|
|
| (One intermediate revision by the same user not shown) |
| Line 18: |
Line 18: |
|
| |
|
| =Text= | | =Text= |
| {{#Wiki_filter:UNITED NUCLEAR REGULATORY WASHINGTON, D.C. 20555-0001 December 21, 2010 Site Vice President Entergy Nuclear Operations, Inc. | | {{#Wiki_filter:UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 December 21, 2010 Site Vice President Entergy Nuclear Operations, Inc. |
| Vermont Yankee Nuclear Power Station P.O. Box 250 Governor Hunt Road Vernon, VT 05354 REQUEST FOR ADDITIONAL INFORMATION TO SUPPORT THE REVIEW OF VERMONT YANKEE NUCLEAR POWER STATION CYBER SECURITY PLAN (ID:BVY 10-036) (TAC NO. ME4296) | | Vermont Yankee Nuclear Power Station P.O. Box 250 Governor Hunt Road Vernon, VT 05354 |
| | |
| | ==SUBJECT:== |
| | REQUEST FOR ADDITIONAL INFORMATION TO SUPPORT THE REVIEW OF VERMONT YANKEE NUCLEAR POWER STATION CYBER SECURITY PLAN (ID:BVY 10-036) (TAC NO. ME4296) |
|
| |
|
| ==Dear Sir or Madam:== | | ==Dear Sir or Madam:== |
| | |
| By letter dated july 16, 2010 (Agencywide Documents Access and Management System, Accession No. ML102010393), Entergy Nuclear Operations, Inc. (the licensee) resubmitted a request to amend the Facility Operating License No. DPR-28 for Vermont Yankee Nuclear Power Station (VY). Per the proposed license amendment, the licensee requested approval of the VY Cyber Security Plan (CSP) (ML102010394), provided a proposed CSP Implementation Schedule, and included a proposed revision to the Facility Operating License to incorporate the provisions for implementing and maintaining in effect the provisions of the approved CSP. The licensee's amendment request was based on a generic template developed by the Nuclear Energy Institute in concert with the industry. | | By letter dated july 16, 2010 (Agencywide Documents Access and Management System, Accession No. ML102010393), Entergy Nuclear Operations, Inc. (the licensee) resubmitted a request to amend the Facility Operating License No. DPR-28 for Vermont Yankee Nuclear Power Station (VY). Per the proposed license amendment, the licensee requested approval of the VY Cyber Security Plan (CSP) (ML102010394), provided a proposed CSP Implementation Schedule, and included a proposed revision to the Facility Operating License to incorporate the provisions for implementing and maintaining in effect the provisions of the approved CSP. The licensee's amendment request was based on a generic template developed by the Nuclear Energy Institute in concert with the industry. |
| The Nuclear Regulatory Commission (NRC) staff is reviewing the CSP and the proposed CSP Implementation Schedule and has determined that additional information is required to complete its technical review. A supplemental request for additional information is included as an Enclosure and was reviewed in accordance with the guidance provided in Title 10 of the Code of Federal RegUlations Section 2.390, and the NRC staff has determined that no related or proprietary information is contained therein. A response to this RAI is requested to be provided by February 15, 2011. | | The Nuclear Regulatory Commission (NRC) staff is reviewing the CSP and the proposed CSP Implementation Schedule and has determined that additional information is required to complete its technical review. A supplemental request for additional information is included as an Enclosure and was reviewed in accordance with the guidance provided in Title 10 of the Code of Federal RegUlations Section 2.390, and the NRC staff has determined that no security related or proprietary information is contained therein. A response to this RAI is requested to be provided by February 15, 2011. |
| Sincerely, t | | Sincerely, t |
| : r. ( James Kim, Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-271 | | /1C~-<7 ~ |
| | : r. ( |
| | James Kim, Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-271 |
|
| |
|
| ==Enclosure:== | | ==Enclosure:== |
| As stated cc w/encl:
| |
| Distribution via Listserv REQUEST FOR ADDITIONAL INFORMATION (RA!) ON THE REQUEST FOR OF THE VERMONT YANKEE NUCLEAR POWER STATION CYBER SECURITY PLAN Cyber Security Plan (CSP) Section 4: Establishing, Implementing, and Maintaining the Cyber Security Program RAI1 RAI Title:
| |
| Defense-in-Depth Protective Strategies -Critical Digital Asset (CDA) Isolation Strategies Title 10 of the Code of Federal Regulations (10 CFR) Section 73.54(c)(2) requires the licensee to apply and maintain defense-in-depth protective strategies to ensure the capability to detect, respond to, and recover from cyber attacks. Section 4.3, "Defense-in-Depth Protective Strategies," of the Vermont Yankee CSP states in several instances when referring to protections which isolate or secure CDAs within various cyber security defensive levels, that boundaries may be secured via "an air gap or deterministic one-way isolation device such as a data diode or hardware VPN [virtual private network]." Please clarify how hardware VPNs will sufficiently protect CDAs within defensive boundaries, including an explanation of the technical configurations that would enable it to mimic the capabilities of a deterministic one-way isolation device.
| |
| RAI2 RAI Title:
| |
| Defense-in-Depth Protective Strategies -Protection of Critical Digital Assets Associated with Emergency Preparedness Functions 10 CFR Section 73.54(a)(1) requires that "The licensee shall protect digital computer and communication systems and networks associated with... (iii)
| |
| Emergency preparedness functions, including offsite communications; and (iv) Support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness functions." Section 4.3, "Defense in Depth Protective Strategies" of the Vermont Yankee CSP describes its site defensive model and states that CDAs that "are not required to be within Level 4 due to their safety or security significance, and that perform security or Emergency Plan functions and security or Emergency Plan data acquisition or that perform safety monitoring, are within Level 3." Furthermore, the CSP states that "CDAs that are not required to be in at least Level 3 and that perform or support Emergency Plan functions are within Level 2." The CSP does not indicate which protective strategies will be implemented for CDAs that perform Emergency Preparedness functions. Please clarify: (1) the distinction between CDAs that perform Emergency Planning and Emergency Preparedness functions; and (2) which protective strategies will be implemented for CDAs that perform "emergency preparedness" functions.
| |
| Enclosure December 21, 2010 Site Vice President Entergy Nuclear Operations, Inc. Vermont Yankee Nuclear Power Station P.O. Box 250 Governor Hunt Road Vernon, VT 05354 REQUEST FOR ADDITIONAL INFORMATION TO SUPPORT THE REVIEW OF VERMONT YANKEE NUCLEAR POWER STATION CYBER SECURITY PLAN (ID:BVY 10-036) (TAC NO. ME4296)
| |
|
| |
|
| ==Dear Sir or Madam:== | | As stated cc w/encl: Distribution via Listserv |
| By letter dated July 16, 2010 (Agencywide Documents Access and Management System, Accession No. ML102010393), Entergy Nuclear Operations, Inc. (the licensee) resubmitted a request to amend the Facility Operating License No. DPR-28 for Vermont Yankee Nuclear Power Station (VY). Per the proposed license amendment, the licensee requested approval of the VY Cyber Security Plan (CSP) (ML102010394), provided a proposed CSP Implementation Schedule, and included a proposed revision to the Facility Operating License to incorporate the provisions for implementing and maintaining in effect the provisions of the approved CSP. The licensee's amendment request was based on a generic template developed by the Nuclear Energy Institute in concert with the industry. The Nuclear Regulatory Commission (NRC) staff is reviewing the CSP and the proposed CSP Implementation Schedule and has determined that additional information is required to complete its technical review. A supplemental request for additional information is included as an Enclosure and was reviewed in accordance with the guidance provided in Title 10 of the Code of Federal Regulations Section 2.390, and the NRC staff has determined that no related or proprietary information is contained therein. A response to this RAI is requested to be provided by February 15, 2011.
| | |
| Sincerely, IRA! James Kim, Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-271
| | REQUEST FOR ADDITIONAL INFORMATION (RA!) ON THE REQUEST FOR OF THE VERMONT YANKEE NUCLEAR POWER STATION CYBER SECURITY PLAN Cyber Security Plan (CSP) Section 4: Establishing, Implementing, and Maintaining the Cyber Security Program RAI1 RAI |
| | |
| | ==Title:== |
| | Defense-in-Depth Protective Strategies - Critical Digital Asset (CDA) Isolation Strategies Title 10 of the Code of Federal Regulations (10 CFR) Section 73.54(c)(2) requires the licensee to apply and maintain defense-in-depth protective strategies to ensure the capability to detect, respond to, and recover from cyber attacks. Section 4.3, "Defense-in-Depth Protective Strategies," of the Vermont Yankee CSP states in several instances when referring to protections which isolate or secure CDAs within various cyber security defensive levels, that boundaries may be secured via "an air gap or deterministic one-way isolation device such as a data diode or hardware VPN [virtual private network]." |
| | Please clarify how hardware VPNs will sufficiently protect CDAs within defensive boundaries, including an explanation of the technical configurations that would enable it to mimic the capabilities of a deterministic one-way isolation device. |
| | RAI2 RAI |
| | |
| | ==Title:== |
| | Defense-in-Depth Protective Strategies - Protection of Critical Digital Assets Associated with Emergency Preparedness Functions 10 CFR Section 73.54(a)(1) requires that "The licensee shall protect digital computer and communication systems and networks associated with ... (iii) Emergency preparedness functions, including offsite communications; and (iv) Support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness functions." |
| | Section 4.3, "Defense in Depth Protective Strategies" of the Vermont Yankee CSP describes its site defensive model and states that CDAs that "are not required to be within Level 4 due to their safety or security significance, and that perform security or Emergency Plan functions and security or Emergency Plan data acquisition or that perform safety monitoring, are within Level 3." Furthermore, the CSP states that "CDAs that are not required to be in at least Level 3 and that perform or support Emergency Plan functions are within Level 2." |
| | The CSP does not indicate which protective strategies will be implemented for CDAs that perform Emergency Preparedness functions. Please clarify: (1) the distinction between CDAs that perform Emergency Planning and Emergency Preparedness functions; and (2) which protective strategies will be implemented for CDAs that perform "emergency preparedness" functions. |
| | Enclosure |
|
| |
|
| ==Enclosure:==
| | '.. MI- 103510475 OFFICE LPL 1-1/PM LPL 1-1/LA LPL 1-1/BC NAME JKim SUttle NSalgado DATE 12/21/10 12/20/10 12/21/10}} |
| As stated cc w/encl:
| |
| Distribution via Listserv DISTRIBUTION:
| |
| PUBLIC RidsNrrDorlLpl1-1 Resource RidsRgn1 MailCenter RidsNrrLASLittle RidsNsirDsp Resource RidsNrrPMVermontYankee RidsAcrsAcnw_MailCenter Resource PPederson ADAMS Accession No'.. MI 103510475
| |
| -OFFICE LPL1-1/PM LPL1-1/LA LPL1-1/BC NAME JKim SUttle NSalgado DATE 12/21/10 12/20/10 12/21/10 OFFICIAL RECORD COPY}}
| |
Letter Sequence RAI |
|---|
|
|
MONTHYEARML1021100932010-07-30030 July 2010
Acceptance of LAR Application for Cyber Security Plan
Project stage: Acceptance Review
ML1021500452010-08-0505 August 2010
Cyber Security Amendment Withdrawal Letter
Project stage: Other
ML1035104752010-12-21021 December 2010
Request for Additional Information to Support the Review of Cyber Security Plan (Id: Bvy 10-036)
Project stage: RAI
BVY 11-011, Technical Specifications Proposed Change 292, Supplement 1 Response to Request for Additional Information on the Cyber Security Plan2011-02-15015 February 2011
Technical Specifications Proposed Change 292, Supplement 1 Response to Request for Additional Information on the Cyber Security Plan
Project stage: Supplement
ML1105507182011-03-0303 March 2011
Request for Additional Information to Support the Review of Vermont Yankee Nuclear Power Station Cyber Security Plan
Project stage: RAI
BVY 11-023, Technical Specifications Proposed Change 292, Supplement 2, Response to Request for Additional Information and Revision to Cyber Security Plan2011-04-0404 April 2011
Technical Specifications Proposed Change 292, Supplement 2, Response to Request for Additional Information and Revision to Cyber Security Plan
Project stage: Supplement
ML11152A0132011-07-20020 July 2011
License Amendment, Cyber Security Plan
Project stage: Other
ML1120700832011-07-28028 July 2011
ME4296, Correction Letter Replacement Page for Amendment No. 247 for Cyber Security Plan
Project stage: Other
BVY 12-046, Proposed Change No. 301 - Cyber Security Plan Implementation Schedule Milestones2012-07-0202 July 2012
Proposed Change No. 301 - Cyber Security Plan Implementation Schedule Milestones
Project stage: Request
ML1226803002012-09-27027 September 2012
Correction Letter to Letter Dated July 28, 2011, for Replacement Page Issued for Amendment No. 247 for Cyber Security Plan
Project stage: Other
ML12261A2922012-11-13013 November 2012
Issuance of Amendment to Renewed Facility Operating License Cyber Security Plan Implementation Schedule Milestone
Project stage: Approval
BVY 13-109, Cyber Security Plan Implementation Schedule, Proposed Change No. 3082013-12-19019 December 2013
Cyber Security Plan Implementation Schedule, Proposed Change No. 308
Project stage: Request
2011-04-04
[Table View] |
|
|---|
Category:Request for Additional Information (RAI)
MONTHYEARML19224A4722019-08-26026 August 2019
VY Report on Status of Decommissioning Funding for Shutdown Reactors Enclosure
ML18094B0922018-04-0505 April 2018
Enclosurequest for Additional Information (Letter to B. S. Ford RAI Regarding Entergy Operations, Inc.'S Decommissioning Funding Plan Update for ISFSI Docket Nos.: 72-43, 72-51, 72-1044, 72-07, 72-12, and 72-59)
ML18045A8172018-04-0505 April 2018
Request for Additional Information on Vermont Yankee License Transfer Request (License DPR-28, Docket No. 50-271)
ML17341A3842017-12-14014 December 2017
Request for Additional Information Regarding License Amendment Request to Change Physical Security Plan to Reflect an ISFSI-Only Configuration
ML17313A4312017-11-0303 November 2017
NRC Request for Additional Information Regarding the Request for Direct and Indirect License Transfers from Entergy to Northstar
ML17279B1452017-10-24024 October 2017
Request for Additional Information Regarding the License Amendment Request to Change the Emergency Plan and Emergency Action Level Scheme to Reflect an ISFSI-Only Configuration
ML17244A0982017-10-12012 October 2017
NRC Request for Additional Information Regarding the Request for Direct and Indirect License Transfers from Entergy to Northstar
ML17229B4842017-08-16016 August 2017
Request for Supplemental Documentation to Support Review of the Physical Security Plan
ML16090A0292016-04-0505 April 2016
Request for Additional Information Related to Proposed Changes to Quality Assurance Program Manual, Vermont Yankee Nuclear Power Station
ML16077A3452016-03-22022 March 2016
Request for Additional Information Related to 10 CFR 20.2002 Alternate Waste Disposal Request For Vermont Yankee Nuclear Power Station (CAC No. L53116)
ML16069A0952016-03-0303 March 2016
Request for 20.2002 Disposal, Request for Additional Information
CNRO-2015-00008, Responses to NRC Request for Additional Information Regarding Change in Corporate Form of Entergy Nuclear Holding Company2015-02-18018 February 2015
Responses to NRC Request for Additional Information Regarding Change in Corporate Form of Entergy Nuclear Holding Company
ML14318A4002014-12-17017 December 2014
Vermont Yankee Nuclear and Big Rock Point - Request for Additional Information Regarding Change in Corporate Form of Entergy Nuclear Holding Company (Tac Nos. MF3218 - MF3221)
ML14289A3942014-11-21021 November 2014
Redacted, Request for Additional Information, Review of Revision 14 to the Physical Security Plan, Safeguards Contingency Plan, and Training and Qualification Plan Pursuant to 10 CFR 50.54(p)(2)
BVY 14-069, Request for Exemptions from Portions of 10 CFR 50.47 and 10 CFR 50, Appendix E - Supplement 22014-10-21021 October 2014
Request for Exemptions from Portions of 10 CFR 50.47 and 10 CFR 50, Appendix E - Supplement 2
ML14192A8352014-08-19019 August 2014
Request for Additional Information, Exemption from 10 CFR 50.47 and Appendix E to Allow Reduced Emergency Plan Requirements and Revise Radiological Emergency Response Plan Consistent with Permanently Defueled Reactor
ML14231A0172014-08-13013 August 2014
Technical Specifications Proposed Change No. 309, Defueled Technical Specifications and Revised License Conditions for Permanently Defueled Condition - Supplement 4
ML14163A5902014-07-0101 July 2014
Request for Additional Information, Round 2, Amendment Request to Revise Site Emergency Plan for Permanently Defueled Condition to Reflect Change in On-Shift Staffing and Emergency Response Staffing
ML14115A0292014-05-0505 May 2014
Request for Additional Information Regarding License Amendment Request for Emergency Plan Change
ML14024A0412014-01-29029 January 2014
Request for Additional Information Regarding Entergy Request for Rescission of and Scheduler Relief from Order EA-13-109 on Reliable Hardened Containment Vents
ML13311B0772013-11-26026 November 2013
Interim Staff Evaluation and Request for Additional Information Regarding the Overall Integrated Plan for Implementation of Order EA-12-051, Reliable Spent Fuel Pool Instrumentation
ML13304B4182013-11-0101 November 2013
Request for Additional Information Associated with Near-Term Task Force Recommendation 2.3, Seismic Walkdowns
ML13218A0122013-08-0606 August 2013
E-mail from R.Guzman to P.Couture, Request for Additional Information - Relief Requests ISI-04 Dated March 27, 2013 - Bvy 13-018
ML13205A1762013-07-24024 July 2013
Supplemental Request for Additional Information - Relief Request ISI-03
ML13179A4622013-07-0505 July 2013
Entergy Nuclear Operations, Inc., Decommissioning Funding Status Report Request for Additional Information Regarding the Decommissioning Funding Status Report
ML13186A1142013-07-0505 July 2013
Email from R. Guzman to P.Couture Request for Additional Information - Relief Request ISI-02, Application of Code Case N-716
ML13165A2792013-06-20020 June 2013
Request for Additional Information Overall Integrated Plan for Reliable Spent Fuel Pool Instrumentation (NRC Order EA-12-051)
ML13163A2582013-06-17017 June 2013
Request for Additional Information - Response to March 12, 2012, Commission Order EA-12-049 to Modify Licenses Requirements for Mitigating Strategies for Beyond Design Basis External Events
ML13149A2652013-05-28028 May 2013
Email from R. Guzman to P. Couture - Request for Additional Information Relief Request ISI-05 (TAC No. MF1194) -Updated RAI-2 (Revision 2)
ML13130A0562013-05-0909 May 2013
E-mail from R.Guzman to P.Couture Request for Additional Information - Relief Request RR-P02 Dated February 1, 2013 - Bvy 13-008
ML13130A0472013-05-0808 May 2013
Email from R.Guzman to P.Couture Request for Additional Information - Relief Requests ISI-01 and ISI-03 Dated March 27, 2013 - Bvy 13-018 (TAC Nos. MF1196/1198)
ML13119A2462013-04-29029 April 2013
Request for Additional Information, E-mail from R. Guzman to P. Couture Relief Request ISI-05
ML13097A0032013-04-0808 April 2013
Request for Additional Information Change to 10 CFR 50.63 Licensing Basis - SBO EDG
ML13087A3922013-04-0202 April 2013
Request for Additional Information to Support the Review of Relief Request RR-P-01
ML13081A7522013-03-22022 March 2013
Email from R.Guzman to P.Couture Request for Additional Information for License Amendment Request to Change 10 CFR 50.63 Licensing Basis
ML13077A2062013-03-20020 March 2013
Request for Additional Information Regarding 10 CFR 50.33 Financial Qualification Review
ML13067A0912013-03-0808 March 2013
Request for Additional Information Change to TS 3.3.B Inoperable Control Rods
ML13050A4692013-02-21021 February 2013
Request for Additional Information Change to Licensing Basis for Station Blackout Diesel Generator
ML13018A4592013-01-15015 January 2013
Request for Additional Information - E-mail from R.Guzman to P.Couture Relief Request ISI-PT-02 Alternative to the System Leakage Test for Rv Head Flange Leakoff Lines
ML1228403332012-10-10010 October 2012
Request for Additional Information - E-mail from R. Guzman to P. Couture License Amendment Request to Revise License Condition 3.P and 3.Q
ML12278A3862012-10-0404 October 2012
ANO 1 & 2, Big Rock, FitzPatrick, GGNS, Indian Point 1, 2, and 3, Palisades, Pilgrim, RBS, Vermont Yankee, and Waterford, Request for Additional Information, Round 2, Amendment Request to Revise QA Program Manual and Staff Qualification TSs
ML13070A2032012-09-17017 September 2012
Email from R. Guzman to R. Wanczyk and P. Outure Draft Request for Additional Information - LAR to Revise License Renewal Commitments One Time Inspection Program
ML13070A1742012-09-10010 September 2012
Email from R. Guzman to R. Wanczyk Draft Request for Additional Information - LAR to Revise License Renewal Commitments Selective Leaching Program
ML12122A8072012-05-0707 May 2012
Request for Additional Information Regarding Physical Security, Safeguards Contingency and Training and Qualification Plan, Revision 11
ML1300902982012-04-10010 April 2012
E-mail from J. Kim to J. Devincentis Request for Additional Information - Rod Worth Minimizer Bypass Allowance Amendment
ML1209604492012-04-0505 April 2012
ANO 1 & 2, Big Rock, FitzPatrick, GGNS, Indian Point 1, 2 & 3, Palisades, Pilgrim, RBS, Vermont Yankee, and Waterford - Request for Additional Information, Revise Quality Assurance Program Manual and Staff Qualification Technical Specificat
ML12056A0482012-03-12012 March 2012
Enclosure 2 - Recommendation 2.1: Flooding
ML12056A0502012-03-12012 March 2012
Enclosure 4 - Recommendation 2.3: Flooding
ML12056A0512012-03-12012 March 2012
Enclosure 5 - Recommendation 9.3: Emergency Preparedness
ML12056A0492012-03-12012 March 2012
Enclosure 3 - Recommendation 2.3: Seismic
2019-08-26
[Table view]
Category:Letter
MONTHYEARBVY 24-026, Pre-Notice of Disbursement from Decommissioning Trust2024-10-0202 October 2024
Pre-Notice of Disbursement from Decommissioning Trust
ML24240A1692024-09-18018 September 2024
Cy 2023 Summary of Decommissioning Trust Fund Status
BVY 24-024, Pre-Notice of Disbursement from Decommissioning Trust2024-07-30030 July 2024
Pre-Notice of Disbursement from Decommissioning Trust
BVY 24-023, Pre-Notice of Disbursement from Decommissioning Trust2024-07-0202 July 2024
Pre-Notice of Disbursement from Decommissioning Trust
IR 05000271/20240012024-06-28028 June 2024
NRC Inspection Report No. 05000271/2024001, Northstar Nuclear Decommissioning Company, LLC, Vermont Yankee Nuclear Power Station, Vernon, Vermont
ML24151A6482024-06-0303 June 2024
Changes in Reactor Decommissioning Branch Project Management Assignments for Some Decommissioning Facilities
BVY 24-022, Pre-Notice of Disbursement from Decommissioning Trust2024-05-30030 May 2024
Pre-Notice of Disbursement from Decommissioning Trust
BVY 24-020, Biennial Update of Quality Assurance Program Manual2024-05-22022 May 2024
Biennial Update of Quality Assurance Program Manual
BVY 24-019, 2023 Radiological Environmental Operating Report2024-05-0909 May 2024
2023 Radiological Environmental Operating Report
BVY 24-017, Pre-Notice of Disbursement from Decommissioning Trust2024-05-0606 May 2024
Pre-Notice of Disbursement from Decommissioning Trust
BVY 24-018, 2023 Radiological Effluent Release Report2024-05-0505 May 2024
2023 Radiological Effluent Release Report
BVY 24-016, 2023 Individual Monitoring NRC Form 5 Report2024-04-18018 April 2024
2023 Individual Monitoring NRC Form 5 Report
BVY 24-014, Report of Investigation Pursuant to 10 CFR 20, Appendix G2024-04-0101 April 2024
Report of Investigation Pursuant to 10 CFR 20, Appendix G
BVY 24-015, Pre-Notice of Disbursement from Decommissioning Trust2024-04-0101 April 2024
Pre-Notice of Disbursement from Decommissioning Trust
BVY 24-012, Report of Investigation Pursuant to 10 CFR 20, Appendix G2024-03-14014 March 2024
Report of Investigation Pursuant to 10 CFR 20, Appendix G
BVY 24-011, Report of Investigation Pursuant to 10 CFR 20, Appendix G2024-03-0606 March 2024
Report of Investigation Pursuant to 10 CFR 20, Appendix G
BVY 24-010, Pre-Notice of Disbursement from Decommissioning Trust2024-03-0505 March 2024
Pre-Notice of Disbursement from Decommissioning Trust
ML24053A2572024-03-0101 March 2024
Withdrawal of Requested Licensing Action for a License Amendment Submitted for Approval of the License Termination Plan
BVY 24-009, Withdrawal of License Amendment Request to Add License Condition 3.K, License Termination Plan; Proposed Change No. 3172024-02-27027 February 2024
Withdrawal of License Amendment Request to Add License Condition 3.K, License Termination Plan; Proposed Change No. 317
BVY 24-008, ISFSI, Annual Radioactive Effluent Release Report2024-02-26026 February 2024
ISFSI, Annual Radioactive Effluent Release Report
BVY 24-007, Report of Investigation Pursuant to 10 CFR 20, Appendix G2024-02-26026 February 2024
Report of Investigation Pursuant to 10 CFR 20, Appendix G
IR 05000271/20230022024-02-20020 February 2024
NRC Inspection Report Nos. 05000271/2023002 and 07200059/2023001, Northstar Nuclear Decommissioning Company, LLC, Vermont Yankee Nuclear Power Station, Vernon, Vermont
BVY 24-006, Pre-Notice of Disbursement from Decommissioning Trust2024-02-0606 February 2024
Pre-Notice of Disbursement from Decommissioning Trust
BVY 24-005, Report of Investigation Pursuant to 10 CFR 20, Appendix G2024-01-30030 January 2024
Report of Investigation Pursuant to 10 CFR 20, Appendix G
BVY 24-004, Report of Investigation Pursuant to 10 CFR 20, Appendix G2024-01-23023 January 2024
Report of Investigation Pursuant to 10 CFR 20, Appendix G
BVY 24-003, Nuclear Onsite Property Damage Insurance2024-01-0404 January 2024
Nuclear Onsite Property Damage Insurance
BVY 24-001, Pre-Notice of Disbursement from Decommissioning Trust2024-01-0202 January 2024
Pre-Notice of Disbursement from Decommissioning Trust
BVY 23-030, Report of Investigation Pursuant to 10 CFR 20, Appendix G2023-12-20020 December 2023
Report of Investigation Pursuant to 10 CFR 20, Appendix G
BVY 23-029, Proof of Financial Protection2023-12-12012 December 2023
Proof of Financial Protection
BVY 23-028, Pre-Notice of Disbursement from Decommissioning Trust2023-11-28028 November 2023
Pre-Notice of Disbursement from Decommissioning Trust
BVY 23-027, Report of Investigation Pursuant to 10 CFR 20, Appendix G2023-11-21021 November 2023
Report of Investigation Pursuant to 10 CFR 20, Appendix G
BVY 23-026, Report of Investigation Pursuant to 10 CFR 20, Appendix G2023-11-13013 November 2023
Report of Investigation Pursuant to 10 CFR 20, Appendix G
BVY 23-025, Pre-Notice of Disbursement from Decommissioning Trust2023-11-0202 November 2023
Pre-Notice of Disbursement from Decommissioning Trust
BVY 23-023, License Amendment Request Addition of License Condition 3.K, License Termination Plan; Proposed Change No. 3172023-10-10010 October 2023
License Amendment Request Addition of License Condition 3.K, License Termination Plan; Proposed Change No. 317
IR 07200059/20234012023-10-0505 October 2023
Independent Spent Fuel Storage Installation Security Inspection Report 07200059/2023401
BVY 23-022, Pre-Notice of Disbursement from Decommissioning Trust2023-08-23023 August 2023
Pre-Notice of Disbursement from Decommissioning Trust
IR 05000271/20230012023-08-15015 August 2023
Northstar Nuclear Decommissioning Company, Llc., Vermont Yankee Nuclear Power Station, - NRC Inspection Report 05000271/2023001
BVY 23-021, Report of Investigation Pursuant to 10 CFR 20, Appendix G2023-08-0202 August 2023
Report of Investigation Pursuant to 10 CFR 20, Appendix G
BVY 23-020, Pre-Notice of Disbursement from Decommissioning Trust2023-08-0202 August 2023
Pre-Notice of Disbursement from Decommissioning Trust
BVY 23-019, Update to 2022 Radiological Effluent Release Report2023-07-24024 July 2023
Update to 2022 Radiological Effluent Release Report
BVY 23-018, Update to Nuclear Onsite Property Damage Insurance2023-07-12012 July 2023
Update to Nuclear Onsite Property Damage Insurance
BVY 23-017, Pre-Notice of Disbursement from Decommissioning Trust2023-06-29029 June 2023
Pre-Notice of Disbursement from Decommissioning Trust
BVY 23-015, Report of Investigation Pursuant to 1O CFR 20, Appendix G2023-06-0505 June 2023
Report of Investigation Pursuant to 1O CFR 20, Appendix G
BVY 23-016, 10 CFR 72.48 Report2023-06-0505 June 2023
10 CFR 72.48 Report
BVY 23-014, Pre-Notice of Disbursement from Decommissioning Trust2023-05-31031 May 2023
Pre-Notice of Disbursement from Decommissioning Trust
BVY 23-011, 2022 Radiological Effluent Release Report2023-05-10010 May 2023
2022 Radiological Effluent Release Report
BVY 23-013, 2022 Radiological Environmental Operating Report2023-05-10010 May 2023
2022 Radiological Environmental Operating Report
BVY 23-012, Pre-Notice of Disbursement from Decommissioning Trust2023-05-0202 May 2023
Pre-Notice of Disbursement from Decommissioning Trust
ML23117A2172023-05-0101 May 2023
Safety Evaluation for Quality Assurance Program Manual Reduction in Commitment
BVY 23-009, 2022 Individual Monitoring NRC Form 5 Report2023-04-24024 April 2023
2022 Individual Monitoring NRC Form 5 Report
2024-09-18
[Table view] |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 December 21, 2010 Site Vice President Entergy Nuclear Operations, Inc.
Vermont Yankee Nuclear Power Station P.O. Box 250 Governor Hunt Road Vernon, VT 05354
SUBJECT:
REQUEST FOR ADDITIONAL INFORMATION TO SUPPORT THE REVIEW OF VERMONT YANKEE NUCLEAR POWER STATION CYBER SECURITY PLAN (ID:BVY 10-036) (TAC NO. ME4296)
Dear Sir or Madam:
By letter dated july 16, 2010 (Agencywide Documents Access and Management System, Accession No. ML102010393), Entergy Nuclear Operations, Inc. (the licensee) resubmitted a request to amend the Facility Operating License No. DPR-28 for Vermont Yankee Nuclear Power Station (VY). Per the proposed license amendment, the licensee requested approval of the VY Cyber Security Plan (CSP) (ML102010394), provided a proposed CSP Implementation Schedule, and included a proposed revision to the Facility Operating License to incorporate the provisions for implementing and maintaining in effect the provisions of the approved CSP. The licensee's amendment request was based on a generic template developed by the Nuclear Energy Institute in concert with the industry.
The Nuclear Regulatory Commission (NRC) staff is reviewing the CSP and the proposed CSP Implementation Schedule and has determined that additional information is required to complete its technical review. A supplemental request for additional information is included as an Enclosure and was reviewed in accordance with the guidance provided in Title 10 of the Code of Federal RegUlations Section 2.390, and the NRC staff has determined that no security related or proprietary information is contained therein. A response to this RAI is requested to be provided by February 15, 2011.
Sincerely, t
/1C~-<7 ~
- r. (
James Kim, Project Manager Plant Licensing Branch 1-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-271
Enclosure:
As stated cc w/encl: Distribution via Listserv
REQUEST FOR ADDITIONAL INFORMATION (RA!) ON THE REQUEST FOR OF THE VERMONT YANKEE NUCLEAR POWER STATION CYBER SECURITY PLAN Cyber Security Plan (CSP) Section 4: Establishing, Implementing, and Maintaining the Cyber Security Program RAI1 RAI
Title:
Defense-in-Depth Protective Strategies - Critical Digital Asset (CDA) Isolation Strategies Title 10 of the Code of Federal Regulations (10 CFR) Section 73.54(c)(2) requires the licensee to apply and maintain defense-in-depth protective strategies to ensure the capability to detect, respond to, and recover from cyber attacks. Section 4.3, "Defense-in-Depth Protective Strategies," of the Vermont Yankee CSP states in several instances when referring to protections which isolate or secure CDAs within various cyber security defensive levels, that boundaries may be secured via "an air gap or deterministic one-way isolation device such as a data diode or hardware VPN [virtual private network]."
Please clarify how hardware VPNs will sufficiently protect CDAs within defensive boundaries, including an explanation of the technical configurations that would enable it to mimic the capabilities of a deterministic one-way isolation device.
RAI2 RAI
Title:
Defense-in-Depth Protective Strategies - Protection of Critical Digital Assets Associated with Emergency Preparedness Functions 10 CFR Section 73.54(a)(1) requires that "The licensee shall protect digital computer and communication systems and networks associated with ... (iii) Emergency preparedness functions, including offsite communications; and (iv) Support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness functions."
Section 4.3, "Defense in Depth Protective Strategies" of the Vermont Yankee CSP describes its site defensive model and states that CDAs that "are not required to be within Level 4 due to their safety or security significance, and that perform security or Emergency Plan functions and security or Emergency Plan data acquisition or that perform safety monitoring, are within Level 3." Furthermore, the CSP states that "CDAs that are not required to be in at least Level 3 and that perform or support Emergency Plan functions are within Level 2."
The CSP does not indicate which protective strategies will be implemented for CDAs that perform Emergency Preparedness functions. Please clarify: (1) the distinction between CDAs that perform Emergency Planning and Emergency Preparedness functions; and (2) which protective strategies will be implemented for CDAs that perform "emergency preparedness" functions.
Enclosure
'.. MI- 103510475 OFFICE LPL 1-1/PM LPL 1-1/LA LPL 1-1/BC NAME JKim SUttle NSalgado DATE 12/21/10 12/20/10 12/21/10
