ML103510475: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
| Line 3: | Line 3: | ||
| issue date = 12/21/2010 | | issue date = 12/21/2010 | ||
| title = Request for Additional Information to Support the Review of Cyber Security Plan (Id: Bvy 10-036) | | title = Request for Additional Information to Support the Review of Cyber Security Plan (Id: Bvy 10-036) | ||
| author name = Kim J | | author name = Kim J | ||
| author affiliation = NRC/NRR/DORL/LPLI-1 | | author affiliation = NRC/NRR/DORL/LPLI-1 | ||
| addressee name = | | addressee name = | ||
| Line 22: | Line 22: | ||
==Dear Sir or Madam:== | ==Dear Sir or Madam:== | ||
By letter dated july 16, 2010 (Agencywide Documents Access and Management System, Accession No. | By letter dated july 16, 2010 (Agencywide Documents Access and Management System, Accession No. ML102010393), Entergy Nuclear Operations, Inc. (the licensee) resubmitted a request to amend the Facility Operating License No. DPR-28 for Vermont Yankee Nuclear Power Station (VY). Per the proposed license amendment, the licensee requested approval of the VY Cyber Security Plan (CSP) (ML102010394), provided a proposed CSP Implementation Schedule, and included a proposed revision to the Facility Operating License to incorporate the provisions for implementing and maintaining in effect the provisions of the approved CSP. The licensee's amendment request was based on a generic template developed by the Nuclear Energy Institute in concert with the industry. | ||
The Nuclear Regulatory Commission (NRC) staff is reviewing the CSP and the proposed CSP Implementation Schedule and has determined that additional information is required to complete its technical review. A supplemental request for additional information is included as an Enclosure and was reviewed in accordance with the guidance provided in Title 10 of the Code of Federal RegUlations Section 2.390, and the NRC staff has determined that no related or proprietary information is contained therein. A response to this RAI is requested to be provided by February 15, 2011. | The Nuclear Regulatory Commission (NRC) staff is reviewing the CSP and the proposed CSP Implementation Schedule and has determined that additional information is required to complete its technical review. A supplemental request for additional information is included as an Enclosure and was reviewed in accordance with the guidance provided in Title 10 of the Code of Federal RegUlations Section 2.390, and the NRC staff has determined that no related or proprietary information is contained therein. A response to this RAI is requested to be provided by February 15, 2011. | ||
Sincerely, t | Sincerely, t | ||
| Line 37: | Line 37: | ||
==Dear Sir or Madam:== | ==Dear Sir or Madam:== | ||
By letter dated July 16, 2010 (Agencywide Documents Access and Management System, Accession No. | By letter dated July 16, 2010 (Agencywide Documents Access and Management System, Accession No. ML102010393), Entergy Nuclear Operations, Inc. (the licensee) resubmitted a request to amend the Facility Operating License No. DPR-28 for Vermont Yankee Nuclear Power Station (VY). Per the proposed license amendment, the licensee requested approval of the VY Cyber Security Plan (CSP) (ML102010394), provided a proposed CSP Implementation Schedule, and included a proposed revision to the Facility Operating License to incorporate the provisions for implementing and maintaining in effect the provisions of the approved CSP. The licensee's amendment request was based on a generic template developed by the Nuclear Energy Institute in concert with the industry. The Nuclear Regulatory Commission (NRC) staff is reviewing the CSP and the proposed CSP Implementation Schedule and has determined that additional information is required to complete its technical review. A supplemental request for additional information is included as an Enclosure and was reviewed in accordance with the guidance provided in Title 10 of the Code of Federal Regulations Section 2.390, and the NRC staff has determined that no related or proprietary information is contained therein. A response to this RAI is requested to be provided by February 15, 2011. | ||
Sincerely, IRA! James Kim, Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-271 | Sincerely, IRA! James Kim, Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-271 | ||
Revision as of 00:33, 11 July 2019
| ML103510475 | |
| Person / Time | |
|---|---|
| Site: | Vermont Yankee File:NorthStar Vermont Yankee icon.png |
| Issue date: | 12/21/2010 |
| From: | James Kim Plant Licensing Branch 1 |
| To: | Entergy Nuclear Operations |
| kim j | |
| References | |
| TAC ME4296 | |
| Download: ML103510475 (3) | |
Text
UNITED NUCLEAR REGULATORY WASHINGTON, D.C. 20555-0001 December 21, 2010 Site Vice President Entergy Nuclear Operations, Inc.
Vermont Yankee Nuclear Power Station P.O. Box 250 Governor Hunt Road Vernon, VT 05354 REQUEST FOR ADDITIONAL INFORMATION TO SUPPORT THE REVIEW OF VERMONT YANKEE NUCLEAR POWER STATION CYBER SECURITY PLAN (ID:BVY 10-036) (TAC NO. ME4296)
Dear Sir or Madam:
By letter dated july 16, 2010 (Agencywide Documents Access and Management System, Accession No. ML102010393), Entergy Nuclear Operations, Inc. (the licensee) resubmitted a request to amend the Facility Operating License No. DPR-28 for Vermont Yankee Nuclear Power Station (VY). Per the proposed license amendment, the licensee requested approval of the VY Cyber Security Plan (CSP) (ML102010394), provided a proposed CSP Implementation Schedule, and included a proposed revision to the Facility Operating License to incorporate the provisions for implementing and maintaining in effect the provisions of the approved CSP. The licensee's amendment request was based on a generic template developed by the Nuclear Energy Institute in concert with the industry.
The Nuclear Regulatory Commission (NRC) staff is reviewing the CSP and the proposed CSP Implementation Schedule and has determined that additional information is required to complete its technical review. A supplemental request for additional information is included as an Enclosure and was reviewed in accordance with the guidance provided in Title 10 of the Code of Federal RegUlations Section 2.390, and the NRC staff has determined that no related or proprietary information is contained therein. A response to this RAI is requested to be provided by February 15, 2011.
Sincerely, t
- r. ( James Kim, Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-271
Enclosure:
As stated cc w/encl:
Distribution via Listserv REQUEST FOR ADDITIONAL INFORMATION (RA!) ON THE REQUEST FOR OF THE VERMONT YANKEE NUCLEAR POWER STATION CYBER SECURITY PLAN Cyber Security Plan (CSP) Section 4: Establishing, Implementing, and Maintaining the Cyber Security Program RAI1 RAI Title:
Defense-in-Depth Protective Strategies -Critical Digital Asset (CDA) Isolation Strategies Title 10 of the Code of Federal Regulations (10 CFR) Section 73.54(c)(2) requires the licensee to apply and maintain defense-in-depth protective strategies to ensure the capability to detect, respond to, and recover from cyber attacks. Section 4.3, "Defense-in-Depth Protective Strategies," of the Vermont Yankee CSP states in several instances when referring to protections which isolate or secure CDAs within various cyber security defensive levels, that boundaries may be secured via "an air gap or deterministic one-way isolation device such as a data diode or hardware VPN [virtual private network]." Please clarify how hardware VPNs will sufficiently protect CDAs within defensive boundaries, including an explanation of the technical configurations that would enable it to mimic the capabilities of a deterministic one-way isolation device.
RAI2 RAI Title:
Defense-in-Depth Protective Strategies -Protection of Critical Digital Assets Associated with Emergency Preparedness Functions 10 CFR Section 73.54(a)(1) requires that "The licensee shall protect digital computer and communication systems and networks associated with... (iii)
Emergency preparedness functions, including offsite communications; and (iv) Support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness functions." Section 4.3, "Defense in Depth Protective Strategies" of the Vermont Yankee CSP describes its site defensive model and states that CDAs that "are not required to be within Level 4 due to their safety or security significance, and that perform security or Emergency Plan functions and security or Emergency Plan data acquisition or that perform safety monitoring, are within Level 3." Furthermore, the CSP states that "CDAs that are not required to be in at least Level 3 and that perform or support Emergency Plan functions are within Level 2." The CSP does not indicate which protective strategies will be implemented for CDAs that perform Emergency Preparedness functions. Please clarify: (1) the distinction between CDAs that perform Emergency Planning and Emergency Preparedness functions; and (2) which protective strategies will be implemented for CDAs that perform "emergency preparedness" functions.
Enclosure December 21, 2010 Site Vice President Entergy Nuclear Operations, Inc. Vermont Yankee Nuclear Power Station P.O. Box 250 Governor Hunt Road Vernon, VT 05354 REQUEST FOR ADDITIONAL INFORMATION TO SUPPORT THE REVIEW OF VERMONT YANKEE NUCLEAR POWER STATION CYBER SECURITY PLAN (ID:BVY 10-036) (TAC NO. ME4296)
Dear Sir or Madam:
By letter dated July 16, 2010 (Agencywide Documents Access and Management System, Accession No. ML102010393), Entergy Nuclear Operations, Inc. (the licensee) resubmitted a request to amend the Facility Operating License No. DPR-28 for Vermont Yankee Nuclear Power Station (VY). Per the proposed license amendment, the licensee requested approval of the VY Cyber Security Plan (CSP) (ML102010394), provided a proposed CSP Implementation Schedule, and included a proposed revision to the Facility Operating License to incorporate the provisions for implementing and maintaining in effect the provisions of the approved CSP. The licensee's amendment request was based on a generic template developed by the Nuclear Energy Institute in concert with the industry. The Nuclear Regulatory Commission (NRC) staff is reviewing the CSP and the proposed CSP Implementation Schedule and has determined that additional information is required to complete its technical review. A supplemental request for additional information is included as an Enclosure and was reviewed in accordance with the guidance provided in Title 10 of the Code of Federal Regulations Section 2.390, and the NRC staff has determined that no related or proprietary information is contained therein. A response to this RAI is requested to be provided by February 15, 2011.
Sincerely, IRA! James Kim, Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-271
Enclosure:
As stated cc w/encl:
Distribution via Listserv DISTRIBUTION:
PUBLIC RidsNrrDorlLpl1-1 Resource RidsRgn1 MailCenter RidsNrrLASLittle RidsNsirDsp Resource RidsNrrPMVermontYankee RidsAcrsAcnw_MailCenter Resource PPederson ADAMS Accession No'.. MI 103510475
-OFFICE LPL1-1/PM LPL1-1/LA LPL1-1/BC NAME JKim SUttle NSalgado DATE 12/21/10 12/20/10 12/21/10 OFFICIAL RECORD COPY