ML20350B463

From kanterella
Jump to navigation Jump to search
OIG-19-A-13-Status of Recommendations: Audit of Nrc'S Cyber Security Inspections at Nuclear Power Plants Dated December 3, 2019 Enclosure to NSIR Response
ML20350B463
Person / Time
Issue date: 12/22/2020
From: Brian Holian
Office of Nuclear Security and Incident Response
To: Baker B
NRC/OIG/AIGA
Holloway K
Shared Package
ML20350B458 List:
References
OEDO-19-0577, OIG-19-A-13
Download: ML20350B463 (1)
v  d  e


Text

STAFF RESPONSE TO THE OFFICE OF THE INSPECTOR GENERALS AUDIT OF THE U.S. NUCLEAR REGULATORY COMMISSIONS CYBER SECURITY INSPECTIONS AT NUCLEAR POWER PLANTS OIG-19-A-13 In OIG-19-A-13, Audit of NRCs Cyber Security Inspections at Nuclear Power Plants, the Office of the Inspector General (OIG) provided two recommendations to the U.S. Nuclear Regulatory Commissions (NRC) staff for improving the agencys cyber security oversight program. Below is the OIGs recommendation #2 followed by the NRC staffs response; recommendation #1 is closed.

Recommendation 2:

Use the results of operating experience and discussions with industry to develop and implement suitable cyber security performance measure(s) (e.g., testing, analysis of logs, etc.) by which licensees can demonstrate sustained program effectiveness.

Update:

The staff agrees with the recommendation and is addressing it as part of the staffs power reactor cyber security action plan.

In July 2019, the staff completed an assessment of the Power Reactor Cyber Security Program.

In its assessment, the staff considered feedback and lessons learned from industry and other stakeholders regarding the cyber security rule, associated guidance, licensees implementation of their cyber programs, and ongoing NRC inspections of cyber security program full implementation (Milestone 8). In October 2019, staff finalized the power reactor cyber security action plan to move forward with appropriate program enhancements based on the assessment.

This action plan includes guidance updates, development of cyber security performance measures, and a new inspection procedure (IP) for cyber inspections beyond Milestone 8 implementation.

The NRC staff is developing the new IP in parallel with completing the Milestone 8 inspections, ten of which have been delayed as a result of the COVID-19 public health emergency. Staff anticipates completing all Milestone 8 inspections by June 2021. The new IP will support a more performance-based inspection program and incorporate options for performance metrics and performance testing by licensees. Staff anticipates finalizing the new IP in July 2021, following completion of the Milestone 8 inspections.

Target date for completion: Issuance of the new cyber IP - July 30, 2021.

Point of

Contact:

Kim Holloway, NSIR/DPCP 301-415-0286 Enclosure

Retrieved from "https://kanterella.com/w/index.php?title=ML20350B463&oldid=3151146"