Document to Support ACRS Subcommittee Meeting - Redline Standard Review Plan 13.6.4 Access Authorization - Operational Program

ML22041A456
Person / Time
Issue date:	02/09/2022
From:	Office of Nuclear Material Safety and Safeguards
To:
James O'Driscoll
Shared Package
ML22040A074	List: ML22041A225 ML22041A229 ML22041A234 ML22041A271 ML22041A283 ML22041A310 ML22041A335 ML22041A375 ML22041A444 ML22041A446 ML22041A456 ML22041A527 ML22041A532 ML22042A104 ML22042A116
References
10 CFR Part 50, 10 CFR Part 52, NRC-2009-0196, Part 50/52, RIN 3150-AI66
Download: ML22041A456 (26)
v • d • e

Text

THIS DRAFT DOCUMENT IS BEING RELEASED TO SUPPORT THE FEBURARY 18, 2022, ADVISORY COMMITTEE ON REACTOR SAFEGUARDS (ACRS) 10 CFR PART 50/52 RULEMAKING ACTIVITIES SUBCOMMITTEE PUBLIC MEETING. THE NRC STAFF IS NOT REQUESTING OR ACCEPTING PUBLIC COMMENTS ON THIS DRAFT DOCUMENT. THIS DRAFT DOCUMENT HAS NOT BEEN SUBJECT TO NRC MANAGEMENT OR LEGAL REVIEWS AND APPROVALS, AND ITS CONTENTS SHOULD NOT BE INTERPRETED AS OFFICIAL AGENCY POSITIONS.

FOLLOWING THE PUBLIC MEETING WITH THE ACRS, THE NRC STAFF PLANS TO CONTINUE WORKING ON THIS DOCUMENT AND TO CONSIDER OPTIONS FOR INVITING PUBLIC PARTICIPATION IN THE RULEMAKING ACTIVITY.

Revision 0 - October 2016 USNRC STANDARD REVIEW PLAN This Standard Review Plan (SRP), NUREG 0800, has been prepared to establish criteria that the U.S. Nuclear Regulatory Commission (NRC) staff responsible for the review of applications to construct and operate nuclear power plants intends to use in evaluating whether an applicant/licensee meets the NRC's regulations. The SRP is not a substitute for the NRC's regulations, and compliance with it is not required. However, an applicant is required to identify differences between the design features, analytical techniques, and procedural measures proposed for its facility and the SRP acceptance criteria and evaluate how the proposed alternatives to the SRP acceptance criteria provide an acceptable method of complying with the NRC regulations.

The SRP sections are numbered in accordance with corresponding sections in Regulatory Guide (RG) 1.70, Standard Format and Content of Safety Analysis Reports for Nuclear Power Plants (LWR Edition). Not all sections of RG 1.70 have a corresponding review plan section. The SRP sections applicable to a combined license application for a new light-water reactor (LWR) are based on Regulatory Guide 1.206, Combined License Applications for Nuclear Power Plants (LWR Edition).

These documents are made available to the public as part of the NRC's policy to inform the nuclear industry and the general public of regulatory procedures and policies. Individual sections of NUREG 0800 will be revised periodically, as appropriate, to accommodate comments and to reflect new information and experience. Comments may be submitted electronically by e-mail to NRO_SRP@nrc.gov.

Requests for single copies of SRP sections (which may be reproduced) should be made to the U.S. Nuclear Regulatory Commission, Washington, DC 20555, Attention: Reproduction and Distribution Services Section, by fax to (301) 415 2289; or by email to DISTRIBUTION@nrc.gov. Electronic copies of this section are available through the NRC's public Web site at http://www.nrc.gov/reading rm/doc collections/nuregs/staff/sr0800/, or in the NRC's Agencywide Documents Access and Management System (ADAMS), at http://www.nrc.gov/reading rm/adams.html, under Accession No ML15226A009.

NUREG-0800 U.S. NUCLEAR REGULATORY COMMISSION STANDARD REVIEW PLAN 13.6.4 ACCESS AUTHORIZATION - OPERATIONAL PROGRAM REVIEW RESPONSIBILITIES Primary -

Organization responsible for the review of physical security and all Access Authorization Program elements.

Secondary -

None.

THIS DRAFT DOCUMENT IS BEING RELEASED TO SUPPORT THE FEBURARY 18, 2022, ADVISORY COMMITTEE ON REACTOR SAFEGUARDS (ACRS) 10 CFR PART 50/52 RULEMAKING ACTIVITIES SUBCOMMITTEE PUBLIC MEETING. THE NRC STAFF IS NOT REQUESTING OR ACCEPTING PUBLIC COMMENTS ON THIS DRAFT DOCUMENT. THIS DRAFT DOCUMENT HAS NOT BEEN SUBJECT TO NRC MANAGEMENT OR LEGAL REVIEWS AND APPROVALS, AND ITS CONTENTS SHOULD NOT BE INTERPRETED AS OFFICIAL AGENCY POSITIONS.

FOLLOWING THE PUBLIC MEETING WITH THE ACRS, THE NRC STAFF PLANS TO CONTINUE WORKING ON THIS DOCUMENT AND TO CONSIDER OPTIONS FOR INVITING PUBLIC PARTICIPATION IN THE RULEMAKING ACTIVITY.

Revision 0 - October 2016 USNRC STANDARD REVIEW PLAN This Standard Review Plan (SRP), NUREG 0800, has been prepared to establish criteria that the U.S. Nuclear Regulatory Commission (NRC) staff responsible for the review of applications to construct and operate nuclear power plants intends to use in evaluating whether an applicant/licensee meets the NRC's regulations. The SRP is not a substitute for the NRC's regulations, and compliance with it is not required. However, an applicant is required to identify differences between the design features, analytical techniques, and procedural measures proposed for its facility and the SRP acceptance criteria and evaluate how the proposed alternatives to the SRP acceptance criteria provide an acceptable method of complying with the NRC regulations.

The SRP sections are numbered in accordance with corresponding sections in Regulatory Guide (RG) 1.70, Standard Format and Content of Safety Analysis Reports for Nuclear Power Plants (LWR Edition). Not all sections of RG 1.70 have a corresponding review plan section. The SRP sections applicable to a combined license application for a new light-water reactor (LWR) are based on Regulatory Guide 1.206, Combined License Applications for Nuclear Power Plants (LWR Edition).

These documents are made available to the public as part of the NRC's policy to inform the nuclear industry and the general public of regulatory procedures and policies. Individual sections of NUREG 0800 will be revised periodically, as appropriate, to accommodate comments and to reflect new information and experience. Comments may be submitted electronically by e-mail to NRO_SRP@nrc.gov.

Requests for single copies of SRP sections (which may be reproduced) should be made to the U.S. Nuclear Regulatory Commission, Washington, DC 20555, Attention: Reproduction and Distribution Services Section, by fax to (301) 415 2289; or by email to DISTRIBUTION@nrc.gov. Electronic copies of this section are available through the NRC's public Web site at http://www.nrc.gov/reading rm/doc collections/nuregs/staff/sr0800/, or in the NRC's Agencywide Documents Access and Management System (ADAMS), at http://www.nrc.gov/reading rm/adams.html, under Accession No ML15226A009.

By March 31, 2010, each nuclear power reactor licensee, licensed under Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of Production and Utilization Facilities; shall implement the requirements of an Access Authorization (AA) program through revisions to its Commission-approved Physical Security Plan (PSP). The licensee shall establish, implement and maintain its AA program in accordance with the requirements of 10 CFR 73.55, Requirements for Physical Protection of Licensed Activities in Nuclear Power Reactors against Radiological Sabotage, Section (b)(7), which integrates the performance requirements contained within 10 CFR 73.56, Personnel Access Authorization Requirements for Nuclear Power Plants, and the criminal history checks of 10 CFR 73.57, Requirements for Criminal History Checks of Individuals Granted Unescorted Access to a Nuclear Power Facility or Access to Safeguards Information by Power Reactor Licensees.

THIS DRAFT DOCUMENT IS BEING RELEASED TO SUPPORT THE FEBURARY 18, 2022, ADVISORY COMMITTEE ON REACTOR SAFEGUARDS (ACRS) 10 CFR PART 50/52 RULEMAKING ACTIVITIES SUBCOMMITTEE PUBLIC MEETING. THE NRC STAFF IS NOT REQUESTING OR ACCEPTING PUBLIC COMMENTS ON THIS DRAFT DOCUMENT. THIS DRAFT DOCUMENT HAS NOT BEEN SUBJECT TO NRC MANAGEMENT OR LEGAL REVIEWS AND APPROVALS, AND ITS CONTENTS SHOULD NOT BE INTERPRETED AS OFFICIAL AGENCY POSITIONS.

FOLLOWING THE PUBLIC MEETING WITH THE ACRS, THE NRC STAFF PLANS TO CONTINUE WORKING ON THIS DOCUMENT AND TO CONSIDER OPTIONS FOR INVITING PUBLIC PARTICIPATION IN THE RULEMAKING ACTIVITY.

Revision 0 - October 2016 USNRC STANDARD REVIEW PLAN This Standard Review Plan (SRP), NUREG 0800, has been prepared to establish criteria that the U.S. Nuclear Regulatory Commission (NRC) staff responsible for the review of applications to construct and operate nuclear power plants intends to use in evaluating whether an applicant/licensee meets the NRC's regulations. The SRP is not a substitute for the NRC's regulations, and compliance with it is not required. However, an applicant is required to identify differences between the design features, analytical techniques, and procedural measures proposed for its facility and the SRP acceptance criteria and evaluate how the proposed alternatives to the SRP acceptance criteria provide an acceptable method of complying with the NRC regulations.

The SRP sections are numbered in accordance with corresponding sections in Regulatory Guide (RG) 1.70, Standard Format and Content of Safety Analysis Reports for Nuclear Power Plants (LWR Edition). Not all sections of RG 1.70 have a corresponding review plan section. The SRP sections applicable to a combined license application for a new light-water reactor (LWR) are based on Regulatory Guide 1.206, Combined License Applications for Nuclear Power Plants (LWR Edition).

These documents are made available to the public as part of the NRC's policy to inform the nuclear industry and the general public of regulatory procedures and policies. Individual sections of NUREG 0800 will be revised periodically, as appropriate, to accommodate comments and to reflect new information and experience. Comments may be submitted electronically by e-mail to NRO_SRP@nrc.gov.

Requests for single copies of SRP sections (which may be reproduced) should be made to the U.S. Nuclear Regulatory Commission, Washington, DC 20555, Attention: Reproduction and Distribution Services Section, by fax to (301) 415 2289; or by email to DISTRIBUTION@nrc.gov. Electronic copies of this section are available through the NRC's public Web site at http://www.nrc.gov/reading rm/doc collections/nuregs/staff/sr0800/, or in the NRC's Agencywide Documents Access and Management System (ADAMS), at http://www.nrc.gov/reading rm/adams.html, under Accession No ML15226A009.

Revision 1 - May 2022 USNRC STANDARD REVIEW PLAN This Standard Review Plan (SRP), NUREG 0800, has been prepared to establish criteria that the U.S. Nuclear Regulatory Commission (NRC) staff responsible for the review of applications to construct and operate nuclear power plants intends to use in evaluating whether an applicant/licensee meets the NRC's regulations. The SRP is not a substitute for the NRC's regulations, and compliance with it is not required. However, an applicant is required to identify differences between the design features, analytical techniques, and procedural measures proposed for its facility and the SRP acceptance criteria and evaluate how the proposed alternatives to the SRP acceptance criteria provide an acceptable method of complying with the NRC regulations.

The SRP sections are numbered in accordance with corresponding sections in Regulatory Guide (RG) 1.70, Standard Format and Content of Safety Analysis Reports for Nuclear Power Plants (LWR Edition). Not all sections of RG 1.70 have a corresponding review plan section.

The SRP sections applicable to a combined license application for a new light-water reactor (LWR) are based on Regulatory Guide 1.206, Applications for Nuclear Power Plants.

These documents are made available to the public as part of the NRC's policy to inform the nuclear industry and the general public of regulatory procedures and policies. Individual sections of NUREG 0800 will be revised periodically, as appropriate, to accommodate comments and to reflect new information and experience. Comments may be submitted electronically by e-mail to NRO_SRP@nrc.gov.

Requests for single copies of SRP sections (which may be reproduced) should be made to the U.S. Nuclear Regulatory Commission, Washington, DC 20555, Attention: Reproduction and Distribution Services Section, by fax to (301) 415 2289; or by email to DISTRIBUTION@nrc.gov. Electronic copies of this section are available through the NRC's public Web site at http://www.nrc.gov/reading rm/doc collections/nuregs/staff/sr0800/, or in the NRC's Agencywide Documents Access and Management System (ADAMS), at http://www.nrc.gov/reading rm/adams.html, under Accession No ML15226A009.

13.6.4-4 Revision 1 - May 2022 13.6.4-4 Revision 0 - October 2016 Each applicant for an operating license under the provisions of 10 CFR Part 50, and each holder of a combined license (COL) under the provisions of 10 CFR Part 52, Licenses, Certifications, and Approvals for Nuclear Power Plants, shallmust implement the requirements before initial fuel is allowed on site (protected area). load into the reactor. The licensee or applicant may accept, in part or whole, an AA program implemented by a contractor or vendor to satisfy appropriate elements of the licensees AA program. Only a licensee shall grant an individual unescorted access (UA). Licensees and applicants shall certify individuals unescorted access authorization (UAA) and are responsible to maintain, deny, terminate, or withdraw UAA.

I.

I.

AREAS OF REVIEW The specific areas of review in this section are applicable to the following licensees and entities:

1. applicantsApplicants for and holders of construction permits (CPs) for nuclear power reactors issued under 10 CFR Part 50.

2. applicantsApplicants for and holders of a COL for a nuclear power plant issued under 10 CFR Part 52 including applicants for a COL that have a limited work authorization (LWA); and

3. allAll licensees who accept, in part or whole, an AA program implemented by a contractor and vendors (C/Vs) to satisfy appropriate elements of the licensees AA program to comply with 10 CFR Part 26, 10 CFR 73.56 and 10 CFR 73.57.

The review of applications involves the evaluation of the AA programs adherence to the measures (hereafter referred to as the Standards) described below when reviewing an application for a COL under 10 CFR Part 52, or early site permit (ESP) under 10 CFR Part 50.

Applicants and licensees who reference the Standards should include the following statement in their physical security plans:

All elements of Regulatory Guide 5.66, Revision 2, have been implemented to satisfy the requirements of 10 CFR 73.56 and 10 CFR Part 26 related to unescorted access and unescorted access authorization.

The Standards are identified in the current industrys guidance document for an AA program at nuclear power reactors. The Standards describe applicable components of an access program, to include the evaluation criteria for granting and maintaining UA and for certifying and maintaining UAA. The Standards also provide details for reinstatement of access and authorization, requirements for C/V performance and trustworthiness and reliability, audits and corrective actions, protection of information, and required sharing of information between licensees and licensee C/Vs supporting a licensee AA program. The AA program required under 10 CFR 73.56 and 10 CFR 73.57, consists of a background investigation with periodic reinvestigations, a psychological assessment with periodic reassessments for enumerated critical personnel, a behavior observation program that includes self-reporting requirements, and determinations of trustworthiness and reliability for contractors who support licensees in meeting these rule requirements. The background investigation is designed to identify past actions that are indicative of an individuals current trustworthiness and reliability and is supported by a periodic reinvestigation designed to maintain the required high assurance standard during continued UA or UAA. The psychological assessment is designed to evaluate the possible

13.6.4-5 Revision 1 - May 2022 13.6.4-5 Revision 0 - October 2016 impact of any noted psychological characteristics that may have a bearing on trustworthiness and reliability and is additionally supported by periodic reassessments for particular categories of employees. Behavior observation is designed to detect behavioral changes that, if left unattended, could lead to acts detrimental to public health and safety or the common defense and security. In addition, an employee self-reporting requirement supports behavior observation.

The criteria of the Standards should be addressed in the applicants submittal and captured in the licensees PSP to demonstrate compliance with the U.S. Nuclear Regulatory Commission (NRC) regulations. The NRC staff considers conformance with the provisions of the Standards to be an acceptable approach to meet the requirements under 10 CFR 73.55, 10 CFR 73.56, and 10 CFR 73.57. The performance requirements defined within 10 CFR Part 26, Fitness for Duty Programs, related to the administration of the personnel AA requirements are defined in 10 CFR 26.5, Definitions, which provides a process and delineates the criteria for certifying and maintaining an individuals UAA and/or UA that is consistent with the requirements of Subpart C, Granting and Maintaining Authorization, 10 CFR Part 26.

An applicant or licensee may take credit for maintaining an effective AA program when the applicant or licensee implements the following programs;: a criminal history program, a behavior observation program (BOP), and an Insider Mitigation Program (IMP). These programs provide for the oversight and monitoring of the initial and continuing trustworthiness and reliability of individuals certified UAA, granted UA or maintaining UAA/UA to a protected or vital area. After an individual has been granted UA to protected and vital areas of a power reactor facility, preventing an adverse event becomes dependent on either detecting the insider through one of these programs or by denying the undetected insider the opportunity to commit the act by other means, such as physical or cyber protective security measures.

This review will seek evidence that effective policies and procedures in accordance with the Standards are described in the licensees PSP to provide high assurance that individuals granted UA are trustworthy and reliable and do not constitute an unreasonable risk to public health and safety or the common defense and security.

Operational Program Description and Implementation. For a COL application, the staff reviews the applicants Access Authorization Operational Program description and the proposed implementation milestones for meeting the intent of the access authorization rule under 10 CFR 73.56. The staff also reviews final safety analysis report (FSAR), typically Chapter 13, Section 13.6.4 to ensure that the Access Authorization Operational Program and associated milestones are included.

Programs:

(i)

Access Authorization Program. Pursuant to 10 CFR 73.56, the AA program consists of a background investigation with periodic reinvestigations, a psychological assessment with periodic reassessments for enumerated critical personnel, a BOP that includes self-reporting requirements, and determinations of trustworthiness and reliability for contractors who support licensees in meeting these rule requirements.

The background investigation is designed to identify past actions that are indicative of an individuals current trustworthiness and reliability and is supported by a periodic reinvestigation designed to maintain the required high assurance standard during continued UA or UAA. The psychological assessment is designed to evaluate the

13.6.4-6 Revision 1 - May 2022 13.6.4-6 Revision 0 - October 2016 possible impact of any noted psychological characteristics that may have a bearing on trustworthiness and reliability and is additionally supported by periodic reassessments for particular categories of employees. Behavior observation is designed to detect behavioral changes that, if left unattended, could lead to acts detrimental to public health and safety or the common defense and security. In addition, an employee self--reporting requirement supports behavior observation.

The Standards describe the components of these elements and include evaluation criteria for granting and maintaining UA and for certifying and maintaining UAA. The Standards also provide details for reinstatement of access and authorization, requirements for contractor and vendor performance and trustworthiness and reliability, audits and corrective actions, protection of information, and required sharing of information between licensees and licensee contractors and vendors supporting a licensee AA program.

(ii)

Behavior Observation Program. A program that meets requirements of both the AA and fitness-for-duty (FFD) programs. Personnel are trained to self-report legal actions; to possess certain knowledge and abilities related to drugs and alcohol and the recognition of behaviors adverse to the safe operation and security of the facility by observing the behavior of others in the workplace and detecting and reporting aberrant behavior or changes in behavior that might adversely impact an individuals trustworthiness or reliability, and undergo an annual supervisory review. Licensee shall provide high assurance of continued reliability and trustworthiness of personnel with UA.

(iii)

Insider Mitigation Program. Licensees shall implement provisions of an IMP that are effective in mitigating the active insider and active violent insider. Licensees with operating reactors licensed under 10 CFR Part 50 and 10 CFR Part 52 can apply the guidance in this regulatory guide (RG) before fuel is allowed on site (protected area).initial fuel load into the reactor.

(iv)

Criminal History Program. The licensee is required to evaluate criminal history record information (CHRI) pertaining to an individual applying for UAA/UA under the industrys standard and as required by 10 CFR 73.56 and 10 CFR 73.57. The CHRI check is used as an evaluative measure to assist in the determination of whether the individual has a record of criminal activity that may adversely impact on his or her trustworthiness and reliability and the CHRI evaluations shall be documented to include the decision-making basis.

Review Interface Other SRP sections interface with this section as follows:

1.

The review of the adequacy of the physical security plan performed under SRP Section 13.6.1, Physical Security - Combined License Review Responsibilities.

2.

The review of administrative procedures performed under SRP Section 13.5.1.1, Administrative Procedures.

3.

The review of the adequacy of the Fitness-For-Duty plan performed under SRP Section 13.7, Fitness for Duty.

13.6.4-7 Revision 1 - May 2022 13.6.4-7 Revision 0 - October 2016

4.

For COL reviews of operational programs, the review of the applicants implementation plan is performed under SRP Section 13.4, Operational Programs.

The specific acceptance criteria and review procedures are contained in the referenced SRP section.

II.

ACCEPTANCE CRITERIA Requirements Acceptance criteria are based on meeting the relevant requirements of 10 CFR 73.56, Personnel Access Authorization Requirements for Nuclear Power Plants.

SRP Acceptance Criteria The acceptance criteria subsection should identify the applicable NRC requirements including specific regulations, orders, and industry codes and standards referenced by regulations. This subsection should also identify the staff positions that have been determined to provide an acceptable approach for satisfying the applicable requirements. The types of guidance documents include, but are not limited to: RGs, Commission policy as described in Staff Requirements Memoranda on SECY papers, NRC-approved or endorsed industry codes and standards. These solutions and approaches should be documented in this form so that staff reviewers can take uniform and well-understood positions as similar matters arise in the review of other applications. Lastly, this subsection also contains, as necessary, the technical bases for applicability of the requirements to the subject areas of review, or relationship of regulatory guidance to the associated requirement.

Specific SRP acceptance criteria that meet the relevant requirements of the above regulations are as follows for the review described in this SRP section. The SRP is not a substitute for the NRCs regulations and compliance with it is not required. However, the NRC requires an applicant to identify differences between the design features, analytical techniques, and procedural measures proposed for its facility and the SRP acceptance criteria and to evaluate how the proposed alternatives to the SRP acceptance criteria provide acceptable methods of compliance with the NRC regulations.

Licensees, applicants, and other entities should also consider the guidance in Table 1, for determining AA measures prior tobefore initial fuel inload into the protected areareactor, when preparing an application for a COL under 10 CFR Part 52, CP, or ESP under 10 CFR Part 50 while transitioning into their operational program. These licensing documents for the AA program should provide reasonable assurance until nuclear fuel is in the protected area and the requirements under 10 CFR 73.56 are applicable for maintaining high assurance that the individuals subject to this section are trustworthy and reliable, such that they do not constitute an unreasonable risk to public health and safety or the common defense and security, including the potential to commit radiological sabotage.

The Security Plan is considered acceptable if it conforms to the most recent revision of the NRC--endorsed Nuclear Energy Institute (NEI) 03-12 format and the requirements listed in Appendices I, II, and III. The NRC considers that the site-specific information in the most recent revision of the NRC-endorsed NEI 03-12 generic security plan template (site-specific bracketed text) describes a PSP that meets the level of detail required for submitted security plans. For example:

13.6.4-8 Revision 1 - May 2022 13.6.4-8 Revision 0 - October 2016

a.

Each licensee should meet the general performance objective of providing reasonable assurance that malicious acts during nuclear power plant construction cannot later reasonably result, directly or indirectly, in radiological sabotage as defined by 10 CFR 73.2, Definitions. Licensees should accomplish this objective by designing an AA program to deter and detect malicious acts. The purpose of this program is to implement site-specific measures that will deter malicious acts against security-and safety-related systems, structures, and components (SSCs) or other malicious activities during construction that could be used to commit or facilitate acts of radiological sabotage, as defined by 10 CFR 73.210 CFR 73.2, and to detect malicious acts after lockdown of security-and safety-related SSCs.

b.

To achieve the general performance objectives, as construction activities near completion, the design of the construction security program should provide for the deterrence and detection of malicious acts to security-and safety-related SSCs before and after final placement of each SSC. This includes the implementation of the lockdown procedures. Although licensees are not required to meet the standards of 10 CFR 73.1 73.1(a)(1) for protection against the design-basis threat during the construction phase, licensees should ensure that the capability to deter and detect malicious acts directed against security-and safety-related SSCs is maintained until all construction activities have ended and the transition to the requirements of 10 CFR 73.55 is complete prior to nuclearbefore initial fuel on site (inload into the protected area)reactor or after the plant becomes operational.

c.

The licensee shall implement measures to transition to the requirements of 10 CFR 73.55. To accomplish this, the licensee should design transition procedures to implement AA measures before the construction and installation of security-and safety--related SSCs (i.e., those SSCs necessary for the safe shutdown of the reactor after the reactor becomes operational) and progressively increase those measures after the placement of security-and safety-related SSCs in their final location where they will be operated. Placement of security-and safety-related SSCs is further characterized as the scheduled onsite in-place setting, installing, or erecting of security-and safety-related SSCs in the controlled access construction area where the SSCs will be operated after the nuclear power plant is operational. The intent is not for the licensee to implement an AA measures as early as the pouring of foundations for the areas encompassing security-and safety--related SSCs. However, prudent measures should be implemented by the licensees before beginning the placement of security-or safety--related systems, equipment, or components inside the controlled access construction area. Areas external to the licensees controlled access construction area (such as laydown areas, prestaging areas, batch areas, and offsite manufacturing and fabrication facilities) are not within the scope, unless the construction security plan designates these areas as being included in the controlled access construction areas.

d.

To satisfy the requirements of 73.56, licensee should delineate in procedures and plans the AA measures for the protection of security-and safety-related SSCs, as well as measures for transitioning to the physical protection program required by 10 CFR 73.5573.55(b)(1) and AA program required by 10 CFR 73.56 as applicable to an operating reactor. Licensees should ensure that AA and physical protection measures are implemented in a manner that does not create security

13.6.4-9 Revision 1 - May 2022 13.6.4-9 Revision 0 - October 2016 vulnerabilities that could be exploited during or after the transition to the requirements in 10 CFR 73.55 73.55.

The NRC considers physical security elements that are not within the physical design of the power reactor and supporting systems but are included within a Design Certification application to be voluntarily submitted physical security elements.

The PSP should fully describe the AA program, in accordance with 10 CFR 73.56, although a full description is not necessary when the plan confirms that the licensee has used the most current revision of RG 5.66, Access Authorization Program for Nuclear Power Plants. The RG 5.66 provides acceptable language for insertion into site security plans to describe the AA program. The PSP fully describes the IMP, in accordance with 10 CFR 73.55 and 10 CFR 73.56, although a full description is not necessary when the plan confirms that the licensee has used the most current revision of RG 5.77, Insider Mitigation Program.

Performance Objectives 10 CFR 73.56 Guidelines:

Each applicant shall establish, implement, and maintain written policies and procedures to meet the general performance objectives and applicable requirements of this part that:

To verify that the licensees implementation of its AA program is in accordance with the NRC-approved security plan, which commits the licensee to implement the provisions of NEI 03-01, Revision 3 (as amended).

To verify that the licensees implementation of its AA program provides high assurance that individuals granted UA are trustworthy and reliable and do not constitute an unreasonable risk to public health and safety or the common defense and security.

To verify that the licensees implementation of the BOPs of the licensees AA program provides high assurance of continued reliability and trustworthiness of personnel with UA.

To verify and assess that the licensees implementation of the provisions of the IMP are effective in mitigating the active insider and active violent insider.

1.

10 CFR 73.56 (a), Introduction Licensees shall outline the implementation schedule scope and applicability of the AA program found in the licensees PSP. In addition, current applicants for an operating license or COL as of the effective date of this regulation must update their applications, as appropriate, to address the requirements of 10 CFR 73.56. 10 CFR 73.56 retains the pre-existing requirements that licensees have the authority to grant or deny an individual UA, certify or deny an individual UAA, or permit an individual to maintain or terminate UA or UAA. Additionally, the NRC allows applicants to certify or deny an individual UAA status prior to receiving its operating license under 10 CFR Part 50 of this chapter or before the NRC makes its finding under 10 CFR 52.103(g).

A licensee or applicant may allow a contractor or vendor to maintain the licensees or applicants AA elements if the C/V complies with the requirements of this section and the licensees or applicants AA program. Additionally, a licensee or applicant may permit a

13.6.4-10 Revision 1 - May 2022 13.6.4-10 Revision 0 - October 2016 C/V to maintain an individuals UAA status if the C/V access program includes the licensee or applicant-approved BOP. However, licensees and applicants are responsible for meeting all of the requirements set forth in the rule prior to granting an individual UA or certifying an individual UAA.

Applicants for an operating license or a COL must incorporate their AA program in their PSP and implement the AA program by the time they receive special nuclear material in the form ofbefore initial fuel assemblies. load into the reactor. However, applicants may implement their AA programs at an earlier date, before receipt of special nuclear material in the form ofinitial fuel assembliesload into the reactor, to maintain a pool of individuals with approved UAA status so that applicants can immediately comply with this section when they receive their operating licenses or the Commissions findings.

2.

10 CFR 73.56 (b), Applicability Licensees or applicants shall identify individuals who shall be subject to the requirements of an AA program to ensure that each person granted UA and/or certified UAA is trustworthy and reliable. The NRCs intent is that any individual who has UA to nuclear power plant protected and vital areas shall be subject to an AA program that meets the requirements of this section.

3.

10 CFR 73.56 (c), General performance objective Licensees or applicants AA program must provide high assurance that the individuals subject to this section are trustworthy and reliable, such that they do not constitute an unreasonable risk to public health and safety or the common defense and security, including the potential to commit radiological sabotage.

4.

10 CFR 73.56 (d), Background investigation Licensees or applicants shall outline the responsibilities and elements of the background investigation process including: consent; personal, employment, credit, and criminal history; identity verification; and character evaluation. Licensees and applicants may rely on certain background investigation elements, psychological assessments, and behavioral observation training conducted by other licensees, applicants, or contractor access programs.

Additionally, Licensees or applicants are required to have individuals disclose personal history information pertaining to the AA program and associated processes, and requires licensees, applicants, and C/V to take steps to access information from reliable sources to ensure that the personal identifying information the individual has provided is authentic and accurate.

Licensees, applicants, and C/Vs shall make available and disclose information that they have collected, if contacted by another licensee, applicant, or C/V who has a release signed by the individual who is applying for UA or UAA.

Section 149 of Atomic Energy Act provides the NRC authority to require individuals to be fingerprinted and to obtain the Federal Bureau of Investigation (FBI) criminal history records of only those individuals who are seeking UA to protected or vital areas of a nuclear power plant. Licensees and applicants shall obtain those individuals criminal records in accordance with requirements set forth in the paragraph (k)(1)(ii) of this the rule.

10 CFR 73.56 (e), Psychological assessment Licensees or applicants shall outline requirements within the AA program for conducting psychological assessments on

13.6.4-11 Revision 1 - May 2022 13.6.4-11 Revision 0 - October 2016 individuals seeking UA or UAA. Licensees or applicants shall evaluate the implications of an individuals psychological character on his or her trustworthiness and reliability. The expectation is that a psychological assessment will be performed each time that an individual applies for initial or updated UA or UAA who have not maintained unescorted access or unescorted access authorization for greater than 365 days, shall be subjected to a psychological assessment.

5.

Licensees or applicants shall establish requirements, standards, roles, and responsibilities for individuals who perform psychological assessments. The intent is that a licensed psychologist or psychiatrist with proper clinical training and experience will conduct the psychological assessment in accordance with the American Psychological Association or the American Psychiatric Association standards. This paragraph establishes the responsibilities of those conducting psychological assessment to report the discovery of any information, including a medical condition, which could adversely impact the fitness for duty or trustworthiness and reliability of the individual being assessed for initial or updated authorization.

5.6.

10 CFR 73.56 (f), Behavioral observation Licensees or applicants shall outline the roles and responsibilities of licensees, applicants, contractors, vendors, and individuals under the BOP. The purpose of the BOP is to increase the likelihood that potentially adverse behavior patterns and actions are detected, communicated, and evaluated before there is an opportunity for such behavior patterns or acts to result in detrimental consequences. The expectation is for individuals under this program to be trained to identify and report any concerns related to questionable behavior patterns or activities of others to the reviewing official, his or her supervisor, or other management personnel designated in their site procedures.

7.

10 CFR 73.56 (g), Self-reporting of legal actions Licensees or applicants shall outline the responsibilities for individuals to self-report legal actions taken by a law enforcement authority or court of law to which the individual has been subject that could result in incarceration or a court order or that requires a court appearance, but excluding minor civil actions. This paragraph requires the recipient of the report, if the recipient is not the reviewing official, to promptly convey the report to the reviewing official who will then evaluate the implications of those actions with respect to the individuals trustworthiness and reliability.

6.8.

10 CFR 73.56 (h), Granting unescorted access and certifying unescorted access authorization Licensee or applicant shall establish the criteria for determination of granting or certifying UA or UAA, as well as for reinstatement of UA or UAA. The categories of individuals described in the rule are those who have been granted initial, updated and re--instatement of UA or UAA. The requirements in this paragraph, in part, are based upon; (a) whether an individual has previously been granted UA or certified UAA under 10 CFR 73.56 and (b) the elapsed time period since the individuals UA or UAA status was last favorably terminated. Additionally, this paragraph provides requirements for re-establishing trustworthiness and reliability of those individuals whose UA or UAA was denied or terminated unfavorably. The intent in 10 CFR 73.56(h)(5) and (6) is to permit licensees and applicants to rely on other licensees or applicants AA programs that meet the requirements of this section. In addition, these provisions eliminate redundancies in the steps required for granting UA or certifying UAA or maintaining UA or UAA. The licensee shall include a description of the UAA/UA denial process to be used in the procedure that implements the UAA/UA denial review process

13.6.4-12 Revision 1 - May 2022 13.6.4-12 Revision 0 - October 2016 requirement and the procedure must reflect that the determination from this access-denial review is final means by which UAA/UA decisions may be reviewed, and may not be reviewed or overturned by any third party.

1.

10 CFR 73.56 (i), Maintaining unescorted access or unescorted access authorization

9.

Licensee or applicant shall delineate the conditions and requirements for maintaining UA or UAA status. Important elements of maintaining UA or UAA status are the BOP, the reevaluation of criminal history and credit history, and, for select individuals who perform specific job function identified in 10 CFR 73.56(i)(1)(B), a psychological re-assessment.

To confirm each individuals continued trustworthiness and reliability determination, the NRC expects the licensees and applicants to conduct updates and reevaluations every five years for individuals granted UA or certified UAA and every three years for selected individuals. For selected individuals, licensees and applicants shall conduct psychological reassessments every five years. Additionally, all individuals are expected to be subject to the licensees BOP ongoing basis to detect an individuals abnormal emotional and/or psychological state through monitoring and/or supervisory evaluation.

7.10. 10 CFR 73.56 (j), Access to vital areas Licensees or applicants shall establish, implement, and maintain a list of individuals who are authorized to have UA to specific nuclear power plant vital areas during non-emergency conditions. The list must include only those individuals who have a continued need for access to those specific vital areas in order to perform their duties and responsibilities. The list must be approved by a cognizant licensee or applicant manager or supervisor who is responsible for directing the work activities of the individual who is granted UA to each vital area, and updated and re-approved no less frequently than every 31 days.

8.11. 10 CFR 73.56 (k), Trustworthiness and reliability of background screeners and access authorization program personnel Licensees or applicants shall establish, implement, and outline requirements to ensure that individuals who collect, process, or have access to sensitive personal information required under this section are trustworthy and reliable.

The background checks for these individuals will be consistent with the requirements of this section. Licensees and applicants may not, under Section 149 of the Atomic Energy Act, obtain a Federal Bureau of Investigation (FBI) criminal history record for an individual who does not have or is not expected to have UA or access to Safeguards information. In addition, 10 CFR 73.22(b)(1) states, conditions for access:(1) Except as the Commission may otherwise authorize, no person may have access to Safeguards Information unless the person has an established need to know for the information and has undergone aan FBI criminal history records check using the procedures set forth in 10 CFR 73.57. In such cases, local criminal history information about the individual will be obtained from the State or local court system to satisfy this requirement.

9.12. 10 CFR 73.56 (l), Review procedures Licensees or applicants shall establish, implement, and outline the requirements for responding to an individuals request for review of a determination to deny UA or UAA, or unfavorable termination of an individuals UA or UAA, 10 CFR 73.56 (m), Protection of information.

Licensees or applicants shall establish, implement, and outline requirements for the protection and release of personal information collected by a licensee, applicant, C/V to authorized persons while maintaining confidentiality of sources. Licensee, applicant, C/V possessing personal records will promptly provide personal information as authorized by

13.6.4-13 Revision 1 - May 2022 13.6.4-13 Revision 0 - October 2016 the individuals signed consent. This may include to an individuals representative and other licensees or applicants.

2.

10 CFR 73.56 (n), Audits and corrective action Licensees or applicants shall establish, implement, and outline requirements for audits and corrective action to confirm compliance with the requirements of this section and those comprehensive corrective actions are taken in response to any violations of the requirements of this section identified from an audit.

13.

Licensees and applicants shall perform an audit of their AA program at intervals nominally every 24 months. With regard to 10 CFR 73.56(n)(1), the NRC uses the term nominally which allows a 25 percent margin, consistent with the definition of nominal in 10 CFR Part 26.5, which provides a limited flexibility in meeting the scheduled due date for completing this recurrent activity. Completing a recurrent activity at a nominal frequency means that the activity may be completed within a period that is 25 percent longer (30 months) or shorter (18 months) than the period required, with the next scheduled due date no later than the current scheduled due date plus the required frequency for completing the activity.

Licensees or applicants shall establish, implement, and develop independence of audit team members. Personnel who conduct audits will possess the requisite knowledge to evaluate the holistic implications of individual requirements or the complexities associated with meeting the rules performance objective and, therefore, can adequately evaluate program effectiveness, and are independent of management having responsibility for day-to-day operation of the AA program.

Licensees and other entities are permitted to jointly conduct audits as well as to rely on one anothers audits, if the audits upon which they are relying address the services obtained from the C/V by each of the sharing licensees or applicants. Licensees, applicants, and contractors or vendors may rely on a shared audit to ensure that all services and elements upon which they rely have been adequately audited and to make clear that the licensees, applicants, and C/V are responsible for ensuring that an adequate audit is conducted of any services or elements upon which they rely that are not adequately covered by the shared audit.

14. 10 CFR 73.56 (o), Records Licensees or applicants shall establish, implement, and outline requirements for the retention, storage, and protection of records required by this section. Licensees, applicants, C/V will retain, store, and protect records to ensure their availability and integrity. In addition, this paragraph provides requirements for how long the licensee shall retain these records according to the type of record or until the completion of legal proceedings, whichever is later. These requirements also allow C/V to retain records for which they are responsible. Upon termination of a contract between a contractor and a licensee or applicant, the licensee or applicant will retrieve all relevant records that were accumulated by the contractor throughout the period of the contract.

With respect to the information-sharing mechanism required by this section, the expectation is that corrected or new information will be actively communicated by the recipient, in addition to being entered into the information-sharing mechanism.

Technical Rationale

13.6.4-14 Revision 1 - May 2022 13.6.4-14 Revision 0 - October 2016 The technical rational for the application of these acceptance criteria to the areas under review addressed by this SRP section is discussed in the following paragraphs:

1.

10 CFR Part 26, Subpart C, states that a licensee or other entity desiring to grant AA shall ensure that the requirements of Subpart C are met for either initial authorization, authorization update, authorization reinstatement, or authorization with potentially disqualifying FFD information.

2.

10 CFR 73.55 (b)(7) states the licensee shall establish, maintain, and implement an a program in accordance with 10 CFR 73.56 and shall describe the program in the PSP.

3.

10 CFR 73.55 (b)(9) establishes the requirement for an insider mitigation program.

4.

10 CFR 73.56 establishes that the requirements for an AA program must provide high assurance that the individuals subject to this section are trustworthy and reliable, such that they do not constitute an unreasonable risk to public health and safety or the common defense and security, including the potential to commit radiological sabotage and the latest NRC endorsed version of the industrys guidance document, NEI 03-01, Nuclear Power Plant Program.

5.

The technical basis for 10 CFR 73.56 is summarized in Personnel access authorization requirements for nuclear power plants, Final Rule,[56 FR19007, Apr.25, 1991 at 56 FR 24239, May 29, 1991; 72 FR 49561, Aug. 28, 2007; 74 FR 13979, Mar.27, 2009].

6.

10 CFR 73.57 establishes the requirements for performing criminal history checks of individuals granted unescorted access to a nuclear power facility or Safeguards Information (SGI). This SRP section reviews AA as part of the physical security plan.

13.6.4-15 Revision 1 - May 2022 13.6.4-15 Revision 0 - October 2016 III.

REVIEW PROCEDURES The scope of the review of a COL application is dependent on whether the COL applicant references an ESP, aan LWA, or other NRC approvals (e.g., manufacturing license, site suitability report, or topical report).

The reviewer will select material from the procedures described below, as may be appropriate for a particular case. The reviewer verifies that the licensees AA program is adequately described.

The reviewer will select material from the procedures described below, as may be appropriate for a particular case. The reviewer verifies that the licensees security program is fully described in the PSP, for COL applicants, that implementation milestones have been identified.

For COL applicants, implementation of AA programs will be inspected in accordance with NRC Inspection Manual Chapter IMC-2504, Construction Inspection Program Inspection of Construction and Operational Programs.

For operating reactor licensees, implementation of AA programs will be inspected in accordance with NRC Inspection Manual Chapter IMC-2201, Security Inspection Program for Commercial Nuclear Power Reactors.

When conducting the review of the AA program the reviewer should determine whether the AA program conforms to required regulations as described above in Section I and Section II above.

Site-specific information should be reviewed and evaluated in accordance with the requirements of 10 CFR 73.56.

Those sites that fall under an existing NRC-approved AA program would be considered acceptable if the full operational program is applied to the applicable personnel as described in 10 CFR 73.56. These sites would still need to provide a description of their intent to use the operating reactor plant AA program at the construction site(s) and whether a change is made to operational security plan that is not consistent with industry standards of acceptance. This description shall meet the requirements of 10 CFR 52.79(a)(44).

The AA program will remain in force until the operating phase security plan provisions approved by the NRC are implemented by the new commercial power reactor licensee. These measures may apply to the following entities:

COL applicants (under 10 CFR Part 52) who have been issued a LWA under 10 CFR 50.10(e);

COL holders; Construction permit applicants (under 10 CFR Part 50) who have been issued a LWA under 10 CFR 50.10(e); and Construction permit holders.

Licensee or applicants may voluntarily implement the AA program criteria no later than the commencement of construction activities of any security-related or safety-related SSCs.

13.6.4-16 Revision 1 - May 2022 13.6.4-16 Revision 0 - October 2016 Security-related SSCs are those SSCs that licensee or applicants will rely on to implement its physical security and safeguards contingency plans that either are required under 10 CFR Part 73, Physical Protection of Plants and Materials, if licensee or applicants is a construction permit applicant, or are included in licensee or applicant's application if licensee or applicants is a COL applicant or holder under 10 CFR Part 52. Modular fabrication facilities at the location where the nuclear power plant is being constructed and will operate, which are outside of the security-and safety-related SSCs controlled area will not need to be covered by the AA program prior tobefore initial fuel being broughtload into the protected area. reactor. A schedule will be provided for the implementation of the Operating Plant Physical Security Program in the COL application. The AA program describes the access requirements for deterring unauthorized activity during construction of a new reactor during its construction phase. A single operating PSP that covers both the new and existing reactors is submitted under licensee or applicants COL application.

The identified SRP acceptance criteria form the basis for these review procedures. For deviations from these acceptance criteria (such as alternative measures, in accordance with 10 CFR 73.55(r)), the staff should review the applicants or licensees submittal under 10 CFR 73.55(r), which would be submitted in accordance with 10 CFR 50.4, Written Communications. and 10 CFR 50.90, Application For Amendment Of License, Construction Permit, Or Early Site Permit, and should describe how the proposed alternatives provide an acceptable method of complying with the relevant NRC requirements identified in this section of the SRP and in Section II above.

When conducting the review of security plans the reviewer should determine whether the Security Plan conforms to the most recent NRC-endorsed revision of the generic security plan, NEI 03-12 (template), regulations, and the information requirements of Section I above and the acceptance criteria of Section II above.

The program may be applicable to those personnel who are described during construction activity of SSCs prior to nuclearbefore initial fuel in protected area. load into the reactor.

Applicable personnel are described in Table 1.

13.6.4-17 Revision 1 - May 2022 13.6.4-17 Revision 0 - October 2016 Table 1 - AA Program Applicability and Implementation Milestones Item Persons Subject to AA Program COL/ESP Milestone (e.g., timeline)

Applicable 10 CFR 73.56

1.

Construction personnel Verification of identity, through the compilation of information and other comparable data presented by the individual and reviewed by a reviewing official. [Name of Entity ] should verify the individuals identity by comparing an official photo identification (e.g., United States issued drivers license; passport; ID card issued by a state or outlying possession of the United States provided it contains a photograph with comparable data; government identification issued ID card, etc.) with physical characteristics of the individual Conduct an NRC Demographic Data check to ensure the individual is not a suspected terrorist through the Terrorist Screening Center (TSC) for all potential employees prior to access to the construction area. Demographic data information obtained by the [Name the Entity] under this section should be submitted to TSC through the NRC.

Focus of this effort is to identify potential terrorists.

The licensee will implement these measures before beginning the placement of security-or safety-related

systems, equipment, or components inside the controlled access construction area."

73.56(d)((3))(3)

13.6.4-18 Revision 1 - May 2022 13.6.4-18 Revision 0 - October 2016 2

Constructio n personnel All construction personnel should be given a copy of the construction area work policy. This policy should forbid threatening behavior, harassment of other workers, damaging or stealing company property, and any other illegal or unacceptable activity. It should also include a list of items which are prohibited (e.g., alcohol, and illegal drugs) and restricted items (e.g., explosives, firearms, and incendiary devices).

Observed suspicious behavior and events should be reported to construction supervision and security for investigation. Results of investigations and actions taken in response should be documented and retained as a record by supervision/management as defined in licensee or applicant security implementing procedures.

Prior to fuel assemblies being received on site 73.56(f) 3 Constructio n personnel Licensee or applicant should conduct a semi-annual Demographic Data Check by forwarding demographic data information for all personnel with current access to safety-or security-related SSCs, to the NRC on a semi-annual basis.

Prior to fuel assemblies being received on site 73.56(i)

13.6.4-19 Revision 1 - May 2022 13.6.4-19 Revision 0 - October 2016 Item Persons Subject to AA Program COL/ESP Milestone (e.g., timeline)

Applicable 10 CFR 73.56 2

Construction personnel All construction personnel should be given a copy of the construction area work policy. This policy should forbid threatening behavior, harassment of other workers, damaging or stealing company property, and any other illegal or unacceptable activity. It should also include a list of items which are prohibited (e.g., alcohol, and illegal drugs) and restricted items (e.g.,

explosives, firearms, and incendiary devices).

Observed suspicious behavior and events should be reported to construction supervision and security for investigation. Results of investigations and actions taken in response should be documented and retained as a record by supervision/management as defined in licensee or applicant security implementing procedures.

Before initial fuel load into the reactor.

73.56(f) 3 Construction personnel Licensee or applicant should conduct a semi-annual Demographic Data Check by forwarding demographic data information for all personnel with current access to safety-or security-related SSCs, to the NRC on a semi-annual basis.

Before initial fuel load into the reactor.

73.56(i)

Performance Objectives 10 CFR 73.56 This document is applicable to commercial nuclear power plants and other NRC-licensed facilities that commit to the requirements of 10 CFR Part 26 and 10 CFR 73.56 as described in this document. The term nuclear power plant when specified within this document then includes other NRC-licensed facilities meeting the 10 CFR Part 26 and 10 CFR 73.56 requirements. The document has been designed to provide a standard industry approach in the collection of information used to evaluate the trustworthiness and reliability of personnel for whom UA to the protected area has been requested and other individuals supporting the UA/UAA and FFD programs. This standard approach ensures consistent application of regulations and is fundamental to the sharing of access data within the industry. All UA/UAA and FFD information shared with other licensees shall be developed in accordance with regulatory requirements using the criteria in this document.

13.6.4-20 Revision 1 - May 2022 13.6.4-20 Revision 0 - October 2016 The licensee may accept, in part or whole, an AA program implemented by a C/V to satisfy appropriate elements of the licensees AA program. Only a licensee shall grant an individual UA.

Licensees shall certify individuals UAA and are responsible to maintain, deny, terminate, or withdraw UAA. A C/V may maintain an individuals UAA under a licensee-approved C/V program NEI 03-01, Revision 3 is a Personnel Access Data System (PADS) manual as described in the Agreement of Participation in the PADS hereinafter referred to as the PADS Participation Agreement. Licensees are committed as an industry to follow the requirements specified in NEI 03--01 through the PADS Participation Agreement. In addition, by incorporating NEI 03-01, Revision 3, in the PSP, each licensee acknowledges that the requirements in NEI 03-01 are enforceable in the same manner as are NRC rules and regulations.

Each licensee is responsible for determining whether to certify UAA and to grant UA at its facilities. In making this determination, a licensee may rely on program elements completed by another licensee or licensee-approved C/V program.

Once an UAA element is complete, a licensee or licensee-approved C/V may maintain an employees UAA element as authorized herein.

Once all elements are completed and UAA is authorized by a licensee, a licensee--approved C/V may maintain an employees UAA as authorized herein.

Each licensee approving a C/V program will ensure the latest revision of this document has been provided to each of its C/Vs for use and require that the criteria herein be met. Audits are used to assure that licensee-approved C/V UAA programs, supporting the granting of UA to the protected area, meet regulatory requirements. Licensees are responsible for ensuring that program deficiencies are corrected.

IV.

EVALUATION FINDINGS The staff should describe why the applicant is submitting an AA program for NRC review, the components of 10 CFR 73.56 used to determine the adequacy of the applicants program, and whether or not the program is acceptable for the purposes of the submittal. For example: In accordance with the provisions described in 10 CFR 73.56, Access Authorization Programs, ABC Corporation has submitted an access authorization program to the NRC on (date) for The Newest Power Plant, Units 7 and 8, as part of their Early Site Permit/Limited Work Authorization/Combined Operating License application. The staff has reviewed the applicants program and determined that the program is acceptable and meets the requirements of 10 CFR 73.56 and 10 CFR 52.79(a)(44).

The staff will review the applicants AA proposed program to verify that it meets the requirements of 10 CFR 73.56. The reviewer(s) should make determinations as to whether or not the program is acceptable based on the criteria in this document. Unresolved matters should be discussed with the AA Program Manager and affected offices (e.g., Office of New Reactors (NRO), Office of Nuclear Reactor Regulation (NRR)), as appropriate, before conducting a call or writing a letter to the applicant requesting additional information.

The staff reviewer should note that different 10 CFR parts refer to AA program requirements, most notably 10 CFR Parts 26 and 73, sections associated with IMP, BOP and AA requirements. With several requirements in different parts, portions of a submitted program will not necessarily be formatted to follow the 10 CFR 73.56 regulations. The reviewer should cross--reference key

13.6.4-21 Revision 1 - May 2022 13.6.4-21 Revision 0 - October 2016 components from the rule with specific sections of the applicants program, documenting sections of compliance and noncompliance, as a basis for accepting, questioning, or denying the acceptability of the applicants proposed AA program. A formal request for additional information may be necessary to complete the acceptance review.

The staffs findings should be documented in a safety evaluation, protected as required under 10 CFR 73.21, Protection Ofof Safeguards Information: Performance Requirements. and entered into the NRCs Agency-wide Documents Access and Management System (ADAMS) following concurrence by the appropriate Branch Chief in the Office of Nuclear Security and Incident Response. The AA Program Manager will forward the ADAMS accession number to the NRO or NRR Branch Chief with project responsibility for the site.

V.

IMPLEMENTATION The staff may use this SRP section in performing SEs of license applications submitted pursuant to 10 CFR Part 50 or 10 CFR Part 52. Except when the applicant proposes an acceptable alternative method for complying with specified portions of the Commissions regulations, the staff will use the method described here to evaluate conformance with Commission regulations.

VI.

REFERENCES0F1

1.

U.S. Code of Federal Regulations, Fitness for Duty Programs, Part 26, Chapter 1, Title 10, Energy.

2.

U.S. Code of Federal Regulations, Written Communications, § 50.4, Chapter 1, Title 10, Energy.

3.

U.S. Code of Federal Regulations, Inspections, § 50.70(b)(3), Chapter 1, Title 10, Energy.

4.

U.S. Code of Federal Regulations, Application for Amendment of License, Construction Permit, or Early Site Permit, § 50.90, Chapter 1, Title 10, Energy.

5.

U.S. Code of Federal Regulations, Licenses, Certifications, and Approvals for Nuclear Power Plants, Part 52, Subpart C, Combined License, Chapter 1, Title 10, Energy.

6.

U.S. Code of Federal Regulations, Physical Security Plan, § 52.79(a)(44), Chapter 1, Title 10, Energy.

7.

U.S. Code of Federal Regulations, Protection of Safeguards Information: Specific Requirements, Condition of access, § 73.22(b)(1), Chapter 1, Title 10, Energy.

1 Copies of the non-NRC documents included in these references may be obtained directly from the publishing organization.

Publicly available NRC published documents such as regulations, RGs, NUREGs, and Generic Letters listed herein are available electronically on the NRCs public Web site at: http://www.nrc.gov/reading-rm/doc-collections/. http://www.nrc.gov/reading-rm/doc-collections/. Copies are also available for inspection or copying for a fee from the NRCs Public Document Room (PDR) at 11555 Rockville Pike, Rockville, MD; the mailing address is USNRC PDR, Washington, D.C. 20555; telephone at 301-415-4737 or 1-800-397-4209; fax at 301-415-3548; and e-mail: PDR.Resource@nrc.gov.

-mail: PDR.Resource@nrc.gov.

13.6.4-22 Revision 1 - May 2022 13.6.4-22 Revision 0 - October 2016

8.

U.S. Code of Federal Regulations, Requirements for Physical Protection of Licensed Activities in Nuclear Power Reactors against Radiological Sabotage, § 73.55, Chapter 1, Title 10, Energy.

9.

U.S. Code of Federal Regulations, Personnel Access Authorization Requirements for Nuclear Power Plants, for an operating power reactor, § 73.56, Chapter 1, Title 10, Energy.

10.

U.S. Code of Federal Regulations, Introduction, § 73.56 (a), Chapter 1, Title 10, Energy.

11.

U.S. Code of Federal Regulations, Applicability, § 73.56 (b), Chapter 1, Title 10, Energy.

12.

U.S. Code of Federal Regulations, General Performance Objective, § 73.56 (c), Chapter 1, Title 10, Energy.

13.

U.S. Code of Federal Regulations, Background Investigation, § 73.56 (d), Chapter 1, Title 10, Energy.

14.

U.S. Code of Federal Regulations, Psychological Assessment, § 73.56 (e), Chapter 1, Title 10, Energy.

15.

U.S. Code of Federal Regulations, Behavioral Observation, § 73.56 (f), Chapter 1, Title 10, Energy.

16.

U.S. Code of Federal Regulations, Self-reporting of Legal Actions, § 73.56 (g), Chapter 1, Title 10, Energy.

17.

U.S. Code of Federal Regulations, Granting Unescorted Access and Certifying Unescorted Access Authorization, § 73.56 (h), Chapter 1, Title 10, Energy.

18.

U.S. Code of Federal Regulations, Maintaining Unescorted Access or Unescorted Access Authorization, § 73.56 (i), Chapter 1, Title 10, Energy.

19.

U.S. Code of Federal Regulations, Access to Vital Areas, § 73.56 (j), Chapter 1, Title 10, Energy.

20.

U.S. Code of Federal Regulations, Trustworthiness and Reliability of Background Screeners and Access Authorization Program Personnel, § 73.56 (k), Chapter 1, Title 10, Energy.

21.

U.S. Code of Federal Regulations, Review Procedures, § 73.56 (l), Chapter 1, Title 10, Energy.

22.

U.S. Code of Federal Regulations, Protection of Information, § 73.56 (m), Chapter 1, Title 10, Energy.

23.

U.S. Code of Federal Regulations, Audits and Corrective Action, § 73.56 (n), Chapter 1, Title 10, Energy.

24.

U.S. Code of Federal Regulations, Records, § 73.56 (o), Chapter 1, Title 10, Energy.

13.6.4-23 Revision 1 - May 2022 13.6.4-23 Revision 0 - October 2016

25.

U.S. Code of Federal Regulations, Requirements for criminal history records checks of individuals granted unescorted access to a nuclear power facility or access to Safeguards Information, § 73.57, Chapter 1, Title 10, Energy.

26.

U.S. Nuclear Regulatory Commission, Regulatory Guide 5.66, Access Authorization Program for Nuclear Power Plants.

27.

U.S. Nuclear Regulatory Commission, Regulatory Guide 1.206, Combined License Applications for Nuclear Power Plants.

28.

U.S. Nuclear Regulatory Commission, Guidance for the Application of the Radiological Sabotage Design-Basis Threat in the Design, Development and Implementation of a Physical Security Program that Meets 10 CFR 73.55 Requirements, Regulatory Guide 5.69.

29.

U.S. Nuclear Regulatory Commission, Physical Protection Programs at Nuclear Power Reactors, Regulatory Guide 5.76.

30.

U.S. Nuclear Regulatory Commission, Insider Mitigation Program, Regulatory Guide 5.77,

31.

U.S. Nuclear Regulatory Commission, Compensatory Measures related to Fitness-For-Duty, NRC Order EA-03-038.

32.

U.S. Nuclear Regulatory Commission, Construction Inspection Program - Non--ITAAC Inspections, NRC Inspection Manual Chapter IMC-2504, April 25, 2006.

33.

U.S. Nuclear Regulatory Commission, Power Reactor Security Requirements; Final Rule, Title 10 of the Code of Federal Regulations, Parts 50, 52, 72 et al., Federal Register Volume 74, Number 58, Page 13926, March 27, 2009.

13.6.4-24 Revision 1 - May 2022 13.6.4-24 Revision 0 - October 2016

13.6.4-25 Revision 1 - May 2022 13.6.4-25 Revision 0 - October 2016 PAPERWORK REDUCTION ACT STATEMENT The information collection requirements contained and referenced in the Standard Review Plan are covered by the requirements of 10 CFR Parts 26, 50, 52 and 73, which were approved by the Office of Management and Budget, approval numbers 3150-0146, 3150-0011, 3150-0151, and 3150-0002.

PUBLIC PROTECTION NOTIFICATION The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid OMB control number.

13.6.4-26 Revision 0- October 2016 SRP Section 13.6.4 Description of Changes Section 13.6.4 Access Authorization Program Section 13.6.4 is a new SRP section not previously included in NUREG-0800. It was developed to provide guidance for the review of an Access Authorization program submitted in applications submitted pursuant to 10 CFR Parts 50 or 52.