ML22112A139
| ML22112A139 | |
| Person / Time | |
|---|---|
| Issue date: | 05/20/2022 |
| From: | Michele Sampson NRC/NSIR/DPCP/CSB |
| To: | Gross W Nuclear Energy Institute |
| Yip B | |
| References | |
| NEI 13-10 | |
| Download: ML22112A139 (3) | |
Text
May 20, 2022 William R. Gross, Director, Incident Preparedness Nuclear Energy Institute 1201 F Street, NW, Suite 1100 Washington, DC 20004
SUBJECT:
NRC REVIEW OF NEI 13-10, CYBER SECURITY CONTROL ASSESSMENTS, REVISION 7
Dear Mr. Gross:
In your letter dated October 29, 2021, you requested that the U.S. Nuclear Regulatory Commission (NRC) staff review and endorse the Nuclear Energy Institutes (NEIs) guidance document NEI 13-10, Cyber Security Control Assessments, Revision 7, dated October 2021 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML21342A203). The NEI submitted this revision following NRC acceptance of a series of white papers proposing revisions to NEI 13-10, Revision 6, and NEI 10-04, Identifying Systems and Assets Subject to the Cyber Security Rule, Revision 2, in the areas of safety (ML20199M368), balance of plant (ML20205L604), security (ML21155A216), and emergency preparedness (ML20126G492). The technical and regulatory bases for the changes, and limitations to the applicability and scope of the guidance are described in the Discussion and Compliance with Regulatory Requirements sections of the white papers.
The staff completed its review of NEI 13-10, Revision 7, using NRC regulations, regulatory guidance, and relevant industry guidance acceptable for use by licensees in meeting the requirements of Title 10 of the Code of Federal Regulations 73.54, Protection of digital computer and communication systems and networks. Based on this review, the staff concludes that NEI 13-10, Revision 7, in its entirety, is acceptable for use by licensees to address the security controls in their cyber security plans. The staff plans to note its acceptance of NEI 13-10, Revision 7, in its anticipated revision to Regulatory Guide 5.71, Cyber Security Programs for Nuclear Power Reactors. The NRCs finding that NEI 13-10, Revision 7 is acceptable for use is a rule as defined in the Congressional Review Act (5 U.S.C. 801--808). However, the Office of Management and Budget has not found it to be a major rule as defined in the Congressional Review Act.
W. Gross Please contact Mr. Duane White at (301) 287-3627 if you have any questions.
Sincerely, Signed by Sampson, Michele on 05/20/22 Michele Sampson, Director Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response
ML22112A139 NMSS/MSST OGC/GCRPS OFFICE NSIR/DPCP/CSB NSIR/DPCP/RSB
/MSEB /HLWFCNS/NLO ELee NAME DWhite DW JMaltese JM MSampson MS BYip for BY DATE Apr 22, 2022 Apr 25, 2022 Apr 25, 2022 May 20, 2022