ML20138H009
| ML20138H009 | |
| Person / Time | |
|---|---|
| Issue date: | 04/29/1997 |
| From: | Kidd D NRC |
| To: | Merrill C NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM) |
| Shared Package | |
| ML20138H014 | List: |
| References | |
| FRN-61FR40555, FRN-62FR17683, RULE-PR-25, RULE-PR-50, RULE-PR-54, RULE-PR-95 AF37-2-001, AF37-2-1, NUDOCS 9705070037 | |
| Download: ML20138H009 (1) | |
Text
I
&[ m GV6L [$.
6
[3pcn:n t" UNITED STATES [b NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20065 4001 s., , , , g j April 29, 1997 AF37-2 MEMORANDUM FOR: Clark Merrill, Manager User Services NUDOCS ., 1 ss f
,/
FROM: Duane G. Kidd Assistant to the Director /
/ gg '
Division of Security !
SUBJECT:
REGULATOPY HISTORY PROCEDURES - ACCESS TO AND PROTECTION OF CLASSIFIED 'NMRMATION In accordance with the April 5,1985 :nemorandum from the EDO entitled, " Regulate:v History Procedures," I am forwarding the documents relevant to the regulatory history of the final rule conforming NRC industrial security requirements to new National Security Executive Orders and Directives (10 CFR Parts 25 and 95162FR176831). [
The documents are identified in the attachment and are enclosed with the attachment.
Attachment:
As stated ,
i l
l l
\
l 300001 . t'y 9705070037 970429 1 PDR PR 25 62FR17683 PDR
N' I M Ubd 4F374 j
.
- Georg:a Power Conraany
- j. 40loverness Center Parkway raoeosso aute PR .2s > es Post ooce Box 1295 Birmingham Atatuma 15?O1 -
Telephone 205 877 7122 /f pg /
)
USWL C.K.McCoy GeorgiaPower VK,e Presdent. Nuclear .a.5 BCr. _7 All M 1 Vogtle Pnnect Ite southem erectrc system 0 .. I' October 2DC1996 Docket Nos. 50-424 LCV-0866 50-425 The Secretary of the Commission i U. S. Nuclear Regulatory Commission l Washington, D. C. 20555-0001 ATTN.: Docketing and Service Branch l
l Comments on proposed rule
" Access to and Protection of Classified Information" (61 Federal Register 40555 dated August 5.1996)
Dear Sir:
J Georgia Power Company has reviewed the proposed rulemaking " Access to and Protection of Classified Information," which would revise 10 CFR Parts 25 and 95, and was published in the Federal Register on August 5,1996. Georgia Power Company supports the policy behind the proposed rulemaking and the NRC's effort to reduce or eliminate duplicative oversight of private facilities which have classified interests frem ;
more than one governmental agency. However, Georgia Power Company is concerned that a number of the provisions proposed by the NRC are unclear and may be difficult to ,
apply. Accordingly, Georgia Power Company provides the attached comments which l identify these concerns and provide general suggestions for the final mle. J Should you have any questions, please advise.
Re'spectfully submitted, 0.
C. K. McCoy CKM/JMG Attachment i
* * $'. Of y ,h
[ 9 Lol 0 Ob oGT7_. J
- 8 f GeorgiaPower A i
4 m j U.S. Nuclear Regulatory Commission Page 2 l u
a i i
4 l
)
cc: Georgia Power Company .
l -
Mr. J. B. Beasley !
. Mr. M. Sheibani i 1
NORMS ,
i U. S. Nuclear Regulatory Commission ;
Mr. S. D. Ebneter, Regional Administrator Mr. L. L. Wheeler, Licensing Project Manager-Vogtle, NRR !
Mr. C. R. Ogle, Senior Resident Inspector - Vogtle 1 I
I t
e 5 i
I e
f I
l l
1 l
I l
LCV-0866 i
+
Comments on the Proposed Rule:
" Access to and Protection of Classified Information" 61 FR 40555 (Aug. 5.1996)
The Commission has proposed amendments to the provisions of 10 CFR Parts 25 and 95 regarding security of classified information. According to the preamble to the proposed rule, the amendments would permit another " Cognizant Security Agency" (e.g., DOE, DoD, or CIA) to assume some or all of the security oversight functions at a facility licensed by the Commission or for employees of NRC licensees. Georgia Power Company (Georgia Power) supports the policy behind the Commission's proposal. Eliminating the need for an NRC licensee to seek security clearances from both the Commission and '
DOE, for example, is appropriate. Georgia Power agrees that the Commission should pursue this end in keeping with the National Industrial Security Program.
l l
However, Georgia Power is concerned that a number of the provisions contained in the proposed mle are unclear, may be diflicult to apply, or would create conflicts with other i Commission regulations. Specifically, (i) the proposed rule does not provide a procedure for the designation of the " Cognizant Security Agency (CSA)";(ii) the proposed mle does i not address the Commission's role in ensuring compliance with the rules of other CSAs; l 1
(iii) the proposed rule does not reconcile restricted data requirements in Parts 50 and 54 of the, Commission's regulations with the proposed changes to 10 CFR Pans 25 and 95, and l (iv) the proposal does not clearly define when a facility clearance from the Commission is j required. The following comments address each of these concerns. j Cognizant Security Agency The proposed changes to Part 25 would allow licensees to request access authorizations for employees from "the facility CSA" instead of from the Commission. According to the proposed rule, CSA stands for " Cognizant Security Agency" and is defined as DoD, DOE, CIA and the Commission. However, the proposed rule does not explain which of these agencies is the appropriate CS A in a given situation or for a given facility, or who makes that determination. Conceivably, more than one of the agencies could be the CSA.
The final rule should include a more precise definition of CSA or a procedure for designating a CSA in a given situation. For instance, the CSA definition could be modified to indicate that it is the agency which exercises primary authority and control )
over the classified information to which access is initially sought. In this way, conflicts between two or more agencies assertingjurisdiction as CSA can be avoided. l 10 CFR 95 also includes references to the CSA. For the reasons outlined above, the l proposed changes to Part 95 should also include a more precise definition of" Cognizant Security Agency" in the final rule.
i l
l I Comments on Proposed Rule (61 FR 40555)
Page 2 4
i I
Continued Oblientions to the Commission i
j The proposed rule does not establish whether and how the Commission will be notified regarding access authorizations requested from another agency. Does an NRC licensee have an obligation to notify the Commission ifit applies to another CSA for an access
) authorization?
i If the Commission intends to require such notification from its licensees, then the final rule
- should clarify the scope of that requirement. Further, in keeping with the efliciency goals j of the rule, any such required notification should be very simple. For example, the
- Commission should make clear that its licensee's may apply to another CSA without
! permission from the Commission.
l Conflictine Responsibilities Under Other Commission Regulations i
10 CFR 50.37 prohibits commercial nuclear reactor licensees from permitting an employee {
access to Restricted Data until the Civil Service Commission has reported to the l
) . Corpmission on the fitness of the individual employee to receive such information. The !
j proposed rule does not amend this section of 10 CFR and does not otherwise link the i
- requirements of Pan 25 to this section.
l The proposed rule should be clarified in order to reflect whether compliance with the new I Pan 25 will satisfy 10 CFR 50.37. The interface of the proposed rule with 10 CFR 54.17(g), which concerns license renewals, should be clarified in similar fashion in the final rule, I,icensee Activities at Other Facilities l
As revised by the proposed rule, it is unclear whether 10 CFR 95.15 requires an NRC l licensee to obtain a facility clearance from the Commission in order for employees of that licensee to "use" or " handle" classified information which is located at a completely i different facility, including facilities subject to the oversight of another agency. For
{ example, does 10 CFR 95.15 require a facility clearance from the Commission in order for employees of an NRC licensed facility to use or handle classified information which is
- maintained at a DOE facility? Conversely, does 10 CFR 95.15 require the NRC to clear '
the non-NRC licensed facility? Although it does not appear to be the Commission's intent j to require a facility clearance in either situation, an aflirmative statement in this regard would assist in the implementation of the rule. The Commission should clarify whether facility approvals are required under Part 95 in such a situation.
1 3
i
s Comments on Proposed Rule (61 FR 40555)
Page 3 Conclusion Georgia Power believes the proposed rule will, subject to the comments above, improve the Commission's regulations regarding security matters. Incorporating these comments into the final mic will help to clarify the responsibilities of the regulated community and will result in more eflicient protection for classified information.
l l
1 l
l
l W'NS' {
Department of Energy DOCMI:TED 4 Germantown, MD 20874-1290 "OC l I
.) .
' I 007 1 6 1995 ~% OCT 22 A3 :46 sD LE M gg, ~ E" g- l Secretary of the Commission (Gl F 6 '7'QS55.)
U.S. Nuclear Regulatory Commission }
ATTN: Docketing and Regulatory Services Branch Washington, DC 20555-0001 ,
i
Dear Sir:
' 2!
Attached are comments from the Department of Energy on the Nuclear Regulatory Commission ,
proposed rules 10 CFR Parts 25 and 95," Access to and Protection of Classified Information." I hope you find these comments useful in the finalization of these rules. i If you have any questions about the attached comments, please contact Cathy Tullis on 301-903-I 4805. ;
Sincerely,
,- ~ , ,
(
' b fC ( '
- [Bd'w/
ard J., c allum, Direc(tor ,
Oflice of Safeguards and Security l
' /
' /
Attachment /
i l
l 1
i i
JAN 0 71997 Acknowledgedbycara~ .,
Printed with soy ink on recycled papet n , ocnn9 s q y -- ~-
)
e b
Comments to Proposed NRC Rule General Comment. The drafl regulation refers to " access authorization" throughout. The introduction to the proposed rule references " personnel security clearance" and some of the language in the text contains variations, such as " personnel access authorization." A common term should be used throughout, or the fact that a personnel security clearance is a synonym for access authorization established.
General Comment. The draft regulation uses the term " Critical Secret Restricted Data." This term has not be implemented by any agency. A review group was formed to review this issue and has decided not to use this term. Instead information will be appropriately upgraded to Top Secret. It is strongly recommended that NRC not use the term " Critical Secret Restricted Data" in this regulation. Instead we suggest that all Secret Restricted Data continue to be protected at the NISPOM supplement level until the critical information has been upgraded to Top Secret.
p25.5: The defmition for " access authorization" is confusing, statbg '. hat it means an individual is eligible for " security clearance for access to classified informaticn " Suggest the following:
" Access authorization means an administrative determination that an n;4ividual is eligible for access to classified information."
25.17(e): This section requires the licensee / contractor to review the SF-86, including Part 2, for completeness and correctness. As the changes to the rule are largely being made to comply with new Executive Order and the NISPOM, this section should more carefully address the terms under which this information can be reviewed by a third party. The NISPOM restncts this type of review.
95.3: It is not clear why the scope is not written to include all classified information, especially Formerly Restricted Data.
{95.17(a)(2): To ensure consistency with the NISPOM it is suggested that the term " survey be changed to " review."
Q95.18: A NISPOM transposition requiring some clarification. Senior management cannot be cleared to the " level of the facility" by NRC, a< NRC can only grant "Q" and "L" access authorizations end facilities are classified r . ret, Top Secret, etc. Perhaps senior management could be cleared to a level commensurat : hat of the facility clearance.
{95.25: The storage requirements for Secret contained in this sections are not consistent with the storage requirements for Secret Restricted Data in the NISPOM supplement.
Q95.25(c)(2)(v): The requirement to change combinations once every 12 months is above and beyond the requirements contained in the NISPOM. Suggest this requirement be eliminated.
95.37(c)(1)(i): Suggest a sentence be added to indicate that on a document marked " multiple l
l sources" that the multiple sources must be identified in the records copy of the document.
s95.57: This seems to be the first reference to a " person" having a facility clearance. The definition of facility clearance needs to be more detailed as to what constitutes a facility under this rule.
l l
l l
l e
4 4
l 1