ML23299A187
| ML23299A187 | |
| Person / Time | |
|---|---|
| Issue date: | 09/03/2024 |
| From: | Phil Brochman NRC/NSIR/DPCP/MSB |
| To: | |
| Shared Package | |
| ML23299A168 | List: |
| References | |
| RG 5.62 Rev 3 DG-5080 | |
| Download: ML23299A187 (29) | |
Text
Page 1 of 29 Response to Public Comments on Draft Regulatory Guide (DG)-5080 Physical Security Event Notifications, Reports, and Records Proposed Revision 3 of Regulatory Guide (RG) 5.62 On October 27, 2023, the NRC published a notice in the Federal Register (88 FR 73769) that Draft Regulatory Guide, DG-5080, Proposed Revision 3 of RG 5.62, Physical Security Event Notifications, Reports, and Records, for public comment. The Public Comment period ended on December 11, 2023. The NRC received comments from the individuals and organizations listed below. The NRC has combined the comments and NRC staff responses into the following table.
Comments were received from the following:
Charlotte Shields, Senior Project Manager, Nuclear Security & Incident Preparedness Nuclear Generation Division Nuclear Energy Institute (NEI) 1776 I Street NW, STE 400 Washington DC 20006 ADAMS Accession No. ML23348A073 Aidan Baker Dairyland Power Cooperative 3200 East Ave S P.O. Box 817 La Crosse, WI 54602 aidan.baker@dairylandpower.com ADAMS Accession No. ML23348A072 David T. Gudger, Sr. Manager, Licensing Constellation Energy Generation, LLC 200 Exelon Way Kennett square, PA 19348 ADAMS Accession No. ML23348A074 Charlotte Shields, Senior Project Manager, Nuclear Security & Incident Preparedness Nuclear Energy Institute (NEI) 1200 F Street NW, STE 1100 Washington DC 20004 ADAMS Accession No. ML24114A025 Commenter Section Specific Comments NRC Resolution CEG-1 (Gudger)
General Constellation Energy Generation (CEG) submitted a letter stating that it has provided its comments to the Nuclear Energy Institute (NEI) in support of their efforts to consolidate comments for the industry related to these draft RGs. CEG fully endorses the comments submitted by NEI concerning these draft RGs, including DG-5080.
CEG did not provide to the NRC separate specific comments on DG-5080. Therefore, this letter does not raise a comment that requires a response from the NRC.
NEI Cover letter Comment 1.a Definitions Concerning two new definitions added to 10 CFR 73.2, Definitions, the guidance should clarify:
Under Section C.1, Time of Discovery, a definition of the term cognizant individual should be provided.
The NRC partially disagrees with the comment to include a definition of the term cognizant individual in the final RG 5.62, Section C, Staff Regulatory Guidance position 1. Adding a definition in Section C of RG 5.62 is
Page 2 of 29 (Sheilds) not consistent with an RGs standard format and structure.
Instead, the NRC has added definitions for the terms cognizant individual and time of discovery in Revision 3 to RG 5.62, Glossary.
Additionally, to provide further clarification the NRC has added the following guidance to final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 1:
The NRC expects that licensees will typically designate a supervisor or manager to function as the cognizant individual. However, the definition is intended to provide licensees with broad flexibility in determining the personnel to be identified and trained as cognizant individuals authorized to make a time of discovery determination. The NRC recommends that, as a good practice, licensees specify in their implementing procedures the personnel who are considered to be cognizant individuals responsible for making a time of discovery determination under 10 CFR 73.1200 or 10 CFR 73.1210.
Comment 1.b Additional guidance should be included in the RG to clarify the term disease causing agents.
The NRC agrees with the comment that additional guidance on disease causing agents is warranted.
Accordingly, the NRC has revised the final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 6, to add the following guidance:
In 10 CFR 73.2 the term contraband is defined, in part, to mean unauthorized firearms, explosives, incendiaries, or other dangerous materials (e.g., disease-causing agents) that can cause acts of sabotage against a licensees facility. NRC regulations prohibit the introduction of contraband items into a licensees
Page 3 of 29 protected area (PA), vital area (VA), or material access area (MAA). The mention of other dangerous materials (e.g., disease causing agents) in the definition was not meant to imply that licensees must have the capability to detect such materials. The NRC staff is evaluating the need for further rulemaking to address this issue and has issued Enforcement Guidance Memorandum (EGM) 001 Interim Guidance for Dispositioning Violations Associated with the Enhanced Weapons, Firearms Background Checks, and Security Event Notification Rule, (Ref. 27) to provide further guidance to NRC staff.
The NRC notes that the physical security program for some classes of licensees do not require the licensee to search for contraband. However, if a licensee discovers contraband - e.g., in the course of other normal security activities - then as a good practice the licensee should submit an event notification under 10 CFR 73.1200(e)(iii).
Comment 1.c The DG should include guidance as to whether an event should be reported under 10 CFR 73.1200 or 10 CFR 95.
The NRC agrees with the comment that additional guidance should be provided on reporting classified events that are subject to event notification requirements under both 10 CFR Part 73 and Part 95. Accordingly, the NRC has revised the final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 19, to following guidance:
Under 10 CFR 73.1200(t), a licensee must notify the NRC HOC, in accordance with 10 CFR 95.57, of events associated with the deliberate disclosure, theft, loss, compromise, or possible compromise of classified documents, information, or material. A single event may require both a physical security event notification and a classified information event report. For example, some types of SSNM may have physical characteristics or
Page 4 of 29 shapes that are considered to be classified information.
The loss or theft of such SSNM would be considered both a physical security event requiring notification under 10 CFR 73.1200, and a loss of classified information requiring reporting under 10 CFR 95.57. The NRC staff considers such events to be rare. If the report on such an event contains classified information, then the licensee should report the event to the NRC HOC in accordance with the communication procedure specified in Section III of Appendix A to 10 CFR Part 73.
As a good practice, and consistent with the provisions in 10 CFR 73.1200(s) on eliminating duplication of event notifications, a licensee may make a single communication to the NRC HOC of an event that requires both notification under 10 CFR 73.1200 and reporting under 10 CFR 95.57. When communicating with the NRC HOC, the licensee must identify each regulation under which the licensee is making the communication.
NEI Cover letter Comment 2 The guidance pertaining to reporting the theft or diversion of a Category I, II, or III quantity of strategic special nuclear material (SSNM), or a Category II or III quantity of special nuclear material (SNM) seems inconsistent with requirements in 10 CFR 73.1200(c)(1)(i)(A).
NEI provided this high-level comment in its cover letter.
The substance of this comment is repeated in Comment 15 of Attachment 1 to the cover letter. Therefore, the NRC is not providing a specific response here and addresses this comment in its response to Comment 15 below.
NEI Cover letter Comment 3 The guidance on what facilities are subject to the 15-minute notification requirements under 10 CFR 73.1200(a) seems inconsistent with the staff position discussed in NRC Bulletin 2005-02, Emergency Preparedness and Response Actions for Security-based Events.
NEI provided this high-level comment in its cover letter.
The substance of this comment is repeated in Comment 4 of Attachment 1 to the cover letter. Therefore, the NRC is not providing a specific response here and addresses this comment in its response to Comment 4 below.
NEI Cover letter Comment 4 The guidance should permit licensees subject to the reporting requirements of 10 CFR 73.1200(o)(6) or (o)(8) to establish communications from a location deemed NEI provided this high-level comment in its cover letter.
The substance of this comment is repeated in Comment 6 of Attachment 1 to the cover letter. Therefore, the NRC is
Page 5 of 29 appropriate by the licensee, similar to the ability for licensees subject to the reporting requirements of 10 CFR 73.1200(o)(5) or (o)(7). This flexibility is extremely important when considering the safety of licensee personnel during a security-related event.
not providing a specific response here and addresses this comment in its response to Comment 6 below.
NEI Att. 1, Comment 1 Footnote 2, bottom of page 3:
The NRC staff has temporarily withdrawn NUREG-1304. The NRC staff intends to hold a question-and-answer workshop with the public, licensees, and other interested stakeholders following implementation of 10 CFR 73.1200, 73.1205, and 73.1210. This workshop and the development of a revised NUREG 1304 will occur subsequent to the 300-day compliance period for licensees to implement these new physical security event notification regulations.
The 300-day compliance period ends January 8, 2024. It is unclear if workshops will be scheduled after the January 8, 2024, compliance date, or after the varying compliance dates that licensees have stated in approved exemption requests.
How will the NRC capture Questions and Answers identified and addressed for licensees that did not submit an exemption?
Create an FAQ-type webpage, similar to what the NRC used for Controlled Unclassified Information (CUI) implementation, to capture the Q&As for subsequent reference. This will allow for prompt documentation of staff positions and promote implementation and inspection consistency.
The NRC partially agrees with the comment. The NRC staff has not scheduled a specific date for the workshop to revise NUREG-1304 that is discussed in Footnote 2 of DG-5080. This footnote did not specify a no later than date for accomplishing the workshop. Rather, it specified a no earlier than date of January 8, 2024.
Given the exemption requests submitted by many licensees regarding the implementation of the requirements in 10 CFR Part 73, Subpart T, the NRC staff intends to schedule a workshop after full implementation of the new regulations and guidance.
This approach will maximize licensee participation and knowledge management.
The public and any licensee subject to these regulations will be able to participate in the workshop and submit questions and comments. A licensees participation in a workshop and revising NUREG-1304 is not contingent upon the previous submission of an exemption request.
The NRC staff will consider the suggestion to develop an FAQ type webpage to memorialize questions and comments received during the revision of NUREG-1304.
NEI Att. 1, Comment 2 Page 7, Reason for Revision, last sentence of second paragraph:
Says revisions to this regulatory guide as Revision 1
The NRC agrees with the comment. However, the NRC has deleted the sentence mentioned by the comment under DG-5080, Section B, Topic Reason for Revision,
Page 6 of 29 Revision 1 is incorrect.
Should be Revision 3 second paragraph, last sentence, in the final Revision 3 to RG 5.62 as unnecessary.
The first sentence of the first paragraph of RG 5.62, Section B, Topic Reason for Revision, specifies the NRC is issuing Revision 3 to RG 5.62. Therefore, no further action is required by the NRC in response to this comment.
NEI Att. 1, Comment 3 Page 8, first bullet, 15-minutes:
Includes in accordance with a licensees safeguards contingency plan or protective strategy based upon a security condition Security condition is a defined term, excludes hostile action events, and is not aligned with the wording in 10CFR 73.1200(a) or (b).
Replace security condition with an imminent or actual hostile action against a licensees facility.
The NRC agrees with the comments suggestion to replace security condition with an imminent or actual hostile action, but consistent with 10 CFR 73.1200(b) it has also included language addressing a licensees shipment of material.
Accordingly, the NRC has revised the final Revision 3 to RG 5.62, Section B, Topic Timeliness Requirements Structure Based upon Security Significance, first bullet, to replace the phrase security condition, with the phrase an imminent or actual hostile action against a licensees facility or shipment of material,.
NEI Att. 1, Comment 4 Page 9, last three sub-bullets under 15-minute notification requirements in 10 CFR 73.1200(a) identifies ISFSIs, MRSs, and GROAs as licensees this applies to.
Note below GROAs: Power reactor facilities and production facilities that are in a decommissioning status and have removed all spent nuclear fuel from the facilitys spent fuel pool (e.g., to an ISFSI, MRS, or a GROA) need not report events under 10 CFR 73.1200(a).
However, such licensees should instead consider whether the event should be reported under 10 CFR 73.1200(c),
(e), or (g).
The NRC disagrees with the comments suggestion to clarify that power reactor facilities and production facilities that are in a decommissioning status and have removed all spent nuclear fuel from the facilitys spent fuel pool need not report events under 10 CFR 73.1200(a). The rule states that each licensee subject to the provisions of § 73.20, § 73.45, § 73.46, § 73.51, or
§ 73.55 must make the appropriate 15-minute notifications to the NRC. There is no language in 10 CFR 73.1200(a) that relieves facilities in a decommission status from the 15-minute notification requirement, provided that these facilities remain subject to the regulatory provisions identified above.
Page 7 of 29 The 3 sub-bullets contradict the note, and cause confusion as to which licensees need not report.
Additionally, NRC Bulletin 2005-02 aligns with the exclusion of licensees identified in the note on page 8.
This appears to be a change in staff position.
Revise the paragraph describing the applicability of the 15-minute notification requirement to be clear that licensees currently contained within the note need not report events under 73.1200(a).
Moreover, the Commissions promulgation of the final enhanced weapons rule provisions in 10 CFR 73.1200(a) superseded the staffs previous guidance in NRC Bulletin 2005-02.
Accordingly, the NRC has revised the final Revision 3 to RG 5.62, Section B, Topic Applicability to Specific Facilities, Materials, and Activities, to remove the note under the 15-minute notification classes of affected facilities.
The NRC disagrees with the comments suggestion to remove ISFSIs, MRSs, and GROAs from the classes of facilities subject to 15-minute notifications. The security programs for these facilities are subject to the security requirements in 10 CFR 73.51 or 10 CFR 73.55. The rule states that each licensee subject to § 73.51, or § 73.55 must make the appropriate 15-minute notifications to the NRC. There is no language in 10 CFR 73.1200(a) that relieves ISFSIs, MRSs, or GROAs from the 15-minute notification requirements.
The NRC staff is evaluating the need for further rulemaking to address these issues and has issued Enforcement Guidance Memorandum (EGM)-23-001 Interim Guidance for Dispositioning Violations Associated with the Enhanced Weapons, Firearms Background Checks, and Security Event Notification Rule, (Ref. 27) to provide further guidance to NRC staff.
NEI Att. 1, Comment 5 Page 12, 4th darkened bullet for 24-hour recordkeeping:
The 24-hour recordkeeping requirements n 10 CFR 73.1210 There is a typo with n.
The NRC agrees with the comment. Accordingly, the NRC has revised the final Revision 3 to RG 5.62, Section B, Topic Applicability to Specific Facilities, Materials, and Activities, 24-hour recordkeeping bullet
Page 8 of 29 Replace n with in.
to replace n 10 CFR 73.1210 with in 10 CFR 73.1210.
NEI Att. 1, Comment 6 Page 15 - Establishment of a Communications Channel With the NRC:
Second paragraph under 10 CFR 73.1200(o)(6) or (o)(8) does not offer the same discretion as the first paragraph under 10 CFR 73.1200(o)(5) or (o)(7).
To promote the safety of response personnel and provide flexibility in meeting the requirements of 10 CFR 73.1200(o)(6) or (o)(8), a licensee should be able to staff the channel from a location it deems appropriate, the same as for the requirements under 10 CFR 73.1200(o)(5) or (o)(7).
Add this last sentence to the second paragraph under Establishment of a Communications Channel With the NRC (for 10 CFR 73.1200(o)(6) or (o)(8)):
The licensee may staff the channel from a location it deems appropriate.
The NRC agrees with the comment.
The NRC has revised the final Revision 3 to RG 5.62, Section B, Topic Establishment of a Communications Channel With the NRC, to add language to the end of the first paragraph: and may relocate the individual to another appropriate location, if necessary.
The NRC has also added language to the end of the second paragraph: [t]he licensee or its MCC may staff the channel from a location it deems appropriate and may relocate the individual to another appropriate location, if necessary. Accordingly, the licensee or its Movement Control Center (MCC) are permitted to staff a continuous communications channel from a location it deems appropriate.
Additionally, to ensure consistency, the NRC has made conforming changes to Section C, Staff Regulatory Guidance position 16.1. The NRC has revised the final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 16.1, that for both facility-based and shipment-based events that a licensee or its MCC may staff a communications channel from a location it deems appropriate and may relocate the individual staffing the channel, if necessary.
NEI Att. 1, Comment 7 Page 15 discussion related to Reporting of an Emergency Declaration. Last two sentences provide confusing words with the terms should typically and However.
The words should typically in the second to last sentence under Reporting of an Emergency The NRC agrees with the comments.
The NRC has revised the final Revision 3 to RG 5.62, Section B, Topic Reporting of an Emergency Declaration, second sentence, by removing the word typically and in the third sentence replacing the introductory word However, with Additionally,.
Page 9 of 29 Declaration, has caused some readers to be confused about reporting priorities, and starting the last sentence with however leads some to believe that the previous statement is being contradicted.
Change from:
Under 10 CFR 73.1200(r), a licensee or its movement control center who has declared an emergency related to a facility or a shipment of material must make the appropriate notifications required by 10 CFR 50.72, Immediate notification requirements for operating nuclear power reactors; 10 CFR 63.73, Reports of deficiencies; 10 CFR 70.50, Reporting requirements; or 10 CFR 72.75, Reporting requirements for specific events and conditions. The NRC staff expects that reporting of an emergency declaration should typically take precedence over any physical security event notifications required under 10 CFR 73.1200 (e.g.,
notification of State officials of an emergency declaration). However, under 10 CFR 73.1200(s), a licensee with multiple notification obligations (e.g., an event requiring both an emergency declaration and a physical security event notification) may make such notifications in a single communication to the NRC HOC.
Change to:
Under 10 CFR 73.1200(r), a licensee or its movement control center who has declared an emergency related to a facility or a shipment of material must make the appropriate notifications required by 10 CFR 50.72, Immediate notification requirements for operating nuclear power reactors; 10 CFR 63.73, Reports of deficiencies; 10 CFR 70.50, Reporting requirements; or 10 CFR 72.75, Reporting requirements for specific events and conditions. The NRC staff expects that Furthermore, the NRC has added the following parenthetical cross reference to the end of the second sentence: (see also Staff Regulatory Guidance position 7.3 of this RG) to provide further guidance.
Page 10 of 29 reporting of an emergency declaration should take precedence over any physical security event notifications required under 10 CFR 73.1200 (e.g., notification of State officials of an emergency declaration).
Additionally, under 10 CFR 73.1200(s), Elimination of duplication, a licensee with multiple notification obligations (e.g., an event requiring both an emergency declaration and a physical security event notification) may make such notifications in a single communication to the NRC HOC. (See Section C. Staff Regulatory Guidance 7 and 7.3).
NEI Att. 1, Comment 8 Page 17 - on complying with the requirements of 1205(c), 8th sub bullet under third darkened bullet on the page: uses of the term procedure important to security The term procedure important to security is undefined and ambiguous. Additionally, it does not exclude items in implementing procedures that are outside of a regulatory requirement (e.g., items that support excellence initiatives) or administrative in nature.
Change from: whether this event or condition is a recurring failure of an SSC or procedure important to security.
Change to:
whether this event is a recurring failure of an SSC; Whether this event or condition is a recurring failure of a security plan implementing procedure, and associated with a regulatory function or requirement; The NRC agrees in part, and disagrees in part, with the comment.
The NRC agrees that the term procedure important to security is not defined in the RG. Accordingly, the NRC has revised the final Revision 3 to RG 5.62, Section B, Topic Written Follow-Up Reports, seventh bullet, eighth sub-bullet, by adding a clarifying note afterwards to read as follows:
The phrase procedure important to security often relates to a licensees procedures that provide detailed directions implementing a security regulatory function or requirement in a licensees physical security plan.
The NRC disagrees with the comments suggestion to remove the phrase or procedure important to security, because this language was included by the Commission in 10 CFR 73.1205(c)(3)(viii). Therefore, the staff has not deleted this term from the RG.
NEI Att. 1, Comment 9 Page 18 (and throughout) - use of the term conditions adverse to security The NRC agrees in part, and disagrees in part, with the comment.
Page 11 of 29 Conditions adverse to security is a new and undefined term.
Add to the Glossary:
Conditions adverse to security Is synonymous to security-related conditions adverse to quality.
The NRC agrees that the term conditions adverse to security should be added to the Glossary.
The NRC disagrees with adding language to the Glossary that conditions adverse to security are synonymous to security-related conditions adverse to quality, since this suggested language is also undefined.
Accordingly, the NRC has revised the final Revision 3 to RG 5.62, Glossary, to add the term conditions adverse to security to read as follows:
Any failure or deficiency affecting the licensees physical protection program that is recorded under 10 CFR 73.1210 in the licensees corrective action program and/or safeguards event log. The term condition adverse to security and the term security-related conditions adverse to quality are considered equivalent for the purposes of implementing the requirements of 10 CFR Part 73, Subpart T.
NEI Att. 1, Comment 10 Page 18 and Page 20 Retention for records:
3 years from the date of the report or until termination of the license, whichever is later.
AND 3 years or until the license is terminated, whichever is later.
Previous 73.71 retention requirements were for 3 years after the last entry is made in each log or until termination of the license. The addition of whichever is later is new, and the retention of hard copy safeguards documentation related to security events, for potentially greater than 40 plus years, does not appear to have a justification provided for the additional cost, burden and The NRC agrees in part, and disagrees in part, with the comment.
The NRC agrees that the language whichever is later is new and may have unintended consequences.
The NRC disagrees with the comment to the extent that it questions the records retention regulatory language in 10 CFR 73.1205(e) and 10 CFR 73.1210(b)(2). As such, this portion of the comment is a comment on the Commission approved final rule language and is not appropriately addressed in the final Revision 3 of RG 5.62.
The NRC staff is evaluating the need for further rulemaking to address this issue and has issued
Page 12 of 29 infrastructure potentially needed to support retention for this time frame.
Address the basis for the expanded retention of records in the RG and address this change through proper rulemaking channels for final clarity and resolution.
Enforcement Guidance Memorandum (EGM)-23-001 Interim Guidance for Dispositioning Violations Associated with the Enhanced Weapons, Firearms Background Checks, and Security Event Notification Rule, (Ref. 27) to provide further guidance to NRC staff.
NEI Att. 1, Comment 11 Page 21 - the Time of Discovery discussion in the RG restates the definition in 10 CFR 73.2 with no further clarification.
Time of discovery definition in 10 CFR 73.2 is restated in the RG; however, there is no guidance on who is considered to be a cognizant individual. That guidance is provided in other NRC documents (e.g., RG 5.76 and NUREG 2203, and in NRC Response in SECY-18-0058) as well as NRC-endorsed documents (NEI 03-12).
NUREG-2203 Glossary of Security Terms for Nuclear Power Reactors identifies discovery (time of): a specific time at which a supervisor or manager makes a determination that a verified degradation of a security safeguards measure or a contingency situation exists.
Regulatory Guide 5.76, Physical Protection Programs at Nuclear Power Reactors and NEI 03-12, Template for the Security Plan, Training and Qualification Plan, Safeguards Contingency Plan, [and Independent Spent Fuel Storage Installation Security Program], Revision 7, (NRC-endorsed), identify time of discovery as: A specific time at which a supervisor or manager makes a determination that a verified degradation of a security safeguards measure or a contingency situation exists.
NRC Response to Public Comments (SECY-18-0058),
Comment K-8: Industry recognizes for many events The NRC agrees in part, and disagrees in part, with the comment.
The NRC agrees that a definition of the term cognizant individual should be included in the Glossary of the final RG 5.62.
The NRC does not agree with the suggested language for cognizant individual.
Accordingly, the NRC has revised the final Revision 3 to RG 5.62, Glossary, to add the following definition:
An individual designated by a licensee who has the requisite experience, and/or training, and who is expected to understand that a particular condition or event requires a physical security event notification or recordkeeping under 10 CFR 73.1200 or 10 CFR 73.1210 The NRC disagrees with the comments suggestion to add the definition of cognizant individual to Section C, Staff Regulatory Guidance position 1 of RG 5.62. The NRC has determined this would be redundant because this definition is included in the Glossary.
However, the NRC has added the following clarifying guidance to Staff Regulatory Guidance position 1:
The NRC expects that licensees will typically designate a supervisor or manager to function as the cognizant
Page 13 of 29 and most conditions, the time of discovery begins when a cognizant individual such as a manager, [or] supervisor for the security function has been notified and NRC Response:
The NRC agrees with the comment.
NRCs slide 27 from public meeting on 11/28/23, provides an example that is also aligned with previous definitions.
To promote consistent understanding among NRC and licensee personnel, we recommend that guidance be added on who is considered to be a cognizant individual, ideally to Section C and the Glossary. For example, a Glossary definition could be:
Cognizant individual means a supervisor or manager qualified to make a determination that a verified degradation of a security safeguards measure or a contingency situation exists.
individual. However, the definition is intended to provide licensees with broad flexibility in determining the personnel to be identified and trained as cognizant individuals authorized to make a time of discovery determination. The NRC recommends that, as a good practice, licensees specify in their implementing procedures the personnel who are considered to be cognizant individuals responsible for making a time of discovery determination under 10 CFR 73.1200 or 10 CFR 73.1210.
NEI Att. 1, Comment 12 Page 21 - Section 2.1 - Malevolent Intent Considerations:
the (e.g.) examples are of existing formal processes that not all licensees have in place.
This leads those licensees to infer that they must establish one of these formal processes to be able to determine malevolent intent.
Change from: Licensees may use applicable existing processes (e.g., behavioral observation, psychological assessment, human reliability) to evaluate whether malevolent intent is present in assessing whether an event is reportable under 10 CFR 73.1200.
Change to: Licensees may use applicable existing processes, procedures and/or practices to evaluate The NRC agrees with the comment.
Accordingly, the NRC has revised the final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 2.1, to read as follows:
For certain events, a licensee may need to determine whether an individual acted with malevolent intent. A licensee may use existing processes, procedures and/or practices to make this determination. If a licensee determines that malevolent intent was present, then a notification to the NRC is required under 10 CFR 73.1200.
The NRC staff also notes that any licensee actions to assess whether malevolent intent was present should be
Page 14 of 29 whether malevolent intent is present in assessing whether an event is reportable under 10 CFR 73.1200.
accomplished within the timeliness requirement for the applicable event notification. If an assessment cannot be completed within the timeliness requirement for a specific event notification, then the licensee should notify the NRC HOC of the event or condition. However, if the licensee subsequently completes an assessment and concludes that no malevolent intent was present then the licensee may retract the event notification under 10 CFR 73.1200(q).
NEI Att. 1, Comment 13 Page 21 2.1 Malevolent Intent Considerations Last bullet on bottom of page 21 Under 10 CFR 73.1200(c)(1)(i)(C) and (D), 10 CFR 73.1200(e)(1)(vi),
or 10 CFR 73.1200(g)(1)(ii) and (iii), whether the potential unauthorized operation, manipulation, or tampering events involved an error due to human performance or malevolent intent.
Section 2.1, first paragraph at top of page 22:
If a licensee concludes that malevolent intent was not present for such an event, then the event should not be reported under 10 CFR 73.1200, but instead recorded as a decrease in effectiveness under 10 CFR 73.1210(f) (see Staff Regulatory Guidance position 18.2, example (9)). If a licensee cannot reach a conclusion before the timeliness requirement for the event is exceeded, then the licensee should notify the NRC pursuant to 10 CFR 73.1200.
Staff Regulatory Guidance position 18.2, example (9),
page 39:
(9) An event involving the actual or attempted introduction of contraband at or inside a PA, VA, or MAA, where the licensee has assessed that malevolent intent was not present.
The NRC agrees with the comment.
Accordingly, the NRC has revised the language in the final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 2.1, to address this concern.
For certain events, a licensee may need to determine whether an individual acted with malevolent intent. A licensee may use existing processes, procedures and/or practices to make this determination. If a licensee determines that malevolent intent was present, then a notification to the NRC is required under 10 CFR 73.1200. However, any licensee analysis and evaluation of whether malevolent intent was present must reach a reportability conclusion within the timeliness requirement applicable to the event or condition under 10 CFR 73.1200. A licensee should also refer to Staff Regulatory Guidance position 1 on defaulting to notification if no conclusion can be reached within the timeliness limit, and on subsequent retraction of a notification.
Examples of when a licensee may need to determine malevolent intent include, but are not limited to, the following:
Under 10 CFR 73.1200(c)(1)(i)(C), 10 CFR 73.1200(c)(1)(i)(D), 10 CFR 73.1200(e)(1)(vi), 10 CFR
Page 15 of 29 The discussion on page 22, from Section 2.1 does not align with the Staff Regulatory Guidance position 18.2, example (9) that it refers readers to.
Section 2.1, Malevolent Intent Considerations has 2 bulleted items:
First is the actual or attempted introduction of contraband was unintentional or involved malevolent intent.
Second is whether the potential unauthorized operation, manipulation, or tampering events involved an error due to human performance or malevolent intent.
The Staff Regulatory Guidance position 18.2, example (9), that readers are referred to only pertains to contraband events.
Staff Regulatory Guidance position 18.2 does not provides examples that discuss an unauthorized operation, manipulation or tampering event.
If the affected equipment had no bearing on the security program, the event would not meet the 73.1205(f) recording requirements as it would not represent a decrease in the physical security program effectiveness.
Not all events would be a decrease in effectiveness to meet the 24-hour recording requirements of 10 CFR 73.1210(f).
Change from: Licensees may use any applicable existing processes (e.g., behavioral observation, psychological assessment, human reliability) to evaluate whether malevolent intent is present in assessing whether an event is reportable under 10 CFR 73.1200. However, licensees must still meet reporting timeliness 73.1200(g)(1)(ii), or 10 CFR 73.1200(g)(1)(iii), whether the potential unauthorized operation, manipulation, or tampering event that involved an error that could be due to either human performance or malevolent intent.
Under 10 CFR 73.1200(e)(1)(iii) or 10 CFR 73.1200(e)(1)(iv), whether the actual or attempted introduction of contraband could have been unintentional or involved malevolent intent.
If a licensee concludes that malevolent intent was not present for such an event, then the licensee should not submit an event notification under 10 CFR 10 CFR 73.1200. Instead, the licensee should record the event in accordance with the applicable provisions in 10 CFR 73.1210 (see Staff Regulatory Guidance position 18.2).
Note:
The NRC staff would consider a licensees discovery of potential contraband during a search before entrance into the protected area as positive evidence of performance of the licensees security staff.
In addition, the NRC has revised the final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 18.2 to add a new example 12, as follows:
(12)
An event involving unauthorized manipulation of security equipment, in which the licensee has assessed that malevolent intent was not present.
Page 16 of 29 requirements. Examples of when a licensee may need to determine malevolent intent include, but are not limited to, the following:
- Under 10 CFR 73.1200(e)(1)(iii) or (iv), whether the actual or attempted introduction of contraband was unintentional or involved malevolent intent.
- Under 10 CFR 73.1200(c)(1)(i)(C) and (D), 10 CFR 73.1200(e)(1)(vi), or 10 CFR 73.1200(g)(1)(ii) and (iii),
whether the potential unauthorized operation, manipulation, or tampering events involved an error due to human performance or malevolent intent.
If a licensee concludes that malevolent intent was not present for such an event, then the event should not be reported under 10 CFR 73.1200, but instead recorded as a decrease in effectiveness under 10 CFR 73.1210(f) (see Staff Regulatory Guidance position 18.2, example (9)). If a licensee cannot reach a conclusion before the timeliness requirement for the event is exceeded, then the licensee should notify the NRC pursuant to 10 CFR 73.1200.
Change to:
Licensees may use any applicable existing processes, procedures and/or practices to evaluate whether malevolent intent is present in assessing whether an event is reportable under 10 CFR 73.1200. However, licensees must still meet reporting timeliness requirements.
Examples of when a licensee may need to determine malevolent intent include, but are not limited to, the following:
- Under 10 CFR 73.1200(e)(1)(iii) or (iv), whether the actual or attempted introduction of contraband was
Page 17 of 29 unintentional or involved malevolent intent. (See Staff Regulatory Guidance position 18.2, example (9)).
- Under 10 CFR 73.1200(c)(1)(i)(C) and (D), 10 CFR 73.1200(e)(1)(vi), or 10 CFR 73.1200(g)(1)(ii) and (iii),
whether the potential unauthorized operation, manipulation, or tampering events involved an error due to human performance or malevolent intent. (see Staff Regulatory Guidance position 18.2, example (XX)).
If a licensee concludes that malevolent intent was not present for such an event, then the event should not be reported under 10 CFR 73.1200, but instead evaluated to determine if the event meets the threshold for recording the event within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> in accordance with in 10 CFR 73.1210(f).
If a licensee cannot reach a conclusion before the timeliness requirement for the event is exceeded, then the licensee should notify the NRC pursuant to 10 CFR 73.1200.
Add:
An additional example in Staff Regulatory Guidance position 18.2, to address the second bullet in Section 2.1, of potential unauthorized operation, manipulation, or tampering events involved an error due to human performance which result in a decrease in effectiveness such as:
An event involving unauthorized manipulation of security equipment, where the licensee has assessed that malevolent intent was not present.
NEI Att. 1, Comment 14 Page 23, position 6 - Considerations for Contraband and Prohibited Items, 4th paragraph: Items possessed by authorized persons for authorized purposes associated The NRC agrees with the comment. Accordingly, the NRC has revised the final Revision 3 to RG 5.62,
Page 18 of 29 with a transportation activity outside the facility should not be considered contraband. For example, licensees should not consider as contraband: weapons possessed by local, state, or Federal law enforcement personnel performing escort duties; explosives possessed by law enforcement personnel performing escort duties; weapons possessed by authorized licensee escort personnel, or weapons possessed by vehicle operators under applicable state law (e.g., the vehicle operator has a concealed carry permit).
The inclusion of or weapons possessed by vehicle operators under applicable state law (e.g., the vehicle operator has a concealed carry permit) makes it unclear if the weapon is contraband or not, is dependent on if they declare it or not, and/or if it only applies to the reporting aspect of the weapon.
Provide clarification on declared versus undeclared; considered contraband or not; and applicability to reporting.
Section C, Staff Regulatory Guidance position 6, paragraph 5, to provide greater clarity as follows:
Items possessed by authorized persons for authorized purposes associated with a transportation activity outside the facility should not be considered contraband. For example, licensees should not consider the following to be contraband: weapons possessed by local, State, or Federal law enforcement personnel performing escort duties; explosives possessed by law enforcement personnel performing escort duties; weapons possessed by authorized licensee escort personnel, or weapons possessed by vehicle operators under applicable state law. Specifically with respect to a weapon possessed by a vehicle operator who has a valid concealed carry permit, the weapon should not be considered contraband if the operator declares the weapon before entering the PA.
Instances in which an armed vehicle operator does not declare the weapon do require an event notification under 10 CFR 73.1200(e), even if the operator has a valid permit.
NEI Att. 1, Comment 15 Page 28, Staff Regulatory Guidance position 18.1, 1st paragraph after example (8):
DG-5080 states: For notifications required under 10 CFR 73.1200(c)(1)(i)(A), licensees should report the theft or diversion of any quantity of SSNM or SNM (emphasis added).
10 CFR 73.1200(c)(1)(i)(A): The theft or diversion of a Category I, II, or III quantity of SSNM or a Category II or III quantity of special nuclear material (SNM)
DG-5080 language is not aligned with the requirements in 10 CFR 73.1200(c)(1)(i)(A). It appears the draft RG is changing a regulatory requirement without going through The NRC agrees with the comment.
The NRC has revised the guidance in Revision 3 to the final RG 5.62, Section C, Staff Regulatory Guidance position 8.1, to provide additional clarity, including reporting thresholds for the theft or diversion of SSNM and SNM that are quantified and measurable.
Under 10 CFR 73.1200(c)(1)(i)(A), licensees must notify the NRC of the theft or diversion of a Category I, II, or III quantity of SSNM or a Category II or III quantity of SNM. A licensee possessing a Category I quantity of SSNM automatically possesses a lesser included Category II and III quantity of SSNM. Similarly, a licensee possessing a Category II quantity of SNM
Page 19 of 29 rulemaking. The industry also has concerns with blanket terms such as any, as this lacks a formal regulatory basis. Further, this kind of wording is not aligned with the NRCs stated goals of setting requirements at a reasonable assurance of adequate protection level and making risk-informed decisions.
We propose that the NRC eliminate the wording in question on Page 28 of DG-5080, as it is incongruent with the requirements in 10 CFR 73.1200(c)(1)(i)(A).
The draft RG is not the appropriate place to change the intent of code language.
The NRC should consider a reporting threshold that is quantified and measurable.
automatically possesses a lesser included Category III quantity of SNM. The regulatory language in 10 CFR 73.1200(c)(1)(i)(A) requires an event notification for the theft or diversion of any such lesser included quantity of SSNM or SNM. For example, the theft or diversion of a Category III quantity of SSNM from a Category I licensees facility would require an event notification under 10 CFR 73.1200(c)(1)(i)(A).
Because the quantity limits depend upon the enrichment or nuclide, the NRC has provided the following non-inclusive examples of events requiring a 1-hr notification:
(1)
For a licensee possessing a Category I quantity of SSNM (e.g., 2.0 kilograms (kg) or more of plutonium),
any theft or diversion of a Category III quantity of this SSNM (e.g., more than 15 g of this plutonium).
(2)
For a licensee possessing a Category II quantity of SSNM (e.g., 1.0 kg or more of uranium enriched to 92.5 weight percent U-235), any theft or diversion of a Category III quantity of this SSNM (e.g., more than 15 g of this uranium).
(3)
For a licensee possessing a Category II quantity of SNM (e.g., 10 kg or greater of uranium enriched to 19.0 weight percent U-235), any theft or diversion of a Category III quantity of this SNM (e.g., more than 1 kg of this uranium).
(4)
For a licensee possessing a Category III quantity of SNM (e.g., more than 10 kg of uranium enriched to 5.0 weight percent U-235), any theft or diversion of a Category III quantity of this SNM (e.g., more than 10 kg of this uranium).
Page 20 of 29 NEI Att. 1, Comment 16 Page 29, bottom of page has:
Notes: An authorized weapon that is recovered within the 4-hour timeliness requirement for this event notification should be recorded as an uncontrolled weapon in the decrease in effectiveness events under 10 CFR 73.1200(f) (see Staff Regulatory Guidance position 18.2, example (8)).
Reference to 73.1200(f) is incorrect. Reference should be 73.1210(f).
Update to reflect correct reference.
The NRC agrees with the comment.
Accordingly, the NRC has revised the final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 9.1, to refer to 10 CFR 73.1210(f).
Notes: An authorized weapon that is recovered within the 4-hour timeliness requirement for this event notification should be recorded as an uncontrolled weapon, constituting a decrease in effectiveness events under 10 CFR 73.1210(f) (see Staff Regulatory Guidance position 18.2, example (8)).
Weapons in the possession of on-duty law enforcement, shipment escort personnel, or government personnel while they are present at the licensees facility are not considered to be uncontrolled authorized weapons.
NEI Att. 1, Comment 17 Page 44 has notes for the glossary section. Note (1) (1)
For additional security terms, users may consult NUREG-2203, Glossary of Security Terms for Nuclear Power Reactors (Ref. 27).
The very RG that points to definitions in 73.2, also points to another applicable NRC document, NUREG-2203, which contains definitions that the industry and the NRC are and have been aligned to throughout the entire history of this rulemaking effort. The industry is unclear on what impediment prevents the NRC from incorporating clarification, that exists in multiple other NRC related documents, into revision 3 of RG 5.62. (see public comment #15 for related NRC documents.)
Provide in Revision 3 to RG 5.62 clarification for time of discovery in the following areas:
- Section C. Staff Regulatory Guidance, 1. Time of Discovery discussion The NRC agrees in part, and disagrees in part, with the comment.
As discussed above in Comment 11, the NRC has added a definition for the term cognizant individual in the final Revision 3 to RG 5.62, Glossary. The NRC has also added a definition in the Glossary for the term time of discovery indicating that the term has the same meaning as found in 10 CFR 73.2.
Additionally, the NRC has revised the final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 1, to add the following:
The NRC expects that licensees will typically designate a supervisor or manager to function as the cognizant individual. However, the definition is intended to provide licensees with broad flexibility in determining the personnel to be identified and trained as cognizant
Page 21 of 29
- Glossary As follows:
Time of discovery Has the same meaning as the term is defined in 10 CFR 73.2. Additionally, further clarification on considerations for a cognizant individual has the same meaning as found in RG 5.76, NUREG 2203 and NEI 03-12 revision 7.
OR ADD to the glossary, the term:
cognizant individual has the same meaning as defined in RG 5.76, NUREG 2203 and NEI 03-12 Revision 7, a specific time at which a supervisor or manager makes a determination that a verified degradation of a security safeguards measure or a contingency situation exists.
individuals authorized to make a time of discovery determination. The NRC recommends that, as a good practice, licensees specify in their implementing procedures the personnel who are considered to be cognizant individuals responsible for making a time of discovery determination under 10 CFR 73.1200 or 10 CFR 73.1210.
The NRC disagrees with the comment to the extent that it is suggesting revisions to the definitions for cognizant individual and time of discovery in 10 CFR 73.2. As such, this portion of the comment is a comment on the Commission approved final rule language and is not appropriately addressed in the final Revision 3 of RG 5.62.
NEI Att. 1, Comment 18 Contraband, Section C. Staff Regulatory Guidance, position 6. Considerations for Contraband and Prohibited Items:
The RG restates the new definition of contraband - In 10 CFR 73.2 the term contraband is defined to mean unauthorized firearms, explosives, incendiaries, or other dangerous materials (e.g., disease-causing agents) that can cause acts of sabotage against a licensees facility.
NRC regulations prohibit the introduction of contraband items into a licensees PA, VA, or MAA.
This portion of the contraband definition - other dangerous materials (e.g. disease causing agents) - is a new requirement for power reactors.
This term contraband was not defined in the prior versions of 10 CFR 73.2, nor was a definition provided in any of the four proposed and supplemental proposed rules published for public comment between 2006 and 2015 leading up to promulgation of the final rule on March 14, 2023.1 The NRC agrees in part, and disagrees in part, with this comment. The NRC agrees that the portion of the contraband definition referencing disease causing agents is a new requirement. The NRC recognizes that implementing this requirement may be problematic for licensees and is exploring dispositioning the technical issues associated with requirement through a future rulemaking.
In the interim, the NRC has revised the final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 6, first paragraph, to clarify that the reference to disease causing agents was meant as a notification criterion and not as a requirement for licensees to have the capability to analyze potential disease-causing agents.
On December 5, 2023, the NRC issued Enforcement Guidance Memorandum (EGM) 23-001, Interim Guidance for Dispositioning Violations Associated with the Enhanced Weapons, Firearms Background Checks, and Security Event Notification Rule, (Ref. 27),
specifically addressing contraband.
Page 22 of 29 Additionally, the proposed revision 3 of RG 5.62 does not include a discussion or clarification on what constitutes other dangerous materials or disease causing agents.
Provide a staff position on what constitutes other dangerous materials (e.g., disease-causing agents) and the expectation to search for it as required by10 CFR 73.55(g), and/or to simply report it if discovered. This position needs to be consistent with the description of the Design Basis Threat (DBT) in 10 CFR 73.1.
Additionally, the NRC needs to address the definition of contraband through proper rulemaking channels for final clarity and resolution.
The NRC disagrees with the comment to the extent that it questions the development of the definition of contraband. As such, this portion of the comment is a comment on the Commission approved final rule language and is not appropriately addressed in the final Revision 3 of RG 5.62.
NEI Att. 1, Comment 19 Contraband, Section C. Staff Regulatory Guidance, position 6. Considerations for Contraband and Prohibited Items:
The term contraband was not defined in the prior versions of 10 CFR 73.2, nor was a definition provided in any of the four proposed and supplemental proposed rules published for public comment between 2006 and 2015 leading up to promulgation of the final rule on March 14, 2023.2 The discussion of public comments addresses the overlap in the new requirements of the final rule and 10 CFR Part 95:
NRC Response to Public Comments (SECY-18-0058),
Comment K-5:
the proposed Appendix G,Section I(j) on the loss or theft of classified information is inconsistent with the NRCs current equivalent requirements in 10 CFR 95.57(a) and (b) reconsider these notification requirements...
The NRC agrees in part, and disagrees in part, with this comment. The NRC agrees that for facilities subject to 10 CFR Part 95, the reporting and recording provisions under 10 CFR 95.57(a) and (b), respectively, regarding unauthorized electronic recording equipment should have primacy over the contraband reporting or recording provisions of 10 CFR 73.1200 or 73.1210.
Accordingly, the NRC has revised the final Revision 3 to RG 5.62 to add the following guidance to Section C, Staff Regulatory Guidance position 6:
However, for licensees subject to 10 CFR Part 95, the reporting and recordkeeping requirements of 10 CFR 95.57(a) and (b), respectively, have primacy over the event notification and recordkeeping requirements of 10 CFR 73.1200 and 10 CFR 73.1210, for unauthorized electronic devices or media and do not need to be duplicated under the requirements of 10 CFR Part 73, Subpart T, Security Notifications, Reports, and Recordkeeping. An exception to this general guidance
Page 23 of 29 NRC Response: The NRC agrees that the classified information reporting events described in the proposed rule in Appendix G to 10 CFR Part 73, Section I.(j), are duplicative of the NRCs current reporting requirements in 10 CFR Part 95; Moreover, 10 CFR 95.5, Definitions, defines the term Restricted Data (RD);
Accordingly, the NRC has revised the final rule language in 10 CFR 73.1200 to remove the provisions on reporting the loss or theft of classified information that were in the proposed rule Appendix G to 10 CFR Part 73, Section I.(j)...;
Finally, the NRC has revised the final rule language in 10 CFR 73.2 by adding a cross-reference to the definition of Restricted Data under 10 CFR 95.5.
The NRC did include a cross reference to RD in 10 CFR 73.2; however, through the inappropriate inclusion of an expanded definition of contraband, additional requirements were imposed on licensees subject to Part 95 requirements.
Provide a staff position that: Licensees that possess or conduct activities involving classified national security information or classified Restricted Data (RD) complying with the requirements of 10 CFR 95, need not report contraband events under 10 CFR 73.1200 requirements.
Additionally, the NRC needs to address the definition of contraband through proper rulemaking channels for final clarity and resolution.
would involve an event in which the loss or theft of a classified object (e.g., a classified shape) also involved the loss or theft of SNM contained within the classified object (see Staff Regulatory Guidance position 19).
The NRC disagrees with the comment to the extent that it questions the development of the definition of contraband. As such, this portion of the comment is a comment on the Commission approved final rule language and is not appropriately addressed in the final Revision 3 of RG 5.62.
NEI Att. 1, Comment 20 Throughout the entire document - use of terms report and notification(s).
With respect to 73.1200, 73.1205 and 73.1210, the use of the terms report and notification(s) in the DG is not The NRC agrees with the comment.
Accordingly, the NRC has revised the final Revision 3 to RG 5.62 in multiple locations to use the terms notify or notification when a licensee is implementing the notification requirements in 10 CFR 73.1200.
Page 24 of 29 consistent with the associated wording in 73.1200, 73.1205 and 73.1210.
Where elaborating on the requirements in 73.1200, 73.1205 and 73.1210, update the DG to use the term -
either report or notification(s) - appearing in the associated portion of the new rule (i.e., make them consistent).
Similarly, the NRC has revised the final Revision 3 to RG 5.62 in multiple locations to use the term report when a licensee is implementing the written reporting requirements in 10 CFR 73.1205.
These changes comply with the relevant regulatory language.
NEI Att. 1, Comment 21 Pages 16 - 18, 10 CFR 73.1205 Written Follow-Up Reports discussion.
10 CFR 73.71(e) Duplicate reports are not required for events that are also reportable in accordance with §§ 50.72 and 50.73 of this chapter.
The discussion regarding Written Follow-Up Reports in DG-5080, does not provide clarification on whether duplicate reports are required if an event is reportable under 50.72 and 73.1200. Previously, 73.71(e) provided an exception for the duplicate reports.
Proposed resolution: Provide clarification within DG-5080 on duplicate reporting requirements, and address this change through proper rulemaking channels for final clarity and resolution.
The NRC agrees with the comment.
Consistent with the requirements in 10 CFR 73.1200(s) a licensee with notification obligations under the relevant provisions of 10 CFR 73.1200 and 10 CFR 50.72, 63.73, 70.50, or 72.75 may notify the NRC of events in a single communication. This communication must identify each regulation under which the licensee is providing a notification to the NRC.
Accordingly, the NRC has revised the final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 17, to add a new paragraph 4, to read as follows:
Consistent with the principle of avoiding duplicate communications in 10 CFR 73.1200(s), a licensee may submit a single written follow-up report on notifications required by 10 CFR 73.1200 and by 10 CFR 50.72, 10 CFR 63.73, 10 CFR 70.50, or 10 CFR 72.75. There is no need to provide duplicate written follow-up reports. For example, a licensee that has made a notification under 10 CFR 50.72 and 10 CFR 73.1200 in a single communication may submit a single written follow-up report to comply with the requirements of 10 CFR 50.73 and 10 CFR 73.1205.
Page 25 of 29 Baker-1 Page 9 page 9 contains the following note:
Note: Power reactor facilities and production facilities that are in a decommissioning status and have removed all spent nuclear fuel from the facilitys spent fuel pool (e.g., to an ISFSI, MRS or GROA) need not report events under 10 CFR 73.1200(a). However, such licensees should instead consider whether the event should be reported under 10 CFR 73.1200(c), (e), or (g).
This note provides confusion as it appears that it allows ISFSI only sites to report under 10 CFR 73.1200(c), (e),
or (g), yet if read literally it only appears to provide relief to the power reactor facility and production facility in decommissioning. It would be clearer if there were a statement that reflects; Stand-alone ISFSI, MRS, or GROA facilities and Power reactor facilities and production facilities that are in a decommissioning status and have removed all spent nuclear fuel from the facilitys spent fuel pool (e.g., to an ISFSI, MRS or GROA) need not report events under 10 CFR 73.1200(a).
However, such licensees should instead consider whether the event should be reported under 10 CFR 73.1200(c),
(e), or (g).
If the intent of the Reg Guide is to require ISFSI only locations to make a 15-minute notification it may cause conflict with other license conditions as 10 CFR 72.32 (b)(8) requires Notification and coordination. A commitment to and a brief description of the means to promptly notify offsite response organizations and request offsite assistance, including medical assistance for the treatment of contaminated injured onsite workers when appropriate. A control point must be established.
The notification and coordination must be planned so that unavailability of some personnel, parts of the facility, and some equipment will not prevent the notification and The NRC agrees in part, and disagrees in part, with the comment.
The NRC agrees that the language of the Note was unclear and has removed it from the final Revision 3 to RG 5.62, Section B, Staff Regulatory Guidance position 7.1.
As discussed in NEI Comment 4 above, the NRC disagrees with the comment to the extent that it is suggesting that ISFSIs, MRSs, and GROAs should be removed from the classes of facilities subject to 15-minute event notifications. These classes of facilities are subject to 10 CFR 73.1200(a) since their security programs fall under the requirements of 10 CFR 73.51 or 10 CFR 73.55.
The NRC staff is evaluating the need for further rulemaking to address these issues and has issued Enforcement Guidance Memorandum (EGM)-23-001 Interim Guidance for Dispositioning Violations Associated with the Enhanced Weapons, Firearms Background Checks, and Security Event Notification Rule, (Ref. 27) to provide further guidance to NRC staff.
With respect to the precedence of notifications to State or local agencies, the NRC has provided guidance in the final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 7.3, on this issue.
Page 26 of 29 coordination. The licensee shall also commit to notify the NRC operations center immediately after notifications of the appropriate offsite response organizations and not later than one hour after the licensee declares an emergency. This is further clarified in § 72.75 Reporting requirements for specific events and conditions. Which states (a) Emergency notifications: Each licensee shall notify the NRC Headquarters Operations Center upon the declaration of an emergency as specified in the licensee's approved emergency plan addressed in § 72.32. The licensee shall notify the NRC immediately after notification of the appropriate State or local agencies, but not later than one hour after the time the licensee declares an emergency.
Baker-2 Page -15 At a Stand-Alone ISFSI, with the limited staff, engaged in a hostile event, awaiting LLEA response, if they are required to maintain an open line to the NRC it may cause confusion and may impact the ability of the security staff to concentrate on the immediate threat. It is imperative that the security staff focus on the threat and provide information to the LLEA, rather than making sure the NRC has an open line with the licensee within 15 minutes. It would benefit a stand-alone ISFSI to make notification in a timely manner not to exceed a 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> notification.
The NRC disagrees with the comment. The suggestion to make notification [to the NRC] in a timely manner not to exceed a 1-hour notification is not consistent with the regulatory language in 10 CFR 73.1200(a) and (o).
However, a licensees initiation of its contingency response, notification to LLEA, or notification of State officials required under the licensees Emergency Response Plan should take precedence over its physical security event notification to the NRC and establishment of a continuous communications channel if requested.
Therefore, licensee security staff at a stand-alone ISFSI would be capable of implementing the applicable detect, assess, and communicate protective strategy.
Accordingly, no change was made to the final Revision 3 to RG 5.62 in response to this comment.
Baker-3 Page-17 It is unclear in DG 5080 when directed, as a minimum, to determine the root cause of the event or condition, does this mean a Root Cause Analysis needs to be performed, The NRC agrees in part, and disagrees in part, with the comment.
Page 27 of 29 or does it mean a cause should be provided? Recommend stating to determine the cause of the event or condition.
This would make it clear that it doesnt necessarily mean a root cause analysis is required.
The NRC disagrees with the comments suggested replacement language as this suggestion is not consistent with the regulatory language under 10 CFR 73.1205(c)(3)(v) that requires a licensee to include in a written follow-up report information on the root cause of the event or condition. The NRC agrees that this language does not require a licensee to complete a formal root cause analysis of an event or condition.
However, the NRC does agree that additional clarification is appropriate. Accordingly, the NRC has revised final Revision 3 to RG 5.62, Section B, Topic Written Follow-up Reports, to add a new fourth major paragraph to read as follows:
Note: Additional guidance on discussing the root cause or causes in written follow-up reports may be found in Staff Regulatory Guidance position 17 of this RG.
Additionally, the NRC has revised the final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 17, to add the following guidance.
Under 10 CFR 73.1205(c)(3)(v), a licensee is required to specify in a written follow-up report the "the root cause of the event or condition. The NRC staff does not view this language to require the licensee to complete of a formal root cause analysis. A licensees decision on whether to complete a formal root cause analysis for an event or condition is solely at the licensees discretion.
The NRC staff does not view the regulatory language in 10 CFR 73.1205(c)(3)(v) as requiring a licensee to perform a formal root cause analysis for an event or condition being reported to the NRC. It is sufficient for the licensee to make a good faith effort to identify the
Page 28 of 29 proximate cause or causes of the event or condition. The licensees decision of whether to complete a formal root cause analysis for an event or condition is up to the licensees sole discretion. An event or condition may have one root cause or multiple root causes. The licensees report should indicate all of the applicable root causes for the event or condition. For example, for event involving both an incorrect or incomplete procedure and a human performance error, the report should specify that there were two root causes.
In instances where a licensee is not able to identify the root cause or causes of the event or condition within the 60-day timeliness requirement, the licensee should submit the written follow-up report within 60-days but indicate that they are still determining the root cause of the event or condition. The report should provide as much information as available about the cause or causes of the event or condition, as well as all other required information, and should state that a supplemental report will be provided once the final root cause or causes have been determined.
Baker-4 Page-18 73.1210(b)(2) states that a licensee must retain records for a 24-hour recordable physical security event for a period up to 3 years after the last entry is recorded, or until their license is terminated, whichever is later. Prior to 73.1210 being implemented the record was found in 73.71 (c) where it stated that the licensee should retain these records for 3 years after the last entry is made in each log or until termination of the license. Is it the intent that these records are now required to be retained for life of license, since it would be the later in all instances?
Previously 73.71 (c) required either 3 years or life of license.
This comment addresses the same issue raised in NEI Comment 10 above. Accordingly, the NRC reiterates its response to NEI Comment 10 above here.
Page 29 of 29 Recommend removing whichever is later and keeping retention period at either 3 years or life of license, as that it is more clear, as records would need to be available for all inspectable periods.
Baker-5 Page-23 Clarification does not appear to be provided for the detection of contraband as it relates to a disease-causing agent, which causes confusion on how a licensee is supposed to detect and report introduction. There was discussion during the May 10-11, 2023 presentation which is not reflected in the revision to the reg guide.
With-out this clarification licensees are not provided adequate guidance. The clarification stated, The NRC does not expect a licensee to establish new capabilities or procedures to identify other dangerous materials but if such an event occurs the NRC should be notified per 73.1200. As an alternative we recommend removing disease causing agent, as there are no methods to detect the presence.
This comment addresses the same issue raised in NEI Comment 18 above. Accordingly, the NRC reiterates its response to NEI Comment 18 above here.
NEI late Comment Email -1 Page 24 In example (3) [of DG-5080, Section C, Staff Regulatory Guidance position 7.1], the NRC has included the use of explosives by unmanned aerial systems [UAS]. UAS explosive attacks are not within the DBT.
Has the NRC removed or addressed UAS in revision 3 to RG 5.62?
The NRC agrees with the comment. Neither the design basis threat (DBT) for radiological sabotage nor the DBT for theft or diversion currently includes an attack involving delivery of explosives by a UAS.
Therefore, to avoid confusion between the DBTs and the event notifications in 10 CFR 73.1200(a), the NRC has revised the final Revision 3 to RG 5.62, Section C, Staff Regulatory Guidance position 7.1, example (3), to remove the term unmanned aerial system.