Text

_. _

UNITED STATES o,

y g 7,,j NUCLEAR REGULATORY COMMISSION E

W ASHINGTON. D. C. 20S$5 J'

s f

....?

ttAy 2 61978 MEMORAflCUl1 FOR:

Reactor Safeguards Licensing Eranch FROM:

Robert A. Clark, Chief Reactor Safeguards Licensing Branch Division of Operating Reactors, NR'l

SUBJECT:

UNRESOLVED ISSUES - REVIEW GUIDELINE NUMBER 22 If, in the course of the review of the 573.55 security plan there arises, on a site specific basis, an issue that cannot be resolved in the dis-cussions between the staff and the licensee, the review team leader will prepare a letter that will be sent to the licensee stating the requirement (s) that will be placed on the licensee in the Security Plan Evaluation Report (SPER) so that the security plan will meet the performance requirements of 673.55 and can be found acceptable by tne staff.

(e.g. We will require the licensee to include the containment building area in his list of Vital Areas.") The requirement, so stated, wiM be incorpora ed into the Site f acurity Plan, as a condition for approval, when the SPER is issued.

Upon receipt of the letter of notification, the licensee may initiate the NRR appeal process through the licensing project manager if he finds the requirement unacceptable.

If, upon completion of the appeal process the requirement has not been removed, the licensee may elect to incorporate the requirement into his Security Plan or to propose a compensating measure that will provide equivalent protection.

In that event, a license amendment will be processed in accordance with $50.90 and 550.91 to identify the Security Plan, submitted by the licensee in compliance with 573.55, as the approved plan for the site and as a condition of the operating license.

In the event the licensee does not provide the required protection, the license amendment will be processed identifying the submitted Security Plan as the approved plan for the site and as a condition of the operating license. This is to be followed imediately with an Order for Modification of License, in accordance with 10 CFR 2.204, to incorporate the staff requirements into the license (i.e. the security plan).

(S R bert A. Clark, Chief Reactor Safeguards Licensing Branch Division of Operating Reactors, NRR B'105070h

m f# *%,,

uNireo states

'y y

Pg NUCLEAR REGULATORY COMMisslON

,g WASHINGTON, D. C 2055s

%.44/

H0Y 0$ B73 MEMORANDUi' FOR: Reactor Safeguards Licensing Branch Division of Operating Reactors, NRR FROM:

Robert A. Clark, Chief Reactor Safeguards Licensing Branch Divison of Operating Reactors, NRR l

SUBJECT:

PROTECTION OF NUCLEAR POWER PLANTS AGAINST INDUSTRIAL SAB0TAGE BY THE INSIDER - REVIEW GUIDELINE #23 In order to meet the general performance requirccents of 673.55(a), high assurance protection of a nuclear power plant against the threat of sabotage posed (1) with the active or passive assistance of an insider or (2) by an insider acting alone must be provided. Common to most scenarios that can be postulated for successful sabotage by a single insider, is the need for unrestricted access to vital areas'and unrestricted time in these vital areas. Consequently, security measures that olace controls on access to j

Vital I vital areas and/or limit the time allowed in Type I vital areas

}

must be provided to meet the general performance objective of 173.SS(a).

We have encouraged licensees to develop security measures to achieve these obj ectives.

k High assurance protection against sabotage by an insider may also be pro-g vided by security measures that permit unescorted access to Type I vital areas to only those individuals whose reliability and trustworthiness has 0

been established using additional procedures that provide a high level of I

confidence.

I:

The following measures, when properly applied in conjunction with those i

security measures implemented by the security plan to meet the requirements i

of 173.55 (b) through (h) provides an acceptable level of protection against sabotage by the insider.

4 General A.

Persons who are granted unescorted access to a Type II vital area (1) must have a need for access and (2) must have been found acceptable through a screening program described in ANSI N18.17-1973 Section 4.3 or the equivalent satisfactory empicyment record described in Review Guideline #1.

B.

Persons who are granted access 'A a Type I vital area (1) must have a need for access, (2) must have been found acceptable through a screening program described in ANSI N18.17-1973 Section 4.3 (or Review Guideline #1).

• Vital areas are discussed in Review Guideline #17 D6e 78.12g4 znS

...a....

u-

, NOV 061978 and (3) nust be authorized entry by the shift supervisor or other designated individual who has been informed of the estimated length of time to be spent in the Type I vital area. Authorization must be given on the shift the first Extension entry is to be made and should terminate upon completion of the work.

of the authorization into the next shift can be nade by the shift supervisor (or designated individual) informing his replacement for tNe next shift of the area, the work in progress and the personnel who have been authorized for e ntry.

i Each of the folleking options when applied in conjunction v.th the pro-C.vision; in (B) above provide acceptable levels of protectior, against r.abotage t

by a single insfder.

Ootion sl: Co partmentalization The erection of barriers, installing doors, gratings or conpartments to 1

enclose vital equipment so that access to a single vital area cannot result

.]

in successful sabotage (i.e., eliminate Type I vital areas).

Option #2: Two-Man Rule (a) Two or more individuals may be authorited to enter a Type I vital area together (1) if each person is advised of his responsibility to monitor the activities of his co-workers while in the area, (2) each individual is deter-mined to have the knowledge and ability to identify unauthorized activities i

if conducted by his cc-yorkers, (3) each individual must have the capability to observe, at any time and for as long as necessary to ascertain that i

activities are authorized, and (4) the capability to communicate with the j

control room or CAS/SAS must be available to each individual while in tne Type I vital area.

t

" OR (b) Monitoring of the activites of one or several persons in certain Type I vital areas by an individual can be perforr.ed from a remote location (CCTV) l providing the assigned individual has the knowledge and ability to identify l

unauthorized activities and can initiate a response to control and/or correct the situation.

Several examples are given below to illustrate the practical application of this procedure.

EXAMPLE:

Two men are both working on a task which requires that they be located within sight of one anothar; however, the task also requires that they do not normally l

l 1

u v...'-

h i

NN face one ancther. The nature of the task does not prevent them from observing one another. This situation satisfies the above guidelines.

l EXAMPLE:

1 Two men are both working en a task together. One man leaves the immediate area (but not the VA) to retrieve a part; he is out of eyesight for a few mi nutes. Nothing prevents his partner from following him to check on his where3 touts and nothing prevents the other man from returning at any time.

This situation satisfies the above guidelines.

EXAMPLE:

Health physics personnel require knowledge of an individual's entrance into a VA and records time of entrance and work request authorizing. There is 3

visual contact between HP and individual no less frequent than every 10 j

minutes and the capability for visual contact at any time. This satisfies the guideline.

Option #3:

Personnel Reliability The fMlowing may be pemitted entry into Type I vital areas without escort or monitoring:

(a) An individual granted an NRC "Q" clearance;

~

e OR (b) An individual with (1) five years continuous service in a position that required access to a nuclear power plant Type I vital area; (2) certification by employer of trustworthiness and reliability based on observation of the employee during this service; and (3) a NRC sponsored NAC investigation, i

(or its equivalent) has been completed with favorable results; OR' (c) An individual with (1) a NRC granted operator license: (2) certification by employer of trustworthiness and reliability based on observation of the employee, and (3) a NRC sponsored NAC investigation or its equivalent has been completed witn favorable results.

w_

.c%

Robert A. Clark, Chief Reactor Safegt.ards Licensing Branch Division of Operating Reactors, NRR

[p2 CfC UNITED STATES 3'

NUCLEAR REGULATORY COMMISSION

$...'I

,h, WASHINGTON, D. C. 20565 p#

MAY 3 0 1979 MEMORANDUM FOR: Reactor Safeguards Licensing Branch Members Division of Operating Reactors, NRR FROM:

Robert A. Clark, Chief Reactor Safeguards Licensing Branch Division of Operating Reactors

SUBJECT:

ACCEPTANCE CRITERIA FOR NUCLEAR POWER PLANT SAFEGUARDS CONTINGENCY PLANS - REVIEW GUIDELINE #24 Enclosed are the contingency plan acceptance criteria to be used in the review of licensee contingency plans.

RE.h

~

M L

Robert A. Clark, Chief Reactor Safeguards Licensing Branch i

Division of Operating Reactors Office of Nuclear Reactor Regulation

(

Enclosure:

As stated cc:

J. R. Miller F. G. Pagano l

l lkp0)ff)b$

0 x

9

r-

[a nts

'o UNITED STATES

~,,

!"~

NUCLEAR REGULATORY COMMISSION n

{

E wasniwoTom. o. c. 20sss s

e

/

FEB 0 41990 MEMORANDUM FOR:

Physical Security Licensing Branch FROM:

George W. McCorkle, Chief Physical Security Licensing Branch

SUBJECT:

ACCEPTABLE COMPENSATORY MEASURES FOR FROTECTED AND VITAL AREA IiiTRUSION DETECTION HARDWARE OUTAGE -

REVIEW GUIDELINE NUMBER 9. REVISI0ii 1 The requirer.ent of perimeter and vital area intrusion detection hardware is to instantaneously detect the unauthorized entry or attempted entry of individuals or vehicles into r.otected and vital areas. This " alert" provides the initiating action ft imediate response by the site security force to protect vital equipment.

In the event of a hardware outage the compensatory measures lust satisfy the above requirement by providing a means for imrrediate detection of unauthorized entry. The following two measures are examples of the mini-mum acceptable compensatory measurcs for a total or sectional failure of the protected area or vital area intrusion detecticn systen.

a) Deployment of a back-up intrusion detection system.

b) Deployment of on-the-spot guards with appropriate comunication to provide total observation of each affected protected area zone or vital area portal.

This guideline is applicable to both 73.55 Security Plan and Appendix C Contingency Plan reviews.

fh'k Geor J.McCorkle,ChDeP Physical Security Licensing Branen 20 $Y

,