Text

1

NRCCUIInformationSharingAgreement 1.PurposeandBackground.ThepurposeofthisAgreementistoestablishaframeworkbetween

[NonFederalEntity]andtheU.S.NuclearRegulatoryCommission(NRC)(collectivelyreferredtoas theParties),toenabletheNRCtoshareControlledUnclassifiedInformation(CUI)consistentwith Title32oftheCodeofFederalRegulations(32CFR)§2002.16(a)(5),whichstatesthatFederalagencies shouldenterintoformalwrittenagreementspriortosharingCUIwithnonexecutivebranchentities.

ThisAgreementsetsforthsafeguarding,access,anddisseminationcontrolsthatapplytoCUItheNRC shareswith[NonFederalEntity].[NonFederalEntity]acceptsthesecontrols,whicharedescribed herein,asaconditionofbeingprovidedaccesstotheCUI.NothinginthisAgreementestablishesaright orentitlementtoreceiveCUIfromtheNRC.

2.Definitions.

Controlledunclassifiedinformation(CUI).CUIisinformationtheGovernmentcreatesorpossesses,or thatanentitycreatesorpossessesfororonbehalfoftheGovernment,thatalaw,regulation,or Governmentwidepolicyrequiresorpermitsanagencytohandleusingsafeguardingordissemination controls.CUIdoesnotincludeinformationthatisclassifiedunderExecutiveOrder13526,Classified NationalSecurityInformation,December29,2009(3CFR,2010Comp.,p.298),oranypredecessoror successororder,orinformationthatisclassifiedundertheAtomicEnergyActof1954,asamended.CUI doesnotincludeinformationthatanonexecutivebranchentitypossessesandmaintainsinitsown systemsthatdidnotcomefrom,orwasnotcreatedorpossessedbyorfor,anexecutivebranchagency oranentityactingforanagency.Itincludesinformationineitherdigitalorhardcopyformat.

CUIBasicandCUISpecified.AllCUIsharedpursuanttothetermsofthisAgreementwillqualifyaseither CUIBasicorCUISpecified.

CUIBasic.CUIBasicisthesubsetofCUIforwhichtheauthorizinglaw,regulation,or Governmentwidepolicydoesnotsetoutspecifichandlingordisseminationcontrols.This informationisgovernedbytheCUIBasiccontrolssetforthin32CFR2002.

CUISpecified.CUISpecifiedisthesubsetofCUIforwhichtheauthorizinglaw,regulation,or Governmentwidepolicycontainsspecifichandlingcontrolsthatitrequiresorpermitsagencies tousethatdifferfromthedefaultcontrolsassociatedwithCUIBasic.

CUIcategories.CUIisdividedintocategoriesthatreflectthetypesofinformationforwhichlaws, regulations,orGovernmentwidepoliciesrequireorpermitagenciestoexercisesafeguardingor disseminationcontrols,andwhichtheCUIExecutiveAgent(DirectoroftheInformationSecurity OversightOfficeattheNationalArchivesandRecordsAdministration)hasapprovedandlistedintheCUI Registry.

CUIRegistry.TheCUIRegistryistheonlinerepositoryforallexecutivebranchlevelinformation, guidance,policy,andrequirementsonhandlingCUI,including32CFRPart2002.Amongother information,theCUIRegistryidentifiesallapprovedCUIcategories,providesgeneraldescriptionsfor each,identifiesthebasisforcontrols,establishesmarkings,andincludesguidanceonhandling procedures(seehttps://www.archives.gov/cui).

2

CUIsecurityincident.Improperaccess,use,disclosure,modification,ordestructionofCUI,inanyform ormedium,constitutesaCUIsecurityincident.

Handling.AnyuseofCUI,includingbutnotlimitedtomarking,safeguarding,transporting, disseminating,reusing,anddisposingoftheinformation,constituteshandling.

LawfulGovernmentpurpose.CUImaybesharedwithapersonwhohasalawfulGovernmentpurpose tohandletheinformation,whichisanyactivity,mission,function,operation,orendeavorthatthe Governmentauthorizesorrecognizesaswithinthescopeofitslegalauthoritiesorthelegalauthorities ofnonexecutivebranchentities,suchasstateandlocallawenforcement.

Limiteddisseminationcontrol.TheseareanyCUIExecutiveAgentapprovedcontrolsidentifiedonthe CUIRegistrythatagenciesmayusetolimitorspecifyCUIdissemination.

3.Safeguarding,Access,andDisseminationControls.

a.TheNRCwillappropriatelymarkoridentifyallCUIsharedpursuanttothisAgreementandidentify theinformationaseitherCUIBasicorCUISpecifiedpriortooratthetimeitisshared.

b.CUIBasic.[NonFederalEntity]agreestohandleanyCUIBasicreceivedpursuanttothisAgreement asfollows:

1.Physicalsecurityandhandling:Meetthephysicalsecurityandstorage,mailing,reproduction, andtransmissionrequirementsin32CFR§2002.14.[NonFederalentity]mayselectappropriate methodstomeettheserequirements; 2.Informationsystems:

____[NonFederalentity]certifiesthatitsnonFederalinformationsystemsthatmayhandle CUIareinfullcompliancewiththestandardsdescribedinthelatestversionofNationalInstitute ofStandardsandTechnology(NIST)SpecialPublication(SP)800171,ProtectingControlled UnclassifiedInformationinNonFederalSystemsandOrganizations,ineffectatthetimethis Agreementissigned(availableathttps://csrc.nist.gov/publications/sp800).[NonFederalentity]

maytakepossession(e.g.,download,forward,orprint]ofCUIusingtheseinformationsystems.

[NonFederalentity]agreestoprotecttheconfidentialityofCUIontheseinformationsystemsin accordancewiththestandardsinNISTSP800171,oranyalternativeorenhancedcontrols identifiedintheAppendixforaparticularCUIcategory.Uponrequest,theNRCmayaskto review[NonFederalentity]ssystemsecurityplan(SSP)andPlanofActionsandMilestones (POAM),describedinNISTSP800171.

____[NonFederalentity]certifiesthatitisintheprocessofensuringthatitsnonFederal informationsystemsthatmayhandleCUIarecompliantwithNISTSP800171,andthat,at minimum,ithascompletedtheSSPandPOAMdescribedinNISTSP800171.[NonFederal entity]maytakepossession(e.g.,download,forward,orprint]ofCUIusingtheseinformation systems.[NonFederalentity]agreestoprotecttheconfidentialityofCUIonitsinformation systemsinamannerconsistentwiththeseplans,andagreestoprotecttheconfidentialityofCUI onitsinformationsystemsinaccordancewithNISTSP800171(oranyalternativeorenhanced controlsidentifiedintheAppendixforaparticularCUIcategory)uponachievingfullcompliance

3

withtheNISTSP800171standards.Uponrequest,theNRCmayasktoreview[NonFederal entity]sSSPandPOAM,describedinNISTSP800171.

____[NonFederalentitys]informationsystemsarenotincompliancewithNISTSP800171, norhas[NonFederalentity]completedtheSSPandPOAMdescribedinNISTSP800171.[Non Federalentity]understandsthattheNRCmaybeunableorunwillingtoelectronicallyshareCUI with[NonFederalentity],wheretheagencyhasdiscretion,unlessoruntil[NonFederalentity],

atminimum,completesanSSPandPOAM.TheNRCmayshareCUIwith[NonFederalentity]in hardcopy,and[NonFederalentity]maynotdigitallyconvertsuchCUIforprocessing,storage, ortransmissiononanyinformationsystem.Wherefeasible,theNRCmayshareCUI electronicallythroughaviewonlyplatform.IftheNRCsharesCUIthroughaplatform intendedforviewonlyaccess,[NonFederalentity]mayviewtheCUIelectronicallythrough theviewonlyplatformbutagreesnottotakeotheractionsthatinvolveelectronicprocessing, storage,ortransmissionoftheCUI,suchasdownloading,forwarding,orprintingtheCUIusing anyinformationsystems.[NonFederalentity]understandsthatallphysicalsecurityand handlingrequirementsdescribedinthisagreementapplytoanyhardcopyCUI.

c.CUISpecified.TheNRCwillidentifyanyuniquesafeguarding,access,ordisseminationcontrolsfor CUISpecifiedintheAppendix.[NonFederalEntity]willhandleCUISpecifiedreceivedpursuanttothis AgreementconsistentwiththeCUIBasicstandardsinsection3.aofthisAgreement,excepttothe extentthattheCUISpecifiedissubjecttospecifichandlingcontrolsidentifiedintheAppendix,inwhich case[NonFederalEntity]willapplythosecontrols.TheNRCwillensurethat[NonFederalEntity]is awareofsuchspecifiedhandlingcontrolspriortooratthetimetheCUISpecifiedisshared,either throughtheAppendixoronacasebycasebasis.

4.DuplicationorcreationofderivativeCUI.AnyCUIreceivedfromtheNRCpursuanttothis Agreementthatisduplicatedby[NonFederalEntity],includingbutnotlimitedtocopying,printing, scanning,oranyothermeansofphysicalorelectronicduplication,mustbehandledpursuanttothis AgreementinthesamemannerastheoriginalCUIsourceinformation.[NonFederalEntity]must ensurethatequipmentusedforsuchduplication,suchasprinters,copiers,scanners,orfaxmachines, donotretainthedataorthatsuchequipmentisproperlysanitizedsoastoensuretheinformationisnot retrievable,inaccordancewithNISTSP80053.[NonFederalEntity]maycreatederivativedocuments usingCUIthatisreceivedpursuanttothisAgreement,solongassuchderivativedocumentsarethen markedandhandledpursuanttothisAgreementinthesamemannerastheoriginalCUIsource information.

5.Thirdpartysharing.Unlessexpresslystatedotherwise,thisAgreementdoesnotprevent[Non FederalEntity]fromsharingCUIreceivedpursuanttothisAgreementsolongassuchsharingis permittedbythelaw,regulation,orGovernmentwidepolicygoverningtheCUIandthedisclosure furthersalawfulGovernmentpurpose.Examplesofsuchdisclosuremayinclude,butarenotlimitedto, disclosuretolawenforcementagenciesortoacourtofcompetentjurisdictionpursuanttoacourt order.[NonFederalEntity]isstronglyencouragedtocontacttheNRCpointofcontact(s)identifiedin thedesignationindicatorofthedocument/informationpriortosharinganyCUIreceivedpursuantto thisAgreementif[NonFederalEntity]isunsurewhetherthisstandardismetinagivensituation.

6.Limiteddisseminationcontrols.TheNRCmay,atorpriortothetimeCUIissharedwith[Non FederalEntity],placelimiteddisseminationcontrolsonCUIthatexpresslyrestrictsharingthatCUIwith

4

certainindividualsorclassesofindividuals(e.g.,prohibitionsonsharingtheCUIwithforeign governmentsorforeignnationals,orrequirementstosharetheinformationonlywithpeopleorentities onanincludeddistributionlist).TheNRCwillclearlymarkandconveysuchlimitationsatthetimethe CUIisshared.TheNRCwillonlyutilizesuchlimiteddisseminationcontrolswhenthereisalawful Governmentpurposefordoingso.

7.PointofContact.TheNRCpointofcontactfortheagencysCUIprogramisincludedintheAppendix.

[NonFederalEntity]mustutilizethepointofcontactidentifiedintheAppendixforallquestions concerningthescope,applicability,orinterpretationofthisAgreement,aswellasforreportinganyCUI securityincidentsreferencedinSection8.

8.CUIsecurityincidentsandmisuse.

a.When[NonFederalEntity]discoversasuspectedorconfirmedCUIsecurityincident(i.e.,information spillorsecuritybreach)ormisuseofCUI,itmustpromptlynotifytheappropriateNRCpointofcontact identifiedintheAppendix.Thisnotificationmustinclude,totheextentitisknownatthetime,all relevantcircumstancessurroundingtheincident,includingidentificationoftheCUIinvolvedandthe extenttowhichthe[NonFederalEntity]knowsorsuspectstheCUIhasbeendisseminatedtoor accessedbyunauthorizedindividuals.[NonFederalEntity]shouldpromptlysupplementthisinitial notificationwithadditionalinformationasitbecomesavailable.TheNRCmayalsorequest[Non FederalEntity]tosupplementthisnotificationwithadditionalrelevantinformation,whennecessary.

MisuseofCUImayserveasabasisforterminatingthisAgreementorabasisfortheNRCtodiscontinue voluntarilysharingCUIwith[NonFederalEntity].

b.[NonFederalEntity]reportingobligationsunderthisAgreementareinadditiontoanyother applicablerequirementsinlaw,regulation,orpolicy.ThisAgreementdoesnotrelieveorsupersedeany suchrequirements.

9.Assignment.CUIthatissharedwith[NonFederalEntity]remainsthepropertyoftheUnitedStates GovernmentandtheUnitedStatesGovernmentretainsallrightstoanyroyalties,remunerations,or emolumentsthatresulted,willresult,ormayresultfromanydisclosure,publication,orrevelationofCUI coveredunderthisAgreement.

10.Enforcement.[NonFederalEntity]understandsthatmishandlingCUIincontraventionoftheterms andconditionsofthisAgreementmaysubject[NonFederalEntity]toanyapplicableadministrative, civil,orcriminalpenalties,asappropriate,underthelawsorregulationsoftheUnitedStatesapplicable totheCUIcategoryinvolved(see32CFR§2002.16(a)(6)(ii)).TheUnitedStatesGovernmenthasnot waivedanystatutoryorcommonlawprivilegesorprotectionsthatitmayassertinanyadministrativeor courtproceedingtoprotectCUIthatissharedpursuanttothetermsofthisAgreement.TheUnited StatesGovernmentretainstherighttoseekanyremedyavailable,includingbutnotlimitedto applicationforacourtorderprohibitingthedisclosureofCUI.

11.ModificationofAgreement.ThisAgreementcanbeamendedwiththewrittenconsentofboth Parties.

12.Duration.ThisAgreementiseffectiveasofthedatethelastpartysignsandwillremainineffect untiltermination.EitherpartymayterminatethisAgreementbyprovidingnoticeinwriting[x]days priortotheeffectivedateoftermination.Upontermination,theNRCwillinstruct[NonFederalEntity]

5

toeitherreturnallCUIreceivedpursuanttothisAgreement(includinganyduplicatesorderivative worksbasedonCUIreceivedpursuanttothisAgreement),destroysuchCUIinamannerconsistentwith 32CFR§2002.14(f),ortakeotherappropriateaction.

13.Severability.TheprovisionsofthisAgreementaredeemedtobeseverableandtheinvalidity, illegality,orunenforceabilityofoneormoreprovisionsshallnotaffectthevalidity,legality,or enforceabilityoftheremainingprovisions.

14.Acknowledgment.ThePartiestothisAgreementrepresentandwarrantthattheyhavethe authoritytobindtheirrespectiveorganizationstoitstermsandconditions.AllPartieshavereadthis Agreementcarefullyandagreethattheyunderstanditstermsandconditions.

[INSERTSIGNATUREBLOCKFORALLSIGNATORIES]

1

APPENDIX USNuclearRegulatoryCommission(NRC) 1.PointofContact.ForallquestionsorconcernsthatariseunderthisAgreement,includingthebreach notificationrequirementsofSection8oftheAgreement,contacttheNRCCUIProgramat CUI@NRC.GOV.Foranybreachrelatedtocybersecurityincidents,alsonotifyCSIRT@nrc.gov.

2.CUIBasic.NRCmaysharethefollowingcategoriesofCUIBasicwith[NonFederalEntity]pursuantto thisAgreement.Unlessotherwisestated,accesstoCUIBasicisrestrictedtoauthorizedindividualsthat havealawfulGovernmentpurposetoaccesstheinformationtoperformtheirwork.Anyadditional specifichandling,safeguarding,ordisseminationrequirementsstipulatedintheunderlyinglaws, regulations,orGovernmentwidepolices,areidentifiedwithineachCUIcategorydescribedbelow.

a. ArchaeologicalResources CUIBannerMarkingwhenreceivedfromNRC:CUI//ARCHR o ThisinformationwillbeisolatedbytheNRCintoanappendixor attachmentsuchthatthemaindocumentisnotsensitiveoralower levelofsensitivitywhentheArchaeologicalResourcesInformationpart isnotincluded,wherepossible.

Thesafeguardingand/ordisseminationauthority(ies)forArchaeological ResourcesinformationisprovidedintheNARACUIRegistry:

https://www.archives.gov/cui/registry/categorydetail/archaeologicalresources

AdditionalRequirements(perlaw,regulation,Governmentwidepolicy):

o Dissemination:

Thisinformationcannotbesharedwithanythirdpartiesor foreignentityabsenttheexpressconsentoftheNRC.

b. GeneralPrivacy CUIBannerMarkingwhenreceivedfromNRC:CUI//PRVCY o ThisinformationwillbeisolatedbytheNRCintoanappendixor attachmentsuchthatthemaindocumentisnotsensitiveoralower levelofsensitivitywhentheGeneralPrivacyInformationpartisnot included,wherepossible.

Thesafeguardingand/ordisseminationauthority(ies)forGeneralPrivacy informationisprovidedintheNARACUIRegistry:

https://www.archives.gov/cui/registry/categorydetail/privacy.html

2

c. GeneralProprietaryBusinessInformation CUIBannerMarkingwhenreceivedfromNRC:CUI//PROPIN o ThisinformationwillbeisolatedbytheNRCintoanappendixor attachmentsuchthatthemaindocumentisnotsensitiveoralower levelofsensitivitywhentheGeneralProprietaryBusinessInformation partisnotincluded,wherepossible.

Thesafeguardingand/ordisseminationauthority(ies)forGeneralProprietary BusinessinformationisprovidedintheNARACUIRegistry:

https://www.archives.gov/cui/registry/categorydetail/proprietarybusiness info.html

d. OperationsSecurityInformation CUIBannerMarkingwhenreceivedfromNRC:CUI//OPSEC o ThisinformationwillbeisolatedbytheNRCintoanappendixor attachmentsuchthatthemaindocumentisnotsensitiveoralower levelofsensitivitywhentheOperationsSecurityInformationpartisnot included,wherepossible.

Thesafeguardingand/ordisseminationauthority(ies)forOperationsSecurity InformationisprovidedintheNARACUIRegistry:

https://www.archives.gov/cui/registry/categorydetail/operationssecurityinfo

3.CUISpecified.NRCmaysharethefollowingcategoriesofCUISpecifiedwith[NonFederalentity]

pursuanttothisAgreement.Unlessotherwisestated,accesstoCUISpecifiedisrestrictedtoauthorized individualsthathavealawfulGovernmentpurposetoaccesstheinformationtoperformtheirwork.

Anyadditionalspecifichandling,safeguarding,ordisseminationrequirementsstipulatedinthe underlyinglaws,regulations,orGovernmentwidepolices,areidentifiedwithineachCUIcategory describedbelow.

a. CriminalHistoryRecordsInformation CUIBannerMarkingwhenreceivedfromNRC:CUI//SPCHRI o ThisinformationwillbeisolatedbytheNRCintoanappendixorattachment suchthatthemaindocumentisnotsensitiveoralowerlevelofsensitivity whentheCriticalEnergyInfrastructureInformationpartisnotincluded, wherepossible

Thesafeguardingand/ordisseminationauthority(ies)forCriminalHistory RecordsInformationisprovidedintheNARACUIRegistry:

https://www.archives.gov/cui/registry/categorydetail/criminalhistoryrecords info

3

b. CriticalEnergyInfrastructureInformation CUIBannerMarkingwhenreceivedfromNRC:CUI//SPCEII o ThisinformationwillbeisolatedbytheNRCintoanappendixor attachmentsuchthatthemaindocumentisnotsensitiveoralower levelofsensitivitywhentheCriticalEnergyInfrastructureInformation partisnotincluded,wherepossible.

Thesafeguardingand/ordisseminationauthority(ies)forCriticalEnergy InfrastructureInformationisprovidedintheNARACUIRegistry:

https://www.archives.gov/cui/registry/categorydetail/criticalenergy infrastructureinformation

ExportControlledInformation CUIBannerMarkingwhenreceivedfromNRC:CUI//SPEXPT o ThisinformationwillbeisolatedbytheNRCintoanappendixor attachmentsuchthatthemaindocumentisnotsensitiveoralower levelofsensitivitywhentheExportControlledInformationpartisnot included,wherepossible.

Thesafeguardingand/ordisseminationauthority(ies)forExportControlled InformationisprovidedintheNARACUIRegistry:

https://www.archives.gov/cui/registry/categorydetail/exportcontrol.html

AdditionalRequirements(perlaw,regulation,Governmentwidepolicy):

o Designation:ExportControlledInformationmayonlybedesignatedby thosewiththestatutoryorregulatoryauthority:Departmentof Commerce,DepartmentofEnergy,andDepartmentofState.

o Access:AccesstoExportControlledInformationisrestrictedbythe following:

Theinformationmustnotbeavailabletoforeignnationalsunless accesshasbeenspecificallyauthorizedforthoseindividualsbyan agencywiththeauthoritytograntaccess.

ITsystemsthatcontainExportControlledInformationmustnot haveforeignnationalsassystemadministrators.

Exceptfortheabovesituation,accessmustberestrictedtoU.S.

citizensthathaveauthorizationtoaccesstheinformationanda lawfulGovernmentpurposetoaccesstheinformationtoperform heirNRCwork.

o Dissemination:ExportControlledInformationmayonlybesharedwith aforeignentityspecificallyauthorizedaccesstotheinformationbya U.S.Federalorganizationauthorizedtograntthataccess.

4

c. HistoricProperties CUIBannerMarkingwhenreceivedfromNRC:CUI//SPHISTP o ThisinformationwillbeisolatedbytheNRCintoanappendixor attachmentsuchthatthemaindocumentisnotsensitiveoralower levelofsensitivitywhentheHistoricPropertiespartisnotincluded, wherepossible.

Thesafeguardingand/ordisseminationauthority(ies)forHistoricProperties InformationisprovidedintheNARACUIRegistry:

https://www.archives.gov/cui/registry/categorydetail/historicproperties

AdditionalRequirements(perlaw,regulation,Governmentwidepolicy):

o Access:IfthisinformationhasbeendesignatedbytheheadofaFederal agencyorotherpublicofficialafterconsultationwiththeSecretaryof interiortowithholdfrompublicdisclosure,theinformationmustbe protectedfrompublicdisclosure.

d. NuclearSecurityRelatedInformation CUIBannerMarkingwhenreceivedfromNRC:CUI//SPSRI o

ThisinformationwillbeisolatedbytheNRCintoanappendixorattachment suchthatthemaindocumentisnotsensitiveoralowerlevelofsensitivity whentheNuclearSecurityRelatedInformationpartisnotincluded,where possible.

Thesafeguardingand/ordisseminationauthority(ies)forNuclearSecurityRelated InformationisprovidedintheNARACUIRegistry:

https://www.archives.gov/cui/registry/categorydetail/nuclearsecurityrelated info.html

TheauthoritiesforNuclearSecurityRelatedInformationare:

o NRCRegulatoryIssueSummary(RIS)200526,ControlofSensitive UnclassifiedNonSafeguardsInformationRelatedtoNuclearPower Reactors,November7,2005.

o NRCRIS200531,Revision1,ControlofSecurityRelatedSensitive UnclassifiedNonSafeguardsInformationHandledbyIndividuals,Firms,and EntitiesSubjecttoNRCRegulationoftheUseofSource,Byproduct,and SpecialNuclearMaterial,December26,2017.

NotwithstandinganythingelseinthisAgreement[NonFederalEntity]willhandle andcontrolNuclearSecurityRelatedInformationreceivedfromtheNRCconsistent withthecontrolsineitherRISshownabove.

5

e. ProtectedCriticalInfrastructureInformation CUIBannerMarkingwhenreceivedfromNRC:CUI//SPPCII o ThisinformationwillbeisolatedbytheNRCintoanappendixor attachmentsuchthatthemaindocumentisnotsensitiveoralower levelofsensitivitywhentheProtectedCriticalInfrastructure Informationpartisnotincluded,wherepossible.

Thesafeguardingand/ordisseminationauthority(ies)forProtectedCritical InfrastructureInformationisprovidedintheNARACUIRegistry:

https://www.archives.gov/cui/registry/categorydetail/protectedcritical infrastructureinformation

AdditionalRequirements(perlaw,regulation,Governmentwidepolicy):

o Dissemination:

Thisinformationcannotbesharedwithanythirdpartiesor foreignentityabsenttheexpressconsentoftheNRC.

f.

SafeguardsInformationandSafeguardsInformationModifiedHandling CUIBannerMarkingwhenreceivedfromNRC:CUI//SPSGI

TheauthorityforSafeguardsInformationis10CFRPart73,PhysicalProtection ofPlantsandMaterials.NotwithstandinganythingelseinthisAgreement

[NonFederalEntity]willhandleandcontrolSafeguardsInformationreceived fromtheNRCpursuanttothetermsofthisAgreementconsistentwiththe controlsin10CFRPart73,asrequiredbylaw.

AllSafeguardsInformation(bothinternalandexternaltotheNRC)willcontinue tohavethespecificmarkingsrequiredby10CFR73.22(d),Protectionof SafeguardsInformation:SpecificRequirementsor10CFR73.23(d),Protection ofSafeguardsInformationModifiedHandling:SpecificRequirements.

SafeguardsInformationthatisgeneratedorpossessedbytheNRCwillalsohave theCUI//SPSGIbannermarkinglocatedbeneaththerequiredmarking,in additionto(notinlieuof)therequiredmarkingsinPart73.

Thesafeguardingand/ordisseminationauthority(ies)forSafeguards InformationisprovidedintheNARACUIRegistry:

https://www.archives.gov/cui/registry/categorydetail/safeguardsinfo