Text

April 22, 2022 MEMORANDUM TO: Daniel H. Dorman Executive Director for Operations King, Michael signing on behalf FROM: Andrea D. Veil, Director of Veil, Andrea on 04/22/22 Office of Nuclear Reactor Regulation Lewis, Robert signing on behalf John Lubinski, Director of Lubinski, John on 04/22/22 Office of Nuclear Material Safety and Safeguards Signed by Gavrilas, Mirela Mirela Gavrilas, Director on 04/21/22 Office of Nuclear Security and Incident Response Tania Martinez Navedo signing for Mark Lombard, Director on 04/21/22 Office of Enforcement Signed by Higgs, Tracy Tracy Higgs, Director on 04/21/22 Office of Investigations

SUBJECT:

U.S. NUCLEAR REGULATORY COMMISSION ASSESSMENT ON MITIGATION OF RISK POSED BY COUNTERFEIT, FRAUDULENT, AND SUSPECT ITEMS On February 18, 2022, the Executive Director for Operations (EDO) tasked the staff to take several actions in response to findings from the Office of the Inspector General (OIG) about counterfeit, fraudulent, and suspect items (CFSI) that could be found in facilities, devices, or activities regulated by the U.S. Nuclear Regulatory Commission (NRC) (Agencywide Documents Access and Management System (ADAMS) Accession No. ML22048A484). As required in item 3 of the EDO tasking memorandum, the staff assessed the risk posed by CFSI and considered program improvements that should be implemented to enhance the NRCs oversight of CFSI. The assessment was informed by the findings identified in OIG Case No.20-022, Special Inquiry into Counterfeit, Fraudulent, and Suspect Items in Operating Nuclear Power Plants dated February 9, 2022 (ADAMS Accession No. ML22040A111), and CONTACT: Deanna Zhang, NRR/DRO/IQVB (301) 415-1946 Hipolito Gonzalez, NMSS/DFM/IOB (301) 415-5637

D. Dorman 2 OIG-22-A-06, Audit of the Nuclear Regulatory Commissions Oversight of Counterfeit, Fraudulent, and Suspect Items at Nuclear Power Reactors, dated February 9, 2022 (ADAMS Accession No. ML22040A058). The staff performed this assessment using a safety case approach in consideration of data gathered in support of the staffs response (ADAMS Accession No. ML22060A153) to items 1 and 2 of the EDO tasking memorandum. The staff also conducted a review of the allegations process to verify proper handling of allegations cited in the special inquiry and to determine if any revisions to the allegation process are necessary as required by item 4 of the EDO tasking memorandum.

Based on the assessment results, the staff determined that the NRCs regulatory framework, which incorporates risk-informed approaches and defense-in-depth principles, and the implementation of a comprehensive oversight program provide confidence that licensees and certificate of compliance holders have adequately prevented or mitigated risks posed by CFSI.

The staff recognized areas where the OIG reports reflected that there are opportunities for the agency to make incremental improvements to the implementation of existing programs and processes. Consistent with the items identified in the subject reports, and in the interest of continual improvement, the staff recommends enhancing the NRCs performance of oversight related to CFSI in several areas, including improvements aimed at strengthening knowledge and awareness of the NRCs regulatory requirements for defect reporting. Most of these proposed enhancements are encompassed by the actions already planned and underway as described in the staffs response (ADAMS Accession No. ML22077A775) to OIG-22-A-06.

Based on the review of the allegations process, the staff determined the concerns referenced in the OIGs special inquiry report were appropriately handled in accordance with agency policy and guidance documents and no changes to the allegations process are necessary. However, the staff did recognize the opportunity to assess the clarity of information on the public allegations web page and make any needed changes to better describe how non-allegations are processed. The details of this review are enclosed.

Enclosures:

1. Assessment of Risk Posed by CFSI and Recommendations for Enhancements

2. Review of Allegations Concerns Raised in OIG Special Inquiry

ML22080A111 NRR-106 OFFICE NRR/DRO/IQVB NRR/DRO/IQVB NMSS/DFM/IOB NSIR/DPCP/CS NAME DZhang KKavanagh HGonzalez DWhite B

DATE 3/23/2022 3/23/2022 3/23/2022 3/22/2022 OFFICE NRR/DRO NMSS/DFM NMSS/MSST NSIR/DPCP NAME RFelts CRegan TClark JBeardsley DATE 3/25/2022 3/25/2022 3/25/2022 3/25/2022 OFFICE NMSS/DUWP OI QTE OGC NAME JMarshall JPrichard JDougherty PMoulding DATE 3/24/2022 3/24/2022 3/30/2022 4//2022 OFFICE OI NSIR OE NMSS NAME THiggs MGavrilas MLombard JLubinski DATE 4/21/2022 4/21/2022 4/22/2022 4/22/2022 OFFICE NRR NAME AVeil DATE 4/22/2022 Assessment of Risk Posed by Counterfeit, Fraudulent, and Suspect Items and Recommendations for Enhancements 1 Executive Summary The U.S. Nuclear Regulatory Commission (NRC) staff conducted an assessment of the risk posed by counterfeit, fraudulent, and suspect items (CFSI) that could be introduced into NRC-regulated facilities, devices, or activities, in response to the findings presented in Office of the Inspector General (OIG) Case No. 20-2022, Special Inquiry into Counterfeit, Fraudulent, and Suspect Items in Operating Nuclear Power Plants dated February 9, 2022 1 and OIG-22-A-06 Audit of the Nuclear Regulatory Commissions Oversight of Counterfeit, Fraudulent, and Suspect Items at Nuclear Power Reactors dated February 9, 2022.2 The staff used a safety case approach to systematically assess the risk posed by CFSI, which allowed the staff to determine whether the current regulatory framework is adequate to mitigate risks posed by CFSI hazards3 while accounting for the different bounding conditions at each type of regulated entity, (i.e., licensing bases, oversight, and risk profile).

The staff applied a consistent approach for the reactor-related facilities and activities (reactor facilities, including decommissioning reactors, fuel cycle facilities, and spent fuel storage and radioactive materials transportation) and nuclear materials-related facilities and activities (i.e.,

nuclear materials users, uranium recovery, and materials decommissioning), as summarized below. Any differences in the implementation of the assessment arose naturally because of the wide variation in the types of facilities, devices or activities and their associated hazards across these program areas. This variation leads to different methods of regulatory assurance (e.g.,

whether safety-related designations or quality assurance (QA) provisions are required). In all cases, the staff documented a safety case by assessing the oversight related to CFSI and determining whether CFSI hazards are appropriately mitigated for each type of regulated entity.

If the staff identified potential enhancements, it identified planned actions to address these enhancements.

The staff arrived at the following conclusions:

The current regulatory framework provides reasonable assurance that CFSI hazards are prevented or mitigated and ensures that adequate QA controls are established by (1) licensees of reactor and fuel cycle facilities, (2) independent spent fuel storage installation (ISFSI) licensees and radioactive materials transportation licensees, (3) suppliers of safety-related structures, systems, and components (SSCs) for reactor facilities and certificate of compliance (CoC) holders or suppliers of important-to-safety (ITS) SSCs for spent fuel storage systems and radioactive materials transportation packages, and (4) nuclear materials users.

Decommissioning nuclear power plants have hazards related to the storage of spent fuel in fuel pools that are bounded by those for operating reactors, and as such have 1 Agencywide Documents Access and Management System (ADAMS) Accession No. ML22040A111 2 ADAMS Accession No. ML22040A058 3 For the context of this report, hazard is defined as potential for harm and CFSI hazards refers to hazards that are caused by CFSI.

Enclosure 1

appropriate controls in place (i.e., QA requirements in Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants, to Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of Production and Utilization Facilities) to identify and mitigate CFSI.

Regulations and regulatory guidance for defect reporting provide adequate coverage of defects that could be attributed to CFSI.

Defense-in-depth measures and safety margins provide adequate protection to mitigate CFSI hazards.

Sufficient tools exist to measure and assess industry performance to provide reasonable assurance that the presence of CFSI is mitigated under current performance monitoring strategies and oversight processes.

Event evaluation program elements provide high confidence that any events involving CFSI are appropriately identified.

Current regulations, guidance, and oversight for nuclear power reactor cyber security provide assurance that controls are adequate for ensuring supply chain integrity of critical digital assets.

Expanding CFSI programs is not necessary at this time, and current regulatory requirements, oversight programs, and outreach and communications appropriately mitigate risks posed by the introduction of CFSI into materials facilities.

In summary, the staff concludes that changes to current NRC regulations to mitigate risks posed by CFSI hazards to reactor-related and materials-related facilities and licensees and activities are not necessary. This conclusion is further supported by the staffs assessment of operational event data, which showed no evidence of CFSI in safety-related SSCs in reactor facilities or sealed sources, devices, or ITS SSCs; no evidence of events caused by the introduction of CFSI into safety-related SSCs in reactor facilities or sealed sources, devices, or ITS SSCs; and no evidence that CFSI parts or components introduced any unknown challenges to safety at regulated entities.

The OIG reports reflected that there are opportunities for the agency to make incremental improvements to the implementation of existing programs and processes. Most of these proposed improvements are encompassed by the actions already planned and underway as described in the staffs response to OIG-22-A-06.4 In concert with the staffs actions in response to OIG-22-A-06, the staff plans to:

1. Strengthen awareness of the reporting requirements under 10 CFR Part 21, Reporting of Defects and Noncompliance; 10 CFR 50.72, Immediate notification requirements for 4 Memorandum to Assistant Inspector General for Audits, Staff Response to the Office of the Inspector Generals Audit of the U.S. Nuclear Regulatory Commissions Oversight of Counterfeit, Fraudulent, and Suspect Items at Nuclear Power Plants, (ADAMS Accession No. ML22077A775) 2

operating nuclear power reactors; 10 CFR 50.73, Licensee event reporting system; 10 CFR 71.95, Reports; 10 CFR 72.75, Reporting requirements for specific events and conditions; and 10 CFR 72.242, Recordkeeping and reports,50.73, 71.95, 72.75, and 72.242 for NRC regional staff and inspectors. This action addresses some of the concerns raised in the OIG special inquiry report related to NRC inspectors understanding of 10 CFR Part 21 requirements and will be implemented during knowledge management sessions or counterpart meetings, on an as-needed basis.

2. Perform outreach during regular industry meetings with vendors of spent fuel storage systems and radioactive materials transportation packages to ensure suppliers are kept aware of the latest information regarding the risks posed by CFSI and the available guidance to address these risks.

3. Engage with other Federal agencies that perform regulatory oversight of safety critical industries (e.g., Food and Drug Administration (FDA), Federal Aviation Administration (FAA)) and with international regulatory counterparts to assess the approaches adopted by these agencies and counterparts to prevent or mitigate CFSI risks among their regulated entities and determine the applicability of any insights gained from the assessment to the NRCs approach for oversight related to CFSI.

2 Background In SECY-11-0154, An Agencywide Approach to Counterfeit, Fraudulent, and Suspect Items, dated October 28, 2011,5 the staff provided the Commission with the staffs agencywide strategy and 19 planned activities to monitor and evaluate CFSI relevant to NRC-regulated activities in response to CFSI-related findings in OIG-10-A-20, Audit of NRCs Vendor Inspection Program, dated September 28, 2010.6 In SECY-15-0003, Staff Activities Related to Counterfeit, Fraudulent, and Suspect Items, dated January 8, 2015,7 the staff discussed how 14 of these 19 planned action items were completed, and committed to completing the remaining five by December 2018. In 2021, the staff reevaluated the status of the action items in SECY-15-0003 and determined that the remaining five action items have been completed. The staff completed several other initiatives aimed at improving the NRCs oversight related to CFSI, such as issuance of a desktop guide for evaluating potential CFSI events, development of Nuclepedia pages on CFSI, and performance of outreach activities with the advanced reactor community to inform stakeholders about CFSI in the supply chain.

In February 2022, the OIG issued two reports indicating that concerns remained about CFSI at nuclear power plants (OIG Case No. 20-2022 and OIG-22-A-06). The staff conducted a review8 of the information presented in these two OIG reports to assess whether there were immediate safety concerns at nuclear power plants or for other NRC-regulated facilities, devices, and activities. The staff did not identify any immediate safety concerns due to CFSI. As noted in that review, the staff requested additional information from the OIG on the events identified in the special inquiry report to inform the staffs review. The OIG responded that the information in 5 ADAMS Accession No. ML112200150 6 ADAMS Accession No. ML102710583 7 ADAMS Accession No. ML14240A629 8 ADAMS Accession No. ML22060A153 3

the special inquiry report pertaining to the specific reactor facility site, confirmation on whether the items identified as CFSI in reports reviewed by OIG were safety-related, and confirmation whether the events identified by third-party organizations pertaining to equipment intended for safety-related applications at operating reactor facilities is confidential, and therefore, was unable to provide staff with the requested information. The staff was accordingly unable to review and evaluation of the specific examples cited in the OIG special inquiry report. The staff did perform a search for CFSI events in NRC databases and requested information from third-party organizations9 regarding any known CFSI events in their databases. The staff did not identify any evidence of CFSI from the search, and it received confirmations from the third-party organizations that their databases did not identify any CFSI events involving safety-related SSCs. Given the lack of data for CFSI events involving NRC regulated entities, the staff could not assign a quantitative value for the likelihood of CFSI causing failures or creating accident conditions. Therefore, the staff based its assessment on a qualitative approach to determine whether the current regulatory framework is adequate to prevent or mitigate CFSI hazards.

3 Staff Assessment Consistent with how various safety-critical industries (e.g., aerospace, medical devices) demonstrate safety, the staff used a safety case approach when assessing the risks posed by CFSI. This approach allowed the staff to systematically assess and determine whether the current regulatory framework is adequate to mitigate risks posed by CFSI hazards while accounting for the different bounding conditions at each type of regulated entity.

In all cases, the goal of the safety assessment was to confirm that licensee actions, as required by NRC regulations and overseen through inspection, are sufficient to mitigate the risks posed by CFSI hazards. In building the safety case, the staff focused on determining whether the existing regulatory framework either (1) achieved the safety goal or (2) required improvements to address gaps. Where it found any potential gaps in the ability to demonstrate a safety claim is met, the staff would provide recommendations to address those potential gaps. This assessment considered the actions already planned and underway, as documented in the staff response to OIG-22-A-06.

The staffs assessment explored six areas directly related to mitigating the consequences of potential CFSI and preventing the introduction of CFSI from being introduced into facilities, devices, or activities: (1) QA controls and defect reporting (see Section 3.1), (2) defense-in-depth measures and safety margins (see Section 3.2), (3) performance monitoring and oversight (see Section 3.3), (4) supply chain integrity of critical digital assets (see Section 3.4),

(5) event evaluation (see Section 3.5), and (6) guidance, training, and outreach (see Section 3.6). The staff selected these areas in order to assess whether (1) the current regulatory framework for QA controls and defect reporting is adequate to identify and prevent CFSI hazards; (2) the current regulatory framework on provision of sufficient defense-in-depth and safety margin is adequate to mitigate any CFSI hazards that were not identified and prevented by these QA controls and defect reporting requirements; (3) the measures established for 9 The third-party organizations included the Electric Power Research Institute (EPRI), Nuclear Procurement Issues Corporation, and Institute of Nuclear Power Operations.

4

performance monitoring that provide evidence to verify that CFSI hazards were and continue to be identified are adequate; (4) supply chain integrity requirements are adequate and measures are in place to verify the proper implementation of these requirements; (5) processes for evaluating CFSI events are adequate; and (6) guidance, training, and outreach with internal and external stakeholders are adequate.

Licensing bases, regulatory requirements, and oversight programs vary based on the overall risk profile of a given regulated facility or activity. For example, the physical environment and potential radiological consequences for an operating reactor facility differ from those of a fuel cycle facility or a nuclear materials user. In addition, there are varying levels of quantitative risk information that the staff could apply in conducting its assessment. Nuclear power plants have quantitative probabilistic risk assessments (PRAs) that enable direct assessment of the risks that would result from the failure of certain components, or conversely the risk that could be averted if certain failure modes were eliminated. At the other end of the spectrum, sealed sources and devices (SSDs) used in commercial, industrial, research and development, and medical applications generally have inherent design features, combined with procedural requirements, that ensure safety; quantitative risk assessments are not conducted.10 Given the distinctions in risk profiles and associated regulatory requirements, the acceptance criteria for determining whether CFSI hazards have been mitigated differ for various entities. One potential hazard introduced by CFSI for these different types of licensees is the use of CFSI in SSDs, or critical equipment that, upon failure, could cause unplanned exposures of radiation workers, patients, or the public.

Regulations for nuclear materials users do not specify the parts and qualification to be used.

Therefore, there is no counterfeit or fraudulent part that could be substitutedonly the potential for a lower quality one that still meets the standards specified in the license. While the staff is aware that nuclear material user licensees have implemented some preventative measures, it proceeded with this evaluation under the presumption that CFSI could be introduced into SSDs and assessed whether the risks were appropriately mitigated. The staff assumed that any SSD containing CFSI components or CFSI safety-related features would fail in a similar manner to a properly constructed SSD. Introduction of a CFSI part or component into an SSD could result in increased probability of failure. However, the NRC and Agreement States have processes in place such as event evaluation and trending and analysis and Part 21 reporting to identify, assess, and communicate to the regulated community any increases in SSD failures due to CFSI.

3.1 Regulatory Framework for Quality Assurance and Defect Reporting Provides assurance that Regulated Entities Prevent and Mitigate CFSI Hazards 3.1.1 Quality Assurance Regulatory Framework Assessment 3.1.1.1 Reactor Facilities 10 Given the wide variety of sources and devices regulated by the NRC and 39 Agreement States (over 18,000 licensees), the staff conducted a bounding assessment by identifying the SSDs with the highest risk potential to members of the public and radiation workers and assessed the potential pathways for the introduction of CFSI.

5

A key factor in preventing and mitigating CFSI hazards to reactor facilities is adherence to the requirements in Appendix B, to 10 CFR Part 50, that require those licensees to use high-quality products and services for safety-related SSCs. Each reactor licensee must submit to the NRC for review and approval a description of its QA program demonstrating how the criteria within Appendix B to 10 CFR Part 50 are met. The NRC has also reviewed and approved the descriptions of QA programs from nuclear steam supply system vendors, as well as other vendors and designers. Licensees are required to procure safety-related SSCs either from approved suppliers or through a thorough acceptance process of commercial products and services, known as commercial-grade dedication.

Suppliers of safety-related SSCs must have a comprehensive QA program that meets the NRCs requirements in Appendix B to 10 CFR Part 50 that are validated through licensee audits. Extensive inspections of a procured items critical physical characteristics and rigorous performance testing before the items use in a safety-related application reduces the likelihood of undetected CFSI in safety-related applications. Other requirements for QA controls such as Criterion VIII, Identification and Control of Materials, Parts, and Components, Criterion XIV, Inspection, Test, and Operating Status, Criterion XV, Materials, Parts, or Components, and Criterion XVI, Corrective Action of Appendix B to 10 CFR Part 50 further reduce the likelihood that CFSI can adversely impact the safety of reactor facilities. Therefore, the staff concludes that the current regulatory framework for ensuring adequate QA controls are established by licensees of reactor facilities is adequate to prevent and mitigate potential CFSI hazards.

The staff assessed the QA controls at decommissioning nuclear power plants with spent fuel in the pool and determined that the controls are appropriate (i.e., 10 CFR Part 50, Appendix B QA requirements). The regulatory framework for QA controls at facilities with fuel in the pool is adequate to mitigate CFSI hazards because the radiological consequences from CFSI are much smaller at these facilities than for operating reactors. At decommissioning nuclear power plants, where all spent fuel has been transferred from the spent fuel pool to an ISFSI, the safety-related SSCs or quality control (QC)-certified parts are no longer applicable for the reactor facility. The QA requirements in 10 CFR Part 72, Subpart G are applied to the dry storage of spent fuel, which is discussed in the following section.

3.1.1.2 Fuel Cycle Facilities, Spent Fuel Storage, and Radioactive Materials Transportation Fuel cycle facility licensees must (1) implement the procurement requirements specified in 10 CFR Part 21 for the purchase of basic components and (2) have processes in place that can contribute to the identification and prevention of CFSI. Such processes include a system of management measures, which may include a QA program or controls that comply with portions of American Society of Mechanical Engineers (ASME) NQA-1, Quality Assurance Requirements for Nuclear Facility Applications, or other QA requirements defined in NRC requirements or license conditions. Management measures such as maintenance, incident investigations, and other quality-assurance elements (which include elements such as inspections and tests) can be useful in identifying suspect items through evaluation of item quality before use, performance during use, and investigation of failures. Additionally, at facilities with approved QA programs, the controls may include requirements for procurement documents, control of purchased items and services, performance of inspections, and measures to address nonconforming items. Additionally, fuel cycle facilities may have internal policies and procedures in place for the identification and prevention of CFSI.

For radioactive materials transportation, 10 CFR Part 71, Packaging and Transportation of Radioactive Material, Subpart H, Quality Assurance, requires licensees and CoC holders to 6

use high-quality products and services for ITS SSCs that have the greatest impact on safety.

For spent fuel storage systems and ISFSIs, 10 CFR Part 72, Licensing Requirements for the Independent Storage of Spent Nuclear Fuel, High-Level Radioactive Waste, and Reactor-related Greater than Class C Waste, Subpart G, Quality Assurance, also requires licensees and CoC holders to use high-quality products and services for ITS SSCs. Each licensee and CoC holder must submit to the NRC for review and approval a description of its QA program demonstrating how the applicable criteria within 10 CFR Part 71, Subpart H or 10 CFR Part 72, Subpart G, are met. Licensees and CoC holders are required to procure ITS SSCs that have the greatest impact on safety either from approved suppliers or through commercial-grade dedication. Suppliers of ITS SSCs that have the greatest impact on safety must have a comprehensive QA program that meets the NRCs requirements in 10 CFR Part 71, Subpart H or 10 CFR Part 72, Subpart G, that are validated through licensee audits and NRC vendor inspections. Licensees and CoC holders conduct extensive inspections of a procured items critical physical characteristics prior to using the item in an ITS application, reducing the risk of undetected CFSI in ITS applications. Other QA controls, such as the performance of acceptance testing and inservice testing and inspections, and the prompt identification and correction of failures, malfunctions, deviations, nonconformances, and defective material and equipment, further reduce the likelihood that CFSI can adversely impact the safety of radioactive materials transportation packages, spent fuel storage systems, and ISFSIs. Therefore, the staff concludes that the current regulatory framework for ensuring adequate QA or process controls are established by licensees of fuel cycle facilities, by licensees and CoC holders of spent fuel storage, and for radioactive materials transportation, is adequate to prevent and mitigate potential CFSI hazards.

3.1.1.3 Nuclear Materials Users Vendors of SSDs must submit sufficient radiation safety information for the NRC or Agreement States to perform an independent, technical safety evaluation on these products before commercial distribution. The NRC and Agreement States issue SSD registration certificates upon completion of this safety evaluation. Applicants and licensees that wish to use SSDs containing byproduct material must reference a registered SSD during the application process or provide sufficient information for the regulator to perform a safety evaluation of the SSD. This process ensures that applicants and licensees are using SSDs that have been evaluated and found acceptable in accordance with NRC and Agreement State regulatory requirements. It also reduces the potential for the introduction of CFSI because licensees must demonstrate that SSDs would perform as intended before use and distribution. In addition, byproduct material licensees that are authorized to use SSDs licensed under 10 CFR Parts 30 through 39 or equivalent Agreement State regulations must adhere to the requirements in the regulations and are not authorized to make any unapproved changes to the registered SSDs.

As part of the application process, manufacturers and distributors of SSDs are required to provide sufficient information on their QC programs in accordance with 10 CFR 32.210, Registration of product information, or equivalent Agreement State regulations. The information must provide reasonable assurance that the radiation safety properties of these products will be maintained as designed. The QC program is a component of a licensees QA 7

program11 that provides control over all activities applicable to the design, fabrication, inspection, testing, maintenance, repair, modification, and distribution of the SSDs. This approach to QA puts emphasis on the overall management structure and on the program that covers construction of the device from the time of initial design through refurbishment, which all serve to mitigate the likelihood of CFSI being introduced into SSDs.

Also, only the SSD manufacturer or an NRC or Agreement State-licensed service provider is authorized to perform major services such as source replacements or exchanges and maintenance or refurbishment. This limits the risk that parts of unknown pedigree could be introduced into a SSD, because only skilled and approved providers are performing these functions. The NRC also tracks Category 1 and 2 radioactive sources through the National Source Tracking System12 from manufacture through shipment receipt, decay, and burial. The tracking of Category 1 and 2 radioactive sources provides an additional level of assurance that these sealed sources are distributed from a legitimate vendor, further reducing the potential introduction of CFSI into a device.

A manufacturer and distributors QA program must ensure that (1) there is full design conformity in accordance with the statements and commitments submitted in support of the application (including materials of construction, dimensions within stated tolerances, manufacturing methods, assembly methods, and labeling), (2) the final product is leak tested, (3) a final radiation profile is performed, (4) a test is performed that verifies that the product operates as intended, including all safety features, and (5) a visual and mechanical inspection is performed of components that are considered related to safety or are expected to be susceptible to failure under extreme or unusual conditions.

The staff reviewed these regulatory requirements and determined that the existing requirements for nuclear materials users provide reasonable assurance that licensee QA programs ensure that the SSDs meet the designs that have been approved and that any safety features used in the devices have been tested before the devices distribution to nuclear materials users.

3.1.1.4 Uranium Recovery Facilities No QA controls are required at uranium recovery facilities. Based on the nature of the materials used at these facilities (low specific activity, low volatility), the staff determined that the activities performed at these sites do not present risks such that CFSI could cause failure of a component or structure that results in any safety concerns that have not been evaluated already. The staff has previously performed generic analyses of postulated accidents and associated consequences for uranium recovery facilities.13 The accident source terms in these analyses 11 NUREG-1556, Consolidated Guidance About Materials License, Volume 3, Revision 2, Applications for Sealed Source and Device Evaluation and Registration, Section 10.7, Quality Assurance and Quality Control (ADAMS Accession No. ML15246A317) 12 https://www.nrc.gov/security/byproduct/ismp/nsts.html 13 NUREG-0706, Final Generic Environmental Impact Statement on uranium milling (ADAMS Accession No. ML032751663); NUREG-1140, A Regulatory Analysis on Emergency Preparedness for Fuel Cycle and Other Radioactive Material Licensees (ADAMS Accession No. ML062020791); and NUREG/CR-6733, A Baseline Risk-Informed, Performance-Based Approach for In Situ Leach Uranium Extraction Licensees (ADAMS Accession No. ML012840152).

8

included fires, failures of air cleaning systems, tailings pond releases, other liquid field spills, tornadoes, and seismic events. The calculated dose to an offsite member of the public was less than 100 millirem for these scenarios. For uranium recovery facilities, the staff assessed that there is no increased risk significance associated with the potential presence of CFSI.

3.1.2 Assessment of Defect and Event Reporting Requirements The following regulations provide several mechanisms for reactor licensees to provide information to the agency: 10 CFR 50.72, 10 CFR 50.73, and 10 CFR Part 21. Licensees and CoC holders for radioactive materials transportation submit information to the agency in accordance with the regulations in 10 CFR 71.95 and 10 CFR Part 21. Licensees and CoC holders for spent fuel storage systems, high-level waste (HLW), and reactor-related greater-than-Class-C (GTCC) waste provide information to the agency in accordance with the regulations in 10 CFR 72.75, 10 CFR 72.242, and 10 CFR Part 21, as applicable. These requirements for reporting typically focus on events or conditions that have a certain level of safety significance regardless of the specific causal factors. For nuclear materials users, SSD registration certificate holders must report any defects or failures that are associated with a substantial safety hazard in accordance with 10 CFR Part 21. SSD registration certificate holders must submit an amendment to the SSD registration certificate if the holder identifies a 10 CFR Part 21 defect that results in a design change.

The staff assessed whether these reporting requirements contain adequate criteria for reporting defects that could be attributed to CFSI. As stated in the action items in SECY-15-0003, the staff committed to modify, as part of the 10 CFR Part 21 rulemaking, the definition of deviation to include counterfeit and fraudulent items for evaluation to determine whether such deviations could lead to a defect. The NRC decided not to complete this rulemaking because the staff determined that the proposed criteria, including the proposed change to the definition of the term deviation, should more appropriately be made part of regulatory guidance to support licensees and suppliers implementation of 10 CFR Part 21 requirements. Therefore, in April 2018, the staff issued Regulatory Guide (RG) 1.234, Evaluating Deviations and Reporting Defects and Noncompliance under 10 CFR Part 21, 14 which endorses Nuclear Energy Institute (NEI) 14-09, Revision 1, Guidelines for Implementation of 10 CFR Part 21 Reporting of Defects and Noncompliance, 15 and provides guidance to reactor licensees. NEI 14-09, Revision 1 states that counterfeit and fraudulent items should be considered as deviations. The NRC provides specific guidance in NUREG-1556, Consolidated Guidance About Materials Licenses, Volume 3, Revision 2, Applications for Sealed Source and Device Evaluation and Registration, issued September 2015,16 to SSD registration certificate holders to report defects or noncompliances as required by 10 CFR Part 21.

The staff determined that regulatory requirements and implementing guidance for the reporting of defects are adequate to encompass the reporting of defects attributed to CFSI. Consistent with the risk-informed framework of NRC regulations, the staff concludes that the existing reporting requirements and implementation guidance, which are based on the safety-14 ADAMS Accession No. ML17338A072 15 ADAMS Accession No. ML16054A825 16 ADAMS Accession No. ML15246A317 9

significance of any potential adverse conditions or defects, are adequate to address the need to report potential failures that could be attributed to CFSI.

3.2 Defense-in-Depth Measures and Safety Margins Provide Adequate Protection against CFSI Hazards The staff assessed the defense-in-depth measures and safety margins associated with each type of regulated activity, facility, or licensee to determine whether failures of SSCs caused by CFSI can be adequately mitigated. The results of this assessment are detailed below.

3.2.1 Reactor Facilities The regulatory framework established for ensuring sufficient defense-in-depth and safety margins at reactor facilities (e.g., General Design Criterion (GDC) 21, Protection System Reliability and Testability, and GDC 22, Protection System Independence, of Appendix A, General Design Criteria for Nuclear Power Plants to 10 CFR Part 50, 10 CFR 50.62, Requirements for reduction of risk from anticipated transients without scram (ATW) events for light-water-cooled nuclear power plants, 10 CFR 50.155, Mitigation of beyond-design-basis events) provides reasonable assurance that CFSI hazards are adequately mitigated. Nuclear reactor facilities must be designed, built, and maintained with sufficient defense-in-depth measures and adequate safety margins to (1) prevent the loss of a safety function due to a single failure of a safety-related SSC and failures of SSCs that are not safety-related, and (2) maintain adequate protection from a common cause failure of safety-related SSCs. These measures include built-in redundancy within safety-related systems, diverse means to accomplish protective functions, and equipment for coping with beyond design basis events.

The assessment determined that the existing safety analyses, coping analyses, and PRA modeling for reactor facilities provide reasonable assurance that these measures are adequate to ensure plant safety in the presence of potential failures of SSCs from CFSI concurrent with any anticipated transient or accident conditions. Specifically, the staff determined that (1) any potential failures (including single failures and common cause failures) of SSCs from CFSI would be bounded by the conditions enveloped by these analyses such that a new accident condition not previously analyzed is not anticipated through potential failures introduced by CFSI; or (2) sufficient safety margins exist based on PRA model analyses to mitigate the risk from CFSI hazards. This determination is based on (1) the existence of multiple layers of defense-in-depth measures to prevent loss of the ability to perform the protective function due to a single failure of an SSC from CFSI, (2) diverse means to accomplish a protective function to cope with common cause failures of SSCs from CFSI, and (3) the availability and accessibility of equipment independent from and not affected by the failures of SSCs from CFSI. In addition, in the review performed to verify that there are no immediate safety concerns for reactor facilities from CFSI, the staff assessed CFSI impacts on plant consequences using a qualitative review of any potential increase in risk through a generalized sensitivity study. The results of this review concluded that failures introduced from any potential CFSIs in SSCs would have a minimal impact on safety margins, and negligible impact to public health and safety. Therefore, the staff concludes that the current NRC regulatory framework for ensuring sufficient defense-in-depth and safety margins provides adequate protection against CFSI hazards.

For decommissioning nuclear power plants with spent fuel still in the pool, the regulatory framework for operating reactors still applies, and the staff determined that those defense-in-depth measures and safety margins are adequate to mitigate the risk of CFSI hazards. After 10

the spent fuel is permanently removed from the spent fuel pool, there are limited radiological consequences from postulated accidents at the nuclear power plant apart from the ISFSI and there are no applicable safety-related SSCs. Therefore, a potential failure due to CFSI in these facilities would not create a new or different risk from potential CFSI hazards.

3.2.2 Fuel Cycle Facilities For fuel cycle facilities, defense-in-depth is provided by design requirements and personnel response. An Integrated Safety Analysis (ISA) is conducted to assess the risk of events leading to an accident for fuel cycle facilities. The ISA assesses the failures of the various SSCs of the facilities that are relied on to minimize risk. Defense-in-depth is provided by management measures, QA requirements, procedures, training, and personnel response that are applied to items relied on for safety (IROFS) to ensure the items are available and reliable to perform their functions when needed. In the unlikely event a CFSI component was introduced into the one of the safety features at a fuel cycle facility, in most instances, multiple failures would have to be present because multiple IROFS would have to be breached before an accident could occur. In most cases, safety controls are also used as process controls, and an upset condition would cause a process disruption that licensee staff would easily recognize. Some fuel cycle facilities also have additional layers of design, although not credited as IROFS, that add further protection for upset conditions. The most significant accident of concern at a fuel cycle facility is an inadvertent criticality. An additional level of protection for a criticality accident sequence comes from the use of the double contingency principle.17 Additionally, if an event were to occur, plant policies and procedures are in place for personnel to recognize and react to an event to mitigate the consequences to workers and the public. Therefore, the staff concludes that the current NRC regulatory framework for ensuring sufficient defense-in-depth provides adequate protection against CFSI hazards to adequately mitigate any potential consequences.

17 As defined in 10 CFR 70.4, double contingency principle means that process designs should incorporate sufficient factors of safety to require at least two unlikely, independent, and concurrent changes in process conditions before a criticality accident is possible.

11

3.2.3 Radioactive Materials Transportation The regulatory framework established for ensuring sufficient defense-in-depth and safety margins for radioactive materials transportation provides reasonable assurance that CFSI hazards are adequately mitigated. Radioactive materials transportation packages must be designed, built, and maintained with sufficient defense-in-depth measures and adequate safety margins to prevent the loss of a safety function due to the failure of an ITS SSC. The design, operations, acceptance testing and maintenance evaluations for transportation packages assess the containment of radioactive materials, radiation shielding and subcriticality controls under normal conditions of transport and accident conditions. While these evaluations were not explicitly intended to address CFSI hazards, existing safety analyses provide assurance that these defense-in-depth measures and adequate safety margins ensure the safety of radioactive materials transportation packages in the presence of potential failures of ITS SSCs from CFSI concurrent with any accident conditions. Therefore, the staff concludes that the current NRC regulatory framework for ensuring sufficient defense-in-depth and safety margins provides adequate protection against CFSI hazards to mitigate any potential consequences.

3.2.4 Storage of Spent Fuel, High Level Waste, and Reactor-Related Greater-Than-Class-C Waste The regulatory framework established for ensuring sufficient defense-in-depth and safety margins for the storage of spent fuel, HLW, and reactor-related GTCC waste provides reasonable assurance that CFSI hazards are adequately mitigated. Storage systems for general licensees and specifically licensed ISFSIs must be designed, built, and maintained with sufficient defense-in-depth measures and adequate safety margins to prevent the loss of a safety function due to the failure of an ITS SSC. Design and operating procedure evaluations for storage systems and ISFSIs assess the confinement of spent fuel and fission products, radiation shielding and subcriticality controls under all credible normal, off-normal, and accident conditions including natural phenomena events. While these evaluations were not explicitly intended to address CFSI hazards, existing safety analyses provide assurance that these defense-in-depth measures and safety margins are adequate to ensure the safety of storage systems for spent fuel, HLW, and reactor-related GTCC waste in the presence of potential failures of ITS SSCs from CFSI concurrent with any accident conditions including natural phenomena events. Therefore, the staff concludes that the current NRC regulatory framework for ensuring sufficient defense-in-depth and safety margins provides adequate protection against CFSI hazards to mitigate any potential consequences.

3.2.5 Nuclear Materials Users Defense-in-depth measures for nuclear materials users are provided by design requirements, engineering controls, and personnel response. The staffs technical safety evaluation includes reviews of the primary components, safety features, and any design features that protect the product from abuse or tampering. The NRC requires that applicants and licensees manufacturing or distributing SSDs for use in commercial, industrial, research and development, academic, and medical applications demonstrate that the SSDs will maintain their integrity during normal use and likely accident conditions. The NRC reviews prototype testing of SSDs to ensure those SSDs and any safety features will perform as intended during normal and likely accident conditions.

12

Defense-in-depth measures are also provided by a licensees management mitigating actions and procedures, QA/QC requirements, operating and emergency procedures,18 and training and experience.19 These measures provide assurance that (1) SSDs perform their functions as intended, and that (2) radiation safety workers and authorized users of licensed material minimize the risk of radiation exposure to their workers and the public during normal and likely accident conditions.

If CFSI were introduced into an SSD, potential hazards are similar to normal and likely accident conditions that licensees already account for with safety features and operating and emergency procedures. In the end, the cause of an equipment failure, be it from CFSI, an accident, or some other mechanism, would not affect a licensees response. Materials licensees would respond to equipment failures or incidents caused by CFSI in the same manner as they would respond to any other incident or event with authorized components, sealed sources, or devices to ensure that unplanned exposures to workers, patients, or members the public remain as low as reasonably achievable. Introduction of a CFSI part or component into an SSD could result in increased probability of failure. However, the NRC and Agreement States have processes in place such as event evaluation and trending and analysis and Part 21 reporting to identify, assess, and communicate to the regulated community any increases in SSD failures due to CFSI.

Based on the review of existing and required defense-in-depth measures, the staff concludes that these measures appropriately mitigate potential CFSI hazards to SSDs used by nuclear materials users.

3.2.6 Uranium Recovery Facilities No specific defense-in-depth measures are required for uranium recovery facilities since accident scenarios assume complete failure of relevant equipment and structures. Therefore, adequate safety margins associated with these events already exist relevant to maximum public offsite exposure. In addition, after assessing inspection reports for uranium recovery facilities, the NRC staff did not find any evidence of CFSI.

3.3 Performance Monitoring and Oversight Verify Adequate Protection from CFSI Hazards 3.3.1 Reactor Facilities Performance monitoring and oversight provide confidence that potential failures from unattributed CFSI causes can be identified and mitigated by a licensee. Reactor facilities are 18 10 CFR 34.45, Operating and emergency procedures; 10 CFR 35.610, Safety procedures and instructions for remote afterloader units, teletherapy units, and gamma stereotactic radiosurgery units; 10 CFR 36.53, Operating and emergency procedures; and 10 CFR 39.63, Operating and emergency procedures.

19 10 CFR 34.43, Training; 10 CFR 35.490, Training for use of manual brachytherapy sources; 10 CFR 35.491, Training for ophthalmic use of strontium-90; 10 CFR 35.590, Training for use of sealed sources and medical devices for diagnosis; and 10 CFR 35.690, Training for use of remote afterloader units, teletherapy units, and gamma stereotactic radiosurgery units; additional training and experience requirements may be found in licensing guidance in10 CFR 35.1000, , Other medical uses of byproduct material or radiation from byproduct material .

13

under continuous performance monitoring. This is accomplished through both the reactor oversight process (ROP) and its associated inspection programs as well as other regulatory requirements. Specifically, the ROP baseline, reactive, and supplemental inspection programs are implemented as needed to address any licensee performance issues that may arise. The ROP is anchored in the NRC's mission to ensure public health and safety in the operation of commercial power plants, which always remain the NRC's overarching responsibility. The objective of the ROP is to monitor performance in three broad areas: 1) reactor safety (avoiding accidents and reducing the consequences of accidents if they occur) 2) radiation safety for both plant workers and the public during routine operations, and 3) protection of the plant against sabotage or other security threats. Numerous inspections focus on analyzing negative trends and identifying appropriate implementation of licensee corrective actions to address those issues. For example, inspection of a licensees problem identification and resolution, maintenance effectiveness, and surveillance testing are conducted on yearly and periodic bases. The results of inspection findings, licensee performance indicators, ongoing testing and maintenance programs and other NRC and industry monitoring programs provide evidence to conclude that there is reasonable assurance of adequate protection in this area. The staff concludes there are sufficient tools to measure and assess industry performance to provide reasonable assurance that the presence of CFSI can be mitigated under current performance monitoring strategies.

The NRC conducts regular inspections of licensees and suppliers20 of safety-related SSCs for reactor facilities. These inspections verify that (1) licensees meet the technical and quality requirements in the licensing bases of the reactor facilities, and (2) suppliers of safety-related SSCs meet the technical and quality requirements imposed by licensees through procurement documents. After assessing the data collected (e.g., recent licensee event reports, 10 CFR Part 21 reports, reactor facility initiating event trends, and inspection findings) through the oversight process, the staff did not find evidence of CFSI in safety-related SSCs for reactor facilities. The staff also confirmed with third-party organizations that provide oversight of safety-related SSC suppliers and collect data from reactor licensees that these organizations did not identify any CFSI in safety-related SSCs at reactor facilities. Further, based on reactor facility initiating event trends, the staff determined that there is no evidence that safety is challenged at these facilities from unattributed CFSI factors. Therefore, the staff concludes that the NRCs oversight processes are adequate to verify that licensees and suppliers of safety-related SSCs have implemented measures to mitigate CFSI hazards for reactor facilities.

Due to the limited potential for radiological consequences at decommissioning nuclear power plants with spent fuel in the pool, the staff determined that the oversight programs for these facilities appropriately mitigate the risk of CFSI hazards for these facilities. This conclusion is based on the staffs review of decommissioning reactor experience history, which confirmed that all relevant decommissioning accident/event scenarios have been analyzed and would not be altered by potential CFSI hazards. The staff determined that performance monitoring is not required for decommissioning nuclear power plants without spent fuel in the pool to address CFSI hazards.

20 The NRC conducts its inspection of suppliers in accordance with the NRCs Vendor Inspection Program Plan and the plans specific criteria for selecting suppliers for inspection.

14

3.3.2 Fuel Cycle Facilities Licensees of fuel cycle facilities must submit an annual facility change report as required by 10 CFR 70.72, Facility changes and change process. Fuel cycle facilities use an integrated safety review approach for all modifications of, or additions to, existing SSCs at their facilities.

This integrated review is conducted by the licensees various technical disciplines, including nuclear criticality safety, radiation safety, environmental protection, safeguards, fire safety, chemical/industrial safety, and other applicable health and safety experts when necessary. A key aspect of this review is a determination that the change is not prohibited by 10 CFR Part 70, Domestic Licensing of Special Nuclear Material; a license condition; or a governing order.

This review also determines whether NRC preapproval and license amendment changes are required before implementation. The NRC reviews and inspects the facility changes and the change management program at the fuel cycle facilities. In addition, the NRC conducts inspections of IROFS and their management measures as described above. Considering the effectiveness of the facility change process (the analysis required at the time new or modified components are typically introduced at a facility), in combination with the regular inspections of management measures associated with IROFS that can contribute to the identification and prevention of CFSI, the staff concludes there is reasonable assurance that the potential consequences of CFSI hazards are appropriately mitigated.

The NRC conducts regular inspections of licensees management measures, which include QA requirements. Licensees and suppliers must address any nonconformances, violations, or performance deficiencies, including those attributed to CFSI, identified through the NRC staffs inspections. Fuel cycle facility licensees enter deficiencies into their corrective action programs, which the NRC staff reviews to identify any negative trends that could adversely impact the safety and security of these licensed facilities. The staff searched the agencys event reporting database and identified no instances of CFSI for the fuel cycle facilities over the last ten years.

Therefore, the staff determined the available data reviewed do not support the existence of CFSI in SSCs that could adversely impact safety, and existing programs and processes implemented to prevent and mitigate the risk of CFSI in SSCs impacting safety are adequate.

The staff concludes that the NRCs oversight processes are adequate in verifying that licensees and suppliers of SSCs have implemented measures to mitigate CFSI hazards for fuel cycle facilities.

3.3.3 Spent Fuel Storage and Radioactive Materials Transportation The NRCs oversight processes for the QA program implementation activities of licensees under 10 CFR Part 71 and 10 CFR Part 72 and CoC holders that supply ITS SSCs for radioactive materials transportation or spent fuel storage, HLW, and reactor-related GTCC waste provide confidence that CFSI risk is appropriately mitigated through the established QA controls. The NRC conducts regular inspections of licensees and CoC holders that supply ITS SSCs. These inspections encompass both design and fabrication activities, to determine whether the licensees and CoC holders maintain controls and processes to ensure the spent fuel storage systems and radioactive materials transportation packages produced meet the approved design requirements.

The NRC inspections also verify that licensee and CoC holder QA programs are adequately implemented. Inspection activities include reviews of corrective action and nonconformance reports, identification of potential negative trends, and verification of appropriate implementation of corrective actions and processes. These inspections also verify that licensees and CoC holders (1) only use approved vendors for ITS SSCs that have the greatest impact on safety, 15

(2) perform regular audits and evaluations of their approved suppliers, and (3) have adequate commercial-grade dedication programs to ensure the use of high-quality products and services.

In combination, these inspection activities provide confidence that licensees and CoC holders have provisions to mitigate CFSI hazards. In addition, NRC inspections verify that licensees and CoC holders are identifying and placing potential 10 CFR Part 21 findings into their corrective action programs and appropriately evaluating them. Licensees and CoC holders must address any issues of concern, including those attributed to CFSI, identified through the staffs inspections.

After assessing data collected through the oversight process (e.g., nuclear materials event reports and 10 CFR Part 21 reports) the staff did not find evidence of CFSI in ITS SSCs or events that were a result of CFSI. For spent fuel storage, based on operational experience and the limited issues that have occurred with the performance of spent fuel storage systems currently in use, the staff determined that there is no evidence that spent fuel storage safety is challenged by unattributed CFSI factors. For radioactive materials transportation, based on operational experience, including a review of the nuclear material event reports related to shipments of radioactive material in NRC-approved packages, the staff determined that there is no evidence that unattributed CFSI factors challenged radioactive materials transportation safety. The staff continues to evaluate event trends and will promptly communicate any generic findings to licensees and CoC holders. Therefore, the staff concludes that the NRCs oversight processes are adequate in verifying that licensees and CoC holders that supply ITS SSCs have implemented measures to mitigate CFSI hazards for spent fuel storage and radioactive materials transportation.

3.3.4 Nuclear Materials Users The staff performs periodic inspections of byproduct and source material licensees and works with the Agreement States and the FDA on CFSI. During inspections of nuclear materials users, the staff verifies that any SSDs conform to the conditions of the license and to the specifications in the SSD registration certificate. In addition, the staff verifies that licensees implement their QC programs in accordance with commitments made in their license or in the SSD registration certificate. Inspectors also verify that licensees are aware of the requirements contained in 10 CFR Part 21 and have procedures in place for reporting defects and certain equipment failures, and that licensees identify and place potential 10 CFR Part 21 findings into their corrective action programs.21 Inspectors also verify that the facility management implements the requirements for notifying the NRC of defects or other radiation safety equipment malfunctions.22 In response to events and incidents involving licensed material, NRC and Agreement State inspectors perform reactive inspections, as appropriate. Inspectors analyze the sequence of events and conditions at the time of an event, the root causes, including any failure by the licensees to adhere to or implement their operating and emergency procedures, and any corrective actions taken in response to the event to prevent reoccurrence. Any events or 21 Inspection Manual Chapter 2800, Materials Inspection Program, March 2, 2020 (ADAMS Accession No. ML20031D677).

22 Inspection Procedures (Ips) 87121 through IP 87127 and IP 87130 through IP 87134 (https://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html).

16

incidents caused by CFSI would be evaluated in accordance with current program requirements.

The NRC and Agreement States radiation control programs are periodically reviewed through the Integrated Materials Performance Evaluation Program. As part of this periodic program review, the staff reviews the technical quality of incident and allegations activities23 for each radiation control program. For Agreement States with SSD Programs, the staff also reviews the States evaluation of defects and incidents involving SSDs. Agreement States are also required to report to the NRC any nuclear materials events and incidents that are reported to them.24 The staff reviewed the current materials oversight program elements and determined that the periodic inspection of byproduct and some source material licensees verifies that licensees have measures in place that provide reasonable assurance that any potential hazards from CFSI are appropriately mitigated.

3.3.5 Uranium Recovery Facilities After assessing inspection reports for uranium recovery facilities, the NRC staff did not find any evidence of CFSI. Uranium recovery licensees continuously monitor for impacts from their operations on site as well as off site; however, they perform no specific performance monitoring for CFSI hazards. Typical actions taken in response to off-normal events are adequate to maintain public exposures within regulatory limits. These actions include radiological surveys and event reporting in accordance with NRC regulations and license requirements. Given the low overall risks, the staff determined that there is reasonable assurance that any potential hazards from CFSI are appropriately mitigated.

The staff reviewed the current uranium recovery oversight program elements and determined that the periodic inspection of licensed facilities verifies that licensees have measures in place that provide reasonable assurance that any potential hazards from CFSI are appropriately mitigated.

3.4 Cyber Security Regulatory Framework Ensures Supply Chain Integrity of Critical Digital Assets Requirements in 10 CFR 73.54, Protection of digital computer and communication systems and networks, provide high assurance that digital computer and communication systems and networks at nuclear power plants are adequately protected against cyber attacks. RG 5.71, Cyber Security Programs for Nuclear Facilities, issued January 2010, 25 discusses an acceptable approach for supply chain protection measures to maintain the integrity of the critical digital assets acquired by licensees. Criteria listed in the RG are directly applicable to the prevention or detection of CFSI that could be introduced through a supply chain pathway.

23 See State Agreements Procedure SA-105, Reviewing the Common Performance Indicator, Technical Quality of Incident and Allegation Activities, dated September 15, 2020 (ADAMS Accession No. ML20196L417) 24 See State Agreements Procedure SA-300, Reporting Material Events, dated March 27, 2013 (ADAMS Accession No. ML13053A346) 25 ADAMS Accession No. ML090340159 17

Furthermore, power reactor licensees are required to submit for approval cyber security plans that conform to NRC requirements, and they typically do so using NEI 08-09, Revision 6, Cyber Security Plan for Nuclear Power Reactors, issued April 2010. 26 NEI 08-09 documents supply chain protection measures that are equivalent to those specified in RG 5.71. This guidance includes cyber security controls to protect the critical digital assets against supply chain threats by ensuring the establishment of trusted distribution paths, validation of vendors, and requirements for tamper proof products or tamper evident seals on acquired products.

The staff inspects power reactor licensees cyber security plans, and implementation of those plans, to ensure that they adequately protect against the potential introduction of cyber-related CFSI when acquiring critical digital assets. The staff completed full implementation (Milestone 8) inspections of all operating reactors in 2021, with no safety-significant findings related to CFSI-related security controls.

Fuel cycle facilities have limited cyber security requirements in 10 CFR Part 73, Physical Protection of Plants and Materials; 10 CFR Part 95, Facility Security Clearance and Safeguarding of National Security Information and Restricted Data; and the Interim Compensatory Measure Orders issued in 2002 and 2003. Other than for digital systems that process classified information (i.e., Category I fuel cycle facility and Category III fuel cycle facility enrichment licensees), there are currently no cyber security requirements for CFSI protection at fuel cycle facilities. The authorizing officials for classified networks, the Naval Nuclear Propulsion Program in the National Nuclear Security Administration (i.e., for classified systems at Category I fuel cycle facilities) and the NRC (i.e., for classified systems at Category III fuel cycle facility enrichment licensees), have established cyber security controls that align with the guidance in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, including controls that mitigate CFSI risks. The NRC staff provided the Commission with a proposed rule for cyber security at fuel cycle facilities through SECY 0099, Proposed RuleCyber Security at Fuel Cycle Facilities (RIN 3150-AJ64; NRC-2015-0179), dated October 4, 2017.27 As part of that rulemaking effort, the NRC staff developed a draft regulatory guide, (DG-5062), Cyber Security Programs for Nuclear Fuel Cycle Facilities, issued May 2015,28 which contains cyber security controls that align with the guidance in NIST SP 800-53, including controls that would mitigate CFSI risks.

The NRC formed a joint NRC/Agreement State working group in 2013 to evaluate the need for cyber security-related regulatory requirements, guidance, or both for materials licensees that possess risk-significant quantities of radioactive material.29 In its 2017 evaluation, the Byproduct Materials Cyber Security Working Group concluded that the current cyber security threat faced by licensees of risk-significant radioactive materials did not warrant developing new regulations to protect their material against cyber security threats.30 In response to a working 26 ADAMS Accession No. ML101180437 27 ADAMS Accession No. ML17018A218 28 ADAMS Accession No. ML17145A340 29 Risk-significant quantities of radioactive material are defined as those meeting the thresholds for Category 1 and Category 2 as included in Appendix A of 10 CFR Part 37.

30 https://www.nrc.gov/security/byproduct/cyber-security-radioactive-byproduct-materials-licensees.html 18

group recommendation, the NRC published Information Notice (IN) 2019-04, Effective Cyber Security Practices to Protect Digital Assets of Byproduct Materials Licensees, dated August 14, 2019,31 to communicate effective practices for cyber security to licensees with risk-significant radioactive materials.

Similar to QA, NRC cyber security requirements, including those specifically addressing CFSI and supply chain attacks, are commensurate with the inherent nuclear safety and security risks associated with different types of licensees and facilities. Moreover, the NRC continues to monitor evolving cyber security threats related to potential CFSI and to share effective practices, as well as to coordinate outreach efforts with Federal and State partners and stakeholders.

Ongoing communication, coordination, and outreach efforts between the NRC and external stakeholders ensure that any potential CFSI hazards with respect to digital assets and cyber security are adequately mitigated.

3.5 Measures Are Adequate to Evaluate CFSI Events 3.5.1 Reactor and Fuel Cycle Facilities, Spent Fuel Storage, and Radioactive Materials Transportation A comprehensive and systematic process for evaluating CFSI events provides assurance that any known CFSI risks applicable to these facilities and activities are identified, communicated, and mitigated. The staff assessed the current process for collecting information on CFSI events, evaluating these events for applicability to NRC-regulated activities, communicating any applicable information from the evaluation to stakeholders, and developing recommended actions to address any identified CFSI risk. The staff determined that the Technical Review Group (TRG), established for evaluating CFSI events, has documented processes for performing these functions. Additionally, an agencywide CFSI steering committee, comprising of executive level representatives from each program office, the Office of International Programs, the Office of the General Counsel, and the Office of Investigations (OI), provides direction and guidance to the TRG where necessary. Specifically, the TRG receives information on potential CFSI events through the following:

reviews of licensee event reports under the various reporting requirements described above evaluation potential allegations reported to the NRC monitoring of intelligence traffic and open source reporting periodic exchanges with Federal agencies, industry, international counterparts, and other external organizations The TRG reviews this information for application to NRC regulated entities and provides recommended actions, as applicable, such as the development of generic communication, referrals to perform followup, and coordination with internal stakeholders for cross-cutting issues.

31 ADAMS Accession No. ML18044A350 19

The staff recognizes that although the TRG processes are documented, they are not well communicated with those not directly supporting TRG functions. The documentation could also be enhanced to include additional details on interfaces with other NRC programs (e.g.,

international programs, reactor and vendor inspection programs, cyber security inspection programs), to support the collection of CFSI event information, communication mechanisms with applicable stakeholders, and actions to verify the implementation of recommended actions.

These enhancements to the TRGs processes are encompassed by the planned actions developed in response to OIG-22-A-06 and are consistent with the goals of mitigating risk from CFSI hazards set forth in this assessment. Therefore, the staff concludes that the planned actions developed in response to the OIG-22-A-06 audit report would be sufficient to address these observations.

3.5.2 Nuclear Materials Users and Uranium Recovery Facilities The staff assessed data collected from nuclear materials event reports and 10 CFR Part 21 reports and did not find evidence of CFSI in SSDs, evidence that events at materials facilities that were a result of CFSI, or evidence that CFSI introduced any unknown challenges to nuclear materials users safety. The reporting requirements and associated processes for evaluating reports, events, and incidents for nuclear materials users provide assurance that any CFSI-related events or incidents would be identified, assessed, and promptly communicated to the regulated community. Licensees must report any equipment failure in accordance with 10 CFR 30.50, Reporting Requirements,32 and this information is collected and maintained in the Nuclear Material Events Database (NMED). Additional requirements for report notifications apply to different nuclear materials modalities.33 The staff continuously evaluates the event reports, as well as any potential allegations, received from NRC and Agreement State licensees involving SSDs containing byproduct material.

Analysis and trending groups review, analyze, and trend reportable events and communicate with regional and Agreement State staff to recommend any followup actions, gather more information once reactive inspections have been conducted to understand root causes and any generic implications, develop generic communications as appropriate, and coordinate with other Federal and State regulators on cross-cutting issues. In addition, the NRC staff and the Advisory Committee on the Medical Uses of Isotopes evaluate medical events on an annual basis and communicate their evaluations to the public. The staff continues to evaluate event trends and promptly communicate any generic findings to licensees and to the Agreement States. The NRC staff has evaluated failures associated with equipment and structures at uranium recovery facilities. No unanalyzed hazards associated with CFSI have been identified.

In addition, the NRCs Allegations Program provides a pathway for concerned individuals to report instances of wrongdoing related to NRC-regulated activities and offers another layer to 32 The regulations in 10 CFR 30.50, Reporting requirements, require licensees to notify the NRC via telephone, written report, or both, after discovery of an event involving licensed material. This reporting requirement applies to all holders of licenses under 10 CFR Parts 31 to 39.

33 10 CFR 34.101, Notifications; 10 CFR 35.3045, Report and notification of a medical event.; 10 CFR 36.83, Reports; 10 CFR 39.77, Notification of incidents and lost sources; abandoned procedures for irretrievable sources.

Additional reporting requirements may be found in 10 CFR 35.1000 licensing guidance.

20

the already defined defense-in-depth measures. To date, the staff has not received any reports of allegations related to CFSI and nuclear materials users.

After evaluating current reporting requirements and related event evaluations, the staff determined that the current event evaluation program appropriately contributes to the mitigation of the potential consequences of an event caused by CFSI. Even if unidentified CFSI were introduced, defense in depth is sufficient to mitigate any unplanned exposures to the personnel or members of the public.

3.6 CFSI Guidance Development, Training, and Outreach Agency CFSI guidance development, training, and outreach are important factors in ensuring that internal and external stakeholders understand the risk posed by CFSI and implement appropriate measures to prevent, identify, and mitigate CFSI hazards. The staff assessed current NRC CFSI guidance, the availability of internal and external CFSI training, and outreach activities performed. The results of this assessment are documented below.

3.6.1 CFSI Guidance 3.6.1.1 Reactor and Fuel cycle facilities, Spent Fuel Storage, and Radioactive Materials Transportation Consistent with the action items described in SECY-15-0003, the staff engaged with third-party organizations to develop guidance34 for mitigating the risk of CFSI and issued several generic communications35 to enhance industry awareness of CFSI risks. While the NRC does not yet have a formal definition of CFSI, the above-mentioned third-party organization guidance does include a definition for CFSI. As encompassed by the planned actions developed in response to the OIG-22-A-06 audit report, the staff recommends formalizing this definition for CFSI in NRC guidance documents such that it can be applied consistently by internal and external stakeholders.

The staff assessed the guidance available to the staff for providing oversight related to CFSI at reactor and vendor facilities and determined that vendor inspection procedures included inspection guidance for CFSI in accordance with the action items in SECY-15-0003. However, the staff did not identify comparable guidance in the baseline inspection procedures for reactor facilities. Therefore, the staff recommends including specific guidance on CFSI in inspection procedures for reactor facilities, including for those under construction. The staff also assessed the guidance available to staff for performing oversight related to CFSI for 10 CFR Part 71 CoC holders and 10 CFR Part 72 licensees and CoC holders with consideration of the action items in SECY-15-0003. Based on the evaluation of these action items in 2021, the staff determined 34 The NRC staff reviewed and provided feedback (ADAMS Accession No. ML14104A738) on EPRI Technical Report 3002002276: Plant Support Engineering: Counterfeit and Fraudulent Items - Mitigating the Increasing Risk, October 2013 (ADAMS Accession No. ML13301A634).

35 IN 2018-11, Supplement 1, Quality Assurance Record Falsification at Kobe Steel and Other International Vendors, December 1, 2020 (ADAMS Accession No. ML19357A138); Regulatory Information Summary (RIS) 2015-08, Oversight of Counterfeit Fraudulent and Suspect Items in Nuclear Industry, June 24, 2015 (ADAMS Accession No. ML15008A191) 21

that the applicable inspection procedures for 10 CFR Part 71 CoC holders and 10 CFR Part 72 licensees and CoC holders should be enhanced with specific guidance on CFSI. This activity has already been captured as an action item in the applicable inspection procedure maintenance database to complete during the next routine update. These enhancements to inspection procedures are encompassed by the planned actions developed in response to the OIG-22-A-06 audit report.

At the present time, one fuel cycle facility licensee, Urenco USA, has committed to implementing an ASME NQA-1 program for its quality controls. As such, this facility follows procurement and vendor requirements similar to those at reactor facilities. The staff assessed the guidance available to the inspection staff for providing oversight of CFSI at Urenco USA and did not identify comparable guidance in the baseline inspection procedures. Therefore, the staff recommends including specific guidance on CFSI in inspection procedures for fuel facilities that have committed to portions of NQA-1 in their QA program. These enhancements to inspection procedures are encompassed by the planned actions developed in response to the OIG-22-A-06 audit report.

3.6.1.2 Nuclear Materials Users and Uranium Recovery Facilities Current inspection guidance directs the staff to review a licensees QA/QC programs and to verify that the SSDs in its possession are acquired from licensed vendors and that these SSDs are registered or evaluated, as appropriate. Inspectors also routinely access National Source Tracking System data before an inspection to ensure appropriate tracking of Category 1 and 2 sources. In addition, as previously indicated, available guidance ensures that the staff reviews any 10 CFR Part 21 reports and discuss with licensees the appropriateness of 10 CFR Part 21 reporting as part of normal operations and appropriate event response.

In March 2013, the staff issued RIS 2013-01, Use of Aftermarket Sealed Sources Registered under 10 CFR 32.210.36 In the RIS, the staff provided guidance on the use of replacement sealed sources that might be equivalent to original sources but are not supplied by the manufacturer or distributor of the device and are not identified in the devices registration certificate. The staff also clarified that devices containing sealed sources may only be serviced by an NRC or Agreement State-licensed service provider, which is a condition of a device holders radioactive materials license. In addition, the staff provided specific guidance in NUREG-1556, Volume 3, Revision 2, for SSD registration certificate holders to report defects or noncompliance as required by 10 CFR Part 21. The other volumes of NUREG-1556 provide similar guidance 10 CFR Part 21 requirements for other modalities.

The use of CFSI at uranium recovery facilities does not present a safety concern because these facilities do not have safety-related SSCs; the NRC is not recommending any changes to current guidance, training, or outreach. Nevertheless, if CFSI was determined to be an issue at these facilities, the NRC would revisit whether additional guidance, training, or outreach would be needed.

36 ADAMS Accession No. ML12313A147 22

As a result of these assessments, the staff determined that no additional guidance or outreach is necessary to provide reasonable assurance that CFSI hazards are mitigated appropriately by nuclear materials users and uranium recovery facilities.

3.6.2 CFSI Awareness and Training The staff issued IN 2012-22, Counterfeit, Fraudulent, Suspect Item (CFSI) Training Offerings, on January 25, 2013, to inform addressees of some external entities that offer training on how to detect potential CFSI that may enter the supply chain. In 2019, the staff updated Table 1 in this IN to reflect the latest training.37 In 2021, the staff reevaluated the training and outreach needs both within the agency as well as for industry stakeholders. From this reevaluation, the staff determined that while licensees and suppliers of safety-related SSCs are informed of CFSI risks from previous interactions with industry stakeholders, suppliers from the advanced reactor community should be made cognizant of the risks posed by CFSI and available guidance to address these risks. As such, the staff conducted awareness training38 during an advanced reactor workshop. With respect to industry stakeholders involved in spent fuel storage and radioactive materials transportation, the staff determined that no specific outreach is currently being performed for CoC holders that supply ITS SSCs for spent fuel storage or radioactive materials transportation packages. The staff recommends performing such outreach during regular industry meetings to ensure suppliers are kept aware of the latest information on the risks posed by CFSI and the available guidance to address these risks.

As part of the staffs reevaluation of the action items in SECY-15-0003 conducted in 2021, the staff assessed the availability of internal CFSI training for the NRC staff and determined that while CFSI awareness and knowledge management sessions were offered in previous years, the NRC has experienced significant staff turnover since that time. Therefore, the staff recommends enhancements to strengthen the current knowledge and awareness of CFSI risks.

The staff identified two venues for achieving this goal: (1) conducting CFSI awareness training during ROP knowledge management sessions and inspector counterpart meetings, on an as-needed basis, and (2) incorporating CFSI training topics in qualification activities for inspectors and regional staff. These recommendations are encompassed by the planned actions developed in response to the OIG-22-A-06 audit report and are consistent with the goals of mitigating risk from CFSI hazards set forth in this assessment.

While not directly related to oversight of CFSI, the staff recommends strengthening awareness of the reporting requirements under 10 CFR Part 21 and 10 CFR 50.72, 10 CFR 50.73, 10 CFR 71.95, 10 CFR 72.75 and 10 CFR 72.242 for power reactor and spent fuel storage and transportation inspectors and NRC regional staff. The staff recommends implementing this action during ROP knowledge management sessions or inspector counterpart meetings, on an as-needed basis. This recommendation addresses some of the concerns raised in the OIG special inquiry report related to NRC inspectors understanding of 10 CFR Part 21 requirements.

Since decommissioning nuclear power plants do not have safety-related SSCs that require quality components after all fuel has been removed from the spent fuel pool, the staff 37 ADAMS Accession No. ML19017A117.

38 Advanced Reactor Stakeholder Public Meeting, November 10, 2021 (ADAMS Accession No. ML21312A055) 23

determined that no changes to current guidance, training, or outreach are needed as any potential CFSI would not adversely affect the safety of the facility.

3.6.3 Outreach Activities with Other Federal Agencies and International Counterparts The staff assessed the NRCs interactions with external stakeholders to determine whether those interactions are sufficient engagement to communicate information related to CFSI. OI currently maintains its longstanding partnership with the National Intellectual Property Rights Center (IPRC). The IPRC uses the expertise of its multiple member Federal and international government agencies as well as private sector partners to share information, develop initiatives, coordinate enforcement actions, and conduct investigations related to counterfeiting around the world. In addition to participation with the IPRC, OI maintains ongoing collaborative relationships through the NRC OI regional field offices with various external Federal agencies, including the Federal Bureau of Investigation, U.S. Environmental Protection Agency, U.S.

Department of Commerce, Tennessee Valley Authority OIG, and the U.S. Department of Energy. OI is increasing its outreach and coalition building among Federal partners through periodic liaison exchanges where CFSI topics are specifically discussed.

The staff regularly coordinates with international counterparts to exchange relevant information related to CFSI. This includes participation in the Nuclear Energy Agencys Committee on Nuclear Regulatory Activities Working Group on Operating Experience (WGOE), Vendor Inspection and Cooperation Working Group (VICWG), and Working Group on Inspection Practices. The WGOE and VICWG have developed protocols for sharing nuclear-related CFSI information with member countries. The CFSI TRG evaluates the information shared through these working groups for applicability to NRC regulated entities.

Additionally, the NRC staff maintains awareness of CFSI threats and associated efforts to prevent or mitigate their risk through outreach with Federal government partners. For example, representatives from the Office of Nuclear Security and Incident Response (NSIR) participate in two groups led by the U.S. Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency: the Nuclear Reactors, Materials and Waste Government Coordinating Council, and the Information and Communications Technology Supply Chain Risk Management Task Force. Also, NSIR representatives monitor the development of the U.S. Department of Defenses Cybersecurity Maturity Model Certification, which is a framework to protect the defense industrial base from cyber attacks including those associated with supply chain threats against the defense industrial base. Therefore, the staff concludes that the outreach activities performed provide adequate assurance that information related to CFSI is exchanged with stakeholders in a timely manner. The staffs actions in response to OIG-22-A-06 will facilitate dissemination of information exchanged during outreach activities with internal stakeholders.

The NRC maintains open communications with Agreement States through the National Materials Program. The agency also has a memorandum of understanding with the FDA, which allows the agencies to share information in a more open and collaborative manner. The NRC and the FDA routinely communicate on issues related to drug and device products.

3.6.4 Considerations of Approaches Used by Other Federal Agencies and International Counterparts to Address CFSI Risks The OIG special inquiry report identified policies from the U.S. Department of Energy and U.S.

Department of Defense that address CFSI risks through procurement requirements. The staff 24

determined that while these policies are appropriate for addressing CFSI risks for these two Federal agencies as end users of acquired products and services, these policies would not be applicable to the NRC as a regulatory body. Therefore, the staff recommends additional engagements with other Federal agencies that perform regulatory oversight of safety critical industries (e.g., FDA, FAA) and with international regulatory counterparts to assess approaches adopted by these entities to prevent or mitigate CFSI risks and determine the applicability of any insights gained from the assessment to the NRCs approach for oversight of CFSI.

4 Conclusions The staff assessed the NRCs oversight related to CFSI that could be introduced into NRC-regulated facilities, devices, or activities. The staff used a safety case approach to systematically assess the risk posed by CFSI, which allowed the staff to determine whether the current regulatory framework is adequate to prevent or mitigate risks posed by CFSI hazards while accounting for the different bounding conditions at each type of entity, (i.e., licensing bases, oversight, and risk profile). The staff applied a consistent approach for the reactor-related facilities and activities (reactors facilities, including decommissioning reactors, fuel cycle facilities, and spent fuel storage and radioactive materials transportation), and nuclear materials-related facilities and activities (nuclear materials users, uranium recovery, and materials decommissioning). The results of the staffs assessment are summarized below.

The staff had the following conclusions:

The current regulatory framework provides reasonable assurance that CFSI hazards are prevented or mitigated and ensures adequate QA controls are established by (1) licensees of reactor and fuel cycle facilities, (2) ISFSI licensees and radioactive materials transportation licensees, (3) suppliers of SSCs for reactor facilities and CoC holders or suppliers of ITS SSCs for spent fuel storage systems and radioactive materials transportation packages, and (4) nuclear materials users.

Decommissioning nuclear power plants with storage of spent fuel in the fuel pool have hazards that are bounded by those for operating reactors, and a such have appropriate controls in place (i.e., QA requirements in Appendix B to 10 CFR Part 50) to identify and mitigate CFSI.

Regulations and regulatory guidance for defect reporting provide adequate coverage of defects that could be attributed to CFSI.

Defense-in-depth measures and safety margins provide adequate protection to mitigate CFSI hazards.

Sufficient tools exist to measure and assess industry performance to provide reasonable assurance that the presence of CFSI is mitigated under current performance monitoring strategies and oversight processes.

Event evaluation program elements provide high confidence that any events involving CFSI are appropriately identified.

Current regulations, guidance, and oversight for nuclear power reactor cyber security provide assurance that controls are adequate for ensuring supply chain integrity of critical digital assets.

25

Expanding CFSI programs is not necessary at this time, and current regulatory requirements, oversight programs, and outreach and communications appropriately mitigate risks posed by the introduction of CFSI into materials facilities.

In summary, the staff concludes that changes to current NRC regulations to mitigate risks posed by CFSI hazards to reactor-related and materials-related facilities and licensees and activities are not required.

The OIG reports reflected that there are opportunities for the agency to make incremental improvements to the implementation of existing programs and processes in some areas. Most of these proposed improvements are encompassed by the awareness and communication actions already planned and underway in the response to OIG-22-A-06.

In concert with the staffs actions in response to OIG-22-A-06, the staff plans to:

1. Strengthen awareness of the reporting requirements under 10 CFR Part 21, 10 CFR 50.72, 10 CFR 50.73, 10 CFR 71.95, 10 CFR 72.75, and 10 CFR 72.242 for NRC regional staff and inspectors. This recommendation addresses some of the concerns raised in the OIG special inquiry report related to NRC inspectors understanding of 10 CFR Part 21 requirements and will be implemented during knowledge management sessions or counterpart meetings, on an as-needed basis.

2. Perform outreach during regular industry meetings with vendors of spent fuel storage systems and radioactive materials transportation packages to ensure suppliers are kept aware of the latest information on the risks posed by CFSI and the available guidance to address these risks.

3. Engage with other Federal agencies that perform regulatory oversight of safety critical industries (e.g., FDA, FAA) and with international regulatory counterparts to assess approaches adopted by these agencies and counterparts to prevent or mitigate CFSI risks among their regulated entities and determine the applicability of any insights gained from the assessment to the NRCs approach for oversight related to CFSI.

26

Review of Allegations Concerns Raised in OIG Special Inquiry The purpose of the U.S. Nuclear Regulatory Commissions (NRCs) Allegation Program is to evaluate and respond to concerns from external sources about issues associated with NRC-regulated activity. The agency outlines allegation handling requirements in Management Directive (MD) 8.8, Management of Allegations, dated January 29, 2016.39 MD 8.8 defines the concerns that fall under the program as those that involve a declaration, statement, or assertion of impropriety or inadequacy associated with NRC-regulated activity, the validity of which has not been established. Because anyone working at the agency could receive an allegation, employees and contractors are trained to recognize an allegation by comparing the incoming information to these three basic criteria:

Does the information involve an asserted inadequacy or impropriety?

Is the issue associated in some way with an NRC-regulated activity?

Is the NRC already aware of the validity of the concern?

If employees or contractors believe the information meets or may meet this definition, they are instructed to promptly send the information to the allegation staff. If the concern meets the definition of an allegation, the allegation staff arranges an Allegation Review Board (ARB) to assign actions for followup to responsible staff. Guidance provided in the publicly available Allegation Manual, dated December 22, 2016,40 suggests the staff can consult with the allegation staff but does not require it. If the determination is made that the concern does not meet the criteria above, the issue is handled outside of the Allegation Program, sometimes by the same staff who would have been assigned the followup actions by an ARB, but sometimes to others, such as the Office of Public Affairs. Other NRC programs and processes also exist for addressing public input and concerns, including but not limited to requests for enforcement action, under Title 10 of the Code of Federal Regulations (10 CFR) 2.206, Requests for action under this subpart; requests for inspections under 10 CFR 19.16, Requests by workers for inspections; congressional inquiries, and contentions related to adjudication, that initiate different formal handling requirements.

OIG Issue 1: The NRC Did Not Process Allegations Office of the Inspector General (OIG) Case No.20-022, Special Inquiry into Counterfeit, Fraudulent, and Suspect Items in Operating Nuclear Power Plants, dated February 9, 2022,41 noted that issues raised by a concerned individual (CI) over the past 10 years were found to not meet the definition of an allegation. The Agency Allegation Advisor (AAA) in the Office of Enforcement (OE) reviewed records in ADAMS associated with the named reactor site to ascertain whether the issues should have been handled within the Allegation Program, contrary to the staffs actions. The OIG referenced an NRC response to the CI dated February 12, 2014, which in turn referenced a December 2013 public meeting concerning concrete degradation at 39 ADAMS Accession No. ML15344A045 40 ADAMS Accession No. ML17003A227 41 ADAMS Accession No. ML22040A111 Enclosure 2

Seabrook Station. During that meeting, the CI publicly raised concerns and afterwards provided a packet describing those concerns to the NRC staff.

A review of that information found no new issues, but rather references to the generic issue of counterfeit parts and the efforts by the NRC and industry to address it. The information did not contain any new specific concerns related to counterfeit or substandard parts, nor did it identify that such parts were related to the NRCs regulated activity. Consistent with normal processes, in order to determine whether the concerns were new and within the NRCs purview, the NRC staff responded to the CI and requested additional information so that the NRC could take actions to investigate, as appropriate. Absent additional information from the CI, the staff appropriately categorized the concerns as nonallegations in accordance with the MD. With regard to welding concerns associated with new plants under construction, the staff similarly requested additional information needed to determine whether the CI was referring to new issues or ones that were known and already addressed. The NRC previously inspected welding activities at these sites, as well as the modular assembly facility, and took regulatory actions related to deficient welds. Without more specific information about the CIs concern, there was nothing new for the NRC to address. Nonetheless, regional personnel continued to engage the CI and replied to multiple letters, phone calls, and e-mails. The AAAs review of incoming letters and e-mails and the staffs responses to each supports the regions determination that the concerns were not allegations and not subject to the handling requirements of MD 8.8.

It is not unusual for management to assign one individual to coordinate the agencys interactions with a CI, especially when the CI reaches out to multiple offices within the agency.

It is both efficient and responsible for management to assign such a point of contact, and the CI in this case was very complimentary of the regional person so appointed. Furthermore, management concurred on each responsive letter written by the NRC staff.

Although the Allegation Management System (AMS) has not previously identified counterfeit, fraudulent, and suspect items (CFSI) as a separate category for tracking, the staff can easily search the data for related references (e.g., counterfeit, fraudulent, CFSI). Doing so yields very few CFSI issues over the last 10 years. Additionally, the staff continually monitors all allegations for trends potentially necessitating NRC and licensee attention and the allegation team meets monthly to discuss items of significance or interest. The OE AAA performs an annual review of allegation concerns to identify trends. Therefore, trends in CFSI concerns, whether labeled that way or not, are identified. Nonetheless, the staffs planned actions developed in response to the OIG-22-A-06 audit report to clarify the definition of CFSI, clarify roles and responsibilities, enhance communication and outreach developed in response, and add a CFSI category will further improve the consistency of information entered into the allegations process and the proper identification of potential CFSI issues, making existing trending efforts even more likely to successfully identify any emerging trends with CFSI.

In summary, OE concludes that the allegation process is robust, the concerns raised were appropriately handled as nonallegations, the staff was responsive to the concerned individual, and changes to AMS will enhance the tracking and trending of CFSI concerns.

OIG Issue 2: The NRCs Allegation-Related Publications Guidance on what the allegation program does and does not address is publicly available on the NRCs allegation program Web page (https://www.nrc.gov/about-nrc/regulatory/allegations/safety-concern.html), which can be reached using the prominent Report a Safety Concern button at the top of the NRCs home page. Nonetheless, the OIG 2

assessment does identify an opportunity to more clearly describe for the public how concerns that fall outside the allegation process are handled. Therefore, OE will work with the internal stakeholders to consider enhancing that information on the public Web page, as well as other program documents (such as NUREG/BR-0240, etc.).

3