ML25350C323
| ML25350C323 | |
| Person / Time | |
|---|---|
| Site: | River Bend  |
| Issue date: | 12/19/2025 |
| From: | Greg Warnick NRC/RGN-IV/DORS/EB2 |
| To: | Hansett P Entergy Operations |
| References | |
| IR 2025401 | |
| Download: ML25350C323 (0) | |
Text
December 18, 2025 Phil Hansett, Site Vice President Entergy Operations, Inc.
5485 U.S. Highway 61N St. Francisville, LA 70775
SUBJECT:
RIVER BEND STATION - CYBERSECURITY INSPECTION REPORT 05000458/2025401
Dear Phil Hansett:
On November 25, 2025, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at River Bend Station and discussed the results of this inspection with you and other members of your staff. The results of this inspection are documented in the enclosed report.
No findings or violations of more than minor significance were identified during this inspection.
This letter will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.
Sincerely, Gregory G. Warnick, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket No. 05000458 License No. NPF-47
Enclosure:
As stated cc w/ encl: Distribution via LISTSERV Signed by Warnick, Gregory on 12/18/25
ML25350C323 SUNSI Review By: GAP Non-Sensitive Sensitive Publicly Available Non-Publicly Available OFFICE SRI:DORS/EB2 RI:DORS/EB1 C:DORS/EB2 NAME GPick DBryen GWarnick SIGNATURE
/RA/
/RA/
/RA/
DATE 12/16/25 12/16/25 12/18/25
Enclosure U.S. NUCLEAR REGULATORY COMMISSION Inspection Report Docket Number:
05000458 License Number:
NPF-47 Report Number:
05000458/2025401 Enterprise Identifier:
I-2025-401-0005 Licensee:
Entergy Operations, Inc.
Facility:
River Bend Station Location:
St. Francisville Inspection Dates:
September 28 - 30, and November 24 - 25, 2025 Inspectors:
D. Bryen, Reactor Inspector G. Pick, Sr Reactor Inspector M. Shock, Cybersecurity Contractor C. Simpson, Cybersecurity Contractor Approved By:
Gregory G. Warnick, Chief Engineering Branch 2 Division of Operating Reactor Safety
2
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cybersecurity inspection at River Bend Station, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations No findings or violations of more than minor significance were identified.
Additional Tracking Items None.
3 INSPECTION SCOPES Inspections were conducted using the appropriate portions of the inspection procedures in effect at the beginning of the inspection unless otherwise noted. Currently approved inspection procedures with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html.
Samples were declared complete when the inspection procedure requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS 71130.10 - Cybersecurity The inspectors reviewed the implementation of River Bends cybersecurity program and focused on evaluating changes to the program, critical systems, and critical digital assets.
Cybersecurity (1 Sample)
(1)
The inspectors completed the following inspection procedure sections that constituted completion of 1 sample:
03.01, Review Ongoing Monitoring and Assessment Activities 03.02, Verify Defense-in-Depth Protective Strategies 03.03, Review of Configuration Management Change Control In addition, the inspectors evaluated the following systems and components.
plant computer system security computer system firewalls, servers, and workstations INSPECTION RESULTS No findings were identified.
EXIT MEETINGS AND DEBRIEFS The inspectors verified that no proprietary information was retained or documented in this report.
On November 25, 2025, the inspectors presented the cybersecurity inspection results to Phil Hansett and other members of the licensee staff.
4 DOCUMENTS REVIEWED Inspection Procedure Type Designation Description or Title Revision or Date 71130.10 Corrective Action Documents CR-HQN-2024-01240, 2025-00462, 2025-00618, 2025-00726 71130.10 Corrective Action Documents CR-RBS-2017-07360, 2018-01596, 2018-02780, 2018-02978, 2023-00656, 2023-00656, 2023-07618, 2023-07621, 2024-04008, 2025-03196, 2025-03777, 2025-03778, 2025-03779, 2025-04050, 2025-04184, 2025-04185, 2025-04186, 2025-04187, 2025-04188, 2025-04189, 2025-04190, 2025-04192, 2025-04193, 2025-04424, 2025-04444, 2025-04454, 2025-04622, 2025-04701, 2025-04701, 2025-04808, 2025-05032, 2025-05057 71130.10 Corrective Action Documents WT-RBS-2018-00541, 2023-00042, 2023-00159, 2024-00037, 2024-00060, 2024-00065, 2025-00037, 2025-00047, 2025-00048, 2025-00049, 2025-00050, 2025-00052, 2025-00053, 2025-00054, 2025-00074 71130.10 Drawings Level 2 and Boundary Devices Wiring Diagram - Defense Architecture Level 2.5 Cabinet 0-0940-58 Computer Room 7/20/2020 71130.10 Drawings River Bend Station General Network & Systems Infrastructure 3/3/2023 71130.10 Miscellaneous Cisco Catalyst Port Security 71130.10 Miscellaneous Assessment Entergy Kiosk Cyber Security Controls Template 7
71130.10 Miscellaneous DMZ Security Process System-subsystem design 71130.10 Miscellaneous Kiosk Level 2 Configuration RBS-LMJ07N4BF-L2 8/19/2025 71130.10 Miscellaneous Kiosk Level 3 Configuration RBS-LMJ07N4BH-L3 8/19/2025 71130.10 Miscellaneous Kiosk Level 4 Configuration RBS-LMJ07N4AX-L4 8/19/2025 71130.10 Miscellaneous LCM-RBS-2023-0167 Implementation of Physical Access Control and Access Control for Transmission Medium for CDAs located outside the protected area 9/25/2025 71130.10 Miscellaneous RBS-CDA-1912-00007 Boundary Devices 3/1/2021 71130.10 Miscellaneous RBS-CDA-Servers 0
5 Inspection Procedure Type Designation Description or Title Revision or Date 2001-00018 71130.10 Miscellaneous RBS-CDA-2009-00009 Plant Process Computer Upgrade System 1
71130.10 Miscellaneous RBS-CDA-2103-00001 Critical Digital Asset Control Assessment 2
71130.10 Miscellaneous Software List rbssoftwarelist0928 0
71130.10 Miscellaneous Splunk Alert Configuration Saved Searches 0
71130.10 Miscellaneous SRM-CP0001-DD0001-0000616480 ARINC Level 4 Remediation Cabinet OPDS Data Diode -
Walkdown Sheet 8/15/2019 71130.10 Miscellaneous SRM-CP0001-FW0001-0000616476 Level 4 Remediation Rack Firewall 4/24/2019 71130.10 Miscellaneous SRM-CP0001-IDS0001-0000616475 ARINC Remediation Cabinet Intrusion Detection Appliance Walkdown 8/15/2019 71130.10 Miscellaneous SRM-SAS-SVR-CP0001-0000671340 Secondary Alarm Station Admin Workstation 12/1/2020 71130.10 Miscellaneous SRM-SAS-SVR-FW0001-0000671338 Cisco Firewall ASA 12/2/2020 71130.10 Miscellaneous White Paper Endpoint_Protection_14_whitepaper 71130.10 Miscellaneous White Paper AEC-203133-10.02_AlarmEventCriteria 1/18/2018 71130.10 Miscellaneous White Paper SIEM White Paper 0
71130.10 Miscellaneous White Paper CDA Remediation Risk 0
71130.10 Miscellaneous White Paper Switched Port Analyzer (SPAN) Recommendations & Best Practices 8/5/2016 71130.10 Procedures CSWI 1236 Cyber Security Provider Machine & Kiosk Update Work Instructions 5
71130.10 Procedures CSWI 1240 Media Sanitization Verification Work Instructions 1
71130.10 Procedures CSWI 1245 Audit CDA Baseline Configuration Work Instructions 3
71130.10 Procedures CSWI 1250 Change CDA Passwords Work Instructions 1
6 Inspection Procedure Type Designation Description or Title Revision or Date 71130.10 Procedures CSWI 1255 Review of Audit Log Records (Logical) Work Instructions 4
71130.10 Procedures CSWI 1280 Monthly Operational Review and Verification of the SIEM Infrastructure Work Instructions 7
71130.10 Procedures CSWI 1282 SIEM Signature Definition Update and Testing Work Instructions 3
71130.10 Procedures CSWI 1292 Compensatory Measures when CSOC Automated Reporting is Unavailable Work Instructions 0
71130.10 Procedures EN-IT-103 Nuclear Cybersecurity Program 18 71130.10 Procedures EN-IT-103-01 Control of Portable Digital Media Connected to Critical Digital Assets 14 71130.10 Procedures EN-IT-103-02 Cybersecurity Periodic Activities 11 71130.10 Procedures EN-IT-103-03 Cybersecurity Assessment Process 7
71130.10 Procedures EN-IT-103-04 Critical Digital Asset Technical Control Requirements 6
71130.10 Procedures EN-IT-103-05 Critical Digital Asset Access Control 1
71130.10 Procedures EN-IT-103-07 Cyber Security Physical Access Requirements for Critical Digital Assets 9
71130.10 Procedures EN-IT-103-08 Nuclear Cyber Incident Response 4
71130.10 Procedures EN-IT-103-09 System Hardening & Secure Configuration 1
71130.10 Procedures EN-IT-103-11 Administration of Cyber Security Portable Digital Media Program 3
71130.10 Procedures EN-IT-103-12 Cybersecurity Configuration and Change Management 4
71130.10 Procedures EN-IT-103-14 Vulnerability Management 2
71130.10 Procedures EN-IT-103-15 Cybersecurity Procurement & Disposal Requirements 3
71130.10 Work Orders 00534526, 00534527, 00554575, 00561265, 00578998, 00589403, 00592485, 00593316, 00595727, 52995368, 53033631, 53034990, 53036244, 54025444, 54026728, 54026728, 54034642, 54037706, 54050155, 54050947, 54060564, 54063963, 54076768, 54081513, 54091550, 54111858, 54132403, 54141851, 54151018, 54152245, 54152848, 54155859, 54186397, 54210943, 54230798, 54243192, 54246367, 54267939, 54276159, 54277313, 54151018, 54274425, 54113244, 54298100, 54287676, 54309423