ML25230A159

From kanterella
Jump to navigation Jump to search
Federal Register Notice Enforcement Policy Materials Security Violation Examples
ML25230A159
Person / Time
Issue date: 08/26/2025
From: Bo Pham
NRC/OE
To:
Shared Package
ML25182A314 List:
References
20250818-40019, NRC-2025-0676
Download: ML25230A159 (13)
v  d  e


Text

1

[7590-01-P]

NUCLEAR REGULATORY COMMISSION

[NRC-2025-0676]

Enforcement Policy Materials Security Violation Examples AGENCY: Nuclear Regulatory Commission.

ACTION: Proposed revision to policy statement; request for comment.

SUMMARY

The U.S. Nuclear Regulatory Commission (NRC) is proposing revisions to Section 6.12 of its Enforcement Policy (the Policy). The NRC is proposing to revise the examples provided in the Policy of violations of physical protection requirements for Category 1 and Category 2 quantities of radioactive material.

DATES: Submit comments by September 29, 2025. Comments received after this date will be considered if it is practical to do so, but the Commission is able to ensure consideration only for comments received before this date.

ADDRESSES: You may submit comments by any of the following methods; however, the NRC encourages electronic comment submission through the Federal rulemaking website:

Federal Rulemaking website: Go to https://www.regulations.gov and search for Docket ID NRC-2025-0676. Address questions about NRC dockets to Helen Chang; telephone: 301-415-3228; email: Helen.Chang@nrc.gov. For technical questions contact the individual listed in the FOR FURTHER INFORMATION CONTACT section of this document.

Email comments to: Rulemaking.Comments@nrc.gov. If you do not receive an automatic email reply confirming receipt, then contact us at 301-415-1677.

Fax comments to: Secretary, U.S. Nuclear Regulatory Commission at 301-415-1101.

Mail comments to: Secretary, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, ATTN: Rulemakings and Adjudications Staff.

Hand deliver comments to: 11555 Rockville Pike, Rockville, Maryland 20852, between 7:30 a.m. and 4:15 p.m. eastern time, Federal workdays; telephone:

301-415-1677.

For additional direction on obtaining information and submitting comments, see Obtaining Information and Submitting Comments in the SUPPLEMENTARY INFORMATION section of this document.

FOR FURTHER INFORMATION CONTACT: David Furst, Office of Enforcement, U.S.

Nuclear Regulatory Commission, Washington DC 20555-0001; telephone: 301-287-9087, email: David.Furst@nrc.gov.

SUPPLEMENTARY INFORMATION:

I. Obtaining Information and Submitting Comments A. Obtaining Information Please refer to Docket ID NRC-2025-0676 when contacting the NRC about the availability of information for this action. You may obtain publicly available information related to this action by any of the following methods:

Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC-2025-0676.

NRCs Agencywide Documents Access and Management System (ADAMS): You may obtain publicly available documents online in the ADAMS Public Documents collection at https://www.nrc.gov/reading-rm/adams.html. To begin the search, select Begin Web-based ADAMS Search. For problems with ADAMS, please contact the NRCs Public Document Room (PDR) reference staff at 1-800-397-4209, at 301-415-4737, or by email to PDR.Resource@nrc.gov. The ADAMS accession number for each document referenced (if it is available in ADAMS) is provided the first time that it is mentioned in the SUPPLEMENTARY INFORMATION section.

NRCs PDR: The PDR, where you may examine and order copies of publicly available documents, is open by appointment. To make an appointment to visit the PDR, please send an email to PDR.Resource@nrc.gov or call 1-800-397-4209 or 301-415-4737, between 8 a.m. and 4 p.m. eastern time, Monday through Friday, except Federal holidays.

B. Submitting Comments The NRC encourages electronic comment submission through the Federal rulemaking website (https://www.regulations.gov). Please include Docket ID NRC-2025-0676 in your comment submission.

The NRC cautions you not to include identifying or contact information that you do not want to be publicly disclosed in your comment submission. The NRC will post all comment submissions at https://www.regulations.gov as well as enter the comment submissions into ADAMS. The NRC does not routinely edit comment submissions to remove identifying or contact information.

If you are requesting or aggregating comments from other persons for submission to the NRC, then you should inform those persons not to include identifying or contact information that they do not want to be publicly disclosed in their comment submission. Your request should state that the NRC does not routinely edit comment

submissions to remove such information before making the comment submissions available to the public or entering the comment into ADAMS.

II. Background On November 14, 2005, and December 22, 2005, the NRC issued Orders entitled: Increased Controls for Licensees that Possess Sources Containing Radioactive Material Quantities of Concern, also referred to as the IC Orders, to radioactive materials licensees who held licenses issued by the NRC authorizing possession of such material at or above threshold limits. The Orders supplemented existing regulatory requirements in title 10 of the Code of Federal Regulations (10 CFR) 20.1801 and 10 CFR 20.1802 in order to ensure adequate protection of, and minimize danger to, the public health and safety.

On September 28, 2006, NRC issued Enforcement Guidance Memorandum (EGM) 06-003, Guidance for Dispositioning Enforcement Issues Associated with Orders Imposing Increased Controls for Licensees Authorized to Possess Radioactive Material Quantities of Concern which provided interim severity level examples for disposition of violations of the IC Orders (ADAMS Accession No. ML062710365). The NRC later incorporated those examples into the July 12, 2011, revision to the NRC Enforcement Policy (the Policy) by adding Section 6.12 Materials Security (ADAMS Accession No. ML093480037) which superseded EGM-06-003.

On March 19, 2013 (78 FR 16922), the NRC issued a final rule establishing 10 CFR part 37. The rule establishes physical protection requirements for licensees in possession of aggregated quantities of category 1 or category 2 radioactive material listed in Appendix A, Category 1 and Category 2 Radioactive Materials, to 10 CFR part

37. Similar requirements had previously been imposed by the IC Orders.

Section 6.12 Materials Security, of the Policy contains examples of severity levels for violations associated with the physical protection requirements of 10 CFR part

37. These examples were originally written based on the IC Orders to serve as guidance for dispositioning violations of part 37. An update is being proposed to reflect the current language in part 37 and to include examples for requirements that are new in part 37.

The latest revision to the Enforcement Policy was on November 1, 2016, when Section 6.12 was edited to remove one SL III and one SL IV violation example for limiting access to physical protection information.

III. Discussion On March 25, 2024, the Office of the Inspector General (OIG) issued audit report OIG-24-A Audit of the U.S. Nuclear Regulatory Commissions Security Oversight of Category 1 and Category 2 Quantities of Radioactive Material (ADAMS Accession No. ML24085A694). The audit report identified opportunities to strengthen the assessment of enforcement activities, and recommended, among other things, that the NRC staff Update the Enforcement Policy and Enforcement Manual to specifically reference 10 CFR part 37 requirements. In response to the OIG recommendations, the staff is proposing to update Section 6.12 Material Security, of the Enforcement Policy to incorporate severity level examples specific to 10 CFR part 37 violations.

The proposed revision is based on data analysis of previously issued enforcement actions and leveraging lessons learned from approximately 10 years of implementation and inspections of part 37 requirements. The revision examples were developed by an NRC working group formed from various program office and regional staff with knowledge of part 37 requirements. The violation examples in this section are intentionally broad in scope so as to serve as a set of guiding examples that are neither

exhaustive nor controlling for making severity level (SL) determinations. The examples are not intended to address every possible material security violation, nor do they capture every possible circumstance. SL determinations reflect nuclear safety and security risks associated with the specific facts of a material security violation.

IV. Proposed Revision The NRC Enforcement Policy contains violation examples used to assess and disposition apparent violations of NRC requirements.

This notice provides the public with an opportunity to review and provide comments on the draft revision to the Policy found in ADAMS under Accession No. ML25127A219. Comments received during this 30-day comment period will be considered for the final version of the policy.

V. Paperwork Reduction Act This policy statement does not contain any new or amended collection of information subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq).

Existing collections of information were approved by the Office of Management and Budget (OMB), approval number 3150-0136.

Public Protection Notification The NRC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless the document requesting or requiring the collection displays a currently valid OMB control number.

VI. Regulatory Planning and Review Executive Order (E.O.) 12866 The Office of Information and Regulatory Affairs (OIRA) has determined that this enforcement policy is not a significant regulatory action under E.O. 12866. Accordingly, the NRC submitted this enforcement policy to OIRA for review. The NRC is required to conduct an economic analysis in accordance with section 6(a)(3)(B) of E.O. 12866.

The text of the Enforcement Policy is attached.

Dated: August 26, 2025.

For the Nuclear Regulatory Commission.

/RA/

Bo Pham, Acting Director, Office of Enforcement.

6.12 Materials Security for 10 CFR Part 37 - Physical Protection of Category 1 and Category 2 Quantities of Radioactive Material This section applies to the requirements of 10 CFR Part 37 - Physical Protection of Category 1 and Category 2 Quantities of Radioactive Material. These examples were developed using a risk-informed approach considering actual or potential loss, theft, or diversion of material.

Additionally, when determining the significance of the violations, factors that could be considered include the specific circumstances of the failure, including the time and equipment needed to result in an actual loss, theft, or diversion.

This section should be the primary reference for violations related to the protection of information under 10 CFR Part 37. If a violation is not adequately addressed by the examples provided in Section 6.12, Section 6.13 may be applied as appropriate.

a.

SL I violations involve, for example:

1.

An actual theft, diversion, or loss of a category 1 quantity of radioactive material that results from failure to establish or implement one or more requirements of 10 CFR Part 37; or

2.

A licensee fails to verify prior to transfer that a recipient is authorized to possess the type, form, and quantity of category 1 radioactive material at the location where the material is being transferred, where the transfer was made to a recipient that was not authorized to possess either the type, form, or quantity of category 1 radioactive material at the location where the material was transferred.

b.

SL II violations involve, for example:

1.

An actual theft, diversion, or loss of a category 2 quantity of radioactive material that results from failure to establish or implement one or more requirements of 10 CFR Part 37; or

2.

A licensee fails to verify prior to transfer that a recipient is authorized to possess the type, form, and quantity of category 2 radioactive material being transferred, where the transfer was made to a recipient that was not authorized to possess either the type, form, or quantity of category 2 radioactive material.

c.

SL III violations involve, for example:

1. Failures occur involving access authorization requirements, such as the following:

(a) An individual who has not been determined trustworthy and reliable (T&R) has the ability to access, without an escort, security zones containing category 1 or category 2 quantities of radioactive material; (b) A failure to establish, implement and maintain an access authorization program that is specific to the licensees operations; or

(c) An individual who was not determined T&R has determined that other individuals were T&R.

2. A failure to complete elements of the initial background requirements for granting unescorted access.
3. Failures occur involving general security program requirements, such as the following:

(a) A failure to develop, implement, and maintain a security plan specific to the licensees facilities and operations; or failure to address the required elements of the subpart; (b) A failure to develop, implement, and maintain procedures specific to the licensees facilities and operations; or failure to address how the requirements of 10 CFR Part 37 Subpart C and the security plan will be met; (c) A failure to conduct formal training in accordance with 37.43(c) or to complete the training at the required frequency, where the individuals did not demonstrate knowledge of how to implement the licensee's security program commensurate with their role(s); or (d) A failure to limit access to, or unauthorized disclosure of, the security plan or implementing procedures.

4. Failures occur involving Local Law Enforcement Agency (LLEA) coordination, such as the following:

(a) A licensee fails to initially coordinate with LLEA, as required by 10 CFR 37.45(a) or fails to notify NRC, as required by 10 CFR 37.45(b); or (b) A licensee fails to perform coordination every 12 months and there were changes to the facility design or operation that adversely affected the potential vulnerability of the licensees material to theft, sabotage, or diversion.

5. Failures occur involving security zones, monitoring, detection, and assessment, such as the following:

(a) A failure to continuously monitor and immediately detect, assess, and respond to unauthorized entry to a security zone with a category 1 or category 2 quantity of radioactive material; (b) A failure to maintain the capability to immediately detect any attempted unauthorized removal of a category 1 quantity of radioactive material from a security zone; or (c) A licensee has no means for continuous capability for personnel communication and electronic data transmission and processing among site security systems.

6. A licensee fails to implement, or fails to implement at the required frequency, a maintenance and testing program to ensure that intrusion alarms, associated communications systems, and other physical components of the systems used to secure or detect unauthorized access to radioactive material are maintained in operable condition and are capable of performing their intended function when needed, where the equipment was not operable.
7. Failures occur involving requirements for mobile devices, such as the following:

(a) A licensee fails to secure a mobile device containing a category 1 or category 2 quantity of radioactive material as required by 10 CFR 37.53(a), when the mobile device is not under direct control and constant surveillance by the licensee; or (b) A licensee fails to disable a vehicle or trailer containing a category 1 or category 2 quantity of radioactive material, when not under direct control and constant surveillance by the licensee.

8. A licensee fails to make verbal (telephonic) notification, or makes a late verbal (telephonic) notification, as required by 10 CFR 37.
d.

SL IV Violations involve, for example:

1. Failures occur involving access authorization requirements, such as the following:

(a) An individual who has not been determined T&R has the ability for unescorted access to security zones containing category 1 or category 2 quantities of radioactive material, however:

1. the individual did not gain access, or
2. gained access, yet the individual had been previously vetted under a comparable review by the licensee that mitigates the security risk posed by the individual (e.g., federal security clearance, a licensees hiring process), or
3. gained access, yet the scope/duration of unescorted access mitigated the ability to exploit the failure.

(b) A failure to establish, implement and maintain written procedures for implementing the access authorization program; (c) An individual who was determined T&R but was not formally appointed a reviewing official under oath or affirmation has determined that other individuals were T&R; (d) A failure to create or maintain a list of persons approved for unescorted access; or

(e) A failure to document the basis for the determination of T&R for the purpose of granting unescorted access to category 1 and category 2 quantities of radioactive material.

2. Failures occur involving background investigation requirements, such as the following:

(a) An isolated/limited failure to complete elements of 10 CFR 37.25(a)(3)-(6) of the initial background requirements for granting unescorted access to category 1 or category 2 quantities of radioactive material; or (b) A failure to complete fingerprinting and an FBI identification and criminal history records check during reinvestigation.

3. Failures occur involving general security program requirements, such as the following:

(a) A licensee has developed a security plan and implementing procedures specific to its facilities and operations; however, the written security plan or implementing procedures did not describe the required elements of 10 CFR Part 37 Subpart C; (b) A licensee did not conduct formal training in accordance with 37.43(c) or did not complete the training at the required frequency, where the individuals demonstrated knowledge of how to implement the licensee's security program commensurate with their role(s);

(c) A failure to document required training for an individual granted unescorted access; (d) A failure to limit access to, or unauthorized disclosure of, the security plan or implementing procedures; however, access to sensitive information was to an individual who had been previously vetted under a comparable review completed or initiated by the licensee that mitigates the security risk posed by the individual (e.g. federal security clearance, a licensees hiring process); or (e) A failure to limit access to, or unauthorized disclosure of, the list of individuals approved for unescorted access.

4. Failures occur involving LLEA coordination, such as the following:

(a) A licensee initially coordinates with LLEA, but fails to meet all the requirements set forth in 10 CFR 37.45(a);

(b) A licensee fails to perform coordination every 12 months and there were no changes to the facility design or operation that adversely affected the potential vulnerability of the licensees material to theft, sabotage, or diversion; or

(c) For initial or subsequent LLEA coordination, a failure to notify, or late notification to NRC, as required by 10 CFR 37.45(b);

5. Failures occur involving security zones, monitoring, detection, and assessment, such as the following:

(a) An isolated failure to continuously monitor and immediately detect, assess, and respond to unauthorized entry to a security zone with a category 1 quantity of radioactive material, where the unauthorized entry is of limited duration and where there is a capability to detect removal of category 1 material; (b) An isolated failure to maintain the capability to immediately detect any attempted unauthorized removal of a category 1 quantity of radioactive material from the security zone, where there is the capability to detect intrusion into the security zone and there is some other function or feature in place that mitigates the ability to exploit the failure; (c) An isolated failure to continuously monitor and immediately detect, assess, and respond to unauthorized entry to a security zone with a category 2 quantity of radioactive material, where there is a function or feature in place, separate from the means to detect removal of category 2 material, that mitigates the ability to exploit the failure; (d) A licensee has one means for continuous capability for personnel communication and electronic data transmission and processing among site security systems; or (e) A failure to conduct weekly verification checks for category 2 material.

6. A licensee fails to implement, or fails to implement at the required frequency, a maintenance and testing program to ensure that intrusion alarms, associated communications systems, and other physical components of the systems used to secure or detect unauthorized access to radioactive material are maintained in operable condition and are capable of performing their intended function when needed, where the equipment was operable.
7. Failures occur involving requirements for mobile devices, such as the following:

(a) A licensee fails to secure material as required by 10 CFR 37.53(a), when the material is not under direct control and constant surveillance by the licensee; however, one tangible barrier exists, there is no actual loss of material, and the failure is isolated; or (b) A licensee fails to disable a vehicle or trailer containing a category 1 or category 2 quantity of radioactive material, when not under direct control and constant surveillance by the licensee, where there is a function or feature in place that mitigates the ability to exploit the failure.

8. A licensee fails to make written reports, or makes a late written report, required by 10 CFR Part 37.
9. A licensee fails to maintain records as required by 10 CFR Part 37 requirements.
10. A licensee fails to conduct an annual review of the access authorization program or the security program.
Retrieved from "https://kanterella.com/w/index.php?title=ML25230A159&oldid=5522642"