ML18170A268: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
(One intermediate revision by the same user not shown) | |||
Line 17: | Line 17: | ||
=Text= | =Text= | ||
{{#Wiki_filter:}} | {{#Wiki_filter:FINAL OMB SUPPORTING STATEMENT FOR TITLE 10 OF THE CODE OF FEDERAL REGULATIONS PART 95 FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA 3150-0047 EXTENSION Description of Information Collection Title 10 of the Code of Federal Regulations (10 CFR) Part 95 establishes procedures for obtaining facility security clearance and for safeguarding Secret and Confidential National Security Information and Restricted Data. Licensees under 10 CFR Part 95 fall within two categories, those who possess, use or transmit classified matter at their site or a cleared contractor site, and those licensees and contractors who only need access to classified matter at a government or appropriately cleared non-government site. The licensees, certificate holders, and contractors make reportable information available at their places of business or send the reports to the U.S. Nuclear Regulatory Commission (NRC) at its headquarters or regional offices. Reports or applications that are only required as occasioned by the occurrence of specific events, such as a modification to an existing security Standard Practice Procedures Plan (SPPP), an update to NRC Form 405F due to a change to key personnel positions identified in the rule, or a report of loss of classified information, would be an event-triggered cost. This clearance included information collected by the NRC Form 405F. | ||
Periodic training and other requirements for recordkeeping that are necessary for checking the licensees and contractors procedures for maintaining acceptable security education, facility, and classification/declassification programs are examples of recurring costs. The limited amount of personal information submitted in connection with facility clearance requests, classification/declassification actions, and other areas within these requirements is handled and protected in accordance with NRC directives and the provisions of the Privacy Act of 1974. | |||
The reporting requirements of 10 CFR Part 95 affect approximately 80 respondents, comprised of licensees, certificate holders, licensee contractors, and several other entities that access classified matter under the rule. The number of responses per respondent includes requested information submitted by the contractor via the licensee. | |||
A. JUSTIFICATION | |||
: 1. Need for and Practical Utility of the Collection of Information Part 95 of 10 CFR contains numerous reporting, recordkeeping, and application requirements, including requirements for submittal of information, plans, and procedures for the protection of classified information, automatic data processing (ADP) and telecommunications security plans, security recordkeeping requirements for compliance purposes, and security reporting and notification procedures for compliance and appropriate responses to certain events. In all cases, the requirements are necessary to help ensure that an adequate level of protection is provided for information determined to be classified. The reporting, recordkeeping, and application requirements are necessary for one of the reasons listed below: | |||
: a. To obtain essential descriptive data concerning the content and planned operation of the licensees, certificate holders, or their contractors | |||
information security program, which is necessary for the NRC to determine the adequacy of planned methods and procedures for safeguarding classified information and matter that is used, stored, transmitted, reproduced, or destroyed. | |||
: b. To obtain essential data describing the licensees, certificate holders, or their contractors planned program for ensuring employee indoctrination and continued awareness of their security responsibilities, to preclude unauthorized disclosure of classified information or matter and to ensure compliance with Executive Order (E.O.) 13526 and the National Industrial Security Program Operating Manual. | |||
: c. To obtain essential data that will permit NRC review and inspection of the licensees, certificate holders, or their contractors classification procedures and compliance with regulatory requirements for classification and procedures concerning release of classified information to International Atomic Energy Agency (IAEA) representatives. | |||
: d. To obtain essential data that will permit NRC review and appraisal of the licensees, certificate holders, or their contractors degree of foreign ownership, control, or influence to prevent unauthorized international transfer or disclosure of classified information or matter, and to ensure that classified activities are not adversely affected. | |||
The currently effective information collection requirements of 10 CFR Part 95 are identified and described in detail at the end of this supporting statement in the Description of Information Collection Requirements. | |||
: 2. Agency Use of Information The reports, security plans, and other security information are submitted to the NRC Division of Security Operations, in the Office of Nuclear Security and Incident Response. The information is used to help determine whether a licensee or their contractor is eligible to use, process, store, transmit, or handle NRC-classified information. The information is also used for periodic reviews and inspections to ensure appropriate regulations are continuously followed. | |||
: 3. Reduction of Burden Through Information Technology The NRC has issued Guidance for Electronic Submissions to the NRC which provides direction for the electronic transmission and submittal of documents to the NRC. Electronic transmission and submittal of documents can be accomplished via the following avenues: The Electronic Information Exchange process, which is available from the NRCs Electronic Submittals Web page, by Optical Storage Media (e.g., CD-ROM, DVD), by facsimile, or by e-mail. It is estimated that less than 10 of the responses are filed electronically, the licenses can chose to file electronically or by mail. | |||
: 4. Effort to Identify Duplication and to Use Similar Information There is no duplication of requirements. In the event another agency also has an interest at the facility, this regulation specifically reduces or eliminates 2 | |||
duplication through acceptance of the other agencys security program to protect the NRC-classified information and matter. | |||
: 5. Effort to Reduce Small Business Burden Currently, no licensees who access classified information under the rule qualify as a small business. The requirements to access classified information under the rule are based on statutes or Executive Orders that must be complied with regardless of the size of the business. | |||
: 6. Consequences to Federal Program or Policy Activities if the Collection is not Conducted or Conducted Less Frequently Required reports and information are collected and evaluated on a continuing basis as events occur. Applications for new facility clearances may be submitted at any time. If not submitted, approval to store NRC-classified information will not be processed. Other information collection requirements ensure that once placed at the facility that information continues to receive the required protection. Less frequent collection of this information may impact negatively on the NRCs responsibility to ensure proper protection and may endanger the United States common defense and national security. If the information collection was not conducted, these determinations could not be made and the licensees or contractor organizations would not be permitted to maintain this classified information which is pertinent to their activities. | |||
: 7. Circumstances Which Justify Variation from OMB Guidelines Paragraph 95.34(b) of 10 CFR and 10 CFR 95.36(d) requires that licensees and their contractors shall retain records of foreign visits for 5 years beyond the date of the visit. This requirement is needed to check the history of foreign visitors in case they become targets of interest by the United States Government. | |||
: 8. Consultation Outside the NRC Opportunity for public comment on the information collection requirements for this clearance package was published in the Federal Register on May 7, 2018 (83 FR 20102). NRC received no comments. NRC also contacted four licensees by email and there were no comments received | |||
: 9. Payment or Gift to Respondents Not applicable. | |||
: 10. Confidentiality of Information Confidential and proprietary information is protected in accordance with NRC regulations at 10 CFR 9.17(a) and 10 CFR 2.390(b). | |||
: 11. Justification for Sensitive Questions Some information, such as an individuals social security number, may be collected using Form 405F to verify an existing personnel security clearance. | |||
3 | |||
There is no Privacy Act concern as the information collected is not retrieved using personal identifiable information. | |||
: 12. Estimate of Burden The $263 hourly rate used in the burden estimates is based on the Nuclear Regulatory Commissions fee for hourly rates as noted in 10 CFR 170.20 Average cost per professional staff-hour. For more information on the basis of this rate, see the Revision Of Fee Schedules; Fee Recovery For Fiscal Year 2017 (82 FR 30682; June 30, 2017). | |||
The NRC estimates that total annual reporting burden is 328 hours and recordkeeping burden is 175 hours, for a total of 503 burden hours for the collection. The total cost to those required to respond to this collection is estimated to be $132,289 (503 hours x $263/hr.). Details of reporting and recordkeeping burden and cost estimates to the respondents are reflected in Tables 1 and 2. | |||
: 13. Estimate of Other Additional Costs The NRC has determined that the quantity of records to be maintained is roughly proportional to the recordkeeping burden and, therefore, can be used to calculate approximate records storage costs. Based on the number of pages maintained for a typical facility clearance, the records storage cost has been determined to be equal to 0.0004 times the recordkeeping burden cost. Because the recordkeeping burden is estimated to be 175 hours, the storage cost for this clearance is $18.41 (175 hours x 0.0004 x $263/hour). | |||
: 14. Estimated Annualized Cost to the Federal Government The staff has developed estimates of annualized costs to the Federal Government related to the conduct of this collection of information. These estimates are based on staff experience and subject matter expertise and include the burden needed to review, analyze, and process the collected information and any relevant operational expenses. The estimated annual cost to the Federal government in administering the program and procedures contained in these requirements is: | |||
Total Annual cost - professional effort (1,543 hrs. $263/hr.) = $405,809 | |||
: 15. Reasons for Change in Burden or Cost The overall burden decreased by 481.7 hours from 984.7 hours to 503 hours. | |||
The reasons for the decrease are due to the shift from establishing programs to maintaining programs with fewer reportable changes, the shutdown of cleared licensee/certificate holder facilities, and termination of cleared contractor facility clearances. Since the last clearance extension approximately 24 facilities have reduced their program or had their clearances terminated. | |||
The hourly fee rates decreased from $272/hr. to $263/hr. for professional effort in this clearance. | |||
4 | |||
: 16. Publication for Statistical Use There is no application of statistics in the information collected. There is no publication of this information. | |||
: 17. Reason for Not Displaying the Expiration Date The form will display the expiration date. | |||
: 18. Exceptions to the Certification Statement There are no exceptions. | |||
5 | |||
B. COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS Not applicable. | |||
6 | |||
TABLE 1 10 CFR PART 95 BURDEN ESTIMATE (REPORTING) | |||
Total Responses Burden No. of No. of Annual Cost Section Requirement Per Per Respondents Responses Burden $263/hr. | |||
Respondent Response Hrs. | |||
95.11 Specific Exemptions 0 0 0 0 0 $0 95.15(a) & | |||
Facility Clearance Requests 3 3 9 16 144 $37,872 (b)/95.49 Report of foreign ownership, 95.17 control, or influence (including 80 1 80 0.167 13 $3,419 completion of NRC Form 405F) 95.18(a) & (b) Key Personnel 0 0 0 0 0 $0 Changes in Security Practices and 95.19(a) & (b) 16 1 16 4 64 $16,832 Procedures Cancellation of Facility Clearance 95.21 0 0 0 0 0 $0 Requests Unattended Security Container 95.25(i) Found Open (see 95.57(b) for 0 0 0 0 0 $0 burden cost) 95.33(d) Security Education 80 1 80 0.1 8 $2,104 Classification (burden captured 95.37(a) 0 0 0 0 0 $0 under OMB Clearance for 95.57(c)) | |||
Telecommunication of Classified 95.39(d) 3 1 3 5 15 $3,945 Information 95.45(a) & (d) Changes in Classification 0 0 0 0 0 $0 95.53(a) & (b) Facility Clearance Terminated 4 18 72 1 72 $18,936 95.57(a) Event Reporting 0 0 0 0 0 $0 95.57(b) Event Reporting (monthly log) 4 12 48 .25 12 $3,156 Completion of NRC Form 790 (form 95.57(c) cleared under OMB Control N/A N/A N/A N/A N/A N/A Number 3150-0052) | |||
Totals 189 260 328 $86,264 7 | |||
TABLE 2 10 CFR PART 95 BURDEN ESTIMATE (RECORDKEEPING) | |||
No. of Annual Hours Total Annual Cost Section Requirement/Record Retention Record- Per Record- Recordkeeping | |||
$263/hr. | |||
keepers keepers Hours Maintenance of Records (95.25(j), 95.33(h), | |||
95.13 10 0 0 $0 95.34(b) 95.36(d)) | |||
95.18(a) Key Personnel 3 1 3 $789 95.19(c) Update NRC Facility Clearance 16 .1 1.6 $421 95.25(d) Records of Combinations 10 1 10 $2,630 95.25(g) Posted Information 10 0.4 4 $1,052 Unattended Security Container Found Open 95.25(i) 0 0 0 $0 (see 95.57(b) for burden cost) 95.25(j) Key and Lock Accountability Records 5 4 20 $5,260 95.33(h) Security Education Training Records 80 1 80 $21,040 95.34(b) Foreign Visitors 3 1 3 $789 95.36(d) IAEA Visit Records (5 years) 1 1 1 $263 95.37(c), (e)(2), (f), (g) | |||
Marking Requirements 3 0.4 1.2 $316 | |||
& (j) /95.45(b) 95.37(h) Classification Challenges 0 0 0 $0 95.39(b)(4) External Transmission 3 1 3 $789 95.39(e) Classified Information in Transit 3 1 3 $789 External Receipt and Dispatch of Records (2 95.41 3 0.25 0.75 $197 years) 95.43(a) Reproduction 10 1 10 $2,630 95.43(c) Marking Classified Reproductions 10 1 10 $2,630 95.57(b) Maintenance of Log 4 6 24 $6,312 Totals 175 $46,025 Total Overall Number of Responses = 340 (260 total responses + 80 record-keepers) | |||
Total Reporting and Recordkeeping Burden Hours = 503 (328 total reporting hours + 175 total recordkeeping hours) | |||
Total Number of Respondents = 189 Total Cost to Respondent = $132,289 (503 burden hours x $263 per hour) 8 | |||
DESCRIPTION OF INFORMATION COLLECTION REQUIREMENTS CONTAINED IN TITLE 10 OF THE CODE OF FEDERAL REGULATIONS PART 95 FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA 3150-0047 Section 95.11 The NRC may grant exemptions from the requirements of the regulations of 10 CFR Part 95 upon application by any interested person or upon its own initiative, provided the exemptions are authorized by law, will not present an undue risk to the public health and safety, and are consistent with the common defense and security. | |||
Section 95.13 This section requires that licensees maintain records that are subject to review and inspection by the Cognizant Security Agency (CSA) representatives during security reviews. | |||
Paragraph 95.15(a) A licensee shall request an NRC facility clearance to store or handle classified information in connection with NRC-related activities. | |||
Paragraph 95.15(b) This paragraph specifies the content of the request required by 10 CFR 95.15(a). If there is no existing facility clearance, the request must include a security SPPP that outlines the facilitys proposed security procedures and controls for the protection of classified information; a floor plan of the area in which the matter is to be used, processed, stored, reproduced, transmitted, transported, or handled; and foreign ownership, control or influence (FOCI) information. | |||
The request for facility clearance and accompanying security SPPP provides pertinent data including information concerning FOCI which enables the NRC Division of Security Operations to assess the licensees or their contractors eligibility for a facility clearance. Facilities are inspected to ensure their compliance with the procedures outlined in their security SPPP and the reporting requirements contained within 10 CFR Part 95. | |||
Section 95.17 Within 30 days of submitting a request for a facility clearance, the licensee or their contractor must advise the NRC of any significant events or changes that may affect its status concerning FOCI (e.g., changes in ownership; changes that affect the companys answers to original FOCI questions; indebtedness; and changes in the required form that identifies owners, officers, directors, and executive personnel). The burden for developing the list of employees, reviewing and filing it, and forwarding a copy to the CSA is estimated to require a maximum of 15 hours Paragraph 95.18(a) This paragraph requires that licensees submit documentation when excluding key management officials from access to classified information. These individuals may not occupy positions that would enable them to adversely affect the organizations policies or practices in the performance of activities involving classified information. A record must be made concerning the lack of clearance for all such personnel and a copy forwarded by the organizations executive body to the CSA. | |||
Paragraph 95.18(b) This paragraph requires that each licensee and their contractors submit documentation when excluding key management officials from access to higher-level classified 9 | |||
information. These individuals may not occupy positions that would enable them to adversely affect the organizations policies or practices in the protection of classified information. A record must be made concerning the lack of clearance for all such personnel and a copy forwarded by the organizations executive body to the CSA. | |||
Paragraph 95.19(a) This paragraph requires that each licensee and their contractors shall obtain prior CSA approval for any proposed change to the name, location, security procedures and controls, or floor plan of the approved facility. These substantive changes to a security SPPP are reported to the CSA (the NRC Division of Security Operations) and the appropriate NRC Regional Administrator. The substantive changes to the SPPP that affect security of the facility must be submitted to the CSA 30 days prior to the change. | |||
Paragraph 95.19(b) This paragraph requires that a licensee or their contractors may effect a minor, non-substantive change to an approved SPPP for the safeguarding of classified information without receiving prior CSA approval. These minor changes that do not affect the security of the facility may be submitted to the addressees noted in Section (a) of this section within 30 days of the change. | |||
Paragraph 95.19(c) This paragraph requires that a licensee or their contractors must update its NRC facility clearance every 5 years, either by submitting a complete SPPP or a certification that the existing SPPP is fully current. | |||
Section 95.21 This section requires the reporting of withdrawal or cancellation requests for facility clearances to the NRC Division of Security Operations by the requestor in the most expeditious manner so that processing for these clearances may be terminated. The requestor shall confirm the notification promptly in writing. | |||
The information required by this section is necessary each time a licensee or contractor wishes to withdraw or cancel a facility clearance request. This information will be used by the NRC Division of Security Operations as a basis for discontinuing further processing of the application and, if no access to classified information or matter is needed, would indicate that pending personnel security access authorization requests should also be canceled. | |||
Paragraph 95.25(d) If a record is made of a classified combination to an authorized storage container, the record must be marked with the highest classification of matter authorized for storage in the container. Superseded combinations must be destroyed. This record should be kept as long as the classified storage container is in use. | |||
This information and recordkeeping requirement helps ensure that written lock combinations are properly classified and safeguarded in accordance with the provisions of E.O. 13526 and its implementing directives. | |||
Paragraph 95.25(g) A record of names of persons having knowledge of the combination must be posted inside the container to ensure that responsible personnel may be contacted in the case of an emergency. This record should be kept as long as the classified storage container is in use. | |||
Paragraph 95.25(i) If an unattended security container housing classified matter is found unlocked, the custodian or an alternate must be notified immediately, and the container must be secured by appropriate personnel. Incidents such as these are entered into a written log that is provided to the NRC on a monthly basis (see 10 CFR 95.57(b)). | |||
10 | |||
This information collection and recordkeeping requirement assures: (1) that the licensee or other organization complies with the Information Security Oversight Office directive to report the loss or possible compromise of classified information; and (2) that the NRC may evaluate such occurrences and corrective actions which have been taken. | |||
Paragraph 95.25(j) This paragraph requires that a key and lock register be maintained, and that a monthly audit of keys and locks and a key inventory be performed with each change of custody. This recordkeeping requirement permits the NRC inspection and review of lock and key accountability records to determine that proper individuals with appropriate level of access authorization are issued keys and locks. | |||
Paragraph 95.33(d) Facility Security Officers must submit SF-312, Classified Information Nondisclosure Agreement, forms to the CSA for retention. Facility Security Officers must also submit a report to the CSA in the event that an employee refuses to sign the SF-312. | |||
The SF-312 is a required agreement with the United States not to disclose classified information. Submission of forms to the CSA and reports to the CSA in the event that an employee refuses to sign the SF-312, will allow verification through inspection that Section 25.23 requirements are being met before access to classified information is granted. | |||
Paragraph 95.33(h) All cleared employees must be provided with security training and briefings commensurate with their involvement with classified information. The facility may obtain defensive security, threat awareness, and other education and training information and matter from their CSA or other sources. Records reflecting an individuals initial and refresher security orientations and security termination must be maintained for 3 years after termination of the individuals access authorization. | |||
This requirement provides reasonable assurance that records are available when NRC conducts an inspection. This recordkeeping requirement permits verification through NRC inspection that individuals granted access authorizations are appropriately indoctrinated as to their individual security responsibilities and duties relative to the protection of classified information. | |||
Paragraph 95.34(b) Licensees or their contractors subject to 10 CFR Part 95 shall take measures as may be necessary to preclude access to classified information by foreign visitors. | |||
The licensee or contractor shall retain records of visits for 5 years beyond the date of the visit. | |||
Paragraph 95.36(d) Records of IAEA or other international organization visits, and records of inspections and disclosure authorizations must be maintained for 5 years. This recordkeeping requirement and its inspectability through NRC inspections ensures that licensees or their contractors maintain the proper procedures and controls over the release of classified information to IAEA or other international representatives in accordance with the disclosure authorization granted by the NRC Division of Security Operations. The licensee or their contractors shall retain records of visits for 5 years beyond the date of the visit. | |||
Paragraph 95.37(a) A licensee or their contractors must appropriately mark classified information in accordance with provided guidance. | |||
This paragraph requires licensees and others who possess classified matter which is not conducive to markings (e.g., equipment) to request approval for exemption from marking requirements for such matter. This requirement provides assurance that: (1) only those 11 | |||
officials delegated classification authority are classifying matter; (2) classified matter is not downgraded or declassified without proper authority; and (3) there is accountability for future classification, downgrading, and declassification actions. | |||
Paragraph 95.37(c) A licensee or their contractors are responsible for applying classification markings for National Security Information and Restricted Data. | |||
These marking and labeling requirements, which require an authorized classifier to place the appropriate classification markings on the document and sign his/her name, will be used whenever an NRC licensee or contractor derivative classifier generates a classified document or the classification of an existing document is to be changed (e.g., declassified or downgraded). | |||
A file or record copy must be maintained of the derivatively classified document as long as the document remains classified. These requirements provide assurance that: (1) only those officials delegated classification authority are classifying documents; (2) documents are not downgraded or declassified without proper authority; and (3) there is accountability for future classification, downgrading, and declassification actions. | |||
Paragraph 95.37(e)(2) If the originator or classifier determines that reproduction or further dissemination of a document should be restricted, the following additional wording may be placed on the face of the document: Reproduction or Further Dissemination Requires Approval of . | |||
Paragraph 95.37(f) In addition to the information required on the face of the document, each classified document is required, by marking or other means, to indicate clearly which portions are classified (e.g., paragraphs or pages) and which portions are not classified. If this type of portion marking is not practicable, the document must contain a description sufficient to identify the classified information and the unclassified information. | |||
Paragraph 95.37(g) If a document transmitting classified information contains no classified information or the classification level of the transmittal document is not as high as the highest classification level of its enclosures, then the document must be marked at the top and bottom with a classification at least as high as its highest classified enclosure. When the content of the transmittal document warrants a lower classification than the highest classified enclosures(s) or combination of enclosures or requires no classification, a stamp or marking such as the following must also be used on the transmittal document: UPON REMOVAL OF ATTACHMENTS THIS DOCUMENT IS: (classification level of transmittal document standing alone or the word UNCLASSIFIED if the transmittal document contains no classified information). | |||
Paragraph 95.37(h) Persons authorized possession of classified National Security Information, who in good faith believe a classification status is too high or too low, shall refer the document to the originator or authorized classifier for review. The classifier shall review the document and render a written classification decision to the holders of the information. | |||
This is a required procedure for document custodians to assure that any questions regarding proper classification are referred to the originator and that appropriate steps to safeguard the document are taken. The recordkeeping requirement permits verification through NRC inspections of actions taken when unauthorized disclosures may have occurred. | |||
Paragraph 95.37(j) Drafts of documents and working papers that contain, or are believed to contain, classified information must be marked as classified information. | |||
12 | |||
This requirement ensures there is accountability for future classification, downgrading, and declassification actions. | |||
Paragraph 95.39(b)(4) This requirement applies to Secret documents prepared for external transmission. It requires document receipts signed by the recipient to be returned to the sender as a way to officially transfer a Secret document to another person. | |||
This requirement permits verification through inspection that Secret documents that have been transferred to another person are properly accounted for. | |||
Paragraph 95.39(d) Licensees or their contractors who may require a secure telecommunication system shall submit a telecommunication plan as part of their request for facility clearance, as outlined in 10 CFR 95.15, or as an amendment to their existing SPPP. | |||
Paragraph 95.39(e) Licensees and their contractors that have classified matter that, because of the nature of the matter, cannot transmit the classified matter via conventional means, must submit a classified matter transportation security plan to the CSA for approval. | |||
The requirement to submit the classified transportation security plan for review ensures that licensees procedures meet minimum security requirements in 10 CFR Part 95. | |||
Section 95.41 Each licensee or contractor possessing classified information shall maintain records of the date of the matter, receipt or dispatch, classification, an unclassified description of the matter, and the identity of the sender for 2 years after receipt or dispatch. | |||
This procedure and recordkeeping requirement provides assurance that records are available when the NRC conducts an inspection. | |||
Paragraph 95.43(a) This paragraph requires that each licensee or contractor possessing classified information shall establish a reproduction control system to ensure that reproduction of classified matter is held to a minimum consistent with operational procedures. | |||
Paragraph 95.43(c) The licensee or contractor is required to mark classified reproductions with the same classification markings as the original classified document. | |||
This requirement assures that classified reproductions receive the same protection as other hard-copy classified documents. | |||
Paragraph 95.45(a) Requests for downgrading or declassifying any NRC-classified information should be forwarded to the NRC Division of Security Operations. Requests for downgrading or declassifying Restricted Data should be forwarded to the NRC Division of Security Operations for coordination with the U.S. Department of Energy. | |||
Paragraph 95.45(b) If a change of classification or declassification is approved, the previous classification marking must be canceled and a statement to that effect must be placed on the first page of the document. | |||
Paragraph 95.45(d) Any persons making a classification change shall forward a notice of classification change to all known holders of the document. | |||
13 | |||
These reporting and marking procedures in 10 CFR 95.45(a), 10 CFR 95.45(b), and 10 CFR 95.45(d) ensure that documents which may warrant downgrading or declassification are reviewed by the NRC Division of Security Operations or are referred to the U.S. Department of Energy, as may be appropriate, and that all known holders are notified of the action. | |||
Section 95.47 This section lists acceptable means of document destruction. The recordkeeping requirements associated with document destruction were eliminated in a final rule published April 1, 1999 (64 FR 15653). The reference in 10 CFR 95.8 stating that 10 CFR 95.47 contains an information collection is outdated and in error and will be removed during an upcoming administrative rulemaking. | |||
Section 95.49 This section requires the licensee and their contractors to submit an ADP security proposal to the CSA for approval before classified data or information may be processed or produced on an ADP system. The proposal may be submitted as part of the licensees or other persons request for facility clearance, or submitted as an amendment to its existing SPPP for the protection of classified information. | |||
Paragraph 95.53(a) If a facility clearance is terminated, the facility shall submit a certification of non-possession of classified information to the NRC Division of Security Operations within 30 days of termination. | |||
These procedures and notifications ensure that the facility clearance is terminated, suspended, or revoked when no longer needed or when continuation would not be in the interest of national security. The certificate of non-possession provides assurance that all classified information and matter has been returned to the NRC or destroyed in accordance with NRC security requirements. | |||
Paragraph 95.57(a) Each licensee and their contractors having a facility clearance shall report to the CSA and the Regional Administrator of the appropriate NRC regional office listed in 10 CFR Part 73, Appendix A, any alleged or suspected violation of Federal acts or statutes, related to classified information (e.g., deliberate disclosure of classified information to persons not authorized to receive it, theft of classified information) within 1 hour of the event, followed by written confirmation within 30 days of the incident. | |||
Paragraph 95.57(b) Any infractions, losses, compromises, or possible compromises of classified information not falling within paragraph (a) of this section must be entered into a written log and provided to the NRC on a monthly basis. | |||
The procedures in 10 CFR 95.57(a) and 10 CFR 95.57(b) are necessary to ensure that possible losses, compromises, violations of law, and disclosures of classified information are investigated and assessed in a timely manner. | |||
Paragraph 95.57(c) Requires an authorized classifier of a licensee and their contractors subject to 10 CFR Part 95 to submit all classified actions (documents classified, declassified, or downgraded) to the NRC either on an as completed or monthly basis. This information may be submitted either electronically by an on-line system (NRC prefers the use of a dial-in automated system connected to the Division of Security Operations) or by paper copy using the NRC Form 790, Classification Record. This requirement is cleared under OMB approval number 3150-0052. The electronic collection system, Classification Management Action System, is housed at the NRC, and permits collection of NRC Form 790 information electronically through the use of a personal computer. | |||
14}} |
Latest revision as of 22:06, 20 October 2019
ML18170A268 | |
Person / Time | |
---|---|
Issue date: | 07/19/2018 |
From: | Office of Nuclear Security and Incident Response |
To: | |
Shared Package | |
ML18170A266 | List: |
References | |
OMB 3150-0047 | |
Download: ML18170A268 (14) | |
Text
FINAL OMB SUPPORTING STATEMENT FOR TITLE 10 OF THE CODE OF FEDERAL REGULATIONS PART 95 FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA 3150-0047 EXTENSION Description of Information Collection Title 10 of the Code of Federal Regulations (10 CFR) Part 95 establishes procedures for obtaining facility security clearance and for safeguarding Secret and Confidential National Security Information and Restricted Data. Licensees under 10 CFR Part 95 fall within two categories, those who possess, use or transmit classified matter at their site or a cleared contractor site, and those licensees and contractors who only need access to classified matter at a government or appropriately cleared non-government site. The licensees, certificate holders, and contractors make reportable information available at their places of business or send the reports to the U.S. Nuclear Regulatory Commission (NRC) at its headquarters or regional offices. Reports or applications that are only required as occasioned by the occurrence of specific events, such as a modification to an existing security Standard Practice Procedures Plan (SPPP), an update to NRC Form 405F due to a change to key personnel positions identified in the rule, or a report of loss of classified information, would be an event-triggered cost. This clearance included information collected by the NRC Form 405F.
Periodic training and other requirements for recordkeeping that are necessary for checking the licensees and contractors procedures for maintaining acceptable security education, facility, and classification/declassification programs are examples of recurring costs. The limited amount of personal information submitted in connection with facility clearance requests, classification/declassification actions, and other areas within these requirements is handled and protected in accordance with NRC directives and the provisions of the Privacy Act of 1974.
The reporting requirements of 10 CFR Part 95 affect approximately 80 respondents, comprised of licensees, certificate holders, licensee contractors, and several other entities that access classified matter under the rule. The number of responses per respondent includes requested information submitted by the contractor via the licensee.
A. JUSTIFICATION
- 1. Need for and Practical Utility of the Collection of Information Part 95 of 10 CFR contains numerous reporting, recordkeeping, and application requirements, including requirements for submittal of information, plans, and procedures for the protection of classified information, automatic data processing (ADP) and telecommunications security plans, security recordkeeping requirements for compliance purposes, and security reporting and notification procedures for compliance and appropriate responses to certain events. In all cases, the requirements are necessary to help ensure that an adequate level of protection is provided for information determined to be classified. The reporting, recordkeeping, and application requirements are necessary for one of the reasons listed below:
- a. To obtain essential descriptive data concerning the content and planned operation of the licensees, certificate holders, or their contractors
information security program, which is necessary for the NRC to determine the adequacy of planned methods and procedures for safeguarding classified information and matter that is used, stored, transmitted, reproduced, or destroyed.
- b. To obtain essential data describing the licensees, certificate holders, or their contractors planned program for ensuring employee indoctrination and continued awareness of their security responsibilities, to preclude unauthorized disclosure of classified information or matter and to ensure compliance with Executive Order (E.O.) 13526 and the National Industrial Security Program Operating Manual.
- c. To obtain essential data that will permit NRC review and inspection of the licensees, certificate holders, or their contractors classification procedures and compliance with regulatory requirements for classification and procedures concerning release of classified information to International Atomic Energy Agency (IAEA) representatives.
- d. To obtain essential data that will permit NRC review and appraisal of the licensees, certificate holders, or their contractors degree of foreign ownership, control, or influence to prevent unauthorized international transfer or disclosure of classified information or matter, and to ensure that classified activities are not adversely affected.
The currently effective information collection requirements of 10 CFR Part 95 are identified and described in detail at the end of this supporting statement in the Description of Information Collection Requirements.
- 2. Agency Use of Information The reports, security plans, and other security information are submitted to the NRC Division of Security Operations, in the Office of Nuclear Security and Incident Response. The information is used to help determine whether a licensee or their contractor is eligible to use, process, store, transmit, or handle NRC-classified information. The information is also used for periodic reviews and inspections to ensure appropriate regulations are continuously followed.
- 3. Reduction of Burden Through Information Technology The NRC has issued Guidance for Electronic Submissions to the NRC which provides direction for the electronic transmission and submittal of documents to the NRC. Electronic transmission and submittal of documents can be accomplished via the following avenues: The Electronic Information Exchange process, which is available from the NRCs Electronic Submittals Web page, by Optical Storage Media (e.g., CD-ROM, DVD), by facsimile, or by e-mail. It is estimated that less than 10 of the responses are filed electronically, the licenses can chose to file electronically or by mail.
- 4. Effort to Identify Duplication and to Use Similar Information There is no duplication of requirements. In the event another agency also has an interest at the facility, this regulation specifically reduces or eliminates 2
duplication through acceptance of the other agencys security program to protect the NRC-classified information and matter.
- 5. Effort to Reduce Small Business Burden Currently, no licensees who access classified information under the rule qualify as a small business. The requirements to access classified information under the rule are based on statutes or Executive Orders that must be complied with regardless of the size of the business.
- 6. Consequences to Federal Program or Policy Activities if the Collection is not Conducted or Conducted Less Frequently Required reports and information are collected and evaluated on a continuing basis as events occur. Applications for new facility clearances may be submitted at any time. If not submitted, approval to store NRC-classified information will not be processed. Other information collection requirements ensure that once placed at the facility that information continues to receive the required protection. Less frequent collection of this information may impact negatively on the NRCs responsibility to ensure proper protection and may endanger the United States common defense and national security. If the information collection was not conducted, these determinations could not be made and the licensees or contractor organizations would not be permitted to maintain this classified information which is pertinent to their activities.
- 7. Circumstances Which Justify Variation from OMB Guidelines Paragraph 95.34(b) of 10 CFR and 10 CFR 95.36(d) requires that licensees and their contractors shall retain records of foreign visits for 5 years beyond the date of the visit. This requirement is needed to check the history of foreign visitors in case they become targets of interest by the United States Government.
- 8. Consultation Outside the NRC Opportunity for public comment on the information collection requirements for this clearance package was published in the Federal Register on May 7, 2018 (83 FR 20102). NRC received no comments. NRC also contacted four licensees by email and there were no comments received
- 9. Payment or Gift to Respondents Not applicable.
- 10. Confidentiality of Information Confidential and proprietary information is protected in accordance with NRC regulations at 10 CFR 9.17(a) and 10 CFR 2.390(b).
- 11. Justification for Sensitive Questions Some information, such as an individuals social security number, may be collected using Form 405F to verify an existing personnel security clearance.
3
There is no Privacy Act concern as the information collected is not retrieved using personal identifiable information.
- 12. Estimate of Burden The $263 hourly rate used in the burden estimates is based on the Nuclear Regulatory Commissions fee for hourly rates as noted in 10 CFR 170.20 Average cost per professional staff-hour. For more information on the basis of this rate, see the Revision Of Fee Schedules; Fee Recovery For Fiscal Year 2017 (82 FR 30682; June 30, 2017).
The NRC estimates that total annual reporting burden is 328 hours0.0038 days <br />0.0911 hours <br />5.42328e-4 weeks <br />1.24804e-4 months <br /> and recordkeeping burden is 175 hours0.00203 days <br />0.0486 hours <br />2.893519e-4 weeks <br />6.65875e-5 months <br />, for a total of 503 burden hours for the collection. The total cost to those required to respond to this collection is estimated to be $132,289 (503 hours0.00582 days <br />0.14 hours <br />8.316799e-4 weeks <br />1.913915e-4 months <br /> x $263/hr.). Details of reporting and recordkeeping burden and cost estimates to the respondents are reflected in Tables 1 and 2.
- 13. Estimate of Other Additional Costs The NRC has determined that the quantity of records to be maintained is roughly proportional to the recordkeeping burden and, therefore, can be used to calculate approximate records storage costs. Based on the number of pages maintained for a typical facility clearance, the records storage cost has been determined to be equal to 0.0004 times the recordkeeping burden cost. Because the recordkeeping burden is estimated to be 175 hours0.00203 days <br />0.0486 hours <br />2.893519e-4 weeks <br />6.65875e-5 months <br />, the storage cost for this clearance is $18.41 (175 hours0.00203 days <br />0.0486 hours <br />2.893519e-4 weeks <br />6.65875e-5 months <br /> x 0.0004 x $263/hour).
- 14. Estimated Annualized Cost to the Federal Government The staff has developed estimates of annualized costs to the Federal Government related to the conduct of this collection of information. These estimates are based on staff experience and subject matter expertise and include the burden needed to review, analyze, and process the collected information and any relevant operational expenses. The estimated annual cost to the Federal government in administering the program and procedures contained in these requirements is:
Total Annual cost - professional effort (1,543 hrs. $263/hr.) = $405,809
- 15. Reasons for Change in Burden or Cost The overall burden decreased by 481.7 hours8.101852e-5 days <br />0.00194 hours <br />1.157407e-5 weeks <br />2.6635e-6 months <br /> from 984.7 hours8.101852e-5 days <br />0.00194 hours <br />1.157407e-5 weeks <br />2.6635e-6 months <br /> to 503 hours0.00582 days <br />0.14 hours <br />8.316799e-4 weeks <br />1.913915e-4 months <br />.
The reasons for the decrease are due to the shift from establishing programs to maintaining programs with fewer reportable changes, the shutdown of cleared licensee/certificate holder facilities, and termination of cleared contractor facility clearances. Since the last clearance extension approximately 24 facilities have reduced their program or had their clearances terminated.
The hourly fee rates decreased from $272/hr. to $263/hr. for professional effort in this clearance.
4
- 16. Publication for Statistical Use There is no application of statistics in the information collected. There is no publication of this information.
- 17. Reason for Not Displaying the Expiration Date The form will display the expiration date.
- 18. Exceptions to the Certification Statement There are no exceptions.
5
B. COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS Not applicable.
6
TABLE 1 10 CFR PART 95 BURDEN ESTIMATE (REPORTING)
Total Responses Burden No. of No. of Annual Cost Section Requirement Per Per Respondents Responses Burden $263/hr.
Respondent Response Hrs.
95.11 Specific Exemptions 0 0 0 0 0 $0 95.15(a) &
Facility Clearance Requests 3 3 9 16 144 $37,872 (b)/95.49 Report of foreign ownership, 95.17 control, or influence (including 80 1 80 0.167 13 $3,419 completion of NRC Form 405F) 95.18(a) & (b) Key Personnel 0 0 0 0 0 $0 Changes in Security Practices and 95.19(a) & (b) 16 1 16 4 64 $16,832 Procedures Cancellation of Facility Clearance 95.21 0 0 0 0 0 $0 Requests Unattended Security Container 95.25(i) Found Open (see 95.57(b) for 0 0 0 0 0 $0 burden cost) 95.33(d) Security Education 80 1 80 0.1 8 $2,104 Classification (burden captured 95.37(a) 0 0 0 0 0 $0 under OMB Clearance for 95.57(c))
Telecommunication of Classified 95.39(d) 3 1 3 5 15 $3,945 Information 95.45(a) & (d) Changes in Classification 0 0 0 0 0 $0 95.53(a) & (b) Facility Clearance Terminated 4 18 72 1 72 $18,936 95.57(a) Event Reporting 0 0 0 0 0 $0 95.57(b) Event Reporting (monthly log) 4 12 48 .25 12 $3,156 Completion of NRC Form 790 (form 95.57(c) cleared under OMB Control N/A N/A N/A N/A N/A N/A Number 3150-0052)
Totals 189 260 328 $86,264 7
TABLE 2 10 CFR PART 95 BURDEN ESTIMATE (RECORDKEEPING)
No. of Annual Hours Total Annual Cost Section Requirement/Record Retention Record- Per Record- Recordkeeping
$263/hr.
keepers keepers Hours Maintenance of Records (95.25(j), 95.33(h),
95.13 10 0 0 $0 95.34(b) 95.36(d))
95.18(a) Key Personnel 3 1 3 $789 95.19(c) Update NRC Facility Clearance 16 .1 1.6 $421 95.25(d) Records of Combinations 10 1 10 $2,630 95.25(g) Posted Information 10 0.4 4 $1,052 Unattended Security Container Found Open 95.25(i) 0 0 0 $0 (see 95.57(b) for burden cost) 95.25(j) Key and Lock Accountability Records 5 4 20 $5,260 95.33(h) Security Education Training Records 80 1 80 $21,040 95.34(b) Foreign Visitors 3 1 3 $789 95.36(d) IAEA Visit Records (5 years) 1 1 1 $263 95.37(c), (e)(2), (f), (g)
Marking Requirements 3 0.4 1.2 $316
& (j) /95.45(b) 95.37(h) Classification Challenges 0 0 0 $0 95.39(b)(4) External Transmission 3 1 3 $789 95.39(e) Classified Information in Transit 3 1 3 $789 External Receipt and Dispatch of Records (2 95.41 3 0.25 0.75 $197 years) 95.43(a) Reproduction 10 1 10 $2,630 95.43(c) Marking Classified Reproductions 10 1 10 $2,630 95.57(b) Maintenance of Log 4 6 24 $6,312 Totals 175 $46,025 Total Overall Number of Responses = 340 (260 total responses + 80 record-keepers)
Total Reporting and Recordkeeping Burden Hours = 503 (328 total reporting hours + 175 total recordkeeping hours)
Total Number of Respondents = 189 Total Cost to Respondent = $132,289 (503 burden hours x $263 per hour) 8
DESCRIPTION OF INFORMATION COLLECTION REQUIREMENTS CONTAINED IN TITLE 10 OF THE CODE OF FEDERAL REGULATIONS PART 95 FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA 3150-0047 Section 95.11 The NRC may grant exemptions from the requirements of the regulations of 10 CFR Part 95 upon application by any interested person or upon its own initiative, provided the exemptions are authorized by law, will not present an undue risk to the public health and safety, and are consistent with the common defense and security.
Section 95.13 This section requires that licensees maintain records that are subject to review and inspection by the Cognizant Security Agency (CSA) representatives during security reviews.
Paragraph 95.15(a) A licensee shall request an NRC facility clearance to store or handle classified information in connection with NRC-related activities.
Paragraph 95.15(b) This paragraph specifies the content of the request required by 10 CFR 95.15(a). If there is no existing facility clearance, the request must include a security SPPP that outlines the facilitys proposed security procedures and controls for the protection of classified information; a floor plan of the area in which the matter is to be used, processed, stored, reproduced, transmitted, transported, or handled; and foreign ownership, control or influence (FOCI) information.
The request for facility clearance and accompanying security SPPP provides pertinent data including information concerning FOCI which enables the NRC Division of Security Operations to assess the licensees or their contractors eligibility for a facility clearance. Facilities are inspected to ensure their compliance with the procedures outlined in their security SPPP and the reporting requirements contained within 10 CFR Part 95.
Section 95.17 Within 30 days of submitting a request for a facility clearance, the licensee or their contractor must advise the NRC of any significant events or changes that may affect its status concerning FOCI (e.g., changes in ownership; changes that affect the companys answers to original FOCI questions; indebtedness; and changes in the required form that identifies owners, officers, directors, and executive personnel). The burden for developing the list of employees, reviewing and filing it, and forwarding a copy to the CSA is estimated to require a maximum of 15 hours1.736111e-4 days <br />0.00417 hours <br />2.480159e-5 weeks <br />5.7075e-6 months <br /> Paragraph 95.18(a) This paragraph requires that licensees submit documentation when excluding key management officials from access to classified information. These individuals may not occupy positions that would enable them to adversely affect the organizations policies or practices in the performance of activities involving classified information. A record must be made concerning the lack of clearance for all such personnel and a copy forwarded by the organizations executive body to the CSA.
Paragraph 95.18(b) This paragraph requires that each licensee and their contractors submit documentation when excluding key management officials from access to higher-level classified 9
information. These individuals may not occupy positions that would enable them to adversely affect the organizations policies or practices in the protection of classified information. A record must be made concerning the lack of clearance for all such personnel and a copy forwarded by the organizations executive body to the CSA.
Paragraph 95.19(a) This paragraph requires that each licensee and their contractors shall obtain prior CSA approval for any proposed change to the name, location, security procedures and controls, or floor plan of the approved facility. These substantive changes to a security SPPP are reported to the CSA (the NRC Division of Security Operations) and the appropriate NRC Regional Administrator. The substantive changes to the SPPP that affect security of the facility must be submitted to the CSA 30 days prior to the change.
Paragraph 95.19(b) This paragraph requires that a licensee or their contractors may effect a minor, non-substantive change to an approved SPPP for the safeguarding of classified information without receiving prior CSA approval. These minor changes that do not affect the security of the facility may be submitted to the addressees noted in Section (a) of this section within 30 days of the change.
Paragraph 95.19(c) This paragraph requires that a licensee or their contractors must update its NRC facility clearance every 5 years, either by submitting a complete SPPP or a certification that the existing SPPP is fully current.
Section 95.21 This section requires the reporting of withdrawal or cancellation requests for facility clearances to the NRC Division of Security Operations by the requestor in the most expeditious manner so that processing for these clearances may be terminated. The requestor shall confirm the notification promptly in writing.
The information required by this section is necessary each time a licensee or contractor wishes to withdraw or cancel a facility clearance request. This information will be used by the NRC Division of Security Operations as a basis for discontinuing further processing of the application and, if no access to classified information or matter is needed, would indicate that pending personnel security access authorization requests should also be canceled.
Paragraph 95.25(d) If a record is made of a classified combination to an authorized storage container, the record must be marked with the highest classification of matter authorized for storage in the container. Superseded combinations must be destroyed. This record should be kept as long as the classified storage container is in use.
This information and recordkeeping requirement helps ensure that written lock combinations are properly classified and safeguarded in accordance with the provisions of E.O. 13526 and its implementing directives.
Paragraph 95.25(g) A record of names of persons having knowledge of the combination must be posted inside the container to ensure that responsible personnel may be contacted in the case of an emergency. This record should be kept as long as the classified storage container is in use.
Paragraph 95.25(i) If an unattended security container housing classified matter is found unlocked, the custodian or an alternate must be notified immediately, and the container must be secured by appropriate personnel. Incidents such as these are entered into a written log that is provided to the NRC on a monthly basis (see 10 CFR 95.57(b)).
10
This information collection and recordkeeping requirement assures: (1) that the licensee or other organization complies with the Information Security Oversight Office directive to report the loss or possible compromise of classified information; and (2) that the NRC may evaluate such occurrences and corrective actions which have been taken.
Paragraph 95.25(j) This paragraph requires that a key and lock register be maintained, and that a monthly audit of keys and locks and a key inventory be performed with each change of custody. This recordkeeping requirement permits the NRC inspection and review of lock and key accountability records to determine that proper individuals with appropriate level of access authorization are issued keys and locks.
Paragraph 95.33(d) Facility Security Officers must submit SF-312, Classified Information Nondisclosure Agreement, forms to the CSA for retention. Facility Security Officers must also submit a report to the CSA in the event that an employee refuses to sign the SF-312.
The SF-312 is a required agreement with the United States not to disclose classified information. Submission of forms to the CSA and reports to the CSA in the event that an employee refuses to sign the SF-312, will allow verification through inspection that Section 25.23 requirements are being met before access to classified information is granted.
Paragraph 95.33(h) All cleared employees must be provided with security training and briefings commensurate with their involvement with classified information. The facility may obtain defensive security, threat awareness, and other education and training information and matter from their CSA or other sources. Records reflecting an individuals initial and refresher security orientations and security termination must be maintained for 3 years after termination of the individuals access authorization.
This requirement provides reasonable assurance that records are available when NRC conducts an inspection. This recordkeeping requirement permits verification through NRC inspection that individuals granted access authorizations are appropriately indoctrinated as to their individual security responsibilities and duties relative to the protection of classified information.
Paragraph 95.34(b) Licensees or their contractors subject to 10 CFR Part 95 shall take measures as may be necessary to preclude access to classified information by foreign visitors.
The licensee or contractor shall retain records of visits for 5 years beyond the date of the visit.
Paragraph 95.36(d) Records of IAEA or other international organization visits, and records of inspections and disclosure authorizations must be maintained for 5 years. This recordkeeping requirement and its inspectability through NRC inspections ensures that licensees or their contractors maintain the proper procedures and controls over the release of classified information to IAEA or other international representatives in accordance with the disclosure authorization granted by the NRC Division of Security Operations. The licensee or their contractors shall retain records of visits for 5 years beyond the date of the visit.
Paragraph 95.37(a) A licensee or their contractors must appropriately mark classified information in accordance with provided guidance.
This paragraph requires licensees and others who possess classified matter which is not conducive to markings (e.g., equipment) to request approval for exemption from marking requirements for such matter. This requirement provides assurance that: (1) only those 11
officials delegated classification authority are classifying matter; (2) classified matter is not downgraded or declassified without proper authority; and (3) there is accountability for future classification, downgrading, and declassification actions.
Paragraph 95.37(c) A licensee or their contractors are responsible for applying classification markings for National Security Information and Restricted Data.
These marking and labeling requirements, which require an authorized classifier to place the appropriate classification markings on the document and sign his/her name, will be used whenever an NRC licensee or contractor derivative classifier generates a classified document or the classification of an existing document is to be changed (e.g., declassified or downgraded).
A file or record copy must be maintained of the derivatively classified document as long as the document remains classified. These requirements provide assurance that: (1) only those officials delegated classification authority are classifying documents; (2) documents are not downgraded or declassified without proper authority; and (3) there is accountability for future classification, downgrading, and declassification actions.
Paragraph 95.37(e)(2) If the originator or classifier determines that reproduction or further dissemination of a document should be restricted, the following additional wording may be placed on the face of the document: Reproduction or Further Dissemination Requires Approval of .
Paragraph 95.37(f) In addition to the information required on the face of the document, each classified document is required, by marking or other means, to indicate clearly which portions are classified (e.g., paragraphs or pages) and which portions are not classified. If this type of portion marking is not practicable, the document must contain a description sufficient to identify the classified information and the unclassified information.
Paragraph 95.37(g) If a document transmitting classified information contains no classified information or the classification level of the transmittal document is not as high as the highest classification level of its enclosures, then the document must be marked at the top and bottom with a classification at least as high as its highest classified enclosure. When the content of the transmittal document warrants a lower classification than the highest classified enclosures(s) or combination of enclosures or requires no classification, a stamp or marking such as the following must also be used on the transmittal document: UPON REMOVAL OF ATTACHMENTS THIS DOCUMENT IS: (classification level of transmittal document standing alone or the word UNCLASSIFIED if the transmittal document contains no classified information).
Paragraph 95.37(h) Persons authorized possession of classified National Security Information, who in good faith believe a classification status is too high or too low, shall refer the document to the originator or authorized classifier for review. The classifier shall review the document and render a written classification decision to the holders of the information.
This is a required procedure for document custodians to assure that any questions regarding proper classification are referred to the originator and that appropriate steps to safeguard the document are taken. The recordkeeping requirement permits verification through NRC inspections of actions taken when unauthorized disclosures may have occurred.
Paragraph 95.37(j) Drafts of documents and working papers that contain, or are believed to contain, classified information must be marked as classified information.
12
This requirement ensures there is accountability for future classification, downgrading, and declassification actions.
Paragraph 95.39(b)(4) This requirement applies to Secret documents prepared for external transmission. It requires document receipts signed by the recipient to be returned to the sender as a way to officially transfer a Secret document to another person.
This requirement permits verification through inspection that Secret documents that have been transferred to another person are properly accounted for.
Paragraph 95.39(d) Licensees or their contractors who may require a secure telecommunication system shall submit a telecommunication plan as part of their request for facility clearance, as outlined in 10 CFR 95.15, or as an amendment to their existing SPPP.
Paragraph 95.39(e) Licensees and their contractors that have classified matter that, because of the nature of the matter, cannot transmit the classified matter via conventional means, must submit a classified matter transportation security plan to the CSA for approval.
The requirement to submit the classified transportation security plan for review ensures that licensees procedures meet minimum security requirements in 10 CFR Part 95.
Section 95.41 Each licensee or contractor possessing classified information shall maintain records of the date of the matter, receipt or dispatch, classification, an unclassified description of the matter, and the identity of the sender for 2 years after receipt or dispatch.
This procedure and recordkeeping requirement provides assurance that records are available when the NRC conducts an inspection.
Paragraph 95.43(a) This paragraph requires that each licensee or contractor possessing classified information shall establish a reproduction control system to ensure that reproduction of classified matter is held to a minimum consistent with operational procedures.
Paragraph 95.43(c) The licensee or contractor is required to mark classified reproductions with the same classification markings as the original classified document.
This requirement assures that classified reproductions receive the same protection as other hard-copy classified documents.
Paragraph 95.45(a) Requests for downgrading or declassifying any NRC-classified information should be forwarded to the NRC Division of Security Operations. Requests for downgrading or declassifying Restricted Data should be forwarded to the NRC Division of Security Operations for coordination with the U.S. Department of Energy.
Paragraph 95.45(b) If a change of classification or declassification is approved, the previous classification marking must be canceled and a statement to that effect must be placed on the first page of the document.
Paragraph 95.45(d) Any persons making a classification change shall forward a notice of classification change to all known holders of the document.
13
These reporting and marking procedures in 10 CFR 95.45(a), 10 CFR 95.45(b), and 10 CFR 95.45(d) ensure that documents which may warrant downgrading or declassification are reviewed by the NRC Division of Security Operations or are referred to the U.S. Department of Energy, as may be appropriate, and that all known holders are notified of the action.
Section 95.47 This section lists acceptable means of document destruction. The recordkeeping requirements associated with document destruction were eliminated in a final rule published April 1, 1999 (64 FR 15653). The reference in 10 CFR 95.8 stating that 10 CFR 95.47 contains an information collection is outdated and in error and will be removed during an upcoming administrative rulemaking.
Section 95.49 This section requires the licensee and their contractors to submit an ADP security proposal to the CSA for approval before classified data or information may be processed or produced on an ADP system. The proposal may be submitted as part of the licensees or other persons request for facility clearance, or submitted as an amendment to its existing SPPP for the protection of classified information.
Paragraph 95.53(a) If a facility clearance is terminated, the facility shall submit a certification of non-possession of classified information to the NRC Division of Security Operations within 30 days of termination.
These procedures and notifications ensure that the facility clearance is terminated, suspended, or revoked when no longer needed or when continuation would not be in the interest of national security. The certificate of non-possession provides assurance that all classified information and matter has been returned to the NRC or destroyed in accordance with NRC security requirements.
Paragraph 95.57(a) Each licensee and their contractors having a facility clearance shall report to the CSA and the Regional Administrator of the appropriate NRC regional office listed in 10 CFR Part 73, Appendix A, any alleged or suspected violation of Federal acts or statutes, related to classified information (e.g., deliberate disclosure of classified information to persons not authorized to receive it, theft of classified information) within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> of the event, followed by written confirmation within 30 days of the incident.
Paragraph 95.57(b) Any infractions, losses, compromises, or possible compromises of classified information not falling within paragraph (a) of this section must be entered into a written log and provided to the NRC on a monthly basis.
The procedures in 10 CFR 95.57(a) and 10 CFR 95.57(b) are necessary to ensure that possible losses, compromises, violations of law, and disclosures of classified information are investigated and assessed in a timely manner.
Paragraph 95.57(c) Requires an authorized classifier of a licensee and their contractors subject to 10 CFR Part 95 to submit all classified actions (documents classified, declassified, or downgraded) to the NRC either on an as completed or monthly basis. This information may be submitted either electronically by an on-line system (NRC prefers the use of a dial-in automated system connected to the Division of Security Operations) or by paper copy using the NRC Form 790, Classification Record. This requirement is cleared under OMB approval number 3150-0052. The electronic collection system, Classification Management Action System, is housed at the NRC, and permits collection of NRC Form 790 information electronically through the use of a personal computer.
14