ML12262A209: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
(10 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
| number = ML12262A209 | | number = ML12262A209 | ||
| issue date = 12/12/2012 | | issue date = 12/12/2012 | ||
| title = | | title = Issuance of Amendment Changes to Cyber Security Plan Implementation Schedule Milestones | ||
| author name = Thadani M | | author name = Thadani M | ||
| author affiliation = NRC/NRR/DORL/LPLI-1 | | author affiliation = NRC/NRR/DORL/LPLI-1 | ||
| addressee name = | | addressee name = | ||
Line 9: | Line 9: | ||
| docket = 05000333 | | docket = 05000333 | ||
| license number = DPR-059 | | license number = DPR-059 | ||
| contact person = Thadani M | | contact person = Thadani M, NRR/DORL/LPL1-1, 415-1476 | ||
| case reference number = TAC ME9114 | | case reference number = TAC ME9114 | ||
| document type = License-Operating (New/Renewal/Amendments) DKT 50, Letter, Safety Evaluation | | document type = License-Operating (New/Renewal/Amendments) DKT 50, Letter, Safety Evaluation | ||
| page count = 13 | | page count = 13 | ||
| project = TAC:ME9114 | | project = TAC:ME9114 | ||
| stage = Approval | |||
}} | }} | ||
=Text= | =Text= | ||
{{#Wiki_filter:UNITED NUCLEAR REGULATORY WASHINGTON, D.C. 20555*0001 December 12, 2012 Vice President, Operations Entergy Nuclear Operations, Inc. James A. FitzPatrick Nuclear Power Plant P.O. Box 110 Lycoming, NY 13093 JAMES A. FITZPATRICK NUCLEAR POWER PLANT -ISSUANCE OF AMENDMENT RE: CHANGES TO CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE MILESTONES (TAC NO. ME9114) Dear Sir or Madam: The Commission has issued the enclosed Amendment No. 303 to Renewed Facility Operating License (FOL) No. DPR-59 for the James A. FitzPatrick Nuclear Power Plant (JAF). The amendment is in response to your application dated June 22, 2012. The amendment revised the scope of Cyber Security Plan (CSP) Implementation Schedule Milestone #6 and the existing license condition in the renewed facility operating license. Milestone #6 of the CSP implementation schedule concerns the identification, documentation, and implementation of cyber security controls (technical. operational, and management) for critical digital assets (CDAs) related to target set equipment. Entergy Nuclear Operations, Inc. (ENO) requested to modify the scope of Milestone #6 to apply to the technical cyber security controls only. The operational and management controls, as described in NEI 08-09, Revision 6 guidance, would be implemented concurrent with the full implementation of the Cyber Security Program (Milestone #8). Thus, all CSP activities would be fully implemented by the completion date, identified in Milestone #8 of the licensee's CSP implementation schedule. This license amendment is effective as of the date of its issuance and shall be implemented by December 31, 2012. | {{#Wiki_filter:UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555*0001 December 12, 2012 Vice President, Operations Entergy Nuclear Operations, Inc. | ||
V. P. Operations -A copy of the related Safety Evaluation is enclosed. A Notice of Issuance will be included in the Commission's next regular biweekly Federal Register notice. Sincerely, Mohan C. Thadani, Senior Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-333 Enclosures: 1. Amendment No. 303 to DPR-59 2. Safety Evaluation cc w/encls: Distribution via Listserv UNITED NUCLEAR REGULATORY WASHINGTON, D.C. 20555-0001 ENTERGY NUCLEAR FITZPATRICK, LLC AND ENTERGY NUCLEAR OPERATIONS, INC. DOCKET NO. 50-333 JAMES A. FITZPATRICK NUCLEAR POWER PLANT AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 303 Renewed Facility Operating license No. DPR-59 The Nuclear Regulatory Commission (the Commission) has found that: The application for amendment by Entergy Nuclear Operations, Inc. (the licensee) dated June 22, 2012, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act) and the Commission's rules and regulations set forth in 10 CFR Chapter I; The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied. | James A. FitzPatrick Nuclear Power Plant P.O. Box 110 Lycoming, NY 13093 | ||
-2 | |||
-2 The licensee's renewed facility operating license includes a license condition that requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved CSP. Amendment No. 300, dated August 19, 2011, which approved the licensee's CSP and implementation schedule, included the following statement: "The implementation of the CSP, including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee on July 15, 2010, as supplemented by letters dated February 15, and April 4, 2011, and approved by the NRC staff with this license amendment. All subsequent changes to the NRC-approved CSP implementation schedule will require prior NRC approval pursuant to 10 CFR 50.90." In a letter to the Nuclear Energy Institute (NEI) dated March 1, 2011 (ADAMS Accession No. | ==SUBJECT:== | ||
-technical, operational and management security controls. In its June 22,2012, application, Entergy proposed to modify Milestone #6 to change the scope of the cyber security controls due to be implemented on December 31,2012, to include only the NEI 08-09, Revision 6, Appendix D technical security controls. Entergy proposes to amend its CSP to provide that operational and management security controls, identified in Milestone #6, will be fully implemented by a later date, which is the completion date identified in Milestone #8 of the CSP implementation schedule. The licensee stated that implementing the technical cyber security controls for target set CDAs provides a high degree of protection against cyber-related attacks that could lead to radiological sabotage. The licensee further stated that many of its existing programs are primarily procedure-based programs and must be implemented in coordination with the comprehensive Cyber Security Program. The licensee also stated that the existing programs currently in place at JAF (e.g., physical protection, maintenance, configuration management, and operating experience) provide sufficient operational and management cyber security protection during the interim period until the Cyber Security Program is fully implemented. 3.2 NRC Staff Evaluation The intent of the cyber security implementation schedule was for licensees to demonstrate ongoing implementation of their Cyber Security Program prior to full implementation, which is set for the date specified in Milestone #8. In addition to Milestone #6 and its associated activities, licensees will be completing six other milestones (Milestones #1 through #5 and Milestone #7) by December 31,2012. Activities include establishing a CSAT, identifying critical systems and CDAs, installing deterministic one-way devices between defensive levels, implementing access control for portable and mobile devices, implementing methods to observe and identify obvious cyber related tampering, and conducting ongoing monitoring and assessment activities for target set CDAs. In the aggregate, the interim milestones demonstrate ongoing implementation of the Cyber Security Program at JAF. The NRC staff has reviewed the licensee's evaluation of the proposed change in its submittal dated June 22,2012, and finds that by completing Milestones #1 through #5, Milestone #6 with implementation of technical controls to target set CDAs, and Milestone #7, JAF will have an acceptable level of cyber security protection until full program implementation is achieved. Technical cyber security controls include access controls, audit and accountability, CDA and communications protection, identification and authentication, and system hardening. These controls are executed by computer systems, as opposed to people, and consist of hardware and software controls that provide automated protection to a system or application. Implementation of technical cyber security controls promotes standardization, trust, interoperability, connectivity, automation, and increased efficiency. For these reasons, the NRC staff concludes that the licensee's approach is acceptable. The NRC staff also recognizes that full implementation of operational and management cyber security controls in accordance with requirements of the JAF CSP will be achieved with full irnplementation of the JAF Cyber Security Program by the date set in Milestone #8. That is, all required elements for the operational and management cyber security controls in accordance with the JAF CSP will be implemented in their entirety at the time of full implementation of the CSP. | JAMES A. FITZPATRICK NUCLEAR POWER PLANT - ISSUANCE OF AMENDMENT RE: CHANGES TO CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE MILESTONES (TAC NO. ME9114) | ||
The licensee made a Regulatory Commitment in its application dated June 22,2012, however, the NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its May 9, 2011 letter to all operating reactor licensees (ADAMS Accession No. | |||
-5 6.0 CONCLUSION The NRC staff has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. Principal Contributor: M. Coflin Date: December 12, 2012 V. P. Operations -2 A copy of the related Safety Evaluation is enclosed. A Notice of Issuance will be included in the Commission's next regular biweekly Federal Register notice. Sincerely, IRA! Mohan C. Thadani, Senior Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-333 Enclosures: 1. Amendment No. 303 to DPR-59 2. Safety Evaluation cc w/encls: Distribution via Listserv DISTRIBUTION: PUBLIC | ==Dear Sir or Madam:== | ||
}} | |||
The Commission has issued the enclosed Amendment No. 303 to Renewed Facility Operating License (FOL) No. DPR-59 for the James A. FitzPatrick Nuclear Power Plant (JAF). The amendment is in response to your application dated June 22, 2012. | |||
The amendment revised the scope of Cyber Security Plan (CSP) Implementation Schedule Milestone #6 and the existing license condition in the renewed facility operating license. | |||
Milestone #6 of the CSP implementation schedule concerns the identification, documentation, and implementation of cyber security controls (technical. operational, and management) for critical digital assets (CDAs) related to target set equipment. Entergy Nuclear Operations, Inc. | |||
(ENO) requested to modify the scope of Milestone #6 to apply to the technical cyber security controls only. The operational and management controls, as described in NEI 08-09, Revision 6 guidance, would be implemented concurrent with the full implementation of the Cyber Security Program (Milestone #8). Thus, all CSP activities would be fully implemented by the completion date, identified in Milestone #8 of the licensee's CSP implementation schedule. | |||
This license amendment is effective as of the date of its issuance and shall be implemented by December 31, 2012. | |||
V. P. Operations - 2 A copy of the related Safety Evaluation is enclosed. A Notice of Issuance will be included in the Commission's next regular biweekly Federal Register notice. | |||
Sincerely, Mohan C. Thadani, Senior Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-333 | |||
==Enclosures:== | |||
: 1. Amendment No. 303 to DPR-59 | |||
: 2. Safety Evaluation cc w/encls: Distribution via Listserv | |||
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 ENTERGY NUCLEAR FITZPATRICK, LLC AND ENTERGY NUCLEAR OPERATIONS, INC. | |||
DOCKET NO. 50-333 JAMES A. FITZPATRICK NUCLEAR POWER PLANT AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 303 Renewed Facility Operating license No. DPR-59 | |||
: 1. The Nuclear Regulatory Commission (the Commission) has found that: | |||
A. The application for amendment by Entergy Nuclear Operations, Inc. (the licensee) dated June 22, 2012, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act) and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied. | |||
-2 | |||
: 2. Accordingly, the license is amended as indicated in the attachment to this license amendment, and paragraph 2.C.(2) of Renewed Facility Operating License No. DPR-59 is hereby amended to read as follows: | |||
(2) Technical Specifications The Technical Specifications contained in Appendix A, as revised through Amendment No. 303, are hereby incorporated in the renewed operating license. | |||
The licensee shall operate the facility in accordance with the Technical Specifications. | |||
Further, the following paragraph is added to the existing License Condition 2.0: | |||
"ENO shall fully implement and maintain in effect all provisions of the Commission approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). ENO CSP was approved by License Amendment No. 300, as supplemented by a change approved by License Amendment No. 303." | |||
: 3. This license amendment is effective as of the date of its issuance and shall be implemented by December 31,2012. | |||
FOR THE NUCLEAR REGULATORY COMMISSION George A. Wilson, Chief Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation | |||
==Attachment:== | |||
Changes to the Renewed Facility Operating License Date of Issuance: December 12, 2012 | |||
ATTACHMENT TO LICENSE AMENDMENT AMENDMENT NO. 303 RENEWED FACILITY OPERATING LICENSE NO. DPR-59 DOCKET NO. 50-333 Replace the following pages of the License with the attached revised pages. The revised pages are identified by amendment number and contain marginal lines indicating the areas of change. | |||
Remove Pages Insert Pages Page 3 Page 3 Page 5 Page 5 | |||
-3 (4) ENO pursuant to the Act and 10 CFR Parts 30, 40, and 70 to receive, possess, and use, at any time, any byproduct, source and special nuclear material without restriction to chemical or physical form, for sample analysis or instrument calibration; or associated with radioactive apparatus, components or tools.. | |||
(5) Pursuant to the Act and 10 CFR Parts 30 and 70, to possess, but not separate, such byproduct and special nuclear materials as may be produced by the operation of the faCility. | |||
C. This renewed operating license shall be deemed to contain and is subject to the conditions specified in the following Commission regulations in 10 CFR Chapter I: Part 20, Section 30.34 of Part 30, Section 40.41 of Part 40, Sections 50.54 and 50.59 of Part 50, and Section 70.32 of Part 70; and is subject to all applicable provisions of the Act and to the rules, regulations, and orders of the CommiSSion now or hereafter in effect; and is subject to the additional conditions specified or incorporated below: | |||
(1) Maximum Power Level ENO is authorized to operate the facility at steady state reactor core power levels not in excess of 2536 megawatts (thermal). | |||
(2) Technical SpeCifications The Technical Specifications contained in Appendix A, as revised through Amendment No. ,are hereby incorporated in the renewed operating license. The licensee shall operate the facility in accordance with the Technical Specifications. | |||
(3) Fire Protection ENO shall implement and maintain in effect all provisions of the approved fire protections program as described in the Final Safety AnalysiS Report for the facility and as approved in the SER dated November 20, 1972; the SER Supplement No.1 dated February 1, 1973; the SER Supplement No.2 dated October 4, 1974; the SER dated August 1, 1979; the SER Supplement dated October 3, 1980; the SER Supplement dated February 13, 1981; the NRC Letter dated February 24, 1981; Technical Specification Amendments 34 (dated January 31, 1978), 80 (dated May 22, 1984), 134 (dated July 19, 1989), 135 (dated September 5, 1989), 142 (dated October 23, 1989), 164 (dated August 10, 1990), 176 (dated January 16, 1992), 177 (dated February 10, 1992), 186 (dated February 19, 1993), | |||
190 (dated June 29,1993),191 (dated July 7,1993),206 (dated February 28, 1994) and 214 (dated June 27, 1994); and NRC Exemptions and associated safety evaluations dated April 26, 1983, July 1, 1983, January 11, 1985, April 30, 1986, September 15, 1986 and September 10, 1992 subject to the following provision: | |||
Amendment No. 303 | |||
-5 Safeguards Contingency Plan, Revision 0," submitted by letter dated October 26,2004, as supplemented by letter dated May 17, 2006. | |||
ENO shall fully implement in accordance with an NRC-approved implementation schedule and maintain in effect all provisions of the Commission-approved JAF Cyber Security Plan pursuant to 10 CFR 73.55(c)(6) and 10 CFR 73.54 (74 FR 13970) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The JAF Cyber Security Plan was approved by License Amendment No. 300 as supplemented by a change approved by License Amendment No. | |||
E. Power Uprate License Amendment Implementation The licensee shall complete the following actions as a condition of the approval of the power uprate license amendment. | |||
(1) Recirculation Pump Motor Vibration Perform monitoring of recirculation pump motor vibration during initial Cycle 13 power ascension for uprated power conditions. | |||
(2) Startup Test Program The licensee will follow a startup testing program, during Cycle 13 power ascension, as described in GE Licensing Topical Report NEDC-31897P-1, "Generic Guidelines for General Electric Boiling Water Reactor Power Uprate." The Startup test program includes system testing of such process control systems as the feedwater flow and main steam pressure control systems. The licensee will collect steady-state operational data during various portions of the power ascension to the higher licensed power level so that predicted equipment performance characteristics can be verified. The licensee will do the startup testing program in accordance with its procedures. The licensee's approach is in conformance with the test guidelines of GE Licensing Topical Report NEDC-31897P-1, "Generic Guidelines for General Electric Boiling Water Reactor Power Uprate." June 1991 (proprietary), GE Licensing Topical Report NEDO-31897, "Generic Guidelines for General Electric Boiling Water Reactor Power Uprate." February 1992 (nonproprietary), and NEDC 31897P-AA, Class III (proprietary), May 1992. | |||
(3) Human Factors The licensee will review the results of the Cycle 13 startup test program to determine any potential effects on operator training. Training issues identified will be incorporated in Licensed Operator training during 1997. Simulator discrepancies identified will be addressed in accordance with simulator Configuration Management procedural requirements. | |||
F. Additional Conditions The Additional Conditions contained in Appendix C, as revised through Amendment No. 289, are herby incorporated into this renewed operating license. ENO shall operate the facility in accordance with the Additional Conditions. | |||
Amendment No. 303 | |||
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NO. 303 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-59 ENTERGY NUCLEAR OPERATIONS, INC. | |||
JAMES A. FITZPATRICK NUCLEAR POWER PLANT DOCKET NO. 50-333 | |||
==1.0 INTRODUCTION== | |||
By application dated June 22,2012, (Agencywide Documents Access and Management System (ADAMS) Accession No. ML12178A412), Entergy Nuclear Operations, Inc. (Entergy, the licensee) requested changes to the renewed facility operating license for James A. Fitzpatrick Nuclear Power Plant (JAF). The proposed change would revise the scope of Cyber Security Plan (CSP) Implementation Schedule Milestone #6 and the existing license condition in the renewed facility operating license. Milestone #6 of the CSP implementation schedule concerns the identification, documentation, and implementation of cyber security controls (technical, operational, and management) for critical digital assets (CDAs) related to target set equipment. | |||
Entergy is requesting to mOdify the scope of Milestone #6 to apply to the technical cyber security controls only. The operational and management controls, as described in NEI 08-09, Revision 6 guidance, would be implemented concurrent with the full implementation of the Cyber Security Program (Milestone #8). Thus, all CSP activities would be fully implemented by the completion date, identified in Milestone #8 of the licensee's CSP implementation schedule. | |||
Portions of the application dated June 22, 2012, contain sensitive unclassified non-safeguards information and, accordingly, those portions are withheld from public disclosure. | |||
==2.0 REGULATORY EVALUATION== | |||
The U.S. Nuclear Regulatory Commission (NRC) staff reviewed and approved the licensee's existing CSP implementation schedule by License Amendment No. 300 dated August 19, 2011 (ADAMS Accession No. ML11152A011), concurrent with the incorporation of the CSP into the facility current licensing basis. The NRC staff considered the following regulatory requirements and guidance in its review of the current license amendment request to modify the existing CSP implementation schedule: | |||
* Title 10 of the Code of Federal Regulations (10 CFR) 73.54 states: "Each [CSP] | |||
submittal must include a proposed implementation schedule. Implementation of the licensee's cyber security program must be consistent with the approved schedule." | |||
-2 | |||
* The licensee's renewed facility operating license includes a license condition that requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved CSP. | |||
* Amendment No. 300, dated August 19, 2011, which approved the licensee's CSP and implementation schedule, included the following statement: "The implementation of the CSP, including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee on July 15, 2010, as supplemented by letters dated February 15, and April 4, 2011, and approved by the NRC staff with this license amendment. All subsequent changes to the NRC-approved CSP implementation schedule will require prior NRC approval pursuant to 10 CFR 50.90." | |||
* In a letter to the Nuclear Energy Institute (NEI) dated March 1, 2011 (ADAMS Accession No. ML110070348), the NRC staff acknowledged that the cyber security implementation schedule template was "written generically and licensees that use the template to develop their proposed implementation schedules may need to make changes to ensure the submitted schedule accurately accounts for site-specific activities." | |||
==3.0 TECHNICAL EVALUATION== | |||
Amendment No. 300 to Renewed Facility Operating License No. DPR-59 for JAF was issued on August 19, 2011. The NRC staff also approved the licensee's CSP implementation schedule, as discussed in the safety evaluation issued with the amendment. The implementation schedule had been submitted by the licensee based on a template prepared by NEI, which the NRC staff found acceptable for licensees to use to develop their CSP implementation schedules (ADAMS Accession No. ML110600218). The licensee's proposed implementation schedule for the Cyber Security Program identified completion dates and bases for the following eight milestones: | |||
: 1) Establish the Cyber Security Assessment Team (CSAT); | |||
: 2) Identify Critical Systems and CDAs; | |||
: 3) Install a deterministic one-way device between lower level devices and higher level devices; | |||
: 4) Implement the security control "Access Control For Portable And Mobile Devices"; | |||
Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds by incorporating the appropriate elements; | |||
: 5) Identify, document, and implement cyber security controls as per "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment; | |||
: 6) Commence ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and | |||
: 7) Fully implement the CSP. | |||
3.1 Licensee's Proposed Change Currently, Milestone #6 of JAF's CSP requires Entergy to identify, document, and implement cyber security controls for CDAs that could adversely impact the design function of physical security target set eqUipment by December 31,2012. These cyber security controls consist of | |||
- 3 technical, operational and management security controls. In its June 22,2012, application, Entergy proposed to modify Milestone #6 to change the scope of the cyber security controls due to be implemented on December 31,2012, to include only the NEI 08-09, Revision 6, Appendix D technical security controls. Entergy proposes to amend its CSP to provide that operational and management security controls, identified in Milestone #6, will be fully implemented by a later date, which is the completion date identified in Milestone #8 of the CSP implementation schedule. The licensee stated that implementing the technical cyber security controls for target set CDAs provides a high degree of protection against cyber-related attacks that could lead to radiological sabotage. The licensee further stated that many of its existing programs are primarily procedure-based programs and must be implemented in coordination with the comprehensive Cyber Security Program. The licensee also stated that the existing programs currently in place at JAF (e.g., physical protection, maintenance, configuration management, and operating experience) provide sufficient operational and management cyber security protection during the interim period until the Cyber Security Program is fully implemented. | |||
3.2 NRC Staff Evaluation The intent of the cyber security implementation schedule was for licensees to demonstrate ongoing implementation of their Cyber Security Program prior to full implementation, which is set for the date specified in Milestone #8. In addition to Milestone #6 and its associated activities, licensees will be completing six other milestones (Milestones #1 through #5 and Milestone #7) by December 31,2012. Activities include establishing a CSAT, identifying critical systems and CDAs, installing deterministic one-way devices between defensive levels, implementing access control for portable and mobile devices, implementing methods to observe and identify obvious cyber related tampering, and conducting ongoing monitoring and assessment activities for target set CDAs. In the aggregate, the interim milestones demonstrate ongoing implementation of the Cyber Security Program at JAF. | |||
The NRC staff has reviewed the licensee's evaluation of the proposed change in its submittal dated June 22,2012, and finds that by completing Milestones #1 through #5, Milestone #6 with implementation of technical controls to target set CDAs, and Milestone #7, JAF will have an acceptable level of cyber security protection until full program implementation is achieved. | |||
Technical cyber security controls include access controls, audit and accountability, CDA and communications protection, identification and authentication, and system hardening. These controls are executed by computer systems, as opposed to people, and consist of hardware and software controls that provide automated protection to a system or application. Implementation of technical cyber security controls promotes standardization, trust, interoperability, connectivity, automation, and increased efficiency. For these reasons, the NRC staff concludes that the licensee's approach is acceptable. | |||
The NRC staff also recognizes that full implementation of operational and management cyber security controls in accordance with requirements of the JAF CSP will be achieved with full irnplementation of the JAF Cyber Security Program by the date set in Milestone #8. That is, all required elements for the operational and management cyber security controls in accordance with the JAF CSP will be implemented in their entirety at the time of full implementation of the CSP. | |||
The licensee made a Regulatory Commitment in its application dated June 22,2012, however, the NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its May 9, 2011 letter to all operating reactor licensees (ADAMS Accession No. ML110980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRC-approved CSP implementation schedule, thus, will require prior NRC approval pursuant to 10 CFR 50.90. | |||
3.3 Revision to License Condition By application dated June 22,2012, the licensee proposed to modify the paragraph in the License Condition 2.D of Renewed Facility Operating License No. DPR-59 for James A. | |||
Fitzpatrick, which requires the licensee to fully implement and maintain in effect all provisions of the NRC-approved CSP. | |||
The paragraph in the License Condition 2.D of Renewed Operating License No. DPR-59 for James A. Fitzpatrick is modified to read as follows: | |||
"ENO shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). ENO CSP was approved by License Amendment No. 300, as supplemented by a change approved by License Amendment No. 303." | |||
3.4 Summary Based on its review of the licensee's application, the NRC staff concludes that the proposed changes to Milestone #6 of the licensee's CSP implementation schedule are acceptable. The NRC staff also concludes that, upon full implementation of the licensee's Cyber Security Program, the requirements of the licensee's CSP and 10 CFR 73.54 will be met. Therefore, the NRC staff finds the proposed changes acceptable. | |||
==4.0 STATE CONSULTATION== | |||
In accordance with the Commission's regulations, the New York State official was notified of the proposed issuance of the amendment. The State official had no comments. | |||
==5.0 ENVIRONMENTAL CONSIDERATION== | |||
This amendment relates solely to safeguards matters and does not involve any significant construction impacts. Accordingly, this amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51 .22(c)(12). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of this amendment. | |||
-5 | |||
==6.0 CONCLUSION== | |||
The NRC staff has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. | |||
Principal Contributor: M. Coflin Date: December 12, 2012 | |||
V. P. Operations -2 A copy of the related Safety Evaluation is enclosed. A Notice of Issuance will be included in the Commission's next regular biweekly Federal Register notice. | |||
Sincerely, IRA! | |||
Mohan C. Thadani, Senior Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-333 | |||
==Enclosures:== | |||
: 1. Amendment No. 303 to DPR-59 | |||
: 2. Safety Evaluation cc w/encls: Distribution via Listserv DISTRIBUTION: | |||
PUBLIC LPL 1-1 R/F RidsNrrDorlLPL1-1 RidsOGCMailCenter RidsNrrDssStsb RidsAcrsAcnwMailCenter RidsNsirDsplscpb RidsNrrPMFitzPatrick P. Pederson, NSIR/CSIRB RidsNrrLAKGoldstein MGray, RI M. Coflin, NSIR/CSIRB B. Vaidya, NRR/DORLlLPL 1-1 ADAMS Accession Number: ML12262A209 (*) No substantial change from SE Input Memo OFFICE LPLI-1/PM LPLI-1/PM LPLI-1/LA NSIR/CSIRB/BC OGC - NLO LPLI-1/BC LPLI-1/PM NAME BVaidya MThadani KGoldstein CErlanger(*) BMizuno GWilson MThadanii DATE 11/28/12 11/28/12 11/28/12 09/05/12 11/30/12 12/03/12 12/12/12 OFFICIAL RECORD COPY}} |
Latest revision as of 22:29, 11 November 2019
ML12262A209 | |
Person / Time | |
---|---|
Site: | FitzPatrick |
Issue date: | 12/12/2012 |
From: | Thadani M Plant Licensing Branch 1 |
To: | Entergy Nuclear Operations |
Thadani M, NRR/DORL/LPL1-1, 415-1476 | |
References | |
TAC ME9114 | |
Download: ML12262A209 (13) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555*0001 December 12, 2012 Vice President, Operations Entergy Nuclear Operations, Inc.
James A. FitzPatrick Nuclear Power Plant P.O. Box 110 Lycoming, NY 13093
SUBJECT:
JAMES A. FITZPATRICK NUCLEAR POWER PLANT - ISSUANCE OF AMENDMENT RE: CHANGES TO CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE MILESTONES (TAC NO. ME9114)
Dear Sir or Madam:
The Commission has issued the enclosed Amendment No. 303 to Renewed Facility Operating License (FOL) No. DPR-59 for the James A. FitzPatrick Nuclear Power Plant (JAF). The amendment is in response to your application dated June 22, 2012.
The amendment revised the scope of Cyber Security Plan (CSP) Implementation Schedule Milestone #6 and the existing license condition in the renewed facility operating license.
Milestone #6 of the CSP implementation schedule concerns the identification, documentation, and implementation of cyber security controls (technical. operational, and management) for critical digital assets (CDAs) related to target set equipment. Entergy Nuclear Operations, Inc.
(ENO) requested to modify the scope of Milestone #6 to apply to the technical cyber security controls only. The operational and management controls, as described in NEI 08-09, Revision 6 guidance, would be implemented concurrent with the full implementation of the Cyber Security Program (Milestone #8). Thus, all CSP activities would be fully implemented by the completion date, identified in Milestone #8 of the licensee's CSP implementation schedule.
This license amendment is effective as of the date of its issuance and shall be implemented by December 31, 2012.
V. P. Operations - 2 A copy of the related Safety Evaluation is enclosed. A Notice of Issuance will be included in the Commission's next regular biweekly Federal Register notice.
Sincerely, Mohan C. Thadani, Senior Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-333
Enclosures:
- 1. Amendment No. 303 to DPR-59
- 2. Safety Evaluation cc w/encls: Distribution via Listserv
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 ENTERGY NUCLEAR FITZPATRICK, LLC AND ENTERGY NUCLEAR OPERATIONS, INC.
DOCKET NO. 50-333 JAMES A. FITZPATRICK NUCLEAR POWER PLANT AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 303 Renewed Facility Operating license No. DPR-59
- 1. The Nuclear Regulatory Commission (the Commission) has found that:
A. The application for amendment by Entergy Nuclear Operations, Inc. (the licensee) dated June 22, 2012, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act) and the Commission's rules and regulations set forth in 10 CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public, and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; and The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied.
-2
- 2. Accordingly, the license is amended as indicated in the attachment to this license amendment, and paragraph 2.C.(2) of Renewed Facility Operating License No. DPR-59 is hereby amended to read as follows:
(2) Technical Specifications The Technical Specifications contained in Appendix A, as revised through Amendment No. 303, are hereby incorporated in the renewed operating license.
The licensee shall operate the facility in accordance with the Technical Specifications.
Further, the following paragraph is added to the existing License Condition 2.0:
"ENO shall fully implement and maintain in effect all provisions of the Commission approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). ENO CSP was approved by License Amendment No. 300, as supplemented by a change approved by License Amendment No. 303."
- 3. This license amendment is effective as of the date of its issuance and shall be implemented by December 31,2012.
FOR THE NUCLEAR REGULATORY COMMISSION George A. Wilson, Chief Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation
Attachment:
Changes to the Renewed Facility Operating License Date of Issuance: December 12, 2012
ATTACHMENT TO LICENSE AMENDMENT AMENDMENT NO. 303 RENEWED FACILITY OPERATING LICENSE NO. DPR-59 DOCKET NO. 50-333 Replace the following pages of the License with the attached revised pages. The revised pages are identified by amendment number and contain marginal lines indicating the areas of change.
Remove Pages Insert Pages Page 3 Page 3 Page 5 Page 5
-3 (4) ENO pursuant to the Act and 10 CFR Parts 30, 40, and 70 to receive, possess, and use, at any time, any byproduct, source and special nuclear material without restriction to chemical or physical form, for sample analysis or instrument calibration; or associated with radioactive apparatus, components or tools..
(5) Pursuant to the Act and 10 CFR Parts 30 and 70, to possess, but not separate, such byproduct and special nuclear materials as may be produced by the operation of the faCility.
C. This renewed operating license shall be deemed to contain and is subject to the conditions specified in the following Commission regulations in 10 CFR Chapter I: Part 20, Section 30.34 of Part 30, Section 40.41 of Part 40, Sections 50.54 and 50.59 of Part 50, and Section 70.32 of Part 70; and is subject to all applicable provisions of the Act and to the rules, regulations, and orders of the CommiSSion now or hereafter in effect; and is subject to the additional conditions specified or incorporated below:
(1) Maximum Power Level ENO is authorized to operate the facility at steady state reactor core power levels not in excess of 2536 megawatts (thermal).
(2) Technical SpeCifications The Technical Specifications contained in Appendix A, as revised through Amendment No. ,are hereby incorporated in the renewed operating license. The licensee shall operate the facility in accordance with the Technical Specifications.
(3) Fire Protection ENO shall implement and maintain in effect all provisions of the approved fire protections program as described in the Final Safety AnalysiS Report for the facility and as approved in the SER dated November 20, 1972; the SER Supplement No.1 dated February 1, 1973; the SER Supplement No.2 dated October 4, 1974; the SER dated August 1, 1979; the SER Supplement dated October 3, 1980; the SER Supplement dated February 13, 1981; the NRC Letter dated February 24, 1981; Technical Specification Amendments 34 (dated January 31, 1978), 80 (dated May 22, 1984), 134 (dated July 19, 1989), 135 (dated September 5, 1989), 142 (dated October 23, 1989), 164 (dated August 10, 1990), 176 (dated January 16, 1992), 177 (dated February 10, 1992), 186 (dated February 19, 1993),
190 (dated June 29,1993),191 (dated July 7,1993),206 (dated February 28, 1994) and 214 (dated June 27, 1994); and NRC Exemptions and associated safety evaluations dated April 26, 1983, July 1, 1983, January 11, 1985, April 30, 1986, September 15, 1986 and September 10, 1992 subject to the following provision:
Amendment No. 303
-5 Safeguards Contingency Plan, Revision 0," submitted by letter dated October 26,2004, as supplemented by letter dated May 17, 2006.
ENO shall fully implement in accordance with an NRC-approved implementation schedule and maintain in effect all provisions of the Commission-approved JAF Cyber Security Plan pursuant to 10 CFR 73.55(c)(6) and 10 CFR 73.54 (74 FR 13970) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The JAF Cyber Security Plan was approved by License Amendment No. 300 as supplemented by a change approved by License Amendment No.
E. Power Uprate License Amendment Implementation The licensee shall complete the following actions as a condition of the approval of the power uprate license amendment.
(1) Recirculation Pump Motor Vibration Perform monitoring of recirculation pump motor vibration during initial Cycle 13 power ascension for uprated power conditions.
(2) Startup Test Program The licensee will follow a startup testing program, during Cycle 13 power ascension, as described in GE Licensing Topical Report NEDC-31897P-1, "Generic Guidelines for General Electric Boiling Water Reactor Power Uprate." The Startup test program includes system testing of such process control systems as the feedwater flow and main steam pressure control systems. The licensee will collect steady-state operational data during various portions of the power ascension to the higher licensed power level so that predicted equipment performance characteristics can be verified. The licensee will do the startup testing program in accordance with its procedures. The licensee's approach is in conformance with the test guidelines of GE Licensing Topical Report NEDC-31897P-1, "Generic Guidelines for General Electric Boiling Water Reactor Power Uprate." June 1991 (proprietary), GE Licensing Topical Report NEDO-31897, "Generic Guidelines for General Electric Boiling Water Reactor Power Uprate." February 1992 (nonproprietary), and NEDC 31897P-AA, Class III (proprietary), May 1992.
(3) Human Factors The licensee will review the results of the Cycle 13 startup test program to determine any potential effects on operator training. Training issues identified will be incorporated in Licensed Operator training during 1997. Simulator discrepancies identified will be addressed in accordance with simulator Configuration Management procedural requirements.
F. Additional Conditions The Additional Conditions contained in Appendix C, as revised through Amendment No. 289, are herby incorporated into this renewed operating license. ENO shall operate the facility in accordance with the Additional Conditions.
Amendment No. 303
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NO. 303 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-59 ENTERGY NUCLEAR OPERATIONS, INC.
JAMES A. FITZPATRICK NUCLEAR POWER PLANT DOCKET NO. 50-333
1.0 INTRODUCTION
By application dated June 22,2012, (Agencywide Documents Access and Management System (ADAMS) Accession No. ML12178A412), Entergy Nuclear Operations, Inc. (Entergy, the licensee) requested changes to the renewed facility operating license for James A. Fitzpatrick Nuclear Power Plant (JAF). The proposed change would revise the scope of Cyber Security Plan (CSP) Implementation Schedule Milestone #6 and the existing license condition in the renewed facility operating license. Milestone #6 of the CSP implementation schedule concerns the identification, documentation, and implementation of cyber security controls (technical, operational, and management) for critical digital assets (CDAs) related to target set equipment.
Entergy is requesting to mOdify the scope of Milestone #6 to apply to the technical cyber security controls only. The operational and management controls, as described in NEI 08-09, Revision 6 guidance, would be implemented concurrent with the full implementation of the Cyber Security Program (Milestone #8). Thus, all CSP activities would be fully implemented by the completion date, identified in Milestone #8 of the licensee's CSP implementation schedule.
Portions of the application dated June 22, 2012, contain sensitive unclassified non-safeguards information and, accordingly, those portions are withheld from public disclosure.
2.0 REGULATORY EVALUATION
The U.S. Nuclear Regulatory Commission (NRC) staff reviewed and approved the licensee's existing CSP implementation schedule by License Amendment No. 300 dated August 19, 2011 (ADAMS Accession No. ML11152A011), concurrent with the incorporation of the CSP into the facility current licensing basis. The NRC staff considered the following regulatory requirements and guidance in its review of the current license amendment request to modify the existing CSP implementation schedule:
- Title 10 of the Code of Federal Regulations (10 CFR) 73.54 states: "Each [CSP]
submittal must include a proposed implementation schedule. Implementation of the licensee's cyber security program must be consistent with the approved schedule."
-2
- The licensee's renewed facility operating license includes a license condition that requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved CSP.
- Amendment No. 300, dated August 19, 2011, which approved the licensee's CSP and implementation schedule, included the following statement: "The implementation of the CSP, including the key intermediate milestone dates and the full implementation date, shall be in accordance with the implementation schedule submitted by the licensee on July 15, 2010, as supplemented by letters dated February 15, and April 4, 2011, and approved by the NRC staff with this license amendment. All subsequent changes to the NRC-approved CSP implementation schedule will require prior NRC approval pursuant to 10 CFR 50.90."
- In a letter to the Nuclear Energy Institute (NEI) dated March 1, 2011 (ADAMS Accession No. ML110070348), the NRC staff acknowledged that the cyber security implementation schedule template was "written generically and licensees that use the template to develop their proposed implementation schedules may need to make changes to ensure the submitted schedule accurately accounts for site-specific activities."
3.0 TECHNICAL EVALUATION
Amendment No. 300 to Renewed Facility Operating License No. DPR-59 for JAF was issued on August 19, 2011. The NRC staff also approved the licensee's CSP implementation schedule, as discussed in the safety evaluation issued with the amendment. The implementation schedule had been submitted by the licensee based on a template prepared by NEI, which the NRC staff found acceptable for licensees to use to develop their CSP implementation schedules (ADAMS Accession No. ML110600218). The licensee's proposed implementation schedule for the Cyber Security Program identified completion dates and bases for the following eight milestones:
- 1) Establish the Cyber Security Assessment Team (CSAT);
- 2) Identify Critical Systems and CDAs;
- 3) Install a deterministic one-way device between lower level devices and higher level devices;
- 4) Implement the security control "Access Control For Portable And Mobile Devices";
Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds by incorporating the appropriate elements;
- 5) Identify, document, and implement cyber security controls as per "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment;
- 6) Commence ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and
- 7) Fully implement the CSP.
3.1 Licensee's Proposed Change Currently, Milestone #6 of JAF's CSP requires Entergy to identify, document, and implement cyber security controls for CDAs that could adversely impact the design function of physical security target set eqUipment by December 31,2012. These cyber security controls consist of
- 3 technical, operational and management security controls. In its June 22,2012, application, Entergy proposed to modify Milestone #6 to change the scope of the cyber security controls due to be implemented on December 31,2012, to include only the NEI 08-09, Revision 6, Appendix D technical security controls. Entergy proposes to amend its CSP to provide that operational and management security controls, identified in Milestone #6, will be fully implemented by a later date, which is the completion date identified in Milestone #8 of the CSP implementation schedule. The licensee stated that implementing the technical cyber security controls for target set CDAs provides a high degree of protection against cyber-related attacks that could lead to radiological sabotage. The licensee further stated that many of its existing programs are primarily procedure-based programs and must be implemented in coordination with the comprehensive Cyber Security Program. The licensee also stated that the existing programs currently in place at JAF (e.g., physical protection, maintenance, configuration management, and operating experience) provide sufficient operational and management cyber security protection during the interim period until the Cyber Security Program is fully implemented.
3.2 NRC Staff Evaluation The intent of the cyber security implementation schedule was for licensees to demonstrate ongoing implementation of their Cyber Security Program prior to full implementation, which is set for the date specified in Milestone #8. In addition to Milestone #6 and its associated activities, licensees will be completing six other milestones (Milestones #1 through #5 and Milestone #7) by December 31,2012. Activities include establishing a CSAT, identifying critical systems and CDAs, installing deterministic one-way devices between defensive levels, implementing access control for portable and mobile devices, implementing methods to observe and identify obvious cyber related tampering, and conducting ongoing monitoring and assessment activities for target set CDAs. In the aggregate, the interim milestones demonstrate ongoing implementation of the Cyber Security Program at JAF.
The NRC staff has reviewed the licensee's evaluation of the proposed change in its submittal dated June 22,2012, and finds that by completing Milestones #1 through #5, Milestone #6 with implementation of technical controls to target set CDAs, and Milestone #7, JAF will have an acceptable level of cyber security protection until full program implementation is achieved.
Technical cyber security controls include access controls, audit and accountability, CDA and communications protection, identification and authentication, and system hardening. These controls are executed by computer systems, as opposed to people, and consist of hardware and software controls that provide automated protection to a system or application. Implementation of technical cyber security controls promotes standardization, trust, interoperability, connectivity, automation, and increased efficiency. For these reasons, the NRC staff concludes that the licensee's approach is acceptable.
The NRC staff also recognizes that full implementation of operational and management cyber security controls in accordance with requirements of the JAF CSP will be achieved with full irnplementation of the JAF Cyber Security Program by the date set in Milestone #8. That is, all required elements for the operational and management cyber security controls in accordance with the JAF CSP will be implemented in their entirety at the time of full implementation of the CSP.
The licensee made a Regulatory Commitment in its application dated June 22,2012, however, the NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its May 9, 2011 letter to all operating reactor licensees (ADAMS Accession No. ML110980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRC-approved CSP implementation schedule, thus, will require prior NRC approval pursuant to 10 CFR 50.90.
3.3 Revision to License Condition By application dated June 22,2012, the licensee proposed to modify the paragraph in the License Condition 2.D of Renewed Facility Operating License No. DPR-59 for James A.
Fitzpatrick, which requires the licensee to fully implement and maintain in effect all provisions of the NRC-approved CSP.
The paragraph in the License Condition 2.D of Renewed Operating License No. DPR-59 for James A. Fitzpatrick is modified to read as follows:
"ENO shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). ENO CSP was approved by License Amendment No. 300, as supplemented by a change approved by License Amendment No. 303."
3.4 Summary Based on its review of the licensee's application, the NRC staff concludes that the proposed changes to Milestone #6 of the licensee's CSP implementation schedule are acceptable. The NRC staff also concludes that, upon full implementation of the licensee's Cyber Security Program, the requirements of the licensee's CSP and 10 CFR 73.54 will be met. Therefore, the NRC staff finds the proposed changes acceptable.
4.0 STATE CONSULTATION
In accordance with the Commission's regulations, the New York State official was notified of the proposed issuance of the amendment. The State official had no comments.
5.0 ENVIRONMENTAL CONSIDERATION
This amendment relates solely to safeguards matters and does not involve any significant construction impacts. Accordingly, this amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51 .22(c)(12). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of this amendment.
-5
6.0 CONCLUSION
The NRC staff has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.
Principal Contributor: M. Coflin Date: December 12, 2012
V. P. Operations -2 A copy of the related Safety Evaluation is enclosed. A Notice of Issuance will be included in the Commission's next regular biweekly Federal Register notice.
Sincerely, IRA!
Mohan C. Thadani, Senior Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-333
Enclosures:
- 1. Amendment No. 303 to DPR-59
- 2. Safety Evaluation cc w/encls: Distribution via Listserv DISTRIBUTION:
PUBLIC LPL 1-1 R/F RidsNrrDorlLPL1-1 RidsOGCMailCenter RidsNrrDssStsb RidsAcrsAcnwMailCenter RidsNsirDsplscpb RidsNrrPMFitzPatrick P. Pederson, NSIR/CSIRB RidsNrrLAKGoldstein MGray, RI M. Coflin, NSIR/CSIRB B. Vaidya, NRR/DORLlLPL 1-1 ADAMS Accession Number: ML12262A209 (*) No substantial change from SE Input Memo OFFICE LPLI-1/PM LPLI-1/PM LPLI-1/LA NSIR/CSIRB/BC OGC - NLO LPLI-1/BC LPLI-1/PM NAME BVaidya MThadani KGoldstein CErlanger(*) BMizuno GWilson MThadanii DATE 11/28/12 11/28/12 11/28/12 09/05/12 11/30/12 12/03/12 12/12/12 OFFICIAL RECORD COPY