Text

_ _ _ _ _ _ _ _

i NOTICE OF VIOLATION United States Enrichment Docket No. 70 7001 Corporation (USEC)

Certificate No. GDP 1 Bethesda, MD EA 97 207 During an NRC inspection conducted on May 5 9,1997, violations of NRC requirements were identitled, in accordance with the " General Statement of Policy and Procedure for NRC Enforcernent Actions," NUREG 1000, the violations are listed below:

l t

10 CFR 76.9(a) requires, in part, that Information provided to the Commission be complete and accurate in all material aspects.

A.

Section 8. of the Security Plan for the Protection o Clessified Matter (Security Plan) submitted by USEC in the May U,1996 revision of its l

j application, states, in part, that the classified storage rooms meet the requirements for a true vault' as descrlhd in DOE Order 5632.1C, l

" Protection and Control of Safeguards and Security Information," without an Alarm system, i.e., concrete construction, true floor to true ceilin3, penetrations sealed or protected by anchored bars, and metal doors possessing R1 rated combination locks.

Section 4. of DOE Order 5632.1C states,in port, that the definitions of commonly used terms are provided in the " Safeguards and Security Definitions Guide," which is maintained and distributed by the Office of Safeguards and Security. Section 23.0 of the Safeguards and Security Definitions Guide defines a vault as a windowless enclosure that la resistant to forced entry and has a DOE approved system which detects unauthorized entry.

Contrary to the above, on May 31,1996, the United States Enrichment Corporation (USEC) failed to provide to the Commission complete and accurate information in all material aspects concerning its Security Plan for the Protection of Classified Matter (Security Plan) in that Section 8 of the submitted Security Plan described the Barrier Lab in the C 710 building as meeting the requirements of a "true vault." However, the lab had windows and therefore did not meet the definition of a true vault (a true vault is a windowless enclosure). This information was material to the NRC because the Commission rolled on it to grant USEC a certificate of compliance, (01013) 9710060325 970922 PDR ADOCK 07007001 C

PDR

1. DOE Order 5632.1C uses the term " vault" as opposed to the term "true vault" used in the Paducah Security Plan.

I;

l Notice of Violation 2-B.

Section 18. of the Security Plan submitted by USEC in the January 19,1990 revision of its application, describes telecommunications of classified information and states that the Paducah Plant "is presently operating under a DOE approved Telecommunications Operation Plan "

Contrary to the above, on January 19,1990, the United States Enrichment Corporation (USEC) failed to provide to the Commission complete and accurate information in all material aspects concerning its Security Plan for the Protection of Classified Matter (Security Plan), as evidenced by the examples below: (01023) 1.

On January 19,1997, USEC failed to provide the NRC with accurate loformation in that the Paducah Plant was not operating under a DOE spproved Telecomrnunications Operation Plan as stated in Section 18. of the Security Plan.

2.

On January 19,1990, USEC failed to provide ti.e NRC with the correct status of the Paducah Communication Security (COMSEC) account in that Section 18.2 of the Security Plan stated that the DOE COMSEC account was closed when, in fact, the account was still active; 3.

On January 19,19'30, USEC failed to provide the NRC with complete and accurate information in that Section 18.4 of the Security Plan did not accurately list Paducah's secure telecommunications equipment holdings; and 4.

On January 19,1990, USEC failed to provide the NRC with complete and accurate information in that Section 18.0 of the Security Plan did L

not provide a complete listing of Paducah's COMSEC equipment and keying material, This information was material to the NRC because the Commission relied on l

It to grant USEC a codificate of compliance.

ll.

Condition 8 of the certificate of compliance for the Paducah Gaseous Diffusion Plant requires, in part, that USEC conduct its operations in accordance with the statements and representations contained in tha certification application dated September 15,1995, and revisions dated January 19,1990, and May 31,1990.

Contrary to the above, as of May 5,1997, numerous aspects of the approved Security Plan for the Protection of Classified Matter were not implemented, as evidenced by the following examples, each of which constitutes an individual violation:

Notice of Violation 3-A.

Violations Associated with Perimeter Securitv:

i 1.

Sactions 1. and 5. of the approved Security Plan submitted by USEC Iriits application dated September 15,1995, contain Figures 1 1 and

51. The figures show the controlled access area (CAA) barrier to be just south of building C 720. However, USEC failed to accurately identify the locatle;i of the CAA barrier of the plant, which was near

- building C 720,. (02013) 2.

Section 1.2.3 of the Security Plan submitted by USEC in the May 31, 1996 revision of USEC's applicailon, requires, in part, that liaison be maintained between the Paducen Site and Facilities Support staff and i

the safeguards and security representative for the Regulatory Oversight Agreement (ROA), ensuring that the appropriate ievel of safeguards and security, as well as regulatory compliance, is maintained for all site interests. However, USEC failed to implement Section 1.2.3 of the Security Plan after the ROA expired on March 3, 1997. (02023) 3.

Section 6.2.3 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application, requires, in part, that Police Operations personnel receive a total of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> of annual tre aing in nine subject areas listed therein. However, USEC failed to provide the required number of hours of training for each Police Operations member. (02033) 4.

- Section 6.2.3 of the Security Plan submitted by USEC in the May 31,_

1996 revision of its application requires, in part, that security response exercises be conducted periodically. However, USEC informed NRC that the periodic security response exercises, which were conducted monthly until March 1996, were stopped because of resource constraints. (02043) 5.-

Section 6.2.4 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in part, that newly hired Police Operations personnel successfully qualify via knowledge, testing, and performance in all aspects identified by the job tcsk analysis listed in Section 6.2.3. Section 6.2.3 requires, in part, that Police Operations personnel receive training in nine subject areas listed therein. However, USEC failed to provide the initial job qualification training in the nine subject areas for all Police Operations personnel, (02053)

3 Notice of Violation 4-6.

Section 0.2.6 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in part, that Police Operations personnel conduct random patrols not to exceed two hours (frequency, not duration of performance) of the CAA and those areas in which special nuclear material of low strategic significance is stored. However, USEC failed (1) to conduct the required number of random patrols in that only three of the required six patrols of the CAA during the 12-hour day shift were conducted and (2) to conduct patrols of the CAA in a random manner in that the 12-hour night shift patrols were being conducted on an hourly basis. (02003) 7.

Section 6.2.7 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in part, that each on-duty Police Operations member be trained and issued a protective gas mask.

However, USEC failed to provide the required gas masks to all members of the Police Operations force. (02073) 8.

Section 6.8 of the Socurity Plan submitted by USEC in the May 31,1996 revision of its applicatbn, requires, in part, that the management ohhe key and lock program t e identified in the Paducah SPP P-GP-61, ' Master Key System." However, USEC failed to identify in the Paducah SPP P-GP-61,

• Master Key System," the management of the key and lock program. (02083) 9.

Section 8.2.2 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application, requires, in part, that the Police Operations shift commander arrange for the railroad gates in the CAA fence line to be opened. However, USEC failed to ensure that the Police Operations shift commander arrange for the railroad gates in the CAA fence line to be opened, in that the coordination was conducted by the Police Operations shift lieutenant. (02093) 10.

Section 8.2.3 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in part, that upon being alerted by the plant shift superintendent that the request for mutual aid has been made and the responding omergency forces will require access to the CAA, the Police Operations shift commander will provide assistance and escorts for the responders. Powever, USEC failed to ensure that plant procedures concerning the escort of mutual aid responders were consistent with the approved Security Plan in that the implementing procedure, ' Access Control," identified no instruction on providing escorts. (02103)

Notice of Violation 5-l 11.

Section 8.3 of the Security Plan submitted by USEC in the May 31,1996 revision of its application requires, in part, that Visitor Control be responsible for coordinating visits to other Department of Energy and NRC facilities containing classified information. However, USEC failed to identify the correct organization for coordinating classified visits in that Visitor Control did not coordinate such visits. (02113) 12.

Section 8.6 of the Security Plan submitted by USEC in the May 31,1996 revision of its application requires, in part, that unissued badge stock and badges awaiting destruction be kept in a locked repository (four drawer safe) in Security (traller C 102-T-02) when unattended. However, USEC failed to properly store badge stock in that badge materials were stored in l

a room that was locked by a Unican 1000 push button door lock. (02123)

B.

Violations Associated with Storage and Control of Classified Matter:

13.

Section 1.3 of the Security Plan submitted by USEC in the January 19, 1996 revision of its application, requires, in part, that the Paducah classified malling address include reference to United States Enrichment Corporation. However, USEC failed to use the approvod classified malling/ shipping address, in that Lockhe.ed Martin Utility Services was referenced in the classified malling/ shipping address, not the United States Enrichment Corporation. (02133) 14.

Section 2. of the approved Security Plan submitted by USEC in its revisions dated January 19 and May 31,1996, contains Figures 2 2 and 2 3 that describe the Paducah Police Operations and the Security Organization. However, USEC failed to conduct operations in accordance with the Paducah Police Operations and Security Organization charts in that Figures 2 2 and 2 3 of the approved plan were no longer applicable because the Paducah Police operations and the security organization had been reorganized. (02143) 15.

Section 6.4 of the Security Plan submitted by USEC in the May 31,1996 revision of its application requires, in part, that upon completing checks of the repositories, Police Operations personnel place their initials in the

" guard check" section of SF-702 [" Security Container Check Sheet *].

However, USEC failed to document the performance of physical checks in accordance with the approved Security Plan in that Police Operations personnel swiped a *bar code' that was affixed to the containers / vaults / cages rather than initiating on the SF 702 forms.

(02153)

Notice of Violation 6-16.

Section 6.6.3 of the Security Plan submitted by USEC in the May 31, 1996 revision of its application requires, in pert, that custodians of security containers maintain a Form-702 and that records of security container and security area (i e., seal cages) checks be maintained for a period of 90 days. However, USEC failed to maintain SF 702 forms for the seal cages in the C 333 and C 720 buildings and the receiving booth l

In the C-400 building. (02163) l l

l 17.

Section 17. of the Security Plan submitted by USEC in the January 19, 1996 revision of its application requires, in part, that infractions of regulations, losses, compromises, or possible compromises of classified matter be reported to the NRC's Division of Security [now the Division of Facilities and Security). However, USEC failed to ensure that plant l

procedures conceming notifications were consistent with the Security l

Plan and, when required, failed to provide notifications to the NRC's Division of Security [now the Division of Facilities and Security). (02173) l l

C.

Violations Associated with Protection of Classified Matter-18.

Section 19. of the Security Plan submitted by USEC in the January 19, 1996 revision of its application, requires, in part, that ADP security plans be developed in accordance with the Master ADP Security Plan for Microcomputer Resources Processing Classified Information, dated November 2,1993. Section 11.B.5 of the Master ADP Security Plan for Microcomputer Resources Processing Classified Information, dated November 2,1993, requires, in part, that unclassified data communication lines are not placed within 1 foot of a microcomputer resource processing classified information. However, USEC failed to maintrin required separation between an unclassified data communication line and a microcomputer resource processing classified information, in that a classified microcomputer located in building C 302 was located within 1 foot of a jack for an unclassified data communication line. (02183) 19.

Section I.A of the Master ADP Security Plan for Microcomputer Resources Processing Classified information, requires, in part, that the location and basic information for each classified microcomputer resource be found in the individual Security Plan titled, "ADP Security Plan for Microcomputer Resources Processing Classified information." The individual microcomputer Security Plan identifies specific information relating to the Computer System Security Officer (CSSO). Section 12.,

"CSSO and Alternate CSSO Acknowledgment of Training and ADP Security Responsibilities," of the "ADP Security Plan for Microcomputer Resources Processing Classified Information" requires, in part, that the CSSO receive training courses. However, USEC fail 3d to provide

m l

Notice of Violation 7-adequate training to a CSSO of a classified computer, in that the CSSO did not know how to properly dispose of a Bernoulli disk (i.e., removable magnetic data storage) containing classified information. (02193) 1 20.

Section 11.B.5," Separation Protection Controls," of the Master ADP l

Security Plan requires, in part, that microcomputer resources used to l

process classified Information are separated 3 feet from ADP equipment used to process unclassified information. However, USEC failed to maintain the required separation of classified and unclassified computer hardware for the classified PC located in the C 102 T-02 trailer, in that an l

unclassified PC was located within 3 feet of the trailer's classified PC.

(02203)

These violations represent a Severity Level lli problem (Supplement Ill).

Pursuant to the provisions of 10 CFR 767 the United States Enrichment Corporation (USEC) is hereby required to submit a written statement or explanation to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, D.C. 20555, with a copy to the Regional Adtninistrator, Region ll1 and the Paducah Resident Office, within 30 days of the date l

of the letter transmitting this Notice of Violation (Notice). This reply should be clearly marked as l

a " Reply to a Notice of Violation" and should include for each violation: (1) the reason for the l

violation, or, if contested, the basis for disputing the violation, (2) the corrective steps that have been taken and the results achieved, (3) the corrective steps that will be taken to avoid further violations, and (4) the date when full compliance will be achieved. Your response may reference or include previous docketed correspondence, if the correspondence adequately addresses the required response. If an adequate reply is not received within the time specified in this Notice, an order or a Demand for Information may be issued as to why the certificate should not be modified, suspended, or revoked, or why such other action as may be proper should not be taken. Where good cause is shown, consideration will be given to extending the response time.

Under the authority of Section 182 of the Act,42 U.S.C. 2232, this response shall be submitted under oath or affirmation.

Because your response will be placed in the NRC Public Document Room (PDR), to the extent possible, it should not include any personal privacy, proprietary, c, safeguards information so that it can be placed in the PDR without redaction. If personal privacy or proprietary information is necessary to provide an acceptable response, then please provide a bracketed copy of your response that identifies the information that should be protected and a redacted copy of your response that deletes such information. If you request withholding of such material, you must specifically identify the portions of your response that you seek to have withheld and provide in detail the bases for your claim of withholding (e.g., explain why the disclosure of information will create an unwarranted invasion of personal privacy or provide the information required by 10

0 Notice of Violation

.s.

CFR 2.790(b) to support a request for withholding confidential commercial or financial information). If safeguards information is necessary to provide an acceptable response, please provide the level of protection described in 10 CFR 73.21, i

i Dated at Lisle, Illinois this 22nd day of September 1997 i

i l

a 4

I f

r 4

I e

i k

i

+,..w-,

rre,,r--,+nn

-.+-, -, -. -,--w

,v.

,a...,,

.wm,

v

.---rer.,---c--,.

,, ~,

-r-

-r,,,,

w,.--e-c

,,.. -