ML23275A142

From kanterella
Jump to navigation Jump to search
IP 71130.01 Access Authorization
ML23275A142
Person / Time
Issue date: 12/21/2023
From: Eric Wharton
NRC/NSIR/DSO/SOSB
To:
References
CN 23-039
Download: ML23275A142 (1)
v  d  e


Text

NRC INSPECTION MANUAL NSIR/DSO INSPECTION PROCEDURE 71130.01 ACCESS AUTHORIZATION Effective Date: January 1, 2024 PROGRAM APPLICABILITY: IMC 2201 A 71130.01-01 INSPECTION OBJECTIVES 01.01 To verify that the licensees implementation of its Access Authorization (AA) program is in accordance with the U.S. Nuclear Regulatory Commission (NRC)-approved security plans.

01.02 To verify that the licensees implementation of its AA program provides assurance that individuals granted unescorted access are trustworthy, reliable, and do not constitute an unreasonable risk to public health and safety or the common defense and security.

01.03 To verify that the licensees implementation of the behavioral observation provisions of the licensees AA program provides assurance of continued reliability and trustworthiness of personnel with unescorted access.

01.04 To verify and assess that the licensees implementation of the provisions of the insider mitigation program are effective in mitigating the active insider and active violent insider.

01.05 To verify that the licensees physical protection program associated with this sample is designed and implemented to meet the general performance objective of Title 10 of the Code of Federal Regulations (10 CFR) 73.55(b).

71130.01-02 INSPECTION REQUIREMENTS General Guidance Through verification of the inspection requirements within this inspection procedure (IP),

the inspector(s) shall ensure that the licensees physical protection program associated with this sample is designed and implemented to meet the general performance objective of 10 CFR 73.55(b).

In preparing to complete this IP, the inspector(s) should familiarize themselves with relevant documentation which may include, but is not limited to, the licensee's security plans, site-specific and/or corporate implementing procedures, security post orders, and security program reviews and audits. Specifically, the inspector should apply additional attention to recent security plan changes that could be relevant to the inspection activity.

The inspector(s) are responsible for ensuring that the minimum range of inspection requirements identified within the sample are completed and evaluated to a level which provides assurance that licensees are meeting NRC regulatory requirements within the security program area being inspected. The guidance within this procedure is being Issue Date: 12/21/23 1 71130.01

provided as a tool which: (1) recommends to the inspector(s) certain methods and techniques for determining licensee security program compliance and effectiveness related to an inspection requirement or (2) clarifies certain aspects of a regulatory requirement associated with a particular inspection requirement. Where minimum sampling numbers are indicated (i.e., at least (three) intrusion detection system zones shall be tested, or at least 20 percent of the total personnel on a shift will be selected for weapons firing, etc.), the inspector(s) should adhere as closely as possible to the numbers identified in the guidance. The inspectors may expand the minimum number to aid in determining the extent of the condition, should compliance concerns arise.

Completion of other recommended actions contained in this guidance should not be viewed as mandatory and is only intended to assist the inspector(s) in determining whether an inspection sample has been adequately addressed. Should questions arise regarding procedural requirements or guidance, the inspector(s) should consult with regional management or the Office of Nuclear Security and Incident Response, the program office, for clarification.

In assessing the licensees AA program, the inspector(s) must determine whether the licensees program obtains sufficient information on which to base an initial determination to grant a person unescorted access. The total accumulation of information about the person is the basis for the unescorted access determination. A sound determination requires the assessment of all data provided by the applicant and developed through the investigation to determine whether the applicant has been truthful in providing the information necessary for the reviewing official to decide that the applicant is trustworthy and reliable and does not constitute a risk to the health and safety of the public, and the common defense and security including the risk of committing radiological sabotage.

In no case should a licensee make access decisions by exception through application of best effort. Best effort is limited to the effort applied to a specific past or present employer of the applicant or academic institution attended by the applicant and cannot be used to satisfy the requirements for meeting the criteria to establish trustworthiness and reliability.

After the initial decision to grant unescorted access, the licensee must ensure that each person granted unescorted access is a part of an effective behavioral observation program designed to recognize behaviors that, if left unaddressed, could have an adverse effect on the public health and safety or the common defense and security. The program may include insider mitigation attributes.

The Fitness-for-Duty (FFD) program is critically intertwined in the AA program.

Therefore, the inspector(s) should include the related portions of the FFD inspection procedure to ensure that all pre-access activities are incorporated in the overall program and prevent the licensee from granting unescorted access prematurely.

The inspector(s) should review the remaining elements of the program to ensure that records are appropriately maintained and protected and that access reviews are sufficiently independent to ensure a person who has been denied unescorted access has an opportunity to present any additional information on the access decision. The inspector(s) should review the documentation from a representative sample of AA decisions to identify: (1) cases in which unescorted access was not terminated due to failure to report arrests; (2) cases in which persons testing positive for alcohol or other Issue Date: 12/21/23 2 71130.01

prohibited substances continued to be authorized unescorted access or were returned to unescorted access status after an initial removal; and (3) the rate of for-cause referrals for other than suspected alcohol abuse.

TIER I 02.01 Implementing Procedures

a. Verify that the licensee implements procedures to ensure that personnel denied unescorted access after January 1, 1997, are included in a common industry database.

(10 CFR 73.56(o)(6)(i), 10 CFR 73.56(o)(6)(ii)).

Specific Guidance When inspecting this requirement, the inspector(s) should review the licensees procedures to verify that the licensee has established a method to share AA information with other licensees. Specifically, the inspector(s) should verify that the licensee has procedures that outline the implementation of an information sharing mechanism to share information with other licensees pertaining to individuals who have been denied unescorted access as a result of not meeting or maintaining the trustworthiness and reliability criteria for unescorted access in accordance with 10 CFR 73.56.

b. Verify that the licensee implements procedures to ensure that individuals performing background investigations have met criteria that are consistent with the requirements for persons undergoing background investigations. (10 CFR 73.56(k)(1),

10 CFR 73.56(k)(2))

Specific Guidance To inspect this requirement, the inspector(s) should review the licensees procedures to verify that the licensee implements measures to determine the trustworthiness and reliability of personnel (background screeners and access authorization personnel) who collect and process information that will be used by a reviewing official to make unescorted access or unescorted AA determinations. At a minimum, the licensees procedures should address the following: (1) verification of the individuals true identity; (2) performance of a local criminal history through a State or local court; (3) the conduct of a local credit history evaluation; (4) the conduct of an employment history evaluation covering the last 3 years; and (5) the conduct of a character and reputation evaluation.

c. Verify that the licensee implements procedures to ensure that persons granted unescorted access are aware and remain aware of their responsibility to report arrests and are notified in writing of their responsibilities. (10 CFR 73.56(g))

Specific Guidance To inspect this requirement, the inspector(s) should review the licensees procedures to verify that the licensee has an established legal action reporting program that includes, at a minimum, the following: (1) requirements for individuals with or who have applied for unescorted access or unescorted AA to promptly report any legal actions such as arrests, criminal charges, convictions, or proceedings; (2) a method for notifying an individual in writing of their obligation to report legal action; and (3) actions that Issue Date: 12/21/23 3 71130.01

recipients of a legal action report are required to take upon receipt of a report. The legal action reporting program excludes minor civil actions or misdemeanors such as parking violations or speeding tickets.

02.02 Granting Unescorted Access and Reinvestigations

a. Verify that the licensee implements adequate provisions to obtain sufficient information to determine the true identity of applicants for unescorted access. (10 CFR 73.56(d)(3))

Specific Guidance The inspector(s) should review licensees procedures, records, and practices to verify that the licensee demonstrates measures to validate an individuals true identity. Those measures should include the following minimum requirements: (1) a process to validate that the social security number that the individual has provided is their own and, in the case of foreign nationals, validate the claimed non-immigration status that the individual has provided is correct; and (2) a method to determine whether the results of the fingerprinting confirm the individuals claimed identity, if such results are available.

b. Verify that the licensee conducts employment and education verifications and suitable inquiries within the required time constraints. (10 CFR 73.56(h)(4))

Specific Guidance The inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee demonstrates methods to verify employment and education and perform suitable inquiries of applicants requesting initial unescorted access or unescorted AA in accordance with 10 CFR 73.56(h)(4). Additionally, the inspector(s) should examine the licensees processes to confirm that the licensee demonstrates methods to verify employment and education and perform suitable inquiries of individuals who have previously been granted unescorted AA, but whose access had been terminated or interrupted for a period of time.

c. Verify that the licensee requires applicants to undergo professionally accepted and standardized psychological evaluations as required. (10 CFR 73.56(e))

Specific Guidance When inspecting this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee has methods in place to ensure that a psychological assessment is completed before an individual is granted unescorted access or certified unescorted AA. The inspector(s) should also review the psychological assessment(s) that the licensee uses and determine if the assessment(s) is designed to evaluate the possible adverse impact of any noted psychological characteristics on an individuals trustworthiness and reliability. While reviewing the psychological assessment(s), the inspector(s) should confirm that the licensees psychological assessment(s) include, at a minimum: (1) a standardized, objective, professionally accepted psychological test that provides information to identify indications of disturbances in personality or psychopathology that may have adverse implications for an individuals trustworthiness and reliability; (2) a licensed psychiatrist or psychologist established the predetermined thresholds of the test that will be applied in interpreting the results of the psychological test to determine whether an individual Issue Date: 12/21/23 4 71130.01

must be interviewed by a licensed psychiatrist or psychologist; and (3) the assessment(s) are conducted in accordance with the applicable ethical principles for conducting such assessments established by the American Psychological Association or American Psychiatric Association.

d. Verify that a clinical interview by a licensed psychiatrist or psychologist is conducted for individuals who provide indication of disturbances in personality or psychopathology during the psychological assessment that may have implications on trustworthiness and reliability. (10 CFR 73.56(e)(4))

Specific Guidance For the inspection of this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that clinical interviews are performed by a licensed psychiatrist or psychologist for individuals whose scores on the psychological assessments are outside of the predetermined thresholds that are indicative of disturbances in personality or psychopathology that may have implications for an individuals trustworthiness and reliability.

e. Verify that the licensees reviewing official reviews and evaluates all of the background information required by 10 CFR 73.56 in making AA decisions for the trustworthiness and reliability of individuals applying for unescorted access or unescorted AA.

(10 CFR 73.56(h)(1))

Specific Guidance The inspector(s) should review a sample of AA records, in particular those that have been adjudicated, to ensure that each specific program element, both individually and collectively, meet the assurance standard described in the rule.

f. Verify that the licensee reviews credit history summaries for the entire period identified on personal history questionnaires that are provided. (10 CFR 73.56(d)(5))

Specific Guidance When inspecting this requirement, the inspector(s) should review licensees procedures, records, and practices to confirm that the licensee conducts full credit history evaluations of individuals applying for unescorted AA. The licensees procedures, records, and practices should identify that a full credit evaluation includes, but is not limited to, an inquiry to detect the potential fraud or misuse of social security numbers or other financial identifiers and review an evaluation of all the information that is provided by a national credit-reporting agency about an individuals credit history. Additional provisions should be included in the licensees AA program that stipulate methods to perform a credit history review of foreign nationals and U.S. citizens who have resided outside of the U.S. and do not have established credit history that covers, at least, the most recent 7 years in the U.S. The licensees credit history evaluation should also include a comparison between the data produced from an individuals credit report to the information the individual submitted on their personal history questionnaire.

g. Verify that the licensee appropriately implements the standard of best effort while conducting employment history evaluations. (10 CFR 73.56(d)(4))

Issue Date: 12/21/23 5 71130.01

Specific Guidance The inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee has methods in place to implement the standard of best effort.

Specifically, the licensees procedures, records, and practices should identify that employment history evaluations are completed on a best effort basis, by questioning an individuals present and former employers, and by determining the individuals activities while unemployed. In no case should a licensee make access decisions by exception.

Best effort is limited to the specific effort applied to a specific past or present employer of the applicant and cannot be used for the cumulative satisfaction of the requirements for meeting a test to establish trustworthiness and reliability.

h. Verify that the licensee appropriately implements the requirements for submitting fingerprints, including the restrictions on requesting name searches.

(10 CFR 73.56(d)(3), 10 CFR 73.57(b))

Specific Guidance When inspecting this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee is submitting fingerprints in accordance with requirements and exceptions set forth in both 10 CFR 73.56(d)(3) and 10 CFR 73.57(b).

i. Verify that individuals who are members of the population that perform one or more job functions that are critical to the safe and secure operation of the licensees facility, as defined in 10 CFR 73.56(i)(1)(v)(B), are subject to a clinical interview by a licensed psychiatrist or psychologist as part of the psychological assessment.

(10 CFR 73.56(e)(4)(ii))

Specific Guidance When inspecting this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee requires the following individuals to undergo a clinical interview as part of the psychological assessment:

1. Individuals who have extensive knowledge of defensive strategies and design and/or implementation of the plants defensive strategies, including:

(a) site security supervisors (b) site security managers (c) security training instructors (d) corporate security managers

2. Individuals in a position to grant an applicant unescorted access or unescorted AA, including site AA managers.
3. Individuals assigned a duty to search for contraband or other items that could be used to commit radiological sabotage.

Issue Date: 12/21/23 6 71130.01

4. Individuals who have access, extensive knowledge, or administrative control over plant digital computer and communication systems and networks as identified in 10 CFR 73.54, including:

(a) plant network systems administrators (b) information technology personnel who are responsible for securing plant network

j. Verify that the licensee reinvestigates all personnel having unescorted access to NRC-licensed facilities. (10 CFR 73.56(h)(6)(i))

Specific Guidance No inspection guidance.

k. Verify that the licensee reviews and evaluates Federal Bureau of Investigation (FBI) criminal history records before authorizing unescorted access. (10 CFR 73.57(b),

10 CFR 73.56(d)(7))

Specific Guidance The inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee reviews and evaluates an individuals FBI criminal history records prior to authorizing unescorted access and considers the information contained in the records in determining the individuals suitability for unescorted access in accordance with 10 CFR 73.57(b).

02.03 Behavioral Observation Program and Insider Threat Mitigation

a. Verify that the licensee reassesses and reapproves personnel access lists for vital areas (VAs) at the prescribed frequency to confirm that personnel on the VAs access list have a continued need to access VAs. (10 CFR 73.56(j))

Specific Guidance The inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee reassess and reapproves personnel access lists for VAs at the prescribed frequency to confirm that personnel on the VA access list have a continued need to access VAs. Specifically, the licensees access list for VAs must include: (1) only individuals who have a continued need for access to those specific VAs in order to perform their duties and responsibilities; (2) must be approved by a cognizant licensee or applicant manager or supervisor who is responsible for directing the work activities of the individual who is granted unescorted access to each VA; and (3) the list is updated and reapproved no less than every 31 days.

b. Verify that the licensee screens individuals on personnel access list to ensure that they have a continued need for access to VAs, not just a possibility of needing unescorted access at some undefined time in the future. (10 CFR 73.55(g)(1)(i)(D) and 10 CFR 73.56(j))

Specific Guidance No inspection guidance.

Issue Date: 12/21/23 7 71130.01

c. Verify that the licensee implements provisions for conducting criminal history and credit history reevaluations within 3 years of the date they were last completed and psychological reassessments within 5 years of the date they were last completed for individuals who perform one or more job functions that are critical to the safe and secure operation of the licensees facility as identified in 10 CFR 73.56(i)(1)(v)(B).

Specific Guidance.

When inspecting this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee implements provisions for conducting criminal history and credit history reevaluations within 3 years of the date they were last completed and psychological reassessments within 5 years of the day on which the individual was last psychologically assessed. The criminal history and credit history reevaluations shall be completed within 30 calendar days of each other, and the psychological reassessment must include a clinical interview (10 CFR 73.56(i)(1)(v)(C) and 10 CFR 73.56(e)(4)(ii)). These individuals include:

1. Individuals who have extensive knowledge of defensive strategies and design and/or implementation of the plants defensive strategies, including:

(a) site security supervisors (b) site security managers (c) security training instructors (d) corporate security managers

2. Individuals in a position to grant an applicant unescorted access or unescorted AA, including site AA managers.
3. Individuals assigned a duty to search for contraband or other items that could be used to commit radiological sabotage.
4. Individuals who have access, extensive knowledge, or administrative control over plant digital computer and communication systems and networks as identified in 10 CFR 73.54, including:

(a) plant network systems administrators (b) information technology personnel who are responsible for securing plant networks

5. Individuals qualified for and assigned duties as: armed security officers, armed responders, alarm station operators, response team leaders, and armorers as defined in the licensees or applicants security plans; and reactor operators, senior reactor operators, and non-licensed operators.
d. Verify that the licensee implements provisions for conducting and reviewing annual supervisory reviews. (10 CFR 73.56(i)(1)(iv))

Issue Date: 12/21/23 8 71130.01

Specific Guidance No inspection guidance.

02.04 Information Sharing

a. Verify that the licensee implements measures to ensure that shared information which may have an adverse effect on an individuals trustworthiness and reliability, is updated or provided to other licensees or industry entities in a timely fashion so informed AA decisions can be made. (10 CFR 73.56(o)(6)(i))

Specific Guidance When inspecting this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee implements measures to ensure that shared information which may have an adverse effect on an individuals trustworthiness and reliability is updated or provided to other licensees or industry entities in a timely fashion. Specifically, the inspector(s) should review the licensees AA program to confirm that the licensee has methods in place to ensure if/when shared information is developed about an individual, the licensee that acquired the information shall correct or augment the data and ensure it is shared with other licensees. If the information has implications for adversely affecting an individuals trustworthiness and reliability, the licensee who discovered or obtained the information informs the reviewing official of any licensee AA program under which the individual is maintaining their unescorted AA or unescorted access status of the updated information on the day of the discovery.

b. Verify that the licensee or entity ensures that violations, within its respective FFD program, for any 10 CFR Part 26 program elements are identified to any licensee having taken credit for the activities of the licensee in violation and to any licensee who may attempt to take credit for the activities of the licensee in violation. (10 CFR 26.53(g))

Specific Guidance When inspecting this requirement, the inspector should review the licensees processes for the sharing of FFD information related to AA to ensure that a process exists to inform other licensees or entities (whom may have taken credit for/used this licensees/entitys FFD program information) of violations within their respective FFD program.

TIER II 02.05 Implementing Procedures

a. Verify that the licensee implements procedures and processes that address obtaining and explaining informed consent, to include the withdrawal of consent, for individuals subject to background investigations required for unescorted access and unescorted AA.

(10 CFR 73.56(d)(1))

Issue Date: 12/21/23 9 71130.01

Specific Guidance When inspecting this requirement, the inspector(s) should review the licensees implementing procedures and/or AA records to verify that the licensee has established a method to obtain informed consent to conduct background investigations on individuals applying for unescorted access or unescorted AA. The inspector(s) should also verify that these measures include explaining informed consent and the withdrawal of consent to individuals applying for unescorted access or unescorted AA.

b. Verify that the licensees procedures describe how it protects personal information maintained in the licensees personnel information management system.

(10 CFR 73.56(m))

Specific Guidance When inspecting this requirement, the inspector(s) should review the licensees procedures to verify that licensees procedures address the protection of personal information used by the licensee to process the applications of individuals seeking unescorted access or unescorted AA. The licensee procedures should address the specific measures for the protection of this information during the time the information is being used for the determination process as well as once unescorted access has been granted and the personal information is then being maintained in accordance with 10 CFR 73.56(o)(2)(i). Licensees or their contractors and vendors who implement the unescorted AA programs in accordance with these criteria should retain the records on which the AA is based or denied for the duration of the unescorted access and for 5 years following access denial or access termination from the authorizing licensees program.

02.06 Granting Unescorted Access, Reinvestigations, and Maintaining Authorization

a. Verify that the licensee implements AA categories and processes for determinations regarding initial unescorted access, updated unescorted access, and reinstatement of unescorted access. (10 CFR 73.56(h))

Specific Guidance When inspecting this requirement, the inspector(s) should review the licensees procedures to verify that the licensee has established methods for granting unescorted access and certifying unescorted AA for individuals applying for initial unescorted access. Additionally, the inspector(s) should review the licensees procedures to verify that the licensee has established methods to grant or deny unescorted access or unescorted AA to individuals who have previously been granted unescorted AA, but whose access had been terminated or interrupted for a period of time.

Verify that the licensee has provisions in place to reassess and reevaluate information received by or provided to the licensee on the day of discovery, that may have an effect on the trustworthiness or reliability of a person with unescorted AA.

(10 CFR 73.56(g)(1))

Specific Guidance No inspection guidance.

Issue Date: 12/21/23 10 71130.01

b. Verify that the licensee establishes criteria in accordance with the regulations for verifying the trustworthiness and reliability of individuals who collect process or have access to background information. (10 CFR 73.56(k))

Specific Guidance No inspection guidance.

02.07 Behavioral Observation Program

a. Verify that the licensees behavioral observation program ensures the ability to recognize behaviors or activities adverse to the safe operation and security of the facility.

(10 CFR 73.56(f)(1))

Specific Guidance The inspector(s) should review the licensees related behavioral observation program procedures, records, and lesson plans to confirm that the licensee ensures that its program ensures the ability to recognize behaviors or activities adverse to the safe operation and security of the facility.

b. Verify that the licensees procedures include a method to validate the implementation of the licensees behavior observation program for off-site employees who maintain unescorted access. (10 CFR 73.56(f)(1))

Specific Guidance No inspection guidance.

02.08 Information Sharing

a. Verify that the licensee implements a method to share information pertaining to individuals who have unescorted access or unescorted AA with other licensees or entities that are required to maintain AA programs in accordance with 10 CFR 73.56.

(10 CFR 73.56(o)(6))

Specific Guidance The inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee has methods in place to share information pertaining to individuals who have unescorted access or unescorted AA with other licensees and entities that are required to maintain AA programs. Specifically, the inspector(s) should review the licensees AA program to confirm that the licensee has methods in place to ensure the following:

1. Licensees who are authorized to add or manipulate data, within an information-sharing mechanism that is shared with other licensees, ensures that the data linked information about individuals who have applied for unescorted AA, as specified in licensee AA program documents, is retained.
2. If the shared information used for determining an individuals trustworthiness and reliability changes or new or additional information is developed about the individual, the licensee that is acquiring this information shall correct or augment the data Issue Date: 12/21/23 11 71130.01

contained within the information-sharing mechanism. If changed, additional, or developed information that has implications for adversely affecting an individuals trustworthiness and reliability, the licensee who discovered or obtained the information informs the reviewing official of any licensee AA program under which the individual is maintaining their unescorted AA or unescorted access status of the updated information on the day of the discovery.

3. The receiving licensees reviewing official evaluates the information and takes appropriate actions, which may include denial or unfavorable termination of unescorted AA or unescorted access.
4. If the information-sharing mechanism is unavailable and notification of change or updated information is required, the licensee takes manual actions to ensure that the information is shared, and the data is updated in the information-sharing mechanism as soon as reasonably possible.
5. Records that are maintained in the database are available for NRC review.
b. Verify that the licensee denies access to the PA for personnel who have been denied access based on NRC requirements. (10 CFR 73.56(h)(3))

Specific Guidance No inspection guidance.

c. Verify that the licensee ensures that personnel with unescorted access or unescorted AA, who are in a licensee, contractor, or vendor FFD follow-up program, are identified to any subsequent licensee or entity to enable continuation of the follow-up activities by the receiving licensee or entity. (10 CFR 26.69(e)(1))

Specific Guidance The inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee has methods in place to ensure that personnel with unescorted access or unescorted AA, who are in a licensees, contractors, or vendors FFD follow-up program, are identified to any subsequent licensee or entity to enable continuation of the follow-up activities by the receiving licensee or entity. Specifically, the inspector(s) should review the licensees AA program to confirm that when the licensee imposes FFD treatment and/or a follow-up testing plan that the licensee ensures that information documenting the treatment and/or follow-up testing plan is identified to any subsequent licensee or entity who seeks to grant authorization to the individual.

TIER III 02.09 Reviews Events and Logs. Review and evaluate the licensees physical security event log for the previous 12 months, or since the last inspection, for events associated with AA and follow up, if appropriate. In conjunction with IP 71153, Follow up of Events and Notices of Enforcement Discretion, review any written follow-up reports of physical security events associated with AA. (10 CFR 73.55(b)(10),10 CFR 73.1205, 10 CFR 73.1210)

Issue Date: 12/21/23 12 71130.01

Security Program Reviews. Verify the licensee conducts AA program reviews as required by 10CFR 73.56(n). Also verify the licensees AA program is included in the security program reviews as required by regulations (10 CFR 73.55(b)(7), (b)(9)(ii)(A),

and (m)).

Identification and Resolution of Problems. Verify that the licensee is identifying issues related to the AA program at an appropriate threshold and entering them in the licensees problem identification and resolution program. Verify that the licensee has appropriately resolved the issues regarding regulatory requirements for a selected sample of problems associated with AA programs. (10 CFR 73.55(b)(10))

Specific Guidance.

Before the inspection, the inspector should determine if a Security Event Report (SER),

in accordance with 10 CFR 73.1205 has been submitted to the NRC by the licensee.

Closeout of SERs is performed under section 03.02 of IP 71153; however, assess if additional follow-up under this IP is warranted for the conditions or corrective actions associated with the SER.

The inspector(s) should review and evaluate licensee physical security event log entries documented in accordance with 10 CFR 73.1210, since at least the last inspection, that are associated with the AA program. If discrepancies or deficiencies are identified during this review, the inspector(s) should follow up as necessary.

The inspector(s) should review the documented results of the security program reviews or audits performed by the licensee to ensure the continued effectiveness of its AA program. The inspector(s) should ensure that the reviews have been conducted in accordance with the requirements of 10 CFR 73.55(m). The inspector(s) should also request and review a copy of the report that was developed and provided to licensee management. The inspector(s) should review the report to identify any findings that were identified via the review or audit to ensure the findings were entered in the licensees problem identification and resolution program.

The inspector(s) should review a sample of entries in the licensees Problem Identification and Resolution program associated with the AA program. The intent of this review is to verify that the licensee is identifying deficiencies at the appropriate threshold, tracking deficiencies for trending, and correcting deficiencies commensurate with their security significance. Inspectors can follow-up on select samples in accordance with this procedure to ensure corrective actions are commensurate with the significance of the issue. Refer to IP 71152, Problem Identification and Resolution (PI&R), section 03.01 for additional guidance.

02.10 Personnel Information Management

a. Verify that the licensee implements a personnel information management system to protect personal and confidential information. (10 CFR 73.56(m), 10 CFR 73.56(m)(1),

and 10 CFR 73.56(m)(3)).

Issue Date: 12/21/23 13 71130.01

Specific Guidance When inspecting this requirement, the inspector(s) should review the licensees procedures, records, and practices to confirm that the licensee implements and maintains a personnel information management system to protect personal and confidential information. Additionally, and where applicable, this includes the licensee obtaining a release (consent) form from non-citizens prior to querying the Department of Homeland Security Systematic Alien Verification for Entitlement (DHS-SAVE) database.

This is applicable to unescorted and escorted access if the licensee is or has used the DHS-SAVE database.

Inspectors should also note that the DHS-SAVE database is administered by the United States Citizenship and Immigration Services (USCIS) of the DHS. The NRC has entered into a memorandum of understanding with USCIS for the use of the DHS-SAVE database by its licensees. The DHS-SAVE database enables NRC licensees, opting to use DHS-SAVE, to verify the legal status of non-citizens seeking access to NRC-licensed facilities. The NRC security Order, Access Authorization, enclosures 3 and 4, dated January 7, 2003, recommended the use of a Federal database to verify the immigration status of non-citizens accessing the PA of nuclear power plants. The DHS-SAVE database fulfills this recommendation.

b. Verify that the licensees information management system protects information stored or transmitted in electronic format. (10 CFR 73.56(m))

Specific Guidance No inspection guidance.

c. Verify that the licensees information management system prohibits unauthorized access to the information and prohibits modification of the data without proper authorization.

(10 CFR 73.56(m))

Specific Guidance No inspection guidance.

02.11 Information Sharing

a. Verify that the licensee implements a method to share information pertaining to the access denial of individuals with other licensees and entities that are required to maintain AA programs in accordance with 10 CFR 73.56. (10 CFR 73.56(o)(6))

Specific Guidance No Inspection guidance.

b. Verify that the licensee implements backup manual procedures and processes for sharing information. (10 CFR 73.56(o)(6)(ii))

Issue Date: 12/21/23 14 71130.01

Specific Guidance When inspecting this requirement, the inspector(s) should review licensees procedures, records, and practices to confirm that the licensee maintains backup manual procedures and processes for sharing information. Specifically, the inspector(s) should review the licensees AA program to confirm that, in the event of a failure of the primary information sharing method occurs, the licensee maintains a backup process of manual information exchange is available for short-term use.

71130.01-03 PROCEDURE COMPLETION The inspection of the minimum number of inspection requirements will constitute completion of this procedure. The total number of Tier I inspection requirements (21) constitutes the minimum number of inspection requirements for completion of this procedure. The inspection requirement range for completion is as follows: minimum range 21 inspection requirements, and nominal range 31 inspection requirements. The inspection of the nominal range of inspection requirements within this procedure is the target range for this sample and should be completed to the extent practicable.

The nominal range of inspection requirements for this inspection activity is defined as 21 Tier I inspection requirements, 6 Tier II inspection requirements, and 4 Tier III inspection requirements (total 31 inspection requirements).

The frequency at which this inspection activity is to be conducted is triennially (once every 3 years).

71130.01-04 RESOURCE ESTIMATE The resource estimate for the completion of this procedure consists of approximately 19 hours2.199074e-4 days <br />0.00528 hours <br />3.141534e-5 weeks <br />7.2295e-6 months <br /> for the inspection of the minimum range of inspection requirements, and approximately 25 hours2.893519e-4 days <br />0.00694 hours <br />4.133598e-5 weeks <br />9.5125e-6 months <br /> for the inspection of the nominal range of inspection requirements. The sample size for this procedure is one.

END

Attachment:

Attachment 1: Revision History for IP 71130.01 Issue Date: 12/21/23 15 71130.01

Attachment 1: Revision History for IP 71130.01 Commitment Accession Description of Change Description of Comment Resolution Tracking Number Training Required and Closed Feedback Number Issue Date and Completion Accession Number Change Notice Date (Pre-Decisional, Non-Public Information) 04/03/00 Initial issuance.

CN 00-003 09/12/00 Periodic revision CN 00-018 ML021140718 Periodic revision 04/05/02 CN 02-015 ML040680559 Periodic revision 02/19/04 CN 04-007 N/A 12/10/2008 This document has been revised to standardize the N/A ML073550648 CN 08-035 sample size; include updates resulting from inspection feedback and oversight; correct editorial errors; and convert the document to MS Word.

N/A ML093420709 This document has been revised to address the N/A ML093420712 01/12/10 changes to 10 CFR part 73 that resulted from a CN10-002 rulemaking; and in accordance with the ROP realignment process.

N/A 02/24/10 Effective date changed to 04/01/10. N/A N/A CN 10-007 N/A ML13238A209 Inspection Procedure re-written to comply with IMC N/A ML13298A546 12/12/13 0040 format and establish inspection requirement range CN 13-028 for procedure completion.

Issue Date: 12/21/23 Att1-1 71130.01

Commitment Accession Description of Change Description of Comment Resolution Tracking Number Training Required and Closed Feedback Number Issue Date and Completion Accession Number Change Notice Date (Pre-Decisional, Non-Public Information)

N/A ML14296A199 This document has been revised to address the N/A ML15041A357 04/20/15 program applicability and minor administrative changes.

CN 15-006 N/A ML16175A032 This document has been revised to adjust the resource N/A ML1688A389 09/30/16 estimate to reflect the nominal number of inspection CN 16-024 requirements as the target range for completion of this procedure as well as make minor administrative changes.

N/A ML17286A029 SOSB revised the 71130 series Inspection Procedures N/A ML17286A027 08/23/18 (IP) and associated Inspection Manual Chapters (IMC)

CN 18-028 in response to Staff Requirements - SECY 16-0073 (Options and Recommendations for the Force-On-Force Inspection Program) and the March 2017 Assessment Team (Regions and HQ) review for redundancies and efficiencies of the 71130 series IPs for power reactors.

Upon completion of a SUNSI review, the staff concluded that this document should be de-controlled. Consistent with the staffs SUNSI determination, an administrative revision of this document was conducted to remove SUNSI markings. Removed all references to NEI documents due to Entergy and NextEra corporations departure from NEI.

N/A ML23274A142 This document was revised to incorporate language N/A ML23274A140 12/21/23 clarification in section 02.03c and guidance language in CN 23-039 02.09. This revision also meets the 5-year periodic FBF 71130.01-2452 review requirement. ML22062A520 FBF 71130.01-2461 ML22187A207 Issue Date: 12/21/23 Att1-2 71130.01

Retrieved from "https://kanterella.com/w/index.php?title=ML23275A142&oldid=3646780"