ML21291A057
| ML21291A057 | |
| Person / Time | |
|---|---|
| Site: | 07003103 |
| Issue date: | 10/26/2021 |
| From: | Matt Bartlett NRC/NMSS/DFM/FFLB |
| To: | Jacob Zimmerman NRC/NMSS/DFM/FFLB |
| M BARTLETT NRC/NMSS/DFM/FFLB 3014157154 | |
| Shared Package | |
| ML21291A055 | List: |
| References | |
| Download: ML21291A057 (5) | |
Text
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION
. Zimmer OFFICIAL USE ONLY - SECURITY RELATED INFORMATION UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 October 26, 2021 MEMORANDUM TO:
Jacob I. Zimmerman, Chief Fuel Facility Licensing Branch Division of Fuel Management Office of Nuclear Material Safety and Safeguards FROM:
Matthew Bartlett, Project Manager Fuel Facility Licensing Branch Division of Fuel Management Office of Nuclear Material Safety and Safeguards
SUBJECT:
SUMMARY
OF CLOSED CALL HELD WITH LOUISIANA ENERGY SERVICES D.B.A. URENCO USA ON SEPTEMBER 15, 2021, TO DISCUSS THE CONDITIONS FOR THE INTERIM AUTHORIZATION TO OPERATE On September 15, 2021, the U.S. Nuclear Regulatory Commission (NRC) staff held a closed call with representatives from Louisiana Energy Services d.b.a. Urenco USA (UUSA). The purpose of the call was to discuss the conditions imposed on UUSA as part of the interim authorization to operate the classified networks issued on July 30, 2021 (Agencywide Documents Access and Management System Accession No. ML21208A201). The NRC staff provided the reasoning and regulatory basis for imposing the conditions, the primary of which is to implement the National Institute of Standards and Technology (NIST) Special Publications (SP) 800-53, Revision 5. The UUSA staff discussed the status of their efforts and requested additional guidance. The NRC staff provided several references to additional information that UUSA can use to inform their implantation efforts.
A list of participants is provided as Enclosure 1. Enclosure 2 provides a list of the reference information the NRC provided to facilitate implementing NIST SP 800-53, Revision 5. And a further description of the meeting is provided in the non-public Enclosure 3.
Enclosures:
- 1. Participants List
- 2. Guidance Information
- 3. Meeting Summary (non-public) cc: gle@listmgr.nrc.gov CONTACT: Matthew Bartlett, NMSS/DFM 301-415-7154 A document transmitted herewith contains Security-Related Information. When separated from Enclosures 3, this document and Enclosures 1 and 2 are decontrolled.
Matthew A. Bartlett Digitally signed by Matthew A. Bartlett Date: 2021.10.26 13:20:36 -04'00'
ML21291A055(Pkg) ML21291A057 (Memo)
ML21291A056(Encl3)*via email OFFICE NMSS/DFM NMSS/DFM NMSS/DFM NAME MBartlett ELee (WWheatley for)
JZimmerman DATE 9/16/21 10/21/21 10/25/21
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION PARTICIPANTS LIST Name Organization A. Blake Bixenman Urenco, USA Wyatt Padgett Urenco, USA Chris Schwarz Urenco, USA Mike Mangefrida U.S. Nuclear Regulatory Commission (NRC)/Office of Chief Information Officer (OCIO)
Garo Nalabandian, Garo NRC/OCIO Norman St. Amour NRC/Office of the General Counsel (OGC)
Howard Benowitz NRC/OGC Daniel Mussatti Office of Nuclear Material Safety and Safeguards (NMSS) /Division of Rulemaking, Environmental, and Financial Support (REFS)
Leonard Pitts NRC/Region II (RII)
Lindsey Cooke NRC/RII Roland Womack NRC/RII Mike McCoppin NRC/Office of Nuclear Security and Incident Response (NSIR)
Charity Pantalo NRC/NSIR J. Keith Everly NRC/NSIR Jacob Zimmerman NRC/NMSS Matt Bartlett NRC/NMSS
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION Reference Information to Support Implementation of National Institute of Standards and Technology NIST SP 800-53, Revision 5 The following information resources were provided to Louisiana Energy Services d.b.a. Urenco USA to inform their implementation of the National Institute of Standards and Technology (NIST) SP 800-53, Revision 5. The items are listed in a hierarchal order.
The Federal Information Security Modernization Act of 2014 (FISMA) requires each Federal agency to develop, document, and implement an agency-wide program to provide information security for the information and systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other sources.
The legislation that has codified the National Industrial Security Program Operations Manual as 32 Code of Federal Regulations (CFR) 117. Information Technology is referenced in 32 CFR 117.18 and outlines the authority and role of the Authorizing Official.
The NIST SP 800-37, Revision 2 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy is specifically called out in 32 CFR 117.18 as guidance to develop a Risk Management Framework. The direct link may be found on the right hand side of the linked page or you may download it directly here: https://doi.org/10.6028/NIST.SP.800-37r2 The CNSS Policy 22 Policy on Information Assurance Risk Management for National Security Systems along with CNSSI 1254 Risk Management Framework Documentation, Data Elements Standards, and Reciprocity Process for National Security Systems (Note: The CNSS site appears to be down, but the document is available at https://rmf.org/wp-content/uploads/2017/10/CNSSI-1254.pdfare) the companion to 800-37.
Federal Information Processing Standards (FIPS) 199 Standards for Security Categorization of Federal Information and Information Systems provides a standard for categorizing Federal information and information systems according to an agency's level of concern for confidentiality, integrity, and availability and the potential impact on agency assets and operations should their information and information systems be compromised through unauthorized access, use, disclosure, disruption, modification, or destruction. The direct link may be found on the right hand side of the linked page or you may download it directly here: https://doi.org/10.6028/NIST.FIPS.199 NIST SP 800-60, Volume 1, Revision 1 Guide for Mapping Types of Information and Information Systems to Security Categories. The revision to Volume I contains the basic guidelines for mapping types of information and information systems to security categories. The direct link may be found on the right hand side of the linked page or you may download it directly here: https://doi.org/10.6028/NIST.SP.800-60v1r1 NIST SP 800-60, Volume 2, Revision 1 Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices. The appendices contained
OFFICIAL USE ONLY - SECURITY RELATED INFORMATION 2
OFFICIAL USE ONLY - SECURITY-RELATED INFORMATION within include security categorization recommendations and rationale for mission-based and management and support information types. The direct link may be found on the right hand side of the linked page or you may download it directly here:
https://doi.org/10.6028/NIST.SP.800-60v2r1 CNSSI Number 1253 Security Categorization and Control Selection for National Security Systems, provides all Federal Government departments, agencies, bureaus, and offices with guidance on the first two steps of the Risk Management Framework (RMF), Categorize and Select, for national security systems (NSS).
The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 5 Security and Privacy Controls for Information Systems and Organizations. This link will get you to the main page with the abstract and other helpful tools. On the right hand side, you will find a link to the actual document or you may click here to directly download: https://doi.org/10.6028/NIST.SP.800-53r5