ML22298A226
| ML22298A226 | |
| Person / Time | |
|---|---|
| Site: | Nuclear Energy Institute |
| Issue date: | 10/25/2022 |
| From: | Mogavero R Nuclear Energy Institute |
| To: | Gregory Bowman Office of Nuclear Reactor Regulation, Office of Nuclear Security and Incident Response, Document Control Desk |
| Shared Package | |
| ML22298A225 | List: |
| References | |
| NEI 15-09 | |
| Download: ML22298A226 (1) | |
Text
RICHARD MOGAVERO Senior Project Manager, Nuclear Security & Incident Preparedness 1201 F Street, NW, Suite 1100 Washington, DC 20004 P: 202.739.8174 rm@nei.org nei.org October 25, 2022 Mr. Greg Bowman Director, Division of Physical and Cyber Security Policy Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission Washington, DC 20555-0001
Subject:
Endorsement of NEI 15-09, Cyber Security Event Notifications, Revision 1, Dated October 2022.
Project Number: 689
Dear Mr. Bowman:
On behalf of the Nuclear Energy Institutes (NEI)0F1 members (hereinafter referred to as industry), attached is an updated revision to NEI 15-09, Cyber Security Event Notifications. The attached document addresses the NRC Staff Comment Table1F2 associated with your September 29, 2022, response letter2F3 and comments received during the August 10, 20223F4 public meeting. Additional editorial changes were made to conform to the new NRC style guide.
On November 2, 2015, the NRC issued cyber security event notification requirements [80 Federal Register 67264]. These requirements are codified in Title 10 of the Code of Federal Regulations (CFR), Part 73, Section 73.77. The cyber security requirements in 10 CFR 73.54 were also amended to require reporting in accordance with 10 CFR 73.77. At that time, NEI developed NEI 15-09, Cyber Security Event Notifications, Revision 0, dated February 2016, to support consistent implementation of the new reporting requirements and to streamline the process for making reportability determinations. NEI 15-09 was submitted for review, and the NRC found the document acceptable for use4F5.
1 The Nuclear Energy Institute (NEI) is responsible for establishing unified policy on behalf of its members relating to matters affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues. NEIs members include entities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect and engineering firms, fuel cycle facilities, nuclear materials licensees, and other organizations involved in the nuclear energy industry.
2 ADAMS Accession No.: ML22259A084 3 ADAMS Accession No.: ML22259A076 4 ADAMS Accession No.: ML22241A080 5 ADAMS Accession No.: ML16063A062
Mr. Greg Bowman October 25, 2022 Page 2 Subsequent to the issuance of NEI 15-09, Revision 0, NRC approved changes to other cyber security program guidance. For example, NRC reviewed and found acceptable for use four white papers related to Emergency Preparedness5F6, Balance of Plant6F7, Safety-Related/Important-to-Safety7F8, and Security8F9 digital assets. Revision 1 to NEI 15-09 includes conforming changes consistent with guidance provided in the white papers.
NEI requests that the NRC review and endorse NEI 15-09, Revision 1, dated October 2022, by November 18, 2022. If any revisions to this document are desired, please include suggested wording and the technical data to support the proposed changes.
If you have any questions concerning these comments, please contact me.
Sincerely, Richard Mogavero Attachment c:
Brian Yip NRC/NSIR NRC Document Control Desk 6 ADAMS Accession No. ML20129J981 7 ADAMS Accession No. ML20209A442 8 ADAMS Accession No. ML20223A256 9 ADAMS Accession No. ML21140A140