ML22074A300
| ML22074A300 | |
| Person / Time | |
|---|---|
| Issue date: | 03/21/2022 |
| From: | Darryl Parsons NRC/NSIR/DSO/ISB |
| To: | Gross W Nuclear Energy Institute |
| References | |
| Download: ML22074A300 (2) | |
Text
March 21, 2022 Mr. William R. Gross Director, Incident Preparedness Nuclear Energy Institute 1201 F Street NW, Suite 1100 Washington, DC 20004
SUBJECT:
USE OF ENCRYPTION SOFTWARE FOR ELECTRONIC TRANSMISSION OF SAFEGUARDS INFORMATION
Dear Mr. Gross:
By letter dated February 25, 2022 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML22056A248), the Nuclear Energy Institute (NEI) requested that the U.S. Nuclear Regulatory Commission (NRC) approve the use of Symantec Encryption Desktop version 10.5.0 for the electronic transmission of safeguards information (SGI). You stated that this version of the encryption product was developed with Pretty Good Privacy (PGP)
Cryptographic Engine Software Version 4.4 and complies with Federal Information Processing Standard (FIPS) 140-2 as validated by the National Institute of Standards and Technology (NIST) Consolidated Certificate No. 3729.
The NRC approves only those cryptographic algorithms approved by NIST. Based on the NIST validation that the encryption software complies with FIPS 140-2, the NRC staff finds that the use of Symantec Encryption Desktop, Version 10.5.0, is acceptable to use for electronic transmission of SGI in accordance with 10 CFR 73.22(f)(3). As described in RIS 2002-15, newer versions of encryption software may be used without prior NRC approval, if it is documented that the newer version uses the same cryptographic module as the current version.
Therefore, in accordance with 10 CFR 73.22(f)(3), the staff approves the use of Symantec Encryption Desktop version 10.5.0. If NIST no longer approves certain cryptographic algorithms, the NRC also does not approve use of that cryptographic algorithm.
If you have any questions, please contact Bern Stapleton at 301-415-2278.
Sincerely, Signed by Parsons, Darryl on 03/21/22 Darryl H. Parsons, Chief Information Security Branch Division of Security Operations Office of Nuclear Security and Incident Response
Ltr ML22074A300 OFFICE NSIR/DSO/ISB NSIR/DSO/ISB NAME BStapleton BS DParsons DP DATE Mar 17, 2022 Mar 21, 2022