Text

GUiBAL Laser Enrichment Security Related Information This tetter forwards Security-Related Information which must be withheld from public disclosure in accordance with 10CFR2.390, The cover letter may be decontrolled when separated from the enclosures.

GLE-2021-0049 September 21, 2021 Attn: Document Control Desk Chief Information Officer/Director, Office of Enterprise Information And Director, Division of Security Operations Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission Washington, D.C. 20555-0001 Global Laser Enrichment Pat Jenny Security/Licensing Manger 3901 Castle Hayne Road Wilmington, NO 28402-0780 USA T 910 819 7447 F 910 819 5731 C 910 200-0744 pat-iennv@gle-us.com Docket 70-7033 SNM-7006

Subject:

Request to Waive the 2021 Continuous Monitoring Report for the Global Laser Enrichment Program Cyber Security Plan for the Engineering and Industrial Controls Environment and Submission of a Plan of Actions and Milestones for Completion of Risk Assessment of Information Systems Global Laser Enrichment (GLE) is performing a Risk Assessment in accordance with NIST Special Publication 800-30 for Information Systems. This is being done as a first step in transitioning from NIST 800-53, Rev. 3 to NIST 800-53, Rev. 5. GLE has not completed all the steps noted in the SP 800-30. Therefore, GLE is submitting a Plan of Actions and Milestones (POA&M) for this task.

In addition to the Risk Assessment, GLE is submitting at a high level the planned steps to completing the noted transition to Revision 5 of NIST 800-53. At this time only dates for the Risk Assessment are known. When that step is complete, GLE will be better able to assign dates to the other tasks. This POA&M will be updated routinely to keep NRC informed of our progress.

The Continuous Monitoring Report assesses GLE's compliance with 1/3 of the controls previously established under Revision 3 of NIST 800-53. GLE has been assessing these controls for eight years. GLE is preparing to upgrade to Windows 10 and upgrading security in accordance with NIST 800-53, Rev 5. This will significantly change the security controls being tested. GLE believes it is in the best interest of security for our resources to be used in the transition to Revision 5 and Windows 10 and establishing the new controls vs. assessing the adequacy of the old controls under the older operating system.

Global Laser Ennchment SNM-7006 Docket 70-7033

To this end GLE is requesting a waiver of the 2021 Continuous Monitoring Report for the GLE PCSP for the Engineering and Industrial Controls Environment.

The enclosure of this transmittal contains the POA&M for Risk Assessment in accordance with NIST SP 800-30 which also includes planned actions at a high level for completion of the transition to NIST 800-53, Rev 5. This document is marked Security Related Information.

If there are any questions regarding this letter and its contents, please do not hesitate to contact me at 910-819-7447 or at pat.jenny@gle-us.com.

Sincerely, Pat Jenny Security/Licensing Manager

Enclosure:

1. Plan of Action and Milestones for the Risk Assessment of Information Systems for GLE (Security-Related Information)

Co: M. Bartlett (NMSS) NRC K. Ev0rly(NSlR) NRC M. Mangefrida (OCIO)

Global Laser Enrichment SNM-7006 Doctel 7D-7033