ML19330G098

From kanterella
Jump to navigation Jump to search
NEI - Endorsement of NEI White Paper, Changes to NEI 10-04 and NEI 13-10 Guidance for Identifying and Protecting Digital Assets Associated with the Balance of Plant, Dated November 2019
ML19330G098
Person / Time
Site: Nuclear Energy Institute, 99902028
Issue date: 11/26/2019
From: Gross W
Nuclear Energy Institute
To: Shana Helton
Document Control Desk, Office of Nuclear Reactor Regulation, Office of Nuclear Security and Incident Response
Shared Package
ML19330G096 List:
References
Download: ML19330G098 (2)


Text

WILLIAM R. GROSS Director, Incident Preparedness 1201 F Street, NW, Suite 1100 Washington, DC 20004 P: 202.739.8123 wrg@nei.org nei.org November 26, 2019 Ms. Shana Helton Director, Division of Physical and Cyber Security Policy Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission Washington, DC 20555-0001

Subject:

Endorsement of NEI White Paper, Changes to NEI 10-04 and NEI 13-10 Guidance for Identifying and Protecting Digital Assets Associated with the Balance of Plant, Dated November 2019 Project Number: 689

Dear Ms. Helton:

By letter dated July 27, 2012, 1 the Nuclear Regulatory Commission (NRC) found NEI 10-04, Identifying Systems and Assets Subject to the Cyber Security Rule, Revision 2, dated July 2012, acceptable for use by licensees to identify critical digital systems and critical digital assets. By letter dated September 7, 2017, 2 the NRC found NEI 13-10, Cyber Security Control Assessments, Revision 6, dated August 2017, acceptable for use by licensees to address the security controls provided in their cyber security plans. Lessons learned through the implementation of cyber security programs indicate that guidance improvements are necessary to enhance clarity, enable efficient and consistent program implementation and to support NRC oversight activities.

Accordingly, the Nuclear Energy Institute (NEI), 3 on behalf of its members, is submitting the attached white paper proposing changes to NEI 10-04 and NEI 13-10 for NRC review and endorsement. The changes in this white paper improve the screening of digital computer and communication systems and networks associated with the balance of plant (BOP) at nuclear power reactors. The BOP will remain within scope of the NRCs cyber security rule and other related NRC requirements.

1 ADAMS Accession No. ML12194A532 2

ADAMS Accession No. ML17240A002 3

The Nuclear Energy Institute (NEI) is the organization responsible for establishing unified industry policy on matters affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues. NEI's members include all entities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect/engineering firms, fuel cycle facilities, nuclear materials licensees, and other organizations and entities involved in the nuclear energy industry.

Ms. Shana Helton November 26, 2019 Page 2 The attached document provides a technical basis for the changes and provides a markup of the relevant changes made to NEI 10-04 and NEI 13-10. The markup does not include all minor editorial and conforming changes. All changes will be incorporated into future revisions of NEI 10-04 and NEI 13-10.

NEI requests that the NRC review and endorse the NEI White Paper, Changes to NEI 10-04 and NEI 13-10 Guidance for Identifying and Protecting Digital Assets Associated with Balance of Plant, dated November 2019, by January 20, 2020. While each licensee must review changes to their Commission-approved Cyber Security Plan in accordance with the requirements of 10 CFR 50.54(p), NEI requests that the NRCs review confirm that the changes proposed in this white paper do not decrease the effectiveness of the cyber security plan provided in NEI 08-09. If any revisions to this document are desired, please include suggested wording and the technical data to support the proposed change(s).

If you have any questions or require additional information, please contact Richard Mogavero, at (202) 739-8174 or rm@nei.org, or me.

Sincerely, William R. Gross Attachment c: Mr. James D. Beardsley, NSIR/CSD, NRC NRC Document Control Desk