|
---|
Category:Inspection Plan
MONTHYEARML23339A1762023-12-0505 December 2023 Notification of NRC Baseline Inspection and Request for Information (05000265/2024001) ML23216A0362023-08-0707 August 2023 Notification of an NRC Biennial Licensed Operator Requalification Program Inspection and RFI IR 05000254/20220062023-03-0101 March 2023 Annual Assessment Letter for Quad Cities Nuclear Power Station, Units 1 and 2 (Report 05000254/2022006 and 05000265/2022006) ML23013A1502023-01-17017 January 2023 Notification of NRC Baseline Inspection and Request for Information; Inspection Report 05000254/2023002 ML23011A2822023-01-11011 January 2023 Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000254/2023401; 05000265/2023401 ML22249A2332022-09-0606 September 2022 Notification of NRC Fire Protection Team Inspection Request for Information Inspection Report 05000254/2022011 05000265/2022011 IR 05000254/20220052022-08-22022 August 2022 Updated Inspection Plan for Quad Cities Nuclear Power Station (Report 05000254/2022005; 05000265/2022005) ML22228A1032022-08-16016 August 2022 Notification of NRC RFI for Post-Approval Site Inspection for License Renewal Phase IV Inspection Report 05000254/2022010 05000265/2022010 ML22178A1362022-06-28028 June 2022 Information Request to Support Upcoming Problem Identification and Resolution (Pi&R) Inspection at Quad Cities Station ML22039A1912022-02-0808 February 2022 Information Request for an NRC Triennial 10 CFR 50.59 (Evaluation of Changes, Tests, and Experiments) Baseline Inspection IR 05000254/20210052021-09-0101 September 2021 Updated Inspection Plan for Quad Cities Nuclear Power Station (Report 05000254/2021005 and 05000265/2021005) ML21203A0662021-07-22022 July 2021 Quad Nuclear Power Station - Notification of NRC DBAI (Programs) and Initial Request for Information: Inspection Report 05000254/2021010; 05000265/2021010 IR 05000254/20200062021-03-0404 March 2021 Annual Assessment Letter for Quad Cities Nuclear Power Station Units 1 and 2 (Report 05000254/2020006 and 05000265/2020006) ML21033A5772021-02-0202 February 2021 Notification of Nrc Baseline Inspection and Request for Information; Inspection Report 05000254/2021001 ML20266G3542020-09-22022 September 2020 Notification of NRC Request for Information for Post-Approval Site Inspection for License Renewal-Phase IV; Inspection Report 05000254/2020012; 05000265/2020012 IR 05000254/20200052020-09-0101 September 2020 Updated Inspection Plan for Quad Cities Nuclear Power Station, Units 1 and 2 (Report 05000254/2020005 and 05000265/2020005) ML20183A2852020-07-0101 July 2020 Request for Information for an NRC Triennial Baseline Bases Assurance Inspection (Team): Inspection Report 05000254/2020011 and 05000265/2020011 ML20162A1302020-06-10010 June 2020 Information Request to Support Upcoming Problem Identification and Resolution Inspection at the Quad Cities Nuclear Power Station IR 05000254/20190062020-03-0303 March 2020 Annual Assessment Letter for Quad Cities Nuclear Power Station, Units 1 and 2 (Report 05000254/2019006 and 05000265/2019006) IR 05000254/20190052019-08-28028 August 2019 Updated Inspection Plan for Quad Cities Nuclear Power Station, Units 1 and 2 (Report 05000254/2019005 and 05000265/2019005) IR 05000254/20180062019-03-0404 March 2019 Annual Assessment Letter for Quad Cities Nuclear Power Station, Units 1 and 2 (Report 05000254/2018006 and 05000265/2018006) ML19014A0932019-01-11011 January 2019 Ltr. 01/11/19 Quad Cities Nuclear Power Station, Unit 1 - Notification of NRC Baseline Inspection and Request for Information; Inspection Report 05000254/2019001; 05000265/2019001 (DRS-J.Neurauter) IR 05000254/20180052018-08-28028 August 2018 Updated Inspection Plan for Quad Cities Nuclear Power Station -Quad Nuclear Power Station, Units 1 and 2 (Report 05000254/2018005 and 05000265/2018005) IR 05000254/20170062018-03-0202 March 2018 Annual Assessment Letter for Quad Cities Nuclear Power Station, Units 1 and 2 (Report 05000254/2017006; 05000265/2017006) IR 05000254/20170052017-08-28028 August 2017 Updated Inspection Plan (Inspection Report 05000254/2017005 and 05000265/2017005) IR 05000254/20160062017-03-0101 March 2017 Annual Assessment Letter for Quad Cities Nuclear Station, Units 1 and 2 (Report 05000254/2016006; 05000265/2016006) ML17033A0622017-02-0101 February 2017 Notification of NRC Baseline Inspection and Request for Information; Inspection Report 05000254/2017001; 05000265/2017001 IR 05000254/20160052016-08-31031 August 2016 Mid-Cycle Assessment Letter for Quad Cities Nuclear Power Station Units 1 and 2 (Report 05000254/2016005 and 05000265/2016005) ML16175A3552016-06-23023 June 2016 Information Request to Support Upcoming Problem Identification and Resolution Inspection at the Quad Cities Nuclear Power Station IR 05000254/20150062016-03-0202 March 2016 Annual Assessment Letter for Quad Cities Nuclear Power Stations, Units 1 and 2 (Inspection Report 05000254/2015006 and 05000265/2015006) IR 05000254/20150052015-09-0101 September 2015 Mid-Cycle Assessment Letter for Quad Cities Nuclear Power Station, Units 1 and 2 (Report 05000254/2015005; 05000265/2015005) IR 05000254/20140012015-03-0404 March 2015 Annual Assessment Letter for Quad Cities Nuclear Power Station, Units 1 and 2 (Report 05000254/2014001; 05000265/2014001) ML14245A3582014-09-0202 September 2014 Mid-Cycle Assessment Letter for Quad Cities Nuclear Power Station, Units 1 and 2 IR 05000254/20130012014-03-0404 March 2014 Annual Assessment Letter for Quad Cities Nuclear Power Station, Units 1 and 2 (Report 05000254/2013001; 05000265/2013001) ML14049A4382014-02-14014 February 2014 Inspection Report Plan for 05000254-14-003 & 05000265-14-003 ML13246A2242013-09-0303 September 2013 2013 Quad Cities Nuclear Power Station Mid-Cycle Letter Combined IR 05000254/20120012013-03-0404 March 2013 Annual Assessment Letter for Quad Cities Nuclear Power Station, Unit 1 and 2 (Reports 05000254/2012001 and 05000265/2012001) ML13023A3582013-01-23023 January 2013 Ltr. 01/23/13 Quad Cities ISI, Unit 1, Request for Information ML12249A4102012-09-0404 September 2012 Mid-Cycle Assessment Letter for Quad Cities Nuclear Power Station, Unit 1 and 2 IR 05000254/20110062011-09-0101 September 2011 Mid-Cycle Letter for Quad Cities Nuclear Power Station, Units 1 and 2; 05000254/2011-006; 05000265/2011-006 IR 05000254/20110012011-03-0404 March 2011 Annual Assessment Letter for Quad Cities Nuclear Power Station (Report 05000254-11-001 and 05000265-11-001) ML1024400782010-09-0101 September 2010 Mid-Cycle Performance Review and Inspection Plan - Quad Cities Nuclear Power Station ML1006104912010-03-0303 March 2010 EOC Annual Assessment Letter, Inspection/Activity Plan ML0924403202009-09-0101 September 2009 Mid-Cycle Performance Review and Inspection Plan IR 05000254/20090012009-03-0404 March 2009 Annual Assessment Letter - Quad Cities Nuclear Power Station, Units 1 and 2 (05000254/2009001; 05000265/2009001) ML0824602952008-09-0202 September 2008 Quad Cities - Mid-Cycle Performance Review and Inspection Plan IR 05000254/20080012008-03-0303 March 2008 EOC Annual Assessment Letter (Inspection Report 05000254-08-001; 05000265-08-001) ML0735403302007-12-19019 December 2007 Quad - Inspection Plan 1/1/08 - 12/31/08 IR 05000254/20070012007-03-0202 March 2007 EOC Annual Assessment Letter (Report 05000254-07-001; 05000265-07-001) ML0624305962006-08-31031 August 2006 8/31/06 Quad Cities - Mid-Cycle Performance Review and Inspection Plan 2023-08-07
[Table view] Category:Letter
MONTHYEARIR 05000254/20230042024-02-0505 February 2024 Integrated Inspection Report 05000254/2023004 and 05000265/2023004 ML24004A0052024-01-17017 January 2024 Exemption from Select Requirements of 10 CFR Part 73 (EPID L-2023-LLE-0042 (Security Notifications, Reports, and Recordkeeping and Suspicious Activity Reporting)) RS-24-001, Response to Request for Additional Information Regarding Relief Request I5R-26, Inservice Inspection Program Relief Request Regarding Examination Coverage for the Fifth Inservice Inspection Interval2024-01-0303 January 2024 Response to Request for Additional Information Regarding Relief Request I5R-26, Inservice Inspection Program Relief Request Regarding Examination Coverage for the Fifth Inservice Inspection Interval IR 05000254/20234032023-12-22022 December 2023 Public- Quad Cities Nuclear Power Station Security Baseline Inspection Report 05000254/2023403 and 05000265/2023403 IR 05000254/20230102023-12-20020 December 2023 Comprehensive Engineering Team Inspection Report 05000254/2023010 and 05000265/2023010 ML23349A1622023-12-17017 December 2023 Issuance of Amendment Nos. 298 and 294 Increase Completion Time in Technical Specification 3.8.1.B.4 (Emergency Circumstances) RS-23-128, Response to Request for Additional Information for the Emergency License Amendment Request Increase Technical Specifications Completion Time in TS 3.8.1.B.4 from 7 Days to 30 Days2023-12-15015 December 2023 Response to Request for Additional Information for the Emergency License Amendment Request Increase Technical Specifications Completion Time in TS 3.8.1.B.4 from 7 Days to 30 Days ML23305A1402023-12-13013 December 2023 Units 1 & 2; Nine Mile Point, Unit 2; Peach Bottom, Units 2 & 3; and Quad Cities, Units 1 and 2 - Issuance of Amendments to Adopt Traveler TSTF-580 RS-23-123, Emergency License Amendment Request - Increase Technical Specifications Completion Time in TS 3.8.1.B.4 from 7 Days to 30 Days2023-12-13013 December 2023 Emergency License Amendment Request - Increase Technical Specifications Completion Time in TS 3.8.1.B.4 from 7 Days to 30 Days ML23339A1762023-12-0505 December 2023 Notification of NRC Baseline Inspection and Request for Information (05000265/2024001) ML23319A3342023-11-20020 November 2023 Regulatory Audit in Support of License Amendment Requests to Adopt TSTF 505, Revision 2 and 10 CFR 50.69 RS-23-104, Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications Implementation2023-11-17017 November 2023 Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications Implementation ML23317A1192023-11-10010 November 2023 Constellation Energy Generation, LLC - 2023 Annual Report - Guarantees of Payment of Deferred Premiums IR 05000254/20230032023-11-0909 November 2023 Integrated Inspection Report 05000254/2023003 and 05000265/2023003 RS-23-113, Submittal of Updated Final Safety Analysis Report (Ufsar), Revision 17 and Fire Protection Report (Fpr), Revision 262023-10-20020 October 2023 Submittal of Updated Final Safety Analysis Report (Ufsar), Revision 17 and Fire Protection Report (Fpr), Revision 26 RS-23-097, Constellation Energy Generation, LLC, Advisement of Leadership Changes and Submittal of Updated Standard Practice Procedures Plans2023-10-12012 October 2023 Constellation Energy Generation, LLC, Advisement of Leadership Changes and Submittal of Updated Standard Practice Procedures Plans ML23206A0382023-09-21021 September 2023 Proposed Alternative to the Requirements of the ASME Code IR 05000254/20230112023-09-20020 September 2023 Safety-Conscious Work Environment Issue of Concern Team Inspection Report 05000254/2023011 and 05000265/2023011 RS-23-089, Sixth Ten-Year Interval Inservice Testing Program2023-09-0505 September 2023 Sixth Ten-Year Interval Inservice Testing Program RS-23-080, Constellation Energy Generation, LLC, Application to Revise Technical Specifications to Adopt TSTF-264-A, Revision 0, 3.3.9 and 3.3.10 - Delete Flux Monitors Specific Overlap Requirement SRs2023-08-30030 August 2023 Constellation Energy Generation, LLC, Application to Revise Technical Specifications to Adopt TSTF-264-A, Revision 0, 3.3.9 and 3.3.10 - Delete Flux Monitors Specific Overlap Requirement SRs RS-23-086, Relief Request I5R-26, Inservice Inspection Program Relief Request Regarding Examination Coverage for the Fifth Inservice Inspection Interval2023-08-28028 August 2023 Relief Request I5R-26, Inservice Inspection Program Relief Request Regarding Examination Coverage for the Fifth Inservice Inspection Interval SVP-23-038, Owner'S Activity Report Submittal Fifth 10-Year Interval 2023 Refueling Outage Activities2023-08-14014 August 2023 Owner'S Activity Report Submittal Fifth 10-Year Interval 2023 Refueling Outage Activities IR 05000254/20230022023-08-0808 August 2023 Integrated Inspection Report 05000254/2023002 and 05000265/2023002 ML23178A0742023-08-0707 August 2023 Issuance of Amendment Nos. 296 and 292 Adoption of TSTF-416 Low Pressure Coolant Injection (LPCI) Valve Alignment Verification Note Location ML23216A0362023-08-0707 August 2023 Notification of an NRC Biennial Licensed Operator Requalification Program Inspection and RFI ML23216A0562023-08-0404 August 2023 Information Meeting (Open House) with a Question and Answer Session to Discuss NRC 2022 End-Of-Cycle Plant Performance Assessment of Quad Cities Nuclear Power Station, Units 1 and 2 SVP-23-031, Regulatory Commitment Change Summary Report2023-07-14014 July 2023 Regulatory Commitment Change Summary Report ML23181A1062023-06-30030 June 2023 Postponement- Information Meeting (Open House) with a Question-And-Answer Session to Discuss NRC 2022 End-Of-Cycle Plant Performance Assessment of Quad Cities Nuclear Power Station ML23178A2422023-06-28028 June 2023 Reassignment of the U.S. Nuclear Regulatory Commission Branch Chief in the Division of Operating Reactor Licensing for Plant Licensing Branch III ML23179A1932023-06-28028 June 2023 07122023 Letter-Significant Public Meeting to Discuss NRC End-of-Cycle Performance Assessment of Quad Cities Nuclear Plant for Performance for 2022 Calendar Year IR 05000254/20234012023-06-26026 June 2023 Cyber Security Inspection Report 05000254/2023401 and 05000265/2023401 IR 05000265/20230402023-06-22022 June 2023 Reissue Quad Cities Nuclear Power Station 95001 Supplemental Inspection Supplemental Report 05000265/2023040 and Follow Up Assessment Letter RS-23-077, Response to NRC Regulatory Issue Summary 2023-01, Preparation and Scheduling of Operator Licensing Examinations2023-06-16016 June 2023 Response to NRC Regulatory Issue Summary 2023-01, Preparation and Scheduling of Operator Licensing Examinations ML23167B1722023-06-16016 June 2023 95001 Supplemental Inspection Report 05000265/2023040 and Follow-Up Assessment Letter RS-23-060, Application to Adopt 10 CFR 50.69, Risk-Informed Categorization and Treatment of Structures, Systems, and Components for Nuclear Power Reactors2023-06-0808 June 2023 Application to Adopt 10 CFR 50.69, Risk-Informed Categorization and Treatment of Structures, Systems, and Components for Nuclear Power Reactors RS-23-059, License Amendment Request to Revise Technical Specifications to Adopt Risk Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b2023-06-0808 June 2023 License Amendment Request to Revise Technical Specifications to Adopt Risk Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b ML23144A3632023-05-26026 May 2023 Information Meeting (Open House) with a Question and Answer Session to Discuss NRC 2022 End-of-Cycle Plant Performance Assessment of Quad Cities Nuclear Power Station, Units 1 and 2 RS-23-042, Application to Revise Technical Specifications to Adopt TSTF-580, Provide Exception from Entering Mode 4 with No Operable RHR Shutdown Cooling2023-05-25025 May 2023 Application to Revise Technical Specifications to Adopt TSTF-580, Provide Exception from Entering Mode 4 with No Operable RHR Shutdown Cooling ML23033A4042023-05-15015 May 2023 Exemption from the Requirements of 10 CFR Part 2, Section 2.109(B) Related to Submission of Subsequent License Renewal Application Letter IR 05000254/20234022023-05-15015 May 2023 Security Baseline and ISFSI Inspection Reports 05000254/2023402, 05000265/2023402, 07200053/2023401 ML23132A2022023-05-12012 May 2023 Annual Radiological Environmental Operating Report ML23125A0612023-05-0808 May 2023 Proposed Alternative to the Requirements of the ASME Code IR 05000254/20230012023-05-0808 May 2023 Integrated Report 05000254/2023001 and 05000265/2023001 RS-22-067, 10 CFR 50.46 Annual Report2023-05-0404 May 2023 10 CFR 50.46 Annual Report ML23118A3472023-05-0101 May 2023 County, 1 & 2; Nine Mile Point, 2; and Quad Cities, 1 & 2 - Correction of Amendment No. 193 Adoption of TSTF-306, Revision 2, Add Action to LCO 3.3.6.1 to Give Option to Isolate the Penetration EPID L-2022-LLA-0143 RS-23-068, Response to Request for Additional Information for Quad Cities Relief Request I6R-11, Proposed Alternatives for a Temper Bead Weld Repair of the Mating Surfaces of the Reactor Pressure Vessel Head and Shell2023-04-28028 April 2023 Response to Request for Additional Information for Quad Cities Relief Request I6R-11, Proposed Alternatives for a Temper Bead Weld Repair of the Mating Surfaces of the Reactor Pressure Vessel Head and Shell SVP-23-018, Radioactive Effluent Release Report for 20222023-04-28028 April 2023 Radioactive Effluent Release Report for 2022 ML23114A2522023-04-28028 April 2023 Request to Use a Provision of a Later Edition of the ASME Boiler & Pressure Vessel Code, Section XI ML23110A0622023-04-25025 April 2023 Transmittal of Final Quad Cities Nuclear Power Plant, Unit 1 Accident Sequence Precursor Report (Licensee Event Report 254-2022-001) ML23081A0382023-04-25025 April 2023 County, 1 & 2; Nine Mile Point, 2; and Quad Cities, 1 & 2 - Issuance of Amendments to Adopt TSTF-306, Rev. 2, Add Action to LCO 3.3.6.1 to Give Option to Isolate the Penetration 2024-02-05
[Table view] |
See also: IR 05000254/2023401
Text
January 11, 2023
David P. Rhoades
Senior Vice President
Constellation Energy Generation, LLC
President and Chief Nuclear Officer (CNO)
Constellation Nuclear
4300 Winfield Road
Warrenville, IL 60555
SUBJECT: QUAD CITIES NUCLEAR POWER STATION, UNITS 1 AND 2- INFORMATION
REQUEST FOR THE CYBER-SECURITY BASELINE INSPECTION,
NOTIFICATION TO PERFORM INSPECTION 05000254/2023401;
05000265/2023401
Dear David Rhoades:
On May 15, 2023, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline
inspection in accordance with Inspection Procedure (IP) 71130.10 Cyber-Security, Revision 0
at your Quad Cities Station. The inspection will be performed to evaluate and verify your ability
to meet the NRCs Cyber-Security Rule, Title 10, Code of Federal Regulations (CFR), Part 73,
Section 54, Protection of Digital Computer and Communication Systems and Networks. The
onsite portion of the inspection will take place May 15-19, 2023.
Experience has shown that baseline inspections are extremely resource intensive, both for the
NRC inspectors and the licensee staff. In order to minimize the inspection impact on the site
and to ensure a productive inspection for both parties, we have enclosed a request for
documents needed for the inspection. These documents have been divided into four groups.
The first group specifies information necessary to assist the inspection team in choosing the
focus areas (i.e., sample set) to be inspected by the cyber-security IP. This information should
be made available electronically no later than March 18, 2023. The inspection team will review
this information and, by April 1, 2023, will request the specific items that should be provided for
review.
The second group of additional requested documents will assist the inspection team in the
evaluation of the critical systems and critical digital assets (CSs/CDAs), defensive architecture,
and the areas of the licensees Cyber Security Plan (CSP) selected for the cyber-security
inspection. This information will be requested for review in the regional office prior to the
inspection by May 01, 2023, as identified above.
The third group of requested documents consists of those items that the inspection team will
review, or need access to, during the inspection. Please have this information available by the
first day of the onsite inspection, May 15, 2023.
D. Rhoades -2-
The fourth group of information is necessary to aid the inspection team in tracking issues
identified as a result of the inspection. It is requested that this information be provided to the
lead inspector as the information is generated during the inspection. It is important that all of
these documents are up to date and complete in order to minimize the number of additional
documents requested during the preparation and/or the onsite portions of the inspection.
The lead inspector for this inspection is Jasmine Gilliam. We understand that our regulatory
contact for this inspection is Richard Swart of your organization. If there are any questions about
the inspection or the material requested, please contact the lead inspector at 630-829-9831 or
via email at Jasmine.Gilliam@nrc.gov.
This letter does not contain new or amended information collection requirements subject to the
Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection
requirements were approved by the Office of Management and Budget, Control
Number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to
respond to, a request for information or an information collection requirement unless the
requesting document displays a currently valid Office of Management and Budget Control
Number.
In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding,
of the NRC's "Rules of Practice," a copy of this letter and its enclosure will be available
electronically for public inspection in the NRCs Public Document Room or from the Publicly
Available Records (PARS) component of the NRC's Agencywide Documents Access and
Management System (ADAMS). ADAMS is accessible from the NRC Web site at
http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
Sincerely,
Signed by Gilliam, Jasmine
on 01/11/23
Jasmine Gilliam, Senior Reactor Inspector
Engineering Branch 2
Division of Operating Reactor Safety
Docket Nos. 50-254 and 50-265
License Nos. DPR-29 and DPR-30
Enclosure:
Cyber-Security Inspection
Document Request
cc w/encl: Distribution via LISTSERV
D. Rhoades -3-
Letter to David Rhoades from Jasmine Gilliam dated January 11, 2023.
SUBJECT: QUAD CITIES NUCLEAR POWER STATION, UNITS 1 AND 2- INFORMATION
REQUEST FOR THE CYBER-SECURITY BASELINE INSPECTION,
NOTIFICATION TO PERFORM INSPECTION 05000254/2023401;
05000265/2023401
DISTRIBUTION:
Jessie Quichocho
Marc Ferdas
RidsNrrDorlLpl3
RidsNrrPMQuadCities Resource
RidsNrrDroIrib Resource
John Giessner
Julio Lara
Diana Betancourt-Roldan
Allan Barker
R3-DORS
ADAMS Accession Number: ML23011A282
Publicly Available Non-Publicly Available Sensitive Non-Sensitive
OFFICE RIII
NAME JGilliam:gam
DATE 01/11/2023
OFFICIAL RECORD COPY
CYBER-SECURITY INSPECTION DOCUMENT REQUEST
Inspection Report: 05000254/2023401 and 05000265/2023401
Inspection Dates: May 15-19, 2023
Inspection Procedure: IP 71130.10, Cyber-Security, Revision 0
NRC Inspectors: Jasmine Gilliam, Lead Alan Dahbur
630-829-9831 630-829-9810
Jasmine.Gilliam@nrc.gov Alan.Dahbur@nrc.gov
NRC Contractors: Balla Barro Alan Konkal
Balla.Barro@nrc.gov Alan.Konkal@nrc.gov
I. Information Requested for In-Office Preparation
The initial request for information (i.e., first RFI) concentrates on providing the inspection
team with the general information necessary to select appropriate components and
Cyber Security Plan (CSP) elements to develop a site-specific inspection plan. The first
RFI is used to identify the list of critical systems and critical digital assets (CSs/CDAs)
plus operational and management (O&M) security control portions of the CSP to be
chosen as the sample set required to be inspected by the cyber-security IP. The first
RFIs requested information is specified below in Table RFI #1. The Table RFI #1
information is requested to be provided to the regional office by March 18, 2023, or
sooner, to facilitate the selection of the specific items that will be reviewed during the
onsite inspection weeks.
The inspection team will examine the returned documentation from the first RFI and
identify/select specific systems and equipment (e.g., CSs/CDAs) to provide a more
focused follow-up request to develop the second RFI. The inspection team will submit
the specific systems and equipment list to your staff by April 01, 2023, which will identify
the specific systems and equipment that will be utilized to evaluate the CSs/CDAs,
defensive architecture, and the areas of the licensees CSP selected for the
cyber-security inspection. We request that the additional information provided from the
second RFI be made available to the regional office prior to the inspection by
May 01, 2023.
The required Table RFI #1 information shall be provided electronically to the lead
inspector by March 18, 2023. If a compact disk (CD) is provided, please provide four
copies (one for each inspector/contactor). The preferred file format for all lists is a
searchable Excel spreadsheet file. These files should be indexed and hyper-linked to
facilitate ease of use. If you have any questions regarding this information, please call
the inspection team leader as soon as possible.
Enclosure
CYBER-SECURITY INSPECTION DOCUMENT REQUEST
Table RFI #1
Request: IP Ref
A list of all Identified CSs/CDAs-highlight/note any additions,
deletions, reclassifications due to new guidance from white papers,
1 Overall
changes to NEI 10-04, 13-10, etc., since the last cyber-security
inspection
A list of Emergency Preparedness and Security onsite and offsite
2 Overall
digital communication systems
Network Topology Diagrams to include information and data flow for
3 Overall
critical systems in Levels 2, 3 and 4 (If available)
4 Ongoing Monitoring and Assessment program documentation 03.01(a)
The most recent effectiveness analysis of the Cyber-Security
5 03.01(b)
Program
6 Vulnerability screening/assessment and scan program documentation 03.01(c)
Cyber-Security Incident response documentation, including incident
detection, response, and recovery documentation as well as 03.02(a)
7 contingency plan development, implementation and including any and
program documentation that requires testing of security boundary 03.04(b)
device functionality
8 Device Access and Key Control documentation 03.02(c)
9 Password/Authenticator documentation 03.02(c)
10 User Account/Credential documentation 03.02(d)
Portable Media and Mobile Device control documentation, including
11 03.02(e)
kiosk security control assessment/documentation
Design change/modification program documentation and a list of all
design changes that affected CDAs that have been installed and
12 completed since the last cyber-security inspection, including either a 03.03(a)
summary of the design change or the 50.59 documentation of the
change
03.03(a)
Supply Chain Management documentation including any security
13 , (b) and
impact analysis for new acquisitions
(c)
Configuration Management documentation including any security
03.03(a)
14 impact analysis performed due to configuration changes since the last
and (b)
inspection
2
CYBER-SECURITY INSPECTION DOCUMENT REQUEST
Table RFI #1
Request: IP Ref
Cyber-Security Plan and any 50.54(p) analysis to support changes to
15 03.04(a)
the plan since the last inspection
03.06
16 Cyber-Security Metrics tracked (if applicable)
(b)
Provide documentation describing any cyber-security changes to the
17 Overall
access authorization program since the last cyber-security inspection
Provide a list of all procedures and policies provided to the NRC with
18 Overall
their descriptive name and associated number (if available)
03.06
19 Performance testing report (if applicable)
(a)
In addition to the above information please provide the following:
(1) Electronic copy of the Updated Final Safety Analysis Report (UFSAR) and
technical specifications.
(2) Name(s) and phone numbers for the regulatory and technical contacts.
(3) Current management and engineering organizational charts.
Based on this information, the inspection team will identify and select specific systems
and equipment (e.g., CSs/CDAs) from the information requested by Table RFI #1 and
submit a list of specific systems and equipment to your staff by April 01, 2023, for the
second RFI (i.e., RFI #2).
II. Additional Information Requested to be Available Prior to Inspection
As stated in Section I above, the inspection team will examine the returned
documentation requested from Table RFI #1 and submit the list of specific systems and
equipment to your staff by April 01, 2023, for the second RFI (i.e., RFI #2). The second
RFI will request additional information required to evaluate the CSs/CDAs, defensive
architecture, and the areas of the licensees CSP selected for the cyber-security
inspection. The additional information requested for the specific systems and equipment
is identified in Table RFI #2.
The Table RFI #2 information shall be provided electronically to the lead inspector by
May 01, 2023. If a CD is provided, please provide four copies (one for each
inspector/contactor). The preferred file format for all lists is a searchable Excel
spreadsheet file. These files should be indexed and hyper-linked to facilitate ease of
use. If you have any questions regarding this information, please call the inspection
team leader as soon as possible.
3
CYBER-SECURITY INSPECTION DOCUMENT REQUEST
Table RFI #2
Request
Items
For the system(s) chosen for inspection provide:
Ongoing Monitoring and Assessment activity performed on the
1 03.01(a)
system(s)
2 All Security Control Assessments for the selected system(s) 03.01(a)
All vulnerability screenings/assessments associated with or scans
3 performed on the selected system(s) since the last cyber-security 03.01(c)
inspection
Documentation (including configuration files and rules sets) for
Network-based Intrusion Detection/Protection Systems (NIDS/NIPS),
4 Host-based Intrusion Detection Systems (HIDS), and Security 03.02(b)
Information and Event Management (SIEM) systems for system(s)
chosen for inspection)
Documentation (including configuration files and rule sets) for
5 intra-security level firewalls and boundary devices used to protect 03.02(c)
the selected system(s)
Copies of all periodic reviews of the access authorization list for the
6 selected systems since the last inspection 03.02(d)
7 Baseline configuration data sheets for the selected CDAs 03.03(a)
Documentation on any changes, including Security Impact Analyses,
8 performed on the selected system(s) since the last inspection 03.03(b)
Copies of the purchase order documentation for any new equipment
9 purchased for the selected systems since the last inspection 03.03(c)
Copies of any cyber-security drills performed since the last 03.02(a)
10 inspection, along with any reports or assessments generated 03.04(b)
Copy of the individual recovery plan(s) for the selected system(s)
03.02(a)
11 including documentation of the results the last time the backups 03.04(b)
were executed
Corrective actions taken as a result of cyber-security
12 incidents/issues to include previous NRC violations and Licensee 03.04(d)
Identified Violations since the last cyber-security inspection
4
CYBER-SECURITY INSPECTION DOCUMENT REQUEST
III. Information Requested to be Available on First Day of Inspection
For the specific systems and equipment identified in Section II above, provide the
following RFI (i.e., Table 1ST Week Onsite) electronically by May 15, 2023, the first day
of the inspection.
Table 1ST Week Onsite
Request: Items
Any cyber-security event reports submitted in accordance with
1 03.04(a)
10 CFR 73.77 since the last cyber-security inspection
Updated Copies of corrective actions taken as a result of
cyber-security incidents/issues, to include previous NRC violations
2 03.04(d)
and Licensee Identified Violations since the last cyber-security
inspection, as well as vulnerability-related corrective actions
In addition to the above information please provide the following:
(1) Copies of the following documents do not need to be solely available to the
inspection team as long as the inspectors have easy and unrestrained access to
them.
a. UFSAR, if not previously provided;
b. Original Final Safety Analysis Report (FSAR) Volumes;
c. Original Safety Evaluation Report (SER) and Supplements;
d. FSAR Question and Answers;
e. Quality Assurance (QA) Plan;
f. Technical Specifications, if not previously provided; and
g. Latest Individual Plant Examination and Probabilistic Risk Assessment
(IPE/PRA) Report.
(2) Vendor Manuals, Assessment and Corrective Actions:
a. The most recent Cyber-Security QA audit and/or self-assessment; and
b. Corrective action documents (e.g., condition reports, including status of
corrective actions) generate as a result of the most recent Cyber-Security QA
audit and/or self-assessment.
5
CYBER-SECURITY INSPECTION DOCUMENT REQUEST
IV. Information Requested to be Provided Throughout the Inspection
(1) Copies of any corrective action documents generated as a result of the
inspection teams questions or queries during the inspection.
(2) Copies of the list of questions submitted by the inspection team members and
the status/resolution of the information requested (provided daily during the
inspection to each inspection team member).
If you have any questions regarding the information requested, please contact the inspection
team leader.
6