|
---|
Category:Inspection Plan
MONTHYEARIR 05000445/20230052023-08-23023 August 2023 Updated Inspection Plan for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2023005 and 05000446/2023005)- Mid Cycle Letter 2023 ML23068A3782023-03-0909 March 2023 Notification of an NRC Fire Protection Baseline Inspection (NRC Inspection Report 05000445/2023011 and 05000446/2023011) and Request for Information IR 05000445/20220062023-03-0101 March 2023 Annual Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2022006 and 05000446/2022006) IR 05000445/20220052022-08-22022 August 2022 Updated Inspection Plan for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2022005 and 05000446/2022005) ML22179A3032022-06-28028 June 2022 Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000445/2022401; 05000446/2022401 ML22124A3042022-05-0505 May 2022 Notification of NRC Triennial Heat Exchanger/Sink Performance Inspection (05000445/2022003 and 05000446/2022003) and Request for Information IR 05000445/20210062022-03-0202 March 2022 Annual Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2021006 and 05000446/2021006) ML21253A2332021-09-0909 September 2021 Request for Information: Comanche Peak Nuclear Power Plant, Units 1 and 2 (05000445 and 05000446); Occupation Radiation Safety (71124.01, 71124.02, 7511) ML21245A3072021-09-0202 September 2021 Request for Information ML21245A307 IR 05000445/20210052021-09-0101 September 2021 Mid-Cycle Inspection Plan Transmittal Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2021005 and 05000446/2021005) ML21176A1292021-06-25025 June 2021 CPNPP FFD Inspection Doc Request 2021 ML21103A3982021-04-13013 April 2021 CP Security Inspection Information Request 2021403 ML21027A4322021-01-27027 January 2021 Information Request, Security IR 2021401 ML20309A3602020-11-0404 November 2020 Notification of NRC Design Bases Assurance Inspection (Teams) (Inspection Report 05000445/2021011 and 05000446/2021011) and Initial Request for Information IR 05000445/20200052020-09-0101 September 2020 Updated Inspection Plan for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2020005 and 05000446/2020005) ML20139A1452020-05-18018 May 2020 Notification of NRC Design Bases Assurance Inspection (Programs) (05000445/2020010 and 05000446/2020010) and Initial Request for Information ML20055E1052020-03-0303 March 2020 CP2019006 Annual Assessment Letter ML20045E3512020-02-13013 February 2020 Information Request February 13, 2020 Notification of Inspection and Request for Information Comanche Peak Unit 2 NRC Inspection Report 05000446/2020002 IR 05000445/20190052019-08-30030 August 2019 Updated Inspection Plan for Comanche Peak, Units 1 and 2, Reports 05000445/2019005 and 05000446/2019005 IR 05000445/20180062019-03-0404 March 2019 Annual Assessment Letter for Comanche Peak, Units 1 and 2 (Report 05000445/2018006 and 05000446/2018006) ML19043A9442019-02-20020 February 2019 2019 CP Brq RFI Letter IR 05000445/20180052018-08-31031 August 2018 Updated Inspection Plan for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2018005 and 05000446/2018005) IR 05000445/20170062018-03-0101 March 2018 Annual Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2017006 and 05000446/2017006) IR 05000445/20170052017-08-28028 August 2017 Updated Inspection Plan for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2017005 and 05000446/2017005) IR 05000445/20160062017-03-0101 March 2017 Annual Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2016006 and 05000446/2016006) ML16302A1002016-10-27027 October 2016 Notification of Inspection (NRC Inspection Report 05000445/2017002 and 05000446/2017002) and Request for Information IR 05000445/20160052016-09-12012 September 2016 Errata for Mid-Cycle Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2016005 and 05000446/2016005) ML16239A2522016-08-31031 August 2016 Mid-Cycle Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2016005 and 05000446/2016005) IR 05000445/20164012016-08-31031 August 2016 Non-Public Security Inspection Plan for Comanche Peak Nuclear Power Plant (NRC Physical Security Inspection Report Numbers 05000445/2016401 and 05000446/2016401) IR 05000445/20150062016-03-0202 March 2016 Annual Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2015006 and 05000446/2015006) IR 05000445/20154012015-09-0101 September 2015 Non-Public Security Inspection Plan for Comanche Peak Nuclear Power Plant (NRC Physical Security Inspection Report Numbers 05000445/2015401 and 05000446/2015401) IR 05000445/20150052015-09-0101 September 2015 Mid-Cycle Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2015005 and 05000446/2015005) IR 05000445/20140062014-09-0202 September 2014 Mid-Cycle Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2014006 and 05000446/2014006) IR 05000445/20144022014-09-0202 September 2014 Non-Public Security Inspection Plan for Comanche Peak Nuclear Power Plant (NRC Physical Security Inspection Report Numbers 05000445/2014402 and 05000446/2014402) IR 05000445/20130012014-03-0404 March 2014 IR 05000445-13-001 & 05000446-13-001, 02/12/2014, Comanche Peak, Units 1 & 2, Annual Assessment Inspection Plan ML13282A5002013-10-0909 October 2013 Notification of NRC Triennial Fire Protection Baseline Inspection (NRC Inspection Report 05000445-14-008 and 05000446-14-008) and Request for Information IR 05000445/20130062013-09-0303 September 2013 (Report 05000445/2013006 and 05000446/2013006) IR 05000445/20128012013-03-0404 March 2013 Annual Assessment Letter for Comanche Peak Nuclear Power Plant, Units 1 and 2 (Report 05000445/2012801 and 05000446/2012801) ML13060A4352013-03-0101 March 2013 Notification of NRC Component Design Bases Inspection IR 05000445-13-007 and 05000446-13-007, and Initial Request for Information IR 05000445/20120062012-09-0404 September 2012 Mid-Cycle Letter for Comanche Peak Nuclear Power Plant Units 1 and 2 (Reports 05000445/2012006 and 05000446/2012006) IR 05000445/20120012012-03-0505 March 2012 Annual Assessment Letter for Comanche Peak Nuclear Power Plant Units 1 and 2 (Report 05000445/2012001 and 05000446/2012001) ML1124306442011-09-0101 September 2011 Mid-Cycle Performance Review and Inspection Plan - Comanche Peak Nuclear Power Plant - Units 1 and 2 CP-201101030, Transmittal of Unit 1 Inservice Inspection Program Plan, Revision 6, (Unit 1: ASME Code XI 1998 Edition, 1999 and 2000 Addenda, Interval Start - August 13, 2000, Second Interval)2011-08-0202 August 2011 Transmittal of Unit 1 Inservice Inspection Program Plan, Revision 6, (Unit 1: ASME Code XI 1998 Edition, 1999 and 2000 Addenda, Interval Start - August 13, 2000, Second Interval) CP-201101031, Transmittal of Unit 1 Inservice Inspection Program Plan, Revision 0 (Unit 1: ASME Code XI 1998 Edition, 1999 and 2000 Addenda, Interval Start - August 13, 2010, Third Interval)2011-08-0202 August 2011 Transmittal of Unit 1 Inservice Inspection Program Plan, Revision 0 (Unit 1: ASME Code XI 1998 Edition, 1999 and 2000 Addenda, Interval Start - August 13, 2010, Third Interval) IR 05000445/20110012011-03-0404 March 2011 IR 05000445-11-001, 05000446-11-001, 03/01/2011 - 02/29/2012, Comanche Peak Nuclear Power Plant, Units 1 and 2, Annual Assessment Letter ML1024403972010-09-0101 September 2010 Mid-Cycle Performance Review and Inspection Plant - Comanche Peak Nuclear Power Plant IR 05000445/20100012010-03-0303 March 2010 Annual Assessment Letter - Comanche Peak Nuclear Power Plant (Reports 05000445-10-001 and 05000446-10-001) CP-200900848, Submittal of Unit 2 Inservice Inspection Plan for Refueling Outage No .112009-07-30030 July 2009 Submittal of Unit 2 Inservice Inspection Plan for Refueling Outage No .11 IR 05000445/20090012009-03-0404 March 2009 Annual Assessment Letter - Comanche Peak Steam Electric Station (Reports 05000445/2009001 and 05000446/2009001) ML0824606392008-09-0202 September 2008 2008 Midcycle Assessment Letter Comanche Peak and Inspection Plan 2023-08-23
[Table view] Category:Request for Additional Information (RAI)
MONTHYEARML24019A0742024-01-19019 January 2024 NRR E-mail Capture - Comanche Peak - Draft Request for Additional Information - License Amendment Request to Extend the Allowed Outage Time for an Inoperable Emergency Diesel Generator ML24018A1072024-01-18018 January 2024 Notification of Commercial Grade Dedication Inspection (05000445/2024012 and 05000446/2024012) and Request for Information ML23256A1502023-09-11011 September 2023 Request for Additional Information Requests - Comanche Peak - Set 4 ML23256A1492023-09-11011 September 2023 Email from Mark Yoo (NRC) to Ken Peters (Vistra) - Comanche Peak LRA - Request for Additional Information - Set 4 ML23213A2162023-08-0202 August 2023 Vistra Operations Company, LLC Notification of License Renewal Inspection and Request for Information ML23188A0452023-07-0707 July 2023 Request for Additional Information Requests - Comanche Peak - Set 3 ML23188A0442023-07-0707 July 2023 Email from Mark Yoo (NRC) to Ken Peters (Vistra) - Comanche Peak LRA - Request for Additional Information - Set 3 ML23181A0212023-06-29029 June 2023 Request for Additional Information Requests - Comanche Peak - Set 2 ML23181A0202023-06-29029 June 2023 Email from Mark Yoo (NRC) to Ken Peters (Vistra) - Comanche Peak LRA - Request for Additional Information - Set 2 ML23167A0222023-06-14014 June 2023 Email: Request for Additional Information (RAI) Letter for the Review of the Comanche Peak Initial License Renewal Application, Set 1 ML23167A0232023-06-14014 June 2023 Request for Additional Information (RAI) for the Review of the Comanche Peak Initial License Renewal Application (Lra), Set 1 ML23145A2322023-05-25025 May 2023 LRA - Request for Confirmation of Information - Set 2 ML23143A1372023-05-23023 May 2023 LRA - Request for Confirmation of Information - Set 1 ML23132A2542023-05-23023 May 2023 Supplemental Information Needed for Acceptance of Requested Licensing Action LAR to Adopt 10 CFR 50.69,Risk-Informed Categorization & Treatment of Structures,Systems & Components for Nuclear Power Reactors EPID L-2023-LLA-0057 ML23068A0562023-05-0909 May 2023 Request for Additional Information - Comanche Peak License Renewal Application Environmental Review ML23068A0732023-04-13013 April 2023 Requests for Confirmation of Information for the Environmental Review of the Comanche Peak Nuclear Power Plant, Units 1 and 2, Licensed Renewal Application (EPID Number: L-2022-LNE-0004) (Docket Numbers 50-445 and 50-446) ML23103A4682023-04-11011 April 2023 NRR E-mail Capture - Comanche Peak Request for Additional Information - License Amendment Request to Apply the Westinghouse Full Spectrum Loss of Coolant Accident Evaluation Model ML23086B9852023-03-27027 March 2023 NRR E-mail Capture - Comanche Peak Draft Request for Additional Information - Request to Apply the Westinghouse Full Spectrum Loss of Coolant Accident Evaluation Model ML23010A1442023-01-0909 January 2023 Inservice Inspection Request for Information ML22325A2742022-11-21021 November 2022 NRR E-mail Capture - Comanche Peak - Request for Additional Information - Proposed Alternative P-1 Regarding IST of Safeguards Building Sump Pumps ML22318A3102022-11-10010 November 2022 NRR E-mail Capture - Comanche Peak - Draft Request for Additional Information - Proposed Alternative P-1 Regarding IST of Safeguards Building Sump Pumps ML22230B1092022-08-17017 August 2022 NRR E-mail Capture - Comanche Peak Unit 2 - Request for Additional Information - 2RE19 Inspection Summary Report for Steam Generator Tubing ML22220A1942022-08-0808 August 2022 NRR E-mail Capture - Comanche Peak Unit 2 - Draft Request for Additional Information - 2RE19 Inspection Summary Report for Steam Generator Tubing ML22179A3032022-06-28028 June 2022 Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000445/2022401; 05000446/2022401 ML22083A0262022-03-23023 March 2022 NRR E-mail Capture - Comanche Peak - Request for Additional Information - Request to Adopt TSTF 505 Revision 2 ML21286A7912021-10-13013 October 2021 NRR E-mail Capture - Comanche Peak - Request for Additional Information - Request to Adopt TSTF-577 Revision 1 ML21253A2242021-09-0909 September 2021 Request for Information Occupational Radiation Safety Inspection (71124.01, 71124.02, and 71151) from 10/18-22/2021 ML21253A2332021-09-0909 September 2021 Request for Information: Comanche Peak Nuclear Power Plant, Units 1 and 2 (05000445 and 05000446); Occupation Radiation Safety (71124.01, 71124.02, 7511) ML21245A3072021-09-0202 September 2021 Request for Information ML21245A307 ML21166A3382021-06-22022 June 2021 Supplemental Information Needed for Acceptance of Requested Licensing Action LAR to Adopt TSTF-505, Rev. 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b ML21165A1022021-06-13013 June 2021 Pi&R; Request for Information ML21103A3982021-04-13013 April 2021 CP Security Inspection Information Request 2021403 ML20225A0932020-08-12012 August 2020 Notification of Inspection 05000445/2020004 and 05000446/2020004 and Request for Information ML20105A1072020-04-13013 April 2020 NRR E-mail Capture - Comanche Peak - Request for Additional Information - Exigent Amendment Request for One Time Change to Unit 2 Steam Generator Inspection Frequency ML20104A0022020-04-11011 April 2020 NRR E-mail Capture - Comanche Peak Unit 2 - Request for Additional Information - Proposed Alternative to ASME OM Code for Deferral of Snubber Testing (SNB-1) and Visual Examinations (SNB-2) ML20045E3512020-02-13013 February 2020 Information Request February 13, 2020 Notification of Inspection and Request for Information Comanche Peak Unit 2 NRC Inspection Report 05000446/2020002 ML19346B3812019-12-11011 December 2019 NRR E-mail Capture - Comanche Peak RAIs - Quality Assurance Program Reduction in Commitment ML19319A5432019-11-14014 November 2019 NRR E-mail Capture - Draft Comanche Peak RAIs - Quality Assurance Program Reduction in Commitment ML19058A3592019-02-27027 February 2019 NRR E-mail Capture - Comanche Peak Nuclear Power Plant, Unit Nos. 1 and 2 - Final Request for Additional Information Concerning License Amendment Request to Revise the Emergency Plan IR 05000445/20170072018-02-0808 February 2018 Notification of Nrc Design Bases Assurance Inspection (Programs) (05000445/2017007 and 05000446/2017007) ML17276B8622017-10-0303 October 2017 Notification of NRC Design Bases Assurance Inspection (Programs)(05000445/2017007 and 05000446/2017007) and Initial Request for Information ML17087A2032017-03-28028 March 2017 NRR E-mail Capture - Comanche Peak, Unit 2 - Final Request for Additional Information Regarding Request No. 2B3-1 ML17066A2372017-03-0707 March 2017 Notification of NRC Triennial Fire Protection Baseline Inspection (05000445/2017008 and 05000446/2017008) and Request for Information ML17048A4172017-02-17017 February 2017 Notification of NRC Inspection of the Implementation of Mitigation Strategies and Spent Fuel Pool Instrumentation Orders and Emergency Preparedness Communication/ Staffing/Multi-Unit Dose Assessment... ML16034A1962016-02-0808 February 2016 Independent Spent Fuel Storage Installation - Request for Additional Information, Application for Order Approving Transfer of Facility Operating Licenses and Conforming Amendment ML16015A0032016-01-14014 January 2016 NRR E-mail Capture - Request for Additional Information - Relief Request 1B3-3 for Comanche Peak Nuclear Power Plant, Unit 1 ML15345A0112015-12-16016 December 2015 Request for Additional Information, License Amendment Request, Revise Emergency Action Levels Based on Nuclear Energy Institute (NEI) 99-01, Revision 6 ML15317A1582015-11-13013 November 2015 Request for Additional Information Email, Relief Request B-15, C-2, and C-4 for Welds in the RPV and Containment Spray and Residual Heat Removal Heat Exchanger Shells, Second 10-year Inservice Inspection Interval ML15317A1482015-11-13013 November 2015 Request for Additional Information Email, Relief Request No. B-9 for Reactor Pressure Vessel Outlet Nozzle Safe End to Piping Welds, Second 10-year Inservice Inspection Interval ML15317A1502015-11-13013 November 2015 Request for Additional Information Email, Relief Request No. B-3 for Reactor Coolant System Pipe to Pipe Flange Weld, Second 10-year Inservice Inspection Interval 2024-01-19
[Table view] |
See also: IR 05000445/2022401
Text
June 28, 2022
Mr. Ken Peters, Senior Vice President
and Chief Nuclear Officer
Attention: Regulatory Affairs
Vistra Operations Company LLC
P.O. Box 1002
Glen Rose, TX 76043
SUBJECT: COMANCHE PEAK NUCLEAR POWER PLANT, UNITS 1 AND 2 -
INFORMATION REQUEST FOR THE CYBER-SECURITY BASELINE
INSPECTION, NOTIFICATION TO PERFORM INSPECTION 05000445/2022401;
05000446/2022401
Dear Mr. Peters,
On October 24, 2022, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline
inspection in accordance with Inspection Procedure (IP) 71130.10, Cyber-Security, at your
Comanche Peak Nuclear Power Plant. The inspection evaluates and verifies your ability to meet
the requirements of the NRCs Cyber-Security Rule, Title 10, Code of Federal Regulations
(CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and
Networks.
Experience has shown that baseline inspections are extremely resource intensive, both for the
NRC inspectors and the licensee staff. To minimize the inspection impact on the site and to
ensure a productive inspection for both parties, we have enclosed a request for documents
needed for the inspection. These documents have been divided into four groups.
The first group specifies information necessary to assist the inspection team in choosing the
focus areas (i.e., sample set) to be inspected by the cyber-security inspection procedure. This
information should be made available via electronic means (e.g., compact disc or other
electronic means) and delivered to the regional office no later than August 1, 2022. The
inspection team will review this information and, by August 22, 2022, will request the specific
items that should be provided for review.
The second group of additional requested documents will assist the inspection team in the
evaluation of the critical systems and critical digital assets, defensive architecture, and the areas
of your cyber security program selected for the cyber-security inspection. This information will
be requested for review in the regional office prior to the inspection by September 19, 2022.
K. Peters 2
The third group of requested documents consists of those items that the inspection team will
review, or need access to, during the inspection. Please have this information available by the
first day of the onsite inspection, October 24, 2022.
The fourth group of information is necessary to aid the inspection team in tracking issues
identified during the inspection. It is requested that this information be provided to the lead
inspector as the information is generated during the inspection. It is important that these
documents are up to date and complete to minimize the number of additional documents
requested during the preparation and/or the onsite portions of the inspection.
The lead inspector for this inspection is Greg Pick. We understand that our regulatory contact
for this inspection is Jim Barnette at 817-408-0934 (m) or via email
james.barnette@luminant.com of your organization. If there are any questions about the
inspection or the material requested, please contact the lead inspector Greg Pick
at 817-504-2105 (m) or via e-mail at greg.pick@nrc.gov.
PAPERWORK REDUCTION ACT STATEMENT
This letter contains mandatory information collections that are subject to the Paperwork
Reduction Act of 1995 (44 U.S.C. 3501 et seq.). The Office of Management and Budget (OMB)
approved these information collections (approval number 3150-0011). Send comments
regarding this information collection to the Information Services Branch, Office of the Chief
Information Officer, Mail Stop: T6 A10M, U.S. Nuclear Regulatory Commission, Washington, DC
20555-0001, or by e-mail to Infocollects.Resource@nrc.gov, and to the Desk Officer, Office of
Information and Regulatory Affairs, NEOB-10202, (3150-0011) Office of Management and
Budget, Washington, DC 20503.
PUBLIC PROTECTION NOTIFICATION
The NRC may not conduct nor sponsor, and a person is not required to respond to, a request
for information or an information collection requirement unless the requesting document
displays a currently valid OMB control number.
This letter and its enclosure will be made available for public inspection and copying at
http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in
accordance with Title 10 of the Code of Federal Regulations (10 CFR) 2.390, Public
Inspections, Exemptions, Requests for Withholding. Your cooperation and support during this
inspection will be appreciated.
Sincerely,
Signed by Pick, Gregory
on 06/28/22
Greg A. Pick
Senior Reactor Inspector
Engineering Branch 2
Division of Operating Reactor Safety
K. Peters 3
Dockets: 50-445; 50-446
Licenses: NPF-87; NPF-89
Enclosure:
Comanche Peak Nuclear Power Plant
Cyber-Security Inspection Document Request
cc w/encl: Distribution via LISTSERV
ML22179A303
SUNSI Review ADAMS: Non-Publicly Available Non-Sensitive Keyword:
By: GAP Yes No Publicly Available Sensitive NRC-002
OFFICE DORS/EB2:SRI
NAME GPick
SIGNATURE Gap
DATE 6/28/2022
Inspection Report: 05000445/2022401; 05000446/2022401
Inspection Dates: October 24 - 28, 2022
Inspection Procedure: IP 71130.10, Cyber-Security, dated January 1, 2022
Reference: ML21330A088, Guidance Document for Development of the
Request for Information (RFI) and Notification Letter for
Full-Implementation of the Cyber-Security Inspection, Revision 1
NRC Inspectors: Greg Pick, (Lead) Stella Opara-Ogunmola
817-504-2105 301-287-9286
greg.pick@nrc.gov stella.opara@nrc.gov
Marcus Chisolm
817-200-1426
marcus.chisolm@nrc.gov
NRC Contractors: Casey Priester Alan Konkal
frederick.priester@nrc.gov alan.konkal@nrc.gov
I. Information Requested for In-Office Preparation
The initial request for information (Table RFI#1) provides the team with the general
information necessary to select appropriate components and cyber security program
elements to develop a site-specific inspection plan. The initial request for information is
used to identify the list of critical systems and critical digital assets plus operational and
management security control portions of the cyber security program to be chosen as the
sample set to be inspected. Please provide the information listed in Table RFI#1 to the
regional office by August 1, 2022, or sooner, to facilitate the selection of the specific
items that will be reviewed.
The team will examine the returned documentation from the initial request for information
and select specific critical systems and critical digital assets to provide for a more
deliberate, focused second request for information. The team will submit the second
request by August 22, 2022, which will identify the critical systems and critical digital
assets that will be utilized to evaluate the defensive architecture and the areas of your
cyber security program selected for the inspection. We request that the information for
the second request be made available for review by September 19, 2022.
All requests for information shall follow the referenced guidance document ADAMS
Accession No. ML21330A088. If a secure document management service is utilized, it is
recommended that a separate folder be used corresponding to each item listed below. It
is recommended that multiple documents within each folder be individually entered and
also combined into a ZIP file that is uploaded into the same folder. Documents should be
identified by both document number and noun name. Electronic media on compact disc
Enclosure
or paper records (hard copy) are also acceptable. The preferred file format for all lists is
a searchable Excel spreadsheet file. The information should be indexed and hyper-
linked to facilitate ease of use. If you have any questions regarding this information,
please call the inspection team leader as soon as possible.
Table RFI#1
Section 3,
Paragraph Number/Title: IP Ref
A list of all Identified Critical Systems and Critical Digital Assets,-
1 highlight/note any . additions, deletions, reclassifications due to new Overall
guidance from white papers, changes to NEI 10-04, 13-10, etc. since
the last cyber security inspection.
2 A list of EP and Security onsite and offsite digital communication Overall
systems
3 Network Topology Diagrams to include information and data flow for Overall
critical systems in levels 2, 3 and 4 (If available)
4 Ongoing Monitoring and Assessment program documentation 03.01(a)
5 The most recent effectiveness analysis of the Cyber Security 03.01(b)
Program
6 Vulnerability screening/assessment and scan program 03.01(c)
documentation
Cyber Security Incident response documentation, including incident
detection, response, and recovery documentation as well as 03.02(a)
7 contingency plan development, implementation and including any and
program documentation that requires testing of security boundary 03.04(b)
device functionality
8 Device Access and Key Control documentation 03.02(c)
9 Password/Authenticator documentation 03.02(c)
10 User Account/Credential documentation 03.02(d)
11 Portable Media and Mobile Device control documentation, including 03.02(e)
kiosk security control assessment/documentation
12 Design change/ modification program documentation and a List of all 03.03(a)
design changes completed since the last cyber security inspection,
2
Table RFI#1
Section 3,
Paragraph Number/Title: IP Ref
including either a summary of the design change or the 50.59
documentation for the change.
03.03(a),
13 Supply Chain Management documentation including any security (b) and
impact analysis for new acquisitions (c)
Configuration Management documentation including any security 03.03(a)
14 impact analysis performed due to configuration changes since the
and (b)
last inspection
15 Cyber Security Plan and any 50.54(p) analysis to support changes to 03.04(a)
the plan since the last inspection
16 Cyber Security Metrics tracked (if applicable) 03.06 (b)
Provide documentation describing any cyber security changes to the
17 access authorization program since the last cyber security Overall
inspection.
18 Provide a list of all procedures and policies provided to the NRC with Overall
their descriptive name and associated number (if available)
19 Performance testing report (if applicable) 03.06 (a)
In addition to the above information please provide the following:
(1) Electronic copy of the UFSAR and technical specifications
(2) Name(s) and phone numbers for the regulatory and technical contacts
(3) Current management and engineering organizational charts
II. Additional Information Requested to be Available Prior to Inspection
As stated in Section I above, the team will examine the documentation requested from
Table RFI#1 and submit the list of critical systems and critical digital assets to your staff
by August 22, 2022 (i.e., RFI#2). The additional information requested for the specific
systems and equipment is identified in Table RFI#2. Please provide the Table RFI#2
information to the lead inspector by September 19, 2022. If you have any questions
regarding this information, please call the inspection team leader as soon as possible.
3
Table RFI#2
Section 3,
Paragraph Number/Title: IP Ref
For the system(s) chosen for inspection provide:
1 Ongoing Monitoring and Assessment activity performed on the 03.01(a)
system(s)
2 All Security Control Assessments for the selected system(s) 03.01(a)
All vulnerability screenings/assessments associated with or scans
3 performed on the selected system(s) since the last cyber security 03.01(c)
inspection
Documentation (including configuration files and rules sets) for
Network-based Intrusion Detection/Protection Systems (NIDS/NIPS),
4 Host-based Intrusion Detection Systems (HIDS), and Security 03.02(b)
Information and Event Management (SIEM) systems for system(s)
chosen for inspection )
Documentation (including configuration files and rule sets) for intra-
5 security level firewalls and boundary devices used to protect the 03.02(c)
selected system(s)
6 Copies of all periodic reviews of the access authorization list for the 03.02(d)
selected systems since the last inspection
7 Baseline configuration data sheets for the selected CDAs 03.03(a)
8 Documentation on any changes, including Security Impact Analyses, 03.03(b)
performed on the selected system(s) since the last inspection
9 Copies of the purchase order documentation for any new equipment 03.03(c)
purchased for the selected systems since the last inspection
03.02(a)
10 Copies of any reports/assessment for cyber security drills performed
since the last inspection. 03.04(b)
Copy of the individual recovery plan(s) for the selected system(s) 03.02(a)
11 including documentation of the results the last time the backups
03.04(b)
were executed.
Corrective actions taken because of cyber security incidents/issues
12 to include previous NRC violations and Licensee Identified Violations 03.05
since the last cyber security inspection
4
III. Information Requested to be Available on First Day of Inspection
For the critical systems and critical digital assets identified in Section II, provide the
following request for information (i.e., Table 1ST Week Onsite) to the team by
October 24, 2022, the first day of the inspection.
Table 1ST Week Onsite
Section 3,
Paragraph Number/Title: IP Ref
1 Any cyber security event reports submitted in accordance with 10 03.05
CFR 73.77 since the last cyber security inspection
Updated Copies of corrective actions taken because of cyber
2 security incidents/issues, to include previous NRC violations and 03.05
Licensee Identified Violations since the last cyber security
inspection, as well as vulnerability-related corrective actions
In addition to the above information please provide the following:
(1) Copies of the following documents do not need to be solely available to the
inspection team as long as the inspectors have easy and unrestrained access
to them.
a. Updated Final Safety Analysis Report (if not previously provided)
b. Original FSAR Volumes
c. Original SER and Supplements
d. FSAR Question and Answers
e. Quality Assurance Plan
f. Technical Specifications (if not previously provided)
g. Latest IPE/PRA Report
(2) Vendor Manuals, Assessment and Corrective Actions:
a. The most recent Cyber-Security Quality Assurance (QA) audit and/or
self-assessment
b. Corrective action documents (e.g., condition reports, including status of
corrective actions) generate because of the most recent Cyber-Security
Quality Assurance (QA) audit and/or self-assessment
5
IV. Information Requested To Be Provided Throughout the Inspection
(1) Copies of any corrective action documents generated because of the inspection
teams questions or queries during the inspection
(2) Copies of the list of questions submitted by the inspection team members and
the status/resolution of the information requested (provided daily during the
inspection to each inspection team member)
If you have any questions regarding the information requested, please contact the inspection
team leader.
6