Text

Richard Mogavero Director, Security & Incident Preparedness Nuclear Energy Institute 1201 F Street NW, Suite 1100 Washington, D.C. 20004

SUBJECT:

USE OF ENCRYPTION SOFTWARE FOR ELECTRONIC TRANSMISSION OF SAFEGUARDS INFORMATION

Dear Richard Mogavero:

By letter dated February 6, 2026 (ADAMS Accession No. ML26037A230), the Nuclear Energy Institute (NEI) requested U.S. Nuclear Regulatory Commission (NRC) approval to use Adobe Acrobat Pro to encrypt Safeguards Information for electronic transmission. The letter states that Adobe Acrobat Pro uses RSA BSAFE Crypto-C Micro Edition Version 4.1.5 and complies with Federal Information Processing Standard (FIPS) 140-2. NEI submitted this request in accordance with Regulatory Information Summary 2002-15, Revision 1, NRC Approval of Commercial Data Encryption Products for the Electronic Transmission of Safeguards Information, dated January 26, 2006 (ML050460031). The request included a copy of Consolidated Validation Certificate No. 4306 for the relevant cryptographic module.

Title 10 of the Code of Federal Regulations (10 CFR) 73.22(f), External transmission of documents and material, prescribes requirements for the transmission of SGI outside an authorized place of use or storage. 10 CFR 73.22(f)(3) states, in part:

Except under emergency or extraordinary conditions, Safeguards Information shall be transmitted outside an authorized place of use or storage only by NRC approved secure electronic devices, such as facsimiles or telephone devices, provided that transmitters and receivers implement processes that will provide high assurance that Safeguards Information is protected before and after the transmission or electronic mail through the internet, provided that the information is encrypted by a method (Federal Information Processing Standard [FIPS] 140-2 or later) approved by the appropriate NRC Office; the information is produced by a self contained secure automatic data process system; and transmitters and receivers implement the information handling processes that will provide high assurance that Safeguards Information is protected before and after transmission.

The NRC staff has determined that the use of Adobe Acrobat Pro is acceptable for encrypting Safeguards Information for transmission, provided that:

1.

Adobe Acrobat Pro is operated in FIPS mode when encrypting Safeguards Information.

February 13, 2026

R. Mogavero 2.

Encryption and decryption of Safeguards Information are performed only on a standalone computer or computer system, in accordance with 10 CFR 73.22(g),

Processing of Safeguards Information on electronic systems.

3.

FIPS-validated cryptographic modules are used for encryption.

4.

Encryption and decryption are performed using certificate-based public key cryptography. Modes of operation that utilize symmetric encryption only (i.e., password protection) are not approved.

If you have any questions regarding the NRCs response to this request, please contact Brian Yip, Senior Program Manager (Safeguards Information) at 301-415-3154.

Sincerely, Mark P. MacDonald, Chief Information Security Branch Division of Security Operations Office of Nuclear Security and Incident Response Signed by MacDonald, Mark on 02/13/26

Ltr ML26044A054 OFFICE NSIR/DPCP/CSB NSIR/DSO/ISB NAME BYip MMacDonald DATE Feb 13, 2026 Feb 13, 2026