ML23152A258

From kanterella
Jump to navigation Jump to search
IMC 0612 Appendix E Public Meeting
ML23152A258
Person / Time
Issue date: 06/02/2023
From: Kim Lawson-Jenkins
NRC/NSIR/DPCP/CSB
To:
References
ML23152A256
Download: ML23152A258 (1)
v  d  e


Text

NRC Inspection Manual Chapter 0612 Appendix E - Minor Examples Kim Lawson-Jenkins Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission 1

Overview

  • Cybersecurity Inspections
  • New Cybersecurity Minor Examples
  • Next Steps 2

Cybersecurity Inspections

  • Milestones 1 through 7

- CDA identification

  • Full implementation (Milestone 8)

- CDA assessments, PMMD, alternate controls

  • Reactor Oversight Program

- Areas related to maintaining an effective cybersecurity program CDA - critical digital asset PMMD - portable media and mobile devices 3

IMC 0612 Appendix B - Issue Screening Is the performance deficiency More-than-Minor?

If the answer to any of the following questions is yes, then the performance deficiency is More-than-Minor and is a finding. If the answer to all of the following questions is no, then the performance deficiency is minor and is not a finding.

1. Could the performance deficiency reasonably be viewed as a precursor to a significant event?
2. If left uncorrected, would the performance deficiency have the potential to lead to a more significant safety concern?
3. Is the performance deficiency associated with one of the cornerstone attributes and did the performance deficiency adversely affect the associated cornerstone objective? 4

IMC 0612 Appendix B - Issue Screening Defense in Depth considerations

  • Multiple layers of defensive security controls are placed throughout the system with the intent of providing overlapping defenses in the event that a control fails, or a vulnerability is exploited 5

New Cybersecurity Minor Examples

  • Baseline Configuration
  • Ongoing Monitoring and Assessment
  • Removal of Unnecessary Services and Programs
  • Physical Access Control
  • Evaluate and Manage Cyber Risk (Vulnerability Management) 6

Next Steps

  • June 15 - Draft to be shared regional inspectors; comment period closes by June 30
  • July 15 - Comments resolved; updated section of the IMC is submitted to Office of Nuclear Reactor Regulations (NRR) 7
Retrieved from "https://kanterella.com/w/index.php?title=ML23152A258&oldid=3567372"