Text

EA-22-083 Steve Wahnschaffe NRC Facilities Acting Facility Director and License Manager Department of Energy

SUBJECT:

COMPLIANCE WITH 32 CFR PART 117, NATIONAL INDUSTRIAL SECURITY PROGRAM OPERATING MANUAL AND EXERCISE OF ENFORCEMENT DISCRETION

Dear Steve Wahnschaffe:

On December 21, 2020, the Department of Defense published the National Industrial Security Program Operating Manual (NISPOM) rule, in Title 32 of the Code of Federal Regulations (CFR) Part 117, National Industrial Security Program Operating Manual, in the Federal Register (85 FR 83312). The rule had an effective date of August 24, 2021. The U.S. Nuclear Regulatory Commission (NRC) staff met with you on July 28, 2022, to discuss Fort Saint Vrains (FSVs) compliance with 32 CFR Part 117. This letter documents the substance of our discussions at that meeting.

FSV must be in compliance with the requirements in 32 CFR Part 117 no later than 180 days from the date of this letter. The NRC expects that FSV will submit its compliance plan describing how you will come into compliance with 32 CFR Part 117, no later than 60 days from the date of this letter. This compliance plan will: 1) identify those requirements in 32 CFR Part 117 that FSV believes are not applicable to it and the rationale for that determination; 2) identify those requirements in 32 CFR Part 117 that FSV believes are applicable and are already being met; 3) identify those requirements in 32 CFR Part 117 for which FSV expects to need longer than 180 days to implement, the rationale for needing more time, and the specific date by which FSV will come into compliance with the requirement; and 4) identify those requirements in 32 CFR Part 117 for which FSV intends to seek a waiver consistent with the requirements in 32 CFR 117.7(n).

With respect to those requirements identified in FSVs compliance plan for which FSV has requested a later compliance date, FSV must comply with those specific requirements no later than the alternative compliance date approved by the NRC. If FSV intends to seek a waiver, the waiver request must explain why it is impractical, or unreasonable for FSV to comply with the requirement it is asking to waive, identify alternative measures as prescribed by the rule, and include a proposed duration for the waiver. FSV cannot implement a waiver unless the waiver is approved by the NRC.

While FSV is working to determine the applicability of the new requirements and to come into compliance, the NRC staff completed the annual information security (INFOSEC) inspection during the week of April 18, 2022. The NRC staff confirmed that FSVs INFOSEC security program operates consistently with the NRC approved Standard Practice Procedures Plan and October 13, 2022

complies with Title 10 of the CFR Part 95. Therefore, FSV is currently protecting its classified matter adequately.

Given FSVs established INFOSEC security program, the short implementation timeframe afforded by the promulgation of 32 CFR Part 117, and the efforts undertaken by FSV to come into compliance with the rule as soon as feasible, I have been authorized, after consultation with the Director, Office of Enforcement, to exercise enforcement discretion for past non-compliance associated with 32 CFR Part 117 requirements in accordance with Section 3.5 of the Enforcement Policy. Going forward, the staff may continue to exercise enforcement discretion provided FSV takes appropriate and reasonable steps to come into compliance by the specific date(s) documented in FSVs compliance plan, as approved by the NRC.

If you have any questions, please contact me at 301-415-7751, or via email at Darryl.parsons@nrc.gov.

In accordance with Title 10 of the Code of Federal Regulations, Section 2.390 of the NRCs Agency Rules of Practice and Procedure, a copy of this letter will be available for public inspection in the NRC Public Document Room or from the Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).

Sincerely, Darryl H. Parsons, Chief Information Security Branch Division of Security Operations Office of Nuclear Security and Incident Response Signed by Parsons, Darryl on 10/13/22