ML23012A240
| ML23012A240 | |
| Person / Time | |
|---|---|
| Issue date: | 02/16/2023 |
| From: | Raymond Furstenau Office of Nuclear Regulatory Research |
| To: | Rempe J Advisory Committee on Reactor Safeguards |
| Shared Package | |
| ML22357A078 | List: |
| References | |
| RG-1.152, Rev 4 | |
| Download: ML23012A240 (1) | |
Text
February 16, 2023 Joy L. Rempe, Chairman Advisory Committee on Reactor Safeguards U.S. Nuclear Regulatory Commission Washington, DC 20555
SUBJECT:
STAFF RESPONSE TO ACRS LETTER, DATED DECEMBER 21, 2022, IN REGARD TO PROPOSED DRAFT REGULATORY GUIDE 1.152, REVISION 4, CRITERIA FOR PROGRAMMABLE DIGITAL DEVICES IN SAFETY-RELATED SYSTEMS OF NUCLEAR POWER PLANTS
Dear Chairman Rempe,
The purpose of this letter is to provide the U.S. Nuclear Regulatory Commission (NRC) staff's response to the Advisory Committee on Reactor Safeguards (ACRS) letter dated December 21, 2022 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML22342B268), on the proposed draft Regulatory Guide (RG) 1.152, Revision 4, Criteria for Programmable Digital Devices in Safety-Related Systems of Nuclear Power Plants, (ADAMS Accession No. ML22244A199).
During the 701st meeting of the ACRS, which was held November 29 - December 2, 2022, the Committee reviewed proposed draft RG 1.152, Revision 4. In addition, the ACRS Digital Instrumentation and Control (DI&C) Systems Subcommittee reviewed this matter on November 17, 2022. In the letter dated December 21, 2022, the ACRS provided conclusions and the following recommendations to the NRC staff on the proposed draft RG 1.152, Revision 4.
- 1.
Proposed draft RG 1.152, Revision 4, should be issued for public comment after incorporation of our recommendations 2, 3, and 4.
- 2.
The RG introduction should include a brief discussion highlighting that a robust safety-related system architecture and its fundamental design principles are key elements for developing sound safety-related protection and safeguards systems.
- 3.
To comply with Commission direction, the RG should be revised to provide an example of use of RG 5.71 guidance during the design phase by noting the use of hardware-based, uni-directional communication is an approach the staff considers acceptable.
- 4.
The RG should incorporate a new clarification that strongly discourages the use of any active virus detection features that interact with and can prevent the normal execution of safety-related system software.
The NRC staff has revised the proposed draft RG 1.152, Revision 4, to implement the ACRS recommendations, as well as the feedback received from both internal and external stakeholders during the ACRS meetings as follows:
- 1)
Recommendation 1 from the ACRS was to issue draft RG 1.152, Revision 4, for public comment after the staff has incorporated ACRS recommendations 2 through 4. The staff has modified the RG accordingly and these modifications are discussed below. In addition, the staff plans to issue the RG for public comment 2 weeks after issuance of this letter.
- 2)
To address ACRS recommendation 2, Section B, Discussion, was modified to add the following paragraph (and Footnote 1) under background:
The instrumentation and controls (I&C) design should ensure that the safety-related equipment or components can be qualified, procured, installed, commissioned, operated, and maintained to be capable of withstanding, with sufficient reliability and robustness, all conditions specified in the plant design basis or licensing basis. To achieve adequate defense in depth, the I&C architecture and systems design should meet certain fundamental I&C design principles to support the assessment of defense-in-depth adequacy for the overall plant. Fundamental I&C design principles consist of independence, redundancy, diversity and defense in depth, and deterministic behavior (predictability and repeatability). Incorporating these principles in the design facilitates addressing specific hazards within the design (e.g., fault propagation). While diversity is part of the fundamental I&C design principles, it is only considered one means to address CCF. Therefore, the review of diversity focuses more broadly on supporting the defense-in-depth assessment and other measures to address CCF1.
See the NRC Design Review Guide, Instrumentation and Controls for Non-Light-Water Reactor (NON-LWR) Reviews, dated October 8, 2020, for more information.
- 3)
To address ACRS recommendation 3, Section C, Staff Regulatory Guidance, was modified to add the following paragraph to staff clarification 3.4 (previously clarification 3.3).
Within such consideration, measures should be included to ensure that safety-related I&C systems do not present an electronic path that could enable unauthorized access to the plants safety-related system (e.g., the use of a hardware-based unidirectional device is one approach the NRC staff would consider acceptable for implementing such measures).
- 4)
To address ACRS recommendation 4, Section C, Staff Regulatory Guidance, was modified to add new staff clarification 3.2 as follows:
3.2 Clause 5.9.3 provides criteria for the interaction between cyber security features (e.g., intrusion detection software, virus protection software, access control software) and safety functions. Licensees and applicants should avoid implementation of cyber security features directly in the safety-related systems. In any case, implementation of cyber security features shall not adversely impact the performance, effectiveness, reliability, or operation of safety functions.
In response to additional feedback during the meetings cited above, the staff also made the following changes to proposed draft RG 1.152, Revision 4.
In Section C, Staff Regulatory Guidance, the staff added new clarification 1.1.3 as follows:
1.1.3 Annex D discusses Annex C in the background section. However, as discussed in Section C1a(1)1.1 of this guide, the NRC staff has not endorsed Annex C of IEEE Std 7-4.3.2-2016 because it simply provides useful reference information, rather than specific guidance.
In Section C, Staff Regulatory Guidance, the staff added new clarifications 5 and 5.1 as follows:
(5)
Use of Commercial Digital Equipment 5.1 Clause 5.17 of IEEE Std 7-4.3.2-2016 provides criteria that the NRC staff finds acceptable for addressing the use of commercial digital equipment in safety-related systems of nuclear power generations. Clause 5.17 references Annex C for additional information about commercial grade item acceptance and dedication. However, as discussed in Section C1a(1)1.1 of this guide, the NRC staff has not endorsed Annex C of IEEE Std 7-4.3.2-2016.
In addition, in Section C, Staff Regulatory Guidance, the staff revised clarification 2.1.1 for clarity as follows (new text in italics):
2.1.1 Provisions for interdivisional communication should be included to prevent the ability to send software instructions to a safety function processor that could adversely impact the processors functionality unless all safety functions associated with that processor are either bypassed or not in service. The progress of a safety function processor through its instruction sequence should not be affected by any message from outside its division. For example, a received message should not be able to direct the processor to execute a subroutine or branch to a new instruction sequence.
The staff appreciates the opportunity to engage the ACRS on this draft RG. The feedback received has improved the clarity of the guidance for all stakeholders. The proposed draft RG 1.152, Revision 4, is available in ADAMS (ADAMS Accession No. ML23012A242) and the staff plans to issue it for public comment 2 weeks after issuance of this letter.
Sincerely, Tappert, John signing on behalf of Furstenau, Raymond on 02/16/23 Raymond V. Furstenau, Director Office of Nuclear Regulatory Research
Memo: ML23012A240
- via e-Concurrence OFFICE RES/DE/RGPMB RES/DE/RGPMB NRR/DEX/ELTB RES/DE/RGPMB NRR/DRO/IQVB NRR/DEX/ELTB NAME M. Eudy S. Sahle K. Nguyen B. Curran K. Kavanagh J. Paige DATE 01/13/2023 01/13/2023 01/13/2023 01/17/2023 01/17/2023 01/17/2023 OFFICE NSIR/DPCP/CSB RES/DE/RGPMB NRR/DEX NRR/DRO NSIR/DPCP RES/DE NAME B. Yip (M. Fernandez for)
M. Rahimi E. Benner R. Felts G. Bowman L. Lund (J. McKirgan for)
DATE 01/19/2023 01/17/2023 01/20/2023 01/23/2023 01/22/2023 01/19/2023 OFFICE OGC/LHE/RP OEDO/EDO RES NAME S. Clark D. Dorman (CHaney for)
R. Furstenau (J. Tappert for)
DATE 02/02/2023 02/ 15 /2023 02/ 16 /2023