ML20220A302

From kanterella
Jump to navigation Jump to search
IMC 1245 App C 11 Security Risk Analyst Technical Proficiency Training and Qualification Journal
ML20220A302
Person / Time
Issue date: 11/05/2020
From: Stacy Prasad
NRC/NSIR/DSO/SOSB
To:
Prasad, Stacy
Shared Package
ML20220A296, ML20309A859 List:
References
CN 20-059
Download: ML20220A302 (33)
v  d  e


Text

NRC INSPECTION MANUAL NSIR/DSO INSPECTION MANUAL CHAPTER 1245 APPENDIX C-11 SECURITY RISK ANALYST TECHNICAL PROFICIENCY TRAINING AND QUALIFICATION JOURNAL Effective Date: 11/05/2020

Table of Contents Page Introduction ................................................................................................................................ 1 Required Reactor SRA Training Courses ....................................................................... 1 Security Risk Analyst Individual Study Activities......................................................................... 3 (ISA-SRA-1) Title 10 of the Code of Federal Regulations (10 CFR) ............................... 3 (ISA-SRA-2) Target Set Regulatory Guidance and Framework ..................................... 6 (ISA-SRA-3) Technical Specifications, Operability, and Updated Final Safety Analysis Report ................................................................................................................. 9 (ISA-SRA-4) Target Set Flowchart and Baseline Security Significance Determination Process..............................................................................................................12 (ISA-SRA-5) Licensee Force-on-Force Exercises ........................................................14 Security Risk Analyst On-the-Job Activities ...............................................................................17 (OJT-SRA-1) Target Set Review ..................................................................................18 (OJT-SRA-2) Site System Reviews and Walk Downs ...................................................20 (OJT-SRA-3) Safety and Security Interface ..................................................................22 Regional Security Risk Analyst Technical Proficiency Level Signature Card and Certification...24 Headquarters Security Risk Analyst Technical Proficiency Level Signature Card and Certification ...................................................................................................................25 Regional Security Risk Analyst Technical Proficiency Level Equivalency or Waiver Justification

......................................................................................................................................27 Headquarters Security Risk Analyst Technical Proficiency Level Equivalency or Waiver Justification ...................................................................................................................29 - Revision History for IMC 1245 Appendix C-11 ............................................ Att1-1 Issue Date: 11/05/20 i 1245 App C-11

Introduction Complete Inspection Manual Chapter (IMC) 1245, Appendix A, Basic Inspector Certification Journal before completing any activities or courses in this journal. You may complete the General Proficiency requirements contained in Appendix B together with the Technical Proficiency requirements outlined in this journal.

This journal includes the certification requirements for security risk analysts (SRA)s that conduct target set inspection and provide target set support on Force-on-Force (FOF) inspections. To be qualified under this qualification journal (i.e., Appendix C-11), a qualification board is required, unless the individual has already completed a qualification board under IMC 1245.

Note: To be a fully qualified Regional SRA, an individual must complete one entire reactor series (i.e., the Boiling Water Reactor or Pressurized Water Reactor course series). However, the individual should only conduct target set inspections for the reactor type they are qualified.

To be a fully qualified Headquarters SRA, an individual must complete the Boiling Water Reactor course series, Pressurized Water Reactor course series, and applicable cross training courses. However, an individual qualifying as a Headquarters SRA can hold an interim SRA qualification, if they have completed one entire reactor series (i.e., PWR or BWR). Individuals that hold an interim qualification can only conduct inspections at the type of reactor they have been qualified until they complete their full SRA qualification.

Required Reactor SRA Training Courses for both headquarters and regional Inspectors:

  • Power Plant Engineering (self-study)
  • BWR Technology Series (R-304B, R-504B, and R-624B) or equivalent
  • PWR Technology Series (R-304P, R-504P, and R-624P) or equivalent
  • AP1000 Introduction to Differences Course (R-107P)
  • Perspectives on Reactor Safety (R-800)
  • Introduction to Physical Security Systems Self-Study (S-118S)
  • Security Fundamentals Course (S-301)
  • Explosives, Blast Effects, and Breaching Field Course (S-502)

Issue Date: 11/05/20 1 1245 App C-11

Security Risk Analyst Technical Proficiency Individual Study Activities Issue Date: 11/05/20 2 1245 App C-11

Security Risk Analyst Individual Study Activity TOPIC: (ISA - Security Risk Analyst - 1) Title 10 of the Code of Federal Regulations (10 CFR)

PURPOSE: The Nuclear Regulatory Commission (NRC) requires power reactor licensees comply the physical protection requirements in 10 CFR 73. It provides the content and scope with which various licensees must comply or receive NRC approval to deviate from the requirements. For this reason, it is important that all Security Risk Analysts (SRA)s gain a general and comprehensive knowledge of applicable security requirements in the 10 CFR 73. This activity will provide the SRA with detailed knowledge of the requirements and how to apply specific security regulation requirements to target sets.

COMPETENCY AREA: REGULATORY FRAMEWORK LEVEL OF EFFORT: 40 hours4.62963e-4 days <br />0.0111 hours <br />6.613757e-5 weeks <br />1.522e-5 months <br />

REFERENCES:

10 CFR 73.1, Purpose and Scope 10 CFR 73.2, Definitions 10 CFR 73.21, Protection of Safeguards Information: Performance Requirements 10 CFR 73.22, Protection of Safeguards Information: Specific Requirements 10 CFR 73.54, Protection of Digital Computer and Communication Systems and Networks 10 CFR 73.55, Physical Protection Requirements for Nuclear Power Reactors:

10 CFR 73.55(b)(4) 10 CFR 73.55(b)(10) 10 CFR 73.55(f), Target Sets 10 CFR 73.55(m), Security Program Reviews 10 CFR 73.58, Safety/Security Interface Requirements for Nuclear Power Reactors Issue Date: 11/05/20 3 1245 App C-11

Statement of Considerations for the Power Reactor Security Requirements; Final Rule, dated March 27, 2009, pages 13940, 13960, 13974, and 13987 10 CFR 73.71, Reporting of Safeguards Events Appendix B, General Criteria for Security Personnel, to Part 73 Appendix C, License Safeguards Contingency Plans, to Part 73 Appendix G, Reportable Safeguards Events, to Part 73 Energy Reorganization Act of 1974 MD 12.7, NRC Safeguards Information Security Program Safeguards Information and Designator Course (Web-based) in TMS EVALUATION CRITERIA: At the completion of this activity, and as determined by the supervisor, the inspector should be able to:

1. Identify, recognize, and locate specific security-related topics presented in 10 CFR 73 and appendices referenced above.
2. Describe the general objective of a licensees security program with a focus on design basis threat (DBT).
3. Discuss and interpret the definitions of terms and security processes identified in 10 CFR 73 and appendices referenced above.
4. Discuss activities regarding the proper control of safeguards information and other sensitive information both for NRC licensees and NRC employees.
5. Discuss and describe the applicable regulations related to target sets and when they apply.
6. Discuss the insights to target sets that the 10 CFR Part 73 final rules statement of considerations provide (i.e., six criteria for operator actions and definition of target sets).

TASKS: 1. Locate, review, and identify the security regulations described in the 10 CFR 73.

2. Review the definition of safeguards information and other sensitive information and determine the appropriate control measures for the information.

Issue Date: 11/05/20 4 1245 App C-11

3. Review all the security regulations and appendices described in the reference section and be able to describe, at a high level, security requirements for power reactor licensees described in 10 CFR 73.55(b).
4. Review the information in the 10 CFR related to target sets, safety/security interface, and security program reviews.
5. Locate and review the definition of a target set.
6. Locate and review the six criteria that must be achieved to have a credited operator action within a target set.
7. Meet with your supervisor, a regional security branch chief, or a qualified SRA to discuss any questions you may have as a result of this activity.

DOCUMENTATION: Security Risk Analyst Technical Proficiency-Level Qualification Signature ISA - 1 Security Risk Analyst.

Issue Date: 11/05/20 5 1245 App C-11

Security Risk Analyst Individual Study Activity TOPIC: (ISA - Security Risk Analyst - 2) Target Set Regulatory Guidance and Framework PURPOSE: The NRC requires that licensees establish a documented process to develop and maintain target sets. The NRC develops regulatory guides and other documents to provide guidance to licensees on one acceptable method to meeting regulations. For this reason, it is incumbent on all Security Risk Analysts (SRA)s to understand what regulatory guidance and other information published or issued by the NRC to licensees regarding target sets.

COMPETENCY AREA: INSPECTION REGULATORY FRAMEWORK LEVEL OF EFFORT: 10 Hours

REFERENCES:

Regulatory Guide 5.81, Target Set Identification and Development for Nuclear Power Reactors Regulatory Guide 5.74, Managing the Safety/Security Interface Regulatory Guide 5.76, Physical Protection Systems at Nuclear Reactors (Safeguards Information)

Regulatory Guide 5.69, Guidance for the Application of the Radiological DBT in the Design, Development, and Implementation of a Physical Security Protection Program that Meets 10 CFR 73.55 Requirements (Safeguards Information)

Regulatory Guide 5.71, Cyber Security Programs for Nuclear Facilities (latest revision)

Inspection Procedure 71130.14, Review of Power Reactor Target Sets Inspection Procedure 81000.14, Review of New Reactor Target Sets NEI 13-05, Target Set Template, Revision 0, dated March 2014 RG 5.81, Revision 1, endorses, in part, Nuclear Energy Institute (NEI) 13-05, Target Set Template [Site] Security Target Sets, Revision 0, dated March 27, 2014, which was previously deemed acceptable for use in a memo dated May 6, 2014 (ADAMS Accession No. ML14085A064) (Ref.

8), with the exception noted in Section C, Staff Regulatory Guidance.

Issue Date: 11/05/20 6 1245 App C-11

U.S. Army Corps of Engineers Study, Structural Assessment of Spent Fuel Pools Attacked with Improvised Breaching Charges, EVALUATION CRITERIA: At the completion of this activity, you should be able to:

1. Define target set and the six criteria for operator actions.
2. Describe the process described in RG 5.76 and RG 5.81 on identifying and documenting target sets.
3. Describe if licensees must have documented target sets for mode changes. Also, describe in which situations licensees must change their documented target sets to account for configuration changes.
4. Describe which target sets the U.S. Army Corps study applies to and how it is applied.
5. Describe the applicable regulatory guidance associated with target sets.
6. Understand and describe the elements within the design basis threat (DBT) and associated guidance.
7. Describe the boundaries/constraints of the DBT associated with target sets and adversary capabilities.
8. Describe cyber requirements and guidance in relation to target sets (i.e., RG 5.71, and in RG 5.81).

TASKS: 1. Locate and read all the documents referenced above.

2. Review the description and application of the DBT characteristics.
3. Discuss the six criteria for crediting operator actions; define each and provide examples of what is acceptable and what is not.
4. Discuss and understand if licensees must have documented target sets for mode changes. Also, in which situations must licensees change their documented target sets to account for configuration changes and/or maintenance of the sites target sets.
5. Review the process for identifying and documenting target sets.
6. Meet with your supervisor, a regional security branch chief, or a qualified SRA to discuss any questions you may have as a result of this activity.

Issue Date: 11/05/20 7 1245 App C-11

DOCUMENTATION: Security Risk Analyst Technical Proficiency-Level Qualification Signature Card Item ISA - Security Risk Analyst - 2 Target Set Regulatory Guidance and Framework.

Issue Date: 11/05/20 8 1245 App C-11

Security Risk Analyst Individual Study Activity TOPIC: (ISA - Security Risk Analyst - 3) Technical Specifications, Operability, and Updated Final Safety Analysis Report PURPOSE: The NRC requires that licensees operate their facilities in compliance with the NRC-approved technical specifications (TS). The TS provides the limits for facility operation with which the licensee must comply or receive NRC approval to deviate from the requirements. For this reason, it is mandatory that all SRAs possess a general knowledge of the content of the TS. This activity will provide an analyst with general knowledge of the contents of the TS (i.e., standard tech. specs vs. site specific). This level of knowledge is equivalent to the required TS specific knowledge level to successfully complete either the Boiling Water Reactor (BWR) or Pressurized Water Reactor (PWR) series of instruction. Additionally, NRC requires that licensees update and maintain their Final Safety Analysis Report (FSAR) at a required frequency. The FSAR describes important structure, systems, and components at a site and can provide useful information for a target set inspection. For this reason, it is important for all SRAs to be able to locate and review a licensees updated FSAR (UFSAR) before a target set inspection.

COMPETENCY AREA: INSPECTION REGULATORY FRAMEWORK LEVEL OF EFFORT: 10 Hours

REFERENCES:

The TSs for the PWR or BWR series course attended.

The NRCs Technical Specifications web page FSAR/UFSAR for a site (https://usnrc.sharepoint.com/teams/NRR-FSAR-SUNSI-Reviews)

Plant Risk Information Book and/or accident sequence modeling for a site IMC 0326, Operability Determinations The Technical Specifications Branch SharePoint site (https://usnrc.sharepoint.com/teams/NRR-Technical-Specifications-Branch-2)

EVALUATION CRITERIA: At the completion of this activity, you should be able to:

1. For the TS used during the PWR/BWR series instruction, identify each TS section and discuss the general content of the requirements contained in each section.

Issue Date: 11/05/20 9 1245 App C-11

2. Discuss the definition of the terms found in the TS.
3. Discuss the safety limits and limiting safety system settings listed and the significance of these limits.
4. Define operability.
5. Discuss the initial assumptions regarding operability of equipment and TS action statements during target set inspections.
6. Describe the contents of a FSAR/UFSAR and what information can be obtained from the report.
7. Describe how the FSAR/UFSAR can be useful in preparation for a target set inspection.
8. Describe any system or equipment interdependences identified while reviewing a sites risk information book.

TASKS: 1. Locate a copy of the TSs for the BWR or PWR series course attended or for a site designated by your supervisor.

2. Review the various sections of the TSs, as listed in the evaluation criteria section.
3. Review the contents of the technical requirements manual or other document referenced by the TS to determine the types of requirements contained in these documents. In addition, review the knowledge management session related to the technical requirements manual.

(https://nuclepedia.usalearning.gov/index.php?title=Coordinate_Reg ional_(Reactor)_KM/training_Initiative)

4. Discuss the relationship between TS and operability of equipment and their applicability to target sets.
5. Review the contents of a sites FSAR/UFSAR and identify any unique site-specific structures, systems, and components that may affect the sites target sets. Also, review the report for site familiarization and nomenclature.
6. Review the contents of a sites risk information book or accident sequences.
7. Meet with your supervisor, a regional security branch chief, or a qualified SRA to discuss any questions you may have as a result of this activity.

Issue Date: 11/05/20 10 1245 App C-11

DOCUMENTATION: Security Risk Analyst Technical Proficiency-Level Qualification Signature Card Item ISA - Security Risk Analyst - 3 Technical Specifications, Operability, and Updated Final Safety Analysis Report.

Issue Date: 11/05/20 11 1245 App C-11

Security Risk Analyst Individual Study Activity TOPIC: (ISA - Security Risk Analyst - 4) Target Set Flowchart and Baseline Security Significance Determination Process (BSSDP)

PURPOSE: The Significance Determination Process (SDP), as described in Appendix E of Manual Chapter 0609, aids NRC inspectors, SRAs, and staff in determining the safety significance of inspection findings. Target set findings are assessed through the Target Set Flowchart of IMC 0609, Appendix E, Part I. While this flowchart focuses on the areas applicable to target sets, including target set processes, consideration of cyber-attacks, and target set oversight, it also provides a link to the BSSDP Flowchart and cyber security SDP, when applicable. The baseline worksheets and cyber security worksheets are used to determine the risk-significance of target set findings that either resulted in a change to the protective strategy or impacted the cyber security program. The purpose of this activity is for the SRA to gain the requisite knowledge, understanding, and practical ability, such that upon completion of this activity, the SRA will be able to use the appropriate SDP to determine the safety significance of target set findings.

COMPETENCY AREA: REGULATORY FRAMEWORK TECHNICAL AREA EXPERTISE INSPECTION PROBLEM ANALYSIS ASSESSMENT AND ENFORCEMENT LEVEL OF EFFORT: 8 Hours

REFERENCES:

NRC Inspection Manual Chapter IMC-0609, Significance Determination Process including Appendix E NRC Inspection Manual Chapter - 0609, Appendix E, Part I, Baseline Security Significance Determination Process for Power Reactors NRC Inspection Manual Chapter - 0609, Appendix E, Part IV, Cyber Security Significance Determination Process for Power Reactors NRC Inspection Manual Chapter IMC-0612, Issue Screening, Appendix B, Additional Issue Screening Guidance and Appendix E, Examples of Minor Issues EVALUATION CRITERIA: At the completion of this activity, you should be able to:

1. Identify the most risk significant target sets findings that will require assessment through the BSSDP or cyber security SDP.

Issue Date: 11/05/20 12 1245 App C-11

2. Screen a target set related finding through IMC 0609, Appendix E, Part I.
3. Discuss the thresholds for increasing significance of target set findings/violations.
4. Discuss the Process for Appealing NRC Characterization of Inspection Findings (SDP appeal process) as described in IMC-0609, Attachment 2.

TASKS: 1. Obtain a copy of IMC-0609 and read Introduction and Appendix E.

Become well-versed in the use of the BSSDP.

2. Obtain a copy of IMC-0612 Appendix B and E read for understanding the process to determine if a target set issue is suited for SDP analysis.
3. Obtain from your supervisor or a qualified SRA at least three (3) actual target set inspection findings (at least 2 of which have undergone the Significant Determination Process), or obtain from your supervisor or a qualified senior safeguards inspector at least three (3) BSSDP case studies and perform the following:
a. Utilizing IMC-0612 Appendix B and E, determine whether each of the issues has sufficient significance to warrant SDP analysis and/or documentation.
b. Utilizing IMC-0609, Appendix E, I, Figure 6, screen the target set finding.
c. Compare your conclusions with those provided by the actual findings or case studies.
d. Discuss your results with your supervisor, a regional security branch chief, or a qualified SRA.
4. Discuss with a qualified SRA how they would determine if a licensee must change their protective strategy to account for the changes in their target sets to assist in determining the significance of a finding/violation.
5. Meet with your supervisor, a regional security branch chief, or a qualified SRA to discuss any questions you may have as a result of this activity.

DOCUMENTATION: Security Risk Analyst Technical Proficiency-Level Qualification Signature Item ISA - Security Risk Analyst - 4 Physical Protection Significance Determination Process Issue Date: 11/05/20 13 1245 App C-11

Security Risk Analyst Individual Study Activity TOPIC: (ISA - Security Risk Analyst - 5) Licensee Force-on-Force Exercise PURPOSE: The NRC requires that a licensee be able to adequately defend the site against the design basis threat (DBT) addressed in 10 CFR 73.1. This rule specifies the specific elements of the DBT against which each licensee is required to defend. Additionally, 10 CFR 73.55 delineates the physical protection requirements for power reactor facilities to protect against the DBT. The headquarters performance evaluation program, generally called Force-on-Force (FOF) program, evaluates execution of a licensee protective strategy through performance-based drills. During these FOF exercises, licensees must adequately defend against the loss of a target set. Furthermore, the Energy Policy Act requires development of the most challenging exercises. This activity will provide SRAs with detailed knowledge of the contents of the rule requirements, how to apply any applicable site-specific security bounding time (SBT) or reasonable assurance of protection time (RAPT), and DBT requirements in evaluating a licensees protective strategy.

COMPETENCY AREAS: TECHNICAL AREA EXPERTISE LEVEL OF EFFORT: 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />

REFERENCES:

10 CFR 73.1, Purpose and Scope Appendix B, General Criteria for Security Personnel, to Part 73 Appendix C, License Safeguards Contingency Plans, to Part 73 RG 5.76, Physical Protection Programs at Nuclear Power Reactors (Safeguards Information)

RG 5.54, Standard Format and Content of Safeguards Contingency Plans for Nuclear Power Plants (Safeguards Information)

Regulatory Guide 5.69 Guidance for the Application of the Radiological DBT in the Design, Development, and Implementation of a Physical Security Protection Program that Meets 10 CFR 73.55 Requirements (Safeguards Information)

Issue Date: 11/05/20 14 1245 App C-11

RG 5.81, Target Set Identification and Development for Nuclear Power Reactors Inspection Procedure 71130.03, Contingency Response - Force-on-Force Testing Licensee/Site Protective Strategy Brief Force-on-Force Inspection Reports SECY-20-0070: Technical Evaluation of the Security Bounding Time Concept for Operating Nuclear Power Plants (ML2016G265)

EVALUATION CRITERIA: At the completion of this activity, you should be able to perform the following for the facility designated by your supervisor:

1. Discuss the regulatory requirements for the design, development, and implementation of a security protective strategy.
2. Demonstrate the ability to review and evaluate a licensees overall Safeguards Contingency Response Plan. This should include an evaluation of the licensees ability to respond to the external DBT by focusing on: (a) the interactions between a licensees operations and security departments in establishing priorities for protecting equipment; (b) the overall protective strategies used, (c) justification for site-specific SBTs (if applicable); and, (d) results of table-top and FOF exercises.
3. Discuss a licensees: (1) established target sets and its responsiveness and effectiveness in implementing its strategy to protect these sets; (2) conduct of table-top drills and real-time FOF exercises; (3) use of force training; and (4) ability to interdict adversarial forces.
4. Discuss the background of RAPT and site-specific SBT and how a licensee could apply these concepts.

TASKS: 1. Read and obtain an in-depth understanding of the regulatory requirements included in 10 CFR 73 and appendices referenced above.

2. Read inspection procedure (IP) 71130.05 and 71130.03 to understand how the NRC evaluates a licensees protective strategy.
3. Obtain a site protective strategy brief and understand a licensees protective strategy and how it protects target sets.

Issue Date: 11/05/20 15 1245 App C-11

4. Review two FOF inspection reports to understand how the evaluations are used to assess the licensee.
5. Meet with a FOF team lead to discuss any questions that you may have regarding selection of targets sets for FOF exercise.
6. Meet with your supervisor, a regional security branch chief, or a qualified SRA to discuss any questions that you may have as a result of this activity.

DOCUMENTATION: Security Risk Analyst Proficiency Level Qualification Signature Card Item ISA - Security Risk Analyst - 5 Licensee Force-on-Force Exercises.

Issue Date: 11/05/20 16 1245 App C-11

Security Risk Analyst Technical Proficiency On-the-Job Activities Issue Date: 11/05/20 17 1245 App C-11

Security Risk Analyst On-the-Job Activity TOPIC: (OJT - Security Risk Analyst - 1) Target Set Review PURPOSE: The purpose of this activity is to familiarize an SRA with the proper method for reviewing licensee supplied target set information and plant specific system information prior to a target set inspection. This is equivalent to the in-office prep week for the target set inspection.

COMPETENCY AREA: INSPECTION LEVEL OF EFFORT: 40 hours4.62963e-4 days <br />0.0111 hours <br />6.613757e-5 weeks <br />1.522e-5 months <br /> (per technology): System review for a BWR and/or a PWR.

REFERENCES:

Inspection Procedure 71130.14, Review of Power Reactor Target Sets Licensee supplied target set information (SGI)

Piping and instrumentation drawings for each selected system as needed Licensee system emergency procedures and operations security emergency procedures Final safety analysis report (FSAR) or updated final safety analysis report (UFSAR) for assigned facility.

Site Information (any other applicable documents such as additional prints, drawings, site probabilistic risk assessment (PRA) notebook(s), or procedures necessary for target set review)

RG 5.81, Target Set Identification and Development for Nuclear Power Reactors EVALUATION CRITERIA: When you have completed this activity, you will be able to do the following:

1. Discuss the accident response functions of each selected system.
2. Discuss the stand alone ability of each target set element to prevent significant core damage.
3. Validate operator actions meet established criteria to be included in the target set or should be identified as mitigative actions.
4. Ensure that any target sets that are screened out are unachievable per the restraints of the DBT. Additionally, if the licensee used a reasonable assurance of protection time (RAPT) or a site-specific security bounding time (SBT) to screen out unachievable target sets, ensure its in screened and documented in accordance with RG 5.76.

Issue Date: 11/05/20 18 1245 App C-11

5. Ensure the licensee is adequately identifying target sets, use guidance provided in RG 5.81 for target set identification as one acceptable method a licensee can use to perform target set identification.
6. Identify that the submitted target set information contains the required information for a reviewer to ensure target sets are complete and accurate.

TASKS: 1. In conjunction with a qualified SRA or your supervisor review the background plant information to validate the licensee supplied target set information.

2. In conjunction with a qualified SRA or your supervisor review the proposed operator actions allow inclusion of components in the target set per the six criteria.
3. In conjunction with a qualified SRA participate via secure phone or through face to face communications with licensee personnel to validate assumptions made in the preparation of the target set submittal and basis document.
4. Ensure that if the licensee identifies any cyber critical digital assets that relate to a target set element and location are included in the documented target sets.
5. In conjunction with a qualified SRA, ensure the submitted target set information has all the information necessary to conduct a target set inspection. NOTE: Licensees are not required to conform to the format as described in IP 71130.14, RG 5.81, or RG 5.76.
6. Meet with your supervisor, a regional security branch chief, or a qualified SRA to discuss any questions that you may have as a result of this activity.

DOCUMENTATION: Security Risk Analyst Qualification Signature (OJT - Security Risk Analyst - 1) Target Set Review.

Issue Date: 11/05/20 19 1245 App C-11

Security Risk Analyst On-the-Job Activity TOPIC: (OJT - Security Risk Analyst - 2) Site System Reviews and Walk Downs PURPOSE: The purpose of this activity is to familiarize SRAs with the proper method for validating target set information on the physical plant site and conducting walk downs of target set elements. This verification is one means of ascertaining that a target set element can perform its intended stand-alone accident response functions and that operator actions meet the established criteria. This is equivalent to the on-site review of target sets.

COMPETENCY AREA: INSPECTION LEVEL OF EFFORT: 40 hours4.62963e-4 days <br />0.0111 hours <br />6.613757e-5 weeks <br />1.522e-5 months <br /> (per technology): in-office prep system review for a BWR and/or a PWR.

REFERENCES:

Inspection Procedure 71130.14, Review of Power Reactor Target Sets Licensee supplied target set information (SGI)

Piping and instrumentation drawings for each selected system, as needed Licensee system emergency procedures and operations security emergency procedure Updated Final Safety Analysis Report (UFSAR) for assigned facility Site information (any other applicable documents such as additional prints, drawings, or procedures necessary for target set review)

EVALUATION CRITERIA: Upon completion of the tasks, you should be able to:

1. Discuss the accident response functions of each selected system and supporting systems necessary for proper system function.
2. Discuss the stand-alone ability of each target set element.
3. During a tour, with the site operations personnel, of each target set element locate the major components.
4. During a tour of each target set element, evaluate if there are any additional methods or locations that the licensee did not identify that could be used to prevent an element from providing accident response functions.
5. Demonstrate the ability to walk down an operator action within a target set and be able to determine if it does or does not meet the Issue Date: 11/05/20 20 1245 App C-11

six criteria to be a credited operator action and the rationale. If applicable, walk down any target set elements screened out and/or added to a target set based on RAPT or site-specific SBT.

TASKS: 1. In conjunction with a qualified SRA, a site resident inspector, or your supervisor perform a walk down of target set elements to verify the background plant information provided in the licensee supplied target set information.

2. In conjunction with a qualified SRA, a site resident inspector, or your supervisor perform a walk down of target set elements to validate the proposed operator actions allow inclusion of remote components in the target set per the inspection criteria.
3. In conjunction with a qualified SRA, or your supervisor, evaluate possible alternate methods to disable target set elements from providing accident response functions.
4. Meet with your supervisor, a regional security branch chief, or a qualified SRA to discuss any questions that you may have as a result of this activity.

DOCUMENTATION: Security Risk Analyst Qualification Signature (OJT - Security Risk Analyst - 2) Site System Reviews and Walk Downs.

Issue Date: 11/05/20 21 1245 App C-11

Security Risk Analyst On-the-Job Activity TOPIC: (OJT - Security Risk Analyst - 3) Safety and Security Interface PURPOSE: The purpose of this activity is to familiarize SRAs with the proper method for performing the safety and security interface aspect of the target set inspection procedure. This review ensures that the plant operations staff is not adversely affected by the security measures currently in place and that site safety and security personnel are aware of what the other departments are doing. During this review, the licensees operations staff should verify they can effectively perform the actions required for safe shutdown of the facility and no critical operator timelines are affected by security measures. The review must also verify that operations staff are informed in a timely manner of a possible or current security threat to the site, so that operations staff may begin any applicable actions and safely perform these actions without being adversely affected by plant security equipment or barriers.

COMPETENCY AREAS: INSPECTION LEVEL OF EFFORT: 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br /> (per technology): one site system review at a BWR and/or a PWR.

REFERENCES:

Inspection Procedure 71130.14, Review of Power Reactor Target Sets 10 CFR 73.58, Safety/Security Interface Requirements for Nuclear Power Reactors Regulatory Guide 5.74, Managing the Safety/Security Interface (latest revision)

Licensee supplied target set information (SGI)

Piping and instrumentation drawings for each selected system as needed.

Licensee system emergency procedures, operations security emergency procedure, and safety/security interface procedures.

Final safety analysis report (FSAR) or updated final safety analysis report (UFSAR) for assigned facility.

Site information (any other applicable documents such as additional prints, drawings, or procedures necessary for target set review)

EVALUATION CRITERIA: Complete the tasks specified in this OJT and meet with your supervisor or a qualified SRA to discuss any questions that you may have as a result of this activity. Upon completion of this activity, you should be able to:

Issue Date: 22 1245 App C-11

1. Discuss the need for the operations staff to rapidly access plant equipment.
2. Discuss the method that operators use to access plant equipment during plant emergency conditions such as Loss of Offsite Power (LOOP), Station Blackout (SBO, Extend Loss of AC Power (ELAP),

and security emergency conditions.

3. Discuss any effects of security equipment or barriers may have on operator actions.

TASKS: 1. In conjunction with a qualified SRA or your supervisor interview several licensee senior reactor operators (SROs) regarding any possible effects of security equipment or barriers on the ability to safely operate the plant during normal and emergency conditions.

2. In conjunction with a qualified SRA or your supervisor interview several licensee SROs regarding how the operators can access equipment required to be operated during LOOP, SBO, ELAP, and security emergency conditions.
3. In conjunction with a qualified SRA or your supervisor interview several licensee SROs regarding the ability to effectively perform operator actions with the existing security equipment or barriers.
4. Review the licensees procedure on safety and security interface and review the types of interactions the two departments have on-site.
5. Meet with your supervisor, a regional security branch chief, or a qualified SRA to discuss any questions that you may have as a result of this activity.

DOCUMENTATION: Security Risk Analyst Qualification Signature (OJT - Security Risk Analyst - 3) Safety and Security Interface.

Issue Date: 11/05/20 23 1245 App C-11

Regional Security Risk Analyst Technical Proficiency Level Signature Card and Certification Employees Supervisors Inspectors Name:

Initials/Date Initials/Date Required Training Courses Power Plant Engineering (self-study)

BWR Technology R-304B or PWR Technology R-304P or equivalent BWR Technology R-504B or PWR Technology R-504P or equivalent BWR Technology R-624B or PWR Technology R-624P or equivalent Perspectives on Reactor Safety (R-800)

AP1000 Introduction to Differences Course (R-107P)

Introduction to Physical Security Systems self-study (S-118S)

Security Fundamentals Course (S-301)

Explosives, Blast Effects, and Breaching Field Course (S-502)

Individual Study Activities ISA - Security Risk Analyst - 1 Code of Federal Regulations (CFR)

ISA - Security Risk Analyst - 2 Target Set Regulatory Guidance and Framework ISA - Security Risk Analyst - 3 Technical Specifications, Operability, and Updated Final Safety Analysis Report ISA - Security Risk Analyst - 4 Target Set Flowchart and Baseline Security Significance Determination Process (BSSDP)

ISA - Security Risk Analyst - 5 Licensee Force-on-Force Exercises On-the-Job Activities OJT - Security Risk Analyst - 1 Pre-Site Visit Target Set Review OJT - Security Risk Analyst - 2 Site System Reviews and Walk Downs OJT - Security Risk Analyst - 3 Safety and Security Interface Supervisors signature indicates successful completion of all required courses and activities listed in this journal for the individual to be qualified as a Regional Security Risk Analyst for (circle one) the BWR Technology, PWR Technology, or Both. Additionally, the supervisors signature below indicates the individuals readiness to appear before the Oral Board, if the individual has not previously completed an oral board.

Supervisors Signature: ________________________________ Date: ____________

Issue Date: 11/05/20 24 1245 App C-11

Headquarters Security Risk Analyst Technical Proficiency Level Signature Card and Certification Employees Supervisors Inspectors Name:

Initials/Date Initials/Date Required Training Courses Power Plant Engineering (self-study)

BWR Technology R-304B BWR Technology R-504B BWR Technology R-624B PWR Technology R-304P PWR Technology R-504P PWR Technology R-624P Perspectives on Reactor Safety (R-800)

AP1000 Introduction to Differences Course (R-107P)

Westinghouse AP1000 Cross Training (R-327C)

Introduction to Physical Security Systems self-study (S-118S)

Security Fundamentals Course (S-301)

Explosives, Blast Effects, and Breaching Field Course (S-502)

Advanced Intrusion Detection Systems (S-503)

Individual Study Activities ISA - Security Risk Analyst - 1 Code of Federal Regulations (CFR)

ISA - Security Risk Analyst - 2 Target Set Regulatory Guidance and Framework ISA - Security Risk Analyst - 3 Technical Specifications, Operability, and Updated Final Safety Analysis Report ISA - Security Risk Analyst - 4 Target Set Flowchart and Baseline Security Protection Significance Determination Process (BSSDP)

ISA - Security Risk Analyst - 5 Licensee Force-on-Force Exercises On-the-Job Activities OJT - Security Risk Analyst - 1 Target Set Review OJT - Security Risk Analyst - 2 Site System Reviews and Walk Downs OJT - Security Risk Analyst - 3 Safety and Security Interface Issue Date: 11/05/20 25 1245 App C-11

Supervisors signature indicates that the individual has completed the requirements to hold an interim Headquarters Security Risk Analyst qualification for the (circle one) PWR Technology or BWR Technology. The other series still needs to be completed for the individual to be fully qualified.

Supervisors Signature:_______________________________ Date:_____________

Supervisors signature indicates successful completion of all required courses and activities listed in this journal to achieve a fully qualified Headquarters Security Risk Analyst. Additionally, the supervisors signature below indicates the individuals readiness to appear before the Oral Board, if the individual has not previously completed an oral board.

Supervisors Signature: ________________________________ Date: ____________

Issue Date: 11/05/20 26 1245 App C-11

Regional Security Risk Analyst Technical Proficiency Level Equivalency or Waiver Justification Identify equivalent training and/or experience Inspector Name:

for which the inspector is to be given credit.

Required Training Courses Power Plant Engineering (self-study)

BWR Technology R-304B or PWR Technology R-304P or equivalent BWR Technology R-504B or PWR Technology R-504P or equivalent BWR Technology R-624B or PWR Technology R-624P or equivalent Perspectives on Reactor Safety (R-800)

AP1000 Introduction to Differences Course (R-107P)

Introduction to Physical Security Fundamentals (S-101) or Introduction to Physical Security Systems self-study (S-118S)

Security Fundamentals Course (S-301)

Explosives, Blast Effects, and Breaching Field Course (S-502)

Individual Study Activities ISA - Security Risk Analyst - 1 Code of Federal Regulations (CFR)

ISA - Security Risk Analyst - 2 Target Set Regulatory Guidance and Framework ISA - Security Risk Analyst - 3 Technical Specifications, Operability, and Updated Final Safety Analysis Report ISA - Security Risk Analyst - 4 Target Set Flowchart and Baseline Security Significance Determination Process (BSSDP)

ISA - Security Risk Analyst - 5 Licensee Force-on-Force Exercises On-the-Job Activities OJT - Security Risk Analyst - 1 Target Set Review OJT - Security Risk Analyst - 2 Site System Reviews and Walk Downs OJT - Security Risk Analyst - 3 Safety and Security Interface Issue Date: 27 1245 App C-11

Supervisors Recommendation: Signature / Date: _________________________

Division Directors Approval: Signature / Date: _______________________

Copies to: Inspector and official training file Issue Date: 11/05/20 28 1245 App C-11

Headquarters Security Risk Analyst Technical Proficiency Level Equivalency or Waiver Justification Identify equivalent training and/or experience Inspector Name:

for which the inspector is to be given credit.

Required Training Courses Power Plant Engineering (self study)

BWR Technology R-304B BWR Technology R-504B BWR Technology R-624B PWR Technology R-304P PWR Technology R-504P PWR Technology R-624P Perspectives on Reactor Safety (R-800)

AP1000 Introduction to Differences Course (R-107P)

Westinghouse AP1000 Cross Training (R-327C)

Introduction to Physical Security Systems self-study (S-118S)

Security Fundamentals Course (S-301)

Explosives, Blast Effects, and Breaching Field Course (S-502)

Individual Study Activities ISA - Security Risk Analyst - 1 Code of Federal Regulations (CFR)

ISA - Security Risk Analyst - 2 Target Set Regulatory Guidance and Framework ISA - Security Risk Analyst - 3 Technical Specifications, Operability, and Updated Final Safety Analysis Report ISA - Security Risk Analyst - 4 Target Set Flowchart and Baseline Security Significance Determination Process (BSSDP)

ISA - Security Risk Analyst - 5 Licensee Force-on-Force Exercises On-the-Job Activities OJT - Security Risk Analyst - 1 Target Set Review OJT - Security Risk Analyst - 2 Site System Reviews and Walk Downs OJT - Security Risk Analyst - 3 Safety and Security Interface Issue Date: 11/05/20 29 1245 App C-11

Supervisors Recommendation: Signature / Date: _________________________

Division Directors Approval: Signature / Date: _________________________

Copies to: Inspector and official training file END Issue Date: 11/05/20 30 1245 App C-11

Attachment 1 - Revision History for IMC 1245 Appendix C-11 Commitment Accession Description of Change Description of Comment Resolution and Tracking Number Training Closed Feedback Form Number Issue Date Required and Accession Number (Pre-Change Notice Completion Decisional, Non-Public Date Information)

Updated as part the RG periodic review and None to address recent changes related to target set identification (RG 5.81 and RG 5.76) and to address the removal of a target set inspector from the force-on-force inspection team.

N/A 04/09/09 Initial public issuance. Updated course None N/A CN-09-011 curriculum to coincide with newly revised security procedures related to Force-on-Force N/A ML13218B311 Entire rewrite of the qualification journal to None ML13218B322 08/30/13 include qualification requirements for regional CN-13-019 security risk analysts and headquarters security risk analysts. Additionally, the qualification was updated to include changes to NRC requirements regarding target sets.

ML20220A302 Major re-write. Entire rewrite of the None ML20220A301 11/05/20 qualification journal to include qualification CN 20-059 requirements for regional security risk analysts and headquarters security risk analysts. Additionally, the qualification was updated to include changes to NRC requirements regarding target sets.

Issue Date: 11/05/20 Att1-1 1245 App C-11

Retrieved from "https://kanterella.com/w/index.php?title=ML20220A302&oldid=3087195"