ML21264A126
| ML21264A126 | |
| Person / Time | |
|---|---|
| Site: | 07003103 |
| Issue date: | 11/08/2021 |
| From: | Matt Bartlett NRC/NMSS/DFM/FFLB |
| To: | Jacob Zimmerman NRC/NMSS/DFM/FFLB |
| M BARTLETT NRC/NMSS/DFM/FFLB 3014157154 | |
| Shared Package | |
| ML21264A124 | List: |
| References | |
| Download: ML21264A126 (5) | |
Text
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
. Zimmer UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 November 8, 2021 MEMORANDUM TO: Jacob I. Zimmerman, Chief Fuel Facility Licensing Branch Division of Fuel Management Office of Nuclear Material Safety and Safeguards FROM: Matthew Bartlett, Project Manager Fuel Facility Licensing Branch Division of Fuel Management Matthew Digitally signed by Matthew A. Bartlett Office of Nuclear Material Safety and Safeguards A. Bartlett Date: 2021.11.08 16:44:36 -05'00'
SUBJECT:
SUMMARY
OF CLOSED CALL HELD WITH LOUISIANA ENERGY SERVICES D.B.A. URENCO USA ON SEPTEMBER 15, 2021, TO DISCUSS THE CONDITIONS FOR THE INTERIM AUTHORIZATION TO OPERATE On September 15, 2021, the U.S. Nuclear Regulatory Commission (NRC) staff held a closed call with representatives from Louisiana Energy Services d.b.a. Urenco USA (UUSA). The purpose of the call was to discuss the conditions imposed on UUSA as part of the interim authorization to operate the classified networks issued on July 30, 2021 (Agencywide Documents Access and Management System Accession No. ML21208A201). The NRC staff provided the reasoning and regulatory basis for imposing the conditions, the primary of which is to implement the National Institute of Standards and Technology (NIST) Special Publications (SP) 800-53, Revision 5. The UUSA staff discussed the status of their efforts and requested additional guidance. The NRC staff provided several references to additional information that UUSA can use to inform their implantation efforts.
A list of participants is provided as Enclosure 1. Enclosure 2 provide a list of the reference information the NRC provided to facilitate implementing NIST SP 800-53, Revision 5. And a further description of the meeting is provided in the non-public Enclosure 3.
CONTACT: Matthew Bartlett, NMSS/DFM 301-415-7154
Enclosures:
A document transmitted herewith
- 1. Participants List contains Security-Related
- 2. Reference Information Information. When separated from
- 3. Meeting Summary (non-public) Enclosures 3, this document and Enclosures 1 and 2 are cc: gle@listmgr.nrc.gov decontrolled.
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
ML21264A124(Pkg) ML21264A126(Memo/Enclosures 1 & 2)
ML21264A125(Encl3)*via email OFFICE NMSS/DFM/PM* NMSS/DFM/LA* NMSS/DFM/BC*
NAME MBartlett ELee JZimmerman DATE 10/25/2021 9/21/2021 10/21/2021 OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION PARTICIPANTS LIST Name Organization A. Blake Bixenman Urenco, USA Wyatt Padgett Urenco, USA Chris Schwarz Urenco, USA U.S. Nuclear Regulatory Commission Mike Mangefrida (NRC)/Office of Chief Information Officer (OCIO)
Garo Nalabandian, Garo NRC/OCIO Norman St. Amour NRC/Office of the General Counsel (OGC)
Howard Benowitz NRC/OGC Office of Nuclear Material Safety and Daniel Mussatti Safeguards (NMSS) /Division of Rulemaking, Environmental, and Financial Support (REFS)
Leonard Pitts NRC/Region II (RII)
Lindsey Cooke NRC/RII Roland Womack NRC/RII Jim Hutson NRC Contractor (AFM, LLC)
NRC/Office of Nuclear Security and Incident Mike McCoppin Response (NSIR)
Charity Pantalo NRC/NSIR J. Keith Everly NRC/NSIR Jacob Zimmerman NRC/NMSS Matt Bartlett NRC/NMSS Enclosure 1 OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION Reference Information to Support Implementation of National Institute of Standards and Technology NIST SP 800-53, Revision 5 The following information resources were provided to Louisiana Energy Services dba Urenco USA to inform their implementation of the National Institute of Standards and Technology (NIST) SP 800-53, Revision 5. The items are listed in a hierarchal order.
- The Federal Information Security Modernization Act of 2014 (FISMA) requires each Federal agency to develop, document, and implement an agencywide program to provide information security for the information and systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other sources.
- The legislation that has codified the National Industrial Security Program Operations Manual as 32 Code of Federal Regulations (CFR) 117. Information Technology is referenced in 32 CFR 117.18 and outlines the authority and role of the Authorizing Official.
- The NIST SP 800-37, Revision 2 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy is specifically called out in 32 CFR 117.18 as guidance to develop a Risk Management Framework. The direct link may be found on the right-hand side of the linked page or you may download it directly here: https://doi.org/10.6028/NIST.SP.800-37r2
- The CNSS Policy 22 Policy on Information Assurance Risk Management for National Security Systems along with CNSSI 1254 Risk Management Framework Documentation, Data Elements Standards, and Reciprocity Process for National Security Systems (Note: The CNSS site appears to be down, but the document is available at https://rmf.org/wp-content/uploads/2017/10/CNSSI-1254.pdfare) the companion to 800-37.
- Federal Information Processing Standards (FIPS) 199 Standards for Security Categorization of Federal Information and Information Systems provides a standard for categorizing Federal information and information systems according to an agency's level of concern for confidentiality, integrity, and availability and the potential impact on agency assets and operations should their information and information systems be compromised through unauthorized access, use, disclosure, disruption, modification, or destruction. The direct link may be found on the right hand side of the linked page or you may download it directly here: https://doi.org/10.6028/NIST.FIPS.199
- NIST SP 800-60, Volume 1, Revision 1 Guide for Mapping Types of Information and Information Systems to Security Categories The revision to Volume I contains the basic guidelines for mapping types of information and information systems to security categories. The direct link may be found on the right-hand side of the linked page or you may download it directly here: https://doi.org/10.6028/NIST.SP.800-60v1r1
- NIST SP 800-60, Volume 2, Revision 1 Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices The appendices contained Enclosure 2 OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION include security categorization recommendations and rationale for mission-based and management and support information types. The direct link may be found on the right-hand side of the linked page or you may download it directly here:
https://doi.org/10.6028/NIST.SP.800-60v2r1
- CNSSI Number 1253 Security Categorization and Control Selection for National Security Systems, provides all Federal Government departments, agencies, bureaus, and offices with guidance on the first two steps of the Risk Management Framework, Categorize and Select, for national security systems.
- The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 5 Security and Privacy Controls for Information Systems and Organizations . This link will get you to the main page with the abstract and other helpful tools. On the right hand side, you will find a link to the actual document or you may click here to directly download: https://doi.org/10.6028/NIST.SP.800-53r5 2
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION