Text

June 10, 2021 Dr. Gregory Piefer, Chief Executive Officer SHINE Medical Technologies, LLC 101 East Milwaukee Street, Suite 600 Janesville, WI 53545

SUBJECT:

SHINE MEDICAL TECHNOLOGIES, LLC REGULATORY AUDIT OF CYBER SECURITY TOPICS RELATED TO SHINE OPERATING LICENSE APPLICATION (EPID NO. L-2019-NEW-0004)

Dear Dr. Piefer:

By letter dated July 17, 2019 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML19211C044), as supplemented by letters dated November 14, 2019 (ADAMS Accession No. ML19337A275), March 27, 2020 (ADAMS Accession No. ML20105A295), August 28, 2020 (ADAMS Accession No. ML20255A027),

November 13, 2020 (ADAMS Accession No. ML20325A026), December 10, 2020 (ADAMS Accession No. ML20357A084), December 15, 2020 (ADAMS Accession No. ML21011A264),

and March 23, 2021 (ADAMS Accession No. ML21095A235). SHINE Medical Technologies, LLC (SHINE) submitted to the U.S. Nuclear Regulatory Commission (NRC) an operating license application for its proposed SHINE Medical Isotope Production Facility in accordance with the requirements contained in Title 10 of the Code of Federal Regulations Part 50, Domestic Licensing of Production and Utilization Facilities.

To support its review of cyber security topics described in SHINEs operating license application, the NRC staff will conduct a virtual regulatory audit on June 15, 2021, to gain a better understanding of the application. The audit may include review of documentation and discussions with SHINE personnel and management. The audit plan in Enclosure 1 provides additional details of the objective and scope of the audit. To facilitate an efficient audit, please provide ready access to the necessary documentation identified in the audit topics as part of (ADAMS Accession No. ML21161A125).

Following completion of the audit, the NRC staff will provide an audit summary. The summary will include a description of any information identified during the audit that will need to be docketed to supplement the application and allow the NRC staff to continue its review.

G. Piefer If you have any questions, please contact me at (301) 415-1524, or by electronic mail at Steven.Lynch@nrc.gov.

Sincerely, Signed by Lynch, Steven on 06/10/21 Steven T. Lynch, Senior Project Manager Non-Power Production and Utilization Facility Licensing Branch Division of Advanced Reactors and Non-Power Production and Utilization Facilities Office of Nuclear Reactor Regulation Docket No. 50-608 Construction Permit No. CPMIF-001

Enclosures:

As stated cc: See next page

SHINE Medical Technologies, LLC Docket No. 50-608 cc:

Jeff Bartelme Licensing Manager SHINE Medical Technologies, LLC 101 East Milwaukee Street, Suite 600 Janesville, WI 53545 Nathan Schleifer General Counsel SHINE Medical Technologies, LLC 101 East Milwaukee Street, Suite 600 Janesville, WI 53545 Christopher Landers Director, Office of Conversion National Nuclear Security Administration, NA 23 U.S. Department of Energy 1000 Independence Avenue, SW Washington, DC 20585 Mark Paulson Supervisor Radiation Protection Section Wisconsin Department of Health Services P.O. Box 2659 Madison, WI 53701-2659 Test, Research and Training Reactor Newsletter Attention: Amber Johnson Dept. of Materials Science and Engineering University of Maryland 4418 Stadium Drive College Park, MD 20742-2115 Mark Freitag City Manager P.O. Box 5005 Janesville, WI 53547-5005 Bill McCoy 1326 Putnam Avenue Janesville, WI 53546 Alfred Lembrich 541 Miller Avenue Janesville, WI 53548

PKG. ML21161A116, LTR. ML21161A115, Encl. ML# 21161A125 OFFICE NRR/DANU/PM NRR/DANU/LA NRR/DANU/BC NRR/DANU/PM NAME SLynch NParker JBorromeo SLynch DATE 06/10/2021 6/10/2021 06/10/2021 06/10/2021 OFFICE OF NUCLEAR REACTOR REGULATION REGULATORY AUDIT PLAN REGARDING CYBER SECURITY TOPICS DESCRIBED IN OPERATING LICENSE APPLICATION CONSTRUCTION PERMIT NO. CPMIF-001 SHINE MEDICAL TECHNOLOGIES, LLC SHINE MEDICAL ISOTOPE PRODUCTION FACILITY DOCKET NO. 50-608

Background

The U.S. Nuclear Regulatory Commission (NRC) staff is continuing its review of the SHINE Medical Technologies, LLC (SHINE) operating license application, submitted July 17, 2019 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML19211C044), as supplemented by letters dated November 14, 2019 (ADAMS Accession No. ML19337A275), March 27, 2020 (ADAMS Accession No. ML20105A295), August 28, 2020 (ADAMS Accession No. ML20255A027), November 13, 2020 (ADAMS Accession No. ML20325A026), December 10, 2020 (ADAMS Accession No. ML20357A084), and December 15, 2020 (ADAMS Accession No. ML21011A264), and March 23, 2021 (ADAMS Accession No. ML21095A235). This regulatory audit is intended to assist the NRC staff in its review of cyber security topics described in the SHINE final safety analysis report (FSAR),

submitted as part of SHINEs operating license application.

Regulatory Bases for the Audit The purpose of this audit is to support the NRC staffs review of the licensees cyber security topics in accordance with the applicable regulatory requirements of Title 10 of the Code of Federal Regulations and applicable guidance.

Regulatory Scope for the Audit The NRC staff will review the SHINE FSAR, technical specification (TS) requirements, and supporting reference documentation related to SHINE cyber security topics. This audit will provide information necessary to continue the NRC staffs evaluation of the SHINE operating license application. In addition, the regulatory audit may identify additional information that will be required to be docketed to support the basis of the licensing decision and will allow NRC staff to more efficiently gain insights on the operating license application. To support this audit, the NRC staff will review documentation and participate in teleconference and video conference discussions with the licensee.

Enclosure 1

Information Needed for the Audit SHINE should be prepared to support the NRC staff by having a copy of SHINEs FSAR, including information related to SHINEs cyber security topics readily available. Additionally, the licensee should be prepared to provide supporting documents and reports to support the analysis documented in the FSAR, bases for TSs, or rationale for any required plans and procedures, as necessary.

Audit Team The NRC staff performing this audit will be:

Steven Lynch, Senior Project Manager Daniel Warner, Cyber Security Specialist Audit Team Logistics The audit will take place on June 15, 2021. The audit may be extended, as needed, until the NRC staff has an adequate understanding of the issues to be addressed to facilitate the continued review of the operating license application. Audit activities may be conducted as teleconferences and video conferences, as appropriate and efficient to the gathering of information by the NRC staff. Additional audit activities may be planned in advance, as necessary, to support the understanding of information necessary to facilitate the continued review of the operating license application.

Deliverables At the completion of the regulatory audit the NRC staff will issue requests for additional information within 30 days after the audit and issue a regulatory audit summary within 90 days after the audit. The regulatory audit summary will include the documents reviewed and the audit activities performed.

Audit Topics and Questions The topics and questions for discussion during the regulatory audit are primarily based on the regulatory audit topics (ADAMS Accession No. ML21161A125).

Proposed Audit Schedule (Eastern Daylight Time)

Tuesday, June 15, 2021 10:00 AM Entrance meeting 10:10 AM Audit discussions 11:50 AM Summary and exit meeting 12:00 PM End audit