NRC Generic Letter 1996-02

From kanterella
Jump to navigation Jump to search

NRC Generic Letter 1996-002: Reconsideration of Nuclear Power Plant Security Requirements Associated with an Internal Threat
ML031210281
Person / Time
Site: Beaver Valley, Millstone, Hatch, Monticello, Calvert Cliffs, Dresden, Davis Besse, Peach Bottom, Browns Ferry, Salem, Oconee, Mcguire, Nine Mile Point, Palisades, Palo Verde, Perry, Indian Point, Fermi, Kewaunee, Catawba, Harris, Wolf Creek, Saint Lucie, Point Beach, Oyster Creek, Watts Bar, Hope Creek, Grand Gulf, Cooper, Sequoyah, Byron, Pilgrim, Arkansas Nuclear, Three Mile Island, Braidwood, Susquehanna, Summer, Prairie Island, Columbia, Seabrook, Brunswick, Surry, Limerick, North Anna, Turkey Point, River Bend, Vermont Yankee, Crystal River, Haddam Neck, Ginna, Diablo Canyon, Callaway, Vogtle, Waterford, Duane Arnold, Farley, Robinson, Clinton, South Texas, San Onofre, Cook, Comanche Peak, Yankee Rowe, Maine Yankee, Quad Cities, Humboldt Bay, La Crosse, Big Rock Point, Rancho Seco, Zion, Midland, Bellefonte, Fort Calhoun, FitzPatrick, McGuire, LaSalle, Fort Saint Vrain, Washington Public Power Supply System, Shoreham, Satsop, Trojan, Atlantic Nuclear Power Plant, Clinch River  Entergy icon.png
Issue date: 02/13/1996
From: Crutchfield D
Office of Nuclear Reactor Regulation
To:
References
GL-96-002, NUDOCS 9601230206
Download: ML031210281 (7)


'I2 UNITED STATES

NUCLEAR REGULATORY COMMISSION

OFFICE OF NUCLEAR REACTOR REGULATION

WASHINGTON, D.C. 20555-0001 February 13, 1996 NRC GENERIC LETTER 96-02: RECONSIDERATION OF NUCLEAR POWER PLANT SECURITY

REQUIREMENTS ASSOCIATED WITH AN INTERNAL THREAT

Addressees

All holders of operating licenses or construction permits for nuclear power reactors.

Purpose

The U.S. Nuclear Regulatory Commission (NRC) is issuing this generic letter to notify addressees that the NRC has reconsidered its positions on certain security measures associated with protecting nuclear power plants against an internal threat. It is expected thkt addressees will review the information for applicability to their facilities and consider actions, as appropriate.

However, suggestions contained in this generic letter are not NRC

requirements; therefore, no specific action or written response is required.

Background The fitness-for-duty (FFD) rule (10 CFR Part 26) published on June 7, 1989, required power reactor licensees to implement FFD programs. The access authorization rule (10 CFR 73.56) published on April 25, 1991, required power reactor licensees to implement access authorization programs. One objective of these regulations was to ensure the reliability and trustworthiness of persons granted unescorted access to protected areas at nuclear power facilities. In light of these regulations, the NRC initiated an evaluation of security requirements associated with protection against the insider threat at nuclear power plants. One purpose of the evaluation was to determine if other security requirements pertaining to protection against an insider remain appropriate. The staff reported the results of its initial review in SECY-92-272, "Re-Examination of Nuclear Power Plant Security Requirements Associated With the Internal Threat," dated August 4, 1992. After performing this initial review, the staff recommended a reduction or elimination of certain security requirements that gave only marginal protection against the insider threat.

After reviewing SECY-92-272, the Commission asked the staff to reexamine the subject and explore alternatives for allowing reductions in unnecessary or marginally effective security measures. The results of this reevaluation are reported in SECY-93-326, "Reconsideration of Nuclear Power Plant Security Requirements Associated With an Internal Threat," dated December 2, 1993.

9601230206 P K 05000003 v q6 &13

,>~ =g54'4 zr1oa3//61O+t# S

At up~A l

  • '1L

GL 96-02 February 13, 1996 DescriDtion of Circumstances In a staff requirements memorandum dated February 18, 1994, which is available in the NRC public document room, the Commission endorsed staff recommendations to (1) issue generic correspondence informing licensees of the opportunity to revise certain commitments in their security plan and (2) proceed with rulemaking regarding specific changes to reduce or eliminate certain security requirements. This generic letter identifies those areas in which licensees may choose to revise their plans without having to wait for the issuance of the rule changes that are in progress. Section 10 CFR 73.55(a) specifies that the Commission may authorize a licensee to provide measures for protection against radiological sabotage other than those required by 10 CFR 73.55 paragraphs (b) through (h) if the licensee demonstrates that the measures have the same high assurance objectives as specified in 10 CFR 73.55(a) and that the overall level of system performance provides protection against radiological sabotage equivalent to that which would be provided by paragraphs (b) through (h) and meets the general performance requirements of

10 CFR 73.55(a). The Commission has determined that although the alternate measures addressed herein could result in a small decrease in a licensee's measures to protect against an internal threat, the additional licensee commitments described reflect appropriately the same high assurance objectives as specified in 73.55(a), and if properly implemented, the overall level of system performance will provide protection equivalent to that provided by paragraphs (b) through (h) and meet the general performance requirements of

10 CFR 73.55(a).

This generic letter was originally published in the Federal Register (November 2, 1994) for public comment and has been modified on the basis of those comments.

Discussion Some of the changes identified will require licensees to submit security plan changes in accordance with the provisions of 10 CFR 50.90, while other changes may be processed in accordance with the provisions of 10 CFR 50.54(p) and can be implemented without NRC approval. Staff positions reflected in A and D do not apply to structures which are required to be bullet-resisting because leaving these doors unlocked or failing to compensate for lock failures would offset the bullet-resisting protection features.

As discussed below, licensee security plans may be revised in the following four areas:

(I) Vital Area Access Control Measures Changes to vital area (VA) access control measures identified below are subject to confirmation that (1) certain other site-specific measures are in place or will be implemented to demonstrate (e.g., through contingency drills) that a capability, including a protective strategy, exists to protect against an external adversary after making any of the

GL 96-02 February 13, 1996 changes and (2)measures are in place to examine hand-carried packages for explosives (at the protected area barrier) using equipment specifically designed for that purpose.

Plan changes requesting any of the following VA measures must contain commitments to hold contingency drills at a frequency sufficient to maintain response capability for response personnel. The use of organic-type X-ray equipment would satisfy the criteria for inspecting hand-carried packages for explosives. Other acceptable methods would include portable sniffers and visual inspection.

Subject to confirmation of these measures, the following changes to a security plan may be acceptable:

A. Compensatory Measures - No compensatory measures need be taken for either a lock or VA alarm failure for up to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> after the failure is discovered. After 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />, the equipment must either be operable or compensatory actions taken by posting a guard or watchman. During the first 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> of a lock or alarm failure, that portal will be added to the existing patrol schedule to periodically confirm functioning of the operable feature (lock or alarm). If both lock and alarm fail at a portal, that portal must be posted immediately (within the time specified in the current plan).

B. Maintenance of Discrete Vital Area Access Lists - Separate access authorization lists for each vital area of the facility may be eliminated. As an alternative to those separate lists, it would be acceptable to maintain a single listing of persons who have access to any vital area. To maintain its accuracy, this listing would have to be revised as the access status of a person changes, especially as the status relates to removal or loss of vital area access authorization, but a 31 day validation of the list is not required.

C. Alarm Response - Modification to the response to vital area access control alarms (doors) may be acceptable. Response is only needed to a VA door intrusion or tamper alarm but not to other alarms. All other alarms are to be resolved by existing procedures (e.g., assess cause and fix problem).

D. Locked Condition of Door - Although locking mechanisms and access control systems, including door alarms, would be retained, doors to vital areas could be left unlocked. Licensees choosing this option would be expected to have the capability to remotely lock the door(s) from both the central and secondary alarm stations, as necessary, in response to an external threat. Licensees choosing this option would be expected to demonstrate their ability to remotely lock doors in time to delay an adversary where delay was essential in the protective strategy. Contingency drills should test the use of the system locking function. The contingency plan

GL 96-02 February 13, 1996 and procedures may have to be modified to indicate the immediate Blockings of all VA doors during a safeguards emergency. Access control systems would be retained on VA doors and would be expected to continue to maintain a record of personnel access and generate alarms if the door were opened by someone without a proper access.

Existing plan commitments for compensatory measures for failed door alarms and access hardware must remain in effect, unless changes are approved by the NRC. If the system function to lock the doors has failed (unable to control locks from alarm stations), the VA doors will have to be returned to a locked status.

The process for licensees to revise their security plans to implement the changes to security measures in vital areas will depend on what is presently contained in their security plans. Since acceptance of these changes is conditional on confirmation of two offsetting conditions, most changes would need to be processed in accordance with the provisions of 10 CFR 50.90. Changes in security plans should include commitments to the two measures described in the first paragraph of Section I above.

(II) Access Search of On-Duty Armed Security Guards Changes that would allow armed security officers who (1) are on duty and carry a weapon in accordance with assigned duties, (2) have already been searched during their current shift, and (3) have left the protected area on official business, to reenter the protected area without being subjected to the metal detector searches (but still be subjected to explosive searches) would be acceptable. If search equipment is a single unit containing both metal-detection and explosive-detection equipment, alarms from the metal detector may be disregarded. The staff considers that this change could be made to security plans in accordance with the provisions of 10 CFR 50.54(p).

(III) Containment Access Control Measures Changes were proposed, when this generic letter was published for public comment, that would allow persons other than security personnel, provided they are appropriately trained with respect to access control procedures in accordance with the security plan, to perform the access control function for personnel and materials entry into the containment at any time frequent access is permitted to the containment. However, this position is now unnecessary because the NRC amended its regulations to eliminate 10 CFR 73.55(d)(8) effective October 10, 1995. Special access controls for entry into the containment during periods of frequent access are no longer required.

(IV) Alternative Measures for Control of Security Badges Changes that would allow for alternative approaches for accountability of picture badges used for unescorted access so that certain types of badges may be taken outside the protected area. Alternative approaches

GL 96-02 February 13, 1996 need to include the ability to ensure positive identification of individuals upon entry to the protected area. For employees, such changes can be made under 50.54(p). The staff considers that changes to security plans to allow contractors to take security picture badges off site would first require a request for exemption from the provisions of

10 CFR 73.55(d)(5). An exemption is not required for licensee employees because the regulations currently allow licensee employees to take badges off site. Upon approval of the exemption request for contractor personnel, licensees would be allowed to implement the change in accordance with the provisions of 10 CFR 50.54(p).

For assurance of unrestricted emergency access, the NRC staff notes the advantages of (1) having the ability to remotely unlock doors to vital areas from each alarm station, (2) ensuring that malfunctions result in doors failing unlocked rather than locked, and (3) allowing all operators and auxiliary operators to carry metal keys that can override keycard-operated lock mechanisms. However, these conditions are not required for licensees to implement any of the positions presented in this generic letter.

This generic letter requires no specific action or written response. If you have any questions about this matter, please contact one of the technical contacts listed below.

ennisM. Crutchfiel Director Division of Reactor rogram Management Office of Nuclear Reactor Regulation Technical contacts: Loren L. Bush, NRR

(301) 415-2944 Internet:llb~nrc.gov Robert F. Skelton, NRR

(301) 415-3208 Internet:rfsl@nrc.gov Attachment: List of Recently Issued NRC Generic Letters

Attachment GL 96-02 February 13, 1996 LIST OF RECENTLY ISSUED GENERIC LETTERS

Generic Date of I -44.-

LetIer Cd.4er1 T ccmi2nv-

=-

cmIsud Tn


--

96-03 RELOCATION OF THE 01/31/96 ALL HOLDERS OF OLs PRESSURE TEMPERATURE OR CPs FOR NPRs LIMIT CURVES AND LOW

TEMPERATURE OVER-

PRESSURE PROTECTION

SYSTEM LIMITS

89-10, CONSIDERATION OF VALVE 01/24/96 ALL HOLDERS OF OLs Supp. 7 MISPOSITIONING IN (EXCEPT THOSE LICENSES

PRESSURIZED-WATER THAT HAVE BEEN AMENDED

REACTORS TO A POSSESSION ONLY

STATUS) OR CPs FOR NPRs

96-01 TESTING OF SAFETY-RELATED 01/10/96 ALL HOLDERS OF OLs OR

LOGIC CIRCUITS CPs FOR NPRs

95-10 RELOCATION OF SELECTED 12/15/95 ALL HOLDERS OF OLs OR

TECHNICAL SPECIFICATIONS CPs FOR NPRs REQUIREMENTS RELATED TO

INSTRUMENTATION

95-09 MONITORING AND TRAINING OF 11/03/95 ALL U.S. NRC LICENSEES

SHIPPERS AND CARRIERS OF

RADIOACTIVE MATERIALS

95-08 10 CFR 50.54(p) PROCESS FOR 10/31/95 ALL HOLDERS OF OLs &

CHANGES TO SECURITY PLANS CPs FOR NPRs WITHOUT PRIOR NRC APPROVAL

88-20, INDIVIDUAL PLANT EXAMINATION 09/08/95 ALL HOLDERS OF OLs Supp. 5 OF EXTERNAL EVENTS FOR SEVERE (EXCEPT THOSE LICENSES

ACCIDENT VULNERABILITIES THAT HAVE BEEN AMENDED

TO POSSESSION-ONLY

STATUS) OR CPs FOR NPRs.

OL = OPERATING LICENSE

CP = CONSTRUCTION PERMIT

NPR = NUCLEAR POWER REACTORS

GL 96-02 February 13, 1996 need to include the ability to ensure positive identification of individuals upon entry to the protected area. For employees, such changes can be made under 50.54(p). The staff considers that changes to security plans to allow contractors to take security picture badges off site would first require a request for exemption from the provisions of

10 CFR 73.55(d)(5). An exemption is not required for licensee employees because the regulations currently allow licensee employees to take badges off site. Upon approval of the exemption request for contractor personnel, licensees would be allowed to implement the change in accordance with the provisions of 10 CFR 50.54(p).

For assurance of unrestricted emergency access, the NRC staff notes the advantages of (1) having the ability to remotely unlock doors to vital areas from each alarm station, (2) ensuring that malfunctions result in doors failing unlocked rather than locked, and (3) allowing all operators and auxiliary operators to carry metal keys that can override keycard-operated lock mechanisms. However, these conditions are not required for licensees to implement any of the positions presented in this generic letter.

This generic letter requires no specific action or written response. If you have any questions about this matter, please contact one of the technical contacts listed below.

original signed by Dennis M. Crutchfield, Director Division of Reactor Program Management Office of Nuclear Reactor Regulation Technical contacts: Loren L. Bush, NRR

(301) 415-2944 Internet:llb@nrc.gov Robert F. Skelton, NRR

(301) 415-3208 Internet:rfsl@nrc.gov Attachment: List of Recently Issued NRC Generic Letters DOCUMENT NAME: 96-02.GL

To receive a copy of th document. indicate In the box: ACT - Copy without enclosures BE - Copy witenclosures "ND' No copy IOFFICE

NAME

TECH CONTS

LBush/RSkelton*

l OGC

RFonner*

I C/PECB

AChaffee*

I

IDCruffhtield I

DATE 12/14/95 12/22/95 12/ /95 102/1 296 OFFICIAL RECORD COPY

Template:GL-Nav