IP 81822 Protection of Safeguards Information

ML24256A162
Person / Time
Issue date:	10/31/2024
From:	Eric Wharton NRC/NSIR/DSO/SOSB
To:
References
CN 24-034
Download: ML24256A162 (1)
v • d • e

Text

Issue Date: 10/31/24 1

81822 NRC INSPECTION MANUAL NSIR/DSO INSPECTION PROCEDURE 81822 PROTECTION OF SAFEGUARDS INFORMATION Effective Date: September 1, 2024 PROGRAM APPLICABILITY: IMC 2201 C 81822-01 INSPECTION OBJECTIVES 01.01 To determine if the licensees information protection system effectively protects safeguards information (SGI), as defined in Title 10 of the Code of Federal Regulations (10 CFR) 10 CFR 73.21, and 10 CFR 73.22, and prevents unauthorized disclosure.

01.02 To verify that the licensees physical protection program associated with this sample is designed and implemented to meet the general performance objective of 10 CFR 73.55(b).

81822-02 INSPECTION REQUIREMENTS The inspection activity outlined within this inspection procedure (IP) is intended to be implemented when inspector(s) identify degraded licensee performance within the protection of safeguards information program area. The risk significance of identified compliance issues or compliance issues indicative of programmatic deficiencies associated with this program area should be the focus of evaluation and the basis for the determination to implement this inspection activity.

Through verification of the inspection requirements within this IP, inspector(s) shall ensure that the licensees physical protection program associated with this sample is designed and implemented to meet the general performance objective of 10 CFR 73.55(b). In preparing to complete this procedure, the inspector(s) should familiarize themselves with relevant documentation which may include, but is not limited to, the licensees security plans, site specific and/or corporate implementing procedures, security post orders, and security program reviews and audits. Specifically, the inspector should apply additional attention to recent security plan changes that could be relevant to the inspection activity.

The inspector(s) are responsible for ensuring that the inspection requirements identified within the sample are completed and evaluated to a level which provides assurance that licensees are meeting the U.S. Nuclear Regulatory Commission (NRC) requirements within the security program area being inspected.

The guidance within this procedure is being provided as a tool which: (1) recommends to inspector(s) certain methods and techniques for determining licensee security program compliance and effectiveness related to an inspection requirement or; (2) clarifies certain aspects of a regulatory requirement associated with a particular inspection requirement.

Completion of recommended actions contained in this guidance should not be viewed as

Issue Date: 10/31/24 2

81822 mandatory and is only intended to assist the inspector(s) in determining whether an inspection sample has been adequately addressed. Should questions arise regarding procedural requirements or guidance, the inspector(s) should consult with regional management or the Office of Nuclear Security and Incident Response (NSIR), the program office, for clarification.

The inspector(s) should coordinate the conduct of the inspection with the licensees staff before the inspection. Key areas of coordination would be scheduling the dates and times to conduct the observations of areas where SGI is stored and requesting that the licensees SGI program procedures be made available for the inspector(s) to view.

The following types of non-public security-related information that is not classified as Restricted Data or National Security Information related to physical protection are considered SGI:

a. The composite security plans for the facility or site.

b. Site specific drawings, diagrams, sketches, or maps that substantially represent the final design features of the physical security system not easily discernible by members of the public.

c. Alarm systems layouts showing the location of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power sources for security equipment, and duress alarms not easily discernible by member of the public.

d. Physical security orders and procedures issued by the licensee for members of the security organization detailing:

1. duress codes, or

2. patrol routes and schedules, and

3. responses to security contingency events.

e. Site-specific design features of plant security communication systems.

f.

Lock combinations, mechanical key design, or passwords integral to the physical security system.

g. Documents and other matter that contain lists or locations of certain safety-related equipment explicitly identified in the document or other matter as vital for purposes of physical protection, as contained in security plans, contingency measures, or plant-specific safeguards analyses.

h. The composite safeguards contingency plan/measures for the facility or site.

i.

The composite facility officer training and qualification plan/measures disclosing features of the physical security system or response procedures.

j.

Information relating to on-site or off-site response forces, including size, armament of response forces, communications systems used for security purposes, and arrival times of such forces committed to respond to security contingency events.

k. Information that reflects the characteristics and attributes of the design basis threat of radiological sabotage.

Issue Date: 10/31/24 3

81822

l.

Engineering and safety analyses, security-related procedures or scenarios, and other information revealing site-specific details of the facility or materials if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproducts, or special nuclear material (SNM).

m. Information related to the transportation of, or delivery to a carrier for transportation of a formula quantity of strategic SNM or more than 100 grams of irradiated reactor fuel, including:

1. the composite security plans for transportation;

2. arrangements with and capabilities of local police response forces;

3. locations of safe havens identified along the transportation route;

4. limitation of communications during transport;

5. procedures for response to security contingency events;

6. information concerning the tactics and capabilities required to defend against attempted sabotage, or theft and diversion of formula quantities of SNM, irradiated reactor fuel, or related information; and

7. engineering or safety analyses, security-related procedures or scenarios and other information related to the protection of the transported material if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct or SNM.

n. Information pertaining to safeguards and security inspections and reports, including:

1. portions of inspections reports; and

2. evaluation, audits, or investigations that contain details of a licensees or applicants physical security system or that disclose uncorrected defects, weaknesses, or vulnerabilities in the system.

o. Portions of correspondence that contain SGI as set forth in 10 CFR 73.22(a)(1) through (a)(3).

02.01 Access to SGI

a. Verify that only authorized personnel are provided access to SGI and that the licensees process for authorizing access to SGI is based on the following criteria.

(10 CFR 73.22 (b)(1)(2) and (3))

Issue Date: 10/31/24 4

81822

1. Personnel must have an established need to know.

2. Personnel must have a completed Federal Bureau of Investigation criminal history records check in accordance with 10 CFR 73.57 that is favorably adjudicated.

3. Personnel must be deemed trustworthy and reliable based upon a background check or other means approved by the Commission. The background check, at a minimum, must include:

(a) verification of identity, based upon a fingerprint check; (b) employment history; (c) education; and (d) personal references.

4. Personnel must meet the exemption criteria of the category of individuals specified in 10 CFR 73.59 as exempt from the criminal history records check and background check requirements and have an established need to know.

Specific Guidance For the inspection of this requirement, the inspector(s) should review the licensees implementing procedures for the control, protection, and designation of SGI to verify that the licensee screens and provides access to SGI only to personnel who have met the requirements for access to SGI, in accordance with the regulations. The inspector(s) may request that the licensee provide a listing of personnel who have been authorized access to SGI and query licensee security management pertaining to the job description of these personnel which requires that they maintain access to SGI.

02.02 Protection of SGI

a. Verify the licensee stores unattended SGI in storage containers with locks that possess the characteristics identified in 10 CFR 73.2, Definitions, Security Storage Containers and Locks. (10 CFR 73.22(c)(2))

Specific Guidance For the inspection of this requirement, the inspector(s) should request that the licensee provide a tour of all areas that SGI is either stored, used, or developed to ensure that all areas have been provided a means to properly protect SGI that is unattended. The inspector(s) should compare the security storage containers and locks that the licensee uses for the protection of SGI to the criteria in 10 CFR 73.2, to ensure that the containers provide the required level of protection.

The definition of locks and security storage containers in 10 CFR 73.2 are the following:

Lock in the case of vaults or vault type rooms means a three-position, manipulation resistant, dial type, built-in combination lock or combination padlock and in the case of fences, walls, and buildings means an integral door lock or padlock which provides protection equivalent to a six-tumbler cylinder lock. Lock in the case of a vault or vault type room also means any manipulation resistant, electromechanical device

Issue Date: 10/31/24 5

81822 which provides the same function as a built-in combination lock or combination padlock, which can be operated remotely or by the reading or insertion of information, which can be uniquely characterized, and which allows operation of the device. Locked means protected by an operable lock.

Security Storage Container includes any of the following repositories:

1. For storage in a building located within a protected or controlled access area, a steel filing cabinet equipped with a steel locking bar and a three position, changeable combination, GSA approved padlock;

2. A security filing cabinet that bears a Test Certification Label on the side of the locking drawer, or interior plate, and is marked, General Services Administration Approved Security Container on the exterior of the top drawer or door;

3. A bank safe-deposit box; and

4. Other repositories which in the judgement of the NRC, would provide comparable physical protection.

b. Verify that access to the combination to security storage containers, and keys to locks (if any) used to store SGI, is controlled to preclude access to individuals not authorized access to SGI. (10 CFR 73.22(c)(2))

Specific Guidance For the inspection of this requirement, the inspector(s) should query licensee security management regarding the personnel who have access to the SGI security storage containers in each area to ensure that lock combinations, keys, etc., are provided only to those personnel designated for access to these storage containers to preclude unauthorized access to SGI. Not every individual authorized access to SGI should be provided access to security storage containers that contain SGI. Restricting access to security storage containers to only designated personnel reduces the potential for the compromise of SGI.

c. Verify the licensee implements measures for the control of SGI while in use or outside of a locked security storage container and that the measures require SGI to remain under the control of an individual who is authorized access to SGI.

(10 CFR 73.22(c)(1))

Specific Guidance For the inspection of this requirement, the inspector(s) should review the licensees implementing procedures for the control, protection, and designation of SGI to ensure the licensee addresses the control of SGI when in use or located outside of a security storage container. Whenever possible, the inspector(s) should observe the implementation of these measures to verify that the implementation is consistent with the regulations and licensee procedures. Safeguards information within alarm stations or rooms continuously manned by authorized individuals need not be stored in a locked security storage container.

Issue Date: 10/31/24 6

81822 02.03 Processing, Reproducing, and Transmitting SGI

a. Verify that the licensees stand-alone computers or computer systems used to process SGI are not connected to a network that is accessible by users not authorized access to SGI. (10 CFR 73.22(g)(1))

Specific Guidance For the inspection of this requirement, the inspector(s) should observe the computer systems that the licensee uses for the development and processing of SGI. The inspector(s) should request that the licensee demonstrate the isolation of these systems from accessible operational networks to verify that these systems and the information they possess are not accessible to unauthorized users.

b. Verify that the licensees computers used to process SGI that are not located within an approved security storage container have a removable information storage medium that contains a bootable operating system (used to initialize the computer). (10 CFR 73.22(g)(2))

Specific Guidance For the inspection of this requirement, the inspector(s) should ensure that computers used to process SGI that are not located within an approved security storage container, have removable storage medium that contain bootable operating systems and software application programs. Data may be saved on the removable storage medium used to boot the operating system or a different removable storage medium.

c. Verify that the licensee locks removable storage mediums from SGI computers in a security storage container when not in use. (10 CFR 73.22(g)(2))

Specific Guidance No inspection guidance.

d. Verify that equipment used by the licensee to reproduce SGI does not allow unauthorized access to SGI by means of retained memory or network connectivity. (10 CFR 73.22(e))

Specific Guidance When inspecting this requirement, the inspector(s) should review licensee procedures for the reproduction or transmission of SGI utilizing technology such as copy machines or FAX machines to ensure that the licensee has established processes to protect the information such as memory purging and encryption. The inspector(s) should request to observe the copy machines and FAX machines used for SGI to verify that these

Issue Date: 10/31/24 7

81822 machines are capable of the protection as stated in licensee procedures and do not allow unauthorized access and reproduction.

e. Verify the licensees processes for transmitting SGI outside of an authorized place of use or storage includes proper marking and packaging. (10 CFR 73.22(f)(1)).

Specific Guidance The inspector(s) should review the following: (1) SGI documents are packaged in two sealed envelopes or wrappers to conceal the presence of SGI; (2) the inner envelope or wrapper contains the name and address of the intended recipient and is marked on both sides, top, and bottom with the words Safeguards Information; and (3) the outer envelope or wrapper is opaque, addressed to the recipient, contains the address of sender, bearing no markings or indication of the SGI.

02.04 Protection of SGI

a. Verify that the licensee reviews security-related information against the criteria for SGI and properly designates, protects, and controls SGI in accordance with regulations and site procedures. (10 CFR 73.21 and 10 CFR 73.22)

Specific Guidance For the inspection of this requirement, the inspector(s) should review the licensees implementing procedures for the control, protection, and designation of SGI to verify that the procedures address the review, screening, and evaluation of security-related information to ensure proper designation. The inspector(s) should also verify that these designation processes are conducted at each location that security-related information is processed or developed to ensure the proper protection of information designated SGI.

b. Verify that the licensees security storage containers used to store SGI do not bear identifying marks that indicate or identify the sensitivity of the information contained within. (10 CFR 73.22(c)(2))

Specific Guidance No inspection guidance.

02.05 Marking of SGI

a. Verify the licensee implements a process to ensure that documents or other matter, containing SGI, are conspicuously marked on the top and bottom of each page, (i.e., Safeguards Information.) (10 CFR 73.22 (d)(1))

Specific Guidance No inspection guidance.

b. Verify that the licensees processes used to prepare documents containing SGI for delivery to the NRC include marking of transmittal letters or memoranda to indicate that attachments or enclosures contain SGI but that the transmittal

Issue Date: 10/31/24 8

81822 document or other matter does not (i.e., when separated from SGI attachment or enclosure, this document is decontrolled.). (10 CFR 73.22(d)(2))

Specific Guidance No inspection guidance.

02.06 Processing, Reproducing, and Transmitting SGI

a. Except under emergency or extraordinary conditions, verify that the licensees processes for the electronic transmission of SGI outside of an authorized place of use or storage include the use of NRC approved secure electronic devices, such as facsimiles or telephone devices or electronic mail that is encrypted by (Federal Information Processing Standard (FIPS) 140-2 or later) a method that has been approved by the NRC. (10 CFR 73.22(f)(3))

Specific Guidance For the inspection of this requirement, the inspector(s) should observe all of the electronic devices used for the transmission, and preparation for transmission, of SGI to ensure that these devices either have the capability to encrypt and/or transmit SGI in accordance with regulatory requirements. The information is produced by a self-contained secure automated data processing system and transmitters and receivers implement the information handling processes that provide assurance that SGI is protected before and after transmission. Physical security events required to be reported under 10 CFR 73.1200 are considered to be extraordinary conditions.

02.07 Removal from SGI Category and SGI Destruction

a. Verify the licensee implements a process for the removal of documents or other matter from the SGI category when the information no longer meets the criteria of SGI. (10 CFR 73.22(h))

Specific Guidance For the inspection of this requirement, inspector(s) should review recently decontrolled documents or other matter to ensure that they do not disclose SGI in another form or when combined with other unprotected information, do not disclose SGI.

b. Verify the licensees processes for decontrolling SGI include measures to obtain the authority to remove the information from the SGI category through NRC approval or through consultation with the organization or individual who made the original SGI determination. (10 CFR 73.22(h))

Specific Guidance For the inspection of this requirement the inspector(s) should review the licensees procedures for decontrolling SGI to ensure that they include a review by the appropriate

Issue Date: 10/31/24 9

81822 entity (usually the agency, department, or personnel who made the original designation) before decontrolling the information.

c. Verify that the licensee has established a process for the destruction of SGI and that its method of destruction precludes reconstruction by means available to the public at large. (10 CFR 73.22(i))

Specific Guidance For the inspection of this requirement, the inspector(s) should review licensee procedures to verify that the licensee has established measures for the destruction of SGI when the information is no longer needed and that the methodologies (burning, shredding, etc.) prevent reconstruction of the SGI media through any means of reconstruction available to the public at large. Piece sizes no wider than one quarter inch composed of several pages or documents thoroughly mixed are considered completely destroyed.

02.08 Reviews Events and Logs. Review licensee event reports, safeguards log entries, and corrective action program entries for the previous 12 months (or since the last inspection) that concern the protection of SGI program, and follow up, if appropriate. (10 CFR 73.55(b)(10), 10 CFR 73.1205, 10 CFR 73.1210)

Problem Identification and Resolution. Verify that the licensee is identifying issues related to the SGI program at an appropriate threshold and entering them into the licensees corrective action program. Verify the licensee has appropriately resolved the issues regarding regulatory requirements for selected samples associated with the protection of SGI. The inspector(s) should verify any PI&R documents that were generated for any SGI related event that resulted in the implementation of this IP.

Specific Guidance The inspector(s) should review safeguards log entries, licensee condition reports, licensee corrective action program entries, etc., for the previous 12 months to determine whether the licensee has experienced issues with the implementation of its SGI program. The inspector(s) should follow-up on issues identified to ensure the licensee has taken appropriate corrective actions to prevent a re-occurrence of the issues identified.

02.09 Marking of SGI

a. Verify the licensee implements a process to ensure that the first page of documents containing SGI bear the name, title, and organization of the individual authorized to make an SGI determination, and who has determined that the document or other matter contains SGI; the date the determination was made; and

Issue Date: 10/31/24 10 81822 indicates that unauthorized disclosure will be subject to civil and criminal sanctions. (10 CFR 73.22(d)(1))

Specific Guidance No inspection guidance.

b. Verify that the licensees processes used to prepare documents containing SGI for delivery to the NRC include portion marking, for the transmittal document, but not the attachment, in accordance with the regulation. (10 CFR 73.22(d)(3))

Specific Guidance No inspection guidance.

81822-04 RESOURCE ESTIMATE The resource estimate for the completion of this procedure consists of approximately 8-12 hours. The sample size for this procedure is one.

81822-05 PROCEDURE COMPLETION Completion of this IP is accomplished through the completion of all inspection requirements contained in this IP.

81822-06 REFERENCES Regulatory Guide 5.79, Protection of Safeguards Information, April 2011 DG-SGI-1, Designation Guide for Safeguards Information List of Attachments : Revision History for IP 81822 END

Issue Date: 10/31/24 Att1-1 81822 : Revision History for IP 81822 Commitment Tracking Number Accession Number Issue Date Change Notice Description of Change Description of Training Required and Completion Date Comment Resolution and Closed Feedback Form Accession Number (Pre-Decisional Non-Public Information)

ML24256A162 10/31/24 CN 24-034 Initial issuance. IP 71130.06 (ML17306A163) was redesignated and revised to reflect the change from 71130.06 to 81822 and to move the IP from IMC 2201 Appendix A to IMC 2201 Appendix C.

ML24256A160