ML20217N343

From kanterella
Jump to navigation Jump to search
Notice of Pending Action to Submit Info Collection Request to OMB & Solicitation of Public Commment Re 10CFR95, Security Facility Approval & Safeguarding of Natl Security Info & Restricted Data
ML20217N343
Person / Time
Issue date: 08/21/1997
From: Levin A
NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM)
To:
References
NUDOCS 9708260119
Download: ML20217N343 (18)
v  d  e


Text

l g.

[7590-01-P]

NUCLEAR REGULATORY COMMISSION Agency Information Collection Activities: Proposed Collection; Comment Request AGENCY: U.S. Nuclear Regulatory Commission (NRC)

ACTION: Notice of pending NRC action to submit an information collection request to OMB and solicitation of public comment.

SUMMARY

NRC is preparing a submittal to OMB for review of continued approval of information collections under the provisions of the Paperwork Reduction Act of 1995 (44 U.S.C. Chapter 35).

Information pertaining to the requirement to be submitted:.

1. Title of the information collection: 10 CFR Part 95, Security Facility Approval and Safeguard!ng of National Security Information and Restricted Data.
2. Current OMB approval number: 3150-0047 L,'p
3. How often the collection is required: On occasion K fr' u4 I
4. Who is required or asked to report: NRC regulated facilities
gc003 and other organizations requiring access to NRC classified d\

information.

9700260119 970821 n. u. l.t.is.qqm. -

PDR ORQ EUSOMB PDR

2  ;

5. The estimated number of annual respondents: 33
6. The number of hours needed annually to complete the requirement or request: 550.5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br /> (374.8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> reporting and 175.7 hours8.101852e-5 days <br />0.00194 hours <br />1.157407e-5 weeks <br />2.6635e-6 months <br /> recordkeeping, or an average of 2.7 hours8.101852e-5 days <br />0.00194 hours <br />1.157407e-5 weeks <br />2.6635e-6 months <br /> per response.)
7. Abstract: NRC regulated facilities and other organizations are required to provide information and maintain records to ensure that an adequate level of protection is provided to NRC classified information and material.

{ Submit, by (insert date 60 days after publication in the Federal Register), comments that address the following questions:

1. Is the proposed collection of information necessary for the NRC to properly perform its functions? Does the information have practical

- utility?

2. Is the burden estimate accurate?
3. Is there a way to enhance the quality, utility, and clarity of the information to be collected?

i

4. How can the burden of the information collection be minimized, including the use of automated collection techniques or other forms of information technology?

A copy of the submittal may be viewed free of charge at the NRC Public Document 1 Room,2120 L Street NW, (lower level), Washington, DC. Members of the public who are in the Washington, DC, area can access this document via modem on the Public Document Room Bulletin Board (NRC's Advanced Copy Document Library), NRC subsystem at FedWorld,703-321-3339. Members of the public who are located outside of the Wash!ngton, DC, area can dial FedWorld, 1-800-303-9672, or use the FedWorld Internet address: fedworld. gov (Telnet). The document will be available on the bulletin board for 30 days after the signature date this notice. If assistance is needed in accessing the document, please contact the FedWorld help desk at 703-487 4608.

Additional assistance in locating the document is available from the NRC Public Document Room, nationally at 1-800-397-4209, or within the Washington, DC, area at 202-634 3273.

e Comments and questions about the information collection requirements may be directed to the NRC Clearance Officer, Brenda Jo Shelton, U.S. Nuclear Regulatory  ;

Commission. T-6 F33, Washington, DC 20555-0001, by telephone at 301-415-7233 or by Internet electronic mail at BJS1@ NRC. GOV.

Dated at Rockville, Maryland, this p/ # ayd of 4 6,y g, f- 1997. -

For the Nuclear Regulatory Commission b/bA b ~

, r Arnold E. Levin, Actirig Designated Senior Official for Information Resources Management

l OMB SUPPORTING STATEMENT FOR 10 CFR 95 1

Security Facility Approval and Safeguarding of National Security Information and Restricted Data l 3150-0047  ;

Revision to Extension Request l l

QPJiCdDiion of InformaQQn Collection The reporting requirements of 10 CFR Part 95 affect approximately 10 licensees, certificate holders and other organizations. The licensees, certificate holders, or other organizations make reportable information available at their place of business or send the reports to NRC at its Headquarters or Regional Offices. Reports or applications are only required as occasioned by the occurrence of specific events such as the request for a security facility approval, a modification to an existing security plan, an exemption request, a cancellation or termination of security facility approval, or a report of possible loss or compromise of classified information. Other requirements for recordkeeping are necessary for checking the licensees' and other organizations' procedures for maintaining acceptable security education, facility and classification / declassification programs. The limited amount of personalinformation submitted in connection with l security facility approval requests, classification / declassification actions and other areas

! within these requirements is handled and protected in accordance with NRC directives I and the provisions of the Privacy Act of 1974. Other information submitted to NRC in response to the application, recordkeeping and reporting requirements is available for public inspection in accordance with 10 CFR Part 9.

A. JUSTIFICATION j

1. Need for and Practical Utility of the Collection of Information.

l 10 CFR Part 95 contains numerous reporting, recordkeeping and application requirements, including requiremer,ts for submittal of information, plans and procedures for the protection of classified information, ADP and telecommunications security plans, security recordkeeping requirements for compliance purposes and security reporting and notification procedures for compliance and response '

purposes. In all cases, the requirements are necessary to help ensure that an adequate level of protection is provided for information determined to be classified. Essentially, all of the reporting, recordkeeping and application requirements are necessary for one of the reasons listed below:

1 l

\

_A

.. =_ .

a. To obtain essential descriptive data concerning the content and planned operation of the licensee's, certificate holder's, or other organization's information security program which is necessary for NRC to determine the adequacy of planned methods and procedures for safeguarding classified information and material that is used, stored, transmitted, reproduced, or destroyed.
b. To obtain essential data describing the licensee's, certificate holder's, or other organization's planned program for ensuring employee indoctrination and coritinued awareness of their security responsibilities so as to preclude unauthorized disclosure of classified information or material and to ensure compliance with E.0.12958,
c. To obtain essential data to permit NRC review and inspection of the licensee's, certificate holder's, or other organization's ,

classification procedures and compliance with regulatory requirements for classification and procedures concerning release of classified information to International Atomic Energy Agency (IAEA) representatives.

d. To obtain essential data to permit NRC review and appraisal of the licensee's, certificate holder's or other organization's degree of foreign ownership, control or influence to prevent unauthorized international transfer of classified information or material.

The currently effective information collection requirements of 10 CFR Part 95 are identified and explained below:

95.11 Specific Exemotions. A licensee may request an exemption from the requirements of Part 95 and shall keep the documentation related to this request for three years beyond the period covered by the exemption.

The information and justification required by this section are used to determine whether an exemption can be granted. The submittal is necessary from any licensee, certificate holder, or other organization that possesses classified information in connection with NRC regulated activities, but which believes it ought to be exempted from the requirements of Part 95. The reporting and recordkeeping requirement permits necessary review of exemption material and approval documentation during annual NRC surveys.

95.15(a)&(b) and 95.49 Security Facility Acoroval Re.99nt. A licensee shall request NRC facility approval to store or handle classified information in connection with NRC related activities.

2

4 -

If there is no existing facility clearance, the request must include a security Standard Practice Procedures Plan containing an ADP security proposal that outlines the facility's proposed security procedures and controls for the protection of classified information, a floor plan of the area in which the matter is to be used, processed, stored, reproduced, transmitted, transported or handled, and Foreign Ownership, Control or influence information.

The request for approval and accompanying security plan provide pertinent data including informntion concerning foreign ownership, control or in. fluence tuhich enables the NGC Division of cacilities and Security to assess the licensee's, certificate holder's, or other organization's eligibility for such approval. Facilities are inspected to ensure their compliance with the procedures outlined in this security plan and the requirements contained within the Part.

95.18(a)&(b) Key Personnel. This section requires the submission of personnel security forms for key management personnel of the facility, whether or not they will have routine access to classified information. Personnel security forms are necessary due to the influence management would have over those employees who do have such access. Further, key personnel are required to submit forms because the board of directors could formally exclude them from access to classified, and that the exclusion be made a matter of record and reported to the l CSA. These requirements assure that personnel in a position to have substantial l influence over individuals within the facility who have access to classified l information are either cleared or procedurally barred from exerting that influence to the detriment of the national security.

95.19(a) & (b) Changes to Security Practice _s_ and Procedures. -This section requires the reporting of proposed major changes to a security plan to the CSA with copies to NRC and the Regional Administrator, prior to implementation and i requires reporting of minor changes promptly after the changes have been adopted by the licensee, certificate holder, or other organization.

95.21 Cancellation of Facility Acoroval Reauest. When a request for security facility approvalis to be withdrawn or canceled, the NRC Division of Facilities ,

and Security will be notified by the requestor immediately oy telephone so that l processing for this approval may be terminated. The requestor shall confirm the l

telephone notification promptly in writing.

The information requirod by this section is necessary each time a licensee, certificate holder, or other organization wishes to withdraw or cancel a security facility approval request. This information will be used by the NRC Division of Facilities and Security as a basis for discontinuing further processing of the application and, if no access to classified information or material is needed, would indicate that pending personnel security access authorization requests should also be canceled.

3

i 95.25(d) Becords of Combinations. If a record is made of the combination, the record must be marked with the highest classification of material authorized for j storage in the containur. Superseded combinations must be destroyed.

-This information and recordkeeping requirement helps ensure that written lock

- combinations are properly classified and safeguarded in accordance with provisions of E.0.12958 and its implementing Directives.

95.25(g) Posted Information. A record of names of persons having knowledge of the combination must be posted inside the container to ensure that responsible personnel may be contacted in the case of an emergency.

95.25(i) Unattended Security Container Found Open. If an unattended security container housing classified matter is found unlocked, the custodian or an alternate must be notified immediately, and a report filed witn the responsible Regional Office and the NRC Division of Facilities and Security. The licensee shall retain records pertaining to these matters for three years after completion of final corrective action.

This information collection and reco7dkeeping requirement assures (1) that the licensee, certificate holder, or other organization contplies with the Information Security Oversight Office (1800) directive to report the loss or possible compromise of classified information, and (2) that the NRC may evaluate such

< occurrences and corrective actions which have been taken. The recordkeeping requirement permits inspection by NRC of records relating to these occurrences.

95.25(j) Suoervision of Keys and Padlocks. This section requires that a key and lock register be maintained, and that a monthly audit of keys and locks and a key inventory be performed with each change of custody. This recordkeeping requirement permits the NRC inspection and review of lock and key accountability records to determine that proper individuals with appropriate level of access authorization are issued keys and locks.

95.33 (a), (b),&(c) Security Education. All cleared employees must be provided with security training and briefings commensurate with their involvement with class;fied information. The facility may obtain defensive security,~ threat awareness, and other education and training information and material from their CSA or other sources.

This recordkeeping requirement permits verification through NRC inspection that individuals granted access authorizations are appropriately indoctrinated as to their individual security responsibilities and duties relative to the protection of classified information.

4

95.33(d) Security Education. Facility Security Officers must submit SF-312

" Classified information nondisclosure Agmement to the CSA for retention.

Facility Security _ Officers misst also submit a report to ths CSA in the event that an employee refuses to sign SF.312, ' Classified Information Nondisclosure Agreement."

The SF-312 is a required agreement with the United States not to disclose classified information. Submission of forms to the CSA and reports to the CSA in the event that an employee refuses to sign the SF-312, will allow verification through inspection that requirements are being met so that access to clase!fied information can actually be granted.

95.33(h) Security Education Training Records. A licensee must maintain records of an individual's initial and refresher security briefings for three years after termination of the individual's access authorization.

Since NRC does not conduct inspections annually, this requirement provides reasonable assurance that records are available when NRC conducts an inspection.

95.36(d) lAEA Visit Records. Records of IAEA visitors and records of inspections and disclosure authorizations must be maintained for five years, This recordkeeping requirement and its inspectibility through NRC inspections ensures that licensees, certificate holders, or other organizations maintain the proper procedures and controls over the release of classified information to IAEA representatives in accordance with the disclosure authorization granted by the Division of Facilities and Security.

95.37(a) Classification. A licensee must appropriately mark classified information in accordance with provided guidance.

This section requires licensees, certificate holders, and others who possess classified material which is not conducive to markings (e.g., equipment) to request approval for exemption from marking requirements for such material.

This requirement provides assurance that: (1) only those officials delegated j classification authority are classifying material, (2) material is not downgraded or declassified without proper authority, and (3) there is accountability for future classification, downgrading and declassification actions.

)

95.37(c),(g),and (j) & 95.45(b) Marking Reouirements. A licensee is responsible 7 for applying classification markings for National Security information and Restricted Data.

These marking and labeling requirerr'ents, which require an authorized classifier to place the appropriate classification markings on the document and sign his/her S

name, will be used whenever an NRC licensee, certificate holder, or contractor authorized classifier originates a classifiad document or the classification of an existing document is to be changed (e.9., declassified or downgraded). These requirements provide assurance that: 1) only those officials delegated classification authority are classifying documents,2) documents are not downgraded or declassified without proper authority, and 3) there is accountability for future classification, downgrading and declassification actions.

95.37(h) Classihalion Challenges. Persons who wish to challenge a classification status shall refer the document to the originator or authorized classifier. The classifier shall review the document and render a written classification decision to the holders of the information.

This is a req::. ired procedure for document custodians to assure that any questic'ns regarding proper classification are referred to the originator and that appropriate steps to safeguard the document are taken. The recordkeeping requirement permits verification through NRC surveys of actions taken when unauthorized disclosures may have occurred.

{

95.39(b)(4) Eglernal Transmission. This is a requirement when preparing Secret documents for external transmission it requires that document receipts signed by the recipient be included with the document as a way to officially transfer a Secret document to another person.

This requirement permits verification through inspection that Secret documents that have been transferred to another person are properly accounted for.

95.39(e) Clnsified Information in Transit, Licensees that have classified matter that, because of the nature of the material, cannot transmit the classified material via conventional means, must submit a classified matter transportation security plan to the CSA for approval.

The requirement to submit the classified transportation security plan for review ensures that licensee's procedures meet minimum security requirements in this Part.

95.41 External Receiot and Discatch of Records. Each licensee, certificate holder or other person possessing classified information shall maintain records of the date of the material, receipts or dispatch, classification, an unclassified description of the material, and the identity of the sender for two years after ceceipt or dispatch.

Since NRC does not conduct annual inspections, this procedure and two year recordkeeping requirement provides assurance that records are available when NRC conducts an inspection.

6 LL

1 95.43(a) Regoduction of Classified Information. This section requires that each licensee, certificate holder or other person possessing classified information establish a reproduction control system to ensure that reproduction of classified material is held to a minimum consistent with operational requirements.

95.43(c) Marking Classified ReprRductions. The licensee is required to mark classified reproductions with the same classification markings as the original classified document.

This requirement assures that classified reproductions receive the same protection as other hard-copy classified documents.

95.45(a) & (d) Changes in Classification. Requests for downgrading should be forwarded to the NRC Division of Facilities and Security for coordination with the Department of Energy. Any person making a classification change shall forward notice of classification change to all known holders of the document.

These procedures ensure that documents which may warrant downgrading or declassification are reviewed by the NRC Division of Facilities and Security or are referred to the Department of Energy, as may be appropriate, and that all known holders are notified of the action.

95.47 Destructisn of Classified Matter. Documents containing classified information may be destroyed, if the document contains Secret information, a record of the subject or the title, document number, if any, originator, its date of origination and the date of destruction must be signed by the person destroying the document and must be maintained in the office of the custodian at the time of destruction. Destruction records must be maintained for two years after destruction.

The record retention requirement prescribed by this section permits inspection by NRC of destruction and disposition records and helps to ensure the proper safeguarding of classified information and material.

95.53(a)&(b) Security Facility Acoroval Terminated. If a facility clearance is terminated, the facility shall submit a certification of nonpossession of classified information to the NRC Division of Facilities and Security.

These procedures and notifications ensure that security facility approval is terminated, suspended or revoked when no longer needed or when continuation would endanger the common defense and security. The certificate of nonpossession provides assurance that all classified information and material has been returned to NRC or destroyed in accordance with NRC security requirements.

7

l~

l 95.57(a)&(b) Security /GaniDeation Reports. Each licensee or other person having a facihty clearance shall immediately report to the CSA and the l appropriate Regional Administrator alleged or suspected violation of federal Acts or statutes, and any infractions, losses, or compromises of classified information.

The procedures in (a) and (b) are necessary to ensure that possible losses, compromises, violations of law and disclosures of classified information are investigated and assessed promptly.

95.57(c) Gassification R6 xds. An authorized classifier of a licensee, certificate holder or other organization subject to this Part shall complete and submit to NRC on a monthly basis, an NRC Form 790," Classification Record,"

whenever matter containing classified information is generated, its classification changed or it is declassified. This requirement is cleared under OMB approval number 3150-0052.

2. Agency Use of Informati0D. The reports, security plans and other security information are submitted to the Division of Facilities and Security. The information is used to help determine whether a licensee, certificate holder, or other organization is eligible to use, process, store, transmit or handle NRC classified information. The information is also used for periodic reviews and inspections to ensure appropriate regulations are, continuously followed. If the information collection was not conducted, these determinations could not be made and the licensees, certificate holders, or other organizations would not be permitted to maintain this classified information which is pertinent to their activities.
3. Reduction of Burden Through Information Technology. There are no information technology applications which would impact (e.g., reduce) the burden of these information collectio1 requirements. No responses are submitted electronically.
4. Effort to identifv Duolication and to Use Similar Information. Except as i noted in 95.57 (CSA could be another federal agency), there is no duplication with any other Federal agency reporting requirements since the nature of the information being requested is unique to NRC's activity at the facility. For the few cases where another agency, normally the Department of Energy, also has an interest at the facility, this regulation specifically reduces or eliminates duplication through acceptance of the other agency's security program to protect the NRC classified infoimation and material.
5. Effort to Reduce Small Business Burden. None of the licensees, certificate holders, or other organizations affected qualify as small business enterprises or entities, e l l
6. _ Consecuences to Federal Program or Policy Activities if the Collection is  !

not Conducted or Conducted Less Freauently. Required reports and infor-mation are collected and evaluated on a continuing basis as events occur.

Applications for new security facility approvals may be submitted at any time. If not submitted, approval to store NRC classified information will not be processed. Other information collection requirements ensure that once placed at the facility, that information continues to receive the required l- protection. Less frequent collection of this information may impact

! negatively on NRC's responsibility to ensure proper protection and may endanger the U. S. common defense and national security.

7. Circumstances Which Justifv Variation from OMB Guidelines. There is no variation from OMB Guidelines in this collection of information.
8. .C90gitation Outside the NRC. The regulation wau revised in conformance with the National Industrial Security Pel.cy and Executive Order 12958. NRC's requirements and procedures are similar to those of other government agencies involved with programs requiring the protection of National Security information. Opportunity to comment on the proposed rule was published in the Federal Register in July 1996.

Opportunity to comment on this collection has been published in the Federal Reaister.

9. Confidentiality of loformation. The information collected is used for (1) granting licensees, certificate holders, and others security facility approval; and (2) ensuring the proper protection, classification, and accountability of NRC classified information. The limited amount of personalinformation is protected from public disclosure under the Privacy Act of 1974 and is handled in accordance with routine uses specified in -

the Privacy Act Statement on each form.

~ 10. Justification for Sensitive Questions. No sensitive information is requested

. under these regulations.

11. Estimated Annual Cost to the Federal Government. The estimated annual cost _to the Federal Government in administering the program and procedures contained in these requirements is:

- Annual cost - professional effort (1,542 hrs. X $128/hr.) = $197,504 Annual cost - clerical effort (269 hrs. X $45/hr.) = $12,105 e

4 Annual cost - recordholding requirement for ongoing program

=

(3/4 cubic ft. X $209/ cubic ft.) $157 Total annual cost =- $209,766 These costs are fully recovered through fee assessments to NRC licensees and certificate holders pursuant to 10 CFR 170 and/or 171.

12. Estimate of Burden. The annual cost to the respondents is reflected on Attachment A. The cost of $128.00/hr. was used.
13. Enasons for Chanoes in Burden. The burden estimates for Part 95 have increased due to reporting requirement increases under 95.57(a) and (b) because the number of respondents has increased, and 95.18 because of the new requirement to submit key personnel for security clearance, in addition, there are new requirements under 95.33(h),95,39(e),95.37(h),

95.39(e), and 95.43(a) and (c).

14. Publication for StatisticaLute. There is no application of statistics in the information collected. There is no publication of this information.

l B. l COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS '

Not applicable.

10

f I 1

. ATTACHMENT A 10 CFR PART 95 BURDEN ESTIMATE Section . Requirernent : No. of Annual Total Hours per Total Cost to -

Rspndnts Rsponses Rsponses Response Burden Rspdnt Hours -- .128/hr Reoorting 95.11 Exemption Request 1 1 1 1.8 1.8 -- 230

. 95.15(a) & Security Facility Approval Requests 1 1 1 60 60 7,680 (b)/95.49 95.18 (a) & (b) - Key Personnel 1 10 10 15 150 19.200

95.19- Changes in Security Practices and 2 1 2 4 8 1024 Procedures 95.21 . Cancellation of Facility Approval 1 1 1 1 1 128 Requests 95.25(i) Unattended Security Container Left Open 2 1 2 10 20 2560 11

- = . - - -

95.33(d) Security Education 10 15 150 .1 15 1920 95.37(a) Classification .1 1 1 5 5 640 95.45(a)&(d) Changes in Classincation 3 1 3 2 6 768 95.53(a)&(b) Security Facility Approval Terminated 1 1 1 3 3 384 Security Records 10 3 30 3.5 105 13,440 95.57(a)&(b) 95.57(c) Completion of NRC Form 790. (Form cleared under OMB control number 3150-0052)

Totals 53 202 374.8 47,974 12

ATTACHMENT A '

10 CFR PART 95 BURDEN ESTIMATE Section Requirement / Record Retention No. of Annual Total Cost to Rcrdkprs Hours per Rcrdkpng Respondnt Rcrdkpr Hours Recordkeeoing 95.11 Exemption Request Records (3 yrs.) 1 .2 .2 26 Records of Combinations 10 1 10 1280 95.25(d) 95.25(g) Posted Information 10 .4 4 512 Unattended Security Container Found Open (3 yrs) 5 .2 1 128 95.25(i) 95.25(j) Key and Lock Accountability Records (3 yrs) 5 4 20 2560 Security Education (3 yrs) 10 5 50 6400 95.33(a)(b)(c)

Security Education Training Records 10 1 10 1280 95.33(h) lAEA Visit Records (5 yrs) 1 5 5 640 95.36(d) 95.37(c)-(g),(j) Marking Requirements 10 .25 2.5 320

/95.45(b) 13

95.37(h) Classification Challenges 2 1 2 256 95.39(b)(4) Extemal Transmission 5 1 5 640 95.39(e) Classified information in Transit 5 1 5 640 95.41 Extemal Receipt and Dispatch of Records (2 years) 4 .25 1 128 Reproduction 10 1 10 1280 95.43(a)

Marking Classified Reproductions 10 1 10 1280 95.43(c) 95.47 Destruction of Classified Matter (2 yrs) 10 4 AQ E120 Totals 175.7 22,490 14

_ _ _ _ _ _ - _ _ _ _ _ _ - ._

Retrieved from "https://kanterella.com/w/index.php?title=ML20217N343&oldid=3197105"