ML20129A851
| ML20129A851 | |
| Person / Time | |
|---|---|
| Issue date: | 02/23/1996 |
| From: | Brady R NRC OFFICE OF ADMINISTRATION (ADM) |
| To: | Gillespie F, Morris B, Ten Eyck E NRC (Affiliation Not Assigned), NRC OFFICE OF NUCLEAR MATERIAL SAFETY & SAFEGUARDS (NMSS), NRC OFFICE OF NUCLEAR REGULATORY RESEARCH (RES) |
| Shared Package | |
| ML20129A586 | List: |
| References | |
| FRN-61FR40555, RULE-PR-25, RULE-PR-95 AF37-1-005, AF37-1-5, NUDOCS 9610220257 | |
| Download: ML20129A851 (58) | |
Text
_ . . . _ _ _ . . ._
V g*
,f * "%%
UNITED STATES kf 37-/
g j t
NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20566-0001
%,*****gh gp 7 3199 MEMORANDUM TO: Attached List FROM:
M O.
aymond J. Brady, Director i
Division of Security ,
Office of Administration SUB.7ECT: AMENDMENT TO 10 CFR PART 25, " ACCESS AUTHORIZATION FOR LICENSEE PERSONNEL" AND PART 95, " SECURITY FACILITY APPROVAL AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA" Attached is a proposed rule, " Access to and Protection of Classified Information," amending 10 CFR Parts 25 and 95 to conform NRC regulations to new national security policies (i.e.,
the National Industrial Security Program Operating Manual and Executive Orders 12958, " Classified National Security Information," and 12968 " Access to Classified Information").
You may wish to note that the Security Policy Board, an inter-agency organization charged with developing uniform national security policies, is in the process of developing an implementing directive for E.O. 12958 which may require some additional but hopefully minor revisions to the proposed rule.
Since it will be months before this directive will be issued and we are unaware of any conflicts between the attached draft and the current versions of the proposed directive, we prefer not to delay this process unnecessarily. Should any changes be required later, we believe they would be minor and easily incorporated. .
Naturally, any such revisions would be fully coordinated with I your Offices.
We are circulating this package to all Offices concurrently to reduce the time required to complete the concurrence process.
Please provide comments or concurrence by March 22, 1996.
If you or your staff have any questions, please contact Duane G.
I Kidd of my staff on 415-7403 or by email at DGK.
Attachment:
As stated
"~
9610220257 961017 PDR PR 25 61FR40555 PDR
- )
Attached List - Mamorandum Dated February 23, 1995.
SUBJECT:
AMENDMENT TO 10 CFR PARTS 25 AND 95 Elizabeth Q. Ten-Eyck, NMSS/FCSS Frcnk P. Gillespie, NRR/ DISP Bill M. Morris, RES/DRA Brrdley J. Fewell, OGC David L. Meyer, ADM/RPB Brenda J. Shelton, IRM/IRMB
MEMORANDUM TO: Attached List FROM: Raymond J. Brady, Director Division of Security Office of Administration
SUBJECT:
AMENDMENT TO 10 CFR PART 25, " ACCESS AUTHORIZATION FOR LICENSEE PERSONNEL" AND PART 95, " SECURITY FACILITY APPROVAL AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA" Attached is a proposed rule, " Access to and Protection of Classified Information," amending 10 CFR Parts 25 and 95 to conform NRC regulations to new national security policies (i.e.,
the National Industrial Security Program Operating Manual and Executive Orders 12958, " Classified National Security Information," and 12968 " Access to Classified Information").
You may wish to note that the Security Policy Board, an inter-agency organization charged with developing uniform national security policies, is in the process of developing an implementing directive for E.O. 12958 which may require some additional but hopefully minor revisions to the proposed rule.
Since it will be months before this directive will be issued and we are unaware of any conflicts between the attached draft and the current versions of the proposed directive, we prefer not to delay this process unnecessarily. Should any changes be required later, we believe they would be minor and easily incorporated.
Naturally, any such revisions would be fully coordinated with your Offices.
We are circulating this package to all Offices concurrently to reduce the time required to complete the concurrence process.
Please provide comments or concurrence by March 22, 1996.
If you or your staff have any questions, please contact Duane G.
Kidd of my staff on 415-7403 or by email at DGK.
Attachment:
As stated DISTRIBUTION:
MC: None SCF: LRD 3.00.09 LRD 3.00.17 Leo Norton, OIG Document Name:
(CIRCLE the "C" to receive a copy of this docuileA without enclosures; CIRCLE the "E" to receive a copy with enclosures)
OFFICE SEC 8'- lCE D/SEC 7 lC E lC E lC E lC E NAME DGKidd RJBrady DATE 2/f_7/96 2/ 9/96 / /96 / /96 / /96 OFFICIAL RECORD COPY d
[7590-01-P]
l 2
NUCLEAR REGULATORY COMMISSION J
10 CFR PARTS 25 AND 95 RIN 3150-AF37 ACCESS TO AND PROTECTION OF CLASSIFIED INFORMATION AGENCY:
Nuclear Regulatory Commission.
ACTION: Proposed rule.
SUMMARY
The Nuclear Regulatory Commission is amending its regulations to conform the requirements for the protection of and access to classified Specifically, the information to new . dtional security policy documents.
J National Industrial Security Program Operating Manual and Executive Orders 12958, " Classified National Security Information," and 12968, " Access to This proposed rule is necessary to ensure that Classified Information."
classified information in the possession of NRC licensees and others under the NRC's regulatory requirements is protected in accordance with cu, rent national policies.
DATES:
The comment period expires (60 days from date of publicasion in the Federal Register). Comments received after this date will be considered if it is practical to do so, but the Commission is able to assure consideration only Comments may be submitted to:
for comments received on or before this date.
The Secretary of the Commission, U.S. Nuclear Regulatory Commission, Docketing and Service Branch. Copies Washington, DC 20555-0001, Attention:
of comments received may be examined at the NRC Public Document Room 2120 L Street NW. (Lower level), Washington, DC'.
4
Duane G. Kidd, Division of Security, Office FOR FURTHER INFORMATION CONTACT:
20555-of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 0001 telephone (301) 415-7403.
4 SUPPLEMENTARY INFORMATION:
Background
The national requirements for the protection of and access to Classified National Security Information have been revised by the issuance of the (NISPOM), Executive National Industrial Security Program Operating Manual 17, 1995, Order 12958, " Classified National Security Information," dated April and Executive Order 12968, " Access to Classified Information," dated August 1995 In order to conform to these new national security policy documents, the NRC must revise its regulations for the protection of classified The requirements of 10 CFR Parts 25 and 95 are substantially information.
based on Executive Order 12356, dated April 6, 1982, which was superseded Executive Order ~12958. :
The proposed rule would amend the provisions of 10 CFR Parts 25 an that deal with requirements for access to and protection of classified information that have been changed or added by the NISPOM or the Executi Orders. Specifically, changes include revised and added definitions such as Cognizant Security Agency, Classified National Security Information, Classified Information, Facility Security Clearance, Foreign Ownership, Control, or influence. It also includes numerous amendments to reflect the fact that the NRC may permit another Cognizant Security Agency (00E, 00
' CIA) to assume some or all of the security oversight functions at an NRC
- facility under the requirements of 10 CFR Parts 25 and/or 95 when that ag 2
4
The proposed rule also has a significant security interest at the facility.
Industrial Security addresses the intent of Executive Order 12829, " National Program," to reduce wasteful and inef ficient duplicative oversight of private facilities which have classified interests from more than one government agency Additionally, iti. adopts new requirements in areas where the Executive Orders or the NISP0M mandate specific requirements which were not included in the previous versions of the rules. These[ incl ude --
Requiring that key management personnel have personnel security clearances as well as those employees witn access to classified information; !
I Permitting reinstatement of a personnel security clearance up to 24 1 j
months after termination instead of the previous 6 months; Permitting facility security officers to issue visit authorization letters directly rather than through the NRC Division of Security:
Requiring a finding that a facility is not under foreign ownership, control or influence; Requiring facility security officers to have specific training related to their position; l
Permitting the use of reinforced steel filing cabinets with lockbars and key locks for classified information (provided appropriate supplemental protection is in place during non-working hours);
Changing the security classification markings to conform to Executive Order 12958; Reducing the accountability requirements for Secret documents:
Defining procedures for challenging classification decisions that one believes to be in error; Allowing for additional methods of transmitting classified information; 3
I 1
and !
Imposing fewer limitations on a facilities authority to reproduce classified information when operationally necessary.
Environmental Impact: Cateaorical Exclusion The NRC has determined that this proposed rule is the type of _ action Therefore, neither an described in categorical exclusion 10 CFR 51.22(c)(2).
environmental impact statement nor an environmental assessment has been prepared for this proposed rule.
Paperwork Reduction Act Statement This proposed rule amends information collection requirements that are (44 U.S.C. 3501, et seq.). This rule subject to the ~.aperwork Reduction Act has been submitted to the Office of Management and Budget for review and approval of the information collection requirements.
The public reporting burden for this collection of information is 220 hours0.00255 days <br />0.0611 hours <br />3.637566e-4 weeks <br />8.371e-5 months <br /> per year.
Regulatory Analysis The Commission has prepared a regulatory analysis for this proposed regul ati on .
The analysis examines the costs and benefits of the alternatives The analysis is available for inspection in the considered by the Commission.
(Lower Level), Washington, DC.
NRC Public Document Room 2120 L Street, NW, Single copies of the analysis may be obtained f rom Duane G. Kidd, Divisio Security; Of fice of Administration, U. S. Nuclear Regulatory Commission, Washington, DC 20555, telephone: (301) 415-7403 4
4 Regulatory Flexibility Certification i
As required by the Regulatory Flexibility Act of 1980, 5 U.S.C. 605(b),
the NRC carefully considered the effect on small entities in developing this proposed rule on the protection of classified information and have determined that none of the facilities affected by this rule would be considered as small Backfit Analysis i
The NRC has determined that the backfit rule,10 CFR 50.109, applies to this rulemaking initiative because it f alls within the criteria of 10 CFR Part
? 50.109(a)(1), but that a backfit analysis is not required because this rulemsking qualifies for exemption under 10 CFR 50.109(a)(4)(iii) that reads 1
- "That the regulatory action involves . . . redefining what level of protection to the . .
. common defense and security should be regarded as aaequate."
1 i
List of Subjects i
i 10 CFR Part 25 Classified information, Criminal penalties, Investigations, Reporting and recordkeeping requirements, Secur ity measures.
10 CFR Part 95 Classified information, Criminal penalties, Reporting and recordkeeping 5 requirements, Security measures.
For the reasons set out in the preamble and under the authority of the Atomic Energy Act of 1954, as amended, the Energy Reorganization Act of 19 as amended, and 5 U.S.C. 553, the NRC proposes to adopt the following amendments to 10 CFR Parts 25 and 95.
5 i
l J~
3 PART 25 -- ACCESS AUTHORIZATION FOR LICENSEE PERSONNEL l
1.
The authority citation for Part 25 is revised to read as follows:
145, 161, 68 Stat. 942, 948, as amended (42 U.S.C.
AUTHORITY: Secs. 5841); E.O.
201, 88 Stat. 1242, as amended (42 U.S.C.
2165, 2201); sec. 398 (50 U.S.C. 401, note):
10865, as amended, 3 CFR 1959 - 1963 COMP., p.
l E.0. 12829; E.O. 12958; E.0. 12968 Appendix A also issued under 96 Stat. 1051 (31 U.S.C. 9701).
- 2. Section 25.1 is revised to read as follows:
6 25.1 Puroose.
The regulacions in this part establish procedures fo, granting, reinstating, extending, transferring, and terminating access authorizations of licensee personnel, licensee contractors or agents, and other persons h in 10 (e.g. , individuals involved in adjudicatory procedures as set fort CFR part 2, subpart 1) who may require access to classified information.
- 3. Section 25.3 is revised to read as follows:
6 25.3 Scoce.
The regulations in this part apply to licensees and others who may require access to classified information related to a license or an application for a license.
- 4. Section 25.5 is amended by revising the listed definitions [to rea as follows:
6 25.5 Definitions.
6
Access authorization means an administrative determination that an individual (including a consultant) who is employed by or an applicant for employment with the NRC, NRC contractors, agents, license,es and certificate holders, or other person designated by the Executive Director for Operations, is eligible for a security clearance for access to classified information.
Certificate holder means a facility operating under the provisions of Part 71 or 76 of this Chapter.
Classified information means either Classified National Security Information Restricted Data, or Formerly Restricted Data or any one of them. It is the generic term for information requiring protection in the interest of National Security whether classified under an Executive Order or the Atomic Energy Act, Classified National Security Information means information that has been determined pursuant to Executive Order 12958 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when ir documentary form.
Coonizant Security Acency (CSA) means agencies of the Executive Branch that have been authorized by E.0. 12829 to establish an industrial security program for the purpose of safeguarding classified information under the jurisdiction of those agencies when disclosed or released to U.S. Industry.
These agencies are the Department of Defense, the Department of Energy, the Central Intelligence Agency, and the Nuclear Regulatory Commission. The Secretary of Defense (SECDEF) has been designated as Executive Agent for the National Industrial Security Program (NISP).
7
4 f
i Need-to-know means a determination made by an authorized holder o classified information that a prospective recipient requires access to i
d lawful !
specific classified information in order to perform or assist in a Commission. ,
and authorized governmental function under the cognizance of the Visit authorization letters (VAL) means a letter, generated by a f
licensee, certificate holder or other organization under the requirement 10 CFR Parts 25 and/or 95, verifying the need to know and access isit authorization of an individual from that organization who needs to v iig another authorized facility for the purpose of exchanging or acqu r n classified information.
S. In S 25.8, paragraphs (a) and (b) are revised to read as follows:
OMB aooroval.
3 25.8 Information collection recuirements: f tion (a) The Nuclear Regulatory Commission has submitted the in orma f Management collection requirements contained in this part ;o the Office o and Budget (OMB) for approval as required by the Paperwork Reduction Act The NRC may not conduct or sponsor and a person !
(44 U.S.C. 3501 et seq.).
l s it displays is not required to respond to a collection of information un es OMB has approved the information a currently valid OMB control number.
b 3150 -
collection requirements contained in this part under control num er 0046. i d in this (b) The approved information collection requirements conta ne 25.29, 25.31, 25.11, 25.17, 25.21, 25.23, 25.25, 25.27, part appear in SS 25.33, and 25.35.
- 6. In S25.13, paragraph (a) is revised to read as follows:
8
l 6 25.13 Maintenance of records. '
(a) Each licensee or organization employing individuals approved for personnel security access authorization under this part, shall maintain 1 These records are subject to review records as prescribed within the part.
and inspection by CSA representatives during security reviews. l
- 7. Section 25.15 is revised to read as follows: !
0 L or eauivalint CSA access
_S 25.15 Access oermitted under authorization. \
or CSA equivalent access authorization permits an t (a) A 0 l individual access on a need-to-know basis to Critical Secret Re and Secret and Confidential Classified National Security Information
)
including intelligence information, CRYPTO (i.e., cryptographic information) information.
or other classified communications security (COMSEC) or CSA equivalent access authorization permits an (b) An L
individual access on a need-to-know basis to Secret and Confid classified information other than the categories specifically included in In add' tion, access to certain Confidential l paragraph (a) of this section.
COMSEC information is permitted as authorized by a National Communica 14, 1985.
Security Committee waiver dated February (c) Each employee of the Commission is processed for one of the two Licensees and other persons will furnish levels of access authorization. i classified information to a Commission or CSA employee on official bus nes i d when the employee has the appropriate level of access authorizat on an Some individuals are permitted to begin NRC employment need-to-know.
However, no NRC or CSA employee is without an access authorization. level permitted access to any classified information until the appropriate 9
1 l
of access authorization has been granted to that employee by NRC or the CSA, l
- 8. Section 25.17 is revised to read as follows:
S 25.17 Acoroval for orocessina aoolicants for access authorization.
l l
(a) Access authorizations must be requested for licensee employees or 4 other persons (e.g., 10 CFR part 2, subpart I) who need access to classified information in connection with activities under parts 50, 70, 72, or 76.
(b) The request must be submitted to the facility CSA. If NRC is the CSA, the procedures in $25.17(c) and (d) will be followed. If NRC is not the CSA, the request will be submitted to the CSA in accordance with procedures established by the CSA.
(c) The requ. et must include a completed personnel security packet (see S 25.17(d)) and request form (NRC Form 237) signed by a licensee, licensee contractor official or other authorized person.
(d)(1) Each personnel security packet submitted, must include the following completed forms:
(i) Questionnaire for National Security Positions (SF - 86, parts 1 I and 2);
(ii) Two Standard fingerprint cards (FD - 258);
(iii) Security Acknowledgment (NRC Form 176); and (iv) Other related forms where specified in accompanying instructions (NRC form 254).
l (2) Only a Security Acknowledgment (NRC Form 176) need be completed by i 1
any person possessing an active access authorization, or who is being 1
processed for an access authorization, by another Federal agency. The active or pending access authorization must be at an equivalent level to that required by the NRC and be based on an adequate investigation not more 10
than five years old.
1 (e) To avoid delays in processing requests for access authorizations, each security packet should be reviewed for completeness and correctness (including legibility of response on the forms) prior to submittal.
(f) Applications for access authorization or access authorization renewal processing that are submitted to NRC for processing must be accompanied by a check or money order, payable to the United States Nuclear Regulatory Commission, representing the current cost for the processing of i
each 0 and L access authorization, or renewal request. Access i authorization and access authorization renewal fees will be published each 1
i time the Office of Personnel Management notifies NRC of a change in the rates it charges NRC for the conduct of investigations. Any changed access t
authorization or access authorization renewal fees will be applicable to
- each access authorization or access authorization renewal request received
. upon or af ter the date of publication. Applications from individuals having 4
current Federal access authorizations may be processed more expeditiously and at less cost, since the Commission may accept the certification of access authorization and investigative data from other Federal Government agencies that grant personnel access authorizations.
4 f 9. Section 25.19 is revised to read as follows:
S 25.19 Processina aoolications.
Each application for access authorization or access authorization renewal must be submitted to the CSA. If NRC is the CSA, the application and its accompanying fee must be submitted to the NRC Division of Security.
If necessary, the NRC Division of Security may obtain approval f rom the appropriate CommissD n office exercising licensing or regulatory authority 11
before processing the access authorization or access authorization renewal request. If the applicant is disapproved for processing, the NRC Division of Security shall notify the submitter in writing and return the original application (security packet) and its accompanying fee.
- 10. Section 25.21 is revised to read as follows:
for access 6 25.21 Determination of initial and continued eliaibility authorization.
(a) Following receipt by the CSA of the reports of the personnel security investigations, the record will be reviewed to determine that granting an access authorization or renewal of access authorization will not endanger the common defense and security and is clearly consistent with the national interest If this determination is made, access authorization will be granted or renewed. If NRC is the CSA, questions as to initial or continued eligibility will be determined in accordance with part 10 of Chapter I. If NRC is not the CSA questions as to initial or continued eligibility will be determined in accordance with established CSA procedures already in effect for the facility.
(b) The CSA must be promptly notified of developments that bear on continued eligibility for access authorization throughout the period for which the authorization is active (e.g., persons who marry subsequent to the completion of a personnel security packet must report this change by submitting a completed NRC Form 354, Data Report on Spouse or equivalent CSA form).
of this section, NRC (c)(1) Except as provided in paragraph (c)(2) access authorizations must be renewed every five years f rom the "Q" and "L" date of issuance. An application for renewal must be submitted at least 120 12
days before the expiration of the five year period, and must include:
(i)
A statement by the licensee or c,ther person that the individual continues to require access to Classified National Security Information or Restricted Data; and (ii)
A personnel security packet as described in $25.17(d).
(2) Renewal applications and the required paperwork are not required for individuals who have a current and active access authorization from ;
another Federal agency and who are subject to a reinvestigation program by l (The DOE that agency that is determined by NRC to meet NRC's requirements.
)
Reinvestigation Program has been determined to meet NRC's requirements). !
For these individuals, the submission of the SF-86 by the licensee or other person to the other government agency pursuant to their reinvestigation requirements will satisfy the NRC renewel submission and paperwork l requirements, even if less than five years has passed since the date af Any NRC "Q" or "L" access authorization.
issuance or renewal of the NRC access authorization continued in response to the provisions of this paragraph will, thereafter, not be due for renewal until the date set by the other government agency for the next reinvestigation of the individual However, the period pursuant to the other agency's reinvestigation program.
"Q" or NRC "L" renewal l of time for the initial and each subsequent NRC Any individual who is application to NRC may not exceed seven years. ;
subject to the reinvestigation program requirements of another Federal f agency but, for administrative or other reasons, does not submit reinvestigation forms to that agency within seven years of the previous submission, shall submit a renewal application to NRC using the forms prescribed in S 25.17(d) before the expiration of the seven-year period.
(3) If NRC is not the CSA, reinvestigation program procedures and 13
)
l requirements will be set by the CSA. I
- 11. Section 25.23 is revised to read as follows:
S 25.23 Notification of orant of access authorization.
The determination to grant or renew access authorization will be j furnished in writing to the licensee or organization that initiated the request. Upon receipt of the notification of original grant of access authorization, the licensee or organization shall obtain, as a condition for grant of access authorization and access to classified information, an
)
executed Classified Information Nondisclosure Agreement "(SF-312) from the affected individual. The SF-312 is an agreement between the United States i
and an individual who is cleared for access to classified information. An l employee issued an initial access authorization shall execute a SF-312 prior to being granted access to classified information. The licensee or other l
organization shall forward the executed SF-312 to the CSA for retention. If l
the employee refuses to execute the SF-312, the licensee or other organization shall deny the employee access to classified information and submit a reoort to t % CSA. The SF-312 must be signed and dated by the !
employee and witnessed. The employee's and witness' signatures must bear the same date. The individual shall also be given a security orientation briefing in accordance with Section 95.33 of this chapter. Records of access authorization grant and renewal notification must be maintained by the licensee or other organization for three years af ter the access authorization has been terminated by the CSA. This information may also be furnished to other representatives of the Commission, to licensees, contractors, or other Federal agencies. Notifications of access authorization will not be given in writing to the affected individual 14
except:
(a) In those cases in which the determination was made as a r a Personnel Security Hearing or by Personnel Security Review Examiners, or l
(b) When the individual also is the official designated by the 1 l
licensee or other organization to whom written NRC notifications are forwarded. l
- 12. Section 25.25 is revised to read as follows:
S 25.25 Cancellation of reauests for access authorization._
When a request for an individual's access authorization or renewal of access authorization is withdrawn or canceled, the requestor shall notify the CSA immediately by telephone so that the full field investigation, National Agency Check with Credit Investigation, or other personnel secu The requestor shall identify the full name and action may be discontinued.
date of birth of the individual, the date of request, and the type of access The requestor authorization or access authorization renewal requested.
shall confirm each telephone notification promptly in writing.
- 13. Section 25.27 is revised to read as follows:
S 25.27 Recoenina of cases in which reauests for access authorizati cancel ed .
(a)
In conjunction with a new request for access authorization (NRC for individuals whose cases were previously Form 237 or CSA equivalent) in duplicate and a new Security canceled, new fingerprint cards (FD - 257) or CSA equivalents, must be furnished to the Acknowledgment (NRC Form 176),
CSA along with the request.
(b)
Additionally, if 90 days or more have elapsed since the date of 15
4 or CSA equivalent, the last Questionnaire for Sensitive Positions (SF - 86),
i the individual must complete a personnel security packet (see Sect on The CSA, based on investigative or other needs, may require a 25.17(d)). A fee, equal to v; complete personnel security packet in other cases as well .
f a new or the amount paid for an initial request, will be charged only i updating investigation by NRC is required.
- 14. Section 25.29 is revised to read as follows:
9 25.29 Reinstatement of access authorization.
(a) An access authorization can be reinstated provided that:
i tion of (1) No more than 24 months has lapsed since the date of term na the clearance; (3) There is no known adverse information; (Top Secret, (4) The most recent investigation must not exceed 5 years and
- 0) or 10 years (Secret, L); i d for (5) Must meet or exceed the scope of the investigation requ re nted.
the level of access authorization that is to be reinstated or gra ,
(b)
An access authorization can be reinstated at the same, or lower, y l level by submission of a CSA-designated form to the CSA. The emplo\
f written not have access to classified information until receipt o ket i
confirmation of reinstatement and an up-to-date personnel secur ty pa s
will be furnished with the request for reinstatement of an acces A new Security Acknowledgment will be obtained in all cases.
authorization.
Where personnel security packets are not required, a request for i to be reinstated retnstatement shall state the level of accessd authorizat to establishon and the full name and date of birth of the individual in or er A fee, equal to the amount paid for an initial positive identification.
16 1
is request, will be charged only if a new or updating investigation by NRC required.
- 15. In $25.31, paragraphs (a) and (c) are revised to read as follows:
6 25.31 Extensions and transfers of access authorizations.
(a) The NRC Division of Security may, on request, extend the authorization of an individual who possesses an access authorization in l
connection with a particular employer or activity, to permit access to classified information in connection with an assignment with another employer or activity.
ll (c) Requests for extension or transfer of access authorization sha state the full name of the person, his date of birth and level of access The Director, Division of Security, may require a new authorization. licant.
personnel security packet (see S 25.17(c)) to be completed by the app request, will be charged only A fee, equal to the amount paid for an initial if a new or updating investigation by NRC is required.
- 16. Section 25.33 is revised to read as f ollows:
6 25.33 Termination of access authorizations <
(a) Access authorizations will be terminated when:
(1) Access authorization is no longer required, or ity for (2) An individual is separated f rom the employment or the activ 0 days or more, which he obtained an access authorization for a period of 9 or A approved (3) An individual, pursuant to 10 CFR part 10 or other CS tion.
adjudicatory standards, is no longer eligible for access authoriza 17
-- .- . - - - . - _ . -- - = .- - -. .-- . - . .
l l
(b) A representative of the licensee or other organization which employs the irdividual whose access authorization will be terminated shall immediately notify the CSA when the circumstances noted in paragraph (a)(1) l or (a)(2) of this section exist; inform the individual that his access authorization is being terminated, and the reason; and that he will be considered for reinstatement of access authorization if he resumes work requiring it.
(c) When an access authorization is to be terminated, a representative of the licensee or other organization shall conduc* a seturity termination briefing of the individual involved, explain the Securu s Termination Statement (NRC Form 136 or CSA approved form) and have che individual complete the form. The representative shall promptly forward the original copy of the completed Security Termination Statement to CSA.
- 17. Section 25.35 is revised to read as follows:
6 25.35 Classified visits. i 1
(a) The number of classified visits must be held to a minimum. The !
licensee, certificate holder, or other facility shall determine that the visit is necessary and that the purpose of the visit cannot be achieved without access to, or disclosure of, classified information. All classified visits require advance notification to, and approval of, the organization to be visited. In urgent cases, visit information may be furnished by >
telephone and confirmed in writing.
(b) Representatives of the Federal Government, when acting in their official capacities as inspectors, investigators, or auditors, may visit a licensee, certificate holder or other's f acility without furnishing advanced notification, provided these representatives present appropriate government 18
1 i
credential s upon arrival . Normally, however, Federal representatives will 4
provide advance notification in the form of an NRC Form 277, " Request for Visit or Access Approval," with the "need to know" certified by the j appropriate NRC Office exercising licensing or regulatory authority and
- verification of NRC access authorization by the Division of Security.
(c) Licensee, certificate holder or others shall include the following '
information in all Visit Authorization Letters (VAL) which they prepare.
(1) Visitor's name, address, and telephone number and certification of ,
l the level of the facility security clearance.
(2) Name, date and place of birth, and citizenship of the individual J l
intending to visit-(3) Certification of the proposed visitor's personnel clearance and any special access authorizations required for the visit; (4) Name of person (s) to be visited; (5) Purpose and sufficient justification for the visit to allow for a determination of the necessity of the visit: and !
(6) Date or period during which the VAL is to be valid.
(d) Classified visits may be arranged for a 12 month period. The requesting facility shall notify all places honoring these visit i arrangements of any change in the individual's status that will cause the l 1
visit request to be canceled prior to its normal termination date.
(e) The responsibility for determining need-to-know in connection with a classified visit rests with the individual who will disclose classified information during the visit. The licensee, certificate holder or other f acility shall establish procedures to ensure positive identification of visitors prior to the disclosure of any classified information.
19
PART 95--SECURITY FACILITY APPROVAL AND SAFEGUARDING 0F NATIO SECURITY INFORMATION AND RESTRICTED DATA 18.
The authority citation for Part 95 is revised to read as follows:
as amended (42 U.S.C. 2165, AUTHORITY:
Secs. 145, 161, 68 Stat. 942, 948, E.0. 10865, as 2201); sec. 201, 88 Stat. 1242, as amended (42 U.S.C. 5841):
E.0. 12958; E.0.
amended, 3 CFR 1959-1963 COMP., p. 398 (50 U.S.C. 401, note):
12968; E.0. 12829.
- 19. Section 95.1 is revised to read as follows:
6 95.1 Puroose.
The regulations in this part establish procedures for obtaining security facility approv;.
and for safeguarding Secret and Confidential Naticnal Security Information and Restricted Data received or developed in conjunction t
with activities licensed, certified or regulated by the Commission. This par does not apply to Top Secret information because Top Secret information may not be forwarded to licensees, certificate holders, or others within the scope of an NRC license or certificate.
- 20. Section 95.3 is revised to read as follows:
6 95.3 Scone.
The regulations in this part apply to licensees, certificate holders and others regulated by the Commission who may require access to Classified National Security Information and/or Restricted Data that is used, processed, stored, reproduced, transmitted, transported, or handled in connection with a 20
.~. -. _ ~. --. - - . -- ._
l license or certificate or an application for a license or certificate.
21.
S 95.5 Definitions.
i tion that an
_ Access authorization means an administrative determ na individual (including a consultant) who is employed by or an applicant for i i t employment with the NRC, NRC contractors, agents, licensees and certif holders of the NRC, or other person designated by the Executive Director Operations, is eligible for a security clearance for access to Restricted or Classified National Security Information.
l Classified mail address means a mail address established for each fac lity is approved by the NRC, to which all Classified information for the f aci to be sent.
_ Classified National Security Information means information that has been l
determined pursuant to Executive Order 12958 or any predecessor order to designated.
require protection against unauthorized disclosure and that is so f means an address established for a facility,
' Classified shicoina address f i
approved by the NRC, to which classified material,7which due to its s z lity is to bulk, or nature cannot be transmitted as normal mail, for the f aci be sent.
- j h Closed area means an area that meets the requirements of the CSA, purpose of safeguarding classified material that, because of its si by the normal nature, or operational necessity, cannot be adequately protected I
21 I'
safeguards or stored during nonworking hours in approved containers.
means agencies of the Executive Branch Coanizant Security Aaency (CSA) l security that have been authorized by E.O.12829 to establish an industria d r the program for the purpose of safeguarding classified information un e ,
jurisdiction of those agencies when disclosed or released the to U.S. IndI These agencies are the Department of Defense, the Department of Energyl Central Intelligence Agency, and the Nuclear Regulatory Commission l Secretary of Defense has been designated as Executive Agent for t Industrial Security Program.
means an administrative determination
_ Facility ( Secu_ri t y ) Clearance (FCL1 that, f rom a security viewpoint, a f acility is eligible for access to of a certain category (and all lower categories).
classified informatior: means a foreign interest Foreian ownershio. control . or _ influence (FOC11d whether or has the power, direct or indirect, whether or not exercised, an ities, by not exercisable through the ownership of a U.S. company'stters secur affecting contractual arrangements or other means, to direct or decide ma hich may result in the management or operations of thct company in a manner w d ely the unauthorized access to classified information or may affect a vers performance of classified contracts.
to Inf raction means any knowing, willful, or negligent action contrary i that does not the requirements of E.O.12958, or its implementing direct ves, comprise a " violation," as defined below.
means a determination made by an authorized holder of Need-to-know ss to classified information that a prospective recipient requires acce 22
\
specific classified information in order to perform or assist in a lawful and authorized governmental function under the cognizance of the Commission.
f Restricted area means a controlled access area established to safeguard classified material, that because of its size or nature, cannot be adequately protected during working hours by the usual safeguards, but that is capable of being stored during non-working hours in an approved repository or secured by l
I other methods approved by the CSA.
Security reviews means random security reviews of cleared f acilities l l conducted to ensure that safeguards employed by licensees and others are l adequate for the protection of classified information.
Violation means any knowing, willful, or negligent action that could reasonably be expected to result in an unauthorized disclosure of classified i information or any knowing, willful, or negligent action to classify or continue the classification of information contrary to the requirements of l
Executive Order 12958 or its implementing directives.
- 22. Section 95.8 is revised to read as follows:
OMB acoroval.
S 95.8 Information collection reauirements:
(a) The Nuclear Regulatory Commission has submitted the information collection requirements contained in this part to the Office of Management and (44 Budget (OMB) for approval as required by the Paperwork Reduction Act U.S.C. 3501 et seq.). OMB has approved the information collection requirements contained in this part under control number 3150-0047.
23 i
L _.
I (b) The approved information collection requirements contained in this part appear in SS95.11, 95.15, 95.18, 95.19, 95.21, 95.25, 95.29, 95.31, 95.36, 95.37, 95.39, 95.41, 95.43, 95.45, 95.47,,
- 23. In S95.13, paragraph (a) is revised to read as follows:
S 95.13 Maintenance of records.
(a) Each licensee, certificate holder or other person granted f acility clearance under this part shall maintain records prescribed within the part.
These records are subject to review and inspection by CSA representatives during security reviews.
- 24. In S95.15, paragraphs (a) and (b) are revised to read as follows:
clearance.
for crocessina licensees and others for f acility 6 95.15 Anoroval (a) A licensee, certificate holder or other person who has a need to use, process, store, reproduce, transmit, transport, or handle classified information at any location in connection with Commission related activities
.shall promptly request an NRC facility clearance.
(b) The request must include the name of the f acility, the location of the facility and an identification of any facility clearance issued by another If there is no existing f acility clearance, the request government agency.
must include a security Standard Practice and Procedures Plan that outlines 24
- . . _.~_ - - - . . . -- - - . -
the facility's proposed security procedures and controls for the protection of classified information, a floor plan of the area in which the matter is to be used, processed, stored, reproduced, transmitted, transported or handled; and Foreign Ownership, Control or influence information as required by S95.17(a).
- 25. Section 95.17 is revised to read as follows:
S 95.17 Processino facility clearance.
(a) Following the' receipt of an acceptable request for facility clearance, the NRC will either accept an existing f acility clearance granted by a current CSA and authorize possession of license or certificate related classified information or process the facility for a facility clearance. Processing will include -
(1) A determination based on review and approval of a Stendard Practice and Procedure Plan that granting of the Facility Security Clearance would not be inconsistent with the national interes+, including a finding that the facility is not under foreign ownership, control, or influence to a such a degree that such a determination could not be made:
(2) An acceptable security survey conducted by NRC:
(3) Submitting key management personnel for personnel clearances (PCLs); and l
(4). Appointing a U.S. citizen employee as the facility security 25 I
l l
1
_. - ___ ~=-. .- -. . . . . - - - _. -
1 officer.
(b)
An interim Facility Security Clearance may be granted by the CSA on a temporary basis pending completion of the full investigative requirements
- 26. A new $95.18 is added to read as follows:
S 95.18 Kev oersonnel.
The senior management official and the Facility Security Officer must Other key always be cleared to the level of the Facility Security Clearance.
l management officials, as determined by the CSA, must be granted a personn When formal security clearance or be excluded from classified access.
i ilar exclusion action is required, the organization's board of directors or s m executive body shall af firm the following, as appropriate.
(a) Officers, directors, partners, regents, or trustees (designated by l l name) that are excluded may not require, may not have, and can be effectiveI excluded from access to all classified information disclosed ld to organization. These individuals also nay not occupy positions that wou i in enable them to adversely af fect the organization's policies or pract ces i tion the performance of activities involving classified information. Th s ac i body. A copy will be made a matter of record by the organization's execut ve of the resolution must be furnished to the CSA.
(b)
Officers directors, partners, regents, or trustees (designated by l ffectively name) that are excluded may not require, may not have, and can be e denied access sc higher level classified information (specify which high h t would enable them individuals may not occupy positions t a level (s) ;
ac6 the organization's policies or practices. This action will to adverss 26
be made a matter of record by the organization's executive body. A copy of the resolution must be furnished to the CSA,
- 27. Section 95.18 is redesignated as $95,19 and the introductory text of paragraphs (a) and (b) are revised to read as follows:
9-95.19 Chanaes to security oractices and orocedures.
(a) Except as specified in paragraph (b) of this section, each licensee, certificate holder or other person shall obtain prior CSA approval for any proposed change to the name, location, security procedures and controls, or floor plan of the approved f acility. A written description of the proposed :
j change must be furnished ' o the CSA with copies to the Director, Division of 20555-0001, and the Security, Office of Administration, NRC, Washington, DC NRC Regional Administrator of the cognizant Regional Office listed in appendix A of part 73. The CSA shall promptiy respond in writing to all such proposals.
Some examples of substantive changes requiring prior CSA approval include -
(b) A licensee or other person may effect a minor, non-substantive change to an approved Standard Practice and Procedure Plan for the safeguarding of classified inf ormation without receiving prior CSA approval, provided prompt notification of such minor change is furnished to the addressees noted in paragraph (a) of this section, and the change does not decrease the Some examples of effectiveness of the Standard Practice and Procedure Plan.
minor, non-substantive changes to the Standard Practice and Procedure Plan include -
27
- 28. Section 95.19 is redesignated as S95.20 and revised to read as f oll ows:
clearance 6 95.20 Grant. denial or termination of facility The Division of Security shall provide notification in writing (or orally with written confirmation) to the licensee or other organization of the Commission's grant, acceptance of another agency's f acility Security Clearance, denial, or termination of facility clearance. This information must also be furnished to representatives of NRC, NRC licensees, NRC Certificate Holders, NRC contractors, or other Federal agencies having a need to transm classified information to the licensee or other person.
- 29. Section c:.21 is revised to read as follows:
6 95.21 Withdrawal of recuests for facility clearance.
When a request for f acility clearance is to be withdrawn or canceled, the requester shall notify the NRC Divisico of Security immediately by telepho t
so that processing for this approval may be terminated. The notification mus identify the full name of the individual requesting discontinuance, his position with the f acility, and the full identification of the f acility. The requestor shall confirm the telephone notification oromptly in writing.
l
- 30. Section 95.23 is revised to read as follows:
S 95.23 Termination of facility cl ea ra nc e .
28
l (a) Facility clearance will be terminated when -
(1) There is no longer a need to use, process, store, reproduce, transmit, transport or handle classified matter at the facility; or (2) The Commission makes a determination that continued facility clearance is not in the interest of national security.
(b) When f acility clearance is terminated, the licensee or other person will be notified in writing of the determination and the procedures outlined in S95.53 apply.
- 31. In S95.25, paragraphs (a), (b), (c), (d), (g), (h), and (i) are revised and paragraph (j) is added to read as follows:
S 95.25 Protection of classified information in storaae.
l (a) Secret documents, while unattended or not in actual use, must be )
stored in--
(1) A safe, steel file cabinet, or safe-type steel file container that has an automatic unit locking mechanism. All such receptacles will be accorded supplemental protection during non-working hours; or (2) Any steel file cabinet that has four sides and a top and bottom (all permanently attached by welding, rivets or peened bolts so the contents and is secured by cannot be removed without leaving visible evidence of entry) a rigid metal lock bar and an approved key operated or combination padlock.
The keepers of the rigid metal lock bar must be secured to the cabinet by welding, rivets, or bolts, so they cannot be removed and replaced without leaving evidence of the entry. The drawers of the container must be held securely, so their contents cannot be removed without forcing open the drawer.
29
4
)
This type cabinet will be accorded supplemental protection during non-work hours.
(b) Confidential matter while unattended or not inisuse must b l the same manner as SECRET matter except that no supplemental protection 2 required.
(c) Classified lock combinations. ,
(1)
A minimum number of authorized persons may know the combinations to !
d t
authorized storage containers. Security containers, vaults, cabinets, an h
other authorized storage containers must be kept locked when not under t e direct supervision of an authorized person entrusted with the contents.
h (2) Combinations mast be changed by a person authorized access to t e her contents of the container, or by the Facility Security Officer or his or designee. Combinations must be changed upon--
(i)
The initial use of an approved container or lock for the protection of classified material; (ii)
The termination of employaient of any person having knowledge of been combination, or when the clearance granted to any such person has withdrawn, suspended, or revoked; (iii)
The compromise or suspected compromise of a container or its d
combination, or discovery of a container lef t unlocked and unattende ;
(iv)
At other times when considered necessary by the Facility Security Officer or CSA; or (v) In any event at least once every 12 months.
(d)
Records of combinations. If a record is made of a combination, the 30
record must be marked with the highest classification of material authorized for storage in the container. Superseded combinations must be destroyed.
(g) Posted information. Containers may not bear external markings indicating the level of classified material authorized for storage. A record of the names of persons having knowledge of the combination must be posted inside the container.
(h) End of day security checks.
(1) Facilities that store classified material shall establish a system of security checks at the close of each working day to ensure that all classified material and security repositories have been appropriately secured.
(2) Facilities operating with multiple work shif ts shall perform the security checks at the end of the last working shift in which classified material had been removed from storage for use. The checks are not required during continuous 24-hour operations.
(i) Unattended security container found opened, if an unattended security container housing classified matter is found unlocked, the custodian or an alternate must be notified immediately. The container must be secured oy protective personnel and the contents inventoried as soon as possible but not later than the next workday. A report reflecting all actions taken must be submitted to the responsible Regior.al Office (see appendix A, 10 CFR part 73 for addresses) with an information copy to the NRC Division of Security. The licensee shall retain records pertaining to these matters for three years after completion of final corrective action.
(j) Supervision of keys and padlocks. Use of key-operated padlocks are subject to the following requirements: ,
i 31 :
1 l
l
(1) A key and lock custodian shall be appointed to ensure proper custody and handling of keys and locks,used for protection of classified material; (2) A key and lock control register must be maintained to identify keys for each lock and their current location and custody:
(3) Keys and locks must be audited each month:
(4) Keys must be inventoried with each change of custody:
(5) Keys must not be removed from the premises (6) Keys and spare locks must be protected equivalent to the level of 3
classified material involved:
(7) Locks must be changed or rotated at least annually, and must be replaced af ter loss or compromise of their operable keys; and (8) Master keys may not be made.
- 32. Section 95.27 is revised to read as follows:
S 95.27 Protection while in use.
While in use, matter containing classified information must be under the direct control of an. authorized individual to preclude physical, audio, and visual access by persons who do not have the prescribed access authorization or other written CSA disclosure authorization (see S95.36 for ad information concerning disclosure authorizations).
I
- 33. Section 95.29 is revised to read as follows: :
i 9 95.29 Establishment of Restricted or Closed areasm i
)
32
(a) If, because of its nature, sensitivity or importance, matter containing classified information cannot otherwise be effectively controlled in accordance with the provisions of SS 95.25 and 95.27, a Restricted or Closed Area must be established to protect such matter.
(b) The following measures apply to Restricted Areas:
(1) Restricted areas must be separated from adjacent areas by a physical barrier designed to prevent unauthorized access (physical, audio and visual) into such areas.
(2) Controls must be established to prevent unauthorized access to and removal of classified matter.
(3) Access to classified matter must be limited to persons who possess appropriate access authorization or other written CSA disclosure authorization and who require access in the performance of their official duties or contractual obligations.
(4) Persons without appropriate access authorization for the area visited must be escorted by an appropriate CSA access authorized person at all times while within Restricted or Closed areas.
(5) Each individual authorized to er.ter a Restricted or Closed area must 1
be issued a distinctive form of identification (e.g., badge) when the number
)
of employees assigned to the area exceeds thirty per shift.
(6) During nonworking hours, admittance must be controlled by protective personnel. Protective personnel shall conduct patrols during nonworking hours at least every 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> and more frequently if necessary to maintain a commensurate level of protection. Entrances must be continuously monitored by protective personnel or by an approved alarm system.
(c) Due to the size and nature of the classified material, or operational necessity, it may be necessary to construct Closed Areas for storage because 33
GSA-approved containers or vaults are unsuitable or impractical. Closed Areas must be approved by the CSA. The following measures apply to Closed Areas:
1 (1) Access to Closed Areas must be controlled to preclude unauthorized access. This may be accomplished through the use of a cleared employee or by a CSA approved access control device or system.
(2) Access must be limited to authorized persons who have an appropriate I security clearance and a need-to-know for the classified material /information i within the area. Persons without the appropriate level of clearance and/or
! need to know must be escorted at all times by an authorized person where inadvertent or unauthorized exposure to classified information cannot otherwise be effectively prevented.
(3) The Closed Area must be accorded supplemental protection during non-working hours. During these hours, admittance to the area must be controlled by locked entrances and exits secured by either an approved i built-in combination lock or an approved combination or key-operated padlock.
However, doors secured f rom the inside with a panic bolt (for example, actuated by a panic bar), a dead bolt, a rigid wood or metal bar, or other means approved by th? CSA, do not require additional locking devices.
(4) Open shelf or bin storage of classified documents in Closed Areas requires CSA approval. Only areas protected by an approved intru: ion detection system will qualify for approval.
- 34. Section 95.31 is revised to read as follows:
S 95.31 Protective oersonnel.
t Whenever protective personnel are used to protect classified information 34 E
they shall:
(a) Possess an L access authorization (or CSA equivalent) if the licensee or other person possesses informat,ipg, classified Confidential National Security Information, Confidential Restricted Data or Secret National Security Information, (b) Possess a Q access authorization (or CSA equivalent) if the licensee or other person possesses Critical Secret Restricted Data and the protective personnel require access as part of their regular duties.
- 35. Section 95.33 is revised to read as follows:
S 95.33 Security education.
All cleared employees must be provided with security training and briefings commensurate with their involvement with classified information. l The facility may obtain defensive security, threat awareness, and other education and training information and material from their CSA or other sources.
(a) Facility Security Officer Training. Licensees and others are responsible for ensuring that the Facility Security Officer, and others performing security duties, complete security training deemed appropriate by the CSA. Training requirements must be based on the facility's involvement with classified information and may include a Facility Security Officer orientation course and, for Facility Security Officers at facilities with safeguarding capability, a Facility Security Officer Program Management Course. Training, if required, should be completed within 1 year of appointment to the position of Facility Security Officer.
35
(b) Government Provided Briefings. The CSA is responsible for providing initial security briefings to the Facility Security Officer, and for ensuring that other briefings required for special categories of information are provided.
(c) Temporary Help Suppliers. A temporary help supplier, or other contractor who employs cleared individuals solely for dispatch elsewhere, is ,
responsible for ensuring that required briefings are provided to their cleared '
I personnel. The temporary help supplier or the using licensee or other facility l 1
l may conduct these briefings. !
(d) Classified Information Nondisclosure Agreement (SF-312). The SF-312 is an agreement between the United States and an individual who is cleared for access to classified information. An employee issued an initial personnel security clearance must execute an SF-312 prior to being granted access to classified information. The Facility Security Officer shall forward the executed 3F-312 to the CSA for retention. If the employee refuses to execute the SF-312, the licensee or other facility shall deny the employee access to i i
classified information and submit a report to the CSA. The SF-312 must be signed and dated by the employee and witr.essed. The employee's and wivness' signatures must bear the same date.
(e) Initial Security Briefings. Before being granted access to classified information, an employee shall receive an initial security briefing that includes the following topics:
(1) A Threat Awareness Briefing.
(2) A Defensive Security Briefing.
(3) An overview of the security classification system.
(4) Employee reporting obligationr. and requirements.
(5) Security procedures and duties applicable to the employee's job.
36
(f) Refresher Briefings. The licensee or other facility shall conduct periodic refresher briefings for all cleared employees. As a minimum, the.
refresher briefing must reinforce the information provided during the initial briefing and inform employees of appropriate changes in security regulations.
- This requirement may be satisfied by use of audio / video materials and by issuing written materials on a regular basis.
(g) Debriefings. Licensee and other facilities shall debrief cleared
-employees at the time of termination of employment (discharge, resignation, or retirement); when an employee's personnel security clearance is terminated, suspended, or revoked; and upon termination of the Facility Security ;
Cl ea rance .
(h) Records reflecting an individual's initial and refresher security l orientations and security termination must be maintained for three years after 1 i
termination of the individual's access authorization.
I
- 36. Section 95.35 is revised to read as follows:
S 95.35 Access to Classified Informat,on (a) Unless authorized by the Commission, a person subject to the ,
i regulations in this part may not receive or permit any individual to have 1 access to Secret or Confidential National Security Information or Restricted Data unless the individual has:
(1) One of the following access authorizations.
(i) A U. 5. Government granted access authorization based on a Single Scope Background Investigation and issued by the CSA which permits an individual access to--
37
(A) Critical Secret and Confidential Restricted Data; and (B) Secret and Confidential National Security Information which includes or other intelligence information, CRYPTO (i .e. , cryptographic information) information, or classified communications security (COMSEC) '
(ii) A U. S. Government granted access authorization based on a National t Agency Check or National Agency Check with Inquiries and issued by the CS which permits an individual access to Secret and Confidential Restricted Data and Secret and Confidential National Security Information other than that noted in paragraph (a)(1)(1) of this section.
permitted as (iii) Access to certain Confidential COMSEC informat authorized by a National Communications Security Committee waiver dated February 14, 1984.
)
for the information. (See (2) An establishedrneed-to-know
l Definitions, S95.5).
(3) CSA approved storage facilities if classified documents or material are to be transmitted to the individual.
(b) Classified information must not be released by a licensee or other person to any personnel other than properly access authorized Commiss licensee employees or other individuals authorized access by the Commissi (c)
Access to Classified National Security Information at NRC-licensed, f
certified or otherwise regulated facilities by authorized representatives o IAEA is permitted in accordance with 595.36,
- 37. Section 95.36 is revised to read as follows:
6 95.36 Access by reoresentatives of the international Atomic Enerav AAency or by carticioants in other International aareements._
38
h NRC Division of (a) Based upon wr tten disclosure authorization froni t e ir an authorized representative of the Security that an ind vidual (IAEA) or other international organization International Atomic Energy Agenc inspections in and that the individual is authorized to make States visits or a Government, accordance with an estiblished Agreement with the Urited h ll permit licensee, certificate holder or other person subject to this part s a ified in S75.7 of the individual (upon presentation of the credentials spec h disclosure this chapter and any other credentials identified in t e d National Security authorization) to have access to matter which is Classifie A Information that is relevant to the conduct of a visitlicensee, or inspection.
l disclosure authorization under this sectionvid.does accessnot to autho certificate holder, or other person subject to this part to pro Restricted Data. Security Informatian (b) For purposes of this section Classified National is relevant to the conduct of a visit or inspection if--
l
' (1)
In the case of a visit, this information is needed to verify information according to 675.13 of this chapter, or hich i
(2)
In the case of an inspection, the information is information to w his chapter.
an inspector is entitled to have access under S75.42 of t d by (c)
In accordance with the specific disclosure authorization prov l j t to this part are the Division of Security, licensees or other persons sub ec i copies of documents which authorized to release (i .e. , transfer possession of) to IAEA inspectors l
contain Classified National Security Information direct y d receive and other representatives officially designated to request anust be Classified National Security Information documents. These docum tional orgraization in marked specifically for release to IAEA or other interna uthorization accordance with instructions contained in NRC's disclosure 39
letter. Licensees and other persons subject to this part may also forward these documents through NRC to the international organization's headquarters in accordance with the NRC disclosure authorization. Licensees and other persons may not reproduce documents containing Classified National Security Information except as provided in S95.43.
(d) Records regarding these visits and inspections must be maintained for five years beyond the date of the visit or inspection. These records must
)
specifically identify each document which has been released to an authorized representative and indicate the date of the release. These records must also i l
identify (in such detail as the Division of Security, by letter, may require) l i
the categories of documents to which the authorized representative has had access and the date of this access. A licensee or other person subject to this part shall also retain Division of Security disclosure authorizations for five years beyond the date of any visit or inspection when access to classified information was permitted.
(e) Licensees or other persons subject to this part shall take such measures as may be necessary to preclude access to classified matter by participants of othe" international agreements unless specifically provided for under the terms of a specific agreement.
- 38. In S95.37, paragraphs (a) and (b) are revised to read as follows:
6 95.37 Classification and orecaration of documents.
(a) Classification. Classified information generated or possessed by a licensee or other person must be appropriately marked. Classified material which is not conducive to markings (e.g. , equipment) may be exempt f rom thi requirement. These exemptions are subject to the approval of the CSA on a 40
case-by-case basis. If a person or facility generates or possesses information that is believed to be classified based on guidance provided by NRC or by derivation from classified documents, but which no authorized classifier has determined to be classified, the information must be protected and marked with the appropriate classification markings pending review and signature of an NRC authorized classifier. Information must be classified in accordance with classification guidance provided by NRC as part of the facility clearance process. This final determination should be made within 30 working days.
The licensee or other person shall protect the document as classified information at the highest classification at issue while awaiting a final determination.
(b) Classification consistent with content. Each document containing classified information shall be classified Secret or Confidential according to its content.
(1) For Original classification of Classified National Securitv Information:
(i) The identity of classifier and office of origin must be sbcen by the completion of the " CLASSIFIED BY" line. The " CLASSIFIED BY" line must show the name or the personal identifiers, the position title of the classifier, and the agency or office of origin.
(ii) Reasons for Classification. The classifier shall identify the reason (s) for the decision to classify. The classification must include a brief reference to the pertinent classification category (ies), as identified in Executive Order 12958, Section 1.5, " Classification Categories."
(iii) Declassification Instructions. The duration of the original 41
declassification decision must be placed on the "DECLASSIFI ON" line which will indicate one of the following:
4 (A) A date or event for declassification that corresponds to the information lapse from national security sensitivity (may not exceed 10 years from date of original classification decision); or (B) A date that is 10 years from the date of the original decision: or (C) A brief citation of the pertinent exemption category (ies) from section 1.6(d) o." Executive Order 12958, if applicable (e.g. , exemption will be identified by the letter "X" plus the identification of the exemption category).
(iv) Information determined to be exempted from declassification at 10 4 years will be identified by the letter "X" plus the identification of exemption category as identified in section 1.6(d) of Executive Order 12958.
I l
l 2
(1) for derivative classification of Classified National Security Information:
(i) Derivative classifications of Classified National Security Information must contain the identity of the source document or the classification guide, including the agency and office of origin, on the
" Derived From" line and its classification date. If more than one source is cited, the " Derived From" line should indicate " Multiple Sources."
(ii) Declassification instructions. When marking derivatively classified documents, the " DECLASSIFY ON" line must carry forward the declassification instructions as reflected in the original document. If multiple sources are i
used, the instructions will carry forward the longest duration. !
(iii) If the< document to be daciassified.contains the declassi.fication instruction, " Originating Agency's Determination Required" (OADR), the 42
document should reflect the date of the original classification of the information as contained in the source document or classification guide. An example might be as follows:
Declassify On: Source Marked :0ADR" Date of Origin: (Date)
(iv) The derivative classifier shall maintain the identification of each source with the file or record copy of the derivatively classified document.
. (2) For Restricted Data documents:
(i)
Identity of the classifier. The identity of the classifier must be ,
l shown by completion of the Derivative Classifier line. The Derivative Classifier line must show the name of the person classifying the document i
)
and the basis for the classification. Dates for downgrading or l 1
declassification do not apply.
(ii) Clas'sification designation (e.g., Secret, Confidential) and l No " Declassification" instructions will be placed on l Restricted Data. NOTE:
documents containing Restricted Data.
i (d) Classification markings. The highest classification marking assigned 1
to a document must be placed in a conspicuous f ashion in letters at the top and botton of the outside of the front covers and title pages, if any, and first and last pages on which text appears, on both bound and unbound 4
documents, and on the outside of back covers of bound documents. The balance l of the pages must be marked at the top and bottom either with: ;
(i) The classification marking assigned to the document, or !
(ii) The classification marking required by their content, or 43 l
(iii) The marking UNCLASSIFIED if they have no classified content.
e (e) Additional markings.
(1) If the document contains any form of Restricted Data, it must bear the appropriate marking on the first page of text, on the front cover and title s
page, if any.
Restricted Data This document contains Restricted Data as defined in the Atomic Energy Act of 1954. Unauthorized disclosure subject to Administrative and Criminal f
sanctions.
4 (2) Limitation on reproduction or dissemination. If the originator or classifier determ.aes that reproduction or further dissemination of a document should be restricted, the following additional wording may be placed on the face of the document:
I Reproduction or Further Dissemination Requires Approval of If any portion of this additional marking does not apply, it should be crossed q
out.
(f) Portion markings. In addition to the information required on the face of the document, each classified document is required, by marking or other means, to indicate clearly which portions are classified (e.g., paragraphs or for Secret, (C) pages) and which portions are not classified. The symbols (S) for Confidential, (U) for Unclassified, or (RD) for Restricted Data may be used immediately preceding or following the text to which it applies except that the designation must follow titles or subjects. (Portion marking of 44
-. . . .. _- - = - . . . . _ .
)
paragraphs is not required for documents containing Restricted Data.) If.this type of portion marking is not practicable, the document must contain a description sufficient to identify the classified information and the unclassified information.
Example Pages 1-3 Secret Pages 4-19 Unclassified Pages 20 26 Secret Pages 27-32 Confidential (g) Transmittal document. If a document transmitting classified information contains no classified information or the classification level of the transmittal document is not as high as the highest classification level of its enclosures, then the document must be marked at the top and bottom with a classification at least as high as its highest classified enclosure. The classification may b: higher if the enc'esures, when combined, warrant a higher classification than any individual enclosure. When the contents of the transmittal document warrants a lower classification than the highest classified enclosure (s) or combination of enclosures or requires no 1 classification, a stamp or marking such as the following must also be used on the transmittal document:
UPON REMOVAL OF ATTACHMENTS THIS DOCUMENT IS:
(Classification level of transmittal document standing alone or the word
UNCLASSIFIED if the transmittal document contains no classified 45 4
i information.) :
Persons in authorized possession of (h) Classification challenges.
Classified National Security Information who in good f aith believe that the information's classification status, whether classified or unclassified, is improper are expected to challenge its classification status. Persons who to challenge a classification status shall--
(i) Refer the document or information to the originator or to an authorized NRC classifier for review, The authorized classifier shall review the document and render a written classification decision to the information. 1 (ii)
In the event of a question regarding classification review, the holder of the information or the authorized classifier shall con Division of Security, Information Security Branch for assistance.
l (iii)
Persons who challenge classification decisions have the right to i
appeal the classification decision to the Interagency Security Classificat o i Appeals Panel, (iv) Persons seeking to challenge the classification of information will not be the subject of retribution.
(i) Files, folders or group of documents. Files, folders, binders, or k d at least as high as
. groups of physically connected documents must be mar e the highest classified document which they contain. A document removed f h
the files, f olders, binders or groups must be handled in accordance with t e document's respective classification. I (j) Draf ts and working papers. Draf ts of documents and working papers f tion which contain, or which .the originator believes contain classified in orma f
must be marked on the top and bottom of each page with the highest level 46
classification contained, or believed to be contained, and with the Restricted Oota marking, if applicable. It is not required that other markings specified in 095.37(c) be applied or that an NRC Form 790 be prepared as indicated in S95.57(c) for drafts and working papers, provided they are not disseminated outside the facility. Prior to any dissemination outside of the facility, drafts and working papers must be reviewed by an authorized derivative classifier, final and complete classification markings applied, and an NRC Form 790 prepared and submitted to the NRC Division of Security, Washington, DC 20555-0001.
- 39. Section 95.39 is revised to read as follows:
S 95.39 External transmissien of documents and material.
(a) Restrictions. Documents and material containing classified information received or originated in connection with an NRC license or certificate must be transmitted only to CSA approved security facilities.
(b) Preparation of documents. Doc;ments containing classified information must be prepared in accordance with the following, when transmitted outside an individual installation.
(1) They must be enclosed in two sealed opaque envelopes or wrappers.
(2) The inner envelope or wrapper must contain the addressee's classified mail address and the name of the intended recipient. The appropriate classification must be placed on both sides of the envelope (top and bottom) and the additional markings, as appropriate, referred to in S95.37(e) must be placed on the side bearing the address.
(3) The outer envelope or wrapper must contain the addressee's classified 47
- .- ~ . -. .- .. - - . _ --.- . .___--
l 2
mail address. The outer envelope or wrapper may not contain any classification, additional marking or other notation that indicates that the enclosed document contains classified information.
(4) A receipt that contains an unclassified description of the document, the document number, if any, date of the document, classification, the date of l
transfer, the recipient and the person transferring the document must be l enclosed within the inner envelope containing the document and be signed by the recipient and returned to the sender whenever the custody of a Secret This receipt process is at the option of the sender document is transferred.
for Confidential information.
(c) Methods of transportation.
(1) Secret matter may be transported only by one of the following methods Puerto Rico, or a U.S. pocsession or within and directly between the U.S.,
trust territory:
(i)
U.S. Postal Service Express Mail and U.S. Postal Service Registered The " Waiver of Signature and Indemnity" block on the U.S. Postal Mail. NOTE:
Service Express Mail Label 11-B may not be executed and the use of external !
(street side) express mail collection boxes is prohibited. 4 (ii) A cleared " Commercial Carrier."
(iii)
A cleared commercial messenger service engaged in the of classified material .
intracity / local area delivery (same day delivery only)
(iv)
A commercial delivery company, approved by the CSA, that provides nation wide, overnight service with computer tracing and reporting features.
Such companies need not be security cleared.
'(v) Other methods as directed, in writing, by the CSA.
(2)
Confidential matter may be transported by one of the methods set forth 48
l in paragraph (c)(1) of this section, by U.S. first class, express or certified mail. First class, express, or certified mail may be used in transmission of Confidential documents to Puerto Rico or any United States territory or )
i possession, j i
l' (d) -Telecommunication of classified information. Classified information may not be telecommunicated unless the telecommunication system has been approved by the CSA. Licensees, certificate holders or other persons who may require a secure telecommunication system shall submit a telecommunication plan as part of their request for facility clearance, as outlined in $95.15, i
or as an amendment to their existing Standard Practice and Procedure Plan for i
the protection of classified information. !
(e) Security of classified information in transit. Classified matter that, because of its nature, cannot be transported in accordance with
$95.39(c), may only be transported in accordance with procedures aoproved by
.the CSA. Procedures for transporting classified matter are based on a satisfactory transportation plan submitted as part of the licensee';,
I certificate holder, or other person's request for facility clearance or submitted as an amendment to its existing Standard Practice Procedure Plan.
- 40. Section 95.41 is revised to read as follows:
6 95.41 External receiot and disoatch records.
Each licensee, certificate holder or other person possessing classified information shall maintain a record that reflects:
49
(a) The date of the material; (b) The date of receipt or dispatch; (c) The classification; (d) An unclassified description of the material; and (e) The identity of the sender from which the material was received or recipient to which the material was dispatched. Receipt and dispatch records must be retained for 2 years.
- 41. Section 95.43 is revised to read as follows:
6 95.43 Authority to reoroduce.
(a) Each licensee or other person possessing classified information shall establish a reproduction control system to ensure that reproduction of classified material is held to the minimum consistent with operational requirements. Clarsified reproduction must be accomplished by authorized employees knowledgeable of the procedures for classified reproduction. The use of technology that prevents, discourages, or detects the unauthorized reproduc' tion of classified documents is encouraged.
(b) Unless restricted by the CSA, Secret and Confidential documents may be reproduced. Reproduced copies of classified documents are subject to the same 4 protection as the original documents. l (c) All reproductions of classified material must ce conspicuously marked with the same classification markings as the material being reproduced. Copies of classified material must be reviewed af ter the reproduction process to ensure that these markings are visible.
50 I
1
)
- 42. Section 95.45 is revised to read as follows:
S 95.45 Chanaes in classification.
(a) Documents containing Classified National Security Information and/or Restricted Data must be downgraded or declassified as authorized by NRC classification guides or as determined by NRC. Requests for downgrading or declassifying any NRC classified information should be forwarded to the NRC Division of Security, Office of Administration, Washington, DC 20555-0001.
Requests for downgrading or declassifying of Restricted Data will be forwarded to coordinated as appropriate by the NRC Division of Security with the Department of Energy.
(b) If a change of classification or declassification is approved the previous classification marking must be canceled and the following statement, properly completed, must be placed on the first page of the document:
Classification canceled (or changed to)
(Insert appropriate classification) by authority of (Person authorizing change in classification) by (Signature of person making change and date thereof)
(c) New markings reflecting the current classification status of the
+
51
document will be applied in accordance with the requirements of S95.37.
(d) Any persons making a change in classification or receiving notice of such a change shall forward notice of the change in classification to holders of all copies as shown on their records.
- 43. Section 95.47 is revised to read as follows:
S 95.47 Destruction of matter containina classified Information.
Documents containing classified information may be destroyed by burning, pulping, or another method that ensures complete destruction of the information that they contain. The method of destruction must preclude recognition or reconstruction of the classified information. Any doubts on methods should be referred to the CSA. If the document contains Secret information a record of the subject or title, document number, if any, originator, its date of origination and the date of destruction must be signed by the person destroying the document and must be maintained in the office of the custodian at the time of destruction. These destruction records must be retained for two years after destruction. 1 l
- 44. Section 95.49 is revised to read as follows:
S 95.49 Security of automatic data orocessina (ADP) systems.
l Classified data or information may not be processed or produced on an ADP system unless the system and procedures to protect the classified data or I
52
l 1
information have been approved by the CSA. Approval of the ADP system and
)
procedures is based on a satisfactory ADP security proposal submitted as part of the licensee's or other person's request for facility clearance outlined in S95.15 or submitted as an amendment to its existing Standard Practice and l Procedure Plan for the protection of classified information .
- 45. Section 95.51 is revised to read as follows:
S 95.51 Retrieval of classified matter followina susoension or revocation of access authorization.
In any case where the access authorization of an individual is suspended or revoked in accordance with the procedures set forth in part 25 of this chapter, or other relevant CSA procedures, the licensee, certificate holder or other organization shall, upon due notice from the Commission.of such suspension or revocation, retrieve all classified information possessed by the individual and take the action necessary to preclude that individual having further access to the information.
- 46. Section 95.53 is revised to read as follows:
S 95.53 Termination of facility clearance.
(a) If the need to use, process, store, reproduce, transmit, transport, or handle classified matter no longer exists, the f acility clearance will be terminated. The f acility may deliver all documents and materiaf s containing classified information to the Commission or to a person authorized to receive 53
them or destroy all such documents and materials. In either case, the facility shall submit a certification of nonpossession of classified information to the NRC Division of Security.
(b) In any instance where facility clearance has been terminated based on a determination of the CSA that further possession of classified matter by the facility would not be in the interest of the national security, the facility shall, upon notice from the CSA, immediately deliver all classified documents and materials to the Commission along with a certificate of nonpossession of classified information. ;
- 47. Section 95.55 is revised to read as follows:
S 95.55 Continued aoolicability of the reaulations in this cart.
The suspension, revocation or other termination of access authorization or the- termination of f acility clearance does not relieve any person f rom compliance with the regulations in this part.
- 48. Section 95.57 is revised to read as follows:
6 95.57 Recorts.
Each licensca or other person having a facility clearance shall immediately report to the CSA and the Regional Administrator of the appropriate NRC Regional Office listed in appendix A,10 CFR part 73:
(a) Any alleged or suspected violation of the Atomic Energy Act, Espionage Act, or other Federal statutes related to classified information.
54
(b) Any infractions, losses, compromises or possible compromise of classified information or classified documents not falling within paragraph (a) of this section.
(c) In addition, a licensee, certificate holder or other organization authorized classifier shall complete an NRC Form 790 (Classification Record) whenever;ia document containing classified information is generated, its classification changed or it is declassified. Notification of declassification is not required for any document or material which has an automatic declassification date. Completed NRC Forms 790 must be submitted to the NRC Division of Security, Washington, DC 20555-0001, on a monthly basis.
- 49. Section 95.59 is revised to read as follows:
S 95.59 Insoections.
The Commission shall make inspections and surveys of the premises, activities, records and procedures of any person subject to the regulations in this part as the Commission and CSA drem necessary to effect the purposes of the Act, E.0. 12958 and/or NRC rules.
Dated at Rockville. Maryland, this day of , 1996.
For the Nuclear Regulatory Commission.
James M. Taylor, 55