ML24141A129

From kanterella
Jump to navigation Jump to search

Northern States Power Company - Use of Encryption Software for Electronic Transmission of Safeguards Information
ML24141A129
Person / Time
Site: Monticello, Prairie Island, 07200104  Xcel Energy icon.png
Issue date: 05/22/2024
From: Ballard B
NRC/NRR/DORL/LPL3
To: Church C
Northern States Power Company, Minnesota
References
EPID L-2024-LLL-0008 CFR 73.22(f)(3), 2020 FIPS 140-2, Certificate No. 3729
Download: ML24141A129 (1)


Text

May 22, 2024

Christopher R. Church Senior Vice President and Chief Nuclear Officer Northern States Power Company - Minnesota 414 Nicollet Mall Minneapolis, MN 55401

SUBJECT:

NORTHERN STATES POWER COMPANY - USE OF ENCRYPTION SOFTWARE FOR ELECTRONIC TRANSMISSION OF SAFEGUARDS INFORMATION (EPID L-2024-LLL-0008)

Dear Christopher Church:

By letter dated April 30, 2024 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML24121A147), Northern States Power Company, a Minnesota Corporation, doing business as Xcel Energy (NSPM, the licensee) requested that the U.S.

Nuclear Regulatory Commission (NRC) approve the use of Symantec Encryption Desktop, Version 10.5.1, for the electronic transmission of Safeguards information. You stated that this version of the encryption product was developed with Pretty Good Privacy Cryptographic Engine Software, Version 4.4, and complies with Federal Information Processing Standard (FIPS) 140-2 as validated by the National Institute of Standards and Technology (NIST) October 2020 FIPS 140-2 Consolidated Validation Certificate (Certificate No. 3729).

The NRC approves only those cryptographic algori thms approved by NIST. Based on the NIST validation that the encryption software complies with FIPS 140-2, the NRC staff finds that the use of Symantec Encryption Desktop, Version 10.5.1, is acceptable to use for electronic transmission of SGI in accordance with Title 10 of the Code of Federal Regulations (10 CFR) 73.22(f)(3). As described in Regulatory Issue Summary 2002-15, newer versions of encryption software may be used without prior NRC approval, if it is documented that the newer version uses the same cryptographic module as the current version. Therefore, in accordance with 10 CFR 73.22(f)(3), the NRC staff approves the use of Symantec Encryption Desktop, Version 10.5.1. If NIST no longer approves certain cryptographic algorithms, the NRC also does not approve use of that cryptographic algorithm.

C. Church - 2 -

If you have any questions, please contact me at (301) 415-0680 or via e-mail at Brent.Ballard@nrc.gov.

Sincerely,

Brent T. Ballard, Project Manager Plant Licensing Branch III Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation

Docket Nos. 50-263, 50-282, 50-306 and 72-10

cc: Listserv

ML24141A129 OFFICE NRR/DORL/LPL3/PM NRR/DORL/LPL3/LA NSIR/DSO/ISB/BC NAME BBallard SRohrer DParsons DATE 5/20/2024 5/21/24 5/20/2024 OFFICE NRR/DORL/LPL3/BC NRR/DORL/LPL3/PM NAME JWhited BBallard DATE 5/22/2024 5/22/2024