ML22257A058

From kanterella
Jump to navigation Jump to search
NRC-2022-000168 - Resp 1 - Final, Agency Records Subject to the Request Are Enclosed
ML22257A058
Person / Time
Issue date: 06/22/2022
From:
NRC/OCIO
To:
Shared Package
ML22257A056 List:
References
NRC-2022-000168
Download: ML22257A058 (55)
v  d  e


Text

U.S. NUCLEAR REGULATORY COMMISSION REGULATORY GUIDE 5.81, REVISION 1

Issue Date: December 2019 Technical Lead: W esley Held and Stacy Prasad

TARGET SET IDENTIFICATION AND DEVELOPMENT FOR NUCLEAR POWER REACTORS (U)

A. INTRODUCTION (U)

Purpose (U)

(U) Thi s regulatory gu ide (RG) de scr ibe s approaches a nd methodologie s that the U.S. Nuc lear Regulatory Commi ssio n (N RC) consi d e rs acceptab le for meet ing t he requirements of Ti t le 10 of th e Code of Federal Regulations ( 10 CFR) Part 73, "Phys ical Protection of Plants and M a ter ials" (Ref. 1 ),

Section 73.55, " Requirement s for Phy s ica l Protection of Licensed Ac ti vities in Nuclear Power Reactor s Against R adio logical Sabotage." Th e guidan ce in t hi s RG id e nt ifies what the NRC staff co nside rs acce ptabl e for applicant or licensee ana lysis, development, documentation, and evalua tion of target se t e lements a nd target sets, in c lud!in g operator act ions that may be cred ited to prevent s ig ni ficant core damage ( e.g., non-locali ze d fue l melting and /or core des t ruct ion) or loss of spe nt fue l coolant and exposure of s pent fuel.

Applicability (U)

(U) Thi s RG provides g uidan ce for power reactor app licants and l icensees under 10 CFR Part 50,

" Dom estic Licensing of Produ ction and Uti lization Faci l it ies" ( R ef. 2), and under IO CFR Part 52, "Licenses, Certifications, and Approva ls for Nuclear Power Pl a nts" (Ref. 3). New reactor app licants s hould cons ide r thi s gu idance in preparing an application for a comb ined licen se u nder 10 CFR Part 52.

A pplic ab le Ru les a n d Regulations (U)

o (U) 10 CFR 73.55(a)(3): "The licensee is resp onsi ble for maintaining the onsitephysical protec ti on program in accordance with Comm i ss ion regulat ions through t he impl e mentation of sec urity plan s and wr itten sec urity imp lementing proc edure s."

o 10 CFR 73.55(b)(2): "To satisfy the genera l performa nce objective of paragraph (b)( l ) of this sectio n, the physical protec tion pro gram must prote ct against t he des ign basis threat of radiologica l sabo tage as stated in § 73. l."

NOTICE: The Staff Regulatory Guidance section (Section C of this regulato1y gu ide) and the appendices contain sensitive unclassified information identified as Official Use Only-Security-Related Information. Wh en Section C and the appendices arc

  • emoved from this re gu latory gu ide, the remainder of this document is DECONTROLLED. This RG is also available through the NRC's Agencywidc Documents Access and Management System (ADAMS) at http://www.nrc.gov/reading-r111/ada111s.html, under ADAMS Accession Number (No.) MLI 9253C754. Th e regulatory analysis may be found in ADAMS under Accession No. MLl5 352A2 I 5. The associated draft g uide DG-5047 may be found in ADAMS un der Accession No.MLl3 168A036, and he staff responses to the public comments on DG -5047 may be found under ADAMS Accession No. ML19253C788.

6FFICML t,;91) m,LY SEetHttT¥*fttlLA:TEB IN'16ltf'flA:Tl6N o (U) IO CF R 73.55(b )( 4): " T he licensee s h all an alyze an d identi fy site-spec ific condit ions, incl uding target sets, that may affect th e specific measu res needed to implement the requ irements of this sect ion and s ha ll account for these co ndition s in the des ign of the p hysica l protection progra m."

o (U) I O C F R 73.55(t)(J ): " T he l icensee sha ll docu m en t an d mainta in t he process used to develop and ide ntify target sets, to include the site-specific analyses and methodo logies u sed to d etermine and group the target se t equipment o r e lements."

o (U) 10 CFR 73.55(f)(2): " The licensee shall consider cyber attacks in the deve lopment a nd ident ificat i on of target se t s."

o (U) 10 CFR 73.55(f)(3): " Target set equipment or e lements that are not contai ne d within a protected or vital area m us t be identified an d doc umen ted co ns is tent w ith t he req uirements in§ 73.55(f)(l) and be accounted for in the l icensee ' s protective strategy."

o (U) 10 CF R 73.55(t)(4): "The licensee shall implemen t a process for t h e oversig htof target set equ ipment and systems to ensure that changes to the config urat ion of the ident ified equipment and sys tem s are considered in the licensee's protect iv e s tra tegy.

Wh e re appropriate, ch anges m us t be made to docu m e nted targe t sets."

o (U) 10 CFR 73.55(111): "As a minimum the licen see s ha ll review each clement of t he physica l protect ion program at least every 24 mon th s."

Re la te d G uidan ce (U)

  • (U) N UREG-0800, " Standard Review Plan for the Rev iew of Safety Analy s is Report s for Nucl ea r Pow e r Plant s (LWR Ed ition)" (Ref. 4), Section 13.6, " Physica l Secur ity," estab lishes criter ia th at th e NRC staff intends to use in evaluating whether an applicant or licensee meets NRC regu lat ions to construct and operate nuclear power p lants.
  • (U) R G 5.69, "G ui dance fo r the Applicatio n of t he Rad io logica l Sabo t age D esign-Basis Threat in the Design, Developm en t, and I mplement a tion of a Phy s ical Security Prot ection Prog ram that Meets 10 CFR 73.55 Require m en ts" (SG l) ( Ref. 5), prov ides an app roach th at the NR C co n s iders acceptable for applyi n g the radio logical sa botage design-basis threa t ( DBT) in t he design, developmen t, and impl emen tation of a physical sec urity system and associated prog ram s to sat isfy the general performance object ives and requi reme nts in 10 CF R 73.55.
  • (U) RG 5.7 1, "Cybe r Secu ri ty P rograms for N uc lear Facil ities," issue d Jan uary 2010 ( Ref. 6),

provi d es an ap p roach t h at th e NRC st aff cons iders acceptab le for comp ly in g w it h the Commission's regulations for the protectio n of di gital comp uters, commu ni cations systems, an d ne twork s from a cyber attack.

  • (U) RG 5.74, " Managi ng the Safety /Sec urity Interface" (Ref. 7), provides a met hod of compliance for managi ng the interfac e b etwee n safety and sec urity, as req uired by 10 CFR 73.58,

"Safety /Sec urity In t erface Requ ire m ents for Nuclear P ower Reactors."

RG 5.81, Rev.I, Page 2

6FFltAi:: 09£ 6NLY 9E!tJRl'f\\1 ltE!Ln-'fE!B INF'6~M'ft6N Purpos e of R egulator y Guides (U)

(U) The NRC iss ues RG s to desc r ibe to the pub! ic met ho ds that th e staff consi d e rs acceptab le for use in im plem enting specific parts of th e agency's reg ul atio ns, to explai n tech ni q ues tha t the staff uses in eva luat ing s pecific p rob lems or postu lated events, and to prov ide gu idance to applican ts. RG s are not s ubstitutes for regu la ti ons and com pli an ce with th e m i s not required. M eth od s and so lutions t hat differ from those set forth in RG s wi ll be d eemed acceptab le if t h ey provide a b asis for the find ings requir ed fo r th e iss uance or contin u ance of a perm it or li cense by the Commiss ion.

Paperwork Reduction Act (U )

(U) T his RG prov ides volu ntar y gu idance for impl em entin g th e ma ndatory info rmat io n co llect ions cove red by IO CFR Pa rt 73 t hat are subj ect to the Pap e rwork R eduction Act of I 995 (44 U.S.C. 3501 e t seq.). These informat ion collect ions were approved by the Office of Mana gem ent and Bu dget (0 MB ), approval numb er 3150-0002. Se nd comm ents rega rdin g th is in fonnation co llect io n to t he Info rm ation Services Branch (T 6-A I OM), U.S. Nuclear Reg ulato ry Com mi ss ion, Was hin gto n, DC 20555- 0001, or by e-mai l to ln foco llccts.Rcsourcc@nrc. gov, and to the 0MB rev iewer at: 0MB Office of Info rm ation and Regu latory Affairs (3150-0011, 3 150-0151, and 3 150-000 2), Attn: Des k Offi cer for the Nuclear Regu la tory Commission, 725 17th Street, NW, Washington, DC 205 0 3; e-mail:

oira s ubmi ss ion@o mb.eop.gov.

P ublic Protection Notification (U)

(U) The NRC may not conduct or s pon so r, an d a perso n is not requ ired to respond to, a collec ti on of in fo r mation unle ss the d ocumen t reques ting o r requiring the co llect ion di splay s a cu r rent ly va l id 0MB control number.

RG 5.81, Rev. I, Page 3

6FFltAi:: 09£ 6NLY 9E!tJRl'f\\1 ltE!Ln-'fE!B INF'6~M'fl6N Table of Co nte nts (U)

A. INTRO DU CTIO N (U)--------------------------------------------1

B. DISCUSSION (0)--------------------------------------------------------------------------------------s

C. STAFF REGULATORY GUIDANCE (U) ------------------------------------------------------7

1. Target Set Development Process Overview (U) --------------------------------- 7
2. Esta blish the Target Set Ana lysis Team (Step 1) (U) ----------------------9
3. De termin e Target Objectives (Ste p 2) (U)-- ------------- --------- -------------------------10
4. Identify Target Set E lements (Ste p 3) (U) ---------- ----*--------------10
5. Generate Target Sets (Step 4) (U)----------------------------------------------------------15
6. Screen for Ac hi evab le Ta r ge t Set E lements (Step 5) (U)--------*---------25
7. Target Set C h aracter izat ion (U) ------------ ------------------------*--------- -- 26

D. IMPL EMENTATION (U) --------------------------------------------------------------------------------29

GLOSSARY ( U)-------------------------------------------------------------------------------------------------------31

RE FE REN CES (0)--------------------------------------------------------------------------------------------------33

Appe ndi x A : Target Set In fo rm ation Workshe et (U) ------------------------------------------------------------------A-1

Append ix B: Si te/Uni t Target Set List (U) ----------------------------------------------------------------------------------8-1

Appendix C: Target Set Inform at ion-Exa mpl e 1 (U) ----------------------------------------------------------------C-1

Appendix D: Target Set Information - Exa mple 2 (U) ---------------------------------------------------------------0-1

Appendix E: Target Set l nformation - Examp le 3 (U) ----------------------------------------------------------------E-1

Appendi x F: Off site Equipm e nt Locat ions (U) ------------------------------ ----------------------------------------------F-1

Ap pe ndix G: Target Set Time Justifications (U) ------------------------------------------------------------------------G-1

App endi x H: Target Set T im e P ipin g, Wall Specifications, and F uel Pool Target Additional Data Spee i fi cat io ns (U) --------------------------------------------------------------------------------------------------------------------H-1

Ap pendi x I: Target Set Ana lysis Team Makeup (U) -------------------------------------------------------------------1-1

Appe ndix J: Target Set Worksheet Acro ny m Page (U) ---------------------------------------------------------------J-1

RG 5.81, Rev. I, Page 4

6FFltAi:: 09£ 6NLY 9E!tJRl'f\\1 ltE!Ln-'fE!B INF'6~M'ft6N B. DISCUSSION (U)

Rea son for Revision (U)

(U) Revision I ofRG 5.81 incorporates lessons learned from operating experience since the original publication of the guide. Specifically, t hi s revis ion clarifies iss ues th at have been ident ified through interactions with stakeholders and inspection activities. This revision also endorses, in part, Nuclear Energy Institute (NEI) 13-05, "Target Set Template [Site] Security Target Sets," Revision 0, dated March 27, 20 14, whi ch was previous ly deemed acceptable fo r use in a m emo dated May 6, 20 I 4 (ADAMS Accession No. ML14085A064) (Ref. 8), with the exception noted in Section C, Staff Regulatory Guidance.

Background (U)

(U) The staff issued Revision 0 of t hi s RG in 20 IO to provide init ia l guidance fo r the identification and develop me nt of target sets at operating nuclear power facilities.

(U) The regu latory requirements in 10 CFR 73.55 prov ide the performance basis and c riteria for physical protection programs a t NRC-li censed nuclear power reactor faci lities. These requirements are intended to outl ine the development, implementation, and maintenance of an effective phy sical protection program through performance-based cr iteri a that the licensee m ust achieve to provide high ass urance that ac tivities involving spec ia l nuclear mater ia l a re not inimica l to the commo n defense and secur ity an d do not constitute and unreasonable ri s k to the pu bli c health and safety. To provide high assurance, the physical protection program must protect against th e DBT of ra diological sabotage. The concept of high assuranc e of adequate protection fo und in security regulations is equivalent to reasonable assurance, as discussed in "StaffRequirements - SECY-16-0073-Options and Recommendations for the Force on Force inspection Program in Response to SRM-SECY-14-0088" (Ref. 9)

(U) To satisfy th e design requirements and maintain consistency with IO CF R 73.55(b ), each licensee shall design its physical protect ion program in a man n er that accounts for site-specific conditions a nd applies defense in depth to ens ure that th e phys ical protection program mai nta ins at all times the capabilities to detect, assess, interdict, and neutralize threats up to an including the DBT of radiological sabotage. To accomplish th is, each licensee should app ly a nd integrate s ite-specific physical security syste m s, components, and activ ities (i.e., engineered sys tem s, procedures, and people) to se rve specific functions within the physical protecti on program. Consistent with 10 CFR 73.55(b)(4), the licensee shall a nalyze and identify site-specific conditions, including target sets, that ma y affect the specific measures needed to implement the requirements of IO CFR 73.55 and shall account for these conditions in the design of the physical protection program. The identification of plant equipment, including non v ital or nonsafcty-related equ ipment, required to mainta in reactor core and spe nt fu el poo l in tegri ty is essential in protecting eq ui pme nt to prevent significant co re damage and spent fuel sa botage. Th e further grou ping and categorization of equipment into target sets is an integral component in the development of a ph ysical protection program and protective strategy.

(U) Consistent with 10 CFR 73.55(f)(l), the licensee shall document and maintain the process used to deve lop and identify ta rget sets, to include the site-spec ific anal yses an d methodologies used to determine a nd group the target set equipm ent or e leme nts.

(U) A target set is the minimum combination of equipment or operator actions (i.e., target set elements) that, if al l a re preven ted from performing the ir intended safety function or prevented from being accompl ished, wou ld likely result in significant core damage (e.g., non-incipient, non-loca lized fue l

RG 5.81, Rev.I, Pa ge 5

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N m e lting and/or core destru cti on) or a loss of spent fue l pool coo lant inve ntory a nd ex pos ure of spent fue l, barring extraordinary actions by plant operations. Rad iological sa botage with respect to spent fuel can be caused by a loss of spe nt fu e l poo l water in ventory and su bsequent exposure of spent fuel, t hereby creating the po tentia l for t he release of fission products. During the dev e lo pm e nt of ta rget sets, app licants or licensees sho uld ens ure that only the minimum n umber of target se t elemen ts are included in a target set.

(U) The id entification of complete and accurate target se ts is th e primary basis for the development of the site's protective strategy. The ident ifi catio n of target se ts sho uld co ns ider, among other factors, every poss ible loca ti on to di sable a target set e le m ent (i.e., a ll accessible locati ons of a piping or cable run), the target se t e lement 's accessibility, and the adversary's ability to identify the target set e lem ent. Th en applicants and li censees should use the screen ing process described below to id entify t hose target set eleme nt s that are with in t he cap ab il it ies of the DBT adversa ry to comp rom ise, dest roy, or render non-functional. Each target se t element, including nonvital or nonsafcty-rc la tcd equipment, m ust be protected.

Harmonization with International Sta nd ards ( U)

(U) The In ternationa l Atomic En ergy Agency (IAEA) has esta bl is hed a seri es of safety guides a nd sta nda rd s co nstituting a hi g h leve l of safety for protecting peop le an d the env i ronment. l AE A safety gu id es present international good practices that, while not required, increasingly reflect best practices to he lp users striving to achieve hjgh leve ls of safe ty. Pertinent to this RG, l AEA Nuclear Security Series No. 13, "Nuclear Security Recommendation s on Phy s ica l Protec ti o n of Nuclear Materia an d Nuc lea r Facilities (INFCIRC/225/Rev ision 5)" (Ref. 10), contains guida nc e on target set identification and protentional rad iolog ical conseq ue nce. Thi s RG, while des igned to provide guidance on NRC rules and regu lations, incorporates s imi lar guidel in es and is consiste nt with th e basic target set id en tification principles in IAEA Nuclear Security Series No. 13.

Documents Discussed in Staff Regulatory Guidance (U)

(U) T hi s RG endorses, in part, the use of a process desc ri bed in NEI 13-05, whi ch may contain re ferences to other codes, standards, or third-pa rty guidance docu ments ("secondary references"). If a second ary reference has itself been incorporated by reference into NRC regulations as a req uirement, then licensees and a pplicants mu st comply with that standard as se t fort h in the reg ulation. If the seco nd a ry reference has bee n endorsed in a n RG as a n acceptable approach fo r m eeting an NRC requiremen t, then the standard constitutes a method acceptable to the NRC staff for meet ing that reg ulatory requireme nt as de sc ribed in the spec ific RG. Tf the secondary reference has ne ither been incorporated by reference into NRC regulations nor endorsed in a RG, then the secondary reference is neither a l egally binding req uirement nor a "ge neric" NRC-approved acceptable app roach for meeting an NRC requirem ent.

However, li censees and applicants may co ns ider and use the in formatio n in the seco ndary refere nce, if appropriate ly justified, consistent with current regulatory practice, and co nsistent with applicable NRC req uirements.

RG 5.8 1, Rev.I, Page 6

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N C. STAFF REGULATORY GUIDANCE (U)

(U) Th e li ce n see is responsi ble fo r comp ly ing with a ll applicable NRC requirements and, in accorda nce wit h 10 CFR 73.55(b)(2), must imp lement a phys ica l protection program th at adequately protects agains t th e D BT of rad iologic al sa botage describe d in l O CFR 73. l, " Purp ose and Sco p e," with consideration given to t hose adv e rsa ry c h aracterist ics d ete rmin ed app licab le by the Co mmi ss ion.

Licensees s hould direct que sti ons about regu latory requiremen t s for phys ica l an d cybe r prot ecti o n to t he appropriate NRC Headqu arters or regiona l staff.

(U) Each applica nt o r I icensee is responsible for ana lyzing and iden t ify ing site-spec ific cond ition s that affect how NRC req uirements are imp leme nted and acco un ting for t hese s ite-spec ific cond itions in the desig n and imp leme ntat ion of the ons it e physica l protection progra m. Although de term in ed to be acceptable to the NRC, the ap p roaches an d examp les g ive n in th is RG are not intend ed to be all-inclus ive.

1. T arg e t Set D ev elopm e n t Proc ess Overview (U)

(U) The target set development an d oversig ht process accounts for a ll plant modes of operation a nd accounts for all p lan t configurat ion changes m ade to target set eleme nts. Site-s pec ifi c p rocesses and proced u res s hould be est ablished to assess a nd manage the safety/security inte rface interactio ns (e.g., maintenance oftarget set e lement equipment, mod e changes) so that neith er safety nor sec urity is compro mi sed. Each target set ele m en t s h ou ld be s u ffici e nt to prevent co re damage or sp e nt fue l sabotage if all other target set e lements in that spec ific target set were lost w ith or w ithout the di srupt ion of offsite power. Du ring th e process of iden tifying and develop ing the target sets, fire and fire prot ec tion syste m s a nd features s hould be considered.

(U) When identifying and deve lop ing target sets, th e licensee sho uld includ e those critica l syste m s and c r it ica l d ig ita l assets (CDAs) th at if co mpromi sed cou ld h ave a n adverse impac t on one o r more target set elements. The inclu sion of CD As as pa11 of target set development should be considered as th ese C DAs are ide nt ified.

(U) In accor dance with 10 CFR 73.55(f)(4), the licensee s hall imp lement a p rocess for the overs ight of t he target set equipm ent and sys tems to e n s ure th at cha n ges to the co nfi g uration of th e iden tifi ed equipm e nt and systems a re considered in the protect ive s t rategy. W he re appropriate, chan ges mu s t be made to document ed target sets.

(U) ln acco rdance w ith IO CF R 73.55(m), "Sec urity Pro gram Rev iews," as a min im um the licensee s hall review each ele ment of the physical protection p r ogram at lea st every 24 months. Reviews s hall be conducted -

(!) (U) within 12 months fo llowing initial implemen tation of the p h ysica l pro tec tion program or a change to perso nne l, proc edure s, equ ipme nt, or fac ilit ies t hat could adverse ly affect sec ur ity; (2) (U) as necessa r y based on s ite-spec ific ana lyses, assessme nts, or other perfo r mance indicator s; an d (3) (U) by indiv idua ls independent of those personnel respon s ible for program management a nd any in d ividual who ha s direct respons ib ilit y for implement ing the o ns it c physica l protect ion p rogram.

RG 5.81, Rev.I, P age 7

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N 1.1 (U) T his review e n s ures that any p r ogram, proce d ure, o r eq ui pme nt chan ges are eva luated to determine their potential impact on the target sets.

(U) The regu lat ion in 10 CFR 73.55(b )(4) states t hat "[t]he licensee sha ll analyze and ide ntify s ite-s pecific conditions, including target sets, tha t may affect the spec ific m eas ure s needed to imp leme n t the requirements of t hi s sectio n and s h all account fo r these condi ti ons in th e des ign of the phys ica l protection program."

1.2 (U) Thi s site-spec ific a na lys is is necessary to e nsure that t he design of t he phys ica l protectio n program accounts for correct and accurate target sets. Both the ana lysis and the outcome of the a na lys is sho u ld b e docu m ented.

(U) The reg ul atio n in IO CFR 73.55(b )(10) states that " [t ]h e licen see s hall use the site corrective act ion program to track, trend, correc t and prevent recurrence of failures and deficiencie s in the p hysical protect ion program."

1.3 (U) T a rget sets a re part of the phys ica l protectio n program ; the r efo r e, fai lures or deficiencies associated with the target sets o r th e t arge t set process are subjec t to the req u iremen t s in 10 CFR 73.55(6)(10).

(U) The regu la tio n in 10 C FR 73.55(f)( I) states that " [t]he li censee sha ll doc u ment and mai ntain the process used to deve lop and identify target sets, to include the s ite-spec ific analyses and m ethodologies us ed to dete r m ine a nd group the target set equ ipme n t or ele m ents."

1.4 (U) This documentation s hou ld inc lude, but is not l imit ed to, the follow ing:

  • (U) the process of target set element iden tification, includ ing the relatio n ship of v ita l equ ipm e nt to targ et set elem en ts, the considera t ion ofCDA s, how nonvital equipment and operato r actions are identifie d, and t he applica ti o n o fr isk-info rmed ins ights;
  • (U) the proce ss for consider ing t he effects of cyber attacks on each target set and each eleme n t of the tar get set;
  • (U) target se t analysis (TSA) t ea m compos iti on (i.e., team me m be rs, their appl icab le qualifica ti ons, and their roles);
  • (U) a lis t ofTSA input docume nts, suc h as s ite layout drawings and probabil istic risk assessment ( PRA ) a nalyses;
  • (U) m ethodo logies a nd p rocesses used to determine and group t he target se t equipment, including the basis for t he equipme nt com bi nations u sed in tbeTSA;
  • (U) the malev o le nt act that ini tiate s the eve nt for each target set; and
  • (U) the methodology and process for target set generation.

1.5 (U) T he follow ing st eps prov ide a n acceptab le met h odology for the ide ntifica t ion an d docum entation of target se ts.

  • (U) St ep I : Establ ish a qualified T arget Set An a lys is Tea m.

RG 5.81, Rev.I, Page 8

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N 6FFtCtiltL USE m,L'f 91£Ct11UT I - ftl9tnTl£B tP,F6ftr.MTl6N

  • ( U) S tep 2 : D e t ermine th e h ig h-leve l t a rget obj ec ti ves.
  • (U ) Ste p 3 : Identify th e t arget set ele ment s that need to b e di s mpt ed, d ama ged, o r othe rw ise m ade n onfunc tion a l by a n ad ve rsary fo r ce to achieve its o bj ec tives.
  • (U ) Ste p 4: G e n erate tar get set s that id e n ti fy tho se combination s of equ ipm ent, a r eas, or operato r ac ti o n s th at if d is rup ted, d a m aged, or o the rw ise m ade non f unc ti onal wo u ld resu lt in th e ad ve rsary achi ev in g its obj ecti ves.
  • (U) S tep 5: Id e nti fy a nd prov ide jus tifica ti on for the remova l of target set elem e nts from fu rth er cons idera ti on i f th ey a r e beyo nd th e ad ve rsary's ca pa bili ty to neu tr ali ze.

1.6 (U) T he st aff endorses NEI 13-05, in par t, for use by nuclear p ower r eac tor licensees and a p pli cant s in d eve lopin g ta r get sets. Sp ec ifi ca ll y, t he NRC find s tha t N E l 13-0 5 de fin es a p rocess and standard te mplat e for do c umenti ng target set s that addr ess es each of t h e fo ur e lem e nts in 10 CF R 73.55(f) and is aligned w ith the fi v e-s tep process for tar get set ident ifi cation desc r ibe d in th e T SA process s how n in t he fi g ure b elow:

(U) T he co nte nt o f th e figu r e is u nclassifie d

STEP I STE P 2 STEP3 STEP4 STEP 5

Target Set Targe t Target Target Target Establish Screen for Determine Identify Generate Achie\\'able Analysis Objectives Elements Sets Elem ents Team

(U) NE I 13-0 5 us es t he con cep t of " adversary in ter fere nce p rec lu d ed tim e," w hi c h r efl ects t he a nt ic ipate d tim e tha t a " credi ted operat or actio n" ca n b e co mpl eted b ecau se o f o ffsi te la w e nforceme n t response. Thi s co ncep t i s conti n gent o n the effect ive integration of offs ite law e nforce m e nt tactica l resp onse capab il iti es. T he NR C ha s not accepte d a m et hod for d ete rminin g or impl e m e n tin g adversary inte rfer e nce preclude d time. The s taff is not e nd ors in g th e u s e o f adve rsary inter fe rence p reclud ed time, as d escribe d in NE I 13-0 5, for targe t set id e n t ifica ti on.

2. Establishing the Target Set Analysis Team (Step 1) (U)

2.1 (U) Eac h tea m m e m ber s hou ld have tec hni cal exper ti se in t he a r ea(s) he o r s he w ill an a lyze. T h e T SA docum e ntation should d escrib e the team m emb e rs, the ir a ppli cab le q ual ificati ons, a nd t h eir r o les ( See App en dix I, "Ta r get Set An alys is Tea m M akeup " ). T he TSA tea m sh ould in c lude s ubj ect ma t te r exp e r ts in a v ari ety of areas, w hich m ay includ e, bu t ar e not limit ed to, the fo llow in g:

  • (U ) reac t o r e ng in ee rin g (e.g., co re a nd spe nt fu el po o l reactiv ity chara cte ri s tic s ),
  • (U ) plant s y ste ms and d es ig n (e.g., e lec tri cal, m ec hani ca l, a nd fir e protect io n),
  • (U) ope rat io ns (e.g., se ni o r reacto r o pe rator or equ ivalen tl y qu alifi ed in di v id ua ls),
  • (U ) sec urity ope rat io n s (e.g., know ledge o f adver sa ry chara c teri s tic s, tactic s, sy s tems, and p roce du res),

RG 5.8 1, Rev.I, P age 9

8FFtCtAi:: tf9E 8NLY 9ECtJRt'f\\1 ltEL?r:'fE8 INF8~1Aft8N

  • (U) training (e.g., operations and secur ity trainings), and
  • (U) cybersecurity.

2.2 (U) The information provided above on the composition of the T SA team identifie s s ubject matter experts in multiple disciplines and is not intended to restrict or prescribe the sp ec ific composition of t he T SA team to tho se experts id e ntified; how eve r, it m ay be be neficia l to retain target set members fami l iar with the identified target sets and tar get set proce ss ratherthan create a team of new members each time changes are eval uated. The subject matter exper ti se listed is provided for consideration only; the licensee s hould determine the spec ific compositio n of its TSA t eam.

3. Determining Target Objectives (Step 2) (U)

3.1 (U) Step 2 determines the high-level target objectives. Target sets should address high-level adversary target objectives associated with radiolo g ica I relea ses: sign ifi cant core damage and s pent fuel sabota ge. Whil e the goa l of the adversary is to achieve the se object ives, th e goa l ofa physica l protection system, at a minimum, is to ensure that at least one target set element of each target set remains ope ra ti onal to prevent the adversary from achi ev ing its objectives.

3.2 (U) Targ et se ts s hould address two hi gh-leve l adversary target object ives associated with rad iological releases: significant core damage and spent fuel sabotage. Eac h is desc rib ed below.

o (U) Significan t core damag e target sets include tho se with a minimum combinat io n of equ ipment or ope rator actions which, if a ll are prevented from performing the ir inten d ed function or prevented from be ing accomp lished, wou ld likely result in significant core damage (e.g., non-in c ipi e nt, no n-loca li zed fuel melting a nd/or co re d est ructio n), barring extraordinary actions by plant operations. Extraordinary actions are tho se that exceed the credible operator actions described in Section 5.5.

3.3 (U) Spent fue l sabotage target sets inc lude those with a combi nation of equipment or operator actions which, if prevented from perfonning th eir intended function or prevented from b eing acco mpli shed, would lik ely resu lt in a loss of spe nt fuel pool water inv entory and subsequent exposure of s pent fue l, thereby creating the potential for the release of fission product s..

3.4

4. Target Set Elements (Step 3) (U)

4.1 Id entifying Targ et Set Elements (U)

(U) T arget se t e lement identification sho uld be based on s ite-specific analysis of potential accident progression scenarios, major and s upport sys tem a li gn ment and configurat ion,

procedures, and passive support sys tems such as fire and flood protect ion.

(U) Site-specific PRA provide s a sta rting point for the identification of target set elements and combinations. PRA models various plant responses to events that cha llenge plant operation and may resu lt in core damage.

RG 5.81, Rev.I, Page 10

8FFtCtAi:: 09£ 8NLY 9E!CtJRl'f\\1 ltE!Ln-'fE!B INF8~M'ft8N (U) In addit ion to safety-related an d vital eq ui pme nt typica ll y id en tifi ed in PRA m odeEs, ta rget sets may contain nonvital equipment and operator actions. Operator ac tions should be incorporated as part of th e assump tions for these e le m ents to be in c luded as target set e lements.

Operator action s are t ho se t hat mu st be p erform ed in resp onse to an ad ve rs ary attack to preven t significant core damage. These ac ti ons s hould meet the acceptance criteria fo r credi ble operator ac tion s d esc rib ed in Section 5.5.

4.2 Target Sets External to the Protected Area (U)

(bX7)(F)

4.3 Applicable Plant Modes (U)

(U) A s stated in 10 CFR 73.5 5(t)( 4 ), t he licen see s hall en sure t hat cha n ges to the confi gu ration of the ide nti fied equi pm ent an d sy s tem s are co ns idered in th e lice nsee's protect ive s tra tegy.

Licensees s hou ld eva luate th e imp act that t he un ique aspects of eac h app li cab le reactor mode of operatio n and configuratio n have on target sets s o that the protective stra tegy can acco un t for any differenc es. T he targe t set li st s ho uld incl ude the ap plicab le s ite-s pecific p lan t oper at in g mod e o r operating cond iti on.

(U) Th e fol low ing a re typi ca l reacto r mod es o r o pe ratin g condi ti ons:

(U) F or a Boiling-Water Reactor: (U) For a Pressurized-Water Reactor:

(U) Mode I - P ower Ope ration (U) Mode I - P owe r Operation (U) Mo de 2-Startup (U) Mode 2-Startup (U) Mode 3-Hot Shutdown (U ) Mode 3-Ho t Stand by (U) Mode 4-Co ld Sh utdown (U) Mode 4-Hot S hutdown (U) Mode 5-Refue ling (U) Mo de 5-Cold Shu td own (U) Mode 6-Refuel in g

4.4 Additional Target Set E lement Information (U)

(U) T arget set e lement id e ntification s ho uld conside r th e typ es of eq uipm ent descr ib ed in the following sect ion s. Single -e leme nt target sets are t arge t se ts whe re all of t he adve rsary action s can be comp le ted in one loca ti o n.

  • Offsit e Consequences (U)

(U) Equi pm e nt that functions to prevent offsite re lease ( e.g., conta inme nt is o lati on fa ilure, byp ass, or overpressur iza tion fai lure), but has no role i n t he preve ntion of core damag e, s ho uld not be inc luded as ta rget set e l em e nts wit hi n a give n target set.

  • Critical Digital Assets-Cybersecurity (U)

(U) Co ns is tent with the requirements of IO CFR 73.55(t)(2), cy b er attacks s h al l be considered in th e d eve lopment a nd ide n ti fication of target sets. The lic ensee's

RG 5.81, Rev.I, Page 11

8FFtCtAi:: 09£ 8NLY 9E!CtJRl'f\\1 ltE!Ln-'fE!B IPifF8~M'ft8N cybersecurity pro gram shou ld id entify C D A s whose compr omise cou ld preve n t the function of one or more targe t se t e lem ents, including CDAs that s upp ort a target set eleme nt or multip le target set e lements. Th e inclu sio n ofC DAs in target set developme nt s hould be considered as th ese CDAs are identified. T his may includ e C DAs that are not part of an existing targe t set and targe t se ts that co uld be complete ly com p osed of CD As.

[ DJOJ

(U) RG 5.71 an d NE I-08-09, Rev isio n 6, "Cy b er Secur ity Plan for N ucle ar Pow e r React ors," iss u ed Apri l 2010 (ADAMS Acc ess io n No. MLI0 l 180437), furth er di scuss the iden tification of a C DA.

  • Loca ti o n-B ase d T a r ge t Set E le m e nt s (U)
  • Eq ui p m e n t a n d O p erator Act io n s-Ri sk-In fo r m ed Ins ig h ts (U)

(U) PRA can pro v ide risk ins ight s to be considered during th e d eve lopm ent of the l ist of ta rget se t e le ment s. Lice nsees m ay co ns id e r us ing ex is t ing PRA e lem en ts id e nti fied be low.

(bX7)(F)

(U) Ri s k-info rming target sets does not refe r to the use of dominant PRA cu t-sets or PRA imp orta n ce rankings that can b e d er ived from t he PRA res ults. Domina nt cut-se ts an d imp orta nce rankings are based on t he underlying equ ipm e nt re l iability and ava ilab ility, wh ich re presen t the ex pecte d p erform ance of the equ ipm en t for non secur ity -re lated eve nts to p reve nt core damag e. Th e b asic re lialb i lity and ava ila b ility of equipme nt are not re late d to t he vulnerabi lity of th e eq ui pm ent to adversary action.

RG 5.81, Rev.I, Page 12

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N

  • Probabilistic Risk Assess ment E lements (U) r

0 (bX7)(F)

0

0

0

0

0

RG 5.8 1, R ev. I, P age 13

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N (bX7XF)

4.5 De t e rmining th e Function s That Pr e v ent S ig nific a nt C or e Dama ge ( U )

(U) To identify the potent ia l target set e lements, the licensee shou ld identify the init iating eve nt that starts the sequence of events that p otent ia ll y lead s to the adversary achieving its objec ti ve of s ignificant core damage or sp ent fu e l sabotage. The lice nsee s hou ld also identify the equ ipmen t an d operato r actio ns that cou ld be used to prevent achieveme nt of the objective.

4.6 Ini t ia tin g E v e n ts (U)

(bX7XF)

(U) Each in it iating event includes equipment - induced or human -induced events that have s imilar requ irem e nts to p revent core damage. Therefor e, in itiating eve nts may be di rect ly related to lost or degraded equ ipm e nt, operator act ions, or bot h. For exa mp le, regardless of whethe r a loss of ma in feedwater occurs because of a mec hanical flow contro l prob lem or because of an operator error, eac h event results in a s im ilar p lant re spon se and therefor e could be grouped into a sing le ini tiating eve nt. Both sys temic and s patial initiating events should be cons idered. Once the app licab le initiating events are identified, the appropr iate equipment and operator actions that will prevent significant core damage can b e determ in ed.

RG 5.81, Rev.I, Page 14

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N

4. 7 F un ctio n s to Pr eve nt S ig nificant Core Damage (U)

(bX7)(F)

(bX7)(F)

(U) For each ident ifi ed target set e lemen t, t he assoc ia ted equipmen t a nd its location s s h ou ld be identified. Thi s inc ludes the primary function s, s uc h as those identified above, a nd s upport syste m function s (e.g., e lectrica l buses, eme rgency diesel ge nerators) that are n ecessa ry for the primary syste m s to pe rform. The Level I PRA typ ica lly identifie s these intersystem dependencies.

Insig hts gai ned from the success c r iteria analys is develop ed for the PRA can be used in the determination of the minimum set of eq uipm ent required for the s uccess of each safety funct ion.

Wh e n identify ing targe t set e lements a n d associated equipm ent, the locatio n(s) of t he target set eleme nts and associated equi pm ent s hou ld be included in the process. The identi ficat ion of t he equipment location s hould include the building, elevat i on, and room, along with oth er detailed information pe rtainin g to the eq ui pm ent, suc h as coord inates that ide ntify the loca tion wi t hin an a rea or marking s or descriptions detailed enoug h for a responder with very limited s ite knowledge to find the equi pm ent, a ssess its cond it ion, and provide it pro tect ion. Diagrams can help make thi s ta s k less b urd ensome.

5. Generate Ta r ge t Sets (Step 4) (U)

(U) To ob tain the target sets, th e target set element s id e nt ified in Step 3 are evalua ted t o id en tify combinations that, if di sru pted, damaged, o r otherwise made no nfunct ioning by a n adve rsa ry force, would res ul t in th e adversary achieving the identified objective s (i.e., s ignificant core damag e or s pe nt fuel sa botag e).

(U) Risk-informed insights from the PRA may be used to develop combinations of targ e t set eleme nts that, when n e utrali zed, lea d to s igni fi cant co re damage. PRA ca n be used to iden ti fy the minimum number of co m binatio ns of equipment requi red to operate. PRA can also be used to identify the minimum levels of performance per componen t during a specific period of t im e, or conditions under wh ic h an o perator ac t ion is necessa ry, to e nsu re t hat the intende d functions a re satisfied.

RG 5.81, R ev. I, Page 15

8FFtCtAi:: 09£ 8NLY 9E!CtJRl'f\\1 ltE!Ln-'fE!B INF8~M'ft8N (U) T arget sets may b e gen erat ed by combi ning ta rget set eleme nts t hrough the use of fa ult trees,

even t tree analysis, and/or com bining them manually. A key el emen t of the TSA is identificat ion of t he p la nt area s associate d with target se t equ ipme nt o r required opera tor actio n s. Consistent wit h 10 CF R 73.55(t)(3), ta rget se t elem e nts or target sets t h at are n ot conta ined within a protec ted or vita l area mu s t be identifi ed and documented, con s is tent w ith the requ iremen ts of 10 CF R 73.55(t)(l), and must be accou n ted for in th e lice nsee's p r o tect ivestrategy.

5.1 Target Set Deve lopment Ass u mptions (U)

( U) Target sets s hould be d eve loped u s ing the fo ll owi n g assumpt ions :

  • (U) Action s would be implement ed in accor d ance with ex is ting lice nsee proc ed ura l direction ;
  • r XIXFJ

r X7XF)

1*X1XFJ

CbX7XF)

RG 5.81, Rev.I, Page 16

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N 5.2.1 (bX7XF)

5.2.2 (bX7XF)

5.3 Consideration of Flooding Impacts (U)

5.3.1 (U) Adversary action ca n re sult in th e breach of pipes an d tanks that have a direct impact on the associated system's function or other target set elements and secondary impacts as a result of inte rnal flooding. Th e i mpact of flooding should be co ns ide red based on ex isting site a naly ses and informat ion. The flooding concern is not on ly for the equipment at the location of th e attack but a lso for the impac t of flooding on equipment in adjacent and lower leve ls, considering the pote ntial fo r th e fl ood to sp read beyond the loca tion o f the pipe or tank breach. Th e a reas fo r consideration include the followin g :

RG 5.81, Rev.I, Page 17

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N

  • (U) floo d sou rces in the immed iate vicin ity of tar get set elemen t s,
  • (U) flood sources outside the vic inity of targe t se t elements with the potent ial for unrestricted flow to the vici nity of the target set elem en t s ( e.g., breac hin g of watertig ht barriers), and
  • (U) targe t set e le m ents wit hi n t he flood so urce compartment.

5.3.2 (U) W h ere exist ing analysis indicat es that t he breac hing of watertight barriers cou ld impact targ e t set elements, those barriers should be considered as alternative or additiona l target set e lements or as a location( s) to m ak e an e lem ent(s) nonfunctional.

5.3.3 (U) I f operator actions from the contro l room meet the credible operator action c r iter ia as descri bed in Section 5.5 of th is RG and would prevent the flood ing, th en floodi ng from pumped sources (suc h as from a lake) cou ld be scree ned out of furt h er consideration for incl usion as a targe t set element. The l icensee shall document a n d ma in tain the process used to make this dete rmination as described in IO CFR 73.55(f).

5.4 Pl a nt C onfiguration C h a n ges du e to Main te nan ce a nd M od e C h a ng es ( U)

5.4.1 (U) Cons istent w ith IO CFR 73.55(t)(4), licensees s hall consider changes in plant configurat ion in their protective strategy. These configuration changes may be pennanent (which may require c hanges to docum e nted target sets) or tempo rary (wh ich may require notification to the sec urity organization). Temporary configuration changes typ ically woul d not be required in t he followin g examples:

  • (U) q uickly tra ns iting throug h modes,
  • (U) rap id ly changing plant condit ions,a nd
  • (U) present conditio ns not expected to c h ange a s t he assess ment is being mad e.

5.4.2 (U) Licensee s should monitor temporary changes and a m e nd the s tatus when they expect that these changes wi ll no longer be temporary. In either case, licen sees s hould consider the impact of configuration c h anges on their target sets and/or protec t ive strategy as adjustments may be necessary. Licens ees shou ld also consider the effects of mode changes. Consisten t with IO CFR 73.58, the NRC requ ire s tha t licensees assess a nd manage potentia l con fl icts between security act iv it ies and oth er plant act ivit ies that could adversely affectplan t security or plant safe ty, before imp lementing changes to p la nt configuration s fac ility condit ions or security.

Licensees mus t assess and manage these in teract ions (e.g., ma intenance of target set element equipment, mode changes) so that neither safety nor security is compromised. RG 5.74 conta ins information on manag ing safe ty and secu rity interactions.

5.5 C onsid eration o f C r edible Op er a tor Action s (U)

(U) Fo r target set deve lopment, operator act ions are catego ri zed as preve ntive, since they are credited target se t actions performed in respon se to an adversary attack to p revent s ignificant core damage or spent fuel sa bota ge. These types of actions are de sc r ibed be low. The crite ria for c redi t ing operator act ions for I O CF R 73.55(t), "Target Sets," can be found in th e statemen t of considerations of the " Power Reactor Sec urity Requireme nts" Final R ule (74 FR 13926, 13960; Marc h 27, 2009) (R ef. 1 1 ). T he fo llow ing six criteria should be satis fied to cre di t operator acti ons:

RG 5.81, Rev.I, Page 18

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N

  • (U) Sufficient time is ava il able to imp lem ent actions (Time),
  • (U) Envi ron me nta l cond it ions a llow access (E nviro nme nt),
  • (U) Adversary interference is precluded (Adversary Interference),
  • (U) Equipment is available and ready for use (Equipment),
  • (U) Approved procedures ex ist ( Procedures), and
  • (U) Training is conducted on the existing procedures under conditions similar to the scenar ios assumed (Tra ining).

(U) The intent is not to preclude operator actions outside the control room, but to give reasonable assurance that the operator is avai lab le at the appropriate locatio n and capable of perform in g the necessary act ion without t he possibility of neut ral ization dur ing travel.

5.5.1 Tim e ( U )

(U) Operators sho uld have s ufficient tim e to implement r equired actions in time to p revent core damage o r spent fuel sabotage. In addition, operator actions should account for system re covery time and should be comp leted prior to onset of core damage or spent fuel sabotage.

(U) The following examp les show acceptable achievements of this criterion, but are not an exhaustive list:

  • f(bX7)(F)

(U) T he following examp les show unacceptable applications of t hi s criterion, bu t are not an exhausti ve li st:

  • CbX7)(F)

5.5.2 E n v ironm e nt (U)

(U) T he e nvironmental condi tions ex pected dur ing th e eve nt should a llow pe rso nn el access, as

RG 5.81, Rev.I, Page 19

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N necessary, to a llow operator actions to be completed successfu ll y. A l icen see may credit onl y those operator actions that do not requi r e operators to enter a reas that would s ubje ct them to extreme env ironmental conditions. Such cond itions include ext reme e n v ironment s (e.g., hig h radiation, high heat, breathing ha zard) or co nd itions created by the adver sa ries ( e.g., steam leaks,

flooding, fire, e lectrical hazards).

(U) Th e follow in g example shows acceptable achievement of t hi s criterion, but is not an exhaust ive list:

(U) Th e following examp les s how unacceptable applications of t h is c rite rion, bu t are not an exhaust ive list:

(bX7)(F)

5.5.3 Adversary lnt erfer ence (CJ)

(bX7XF)

RG 5.81, Rev.I, Page 20

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N (bX7)(F)

(U) Th e follow in g examples show acceptable applications of the adver sa ry interference criterion, but are not an exha ustive list:

  • '.l>X7)(F)

(U) The following examp les s how unacceptable applications of this criter ion, but are not an exha usti ve l ist:

  • (bX7)(F)

5.5.4 Equipment (U)

(U) All equ ipment required for operator actions s hould be avai lab le, ded ica ted, staged, maintained in accordance with standard practices and/or vendor requirements, and shou ld be continuously ready for use with periodic verification that th e equipm ent remains in a rea dy state.

Equipment should also be located in the vicinity of t he operator action or on the operator's route and accounted for in the determination of the operator timeline. Credit should not be given for equ ipmen t outside of th e protected area. ln addition, equi pm ent to overco me darkness should be considered.

(U) T he following examp les show acceptable achievement of this cr ite rion, but are not an exhaustive l ist:

  • 1>X7)(F)

RG 5.81, Rev.I, Page 21

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N (U) Th e follow ing examp les show unac ce ptable applications of t hi s crite ri on b u t are not an exha ust ive l ist:

  • Kt,X7)(F)

5.5.5 Procedures (U)

(U) Approved proced ures s hould exis t, and operators should use approved proce dures that are s pec ific to the task being pe rformed. Credit sho uld not be give n for hypothesizi ng that the operations staff can adequately diagnose the precise eq uipment disabled a nd/or locations o f the adversary inside the facility. P rocedu res sho uld be de v eloped for the spec ific task with clear, s tep by-step instructions in the detail necessary for a trai ned person to perform the funct ion or tas k in the context of an adve r sary attack. The opera t or s hou ld possess the capab i lity to communicate with the contro l room or hav e some abi l ity to understa n d when to take req ui red action s.

Instruct ions s hould include spec ifi c e ntry conditions or equi va le nt g uidanc e (e.g., norma l operating, alarm response, abnorma l or off-normal, emergency operating, or possib ly referenced su rveill ance proc edur es). Severe accident m anagement guidelines (SAMGs), extensive damage miti gati ng gu id el ines (EDMGs), and Diver se and Flexible Miti ga tion Capabi li ty (FLEX) s upport guidelines (FSGs) are not considere d actions to preven t significa n t core damage and, the r efore, shou ld no t be credited. SAM Gs, EDMG s, and FSGs provide gu idance for poss ible actions that may h elp the si t e miti gate sign ifi cant events with core dam age. T he e ng ineering su pportin g SAM Gs, EDMGs, and FSGs that prevent core d amage may not be ava ilable ( i.e., do not meet one or more of t he criteria for c red ible ope rator actio ns). Non ethe less, SAMGs, EDMGs, an d FSGs ca n be included in Sect ion 11, "Additiona l Cons iderations," o f t he T arget Set I nfo rm ation Workshee t (see Appendix A). T h e standalone ind ividual procedures w ith entering conditions outside of SAMGs, EDMGs, o r FSG s may be c redi ted as the a pprov ed proced ures c riterion for c redible operato r action.

(U) T he follow ing examp les show acceptable ac hi eve m e nts of this c r iter ion, but are no t an exhaust ive l ist:

  • CbX7)(F)

RG 5.81, Rev.I, Page 22

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N

  • r...._x_1XF_ ) ______________________ __,

(U) The fo ll ow ing ex.amples s h ow unacceptable applicatio ns of t hi s crite r ion, b ut are not an exhaustive l ist:

  • CbX7)(F)

5.5.6 Train in g (U)

(U) Thr oug h tra ini ng, o perators s ho uld beco m e practiced and ab le to co mpl ete required actions.

Thi s tra ini ng sho uld provide the operators t he ab ility to com plete req uired act ions during an ad ve rs ary attac k. Th e tra inin g shou ld include prep la nn ed route s of travel, sec ur ity /operatio n s interface, communi cation, and methods to d etermine that t h e operator action is warra nted. A ll operators expected to pe rform thi s funct ion should be tra ined and rece ive refresher traLning as approp riate. Operator refres her t ra inin g for target sets sho uld b e frequ ent enoug h to m a inta in profic iency in the opera tor act ions for the approved procedures consistent with the licensee's operator train ing program s. Basing the r efresher tra ining on the sys tematic app roach to tra ining process wou ld not nec essari ly be excluded u nder t hese co ndition s.

(U) Th e fo ll ow in g examp les show accepta b le ac hieveme n ts of th iscritcr io n, but are not an exha ust ive l ist:

  • CbX7)(F)

(U) Th e following examp les show unacce ptable appl ications of thi s crite ri on, bu t are not an ex hau st iv e l ist:

  • :-0)(7)(F)

RG 5.81, Rev.I, Page 23

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N

5.6 Credit for Fire Protection Features (U)

CbX7)(F)

CbX7)(F)

5.7 Targe ts Not Contai n ed within a Protected or Vital Area (U)

(U) Consistent with 10 CFR 73.55(t)(3), ta rget set eq uipm en t or e lements that are not contained with in a protected or v i tal area mus t be identified and documented consistent with th e r equir e m e n ts in 10 C FR 73.55(t)(l) and acco unted for in the licensee's pro tec ti ve st rategy. Those target set elements tha t cannot be prot ect ed, such as electrical tra nsmi ss ion lines that support offs ite pow e r, s hould b e consid e red to be di sabled, lost, or mad e nonfunctioning at any tim e.

How eve r, unprot ecte d e quipm e nt may be assum ed to operate w he n thi s wou ld inte ns ify th e effec ts of an attac k. For exam ple, if t he loss of offsit e power is time d to occur after direct curren t syste m s are d estroyed, fiel d fla s h and control of e m erge n cy di ese l gene r ators m a y no t func ti on.

(U) To take credit for operator act ions for ta r gets that are not within a prot ected or vita l area, th e six c ri teria listed in Sect ion 5.5 of th is RG, ind e p e nd en t of the ir location, s hould be sat isfie d.

5.8 Random Failures of E quipment (U)

(U) R a ndom failures should not be assu m ed t o occu r s imult aneously with a n act of radio logica l sabotage because random fail ures typically occur at such a low freque nc y that thei r sim ulta neous occu rrence w ith a sa botage eve nt is unlik e ly.

RG 5.81, R ev. I, P age 2 4

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N 5.9 Alt e rnativ e Approaches (U)

(U) A primary objective of the phys ica l protection program and protect ive s tra tegy is to demonstrate the ability to protect tar get sets. Whi le the assumed goa l of the adversaiy is to disable a complete target set, the goal of t he physical protection program and protective strategy is to e nsure that at leas t one eleme nt of eac h target set r emains in order to prevent t he adversary from ach ieving its objective. This goal can be achieved by prot ect in g each target se t or by protect in g a set of equ ipm e nt derived from the target sets tha t includes o ne e lement from each target set.

5.10 Safe - S hutdown E quipm ent (U)

(U) The approach of identifying a path to safe shutdown and the associated loca tion of all support ing equ ipm ent or operator act ions may not result in a comprehe n s ive list of ta rget set elements. These paths ma y not represent t he minimum set of locations that require protection due to variab les such as redundant safety features and the varyi ng locations from whic h these safety featu res can be controlled (e.g., differ ing capabi li ties of con trol room panels and auxiliary s hutdown panels). Licensees shoul d consider these va riable s in the ide ntificat ion of tar get set elements.

6. Screen for Achievable Target Set E lements (Step 5) (U)

(U) Ach ieva bl e ta rget set eleme nts are those t ha t are within the capa biliti es of a DBT ad ve rsary to compromise, d estroy, o r rend er nonfu nc ti ona l, independent of response strategy. Achievab le target set elements are determined by the capabi li t ies of the DBT adver s ary. The definition and development of target sets do not cons ider the success of the securi ty organization.

(U) The abi li ty to neutralize ta rget set elements can be eva luated during the identification of in iti ating eve nts. The adva ntage of performi n g a n eval uation at each stage of the process is that such eva lua ti ons may help el iminate functions (and therefore equipment) from t he li st of target set e lements and reduce the leve l of effort needed to identify equ ipme nt and cab le locations.

CbX7XF)

(bX7XF)

RG 5.81, Rev.I, Page 25

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N

7. Target Set Characte r izat io n (U)

(U) U nd e rstanding th e adve rsary perspect ive rega rd ing targ e t set s can be b enefic ial to t h e effect iv e imp le m entation of the s ite protective strategy and the preve ntion of significant co r e damag e and s pe n t f ue l sabo tage. After th e development of target sets, li ce nsees s hould con s ider eva luatin g t he ir ta rget sets using t he information in thi s section to b e tte r und e rsta nd how an adv e rsary may view and select a target set as t h e object iv e o f an attack.

(b)(7)(F)

(U) Character iz ing target se t s r equir es th e con s iderat ion a nd eva luatio n of a w id e va ri ety of informat ion, muc h of w hich is site s pecific.

(U) T h e li st prov id ed below is not exhaust ive but prov ides examp les of informat ion that s hould be consid e red whe n charact e rizing target sets for d esirab i lit y:

  • (U) con s id e r a tion of the m a levol ent act t hat in itia tes t he eve n t(s) (e.g., adve rsar y resources, task ti m e to neutra l ize target set eleme n ts );
  • (U) the anticipated outcom e and th e basis for that o utcome in terms of why s ignifica nt co re da ma ge o r s pent fuel sabotage w ill occur r es ultin g from co mpr o mi se of th e ta r get set;
  • (U) the estim a ted time to s igni fi can t core d amage or s pent fue l sabotage for t he targe t set, assuming th a t all element s of th e ta r get set hav e bee n mad e nonfunct ional (a key input in determining desirability) ; and
  • (U) a d eter m ination of predicted radiological rel ease and w hethe r it wi ll exceed th e limi ts of IO CFR Part I 00, " Reactor S ite C ri teri a" (Ref. 12), fo r eac h tar get se t (includ in g offsite conseque nces).

RG 5.81, R ev. I, P age 26

OFFtCtAi:: 09£ ONLY 9E!CtJRt'f\\ 1 ltE!Ln-'fE!B tNFO~M'ftON (bX7)(F)

(U) If the licensee wants to include the characteriza ti on of desirable target sets in the Target Set In fo rm at ion Workshee t (see Appendix A), this information ca n be captured in Sections 8, 11, or

14. The li censee s hould not exclude a location based on its being less des irabl e. Instead, the information on desirability should be used to in for m the phy s ica l protection strategy.

(U) In determining the desirability of target sets to adve rsaries, licensees mu st consid er the susceptibi lity of target set equipment containing CDAs to cy ber attack. RG 5.7 1, "Cyber Security Program s fo r Nuclear Facilities," con ta ins informat ion on CDAs.

(bX7XF)

(bX7XF)

(bX7XF)

(bX7XF)

RG 5.81, Rev.I, Page 27

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N Of'f' t t! l iltt UStl ONLY S tWU ftt 'f 15 - ft tltilt 'f tl B INfilORMiltFflOPii

CbX7)(F)

RG 5.81, Rev.l, Page 28

Ofilf.1Mi:: USE ONLY SEUftt'f¥ RELA'fl38 INfilOR'l'ttJlr'flOPt Ofilfiltet)LlcL UStl OUL f st:eUIUf 15 -ftl!'.LNt'tlB tNfilOftf'tl)LlcEffOP,

D. IM P LEMEN T ATI O N (U)

(U) The RC staff may use this regulatory guide as a reference in its regulatory proce sses, such as licensing, inspection, or enforcement. However, the RC staff does not intend to use the guidance in this regulatory guide to support NRC staff actions in a manner that would constitute backfitting as that term is defined in 10 CFR 50.109, "Backfitting," and as de scribed in NRC Management Directive 8.4,

" Management of Backfitting, Forward Fitting, Issue Finality, and Information Requests" (Rev. 13), nor does the NRC staff intend to use the guidance to affect the issue finality of an approval under l 0 CFR Part 52, "Licenses, Certifications, and Approvals for uclear Power Plants." The staff also does not intend to use the guidance to support NRC staff actions in a manner that constitutes fo1ward fitting as that term is defined and described in Management Directive 8.4. If a licensee believes that the RC is usin g this regulatory guide in a manner inconsistent with the discussion in this Implementation secti on, then the licensee may file a backfitting or forward fitting appeal with the NRC in accordance with the process in Management Directiv e 8.4.

RG 5.81, Re v.I, Page 29

Ofilf.1Mi:: USE ONLY SEUftt'f¥ RELA'fl38 INfilOR'l'ttJlr'flOPt GLOSSARY

(U) achievabl e tar get Target set e lement that is within t he capabi li ties inc luded in t he design-basi s threat set el e ment (DBT).

(U) c ri t ica l di git a l asset A s ubcompon e nt of a cr iti ca l s y ste m t hat co nsists of or co n tains a dig ita l devic e,

( C DA ) computer, or co m municat ion sys tem or network.

(U ) critic a l s yst e m ( CS ) An a n a log or digita l technology -based system ins ide or outside of the plant that pe rfor ms or is assoc iated wi th a safety-re lated, important to safety, sec ur ity, o r e mergency p reparedness fu nctio n. These CSs include, but are not limited to, plant systems, eq ui pment, commun ication systems, networks, offsite commu nica tions, or s uppo 1t syste ms o r eq ui pment, that perfo rm or are assoc iated wit h a safety related, importa nt to safety, sec u rity, or eme rgency p repared ne ss functio n.

(U) cy b er att a ck The manife st atio n of eithe r ph ysical or logica l (i.e., electronic or di g it al) th reats against computers, comm u nication syst ems, or networks th at may (I) origina te from e ither inside or outs ide the lice nsee's faci l ity, (2) have in t ernal and external comp o nents, (3) involve phys ical or logica l threats, (4) be d irected o r n on-d irected in natur e, (5) b e cond ucted by threat age nts h av ing e ithe r malicious or non ma licious inte nt, and (6) have t he pote ntia l to re su lt in di rect or indirect adverse effe cts or conseque nces to crit ical dig ita l assets or crit ical syste ms. Thi s incl udes attempts to ga in unaut horize d access to a critical di g ital asse t's and/or cr it ica l system's serv ices, resources, or information and attempts to cause an ad ve rse impact to a safety, important - to -safety, security, or emergency-prepared n ess fu nct ion. Furth er back g ro und on cyber attacks which are up a nd inclu din g th e SBT, can be fo u nd in Sections l.l (c), 1.2, an d 1.5 of R G 5.69, " Guid ance for t he Applicatio n of Radiological S abotage Des ig n-Bas is Threat in t he Desig n, Dev el o pm e nt and I m plementat io n of a Phy s ica l Secu r ity Program th a t M eet s 10 CFR 73.55 Req uirements. " Cyber attacks may occur ind ivid ually or i n any co mbinatio n.

(U) d esirabl e t ar get se t s Ta rget se ts that would be iden tified by an adversary as requiring the leas t reso urces to neutra li ze.

(U) id e ntifi a bl e There is adequate inform ation or a mea ns to provid e th is in formatio n on th e (pertainin g to cables) location a nd fu nction of t he cable targ et set e leme nt (e.g., labels, observat ion tlu*oug h wa lkdown, exist ing analysis, sit e docu m entatio n), and an ad ve rsary can visually recognize the cable target set.

( U) L ev e ll An a n a lys is that esti m ates t he freque ncy of accidents that cause damage to the probabilistic risk nuclea r reacto r core. This is co m mo nl y c all ed "co re damage freque ncy."

assess m e nt

(U) op e r a to r a c ti o n An act io n take n in respo nse to a n adv e rsary attack to preve nt signi fica nt core d a mage. Oper ator act io ns shou ld m eet t he credible operator actions acceptance criteri a to be consi d ered target set elements.

( U) radiological Any d e li berat e act directed aga inst a p lan t or transpo rt i n which an sa bot a ge ac tivity lice nsed purs uant to IO CF R Part 73 of NRC's regul at ions is co nd ucted, or

RG 5.81, Rev. I Pag e 33

8FFtCtAi:: 09£ 8NLY 9E!CtJRl'f\\1 ltE!Ln-'fE!B INF8~M'ft8N against a compone nt of suc h a pla nt o r transport w h ich cou ld d irectly or ind i rect ly enda nge r the pu b lic hea lt h and safety by exposure to rad iat io n. (10 CFR 73.2 and http ://www.nrc.gov /reading-rm /b as ic-ref/glossary /radio logical - sabotage.h tml )

(U) safety -r e lat ed T h ose s tr u ctures, sys tem s, and compo nent s that a r e relied on to r emain fu nct ional stru c tu res, sys t e m s, durin g and follow ing desig n-ba s is events to assure:

and components (U) the integrity of the reactor coolant pressure boundary; or (U) th e capability to shut down th e reactor a nd main ta in it in a safe shutdown cond it ion; o r

( U) th e capability to prevent or mitigate the consequences of accidents, whi ch co uld res ult in pot en tial offsite e xp os ures co mparabl e to the applicable guidel in e exposu res given in 10 CFR 50.34(a)(l) or 10 CFR 100.1 1, as applica b le.

( U) s p ent fu el sabota ge A loss of spent fuel pool wa ter inventory and expos ur e of spent fuel, barri n g ex traord inary actions by plant operations.

(U) t arget se t T he minimum combination of eq u ipm ent or operator actions, which, if all are prevented from performing the ir intended safety function o r preve nted from being accomplis h ed, would likely result in significant core damage (e.g., non-inc ipient,

non-loca li ze d fuel m e lti ng a nd/or co r e destruction) or a loss of sp ent fuel poo l coo la nt inve ntory and exposure of spe nt fuel, barr ing ex traord in ary actio n s by plant operat ions.

( U) t a r get set elem ent Equipme nt o r operator actions t hat perform a function, as pat1 of a ta r get set, to prevent s ign ificant core damage or s pent fuel dam age and arc included in the licen see 's protect ive strategy.

( U) v it a l eq u ipm e nt Any equipment, sys tem, dev ice, o r materia l, the fai lure, destruction, or release of w h ic h could di rectly o r indi rect ly endanger t he p ublic health and safety by exposur to radiation. E quipment or syste m s requi red to function to prot ec t publ ic health and safety fo llowing such fai lu re, destructio n, o r re lease a r e also cons idered to be vita l.

RG 5.81, Rev. l Pag e 34

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln-'fE!B tNF8~M'ft8N REFERENCES 1

I. (U) U.S. Code of Fed eral Regulations (CFR), " Phy s ical Prot ectio n of Pl ants and Materia ls,"

Part 73, Chapter l, Title 10, "Energy. "

2. (U) CF R, " Domest ic Licensing of Produ ct ion and Util iza tion Fac ilities," Pa rt 50, Cha pter I,

Ti t le I 0, "Energy."

3. (U) CFR, "Lice nses, Certifications, a nd Approvals for Nuc lea r Powe r Plants," Part 52, C h apter 1, T it le 10, "Energy."
4. (U) U.S. Nuclear Regu latory Com m ission (NR C), NUREG-0800, "Standard Review Plan for the Review of Safety Analy s is Repo rts for Nuclear Pow er Plant s ( LWR Edition)," Section 13.6, "Phys ical Secur i ty," Washington, DC.
5. (U) NRC, Regulatory G ui de ( RG) 5.69, "G uidan ce for th e Application of th e Radiologi ca l Sabo tage D es ig n Bas is Threat in the D esig n, D eve lopment, and I mplementation ofa Physica l Security Program That Meets 10 CFR 73.55 Requir emen ts (SGI)," Washin gto n, DC. (Not publicly available)
6. (U) NRC, RG 5.7 1, "Cybe r Security Programs for Nuclear Faci li ties," Washingto n, DC.
7. (U) NRC, RG 5.74, "Manag ing t he Safety /Security Interface," Washington, DC.
8. Nuclear Energy In stitute (NE !) 13-05, "Target Set Template [Site] Sec urity Target Sets, "

Revi s ion 0, Wa s hington, DC, March 27, 2014. (Notpubliclyavailable)

9. (U) NRC, SECY-16-0073, "StaffReq uiremen t s-SECY-16-0073 - Option s and Recommendations for the Force on Force I nspectio n Program in Respon se to SRM-SECY-14- 0088," Washington, DC, October 5, 2016 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML16279A345)
10. (U) IAEA Nuclear Security Series No. 13, "Nuclear Security Recommendations on Physica l Protection of Nuc lear Mater ia a nd Nuclear Fac ilit ies ( I N FC IRC/225/Rev is ion 5)," Vienna,

Aust ri a.2

PL1blicly available NRC pub l is hed do c uments are available electronically through the NRC Library on the NRC 's public Web site at http://www.nrc.gov/reading-rm /do c-collections/ and through the NRC's Agencywide Documents Access and Management System (ADAMS) a t http://www.nrc.gov /rea ding-rm /adams.html The documents can also be viewed online or printed for a fee in the NRC's Public Document Room (PDR) at 11555 Rockv ille Pike, Rockville, MD. For problems with ADAMS, contact the PDR staff at 301-415-4737 or (800) 397-4209; fax (301) 415-3548; ore mail pdr.resource@nrc.gov. Documents that are withheld from the public can be requested by th ose individuals who have established a "need-to-know" and possess access permission to ofticial use on ly - security-related information (OUO-SRI) or safeguards information (SGI) (or security clearance for classificddocuments).

Co pies of Inte rnational Atomic Energy Agency (IAEA) documents may be obtained through their Web s ite:

WWW. IAEA.Org/ or by wr it ing the International Atomic Ene rgy Agency, P.O. Box I 00 Wagramer Strasse 5, A-1400 Vienna, Austria.

RG 5.8 1, Re v. 1 Page 35

8FFtCtAi:: 09£ 8NLY 9E!CtJRt'f\\1 ltE!Ln'fE!B tNF8~M'ft8N Ofilfilt e t )LlcL UStl ONL f st:eU ftl 'f 15 -ft l!:L)Llc'ft)ft INfilO ft f'tl)LlcEffOP,

11. (U) RC, "Power Reactor Security Requirements," F ederal Register, o. 58: p. 13960, Washington, DC, March 27, 2009.
12. (U) CFR, " Reactor Site Criteria, " Part 100, Chapter I, Title 10, " Energy."
13. (U) NRC, Management Directive 8.4, " Management of Facility-Specific Backfitting and Infonnation Collection," Washington, DC.

RG 5.81, Rev. 1 Page 2

Ofilf.1Mi:: USE ONLY SEUftt'f¥ RELA'fl38 INfilOR'l'ttJlr'flOPt APPENDIX A

TARGET SET INFORMATION WORKSHEET (U)

(U) Thi s appendix provides a worksheet that may be used to documen t ident ified ta rge t sets.

When co mpleted, this worksheet is an accepta ble method to submit target sets for inspect ion with any needed supplem e ntal background informatio n. Th e in format ion in thi s worksheet, when com pl eted, is considered safeguards in fo rm ati o n and s hould be protected as s uc h.

E0 1 IQ S 8 9 The co nte nt of this worksheet, when no t comp leted, is official use on ly security-related in formatio n. When site-specific information is appli ed, th is document become s safeguards in fo rm ati on.

TARGET SET IN FORMATION WORKSH EET Attribute I Description (bX7)(F)

RG 5.8 1, Rev. I Appe ndix A, Page A-1

6flflte twL (;919 6 PU ;Y 9Ee tHttT¥*ft'EL'11:TEB INfl6ltf'fUTl6N TARGET SET INFORMATIO N WORKSHE E T Attribute I Description (bX7)(F)

RG 5.8 1, Rev. I Appendix A, Page A-2

6flflte twL (;919 6 PU;Y 9Ee tHttT¥*ft'EL'11:TEB 1Nfl6ltf'f1'11:Tl6N TARGET SET INFORMATIO N WORKSHE E T Attribute I Description (bX7XF)

RG 5.8 1, Rev. I Appendix A, Page A-3

6flflte twL (;919 6 PU;Y 9Ee tHttT¥*ft'EL'11:TEB 1Nfl6ltf'f1'11:Tl6N APPENDIXB

SITE /UNIT TARGET SET LIST(U)

(U) T his appe ndix is a template providing an overv iew of identified target sets and associated information. The information in this t emplate, when comp leted, is cons idered safeg uards informa tion and sho uld be protected as suc h.

Tar get Set# I Target Set Objective I Reactor Modes of Revision, E ffective Applicability I Dat e (b)(7)(F)

RG 5.8 I, Re v.I Append ix B, Page B-1

6FFlb\\1:: f:f9E 6NLY 9EtHU'f¥*HLn'fE8 INF6m.U'fl6N APPENDIXC

TARGET SET INfORftlA't'IOP, EXA1'1:PLE 1 (U)

(U) Thi s appe nd ix is a template th at can b e u sed to document identified target sets (TSs). Th e information in this template, when comp leted, is considered safeg uar d s information and should be protected as s uc h.

(Ot!~ -t! tU' The information in th is append ix is offic ia l use only -sec urity-r e lated informat io n

~QUQ S ~ ~- Since the appendix is an exa mpl e, each line w ill not be porti on ma rked OUO-SRI. Wh en s ite-specific inform at ion is s uppli ed, this do cum e nt becomes safeguard s informat ion.

(bX7)(F)

RG 5.8 1, Rev. I, Appendix C, Page C-2

6FFlt:b\\1:: t;9E 6NLY 9Et:t;lltT\\ '*ft'EL,:Jc:TEB INF6R1,IJ.lrTl6P~

(bX7)(F)

RG 5.8 1, Rev. I, Append ix C, Page C-3

6FFlt:b\\1:: t;9E 6NLY 9Et:t;lllT\\ '*ft'EL,:Jc:TEB INF6R\\,UTl6P~

(b)(7)(F)

RG 5.8 1, Rev. I, Appe nd ix C, Pag e C-4 (bX7)(F)

RG 5.8 1, Rev. I, Append ix C, Page C-5

6FFlt:b\\1:: t;9E 6NLY 9Et:t;lllT\\ '*ft'EL,:Jc:TEB INF6R1,IJ.lrTl6P~

CbX7XF)

RG 5.8 1, Rev. I, Appe n dix C, Pag e C-6 APPENDIXD

TARGET SET INFORMATIO N-EXAMPLE 2 (U)

(U) T his appe ndix is an a lternat ive t emp late that can be used to doc u men t identified target sets (TSs). T h e information in this template, when comp leted, is considere d safeguards information and s hould be protected as suc h.

(6t::l6 SIU~ The in format ion in th is appendix is official use only - sec urity-related information

( Oh'O 9'R:,1). Since it is an example, eac h line w i ll not be portion marked OUO-SRI. When s ite-spec ific informat ion is sup p l ied, t his docume nt becomes safeg uards informatio n.

(bX7)(F)

RG 5.81, Rev. 1, Appendix D, Page-I

8Fli11Ch4tb l,OE 8NL"t 01£el,ft:IT"i'*ft:1£b;l(fl£6 m.. 8 ft:!'flA'.T l6P~

(bX7)(F)

RG 5.81, Rev. 1, Appendix D, Page-2

8FF I Ch4tb l,OE 8NL"t 01£el,ft:IT"i'*ft:1£b;l(fl£6 m~6 ft:!'fl}l(Tl6P~

(b)(7)(F)

RG 5.81, Rev. 1, Appendix D, Page-3

8Fli11Ch4tb l,OE 8NL"t 01£etl ft:I T"i' *ft: 1£b;l(fl£6 m.. 8 ft: !'f l }l(T l 6P~

APPENDIXE

TARGET SET INFORMATION -EXAM PLE 3 (U)

(U) T hi s appendix is a template that can be used to docum en t iden ti fi ed ta rget sets (TS s). Th e information in th is temp late, wh en comp le t ed, is cons idere d safeg uard s in form atio n and sho uld be prot ec ted as s uch.

( Q~Q ~RI~ The information in thi s append ix is official use on ly-safe ty-re lated information (t9Ut9 -9~I ). Since thi s a pp endix i s a n exa mp le, each line w ill no t b e po rti on mark ed OUO-SRI. Wh e n si te-spec ific information is s upplied, th is document becomes safe guard s information.

(bX7)(F)

RG 5.8 1, Rev. I, Appendix E, Page E-1

6fftetA1J U9E 6ULY 9EetJIU'f\\ ' *~L1lc'fEB 1Uf6Ml/l'fl6f, (bX7XF)

RG 5.81, Rev. I, Appendix E, Page E-2

6fftetA1J U9E 6ULY 9EetJIU'f\\ ' *~L1lc'fEB lriif6MU'fl6f, (b)(7)(F)

RG 5.81, Rev. I, Appendix E, Page E-3

6fftetA1J U9E 6ULY 9EetJIU'f\\ ' *~L1lc'fEB lriif6MU'fl6f, APPENDIXF

OFFSITE EQUIPMENT LOCATIONS (U)

(W ith Example/Sample Data) (U)

(U) T hi s appendix is a tem plate that ca n be used to docum en t offsite eq uipme nt locations.

(("J'tteJ --'lU) The information in th is a pp endix is official use only-security-related information (OtJQ i>JU1. Since the appendix is an example, each line w il l no t be port ion marked OUO-SRI.

(bX7)(F)

RG 5.8 1, Rev. 1, Appendix F, Page F-1

61'11'1t e t 1\\1:J U9E 6NLY SlsWRITY llELATlsB ml'16Mf t n1' 16,,

8PPIChlrL USE 8NLY 9ECU:lll'fY R-E!LJ!c'fEB mP8Rfll l J!c'fl8P~

APPENDIXH

TARGET SET TIME PIPING, WALL SPECIFICATIONS, AND FUEL POOL TARGET SET ADDITIONAL D ATA (U)

(With Exa mple /Sample Data) (U)

In sid e Diameter 19 in.

Mat eria l A STM B&PV Section I ASA B 3 l.l Stainless Steel Pipe Wall T hic k n ess ~ 2 in.

Pipe Insulation Fibe rglass an d laggin g - 5 in.

Inside Diameter 16.47 in.

Mat e ri al Seamless sta inless steel SA 376 TP 3 16 (NG) ou ts ide Drywe ll Pipe Wall Thick n ess 1. 753 in.

Pipe Insula tio n The rm a l and lagg in g - 5 in.

Pip i ng on 345 ft e levat ion I0 in. NPS In s ide Dia m ete r 5.625 in.

M aterial Seamless stainless steel AS TM A3 12 or A376 TP 3 16 Pipe Wall Thick n ess 1.5 in.

Pipe Insulation None

All Pump Disch arges 16 in. NPS In s id e Diameter 10.02 in.

Material Seam less A-I 06 Ca rbo n Stee l.

Pip e Wall Thickn ess 0. 965 in.

Pip e In s ulation None

All Pump S u c ti on s 12 in. NPS In s id e Dia m ete r 9.00 in.

Material Sea ml ess A-106 Ca rb on Steel Pipe Wall T hickn ess 1. 625 in.

Pipe Insulation N one

RG 5.81, Rev. 1, Appendix H, Pa ge H-2

8Fli11Ch4tb l,OE 8NL"t 91£Cl,ft:IT"i' *ft: 1£bJl(fl£8 IN"8ft:!'f l A'.T l 8N 6fJfilleh!tL USE 6NL't5 SEeUttt'fY MLJlr'fEO INfl6ftMJlr'fl6Pif

Applic able Target Sets: 1 F IP IW IIS ifi ti ue 00 a,pee 1ca ons LINER Thickness/Material: 1/8 in./stainless steel SIDE Wall Concrete T hickness Reinforcing Ratio /Scheme North 52 in. 0.075 Sout h 92 in. 0.075 East 92 in. 0.0748 West (>95 ft elevation) 84 in. 0.080 West (<95 ft e levation) 52 in. 0.0375

RG 5.81, Re v. 1, Appendix H, Page H-3

Qf;lf;l l CtMJ USE ONLY S E eU M FfY lttlt ::A'fEO 1Nfil61Mt b-'l:Ff l6 P*

APPENDIX I

TA RGET SET ANALYSIS TEAM MAKEUP (U)

(QPQ SR9 The information in this appendix is official use on ly-secur ity-related in formatio n

~OUO SR-I}. Since the appendix is an example, each line will not be portion marked OUO-SRI.

Th e team estab l is hed for the d eve lopmen t of th e [Site] target sets co n s isted of dedica ted personne l with expertise in the following disciplines:

  • CbX7XF)

RG 5.81, Rev. 1, Appendix I, P age 1-1

6flfltetwL l'.'.1315 6f*LY 3Eel'.'JlltT\\'*fttlLWTEt, mfl6ft:f'fl)!lrT16N APPENDIXJ

TARGET SET WORKSHEET AC RONYM PAGE (U)

(U) T h e informatio n in th is appe ndix prov ides a n examp le of a ta rget set wor k sheet acro nym page. It is unclassified and will not be p01tion marked.

ABN abnormal AC alternati n g c urre nt ATWS a nt ic ipated transient w itho ut scram CDA c r it ical d ig ital asse t CRD contro l rod d r ive DC d irect current EAL eme rgency action level ECCS emergency core coo ling system EOG emergency diesel generator EM RY elect r ometric re lief valve EO P eme rgency operat in g procedu re EPRl Elect ri c P ower Research In stit ute gpm ga llons per minute HELB high-energy line break HPC I hi gh-press u re coo lant injection hr ho ur

ill. inch kV k ilovo lt LLOCA large loss-of-coo la n t acc ident LOCA loss-of-coolant acc ident LOOP loss of offsite powe r LSP local s hutdown pane l MAAP Mod ul ar Accide nt A na lysis Program MCC motor control center MCR ma in control room NEJ Nuclear Energy Institute OPCON o perat ing condition PRA probabi listic risk assessment psig pounds per square inch gauge RC IC reacto r core iso lat ion cool ing RH RSW res idu a l heat remova l serv ice water RP V reactor press ure vessel RS DP remote shu t down pane l RSP remote shutdown pane l

R G 5.81, Rev. l, Appen di x J, P age J-2

8FFICl7-\\:L t;9E 8NL'i 9ECl'.HltT\\' *fttlL7-\\:TEt, mF6ft:f'flJ!lrT16N Ofilfiltt!liltt UStl ONLY StWUftt'f 15 - fttltilt'ftlB INfilORMiltFflOPii

SAMG Severe Accident Management Guidelines SBO station blackout SCBA self-contained breathing apparatus SRV safety-relief valve SSPP site security program plan TAF top of active fu l TSA target set analysis VDC voltage direct current

RG 5.81, Rev. 1, Appendix J, Page J-3

8FFICblm U913 8NLY SIWURt'fY ML A 'ftlB INfilOMt;Jr'flOH

Retrieved from "https://kanterella.com/w/index.php?title=ML22257A058&oldid=3721300"