ML21101A002

From kanterella
Jump to navigation Jump to search
OMB 3150-0002, Draft Supporting Statement for 10 CFR Part 73, Physical Protection of Plants and Materials
ML21101A002
Person / Time
Issue date: 06/11/2021
From:
NRC/OCIO
To:
Petrucelli J
References
OMB 3150-0002
Download: ML21101A002 (37)


Text

1 DRAFT SUPPORTING STATEMENT FOR 10 CFR PART 73 PHYSICAL PROTECTION OF PLANTS AND MATERIALS (3150-0002)

EXTENSION Description of the Information Collection The U.S. Nuclear Regulatory Commission (NRC) regulations in Title 10 of the Code of Federal Regulations (10 CFR) Part 73, Physical protection of plants and materials, prescribe requirements for the establishment and maintenance of systems for physical protection of special nuclear material (SNM) at fixed sites, of SNM in transit, and of plants that use SNM.

These include the following reporting, recordkeeping, and third-party disclosure requirements, which are necessary to ensure adequate protection for nuclear facilities and nuclear material (this list is not all-inclusive):

development and maintenance of security documents, including a physical security plan (PSP), training and qualification plan (T&QP), safeguards contingency plan (SCP),

cybersecurity plan (CSP), and security implementing procedures notification to the NRC of safeguards and cybersecurity events notification to State Governors and Tribes of shipments of irradiated reactor fuel criminal history records checks of individuals granted unescorted access to nuclear power facilities or nonpower reactors, or granted access to safeguards information (SGI) advance notification to the NRC of shipments of irradiated reactor fuel and Category II SNM submission of fingerprinting cards to the NRC for background investigations A.

JUSTIFICATION

1.

Need for and Practical Utility of the Information The regulations are issued pursuant to the Atomic Energy Act of 1954, as amended, and Title II of the Energy Reorganization Act of 1974, as amended. In general, the reports and records are necessary for one or more of the following reasons:

Information on the content and planned operation of the licensees physical protection system (e.g., CSP, PSP, SCP, or T&QP) is essential to the NRCs determination of whether the system meets regulatory requirements.

2 For a CSP for nuclear power reactors, this information includes descriptions of how a licensee protects computer and communication systems and networks against cyberattacks, up to and including the design-basis threats described in 10 CFR 73.1, Purpose and scope.

For a PSP for Category I SNM sites and nuclear power reactors, this includes information on capabilities to detect, assess, interdict, and neutralize threats up to and including the design-basis threats described in 10 CFR 73.1. For other PSPs, it includes descriptions of how the licensee will meet the requirements of 10 CFR 73.67, Licensee fixed site and in-transit requirements for the physical protection of special nuclear material of moderate and low strategic significance, at a fixed site or during transport.

For an SCP for Category I SNM sites and nuclear power reactors, this information includes a description of how licensee personnel implement their physical protection program to defend against threats to their facility, up to and including the design-basis threats described in 10 CFR 73.1.

For a T&QP for Category I SNM sites and nuclear power reactors, this includes information on the selection, training, equipping, testing, and qualification of individuals responsible for protecting SNM, nuclear facilities, and nuclear shipments.

Descriptions of the normal operation of the physical protection system (e.g., access authorizations, equipment performance logs) permit the NRC to determine whether there is reasonable assurance that the system operates in accordance with regulatory requirements.

Reports to the NRC of the occurrence of and circumstances surrounding abnormal events (e.g., theft, sabotage, or overdue shipment) enable the NRC to respond to, investigate, and correct situations which adversely affect public health and safety or the common defense and security.

The section 10 CFR Part 73 Information Collection Requirements in this supporting statement lists the specific requirements in 10 CFR Part 73.

2.

Agency Use of the Information The NRC staff reviews the information included in applications, reports, and records to assess the adequacy of each licensees physical plant, equipment, organization, training, experience, procedures, and plans for protection of public health and safety and the common defense and security. The staffs review and findings form the basis for NRC licensing decisions related to physical protection of SNM.

The agency has developed a series of regulatory guides on materials and plant protection, which provide guidance on how to meet the requirements above.

3 They can be found at https://www.nrc.gov/reading-rm/doc-collections/reg-guides/protection/rg/. A list of guidance documents pertinent to 10 CFR Part 73 requirements appears in a table at the end of this supporting statement.

3.

Reduction of Burden through Information Technology There are no legal obstacles to reducing the burden associated with this information collection. The NRC encourages respondents to use information technology when it would benefit them.

The NRC document Guidance for Electronic Submissions to the NRC provides direction for the electronic transmission and submittal of documents to the NRC.

Documents can be transmitted and submitted electronically through the electronic information exchange process (available from the NRCs Electronic Submittals Web page, https://www.nrc.gov/site-help/e-submittals.html), by optical storage media (e.g. CD-ROM, DVD), by fax, or by e-mail. It is estimated that approximately 90 percent of potential responses will be filed electronically.

Because of the information security classification level of some documents, licensees sometimes choose to submit responses in hard copy.

The 56 nuclear power reactor facilities and 20 decommissioning reactor facilities submit all fingerprint data electronically. Material licensees also submit fingerprint data electronically. Other licensees continue to submit fingerprints via hardcopy fingerprint cards versus electronic submission.

4.

Effort to Identify Duplication and Use Similar Information The regulation in 10 CFR 73.38(d) eliminates duplication by specifying that background investigations do not apply to Federal, State, or local law enforcement personnel who are performing escort duties.

The regulation in 10 CFR 73.38(g) eliminates duplication by specifying that a new fingerprint-based Federal Bureau of Investigations (FBI) criminal history records check is not required for individuals who have a valid unescorted access authorization pursuant to an NRC order or regulation within 5 years of the effective date of the final rule on spent nuclear fuel (SNF) in transit.

5.

Effort to Reduce Small Business Burden It is possible for licensees that use SNM to be small businesses. However, since inadequate safeguards for SNM would cause the same risks to the common defense and security and to public health and safety whether the licensee were a large or a small entity, the frequency and completeness of reports, records, plans, and procedures cannot be decreased to reduce the burden on small businesses. The NRC staff estimates that none of the current licensees that use SNM and are subject to 10 CFR Part 73 information collection requirements are small businesses.

6.

Consequences to Federal Program or Policy Activities If the Collection Is Not Conducted or Is Conducted Less Frequently

4 If the information collection were not conducted or were conducted less frequently, the NRC may not be notified of safeguards events in time to respond rapidly and help licensees achieve prompt resolution. The NRC receives and evaluates reports as events occur. In addition, the NRC staff inspects compiled licensee records to verify compliance with regulations. Applications for new licenses and amendments may be submitted at any time. Information submitted in previous applications may be referenced without being resubmitted.

7.

Circumstances Which Justify Variation from Office of Management and Budget Guidelines Certain sections of 10 CFR Part 73 depart from Office of Management and Budget (OMB) guidelines by requiring that licensees submit reports to the NRC in less than 30 days. Sections 73.26, 73.27, 73.37, 73.67, 73.71, and 73.77 of 10 CFR require immediate notification of response forces, the NRC, and local law enforcement authorities; immediate communications between convoys and movement control centers; and immediate notification of consignees and shippers. These notification requirements permit response forces, the NRC, law enforcement authorities, shippers, and consignees to confirm the integrity of shipments, to determine whether SNM has been lost or diverted, and to initiate prompt action to recover it.

Certain other sections of 10 CFR Part 73 depart from the OMB guidelines by requiring licensees to retain records for more than 3 years. Some sections require retention of records for 5 years, or for extended periods such as duration of possession of the material, duration of employment, or 5 years after termination of access authorization (this list is not all-inclusive). These requirements ensure that procedures for handling and safeguarding nuclear material are available for as long as the licensee possesses the material or operates the facility. Other records are required for inspection or for reconstruction of events in case of a safeguards incident. The burden spreadsheet uploaded as a supplementary document lists all required records retention periods.

8.

Consultations outside the NRC An opportunity for public comment on the information collection requirements for this clearance package has been published in the Federal Register.

9.

Payment or Gift to Respondents Not applicable.

10.

Confidentiality of Information Trade secrets, privileged, or confidential commercial or financial information is marked as proprietary information and is protected in accordance with NRC regulations in 10 CFR 9.17(a) and 10 CFR 2.390(b).

Certain information, designated as SGI, is prohibited from public disclosure in accordance with the provisions of the Atomic Energy Act of 1954, as amended,

5 pursuant to Chapter 12, Section 147, or is designated as classified National Security Information, in accordance with Executive Order 12958, Classified National Security Information, dated April 17, 1995.

For criminal history checks, the NRC collects fingerprints, either on hardcopy cards or electronically; digitizes fingerprints captured on cards; and passes the fingerprints electronically to the FBI. The FBI runs the fingerprints and provides the criminal history report to the NRC. The NRC passes this report on to the licensee without retaining a copy of it. This information collection is listed in the NRCs Privacy Act of 1974; Republication of Systems of Records Notices, Volume 81 of the Federal Register, page 81320 (81 FR 81320; November 17, 2016), under the heading of NRC 39, Personnel Security Files and Associated Records. The NRC does not disclose or share the information with anyone, except when initially submitting fingerprints to the FBI and when passing on the FBI report to the licensee.

11.

Justification for Sensitive Questions The regulations in 10 CFR Part 73 require licensees to obtain the criminal history records of individuals who are applying for or currently possess unescorted access to a nuclear power facility or a nonpower reactor. This sensitive information is necessary to allow licensees to determine whether these individuals are qualified to gain and maintain unescorted access to the site.

Reviewing officials use the sensitive information to evaluate an individuals trustworthiness and reliability. Licensees must inform affected individuals that their fingerprints will be used to obtain their criminal history records for review. In addition, licensees must inform the individuals of proper procedures for challenging or explaining their records. Each licensee must establish and maintain a system of files and procedures to protect this sensitive personal information.

The regulation in 10 CFR 73.57(f)(2) requires licensees to protect information obtained from individual criminal history records:

The licensee may not disclose the record or personal information collected and maintained to persons other than the subject individual, his/her representative, or to those who have a need to have access to the information in performing assigned duties in the process of granting or denying unescorted access to the nuclear power facility, the non-power reactor or access to Safeguards Information. No individual authorized to have access to the information may re-disseminate the information to any other individual who does not have a need to know.

6

12.

Estimated Burden and Burden Hour Cost The estimated burden is based on the following respondents:

2 Category I fuel facilities 5 Category II and III facilities 56 power reactor sites 20 decommissioning reactor facilities 31 research and test reactors 96 other entities that mark and handle SGI The estimated number of annual respondents is 210.

The overall estimated annual burden is 495,892 hours0.0103 days <br />0.248 hours <br />0.00147 weeks <br />3.39406e-4 months <br />, at an estimated annual cost of $138 million (495,892 hours0.0103 days <br />0.248 hours <br />0.00147 weeks <br />3.39406e-4 months <br /> at $279 per hour). This includes 22,631 hours0.0073 days <br />0.175 hours <br />0.00104 weeks <br />2.400955e-4 months <br /> for reporting, 21,473 hours0.00547 days <br />0.131 hours <br />7.820767e-4 weeks <br />1.799765e-4 months <br /> for third-party notification, and 451,788 hours0.00912 days <br />0.219 hours <br />0.0013 weeks <br />2.99834e-4 months <br /> for recordkeeping. Detailed burden tables have been uploaded as a supplementary document (Excel spreadsheet).

Burden Summary Responses Hours Cost at $279/hr Reporting 40,889 22,631

$6,314,047 Recordkeeping 210 451,788

$126,048,726 Third-Party Disclosure 89,869 21,473

$5,9991,037 Total 130,968 495,892

$138,353,811 The $279 hourly rate used in the burden estimates is the rate given in 10 CFR 170.20, Average cost per professional staff-hour. For more information on the basis of this rate, see Revision of Fee Schedules; Fee Recovery for Fiscal Year 2020 (85 FR 37250; June 19, 2020).

13.

Estimate of Other Additional Costs The NRC has determined that the records storage cost is roughly proportional to the recordkeeping burden cost. For a typical clearance, the records storage cost has been calculated as 0.04 percent of the recordkeeping burden cost.

Therefore, the records storage cost for this clearance is estimated to be $50,419 (0.04 percent of 451,788 recordkeeping hours at $279 per hour).

In addition, the current cost charged to licensees for processing fingerprint cards is $10 per card. The total cost for processing fingerprint cards is $502,550 (50,255 cards at $10 per card). The staff anticipates the current costs to increase by the end of the fiscal year.

The total additional cost to licensees for recordkeeping and fingerprint card processing is thus $552,969 ($50,419 + $502,550).

7

14.

Estimated Annualized Cost to the Federal Government The staff has developed estimates of annualized costs to the Federal Government for conducting this information collection. These estimates are based on staff experience and subject-matter expertise and include the burden of reviewing, analyzing, and processing the collected information, as well as any relevant operational expenses. The estimated cost to the government for the review of required reports and records is approximately $1,255,500 (4,500 hours0.00579 days <br />0.139 hours <br />8.267196e-4 weeks <br />1.9025e-4 months <br /> at $279 per hour), based on the NRC fee rate.

15.

Reason for Change in Burden or Cost The estimated burden has decreased from 541,406 hours0.0047 days <br />0.113 hours <br />6.712963e-4 weeks <br />1.54483e-4 months <br /> to 495,892 hours0.0103 days <br />0.248 hours <br />0.00147 weeks <br />3.39406e-4 months <br />, for a total decrease of 45,514 hours0.00595 days <br />0.143 hours <br />8.498677e-4 weeks <br />1.95577e-4 months <br />.

BURDEN CHANGE Current Burden in ROCIS 2021 Estimates Changes Hours Responses Hours Responses Hours Responses Reporting 22,591 40,819 22,631 40,889 40 70 Recordkeeping 475,852 210 451,788 210 -24,064 0

Third-Party Disclosure 42,963 136,957 21,473 89,869 -21,490

-47,088 Total 541,406 177,986 495,892 130,968 -45,514

-47,018 The increase in reporting estimates is due to: (1) an increase in transportation operations; (2) more accurately capturing required reporting for spent fuel and special nuclear material operations; and (3) increase in reporting of Safeguards events due to the changing types of licensees. The decreased third party estimates can largely be attributed to: (1) Most licensees changed SGI-M to SGI for documents maintained, (2) changes in transportation, and (3) the number of power reactor sites decreased, from 60 in 2018 to 56 in 2021.

16.

Publication for Statistical Use None.

17.

Reasons for Not Displaying the Expiration Date The recordkeeping and reporting requirements for this information collection are associated with regulations and are not submitted on instruments such as forms or surveys. For this reason, there are no data instruments on which to display an OMB expiration date. Furthermore, amending the regulatory text of the CFR to display information that, in an annual publication, could become obsolete would be unduly burdensome and too difficult to keep current.

8

18.

Exceptions to the Certification Statement None.

B.

COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS None.

9 10 CFR PART 73 INFORMATION COLLECTION REQUIREMENTS Section 73.5, Specific exemptions, provides that under specified conditions, the NRC may grant exemptions from the requirements of the regulations in 10 CFR Part 73, upon the application of any interested person or on its own initiative. The NRC staff examines applications for exemptions under 10 CFR 73.5 to determine whether each requested exemption is authorized by law, will not endanger life or property or the common defense and security, and is otherwise in the public interest.

Subsection 73.20(c) requires that each affected licensee establish, maintain, and follow NRC-approved safeguards physical protection and safeguards contingency plans that describe how the licensee will comply with the requirements of 10 CFR 73(a)-(b). These plans are used to review the adequacy of a licensee's intended security system for compliance and enforcement purposes.

Subsection 73.22(b) requires licensees to determine, based on a background check or other means approved by the NRC, that each individual seeking access to SGI is trustworthy and reliable. The categories of individuals enumerated in 10 CFR 73.59, Relief from fingerprinting, identification and criminal history records checks and other elements of background checks for designated categories of individuals, are exempt from this requirement.

Subsection 73.22(d) requires that each document or other matter that contains SGI be conspicuously marked at the top and bottom of each page to indicate the presence of such information, and that the first page also contain the following information:

the name, title, and organization of the individual authorized to make an SGI determination who has determined that the document or other matter contains SGI the date the determination was made an indication that unauthorized disclosure will be subject to civil and criminal sanctions Transmittal letters or memoranda to or from the NRC which do not in themselves contain SGI must be marked to indicate that attachments or enclosures contain SGI but that the transmittal letter or memorandum does not. Transmittal documents or other media containing SGI must include the name and title of the certifying official and the date they were designated as containing SGI. Portion marking is required only for correspondence to and from the NRC (i.e.,

for cover letters, but for not attachments) that contains SGI. The portion marking must be sufficient to allow the recipient to identify those sections of the transmittal document or other information containing SGI, and to distinguish them from those not containing SGI. Documents or other matter containing or transmitting SGI must, at a minimum, include the words Safeguards Information to ensure identification of protected information for the protection of facilities and material covered by 10 CFR 73.22, Protection of Safeguards Information: Specific Requirements.

Subsection 73.22(f) states that when documents or other matter containing SGI are transmitted outside an authorized place of use or storage, they must be packaged in two sealed envelopes or wrappers to preclude disclosure of the presence of SGI. The inner envelope or wrapper must contain the name and address of the intended recipient and be marked on both sides, top and bottom, with the words Safeguards Information. The outer envelope or wrapper must be opaque and addressed to the intended recipient; it must contain the address of the sender and

10 may not bear any markings or indication that the document or other matter contains SGI.

Subsection 73.23(b) requires licensees to determine, based on a background check or other means approved by the NRC, that each individual seeking access to SGI designated as SGI-Modified Handling (SGI-M) is trustworthy and reliable. The categories of individuals enumerated in 10 CFR 73.59 are exempt from this requirement.

Subsection 73.23(d) requires that a document or other matter containing SGI designated as SGI-M be conspicuously marked on the top and bottom of each page to indicate the presence of SGI-M. In addition, the first page of such a document must include the name, title, and organization of the individual authorized to make a determination of SGI designated as SGI-M who has determined that the document contains SGI designated as SGI-M; the date the determination was made; and an indication that unauthorized disclosure will be subject to civil and criminal sanctions. Transmittal letters or memoranda to or from the NRC that do not in themselves contain SGI designated as SGI-M must be marked to indicate that attachments or enclosures contain SGI designated as SGI-M but that the transmittal document does not.

Transmittal documents forwarding SGI designated as SGI-M must alert the recipient that protected information is enclosed. Certification that a document or other matter contains SGI designated as SGI-M must include the name and title of the certifying official and the date designated. Transmittal documents to and from the NRC require portion marking showing which portions of the material contain SGI designated as SGI-M and which do not. The marking of documents containing or transmitting SGI designated as SGI-M must, at a minimum, include the words Safeguards InformationModified Handling.

Subsection 73.23(f) requires that documents or other matter containing SGI designated as SGI-M transmitted outside an authorized place of use or storage be packaged in two sealed envelopes or wrappers. The inner envelope or wrapper must contain the name and address of the intended recipient and be marked on both sides, top and bottom, with the words Safeguards InformationModified Handling. The outer envelope or wrapper must be opaque and addressed to the intended recipient; it must include the address of the sender and may not bear any markings or indication that the document contains SGI designated as SGI-M.

Subsection 73.24(b)(1) states that when making shipments of SNM in which individual shipments are less than a formula quantity, but the total quantity simultaneously in transit could equal or exceed a formula quantity, licensees must log the arrival of each shipment at its final destination. This record is necessary to verify shipment arrival and ensure that the total quantity of SNM in two or more shipments in transit at the same time does not equal or exceed a formula quantity.

Subsection 73.25(b) lists procedures required for the physical protection system and plan described in 10 CFR 73.20, General performance objective and requirements. The information collection associated with these requirements appears in 10 CFR 73.20.

Subsection 73.25(c) lists procedures required for the physical protection system and plan described in 10 CFR 73.20. The information collection associated with these requirements appears in 10 CFR 73.20.

Subsection 73.25(d) lists procedures required for the physical protection system and plan described in 10 CFR 73.20. The information collection associated with these requirements appears in 10 CFR 73.20.

11 Subsection 73.26(b)(3) requires that, before each SNM shipment, licensees inform the NRC of the shipper, consignee, carriers, transfer points, modes of shipment, and security arrangements for the shipment. This information permits the NRC to verify that adequate measures will be taken to protect the material in transit.

Subsection 73.26(c) describes the records retention schedule for records associated with 10 CFR 73.25, 10 CFR 73.26, and 10 CFR 73.27. This requirement is not an information collection but adds detail on information collections listed elsewhere in this part. Any burden associated with records retention is recorded under the information collection containing the recordkeeping requirement.

Subsection 73.26(d)(3) requires that licensees maintain a written management system for the development, revision, implementation, and enforcement of transportation physical protection procedures. The information collection associated with this requirement appears in 10 CFR 73.20(c).

Subsection 73.26(d)(4) requires that licensees document the qualification and requalification of members of the security organization. The licensee must retain the record of each individuals initial qualification for the term of employment and the record of each requalification for 3 years.

NRC inspectors review this information to verify that security organization members are properly qualified in accordance with the site T&QP and implementing procedures.

Subsection 73.26(e)(1) refers to the written contingency plan required by 10 CFR 73.20. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.26(e)(2) requires that, upon detection of abnormal presence or activity of persons or vehicles attempting to penetrate a moving convoy or persons attempting to gain access to a parked cargo vehicle, or upon evidence or indication of penetration of the cargo vehicle, armed escorts or other personnel inform local law enforcement agencies of the threat and request assistance.

Subsection 73.26(f)(2) requires the following security procedures for transfers of SNM:

(1)

The commander of the armed personnel protecting the shipment shall call a remote location at least every 30 minutes to report the status of the shipment.

(2)

If they do not receive the calls, the remote location personnel shall request assistance from local law enforcement agencies, notify the shipment movement control center, and initiate the appropriate contingency plans.

(3)

Escorts shall notify the licensee of the latest status of the shipment immediately after its departure.

Calling the remote location every 30 minutes is among the security staffs normal duties and is not reported as part of the burden.

Subsection 73.26(g)(1) requires the use of a numbered picture badge identification procedure to identify all individuals who will have custody of a shipment of SNM. Because all security officers assigned to duties involving shipments of nuclear material are required to wear numbered picture badges as a normal part of their duties, this is not reported as part of the burden; thus, the information collection is for the procedure only.

12 Subsection 73.26(h)(5) lists procedures required for the physical protection system and plan described in 10 CFR 73.20. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.26(h)(6) requires licensees to document the results of annual audits of the transportation security program, along with recommendations for improvements, and to retain the documentation as a record for 3 years. NRC inspectors review these records to verify that the effectiveness of the physical security system is evaluated by licensee personnel independent of security management and supervision.

Subsection 73.26(i)(1) requires that licensees prepare a detailed route plan for SNM shipments by road, showing the routes to be taken, refueling and rest stops, and call-in times to the movement control center. This document is used to verify that the shipment is made on primary highways with minimum use of secondary roads, and that adequate measures for support and communications are available to protect the shipment.

Subsection 73.26(i)(5) requires the establishment of procedures in support of the physical protection system. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.26(i)(6) requires that SNM shipment or escort personnel make calls to the movement control center at least every half hour to convey the status and position of the shipment. If no call is received at a designated call-in time, the licensee must immediately notify law enforcement authorities and the NRC and initiate appropriate contingency plans. This notification is necessary so that the NRC can ensure timely response or investigation. Calling the movement control center every 30 minutes is among the security staffs normal duties and is not reported as part of the burden.

Subsection 73.26(j)(6) requires the establishment of procedures in support of the physical protection system. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.26(k)(2) requires the establishment of procedures in support of the physical protection system. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.26(k)(4) requires that, for SNM shipments by rail, if no call is received from the shipment or escort personnel at a designated call-in time, the licensee must immediately notify law enforcement authorities and the NRC and initiate appropriate contingency plans. This notification is necessary so that the NRC can ensure timely response or investigation. The information collection associated with this requirement is captured under 10 CFR 73.26(i)(6), as the requirement is the same; only the transportation type differs.

Subsection 73.27(a)(1) requires that a licensee delivering formula quantities of strategic SNM (SSNM) to a carrier for transport immediately notify the consignee, by telephone, telegraph, or teletype, of the time of departure of the shipment, the method of transportation (including names of carriers), and the estimated time of arrival at the destination. This information is needed to ensure that the consignee is aware that the shipment is en route, so that the consignee can carry out the safeguards transportation protection plan.

13 Subsection 73.27(a)(2) requires that, in the case of a shipment free on board the point where it is delivered to a carrier for transport, the licensee shipper obtain written certification from the consignee who is to take delivery at the free on board point that the required physical protection arrangements have been made. This information is needed to ensure that the safeguards transportation protection plan will be carried out.

Subsection 73.27(a)(3) requires that a shipper arrange to receive immediate notification from the consignee when a shipment arrives at its destination or is lost or unaccounted for after the estimated time of arrival at its destination. This information is required so that the licensee can promptly notify the NRC of any missing material and initiate a trace investigation.

Subsection 73.27(b) requires a licensee receiving a shipment of formula quantities of SSNM to immediately notify the shipper and the NRC of the shipments arrival at its destination, or of its failure to arrive at its destination at the estimated time. In the latter event, the shipper must also notify the NRC of the actions being taken to trace the shipment. This information is needed to maintain accountability for SSNM in transit, so that trace and recovery actions may be undertaken if necessary.

Subsection 73.27(c) states that if an SNM shipment is lost or unaccounted for, the licensee that made the physical protection arrangements must conduct a trace investigation and file a report with the NRC as specified in 10 CFR 73.71, Reporting of safeguards events. This information permits the NRC to determine whether all appropriate measures have been taken to trace and recover the material. The information collection associated with this requirement appears in 10 CFR 73.71.

Subsection 73.37(a) requires licensees to notify the appropriate response forces of any spent fuel shipment sabotage attempts as part of the physical protection system and plan described in 10 CFR 73.20. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.37(b)(1)(ii) requires licensees to preplan and coordinate SNF shipments. The information collection associated with this requirement appears in 10 CFR 73.72, Requirement for advance notice of shipment of formula quantities of strategic special nuclear material, special nuclear material of moderate strategic significance, or irradiated reactor fuel.

Subsection 73.37(b)(1)(iv) requires licensees to preplan and coordinate SNF shipments through, or across the boundary of, any State with the Governor of that State, or with the Governors designee.

Subsection 73.37(b)(1)(vi) requires licensees to preplan and coordinate with the NRC to obtain advance approval of the routes used for road and rail shipments of SNF, and of any U.S. ports where vessels carrying SNF shipments are scheduled to stop.

Subsection 73.37(b)(2) requires licensees to notify the NRC in advance of each shipment of SNF. The notification requirements appear in 10 CFR 73.72. The information collection associated with this requirement appears in 10 CFR 73.72.

Subsections 73.37(b)(2)(i)-(iii) require that before shipping SNF within or through a State, licensees notify the State. In addition, for each participating Tribe referenced in 10 CFR 71.97(c)(3), licensees must notify the Tribal official or Tribal officials designee before transporting SNF within or across the Tribal reservation. Licensees must also notify States

14 before delivery for transport of licensed material outside the confines of the licensees facility or other place of use or storage.

Subsection 73.37(b)(2)(iv) requires a licensee to notify by telephone a responsible individual in the office of the Governor or in the office of the Governor's designee, and in the office of the Tribal official or in the office of the Tribal official's designee, of any schedule change that differs by more than 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> from the schedule information previously furnished under 10 CFR 73.37(b)(2)(iii). The licensee shall inform that individual of the number of hours of advance or delay relative to the written schedule information previously furnished.

Subsection 73.37(b)(2)(v) requires licensees that cancel a shipment for which advance notification has been sent to send a cancellation notice to the Governor or Governors designee of each State previously notified, to each Tribal official or Tribal officials designee previously notified, and to the Director of the Division of Security Policy at the NRCs Office of Nuclear Security and Incident Response. The licensee shall state in the notice that it is a cancellation and identify the advance notification being canceled.

Subsection 73.37(b)(2)(vi) requires licensees to retain a copy of the preplanning and coordination activities, advance notification, and any revision or cancellation notice as a record for 3 years.

Subsection 73.37(b)(3)(iv) requires movement control center personnel and escorts to maintain a written log for each SNF shipment, which describes the shipment and significant events that occur during the shipment. The log must be available for review by authorized NRC personnel for a period of at least 3 years following completion of the shipment.

Subsection 73.37(b)(3)(v) requires the licensee to develop, maintain, revise and implement written transportation physical protection procedures.

Subsection 73.37(b)(3)(vi) requires the licensee to retain the transportation physical protection procedures as a record for 3 years after the close of the period for which the licensee possesses the SNF.

Subsection 73.37(b)(3)(vii)(B) requires, as a part of the transportation physical protection program, that shipment escorts advise the movement control center at random intervals, not to exceed 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />, of the status of road and rail shipments, and of sea shipments while shipment vessels are docked at U.S. ports.

Subsection 73.37(b)(3)(vii)(C) requires at least one armed escort to remain alert at all times, maintain constant visual surveillance of the shipment, and periodically report to the movement control center at preset regular intervals during periods when the shipment vehicle is stopped or the shipment vessel is docked.

Subsection 73.37(b)(4)(iii) requires the licensee to retain the contingency and response procedures as a record for 3 years after the close of the period for which the licensee possesses the SNF under each license for which the plan is used. The licensee must retain superseded material for 3 years after each change.

Subsection 73.37(f) requires each licensee that makes arrangements for the shipment of SNF to immediately conduct an investigation, in coordination with the receiving licensee, of any

15 shipment that is lost or unaccounted for after the designated no-later-than arrival time in the advance notification.

Subsection 73.37(g)(iii) requires State officials, State employees, Tribal officials, Tribal employees, and other individuals who receive schedule information to protect the information from unauthorized disclosure.

Subsection 73.38(a)(2) requires the licensee to establish, implement, and maintain an access authorization program.

Subsection 73.38(c)(2)(v) specifies a 3-year recordkeeping requirement for documentation pertaining to access authorization relative to SNF in transit for any individual who has an active Federal security clearance.

Subsection 73.38(d) requires the licensee to conduct a background investigation before allowing an individual to act as an armed escort or to have unescorted access to SNF in transit.

Subsection 73.38(d)(1) requires licensees not to initiate any element of a background investigation without the informed and signed consent of the subject individual.

Subsection 73.38(d)(2) states that any individual who is required to have a background investigation under the licensees access authorization program shall disclose the personal history information that is necessary to determine the individuals trustworthiness and reliability.

Subsection 73.38(d)(3) requires the licensee to conduct fingerprinting and an FBI investigation and criminal history records check in accordance with 10 CFR 73.57, Requirements for criminal history records checks of individuals granted unescorted access to a nuclear power facility, a non-power reactor, or access to Safeguards Information. The fingerprint card Form FD-258 is indicated as an acceptable method for submitting fingerprints. Form FD-258, covered under OMB Clearance 1110-0046, states the following as the Authority for the information collection:

Authority: The FBIs acquisition, preservation, and exchange of information requested by this form is generally authorized under 28 U.S.C. 534. Depending on the nature of your application, supplemental authorities include numerous Federal statutes, hundreds of State statutes pursuant to Pub.L.92-544, Presidential executive orders, regulations and/or orders of the Attorney General of the United States, or other authorized authorities. Examples include, but are not limited to: 5 U.S.C. 9101; Pub.L. 94-29; Pub.L. 101-604; and Executive Orders 10450 and 12968. Providing the requested information is voluntary; however, failure to furnish the information may affect timely completion or approval of your application.

The licensee transmits fingerprint cards to the NRC for submission to the FBI.

Subsection 73.38(d)(5)(iv)(A) states that if a previous employer, educational institution, or any other entity with which an individual undergoing an employment history evaluation claims to have been engaged fails to provide information or indicates an inability or unwillingness to provide information, the licensee shall document this refusal or unwillingness. The licensee shall obtain a confirmation of employment, educational enrollment and attendance, or other form of engagement claimed by the individual from at least one alternate source that has not been previously used.

16 Subsection 73.38(d)(5)(vi) requires the licensee to document any telephone calls made to obtain information on employment history.

Subsection 73.38(f)(5) requires the licensee to retain all fingerprint and criminal history records received from the FBI on an individual (including data indicating no record), or copies if the files have been transferred, for 5 years from the date the individual no longer requires unescorted access or access authorization relative to SNF in transit.

Subsection 73.38(i) requires any individual who has applied for or is maintaining an access authorization to report to the reviewing official, his or her supervisor, or other management personnel designated in licensee procedures any legal action(s) taken by a law enforcement authority or court of law to which the individual has been subject that could result in incarceration or a court order that requires a court appearance.

Subsection 73.38(j) requires the licensee to develop, implement, and maintain written procedures for conducting background investigations for persons who are applying for unescorted access authorization for SNF in transit; for updating background investigations for persons who are applying for reinstatement of unescorted access or access authorization; for ensuring that persons who have been denied unescorted access or access authorization are not allowed access to or information relative to SNF in transit; and for notifying individuals who are denied unescorted access or access authorization for SNF in transit.

Subsection 73.38(l) requires the licensee to maintain records of background investigations of an individual employee for 5 years from the date the individual no longer requires access to SNF.

The licensee must also retain a copy of the access authorization program procedures as a record for 5 years after the procedures are no longer needed. In addition, the licensee must retain the list of persons approved for or denied unescorted access for 5 years after the list is superseded or replaced.

Section 73.40 requires that licensees provide physical protection at a fixed site, or contiguous sites where licensed activities are conducted, against radiological sabotage, or against theft of SNM, or against both, in accordance with the applicable sections 10 CFR Part 73 for each specific class of facility or material license. If applicable, licensees are required to establish and maintain physical security in accordance with security plans approved by the NRC. The information collection associated with this requirement appears in 10 CFR 73.20.

Section 73.45 requires that the licensee's fixed site physical protection system (required by 10 CFR 73.20) contain certain provisions, procedures, and plans. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.46(b)(1) requires that a licensee using a contract guard force for site security have a written agreement with the contractor that contains the following provisions:

The licensee is responsible to the NRC for maintaining safeguards in accordance with NRC regulations and the licensee's security plan.

The NRC may inspect, copy, and remove copies of required reports and documents.

The licensee must demonstrate the ability of the security force, including contractor personnel, to perform assigned duties.

17 This requirement is necessary to ensure that the licensee informs the security force contractor of its responsibilities.

Subsection 73.46(b)(3) requires that the licensee have a management system that includes written security procedures that document the structure of the security organization and detail the duties of the Tactical Response Team, guards, watchmen, and other individuals responsible for security. The system must also make provision for written approval of such procedures and any revisions thereto by the individual with overall responsibility for the security function. This requirement is necessary to ensure that a management system is in place, that responsibilities and duties are clearly defined, and that the security organization is adequate to provide protection in accordance with the security plan.

Subsection 73.46(b)(4) requires that the licensee may not permit an individual to act as a Tactical Response Team member, armed response person, guard, or other member of the security organization unless the individual has been trained, equipped, and qualified to perform each assigned security duty in accordance with Appendix B of this part, "General Criteria for Security Personnel." In addition, Tactical Response Team members, armed response personnel, and guards shall be trained, equipped, and qualified for use of their assigned weapons in accordance with paragraphs (b)(6) and (b)(7) of this section. Tactical Response Team members, armed response personnel, and guards shall also be trained and qualified in accordance with either paragraphs (b)(10) and (b)(11) or paragraph (b)(12) of this section. Upon the request of an authorized representative of the Commission, the licensee shall demonstrate the ability of the physical security personnel, whether licensee or contractor employees, to carry out their assigned duties and responsibilities. Each Tactical Response Team member, armed response person, and guard, whether a licensee or contractor employee, shall requalify in accordance with Appendix B of this part. Tactical Response Team members, armed response personnel, and guards shall also requalify in accordance with paragraph (b)(7) of this section at least once every 12 months. The licensee shall document the results of the qualification and requalification. The licensee shall retain the documentation of each qualification and requalification as a record for 3 years after each qualification and requalification. The burden for this information collection has been listed together with that of 10 CFR 73.46(b)(7)-(8) and 10 CFR 73.46(b)(11)(i).

Subsection 73.46(b)(7) requires that the licensee document the qualification and requalification of Tactical Response Team members, armed response personnel, and guards in day and night firing. This documentation verifies that qualification and requalification have occurred and provides a record of individual performance. The burden for this information collection has been listed together with that of 10 CFR 73.46(b)(4), 10 CFR 73.46(b)(8), and 10 CFR 73.46(b)(11)(i).

Subsection 73.46(b)(8) requires that the licensee document the training of Tactical Response Team members in response tactics. This documentation verifies that training has occurred and provides a record of individual performance. The burden for this information collection has been listed together with that of 10 CFR 73.46(b)(4), 10 CFR 73.46(7), and 10 CFR 73.46(b)(11)(i).

Subsection 73.46(b)(9) requires that the licensee notify the NRC at least 60 days in advance of each scheduled training exercise for the security force that the NRC will observe. The licensee must also document the results of all exercises. The notification requirement allows the NRC to arrange for inspectors to observe the exercise. The documentation verifies that the exercise took place and provides a record of security force performance.

Subsection 73.46(b)(10)(iii) requires that the licensee obtain a written certification by an

18 examining physician that there are no contraindications to any individual's participation in the physical fitness training program.

Subsection 73.46(b)(11)(i) requires that the licensee retain a record of each security force member's attempt to qualify or requalify by meeting or exceeding the applicable qualification criteria. This is a repetition of the requirement in 10 CFR 73.46(b)(4) and is not, in itself, an information collection.

Subsection 73.46(b)(11)(iii) states that before participating in physical performance testing, each security force member must obtain written certification from a licensed physician that there are no medical contraindications to the individuals participation in such testing.

Subsections 73.46(b)(12) and 73.46(b)(12)(i), taken together, require the licensee to submit site-specific, content-based physical fitness performance tests for NRC approval. This information is incorporated into the licensee's physical protection plan. The NRC may use the information to inspect the physical performance testing program to ensure that it is adequate to protect public health and safety. The burden for this information collection is incorporated into that of 10 CFR 73.46(b)(4).

Subsection 73.46(b)(12)(ii) states that, before the first administration of the site-specific content-based physical fitness test, and annually thereafter, all security force members shall undergo medical examination and obtain written certification from a licensed physician that there are no medical contraindications to their participation in the tests.

Subsection 73.46(d)(3) lists procedures required for the physical protection system and plan described in 10 CFR 73.20. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.46(d)(10) requires the licensee to maintain records of the findings of teams conducting drum scanning and tamper sealing of containers of contaminated waste. These records verify that the scanning took place and document the scan readings for later use in review of the waste shipments if needed.

Subsection 73.46(d)(11) requires that licensee teams verify and certify the contents of containers of SSNM being prepared for shipment offsite. These records verify the weight, assay, and tamper seal integrity of the containers.

Subsection 73.46(d)(13) requires that individuals provided escorted access to protected areas register their name, date, time, purpose of visit, employment affiliation, citizenship, and name of the individual to be visited in a log. The log serves as a record of visitors permitted access. It may be inspected to verify that access control requirements are being followed, and it facilitates any subsequent investigation of irregular events.

Subsection 73.46(g)(5) requires the establishment of procedures in support of the physical protection system and plan described in 10 CFR 73.20. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.46(g)(6) requires licensee staff to document and report to management the results of an annual independent review and audit of the security program. NRC inspectors review these records to ensure that licensee personnel independent of security management and supervision evaluate the effectiveness of the security program and report the results of the

19 review to higher management. These records must be retained for 3 years.

Subsection 73.46(h)(1) restates and provides details on the requirement in 10 CFR 73.20 for a safeguards contingency plan. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.46(h)(2) requires that licensees establish and document response arrangements with local law enforcement authorities. Such arrangements are used to verify law enforcement response capabilities and to ensure that both parties clearly understand what is expected and what assistance law enforcement authorities will provide in case of an emergency.

Subsection 73.46(h)(3) requires that the physical protection plans submitted to the NRC as required by 10 CFR 73.20 include the basis for determining the size and availability of an additional force of guards or armed response personnel. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.46(h)(4)(iii)(B) requires that licensees inform local law enforcement agencies of any detected threat and request assistance. This notification is necessary to ensure that licensees obtain law enforcement assistance to neutralize any threat to vital areas or material access areas.

Subsection 73.50(a)(3) requires certain licensees that possess, use, or store formula quantities of SSNM to maintain written security procedures that document the structure of the security organization and detail the duties of guards, watchmen, and other individuals responsible for security.

Subsection 73.50(a)(4) requires that licensees document the qualification and requalification of guards, watchmen, and other members of the security organization. This documentation verifies that qualification and requalification have occurred and provides a record of individual performance.

Subsection 73.50(c)(5) specifies that licensees must require that individuals provided escorted access to protected areas register their name, date, time, purpose of visit, employment affiliation, citizenship, name and badge number of the escort, and name of the individual to be visited in a log. The log serves as a record of visitors permitted access. It may be inspected to verify that access control requirements are being followed, and it facilitates any subsequent investigation of irregular events.

Subsection 73.50(g)(1) requires that licensees maintain an NRC-approved SCP for dealing with threats, thefts, and radiological sabotage related to SSNM and nuclear facilities. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.50(g)(2) requires that licensees establish and document response arrangements (i.e., liaison) with local law enforcement authorities. Such arrangements are used to verify law enforcement response capabilities and to ensure that both parties clearly understand what is expected and what assistance law enforcement will provide in case of an emergency.

Subsection 73.50(g)(3)(iii)(B) requires that licensees inform local law enforcement agencies of any detected threat and request assistance. This notification requirement is necessary to ensure that licensees obtain law enforcement assistance to neutralize any threat to vital areas or material access areas.

20 Subsection 73.50(h) lists requirements for the NRC-approved T&QP described in 10 CFR 73.20. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.51(d)(5) lists procedures required for the physical protection system and plan described in 10 CFR 73.20.

Subsection 73.51(d)(6) requires a licensee to establish a documented liaison with local law enforcement or a designated response force as part of the security plan.

Subsection 73.51(d)(10) lists procedures required for the physical protection system and plan described in 10 CFR 73.20.

Subsection 73.51(d)(12) requires a review of the licensees physical protection program every 24 months by individuals independent of both physical protection program management and personnel who have direct responsibility for implementation of the physical protection program.

The review must include an evaluation of the effectiveness of the physical protection system and a verification of the liaison established with the designated response force or local law enforcement agency.

Section 73.54 (in its introduction) gives the submittal deadline for NRC-approved CSPs. This requirement captures the one-time burden associated with creating and submitting CSPs. This requirement is complete.

Subsection 73.54(b)(1) requires licensees to analyze digital computer and communications systems to identify assets that must be protected. This analysis is contained in the CSP required by 10 CFR 73.54(e), and the information collection associated with this requirement appears in that subsection.

Subsection 73.54(e) requires licensees to establish, implement, and maintain an NRC-approved CSP that implements the requirements of 10 CFR 73.54, Protection of digital computer and communication systems and networks, and accounts for the site-specific conditions that affect implementation. The CSP must include measures for incident response and recovery for cyberattacks and must describe how the licensee will maintain the capability for timely detection and response to cyberattacks, mitigate the consequences of cyberattacks, correct exploited vulnerabilities, and restore systems, networks, and equipment affected by cyberattacks.

Subsection 73.54(f) requires licensees to develop and maintain written policies in support of the CSP required by 10 CFR 73.54(e). The information collection associated with this requirement appears in 10 CFR 73.54(e).

Subsection 73.55(b)(6) describes the requirement for a performance evaluation program (PEP).

The information collection associated with this requirement appears in 10 CFR 73.55(c)(4), as the T&QP documents the PEP.

Subsection 73.55(b)(7) requires licensees to document its access authorization program in its PSP. The information collection associated with this requirement appears in 10 CFR 73.55(c)(3).

Subsection 73.55(b)(8) requires licensees to establish, maintain, and implement a CSP. The

21 information collection associated with this requirement appears in 10 CFR 73.54(e).

Subsection 73.55(b)(9) requires licensees to document an insider mitigation program in its PSP.

This is a one-time requirement connected to 10 CFR 75.55(a). This requirement is complete.

Subsection 73.55(b)(10) requires licensees to develop corrective action measures. The information collection associated with this requirement appears in 10 CFR 73.55(m).

Subsection 73.55(b)(11) requires that licensees coordinate plan and procedure implementation to preclude conflict. The information collection associated with this requirement appears in 10 CFR 73.58(d), which requires the communication of potential conflicts.

Subsection 73.55(c)(1) requires licensees to include certain descriptions in security plans. The information collection associated with this requirement appears in 10 CFR 73.55(c)(3).

Subsection 73.55(c)(3) requires licensees to establish and maintain a PSP that includes the analyses and site-specific information identified in 10 CFR 73.55, Requirements for physical protection of licensed activities in nuclear power reactors against radiological sabotage.

Subsection 73.55(c)(4) requires licensees to establish, implement, and maintain a T&QP.

Subsection 73.55(c)(5) requires licensees to establish, implement, and maintain an SCP.

Subsection 73.55(c)(6) repeats the requirement for licensees to establish, implement, and maintain a CSP. The information collection associated with this requirement appears in 10 CFR 73.54(e).

Subsection 73.55(c)(7) requires licensees to establish, implement, and maintain written security procedures that implement NRC requirements and security plans.

Subsection 73.55(e)(1) requires that licensees describe barriers, barrier systems, and their functions in their PSPs. The information collection associated with this requirement appears in 10 CFR 73.55(c)(3).

Subsection 73.55(e)(2) lists records retention requirements for barrier analyses and descriptions. The information collection associated with this requirement appears in 10 CFR 73.55(c)(3).

Subsection 73.55(e)(8)(iv) requires the security plan to describe portions of barriers comprising building walls or roofs. The information collection associated with this requirement appears in 10 CFR 73.55(c)(3).

Subsection 73.55(e)(10)(ii)(A) requires licensees to identify areas from which a waterborne vehicle must be restricted and to coordinate with local, State, and Federal agencies having jurisdiction over waterway approaches to ensure that waterway approach routes are controlled.

This is a one-time requirement connected to 10 CFR 75.55(a), which requires revised documentation to support the revised requirements of this subsection. This requirement is complete for current nuclear power reactor licensees.

Subsection 73.55(f) requires licensees to document in site procedures the process used to develop and identify target sets. This documentation must cover the analyses and

22 methodologies used to determine and group the target set equipment or elements, including target set equipment or elements not contained within protected or vital areas. The information collection associated with this requirement appears in 10 CFR 73.55(c)(7).

Subsection 73.55(g)(5)(ii) requires licensees to develop certain procedures for emergency conditions. This is a one-time requirement connected to 10 CFR 75.55(a). This requirement is complete.

Subsection 73.55(g)(6)(i)(B) requires licensees to maintain a record (including name and affiliation) of all individuals to whom access control devices have been issued, and to inventory access control devices at least annually.

Subsection 73.55(g)(6)(ii)(C) requires licensees to maintain a record (including name and areas to which unescorted access is granted) of all individuals to whom photo identification badges or keycards have been issued.

Subsection 73.55(g)(6)(iii) requires licensees to issue passwords and combinations to access control personnel.

Subsection 73.55(g)(7)(i)(A) requires licensees to implement procedures for processing, escorting, and controlling visitors. This is a one-time requirement connected to 10 CFR 75.55(a). This requirement is complete for current nuclear power reactor licensees.

Subsection 73.55(g)(7)(i)(C) requires licensees to maintain a visitor control register recording all pertinent visitor information.

Subsection 73.55(g)(8)(v) requires licensees to describe visitor-to-escort ratios and implementing procedures for protected and vital areas in PSPs. This is a one-time requirement connected to 10 CFR 75.55(a). This requirement is complete for current nuclear power reactor licensees.

Subsection 73.55(h)(2)(ii) requires licensees to describe the vehicle search process for owner-controlled areas in implementing procedures. This is a one-time requirement connected to 10 CFR 75.55(a). This requirement is complete for current nuclear power reactor licensees.

Subsection 73.55(h)(3)(iv) requires licensees to describe the vehicle search process for protected areas in implementing procedures. This is a one-time requirement connected to 10 CFR 75.55(a). This requirement is complete for current nuclear power reactor licensees.

Subsection 73.55(h)(3)(v) requires licensees to describe items to be excepted from search in site procedures. This is a one-time requirement connected to 10 CFR 75.55(a). This requirement is complete for current nuclear power reactor licensees.

Subsection 73.55(i)(4)(ii)(H) requires licensees to maintain a record of all alarm annunciations, the cause of each alarm, and the disposition of each alarm.

Subsection 73.55(i)(6)(iii) requires licensees to describe how lighting requirements are met in their security plans. This is a one-time requirement connected to 10 CFR 75.55(a). This requirement is complete for current nuclear power reactor licensees.

23 Subsection 73.55(j)(6) requires that licensees account for areas where communication might be interrupted in implementing procedures. This is a one-time requirement connected to 10 CFR 75.55(a). This requirement is complete for current nuclear power reactor licensees.

Subsection 73.55(k)(5) requires licensees to document the necessary number of armed responders in their security plans. The information collection associated with this requirement appears in 10 CFR 73.55(c)(3).

Subsection 73.55(k)(6) requires licensees to document the number of armed security officers designated to strengthen onsite response capabilities in their security plans. The information collection associated with this requirement appears in 10 CFR 73.55(c)(3).

Subsection 73.55(k)(7) requires licensees to have procedures to reconstitute the documented number of available armed response personnel required to implement the protective strategy.

This is a one-time requirement connected to 10 CFR 75.55(a). This requirement is complete for current nuclear power reactor licensees.

Subsection 73.55(k)(8) requires licensees to establish, maintain, and implement a written protective strategy to be documented in procedures. The information collection associated with this requirement appears in 10 CFR 73.55(c)(7).

Subsection 73.55(k)(8)(iii) requires that licensees notify law enforcement agencies upon receipt of an alarm or other indication of a threat.

Subsection 73.55(k)(9) requires licensees to document and maintain current agreements with law enforcement agencies, including estimated response times and capabilities.

Subsection 73.55(l)(3) requires licensees to describe in their security plans the operational and administrative controls to be implemented for the receipt, inspection, movement, storage, and protection of un-irradiated mixed-oxide (MOX) fuel assemblies, and to develop a material control and accountability program to document the inventory and location of the SSNM within the assemblies. The information collections associated with this requirement are contained in 10 CFR 73.55(c)(7).

Subsection 73.55(l)(7) requires that requests for use of MOX fuel assemblies containing greater than 20 weight percent plutonium dioxide (PuO2) be reviewed and approved by the NRC before receipt of MOX fuel assemblies.

Subsection 73.55(m) requires licensees to create and maintain written reports on results and recommendations of onsite physical protection program reviews and audits, managements findings on program effectiveness, and any actions taken as a result of recommendations from prior reviews. It also requires licensees to enter findings from onsite physical protection program reviews, audits, and assessments into the site corrective action program.

Subsection 73.55(n)(1) requires licensees to establish, maintain, and implement a maintenance, testing, and calibration program, described in the PSP and implementing procedures, to include the criteria for determining when problems, failures, deficiencies, and other findings are documented in the site corrective action plan. The information collections associated with this requirement are contained in 10 CFR 73.55(c)(7).

24 Subsection 73.55(n)(7) requires licensees to specify in implementing procedures a program for testing or verifying the operability of devices or equipment located in hazardous areas. This program must define alternate measures to be taken to ensure the timely completion of testing or maintenance when the hazardous condition or other restrictions are no longer applicable.

This is a one-time requirement connected to 10 CFR 75.55(a). This requirement is complete for current nuclear power reactor licensees.

Subsection 73.55(o) requires that licensees identify and describe in their security plans criteria and measures to compensate for degraded or inoperable equipment, systems, and components to meet the requirements of 10 CFR 73.55. The information collection associated with this requirement appears in 10 CFR 73.55(c)(3).

Subsection 73.55(p)(1) requires licensees to get approval, at a minimum, from a licensed senior operator before suspending security measures during an emergency. It also requires licensees to get approval from a licensed senior operator, with input from the senior security supervisor or manager, before suspending security measures because of severe weather. The information collection associated with this requirement appears in 10 CFR 73.55(p)(3).

Subsection 73.55(p)(3) requires licensees to document the suspension of security measures in accordance with 10 CFR 73.71.

Subsection 73.55(q)(2) requires that the licensee shall maintain all records required to be kept by Commission regulations, orders, or license conditions, until the Commission terminates the license for which the records were developed, and shall maintain superseded portions of these records for at least three (3) years after the record is superseded, unless otherwise specified by the Commission. There is no information collection for this requirement.

Subsection 73.55(q)(3) requires licensees to retain any written agreement with a contracted security force for the duration of the contract.

Subsection 73.55(q)(4) requires licensees to retain all audit reports, and to make them available for inspection, for 3 years. The information collection associated with this requirement appears in 10 CFR 73.55(m).

Subsection 73.55(r) describes the process by which licensees may submit requests for alternative measures in accordance with 10 CFR 50.4, Written communications, and 10 CFR 50.90, Application for amendment of license, construction permit, or early site permit.

There is no information collection for this subsection.

Subsection 73.56(a)(4) allows a licensee or applicant to accept, in part or whole, an access authorization program implemented by a contractor or vendor (C/V). To be acceptable, access authorization programs or program elements developed, implemented, or maintained by C/Vs must meet the requirements of 10 CFR 73.56, Personnel access authorization requirements for nuclear power plants.

Subsection 73.56(d) requires a documented background investigation for any individual granted unescorted access to the protected or vital area of a nuclear power plant. This subsection requires licensees, applicants, and C/Vs to obtain written consent from individuals who are applying for unescorted access authorization before initiating background investigations. It also requires licensees, applicants, and C/Vs to inform individuals that they have the right to review information collected to ensure its accuracy; that withdrawal of consent will withdraw their

25 current application for access authorization; and that other licensees, applicants, and C/Vs will have access to information documenting the withdrawal. Licensees, applicants, and C/Vs must complete any background investigation elements that were in progress when an applicant withdrew his or her consent. They must record the individuals application for unescorted access authorization, his or her withdrawal of consent for the background investigation, the reason given for the withdrawal, if any, and any pertinent information collected from the background investigation elements that were completed. This subsection requires any individual who is applying for unescorted access authorization to disclose the personal history information that is required by the licensees, applicants, or C/Vs authorization program, as well as any other information that may be necessary for the reviewing official to make a determination of the individuals trustworthiness and reliability.

Subsection 73.56(e) requires psychological assessments of individuals applying for or having unescorted access. It requires that the licensee, applicant, or C/V enable the licensed clinical psychologist or psychiatrist conducting an assessment to communicate with other medical personnel as needed, and that the psychologist or psychiatrist advise the reviewing official of any indications or information, including medical conditions, that could adversely impact the individuals fitness for duty or trustworthiness and reliability. In the case of an individual currently granted unescorted access or access authorization, if the psychologist or psychiatrist identifies or discovers any information that could adversely impact the individuals fitness for duty or trustworthiness and reliability, he or she must inform the reviewing official of the discovery within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> and must provide the results of the evaluation and a recommendation to the reviewing official.

Subsection 73.56(f) requires each person subject to the behavior observation program to report any concerns arising from behavioral observation.

Subsection 73.56(g) requires any individual who has applied for or is maintaining unescorted access authorization to promptly report to the reviewing official any formal actions taken against him or her by a law enforcement authority or court of law, including arrests, indictments, the filing of charges, and convictions. Licensees must inform individuals of this obligation in writing before granting unescorted access or certifying unescorted access authorization.

Subsection 73.56(i) requires licensees, applicants, and C/Vs to complete a criminal history update, credit history reevaluation, and psychological reassessment of each individual with unescorted access within 5 years of the date on which these elements were last completed, or more frequently, depending on job assignment. Licensees, applicants, and C/Vs must administratively withdraw an individuals unescorted access authorization if the criminal history update, credit history reevaluation, psychological reassessment, and supervisory review have not been completed.

Subsection 73.56(j) requires licensees to establish, implement, and maintain a list of individuals who are authorized to have unescorted access to specific nuclear power plant vital areas during nonemergency conditions. This list assists in limiting nonemergency access to vital areas. The list must be approved by a cognizant licensee or applicant manager or supervisor who is responsible for directing the work activities of the individual who is granted unescorted access to each vital area, and it must be updated and reapproved no less frequently than every 31 days.

Subsection 73.56(k) requires licensees, applicants, and C/Vs to conduct background checks on individuals who collect, process, or have access to the sensitive personal information used to

26 make unescorted access determinations, increasing the scope of individuals who are subject to background checks.

Subsection 73.56(l) requires licensees to include review and notification procedures in their access authorization program. The information collection associated with this requirement appears in 10 CFR 73.55(c)(7).

Subsection 73.56(m) requires licensees, applicants, and C/Vs that collect personal information about individuals for compliance with 10 CFR 73.56 to establish and maintain a system of files and procedures to protect the personal information.

Subsection 73.56(m)(1) requires licensees and C/Vs to obtain signed consent from the subject individual that authorizes the disclosure of any personal information collected and maintained under 10 CFR 73.56 before disclosing the information. This does not apply to disclosures of such information to other licensees and applicants, or their authorized representatives, such as C/Vs, who are legitimately seeking the information for unescorted access or unescorted access authorization determinations under 10 CFR 73.56.

Subsection 73.56(m)(2) requires licensees, applicants, and C/Vs to provide copies of all records pertaining to a denial or unfavorable termination of unescorted access authorization to the subject individual or his or her designated representative upon written request.

Subsection 73.56(m)(4) requires the establishment of procedures for the secure storage and handling of personal information. The information collection associated with this requirement appears in 10 CFR 73.55(c)(7).

Subsection 73.56(n)(1) requires each licensee to ensure that its entire access authorization program is audited nominally every 24 months.

Subsection 73.56(n)(2) states that if a licensee or applicant relies upon a C/Vs program or program element to meet the requirements of 10 CFR 73.56, and if the C/V personnel providing the program services either are off site, or are on site but not under the direct daily supervision or observation of the licensees or applicants personnel, then the licensee or applicant must audit the C/Vs program or program element on a nominal 12-month frequency. This subsection also requires that any access authorization program services that a C/V receives from subcontractor personnel who are off site or are not under the direct daily supervision or observation of the C/Vs personnel must be audited on a nominal 12-month frequency. The information collection associated with this requirement appears in 10 CFR 73.56(n)(1).

Subsection 73.56(n)(6) specifies how the audits required by 10 CFR 73.56(n)(1)-(2) must be documented. The information collection associated with this requirement appears in 10 CFR 73.56(n)(1).

Subsection 73.57(a) states that each applicant for a license to operate a nuclear power reactor, as well as each entity that has provided written notice to the NRC of intent to file an application for licensing, certification, permitting, or approval of a product subject to NRC regulation, shall submit fingerprint cards for individuals who will have access to SGI. Nuclear power plant licensees shall fingerprint each individual who will have access to SGI or who will require unescorted access to the nuclear power facility.

27 Subsection 73.57(b)(1) requires that licensees fingerprint each individual who is permitted or seeking unescorted access to the nuclear power facility, unescorted access to the nonpower reactor facility (in according with 10 CFR 73.57(g)), or access to SGI.

Subsection 73.57(b)(3) requires each nuclear power reactor licensee or nonpower reactor licensee to notify fingerprinted individuals that their fingerprints will be used to secure a review of their criminal history records, and to inform them of proper procedures for revising the record or including explanation in the record.

Subsection 73.57(b)(6) requires that nuclear power reactor licensees and nonpower reactor licensees submit fingerprints to the Attorney General of the United States through the NRC.

The information collection associated with this requirement appears in 10 CFR 73.57(b)(1).

Subsection 73.57(d) provides instructions for submitting fingerprint cards. The information collection associated with this requirement appears in 10 CFR 73.57(a).

Subsection 73.57(d)(1) requires nuclear power reactor licensees and nonpower reactor licensees to obtain, complete, and send to the NRC one fingerprint record (Form FD-258) for each individual requiring unescorted access. The subsection also requires that licensees establish procedures to minimize the rejection rate of fingerprint cards. The information collection associated with this requirement appears in 10 CFR 73.57(b)(1).

Subsection 73.57(d)(2) requires the NRC to review applications for completeness and return applications that are incomplete or contain evident errors to licensees. The information collection associated with this requirement appears in 10 CFR 73.57(b)(1).

Subsection 73.57(e) states that, before making a final adverse determination, the licensee must make available to the individual the contents of records obtained from the FBI for the purpose of assuring correct and complete information, and must retain a record of receipt by the individual of this notification for 1 year from the date of the notification. If, after reviewing the record, an individual believes that it is incorrect or incomplete and wishes to make changes, corrections, or updates, or to explain any matter in the record, the individual may initiate challenge procedures.

Additionally, an individual participating in an NRC adjudication and seeking to obtain SGI for use in that adjudication may appeal a final adverse determination by the NRC.

Subsection 73.57(f)(1) requires each nuclear power reactor licensee or nonpower reactor licensee to establish and maintain a system of files and procedures to protect criminal history records and personal information from unauthorized disclosure.

Subsection 73.57(f)(3) allows each nuclear power reactor licensee or nonpower reactor licensee to transfer records on an individual to another licensee upon the individuals written request and upon verification of personal information by the gaining licensee.

Subsection 73.57(f)(4) requires nuclear power reactor licensees and nonpower reactor licensees to make records available to the NRC so that the NRC can determine compliance with regulations and laws.

Subsection 73.57(f)(5) requires nuclear power reactor licensees and nonpower reactor licensees to retain all fingerprint and criminal history records, or copies of the records, on an individual for 1 year after termination or denial of: unescorted access to the nuclear power reactor facility, nonpower reactor facility, or safeguards information.

28 Subsection 73.57(g)(1) requires a review of an individuals criminal history record by an NRC-approved reviewing official before the individual receives unescorted access to a nonpower reactor facility. The information collection associated with this requirement appears in 10 CFR 73.57(b)(1).

Subsections 73.57(g)(2)(i) and 73.57(g)(2)(ii) require nonpower reactor licensees to obtain fingerprints for a criminal history records check for each individual seeking or permitted unescorted access to vital areas or SNM in the nonpower reactor facility. The information collection associated with this requirement appears in 10 CFR 73.57(b)(1).

Subsection 73.58(b) requires licensees to assess and manage the potential for adverse effects on safety and security before implementing changes to plant configurations, procedures, facility conditions, or security. This implies that licensees need to maintain safety/security interface written procedures.

Subsection 73.58(d) requires licensees to communicate identified adverse interactions to the appropriate licensee personnel and to take compensatory and/or mitigative actions to maintain safety and security.

Subsection 73.60(e) requires licensees to establish, maintain, and follow an NRC-approved SCP. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.67(a) requires the physical protection system to respond to indications of unauthorized removal of SNM and notify the appropriate response forces of its removal in order to facilitate its recovery.

Subsection 73.67(c) requires the licensee to submit a security plan or amended security plan describing how the licensee will comply with the physical protection requirements 10 CFR 73.67. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.67(d)(11) requires the establishment of response procedures in support of the physical protection program. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.67(e)(1) requires that a licensee shipping SNM of moderate strategic significance provide advance notification to the receiver of any planned shipments, specifying the mode of transport, estimated time of arrival, location of the nuclear material transfer point, name of the carrier, and transport identification. Before commencement of the shipment, the licensee must also receive confirmation from the receiver that the receiver will be ready to accept the shipment at the planned time and location and acknowledges the specified mode of transport. The required notification and confirmation alert the intended receiver of an impending shipment and ensure that the shipper has preplanned the transportation of the material and that the receiver is ready to accept the material. It also helps ensure positive control of the material during transport and facilitates tracing of any missing material.

Subsection 73.67(e)(3) states that a licensee that arranges for the in-transit physical protection of SNM of moderate strategic significance, or that takes delivery of this material free on board the point at which it is delivered to a carrier for transport, must establish and maintain written response procedures for dealing with thefts or threats of thefts of the material. The licensee

29 must retain a copy of the procedures as a record. The licensee uses this information to provide instructions to employees for dealing with contingencies. The NRC inspects the information to verify that the licensee has developed adequate procedures for dealing with thefts or threats of thefts. Licensees must make arrangements to be notified immediately of the arrival of the shipment at its destination, or of any such shipment that is lost or unaccounted for after the estimated time of arrival at its destination. The licensee uses this information to determine that a shipment either has arrived safely or is missing. The notification gives the licensee a basis for initiating a trace investigation, which is required if a shipment is delayed or lost. Licensees must notify the NRC Operations Center within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the discovery of the loss of a shipment and within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after recovery of or accounting for a lost shipment, in accordance with 10 CFR 73.71. This notification permits the NRC to initiate or terminate a trace investigation if necessary.

Subsections 73.67(e)(4), 73.67(e)(5), and 73.67(e)(6)(i) list the retention requirements for records required by 10 CFR 73.67(c) and 10 CFR 73.67(e). Burden for records retention is captured under each specific requirement.

Subsection 73.67(e)(6)(ii) requires that a licensee that imports SNM of moderate strategic significance notify the exporter who delivered the material to a carrier for transport of the arrival of such material. The exporting licensee uses this information to determine that a shipment either has arrived safely or is missing. Such notification gives the licensee a basis for initiating a trace investigation if a shipment is delayed or lost.

Subsection 73.67(e)(7)(i) requires a shipper to provide additional information on a planned shipment upon request by the NRC. This information, if requested, is used by the NRC to determine whether it is necessary to issue orders to licensees, if it appears to the NRC that two or more shipments of SNM of moderate strategic significance, whose total amount is equal to or greater than a formula quantity of SSNM, may be en route at the same time.

Subsection 73.67(e)(7)(ii) requires that the receiver, or the shipper if the receiver is not a licensee, notify the NRC by telephone within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> after the arrival of a shipment at its final destination, or after the shipment has left the United States as an export. This notification permits the NRC to confirm the integrity of the shipment at the time of receipt or exit from the United States.

Subsection 73.67(f)(4) requires the establishment of response procedures in support of the physical protection program. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsections 73.67(g)(1)-(2) require that a licensee shipping SNM of low strategic significance provide advance notification to the receiver of any planned shipments, specifying the mode of transport, estimated time of arrival, location of the nuclear material transfer point, name of the carrier, and transport identification. Before commencement of the shipment, the licensee must also receive confirmation from the receiver that the receiver will be ready to accept the shipment at the planned time and location and acknowledges the specified mode of transport. The receiving licensee must notify the shipper of the receipt of the material in accordance with 10 CFR 74.15, Nuclear material transaction reports. The required notifications and confirmation ensure that the shipper has preplanned the transportation of the material and that the receiver is ready to accept the material. They also help ensure positive control of the material during transport and traceability of any missing material.

30 Subsection 73.67(g)(3)(i) requires the establishment of response procedures in support of the physical protection program. The information collection associated with this requirement appears in 10 CFR 73.20.

Subsection 73.67(g)(3)(ii) requires that a shipper of SNM of low strategic significance make arrangements to be notified immediately of the arrival of the shipment at its destination, or of any such shipment that is lost or unaccounted for after the estimated time of arrival at its destination. The licensee uses this information to determine that a shipment either has arrived safely or is missing. The notification gives the licensee a basis for initiating a trace investigation if a shipment is delayed or lost.

Subsection 73.67(g)(3)(iii) requires that a licensee notify the NRC Operations Center within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the discovery of the loss of a shipment and within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after recovery of or accounting for a lost shipment, in accordance with 10 CFR 73.71. This notification permits the NRC to initiate or terminate a trace investigation if necessary.

Subsection 73.67(g)(4) lists the records retention requirements for materials export records.

Burden associated with records retention is reported under each specific requirement.

Subsection 73.67(g)(5)(i) lists the records retention requirements for materials import records.

Burden associated with records retention is reported under each specific requirement.

Subsection 73.67(g)(5)(ii) requires that a licensee notify the person who delivered material to a carrier for transport of the arrival of the material. The licensee uses this information to determine that a shipment either has arrived safely or is missing. The notification gives the licensee a basis for initiating a trace investigation if a shipment is delayed or lost.

Subsection 73.70(a) requires that the licensee keep a record of the names and addresses of all authorized individuals. This information serves to identify those responsible for surveillance of SNM, and to limit the number of individuals with such responsibility. It identifies persons who had access if an investigation proves necessary and provides verification, during inspections, that designation and access control procedures are being properly conducted.

Subsection 73.70(b) requires that the licensee keep a record of the names, addresses, and badge numbers of all individuals authorized to have access to vital equipment or SNM, and the vital areas and material access areas to which authorization is granted. This record provides formal access authorization control. It provides verification that access control requirements are being met and serves to limit the number of individuals with such access.

Subsection 73.70(c) requires that the licensee keep a register of visitors, vendors, and other individuals not employed by the licensee. The information collections associated with this requirement appear in 10 CFR 73.46, 10 CFR 73.50, and 10 CFR 73.55.

Subsection 73.70(d) requires that the licensee keep a log of all individuals granted access to a vital area, except those individuals entering or exiting the reactor control room. This record shows who had access to vital areas. It is inspected to assess licensee performance in minimizing unnecessary access. It can also provide data to aid an investigation of an irregular event.

31 Subsection 73.70(e) requires that the licensee keep documentation of all routine security tours and inspections, and of all tests, inspections, and maintenance performed on physical barriers, intrusion alarms, communications equipment, and other security-related equipment. This documentation provides a record of security tours, tests, and maintenance and allows verification during inspections of the frequency of tests and prompt maintenance after failures.

It also provides an equipment maintenance history that is useful in evaluating operating performance.

Subsection 73.70(f) requires that the licensee keep a record at each onsite alarm annunciation location of each alarm, false alarm, alarm check, and tamper indication. The licensee must also record details of response by facility guards and watchmen to each alarm, intrusion, or other security incident. This includes all types of signals sent to the alarm systems main computer, including authorized door openings and closings. The record provides verification that alarms are operating properly, that licensees respond properly, and that operational checks are conducted in accordance with the regulations. It also facilitates evaluation of the long-term reliability of the alarm system.

Subsection 73.70(g) requires that the licensee keep a record of shipments of SNM subject to the requirements of 10 CFR Part 73, including names of carriers, major roads to be used, flight numbers for air shipments, dates and expected times of departure and arrival of shipments, verification of communication equipment on board the transfer vehicle, names of individuals who are to communicate with the transport vehicle, container seal descriptions and identification, and other details to confirm compliance with protection requirements. The licensee must also record information obtained during the course of the shipment, such as reports of all communications, changes of shipping plan (including monitor changes), trace investigations, and other information. These records serve as a part of the material control system by documenting bulk inventory change at any given plant. They also provide an audit trail and experience base for evaluating the transportation process at a later time.

Subsection 73.70(h) requires that the licensee maintain written procedures for controlling access to protected areas and for controlling access to keys for locks used to protect SNM.

These procedures aid in access control and lock and key control. They also serve as a record that may be inspected to assess the licensee's performance in minimizing access and providing adequate control of key and lock operations.

Subsection 73.71(a) requires that each licensee subject to the provisions of 10 CFR 73.25, 10 CFR 73.26, 10 CFR 73.27(c), 10 CFR 73.37, 10 CFR 73.67(e), or 10 CFR 73.67(g) notify the NRC Operations Center within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the discovery of the loss of any shipment of SNM or SNF and within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after recovery of or accounting for such a lost shipment. This notification permits the NRC to initiate or terminate a trace investigation if necessary. Each such licensee must follow the initial telephonic notification with a written report to the NRC within 60 days.

This report permits the NRC to analyze and evaluate the event and subsequent recovery efforts.

The licensee must make a follow-up telephonic notification and written report to the NRC if any significant supplemental information is discovered or if corrections to previous reports are necessary. The licensee must retain copies of the written reports as a record for 3 years.

Subsection 73.71(b) requires that each licensee subject to the provisions of 10 CFR 73.20, 10 CFR 73.37, 10 CFR 73.50, 10 CFR 73.55, 10 CFR 73.60, or 10 CFR 73.67 notify the NRC Operations Center within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the discovery of a theft or attempted theft or unlawful diversion of SNM.

32 Each licensee subject to the provisions of 10 CFR 73.20, 10 CFR 73.37, 10 CFR 73.50, 10 CFR 73.51, 10 CFR 73.55, or 10 CFR 73.60, or possessing SSNM and subject to 10 CFR 73.67, must notify the NRC Operations Center within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the discovery of the following:

actual or attempted significant physical damage to a nuclear power reactor or any facility possessing SSNM or its equipment or carrier equipment transporting nuclear fuel or SNF, or to the nuclear fuel or SNF a facility or carrier possesses actual or attempted interruption of normal operation of a licensed nuclear power reactor through the unauthorized use of or tampering with its machinery, components, or controls, including the security system an actual entry of an unauthorized person into a protected area, material access area, controlled access area, vital area, or transport; or any failure, degradation, or discovered vulnerability in a safeguard system that could allow unauthorized or undetected access to one of the above areas, for which compensatory measures have not been employed Each licensee subject to the provisions of 10 CFR 73.20, 10 CFR 73.37, 10 CFR 73.50, 10 CFR 73.51, 10 CFR 73.55, or 10 CFR 73.60 must notify the NRC Operations Center within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the discovery of an event involving actual or attempted introduction of contraband into one of the above areas. The NRC requires the reports made pursuant to 10 CFR 73.71 so that it may evaluate the significance of events and determine whether a change in a licensee's safeguards plan is needed and whether a report to Congress is necessary in accordance with Section 208 of the Energy Reorganization Act of 1974, as amended. The NRC also needs the safeguards event reports to develop a database to help identify generic problems and give feedback to licensees for improving their safeguards systems.

Subsection 73.71(c) requires that each licensee subject to the provisions of 10 CFR 73.20, 10 CFR 73.37, 10 CFR 73.50, 10 CFR 73.51, 10 CFR 73.55, or 10 CFR 73.60, or possessing SSNM and subject to 10 CFR 73.67(d), must maintain a current log and record the safeguards events described in Subsections II(a)-(b) of Appendix G, Reportable Safeguards Events, to 10 CFR Part 73, within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> of discovery by a licensee employee or member of the licensee's contract security organization.

Subsection 73.71(d) provides guidance for submitting the 60-day reports required under the foregoing provisions of 10 CFR 73.71. It states that nuclear power reactor licensees must submit the written report using NRC Form 366, Licensee Event Report. Other licensees must submit the written report in letter format. NRC Form 366 has previously been cleared under OMB No. 3150-0104, which should be referred to for additional supporting information and burden and cost data. Both the licensee and the NRC need to maintain copies of the reports, for the following reasons. The licensee must maintain copies to perform the yearly security audit required by 10 CFR 73.46(g)(6) for fuel facilities and by 10 CFR 73.55(g)(4) for power reactors. This audit evaluates the effectiveness of the security systems at these facilities. Also, in order to maintain the level of security deemed adequate by the NRC, the licensee must observe and analyze the operational aspects of its security system. This requires the maintenance and analysis of records such as those for security events. The NRC maintains copies of security event records to conduct analyses to identify and characterize generic and facility-specific precursors to certain safeguards events. Improving its ability to identify generic precursors or defects allows the NRC to initiate corrective action, if needed, before a vulnerability can adversely affect public health and safety.

33 Section 73.72 states that licensees shipping a formula quantity of SSNM, SNM of moderate strategic significance, or irradiated reactor fuel that must be protected pursuant to 10 CFR 73.37, Requirements for physical protection of irradiated reactor fuel in transit, must notify the NRC in writing at least 10 days before shipment, providing shipment details and itinerary, and must notify the NRC by telephone of the transmittal of the advance notice and of any changes to the shipment itinerary. Such notification allows the NRC to review shipment details and schedule appropriate monitoring of the shipment. It also allows verification of shipment details during inspections.

Section 73.73 requires licensees exporting SNM of low strategic significance to notify the NRC in writing at least 10 days before shipment, providing shipment details and itinerary. Licensees may notify the NRC by telephone of any changes to the shipment details or itinerary. Such notification allows the NRC to review shipment details and schedule appropriate monitoring of the shipment. It also allows verification of shipment details during inspections.

Section 73.74 requires licensees importing SNM of low strategic significance from a country not a party to the Convention on the Physical Protection of Nuclear Material to notify the NRC in writing at least 10 days before shipment, providing shipment details and itinerary. Licensees may notify the NRC by telephone of any changes to the shipment details or itinerary. Such notification allows the NRC to review shipment details and schedule appropriate monitoring of the shipment. It also allows verification of shipment details during inspections.

Subsection 73.77(a)(1) requires licensees subject to the provisions of 10 CFR 73.54 to notify the NRC Operations Center of the cybersecurity events identified at 10 CFR 73.77(a)(1) through the Emergency Notification System within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after discovery. Notifications must be made according to 10 CFR 73.77(c).

Subsection 73.77(a)(2) requires licensees subject to the provisions of 10 CFR 73.54 to notify the NRC Operations Center of the cybersecurity events identified at 10 CFR 73.77(a)(2)(i)-(iii) through the Emergency Notification System within 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> after discovery. Notifications must be made according to 10 CFR 73.77(c).

Subsection 73.77(a)(3) requires licensees subject to the provisions of 10 CFR 73.54 to notify the NRC Operations Center of the cybersecurity events identified at 10 CFR 73.77(a)(3) through the Emergency Notification System within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> after discovery. Notifications must be made according to 10 CFR 73.77(c).

Subsection 73.77(b) requires licensees subject to the provisions of 10 CFR 73.54 to record cybersecurity events identified at 10 CFR 73.77(b) using the site corrective action program within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> after discovery.

Subsections 73.77(c)(1)-(4) describe the notification process. Burden for these notifications is captured under 10 CFR 73.77(a)(1)-(3).

Subsection 73.77(d) requires licensees making an initial telephonic notification of cybersecurity events to the NRC according to the provisions of 10 CFR 73.77(a)(1), 10 CFR 73.77(a)(2)(i),

and 10 CFR 73.77(a)(2)(iii) to also submit a written security follow-up report to the NRC within 60 days of the telephonic notification, using NRC Form 366. Licensees are not required to submit a written security follow-up report following a telephonic notification made under 10 CFR 73.77(a)(2)(iii) and 10 CFR 73.77(a)(3).

34 Subsection 73.77(d)(12) requires licensees to maintain a copy of the written security follow-up report of an event submitted under 10 CFR 73.77, Cyber security event notifications, as a record for a period of 3 years from the date of the report or until the NRC terminates the license for which the records were developed, whichever comes first.

Appendix B, General Criteria for Security Personnel, to 10 CFR Part 73 sets the minimum training and qualification criteria for security personnel. Much of the information in this appendix repeats requirements listed earlier in this part with more detail. Where the appendix identifies new or additional requirements, they are captured below.

Subsection VI B.4.a.1 of Appendix B to 10 CFR Part 73 requires licensees to obtain and retain a written certification from a licensed physician that no medical conditions were disclosed by the medical examination that would preclude the individuals ability to participate in the physical fitness tests or meet the physical fitness attributes or objectives associated with assigned duties.

Subsection VI B.4.b.4 of Appendix B to 10 CFR Part 73 requires that a qualified training instructor document the physical fitness qualification of each armed member of the security organization, and that this qualification be attested to by a security supervisor. The information collection for this requirement includes the requalification requirement contained in Section VI B.5.b of Appendix B.

Subsection VI B.5.b of Appendix B to 10 CFR Part 73 requires that a qualified training instructor document the physical fitness requalification of each armed member of the security organization, and that this requalification be attested to by a security supervisor. The information collection associated with this requirement appears in Subsection VI B.4.b.4 of Appendix B.

Subsection VI C.2.b of Appendix B to 10 CFR Part 73 requires that a licensee training instructor document, and a security supervisor attest to, each individuals on-the-job training.

Subsection VI C.3.a of Appendix B to 10 CFR Part 73 requires licensees to develop, implement, and maintain a documented PEP. The PEP shall be referenced in the T&QP. This is a one-time requirement connected to 10 CFR 75.55(a).

Subsection VI C.3.g of Appendix B to 10 CFR Part 73 requires each tactical response drill and force-on-force exercise to include a documented post-exercise critique in which participants identify failures, deficiencies, or other findings.

Subsection VI C.3.h of Appendix B to 10 CFR Part 73 requires documentation of scenarios and participants for all drills and exercises. The information collection associated with this requirement appears in Subsection VI C.3.g of Appendix B.

Subsection VI C.3.i of Appendix B to 10 CFR Part 73 requires licensees to enter findings, deficiencies, and failures identified in drills and exercises into the corrective action program.

The information collection associated with this requirement appears in Subsection VI C.3.g of Appendix B.

35 Subsection VI C.3.m of Appendix B to 10 CFR Part 73 requires licensees to develop and document scenarios for drills and exercises. The information collection associated with this requirement appears in Subsection VI C.3.g of Appendix B.

Subsection VI E.1.b of Appendix B to 10 CFR Part 73 requires licensees to use firearms instructors who are certified from a national or state recognized entity. Each instructors certification must specify the weapon type(s) for which the instructor is qualified to teach.

Firearms instructors shall be recertified in accordance with the standards recognized by the certifying national or state entity, but in no case shall recertification exceed 3 years.

Subsection VI E.1.d of Appendix B to 10 CFR Part 73 requires licensees to include in the T&QP the following additional standards: target identification and engagement, weapon malfunctions, cover and concealment, and weapon familiarization. This is a one-time requirement whose burden is included in 10 CFR 73.55(a).

Subsection VI F.1.b of Appendix B to 10 CFR Part 73 requires licensees to document and retain the results of weapons qualification and requalification.

Subsection VI F.2 of Appendix B to 10 CFR Part 73 requires that a licensees written T&QP describe the firearms used, the firearms qualification program, and other tactical training required to implement the licensees NRC-approved security plans, protective strategy, and implementing procedures. This is a one-time requirement whose burden is included in 10 CFR 73.55(a).

Subsection VI F.5.a of Appendix B to 10 CFR Part 73 requires licensees to requalify armed members of the security organization for each assigned weapon at least annually, in accordance with NRC requirements and the NRC-approved T&QP, and to document and retain the results as a record. The information collection associated with this requirement appears in Subsection VI F.1.b of Appendix B.

Subsection VI G.3.a of Appendix B to 10 CFR Part 73 requires licensees to include in the T&QP a firearms maintenance and accountability program to ensure that weapons and ammunition are properly maintained, function as designed, and are properly stored and accounted for. This is a one-time requirement whose burden is included in 10 CFR 73.55(a).

Subsection VI H.1 of Appendix B to 10 CFR Part 73 requires licensees to retain all reports, records, or other documentation required by Appendix B in accordance with the requirements of 10 CFR 73.55(q). The burden for this requirement is included in each specific recordkeeping requirement.

Appendix C, Licensee Safeguards Contingency Plans, to 10 CFR Part 73 describes the specific requirements for the SCP required by 10 CFR 73.20 and 10 CFR 73.55(c)(5). There are no additional information collections in Appendix C.

Appendix G to 10 CFR Part 73 clarifies the requirements for reporting safeguards events.

Safeguards events provide a vehicle for feedback to licensees about the effectiveness of safeguards systems. Some safeguards events require immediate response by the NRC. Under 10 CFR 73.71, these events must be reported within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> of detection of their occurrence to permit timely response by NRC regional and headquarters staff; licensees must provide a written report within 60 days. Other safeguards events, while less significant, must be reported to determine trends in deficiencies in safeguards systems. The NRC has established a program

36 for collecting and analyzing all pertinent safeguards data. The NRC enters these data immediately into its database and begins analysis as soon as the data are entered. Upon completion of the analysis, the NRC initiates appropriate action and response. To achieve program objectives, a standardized level of detail is required for the evaluation of safeguards events. Analysis results are used to improve regulations for facilities, to prepare for inspections, and to give feedback to licensees for improving their safeguards systems.

Confirmatory Action Letter (CAL), No. NRR-02-005, dated October 28, 2002, requires research and test reactors (currently called nonpower reactors) to establish a physical security and access authorization program. The implementation plans were submitted for this CAL when the compensatory measures were first issued, in 2003 and 2005, and there are currently no submissions. Compensatory measures have now been incorporated into the PSP. Burden for ongoing recordkeeping is captured in the estimates for establishing and maintaining NRC-approved PSPs, T&QPs, and SCPs.

37 10 CFR PART 73 GUIDANCE DOCUMENTS1 1

This list is not all-inclusive.

Title Agencywide Documents Access and Management System (ADAMS)

Accession No. or Link RG 1.206, Combined License Applications for Nuclear Power Plants, Rev. 1, October 2018NRC ML18131A181 Regulatory Guides (RGs)Materials and Plant Protection (Division 5) https://www.nrc.gov/reading-rm/doc-collections/reg-guides/protection/rg/

RG 7.13, Transportation Security Plans for Classified Matter Shipments, Rev. 0, June 2015 ML14287A484 (nonpublic)

NUREG-0561, Physical Protection of Shipments of Irradiated Reactor Fuel, Rev. 2, April 2013 ML13120A230 NUREG-1619, Standard Review Plan for Physical Protection Plans for the Independent Storage of Spent Fuel and High-Level Radioactive Waste, July 1998 ML020720453 Generic Letter 91-03, Reporting of Safeguards Events, March 6, 1991 ML031140131 Nuclear Energy Institute (NEI) 03-12, Template for the Security Plan, Training and Qualification Plan, Safeguards Contingency Plan, [and Independent Spent Fuel Storage Installation Security Program], Rev. 7, October 2011 ML112800379 plus an SGI document NEI 03-12, Template for the Security Plan, Training and Qualification Plan, Safeguards Contingency Plan, [and Independent Spent Fuel Storage Installation Security Program], Rev. 7.1, January 2018 ML18137A359 plus an SGI document NEI 08-09 (NRC-endorsed), Cyber Security Plan for Nuclear Power Reactors, Rev. 6, April 2010 ML101180437 NEI 08-09 (NRC-endorsed), Addendum 7, Evaluating and Documenting Use of Alternative Cyber Security Controls/Countermeasures, December 2018 ML19058A511 NEI 11-08 (NRC-endorsed), Guidance on Submitting Security Plan Changes, Rev. 0, August 2012 ML12216A194 NEI 99-02, Regulatory Assessment Performance Indicator Guideline, Rev. 6, October 2009 ML092931123