|
|---|
Category:General FR Notice Comment Letter
MONTHYEARML24262A0102024-09-17017 September 2024
Comment (1) of Victoria K. Anderson on Level 3 Probabilistic Risk Assessment Project Documentation (Volume 7)
ML24262A0112024-09-13013 September 2024
Comment (2) of Frances A. Pimentel on Design-Basis Floods for Nuclear Power Plants and Guidance for Assessment of Flooding Hazards Due to Water Control Structure Failures and Incidents
ML24234A0892024-08-15015 August 2024
Comment (1) of Mark Richter on Acceptable ASME Section XI Inservice Inspection Code Cases for 10 CFR Part 72
ML24200A1852024-07-17017 July 2024
Comment (1) of Frances A. Pimentel on Draft Regulatory Guides: Design-Basis Floods for Nuclear Power Plants and Guidance for Assessment of Flooding Hazards Due to Water Control Structure Failures and Incidents
ML24173A0042024-06-14014 June 2024
Comment (1) of Individual on Draft NUREG: Event Report Guidelines
ML24173A0052024-06-14014 June 2024
Comment (2) of Tony Brown on Behalf of Nuclear Energy Institute (NEI) on Draft NUREG: Event Report Guidelines
ML24114A0252024-04-0808 April 2024
Comment (4) of Charlotte Shields on DG-5080 Uas Question
ML24093A0392024-03-28028 March 2024
Comment (1) of Thomas Basso on Preparing Probabilistic Fracture Mechanics Submittals
ML24081A0872024-03-14014 March 2024
Comment of Janet R. Schlueter on Behalf of NEI on Information Collection: Material Control and Accounting of Special Nuclear Material
ML24058A0052024-02-23023 February 2024
Comment (5) of Tony Brown on Behalf of Nuclear Energy Institute (NEI) on Notice of Intent to Conduct Scoping Process and Prepare Environmental Impact Statement; Pacific Gas and Electric Company; Diablo Canyon Nuclear Power Plant, Units 1 an
ML24009A0372023-12-13013 December 2023
Comment (2) of Bruce Montgomery on Draft DUWP-ISG-02, Radiological Survey and Dose Modeling of the Subsurface to Support License Termination
ML23353A2442023-12-13013 December 2023
Comment (2) of Bruce Montgomery on Interim Staff Guidance on Subsurface Investigations, Radiological Survey and Dose Modeling of the Subsurface to Support License Termination
ML23348A0732023-12-11011 December 2023
Comment (2) of Charlotte Shields on Behalf of Nuclear Energy Institute on Draft Regulatory Guide: Physical Security Event Notifications, Reports, and Records
ML23348A0772023-12-11011 December 2023
Comment (1) of Charlotte Shields on Behalf of Nuclear Energy Institute on Draft Regulatory Guide: Preemption Authority, Enhanced Weapons Authority, and Firearms Background Checks
ML23349A0442023-12-11011 December 2023
Comment (1) of Charlotte Shields on Draft Regulatory Guide: Suspicious Activity Reports
ML23326A1172023-11-21021 November 2023
Comment (1) of Alan Campbell on Proposed Revision to Standard Review Plan Branch Technical Position 7-19, Guidance for Evaluation of Defense-In-Depth and Diversity to Address Common-Cause Failure Due to Latent Design Defects in Digital Safe
ML23326A0312023-11-17017 November 2023
Comment (2) of Kati R. Austgen on Draft Regulatory Guide: General Site Suitability Criteria for Nuclear Power Stations
ML23284A3892023-10-10010 October 2023
Comment (8) of Ben Holtzman on Guidance for a Technology-Inclusive Content of Application Methodology to Inform the Licensing Basis and Content of Applications for Licenses, Certifications, and Approvals for Advanced Reactors
ML23270B9552023-09-27027 September 2023
Comment (2) of Stewart Yuen on Proposed Revision to Standard Review Plan Section 15.0, Introduction - Transient and Accident Analyses
ML23242A0412023-08-25025 August 2023
Comment (2) of Brett Titus on Behalf of NEI on Draft NUREG: Revision to Subsequent License Renewal Guidance Documents, and Supplement to Associated Technical Bases Document
ML23236A5292023-08-21021 August 2023
Comment (6) of Bruce S. Montgomery on Draft Interim Staff Guidance: Use of the Decommissioning Trust Fund During Operations for Major Radioactive Component Disposal
ML23256A1122023-08-10010 August 2023
Comment (3) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap
ML23256A1132023-08-10010 August 2023
Comment (4) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap
ML23256A1152023-08-10010 August 2023
Comment (2) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap
ML23256A1162023-08-10010 August 2023
Comment (1) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap
ML23256A1192023-08-10010 August 2023
Comment (4) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap
ML23256A1202023-08-10010 August 2023
Comment (2) of Ben Holtzman on Behalf of Nuclear Energy Institute on Draft Interim Staff Guidance: Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications-Roadmap
ML23256A1222023-08-10010 August 2023
Comment (5) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap
ML23256A1232023-08-10010 August 2023
Comment (4) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap
ML23256A1252023-08-10010 August 2023
Comment (4) of Ben Holtzman on Behalf of Nuclear Energy Institute on Draft Interim Staff Guidance: Review of Risk-Informed, Technology Inclusive Advanced Reactor Applicationsroadmap
ML23234A0392023-08-10010 August 2023
Comment (4) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap
ML23181A0292023-06-29029 June 2023
Comment (2) of Rod Mccullum on Draft Regulatory Guide: Weather-Related Administrative Controls at Independent Spent Fuel Storage Installations
ML23174A0492023-06-16016 June 2023
Comment (2) of Ben Holtzman on Behalf of Nuclear Energy Institute on Draft Interim Staff Guidance: Review of Risk-Informed, Technology Inclusive Advanced Reactor Applicationsroadmap
ML23158A2162023-06-0202 June 2023
Comment (2) of Alan Campbell on Draft Regulatory Guide: Guidelines for Lightning Protection for Production and Utilization Facilities
ML23159A2472023-05-22022 May 2023
Comment (4) of William Gross on Perimeter Intrusion Alarm Systems
ML23143A1982023-05-18018 May 2023
Comment (1) of Richard Mogavero on Behalf of Nuclear Energy Institute on Draft Regulatory Guide: Cybersecurity Event Notifications
ML23130A2082023-05-0808 May 2023
Comment (9) of Mark A. Richter on Behalf of Nuclear Energy Institute on Material Compatibility for Non-Light Water Reactors
ML23115A0152023-04-0707 April 2023
Comment (1) of Alan Campbell on Draft Regulatory Guide: Criteria for Programmable Digital Devices in Safety-Related Systems of Nuclear Power Plants
ML24120A2702023-04-0404 April 2023
Melody Rodridguez NEI Comment on Controlled Unclassified Information
ML23089A0012023-03-28028 March 2023
OMB 3150-0035, NEI Comment on 10 CFR Part 21 Information Collection Renewal 2023
ML23094A0632023-03-28028 March 2023
NRC-2022-0145- NEI Official Comment Attachment on 10 CFR Part 21 Information Collection Renewal
ML23115A0172023-03-23023 March 2023
Comment (3) of Alan Campbell on Draft Regulatory Guide: Criteria for Programmable Digital Devices in Safety-Related Systems of Nuclear Power Plants
ML23074A0472023-03-14014 March 2023
Comment (2) of A. J. Clore on Perimeter Intrusion Alarm Systems
ML22354A2422022-12-19019 December 2022
Comment (4) of Thomas Basso on Behalf of Nuclear Energy Institute on Performance-Based Containment Leak Test Program
ML23005A2412022-12-16016 December 2022
Comment (1) of Janet R. Schlueter on Report on Waste Burial Charges: Changes in Decommissioning Waste Disposal Costs at Low-Level Waste Burial Facilities
ML22244A1732022-08-31031 August 2022
Comment (1) of Tony Brown on Behalf of Nuclear Energy Institute on Industry Comments on Draft Appendices to NUREG/BR-0058, Revision 5, Regulatory Analysis Guidelines of the U.S. Nuclear Regulatory Commission
ML22242A0302022-08-29029 August 2022
Comment (1) of Victoria K. Anderson on High Energy Arcing Fault Hazard Frequency and Consequence Modeling
ML22231B0532022-08-19019 August 2022
Comment (6) of James E. Slider on Nrc'S Fiscal Years 2023-2027 Artificial Intelligence Strategic Plan
ML22230A0402022-08-15015 August 2022
Comment (4) of William R. Gross on Behalf of NEI on Update of Facility Security Clearance
ML22224A1942022-08-12012 August 2022
Comment (1) of William R. Gross on Behalf of Nuclear Energy Institute on Personnel Access Authorization Requirements for Non-Immigrant Foreign Nationals Working at Nuclear Power Plants
2024-09-17
[Table view]
Category:Letter
MONTHYEARML24304A3482024-10-29029 October 2024
10-29-24 NEI Letter to NRC Status and Way Forward on NEI 99-04 Revision 1
ML24274A3112024-09-30030 September 2024
Request for NRC Review and Endorsement of NEI 99-01, Development of Emergency Action Levels for Non-Passive Reactors, Revision 7
ML24255A0702024-09-0909 September 2024
09-09-24_NRC_Industry Timeliness Request Regarding Items Relied Upon for Safety
ML24204A2082024-07-22022 July 2024
07-22-24_NRC_NEI Withdrawal of Fee Exemption Request for Wp Selection of Seismic Scenario for EPZ Determination
ML24204A2162024-07-22022 July 2024
Withdrawal of Fee Exemption Request for Endorsement of NEI White Paper, Selection of a Seismic Scenario for an EPZ Boundary Determination
ML24187A0552024-07-0303 July 2024
Fee Exemption Request for NEI White Paper Selection of Seismic Scenario for EPZ Determination
ML24184C1212024-07-0202 July 2024
NEI - Request for NRC Endorsement of NEI 24-05 Revision 0, an Approach for Risk-Informed Performance-Based Emergency Planning
ML24173A2712024-06-14014 June 2024
NEI - Proposed Changes to Inspection Procedure (IP) 71130.10, Cybersecurity
ML24165A0852024-06-13013 June 2024
NEI White Paper - Impact of Higher Source Term Fractions on EQ Doses
ML24165A0862024-06-13013 June 2024
NEI White Paper - Proposed Control Room Dose Acceptance Criteria Supporting RG 1.183 R2
ML24165A0872024-06-12012 June 2024
NEI White Papers Supporting NRC Workshop Discussions Regarding Nuclear Regulatory Commissions (NRC) Potential Changes to Regulatory Guide 1.183
ML24152A3242024-05-31031 May 2024
NEI Concept Paper: Regulation of Rapid High-Volume Deployable Reactors in Remote Locations
ML24159A7312024-05-23023 May 2024
05-23-24 Nuclear Energy Institute Letter to the U.S. Nuclear Regulatory Commission Re Industry Comments on Buildings as Items Relied on for Safety
ML24135A1982024-04-23023 April 2024
SFAQ No 2022-02, SAE Program Requirements - NEI Withdrawal Letter
ML24078A2212024-03-15015 March 2024
3-15-24 NEI Letter Aveil from Juhle on Pur
ML24061A0572024-02-29029 February 2024
Endorsement of NEI 08-09, Revision 7, Changes to NEI 08-09 Cyber Security Plan for Nuclear Power Reactors
ML24023A0392024-01-22022 January 2024
NEI Comments on the Information Collection Renewal for Domestic Licensing of Special Nuclear Material, Docket Id NRC-2023-0118
ML23355A1972023-12-14014 December 2023
NEI, Comments on NRC Draft Resolution of SFAQ 2022-02, SAE Program Requirements
ML23219A1672023-10-25025 October 2023
Response Letter to Fee Exemption Request for Pre-Submittal Activities, Review, and Endorsement of NEI 20-07
ML23270B9002023-09-27027 September 2023
NEI Letter Request for an Extension of Comment Period on Proposed Revision to Standard Review Plan Section 15.0, Introduction - Transient and Accident Analyses, Docket Id NRC 2023 0079
ML23268A0102023-09-22022 September 2023
NEI, Fee Exemption Request for Endorsement, Review and Meeting to Discuss Draft Nuclear Energy Institute Technical Report NEI 23-01, Operator Cold License Training Plan for Advanced Nuclear Reactors
ML23241A8612023-08-25025 August 2023
Consolidated Industry Comments to NRC Regulatory Issue Summary 2023-02, Scheduling Information for the Licensing of Accident Tolerant, Increased Enrichment, and Higher Burnup Fuels
ML23236A4992023-08-24024 August 2023
Industry Feedback on Region II Fuel Cycle Facility Construction Oversight Workshop Held August 15, 2023, and Suggested Topics for Additional Public Meetings in Fall 2023
ML23256A1622023-08-0101 August 2023
Incoming NEI Letter Dated August 1, 2023 Regarding Increase in Fees 2023-2025
ML23206A0292023-07-24024 July 2023
Incoming Fee Exemption Request for Pre-Submittal Activities, Review, and Endorsement of NEI 20-07
ML23143A1232023-06-22022 June 2023
NRC Fee Waiver Request for Draft NEI 23-01
ML23200A1662023-05-30030 May 2023
NEI Proposed Metrics for a Performance-Based Emergency Preparedness Program
ML23116A0732023-05-25025 May 2023
Letter to Hillary Lane in Response to a Request for a Fee Exemption for NEI 23-03
ML23135A7332023-05-0909 May 2023
NEI Comments on NRC Safety Culture Program Effectiveness Review
ML23110A6762023-04-18018 April 2023
04-18-23_NRC_NEI 23-03 Review + Endorse
ML23110A6752023-04-18018 April 2023
04-18-23_NRC_Fee Waiver for NEI 23-03
ML23110A6782023-04-18018 April 2023
Request for Review and Endorsement of NEI 23-03, Supplemental Guidance for Application of 10 CFR 50.59 to Digital Modifications at Non-Power Production or Utilization Facilities
ML24120A2702023-04-0404 April 2023
Melody Rodridguez NEI Comment on Controlled Unclassified Information
ML23107A2302023-03-31031 March 2023
NEI Letter, to Andrea Veil, NRC, Regarding Industry Recommendations for a 10 CFR 50.46a/c Combined Rulemaking
ML23083B4622023-03-24024 March 2023
Transmittal of NEI 22-05 Revision a, Technology Inclusive Risk Informed Change Evaluation (Tirice) Guidance for the Evaluation of Changes to Facilities Utilizing NEI 18-04 and NEI 21-07
ML23138A1662023-03-24024 March 2023
Transmittal of NEI 22-05 Revision a, Technology Inclusive Risk Informed Change Evaluation (Tirice) Guidance for the Evaluation of Changes to Facilities Utilizing NEI 18-04 and NEI 21-07
ML23060A3272023-03-0101 March 2023
NEI, Wireless Cyber Security Guidance
ML23060A2142023-03-0101 March 2023
NEI, Request for NRC Endorsement of NEI White Paper, Enabling a Remote Response by Members of an Emergency Response Organization, Revision 0
ML23023A2752023-01-23023 January 2023
Request for Extension of Comment Period from the Nuclear Energy Institute on PRM-50-124 - Licensing Safety Analysis for Loss-of-Coolant Accidents
ML22348A1122023-01-17017 January 2023
Letter to Richard Mogavero Response to Fee Exemption NEI 08-09 Revision 7
ML22353A6082023-01-11011 January 2023
U.S. Nuclear Regulatory Commission Report of the Regulatory Audit of the NEI-Proposed Aging Management Program Revision to Selective Leaching Program (XI.M33)
ML22349A1012022-12-12012 December 2022
LTR-22-0343 Ellen Ginsberg, Sr. Vice President, General Counsel and Secretary, Nuclear Energy Institute, Expresses Concerns Related to Issuance of Regulatory Issue Summary 2022-02; Operational Leakage
ML22336A0372022-11-16016 November 2022
Fee Exemption Request for NEI 08-09 Revision 7 - Changes to NEI 08-09 Cyber Security Plan for Nuclear Power Reactors
ML22321A3152022-11-16016 November 2022
NEI Letter with Comments on Significance Determination Process Timeliness Review
ML22298A2262022-10-25025 October 2022
Endorsement of NEI 15-09, Cyber Security Event Notifications, Revision 1, Dated October 2022
ML22298A2302022-10-17017 October 2022
Submittal of NEI 22-03, Draft Revision 0, Nuclear Generation Quality Assurance Program Description
ML22207B6512022-07-26026 July 2022
NEI, Full Fee Exemption Request for Industry Guidance Proposal - Weather Related Administrative Controls During Transient Outdoor Dry Cask Operations
ML22195A1662022-07-14014 July 2022
NEI, Draft G of NEI 99-01, Development of Emergency Action Levels for Non-Passive Reactors, Revision 7
ML22195A0672022-07-13013 July 2022
Fee Exemption Request for Review and Meeting to Discuss Draft Nuclear Energy Institute Technical Report NEI 21-05, Reporting Guidance for Licensees with Risk-Informed Licensing Bases
ML22195A0202022-07-13013 July 2022
07-13-22 NRC Fee Exemption Request for NEI 21-05 Review
2024-09-09
[Table view] |
Text
MELODY RODRIDGUEZ Senior Project Manager
1201 F Street, NW, Suite 1100 Washington, DC 20004 P: 202-739-8086 mcr@nei.org nei.org
April 4, 2023
David Cullison Office of the Chief Information Officer U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001
Submitted via Regulations.gov
Project Number: 689
Subject:
Industry Comments on the Information Collection for NRC Controlled Unclassified Information Program Information-Sharing Agreement (Docket ID: NRC-2022-0163)
Dear Mr. Cullison:
The Nuclear Energy Institute (NEI) 1, on behalf of its members, is responding to the Nuclear Regulatory Commissions (NRC) information collection request entitled NRC Controlled Unclassified Information Program Information-Sharing Agreement. 2 Specifically, in accordance with the Paperwork Reduction Act of 1995 (44 USC 3501-3521), the NRC seeks public comment on its intention to request Office of Management and Budget (OMB) approval for the collection of information associated with the NRCs proposed Controlled Unclassified Information (CUI) information-sharing agreement. 3 The proposed CUI information-sharing agreement is intended to facilitate the NRCs implementation of a CUI program that meets the requirements of the final CUI Rule issued by the Information Security Oversight Office (ISOO) of the National Archives and Records Administration (NARA) in 2016 and codified at 32 CFR Part 2002.
We have prepared general comments about the NRCs CUI program implementation and its effects on the industry, and we have also prepared specific responses to the four questions posted to the docket. The industry remains committed to supporting the NRC in a successful CUI program implementation but
1 The Nuclear Energy Institute (NEI) is responsible for establishing unified policy on behalf of its members relating to matter s affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues. NEIs members include entities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect and engineering firms, fuel cycle facilities, nuclear materials licensees, and other organizations involved in the nuclear energy industry.
2 88 Fed. Reg. 7478 (Feb. 3, 2023).
3 The current version of the draft CUI Information Sh aring Agreement is available at ADAMS Accession No. ML22249A154.
Mr. David Cullison April 4, 2023 Page 2
continues to have concerns with the burden imposed upon external stakeholders. We do not believe that the execution of an information-sharing agreement is necessary for the NRC to successfully implement its program because of the discretion granted within the CUI Rule, but to the extent that an agreement is executed, it could be enhanced by substantially simplifying its contents to focus on the minimum requirements prescribed by NARA regulations and by providing ample time for external stakeholders to execute the agreements. Additionally, the NRC underestimates the resource burden to execute the agreements.
I. General Comments
NEI recognizes that the CUI Rule applies directly to Federal executive branch agencies, including the NRC, and that the NRC is obligated to implement a CUI program that meets the rules requirements. We also appreciate the substantial efforts undertaken by the NRC to develop and implement its CUI program and to include affected stakeholders in that process.
However, we remain concerned about the burdens and unforeseen consequences CUI program implementation will impose on the industry. We continue to communicate these issues to the NRC and endeavor to resolve them in a manner that minimizes burden. As discussed during the NRCs January 10, 2023, closed virtual meeting with the industry, wh ile the current version of the information-sharing agreement now includes view-only and hard copy options, those options do not fully address our concerns relative to the viability of the NRCs current CUI implementation approach and associated burdens on the industry. We elaborate on some of those concerns below in our responses to the specific questions posed by the NRC.
II. Responses to NRCs Specific Questions
- 1. Is the proposed collection of information necessary for the NRC to properly perform its functions? Does the information have practical utility? Please explain your answer.
We do not view the execution of CUI information-sharing agreements with non-executive branch entities to be necessary to either the NRCs ability to comply with the CUI Rule or meet its legal obligations under its authorizing statutes. As noted above, the CUI Rule provides that federal agencies should enter into such agreements with non-executive branch entities whenever feasible. Moreover, Section 2002.16(a)(5)(ii) of the CUI Rule explicitly recognizes that agencies may need to share CUI without a formal information-sharing agreement in carrying out its statutory mission. In such situations, the CUI Rule directs federal agencies to communicate to the recipient that the Government strongly encourages the non-executive branch entity to protect CUI in accordance with [Executive Order 13556], [32 CFR Part 2002], and the CUI Registry, and that such protections should accompany the CUI if the entity disseminates it further. Notably, the CUI Rule Mr. David Cullison April 4, 2023 Page 3
seeks to balance and to minimize unnecessarily restrictive policies and practices by setting out a framework of rules within which agencies may exercise their discretion. 4
The NRC has acknowledged this discretion in RIS 2022-03, NRC Plans to Establish Controlled Unclassified Information-Sharing Agreements with Non-Executive-Branch Entities. The NRC explains in the RIS that because it would not normally expect an entity without a signed agreement to have information systems in place that comply with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Non-Federal Systems and Organizations, it generally would share CUI with such an entity only in view only mode or in hard copy format. Significantly, the RIS also notes that there may be emergent situations where the NRC would electronically share CUI in a mode other than view only with an entity that lacks a signed agreement, where the NRC has reason to believe that the entity is capable of protecting the information on its own systems in a manner consistent with NIST SP 800-171, notwithstanding the absence of an agreement. It further notes that electronic sharing in a mode other than view only may be found necessary to accomplish the NRCs mission or to support compliance with legal or regulatory requirements or government-wide policies. 5
Based upon a combination of the CUI Rule provisions and NRC statements, it is our understanding that a CUI information-sharing agreement is not imperative as either a legal or practical matter. In fact, for entities that have not executed a CUI information-sharing agreement with the NRC or have information systems that are not in compliance or expected to become in compliance with NIST SP 800-171, the NRC has indicated that it nonetheless may share CUI with such entities via a view-only electronic platform. Finally, to our knowledge, other federal agencies from whom our members receive CUI have not proposed similarly restrictive agreements with non-executive branch entities. Thus, the industry will be in the position of handling CUI from the NRC differently than they will handle CUI from other federal agencies, increasing the burdens related to information protection and introducing vulnerability to unnecessary error. This variability in approach among executive agencies raises further questions about whether a CUI information-sharing agreement is necessary at all.
- 2. Is the estimate of the burden of the information collection accurate? Please explain your answer.
The NRC estimates a total annual compliance burden of 16 hours1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> for this information collection, but that estimate appears to be substantially low. Based on experience and communications with NEI members, we anticipate that any decision by a member organization to enter into a CUI information-sharing agreement with the NRC will entail significant internal coordination among various divisions or offices within the organization (e.g., legal, regulatory affairs/compliance, information technology (IT), records management) and possibly consultation with external legal and IT vendors. These activities could require weeks, if not months, depending on the organizations internal protocols, current human and technology resources, and level of familiarity with the CUI program and NRCs implementation thereof.
4 NARA, CUI Rule, 81 Fed. Reg. at 63331.
5 RIS 2022-03 at 5.
Mr. David Cullison April 4, 2023 Page 4
We believe the burden costs of entering into the current version of the NRCs proposed CUI information-sharing agreement must be viewed and analyzed more holistically. A companys decision to execute the agreement - particularly if it chooses to certify that is in full compliance with NIST SP 800-171 or is in the process of ensuring that its non-executive branch information systems may handle CUI consistent with NIST SP 800-171 - likely would trigger an array of supporti ng activities and associated costs (both one-time and recurring). Such activities could include, but not be lim ited to, hiring of additional personnel and contractors, procedure updates, acquisition of new hardware or equipment, IT system modifications and upgrades, and employee training and support. Again, the time required to complete such activities is likely to be measured in weeks and months, not hours.
- 3. Is there a way to enhance the quality, utility, and clarity of the information to be collected?
We believe the NRC could enhance the quality, utility, and clarity of the CUI information-sharing agreement by substantially simplifying its contents to focus on the minimum requirements prescribed by NARA regulations. Specifically, 32 CFR 2002.16(a)(6) provides:
At a minimum, agreements with non-executive branch entities must include provisions that state: (i) Non-executive branch entities must handle CUI in accordance with
[Executive Order 13556], this part, and the CUI Registry; (ii) Misuse of CUI is subject to penalties established in applicable laws, regulations, or Government-wide policies; and (iii) The non-executive branch entity must report any non-compliance with handling requirements to the disseminating agency using methods approved by that agencys SAO.
When the disseminating agency is not the designating agency, the disseminating agency must notify the designating agency.
We view the current version of the agreement as being too prescriptive and limiting in nature because it effectively constrains any party signing the agreement to three options - NIST SP 800-171 compliance (demonstrated or in progress), electronic view-only access, and hard copies. As a result, the proposed agreement reduces the flexibility and agency discretion afforded by NARA regulations and contained in RIS 2022-03, and disincentivizes stakeholders from entering into the agreement. Establishing and maintaining compliance with NIST SP 800-171 standards re quires significant effort and resources. Moreover, relying exclusively on view-only and/or hard copies of CUI, which cannot be electronically processed, stored, or transmitted (or duplicated without being subject to the same controls) under the current agreement, presents its own practical and legal challenges (e.g., meeting certain recordkeeping requirements).
Additionally, as discussed in response to Question 1, there is no utility in requiring CUI information-sharing agreements with all non-federal entities, because it is not required under 32 CFR 2002, and because NRCs proposed implementation is inconsistent with the implementation of other federal agencies.
Mr. David Cullison April 4, 2023 Page 5
- 4. How can the burden of the information collection on respondents be minimized, including the use of automated collection techniques or other forms of information technology?
The burden of the information collection on respondent s can be minimized by simplifying the contents of the CUI information-sharing agreement in order to facilitate a faster legal review process, and by providing non-executive branch entities with the agreement 2-3 months in advance of the planned execution date, in order to provide ample time for licensee legal review.
In summary, we appreciate this opportunity to comment on the information collection request for NRCs CUI information-sharing agreement and the agencys consideration of the concerns and approaches described in this letter. NEI members recognize the need to protect CUI from unauthorized disclosure and are committed to ensuring that this need is met. We look forward to continued engagement with the NRC to support CUI program implementation in an adequately effective and reasonable manner for external stakeholders.
If you have any questions or require additional information, please contact me at 202.739.8086 or mcr@nei.org.
Sincerely,
Melody Rodriguez
c: Lois James, NRR, NRC Tanya Mensah, OCIO, NRC