Text

Month Year Response to Public Comments on Draft Regulatory Guide (DG)-5082 Suspicious Activity Reports Under 10 CFR Part 73 Proposed Revision 1 of Regulatory Guide (RG) 5.87 On October 27, 2023, the NRC published a notice in the Federal Register (88 FR 73769) that Draft Regulatory Guide, DG-5082, Proposed Revision 1 of RG 5.87, Suspicious Activity Reports," was available for public comment. The Public Comment period ended on December 11, 2023. The NRC received comments from the organizations listed below. The NRC has combined the comments and NRC staff responses in the following table.

Comments were received from the following:

Charlotte Shields, Senior Project Manager, Nuclear Security & Incident Preparedness Nuclear Generation Division Nuclear Energy Institute (NEI) 1776 I Street NW, STE 400 Washington DC 20006 ADAMS Accession No. ML23348A073 David T. Gudger, Sr. Manager, Licensing Constellation Energy Generation, LLC 200 Exelon Way Kennett Square, PA 19348 ADAMS Accession No. ML23348A074 Commenter Section Specific Comments NRC Resolution DG-5082, Suspicious Activity Reports Under 10 CFR Part 73 CEG-1 (Gudger)

General Constellation Energy Group (CEG) submitted a letter stating that it has provided its comments to the Nuclear Energy Institute (NEI) in support of their efforts to consolidate comments for the industry related to these draft RGs. CEG fully endorses the comments submitted by NEI on behalf of industry concerning these draft RGs, including DG-5082.

CEG did not provide separate specific comments on DG-5082 to the NRC. Therefore, this letter does not raise a comment that requires a response from the NRC.

NEI Cover letter Comment -1 (Shields)

The guidance appears inconsistent with the rule language regarding local FAA control tower.

The NEI cover letter contained the subject comment that is substantially the same as the related comment set forth in Attachment 3, Comment 2. The NRC has addressed this comment in its response to Att. 3, Comment 2.

Therefore, the NRC is not providing a response to this comment here.

Page 2 of 6 NEI Cover letter Comment -

2 Greater clarity is needed on the examples provided for elicitation of non-public information, aggressive noncompliance, and actual or attempted unauthorized recording or imaging.

The NEI cover letter contained the subject comment that is substantially the same as the related comment set forth in Attachment 3, Comment 3. The NRC has addressed this comment in its response to Att. 3, Comment 3.

Therefore, the NRC is not providing a response to this comment here.

NEI Att. 3, Comment 1 Page 3 footnote The NRC staff has temporarily withdrawn NUREG-1304. The NRC staff intends to hold a question-and-answer workshop with the public, licensees, and other interested stakeholders following implementation of 10 CFR 73.1200, 73.1205, and 73.1210. This workshop and the development of a revised NUREG 1304 will occur subsequent to the 300-day compliance period for licensees to implement these new physical security event notification regulations.

The 300-day compliance period ends January 8, 2024. It is unclear if workshops will be scheduled after the January 8, 2024, compliance date, or after the varying compliance dates that licensees have stated in approved exemption requests.

How will the NRC capture Questions and Answers identified and addressed for licensees that did not submit an exemption?

Create an FAQ-type webpage, similar to what the NRC used for Controlled Unclassified Information (CUI) implementation, to capture the Q&As for subsequent reference. This will allow for prompt documentation of staff positions and promote implementation and inspection consistency.

The NRC partially agrees with this comment. However, no changes were made.

The NRC staff did not specify a no later than date for the workshop to revise NUREG-1304 in DG-5082.

Rather, it specified a no earlier than date of January 8, 2024. Given that exemption requests have been submitted by many licensees regarding the implementation of the requirements in 10 CFR 73.1215, the staff intends to schedule a workshop and subsequent issuance of the draft revised NUREG for public comment to maximize licensee participation and knowledge management.

Accordingly, the staff has not yet scheduled a date for the workshop.

Any licensee subject to these regulations will be able to participate in the workshop and submit questions. Those actions are not contingent upon a previous exemption request. The public will also be able to comment on the draft NUREG.

While the staff agrees that there may be merit in developing an FAQ webpage for these topics that could then be rolled into a future NUREG, that action is beyond the scope of the final RG 5.87. Accordingly, the NRC staff will consider this suggestion as a separate action.

Page 3 of 6 NEI Att. 3, Comment 2 Page 8 & 9 - FAA discussion and the reference to Appendix A-2.1.

10 CFR 73.1215(c)(3)(iv); 73.1215(c)(5)(ii);

73.1215(c)(8)(ii) all refer to local FAA control tower.

Appendix A: A-2.1 provides recommendations on different FAA contacts, which are not the local FAA control tower.

The DG-5082 language is not aligned with requirements in 10 CFR 73.1215(c)(3)(iv), 10 CFR 73.1215(c)(5)(ii),

and 10 CFR 73.1215(c)(8)(ii).

The NRC staff should remove the text regarding contacts to the FAA from DG-5082.

The NRC agrees with this comment. The NRC has removed references to FAA contacts that are not to the FAA local control tower in the final Revision 1 to RG 5.87 in multiple locations, including Appendix A, Section A-2.1.

NEI Att. 3, Comment 3 Page 16 - Elicitation of Sensitive Non-public Information: Elicitation refers to a process used by individuals with malevolent intent to gather classified or sensitive non-public information through their interactions with people. Such information can be extracted knowingly or unknowingly (e.g.,

through casual conversations).

Example (8): In considering whether these requests are suspicious, a licensee may take into account the nature of the relationship with the questioner, the degree of specificity or probing in the questions, and whether repeated attempts are made to obtain the information. A licensee may consider repeated attempts by the same individual to obtain sensitive non-public information, after such requests have been denied by the licensee, as potentially suspicious activity. A licensee may wish to consider the legitimate role played by members of the press and other media in gathering information for the The NRC agrees with the comment. The NRC has added the suggested language, with minor editorial changes, to the final RG 5.87, Section C, Staff Regulatory Guidance position 5.1, example (8). Accordingly, the following sentence has been added to the end of example (8):

Similarly, a licensee may consider the circumstances surrounding an information request from a vendor (supplier) when determining if the inquiry is a potentially suspicious activity.

Additionally, the NRC has removed the term malevolent intent from Revision 1 to the final RG 5.87, Section C, Staff Regulatory Guidance position 5.1, first paragraph, to align with the regulatory language in 10 CFR 73.1215(d)(1)(ii).

Page 4 of 6 public when determining if such questioning is a potentially suspicious activity.

There are instances where a vendor requests information about a specific piece of equipment or equipment parameters, and they do not know that the information is classified.

Modify the last sentence of example (8) from:

A licensee may wish to consider the legitimate role played by members of the press and other media in gathering information for the public when determining if such questioning is a potentially suspicious activity.

To:

A licensee may wish to consider the legitimate role played by members of the press and other media in gathering information for the public when determining if such questioning is a potentially suspicious activity.

Similarly, the circumstances surrounding an information request from a vendor (supplier) should also be considered when determining if the inquiry is suspicious.

NEI Att. 3, Comment 4 Comment 4 provided several comments on DG-5082, Section 5.7, Aggressive Actions to Gather Information -

Enrichment Facilities.

Section 5.7, example (1)(a), Willful unauthorized departure from a tour group The commenter states that DG-5082 provides no clarification on the meaning of departure - e.g., line-of-sight is not maintained or length of time separated from a tour group and requested clarification of the term.

The NRC agrees that additional guidance is appropriate in Revision 1 to final RG 5.87, Section C, Staff Regulatory Guidance position 5.7, example (1)(a). The NRC has added the following note after example (1)(a):

As a good practice, a licensee may wish to apply a separation criterion from an escort of no more than 5 minutes time or 7 meters (23 feet) distance, if not within the escorts line-of-sight.

Page 5 of 6 Section 5.7, example (3)(a) - (d), Licensees should report suspicious activities involving the attempted unauthorized introduction of the following electronic devices or recording media inside a 10 CFR Part 95 security area containing RD technology, information, or materials:

The commenter states that the language in DG-5082, Section 5.7, example (3)(a) - (d) results in event reporting requirements inconsistent with event reporting requirements in 10 CFR 95.57.

Section 5.7, example (4), Consistent with 10 CFR 73.1215(f)(1)(ii), licensees should report activities involving the actual or attempted unauthorized recording or imaging of RD sensitive technology, equipment, or material inside a 10 CFR Part 95 security area under the requirements of 10 CFR 95.57(a).

The commenter states that the language in DG-5082, Section 5.7, example (4), appears to imply that if a cell phone crosses the threshold of a 10 CFR Part 95 security area, it is reportable under the requirements of 10 CFR 95.57(a). The commenter suggests that the NRC remove the language in example 4 and simply state that events reported under the requirements of 10 CFR 95.57(a),

need not be duplicated in 73.1215(f). The commenter further states that this position is not aligned with current The NRC agrees with the comment. The NRC has eliminated the language in DG-5082, Staff Regulatory Guidance position 5.7, example (3). The NRC has revised Revision 1 to the final RG 5.87, Section C, Staff Regulatory Guidance position 6, Potential Prohibited Activities Involving Restricted Data, to address the actual or attempted introduction of unauthorized electronic devices or unauthorized electronic media, including recording devices, inside a 10 CFR Part 95 security area. The guidance makes clear that activities that must be reported under 10 CFR 95.57, including activities involving electronic devices and recording media, do not also have to be reported under 10 CFR 73.1215. Licensees have the discretion to notify their local FBI field office regarding the unauthorized introduction of electronic devices or recording media at a 10 CFR Part 95 security area.

The NRC agrees in part, and disagrees in part, with the comment. The NRC staff does not agree that DG-5082, Section 5.7, example (4), implies that the introduction of a cellphone into a 10 CFR Part 95 security area must be reported under 10 CFR 95.57(a). The language in example (4) made clear that the use of a cellphone or other unauthorized electronic device for the actual or attempted unauthorized recording or imaging of RD technology, equipment, or material inside a 10 CFR Part 95 security area must be reported under 10 CFR 95.57(a).

Therefore, the NRC staff does not believe that there was any inconsistency between the language in example (4) and the regulatory requirement in 10 CFR 95.57(a).

However, the NRC staff has eliminated DG-5082, Section 5.7, example (4), and revised Revision 1 to the

Page 6 of 6 agreements put in place between licensees, the NRC and applicable the CSAs. Additionally, this RG, associated with the requirements of 10 CFR 73.1215, appears to provide clarification for 10 CFR 95, which is not the proper venue for clarification.

The new final definition of contraband in 10 CFR 73.2 was not made available for public review and comment.

The NRC should revise the definition of contraband through a formal rulemaking and align it with the requirements in 10 CFR 95.57. In the meantime, affected licensees should be allowed to continue to meet the requirements of 10 CFR Part 95 using current procedures and practices.

final RG 5.87, Section C, Staff Regulatory Guidance position 6, to clarify the reporting and recording requirements in 10 CFR Part 95 and 10 CFR 73.1215(f).

The clarified guidance makes clear that the introduction of a cellphone or other unauthorized electronic device into a 10 CFR Part 95 security area is properly recorded under 10 CFR 95.57(b). The NRC staff agrees with the comment there is no need to duplicate the reporting and recording requirements in 10 CFR 95.57 and 10 CFR 73.1215(f). This is made clear in Staff Regulatory Guidance position 6.

The commenters suggestion to revise the definition of contraband by rulemaking is beyond the scope of this regulatory guidance document. The NRC is currently exploring potential rulemaking to address, in part, the definition of contraband in 10 CFR 73.2.