ML20050A639
| ML20050A639 | |
| Person / Time | |
|---|---|
| Issue date: | 03/28/1979 |
| From: | Donoghue D NRC OFFICE OF ADMINISTRATION (ADM) |
| To: | Granguist W OFFICE OF MANAGEMENT & BUDGET |
| Shared Package | |
| ML20050A634 | List: |
| References | |
| FOIA-81-409 NUDOCS 8204010525 | |
| Download: ML20050A639 (19) | |
Text
/
o SEC CEN FILE 7.22
{
8 UNIT ED STATES
[
. lg NUCLEAR REGULATORY COMMISSION g,
j WASHINGTON, D. C. 20555 e
%'....**/
MAR 2 81979 Mr. Wayne G. Granquist Associate Director for Management and Regulatory Policy
'M.,N Office of Management and Budget Executive Office of the President Washington, D.C.
20503
Dear Mr. Granquist:
Reference is made to your letter dated February 1,1979, regarding Office of Management and Budget (0MB) Circular No. A-71, Transmittal Memorandum No.1 (TM-1), entitled " Security of Federal Automated Infor-mation Systems," dated July 27, 1978, and your letter dated February 12, 1979, regarding the General Accounting Office (GAO) report entitled
" Automated Systems Security -- Federal Agencies Should Strengthen Safe-guards o' er Personal and Other Sensitive Data."
v As suggested in your letter of February 1,1979, Mr. Richard Harris of my staff contacted Mr. Ed Springer of your staff to discuss the strengths and weaknesses of the Agency plan we submitted to you on November 27, 1978.
We were happy to hear that our plan was generally responsive to the re-quirements of OMB Circular A-71 TM-1, although it was indicated that our management control process was not completely adequate and that more detailed security specifications are required for personal, pro-prietary and other sensitive data.
In further response to your letter of February 1,1979, the Nuclear Regulatory Commission (NRC) staff has reevaluated the Agency plan sub-mitted to OMB by letter. dated November 27, 1978, against the Agency Computer Security Program Checklist enclosed with your February 1,1979 letter.
The checklist is more comprehensive than the NRC plan; there-fore, we have prepared a brief response to each of the twelve major checklist elements (see Enclosure 1).
This response will serve to up-date, expand or otherwise revise information previously furnished OMB.
We cannot at this time submit a complete updated agency plan based on the " Agency Computer Security Program Checklist," as requested. We are currently in the process of developing a comprehensive computer security plan for personal, proprietary and other sensitive data.
This will be y
accomplished through a series of actions on the part of NRC, and the ic Director of Security has lead responsibility for this plan.
8204010525 811204
,w SHEARER 81-409 PDR
=--
l
(,
s Mr. Wayne G. Granquist '
Since flovember 27, 1978, we have established an Information Technology Management Task Force to develop our Information Technology Management Flan which will, among other things, " address the security aspects of automated systems. The specific aspects of the planning effort are contained in Enclosures 2 and 3 to this letter.
We recognize the importance of implementing the requirements set forth ann in OMB Circular A-71, TM-1.
Please do not hesitate to contact me if you have any further questions on this response.
Sincerely, l
Daniel J. Donoghue, Director i
Office of Administration i
~ _
Enclosures:
- 1. Agency Computer Security Program Checklist
- 2. Tentative Outline for flRC Five Year Information Technology Management Plan
- 3. Milestone Chart for Action Plan for Development of NRC Five Year Infonna-tion Technology Management Plan mma bec:
D. J. Donoghue, ADM J. J. Cummings OIA J. W. Maynard, ELD.
W. J. Besaw, TIDC C. R. Troutman, ADPS J. R. Wallace, F05 J. M. Felton, DRR SEC CEN FILE.7.22 X ~ M
~
FSSB FSSB SEC ADPS TIDC
- 'l "
MRHarris:mj CLBurch RJBrady CRTroutman WJBesaw I
3/ /79 3/ /79 3/ /79 3/ /79 3/ /79 u ; [,
.....D..R..R................
........E L. D...........
......O...I. A..............
.......F. 0..S.............
.....A..DM..
.....A.DM.......
JMFelton JWMaynard JJ Cummi,n.g.s.,..
J RWal,].a g,e.,,.,,..P.G.t!.or.ry.........,.DJDonog h,ue,
.../...../. 7. 9.......
. 3../... /. 7. 9....... 3 /..../. 7 9.......
.... 3/..../. 79 ci
.. 3../....../. 7. 9.........
...3. /.... /.7 9.....
3
. s c.'. mc mu m men mcw one A.......--............................
-e u
(*
(,
EftCLOSURE 1 AGEflCY COMPUTER SECURITY PROGRAM CHECKLIST I.
Assignment of Responsibility for Computer Security The individual having lead responsibility for computer security is:
Raymond J. Brady, Director Division of Security cwcy US f!uclear Regulatory Commission Washington, DC 20555 l
Mr. Brady can be reached on 301-427-4472.
II.
Ibnagement Control process for Computer Applications The flRC has a management control process to assure that appropriate administrative, physical and technical safeguards are built into computer. systems processing classified infomation and will assure that such safeguards are built into computer systems processing personal, proprietary and other sensitive data.
~
Since NRC's reply of November 27, 1978, an Infomation Technology Man-agement Plan Task Force was established in January 1979, by the Director of Administration, to complete an NRC Infomation Technology Management Plan. This overall agency plan for Infomation Technology Management will take into consideration, as a minimum, all automated processes in-volving computer systems, telecommunications systems, video systems and ww word processors.
The Deputy Director of Administration will chair the Task Force since
' - ~
the Director of Administration has overall responsibility for agency-wide automatic data processing (ADP) planning, coordination, control and support services.
i While the NRC has management control processes for the security aspects of classified information processed by ADP systems, we recognize there is a need to develop such processes for ADP systems processing personal, proprietary or other sensitive data. The latter will be contained in appropriate NRC documents such as the NRC Direc-
,[]
tives System, lw:.n f
- i.:..
.g Q
e idkh 6W
. - _ _ _ _ _ _ = - - _ - - -
(.
(.
(
4 2
~
III.
Security Specifications Currently, the NRC managemer.t control process already provides for
~
defining and approving security specifications for systems processing s
classified information, and we will develop specifications for systems processing personal, proprietary or other sensitive data. We understand
'~
{ \\
that the new computer security standards, guidelines, policies and regu-4 "ccrhi lations for the protection of such data, referenced in OMB Circular A-71, TM-1, will not be available in the near future from the Department of Commerce or the General Services Administration.
In the absence of any new guidelines and policies, NRC will continue to apply guidelines and policies already in existence, such as Federal Information Processing l
Standards Publications (FIPS PUBS), Federal Property Management Regula-tions and NRC Manual Chapters to systems processing classified informa-E 1
tion or processing personal, proprietary or other sensitive data.
The Information Technology Management Task Force, mentioned in II above, plans to review and catalog all personal, proprietary and other sensitive data systems.
The identification of a management control process for defining and approving security specifications prior to programming new applications or making significant changes to old applications will be addressed in an Appendix to NRC Manual Chapter 2101, entitled " Automated Systems Security for Personal, Proprietary or Other Sensitive Data."
i 1
Approval processes, definitions, procedures, delegations, as well as selections of job functions and individuals, will be discussed for the most part in the above-mentioned directives system.
I"*'"4 IV.
Design Review Process The Division of Security requires detailed design reviews for systems
.-4 processing classified information.
Such procedures will be broadened i
c-l and expanded to include personal, proprietary and other sensitive information.
The Information Technology Management Task Force will develop a plan
.c' for detailed design reviens and establishnent of responsibilities.
In addition, the review process will provide adequate checks and balances
. y.
to assure adherence to the approved security specification and will provide for approvals cf system designs subsequent to design reviews.
,.:s fE23 The actions to effect the above procedures and policies are scheduled 07.;'
to be implemented by March 1980.
.s 9
'a r'.J
- O8 ffh$'M
_ = _ -.
~
. i e
(,
[
^'
i V.
System Test Process The NRC does have test procedures for many aspects of security, in-cluding administrative procedures, physical security and technological security on many types of classified programs.
Not all programs and systems are covered by existing procedures in NRC Manual Directives.
The Infonnation Technology Management Task Force will address all aspects of the system test process including:
the relationship
'F~-
between the design review process and the system test process; the testing of all aspects of security for all sensitive programs; the consideration of the results of previous audits in the test procedures; the documentation of system test results and the establishment of the responsibility for conducting system tests on all sensitive programs.
I VI.
System Certification Process i
In general, new or modified systems are not operated prior to satis-factory completion of system tests.
The degree to which each system is subjected to formalized certification procedures is a function of the degree of sensitivity of the system.
A greater degree of formali-
~~~
zation of certification is planned to be incorporated in the informa-tion technology management plans and procedures, to be written by the appropriate operating divisions, resulting from those plans.
i All current operational systems and all systems planned to be put into operationrare in the process of being cataloged and will subsequently be surveyed in order to assure that certification of all systems will be established.
y,~q m.,-
VII.
Audit / Evaluation Requirements j,
The NRC does make a distinction between security audits and security 4
evaluations.
In general, audits and evaluations are performed by the Office of Inspector and Auditor and security evaluations and surveys are performed by the Division of Security.
3 All audit, evaluation and survey requirements will be taken into con-1 sideration in the Infonnation Technology Management Plan for each of the current and future systems currently being surveyed.
An audit /
i" evaluation / survey schedule will result from the plan.
m,;?Q
- .m
.Q g
1 Iif.cL:t
(:}
\\; -
VIII.
Risk Analysis Process The NRC recognizes the need to perfonn risk analyses to a greater extent than has been done to date and to initiate risk analysis at an earlier phase in the design process. As a result, NRC personnel (e.g.,
Division of Security personnel) have been given formal training at the Department of Defense Computer Institute.
In addition, an analyst has FM been recruited by the Division of Automatic Data Processing Support to assist in that process.
NRC current'y utilizes three remote ccmputer facilities at which sensi-tive data is processed:
a) Department of Energy at Germantown, MD; b) Department of Energy at Oak Ridge K-25 Facility, Oak Ridge, TN; and c) National Institutes of Health at Bethesda, MD.
Security plans for these facilities are currently developed by the agencies that own these facilities.
1 Four Data General minicomputers are operated within NRC by NRC personnel.
One minicomputer is utilized for scientific applications and the other j"
three for business applications which include payroll, accounting, per-l sonnel, and property and supply activities.
Current plans call for the
)
performance of risk analysis at these facilities by the Division of Auto-i matic Data Processing Support staff in accordance with the requirements of FIPS PUB 31, entitled "ADP Physical Security and Risk Management."
Along with the risk analysis for each minicomputer, NRC will generate a corresponding security plan for each of the four installations, in accord-ance with a directive to be issued by the Division of Security, entitled
" Automated System Security for Personal, Proprietary and Other Sensitive Data."
wevo The NRC also has a Document Control System (DCS) operated by a contractor who uses two Data General minicomputers with associated micrographics,
/
digital and video terminals to provide document identification and access to multiple users at remote locations.
The contractor has a contractual requirement and has delivered a risk assessment and security plan in accordance with FIPS PUB 31. At the present time, there are no personal, proprietary or other sensitive data stored in this automated system. NRC may, however, consider the incorporation of some types of sensitive data in the DCS after consolidating our facilities. Such proposals will be reviewed by the appropriate Divisions of the Office of Administration and the Office of Inspector and Auditor to insure that adequate protec-
_, a tion for such sensitive data has been planned.
1 i
'T D Following the completion of risk analyses and security plans for the ap-1 - ;4 plications/ installations using minicomputers, NRC will then initiate risk analysis for applications which are run at the DOE and NIH facilities, to i
supplement risk analyses run by those agencies.
\\
.u >.
+
. Ab
- .a A
. - ~,
(.
(..
O -
Formal procedures and applicable definitions will be developed as part of the overall NRC program for adherence to National Bureau of Standards guidelines.
IX.
Procurement Requirements The NRC makes every effort to assure that Federal Property Management Regulations are adhered to in the process of procurement of equipment,
,a computer processing services, facility management services, general purpose software, operating system software and the design or program-ming of applications. Appropriate steps are taken to safeguard classi-ficd information.
The Information Technology Management Task Force plans to expand the safeguard activity to encompass the security of unclassified sensitive information that may be inherent in the pro-curement process.
X.
Contingency Plans The NRC has backup and recovery plans in the event of application failures at the automated facilities, i.e., DOE and NIH, currently being used and, in addition, requires the development of contingency plans in accordance with FIPS PUB 31 to be included in contractor security plans as a part of their contracts.
The plans cover any events that could cause a significant disruption of service.
In addition to the contingency plans for the Document Control System, the NRC has backup facility plans for the property and supply mini-computer system and is preparing such plans for the payroll and per-sonnel minicomputer system.
XI.
Personnel Screening Requirements The NRC has a detailed personnel security screening requirement author-
't ized by the Atomic Energy Act of 1954, as amended, and Executive Orders
(
10865 and 10450 for employees and contractor employees who may require c,
access to Restricted I)aTa ~and/or other cl~issifieT information. ~
~
The Division of Security has consulted with the Office of the Executive
./
Legal Director as to the legal authority for instituting a security screening program for contractor personnel requiring access to only unclassified personal, proprietary or other similar sensitive data handled by ADP systems.
Neither the Division of Security nor the Executive legal Director's staff have been been able to identify sta-t tutory' authority for engaging in such a program. Additionally, there is an absence of definitive guidance from OMB in this matter.
..q e
j
i I
(
(
Until such time as appropriate statutory authority is identified and j
definitive guidelines are provided, the NRC will be unable to establish t
requirements for the screening of personnel requiring access to unclas-l
- sified personal.. proprietary or other similar sensitive data handled by ADP systems.
l XII.
Resource Estimates i
- so<,44 t
Resource estimates were provided in NRC's reply of November 27, 1978, to the extent possible at that time.
A subsequent reevaluation indicates that there are other factors affect-ing updated manpower estimates to be taken into consideration.
These include an analysis of the effect of policy and procedure guidelines that OMB Circular A-71, TM-1, states will be supplied by the Department 4
of Commerce and General Services Administration.
In addition, a more thorough analysis must be made of the manpower required by all affected Offices and Divisions for providing the necessary security for automated systems processing personal, proprietary and other sensitive data. The analyses will be done in cooperation with the NRC Controller as each major factor affecting manpower has been identified. A preliminary investigation will be undertaken, as part of the preliminary analysis indicated in NRC's November 27, 1978 reply, to evaluate possible manpower implications.
Yf%
/
e L
e 4
i e
I
,dd
. llu 3
- .
- ~.
+>>
('
(
EllCLOSURE 2 i
s TENTATIVE OUTLINE FOR NRC FIVE YEAR INFORf1ATION TECHNOLOGY MANAGEMENT PLAN I.
EXECUTIVE
SUMMARY
A.
Purpose of Information Technology Management Plan and Orga niza tion B.
Role of Information Technology in the performance of the
- La NRC mission C.
Specific major actions planned D.
Long-term program summary l
E.
Resource requirements F.
Results expected II.
SERVICES PROVIDED A.
Office of Administration 1.
Central management of information technology resources.
2.
Definition of relationship of information technology management to NRC mission.
3.
Resources for central management
..,,sen 4.
Overview of using offices served 5.
Special activities
~
6.
Advisory activities B.
Automatic Data Processing Support (ADPS) j,-
1.
Responsibilities 2.
Relationship of ADPS to ilRC missions and goals
~~ '
3.
Resources used for ADPS
,.,4 '
4.
Users served 5.
Special and advisory services.
\\
.~
i
-y~.
,gy, --
(
('
~
C.
Technical Information and Document Control (TIDC) 1.
Responsibilities 2.
Relationship of TIDC services to NRC mission and goals 3.
Resources used for TIDC services ecned 4.
Users served 5.
Special and advisory services D.
Telecommunications 1.
Responsibilities 2.
Relationship of telecommunications and other operations support (using information technology or services) to NRC mission and goals.
3.
Resources used for telecommunications and other operations support.
4.
Users served 5.
Special and advisory services E.
Wo'rd Processing and Office Automation t
1.
Responsibilities
-evo 2.
Relationship of word processing and office automation to NRC mission and goals.
-(
3.
Resources used for management of word processing and office automa tion.
..y-4.
Users served
'[
5.
Special and advisory services F.
Security x.
'77;:
1.
Responsibilities
-a A L*
I 2.
Relationship of security measures to NRC mission and goals, taking into consideration especially OMB Circular A-71 (TM-1).
l[.N 4%
_sN.cj
e c
(;
. esources used for security of information technology
~
3.
n systems and applications.
4.
Users served 5.
Special and advisory services
. h[b,,4 G.
Office of Management and Program Analysis (MPA) 1.
Responsibilities 2.
Relationship of MPA information products and services to NRC mission and goals.
' ~ ~ '
3.
Resources used for MPA information products and services.
4.
Users served 5.
Special and advisory services H.
Other Information Technology Services 1.
Services p ovided as parts of contracts (other than contracts specifically for information technology and ;ervices):
a.
Identification of service and type of service.
b.
Details.of contractual arrangement.
c.
NRC user (s).
d.
Relationship of services to NRC mission and goals.
e.
Cost and term of services.
f-r f.
Amplifying information as required.
'.D
9 2.
Services provided by NRC Offices other than described above:
a.
Identification of service and type of service.
b.
Identification of office providing and using three services.
m...'j c.
Relationship of services to NRC mission and goals.
l d.
Resources used.
l ilwi i~.q:
n, l /
-4 III.
FUTURE REQUIREl1ENTS FOR EACH NRC 0FFICE USER
~
I A.
Identification (e.g., Office of Inspection and Enforcement) 1.
Office plans related to hiRC mission and goals.
4 2.
Office stated information technology and service needs.
wAes 3.
Summary analysis of needs and alternatives for accomplishment.
4.
Planned action to satisfy the requirement.
B.
Identification (for other NRC Office users)
Same as above IV. EXTERNAL FACTORS A.
Summary of technology forecast related to NRC information technology needs.
B.
Summary of Federal policies related to NRC information technology needs.
V.
INTERtlAL FACTORS A.
Summary of NRC overall plans and policies bearing on the plan.
- "
B. Planning constraints (e.g., NRC consolidation). C. Shortfall of existing and currently approved resources to meet valid requirements. VI. ANALYSIS AND EVALUATION ~ VII. CONCLUSIONS AND RECOMMENDATIONS ANNEXES:
- .- a FQyd 1.
Detailed statement of strategy to progress from existing to ,;[g;3 planned systems. 2. Facilities, hardware, software, personnel requirements to imple-ment services. 4% O' g 7.2 m
/ (- ( l 3. Economic analyses (A-76,... etc. ). 4. Performance assessment criteria and procedures. 5. Training requirements ASSOCIATED PLANS
- Wws t
. Wa-esst 4 s. i '. t [. * ' a eJ 5
/ ( ( EtiCLOSUR,E 3 ACTI0il PLAtt FOR DEVELOPMEf4T OF flRC FIVE YEAR It60RMATI0tl TECHfl0 LOGY MAriAGEMEtiT PLAT 1 MILEST0ilE CHART uyt s i e 4 ' 'V98(R$ a w =or.--4 e 4to Id\\ "A#gn, a 4 w>m,# em
e.' g s..'. j E .. a-0 j,,' r 31 SIRNARY - I-1980 1979 f JAN FEB MAR APR MAY JUf1 'JUL AUG SEP OCT FJOV DEC JAri FEB f.* A R APR' MAY JUP: ACTIOfJ PLAN FOR DEVELOPMENT. OF NRC FIVE YE AR INFORMATION TECitfJOLOGY Mall AGEMENT PLAN IOverview, See Fo!!owing Pages for Detaill PilASE I EfJHANCE MAf3AGEMENT /i COfJTROL OF EXISTING f rJ FORMATION TECHfJ0 LOGY OPE R ATIONS. This is Primarily an in-lfouse Administration Ef fort to Define q 4 the Problem, increase Overall Visibility of Cur:ent Operations, Make What We fJow ifave Work as Well as We can for the flear Term, t and Prepare for.the Planning Ef fort. Some of This Eifort Will he Iterative end Extend into the Other Phases. PHASE ll ESTABLISH PLANfJlfJG FACTORS O This is Primarily an in-House Administration Ef fort With Limited Assistance From Outside to Draw I the Hounds of the Plan itself in Terms of Policy, Goals, Objectives, Assurnptions. Forecasts, and initial Analysis of Agency flequ.ements Already Known to Administration or Identified During the FY 81 Budget Submission. O --b PilASE Ill COfJSOLIDATE fJRC PLANfJING EFFOffT This Phaso is' Desi ned to involve all 0 Af f acted NRC Of fices in the Planning Effort. ^ 6 PilASE IV FIN ALIZE TIIE PLAN a 6--* PHASE V BEGIN PLANNED ACTIONS PilASE VI BEGIN SECOND Pl.ANNING CYCLE
q q t Ie ,7 l!. = l f U J f Y A 1 f R PA RA 1 f B E F 01 f 09 A J 1 E{>I C E 'D VO JT I TC O P E S 'G l t A i,I 1 1 / / i O S J f t J Y 1^ e I 2 A 1 O f R 1 P A O O d R O 1 A 1 i 'n MO i-(i f i d t O r / 3J 7r 9A e 0 m 1 J ,t 8 s a . d n et d gd e Y o s s e n it ye id n oF s e nig r s n t [o o n o a it a d SJ d n a t fi a t f e N n, r l it lo n o m aR s a i ta f p a od eC n ,P r J u Y id e TN A r e f g o g me s o t e G y n pt s t is t s a n it r e f NO L g ion e p n d n n a O o m n o ch s s a e O u t e t t roL AT EI P T L lol n s ,e s C u r lyS ie I r s mr yt T c ito is r c e c d a r i M AT o s u n e s n x r u t t a C As ie ni t ime 4 G0 nI E e s ne n p S n a o e t c h ic iC f o P a s e i D n O MN E1 4 h r r t c m :s gU u d or oL m e if ie t U c r e n f t r r f LR E Mi o T e r n q e c y n o t E C Tf oo lo fo( a sC sd e i n f u f s d J E mr n o e ic d ef e t t e t a n f t Ini r EOM GI E a S f i t VFE AXT io/ Int a ns) af a c uF a c h ina D et s ic s ni e D At df a Co e c mo mf le De E lei r e a n t J od n mn n s t ne r 2 ENG s 1 Ef t e it s t r s r S k c e e e eD t i m me f f n p d s E on od t i o e t DI A AFOS a a r t a ma eO nt A F i 'F o e s t d : r r i r i t e a a e t r e ' v3r. RN 1 OI a J r a n e mt a ns f h ruy y e s r e a n P ip u id iu pt pt lbT ml a R T O oW Cg f r C g e p og AA ELAI a S o e imeuiw loi loS m m o o r t k s t t ta r mqn 'c it r f ei c. e f ee~ O EM CO1 T nf o c r a e c e r e me l ei t f s s R R A o yl v s v e s o t ya a ei iL CI RP RM F T i t o n c s fo J Y e r
- i. DL f
f r e e e s s r n l t F E c I DSS DD DU AF nI la e f e s n e o Y AT O R im i c N E G t d n nh np b c d l J AO a A V f r e Ol P e e d ECI O DT T a. b c d e e i LI O r f I .ii4 PFL O NC N 3 I OR E 1 2 k ,{,1 H . 1 N I S. s T C A k k a A s s T CFE i T T l a a f< 3 AOT P c' 11m.a
!p. ) 4 A-1 f U J Y A t f. R P A R A M l l E F )t f nf D A 1 J p,, gt. h C E D <ib V 0 1 f T C O P E S O G UA L U b J 1 U O O f J O O O O' O \\e 3 Y A 1 f R P A O OMO R A 0 O ' z. d a . k,,1t M l E
- &/
l l F 01 7 f 9A 1 J m R
- s s
S d o s e t s 1 n i O d s. Pi a. ic e t f f r y v a o n. s a r s f t r l ile ,t o o r s ed f t \\, n 8 o e T n a l r g n cR t r l e d uc d C a n c e i j ; ls hi o it rs a a n o e t t t Y \\ it c oes nf t ni n c a d g ai a n mC b y oL m r r t a e p F o A S e a F I u t u e c a o s, Og G t; t sS r t a mf r r c t t F 'o t e q nn s x y. e r r o n o o s e ei ot c n dl ,i . G n r pt n s f r e e e G e E I P ic n y e is a n is r p n S r f i id o no n r o n t v Oo iR s n D mm l t cC v ok l i w w s, r ) i I lo m_a aR Oi n f i o n s N ed {7 inf t t lao c ns. lp e f gf e s c e e s h l s t e ie iv u c s s J P r u a c s r ml e iT o p i E a u t qN e s a r v r C ia c s J iD R R e i Dt d d s yt y,;, n s t f t a ims u
- s. Gnn: M u
f g mt C r r u oO oT f f e ed e e t e o d s S n Ac A f n r r t o n e o Oon s C nt n ny ir it in I gt r c c Aa f e i L d v s d d o cd a a n F d e Cf o n c r P ic a aP e nF e l, s ie Coo R e k g n .Nh e n n r + o n l a c Rt is j s i , mo b ud RE C a ne ilo itni ni iu n l e la s n inair e Ca l is f a S a me lo g h aS i inC Bi g T n 1 e mM w f
- N d
r ) v J mt S y. y f ai n ir P it ie wei mt r L P ie f s f o s s ni h e o n mt e o n lb o e n I f uh b r i r aP fyi s i r oC ie r r s c e u ic K u f e e r n g is r r g a f f v q c r c nt r v t is lb g n af B w d o n e g e p i n io s e d ed oa u A d o dI P R cP DI AD a InR e r e e r d a e s e r el el e t it r e t t r o el n J RPRT E n p DD P a f PP EPC T ie aB e u r n f l l v I P t r s oo o e d E R a. b c d e Ef t a t S e i. C n r P a a. b c d j*t ( I
- h. e I
I E E 2 1 4 S .i: S k .f A k s A k s a
- if. 3 s
i t a T i a l T P P T 0Nv l.3. 4 .1
'yf* s I. - e4 lC,< j l,,.47 i. .d
- f..:
l.).$, A 's_ 4 s4.a<;)!$ ! l N- ?h-? h, .s s A. ~ N 1979 1000 JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC J AfJ ' FED MAR AT'n MAY JUrJ'I. 1 PilASE II (Continued) Task 3 Establish Planning Assumptions and O-O ~ Constraint 1 (e.g., fJRC C.nolidation). Task 4 Collect and Analyze Stated User Rettuirements:
- e. Review fJeeds Stated in FY 81 O
O Dodget Submissions and Cc noare with Existing System Descriptic,is, User Stated Needs identified in Phase I, Task 2.
- b. Project Unstated Needs Based on b O Known Factors / Assumptions (e.g., Personnel Projections, Work.
load Trends, Etc.).
- c. Update Consolidated Needs List b O
- d. Analyre and Categorire fJeeds.
[TO s A Task 5 Adopt or Prepare an Information ia t- ,. Technology Forecast *What is Likely to be Available in Years Covered by the Plan?). ^ PilASE 111 CONSOLIDATE NRC PLANNING EFFORT Task 1 Involve all Affected NRC Officesin , the Planning Ef fort.
- a. Establish ad hoc NHC Management S
/\\ Direction Group Involving tjser Of fices, Providers of Service, Special Functional Representatives, Etc. t b, Establish Group Procedures. bO O m m ..----.-_-,..i--..--. ,.r. ..m ,,v ,m_.
e / r .-m e.: c C.< ea ( { w" A c,c-i c< MO'l Q y w O 0., 6-U O ./ c. w M o (J e D (l j 4 I .J D s .A ? '4 N N D s 4 <c. 4 N cc.< ? C< e# wsyn ccw ...= m, n *~ m4 -n -~~'. L13 s. U o E .t: M% C E. 0 5e y m C 3 2 Z U P-m ? O :; =m c ac a a 2 7 e a = F-o 2 c n o o O OE < J5 .5 5 E J . c. o A a m /.<, S ::: Q-O g w O c w. c w e 5 C = = 'c c. c oo ~ c.e
u c 3 = o = a -.5.m% cU r C j. c. c-u s '+ e t 3 .5 E 7 $,< =_ s w
- 5 :;;
w w a u b a q g eg N c .5 .c 2_ =_ m .c r sI. m = ~- . u u e o E u .c E E B
== g e o .t. 6 =* $_ i 4 w W W e.=. .e 6 -O C 3 3 o a u a. u m c. cm g es o-oe .o u. = g,
- O
-)_ w ~ n .. m e ~ m w ~ s x a s a _q q q fg q q C. P-O. M' )* I'" f'* I" D eb mb ,-T..*, q '* kk' g b. * '?,}j gw*w}}