Text

United States Ennchm~,nt Corporrt.on

~

2 Democracy Cer.ter 6903 Rockledge Dnve Bethesda, MD 20817 Tel (301)564-3200 t 'niini sates Emichinent Gwporation November 19,1997 United States Nuclear Regulatory Commis.un GDP-97-2032 Attention: Document Control Desk Washington, D.C. 20555 Portsmouth Gaseous Diffusion Plant (PORTS)

Docket No. 70-7002 Response to Inspection Report (IR) 70-7002/97006 Notice of Violation (NOV)

Nuclear Regulatory Commission (NRC) letter dated October 20,1997, tiansmitted the subject Inspection Report (IR) that contained two violations involving: 1) failure to provide to the Commission complete and accumte information, and 2) failure to implement numerous aspects of an approved Security Plan.

USEC's response to these violations is provided in Enclosures 1 and 2. Enclosure 3 includes a table which addresses actions taken to correct the specific examples of the cited violation. lists the commitments made in this report. Unless specifically noted, the corrective actions specified in each enclosure apply solely to PORTS. As indicated in our response, USEC does not agree with example B.7 of NOV 97006-02 concerning the submission of reports regarding unattended security containers found unsecured. The basis for our disagreement is provided in Enclosure 2.

In the cover letter which transmitted the Inspection Report, NRC stated that:

"these violations were ofconcern due to similar issues cited at the Paducah Enforcement Conference" g\\

USEC understands the importance of ensuring that complete and accurate information is provided to the NRC and for ensuring the full implementation of approved Plans. As a result of j the lessons learned from the Paducah Gas,:ous Diffusion Plant (PGDP) Enforcement Com'erence, Portsmouth had made substantial improvements in the accuracy and implementation of the NRC approved Security Plan, llowever, in this case, the Subject Matter Expert's (SME) review of the Security Plan during the development of the certification application did not identify the specific deficiencies documented in the referenced violations. The necessary elements of a strong management system to achieve meticulous attention to detail and high standards of compliance were not fully in place.

9711250326 971119 PDR ADOCK 07007002 Uninwlfn '

n nnt nu[njui lll],ill,ljll lj kjjjQj ]J;lll C

PDR Offices in Paducah, Kentucky Por tsmouth, Ohio Washington. DC

' United States Nuclear Regulatory Commission November 19,1997 1

Page Two Following the Paducah Gaseous Diffusien Plant (PODP) Enforcement Conference, conducted on July 16,1997. PORTS mitiated actions to correct similar issues identified at PORTS. Some of the actions included:

l PORTS panicipated in the PODP recovery analysis process;

+

A detailed review of the Certification Application requirement units, procedures,

+

security practices, self assessments, audits / surveillance program, Problem Reports, and Requests for Application Changes was made to ensure all activities were t>cing perfonned in cempliance with the certification application; A Subject Matter Expen (SMEJ reviewed PORTS security plans to assess consistency between plans; A communications training session was held with Security Group personnel to ensure management expectations, that all plant security activities are being performed in accordance with the certification application, were clearly understood and to discuss the lessons learned from the PDOP Security inspection; and Classroom training of plant personnel having classified material custodial

+

responsibility or security assignments was provided to communicate management's expectations and the importance of understanding how the Certification Application relates ta their area of responsibility and/orjob assignment.

While Portsmouth agrees with the violations as cited, we also believe that significant improvement has been made in this area and will continue because of our commitment to excellence, it is my intention to continue with the security improvement program and continue to take those actions necessary to improve rigor and discipline associated with ensuring the most complete and accurate information is provided to the NRC.

1

United States Nuclear Regulatory Commission November 19,1997 Page 'Ihree if you have any questions regarding this submittal, please contact Ron Gaston at (614) 897 2710.

incerely.

7 James 11. Morgan Acting General Manager Portsmouth Gaseous Diffusion I'lant c

Enclosures (4) cc:

Regional Administrator, Region ill NRC Resident inspector, PORTS DOE Si,e Safety Representative, PORTS F

(

---__-L___--

~

4 UNITED STATES ENRICIIMENT CORPORATION (USEC)

REPLY TO NOTICE OF VIOLATION (NOV) 70 7002/97006-01 Restatt acnt of Viointion 10 CFR 76.9(a) requires, in part, that infonnation provided to the Commission be complete and accurate in all material aspects.

A.

Section 6.5.3 of the Security Plan for the Protection of Classified hiatter (Security Plan) submitted by USEC in the January 19,1996 revision ofits application states in part that records of combinations are kept on computer diskettes and paper files.

Contrary to the above, on January 19,1996, USEC failed to provide to the Commission complete and accurate information in all material aspects conceming its Security Plan in that Section 6.5.3 of the submitted Security Plan stated that ecmbin-lon records were being maintained on computer diskettes. Ilowever, this was never the practice at Portsmouth. Only paper records of classified combinations are maintained. This infonnation was material to the NRC because the Commission relied on it to grant USEC a certificate of compliance.

i'..

Section 16 of the Security Plan submitted by USEC in the August 27,1997 revision ofits application lists shredders approved for destruction of classified infbrmation.

Contrary to the above, on August 27,1997. USEC failed to provide to the Commission complete and accurate information in all material aspects concerning its Security Plan in that Section 16 did _not provide a complete listing of shredders approved for destruction of classified infonnation.

C, Section 18 of the Security Plan submitted by USEC in the August 27,1997 revision ofits application describes telecommunications of classified infonnation and states that the Portsmouth Ptar.t "is presently operating under guidelines set forth by the COhtSEC Procedural Guide and the USEC Portsmouth Oaseous DifTusion Plant, LhtOS Standard Operating Procedure,"

Contrary to the above, on August 27,1997. USEC failed to provide the NRC with complete and accurate infonnation in all material aspects conceming its Security Plan as evidenced by the examples belcw:

El-1 1

l

', 1.

On August 27,1997, USEC failed to provide the NI(C with complete and accurate information in that Section 18.4 of the Security Plan did not provide a complete list of equipment that comprises Portsmouth's secure telecommunications systems.

2.

On August 27,1997, USEC failed to provide the NitC with an accurate reference to a Section of the Portsmouth Crypto center Standard Operations Procedure (SOP)in that Section 18.7 of the Security Plan references Section 5 of the Portsmouth Crypto center SOP in connection with classined facsimiles when, in fact, it should have referenced Swtion 7.

3.

On August 27,1997, USEC failed to provide the NitC with complete and accurate information in that Figure 18.3 of the Security Plan did not provide enough information to accurately describe the Portsmouth secure telecommunications structure.

This information was material to the NI(C because the Commission relied on it to grant USEC a certincation of compliance.

I.

l(casons for Violation

'lhe reason for the violation was a failure by the Subject hiatter Expert (ShiE) to adequately > ify the accuracy of the security plans prior to submittal. No fonnal policy or procedure existed that p.escibed guidance in reviewing the security plans.

11.

Corrective Actions Taken and itesults Achieved 1)

The actions taken to address the speci0c examples of this violation are provided in

• , Table 1.

2) hianagement expectations were communicated to the Security Group through several staff meetings with the General hianager and the Organizational hianager to ensure expectations were clearly understood and to discuss the lessons learned from the PDGP Security inspection.

3)

Classroom training of plant personnel having classified material custodial responsibility or security assignments was conducted to communicate compliance expectations and the imponance of understanding how the CertiGcation Application relates to their area of responsibility and/orjob assignment.

4)

A management assessment team was assembled to independently look at the security program to determine if the PollTS Security Program was aligned with the Certincation Application and implementing procedures. The review identined several inconsistencies and actions were taken to bring the inconsistencies into El-2

compliance with management's c:.pectations, in addition, a team of Subject hiatter Experts (ShiE) were assembled to concurrently review the Security Plans for accuracy, consistency, completeness, and to ensure the plans were fully implemented as written. Where inconsistencies were identified by the team, actions i

were taken to bring the plant into compliance with the plans and a Request for

)

Application Change (RAC) was submitted for those cognitive errors identined

)

during the review.

Ill.

Corrective Steps to be Taken 11 Portsmouth wHl develop procedures ;or the review of Security Plans and the i

Conduct of Security Operations. These procedures will be completed by h mary 30,1998.

2)

Additional formal training of Security Plan SMEs will be conducted on how to properly review Security plans for completeness and accuracy, and how to verify and conGrm full implementation of the Certi0 cation Application requirements.

This action will be completed by February 28,1998.

IV.

Date of Full Compliance Full compliance with the specific circumstances of this NOV was achieved on November 10,1997, when the specific examples of security plans were updated.

El-3

1 UNITED STATES ENRICllMENT CORPORATION (USEC)

REPLY TO NOTICE OF VIOLATION (NOV) 70 7002/97006-02 Restatement of Violation Condition 8 of the certificate of compliance for the Portsmouth Gaseous Diffusion Plant requires in part that USEC conduct its operations in accordance with the statements and representations contained in the certification application dated September 15,1995, and revisions dated January 19,1996, July 1,1996, and April 18,1997.

Contrary to the above, as of September 2,1997, numerous aspects of the approved Security Plan for the Protection of Classified Matter were not implemented, as evidenced by the following examples:

A.

.Ylolations Associated with Perimeter Security 1.

Section 8.1.3 of the Security Plan submitted by USEC in the January 19,1996 revision of USEC's application and 1 igure 8.1 o'the Security Plan submitted by USEC in its application dated September 15,1995, show Building X 3002 to be outside the Controlled Access Area (CAA) barrier and Huilding X 3001 to be inside the CAA barrier, llowever, USEC failed to accurately identify the location of the CAA barrier of the plant as it relates to the GCEP area and Buildings X 3001 and X 3002, 2.

Section 6.1.2 of the Security Plan submitted by USEC in the January 19,1996, revision of USEC's application requires that a complete listing of active alarm zones be included as Addendum 2. Ilowever, USEC failed to provide active alarm zones as Addendum 2 contained intbrmation that was no longer current.

3.

Section 6.1.4 of the Security Plan submitted by USEC in its application dated September 15,1995, requires in part that work remained in progress to replace the Computer Based Integrated Security System (CBISS) with the new Portsmouth Access Control System (PACS). Ilowever, USEC failed to continue working to replace CBISS with the new PACS.

E2 1

-II.

Violations Associated with Storage and Control of Classifkl hiatter 4.

Section 6.5.2 of the Security Plan submitted by USEC in the January 19,1996, revision ofits application requires in part that combinations to classified security containers be changed every 12 months. Ilowever, USEC failed to uriate numerous SF 700, " Security Container Information," forms, that are aflixed to security containers, to indicate tne new date of combination change.

5.

Section 6.6.1 of the Security Plan submitted by USEC in the January 19,1996, revision ofits application requires in part that SF 700 forms be posted on the outside of security containers. Ilowever, USEC failed to post SF-700 forms in accordance with the approved Security Plan in that SF-700 forms were being posted on the inside of security containers.

6.

Section 6.3 of the Security Plan submitted by USEC in the January 19,1996, revision ofits application requires in part that classified documents be stored in security containers fitted with locking bars secured by three position combination padlocks. Ilowever, USEC failed to store classified documents in accordance with the approved Security Plan in that all classified documents are stored in GSA-approved repositories or vaults / vault type rooms that are not fitted with locking bars and padlocks.

7.

dection 6.7 of the Security Plan submitted by USEC in the April 18,1997, revision ofits application requires in part that a report reflecting all actions taken when a security container is found unsecured by guard force eersonnel will be submitted to the NRC Division of Security (now the Division of. acilities and Security).

Ilowever, USEC failed to provide reports regarding unattended security containers found unsecured in that since May 1997, there have been several instances where gucrd force personnel have found classified repositories unsecured and no written reports i Occting all actions taken have been provided.

8.

Section 12.3 of the Security Plan submitted by USEC in the July 1,1996, revision ofits application requires in part that portion markings be applied to documents that contain National Security information (NSI). Ilowever, USEC failed to apply portion markings to documents that contain NSI in that a group within the Nuclear Materials Section of the Portsmouth plant was not applying portion markings to documents that contain NSI.

C.

Yiclations Associated with protection of Classified hiatter 9.

Section 19.2 of the Security Plan submitted by USEC in the August 21,1997, revision ofits application requires in part that classified ADP systems are certified for oper:tional use not to exceed three years from date of certification. Ilowever, E2 2

1 1

USEC failed to have two classified computer systems recertified within the required three year period from original cenification date.

I.

Reason for Violation The reason for the violation was failure of the Security Organization to verify and validate that actual plant practices were accurately reflected in security plans. As a result, security plans were not accurately and rigorously flowed down into implementing procedures.

Ibamnle 7:

USEC does not agree with Example 7 of this $.lolation. The example states "...USEC failed to provide reports regarding unattended security containers found unsecured in that since May 1997, there have been several instances where guard force personnel have found classified repositories unsecured and no written reports reflecting all actions taken have been provided."

llased on discussions with the NRC Division of Security, it is USEC understanding that this example refers to two instances relating to unattended security containers that occurred on May 6,1997, and August 16,1997. NRC also indicated that they believed the reason the NRC had not received written reports for these two instances was that the security plan did not specify the ti'ne frame for submitting these reports. The results of USEC's investigation regarding this example are provided below.

A The Security Plan requirement to submit a report reflecting all acuons taken when a security container is found unsecured is contained in USEC Procedure UE2 RA.RE1030,

" Nuclear Regulatory Event Reporting." Appendix D, Criteria L2 states of the procedure

" Report actions taken when an unattended security container having classified matter is found unlocked" and requires that a written report be submitted to the NRC Regional Ollice and NRC Division of Security within 30 days. Th;s reporting requirement is based on 10 CFR 95.25 (i) which applies to security containers housing classined matter.

A written report for the event which occurred on August 16,1997, was transmitted to the NRC Document Control Desk, the NRC Regional OfHee and the NRC Division of Security on September 9,1997. USEC has conGrmed that the letter was received by the NRC and placed on Docket 70 7002 (Reference ACN 9709170183).

The situation which occurred on May 6,1997, related to the discovery that a lock box containing keys for locks controlling access to classified material storage areas was not locked for approximately 50 minutes.10 CFR 95.25(j)(6) states " Keys and spare locks must be protected equivalent to the level of classified material involved." The subject lock box is located in the stores custodian's ofGee inside a controlled access stores area of the X-720 building, he only way personnel can gain access to this area of the X 720 is to be E2 3

1 720 building. The only way personnel can gain access to this are-of the X-720 is to be allowed entry by the stores custodian or attemate. On May 6,1997, the stores custodian had opened the lock box and issued one of the two keys that are stored in the lock box to an authorized individual. The key was issued only aner logging the issued key to the individual as required by 10 CFR 95.25(j)(1). After issuing the key, the lock box was not locked. Th: stores custodian had len his ollice but did not leave the access controlled stores area. In accordance with the controlled access requirements for this area, a stores custodian alternate allowed an inspector and a security representative to enter the stores area. The inspector subsequently observed the open lock box in the custodian's ofDec.

During the time the lock box was open, the stores custodian did not leave the X-720 access controlled stores area. Since the stores custodian was in the area, and only cleared personnel were allowed access the stores area, the level of protection provided for the keys was sufficient to prevent unauthorized access. An investigation performed by Security determined that at no time was classified material at risk for access by persoas who do not have the prescribed access authorization (reference 10 CFR 95.27). Therefore, the subject key was afforded protection equivalent to the Icvel of classified material involved in accordance with 10 CFR 95.25(j)(6), and the situation was not reportable, llased on the above information, USEC does not believe that example 7 represents a violation of NRC requirements.

II.

Corrective Actions Taken and Results Achieved 1.)

The actions taken to address the specific examples of this violation are provided in linclosure 3, Table 2.

2)

A communications session was conducted with the Security Group to ensure Management expectation, that all plant security activities are being performed in accordance with the certification application, were clearly understood and to discuss the lessons learned from the PDGP Security inspection.

3.)

Review and assessment training of plant personnel having classified material custodial responsibility or security assiunments was conducted afler the PGDp assessment to communicate complianet expectations and the importance of understanding how the certification of compliance relates to their area of responsibility and/orjob assignment.

4.)

A management assessment team was assembled to independently look at the security program to determine if the PORTS Security Program was aligned with the Certification Application and implementing procedures. The review identified several inconsistencies and actions were taken to bring the inconsistencies into compliance with management's expectations. In addition, a team of Subject Matter E2 4

Experts (SME) were assembled to concurrently review the Security Plans for accuracy, consistency, completeness, and to ensure the plan was fully implemented as written. Where inconsistencies were identified by the team, actions were taken to bring the plant into compliance with the plans and a request for an application change (RAC) was submitted for those cognitive errors identified during the reVIOV.

111, Corrective Steps to be Taken in addition to the actions described in section 3 of enclosure one, the following corrective steps also will be taken.

1)

As part of a continuous security improvement program, the security organization will develop application specific surveillance checklists to be incorporated into the organizational self assessment program. These checklists will enhance the effectiveness of the current organizational self assessment program. The structure of the assessment program will be refocused on completeness and accuracy of the Certification Application, proper procedural implementation, proper training of personnel on the security requirements. The completion date for these actions is February 28,1998.

IV.

Date of Full Compliance Full compliance was achieved on November 10,1997, when applicable Request for application change was approved by the Plant Operations Review Committee (pORC).

E2 5

I i

s UNITED STATES ENRICllMENT CORPORATION (USEC)

Table of Actions to Address Specific Concerns E3-1

"gl Table 1 Actions Taken to Address NOV 1 Violation Examples Corrective Actions Taken I.A.

Section 6.5.3 of the submitted Secunty Plan stated that combination records A Request for Application Change (P.AC) 97-X-0497, was approved on were being maintained on computer diskettes and paper fi'es. Ilowever, this November 10,1997 to remove the reference that combination records could was not the practice at Portsmouth. Only paper records of classified be stored on computer diskettes.

combinations were maintained.

1.B.

USEC failed to provide to the Comn.ission complete and accurate information A Request for Application Change (RAC) 97-X-0497, was approved on in all material aspects conceming its Security Plan. in that Section 16 did not Nos ember 10,1997, to remove the exact location of classified shredders provide a complete listing of shredders approved for destruction of classified from the CMP and insert "a listing of classified shredders that is maintained information.

in the Secur:ty OfTse."

1.C.I.

USEC failed to provide the NRC with complete and accurate information in To correct cognitise errors identifed CMP related to the implementation of that Section 18.4 of the Security Plan did not provide a complete list of a secure telecommunications operations and to ensure complete and egaipment that comprises Portsmouth's secure telecommunications systems.

accurate information is included in the CMP, RAC 97-X-0393 was approved on November 10,1997, which revises Section 18 of the CMP.

1.C.2.

USEC failed to provide the NRC with an accurate reference to a Section of To correct cognitive errors identified CMP related to the implementation of the Portsmouth Cryptocenter Standard Operations Procedure (SOP) in that a secure telecommunications operations and to ensure complete and Section 18.7 of the Security Plan references Section 5 of the Portsmouth accurate information is included in the CMP RAC 97-X-0393 was Cryptocenter SOP in connection with classified facsimiles a hen, in fact, it approved on November 10.1997. 7he inaccurate reference identified should have referenced Section 7.

(Section 5 of the Portsmouth Cr3ptocenter SOP instead of Section 7)in this violation have been removed from the CMP, Section 1S.

E3-2

Tchte 1-cont.

Actions Taken to Address NOV 1 Violation Examples Corrective ActionsTaken 1.C3 USEC failed to provide the NRC with complete and accurate infonnation in The incomplete Section 1S. Figure 183 information as i'catified by this that Figure 183 of the Secunty Plan did not provide enough information to NOV was modified to include additional infornation accurately describing accurately describe the Ponsmouth secure telecommunications structure.

the Portsmouth secure telecommunications stn:cture. RAC 97-X-0393 approved on November 10.1997, to revise Secten I8. which includes Figure 183 of the CMP.

E3-3

Table 2 4

Actions Taken to Address NOV 2 Violation Exarnples

' Corrective Actions Taken I.A.I USEC failed to acc irately identify the location of the CAA barner of the plant RAC S7-X-0501 was approved on November 03,1997 to accurately as it relates to the GCEP area and Buildings X-3001 and X-3002.

identify the Controlled Access Area (CAA)boundar) 1.Al Section 6.1.2 of the Secunty Plan submitted by USEC in the January 19.1996 RAC-X-0497 wu apprmed on November 10.1997 to remove the reference revision of USEC's application requires that a con 4 cte listing of active alarm to Addendum 2 and indicate that the listing is maintamed at Guard Force A

zones be included as Addendum 2. Ilowever, USEC failed to provide active 11eadquarters.

alarm zones as Addendum 2 contained information that was no longer current.

i.A.3 Section 6.1.4 of the Security Plan submitted by USEC in its application dated USEC has reopened the project to install an Access Control System (PACS) 1 September 15.1995, requires in part that work remained in progress to at PORTS. An Engineermg Service Request has been completed and rer' ace the Computer Based Integrated Security System (CBISS) with the new fundiag has been requested from DOE to subsidize the installation of the Portsmouth Access Control System (PACS). Ilowever. USEC failed to alarm system. USEC is in compliance with the Security plan however, coc'.inue working to replace CBISS with the new PACS.

insta!!ation of alarm system for selected facilities is not expected to be completed until July 1.1998.

l 1.B.4 USEC failed to update numerous SF-700 *Sectrity Container Information" Management's expectations for procedural adherence and attention to detail l

forms, that are afTixed to securr'y containers, to indicate the new date of wcre immediately communicated to the security organization. AII security container SF-700 forms wcre checked to verify they were properly afTtxed j

I combination change.

and that the dates of combination changes w ere within the required 12-month penod. A meeting was held with the on sight locksmith to ensure l

the locksmith w as fully aware of'e % Ament to ensure SF-700 fonns indicated the date of combination change. Actions were completed by Sertember 5. I997 E3-4 l

l

Table 2-cout.

Actions Taken to Address NOV 2 Violation Examples Corrective Actions Taken 1.B.5 Section 6.6.1 of the Secunty Plan submitted by USEC in the January 19,1996 RAC 97-X4497 was apprmed on November 10,1997, to correct the revision of its application n quires in part that SF-700 forms be posted on the Section 6.6.1 of the plan. The plan now simply requires that the form be outside of security containes.110 wever, USEC failed to post SF 700 forms posted in each security container authorized to handle classified matter.

in accordance with the appraved Secunty Plan in that SF-700 forms were being posted on the insidc of secunty containers.

1.B.6 Section 63 of the Security Plan submitted by USEC in the January 19,1996 RAC 97-X4197 was apprmed on November 10.1997, to correct Secten revision ofit application requires in part that classified documents be stored in 63 of the CMP. The igiu oment to use locking bars has been removed.

secunty containers fitted with locking bars secured by three-position combination locks. Ilowever, USEC failed to store classified documents in accordance with the approved Security Plan in that all classified documents are stored in GSA-approved repositories or vaul's/ vault-type rooms that are not fitted uith lockir.g bars and padlocks.

1.B.7 Section 6.7 of the Security Plan submitted by USEC in the April 18,1997 USEC does not believe a violation of NRC iguosments occurred. in that.

revision ofits application requires in part that a report reflecting all actions there were two events in question, one on May 6,1997 which was taken u hen a security container is found unsecured by guard force personnel determined not to be reportable under the Security Plan or the ~ Nuclear will be submitted to the NRC Division of Sacurity (now the Division of Regulato y Event Reporting" procedure UE2-RA-RE1030. The other Facilities and Security). Ilowever. USEC failed to provide reports regarding incident which occurred on August 16.1997 invohed an unsecured unattended security containers found unsecured. Since May 1997, there have security container. A written report was transmitted to the 'r"tC m been several instances uhere guard force perso tnel have found classified September 9,1997. This report was uith'm the 30-day reporting repositories unsecured and no written repons reflecting all actions taken have requirements. USEC confirmed the report was received by NRC and been provided.

placed on Docket 70-7002 (reference ACN 9709170133L E3-5

Table 2--cont.

Actions Taken to Address NOV 2 Violation Examples Corrective Actions Taken I.B.8 USEC failed to apply portion markings to documents that contain NSI in that An investig: mon of Authorized Derivative Classifier (ADC) pomon-a group within the Nuclear Materials Section of the Portsmoinh plant was not marking practices was conducted. followed by remedial actions to ensure applying portion markings to documents that contain NSL all ADCs were cognizant of required pomon-marking practices.

Remediation was accomplished by creating a document file contaming informatico en portion-markmg. This file was distributed to all NSI classifiers. Also, required reading of sections of site procedures dealing with portion-marking was required, and documented for all ADCs responsible fcir portion-marking. In addition. a special briefing on portion-marking was conducted for the NMC&A classifiers. The required reading and briefine.s were completed on September 5.1997, bringing.

1.C.9 Section 19.2 of the Security Plan submitted by USEC in the August 21,1997 USEC submitted two computer security plans a'ong with two requests for revision ofits application requires in part that classified ADP systems are reaccreditation to the NRC on September 5.1997.

certified for operational use not to exceed three years from date of certifiertion. Ilowever USEC failed to have two classified computer systems During the interim review and approval process, the Portsmov< pLm' will recertified within the required three-year period from original certification continue te operate the Safeguards and Alarm System (SAS) and the CBISS date.

under the existing DOE-approved security plans until NRC approval is received.

E3-6

I L

UNITED STATES ENRICilMENT CORPORATION (USEC)

List of Commitments NOV 70-7002/97006-01 4

1)

Portsmouth will develop procedures for the r$ view of Security Plans and the Conduct of Securi y Operations. These procedures will be completed by January 30,1998, t

2)

Additional formal training of Security Plan SMEs will be conducted on how to properly review Security plans for completeness and accuracy, and how to verify and confirm fusi implementation of the Certification Application requirements. This action will be completed by February 28,1998.

NOV 70 7002/97006-02 1)

As part of a continuous security improvement program, the organization will develop application specific surveillance checklists to be incorporated into the organizational self assessment program. These checklists will enhance the effectiveness of the current organizational self assessment program. The structure of the assessment program will be refocused on completeness and accuracy of the Certification Application, proper procedural implementation, proper training of personnel on the security requirements.

The completion date for these actions February 28,1998, i

-E4 1

,