|
|
| Line 1: |
Line 1: |
| {{Adams | | {{Adams |
| | number = ML22084A021 | | | number = ML22214B098 |
| | issue date = 03/28/2022 | | | issue date = 08/04/2022 |
| | title = Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000424/2022401; 05000425/2022401 | | | title = Cyber Security Inspection Report 05000424/2022401 and 05000425/2022401 |
| | author name = Braaten P, Mccoy G | | | author name = Mccoy G |
| | author affiliation = NRC/RGN-II/DRS/EB2 | | | author affiliation = NRC/RGN-II/DRS/EB2 |
| | addressee name = Gayheart C | | | addressee name = Gayheart C |
| Line 12: |
Line 12: |
| | document report number = IR 2022401 | | | document report number = IR 2022401 |
| | document type = Inspection Report, Letter | | | document type = Inspection Report, Letter |
| | page count = 8 | | | page count = 9 |
| }} | | }} |
|
| |
|
| Line 18: |
Line 18: |
|
| |
|
| =Text= | | =Text= |
| {{#Wiki_filter:March 28, 2022 | | {{#Wiki_filter:August 4, 2022 |
|
| |
|
| ==SUBJECT:== | | ==SUBJECT:== |
| VOGTLE ELECTRIC GENERATING PLANT - INFORMATION REQUEST FOR THE CYBER-SECURITY BASELINE INSPECTION, NOTIFICATION TO PERFORM INSPECTION 05000424/2022401; 05000425/2022401 | | VOGTLE ELECTRIC GENERATING PLANT - CYBER SECURITY INSPECTION REPORT 05000424/2022401 AND 05000425/2022401 |
|
| |
|
| ==Dear Mrs. Gayheart:== | | ==Dear Ms. Gayheart:== |
| On June 27, 2022, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline inspection in accordance with Inspection Procedure (IP) 71130.10 Cyber-Security, Revision 0, at your Vogtle Electric Generating Plant. The inspection will be performed to evaluate and verify your ability to provide assurance that your digital computer and communication systems and networks associated with safety, security, or emergency preparedness (SSEP) functions are adequately protected against cyber-attacks in accordance with Title 10 of the Code of Federal Regulations (10 CFR) 73.54 and the U.S. Nuclear Regulatory Commission (NRC) approved cyber security plan (CSP). The onsite portion of the inspection will take place during the week of June 27, 2022. | | On June 30, 2022, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Vogtle Electric Generating Plant and discussed the results of this inspection with Mr. Rob Norris and other members of your staff. The results of this inspection are documented in the enclosed report. |
|
| |
|
| Experience has shown that baseline inspections are extremely resource intensive, both for the NRC inspectors and the licensee staff. To minimize the inspection impact on the site and to ensure a productive inspection for both parties, we have enclosed a request for documents needed for the inspection. These documents have been divided into four groups.
| | No findings or violations of more than minor significance were identified during this inspection. |
|
| |
|
| The first group specifies information necessary to assist the inspection team in choosing the focus areas (i.e., sample set) to be inspected by the cyber-security IP. This information should be made available electronically no later than April 29, 2022. The inspection team will review this information and, by May 13, 2022, will request the specific items that should be provided for review. This second group of additional requested documents will assist the inspection team in the evaluation of the critical systems and critical digital assets (CSs/CDAs), defensive architecture, and the areas of the licensees CSP selected for the cyber-security inspection. We request that the information provided from the second RFI be made available to the regional office prior to the inspection by June 17, 2022. The third group of requested documents consists of those items that the inspection team will review, or need access to, during the inspection. Please have this information available by the first day of the onsite inspection, June 27, 2022.
| | This letter, its enclosure, and your response (if any) will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding. |
|
| |
|
| The fourth group of information is necessary to aid the inspection team in tracking issues identified as a result of the inspection. It is requested that this information be provided to the lead inspector as the information is generated during the inspection. It is important that all these documents are up to date and complete in order to minimize the number of additional documents requested during the preparation and/or the onsite portions of the inspection.
| | Sincerely, Signed by McCoy, Gerald on 08/04/22 Gerald J. McCoy, Chief Engineering Br 2 Division of Reactor Safety Docket Nos. 05000424 and 05000425 License Nos. NPF-68 and NPF-81 |
|
| |
|
| The lead inspector for this inspection is Philipp Braaten. We understand that our regulatory contact for this inspection is Kevin Walden of your organization. If there are any questions about the inspection or the material requested, please contact the lead inspector at (404) 997-4651 or via e-mail at Philipp.braaten@nrc.gov.
| | ===Enclosure:=== |
| | As stated |
|
| |
|
| This letter does not contain new or amended information collection requirements subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection requirements were approved by the Office of Management and Budget, control number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget control number.
| | ==Inspection Report== |
| | Docket Numbers: 05000424 and 05000425 License Numbers: NPF-68 and NPF-81 Report Numbers: 05000424/2022401 and 05000425/2022401 Enterprise Identifier: I-2022-401-0061 Licensee: Southern Nuclear Operating Co. |
|
| |
|
| In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding, of the NRC's "Rules of Practice," a copy of this letter and its enclosure will be available electronically for public inspection in the NRCs Public Document Room or from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
| | Facility: Vogtle Electric Generating Plant Location: Waynesboro, GA Inspection Dates: June 27, 2022 to July 01, 2022 Inspectors: P. Braaten, Senior Reactor Inspector A. Konkal, Contractor A. Prada, Contractor M. Singletary, Reactor Inspector Approved By: Gerald J. McCoy, Chief Engineering Br 2 Division of Reactor Safety Enclosure |
|
| |
|
| Sincerely, Signed by McCoy, Gerald on 03/28/22 Gerald McCoy, Branch Chief Engineering Branch 2 Division of Reactor Safety Docket Nos. 05000424; 05000425 License Nos. NPF-68; NPF-81 Enclosure:
| | =SUMMARY= |
| Vogtle Electric Generating Plant Cyber-Security Inspection Document Request cc w/encl: Distribution via LISTSERV
| | The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at Vogtle Electric Generating Plant, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information. |
|
| |
|
| ML22084A021 X Non-Sensitive X Publicly Available X SUNSI Review Sensitive Non-Publicly Available OFFICE RII/DRS RII/DRS NAME P. Braaten G. McCoy DATE 03/28/2022 03/28/2022
| | ===List of Findings and Violations=== |
|
| |
|
| VOGTLE ELECTRIC GENERATING PLANT CYBER-SECURITY INSPECTION DOCUMENT REQUEST Inspection Report: 05000424/2022401; 05000425/2022401 Inspection Dates: June 27-July 1, 2022 Inspection Procedure: IP 71130.10, Cyber-Security, Revision 0 (Effective: 01/01/2022)
| | No findings or violations of more than minor significance were identified. |
| Reference: Guidance Document for Development of the Request for Information (RFI) and Notification Letter for Full-Implementation of the Cyber-Security Inspection, Rev. 2 (Issued: 11/22/2021)
| |
| NRC Inspectors: Philipp Braaten, Lead Melana Singletary 404-997-4651 404-997-4752 philipp.braaten@nrc.gov melana.singletary@nrc.gov NRC Contractors: Al Konkal Alex Prada 561-989-0210 301-415-7000 alan.konkal@nrc.gov alexander.prada@nrc.gov I. Information Requested for In-Office Preparation The initial request for information (i.e., first RFI) concentrates on providing the inspection team with the general information necessary to select appropriate components and CSP elements to develop a site-specific inspection plan. The first RFI is used to identify the list of critical systems and critical digital assets (CSs/CDAs) plus operational and management (O&M) security control portions of the CSP to be chosen as the sample set required to be inspected by the cyber-security IP. The first RFIs requested information is specified below in Table RFI #1. The Table RFI #1 information is requested to be provided to the regional office by April 29, 2022, or sooner, to facilitate the selection of the specific items that will be reviewed during the onsite inspection weeks.
| |
|
| |
|
| The inspection team will examine the returned documentation from the first RFI and identify/select specific systems and equipment (e.g., CSs/CDAs) to provide a more focused follow-up request to develop the second RFI. The inspection team will submit the specific systems and equipment list to your staff by May 13, 2022, which will identify the specific systems and equipment that will be utilized to evaluate the CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the cyber-security inspection. We request that the additional information provided from the second RFI be made available to the regional office prior to the inspection by June 17, 2022. All requests for information shall follow the guidance document U.S. NRC - Guidance Document for Development of the Request for Information (RFI)
| | ===Additional Tracking Items=== |
| and Notification Letter for Full Implementation of the Cyber-Security Inspection, referenced above.
| | None. |
|
| |
|
| VOGTLE ELECTRIC GENERATING PLANT CYBER-SECURITY INSPECTION DOCUMENT REQUEST The required Table RFI 1 information shall be provided electronically to the lead inspector by April 29, 2022. The preferred file format for all lists is a searchable Excel spreadsheet file. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
| | =INSPECTION SCOPES= |
|
| |
|
| Table RFI #1 Paragraph Number/Title: IP Ref A list of all Identified Critical Systems and Critical Digital Assets, -
| | Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards. |
| highlight/note any additions, deletions, reclassifications due to new 1 Overall guidance from white papers, changes to NEI 10-04, 13-10, etc. since the last cyber security inspection.
| |
|
| |
|
| A list of EP and Security onsite and offsite digital communication 2 Overall systems.
| | ==SAFEGUARDS== |
| | ==71130.10 - Cybersecurity== |
|
| |
|
| Network Topology Diagrams to include information and data flow for 3 Overall critical systems in levels 2, 3, and 4 (If available).
| | The inspectors reviewed implementation of Vogtles Cyber Security Plan (CSP) and focused on |
|
| |
|
| 4 Ongoing Monitoring and Assessment program documentation. 03.01(a)
| | ===evaluating changes to the program, critical systems, and CDAs. |
| 5 The most recent effectiveness analysis of the Cyber Security Program. 03.01(b)
| | Cybersecurity=== |
| 6 Vulnerability screening/assessment and scan program documentation. 03.01(c)
| | {{IP sample|IP=IP 71130.10|count=1}} |
| Cyber Security Incident Response program documentation, including incident detection, response, and recovery documentation as well as 03.02(a)
| | : (1) The following IP sections were completed and constitute completion of 1 sample: |
| 7 contingency plan development, implementation, and including any and program documentation that requires testing of security boundary 03.04(b)
| | 03.01, Review Ongoing Monitoring and Assessment Activities 03.02, Verify Defense-in-Depth Protective Strategies 03.03, Review of Configuration Management Change Control 03.05, Evaluation of Corrective Actions In addition to the systems and programs that have been added or modified since the last cyber security inspection, the following systems were selected for inspection. |
| device functionality.
| |
|
| |
|
| 8 Device Access and Key Control program documentation. 03.02(c)
| | Unit 1 Plant Security Computer Main Feedwater Control Emergency Diesel Generators Integrated Plant Computer Unit 2 Plant Security Computer Integrated Plant Computer |
| 9 Password/Authenticator program documentation. 03.02(c)
| |
| 10 User Account/Credential and Authentication program documentation. 03.02(d)
| |
| Portable Media and Mobile Device control program documentation, 11 03.02(e)
| |
| including kiosk security control assessment/documentation.
| |
|
| |
|
| Design change/ modification program documentation and a list of all design changes completed since the last cyber security inspection, 12 03.03(a)
| | ==INSPECTION RESULTS== |
| including either a summary of the design change or the 50.59 documentation for the change.
| | No findings were identified. |
|
| |
|
| Supply Chain Management program documentation including a list of 03.03(a),
| | ==EXIT MEETINGS AND DEBRIEFS== |
| | The inspectors verified no proprietary information was retained or documented in this report. |
|
| |
|
| security impact analysis for new acquisitions. (b) and (c) | | On June 30, 2022, the inspectors presented the cyber security inspection results to Mr. |
|
| |
|
| VOGTLE ELECTRIC GENERATING PLANT CYBER-SECURITY INSPECTION DOCUMENT REQUEST Table RFI #1 Paragraph Number/Title: IP Ref Configuration Management program documentation including a list of 03.03(a)
| | Rob Norris and other members of the licensee staff. |
| 14 security impact analysis performed due to configuration changes since and (b)
| |
| the last cyber inspection. | |
|
| |
|
| Cyber Security Plan and any 50.54(p) analysis to support changes to 15 03.04(a)
| | =DOCUMENTS REVIEWED= |
| the plan since the last inspection.
| |
|
| |
|
| 16 Cyber Security Performance Metrics tracked (if applicable). 03.06(b)
| | Inspection Type Designation Description or Title Revision or |
| Provide documentation describing any cyber security changes to the 17 Overall access authorization program since the last cyber security inspection.
| | Procedure Date |
| | | 71130.10 Corrective Action CR 10391208 07/27/2017 |
| Provide a list of all cyber security procedures and policies with their 18 Overall descriptive name and associated number.
| | Documents CR 10749534 10/28/2020 |
| | | CR 10754591 11/17/2020 |
| 19 Performance testing report (if applicable). 03.06(a)
| | CR 10760564 12/14/2020 |
| 20 Electronic Copy of UFSAR and Technical Specifications Overall Based on this information, the inspection team will identify and select specific systems and equipment (e.g., CSs/CDAs) from the information requested by Table RFI #1 and submit a list of specific systems and equipment to your staff by May 13, 2022, for the second RFI (i.e., RFI #2).
| | CR 10774702 02/15/2021 |
| | | CR 10824319 09/01/2021 |
| II. Additional Information Requested to be Available Prior to Inspection.
| | CR 10863223 03/02/2022 |
| | | CR 10863229 03/02/2022 |
| As stated in Section I above, the inspection team will examine the returned documentation requested from Table RFI #1 and submit the list of specific systems and equipment to your staff by May 13, 2022 for the second RFI (i.e., RFI #2). The second RFI will request additional information required to evaluate the CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the cyber-security inspection. The additional information requested for the specific systems and equipment is identified in Table RFI #2. All requested information shall follow the guidance document referenced above.
| | CR 10863234 03/02/2022 |
| | | CR 10870501 03/31/2022 |
| The Table RFI 2 information shall be provided to the lead inspector by June 17, 2022.
| | CR 10889502 06/21/2022 |
| | | Corrective Action CR 10890966 06/28/2022 |
| The preferred file format for all lists is a searchable Excel spreadsheet. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
| | Documents CR 10891046 06/28/2022 |
| | | Resulting from CR 10892492 07/01/2022 |
| VOGTLE ELECTRIC GENERATING PLANT CYBER-SECURITY INSPECTION DOCUMENT REQUEST Table RFI #2 Paragraph Number/Title: Items For the system(s) chosen for inspection provide:
| | Inspection CR 10892494 07/01/2022 |
| Ongoing Monitoring and Assessment activity performed on the 1 03.01(a)
| | CR 10892495 07/01/2022 |
| selected system(s).
| | Drawings Plant Alvin W. Vogtle Cyber Security Network Pathways Ver. 2.1 |
| | | AX3AQ11-20060 Ver. 1.0 |
| 2 All Security Control Assessments for the selected system(s).* 03.01(a)
| | AX5AB05-20024 IPC System Functional Block Diagram Ver. 1.0 |
| All vulnerability screenings/assessments associated with or scans 3 performed on the selected system(s) since the last cyber security 03.01(c)
| | Engineering DCP SNC656039 Unit 1 IPC Cyber Security Upgrades Ver. 8.0 |
| inspection.*
| | Changes DCP SNC656041 Ver. 8.0 |
| Documentation (including configuration files and rules sets) for Network-based Intrusion Detection/Protection Systems (NIDS/NIPS),
| | Miscellaneous LVL 3 Checkpoint SYSLOG Logs 06/28/2022 |
| 4 Host-based Intrusion Detection Systems (HIDS), and Security 03.02(b)
| | LVL 3 Checkpoint IPS Logs 06/28/2022 |
| Information and Event Management (SIEM) systems for system(s)
| | Southern Nuclear Operating Company Cyber Security Plan Ver. 3.0 |
| chosen for inspection).
| | Vogtle CDA List 03/15/2022 |
| | | AX3AQ11-20306 Ver. 1.0 |
| Documentation (including configuration files and rule sets) for intra-5 security level firewalls and boundary devices used to protect the 03.02(c)
| | AX5AB05-20566 Ver. 1.0 |
| selected system(s).
| | AX5AB05-20580 Ver. 1.0 |
| | | AX5AB05-20583 Ver. 1.0 |
| Copies of all periodic reviews of the access authorization list for the 6 03.02(d)
| | CDA-VNP-11306- Ver. 3.0 |
| selected systems since the last cyber inspection.
| | 008 |
| | | Inspection Type Designation Description or Title Revision or |
| 7 Baseline configuration data sheets for the selected CDAs. * 03.03(a)
| | Procedure Date |
| Documentation on any changes, including Security Impact Analyses, 8 03.03(b)
| | CDA-VNP-11623- Ver. 4.0 |
| performed on the selected system(s) since the last inspection.
| | 001 |
| | | CDA-VNP-11623- Ver. 1.0 |
| Copies of the purchase order documentation for any new equipment 9 03.03(c)
| | 2 |
| purchased for the selected systems since the last inspection.
| | CDA-VNP-2021- 03/06/2022 |
| | | Q04-VUL |
| Copies of any reports/assessment for cyber security drills performed 03.02(a)
| | CDA-VNP-A1627- Ver. 5.0 |
| | | 010 |
| since the last inspection. 03.04(b)
| | CDA-VNP-A2502- Ver. 7.0 |
| Copy of the individual recovery plan(s) for the selected system(s) 03.02(a)
| | 008 |
| 11 including documentation of the results the last time the backups were executed. 03.04(b)
| | CDA-VNP-A2502- Ver. 3.0 |
| List of Corrective actions taken as a result of cyber security 12 incidents/issues to include previous NRC violations and Licensee 03.05 Identified Violations since the last cyber security inspection.
| | 011 |
| | | CDA-VNP-A2502- Ver. 2.0 |
| *Some selected systems may have a large number of CDAs. For these systems reach out to the team leader for a specific selection of CDAs when responding to this request.
| | 013 |
| | | CDA-XNP-EISAC- 06/03/2021 |
| VOGTLE ELECTRIC GENERATING PLANT CYBER-SECURITY INSPECTION DOCUMENT REQUEST III. Information Requested to be Available on First Day of Inspection For the specific systems and equipment identified in Section II above, provide the following RFI (i.e., Table Week Onsite) to the team by June 27, 2022, the first day of the inspection. All requested information shall follow the guidance document referenced above.
| | CB132522-VUL |
| | | NMP-GM-014-004- 07/27/2017 |
| The preferred file format for all lists is a searchable Excel spreadsheet file. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
| | F02 |
| | | PMMD-VNP-KIOSK Ver. 2.0 |
| Table Week Onsite Paragraph Number/Title: Items Any cyber security event reports submitted in accordance with 10 1 03.04(a)
| | SNC1115015 Ver 1.0 |
| CFR 73.77 since the last cyber security inspection.
| | SNC1115015J001 Ver. 5.0 |
| | | SW-VNP- Ver. 3.0 |
| Updated copies of corrective actions taken as a result of cyber security incidents/issues, to include previous NRC violations and 2 03.05 Licensee Identified Violations since the last cyber security inspection, as well as vulnerability-related corrective actions.
| | 2502C5BIDMCFW- |
| | | FW |
| The most recent Cyber-Security Quality Assurance audit and/or 3 self-assessment and a list of Corrective Actions generated as a result IV. Information Requested to Be Provided Throughout the Inspection (1) Copies of any corrective action documents generated as a result of the inspection teams questions or queries during the inspection.
| | SW-VNP- Ver. 2.0 |
| | | 2502C5BIDMCFW- |
| (2) Copies of the list of questions submitted by the inspection team members and the status/resolution of the information requested (provided daily during the inspection to each inspection team member).
| | FW |
| | | SW-VNP- Ver. 3.0 |
| If you have any questions regarding the information requested, please contact the inspection team leader.
| | A2502C5BIDPCFW- |
| | | FW |
| 5
| | SW-VNP- Ver. 1.0 |
| | A2502C5DMZF-FW |
| | Procedures 00008-C Plant Lock and Key Control Ver. 19.1 |
| | 17020-01 Annunciator Response Procedures for ALB 20 on Panel Ver. 58.2 |
| | Inspection Type Designation Description or Title Revision or |
| | Procedure Date |
| | 1B2 on MCB |
| | NMP-AD-005 Insider Mitigation Program (IMP) / Access Authorization Ver. 9.2 |
| | NMP-EP-305 Equipment Important to Emergency Response (EITER) Ver. 5.0 |
| | NMP-EP-305-GL03 VEGP Equipment Important to the EP Function Ver. 6.4 |
| | NMP-ES-049 Maximo Equipment Management Data Control Ver. 4.9 |
| | NMP-ES-095 Interface Procedure for IP-ENG-001, "Standard Design Ver. 10.1 |
| | Process" |
| | NMP-GM-006 Work Management Ver. 20.2 |
| | NMP-GM-007-002 Plant Control Software Ver. 7.0 |
| | NMP-GM-014 Cyber Security for Digital Plant Systems Ver. 17.2 |
| | NMP-GM-014-004 Cyber Security Incident Response for Critical Digital Ver. 9.2 |
| | Assets Instruction |
| | NMP-GM-014-007 10 CFR 73.54 Critical Digital Asset (CDA) Identification Ver. 14.2 |
| | Instructions |
| | NMP-GM-014-009 Cyber Security Procurement Requirements Ver. 8.0 |
| | NMP-GM-014-010 CDA Access Control Ver. 8.4 |
| | NMP-GM-014-015 CDA Audit and Accountability Ver. 7.3 |
| | NMP-GM-014-018 CDA Vulnerability Management Ver. 10.4 |
| | NMP-GM-014-020 Control of Portable Media and Mobile Devices Ver. 10.3 |
| | NMP-GM-014-022 Cyber Security Contingency Plan Ver. 5.2 |
| | Self-Assessments TE 1099361 Pre-NRC Inspection CISA - Cyber Security 03/10/2022 |
| | Work Orders SNC1060161 Cyber - BID Local Password Change 04/29/2022 |
| | SNC1068390 Security Computer SIEM Log Data Evaluation 06/27/2022 |
| | SNC1191121 Cyber 2502, A2502C5BIDRSD, ARC Sight Logger Review 06/15/2022 |
| | SNC1213661 DTC SIEM Log Data Evaluation 06/21/2022 |
| | SNC932913 BID Local Password Change 05/01/2019 |
| | SNC945307 BID Local Password Change 11/13/2020 |
| | 7 |
| }} | | }} |
|
|---|
Category:Inspection Report
MONTHYEARIR 05000424/20240032024-10-30030 October 2024
– Integrated Inspection Report 05000424/2024003 and 05000425/2024003
IR 05000424/20240052024-08-26026 August 2024
Updated Inspection Plan for Vogtle Electric Generating Plant, Units 1 and 2 - Report 05000424/2024005 and 05000425/2024005
IR 05000424/20244012024-08-15015 August 2024
4 - Security Baseline Inspection Report 05000424-2024401, 05000425-2024401, 05200025-2024402, and 05200026-2024403 - Cover Letter
ML24212A1442024-08-0101 August 2024
Integrated Inspection Report 05200025/2024002 and 05200026/2024002
IR 05000424/20240022024-07-29029 July 2024
Integrated Inspection Report 05000424/2024002 and 05000425/2024002
IR 05000424/20244042024-07-26026 July 2024
Material Control and Accounting Program Inspection Report 05000424/2024404 and 05000425/2024404 (Cover Letter)
ML24194A0342024-07-12012 July 2024
Review of the Refueling Outage 1R24 Steam Generator Tube Inspection Report
ML24191A3792024-07-10010 July 2024
– Initial Test Program and Operational Programs Inspection Report 05200026/2024011
ML24130A2412024-05-13013 May 2024
Integrated Inspection Report 05200025/2024001 and 05200026/2024001
ML24127A2372024-05-0909 May 2024
Initial Test Program and Operational Programs Inspection Report 05200026/2024010
IR 05000424/20240012024-04-23023 April 2024
–Integrated Inspection Report 05000424/2024001 and 05000425/2024001
IR 05000424/20230062024-02-28028 February 2024
Annual Assessment Letter for Vogtle Electric Generating Plant Units 1 and 2 - NRC Inspection Report 05000424-2023006 and 05000425-2023006
IR 05000424/20240102024-02-14014 February 2024
– Fire Protection Team Inspection Report 0500424/2024010 and 05000425/2024010
IR 05000202/20300042024-02-13013 February 2024
Integrated Inspection Report 052000250/2023004 and 05200026/2023004
IR 05000424/20230042024-02-0505 February 2024
Integrated Inspection Report 05000424-2023004 and 05000425-2023004
ML24032A0252024-02-0505 February 2024
NRC Initial Test Program and Operational Programs Integrated Inspection Report 05200026-2023009
ML24031A6102024-01-31031 January 2024
Cyber Security Inspection Report 05200026/2024401 - Public
IR 05000424/20244032024-01-26026 January 2024
Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000424/2024403; 05000425/2024403
ML23318A4582023-11-14014 November 2023
Integrated Inspection Report 05200025/2023003
ML23312A3502023-11-14014 November 2023
– Integrated Inspection Report 05200026/2023003
IR 05000424/20234022023-11-0606 November 2023
– Security Baseline Inspection Report 05000424/2023402 and 05000425/2023402
IR 05000424/20230032023-10-27027 October 2023
Integrated Inspection Report 05000424/2023003 and 05000425/2023003
ML23254A2032023-09-13013 September 2023
– Initial Test Program and Operational Programs Inspection Report 05200025/2023013
IR 05000424/20230912023-09-0505 September 2023
Plan Units 1 and 2 - NRC Investigation Report 2-2022-006 and Notice of Violation - NRC Inspection Report 05000424/2023091 and 05000425/2023091
ML23234A3002023-09-0101 September 2023
NRC Integrated Inspection Report 05200026/2023003
IR 05000424/20230052023-08-29029 August 2023
Updated Inspection Plan for Vogtle Electric Generating Plant, Units 1 & 2 - Report 05000424/2023005 and 05000425/2023005
ML23223A0022023-08-14014 August 2023
Integrated Inspection Report 05200025/2023002
IR 05000424/20230112023-08-11011 August 2023
Biennial Problem Identification and Resolution Inspection Report 05000424/2023011 and 05000425/2023011
ML23215A0822023-08-0404 August 2023
(Vego), Unit 3 – Initial Test Program and Operational Programs Integrated 05200025/2023011 Inspection Report
ML23212B0612023-07-31031 July 2023
Security Baseline Inspection Report 05200025/2023401
IR 05000424/20234012023-07-31031 July 2023
Security Baseline Inspection Report 05000424/2023401 and 05000425/2023401 (Cover Letter)
ML23216A0962023-07-26026 July 2023
Document Request for Vogtle 1 & 2 RP Inspection, Report No. 05000424/2023003 and 05000425/2023003
IR 05000424/20230022023-07-24024 July 2023
Integrated Inspection Report 05000424/2023002 and 05000425/2023002
ML23198A3802023-07-19019 July 2023
NRC Integrated Inspection Report 05200026/2023002
ML23199A0892023-07-18018 July 2023
Initial Test Program and Operational Programs Integrated Inspection Report 05200026/2023007
IR 05000424/20233012023-06-30030 June 2023
– NRC Operator License Examination Report 05000424/2023301 and 05000425/2023301
ML23128A2932023-05-11011 May 2023
NRC Integrated Inspection Report 05200026/2023001
ML23129A0222023-05-10010 May 2023
Integrated Report 05200025/2023001
ML23128A3492023-05-0909 May 2023
– Initial Test Program and Operational Programs Integrated Inspection Report 05200026/2023006
ML23121A3202023-05-0404 May 2023
NRC Initial Test Program and Operational Programs Integrated Inspection Report 05200025/2023010
IR 05000424/20040252023-04-28028 April 2023
Public Meeting Summary - Vogtle Electric Generating Plant, Units 1, 2, 3, & 4 Docket No. 5000424, 5000425, 5200025, 5200026, Meeting Number 20230375
IR 05000424/20230012023-04-26026 April 2023
Integrated Inspection Report 05000424/2023001 and 05000425/2023001
IR 05000424/20230902023-03-30030 March 2023
NRC Inspection Report 05000424/2023090 and 05000425/2023090, and Investigation Report 2-2022-006; and Apparent Violation
ML23083B3702023-03-24024 March 2023
Security Baseline Inspection Report 05200026/2023401
IR 05000424/20220062023-03-0101 March 2023
Annual Assessment Letter for Vogtle Electric Generating Plant Units 1 and 2, NRC Inspection Reports 05000424/2022006 and 05000425/2022006
ML23044A3902023-02-14014 February 2023
Integrated Inspection Report05200025 2022007
ML23040A3612023-02-0909 February 2023
NRC Initial Test Program and Operational Programs Integrated Inspection Report 05200026/2022008
ML23040A0422023-02-0909 February 2023
NRC Initial Test Program and Operational Programs Integrated Inspection Report 05200025/2022008
ML23033A3972023-02-0707 February 2023
NRC Integrated Inspection Report 05200026/2022007
IR 05000424/20220042023-01-23023 January 2023
Integrated Inspection Report 05000424/2022004 and 05000425/2022004
2024-08-26
[Table view]
Category:Letter
MONTHYEARNL-24-0385, Request for Action Matrix Deviation Due to Recent Events Impacting the Unplanned Scram with Complications Performance Indicator2024-10-31031 October 2024
Request for Action Matrix Deviation Due to Recent Events Impacting the Unplanned Scram with Complications Performance Indicator
IR 05000424/20240032024-10-30030 October 2024
– Integrated Inspection Report 05000424/2024003 and 05000425/2024003
NL-24-0386, License Amendment Request: Changes to Technical Specification 3.7.6, Main Control Room Emergency Habitability System (Ves) Air Storage Tanks Response to Request for Additional Information2024-10-28028 October 2024
License Amendment Request: Changes to Technical Specification 3.7.6, Main Control Room Emergency Habitability System (Ves) Air Storage Tanks Response to Request for Additional Information
NL-24-0392, Response to Requests for Additional Information Related to Proposed Alternative GEN-ISI-AL T-2024-0022024-10-28028 October 2024
Response to Requests for Additional Information Related to Proposed Alternative GEN-ISI-AL T-2024-002
NL-24-0366, Core Operating Limits Report, Cycle 26, Version 12024-10-25025 October 2024
Core Operating Limits Report, Cycle 26, Version 1
ML24297A6482024-10-23023 October 2024
5 to the Updated Final Safety Analysis Report, Technical Specification Bases Changes, Technical Requirements Manual Changes, Summary Report and Revised NRC Commitments Report
ML24269A2502024-09-26026 September 2024
Acknowledgement of the Withdrawal of the Requested Exemption and License Amendment Request to Remove Tier 1 and Tier 2* Requirements
NL-24-0369, Withdrawal of License Amendment Request and Exemption Request: Remove Tier 1 and Tier 2 Requirements2024-09-25025 September 2024
Withdrawal of License Amendment Request and Exemption Request: Remove Tier 1 and Tier 2 Requirements
NL-24-0350, Core Operating Limits Report, Cycle 24, Version 22024-09-25025 September 2024
Core Operating Limits Report, Cycle 24, Version 2
ML24243A0072024-09-10010 September 2024
– Correction of Amendment Nos. 223 and 206 Regarding Revision to Technical Specifications to Adopt TSTF-339-A, Relocate Technical Specification Parameters to the COLR Consistent with WCAP-14483
NL-24-0337, Interim 10 CFR 21.21(a)(2) Report Regarding Operation Technology, Inc., ETAP Software Error in Transient Stability Program2024-09-0909 September 2024
Interim 10 CFR 21.21(a)(2) Report Regarding Operation Technology, Inc., ETAP Software Error in Transient Stability Program
ML24102A2642024-09-0909 September 2024
– Exemption Request Regarding Final Safety Analysis Report Update Schedule (EPID L-2024-LLE-0013) - Letter
ML24249A2942024-09-0606 September 2024
Correction of Amendment Nos. 218 and 201 Regarding Revision to Technical Specifications to Use Online Monitoring Methodology
05200025/LER-2024-002, Manual Reactor Protection System and Automatic Safeguards Actuation Due to an Unexpected Change in Position of a Main Feedwater Pump Minimum Flow Control Valve2024-09-0505 September 2024
Manual Reactor Protection System and Automatic Safeguards Actuation Due to an Unexpected Change in Position of a Main Feedwater Pump Minimum Flow Control Valve
IR 05000424/20240052024-08-26026 August 2024
Updated Inspection Plan for Vogtle Electric Generating Plant, Units 1 and 2 - Report 05000424/2024005 and 05000425/2024005
ML24235A1952024-08-22022 August 2024
Updated Inspection Plan for Vogtle Electric Generating Plant, Units 3 and 4 - Report 05200025/2024005 and 05200026/2024005
IR 05000424/20244012024-08-15015 August 2024
4 - Security Baseline Inspection Report 05000424-2024401, 05000425-2024401, 05200025-2024402, and 05200026-2024403 - Cover Letter
NL-24-0299, Exemption Request: Final Safety Analysis Report Update Schedule, Response to Request for Additional Information2024-08-14014 August 2024
Exemption Request: Final Safety Analysis Report Update Schedule, Response to Request for Additional Information
05000425/LER-2024-001, Manual Actuation of the Reactor Protection System Due to a Rod Control Fuse Opening Causing a Misaligned Shutdown Rod2024-08-0909 August 2024
Manual Actuation of the Reactor Protection System Due to a Rod Control Fuse Opening Causing a Misaligned Shutdown Rod
ML24218A1842024-08-0707 August 2024
Examination Report and Cover Letter
05200026/LER-2024-001, Manual Reactor Protection System Actuation Due to Procedure Not Optimally Sequenced to Reset the Rapid Power Reduction Signal2024-08-0606 August 2024
Manual Reactor Protection System Actuation Due to Procedure Not Optimally Sequenced to Reset the Rapid Power Reduction Signal
ML24212A1442024-08-0101 August 2024
Integrated Inspection Report 05200025/2024002 and 05200026/2024002
IR 05000424/20240022024-07-29029 July 2024
Integrated Inspection Report 05000424/2024002 and 05000425/2024002
IR 05000424/20244042024-07-26026 July 2024
Material Control and Accounting Program Inspection Report 05000424/2024404 and 05000425/2024404 (Cover Letter)
NL-24-0282, License Amendment Request and Exemption Request: Remove Tier 1 and Tier 2* Requirements2024-07-25025 July 2024
License Amendment Request and Exemption Request: Remove Tier 1 and Tier 2* Requirements
NL-24-0126, – Units 3 and 4, License Amendment Request: Changes to Technical Specification 3.7.6, Main Control Room Emergency Habitability System (Ves) Action a and SR 3.7.6.62024-07-25025 July 2024
– Units 3 and 4, License Amendment Request: Changes to Technical Specification 3.7.6, Main Control Room Emergency Habitability System (Ves) Action a and SR 3.7.6.6
ML24204A0722024-07-23023 July 2024
Issuance of Amendment No. 225, Regarding LAR to Revise TS 3.7.9 for a one-time Change to Support Nuclear Service Cooling Water Transfer Pump Repairs - Emergency Circumstances
NL-24-0286, Emergency Request to Revise Technical Specification 3.7.9 for a One-Time Change to Support a Unit 1 Nuclear Service Cooling Water Transfer Pump Repair2024-07-20020 July 2024
Emergency Request to Revise Technical Specification 3.7.9 for a One-Time Change to Support a Unit 1 Nuclear Service Cooling Water Transfer Pump Repair
NL-24-0261, 10 CFR 50.46 ECCS Evaluation Model Annual Report for 20232024-07-19019 July 2024
10 CFR 50.46 ECCS Evaluation Model Annual Report for 2023
ML24191A4562024-07-19019 July 2024
Request for Relief and Alternative Requirements for Squib (Explosively Actuated) Valves First Test Interval
ML24194A0342024-07-12012 July 2024
Review of the Refueling Outage 1R24 Steam Generator Tube Inspection Report
ML24191A3792024-07-10010 July 2024
– Initial Test Program and Operational Programs Inspection Report 05200026/2024011
NL-24-0227, Proposed Inservice Inspection Alternative GEN-ISI-AL T-2024-03 for Pressurizer Welds in Accordance with 10 CFR 50.55a(z)(1)2024-07-0303 July 2024
Proposed Inservice Inspection Alternative GEN-ISI-AL T-2024-03 for Pressurizer Welds in Accordance with 10 CFR 50.55a(z)(1)
NL-24-0234, Application to Revise Technical Specifications to Adopt TSTF-589, Eliminate Automatic Diesel Generator Start During Shutdown2024-06-28028 June 2024
Application to Revise Technical Specifications to Adopt TSTF-589, Eliminate Automatic Diesel Generator Start During Shutdown
NL-24-0143, Proposed Alternative to Use ASME Code Case N-752, Risk-Informed Categorization and Treatment for Repair/ Replacement Activities in2024-06-27027 June 2024
Proposed Alternative to Use ASME Code Case N-752, Risk-Informed Categorization and Treatment for Repair/ Replacement Activities in
NL-24-0087, License Amendment Request: Changes to Technical Specification 3.7.6, Main Control Room Emergency Habitability System (Ves) Air Storage Tanks2024-06-21021 June 2024
License Amendment Request: Changes to Technical Specification 3.7.6, Main Control Room Emergency Habitability System (Ves) Air Storage Tanks
NL-24-0243, Registration of Spent Fuel Cask Use2024-06-18018 June 2024
Registration of Spent Fuel Cask Use
NL-24-0201, Proposed Inservice Inspection Alternative GEN-ISI-ALT-2024-002 for Steam Generator Welds in Accordance with 10 CFR 50.55a(z)(1)2024-06-18018 June 2024
Proposed Inservice Inspection Alternative GEN-ISI-ALT-2024-002 for Steam Generator Welds in Accordance with 10 CFR 50.55a(z)(1)
ML24163A0632024-06-12012 June 2024
2024 Licensed Operator Re-qualification Inspection Notification Letter Vogtle, Units 3 & 4
ML24155A1772024-06-0505 June 2024
Regulatory Audit in Support of Review of the LAR to Revise Emergency Diesel Generator Frequency and Voltage Ranges for Technical Specification 3.8.1, Surveillance Requirements
NL-24-0202, SNC Response to Regulatory Issue Summary 2024-01: Preparation and Scheduling of Operator Licensing Examinations2024-05-24024 May 2024
SNC Response to Regulatory Issue Summary 2024-01: Preparation and Scheduling of Operator Licensing Examinations
ML24141A0482024-05-17017 May 2024
EN 56958_1 Ametek Solidstate Controls, Inc
ML24094A1402024-05-16016 May 2024
Staff Response to Request for Revision to NRC Staff Assessment of Updated Seismic Hazard Information and Latest Understanding of Seismic Hazards at the Vogtle Plant Site Following the NRC Process for the Ongoing Assessment of Natural Hazard
ML24120A1812024-05-13013 May 2024
Request for Withholding Information from Public Disclosure Responses to NRC Request for Additional Information for Refueling Outage IR24 Steam Generator Tube Inspection Report – Enclosure 2
ML24130A2412024-05-13013 May 2024
Integrated Inspection Report 05200025/2024001 and 05200026/2024001
ML24101A2112024-05-11011 May 2024
Expedited Issuance of Amendment No. 198 Change to Technical Specification 5.5.13, Ventilation Filter Testing Program (VFTP)
NL-24-0191, Annual Radiological Environmental Operating Reports for 20232024-05-10010 May 2024
Annual Radiological Environmental Operating Reports for 2023
ML24127A2372024-05-0909 May 2024
Initial Test Program and Operational Programs Inspection Report 05200026/2024010
NL-24-0194, Revised Request for Relief and Alternative Requirements for Squib Valves First Test Interval (V34-IST-ALT-03-R1)2024-05-0707 May 2024
Revised Request for Relief and Alternative Requirements for Squib Valves First Test Interval (V34-IST-ALT-03-R1)
ML24120A2832024-04-30030 April 2024
Project Manager Reassignment
2024-09-09
[Table view] |
Text
August 4, 2022
SUBJECT:
VOGTLE ELECTRIC GENERATING PLANT - CYBER SECURITY INSPECTION REPORT 05000424/2022401 AND 05000425/2022401
Dear Ms. Gayheart:
On June 30, 2022, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Vogtle Electric Generating Plant and discussed the results of this inspection with Mr. Rob Norris and other members of your staff. The results of this inspection are documented in the enclosed report.
No findings or violations of more than minor significance were identified during this inspection.
This letter, its enclosure, and your response (if any) will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.
Sincerely, Signed by McCoy, Gerald on 08/04/22 Gerald J. McCoy, Chief Engineering Br 2 Division of Reactor Safety Docket Nos. 05000424 and 05000425 License Nos. NPF-68 and NPF-81
Enclosure:
As stated
Inspection Report
Docket Numbers: 05000424 and 05000425 License Numbers: NPF-68 and NPF-81 Report Numbers: 05000424/2022401 and 05000425/2022401 Enterprise Identifier: I-2022-401-0061 Licensee: Southern Nuclear Operating Co.
Facility: Vogtle Electric Generating Plant Location: Waynesboro, GA Inspection Dates: June 27, 2022 to July 01, 2022 Inspectors: P. Braaten, Senior Reactor Inspector A. Konkal, Contractor A. Prada, Contractor M. Singletary, Reactor Inspector Approved By: Gerald J. McCoy, Chief Engineering Br 2 Division of Reactor Safety Enclosure
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a cyber security inspection at Vogtle Electric Generating Plant, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information.
List of Findings and Violations
No findings or violations of more than minor significance were identified.
Additional Tracking Items
None.
INSPECTION SCOPES
Inspections were conducted using the appropriate portions of the inspection procedures (IPs) in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html. Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS
The inspectors reviewed implementation of Vogtles Cyber Security Plan (CSP) and focused on
===evaluating changes to the program, critical systems, and CDAs.
Cybersecurity===
Main article: IP 71130.10
- (1) The following IP sections were completed and constitute completion of 1 sample:
03.01, Review Ongoing Monitoring and Assessment Activities 03.02, Verify Defense-in-Depth Protective Strategies 03.03, Review of Configuration Management Change Control 03.05, Evaluation of Corrective Actions In addition to the systems and programs that have been added or modified since the last cyber security inspection, the following systems were selected for inspection.
Unit 1 Plant Security Computer Main Feedwater Control Emergency Diesel Generators Integrated Plant Computer Unit 2 Plant Security Computer Integrated Plant Computer
INSPECTION RESULTS
No findings were identified.
EXIT MEETINGS AND DEBRIEFS
The inspectors verified no proprietary information was retained or documented in this report.
On June 30, 2022, the inspectors presented the cyber security inspection results to Mr.
Rob Norris and other members of the licensee staff.
DOCUMENTS REVIEWED
Inspection Type Designation Description or Title Revision or
Procedure Date
71130.10 Corrective Action CR 10391208 07/27/2017
Documents CR 10749534 10/28/2020
CR 10754591 11/17/2020
CR 10760564 12/14/2020
CR 10774702 02/15/2021
CR 10824319 09/01/2021
CR 10863223 03/02/2022
CR 10863229 03/02/2022
CR 10863234 03/02/2022
CR 10870501 03/31/2022
CR 10889502 06/21/2022
Corrective Action CR 10890966 06/28/2022
Documents CR 10891046 06/28/2022
Resulting from CR 10892492 07/01/2022
Inspection CR 10892494 07/01/2022
CR 10892495 07/01/2022
Drawings Plant Alvin W. Vogtle Cyber Security Network Pathways Ver. 2.1
AX3AQ11-20060 Ver. 1.0
AX5AB05-20024 IPC System Functional Block Diagram Ver. 1.0
Engineering DCP SNC656039 Unit 1 IPC Cyber Security Upgrades Ver. 8.0
Changes DCP SNC656041 Ver. 8.0
Miscellaneous LVL 3 Checkpoint SYSLOG Logs 06/28/2022
LVL 3 Checkpoint IPS Logs 06/28/2022
Southern Nuclear Operating Company Cyber Security Plan Ver. 3.0
Vogtle CDA List 03/15/2022
AX3AQ11-20306 Ver. 1.0
AX5AB05-20566 Ver. 1.0
AX5AB05-20580 Ver. 1.0
AX5AB05-20583 Ver. 1.0
CDA-VNP-11306- Ver. 3.0
008
Inspection Type Designation Description or Title Revision or
Procedure Date
CDA-VNP-11623- Ver. 4.0
001
CDA-VNP-11623- Ver. 1.0
2
CDA-VNP-2021- 03/06/2022
Q04-VUL
CDA-VNP-A1627- Ver. 5.0
010
CDA-VNP-A2502- Ver. 7.0
008
CDA-VNP-A2502- Ver. 3.0
011
CDA-VNP-A2502- Ver. 2.0
013
CDA-XNP-EISAC- 06/03/2021
CB132522-VUL
NMP-GM-014-004- 07/27/2017
F02
PMMD-VNP-KIOSK Ver. 2.0
SNC1115015 Ver 1.0
SNC1115015J001 Ver. 5.0
SW-VNP- Ver. 3.0
2502C5BIDMCFW-
FW
SW-VNP- Ver. 2.0
2502C5BIDMCFW-
FW
SW-VNP- Ver. 3.0
A2502C5BIDPCFW-
FW
SW-VNP- Ver. 1.0
A2502C5DMZF-FW
Procedures 00008-C Plant Lock and Key Control Ver. 19.1
17020-01 Annunciator Response Procedures for ALB 20 on Panel Ver. 58.2
Inspection Type Designation Description or Title Revision or
Procedure Date
1B2 on MCB
NMP-AD-005 Insider Mitigation Program (IMP) / Access Authorization Ver. 9.2
NMP-EP-305 Equipment Important to Emergency Response (EITER) Ver. 5.0
NMP-EP-305-GL03 VEGP Equipment Important to the EP Function Ver. 6.4
NMP-ES-049 Maximo Equipment Management Data Control Ver. 4.9
NMP-ES-095 Interface Procedure for IP-ENG-001, "Standard Design Ver. 10.1
Process"
NMP-GM-006 Work Management Ver. 20.2
NMP-GM-007-002 Plant Control Software Ver. 7.0
NMP-GM-014 Cyber Security for Digital Plant Systems Ver. 17.2
NMP-GM-014-004 Cyber Security Incident Response for Critical Digital Ver. 9.2
Assets Instruction
NMP-GM-014-007 10 CFR 73.54 Critical Digital Asset (CDA) Identification Ver. 14.2
Instructions
NMP-GM-014-009 Cyber Security Procurement Requirements Ver. 8.0
NMP-GM-014-010 CDA Access Control Ver. 8.4
NMP-GM-014-015 CDA Audit and Accountability Ver. 7.3
NMP-GM-014-018 CDA Vulnerability Management Ver. 10.4
NMP-GM-014-020 Control of Portable Media and Mobile Devices Ver. 10.3
NMP-GM-014-022 Cyber Security Contingency Plan Ver. 5.2
Self-Assessments TE 1099361 Pre-NRC Inspection CISA - Cyber Security 03/10/2022
Work Orders SNC1060161 Cyber - BID Local Password Change 04/29/2022
SNC1068390 Security Computer SIEM Log Data Evaluation 06/27/2022
SNC1191121 Cyber 2502, A2502C5BIDRSD, ARC Sight Logger Review 06/15/2022
SNC1213661 DTC SIEM Log Data Evaluation 06/21/2022
SNC932913 BID Local Password Change 05/01/2019
SNC945307 BID Local Password Change 11/13/2020
7
