|
|
(One intermediate revision by the same user not shown) |
Line 1: |
Line 1: |
| {{Adams | | {{Adams |
| | number = ML23152A004 | | | number = ML23340A146 |
| | issue date = 06/01/2023 | | | issue date = 12/08/2023 |
| | title = Information Request for the Cyber Security Baseline Inspection, Notification to Perform Inspection 05000333/2023401 | | | title = Cybersecurity Inspection Report 05000333/2023401 (Cover Letter Only) |
| | author name = Dentel G | | | author name = Dentel G |
| | author affiliation = NRC/RGN-I/DORS | | | author affiliation = NRC/RGN-I/DORS |
Line 11: |
Line 11: |
| | contact person = | | | contact person = |
| | document report number = IR 2023401 | | | document report number = IR 2023401 |
| | document type = Inspection Plan, Letter | | | document type = Inspection Report, Letter |
| | page count = 1 | | | page count = 1 |
| }} | | }} |
Line 18: |
Line 18: |
|
| |
|
| =Text= | | =Text= |
| {{#Wiki_filter:June 1, 2023 | | {{#Wiki_filter:December 8, 2023 |
|
| |
|
| ==SUBJECT:== | | ==SUBJECT:== |
| JAMES A. FITZPATRICK NUCLEAR POWER PLANT- INFORMATION REQUEST FOR THE CYBER SECURITY BASELINE INSPECTION, NOTIFICATION TO PERFORM INSPECTION 05000333/2023401 | | JAMES A. FITZPATRICK NUCLEAR POWER PLANT - CYBERSECURITY INSPECTION REPORT 05000333/2023401 |
|
| |
|
| ==Dear David Rhoades:== | | ==Dear David Rhoades:== |
| On October 23, 2023, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline inspection in accordance with Inspection Procedure (IP) 71130.10, Cyber Security, dated December 14, 2021, at FitzPatrick. The inspection will be performed to evaluate and verify your ability to meet the requirements of the NRCs Cyber Security Rule, Title 10 of the Code of Federal Regulations (10 CFR) Part 73, Section 54, Protection of Digital Computer and Communication Systems and Networks. The onsite portion of the inspection will take place October 23 through 27, 2023. | | On October 27, 2023, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at James A. FitzPatrick Nuclear Power Plant and discussed the results of this inspection with Garrick D. Olson, Plant Manager, and other members of your staff. The results of this inspection are documented in the enclosed report. |
|
| |
|
| Experience has shown that baseline inspections are extremely resource intensive, both for the NRC inspectors and the licensee staff. In order to minimize the inspection impact on the site and to ensure a productive inspection for both parties, we have enclosed a request for documents needed for the inspection. These documents have been divided into four groups.
| | One finding of very low security significance (Green) is documented in this report. This finding involved a violation of NRC requirements. We are treating this violation as a non-cited violation (NCV) consistent with Section 2.3.2 of the Enforcement Policy. |
|
| |
|
| The first group specifies information necessary to assist the inspection team in choosing the focus areas (i.e., sample set) to be inspected by IP 71130.10. This information should be made available either on an online repository (preferred) or digital media (CD/DVD) no later than July 14, 2023. The inspection team will review this information and, by August 18, 2023, will request the specific items that should be provided for review.
| | If you contest the violation or the significance or severity of the violation documented in this inspection report, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN: |
| | Document Control Desk, Washington, DC 20555-0001; with copies to the Regional Administrator, Region I; the Director, Office of Enforcement; the Director, Office of Nuclear Security and Incident Response; and the NRC Resident Inspector at James A. FitzPatrick Nuclear Power Plant. |
|
| |
|
| The second group of additional requested documents will assist the inspection team in the evaluation of the critical systems and critical digital assets (CSs/CDAs), defensive architecture, and the areas of the licensees Cyber Security Program selected for the cyber security inspection. This information will be requested for review in the regional office prior to the inspection by September 15, 2023, as identified above. The third group of requested documents consists of those items that the inspection team will review, or need access to, during the inspection. Please have this information available by the first day of the onsite inspection, October 23, 2023.
| | This letter will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations (10 CFR) 2.390, Public Inspections, Exemptions, Requests for Withholding. The enclosed report contains Security-Related Information, so the enclosed report will not be made publicly available in accordance with 10 CFR 2.390(d)(1). If you choose to provide a response that contains Security-Related Information, please mark your entire response Security-Related Information-Withhold from public disclosure under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). The NRC is waiving the affidavit requirements for your response in accordance with 10 CFR 2.390(b)(1)(ii). |
|
| |
|
| The fourth group of information is necessary to aid the inspection team in tracking issues identified as a result of the inspection. It is requested that this information be provided to the lead inspector as the information is generated during the inspection. It is important that all of these documents are up to date and complete in order to minimize the number of additional documents requested during the preparation and/or the onsite portions of the inspection.
| | Sincerely, Digitally signed by Glenn Glenn T. T. Dentel Date: 2023.12.08 Dentel 09:07:07 -05'00' |
| | |
| The lead inspector for this inspection is Louis Dumont. We understand that our regulatory contact for this inspection is Steven Juravich of your organization. If there are any questions about the inspection or the material requested, please contact the lead inspector at (610) 337-5183 or via email at louis.dumont@nrc.gov.
| |
| | |
| This letter does not contain new or amended information collection requirements subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection requirements were approved by the Office of Management and Budget, control number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget control number.
| |
| | |
| In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding, of the NRC's "Rules of Practice," a copy of this letter and its enclosure will be available electronically for public inspection in the NRCs Public Document Room or from the Publicly Available Records (PARS) component of the NRC's Agencywide Documents Access and Management System (ADAMS). ADAMS is accessible from the NRC website at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
| |
| | |
| Sincerely, Digitally signed by Glenn Glenn T. T. Dentel Date: 2023.06.01 Dentel 15:33:04 -04'00' | |
| Glenn T. Dentel, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket No. 05000333 License No. DPR-59 Enclosure: | | Glenn T. Dentel, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket No. 05000333 License No. DPR-59 Enclosure: |
| Cyber Security Inspection Document Request cc: Distribution via ListServ
| | As stated cc w/o encl: Distribution via LISTSERV cc w/ encl: |
| | | M. Bellomo, Manager Site Security F. Bundy, Manager Security Operations A. Peterson, State Liaison Officer Designee, NY State Energy, Research and Development Authority B. Wright, NYS Division of Homeland Security and Emergency Services ML23340A143 (Cover letter w/ enclosure(s)) |
| ML23152A004 Non-Sensitive Publicly Available SUNSI Review Sensitive Non-Publicly Available OFFICE RI/DORS RI/DORS NAME LDumont GDentel DATE 5/31/2023 5/31/2023
| | ADAMS ACCESSION NUMBER: ML23340A146 (Cover letter) |
| | | Entire Report: Non-Sensitive Publicly Available x SUNSI Review x Sensitive x Non-Publicly Available Cover Letter Only: x Non-Sensitive x Publicly Available x SUNSI Review Sensitive Non-Publicly Available OFFICE RI/DORS RI/DORS RI/DORS RI/DORS NAME ECarfang DWerkheiser LDumont GDentel DATE 12/4/2023 12/4/2023 12/5/2023 12/4/2023 |
| JAMES A. FITZPATRICK NUCLEAR POWER PLANT CYBER SECURITY INSPECTION DOCUMENT REQUEST Inspection Report: 05000333/2023401 Inspection Dates: October 23 - 27, 2023 Inspection Procedure: IP 71130.10, Cyber Security, dated December 14, 2021 (ADAMS Accession Number: ML21271A106)
| |
| Reference: Guidance Document for Development of the Request for Information (RFI) and Notification Letter for IP 71130.10, Cyber Security (ML21330A088)
| |
| NRC Inspectors: Louis Dumont, Lead Tanvir Siddiky (610) 337-5183 Tanvir.siddiky@nrc.gov Louis.Dumont@nrc.gov Timothy Hennessey (610) 337-5135 Timothy.hennessey@nrc.gov NRC Contractors: Balla Barro Balla.barro@nrc.gov I. Information Requested for In-Office Preparation The initial request for information (i.e., first RFI) concentrates on providing the inspection team with the general information necessary to select appropriate components and Cyber Security Program (CSP) elements to develop a site-specific inspection plan.
| |
| | |
| The first RFI is used to identify the list of critical systems and critical digital assets (CSs/CDAs) plus operational and management security control portions of the CSP to be chosen as the sample set required to be inspected by the cyber security inspection procedure. The first RFIs requested information is specified below in Table RFI #1. The Table RFI #1 information is requested to be provided to the regional office by July 14, 2023, or sooner, to facilitate the selection of the specific items that will be reviewed during the onsite inspection weeks.
| |
| | |
| The inspection team will examine the returned documentation from the first RFI and identify/select specific systems and equipment (e.g., CSs/CDAs) to provide a more focused follow-up request to develop the second RFI. The inspection team will submit the specific systems and equipment list to your staff by August 18, 2023, which will identify the specific systems and equipment that will be utilized to evaluate the CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the cyber security inspection. We request that the additional information provided from the second RFI be made available to the regional office prior to the inspection by September 15, 2023.
| |
| | |
| Enclosure
| |
| | |
| JAMES A. FITZPATRICK NUCLEAR POWER PLANT CYBER SECURITY INSPECTION DOCUMENT REQUEST The required Table RFI #1 information shall be provided on an online repository (preferred) or digital media (CD/DVD) to the lead inspector by July 14, 2023. The preferred file format for all lists is a searchable Excel spreadsheet file. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
| |
| | |
| Table RFI #1 Section 3, Paragraph Number/Title: IP Ref A list of all Identified Critical Systems and Critical Digital Assets -
| |
| highlight/note any additions, deletions or reclassifications due to new 1 Overall guidance from white papers, changes to NEI 10-04, 13-10, etc. since the last cyber security inspection.
| |
| | |
| 2 A list of EP and Security onsite and offsite digital communication systems Overall Network Topology Diagrams to include information and data flow for 3 Overall critical systems in levels 2, 3 and 4 (If available)
| |
| 4 Ongoing Monitoring and Assessment program documentation 03.01(a)
| |
| 5 The most recent effectiveness analysis of the Cyber Security Program 03.01(b)
| |
| 6 Vulnerability screening/assessment and scan program documentation 03.01(c)
| |
| Cyber Security Incident response documentation, including incident detection, response, and recovery documentation as well as contingency 03.02(a)
| |
| 7 plan development and implementation, including any program and documentation that requires testing of security boundary device 03.04(b)
| |
| functionality 8 Device Access and Key Control documentation 03.02(c)
| |
| 9 Password/Authenticator documentation 03.02(c)
| |
| 10 User Account/Credential documentation 03.02(d)
| |
| Portable Media and Mobile Device control documentation, including kiosk 11 03.02(e)
| |
| security control assessment/documentation Design change/modification program documentation and a list of all design changes that affected CDAs that have actually been installed and completed 12 03.03(a)
| |
| since the last cyber security inspection, including either a summary of the design change or the 50.59 documentation of the change.
| |
| | |
| 03.03(a),
| |
| Supply Chain Management documentation including any security impact 13 (b) and analysis for new acquisitions (c)
| |
| Configuration Management documentation including any security impact 03.03(a)
| |
| | |
| analysis performed due to configuration changes since the last inspection and (b)
| |
| Cyber Security Plan and any 50.54(p) analysis to support changes to the 15 03.04(a)
| |
| plan since the last inspection 16 Cyber Security Metrics tracked (if applicable) 03.06 (b)
| |
| Provide documentation describing any cyber security changes to the access 17 Overall authorization program since the last cyber security inspection.
| |
| | |
| Provide a list of all procedures and policies provided to the NRC with their 18 Overall descriptive name and associated number (if available)
| |
| 19 Performance testing report (if applicable) 03.06 (a)
| |
| | |
| JAMES A. FITZPATRICK NUCLEAR POWER PLANT CYBER SECURITY INSPECTION DOCUMENT REQUEST In addition to the above information please provide the following:
| |
| (1) Electronic copy of the Updated Final Safety Analysis Report (UFSAR) and technical specifications. | |
| | |
| (2) Name(s) and phone numbers for the regulatory and technical contacts.
| |
| | |
| (3) Current management and engineering organizational charts.
| |
| | |
| Based on this information, the inspection team will identify and select specific systems and equipment (e.g., CSs/CDAs) from the information requested by Table RFI #1 and submit a list of specific systems and equipment to your staff by August 18, 2023, for the second RFI (i.e., RFI #2).
| |
| | |
| II. Additional Information Requested to be Available Prior to Inspection.
| |
| | |
| As stated in Section I above, the inspection team will examine the returned documentation requested from Table RFI #1 and submit the list of specific systems and equipment to your staff by August 18, 2023, for the second RFI (i.e., RFI #2). The second RFI will request additional information required to evaluate the CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the cyber security inspection. The additional information requested for the specific systems and equipment is identified in Table RFI #2.
| |
| | |
| The Table RFI #2 information shall be provided to the lead inspector by September 15, 2023. The preferred file format for all lists is a searchable Excel spreadsheet. The information should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
| |
| | |
| Table RFI #2 Section 3, Paragraph Number/Title: Items For the system(s) chosen for inspection provide:
| |
| 1 Ongoing Monitoring and Assessment activity performed on the system(s) 03.01(a)
| |
| 2 All Security Control Assessments for the selected system(s) 03.01(a)
| |
| All vulnerability screenings/assessments associated with or scans 3 performed on the selected system(s) since the last cyber security 03.01(c)
| |
| inspection Documentation (including configuration files and rules sets) for Network-based Intrusion Detection/Protection Systems (NIDS/NIPS), Host-based 4 03.02(b)
| |
| Intrusion Detection Systems (HIDS), and Security Information and Event Management (SIEM) systems for system(s) chosen for inspection)
| |
| Documentation (including configuration files and rule sets) for intra-5 security level firewalls and boundary devices used to protect the selected 03.02(c)
| |
| system(s)
| |
| Copies of all periodic reviews of the access authorization list for the 6 03.02(d)
| |
| selected systems since the last inspection 7 Baseline configuration data sheets for the selected CDAs 03.03(a)
| |
| | |
| JAMES A. FITZPATRICK NUCLEAR POWER PLANT CYBER SECURITY INSPECTION DOCUMENT REQUEST Documentation on any changes, including Security Impact Analyses, 8 03.03(b)
| |
| performed on the selected system(s) since the last inspection Copies of the purchase order documentation for any new equipment 9 03.03(c)
| |
| purchased for the selected systems since the last inspection Copies of any reports/assessment for cyber security drills performed since 03.02(a)
| |
| | |
| the last inspection. 03.04(b)
| |
| Copy of the individual recovery plan(s) for the selected system(s) including 03.02(a)
| |
| | |
| documentation of the results the last time the backups were executed. 03.04(b)
| |
| Corrective actions taken as a result of cyber security incidents/issues to 12 include previous NRC violations and Licensee Identified Violations since 03.05 the last cyber security inspection For the selected systems, provide design change/modification packages 13 03.03(a)
| |
| including completed work orders since the last cyber security inspection III. Information Requested to be Available on First Day of Inspection For the specific systems and equipment identified in Section II above, provide the following RFI (i.e., Table 1ST Week Onsite) to the team by October 23, 2023, the first day of the inspection.
| |
| | |
| Table 1ST Week Onsite Section 3, Paragraph Number/Title: Items`
| |
| Any cyber security event reports submitted in accordance with 10 CFR 1 03.04(b)
| |
| 73.77 since the last cyber security inspection Updated Copies of corrective actions taken as a result of cyber security incidents/issues, to include previous NRC violations and Licensee 2 03.05 Identified Violations since the last cyber security inspection, as well as vulnerability-related corrective actions In addition to the above information please provide the following:
| |
| (1) Copies of the following documents do not need to be solely available to the inspection team as long as the inspectors have easy and unrestrained access to them.
| |
| | |
| a. Updated Final Safety Analysis Report, if not previously provided; b. Original Cyber Security Safety Evaluation Report and Supplements; c. Quality Assurance (QA) Plan; d. Technical Specifications, if not previously provided; and e. Latest individual plant examination/probabilistic Risk assessment report.
| |
| | |
| JAMES A. FITZPATRICK NUCLEAR POWER PLANT CYBER SECURITY INSPECTION DOCUMENT REQUEST (2) Vendor Manuals, Assessment and Corrective Actions:
| |
| a. The most recent Cyber Security QA audit and/or self-assessment; and b. Corrective action documents (e.g., condition reports, including status of corrective actions) generated as a result of the most recent Cyber Security QA audit and/or self-assessment.
| |
| | |
| IV. Information Requested To Be Provided Throughout the Inspection (1) Copies of any corrective action documents generated as a result of the inspection teams questions or queries during the inspection.
| |
| | |
| (2) Copies of the list of questions submitted by the inspection team members and the status/resolution of the information requested (provided daily during the inspection to each inspection team member).
| |
| | |
| If you have any questions regarding the information requested, please contact the inspection team leader.
| |
| | |
| 5
| |
| }} | | }} |
|
---|
Category:Inspection Report
MONTHYEARIR 05000333/20230042024-02-0707 February 2024 Integrated Inspection Report 05000333/2023004 and Independent Spent Fuel Storage Installation Inspection Report 07200012/2023001 IR 05000333/20234012023-12-0808 December 2023 Cybersecurity Inspection Report 05000333/2023401 (Cover Letter Only) IR 05000333/20230032023-11-13013 November 2023 Integrated Inspection Report 05000333/2023003 IR 05000333/20230102023-10-26026 October 2023 Biennial Problem Identification and Resolution Inspection Report 05000333/2023010 IR 05000333/20233012023-10-19019 October 2023 Initial Operator Licensing Examination Report 05000333/2023301 IR 05000333/20230052023-08-31031 August 2023 Updated Inspection Plan for James A. FitzPatrick Nuclear Power Plant (Report 05000333/2023005) IR 05000333/20230022023-08-0707 August 2023 Integrated Inspection Report 05000333/2023002 IR 05000333/20234022023-07-26026 July 2023 Security Baseline Inspection Report 05000333/2023402 IR 05000333/20230112023-07-25025 July 2023 Post-Approval Site Inspection for License Renewal - Phase 4 Inspection Report 05000333/2023011 IR 05000333/20235012023-07-20020 July 2023 Emergency Preparedness Biennial Exercise Inspection Report 05000333/2023501 IR 05000333/20234202023-06-26026 June 2023 Security Baseline Inspection Report 05000333 2023420 IR 05000333/20230012023-05-0303 May 2023 Integrated Inspection Report 05000333/2023001 IR 05000333/20230122023-04-13013 April 2023 Quadrennial Fire Protection Inspection Report 05000333/2023012 IR 05000333/20220042023-03-20020 March 2023 Integrated Inspection Report 05000333/2022004 IR 05000333/20220062023-03-0101 March 2023 Annual Assessment Letter for James A. FitzPatrick Nuclear Power Plant (Report 05000333/2022006) IR 05000333/20220032022-11-10010 November 2022 Integrated Inspection Report 05000333/2022003 IR 05000333/20220052022-08-31031 August 2022 Updated Inspection Plan for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2022005) IR 05000333/20220022022-08-10010 August 2022 Integrated Inspection Report 05000333/2022002 IR 05000333/20220102022-06-27027 June 2022 Reissued Design Basis Assurance Inspection (Teams) Inspection Report 05000333/2022010 ML22153A2612022-06-0202 June 2022 Design Basis Assurance Inspection (Teams) Inspection Report 05000333/2022010 IR 05000333/20210142022-05-23023 May 2022 Problem Identification and Resolution Inspection Report 05000333/2021014 IR 05000333/20220012022-05-0505 May 2022 Integrated Inspection Report 05000333/2022001 and Independent Spent Fuel Storage Installation Inspection Report 07200012/2022001 IR 05000333/20210062022-03-0202 March 2022 Annual Assessment Letter for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2021006) IR 05000333/20210042022-01-27027 January 2022 Integrated Inspection Report 05000333/2021004 IR 05000333/20210402021-11-0808 November 2021 95001 Supplemental Inspection Report 05000333/2021040 and Assessment Follow-Up Letter IR 05000333/20210032021-11-0808 November 2021 Integrated Inspection Report 05000333/2021003 IR 05000333/20213012021-10-0505 October 2021 Initial Operator Licensing Examination Report 05000333/2021301 IR 05000333/20215012021-09-29029 September 2021 Emergency Preparedness Biennial Exercise Inspection Report 05000333/2021501 IR 05000333/20210052021-09-0101 September 2021 Updated Inspection Plan for the James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2021005) IR 05000333/20210132021-08-11011 August 2021 Biennial Problem Identification and Resolution Inspection Report 05000333/2021013 IR 05000333/20210022021-08-0303 August 2021 James A. Fitpatrick Nuclear Power Plant - Integrated Inspection Report 05000333/2021002 ML21176A0052021-06-25025 June 2021 Acknowledgement of Dispute of Violations Associated with White Finding - NRC Inspection Report 05000333/2021090 IR 05000333/20210902021-06-25025 June 2021 Acknowledgement of Dispute of Violations Associated with White Finding - NRC Inspection Report 05000333/2021090 IR 05000333/20214022021-06-0909 June 2021 Security Baseline Inspection Report 05000333/2021402 IR 05000333/20210112021-06-0303 June 2021 Design Basis Assurance Inspection (Programs) Inspection Report 05000333/2021011 IR 05000333/20210012021-05-0505 May 2021 Integrated Inspection Report 05000333/2021001 IR 05000333/20210122021-05-0404 May 2021 Temporary Instruction 2515/194 Inspection Report 05000333/2021012 IR 05000333/20214012021-04-19019 April 2021 Material Control and Accounting Program Inspection Report 05000333/2021401 (Letter Only) IR 05000333/20210102021-04-0707 April 2021 Triennial Fire Protection Inspection Report 05000333/2021010 IR 05000333/20200062021-03-0303 March 2021 Annual Assessment Letter for James A. FitzPatrick Nuclear Power Plant (Report 05000333/2020006) IR 05000333/20200042021-02-11011 February 2021 Integrated Inspection Report 05000333/2020004 IR 05000333/20200122021-01-21021 January 2021 Problem Identification and Resolution Report 05000333/2020012 and Preliminary White Finding and Apparent Violation IR 05000333/20204202020-12-10010 December 2020 Security Inspection Report 05000333/2020420 IR 05000333/20200032020-11-10010 November 2020 Integrated Inspection Report 05000333/2020003 IR 05000333/20204022020-09-16016 September 2020 Security Baseline Inspection Report 05000333/2020402 IR 05000333/20200052020-08-31031 August 2020 Updated Inspection Plan for James A. Fitzpatrick Nuclear Power Plant (Report 05000333/2020005) IR 05000333/20200022020-08-10010 August 2020 Integrated Inspection Report 05000333/2020002 IR 05000333/20204012020-07-28028 July 2020 Cyber Security Inspection Report 05000333/2020401 (Letter Only) IR 05000333/20200112020-04-30030 April 2020 Problem Identification and Resolution Annual Sample Inspection Report 05000333/2020011 IR 05000333/20200012020-04-28028 April 2020 Integrated Inspection Report 05000333/2020001 2024-02-07
[Table view] Category:Letter
MONTHYEARIR 05000333/20230042024-02-0707 February 2024 Integrated Inspection Report 05000333/2023004 and Independent Spent Fuel Storage Installation Inspection Report 07200012/2023001 ML24037A0102024-02-0606 February 2024 Requalification Program Inspection ML24018A0012024-01-18018 January 2024 Notification of Commercial Grade Dedication Inspection (05000333/2024010) and Request for Information ML24004A2302024-01-0808 January 2024 Project Manager Reassignment ML23356A0832024-01-0404 January 2024 Exemption from Select Requirements of 10 CFR Part 73 (EPID L-2023-LLE-0058 (Security Notifications, Reports, and Recordkeeping and Suspicious Activity Reporting)) ML23278A1292023-12-14014 December 2023 Units 1 & 2; Limerick, Units 1 & 2; Nine Mile Point, Units 1 & 2; and Peach Bottom, Units 2 & 3 -Revision to Approved Alternatives to Use Boiling Water Reactor Vessel and Internals Project Guidelines JAFP-23-0065, License Amendment Request to Revise Technical Specifications to Adopt TSTF-529, Clarify Use and Application Rules, Revision 4, and Administrative Changes to the Technical Specifications2023-12-14014 December 2023 License Amendment Request to Revise Technical Specifications to Adopt TSTF-529, Clarify Use and Application Rules, Revision 4, and Administrative Changes to the Technical Specifications IR 05000333/20234012023-12-0808 December 2023 Cybersecurity Inspection Report 05000333/2023401 (Cover Letter Only) RS-23-126, Request for Exemption from 10 CFR 2.109(b)2023-12-0707 December 2023 Request for Exemption from 10 CFR 2.109(b) JAFP-23-0069, Supplemental Response to Part 73 Exemption Request Withdrawal of Request for Exemption from 10 CFR 73, Subpart B, Preemption Authority Requirements2023-12-0707 December 2023 Supplemental Response to Part 73 Exemption Request Withdrawal of Request for Exemption from 10 CFR 73, Subpart B, Preemption Authority Requirements JAFP-23-0057, and Independent Spent Fuel Storage Installation - Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications Implementation2023-11-22022 November 2023 and Independent Spent Fuel Storage Installation - Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications Implementation JAFP-23-0064, Emergency Plan Document Revision2023-11-15015 November 2023 Emergency Plan Document Revision JAFP-23-0063, Registration of Spent Fuel Cask Use2023-11-13013 November 2023 Registration of Spent Fuel Cask Use IR 05000333/20230032023-11-13013 November 2023 Integrated Inspection Report 05000333/2023003 ML23317A1192023-11-10010 November 2023 Constellation Energy Generation, LLC - 2023 Annual Report - Guarantees of Payment of Deferred Premiums IR 05000333/20230102023-10-26026 October 2023 Biennial Problem Identification and Resolution Inspection Report 05000333/2023010 JAFP-23-0059, Registration of Spent Fuel Cask Use2023-10-24024 October 2023 Registration of Spent Fuel Cask Use IR 05000333/20233012023-10-19019 October 2023 Initial Operator Licensing Examination Report 05000333/2023301 RS-23-097, Constellation Energy Generation, LLC, Advisement of Leadership Changes and Submittal of Updated Standard Practice Procedures Plans2023-10-12012 October 2023 Constellation Energy Generation, LLC, Advisement of Leadership Changes and Submittal of Updated Standard Practice Procedures Plans JAFP-23-0050, Physical Security Plan, Revision 242023-08-31031 August 2023 Physical Security Plan, Revision 24 JAFP-23-0048, Supplemental Information for License Amendment Request to Update the Technical Specification Bases to Change the Fuel Handling Accident Analysis2023-08-31031 August 2023 Supplemental Information for License Amendment Request to Update the Technical Specification Bases to Change the Fuel Handling Accident Analysis IR 05000333/20230052023-08-31031 August 2023 Updated Inspection Plan for James A. FitzPatrick Nuclear Power Plant (Report 05000333/2023005) JAFP-23-0047, Correction to the 2022 Annual Radioactive Effluent Release Report2023-08-30030 August 2023 Correction to the 2022 Annual Radioactive Effluent Release Report ML23228A1342023-08-16016 August 2023 Licensed Operator Positive Fitness-For-Duty Test IR 05000333/20230022023-08-0707 August 2023 Integrated Inspection Report 05000333/2023002 RS-23-087, Revision to Approved Alternatives Associated with the Use of the BWRVIP Guidelines in Lieu of Specific ASME Code Requirements on Reactor2023-08-0404 August 2023 Revision to Approved Alternatives Associated with the Use of the BWRVIP Guidelines in Lieu of Specific ASME Code Requirements on Reactor JAFP-23-0040, License Amendment Request to Update the Technical Specification Bases to Change the Fuel Handling Accident Analysis2023-08-0303 August 2023 License Amendment Request to Update the Technical Specification Bases to Change the Fuel Handling Accident Analysis JAFP-23-0043, 10 CFR 50.46 Annual Report2023-07-31031 July 2023 10 CFR 50.46 Annual Report JAFP-23-0038, License Amendment Request to Modify Technical Specification Surveillance Requirement (SR) 3.4.3.1 Safety Relief Valves (S/Rvs) Setpoint Lower Tolerance2023-07-28028 July 2023 License Amendment Request to Modify Technical Specification Surveillance Requirement (SR) 3.4.3.1 Safety Relief Valves (S/Rvs) Setpoint Lower Tolerance ML23208A1622023-07-27027 July 2023 Operator Licensing Examination Approval IR 05000333/20234022023-07-26026 July 2023 Security Baseline Inspection Report 05000333/2023402 IR 05000333/20230112023-07-25025 July 2023 Post-Approval Site Inspection for License Renewal - Phase 4 Inspection Report 05000333/2023011 IR 05000333/20235012023-07-20020 July 2023 Emergency Preparedness Biennial Exercise Inspection Report 05000333/2023501 JAFP-23-0033, License Amendment Request - Technical Specifications (TS) Section 3.3.1.2, Source Range Monitors (SRM) Instrumentation2023-06-28028 June 2023 License Amendment Request - Technical Specifications (TS) Section 3.3.1.2, Source Range Monitors (SRM) Instrumentation IR 05000333/20234202023-06-26026 June 2023 Security Baseline Inspection Report 05000333 2023420 RS-23-077, Response to NRC Regulatory Issue Summary 2023-01, Preparation and Scheduling of Operator Licensing Examinations2023-06-16016 June 2023 Response to NRC Regulatory Issue Summary 2023-01, Preparation and Scheduling of Operator Licensing Examinations ML23164A0322023-06-13013 June 2023 Request for Information for a Biennial Problem Identification and Resolution Inspection; Inspection Report 05000333/2023010 ML23152A0042023-06-0101 June 2023 Information Request for the Cyber Security Baseline Inspection, Notification to Perform Inspection 05000333/2023401 RS-23-042, Application to Revise Technical Specifications to Adopt TSTF-580, Provide Exception from Entering Mode 4 with No Operable RHR Shutdown Cooling2023-05-25025 May 2023 Application to Revise Technical Specifications to Adopt TSTF-580, Provide Exception from Entering Mode 4 with No Operable RHR Shutdown Cooling JAFP-23-0025, 2022 Annual Radiological Environmental Operating Report2023-05-10010 May 2023 2022 Annual Radiological Environmental Operating Report IR 05000333/20230012023-05-0303 May 2023 Integrated Inspection Report 05000333/2023001 ML23117A2172023-05-0101 May 2023 Safety Evaluation for Quality Assurance Program Manual Reduction in Commitment ML23114A2522023-04-28028 April 2023 Request to Use a Provision of a Later Edition of the ASME Boiler & Pressure Vessel Code, Section XI JAFP-23-0023, 2022 Annual Radioactive Effluent Release Report2023-04-27027 April 2023 2022 Annual Radioactive Effluent Release Report IR 05000333/20230122023-04-13013 April 2023 Quadrennial Fire Protection Inspection Report 05000333/2023012 ML23095A3722023-04-0505 April 2023 2023 Updated Final Safety Analysis Report, Technical Specification Bases and Technical Requirements Manual Changes Transmittal RS-23-049, Constellation Energy Generation, LLC, Report on Status of Decommissioning Funding for Reactors and Independent Spent Fuel Storage Installations2023-03-23023 March 2023 Constellation Energy Generation, LLC, Report on Status of Decommissioning Funding for Reactors and Independent Spent Fuel Storage Installations IR 05000333/20220042023-03-20020 March 2023 Integrated Inspection Report 05000333/2022004 JAFP-23-0010, 2022 REIRS Transmittal of NRC Form 52023-03-20020 March 2023 2022 REIRS Transmittal of NRC Form 5 ML23061A1632023-03-0303 March 2023 Reassignment of the U.S. Nuclear Regulatory Commission Branch Chief in the Division of Operating Reactor Licensing for Plant Licensing Branch 3 2024-02-07
[Table view] |
Text
December 8, 2023
SUBJECT:
JAMES A. FITZPATRICK NUCLEAR POWER PLANT - CYBERSECURITY INSPECTION REPORT 05000333/2023401
Dear David Rhoades:
On October 27, 2023, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at James A. FitzPatrick Nuclear Power Plant and discussed the results of this inspection with Garrick D. Olson, Plant Manager, and other members of your staff. The results of this inspection are documented in the enclosed report.
One finding of very low security significance (Green) is documented in this report. This finding involved a violation of NRC requirements. We are treating this violation as a non-cited violation (NCV) consistent with Section 2.3.2 of the Enforcement Policy.
If you contest the violation or the significance or severity of the violation documented in this inspection report, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN:
Document Control Desk, Washington, DC 20555-0001; with copies to the Regional Administrator, Region I; the Director, Office of Enforcement; the Director, Office of Nuclear Security and Incident Response; and the NRC Resident Inspector at James A. FitzPatrick Nuclear Power Plant.
This letter will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations (10 CFR) 2.390, Public Inspections, Exemptions, Requests for Withholding. The enclosed report contains Security-Related Information, so the enclosed report will not be made publicly available in accordance with 10 CFR 2.390(d)(1). If you choose to provide a response that contains Security-Related Information, please mark your entire response Security-Related Information-Withhold from public disclosure under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). The NRC is waiving the affidavit requirements for your response in accordance with 10 CFR 2.390(b)(1)(ii).
Sincerely, Digitally signed by Glenn Glenn T. T. Dentel Date: 2023.12.08 Dentel 09:07:07 -05'00'
Glenn T. Dentel, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket No. 05000333 License No. DPR-59 Enclosure:
As stated cc w/o encl: Distribution via LISTSERV cc w/ encl:
M. Bellomo, Manager Site Security F. Bundy, Manager Security Operations A. Peterson, State Liaison Officer Designee, NY State Energy, Research and Development Authority B. Wright, NYS Division of Homeland Security and Emergency Services ML23340A143 (Cover letter w/ enclosure(s))
ADAMS ACCESSION NUMBER: ML23340A146 (Cover letter)
Entire Report: Non-Sensitive Publicly Available x SUNSI Review x Sensitive x Non-Publicly Available Cover Letter Only: x Non-Sensitive x Publicly Available x SUNSI Review Sensitive Non-Publicly Available OFFICE RI/DORS RI/DORS RI/DORS RI/DORS NAME ECarfang DWerkheiser LDumont GDentel DATE 12/4/2023 12/4/2023 12/5/2023 12/4/2023