RIS 2005-31, Official Exhibit - Mandatory Hearing - AES000056-MA-BD01 - NRC Regulatory Issue Summary 2005-31, Control of Security-Related Sensitive Unclassified Non-Safeguards Information Handled by Individuals, Firms & Entities Subject to NRC Regula: Difference between revisions

Nuclear Regulatory Commission Exhibit # - AES000056-MA-BD01 Docket # - 07007015 Identified: 01/25/2011 Admitted: 01/25/2011 Withdrawn:

Rejected: Stricken:

Exh. AES000056 UNITED STATES

NUCLEAR REGULATORY COMMISSION

OFFICE OF NUCLEAR MATERIAL SAFETY AND SAFEGUARDS

WASHINGTON, D.C. 20555-0001 December 22, 2005 NRC REGULATORY ISSUE SUMMARY 2005-31 CONTROL OF SECURITY-RELATED SENSITIVE UNCLASSIFIED NON-

SAFEGUARDS INFORMATION HANDLED BY INDIVIDUALS, FIRMS,

AND ENTITIES SUBJECT TO NRC REGULATION OF THE USE OF

SOURCE, BYPRODUCT, AND SPECIAL NUCLEAR MATERIAL

ADDRESSEES

All licensees, certificate holders, applicants, and other entities (hereafter referred to as licensees and others) subject to regulation by the U.S. Nuclear Regulatory Commission (NRC)

of the use of source, byproduct, and special nuclear material, except for those as covered by provisions of Regulatory Issue Summary (RIS) 2005-26 for nuclear power reactors.

INTENT

This RIS sets forth procedures that licensees and others are encouraged to follow when handling documents and/or when submitting documents to the NRC that contain security- related sensitive information, other than classified or safeguards information, that could be useful, or could reasonably be expected to be useful, to a terrorist in a potential attack.

Attached to this RIS are screening criteria that licensees and others should use to identify security-related sensitive information.

No specific action nor written response is required.

BACKGROUND

NRC traditionally has given the public access to a significant amount of information about the facilities and materials the Agency regulates. Openness has been and remains a cornerstone of NRCs regulatory philosophy. The Atomic Energy Act, subsequent legislation, and various NRC regulations have given the public the right to participate in the licensing and oversight process for NRC licensees. To participate in a meaningful way, the public must have access to information about the design and operation of regulated facilities and use of nuclear materials.

However, NRC and other Government agencies have always withheld some information from public disclosure for reasons of security, personal privacy, or commercial or trade secret protection.

In the post-September 11, 2001, environment, NRC, like many other agencies, has found it necessary to be more judicious in determining what information to voluntarily release, so as not to inadvertently provide assistance to those who might use certain information for malevolent acts. NRC has issued orders and advisories and taken specific actions regarding the security of its licensed facilities and has also assessed and revised its policies and practices for making information available to the public. One of the actions NRC took was to suspend public access to documents in its electronic Agency-wide Documents Access and Management System (ADAMS) on October 25, 2004. Subsequently, NRC screened those documents to determine whether they contained security-related sensitive information. Based on this screening, a large number of documents were returned to public access in ADAMS. This screening process continues as requests for specific documents are received and as new documents are created by NRC and received from licensees and others.

To facilitate this screening process, NRC has developed screening criteria for conducting its reviews. In November 2005, NRC issued guidance (NRC RIS 2005-26) for assessing whether documents associated with reactor licensees should be made publicly available. As part of the continuing efforts in this area, NRC has now developed the attached criteria for screening from public disclosure security-related sensitive information associated with various NRC-regulated activities of persons handling source, byproduct, and special nuclear material.

This RIS and its attachments do not apply to classified information or Safeguards Information.

Classified information (Confidential, Secret, Top Secret) is withheld from the public by law.

Safeguards Information is withheld because it provides details of security measures at nuclear facilities. Handling requirements for classified information and Safeguards Information are set forth in various NRC orders, regulations, and generic communications (e.g., requirements for the handling and protection of Safeguards Information are discussed in RIS-2003-08, Protection of Safeguards Information from Unauthorized Disclosure, dated April 30, 2003).

Sensitive (but unclassified, non-safeguards) information covers a range of information for which the loss, misuse, modification, or unauthorized access can reasonably be foreseen to harm the public interest, commercial or financial interests of an entity, the conduct of NRC and Federal Programs, or the personal privacy of individuals. As noted above, this RIS covers security- related information which, if released, could cause harm to the public interest as it could be useful, or could reasonably be expected to be useful, to a terrorist in a potential attack.

Specifically, information that should be protected under this RIS is described in Attachment 2.

In addition, licensees and others should use the procedures set forth below to protect information designated for protection by other federal, State, or local agencies.

SUMMARY OF ISSUE

This RIS:

1) Informs licensees and others of the screening criteria that NRC uses to identify and protect security-related sensitive information in documents generated by the Agency and in documents received from licensees and others;

2) Encourages licensees and others to identify security-related sensitive information contained in documents submitted to NRC, by using the screening criteria in Attachment 2 and marking procedures; and 3) Encourages licensees and others that may possess security-related sensitive information to control the information, to limit the risk that the information might fall into the hands of those who would use it for malevolent acts.

Specifically, protection of the information should be implemented in the following manner:

1. Screening of Future Documents Submitted to NRC

To assure that future submittals containing security-related sensitive information are not made publicly available in ADAMS, while still making other appropriate information available to the public, NRC is encouraging licensees and others to screen submittals in accordance with the guidance in Attachment 2. If practical, documents submitted to NRC should avoid including security-related sensitive information to permit releasing the document to the public in its entirety.

2. Marking and Submitting Documents Containing Security-Related Sensitive Information If it is necessary to include security-related sensitive information in a submitted document, the submittal should be marked to indicate the presence of such information as follows:

a) The cover letter should clearly state that the attached documents contain security-related sensitive information. When separated from the attached documents, if the cover letter itself does not contain security-related sensitive information, the cover letter itself is uncontrolled.

b) As shown in Attachment 1 (Section A), the top of every page of a letter or document that contains security-related sensitive information should include the marking Security-Related Information Withhold Under 10 CFR 2.390 (note that NRCs procedure for these documents is to mark them as Official Use Only

- Security-Related Information). For the pages having security-related sensitive information, an additional marking (e.g., an editorial notebox) should be included adjacent to the material meeting the screening criteria in Attachment 2.

Information on suggested handling and methods of submittal of security-related sensitive information is also contained in Attachment 1 (Section B).

Licensees and others can submit both a public and a non-public version of a document, when security-related documents need to be submitted. The public version could have the security-related sensitive information marked out or removed with a notation that the information was withheld on the basis that it is Security-Related Information. This is similar to what is sometimes done to protect proprietary information under 10 CFR

2.390, except that an affidavit is not needed. Alternatively, security-related sensitive information could be segregated from the main body of the document and included only in attachments to the submittal. Only the attachments containing security-related sensitive information would be marked for withholding from public disclosure. Using this approach, the public version need not be marked as containing security-related sensitive information. 3. Protection of Security-Related Sensitive Information Documents that contain security-related sensitive information should be protected from public disclosure, using methods similar to that for protecting proprietary information.

To the extent practicable, any existing documents containing security-related sensitive information that licensees or others have previously made available to the public should be withdrawn from public access. As with proprietary information, licensees and others should have sufficient internal controls to prevent release of information. Possible methods to prevent the inadvertent release of security-related sensitive information include marking documents Security-Related Information - Withhold Under 10 CFR

2.390, restricting access to electronic recordkeeping systems that contain such information, and controlling the reproduction, distribution, and destruction of potentially sensitive records. Licensees and others should ensure that similar controls are in place when security-related sensitive information is provided to outside parties such as contractors or other Government agencies, and that the information is made available only to such parties who have a need to know the information to perform their jobs and who are made aware of the security-related nature of the information.

This RIS, the attached screening criteria, and additional explanatory material, as appropriate, are also posted on the NRC Web site at http://www.nrc.gov/reading-rm/sensitive-info.html)

(note that the criteria for fuel cycle facilities in this website and in this RIS supercedes information at http://www.nrc.gov/materials/fuel-cycle-fac/review-criteria-fuel-cycle.html).

The NRC staff will interact with licensees and others on a case-by-case basis to resolve questions regarding the application of the procedures and screening criteria set forth in this RIS

and its attachments.

NRC will continue to make available to the public as much information as possible. Much of NRCs information is readily available to the public via the NRC Web site (www.nrc.gov) and NRCs ADAMS system (www.nrc.gov/reading-rm/adams.html). In addition, other information may be released to the public in response to formal and/or informal requests. Although the security-related sensitive information screening criteria were developed with the principles of the Freedom of Information Act (FOIA) in mind, a review for security-related sensitive information does not substitute for a FOIA review. FOIA requests will continue to be reviewed and processed independently from the security-related sensitive information review process.

BACKFIT DISCUSSION

This RIS requires no action nor written response and is, therefore, not a backfit under 10 CFR 70.76, 72.62, or 76.76. Consequently, the NRC staff did not perform a backfit analysis.

FEDERAL REGISTER NOTIFICATION

A notice of opportunity for public comment on this RIS was not published in the Federal Register because it is informational and does not represent a departure from current regulatory requirements and practice. SMALL BUSINESS REGULATORY ENFORCEMENT FAIRNESS ACT OF 1996 NRC has determined that this action is not subject to the Small Business Regulatory Enforcement Fairness Act of 1996.

PAPERWORK REDUCTION ACT STATEMENT

This RIS does not contain information collections and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501, et seq.).

Please direct any questions about this matter to the technical contacts listed below.

/RA/

Charles L. Miller, Director Division of Industrial and Medical Nuclear Safety Office of Nuclear Material Safety and Safeguards Technical Contacts:

Spent Fuel Storage and Materials IMNS/Regional Transportation Fuel Cycle Paul Goldberg, NMSS/IMNS Joe Sebrosky, NMSS/SFPO Patricia Silva, NMSS/FCSS

301-415-7842 301-415-1132 301-415-8029 E-mail: pfg@nrc.gov E-mail: jms3@nrc.gov E-mail: pas6@nrc.gov Decommissioning HLWRS Import/Export Ted Carter, NMSS/DWMEP Alexander Sapountzis Stephen Dembek

301-415-6668 301-415-7822 301-415-2342 E-mail: thc1@nrc.gov E-mail: aps@nrc.gov E-mail: sxd@nrc.gov Attachments:

1. Suggested Markings; Withhold From Public Disclosure in Accordance With 10 CFR 2.390

2. NMSS Guidance on Screening Criteria for Security-Related Sensitive Unclassified Non- Safeguards Information

3. List of Recently Issued NMSS Generic Communications

Attachment 1 RIS-2005-31 SUGGESTED MARKINGS AND HANDLING

This attachment provides information on suggested markings for pages of a document that contains security-related sensitive information (Section A) and suggested handling of such documents (Section B).

A. Page Markings Overall page marking on the top of all pages of a document that contains security-related sensitive information Security-Related Information Note that a cover letter should clearly state Withhold Under 10 CFR 2.390 that attached documents contain security- related sensitive information - - However, this marking is also needed on the cover letter only if it itself contains security- related sensitive information.

Subject Ensure Subject Line is non-sensitive XXXXXXXXXX

XXXXXXXXXX

XXXXXXXXXX

XXXXXXXXXX

Attachment 1 RIS-2005-31 B. Appropriate Controls for Handling Documents Access: Need-to-know in order to perform official licensee, applicant or entity functions.

Storage: Openly within licensee, applicant, or other entity facilities with electronic or other access controls, for example, key cards, guards, alarms.

Mail: U.S. Postal Service first class mail, registered mail, express mail, or certified mail in single opaque envelope with no external markings to indicate 10 CFR 2.390 contents.

Electronic Transmission: Over phone if the recipient is confirmed as being authorized to access the information; over facsimile if it is confirmed that a recipient who is authorized to access the information will be present to receive the transmission;

over encrypted computer e-mail (using computer software such as SecureZip).

Note that NRC is using SecureZip when transmitting security- related sensitive information by e-mail to licensees and others to encrypt electronic information. Users will be prompted for a password to access a free download of the reader.

Attachment 2 NMSS GUIDANCE

SCREENING CRITERIA FOR SECURITY-RELATED

SENSITIVE UNCLASSIFIED NON-SAFEGUARDS INFORMATION

DECEMBER 2005

-1-

Attachment 2 SCREENING CRITERIA FOR SECURITY-RELATED

SENSITIVE UNCLASSIFIED NON-SAFEGUARDS INFORMATION

DECEMBER 2005 INTRODUCTION:

This guidance provides the criteria which will be used to determine the types of security-related sensitive information, other than classified or safeguards information, associated with materials licensees, applicants, certificate holders, and other entities that will not be voluntarily disclosed to the public so as not to inadvertently provide assistance to those who might wish to use this information for malevolent acts.

BACKGROUND

Historically, the Nuclear Regulatory Commission (NRC) has made routinely available to the public large amounts of information, more than required by law. In the post-September 11,

2001 environment, however, like many other agencies, the NRC has found it necessary to be more judicious in what it voluntarily releases, so as not to inadvertently provide assistance to those who might use this information for malevolent acts.

The NRC developed guidance several months ago for conducting a broad security/sensitivity review to assess whether documents associated with reactor licensees should be made publicly available in the first instance as a matter of administrative discretion (SECY-04-0191). In November 2005, the NRC issued guidance (NRC RIS 2005-26) in this area. As part of the continuing efforts in this area, the NRC has now developed this guidance which addresses the criteria for screening from public disclosure certain types of information associated with various classes of materials licensees, applicants, certificate holders and other entities.

Consistent with the Task Force Report on Public Disclosure of Security-Related Information, (SECY 05-0091) and the Commission guidance on that Task Force Report, the screening criteria in these guidelines ...should follow the principles for withholding security-related information under FOIA. Although the security-related sensitive screening criteria were developed with the principles of the Freedom of Information Act (FOIA) in mind, a review for security-related sensitive information does not substitute for a FOIA review. FOIA requests will continue to be reviewed and processed independently from the security-related sensitive information review process.

ORGANIZATION OF THIS GUIDANCE:

This guidance is organized as follows (see Table 1 for an outline on navigating the guidance):

- Section 1 indicates the thresholds under which documents may be released to the public without any further screening. However, Section 1 also notes specific requirements for withholding documents in certain cases even if the documents fall under the threshold.

- Section 2 contains general criteria for screening documents above the threshold.

Attachment 2 - Appendices 1 - 5 contain guidance, in addition to that in Section 2, for screening documents specific to fuel cycle facilities; decommissioning and low-level waste sites;

medical, industrial, and academic uses of nuclear materials; spent fuel/transportation;

and export/import, respectively.

Table 1 Stakeholders Using This Guidance and Applicable Sections of the Guidance1 Stakeholder Applicable guidance Fuel cycle facilities including milling, Sections 1 and 2 for general information and conversion, enrichment and fuel fabrication Appendix 1.

facilities Decommissioning and low-level waste sites Sections 1 and 2 for general information and Appendix 2.

Medical, Industrial, and Academic Uses of Sections 1 and 2 for general information and Nuclear Materials Appendix 3.

10 CFR Part 71: certificate holders, and Sections 1 and 2 for general information and registered users Appendix 4, parts A, B, and E. Special attention should be given to the guidance relative to detailed design drawings, and control of registered users list for transportation packages.

10 CFR Part 71: Quality Assurance Program Sections 1 and 2 for general information and holders Appendix 4, parts A, B, and E. Based on NRC staff experience, most QA program holder submittals do not contain sensitive information as defined in this RIS. However, attention should be given to the guidance relative to detailed design drawings, and control of registered users list for transportation packages.

10 CFR Part 72: certificate holders, general Sections 1 and 2 for general information and licensees, and site specific licensees Appendix 4, parts A, B, C, D and E.

Export and Import Sections 1 and 2 for general information and Appendix 5.

1 With regards to High-Level Waste, requirements for making information publicly available via the Licensing Support Network (LSN) is contained in 1O CFR Part 2 Subpart J for an applicant of the proposed geological repository at Yucca Mountain in Nevada. Furthermore, the "Joint DOE and NRC Sensitive Unclassified Information and Classification Guide for the Office of Civilian Radioactive Waste Management Program" (CG-OCRWM-1) provides guidance for determining sensitive information.

Attachment 2 1. NMSS THRESHOLD CRITERIA:

Documents containing information falling under these thresholds may be released without any further screening, except as specifically noted.

A. Low Hazard: The following types of licensee files need NOT be screened due to the low hazard of the radioactive material at the sites:

- Licensees authorized to possess quantities of radionuclides in any single location that are below the International Atomic Energy Agencys (IAEA) Category 3 quantities (as listed in Table 1 of these guidelines). However, documents which give the exact location of the material should be withheld, even if they refer to material levels below the Category 3 threshold. Thus, a document may be released if it indicates a general location (i.e., in a certain building), but documents giving the exact location should be withheld unless the location is intuitively obvious.

- Licensees (other than fuel cycle) authorized to possess radionuclides which are not listed in Table 1. However, information on the exact location of this radioactive material should be withheld.

- Uranium recovery (yellow cake and tailings only)

- Current information on decommissioning materials sites with diffuse contamination only.

(Check for other active licenses or radioactive material at the site; e. g., high activity reactor components, and high activity waste. Screen any such documents separately.)

- Terminated licenses where all radioactivity except diffuse contamination has been removed. (Screen old files for operational information which may contain sensitive information.)

B. Information Readily Available to the Public Elsewhere:

Based on Reactor Criteria Approved by Commission (see SECY-04-0191):

- If the information is available from open source literature such as text books, Web sites, or other sources, an NRC decision to withhold the information may decrease the openness of our regulatory programs without obstructing an adversary.

- Information clearly visible from locations accessible to the public is generally released.

This includes general (low resolution) drawings of the site and adjacent areas.

Attachment 2 2. GENERAL CRITERIA FOR SCREENING DOCUMENTS ABOVE THE THRESHOLD

A. Descriptions of Facilities Where Licensed Material May Be Located Criteria:

(1) Locations and quantities of radioactive material (above the thresholds listed in Table 1)

- Withhold information identifying the exact locations of radioactive material

- Withhold information on possession limits or actual inventories of radionuclides.

- Withhold manufacturers and model numbers of sealed sources and devices.

- For fuel cycle facilities, withhold information on possession limits and inventories of enriched uranium above 6% U-235, and mixed oxide materials.

- Withhold lists of licensees registered to use NRC-approved 10 CFR Part 71 transportation packages.

- Release identification of radionuclides and form.

- Release 10 CFR Part 71 certificates and 10 CFR Part 72 information related to radionuclide form, content, quantities, model numbers, and locations of independent spent fuel storage installations, regardless of the quantities.

- Release event reports involving lost/stolen/abandoned/found radioactive material.

(2) Design of structures/equipment (site specific)

- Withhold information related to security requirements, information from analyses which could reveal vulnerabilities, reports of specific or predicted failures, and any other information which could reasonably be expected to be useful to potential adversaries.

- Release information regarding the design of structures provided to the NRC which typically consists of analyses to show that the design feature will withstand the combinations of forces associated with design basis events and natural hazards. The analyses do not typically provide realistic information on the failure of structural features, and, except for fuel cycle facilities, are not considered sensitive. However, withhold information related to predicted structural failures that could be useful to terrorists. (See Appendix 1 for specific guidance on fuel cycle facilities.)

(3) Nearby Facilities

- Withhold information related to nearby facilities if the information might reasonably be helpful to those planning an attack.

B. Design Information (non-site-specific): Spent Fuel Casks, Transportation Packages, Sealed Source and Device Catalog and Files, etc.

- Withhold drawings showing detailed design information.

- Withhold design/performance information which indicates vulnerabilities that could reasonably be expected to be useful to potential adversaries.

- Release text information containing descriptions of how packages/devices/sources are constructed.

Attachment 2 C. Emergency Planning/Fire Protection Information

- Withhold information related to emergency planning, emergency response, and fire protection. Review any considerations and/or requests for release on a case-by-case basis. As part of the review, check to see whether the State or local governments are withholding related information as sensitive.

- Withhold information describing licensee or government responses to malevolent attacks.

- Withhold information and drawings identifying locations of radioactive material, and onsite routes and pathways to or from the locations of radioactive material.

- Withhold information which State or local government agencies have designated as sensitive.

D. Security Program Information

- Much information related to security programs at fuel cycle facilities and other materials facilities with high risk sources has already been designated to be withheld as Classified, Safeguards, or Proprietary Information.

- In addition to withholding Classified, Safeguards, or Proprietary Information, withhold any security information which could reasonably be expected to be useful to potential adversaries.

E. Vulnerability/Security Assessments/Accident Analyses/Safety Analyses/Risk Assessments

- Release typical accident analyses which involve conservative models to demonstrate a facilitys ability to respond to design basis events (i.e., non-security related events),

unless the analysis could reasonably be expected to be useful to an adversary.

- Withhold assessments which use a malevolent event as an initial condition (e.g.,vulnerability/security analysis).

- Withhold descriptions of structural features related to potential malevolent attacks.

- Withhold detailed information and drawings describing the specific locations of equipment relied upon for safety or security.

- Withhold discussions of safety features or mitigation strategies within vulnerability/security assessments.

- Withhold any analysis that identifies which events have significant consequences and which events don't.

- Withhold information related to security events and any information which could be useful to an adversary due to identification of vulnerabilities.

Attachment 2 APPENDICES 1-5: ADDITIONAL GUIDANCE FOR SECURITY-RELATED SENSITIVE

INFORMATION SCREENING REVIEWS

These appendices contain additional guidance for screening documents for security-related sensitive information specific to fuel cycle facilities; decommissioning and low-level waste sites;

medical, industrial, and academic uses of nuclear materials; spent fuel/transportation; and export/import licensing. These appendices are organized as follows:

1. Fuel cycle facilities including milling, conversion, enrichment and fuel fabrication facilities;

2. Decommissioning and low-level waste sites;

3. Medical, industrial, and academic uses of nuclear materials;

4. Spent Fuel/Transportation (10 CFR Part 71: certificate holders, and registered users;

10 CFR Part 71: Quality Assurance Program holders; 10 CFR Part 72: certificate holders, general licensees, and site specific licensees);

5. Export/Import licensing.

Attachment 2 APPENDIX 1 - - FUEL CYCLE FACILITY REVIEWS (NRC

CONTACT

DIVISION OF FUEL

CYCLE SAFETY AND SAFEGUARDS (FCSS), NMSS)

A. Descriptions of Facilities Where Licensed Material May Be Located

- Withhold information on possession limits or actual inventories of radionuclides, and quantities, including such information on the license itself, for mixed oxide material and uranium enriched to greater than 6 % U-235. (Release identification of radionuclides and their forms.)

- Withhold information related to military contract operations, even if it is publicly available elsewhere.

- Withhold information identifying the exact locations (e.g., detailed floor plans) of radioactive and hazardous material whose release or theft could allow adversaries to create a diversion for theft of material or result in a significant consequence.

Information for planning a sabotage activity (e.g., bombing a building) would likely require less detailed information than theft where exact locations would likely be needed.

- Withhold information about the design of structures that consists of analyses to show that design features will withstand the forces associated with both security-related scenarios and non-security-related scenarios, such as tornadoes, high winds, snow loads, etc. Analyses indicating forces associated with non-security regulatory requirements could be useful in planning terrorist activities. For instance, information related to seismic loadings could be used to determine blast loads for bombs.

- Withhold detailed design information, including diagrams showing dimensions, material properties, and descriptions of how the facilities/equipment is constructed. Additionally, withhold process information that could potentially allow an adversary to access radioactive or hazardous materials or gain knowledge of detailed information or potential weaknesses of systems designed to ensure safe operations (necessary to prevent or mitigate accidents) at fuel cycle facilities.

B. Design Information (non-site specific)

No additional fuel cycle facility guidance for this category.

C. Emergency Planning/Fire Protection Information

- Withhold information contained in Emergency Planning and Fire Protection Plans that could potentially allow an adversary to gain knowledge of detailed information or potential weaknesses of systems designed to ensure safe operations (necessary to prevent or mitigate accidents) at fuel cycle facilities.

Attachment 2 - Withhold information and drawings identifying routes to or from the locations of radioactive and hazardous material whose release or theft could allow adversaries to achieve their goals.

- Withhold information that State or local government agencies have designated as sensitive.

- Withhold any detailed accident analysis that identifies which accidents have significant consequences and which accidents don't. Accident analysis information can appear in many documents (i.e., emergency plan, fire protection plan, Integrated Safety Analysis Summary, environmental assessment, etc.). General information may be releasable, but details should be withheld.

D. Security Program Information

- Much information related to security programs at fuel cycle facilities and other materials facilities with high risk sources has already been designated to be withheld as Proprietary, Classified or Safeguards Information.

- Withhold information about security equipment and programs, descriptions of equipment and radioactive or hazardous materials, and accident studies that bear a close resemblance to programs, equipment, radioactive or hazardous materials, and studies at other active licensee sites if that information would reveal vulnerabilities or be expected to be useful to adversaries at active licensee sites.

E. Vulnerability/Security Assessments/Accident Analyses

- Withhold detailed information and drawings describing the exact locations of radioactive or hazardous materials or gain knowledge of detailed information or potential weaknesses of system designed to ensure safe operations (necessary to prevent or mitigate accidents) at fuel cycle facilities.

- Withhold any detailed accident analysis which contains accident sequences, identifies accident consequences, identifies systems and components relied upon for safety, or identifies which accidents have significant consequences and which accidents don't.

Accident analysis information can appear in many documents (i.e., emergency plan, fire protection plan, Integrated Safety Analysis Summary, environmental assessment, etc.).

General information may be acceptable, but details should be withheld.

- Withhold information identifying the exact locations (e.g., detailed floor plans) of radioactive and hazardous material whose release or theft could allow adversaries create a diversion for theft of material or result in a significant consequence.

Information for planning a sabotage activity (e.g., bombing a building) would likely require less detailed information than theft where exact locations would likely be needed.

Attachment 2 APPENDIX 2 - - DECOMMISSIONING AND LOW-LEVEL WASTE SITE REVIEWS (NRC

CONTACT

DIVISION OF DECOMMISSIONING, WASTE MANAGEMENT, AND

ENVIRONMENTAL PROTECTION (DWMEP), NMSS)

DECOMMISSIONING AND LOW-LEVEL WASTE SITE THRESHOLD CRITERIA

1. Diffuse contamination consists of soil, groundwater, surface contamination on and in buildings, including that which is on equipment, floors, walls, etc. It also could include volumetrically contaminated materials whose concentrations are sufficiently low.

For determining whether only diffuse contamination is present at a decommissioning site, apply the following information derived from the IAEA Code of Conduct on the Safety and Security of Radioactive Sources (see Table 1). Category 3 sources in the Code of Conduct, for which NRC is developing a rulemaking to control their import and export, are typically about 1 curie. At a concentration of 2000 pCi/gram, which is well above the concentrations of plutonium typically found in soil at sites undergoing decommissioning, this equates to approximately 15,000 cubic feet of material, well in excess of what a terrorist could reasonably use for malevolent purposes. For materials at the 10 CFR Part 61 Class A limit for plutonium (10 nCi/gram), the volume of waste that would contain the Category 3 activity limit for plutonium would be 3000 cubic feet, also in excess of what could reasonably be used by a terrorist. However, for Co-60, the amount of loose material or rubble at the Class A limit (700 Ci/cubic meter) containing the Category 3 quantity (about 1 curie) would be less than 0.1 cubic foot, an amount that could easily be used for malevolent purposes because of its small volume.

Reviewers should apply values taking into consideration the examples given above in making a determination on whether a decommissioning site is within the threshold limits.

2. DWMEP has little licensing work in low-level waste. However, that which is performed may not be below the threshold. For example, import and export licensing could involve quantities of materials that would be useful to terrorists.

GENERAL GUIDANCE FOR DECOMMISSIONING AND LOW-LEVEL WASTE SITES

Most sites undergoing decommissioning are expected to be below the threshold, so that most licensing documents can be released. Sensitivity reviews must be conducted on documents related to LLW storage, safety, and security systems and procedures. Reviews should focus on determining if the information contained in these documents could be useful to an adversary in planning a terrorist act. Examples include the location and security arrangements for high-activity waste, the location of highly activated components, or the transportation security arrangements for high-activity waste or activated components.

Attachment 2 For fuel cycle, materials, and spent fuel pool and independent spent fuel storage installation (ISFSI) licensees that are undergoing decommissioning, issues that are not unique to decommissioning (such as descriptions of plant processes, vulnerability/security assessments, etc.) should be reviewed with regard to Appendices 1, 3, and 4, respectively.

A. Descriptions of Facilities Where Licensed Material May Be Located

- Withhold information identifying the exact locations of radioactive material. For example, detail drawings or maps of facilities, room numbers and locations, and specific locations of waste storage/processing operations.

- Withhold design information that could reasonably be expected to be useful to potential adversaries. Examples include detailed drawings or maps showing the locations of security measures/operations and infrastructure, locations of critical site infrastructure (electrical or power systems), and the design of facilities that could be useful in developing approaches to breech the facility.

- For transportation package information provided in connection with decommissioning or LLW disposal licensing, consider Appendix 4 for sensitivity of the information.

No additional guidance for decommissioning and low-level waste sites for other categories.

Attachment 2 APPENDIX 3 - - REVIEWS OF MEDICAL, INDUSTRIAL, AND ACADEMIC USERS OF

NUCLEAR MATERIALS (NRC

CONTACT

DIVISION OF INDUSTRIAL AND MEDICAL

NUCLEAR SAFETY (IMNS), NMSS)

A. Descriptions of Facilities Where Licensed Material May Be Located (above the thresholds in Table 1)

(1) Copies of Licenses and Mailing Lists

- Copies of licenses: Release authorized radionuclides and form. Withhold authorized quantities. Withhold manufacturers and model numbers of sealed sources and devices.

Withhold information which identifies buildings or rooms where radioactive material is located (this may be in the license condition specifying authorized location).

- Withhold mailings lists which are compiled for security purposes or identify high risk facilities or vulnerable facilities.

- Release individual mailing addresses, and street address where material is located (normally included on licenses).

(2) Locations of radioactive material

- Withhold lists of authorized or actual inventories of radionuclides.

- Withhold building numbers and room numbers (other than mailing addresses) or similar information which identify locations of material.

- Withhold site drawings which identify individual buildings on the licensee site.

- Withhold building drawings which identify the location of radioactive material, or onsite pathways or routes to and from locations of radioactive material.

- Release individual mailing addresses and street addresses.

(3) Design/description of structures/equipment/operating procedures (site specific)

- Most descriptions of structures/equipment/procedures may be released if they are not security-related.

- Withhold drawings of buildings/rooms/devices where radioactive material is located.

- Withhold manufacturers and model numbers of sealed sources and devices.

- Withhold information on security programs, guards, access controls, key cards, alarms, barriers, chains, locks, etc.

B. Design Information (non-site specific) - Sealed Source and Device Catalog

- Release information on addresses of manufacturers/distributors.

- Establish a password system for users with a valid need-to-know, and who have agreed to protect the information from unauthorized disclosure.

Attachment 2 C. Emergency Planning/Fire Protection Information

- Release general descriptions of emergency procedures for safety related events, such as radioactive material spills, releases, contamination, and fires.

- Withhold information on routes to and from locations of radioactive material.

- Withhold information related to responses to security events and malevolent events.

- Withhold information on responses of offsite law enforcement officials.

- Withhold information designated by State or local governments as sensitive.

D. Security Program Information

- Certain security information at specified facilities is already designated as Safeguards Information and should continue to be withheld and protected accordingly.

- In addition to withholding Safeguards Information, withhold any security information related to malevolent events or which could be useful to potential adversaries.

Examples as given in Section A above: information on guards, access controls, key cards, alarms, barriers, chains, locks, etc.

E. Vulnerability/Security Assessments/Accident Analyses

- No additional guidance for medical, industrial, and academic users of nuclear material for this category.

Attachment 2 APPENDIX 4 - - SPENT FUEL/TRANSPORTATION REVIEWS (NRC

CONTACT

SPENT

FUEL PROJECT OFFICE (SFPO), NMSS)

A. Descriptions of Facilities Where Licensed Material Be Located Subject Discussion and/or typical controls

10 CFR Part 72 Specific ISFSI Uncontrolled - Information provided to the NRC for Licenses and General Licenses specific ISFSI licenses and general licenses typically

- Text descriptions of the consists of analyses to show that the design feature will following: general description, withstand the combinations of forces associated with site characteristics, principal design basis events and natural hazards. The analyses design criteria, storage cask do not typically provide realistic information on the failure design, operations, waste of structural features and are not considered sensitive.

management, radiation protection, accident analyses, conduct of operations, operating controls and limits, and quality assurance

10 CFR Part 72 Specific ISFSI Potentially Controlled - Decisions regarding the control of Licenses and General Licenses information that show the plant site and buildings are

- Drawings and locations of dependent on the level of detail. Information clearly related hazards visible from locations accessible to the public near the site is generally released. This includes general (low- resolution) layout drawings of the site and adjacent areas.

Drawings showing details such as the specific locations of equipment within buildings, doorways, stairways, storage areas, etc. are to be withheld under 10 CFR 2.390(d).

Drawings showing locations of hazards in relation to the ISFSI are also withheld. A text description of the hazards in relation to the ISFSI is uncontrolled and will not be reviewed.

10 CFR Part 72 Specific ISFSI Controlled - Information related to non-nuclear facilities Licenses and General Licenses located near the ISFSI such as pipeline data (usually

- Nearby industrial, withheld per DOT) and chemical facilities (some data transportation, and military withheld per EPA) is controlled. Other information may facilities be protected by other federal agencies (e.g., DHS, FERC,

EPA, DOT)

10 CFR Part 72 Specific ISFSI Uncontrolled - Information related to radionuclides, form, Licenses and General Licenses and quantities Lists of licensees registered to Withhold lists and associated letters required by 10 CFR

use NRC-approved 10 CFR Part 71.17(c)(3).

71 transportation packages.

Attachment 2 B. Design Information (non-site specific): Transportation Packages, and Spent Fuel Casks Subject Discussion and/or typical controls

10 CFR Part 71 Transportation Uncontrolled - Information provided to the NRC typically Package Descriptions Text consists of analyses to show that the design feature will Descriptions Including withstand the combinations of forces associated with Radionuclide Form, Content and design basis events and natural hazards. The analyses Quantity do not typically provide realistic information on the failure of structural features and are not considered sensitive.

Text descriptions regarding the design of transportation packages do not need to be controlled for 3 basic reasons: 1) Part 71 does not authorize possession of byproduct, source or special nuclear material, 2) package design information is required for commerce both domestically and internationally, and 3) the information that could reasonably be expected to be useful to terrorists in planning or executing an attack for transportation packages containing large quantities of byproduct, source or special nuclear material is controlled by other means (e.g., route controls, escort requirements, etc., in accordance with Commission Orders, interim compensatory measures or other applicable requirements).

10 CFR Part 71 Drawings Potentially Controlled - Withhold diagrams showing detailed design information. Do not withhold drawings which have already been made public through FOIA

requests, hearings, rulemakings, or other public forums.

10 CFR Part 71 Transportation Uncontrolled - An entity wishing to use or fabricate an Quality Assurance Program approved transportation package must submit a Plan Descriptions description of its quality assurance program to the NRC.

This submittal is assigned a 10 CFR Part 71 docket and reviewed and approved by the staff. The QA program description typically does not contain the type of information found in the generic criteria that would cause it to be controlled. In addition, filing and approving a QA

program description does not authorize possession of byproduct, source, or special nuclear material.

10 CFR Part 71 Package Uncontrolled Information related to radionuclides, form and quantities

Attachment 2 Subject Discussion and/or typical controls

10 CFR Part 71 Advance NSIR has programmatic responsibility for reviewing and Notification of Shipments of controlling this information. 10 CFR 71.97 requires Irradiated Reactor Fuel and advance notifications to the governor of a State, or the Nuclear Waste governors designee, of certain shipments of high-risk radioactive material.

10 CFR Part 72 Dry Cask Uncontrolled - Information provided to the NRC typically Storage Systems -Certificates of consists of analyses to show that the design feature will Compliance (COC) safety withstand the combinations of forces associated with analysis report information design basis events and natural hazards. The analyses do not typically provide realistic information on the failure of structural features and are not considered sensitive.

Text information in the safety analysis report including design information is not controlled for the following reasons: 1) the design of the casks are simple by nature and the criteria for which they are designed are widely known; 2) most casks designs involve storage of the casks in open areas on concrete pads that are often readily seen from offsite locations; and 3) this information has been historically released to the public to support rulemaking for approved cask designs, and other public outreach efforts.

10 CFR Part 72 Dry Cask Potentially Controlled - Withhold diagrams showing Storage Systems -Drawings detailed design information. Do not withhold drawings which have already been made public through FOIA

requests, hearings, rulemakings, or other public forums.

10 CFR Part 72 Package Uncontrolled Information related to radionuclides, form and quantities

Attachment 2 C. Emergency Planning Information Subject Discussion and/or typical controls

10 CFR Part 72 Specific ISFSI Potentially Controlled - Incoming documents are initially Licenses and General Licenses profiled as nonpublic - staff will review for release upon

- Emergency Planning request. Most information related to emergency planning will not need to be designated as sensitive. Special attention is needed to determine if information relates to the response by a licensee or government agency to a terrorist attack. Note that some State and local governments consider parts of their emergency plans to be sensitive.

D. Security Program Information Subject Discussion and/or typical controls

10 CFR Part 72 Specific ISFSI Potentially Controlled - Information related to security Licenses and General Licenses programs is generally designated as SGI or SGI-M and is

- Security protected in a manner similar to classified confidential information. Security-related information within the inspection and oversight program is withheld from public disclosure under 10 CFR 2.390(d).

E. Vulnerability/Security Assessments/Accident Analyses/Risk Assessments Subject Discussion and/or typical controls Vulnerability/Security Controlled - Vulnerability/security assessments to Assessments for: determine the ability of transportation packages, dry cask

- 10 CFR Part 71 storage systems, or ISFSIs to withstand events from transportation package malevolent acts have been and will continue to be designs withheld from public disclosure.

- 10 CFR Part 72 dry cask storage systems

- 10 CFR Part 72 independent spent fuel storage installations (ISFSI)

Attachment 2 APPENDIX 5 - - EXPORT/IMPORT LICENSING (NRC

CONTACT

OFFICE OF

INTERNATIONAL PROGRAMS (OIP)

- Withhold information on authorized quantities or actual inventories of radionuclides, above the thresholds in Table 1, mixed oxide materials, and enriched uranium above 6%

U-235. Release information identifying radionuclides and form.

- For quantities above the thresholds in Table 1, mixed oxide materials, and enriched uranium above 6% U-235, withhold information on projected or actual shipment schedules, delivery dates, date required, mode of transport, storage arrangements, or any other related logistical information provided by the licensee in the application or added by the NRC.

Attachment 2 Table 1: Radionuclide Screening Threshold Values Radionuclide Quantity of Quantity of Concern1 (TBq) Concern2 (Ci )

Am-241 0.06 1.6 Am-241/Be 0.06 1.6 Cf-252 0.02 0.54 Cm-244 0.05 1.4 Co-60 0.03 0.81 Cs-137 0.1 2.7 Gd-153 1 27 Ir-192 0.08 2.2 Pm-147 40 1100

Pu-238 0.06 1.6 Pu-239/Be 0.06 1.6 Se-75 0.2 5.4 Sr-90 (Y-90) 1 27 Tm-170 20 540

Yb-169 0.3 8.1 Combinations of See Footnote radioactive materials listed Below4 above3

1 The aggregate activity of multiple, collocated sources should be included when the total activity exceeds the quantity of concern.

2 TBq values are the regulatory standard and the Curie values are rounded to two significant figures.

3 Radioactive materials are to be considered collocated if breaching a common physical security barrier (e.g., a locked door at the entrance to a storage room) would allow access to the radioactive material or devices containing the radioactive material. For sources installed in devices, each device should be considered a separate location.

4 If several radionuclides are aggregated, the sum of the ratios of the activity of each source, I

of radionuclide, n, A(i,n), to the quantity of concern for radionuclide n, Q(n), listed for that radionuclide exceeds one. [(aggregated source activity for radionuclide A) ÷ (quantity of concern for radionuclide A)] + [(aggregated source activity for radionuclide B) ÷ (quantity of concern for radionuclide B)] + etc........ >1

Attachment 3 Recently Issued NMSS Generic Communications Date GC No. Subject

Addressees

2/11/05 BL-05-01 Material Control and Accounting at All holders of operating licenses for Reactors and Wet Spent Fuel nuclear power reactors, decommissioning Storage Facilities nuclear power reactor sites storing spent fuel in a pool, and wet spent fuel storage sites.

11/23/05 RIS-05-24 Control of Radiation Dose to All medical licensees.

Visitors of Hospital Patients

11/14/05 RIS-05-21 Clarification of the Reporting All U.S. Nuclear Regulatory Commission Requirements in licensees and Part 76 certificate holders

10 CFR 20.2201 authorized to possess licensed material.

11/08/05 RIS-05-27 NRC Timeliness Goals, All 10 CFR Parts 71 and 72 licensees Prioritization of Incoming License and certificate holders.

Applications and Voluntary Submittal of Schedule for Future Actions for NRC Review

10/28/05 RIS-05-22 Requirements for the Physical All holders of licenses for the possession Protection During Transportation of of special nuclear material (SNM) that Special Nuclear Material of ship Category II and III quantities of this Moderate and Low Strategic material.

Significance: 10 CFR Part 72 vs.

Regulatory Guide 5.59 (1983)

10/07/05 RIS-05-23 Clarification of the Physical All gamma stereotactic radiosurgery Presence Requirement During (GSR) licensees.

Gamma Stereotactic Radiosurgery Treatments

09/27/05 RIS-04-17, Revised Decay-in-Storage All licensees regulated under 10 CFR

Rev. 1 Provisions for the Storage of Parts 30, 32, 33, 35, 39, and 50.

Radioactive Waste Containing Byproduct Material

08/25/05 RIS-05-18 Guidance for Establishing and All licensees, applicants for licenses, Maintaining a Safety Conscious holders of certificates of compliance, and Work Environment their contractors subject to NRC authority

08/10/05 RIS-05-16 Issuance of NRC Management All licensees and certificate holders.

Directive 8.17, Licensee Complaints Against NRC

Employees

08/03/05 RIS-05-15 Reporting Requirements for All material licensees possessing Damaged Industrial Radiographic industrial radiographic equipment, Equipment regulated under 10 CFR Part 34.

Attachment 3 Date GC No. Subject

Addressees

07/13/05 RIS-05-13 NRC Incident Response and the All licensees and certificate holders.

National Response Plan

07/11/05 RIS-05-12 Transportation of Radioactive Licensees authorized to possess Material Quantities of Concern radioactive material that equals or NRC Threat Advisory and exceeds the threshold values in the Protective Measures System Additional Security Measures (ASM) for transportation of Radioactive Material Quantities of Concern (RAMQC) under their 10 CFR Part 30, 32, 50, 70, and 71 licenses and Agreement State licensees similarly authorized to possess such material in such quantities under their Agreement State licenses.

07/11/05 RIS-05-11 Requirements for Power Reactor All holders of operating licenses for Licensees in Possession of nuclear power reactors and generally Devices Subject to the General licensed device License Requirements of 10 CFR vendors.

31.5

06/10/05 RIS-05-10 Performance-Based Approach for All industrial radiography licensees and Associated Equipment in 10 CFR manufacturers and distributors of

34.20 industrial radiography equipment.

04/18/05 RIS-05-06 Reporting Requirements for All material licensees possessing Gauges Damaged at Temporary portable gauges, regulated under 10 CFR

Job Sites Part 30.

04/14/05 RIS-05-04 Guidance on the Protection of All holders of operating licenses or Unattended Openings that construction permits for nuclear power Intersect a Security Boundary or reactors, Area research and test reactors, decommissioning reactors with fuel on site, Category 1 fuel cycle facilities, critical mass facilities, uranium conversion facility, independent spent fuel storage installations, gaseous diffusion plants, and certain other material licensees.

02/28/05 RIS-05-03 10 CFR Part 40 Exemptions for All persons possessing aircraft Uranium Contained in Aircraft counterweights containing uranium under Counterweights - Storage and the exemption in Repair 10 CFR 40.13(c)(5).

11/17/05 IN-05-31 Potential Non-conservative Error in All licensees using the KENO V.a or Preparing Problem-dependent KENO-VI criticality code module in Cross Sections for use with the Version 5 of the Standardized Computer KENO V.a or KENO-VI Criticality Analyses for Licensing Evaluation Code (SCALE) software developed by Oak Ridge National Laboratory (ORNL).

10/31/05 IN-05-28 Inadequate Test Procedure Fails All licensees authorized to possess a to Detect Inoperable Criticality critical mass of special nuclear material.

Accident Alarm Horns

10/07/05 IN-05-27 Low Dose-Rate Manual All medical licensees.

Brachytheraphy Equipment Related Medical Events

Attachment 3 Date GC No. Subject

Addressees

07/29/05 IN-05-22 Inadequate Criticality Safety All licensees authorized to possess a Analysis of Ventilation Systems at critical mass of special nuclear material.

Fuel Cycle Facilities

06/23/05 IN-05-17 Manual Brachytherapy Source All medical licensees authorized to Jamming possess a Mick applicator.

05/17/05 IN-05-13 Potential Non-conservative Error in All licensees using the Keno-V.a criticality Modeling Geometric Regions in code module in Standardized Computer the Analyses for Licensing Evaluation Keno-v.a Criticality Code (SCALE) software developed by Oak Ridge National Laboratory (ORNL)

05/17/05 IN-05-12 Excessively Large Criticality Safety All licensees authorized to possess a Limits Fail to Provide Double critical mass of special nuclear material.

Contingency at Fuel Cycle Facility

04/07/05 IN-05-10 Changes to 10 CFR Part 71 All 10 CFR Part 71 licensees and Packages certificate holders.

040/01/05 IN-05-07 Results of HEMYC Electrical All holders of operating licenses for Raceway Fire Barrier System Full nuclear power reactors, except those who Scale Fire Testing have permanently ceased operations and have certified that fuel has been permanently removed from the reactor vessel, and fuel facilities licensees.

03/10/05 IN-05-05 Improving Material Control and All licensees authorized to possess a Accountability Interface with critical mass of special nuclear material.

Criticality Safety Activities at Fuel Cycle Facilities Note: NRC generic communications may be found on the NRC public website at http://www.nrc.gov, under Electronic Reading Room/Document Collections.