ML21333A235
| ML21333A235 | |
| Person / Time | |
|---|---|
| Issue date: | 12/14/2021 |
| From: | Michael Brown NRC/NSIR/DPCP/CSB |
| To: | Jim Beardsley Office of Nuclear Security and Incident Response |
| Nelson G | |
| References | |
| Download: ML21333A235 (3) | |
Text
MEMORANDUM TO:
James Beardsley, Chief Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response FROM:
Michael Brown, Senior Reactor Engineer Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response
SUBJECT:
SUMMARY
OF CATEGORY 2 PUBLIC MEETING ON OCTOBER 28, 2021 WITH MEMBERS OF THE PUBLIC, INDUSTRY STAKEHOLDERS AND THE NUCLEAR ENERGY INSTITUTE REGARDING PROPOSED REQUEST FOR INFORMATION (RFI)
THAT ACCOMPANIES INSPECTION PROCEDURE 71130-10, CYBER SECURITY On October 28, 2021, the U.S. Nuclear Regulatory Commission (NRC) staff conducted a public meeting with the Nuclear Energy Institute (NEI) and other stakeholders. The purpose of the meeting was to discuss the revised Request for Information (RFI) document that is used to gather information from licensees to assist regional staff in preparing for the cyber security inspection to be conducted using IP 71130-10.
The following document was discussed:
ML21294A274 - Draft Guidance Document for Development of RFI - Rev. 4 The staff received several comments on this document including:
Concerns that the amount of information requested is too large with respect to the scope of and time allocated for in the new cyber security inspection procedure (IP). In some areas, the commenters did not see a clear connection between the RFI content and the new IP.
The IP and subsequently, the RFI should focus on elements of the licensee cyber security program that have changed since the last NRC inspection.
Providing information on digital asset wireless networks is outside the scope of the program.
Clarifications on the scope and nature of several RFI Items would help in RFI response preparation.
Remove requests for specific examples from the content of the first RFI letter and focus on high level program information. Move the specific examples to the content of the second RFI letter, focusing on the systems that will be sampled in the inspection.
Regarding design changes implemented since the last inspection, providing the NRC with a summary of what was changed would be significantly easier than providing the entire 50.59 design change documentation.
December 8, 2021 Signed by Brown, Michael on 12/08/21
J. Beardsley 2
Need to clarify what access authorization program documentation is needed.
The effectiveness analysis is performed for the entire cyber security program, therefore there would not be an effectiveness analysis performed on a specific system.
Enclosure:
Attendees List CONTACTS: Michael Brown, NSIR/DPCP/CSB (301) 287-3679
Memo ML21333A235 OFFICE OCHCO/ADHRTD
/NRANB NSIR/DPCP/CSB NSIR/DPCP/CSB NSIR/DPCP/CSB NAME GNelson MBrown JBeardsley MBrown DATE Dec 6, 2021 Dec 6, 2021 Dec 7, 2021 Dec 8, 2021