ML21145A047: Difference between revisions
StriderTol (talk | contribs) (StriderTol Bot change) |
StriderTol (talk | contribs) (StriderTol Bot change) |
||
| Line 17: | Line 17: | ||
=Text= | =Text= | ||
{{#Wiki_filter:}} | {{#Wiki_filter:THIS PRELIMINARY PROPOSED RULE LANGUAGE AND ACCOMPANYING DISCUSSION IS BEING RELEASED TO SUPPORT INTERACTIONS WITH STAKEHOLDERS AND THE ADVISORY COMMITTEE ON REACTOR SAFEGUARDS (ACRS). THIS LANGUAGE HAS NOT BEEN SUBJECT TO COMPLETE NRC MANAGEMENT OR LEGAL REVIEW, AND ITS CONTENTS SHOULD NOT BE INTERPRETED AS OFFICIAL AGENCY POSITIONS. | ||
THE NRC STAFF PLANS TO CONTINUE WORKING ON THE CONCEPTS AND DETAILS PROVIDED IN THIS DOCUMENT AND WILL CONTINUE TO PROVIDE OPPORTUNITIES FOR PUBLIC PARTICIPATION AS PART OF THE RULEMAKING ACTIVITIES. | |||
THE STAFF IS PRIMARILY SEEKING INSIGHTS REGARDING THE CONCEPTS IN THIS PRELIMINARY LANGUAGE AND SECONDARILY SEEKING INSIGHTS RELATED TO DETAILS SUCH AS NUMERICAL VALUES FOR VARIOUS CRITERIA. | |||
STAFF DISCUSSION OF PART 73 PHYSICAL SECURITY - PRELIMINARY RULE LANGUAGE (June 2021) | |||
Preliminary Language Discussion PHYSICAL SECURITY FOR ADVANCED NUCLEAR REACTORS | |||
§ 73.100 - Technology neutral requirements for physical The proposed new section of 10 CFR 73.100 in Part protection of licensed activities at advanced nuclear plants 73 provides a regulatory framework based on against radiological sabotage. performance requirements that minimize or eliminate prescriptive requirements (compared to 10 CFR 73.55) to permit the applicant/licensee the maximum flexibility to determine how it will design and implement the physical protection necessary to protect against the design basis threat (DBT) and security of the plant for activities involving nuclear material. | |||
(a) Introduction. (1) An advanced nuclear plant licensee under The current physical security requirements use a 10 CFR part 53 who does not meet the criterion in 10 CFR combination of performance criteria (e.g., the physical 53.830(a)(2)(i) must implement the requirements of this section protection program must protect against the DBT for through its Commission-approved Physical Security Plan, Training radiological sabotage as stated in 10 CFR 73.1) and and Qualification Plan, Safeguards Contingency Plan, and Cyber numerous prescriptive requirements developed to Security Plan, referred to collectively hereafter as security plans. achieve the performance objective. In a performance-based approach to physical security, performance (2) The security plans must identify, describe, and account for site- criteria and objectives are the primary basis for specific conditions that affect the licensees capability to satisfy the regulatory decision making, giving the licensee the requirements of this section. flexibility to determine how to meet the established 1 | |||
performance criteria for an effective physical protection program. | |||
(b) General performance objective and requirements. (1) The § 73.100(b) - This paragraph outlines the general licensee must establish and maintain a physical protection program performance objective and design requirements of the and a security organization, which will have as their objective to licensee physical protection program. Licensees are provide reasonable assurance that activities involving special nuclear required to provide protection against the design material are not inimical to the common defense and security and do basis threat of radiological sabotage. To accomplish not constitute an unreasonable risk to the public health and safety. this, the physical protection program is designed to The design and implementation of the physical protection program protect against any deliberate act against the plant or must achieve and maintain at all time the capabilities for meeting the against a component of such a plant, including spent following performance requirements: fuel sabotage, which could directly or indirectly endanger the public health and safety by exposure to (i) Intrusion detection systems. Physical security structures, radiation. | |||
systems, and components relied on for interior and exterior intrusion detection functions must be designed to detect attempted and actual The design requirements of this section also require unauthorized access. The design must provide diverse methods for licensees to conduct a site specific analysis that achieving the intended intrusion detection functions, sufficient to accounts for site conditions and utilizes the integration ensure the reliability and availability of systems and components. | |||
of systems, technologies, programs, equipment, (ii) Intrusion assessment systems. Physical security structures, supporting processes, and implementing procedures. | |||
systems, and components relied on for intrusion assessment The physical protection program is supported by the functions must be designed to provide rapid remote assessment for access authorization, cyber security, and insider determining cause and initiating appropriate security responses. The mitigation programs to meet the general performance design must provide diverse methods for achieving the intended objective of this section. The effectiveness of the intrusion assessment functions, sufficient to ensure the reliability and physical protection program is measured through availability of systems and components. implementation of the performance evaluation (iii) Security communication systems. Structures, systems, and program. | |||
components relied on for security communications must be designed to provide continuity and integrity of communications. § 73.100(b)(i) - b(vi) - The general performance Communication systems must account for design basis threats that objective and requirements are informed by can interrupt or interfere with continuity or integrity of § 73.55(b) and the Security Design Considerations communications. The design must provide diverse and redundant that were developed in March 2017 - Non-LWR methods for achieving the intended communication functions. Physical and Cyber Security Design Considerations (FRN - ML17060A456). These considerations, if (iv) Security delay systems. Structures, systems, and components adequately implemented through a detailed design of relied on for delay functions must be designed to provide for timely the physical protection program, along with the 2 | |||
security responses to adversary attacks with adequate defense-in- adequate implementation of administrative controls depth. and security programs, provide reasonable assurance that a licensee can protect a nuclear power reactor (v) Security response. Engineered physical security structures, against the DBT of radiological sabotage. Consistent systems, and components performing neutralization functions and with the Commissions Policy Statement on the engineered fighting positions relied on to protect security personnel Regulation of Advanced Reactors, these performing neutralization functions must be designed to provide considerations should be considered early in the overlapping fields of fire. The design configuration must provide design process. | |||
layers of security response, with each layer assuring that a single failure does not result in the loss of capability to neutralize the design The performance objective of protecting against the basis threat adversary. | |||
DBT of radiological sabotage is achieved by the (vi) Control measures protecting against land and waterborne design and implementation of the physical protection vehicle bomb assaults. Physical security structures, systems, and program, maintained at all times, with the following components, in conjunction with site-specific natural features, that performance requirements: | |||
are relied on to protect against a design basis threat land vehicle and waterborne vehicle bomb assault must be designed to protect of the | |||
* Intrusion detection systems reactor building and structures containing safety or security related | |||
* Intrusion assessment systems structures, systems, and components from explosive effects that are | |||
* Security communication systems. | |||
based on the maximum design basis threat quantity of explosives. | |||
* Security delay systems The vehicle control measures (passive and active barrier systems) to | |||
* Security response deny land or waterborne vehicle bomb assaults must be located at a | |||
* Control measures protecting against land and bounding minimum safe stand-off distance to adequately protect all waterborne vehicle bomb assaults structures, systems, and components required for safety and | |||
* Access control portals security. | |||
(vii) Access control portals: Access control portals must be The proposed performance requirements permit the designed to detect and deny unauthorized access to persons and designer/applicant/licensee to determine how to pass-through of contraband materials (e.g., weapons, incendiaries, design the physical protection program to protect the explosives). The design must provide diverse and redundant plant against the DBT of radiological sabotage, methods for achieving the intended intrusion access control without the constraints of prescriptive requirements functions. such as those currently found in 10 CFR 73.55. | |||
(2) To satisfy the general performance objective and requirements of § 73.100(b)(2) -This proposed section is developed paragraph (b)(1) of this section, the physical protection program must from 73.55(b)(3). The proposed language removes protect against the design basis threat of radiological sabotage as reference to significant core damage, which applies 3 | |||
stated in § 73.1 of this part. Specifically, the licensee must mainly to light-water reactor technology, and focuses on radiological sabotage in order to be technology (i) Ensure that the physical protection program capabilities to protect neutral and incorporate the rationale from the limited against the design basis threat of radiological sabotage are scope Physical Security for Advanced Reactors maintained at all times. Rulemaking that is currently ongoing. | |||
(ii) Provide defense-in-depth in achieving performance requirements Defense-in-depth - The designs of physical security through the integration of engineered systems, administrative systems should employ defense-in-depth through controls, and management measures to assure effectiveness of the systems diversity, independence, and separation to physical protection program to protect the plant against the design achieve reasonable assurance that intended security basis threat of radiological sabotage. functions meet all performance criteria. The defense-in-depth philosophy applies to measures against (3) The licensee must identify and analyze site-specific conditions intentional acts. The most common defense-in-depth that may affect the physical protection program needed to implement measures apply concepts of redundancy, diversity, the requirements of this section. The licensee must account for independence, and safety margin to enhance systems these conditions in meeting the requirements of this section. reliability. Defense-in-depth is achieved by providing multiple layers of protection, systems, and/or barriers to avoid (or provide the capability to tolerate) failures that would prevent the accomplishment of a function. | |||
Diversity and separation provide protection against dependent failures of multiple (usually identical) means of accomplishing needed functions due to a shared cause (i.e., common cause failures). | |||
Operational requirements (i.e., security responses providing interdiction and neutralization functions) provide defense-in-depth by using layers of protection and by accounting for uncertainties (e.g., equipment malfunction, human factors, neutralized or operationally ineffective responses, etc.) to perform required interdiction and neutralization function at all plant areas. The NRCs philosophy applies to the design of a physical protection program, which integrates engineered controls and administrative controls, to provide reasonable assurance of protection against the DBT for radiological sabotage. | |||
4 | |||
(4) The licensee must establish, maintain, and implement a § 73.100(b)(4) - The performance evaluation program performance evaluation program to assess the effectiveness of the periodically tests and evaluates the effectiveness of licensees implementation of the physical protection program to the physical protection program designed to protect protect against the design basis threat of radiological sabotage. against the DBT, including the security response performing the functions of interdiction/neutralization for implementing the licensee protective strategy. | |||
(5) The licensee must establish, maintain, and implement an access § 73.100(b)(5) - Implement an access authorization authorization program in accordance with § 73.56 and must describe program in accordance with § 73.56. | |||
the program in the Physical Security Plan. | |||
(6) The licensee must establish, maintain, and implement a cyber § 73.100(b)(6) - Establish, maintain, and implement security program in accordance with § 73.110 and must describe the protection against a cyber attack based on the program in the Cyber Security Plan. proposed cyber security program described in § 73.110. This is an alternative to of the program described in § 73.54. | |||
(7) The licensee must establish, maintain, and implement an insider § 73.100(b)(7) - Insider mitigation measures and mitigation program and must describe the program in the Physical program to protect against the DBT insider (passive, Security Plan. active, and violent). | |||
(i) The insider mitigation program must monitor the initial and continuing trustworthiness and reliability of individuals granted or retaining unescorted access or unescorted access authorization, and implement defense-in-depth methodologies to minimize the potential for an insider (active, passive, or both) to adversely affect, either directly or indirectly, the licensees capability to protect against radiological sabotage. | |||
(ii) The insider mitigation program must integrate elements of: | |||
(A) The access authorization program described in § 73.56; (B) The fitness-for-duty program described in part 26 of this chapter; (C) The cyber security program described in § 73.110; and (D) The physical protection programs described in this section. | |||
5 | |||
(8) The licensee must use the site corrective action program to track, trend, correct, and prevent recurrence of failures and deficiencies in the implementation of the requirements of this section. | |||
(9) Implementation of security operations and plans must be coordinated with plant operations and plans to preclude conflict during both normal and emergency conditions and ensure the adequate management of the safety and security interface. | |||
(c) Security organization. The licensee must establish and § 73.100(c) - This paragraph outlines the maintain a security organization that is staffed, trained, qualified, and requirements for the composition, equipping, and equipped to implement the physical protection program in training of the security organization. The intent is that accordance with the requirements of this section. the security organization will focus on the effective implementation of the physical protection program. | |||
Individuals assigned to perform physical protection or (1) The licensee must establish a management system for contingency response duties must be trained, maintaining and implementing security policies and procedures to equipped, and qualified to perform assigned duties implement the requirements of this section and the security plans. and responsibilities whether that individual is a member of the security organization or not. | |||
(2) Implementing procedures must document the conduct of security Developed from § 73.55(b)(7) Security implementing operations, design and configuration controls, maintenance, training procedures and § 73.55(d) Security organization. | |||
and qualification, and contingency responses. | |||
(3) The licensee must: | |||
(i) Establish a process for the approval of designs, policies, processes, and procedures and changes by the individual with overall responsibility for the physical protection program. | |||
(ii) Ensure that revisions and changes to the physical protection program and implementing policies, processes, and procedures satisfy the requirements of this section. | |||
(4) The licensee must retain, in accordance with § 73.70, all analyses, assessments, calculations and descriptions of the technical basis for meeting the performance requirements of § 73.100(b). | |||
Safeguards information must protect these records in accordance with the requirements of § 73.21. | |||
6 | |||
(5) The licensee may not permit any individual to implement any part of the physical protection program unless the individual has been trained, equipped, and qualified to perform their assigned duties and responsibilities in accordance with the Training and Qualification Plan. | |||
(d) Search requirements. The licensee must establish and § 73.100(d) - This paragraph establishes a implement searches to detect and prevent the introduction of performance requirement for searches of personnel, firearms, explosives, incendiary devices, or other items and material vehicles, and materials for the protection against which could be used to commit radiological sabotage. The program radiological sabotage. The rule text eliminates the must accomplish this through search of individuals, vehicles, and categorization of it as a program. The broad materials consistent with the performance requirements of paragraph categories of material (explosives, firearms, (b)of this section. incendiary devices, etc.) that will be prohibited are not prescribed but will be stated in the licensee security plans with detailed descriptions being identified in implementation procedures. | |||
(e) Security reviews. The licensee must establish and implement § 73.100(e) - This paragraph ensures effective security reviews to assess the effectiveness of the implementation of implementation of the physical protection program the physical protection program and the requirements in this section. and through periodic reviews of the program. This Security reviews must be performed by individuals independent of those proposed rule text was developed from 73.55(m) to personnel responsible for program management and any individual who review each element of the physical protection has direct responsibility for implementing the onsite physical protection program by individuals independent of those program personnel responsible for program management and any individual who has direct responsibility for (1) The licensee must review each element of the physical protection implementing the onsite physical protection program. | |||
program at a frequency commensurate with the importance or significance to safety of plant operations, to ensure timely identification and documentation of vulnerabilities, improvements, and corrective actions. The objective of these reviews must be maintaining effective implementation of the engineered and administrative controls required to achieve the physical protection program functions and the management system required to implement programs and requirements in this section. | |||
(2) The licensee must establish, maintain, and perform a 7 | |||
self-assessment to ensure the effective implementation of the physical protection program functions of detection, assessment, communication, delay, and interdiction and neutralization to protect against the design basis threat of radiological sabotage. The licensee must perform design verification and assessments of the capabilities of active and passive engineering systems relied on to protect against the design basis threat. | |||
(f) Performance evaluation. Licensee performance evaluation must: | |||
(1) establish methods appropriate and necessary to assess, test, and challenge the integration of the physical protection programs functions to protect against the design basis threat, measures protecting against cyber attack, and engineered systems designed to protect against the design basis threat standalone ground vehicle bomb attack. | |||
(2) The licensee must establish the appropriate and necessary frequencies for performance evaluations, verifications, and assessments based on the importance, security significance, reliability, and availability of physical protection program functions and implementation of programs and requirements in this section. | |||
(3) The licensee must document processes and procedures and maintain records, including results, findings, and corrective actions, for implementing the performance evaluations, verifications, and assessments. | |||
(g) Maintenance, testing, and calibration and corrective actions. (1) § 73.100(g) - This paragraph establishes The licensee must ensure that security systems and equipment, performance requirements for maintaining security including supporting systems, are inspected, tested, and/or calibrated structures, systems, or components (SSC) relied on for operability and performance at intervals necessary and sufficient to perform security functions to protect against the to meet the requirements in this section. DBT and implementing security programs. It includes corrective actions to be taken by a licensee in (2) The licensee must implement corrective actions necessary and response to a failure or degradation of security sufficient to ensure resolution of identified vulnerabilities and equipment to perform its intended functions and deficiencies to meet the requirements in this section. implementation of security programs. The draft rule requires that the licensee will maintain the SSCs 8 | |||
(3) The licensee must establish and implement timely compensatory described in its design and licensing basis to assure measures for degraded or inoperable security systems, equipment, that they are reliable and available. | |||
and components to meet the requirements of this section. | |||
Compensatory measures must provide a level of protection that is equivalent to the protection that was provided by the degraded or inoperable, systems, equipment, or components. | |||
(4) The licensee must document processes and procedures and maintain records for implementing the corrective actions, compensatory measures, and maintenance, inspection, testing, and calibration of security structures, systems, and equipment. | |||
(h) Suspension of security measures. (1) The licensee may suspend § 73.100(h) - This paragraph establishes implementation of affected requirements of this section in accordance requirements for the suspension of security measures with §§ 50.54(x) and 50.54(y) of this chapter under the following in response to emergency and extraordinary conditions: conditions. The requirements of this paragraph are intended to provide flexibility to a licensee for taking (i) In an emergency, when action is immediately needed to protect the reasonable actions that depart from an approved public health and safety; and security plan in an emergency when such actions are (ii) During severe weather, when the suspension of affected security immediately needed to protect the public health and measures is immediately needed to protect the personal health and safety and no action consistent with license conditions safety of personnel. and technical specifications that can provide (2) Suspended security measures must be reinstated as soon as adequate or equivalent protection is immediately conditions permit. apparent in accordance with § 50.54(x) and (y) or similar applicable regulations as identified in Part 53. | |||
(3) The suspension of security measures must be reported and documented in accordance with the provisions of § 73.71. | |||
(i) Records. (1) The licensee must maintain all records required to be kept by Commission regulations, orders, or license conditions, until the Commission terminates the license for which the records were developed, and must maintain superseded portions of these records for at least 3 years after the record is superseded, unless otherwise specified by the Commission. | |||
(2) If a contracted security force is used to implement the onsite physical protection program, the licensees written agreement with 9 | |||
the contractor must be retained by the licensee as a record for the duration of the contract. | |||
(3) All records must be available for inspection, for a period of 3 years. | |||
10}} | |||
Revision as of 07:35, 9 September 2021
| ML21145A047 | |
| Person / Time | |
|---|---|
| Issue date: | 06/02/2021 |
| From: | Robert Beall NRC/NMSS/DREFS/RRPB |
| To: | |
| Beall, Robert | |
| Shared Package | |
| ML20289A534 | List:
|
| References | |
| 10 CFR Part 53, 10 CFR Part 73, NRC-2019-0062, RIN 3150-AK31 | |
| Download: ML21145A047 (10) | |
Text
THIS PRELIMINARY PROPOSED RULE LANGUAGE AND ACCOMPANYING DISCUSSION IS BEING RELEASED TO SUPPORT INTERACTIONS WITH STAKEHOLDERS AND THE ADVISORY COMMITTEE ON REACTOR SAFEGUARDS (ACRS). THIS LANGUAGE HAS NOT BEEN SUBJECT TO COMPLETE NRC MANAGEMENT OR LEGAL REVIEW, AND ITS CONTENTS SHOULD NOT BE INTERPRETED AS OFFICIAL AGENCY POSITIONS.
THE NRC STAFF PLANS TO CONTINUE WORKING ON THE CONCEPTS AND DETAILS PROVIDED IN THIS DOCUMENT AND WILL CONTINUE TO PROVIDE OPPORTUNITIES FOR PUBLIC PARTICIPATION AS PART OF THE RULEMAKING ACTIVITIES.
THE STAFF IS PRIMARILY SEEKING INSIGHTS REGARDING THE CONCEPTS IN THIS PRELIMINARY LANGUAGE AND SECONDARILY SEEKING INSIGHTS RELATED TO DETAILS SUCH AS NUMERICAL VALUES FOR VARIOUS CRITERIA.
STAFF DISCUSSION OF PART 73 PHYSICAL SECURITY - PRELIMINARY RULE LANGUAGE (June 2021)
Preliminary Language Discussion PHYSICAL SECURITY FOR ADVANCED NUCLEAR REACTORS
§ 73.100 - Technology neutral requirements for physical The proposed new section of 10 CFR 73.100 in Part protection of licensed activities at advanced nuclear plants 73 provides a regulatory framework based on against radiological sabotage. performance requirements that minimize or eliminate prescriptive requirements (compared to 10 CFR 73.55) to permit the applicant/licensee the maximum flexibility to determine how it will design and implement the physical protection necessary to protect against the design basis threat (DBT) and security of the plant for activities involving nuclear material.
(a) Introduction. (1) An advanced nuclear plant licensee under The current physical security requirements use a 10 CFR part 53 who does not meet the criterion in 10 CFR combination of performance criteria (e.g., the physical 53.830(a)(2)(i) must implement the requirements of this section protection program must protect against the DBT for through its Commission-approved Physical Security Plan, Training radiological sabotage as stated in 10 CFR 73.1) and and Qualification Plan, Safeguards Contingency Plan, and Cyber numerous prescriptive requirements developed to Security Plan, referred to collectively hereafter as security plans. achieve the performance objective. In a performance-based approach to physical security, performance (2) The security plans must identify, describe, and account for site- criteria and objectives are the primary basis for specific conditions that affect the licensees capability to satisfy the regulatory decision making, giving the licensee the requirements of this section. flexibility to determine how to meet the established 1
performance criteria for an effective physical protection program.
(b) General performance objective and requirements. (1) The § 73.100(b) - This paragraph outlines the general licensee must establish and maintain a physical protection program performance objective and design requirements of the and a security organization, which will have as their objective to licensee physical protection program. Licensees are provide reasonable assurance that activities involving special nuclear required to provide protection against the design material are not inimical to the common defense and security and do basis threat of radiological sabotage. To accomplish not constitute an unreasonable risk to the public health and safety. this, the physical protection program is designed to The design and implementation of the physical protection program protect against any deliberate act against the plant or must achieve and maintain at all time the capabilities for meeting the against a component of such a plant, including spent following performance requirements: fuel sabotage, which could directly or indirectly endanger the public health and safety by exposure to (i) Intrusion detection systems. Physical security structures, radiation.
systems, and components relied on for interior and exterior intrusion detection functions must be designed to detect attempted and actual The design requirements of this section also require unauthorized access. The design must provide diverse methods for licensees to conduct a site specific analysis that achieving the intended intrusion detection functions, sufficient to accounts for site conditions and utilizes the integration ensure the reliability and availability of systems and components.
of systems, technologies, programs, equipment, (ii) Intrusion assessment systems. Physical security structures, supporting processes, and implementing procedures.
systems, and components relied on for intrusion assessment The physical protection program is supported by the functions must be designed to provide rapid remote assessment for access authorization, cyber security, and insider determining cause and initiating appropriate security responses. The mitigation programs to meet the general performance design must provide diverse methods for achieving the intended objective of this section. The effectiveness of the intrusion assessment functions, sufficient to ensure the reliability and physical protection program is measured through availability of systems and components. implementation of the performance evaluation (iii) Security communication systems. Structures, systems, and program.
components relied on for security communications must be designed to provide continuity and integrity of communications. § 73.100(b)(i) - b(vi) - The general performance Communication systems must account for design basis threats that objective and requirements are informed by can interrupt or interfere with continuity or integrity of § 73.55(b) and the Security Design Considerations communications. The design must provide diverse and redundant that were developed in March 2017 - Non-LWR methods for achieving the intended communication functions. Physical and Cyber Security Design Considerations (FRN - ML17060A456). These considerations, if (iv) Security delay systems. Structures, systems, and components adequately implemented through a detailed design of relied on for delay functions must be designed to provide for timely the physical protection program, along with the 2
security responses to adversary attacks with adequate defense-in- adequate implementation of administrative controls depth. and security programs, provide reasonable assurance that a licensee can protect a nuclear power reactor (v) Security response. Engineered physical security structures, against the DBT of radiological sabotage. Consistent systems, and components performing neutralization functions and with the Commissions Policy Statement on the engineered fighting positions relied on to protect security personnel Regulation of Advanced Reactors, these performing neutralization functions must be designed to provide considerations should be considered early in the overlapping fields of fire. The design configuration must provide design process.
layers of security response, with each layer assuring that a single failure does not result in the loss of capability to neutralize the design The performance objective of protecting against the basis threat adversary.
DBT of radiological sabotage is achieved by the (vi) Control measures protecting against land and waterborne design and implementation of the physical protection vehicle bomb assaults. Physical security structures, systems, and program, maintained at all times, with the following components, in conjunction with site-specific natural features, that performance requirements:
are relied on to protect against a design basis threat land vehicle and waterborne vehicle bomb assault must be designed to protect of the
- Intrusion detection systems reactor building and structures containing safety or security related
- Intrusion assessment systems structures, systems, and components from explosive effects that are
- Security communication systems.
based on the maximum design basis threat quantity of explosives.
- Security delay systems The vehicle control measures (passive and active barrier systems) to
- Security response deny land or waterborne vehicle bomb assaults must be located at a
- Control measures protecting against land and bounding minimum safe stand-off distance to adequately protect all waterborne vehicle bomb assaults structures, systems, and components required for safety and
- Access control portals security.
(vii) Access control portals: Access control portals must be The proposed performance requirements permit the designed to detect and deny unauthorized access to persons and designer/applicant/licensee to determine how to pass-through of contraband materials (e.g., weapons, incendiaries, design the physical protection program to protect the explosives). The design must provide diverse and redundant plant against the DBT of radiological sabotage, methods for achieving the intended intrusion access control without the constraints of prescriptive requirements functions. such as those currently found in 10 CFR 73.55.
(2) To satisfy the general performance objective and requirements of § 73.100(b)(2) -This proposed section is developed paragraph (b)(1) of this section, the physical protection program must from 73.55(b)(3). The proposed language removes protect against the design basis threat of radiological sabotage as reference to significant core damage, which applies 3
stated in § 73.1 of this part. Specifically, the licensee must mainly to light-water reactor technology, and focuses on radiological sabotage in order to be technology (i) Ensure that the physical protection program capabilities to protect neutral and incorporate the rationale from the limited against the design basis threat of radiological sabotage are scope Physical Security for Advanced Reactors maintained at all times. Rulemaking that is currently ongoing.
(ii) Provide defense-in-depth in achieving performance requirements Defense-in-depth - The designs of physical security through the integration of engineered systems, administrative systems should employ defense-in-depth through controls, and management measures to assure effectiveness of the systems diversity, independence, and separation to physical protection program to protect the plant against the design achieve reasonable assurance that intended security basis threat of radiological sabotage. functions meet all performance criteria. The defense-in-depth philosophy applies to measures against (3) The licensee must identify and analyze site-specific conditions intentional acts. The most common defense-in-depth that may affect the physical protection program needed to implement measures apply concepts of redundancy, diversity, the requirements of this section. The licensee must account for independence, and safety margin to enhance systems these conditions in meeting the requirements of this section. reliability. Defense-in-depth is achieved by providing multiple layers of protection, systems, and/or barriers to avoid (or provide the capability to tolerate) failures that would prevent the accomplishment of a function.
Diversity and separation provide protection against dependent failures of multiple (usually identical) means of accomplishing needed functions due to a shared cause (i.e., common cause failures).
Operational requirements (i.e., security responses providing interdiction and neutralization functions) provide defense-in-depth by using layers of protection and by accounting for uncertainties (e.g., equipment malfunction, human factors, neutralized or operationally ineffective responses, etc.) to perform required interdiction and neutralization function at all plant areas. The NRCs philosophy applies to the design of a physical protection program, which integrates engineered controls and administrative controls, to provide reasonable assurance of protection against the DBT for radiological sabotage.
4
(4) The licensee must establish, maintain, and implement a § 73.100(b)(4) - The performance evaluation program performance evaluation program to assess the effectiveness of the periodically tests and evaluates the effectiveness of licensees implementation of the physical protection program to the physical protection program designed to protect protect against the design basis threat of radiological sabotage. against the DBT, including the security response performing the functions of interdiction/neutralization for implementing the licensee protective strategy.
(5) The licensee must establish, maintain, and implement an access § 73.100(b)(5) - Implement an access authorization authorization program in accordance with § 73.56 and must describe program in accordance with § 73.56.
the program in the Physical Security Plan.
(6) The licensee must establish, maintain, and implement a cyber § 73.100(b)(6) - Establish, maintain, and implement security program in accordance with § 73.110 and must describe the protection against a cyber attack based on the program in the Cyber Security Plan. proposed cyber security program described in § 73.110. This is an alternative to of the program described in § 73.54.
(7) The licensee must establish, maintain, and implement an insider § 73.100(b)(7) - Insider mitigation measures and mitigation program and must describe the program in the Physical program to protect against the DBT insider (passive, Security Plan. active, and violent).
(i) The insider mitigation program must monitor the initial and continuing trustworthiness and reliability of individuals granted or retaining unescorted access or unescorted access authorization, and implement defense-in-depth methodologies to minimize the potential for an insider (active, passive, or both) to adversely affect, either directly or indirectly, the licensees capability to protect against radiological sabotage.
(ii) The insider mitigation program must integrate elements of:
(A) The access authorization program described in § 73.56; (B) The fitness-for-duty program described in part 26 of this chapter; (C) The cyber security program described in § 73.110; and (D) The physical protection programs described in this section.
5
(8) The licensee must use the site corrective action program to track, trend, correct, and prevent recurrence of failures and deficiencies in the implementation of the requirements of this section.
(9) Implementation of security operations and plans must be coordinated with plant operations and plans to preclude conflict during both normal and emergency conditions and ensure the adequate management of the safety and security interface.
(c) Security organization. The licensee must establish and § 73.100(c) - This paragraph outlines the maintain a security organization that is staffed, trained, qualified, and requirements for the composition, equipping, and equipped to implement the physical protection program in training of the security organization. The intent is that accordance with the requirements of this section. the security organization will focus on the effective implementation of the physical protection program.
Individuals assigned to perform physical protection or (1) The licensee must establish a management system for contingency response duties must be trained, maintaining and implementing security policies and procedures to equipped, and qualified to perform assigned duties implement the requirements of this section and the security plans. and responsibilities whether that individual is a member of the security organization or not.
(2) Implementing procedures must document the conduct of security Developed from § 73.55(b)(7) Security implementing operations, design and configuration controls, maintenance, training procedures and § 73.55(d) Security organization.
and qualification, and contingency responses.
(3) The licensee must:
(i) Establish a process for the approval of designs, policies, processes, and procedures and changes by the individual with overall responsibility for the physical protection program.
(ii) Ensure that revisions and changes to the physical protection program and implementing policies, processes, and procedures satisfy the requirements of this section.
(4) The licensee must retain, in accordance with § 73.70, all analyses, assessments, calculations and descriptions of the technical basis for meeting the performance requirements of § 73.100(b).
Safeguards information must protect these records in accordance with the requirements of § 73.21.
6
(5) The licensee may not permit any individual to implement any part of the physical protection program unless the individual has been trained, equipped, and qualified to perform their assigned duties and responsibilities in accordance with the Training and Qualification Plan.
(d) Search requirements. The licensee must establish and § 73.100(d) - This paragraph establishes a implement searches to detect and prevent the introduction of performance requirement for searches of personnel, firearms, explosives, incendiary devices, or other items and material vehicles, and materials for the protection against which could be used to commit radiological sabotage. The program radiological sabotage. The rule text eliminates the must accomplish this through search of individuals, vehicles, and categorization of it as a program. The broad materials consistent with the performance requirements of paragraph categories of material (explosives, firearms, (b)of this section. incendiary devices, etc.) that will be prohibited are not prescribed but will be stated in the licensee security plans with detailed descriptions being identified in implementation procedures.
(e) Security reviews. The licensee must establish and implement § 73.100(e) - This paragraph ensures effective security reviews to assess the effectiveness of the implementation of implementation of the physical protection program the physical protection program and the requirements in this section. and through periodic reviews of the program. This Security reviews must be performed by individuals independent of those proposed rule text was developed from 73.55(m) to personnel responsible for program management and any individual who review each element of the physical protection has direct responsibility for implementing the onsite physical protection program by individuals independent of those program personnel responsible for program management and any individual who has direct responsibility for (1) The licensee must review each element of the physical protection implementing the onsite physical protection program.
program at a frequency commensurate with the importance or significance to safety of plant operations, to ensure timely identification and documentation of vulnerabilities, improvements, and corrective actions. The objective of these reviews must be maintaining effective implementation of the engineered and administrative controls required to achieve the physical protection program functions and the management system required to implement programs and requirements in this section.
(2) The licensee must establish, maintain, and perform a 7
self-assessment to ensure the effective implementation of the physical protection program functions of detection, assessment, communication, delay, and interdiction and neutralization to protect against the design basis threat of radiological sabotage. The licensee must perform design verification and assessments of the capabilities of active and passive engineering systems relied on to protect against the design basis threat.
(f) Performance evaluation. Licensee performance evaluation must:
(1) establish methods appropriate and necessary to assess, test, and challenge the integration of the physical protection programs functions to protect against the design basis threat, measures protecting against cyber attack, and engineered systems designed to protect against the design basis threat standalone ground vehicle bomb attack.
(2) The licensee must establish the appropriate and necessary frequencies for performance evaluations, verifications, and assessments based on the importance, security significance, reliability, and availability of physical protection program functions and implementation of programs and requirements in this section.
(3) The licensee must document processes and procedures and maintain records, including results, findings, and corrective actions, for implementing the performance evaluations, verifications, and assessments.
(g) Maintenance, testing, and calibration and corrective actions. (1) § 73.100(g) - This paragraph establishes The licensee must ensure that security systems and equipment, performance requirements for maintaining security including supporting systems, are inspected, tested, and/or calibrated structures, systems, or components (SSC) relied on for operability and performance at intervals necessary and sufficient to perform security functions to protect against the to meet the requirements in this section. DBT and implementing security programs. It includes corrective actions to be taken by a licensee in (2) The licensee must implement corrective actions necessary and response to a failure or degradation of security sufficient to ensure resolution of identified vulnerabilities and equipment to perform its intended functions and deficiencies to meet the requirements in this section. implementation of security programs. The draft rule requires that the licensee will maintain the SSCs 8
(3) The licensee must establish and implement timely compensatory described in its design and licensing basis to assure measures for degraded or inoperable security systems, equipment, that they are reliable and available.
and components to meet the requirements of this section.
Compensatory measures must provide a level of protection that is equivalent to the protection that was provided by the degraded or inoperable, systems, equipment, or components.
(4) The licensee must document processes and procedures and maintain records for implementing the corrective actions, compensatory measures, and maintenance, inspection, testing, and calibration of security structures, systems, and equipment.
(h) Suspension of security measures. (1) The licensee may suspend § 73.100(h) - This paragraph establishes implementation of affected requirements of this section in accordance requirements for the suspension of security measures with §§ 50.54(x) and 50.54(y) of this chapter under the following in response to emergency and extraordinary conditions: conditions. The requirements of this paragraph are intended to provide flexibility to a licensee for taking (i) In an emergency, when action is immediately needed to protect the reasonable actions that depart from an approved public health and safety; and security plan in an emergency when such actions are (ii) During severe weather, when the suspension of affected security immediately needed to protect the public health and measures is immediately needed to protect the personal health and safety and no action consistent with license conditions safety of personnel. and technical specifications that can provide (2) Suspended security measures must be reinstated as soon as adequate or equivalent protection is immediately conditions permit. apparent in accordance with § 50.54(x) and (y) or similar applicable regulations as identified in Part 53.
(3) The suspension of security measures must be reported and documented in accordance with the provisions of § 73.71.
(i) Records. (1) The licensee must maintain all records required to be kept by Commission regulations, orders, or license conditions, until the Commission terminates the license for which the records were developed, and must maintain superseded portions of these records for at least 3 years after the record is superseded, unless otherwise specified by the Commission.
(2) If a contracted security force is used to implement the onsite physical protection program, the licensees written agreement with 9
the contractor must be retained by the licensee as a record for the duration of the contract.
(3) All records must be available for inspection, for a period of 3 years.
10