ML23024A148

From kanterella
Jump to navigation Jump to search
January 2023 DG5079 Public Meeting Powerpoint
ML23024A148
Person / Time
Issue date: 01/24/2023
From: Dan Warner
NRC/NSIR/DPCP/CSB
To:
References
DG-5079, RG-5.083
Download: ML23024A148 (6)
v  d  e


Text

DG-5079, Revision to RG 5.83, Cybersecurity Event Notifications Dan Warner Office of Nuclear Security and Incident Response Division of Physical and Cyber Security Policy Cyber Security Branch

Reason for Revision

  • RG 5.83, Cybersecurity Event Notifications, Rev 0 was issued in 2015. Lessons learned over the years have identified areas within the RG that could benefit from clarification and additional examples of reportable events.
  • NEI requested NRC endorsement of NEI 15-09, Cybersecurity Event Notifications, Revision 1, in the end of 2022. This revision will approve NEI 15-09, Revision 1 for use as an acceptable method to meet the requirements of 10 CFR 73.77.

2

DG-5079 Key Changes for RG 5.83

  • Key changes:

- Editorial changes to align the document with the current revision of the NRC Style Guide.

- Approves NEI 15-09 Revision 1 for use as an acceptable method to meet the requirements of 10 CFR 73.77.

- Added discussion to Section 2.3 Eight-hour notifications on devices residing on the same network as a CDA or devices that support CDAs. Also added an example for malicious activity observed on a boundary device protecting a network containing CDAs.

- Revised Glossary to align definitions with the latest revision to RG 5.71, Cybersecurity Programs for Nuclear Power Reactors.

3

Approval for Use of NEI 15-09 Revision 1

  • DG-5079 approves NEI 15-09, Revision 1, for use as an acceptable method to meet the requirements of 10 CFR 73.77 with the following notes:

- NEI 15-09, Revision 1, uses the terms higher security level network and lower security level network. NRC staff are adopting the terms higher security level network to replace protected network and lower security level network to replace unprotected network.

- Appendix D - Glossary of NEI 15-09, Revision 1, provides definitions for terms used within the document. The definitions in DG-5079 were revised to reflect changes in the latest version of RG 5.71, Cybersecurity Programs and may be different from those defined within NEI 15-09, Rev.

1. Where any differences occur, the definition applies only to the document in which it resides.

4

Schedule for Final Revision to RG 5.83

  • NSIR submit DG-5079 to RES - Beginning of February
  • RES issues DG-5079 for public comment - End of March
  • Public comment period ends beginning of May

Questions?

6

Retrieved from "https://kanterella.com/w/index.php?title=ML23024A148&oldid=3525643"