmerman DATE 03/

/03 03/

/03 03/

/03 03/

/03 i

I DEDPR WFKane 03/

/03

2003 Security Costs Estimates Display U.S. Nuclear Regulatory Commission

. h f d II All fioutes are in t ousands o oars.

Reporting Categories

• FY 2002*

FY 2003*

FY 2004 (Est. in OOOs)

(Est. in OOOs)

(Est. in OOOs)

1. Personnel Security 1,323 1,604 1,394

2. Physical Security 1,660 1,766 2,360

3. Information Security (Sum of a, b & c below) 770 1,239 1,538

a. Classification Management 256 371 476

b. Declassification 110 159 204

c. Information Technology (Electronic Security) 404 709 858

4. Professional Education, Training and Awareness 8

6 6

5. Security Management, Oversight and Planning 452 468 484

6. Unique Items Totals: Fiscal Year Estimates 4,213

. 5,083 5,672 Totals: Full-Time Equivalents (FTE) 19 18 20.5

• Updated to reflect actual budget.

Point of contact: Wayne G. Burnside, Division of Nuclear Security (301) 415-2211

-~-a~.---=**---..*-...-..--...--.*~--*-*--.......-,.. -~------- -..----.... -*_,,_,,.,._....,..----=....-------~-*----~---.-....-- ---*---.,...,-... - ------* ---**--****-------**---- -----

Narrative:

1) Personnel Security - Personnel Security costs for FY-02 and FY-03 are based on FTE** and actual budgets. Cost estimates for FY-04 are based on FTE and budget projections. It is estimated that 87% of personnel security costs (i.e., FTE plus personnel security investigations) are dedicated to classified activities. The personnel security cost projections for FY-04 are lower than FY-03 costs because more security.reinvestigations are planned for FY-03.

2) Physical Security-Physical Security costs for FY-02 and FY-03 are based on FTE and actual budgets. Cost estimates for FY-04 are based on FTE and budget projections. It is estimated that 60% of physical security costs (i.e., FTE plus physical security components such as guards, intrusion detection systems, and access control systems) are dedicated to classified activities. The physical security costs for FY-04 are projected to be higher due to increased costs for security guard services and the cost of FTE.

3) Information Security-Information Security costs for FY-02 and FY-03 are based on FTE and actual budgets. Costs for FY-04 are based on FTE and budget projections. The FY-04 cost increase ls primarily due to additional resources and planned initiatives for Homeland Security and an increase in the cost of FTE.

4) Professional Education Training and Awareness - NRC has a very small training and awareness program, with less than one FTE assigned to it. Educational activities are expected to increase slightly.

5) Security Management, Oversight, and Planning - Costs associated with Security Management, Oversight, and Planning are related solely to FTE.

6) Unique Items - NRC has not allocated funds for unique items for 2002-2004.

• • FY-02 unit FTE cost= $113,000 FY-03 unit FTE cost= $117,000 FY-04 unit FTE cost = $121,000

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 Laura LS. Kimberly.

Associate Director for Policy lnformati.on SE!curity Oversight Office March 25, 2004 National Archives and Records Administration 700 Pennsylvania Avenue, NW Washlngton, oc* 20408

Dear Ms. Kimberly:

In response to your February 2, 2004, request, enclosed is the U.S. Nuclear Regulat<>ry Commission input for the Report on Cost Estimates for Security Classification Activities.

If you have any questions, please contact A. Lynn Silvious at 301-415-2211.

Sincerely,

~~

• William F. Kane Deputy Executive Director for Homeland Protection and Preparedness

Enclosure:

As stated

2005 Security Classification Cost Estimates Display U.S. Nuclear Regulatory Commission Al If d II 1gures are m thousands of oars.

Reporting Categories FY 2003*

FY2004*

FY2005 (Est. In OOOs)

(Est. in OOOs)

(Est. in OOOs)

1. Personnel Security 1,604 1,578 1,711

2. Physical Security 1,766 2,275 2,353

3. Information Security (Sum of a, b, c and d) 1,128 2,233 2,514

a. Classification Management 371 384 400

b. Declassification 159 164 172.

c. Information Systems Security 584 1,670 1,925

d. Miscellaneous (OPSEC and TSCM} **

14 15 17

4. Professional Education, Training and Awareness 125 40 60

5. Security Management, Oversight and Planning 468 484 504

6. Unique Items

• 0- Totals: Fiscal Year Estimates 5,091 6,610 7,142 Totals: Full-Time Equivalents (FTE) 18 20.5 21 Updated to reflect actual budget.

• • NRC has no OPSEC program. The costs associated with TSCM are budgeted under physical security. In accordance with these instructions, however, TSCM is being reported under the heading of Information Security.

Point of contact: Wayne G. Burnside, Division of Nuclear Security (301) 415-2211 Enclosure

\\

Narrative.

1) Personnel Security - Personnel Security costs for FY-03 and FY-04 are based on FTE*** and actual budgets. Cost estimates for FY-05 ~re based on FTE and budget projections. It is estimated that 87% of personnel security costs (i.e., FTE plus personnel security investigations) are dedicated to classified activities. The personnel security cost projections for FY-05 are higher due_ to the reinvestigation cycle, the inclusion of a clearance program for reactor licensees, and OPM's projected price increase for all investigations.

2) Physical Security-Physical Security costs for FY-03 and FY-04 are based on FTE and actual budgets. Cost estimates for FY-05 are based on FTE and budget projections. It is estimated that 60% of physical security costs (i.e., FTE plus physical security components such as guards, intrusion detection systems, and access control systems) are dedicated to classified activities. The physical security costs for FY-05 are projected to be slightly higher due to increased costs for security guard services and the cost of FTE.

3) Information Security-Information Security costs for FY-03 and FY-04 are based on FTE and actual budgets. Costs for FY-05 are based on FTE and budget projections. The FY-05 cost increase is primarily due to an increase in secure communications equipment, systems, and_ networks (e.g., secure cellular service and secure video teleconferencing).

4) Professional Education Training and Awareness - NRC has a small training and a'1areness program with no FTE assigned to it.

However, contract dollars are being expended on the development of web-based training initiatives. As the web-based training initiative nears completion, fewer dollars will be required to maintain the program.

5) Security Management, Oversight, and Planning - Costs associated with Security Management, Oversight, and Planning are related solely to FTE.

6) Unique Items - NRC has not allocated funds for unique items for 2003-2005.

• • • FY-03 unit FTE cost= $117,000 FY-04 unit FTE cost= $121,000 FY-05 unit FTE cost= $126,000 2

-* -- ---~----.------ --- -------------*-

UNITED STATES

• NUCLEAR REGULATORY COMMISSION J. William Leonard Director WASHINGTON, D.C. 20555-0001 March 24, 2005 Information Security Oversight Office National Archives and Records Administration 700 Pennsylvania Avenue, NW Washington, DC 20408

Dear Mr. Leonard:

In response to your February 11, 2005, request, enclosed is the U.S. Nuclear Regulatory Commission input for the Report on Cost Estimates for Security Classification Activities.

If you have any questions, please contact A. Lynn Silvious on 301-415-2211.

Enclosure:

As stated Sincerely,

~PL William F. Kane Deputy Executive Director for Homeland Protection and Preparedness Office of the Executive Director for Operations f

1 i'*

FY-2006 Classification Costs Estimates Display Commission Reporting Categories FY 2006

1. Personnel Security 1,578,000 1,909,000 1,975,000

2. Physical Security 2,275,000 2,502,000 2,538,000

3. Information Security

'1

- -'.J>.,;.

~

a. Classification Management

b. Declassification

c. Information Systems Security for Classified Information

d. Miscellaneous (OP SEC and TSCM)..

e. Information Security Subtotal (Sum of a., b., c., and d.)

4. Professional Education, Training and Awareness

5. Security Management, Oversight, and Planning

6.,Unique Items Totals: Fiscal Year Estimates Updated to reflect actual budget.

384,000 164,000

.. 1,670,000 15,000

• 2,233,000 40,000 484,000 6,610,000 495,000 541,000 212,000 232,000

~.243,000 2,513,000 17,000 20,000 2,967,000 3,306,000 60,000 6;000 504,000 520,000 7,942,000 8,345,000

• • NRC has no OPSEC program. The costs associated with TSCM are budgeted under physical security. In accordance with these instructions, however, TSCM is being reported under the heading of Information Security.

I

/'

Point of contact:Wayne G. Burnside, Division of Nuclear Security (301} 415-2211

(,

J

~-.

Narrative:

1) Personnel Security - Personnel Security costs for FY-04 and FY-05 are based on FTE... and actual budgets. Cost estimates for FY-06 are based on FTE and budget projections. It is estimated that 87% of personnel security costs (i.e., FTE plus personnel security investigations) are dedicated to classified activities. The personnel security cost projections for FY-06 are slightly higher due to the reinvestigation cycle and OPM's projected price increase for all investigations.

2) Physical Security-Physical Security costs for FY-04 and FY-05 are based on FTE and actual budgets. Cost estimates for FY-06 are based on FTE and budget projections. It is estimated that 60% of physical security costs (i.e., FTE plus physical security components such as guards, intrusion detection systems, and access control systems) are dedicated to classified activities. The physical security costs for FY-06 are projected to be slightly higher due to increased costs for security guard services.

3) Information Security-Information Security costs for FY-04 and FY-05 are based on FTE and actual budgets. Costs for FY-06 are based on FTE and budget projections. The FY-06 cost increase Is primarily due to additional resources and planned initiatives for Homeland Security.

4) Professional Education Training and Awareness - NRC has a very small training and awareness program, with less than one FTE as~igned to it. Whereas contract dollars were expended on the development of a web based training initiative in FY-04 and 05, that FY-06 expenditures are expected to decrease significantly due to the completion of the web based training initiative.

5) Security Management, Oversight, and Planning - Costs associated with Security Management, Oversight, and Planning are related solely to FTE.

6) Unique Items - NRC has not allocated funds for unique items for 2004-2006.

• • • FY-04 unit FTE cost = $121,000 FY-05 unit FTE cost= $126,000 FY-06 unit FTE cost= $130,000

J. William Leonard Director UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 April 13, 2006 Information Security Oversight Office National Archives and Records Administration 700 Pennsylvania Avenue, NW Washington, DC 20408

Dear Mr. Leonard:

. // ro

( 1 In response to your February 17, 2006, request, enclosed is the U.S. Nuclear Regulatory.

Commission submission for the Report on Cost Estimates for Security Classification ActMties.

If you have any questions, please contact A. Lynn Silvious on 301-415-2211.

Enclosure:

As stated

• Sln;~/JJL

~~ne Deputy Executive Director for Reactor and Preparedness Programs Office of the Executive Director for Operations

/

I t

FY-2007 Security Costs Estimates Display U.S. Nuclear ReQulatory Comm1ss1on Reporting Categories FY2005..

FY 2006*

FY2007

1. Personnel Security 1,579,920 1,783,500 2,225,460

2. Physical Security 2,502,000 2,496,000 3,352,800

3. Information Security

~ 1:.~i\\llf~~it~):i.\\

.,...

...W...,t- ** (~',.. ~ *.,,;;,,.: 1 '.'**~r{~f1.W:'~,*-*1~*t'*;...

';i' ~-~ *jlj H,

~,.

~ ;

.~*:.,":.,~

~

7,~*

)'

'.:: t:,.,i.

.,~**~- **:.. ~'

~~

.{~~v.11

a. Classification Management 495,000 628,000 680,000

b. Declassification 212,000 269,000 292,000 C. Information Systems Security for Class Info.

.2,243,000

• 3,361,000 3,980,000

d. Miscellaneous (OPSEC and TSCM) **

17,000 20,000 20,000

e. Information Security Subtotal 2,967,000 4,278,000

. 4,972,000 (Sum of a., b., c., and d.)

4. Professional Education, Training and Awareness 60,000 17,000 17,000 5. Security Management, Oversight and Planning 504,000 520,000 552,000

6. Unique Items

. Totals: Fiscal Year Estimates 7,612,920 9,094,500 11,119,260

• Updated to reflect actual budget.

• • NRC has no QPSEC program. The cost associated with TSCM are budgeted under physical security. In accordance with these instructions, however, TSCM is being reported under the heading of Information Security.

Point of contact: Wayne G. Burnside, Division of Facilities and Security (301) 415-2211 Enclosure

...... ~

-.-* ---'--"'~.-- --

~

... ~-.. --

Narrative:

1) Personnel Security-Personnel Security costs for FY-05 and FY-06 are based on FTE"... and actual budgets. Cost estimates for

• FY-07 are based on FTE and budget projections. It is estimated that 87% of personnel security costs (i.e., FTE plus personnel security investigations including the cost of contractors) are dedicated to classified, activities.

2) Physical Security-Physical Security costs for FY-05 and FY-06 are based on FTE and actual budgets. Cost estimates for FY-07 are based on FTE and budget projections. It is estimated that 60% of physical security costs (i.e., FTE plus physical security components such as guards, intrusion detection systems, and access control systems) are dedicated to classified activities. The physical security costs for FY-07 are projected to be higher due to Increased costs for security guard services, the cost of FTE, and the expansion of secure facilities.

3) Information Security-Information Security costs for FY-05 and FY-06 are based on FTE and actual budgets. Costs for FY-07 are based on FTE and budget projections. The FY-07 cost increase is primarily due to additional resources and planned initiatives for Homeland Security, an Increase in the cost of FTE, and increased declassification activities. Information Security costs also reflect for the first time budget estimates for NRC's secure local area network.

4) Professional Education Training and Awareness - NRC.has a very small training and awareness program, with less than one FTE assigned to it. Educational actiVities vary from year to year depending on planned initiatives.

5) Security Management, Oversight, and Planning - Costs associated with Security Management, Oversight, and Planning are related solely to FTE.

6) Unique Items - NRC has not allocated funds for unique items for 2005-2007.

• • • FY-05 unit FTE cost= $126,000 FY-06 unit FTE cost= $130,000 FY-07 unit FTE cost= $138,000

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, O.C. 20555-0001 April 10, 2007 J. William Leonard, Director Information Security Oversight Office National Archives and Records Administration 700 Pennsylvania Avenue, NW Washington, DC 20408

Dear Mr. Leonard:

ln'response to your January 25, 2007, request, enclosed is the U.S. Nuclear Regulatory Commission submission for the Report on Cost Estimates for Security Classification Activi_ties.

If you have any questions, please contact A. Lynn Silvious at (301) 415-2211.

Enclosure:

As stated Sincerely, Deputy Executive Director for Reactor and Preparedness Programs Office of the Executive Director for Operations

.,i,,

i I*

f

(

Security Cost Estimates Display U.S'. Nuclear Regulatory Commission Reporting Categories FY 2006*

1. Personnel Security 1,779,150

2. Physical Security 2,624,520

3. Information Security

. a. Classification Management 609,336

b. Declassification 261,144

c. Information Syste_ms Security for 3,345,614 Class Info.

d. Miscellaneous (OPSEC and TS~M) **

20,000

e. Information Security Subtotal 4,236,094 (Sum of a., b., c., and d.)

4. Professional Education, Training and 17,000 Awareness

5. Security Management; Oversight and 650,000 Planning

6. Unique Items

-0*

Totals: Fiscal Year Estimates 9,306,764

• Updated to renecl actual expenditures for FY-06.

• • NRC has no OPSEC program. The cost associated with TSCM Is budgeted under physical security. In accordance wilh these Instructions, however, TSCM Is being reported under the heading of lnfol'!Tlation Security.

Point of

Contact:

Wayne G. Burnside, Information Security Branch 301-415-2211.

. Enclosure*

I I

I ' t i '

Narrative:

1) Personnel Security - Personnel Security costs for FY-06 are based on FTE 0

• and actual expenditures. It is estimated that 87% of personnel security costs (i.e., FTE plus personnel security investigations including the cost of contractors) are dedicated to classified activities.

2) Physical Security - Physical Security costs for FY-06 are based on FTE and actual expenditures. It is estimated that 60% of physical security costs (i.e., FTE plus physical security components such as guards, intrusion detection systems, and access control systems) are dedicated to classified activities.

3) Information Security costs for FY-06 are based on FTE and actual expenditures.

4) Professional Education Training and Awareness - NRC has a small training and awareness program, with.5 FTE assigned to it. Educational activities vary from year to year depending on planned initiatives.

5) Security Management, Oversight, and Planning - Costs associated with Security Management, Oversight, and Planning are related to FTE.

. 6) Unique Items - NRC has not allocated funds for unique items for FY-06.

• • • FY-06 unit FTE cost= $130,000

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 William J. Bosanko, Acting Director Information Security Oversight Office March 26, 2008 National Archives and Records Administration ioo Pennsylvania Avenue, NW Washington, D.C. 20408-0001 *.

Dear Mr. Bosanko:

In response to your January 23, 2008, request, enclosed is the U.S. Nuclear Regulatory Commission submission for the Report on Cost Esti~ates for Security Classification Activities.

. If you have any questions, please contact A. Lynn Silvious at 301-415-2214.

Enclosure:

As stated Sincerely,

• ... ~

~,1.J, lf,:J/8)

Bruce S. Mallett Deputy Executive Director for Reactor and Preparedness Programs Office of the Executive Director ror Operations

Security Cost Estimates Display U.S. Nuclear Regulatory Commission Reporting Categories FY 2007*

1. Personnel Security 2,041,000

2. Physical Security 3,480,700

3. Information Security

~~1**.:-~ ~}.. *.. i ;--: :});~~~)/1~~~~ :,1~

~;:J:~Jl~t.J,..,;,t,.~,:~\\1-.tr,;U.

(a.) Classification Management 652,050 (b.) Declassification 279,450 (c.) Information Systems Security for Classified Information 3,370,000 (d.) Miscellaneous (OPSEC and TSCM)..

5,000 (e.) Information Security Subtotal (Sum of 3.a., 3.b., 3.c., & 3.d.)

4,321,500

4. Professional Education, Tralnlng,and Awareness 17,000

5. Security Management, Oversight, and Planning 690,000

6. Unique Items 0

Totals: Fiscal Year Estimates

"":~!GS-

• Updated to reflect actual expenditures for FY07.

10,53;:,,200 NRC has no OPSEC program. The cost associated with TSCM is budgeted under physical security. In accordance with these lnstrucfions, however. TSCM Is being repor1ed under the heading of Information Security.

Point of

Contact:

Wayne G. Burnside, Information Security Branch, 301-415-2211.

Enclosure t

I I

I, l I I l I f

1 !

f f i

I

~ I f,,

Narratlve:

1)

Personnel Security costs for FY07 are based on FfE... and actual expenditures. It is estimated that 87% of personnel security costs (i.e., FTE plus personnel security investigations including cost of contractors) are dedicated to classified activities.

2)

Physical Security costs for FY07 are based on FTE and actual expenditures. It is estimated that 60% of physical security costs (i.e., FTE plus physical security components such as guards, Intrusion detection systems, and access control systems) are dedicated to classified activities. *

3)

Information Security costs for FY07 are based on FTE and actual expenditures.

4)

• NRC has a small professional education training and awareness program, with.5 FTE assigned to ii. Educational activities vary from year to year depending on planned

• initiatives.

5)

Costs associated with Security Management, Oversight, and Planning are related to

• FTE.

6)

Unique Items-NRC has no funds allocated for unique items for FY07 *.

... FY07 unit FTE cost= $138,000

(

I I

i I I

j I

l l

I I l r

I I ;,

I ii t,

i i

I I

i I l

/

Security Cost Estimates Display U.S. Nuclear Re Reporting Categories

1. Personnel Security

2. Physical Security

3. Information Security

• a. Classification Management

b. Declassification

c. Information Systems Security for Classified Information

d. Miscellaneous (OPSEC and TSCM)*

4. Professional Education, Training, And Awareness

5. Security Management, Oversight, and Planning

6. Unique Items Totals: Fiscal Year Estimates Commission 3,190,300

./

5,813,000

.J 661,500 283,500

./

3,313,000 40,000 v'

17,000.J 700,000./

I.

0 I

14,018,300 FY2008

• NRC has no OPSEC program. The cost associated with TSCM is budgeted under physical security. In accordance with these t. instructions, however, TSCM is being reported under the heading of lnfonnation Secun1y.

Point of

Contact:

Gary R. Langlie, Information Security Branch, 301-415-7121.

Enclosure

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, O.C. 20555.0001 Mr. William J. Bosanko, Director Information Security Oversight Office February 25, 2010 National Archives and Records Administration 700 Pennsylvania Avenue, N.W.

Washington, DC 20408-0001

Dear Mr. Bosanko:

In response to your December 11, 2009, request, enclosed is the U.S. Nuclear Regulatory Commission submission for the Report on Cost Estimates for Security Classification Activities, for fiscal year 2009.

If you have any questions, please contact Bernard Stapleton, Chief, Information Security Branch, at (301} 415-2214.

Enclosure:

As stated Sincerely,

~-/~~~

Bruc~Ma:tt Deputy Executive Director for Reactor and Preparedness Programs Office of the Executive Director for Operations I I

.I I I I i i

Security Cost Estimates Display U.S. Nuclear Re Reporting Categories

1. Personnel Security

2. Physical Security

3. Information Security

a. Classification Management

b. Declassification

c. Information Systems Security for Classified Information

d. Miscellaneous (OPSEC and TSCMt

4. Professional Education, Training, And Awareness

5. Security Management, Oversight, and Planning

6. Unique Items Totals: Fiscal Year Estimates Commission Fiscal Year 2009 3,733,200 6,147,200 699,300 299,700 2,926,100 40,000 17,000 740,000 0

14,602,500

• NRC has no OPSEC program. The cost associated with TSCM is budgeted under physical security. In accordance with these Instructions. however, TSCM is being reported under the heading of lnfonnation Security.

Point of

Contact:

• Gary R. Langlie, Information Security Branch, (301) 415-7121.

Enclosure

Narrative:

1) Personnel Security costs for fiscal year (FY) 09 are based on FTE** and actual expenditures.

It is estimated that 87% of personnel security costs (i.e., FTE plus personnel security investigations including cost of contractors) are dedicated to classified activities. FY09 expenditures have increased over FYOB due to NRC hiring and thus clearing more personnel.

2) Physical Security costs for FY09 are based on FTE and actual expenditures. It is estimated that 60% of physical security costs (i.e., FTE plus physical security components such as guards, intrusion detection systems, and access control systems) are dedicated to classified activities.

FY09 expenditures have increased over FY08 due to NRC occupying several additional buildings along with their associated security costs.

3) Information Security costs for FY09 are based on FTE and actual expenditures.

4) NRC has a small professional education training and awareness program, with.5 FTE assigned to it. Educational activities vary from year to year depending on planned initiatives.

5) Costs associated with Security Management, Oversight, and Planning are related to FTE.

6) Unique Items - NRC has no funds allocated for unique items for FY09.

• • FY09 unit FTE cost= $148,000 I

I

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, O.C. 20555-0001 William J. Bosanko, Director Information Security Oversight Office February 15, 2011 National Archives and Records Administration 700 Pennsylvania Avenue, NW Washington, DC 20408-0001

Dear Mr. Bosanko:

In response to your December 21, 2010 request. enclosed is the U.S. Nuclear Regulatory Commission (NRC) submission for the Report on Cost Estimates.for Security Classification

• Activities for Fiscal Year 2010.

Should you have any questions regarding this NRC cost estimate, please contact Bernard W.

Stapleton, Chief, Information Security Branch, Division of Security Operations, Office of Nuclear Security and Incident Response at (301) 415-2214.

Enclosure:

As stated Sincerely, V'4VV~r---'7' r M

in J. Virgilio Deputy Executive Director for Reactor and Preparedness Programs Office of the Executive Director for Operations

Security Costs Estimates Department/Agency: !Nuclear Regulatory Commission Fiscal Vear:

12010 Point of

Contact:

Bernard W. Stapleton, Chief, Information Security Branch, Division of (Name and phone Security Operations, Office of Nuclear Security and lnciderit Response at number)

(3011415-2214

&..::.=....:'-!...:...::..::...=e=..:....:. _________________________

_J..

Reporting Categories

!Please use actual dollar f!gures ln1tead of thousands)

1. Personnel Security I $3,9oa,6so.oo

/Include clearance program, lnillal lnveirlgarlans, national ogencychechs when used for basis for granting a clearanct, adjudicarion, relnvesligarlon, polygraph ossocloced wlch closslficatlon re/aced activities}

2. Physical Security I $6,273,025.00

/include physical securityequlpmcnr, protective forces, intrusion decection and assessment, barrier/canrrols, tamper-safe monitoring, access control/badging, vtsitorconrrol associated wirh classification related activities)

3. Information Security (only repol'I costs o,soclated with classllicotlon related activities}

(a) Classification Management I $684,936.oo

/include resources used ro Identify, conrrol, transfer, rransm/1, recricvc, inventory, archive. declassify, or desrroyclass/lled inlorma~tl_on_J _____ ~

(b) Declassification j $293,544.00 (include resources used 10 Identify and process Information subjec1 to the aucamatic.systemaric:. or mandatory review programs aurhonzed by Executive order or statute)

(c} Information Systems Sec~rlty for Classified Information I $3,026,320.00

. I (include resources used to protect information systems from unauthorized access or m*odlficatlon of lnfonnalion, and against the denial of service to authorized users, including measures necessary to detect, documenc, ond counter such threats}

(d}Miscellaneous (OPSEC and TSCM}

I s23,97s.oo (include personnel and operating expenses associaced with these programs}

4. Professional Education, Training, and Awareness 1 s11,ooo.oo (include resources used to establish, maintain, direct suppon, and aness on Information security training and awareness program; cenifica1lon and approval of the craining program: development, managemenr, and maintenance of training records; rraining of personnel to perform taihs;and qualificatlon and/or cenlficarion of personnel asiocloted with c/asslficotion related activities)

s. Security Management, Oversight, and Planning 1 s7ss,ooo.oo

/Include resources auodoted with research. rest, and eva/uorion;surveys, reviews. accredicarion, and ossessmenrs; special acceu programs; s.ecuriryond lnvescigatt,e matters; industrial security; ond foreign ownership, control, or Influence (FOCI)}

6. Unique Items

~I so_.oo __._J (include deponment!ogency-specific acriv/tie1 not repol'led In anyof che categories I/seed a~ve but ore nonetheless significant ond need to be included)

Total (sum of 1, 2, 3(a), 3(b), 3(c), 3(d), 4, S, and 6) 114,982,450 Narrative: provide a brief explanation of any significance difference between last yearl and this year's cost estimates. Explain items entered Into Block 6. Unique Items.

1) Personnel Security costs are based on FTE** and actual expenditures. It is estimated that 87%

of costs (FTE, security investigations, contractors) are related to classified activities.

2) Physical Security costs are based on FTE and actual expenditures. It Is estimated that 60% of costs (FTE, guards, intrusion detection/access control systems) are related to classified activities.

3) Information Security costs for FY10 are based on FTE and actual expenditures.

I

4) NRC has a small professional education training and awareness program, with.5 FTE assigned.,

5) Costs associated with Security Management, Oversight, and Planning are related to FTE.

l

6) Unique Item~ - NRC has no funds allocated for unique items for FY10.

i

• • FY1 o unit FTE cost= S 151,000 al Page 1 of4

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, O.C. 20555--0001 Mr. John P Fitzpatrick, Director Information Security Oversight Office February 17, 2012 National Archives and Records Administration 700 Pennsylvania Avenue, NW Washington, DC 20408-0001

Dear Mr. Fitzpatrick:

In response to your annual request. enclosed is the U.S. Nuclear Regulatory Commission (NRC) submission for the Report on Cost Estimates for Security Classification Activities for Fiscal Year 2011..

If you have any questions regarding this NRC cost estimate. please contact Bernard W.

Stapleton, Chief. Information Security Branch, Division of Security Operations, Office of Nuclear Security and Incident Response at (301) 415-2214.

Enclosure:

As stated Sincerely,

!6~

Deputy Executive Director for Reactor and Preparedness Programs Office of the Executive Director for Operations

AGENCY SECURITY* CLASSiFICATION COSTS ESTIMATES

! Department/Agency: Nuclear Regulatory Commission I Fiscal Year: 2011 Point of

Contact:

(Name and phone number) Bernard W. Stapleton, Chief, Information Security Branch, (301) 415-2214 Reporting Categories Please use actual dollar figures.

1. Personnel Security

[ ___

$::..:3:.!.:,3:-:1.;;.:8,c.:..35:...4c.:.;.o~o I (mclude clearance program. initial investigations. national agency checks when used as basis tor granting a clearance, adjudication. reinvestlgalion. polygraph essociated *with classi/icalion-relaled activities)

2. Physical Security (include physical security equipment, proteclive forces, intrusion detection and assessmenl.

bam*erlcor.lrols. lamper-safe monitoring, access controVbadging, visitor control associaled with classificalion-related aclivilies/

• 3. Classification Management (include ;esorirces used lo identify, control. transfer, transmit. retrieve, inventory. archive, dect11ss1fy, or destroy classified information}

4. Declassification (include resources used 10 idenlify and process information subject lo rne automatic. sySlematic, discretionary, or mandatory reviel'I programs aulhorized by Executive. Order or Slatule}

5. Protection and Maintenance for Classified Information Systems (include resources used 10 protect and mainlain Classified information systems from unauthOrized access or modification of informalion, end egainsl the denial of service to authorized users.

including measures necessary lo detect. document. end counter such threats)

6. Operations Security and Technical Surveillance Countermeasures (include personnel and operating e%penses associated with OPSE:C and TSCM)

7. Professional Education, Training, and Awareness (include resources used to establish, maintain, direcl, supporl, and assess an information security training and awareness program; certification and approval of the /raining program; development managemenr. and maintanan,e of training records; training of personnel to perform tasks: and qualification and/or certificalion of personnel associated with classification-related acUvities}

8. Security Management, Oversight, and Planning

{include resources associated with research. 1est, 1md evaluation; surveys, reviews, accreditation.

on:J assessments; special access programs; security and investigative matters; industrial security:

and foreign ownership, control, or influence (FOCI)}

9. Unique Items (include departmenllagency-speci/1c activities not reporled in any of the categories listed above; but are nonetheless significant ond need lo be included)

TOTAL (sum ofitems 1,9) s6. 10s.s31.oo I

$621.026.00 I s268, 126.001 S2.968, 168.00!

S13,895.0D!

$17,000.0DI S754,000.00 !

$0.00!

s14.on. 106.00 I Narrative: Provide a brief explanation of any significant difference between last year's and this ye.ar's cost estimates. Explain items entered into block 9. Unique Items.

1 - 6 cos!s are based on FTE and actual expenditures. 7. NRC has a small professional ectuca!ion

!raining and awareness program. 8. Costs are based on FTE.

NATIONAL ARCHIVES AND RECORDS ADMINISTRATION AUTtiOR!ZEO FOR LOCAL REPRODUCTJON Page, ol 4 STA'IDARD FORM 716 (07-11)

Prescnbed by NARAIISOO 32 CFR Pan 200190 E0.13526 I

i

(

i I l l

I t I I

l__.

i'

{

j

. l I

AGENCY SECURITY CLASSIFICATION COSTS ESTIMATES I Department/Agency: Nuclear Regulatory Commission I Fiscal Year:2012 Point of

Contact:

(Name and phone number) Bernard W. Stapleton, Chief, Information Security Branch, (301) 415-2214 Reporting Categories Please use actual dollar figures.

1. Personnel Security s3.ase.o3e.oo I (include clearance program, initial investigations, national agency checks when used as basis for granting a.clearance, adjudication. reinvestigation, polygraph associated with classification-related activities)

2. Physical Security (include physical security equipment, protective forces, intrusion detection and assessment, barrier/controls, tamper-safe monitoring, access control/badging, visitor control associated with classification-related activities)

3. Classification Management (inc(ude resources used to identify, control, transfer. transmit, retrieve, inventory, archive, declassify, or destroy classified Information)

4. Declassification (include resources used to identify and process information subject to the automatic, systematic, discretionary, or mandatory review programs authorized by Executive Order or Statute)

5. Protection and Maintenance for Classified Information Systems (include resources used to protect and maintain classified information systems from unauthorized access or modification of information, and against the denial of service to authorized users, including measures necessary to detect, document, and counter such threats)

6. Operations Security and Technical Surveillance Countermeasures (include personnel and operating expenses associated with OPSEC and TSCM) se.210.213.oo I

$686,342.00!

s2e4. 14s.oo I s3.2s3.sse.oo I s4a,ooo.oo I

7. Professional Education, Training, and Awareness I.

$44,000.00 I (include resources used to establish, maintain, direct, support, and assess an information security,_ ____ __:_..,__ _ _,

training and awareness program; certification and approval of the training program; development.

management, and maintenance of training records; training of personnel to perform tasks; and qualification and/or certification of personnel associated with classification-related activities)

8. Security Management, Oversight, and Planning (include resourr:es associated with research. test, and evaluation; surveys, reviews, accreditation, and assessments; special access programs; security and Investigative matters; Industrial security; and foreign ownership. control, or influence (FOCI))

9. Unique Items (include department/agency-specific activities not reported in any of the categories listed above.

but are nonetheless significant and need io be included)

TOTAL (sum of items 1-9)

$1ss,sso.oo I so.ool s1 a.212.ooe.oo I Narrative: Provide a brief explanation of any significant difference between last year's and this year's cost estimates. Explain items entered into block 9, Unique Items.

1 - 6 costs are based on FTE and actual expenditures. 7. NRC has a small professional education training and awareness program. 8. Costs are based on FTE.

NATIONAL ARCHIVES AND RECORDS ADMINISTRATION AUTHORIZED FOR LOCAL REPRODUCTION Page 1 of4 STANDARD FORM 716 (07-11)

Prescribed by NARA/ISOO 32 CFR Part 2001.90 E.O. 13526

1.nstructlons for Completing Form I

I. General: The dala reported will be Governmeni cost estimates only. The estimates of resource costs should be reported, in the aggregate, for the following categories: (1) Personnel Security; (2) Physical Security; (3) Classification Management; (4) Declassification; (5) Protection and Maintenance for Classified information Systems; (6) Operations Security and Technical Surveillance Countermeasures; (7) Professional Education, Training, and Awareness; (8)

Security Management, Oversight, and Planning; and (9) Unique Items. In reporting cost estimates associated with the security and management of classified information, please exclude all costs related to broad areas of assets protection (i.e., protection of property and personnel not specifically related to classified information): Counterintelligence*

resources should also not be included in this data collection. If 51 % or more of a resource is devoted to a classification-related activity, it should be included In this estimate. For those resources used for classification-related activities on a part-time basis, the total time devoted to these activities over a year must be at least 51% in order to be included in this estimate. Even though we no longer ask for the number of FTEs, the cost of personnel associated with the security of classified information should be included in the overall cost estimate for eac~ category.

II. Definitions of data to be reported: The primary categories are defined below along with related functional areas to be considered for inclusion. Report only those cost estimates associated with classification-related activities (programs that affect the security of classified information).

1. Personnel Security: A series of interlocking and mutually supporting program elements that initially establish a Government or contractor employee's eligibility, and ensure suitability for the continued access to classified

• information.

Clearance Program: Personnel and activities to determine eligibility and suitability for initial or continuing access to classified information or activities.

Initial Investigations: Completing and reviewing Personnel Security Questionnaire, initial screening, filing data in Central Personnel Database, forwarding to appropriate investigative authority, and the investigation itself.

National Agency Check: Include only when used for basis for granting a clearance.

Adjudication: Screening and analysis of personnel security cases for determining eligibility for classified access authorizations and appeals process.

Reinvestlgatlons: Periodic recurring investigations of Government and contractor personnel.

Polygraph: Substantive examinations in security screening process.

2. Physical Security: Thal portion of security concerned with physical measures designed to safeguard and protect classified facilities and information, domestic or foreign.

Physical Security Equipment: Any item, device, or system.that is used primarily for the protection of classified information and installations.

Protective Forces: All personnel and operating costs associated with protective forces used to safeguard classified information or installations, to include but not limited to salaries; overtime, benefits, materials and supplies, equipment and facilities, vehicles, aircraft, training, communications equipment, and management.

Intrusion Detection and Assessment: Alarms, sensors, protective lighting, and their control systems; and the assessment of the reliability, accuracy, timeliness, and effectiveness of those systems used to safeguard classified*information or installations.

Barrier/Controls: Walls, fences, barricades, or other fabricated or natural impediments to restrict, limit, delay, or deny entry into a classified installation.

• Counterintelligence means information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations or persons or international terrorist activities, but not including personnel, physical, document. or communications security programs.

(48 CFR 970.0404-1)

NATIONAL ARCHNES AND RECORDS ADMINISTRATION

• AUTHORIZED FOR LOCAL REPRODUCTION Page 2 of4 STANDARD FORM 716 (07-11)

Prescribed by NARNISOO 32 CFR Part 2001.90 E.O. 13526 f I I

i t

f

• 1:

i I

I I I ! !

I l

• l I I

I I I

I 1

l t

r 1

Instructions for completing form, continued Vital Components and Tamper-Safe Monitoring: Personnel and operating activities associated with the monitoring of tamper indicating devices for containers, doors, fences, etc., which reveal violations of containment integrity and posting and monitoring of anti-tamper warnings or signs.

Access Control/Badging: Personnel and hardware such as badging systems, card readers, turnstiles, metal detectors, cipher locks, CClV, and other access control mechanisms to ensure that only authorized persons are allowed to enter or leave a classified facility.

Visitor Control: Personnel and activities associated with processing visitors for access to facilities holding classified information.

3. Classification Management: The system of administrative policies and procedures for identifying, controlling, and protecting from unauthorized disclosure, classified information, the protection of which is authorized by Executive Order or Statute. Classification management encompasses those resources used to identify, control, transfer, transmit, retrieve, inventory, archive, declassify, or destroy classified information.

'\\

4. Declassification: The authorized change in the status of information from classified information to unclassified information. It encompasses those resources used to identify and process information subject lo the automatic, systematic, or mandatory review programs authorized by Executive Order or Statute.

5. Protection and Maintenance for Classified Information Systems: A classified information system is a set of information resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination.

disposition, display, or transmission of classified information. Security of these systems involves the protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit and against the denial of service lo authorized users, including those measures necessary to detect document and counter such threats. This includes TEMPEST (short name referring to investigation, study, and control of compromising emanations from information systems equipment) and Communications Security (COMSEC) (measures and controls taken to deny unauthorized individuals information derived from telecommunications and to ensure the authenticity of such telecommunications. Communications security includes cryptosecurity, transmission security, emission security, and physical security of COMSEC material).

6. Operations Security (OPSEC) and Technical Surveillance Countermeasures {TSCM):

Operations Security (OPSEC): Systematic and proven process by which potential adversaries can be denied information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities. The process involves five steps: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks. and application of appropriate countermeasures.

Technical Surveillance Countermeasures (TSCM): Personnel and operating expenses associated with the development, training, and application of technical security countermeasures such as non-destructive and destructive searches, electromagnetic energy searches, and telephone system searches.

7. Professional Education, Training, and Awareness: The establishment, maintenance, direction, support, and assessment of an information security training and awareness program; the certification and approval of the training program: the development, management. and maintenance of training records; the training of personnel to perform tasks associated with their duties: and qualification and/or certification of personnel before assignment of security responsibilities related to classified information.

8. Security Management, Oversight, and Planning: Development and implementation of plans, procedures, and actions to accomplish policy requirements, develop budget and resource requirements, oversee organizational activities, and respond to management requests related to classified information.

Research, Test, and Evaluation: The development, management, and oversight of an acceptance and validation testing and evaluation program, corrective action reports and related documentation that addresses safeguards and security elements. The examination and testing of physical security systems (construction.

facilities, and equipment) to ensure their effectiveness and operability and compliance with applicable directives.

NATIONAL ARCHIVES AND RECORDS ADMINISTRATION AUTHORIZED FOR LOCAL REPRODUCTION Page 3 of 4 STANDARD FORM 716 (07-11)

Prescribed by NARAIISOO 32 CFR Part 2001.90 E.O. 13526

Instructions for completing form, continued Surveys, Reviews, Accreditation, and Assessments: Personnel and activities associated with surveys, reviews, accreditations, and assessments to determine the status* of the security program and to evaluate its effectiveness; development and management of a facility survey and approval program; facility pre-survey; and infonnation technology system accreditation.

Special Access Programs (SAP): Programs established for a specific class of classified information that impose safeguarding and access requirements that exceed those normally required for information at the same classification level. Unless specifically authorized by the President, only the Secretaries of Stale, Defense, Energy, and the Director of National Intelligence may create an SAP. Sensitive Compartmented Information (SCI) programs are not included as SAPs for the purpose of these estimates; rather SCI security costs are integrated and estimated throughout all categories as appropriate. Do not include costs here that have been reported under the other primary categories.

Security and Investigative Matters: The investigation of security incidents, infraclions, and violations.

Industrial Security (Non-Contractor Costs): Those measures and resources directly identifiable as Government activities performed for the protection of classified information to which contractors, subcontractors, vendors, or suppliers have access.or possession. Examples of such activities are industrial security reviews, surveys, and the granting of facility clearances, and National Industrial Security Program management and administration.

Foreign ownership, Control, or Influence '(FOCI): The development and management of a foreign ownership, control, or influence program; evaluation of FOCI submissions: the administration and monitoring of FOCI infonnation and development of FOCI notifications.

9. Unique Items: Those departmenVagency-specific activities that are not reported in any of the primary categories but are nonetheless significant, and need to be included, should be noted in this category. Any unique item must include_ a narrative on why it should be included and how the figures were develop~d.

Ill. How to complete the security costs estimates form. The form (page 1) should include estimates of resource costs in the aggregate for each of the nine categories. The cost estimates reported should not include costs associated with the broader area of assets protection.

1. Name of_ Department/Agency: Self-explanatory.

2. Reporting Categories: List cost estimates in dollar amounts. The cost of personnel associated with the security of classified information shoula be included in the overall cost estimate for each category. If there are no cost estimates to be reported for a particular category, indicate with a "O" in the appropriate block.

3. Totals: The totals for blocks 1-9 will automatically be placed in the appropriate ~lock.

4. Narrative: In the narrative portion of the form, or in a separate attachment, provide a brief explanation of how cost estimates were determined. If there is a significant difference between the total figures for each fiscal year, explain the differences. Any figure reported wilhin the Unique Items category should be clearly explained in the narrative portion.

NATIONAL ARCHIVES AND RECORDS ADMINISTRATION -

AUTHORIZED FOR LOCAL REPRODUCTION STANDARD FORM 716 (07-11)

Page 4 of 4 Prescribed by NARMSOO 32CFRPart2001.90 E.0.13526

)

I I ! ! I I

I' I I

i, i I I r I

C\\

OFFISIAL l:ISE ONLY SECl:IRITY RELATES lfffORMATIOIJ UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555,0001 Mr. John P. Fitzpatrick, Director Information Security Oversight Office National Archives and Records Administration 700 Pennsylvania Avenue, NW Washington, DC 20408-0001

Dear Mr. Fitzpatrick:

In response to your annual request, enclosed is the U.S. Nuclear Regulatory Commission (NRG) submission for the Report on Cost Estimates for Security Classification Activities for Fiscal Year 2013.

If you have any questions regarding this NRC cost estimate, please contact Mrs. Krista Ziebell, Information Security Branch, Division of Security Operations, Office of Nuclear Security and Incident Response at (301) 415-7121..

Enclosure:

Cost Estimates for Security Classification Activities for Fiscal Year 2013

?~~>

r Michae

. Johnson Deputy Executive Director for Reactor and Preparedness Programs Office of the Executive Director for Operations" QH::1c101,,, l!Be mlbY SESl::IRITY RELATED IPJFORMATIOPd t I.

i.-

r J:..

AGENCY SECURITY CLASSIFICATION COSTS ESTIMATES l Department/Agency: United States Nuclear Regulatory Commission l Fiscal Year: 2013 Point of

Contact:

K.

21 t

(Name and phone number) nsta M.

ebell, nformatlon Security Specialist, (301) 415-7121 Reporting Categories Please use actual dollar figures,

1. Personnel Security s4.s4s.sss.oo I (include cle&anca program, initial illvesrigations, national agencychecl20% difference) between the FY2012 and FY2013 cost estimates.

NATIONAL ARCHIVES AND RECORDS AO!.IINISTRATION AUTHORIZED FOR LOCAL REPROOUCTION STANDARO FORM 718 (07-11)

Paga 1 of 4 Proscribed by NARA/ISOO 32 CFR Pwl 2001.90 E.O. 13528 I

f.

r I.

t f,

r. '

i, t'

,i I: t I

I I,.

l*

t l t:

I i:

I',,

QF--FJCIAb-USE-ONb¥---SE--CYRITY RELAT&:D INFORMATION A llt'l! 'vcJ Vlct c_ ~, (

{jiY 2

~...J.,,~

February 24, 2015 Mr. John P. Fitzpatrick, Director Information Security Oversight Office National Archives and Records Administration 700 Pennsylvania Avenue, NW Washington, D.C. 20408-0001

Dear Mr. Fitzpatrick:

In response to your annual request, enclosed is the U.S. Nuclear Regulatory Commission (NRC) submission for the Report on Cost Estimates for Security Classification Activities for Fiscal Year 2014.

If you have any questions regarding this NRC cost estimate, please contact Mrs. Krista Ziebell, Information Security Branch, Division of Security Operations, Office of Nuclear Security and Incident Response at (301) 415-7121.

Sincerely, IRA/

Michael R. Johnson Deputy Executive Director for Reactor and Preparedness Programs Office of the Executive Director for Operations

Enclosure:

Cost Estimates for Security Classmcation Activities for Fiscal Year 2014 The enc o

.with contains SUNS!. W this transmittal document is Ol=FICJAL use ONLY SE-GYRITY ReLATeD INfiG.RMA+IGN e enclosure,

AGENCY SECURITY CLASSIFICATION COSTS ESTIMATES I Deparbnent/Agency: U.S. Nuclear Regulatory Commission j Fiscal Year: 2014 Point of

Contact:

(Name and phone number) Knsta M. Ziebell, Information Security Speclahst, (301) 415-7121 Reporting Categories Please use actual dollar figures.

1. Personnel Security

$4,550,691.00 L *

(i11c/ude cleara11ce program, initial i11vestlgalions, mi!ional agency chflCks when used es basis for granting e cleanmcv, adjudication, n:i.ivestigflliOn, polygroph associated wllh c/asslllcallon-relalc:I ec/J.,11/es)

2. Physical Security

$15,260,044.00!

{Include physical security equip111<:11t, p1olt:Cliv11 fo1ces, lt1lf11Sl011 deteclion and assessment, bamerlcontrols, tamper-safe roonnoring, access control/badging, vis/tar control associated with cfilssilicatior.-relaled activities)

3. Classification Management

$760,000.00 I (include resources used lo ldanlify, con/rol, transfer, transmit, retrieve. invantory. 11rchivc, declassify, or destroy classified informalion)

4. Declassification

$20,000.0Dj (include resow.ces used lo identify and process lnlormation subject lo lhe automatic, systematic, discre/ionary, or mandatory mvieiv programs authorized by Executive Order or Statute)

5. Protection and Maintenance for Classified Information Systems (include rusourr;cs used to pro!ec:t and maintain r;lassifiinl information systems from unauthorized acaiss or modirieation of informatlon, and against the denial of servke to authorized users.

lrlvlvrF.ng measures necessary lo detect, docilfllcnt, 1111d coufltersuch lhreals)

6. Operations Security and Technical Surveillance Countermeasures (include p-..rnmnel and operating cxpcnses associated with OPSEC and TSCM)

7. Professional Education, Training, and Awareness (include resources used to eslabPsh, mei11tain, d!reCl, support. and assess an intormallon scculily training and aivarer.ess program; certification end approval of the lrelnfng program; de*1eTopment, manegemen~ and maintenance of trolning records; /raining of personnel to perform tasks; and

• qualification and/er certification of personnel assoclatedwllh classl!lca!/on-refated ac!ivlties)

8. Security Management, oversight, and Planning (inr:lud! resouices associated with research,* test, and evaluation; swveys, reviews, accreciitatlan, am:f assessments; specie/ access programs; secun1y and inv11st/glllive matters: industrisl secufily; and forr;ign Cl\\'nO!Shlp, control, or Influence (FOCI))

9. Unique Items (IIICIUde departmenttagf/ncy-speclfic activities not reported in any of me categories listed above, but oro nMothe!css signific:mt and need lo be included)

TOTAL (sum of itoms 1*9)

$3,946,ooo.oo I s100,000.00 I

$40.000.00 I saoo.000.001

$0.00!

$25,476,735.00l Narrative: Provide a brief explanation of any slgnlllcant difference between last year's anri this year's cost estimates. Explain ilems entered into block 9, Unique Items.

While minimal declassification reviews occurred in FY2014, declassificati~n reviews will increase in FY2015. The increase in physical security costs from $9,990,604 in FY2013 to $15,260,044 in FY2014 can be primarily attributed to an increase in full-lime employees (FTE) to meet staffing requirements, an increase in guard support to provide coverage at r~gional facilities, an expanded scope ofTechnical Suiveillance Countermeasures (TSCM), and the deployment of a new Visitor Access Request System.

NATIONAL ARCHIVES AND RECORDS AO~INISlRATION AUTHORIZED FOR LOCAL REPRODUCTION STAHOAAO FORIJ. 716 (07-11)

Page 1 or 4 Presaibo:I by NARMSOO

!2 CFR Part 2001.80 E.O. 1:!526

.AGENCY SECURITY CLASSIFICATION COSTS ESTIMATES I Department/Agency: U.S. Nuclear Regulatory Commission I Fiscal Year: 2015 Point of

Contact:

(Name and phone number) Krista M. Ziebell, Information Security Specialist, (301) 415-7121 Reporting Categories Please use actual dollar figures.

1. Personnel Security

$4,425,237.87 I (include clearance program, Initial investigations. national agency checks when used as basis for granting a clearance, adjudication, reinvestigation. polygraph associated with classification-related activities)

2. Physical Security (include physical security equipment, protective forces, intrusion detection and assessment, barrier/controls, lamper-safe monitoring. access control/badging, visitor control associated with classification-related ac/lvities)

3. Classification Management (include resoun:es used lo identify, control. transfer, transmit, retrieve, inventory, archive, declassify, or destroy classified information)

4. Declassification (include resources used to identify and process information subject to the automatic, systematic, discretionary, or mandatory review programs authofi?ed by Executive Order or Statute)

5. Protection and Maintenance for Classified Information Systems (include resources used to protect and maintain classified information sy.stems from unauthorized access or modification of information, and against the denial of seNice to authorized users, including measures necessary to detect, document, and counter such threats)

6. Operations Security and Technical Surveillance Countermeasures (include personnel and operating expenses associated with OPSEC and TSCM)

7. Professional Education, Training, and Awareness (include resources used lo establish, maintain, direct. support, and assess an information security training and awc1reness program; certification and approval of the training program; development, management, and maintenance of training records; training of personnel to perlorm tasks; and qualification and/or certification of personnel associated with classification-related activities)

8. Security Management, Oversight, and Planning (include resources associated with research, test, and evaluation; surveys, reviews. ac:creditation, and assessments; special access programs; security and investigative matters; industrial security; and foreign 01vnership, control, or influence (FOCI))

9. Unique Items (include department/agency-specific activities not reported In any of the categories listed above.

but are nonetheless significant and need to be Included)

TOTAL (sum of items 1-9) s13,647,5oo.oo I sa15,ooo.oo 1

$122,250.00j

$4,43a.soo.oo 1 s100.ooo.oo 1 s40,150.001 sa15.ooo.ool so.ool

$24,404,337.87 !

Narrative: Provide a brief explanation of any significant difference between last year's and this year's cost estimates. Explain items entered into block 9, Unique Items.

The full time employee (FTE) conversion rate increased from $160,000 in FY2014 to $163,000 in FY2015, which impacteq the FTE attributed to all reporting categories. The decrease in physical security costs from

$15,260,044 in FY2014 to $13,647,500 in FY2015 is primarily attributed to a reduction in guard coverage because of co-occupancy with another federal agency and removal of guards from satellite buildings, once vacated. Narrative continued on attached page.

NATIONAL ARCHIVES AND RECORDS ADMINISTRATION AUTHORIZED FOR LOCAL REPRODUCTION STANDARD FORM 716 (07-11)

Page 1 of 4 Prescribed by NARNISOO

. 32 CFR Part 2001.90 E.O. 13526

Instructions for Completing Form I. General: The data reported will be Government cost estimates only. The estimates of resource costs should be reported, in the aggregate, for the following categories: (1) Personnel Security; (2) Physical Security; (3) Classification Mam:1gement; (4) Declassification; (5) Protection and Maintenance for Classified information Systems; (6) Operations Security and Technical Surveillance Countermeasures; (7) Professional Education, Training, and Awareness; (8)

Security Management, Oversight, and Planning; and (9) Unique Items. In reporting cost estimates associated with the security and management of classified information, please exclude all costs related to broad areas of assets protection (i.e., protection of property and personnel not specifically related to classified information). Counterintelligence*

resources should also not be included in this data collection. If 51 % or more of a resource is devoted to a classification-

• related activity, it should be included in this estimate. For those resources used for classification-related activities on a part-time basis, the. total time devoted to these activities over a yeat must be al least 51% in order to be included in this estimate. Even though we no longer ask for the number of FTEs, the cost of personnel associated with the security of classified information should be included in the overall cost estimate for each category.

II. Definitions of data to be reported: The primary categories are defined below along with related functional areas to be considered for inclusion. Report only those cost estimates associated with classification-related activities (programs that affect the.security of classified information).

1. Personnel Security: A series of interlocking and mutually supporting program elements that initially establish a Government or contractor employee's eligibility, and ensure suitability for the continued access to classified information.

Clearance Program: Personnel and activities to determine eligibility and suitability for initial or continuing access to classified informaiion or activities.

)

Initial Investigations: Completing and reviewing Personnel Security Questionnaire, initial screening, filing data in Central Personnel Database, forwarding to appropriate investigative authority, and the investigation itself.

National Agency Check: Include only when used for _basis for granting a clearance.

Adjudication: Screening and analysis of personnel security cases for determining eligibility for classified access authorizations and appeals process.

Relnvestigations: Periodic recurring investigations of Government and contractor personnel.

Polygraph: Substantive examinations in security screening process.

2. Physical Security: That portion of security concerned with physical measures designed to safeguard and protect classified facilities and information, domestic or foreign.

Physical Security Equipment: Any item, device, or system that"is used primarily for the protection of classified infonnation and installations.

Protective Forces: All personnel and operating costs associated with protective forces used to safeguard classified information or installations, to include but not limited to salaries, overtime, benefits, materials and supplies, equipment and facilities, vehicles, aircraft, training, communications equipment, and management.

Intrusion Detection and Assessment: Alarms, sensors, protective lighting, and their control systems: and the asses_sment of the reliability, accuracy, timeliness, and effectiveness of those systems used to safeguard classified information or installations.

Barrier/Controls: Walls, fences, barricades, or other fabricated or natural impediments to restrict, limit, delay, or deny entry into a classified installation.

• Counterintelligence means information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations or persons or international terrorist activities, but not including personnel, physical, document, or communications security programs.

(48 CFR 970.0404-1)

NATIONAL ARCHIVES AND RECORDS ADMINISTRATION AUTHORIZED FOR LOCAL REPRODUCTION STANDARD FORM 716 (07-11)

Page 2 of 4 Prescribed by NAR.AIISOO 32 CFR Pan 2001.90 E.O. 13526

Instructions for completing form, continued Vital Components and Tamper-Safe Monitoring: Personnel and operating activities associated with the monitoring of tamper indicating devices for containers, doors, fences, etc., which reveal violations of containment integrity and posting and monitoring of anti-tamper warnings or signs.

Access Control/Badging: Personnel and hardware such as badging systems, card readers, turnstiles, metal detectors, cipher locks. CCTV, and other access control mechanisms to ensure that only authorized persons are allowed to enter or leave a classified facility.*

Visitor Control: Personnel and actfvities associated with processing visitors for access to facilities holding classified informati.on. -

3. Classification Management: The system of administrative policies and procedures for identifying, controlling, and protecting from unauthorized disclosure, classified information, the protection of which is authorized by Executive Order or Statute. Classification management encompasses those resources used to identify, control, transfer, transmit, retrieve, inventory, archive, declassify, or destroy classified information.

4. Declassification: The authorized change in the status of information from classified information to unclassified information. It encompasses those resources used to identify and process information subject to the automatic, systematic, or mandatory review programs authorized by Executive Order or Statute.

5. Protection and Maintenance for Classified Information Systems: A classified information system is a set of information resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, disposition, display, or transmission of classified information. Security of these systems involves the protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect.

document and counter such threats. This includes TEMPEST (short name referring to investigation, study, and control of compromising emanations from information systems equipment) and Communications Security*

(COMSEC) (measures and controls taken to deny unauthorized individuals information derived from telecommunications and to ensure the authenticity of such telecommunications. Communications security includes cryptosecurity, transmission security, emission security, and physical security of COMSEC material).

6. Operations Security (OPSEC) and Technical Surveillance Countermeasures (TSCM):

Operations Security (OPSEC): Systematic and proven process by which potential adversaries can be denied information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities. The process involves five steps: identification of critical information, analysis of threats. analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures.

Technical Surveillance Countermeasures (TSCM): Personnel and operating expenses associated with the development, training, and application of technical security countermeasures such as non-destructive and destructive searches, electromagnetic energy searches, and telephone system searches.

7. Professional Education, Training, and Awareness: The establishment, maintenance, direction, support, and assessment of an Information security training and awareness program; the certification and approval of the training program: the development, management, and maintenance of training records: the training of personnel to perform tasks associated with their duties; and qualification and/or certification of personnel before assignment of security responsibilities related to classified information:

B. Security Management, Oversight, and Planning: Development and implementation of plans, procedures. and actions to accomplish policy requirements, develop budget and resource requirements. oversee organizational activities. and respond to management requests related to classified information.

Research, Test, and Evaluation: The development, management, and oversight of an acceptance and validation testing and evaluation program, corrective action reports and related documentation that addresses safeguards and security elements. The examination and testing of physical security systems (construction.

facilities, and equipment) to ensure their effectiveness and operability and compliance with applicable directives.

NATIONAL ARCHIVES ANO RECORDS ADMINISTRATION AUTHORIZED FOR LOCAL REPRODUCTION Page 3 of4 STANDARD FORM 716 (07-11)

Prescribed by NARNISOO 32 CFR Part 2001.90 E.O. 13526

/

Instructions for completing form, continued Surveys, Reviews, Accreditation, and Assessments: Personnel and activities associated with surveys, reviews, accreditations, and assessments to determine the status of the security program and to evaluate its effectiveness; development and management of a facility survey and approval program; facility pre-survey; and information technology system accreditation.

Special Access Programs (SAP): Programs established for a specific class of classified information that impose safeguarding and access requirements that exceed those normally required for information at the same classification level. Unless specifically authorized by the President, only the Secretaries of State, Defense, Energy; and the Director of National Intelligence may create an SAP. Sensitive Compartmented Information (SCI) programs are not included as SAPs for the purpose of these estimates; rather SCI security costs are integrated and estimated throughout all categories as appropriate. Do not include costs here that have been reported under the other primary categories.

Security and Investigative Matters: The investigation of security incidents, infractions, and violations.

Industrial Security (Non-Contractor Costs): Those measures and resources directly identifiable as Government activities performed for the protection of classified information to which contractors, subcontractors, vendors, or suppliers have access or possession. Examples of such activities are industrial security reviews, surveys, and the granting of facility clearances, and National Industrial Security Program management and administration.

• Foreign Ownership, Control, or Influence (FOCI): The development and management of a foreign ownership, control, or influence program; evaluation of FOCI submissions; the administration and monitoring of FOCI infonnation and development of FOCI notifications.

9. Unique Items: Those department/agency-specific activities that are not reported in any of the primary categories but are nonetheless significant, and need to be included, should be noted in this category. Any unique item must include a narrative on why it should be included and how the figures were developed.

Ill. How to complete the security costs estimates form. The form (page 1) should include estimates of resource costs in the aggregate for each of the nine categories. The cost estimates reporte'd should not include costs associated with the broader area of assets protection.

1. Name of Department/Agency: Self-explanatory.

2. Reporting Categories: List cost estimates in dollar amounts. The cost of personnel associated with the security of classified information should be included in the overall cost estimate for each category. If there are no cost estimates to be reported for a particular category, indicate with a "CJ" in the appropriate block.

3. Totals: The totals for blocks 1-9 will automatically be placed in the appropriate block.

4. Narrative: In the narrative portion of the form, or in a separate attachment, provide a brief explanation of how cost estimates were determined. If there is a significant difference between the total figures for each fiscal year, explain the differences. Any figure reported within the Unique Items category should be clearly explained in the narrative portion.

NATIONAL ARCHNES AND RECORDS ADMINISTRATION AUTHORIZED FOR LOCAL REPRODUCTION Page4 014 STANOARO FORM 716 (07-11)

PrescobedbyNARA/ISOO 32 CFR Part2001.90 E.0.13526 f I l l i l

AGENCY SECURITY CLASSIFICATION COSTS ESTIMATES I Department/Agency: U.S. Nuclear Regulatory Commission f Fiscal Year: 2016 Point of

Contact:

(Name and phone number} Knsta M. Ziebell, Information Security Spec1ahst. (301) 415-7121 Reporting Categories

-Please use actual dollar figures.

1: Personnel Security s4. 111.s30.oo I (include clearance program, initial investigations, national agency checks when used as basis for granting a clearance, adjudication, reinvestigation, polygraph associated with c/asslficatlon*related activities)

2. Physical Security (include physical security equipment. protective forces, intrusion detection and assessment, barrier/controls. tamper-safe monitoring, access control/badging. vis11or control associated with cfassification-rela/ed activities)

3. Classification Management

• (include resources used to identify, control, transfer, transmit. retrieve, inventory, archive, declassify, or destroy classified information)

4. Declassification (include resources used to identify and process information subject lo the automatic, systematic, discretionary, or manda/ory review programs authorized by Executive Order or Statute}

5. Protection and Maintenance for Classified Information Systems (include resources used to protect and maintain classified irifonnation systems from unauthorized access.or modifica!ion of information. and against the denial of service to authorized users, including measures necessary to de/eel, document, and counter such threats)

6. Operations Security and Technical Surveillance Countermeasures (include personnel and of}erating expenses associated with OPSEC and TSCMJ

7. Professional Education. Training, and Awareness (include resources used to establish, maintain, direct, support, and assess an information security training and awareness program; cerlification and approval of the training program; development, management, and maintenance of training records; training of personnel to perlonn tasks; and qualification and/or cerlilication of personnel associated with classification-related activities)

8. Security Management. Oversight, and Planning (include resources associated with research, test, and evaluation; surveys, reviews, accroditallon, and assessments; special access programs; security and investigative matters; industrial security; and foreign ownership, control, or influence (FOCI))

9. Unique Items (Include department/agency-specific: aclivilies not reported in any of /he categories fisted above, but are nonetheless significant and need to be Included)

TOTAL (sum of items 1-9) s12. 1so.220.oo I s102.93a.oo I

$161,119.00!

$4,751,890.00!

s300.ooo.oo I saoo.140.001

$0.00!

/

s24.2s1.so2.oo I Narrative: Provide a brief explanation of any significant difference between last year's and this year's cost estimates. Explain items entered into block 9, Unique Items.

The full time employee (FTE) conversion rate changed from $163,000 for all FTE in FY15 to $152,340 for corporate supp*ort FTE and $171,860 for program FTE in FY16, which impacted the costs in all categories.

The increase in Item 5 from FY15 to FY16 is attributei;I in part to a 10% increase in information system expenditures as result of the annual inflation associated with contractor and interagency agreement costs.

The increase in Item 6 from FY15 to FY16 resulted from the purchase of additional equipment and training.

NATIONAL ARCHIVES ANO RECORDS AO!.IINISTRATION AUTHORIZED FOR LOCAL REPRODUCTION STANDARD ;;QRl.1716 (07-11)

Page I Df 4 Prescribed by NARNISOO 32 CFR Part 2001.90 E.O. 13526

Industry Security Cost Estimates for CY 2003 PopUlatlon Sampje Sarfli'llt' 5t11111Jard 1d,1e

.!mie total dmriatiOn Sarnp)a ESlirnated Cafe<lO!}

. N" n

jSK)

(SK)

==...

average c:alo~

.;=;==============--=========-=;:;;;;;;a;:;;;;;;;;;;:;;=a:..:aa;;::a::aPsKJ===-*====~*~~'~-J__..~=~~~

1;,3

!lSI 103,013

.i179.44 4179.82 S14.11B 1.).,

45 58,481

• 2Ui4.S1 1299.SS 172,844 C

2~i;i es 19,S!P 4!'.t.RO

~1.42 90.123 D

3.952

_..._~

..;-.;.*.:.-m 4B5

• ,A,771

!i!i,~9 59..32._*

2lt'l,43!

Sum d.,507 634 269,8ST t=:=;;IL"~~--

T

• • • • 1

a:..:

1,011,520 f;.nn:1.mi de;vierin,1 nt IW))R1latirm lnt:.1l (SK)

!lS,037 C,.,J11:eco:~~.:don!lelfJ 830 Sruduit' s t (U.!IS. df. onNidedl 1.~

_u_p-=-pc_r _.!JS_*_:6._c_a_n_ftdet...__n_ce ___

li_m_it_,("'"S_K""'l _____,....,. =---"'""'"'** *---~~-....::*~======,,.,..,,=~=='"""=====1:;:;***:::1§6"",a:.265==-

8a:led on a lll!.f'l'lplc ol 634 001T1Pc.nic:111trabficd 1nta four cc.l~orio3 (~

• D), wo o31lrM~ tot.QI eccc.iri\\y coot;; tor CY :!W.!

1:> be s,.01,.524 milHtm (rounded ta $1.012 blllio11). crecrly, 11-.is* figure de~ not rcllcc:t cosb O$Sooic:.tc~ wi:h compan'cl)

In Clltegory E. (:"11inimal sacuriiy ai;Civ!li!9,) fgr which we halll! r.o det&.

The s,.012 bimon figure doo3 not rcftet.1-.ieriobility dJc to ::iomplir:g err~r. ltwc factor In oon,pling errcr uclng a ctanc:1ard do'Ji;i!ion ot $lf,M:1:II million (rounded 10 $114 rnillicln), we obtain~ a 9$~ upporconlldonoo limit

. 01 $1, 156.265 mllllOf'I (S 1 166 b!ll_lon). nh, meilns Iha! wr; ri.1*11." 95~. conflclenr:e tt:at me l:Lre (but unlumwn)

• Pl-'PLllatinn lot~I cnst does not t?Xf'.t!t?.d s,.., 8ft billiru,

~:iUlf!J111Cfll:!

cnrnp.'ll\\l9S warv &tratlllocl property, using sound crttatla 1h111 retlAct ec1ua1 S$Curliy

<.O.'JIS (Or t>;.leh tialcgoty

.Cc111pz1nj93 wero selected at random from each Cllll*~or;.

Tha coc:uniy cor.r profilo tar nnn-m~pord11"19 r..nmpor.,cc 1c c:fl"d:u ro 1h.1t 01 r~por.t.hl'IS c:omp:1111~~-

• P11:va11<d l>y. ~clrl Luria, Ph.D.. lJ.S. NUCIAA' A..c;11?11t1*, r..c111*111~..;.*~** oc:ro.'OPBA

/'*

. TiJTl=l. P.. 02