ML19200A224

From kanterella
Jump to navigation Jump to search
NRC-2019-900353 - Resp 1 - Final, Agency Records Subject to the Request Are Enclosed
ML19200A224
Person / Time
Issue date: 07/18/2019
From:
NRC/OCIO
To:
References
FOIA, NRC-2019-000221, NRC-2019-900353
Download: ML19200A224 (9)
v  d  e


Text

Sensitive Internal lnfonnation I NRC Intranet Page 1 of9 You are here: Home >> Offices >> SUNSI >> Sensitive Internal Information All~[~ti.crn.

8riva,cy Act/All CE!I Rropri~t~fY SElcurity R!;lated 1 Sensitive Internal Information

' i Table of Contents

  • Applicable_pocument,_Categories
  • Authority_ to _ _Designate
  • Access
  • Marking
  • Use __ While __ Traveling_or_Commuting
  • _Physical __ Copy_Transmission
  • ElectronkCopy_Transmission
  • Storage
  • APPLICABLE DOCUMENT CATEGORIES Attorney-Client Privilege Attorney Work Product
  • Cover Sheet
  • Re_prod_uction
  • Processing_on __ ElectronkSystems
  • Use at Home
  • Destruction
  • Decontrol __ Authority Includes any predecisional information that rises to a level of sensitivity to justify it being protected as SUNSI. As such SIi includes predecisional enforcement information but can also include other types of predecisional information. A subject matter expert should make a determination whether the specific predecisional information rises to a level that requires protecting it as SUNSI.

Sensitive - Not For Distribution (Except to Commission Adjudicatory Employees in Accordance with 10 CFR 2.348)

Information submitted to the Commission marked "Sensitive" Source selection information other than proprietary information https://drupal.nrc.gov/sunsi/34644 03/05/2019

Sensitive Internal lnfonnation I NRC Intranet Page 2 of9 L... IQ.f>._

I

--~

--~

i AUTHORITY TO DESIGNATE I

! For NRC originated information, originator proposes - si~ner approves.

-- -1 For NRC received information, office principally responsible for the information.

ACCESS Who may have access?

. -.,. top __

NRC employees or NRC contractor employees who have a need-to-know the information to perform their official duties.

I

/... JOF'...

I

--M~;~-;NG --------------- -- -------------------------------------------

-1

  • ----~-*--

*,. -*-***---* i What documents should be marked?

Who may authorize document marking?

How should a document be marked?

. Mark all pages of all documents.

Originator, supervisor, or principal recipient.

Mark at top and bottom of each page.

Mark as "Official Use Only-Sensitive Internal Information" OR use mor~ specific markings, as illustrated in the following examples:

For Attorney-Client Privilege: "Official Use Only -- Attorney-Client Privilege" For Attorney Work Product: "Official Use Only-Attorney Work Product" https://drupal.nrc.gov/sunsi/34644 03/05/2019

Sensitive Internal Infonnation I NRC Intranet Page 3 of9 L

I.,

When is portion or page marking required?

COVERSHEET When should a cover sheet be used?

What cover sheet is used?

REPRODUCTION How many copies may be made?

For Predecisional Enforcement Information: "Official Use Only

- Predecisional Enforcement Information" For Adjudicatory Material: "Official Use Only-Adjudicatory Material" Not required.

'*** 1Qf:...

Not required.

Note: Use of the green "Official Use Only" cover sheet has been discontinued.

Not applicable..

Reproduction is limited to the number of copies needed for official use unless document contains restrictions.

Copies must clearly show the original markings.

Note: Where restrictions are imposed on.reproduction, the employee must also ensure that there are no non-authorized copies residing in electronic systems, such as on the network drive, local hard drive, printers, copiers, or any other electronic medium.

t ******.l.C,J::...

PROCESSING ON ELECTRONIC SYSTEMS On what information NRC LAN and other systems authorized to operate by the NRC under MD.. 12._5, "NRC Cybersecurity Program."

https://drupal.nrc.gov/sunsi/34644 03/05/2019

Sensitive Internal Information I NRC Intranet systems may Page4 of9 the document be processed?

Is encryption required while data is at rest?

May the information be processed in ADAMS?

USE AT HOME May I use the document at home?

0MB has directed that all sensitive information be encrypted both at rest (electronically stored) and during transmission.

NRC is working to implement the capability to automatically encrypt data at rest within NRC facilities. Any SUNSI that is outside of NRC facilities must be encrypted at rest.

Sensitive Internal Information may be entered into the ADAMS Main Library and must be profiled as Non-Publicly Available and Sensitive. Assign access rights to user groups with a need to access the information to perform their official duties.

ADAMS Sensitivity Code: A.7 Note: Sensitive Internal Information has two (2) sub-categories within the A.7 sensitivity code. Therefore, you must select the proper A.7 based on the following criteria:

Sensitive Internal Information - No Periodic Review Required -

contains attorney-client privilege, attorney work product, or predecisional enforcement information.

-Sensitive Internal Information - Periodic Review Required -

contains all other Sensitive Internal Information

.......J.nP...

Yes. Abide by the following requirements:

Employees are prohibited from using, handling, and storing the information at their residences and on personally owned devices or sending information to non-NRC email addresses (e.g., personal email accounts).

Occasional use at an employee's residence requires approval of the employee's immediate supervisor or above.

Electronic work from home must use an NRC computer or an NRC authorized capability, such as BYOD or*CITRIX.

To ensure that the information is not viewed or accessed inadvertently or willfully by a person not authorized access, the https://drupal.nrc.gov/sunsiY34644 03/05/2019

Sensitive Internal Infonnation I NRC Intranet Page 5 of9 May I use the information at home underthe NRC Flexible Workplace Program?

employee must ensure that the information cannot be seen by a family member, guest, or any other individual who is not authorized access.

Employees are prohibited from processing SUNSI on personally owned computers unless connected to and working within CITRIX, the NRC Broadband Remote Access System. Employees are prohibited from downloading or storing SUNSI to the hard drive of a personally owned computer when connected to and working within CITRIX. Employees are also prohibited expressly from processing SUNSI on personally owned computers even when an encrypted floppy disk, CD, DVD, or thumb drive is the storage media.

Employees who work at home must perform electronic processing of SUNSI on either (1) a home computer within the virtual environment provided by the agency through CITRIX, (2) an NRC-issued laptop with NRC-approved encryption software, or (3) using an NRC authorized solution such as BYOD.

It is discouraged to take hard-copy material to private residences. If hard copy material is taken home, it must be returned to an NRC facility and stored and/or destroyed according to the instructions provided in this guidance.

Yes. Abide by the following requirements.

If you are approved to work at home under the NRC Flexible Workplace Program, use in accordance with standards set forth in NRC Form 624, Flexible Workplace Program Participation Agreement.

To ensure that the information is not viewed or accessed inadvertently or willfully by a person not authorize'd access, the employee must ensure that the information cannot be seen by a family member, guest, or any other individual who is not authorized access.

Employees are prohibited from processing SUNSI on personally owned computers unless connected to and working within CITRIX, the NRC Broadband Remote Access System. Employees are prohibited from downloading or storing SUNSI to the hard drive of a personally owned computer when connected to and working within CITRIX. Employees are also expressly prohibited from processing SUNSI on personally owned computers even when an encrypted storage media is employed.

https://drupal.nrc.gov/sunsi/34644 03/05/2019

Sensitive Internal Infonnation I NRC Intranet Page 6 of9 Employees who work at home must perform electronic processing of SUNSI on either (1) a home computer within the virtual environment provided by the agency through CITRIX or,,

(2) an NRC-issued laptop with NRC-approved encryptiqn software, or (3)' using an NRC authorized solution such as BYOD.

,,-... TQP..

USE WHILE TRAVELING OR COMMUTING May I use the information while on official travel or commuting to or from work?

Yes. Abide by the following requirements:

Use of the information is discouraged while traveling on public transportation. To ensure that the information is not viewed or accessed inadvertently or willfully, the employee must ensure that it cannot be seen by persons not authorized access.

Particular care should be taken on a public conveyance or in waiting rooms where others may be sitting and standing in close proximity to where the information is being used:

Individuals should hand carry protected information during travel only if other means for transmitting the information, e.g., mailing ahead, secure information sharing, are not readily available or are operationally unacceptable. If hand carrying is determined to be the best transport method, care must be exercised to ensure that the information is not compromised through loss or inadvertent access.

Information must be kept in the traveler's personal possession to extent possible, and stored, appropriately wrapped, in hotel security facilities if possible.

Information must not be saved/stored on a personally owned computer. Work must be performed on an encrypted laptop computer or other encrypted mobile IT device to preclude unauthorized access if the laptop or device is lost or stolen..

The information should be returned to an NRC authorized storage location at the earliest possible opportunity.

,.*.... rcw...

PHYSICAL COPY TRANSMISSION I

https://drupal.nrc.gov/sunsi/34644 03/05/2019

Sensitiv~ Internal Infonnation I NRC Intranet I Mayl transmit paper or electronic media including CD-ROM, disk or tape?

Yes. Abide by the following requirements:

Inside the NRC:

Electronic submissions, including CD-ROMs, submitted to the NRC should follow the E-Rule "Guidance for Electronic Submission to the Agency," available on NRC's external Web site at: (http://www.nrc.gov/site-help/electronic-sub-ref-mat.html).

Outside the NRC: Information may be transmitted by-NRC Messenger/NRC contractor messenger.

U.S. Postal Service: First Class Mail, Registered Mail, Express Mail, Certified Mail.

Hand-carried by any individual authorized access to the Page 7 of9 information. That individual shall retain the information in his r

or her possession to the maximum extent possible unless they place the document in the custody of another person authorized access.

Approved commercial express carriers (time-sensitive material only; use NRC Form 420); Transmit in single opaque envelope.

Other means approved by OIS and the Director, Division of Facilities and Security, ADM.

Incoming to the NRC: Electronic submissions, including CD-ROMs, submitted to the NRC should follow the E-Rule "Guidance for Electronic Submission to the Agency;" available on NRC's external Web site at: (http://www.. n.rc.gov/site-fielp/electronic-sub-ref-mat.html)

Encryption:

All electronic media (CD-ROM, disk, tape, hard drives, thumb drives, etc.) must be*encrypted in accordance with MD,.12._5.

1 ***** Jnl-'...

ELECTRONIC COPY TRANSMISSION May I transmit the document electronically bye-mail or fax?

Yes. Abide by the following requirements:

Inside the NRC (including Regions): Information may be emailed or faxed.

Electronic transmissions (e.g., e-mail, fax) outside the NRC must be encrypted in accordance with MD.,12.5 https:// drupal.nrc. gov/ sunsi/34644 03/05/2019

Sensitive Internal lnfonnation I NRC Intranet Outside the NRC:* Information may be transmitted by-Fax: May use non-secure facilities where it is confirmed that a recipient who is authorized to access the information will be present to receive the information.

E-Mail: All SUNSI information must be encrypted during transmission outside of the internal network as stated in MD 12.5. Please follow the guidance outlined in the Office of the l

Page 8 of9 Chief Information Officer issued.'.3..~.~-~-~-~-~-~-~~~!.. ~-~~~-~---~~~-~~~.r:v..

9,.. 2017.

STORAGE Use of portals that encrypt the _information during transmission, such as "BOX" are highly encouraged.

Otherwise, transmit a physical copy in the manner set forth above.

Electronic files must contain appropriate markings.

i.... WP...

\\*---*---------- --------- ~---------------- -

Inside the NRC (Headquarters and Regional Offices): Store in non-locking or locking container at the end of each business day or when not in use.

Outside the NRC (Resident Inspector Sites): Store in key locked desks or other key locked containers.

On NRC Electronic Systems: May be stored on NRC encrypted computer systems authorized to operate under _MD.. 12._S.

DESTRUCTION Official Record Version: Destroy in accordance with NRC Comprehensive Records Disposition Schedule (NUREG-0910).

Non-Official Record Copies: Destroy copies other than the official record version by any means that prevents reconstruction in whole or part, including the following methods:

Using an ADM/DFS approved shredder that has been approved to destroy classified information, Safeguards Information, SUNSI, and Controlled Unclassified Information (CUI).

Placing in a Sensitive Unclassified Waste Disposal Container.

https://drupal.nrc.gov/sunsi/34644 03/05/2019

Sensitive Internal Infotmation I NRC Intranet Tearing into one-half inch pieces or smaller (in all dimensions) and dispose of in a waste receptacle.

Burning, pulping, pulverizing, or chemical decomposition.

Electronic Data: Use NRC authorized destruction methods in accordance with MD 12.5.

,.. :.... HJ.I:'....

DECONTROL AUTHORITY Originating office or office primarily responsible for the information.

/......1.nr...

CONTENT OWNER Page content maintained by: SUNSI.Resource@nrc.gov.. ~.

https://drupal.nrc.gov/sunsi/34644 Page 9 of9 03/05/2019

Retrieved from "https://kanterella.com/w/index.php?title=ML19200A224&oldid=4924272"