Text

Mr. Richard Mogavero Senior Project Manager, Nuclear Security and Incident Preparedness Nuclear Energy Institute 1201 F Street NW, Suite 1100 Washington, DC 20004

SUBJECT:

REQUEST FOR ENDORSEMENT OF NEI 15-09, CYBERSECURITY EVENT NOTIFICATIONS, REVISION 1, DATED OCTOBER 2022

Dear Mr. Mogavero:

In your letter dated October 25, 2022, you requested the U.S. Nuclear Regulatory Commission (NRC) staff review and endorse NEI 15-09, Cybersecurity Event Notifications, dated October 2022 (Agencywide Documents Access and Management System (ADAMS)

Accession Number ML22298A228), to ensure the proposed changes meet the requirements of Title 10 of the Code of Federal Regulations (10 CFR) 73.54, Protection of digital computer and communication systems and networks, and 10 CFR 73.77, Cyber security event notifications.

NEI 15-09, Revision 1, addresses comments provided by the NRC staff on a prior draft of the document (ML22259A076), as well as comments received during a public meeting held on August 10, 2022 (ML22241A080). The revision also incorporates conforming changes consistent with recently-revised guidance in NEI 10-04, Identify Systems and Assets Subject to the Cyber Security Rule, Revision 3 (ML21342A168), and NEI 13-10, Revision 7, Cyber Security Control Assessments (ML21342A203).

The NRC staff has reviewed NEI 15-09, Revision 1, and determined the revised document addresses our previous comments. We are not requesting any additional information at this time. The staff will document the completion of its review and its conclusions in a revision to Regulatory Guide 5.83, Cyber Security Event Notifications.

December 13, 2022

R. Mogavero Should you or your staff have any questions, please contact Mr. Dan Warner at (301) 287-3642.

Sincerely, Brian M. Yip, Chief Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response Signed by Yip, Brian on 12/13/22

Ltr ML22347A106 OFFICE NSIR/DPCP/CSB NSIR/DPCP/CSB NAME DWarner BYip DATE Dec 13, 2022 Dec 13, 2022