|
---|
Category:General FR Notice Comment Letter
MONTHYEARML24303A0832024-10-28028 October 2024 Comment (2) from Bruce Montgomery on Contamination Control, Radiological Survey, and Dose Modeling Considerations to Support License Termination at Sites with Environmental Discrete Radioactive Particle Contamination ML24262A0102024-09-17017 September 2024 Comment (1) of Victoria K. Anderson on Level 3 Probabilistic Risk Assessment Project Documentation (Volume 7) ML24262A0112024-09-13013 September 2024 Comment (2) of Frances A. Pimentel on Design-Basis Floods for Nuclear Power Plants and Guidance for Assessment of Flooding Hazards Due to Water Control Structure Failures and Incidents ML24234A0892024-08-15015 August 2024 Comment (1) of Mark Richter on Acceptable ASME Section XI Inservice Inspection Code Cases for 10 CFR Part 72 ML24200A1852024-07-17017 July 2024 Comment (1) of Frances A. Pimentel on Draft Regulatory Guides: Design-Basis Floods for Nuclear Power Plants and Guidance for Assessment of Flooding Hazards Due to Water Control Structure Failures and Incidents ML24173A0042024-06-14014 June 2024 Comment (1) of Individual on Draft NUREG: Event Report Guidelines ML24173A0052024-06-14014 June 2024 Comment (2) of Tony Brown on Behalf of Nuclear Energy Institute (NEI) on Draft NUREG: Event Report Guidelines ML24114A0252024-04-0808 April 2024 Comment (4) of Charlotte Shields on DG-5080 Uas Question ML24093A0392024-03-28028 March 2024 Comment (1) of Thomas Basso on Preparing Probabilistic Fracture Mechanics Submittals ML24081A0872024-03-14014 March 2024 Comment of Janet R. Schlueter on Behalf of NEI on Information Collection: Material Control and Accounting of Special Nuclear Material ML24058A0052024-02-23023 February 2024 Comment (5) of Tony Brown on Behalf of Nuclear Energy Institute (NEI) on Notice of Intent to Conduct Scoping Process and Prepare Environmental Impact Statement; Pacific Gas and Electric Company; Diablo Canyon Nuclear Power Plant, Units 1 an ML24009A0372023-12-13013 December 2023 Comment (2) of Bruce Montgomery on Draft DUWP-ISG-02, Radiological Survey and Dose Modeling of the Subsurface to Support License Termination ML23353A2442023-12-13013 December 2023 Comment (2) of Bruce Montgomery on Interim Staff Guidance on Subsurface Investigations, Radiological Survey and Dose Modeling of the Subsurface to Support License Termination ML23348A0732023-12-11011 December 2023 Comment (2) of Charlotte Shields on Behalf of Nuclear Energy Institute on Draft Regulatory Guide: Physical Security Event Notifications, Reports, and Records ML23348A0772023-12-11011 December 2023 Comment (1) of Charlotte Shields on Behalf of Nuclear Energy Institute on Draft Regulatory Guide: Preemption Authority, Enhanced Weapons Authority, and Firearms Background Checks ML23349A0442023-12-11011 December 2023 Comment (1) of Charlotte Shields on Draft Regulatory Guide: Suspicious Activity Reports ML23326A1172023-11-21021 November 2023 Comment (1) of Alan Campbell on Proposed Revision to Standard Review Plan Branch Technical Position 7-19, Guidance for Evaluation of Defense-In-Depth and Diversity to Address Common-Cause Failure Due to Latent Design Defects in Digital Safe ML23326A0312023-11-17017 November 2023 Comment (2) of Kati R. Austgen on Draft Regulatory Guide: General Site Suitability Criteria for Nuclear Power Stations ML23284A3892023-10-10010 October 2023 Comment (8) of Ben Holtzman on Guidance for a Technology-Inclusive Content of Application Methodology to Inform the Licensing Basis and Content of Applications for Licenses, Certifications, and Approvals for Advanced Reactors ML23270B9552023-09-27027 September 2023 Comment (2) of Stewart Yuen on Proposed Revision to Standard Review Plan Section 15.0, Introduction - Transient and Accident Analyses ML23242A0412023-08-25025 August 2023 Comment (2) of Brett Titus on Behalf of NEI on Draft NUREG: Revision to Subsequent License Renewal Guidance Documents, and Supplement to Associated Technical Bases Document ML23236A5292023-08-21021 August 2023 Comment (6) of Bruce S. Montgomery on Draft Interim Staff Guidance: Use of the Decommissioning Trust Fund During Operations for Major Radioactive Component Disposal ML23256A1122023-08-10010 August 2023 Comment (3) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap ML23256A1132023-08-10010 August 2023 Comment (4) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap ML23256A1152023-08-10010 August 2023 Comment (2) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap ML23256A1162023-08-10010 August 2023 Comment (1) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap ML23256A1192023-08-10010 August 2023 Comment (4) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap ML23256A1202023-08-10010 August 2023 Comment (2) of Ben Holtzman on Behalf of Nuclear Energy Institute on Draft Interim Staff Guidance: Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications-Roadmap ML23256A1222023-08-10010 August 2023 Comment (5) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap ML23256A1232023-08-10010 August 2023 Comment (4) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap ML23256A1252023-08-10010 August 2023 Comment (4) of Ben Holtzman on Behalf of Nuclear Energy Institute on Draft Interim Staff Guidance: Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications—Roadmap ML23234A0392023-08-10010 August 2023 Comment (4) of Ben Holtzman on Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications - Roadmap ML23181A0292023-06-29029 June 2023 Comment (2) of Rod Mccullum on Draft Regulatory Guide: Weather-Related Administrative Controls at Independent Spent Fuel Storage Installations ML23174A0492023-06-16016 June 2023 Comment (2) of Ben Holtzman on Behalf of Nuclear Energy Institute on Draft Interim Staff Guidance: Review of Risk-Informed, Technology Inclusive Advanced Reactor Applications—Roadmap ML23158A2162023-06-0202 June 2023 Comment (2) of Alan Campbell on Draft Regulatory Guide: Guidelines for Lightning Protection for Production and Utilization Facilities ML23159A2472023-05-22022 May 2023 Comment (4) of William Gross on Perimeter Intrusion Alarm Systems ML23143A1982023-05-18018 May 2023 Comment (1) of Richard Mogavero on Behalf of Nuclear Energy Institute on Draft Regulatory Guide: Cybersecurity Event Notifications ML23130A2082023-05-0808 May 2023 Comment (9) of Mark A. Richter on Behalf of Nuclear Energy Institute on Material Compatibility for Non-Light Water Reactors ML23115A0152023-04-0707 April 2023 Comment (1) of Alan Campbell on Draft Regulatory Guide: Criteria for Programmable Digital Devices in Safety-Related Systems of Nuclear Power Plants ML24120A2702023-04-0404 April 2023 Melody Rodridguez NEI Comment on Controlled Unclassified Information ML23089A0012023-03-28028 March 2023 OMB 3150-0035, NEI Comment on 10 CFR Part 21 Information Collection Renewal 2023 ML23094A0632023-03-28028 March 2023 NRC-2022-0145- NEI Official Comment Attachment on 10 CFR Part 21 Information Collection Renewal ML23115A0172023-03-23023 March 2023 Comment (3) of Alan Campbell on Draft Regulatory Guide: Criteria for Programmable Digital Devices in Safety-Related Systems of Nuclear Power Plants ML23074A0472023-03-14014 March 2023 Comment (2) of A. J. Clore on Perimeter Intrusion Alarm Systems ML22354A2422022-12-19019 December 2022 Comment (4) of Thomas Basso on Behalf of Nuclear Energy Institute on Performance-Based Containment Leak Test Program ML23005A2412022-12-16016 December 2022 Comment (1) of Janet R. Schlueter on Report on Waste Burial Charges: Changes in Decommissioning Waste Disposal Costs at Low-Level Waste Burial Facilities ML22244A1732022-08-31031 August 2022 Comment (1) of Tony Brown on Behalf of Nuclear Energy Institute on Industry Comments on Draft Appendices to NUREG/BR-0058, Revision 5, Regulatory Analysis Guidelines of the U.S. Nuclear Regulatory Commission ML22242A0302022-08-29029 August 2022 Comment (1) of Victoria K. Anderson on High Energy Arcing Fault Hazard Frequency and Consequence Modeling ML22231B0532022-08-19019 August 2022 Comment (6) of James E. Slider on NRCs Fiscal Years 2023-2027 Artificial Intelligence Strategic Plan ML22230A0402022-08-15015 August 2022 Comment (4) of William R. Gross on Behalf of NEI on Update of Facility Security Clearance 2024-09-17
[Table view] Category:Letter
MONTHYEARML24317A0802024-11-11011 November 2024 NEI - Input on Advanced Methods of Manufacturing and Construction for Nuclear Energy ML24317A1402024-11-11011 November 2024 NEI Input on Advanced Methods of Manufacturing and Construction for Nuclear Energy Projects ML24310A0552024-11-0404 November 2024 Comment (001) - Request for Extension of Comment Period from the Nuclear Energy Institute on Part 53 Rulemaking - Risk-Informed Technology-Inclusive Regulatory Framework for Advanced Reactors ML24307A0012024-10-31031 October 2024 Fee Exemption Extension Request for Pre-Submittal Activities, Review, and Endorsement of NEI 20-07, Guidance for Addressing Common Cause Failure in High Safety-Significant Safety-Related Digital I&C Systems ML24304A3482024-10-29029 October 2024 10-29-24 NEI Letter to NRC Status and Way Forward on NEI 99-04 Revision 1 ML24302A3112024-10-28028 October 2024 NEI Input on Improvements to Licensing and Oversight Programs ML24274A3112024-09-30030 September 2024 Request for NRC Review and Endorsement of NEI 99-01, Development of Emergency Action Levels for Non-Passive Reactors, Revision 7 ML24255A0702024-09-0909 September 2024 09-09-24_NRC_Industry Timeliness Request Regarding Items Relied Upon for Safety ML24204A2162024-07-22022 July 2024 Withdrawal of Fee Exemption Request for Endorsement of NEI White Paper, Selection of a Seismic Scenario for an EPZ Boundary Determination ML24204A2082024-07-22022 July 2024 07-22-24_NRC_NEI Withdrawal of Fee Exemption Request for Wp Selection of Seismic Scenario for EPZ Determination ML24187A0552024-07-0303 July 2024 Fee Exemption Request for NEI White Paper Selection of Seismic Scenario for EPZ Determination ML24184C1212024-07-0202 July 2024 NEI - Request for NRC Endorsement of NEI 24-05 Revision 0, an Approach for Risk-Informed Performance-Based Emergency Planning ML24173A2712024-06-14014 June 2024 NEI - Proposed Changes to Inspection Procedure (IP) 71130.10, Cybersecurity ML24165A0862024-06-13013 June 2024 NEI White Paper - Proposed Control Room Dose Acceptance Criteria Supporting RG 1.183 R2 ML24165A0852024-06-13013 June 2024 NEI White Paper - Impact of Higher Source Term Fractions on EQ Doses ML24165A0872024-06-12012 June 2024 NEI White Papers Supporting NRC Workshop Discussions Regarding Nuclear Regulatory Commissions (NRC) Potential Changes to Regulatory Guide 1.183 ML24152A3242024-05-31031 May 2024 NEI Concept Paper: Regulation of Rapid High-Volume Deployable Reactors in Remote Locations ML24159A7312024-05-23023 May 2024 05-23-24 Nuclear Energy Institute Letter to the U.S. Nuclear Regulatory Commission Re Industry Comments on Buildings as Items Relied on for Safety ML24135A1982024-04-23023 April 2024 SFAQ No 2022-02, SAE Program Requirements - NEI Withdrawal Letter ML24078A2212024-03-15015 March 2024 3-15-24 NEI Letter Aveil from Juhle on Pur ML24061A0572024-02-29029 February 2024 Endorsement of NEI 08-09, Revision 7, Changes to NEI 08-09 Cyber Security Plan for Nuclear Power Reactors ML24023A0392024-01-22022 January 2024 NEI Comments on the Information Collection Renewal for Domestic Licensing of Special Nuclear Material, Docket Id NRC-2023-0118 ML23355A1972023-12-14014 December 2023 NEI, Comments on NRC Draft Resolution of SFAQ 2022-02, SAE Program Requirements ML23219A1672023-10-25025 October 2023 Response Letter to Fee Exemption Request for Pre-Submittal Activities, Review, and Endorsement of NEI 20-07 ML23270B9002023-09-27027 September 2023 NEI Letter Request for an Extension of Comment Period on Proposed Revision to Standard Review Plan Section 15.0, Introduction - Transient and Accident Analyses, Docket Id NRC 2023 0079 ML23268A0102023-09-22022 September 2023 NEI, Fee Exemption Request for Endorsement, Review and Meeting to Discuss Draft Nuclear Energy Institute Technical Report NEI 23-01, Operator Cold License Training Plan for Advanced Nuclear Reactors ML23241A8612023-08-25025 August 2023 Consolidated Industry Comments to NRC Regulatory Issue Summary 2023-02, Scheduling Information for the Licensing of Accident Tolerant, Increased Enrichment, and Higher Burnup Fuels ML23236A4992023-08-24024 August 2023 Industry Feedback on Region II Fuel Cycle Facility Construction Oversight Workshop Held August 15, 2023, and Suggested Topics for Additional Public Meetings in Fall 2023 ML23256A1622023-08-0101 August 2023 Incoming NEI Letter Dated August 1, 2023 Regarding Increase in Fees 2023-2025 ML23206A0292023-07-24024 July 2023 Incoming Fee Exemption Request for Pre-Submittal Activities, Review, and Endorsement of NEI 20-07 ML23143A1232023-06-22022 June 2023 NRC Fee Waiver Request for Draft NEI 23-01 ML23200A1662023-05-30030 May 2023 NEI Proposed Metrics for a Performance-Based Emergency Preparedness Program ML23116A0732023-05-25025 May 2023 Letter to Hillary Lane in Response to a Request for a Fee Exemption for NEI 23-03 ML23135A7332023-05-0909 May 2023 NEI Comments on NRC Safety Culture Program Effectiveness Review ML23110A6762023-04-18018 April 2023 04-18-23_NRC_NEI 23-03 Review + Endorse ML23110A6782023-04-18018 April 2023 Request for Review and Endorsement of NEI 23-03, Supplemental Guidance for Application of 10 CFR 50.59 to Digital Modifications at Non-Power Production or Utilization Facilities ML23110A6752023-04-18018 April 2023 04-18-23_NRC_Fee Waiver for NEI 23-03 ML24120A2702023-04-0404 April 2023 Melody Rodridguez NEI Comment on Controlled Unclassified Information ML23107A2302023-03-31031 March 2023 NEI Letter, to Andrea Veil, NRC, Regarding Industry Recommendations for a 10 CFR 50.46a/c Combined Rulemaking ML23138A1662023-03-24024 March 2023 Transmittal of NEI 22-05 Revision a, Technology Inclusive Risk Informed Change Evaluation (Tirice) Guidance for the Evaluation of Changes to Facilities Utilizing NEI 18-04 and NEI 21-07 ML23083B4622023-03-24024 March 2023 Transmittal of NEI 22-05 Revision a, Technology Inclusive Risk Informed Change Evaluation (Tirice) Guidance for the Evaluation of Changes to Facilities Utilizing NEI 18-04 and NEI 21-07 ML23060A3272023-03-0101 March 2023 NEI, Wireless Cyber Security Guidance ML23060A2142023-03-0101 March 2023 NEI, Request for NRC Endorsement of NEI White Paper, Enabling a Remote Response by Members of an Emergency Response Organization, Revision 0 ML23023A2752023-01-23023 January 2023 Request for Extension of Comment Period from the Nuclear Energy Institute on PRM-50-124 - Licensing Safety Analysis for Loss-of-Coolant Accidents ML22348A1122023-01-17017 January 2023 Letter to Richard Mogavero Response to Fee Exemption NEI 08-09 Revision 7 ML22353A6082023-01-11011 January 2023 U.S. Nuclear Regulatory Commission Report of the Regulatory Audit of the NEI-Proposed Aging Management Program Revision to Selective Leaching Program (XI.M33) ML22349A1012022-12-12012 December 2022 LTR-22-0343 Ellen Ginsberg, Sr. Vice President, General Counsel and Secretary, Nuclear Energy Institute, Expresses Concerns Related to Issuance of Regulatory Issue Summary 2022-02; Operational Leakage ML22336A0372022-11-16016 November 2022 Fee Exemption Request for NEI 08-09 Revision 7 - Changes to NEI 08-09 Cyber Security Plan for Nuclear Power Reactors ML22321A3152022-11-16016 November 2022 NEI Letter with Comments on Significance Determination Process Timeliness Review ML22298A2262022-10-25025 October 2022 Endorsement of NEI 15-09, Cyber Security Event Notifications, Revision 1, Dated October 2022 2024-09-09
[Table view] |
Text
MELODY RODRIDGUEZ Senior Project Manager 1201 F Street, NW, Suite 1100 Washington, DC 20004 P: 202-739-8086 mcr@nei.org nei.org April 4, 2023 David Cullison Office of the Chief Information Officer U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001 Submitted via Regulations.gov Project Number: 689
Subject:
Industry Comments on the Information Collection for NRC Controlled Unclassified Information Program Information-Sharing Agreement (Docket ID: NRC-2022-0163)
Dear Mr. Cullison:
The Nuclear Energy Institute (NEI)1, on behalf of its members, is responding to the Nuclear Regulatory Commissions (NRC) information collection request entitled NRC Controlled Unclassified Information Program Information-Sharing Agreement.2 Specifically, in accordance with the Paperwork Reduction Act of 1995 (44 USC 3501-3521), the NRC seeks public comment on its intention to request Office of Management and Budget (OMB) approval for the collection of information associated with the NRCs proposed Controlled Unclassified Information (CUI) information-sharing agreement.3 The proposed CUI information-sharing agreement is intended to facilitate the NRCs implementation of a CUI program that meets the requirements of the final CUI Rule issued by the Information Security Oversight Office (ISOO) of the National Archives and Records Administration (NARA) in 2016 and codified at 32 CFR Part 2002.
We have prepared general comments about the NRCs CUI program implementation and its effects on the industry, and we have also prepared specific responses to the four questions posted to the docket. The industry remains committed to supporting the NRC in a successful CUI program implementation but 1 The Nuclear Energy Institute (NEI) is responsible for establishing unified policy on behalf of its members relating to matters affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues. NEIs members include entities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect and engineering firms, fuel cycle facilities, nuclear materials licensees, and other organizations involved in the nuclear energy industry.
2 88 Fed. Reg. 7478 (Feb. 3, 2023).
3 The current version of the draft CUI Information Sharing Agreement is available at ADAMS Accession No. ML22249A154.
Mr. David Cullison April 4, 2023 Page 2 continues to have concerns with the burden imposed upon external stakeholders. We do not believe that the execution of an information-sharing agreement is necessary for the NRC to successfully implement its program because of the discretion granted within the CUI Rule, but to the extent that an agreement is executed, it could be enhanced by substantially simplifying its contents to focus on the minimum requirements prescribed by NARA regulations and by providing ample time for external stakeholders to execute the agreements. Additionally, the NRC underestimates the resource burden to execute the agreements.
I.
General Comments NEI recognizes that the CUI Rule applies directly to Federal executive branch agencies, including the NRC, and that the NRC is obligated to implement a CUI program that meets the rules requirements. We also appreciate the substantial efforts undertaken by the NRC to develop and implement its CUI program and to include affected stakeholders in that process.
However, we remain concerned about the burdens and unforeseen consequences CUI program implementation will impose on the industry. We continue to communicate these issues to the NRC and endeavor to resolve them in a manner that minimizes burden. As discussed during the NRCs January 10, 2023, closed virtual meeting with the industry, while the current version of the information-sharing agreement now includes view-only and hard copy options, those options do not fully address our concerns relative to the viability of the NRCs current CUI implementation approach and associated burdens on the industry. We elaborate on some of those concerns below in our responses to the specific questions posed by the NRC.
II.
Responses to NRCs Specific Questions
- 1. Is the proposed collection of information necessary for the NRC to properly perform its functions? Does the information have practical utility? Please explain your answer.
We do not view the execution of CUI information-sharing agreements with non-executive branch entities to be necessary to either the NRCs ability to comply with the CUI Rule or meet its legal obligations under its authorizing statutes. As noted above, the CUI Rule provides that federal agencies should enter into such agreements with non-executive branch entities whenever feasible. Moreover, Section 2002.16(a)(5)(ii) of the CUI Rule explicitly recognizes that agencies may need to share CUI without a formal information-sharing agreement in carrying out its statutory mission. In such situations, the CUI Rule directs federal agencies to communicate to the recipient that the Government strongly encourages the non-executive branch entity to protect CUI in accordance with [Executive Order 13556], [32 CFR Part 2002], and the CUI Registry, and that such protections should accompany the CUI if the entity disseminates it further. Notably, the CUI Rule
Mr. David Cullison April 4, 2023 Page 3 seeks to balance and to minimize unnecessarily restrictive policies and practices by setting out a framework of rules within which agencies may exercise their discretion.4 The NRC has acknowledged this discretion in RIS 2022-03, NRC Plans to Establish Controlled Unclassified Information-Sharing Agreements with Non-Executive-Branch Entities. The NRC explains in the RIS that because it would not normally expect an entity without a signed agreement to have information systems in place that comply with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Non-Federal Systems and Organizations, it generally would share CUI with such an entity only in view only mode or in hard copy format. Significantly, the RIS also notes that there may be emergent situations where the NRC would electronically share CUI in a mode other than view only with an entity that lacks a signed agreement, where the NRC has reason to believe that the entity is capable of protecting the information on its own systems in a manner consistent with NIST SP 800-171, notwithstanding the absence of an agreement. It further notes that electronic sharing in a mode other than view only may be found necessary to accomplish the NRCs mission or to support compliance with legal or regulatory requirements or government-wide policies.5 Based upon a combination of the CUI Rule provisions and NRC statements, it is our understanding that a CUI information-sharing agreement is not imperative as either a legal or practical matter. In fact, for entities that have not executed a CUI information-sharing agreement with the NRC or have information systems that are not in compliance or expected to become in compliance with NIST SP 800-171, the NRC has indicated that it nonetheless may share CUI with such entities via a view-only electronic platform. Finally, to our knowledge, other federal agencies from whom our members receive CUI have not proposed similarly restrictive agreements with non-executive branch entities. Thus, the industry will be in the position of handling CUI from the NRC differently than they will handle CUI from other federal agencies, increasing the burdens related to information protection and introducing vulnerability to unnecessary error. This variability in approach among executive agencies raises further questions about whether a CUI information-sharing agreement is necessary at all.
- 2. Is the estimate of the burden of the information collection accurate? Please explain your answer.
The NRC estimates a total annual compliance burden of 16 hours1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> for this information collection, but that estimate appears to be substantially low. Based on experience and communications with NEI members, we anticipate that any decision by a member organization to enter into a CUI information-sharing agreement with the NRC will entail significant internal coordination among various divisions or offices within the organization (e.g., legal, regulatory affairs/compliance, information technology (IT), records management) and possibly consultation with external legal and IT vendors. These activities could require weeks, if not months, depending on the organizations internal protocols, current human and technology resources, and level of familiarity with the CUI program and NRCs implementation thereof.
4 NARA, CUI Rule, 81 Fed. Reg. at 63331.
5 RIS 2022-03 at 5.
Mr. David Cullison April 4, 2023 Page 4 We believe the burden costs of entering into the current version of the NRCs proposed CUI information-sharing agreement must be viewed and analyzed more holistically. A companys decision to execute the agreement - particularly if it chooses to certify that is in full compliance with NIST SP 800-171 or is in the process of ensuring that its non-executive branch information systems may handle CUI consistent with NIST SP 800-171 - likely would trigger an array of supporting activities and associated costs (both one-time and recurring). Such activities could include, but not be limited to, hiring of additional personnel and contractors, procedure updates, acquisition of new hardware or equipment, IT system modifications and upgrades, and employee training and support. Again, the time required to complete such activities is likely to be measured in weeks and months, not hours.
- 3. Is there a way to enhance the quality, utility, and clarity of the information to be collected?
We believe the NRC could enhance the quality, utility, and clarity of the CUI information-sharing agreement by substantially simplifying its contents to focus on the minimum requirements prescribed by NARA regulations. Specifically, 32 CFR 2002.16(a)(6) provides:
At a minimum, agreements with non-executive branch entities must include provisions that state: (i) Non-executive branch entities must handle CUI in accordance with
[Executive Order 13556], this part, and the CUI Registry; (ii) Misuse of CUI is subject to penalties established in applicable laws, regulations, or Government-wide policies; and (iii) The non-executive branch entity must report any non-compliance with handling requirements to the disseminating agency using methods approved by that agencys SAO.
When the disseminating agency is not the designating agency, the disseminating agency must notify the designating agency.
We view the current version of the agreement as being too prescriptive and limiting in nature because it effectively constrains any party signing the agreement to three options - NIST SP 800-171 compliance (demonstrated or in progress), electronic view-only access, and hard copies. As a result, the proposed agreement reduces the flexibility and agency discretion afforded by NARA regulations and contained in RIS 2022-03, and disincentivizes stakeholders from entering into the agreement. Establishing and maintaining compliance with NIST SP 800-171 standards requires significant effort and resources. Moreover, relying exclusively on view-only and/or hard copies of CUI, which cannot be electronically processed, stored, or transmitted (or duplicated without being subject to the same controls) under the current agreement, presents its own practical and legal challenges (e.g., meeting certain recordkeeping requirements).
Additionally, as discussed in response to Question 1, there is no utility in requiring CUI information-sharing agreements with all non-federal entities, because it is not required under 32 CFR 2002, and because NRCs proposed implementation is inconsistent with the implementation of other federal agencies.
Mr. David Cullison April 4, 2023 Page 5 4.
How can the burden of the information collection on respondents be minimized, including the use of automated collection techniques or other forms of information technology?
The burden of the information collection on respondents can be minimized by simplifying the contents of the CUI information-sharing agreement in order to facilitate a faster legal review process, and by providing non-executive branch entities with the agreement 2-3 months in advance of the planned execution date, in order to provide ample time for licensee legal review.
In summary, we appreciate this opportunity to comment on the information collection request for NRCs CUI information-sharing agreement and the agencys consideration of the concerns and approaches described in this letter. NEI members recognize the need to protect CUI from unauthorized disclosure and are committed to ensuring that this need is met. We look forward to continued engagement with the NRC to support CUI program implementation in an adequately effective and reasonable manner for external stakeholders.
If you have any questions or require additional information, please contact me at 202.739.8086 or mcr@nei.org.
Sincerely, Melody Rodriguez c:
Lois James, NRR, NRC Tanya Mensah, OCIO, NRC