ML17187A195: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
Line 13: | Line 13: | ||
| document type = Audit Plan, Letter | | document type = Audit Plan, Letter | ||
| page count = 5 | | page count = 5 | ||
| project = CAC: | | project = CAC:MF9658, CAC:MF9657, CAC:MF9656 | ||
| stage = Other | | stage = Other | ||
}} | }} | ||
=Text= | =Text= | ||
{{#Wiki_filter:!\Eau( UNITED STATES "'>-.. 011,,_ NUCLEAR REGULATORY COMMISSION /!! o WASHINGTON, D.C. 20555-0001 <t 0 : July 6, 2017 '<'/. 1-'? **M: Anthony J. Vitale Site Vice President Entergy Nuclear Operations, Inc. Indian Point Energy Center 450 Broadway, GSB P.O. Box 249 Buchanan, NY 10511-0249 SUBJECT: INDIAN POINT NUCLEAR GENERATING UNIT NOS. 1, 2 AND 3 -REGULATORY AUDIT PLAN FOR JULY 10-11, 2017, AUDIT IN SUPPORT OF LICENSE AMENDMENT REQUEST TO EXTEND MILESTONE 8 IMPLEMENTATION DATE (CAC NOS. MF9656, MF9657, AND MF9658) Dear Mr. Vitale: By application dated April 28, 2017 (Agencywide Documents Access and Management System Accession No. ML 17129A612), Entergy Nuclear Operations, Inc. submitted a license amendment request to implement a change to the Indian Point Energy Center Cyber Security Plan implementation schedule Milestone 8 full implementation date. To support its safety evaluation, the U.S. Nuclear Regulatory Commission staff will conduct an audit at the Indian Point Energy Center in Buchanan, New York, on July 10-11, 2017. The Regulatory Audit Plan is enclosed. If you have any questions, please contact me at 301-415-1030 or Richard.Guzman@nrc.gov. Docket Nos. 50-003, 50-247, and 50-286 Enclosure: Regulatory Audit Plan cc w/encl: Distribution via Listserv Sincerely, Richard V. Guzman, Senior Project Manager Plant Licensing Branch I Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation REGULATORY AUDIT IN SUPPORT OF LICENSE AMENDMENT REQUEST TO IMPLEMENT A CHANGE TO THE INDIAN POINT ENERGY CENTER CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE MILESTONE 8 FULL IMPLEMENTATION DATE ENTERGY NUCLEAR OPERATIONS, INC. INDIAN POINT NUCLEAR GENERATING UNIT NOS. 1, 2, AND 3 DOCKET NOS. 50-003, 50-247, AND 50-286 (CAC NOS. MF9656, MF9657, AND MF9658) 1.0 PURPOSE AND SCOPE Entergy Nuclear Operations, Inc. (Entergy, the licensee) submitted a license amendment request (LAR) (Reference 1) to change the Indian Point Energy Center (IPEC) Cyber Security Plan (CSP) Milestone 8 full implementation date as set forth in the CSP implementation schedule approved by Reference 2, as amended by References 3, 4, and 5. The U.S. Nuclear Regulatory Commission (NRC) staff's review of the LAR has commenced in accordance with the Office of Nuclear Reactor Regulation's (NRR's) Office Instruction LIC-101, "License Amendment Review Procedures." The NRC staff has determined that a regulatory audit of the IPEC's LAR will be conducted in accordance with NRR Office Instruction LIC-111, "Regulatory Audits," for the staff to gain a better understanding of the licensee's proposed change to the implementation schedule. A regulatory audit is a planned license or regulation-related activity that includes the examination and evaluation of primarily non-docketed information. A regulatory audit is conducted with the intent to gain understanding, verify information, and/or identify information that will require docketing to support the basis of a licensing or regulatory decision. Performing a regulatory audit of the licensee's information is expected to assist the staff in efficiently conducting its review or gain insights on the licensee's processes or procedures. 2.0 AUDIT AGENDA The audit is scheduled to start on the afternoon of July 1 O, 2017, and finish on July 11, 2017, at IPEC in Buchanan, New York. The agenda will include discussion and/or examination of: | {{#Wiki_filter:!\Eau( UNITED STATES "'>-.. 011,,_ NUCLEAR REGULATORY COMMISSION /!! o WASHINGTON, D.C. 20555-0001 <t 0 : July 6, 2017 '<'/. 1-'? **M: Anthony J. Vitale Site Vice President Entergy Nuclear Operations, Inc. Indian Point Energy Center 450 Broadway, GSB P.O. Box 249 Buchanan, NY 10511-0249 | ||
==SUBJECT:== | |||
INDIAN POINT NUCLEAR GENERATING UNIT NOS. 1, 2 AND 3 -REGULATORY AUDIT PLAN FOR JULY 10-11, 2017, AUDIT IN SUPPORT OF LICENSE AMENDMENT REQUEST TO EXTEND MILESTONE 8 IMPLEMENTATION DATE (CAC NOS. MF9656, MF9657, AND MF9658) | |||
==Dear Mr. Vitale:== | |||
By application dated April 28, 2017 (Agencywide Documents Access and Management System Accession No. ML 17129A612), Entergy Nuclear Operations, Inc. submitted a license amendment request to implement a change to the Indian Point Energy Center Cyber Security Plan implementation schedule Milestone 8 full implementation date. To support its safety evaluation, the U.S. Nuclear Regulatory Commission staff will conduct an audit at the Indian Point Energy Center in Buchanan, New York, on July 10-11, 2017. The Regulatory Audit Plan is enclosed. If you have any questions, please contact me at 301-415-1030 or Richard.Guzman@nrc.gov. Docket Nos. 50-003, 50-247, and 50-286 | |||
==Enclosure:== | |||
Regulatory Audit Plan cc w/encl: Distribution via Listserv Sincerely, Richard V. Guzman, Senior Project Manager Plant Licensing Branch I Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation REGULATORY AUDIT IN SUPPORT OF LICENSE AMENDMENT REQUEST TO IMPLEMENT A CHANGE TO THE INDIAN POINT ENERGY CENTER CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE MILESTONE 8 FULL IMPLEMENTATION DATE ENTERGY NUCLEAR OPERATIONS, INC. INDIAN POINT NUCLEAR GENERATING UNIT NOS. 1, 2, AND 3 DOCKET NOS. 50-003, 50-247, AND 50-286 (CAC NOS. MF9656, MF9657, AND MF9658) 1.0 PURPOSE AND SCOPE Entergy Nuclear Operations, Inc. (Entergy, the licensee) submitted a license amendment request (LAR) (Reference 1) to change the Indian Point Energy Center (IPEC) Cyber Security Plan (CSP) Milestone 8 full implementation date as set forth in the CSP implementation schedule approved by Reference 2, as amended by References 3, 4, and 5. The U.S. Nuclear Regulatory Commission (NRC) staff's review of the LAR has commenced in accordance with the Office of Nuclear Reactor Regulation's (NRR's) Office Instruction LIC-101, "License Amendment Review Procedures." The NRC staff has determined that a regulatory audit of the IPEC's LAR will be conducted in accordance with NRR Office Instruction LIC-111, "Regulatory Audits," for the staff to gain a better understanding of the licensee's proposed change to the implementation schedule. A regulatory audit is a planned license or regulation-related activity that includes the examination and evaluation of primarily non-docketed information. A regulatory audit is conducted with the intent to gain understanding, verify information, and/or identify information that will require docketing to support the basis of a licensing or regulatory decision. Performing a regulatory audit of the licensee's information is expected to assist the staff in efficiently conducting its review or gain insights on the licensee's processes or procedures. 2.0 AUDIT AGENDA The audit is scheduled to start on the afternoon of July 1 O, 2017, and finish on July 11, 2017, at IPEC in Buchanan, New York. The agenda will include discussion and/or examination of: | |||
* Definition of "high-risk safety-related Critical Digital Assets (CDA)." | * Definition of "high-risk safety-related Critical Digital Assets (CDA)." | ||
* The IPEC probabilistic risk assessment (PRA) technical acceptability, per guidance in Regulatory Guide (RG) 1.174, Revision 2, "An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Enclosure | * The IPEC probabilistic risk assessment (PRA) technical acceptability, per guidance in Regulatory Guide (RG) 1.174, Revision 2, "An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Enclosure Basis," and RG 1.200, Revision 2, "An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities," for use in this LAA. This includes discussion of the basis for risk threshold metrics, the methodology for relating CDAs to components and systems, and qualitative and quantitative screening results. | ||
* List of CDA screening results, including CDAs screened into the high-risk safety-related category. | * List of CDA screening results, including CDAs screened into the high-risk safety-related category. | ||
* Impact to safety, security, and emergency preparedness functions of CDAs excluded from the high-risk safety-related CDAs group. | * Impact to safety, security, and emergency preparedness functions of CDAs excluded from the high-risk safety-related CDAs group. | ||
Line 34: | Line 42: | ||
* Candace de Messieres, Reliability and Risk Analyst, NRR/DRA/APLB, Risk-Informed Licensing Initiatives Team | * Candace de Messieres, Reliability and Risk Analyst, NRR/DRA/APLB, Risk-Informed Licensing Initiatives Team | ||
* Richard Guzman, Sr., Project Manager, NRA, Division of Operating Reactor Licensing (attending by virtual conference) | * Richard Guzman, Sr., Project Manager, NRA, Division of Operating Reactor Licensing (attending by virtual conference) | ||
* Eric Lee, Sr., Cyber Security Specialist, NSIR/DPSP/CSB (attending by virtual conference) 4.0 INFORMATION AND OTHER MATERIAL NECESSARY FOR THE AUDIT No documents are requested prior to the audit. During the audit, documents may be requested by the NRC staff to aid in understanding the scope of the LAA request and the process used for the basis of the LAA. 5.0 LOGISTICS This regulatory audit is starting on July 10, 2017, and will last approximately 1 % days. The NRC staff conducted a conference call on June 26, 2017, to discuss the details of the audit plan. The audit will take place in the Generation Support Building within the Site Owner Controlled Area at IPEC where the necessary reference material and appropriate subject matter experts will be available to support the review. Visitor access will be requested for the entire audit team. | * Eric Lee, Sr., Cyber Security Specialist, NSIR/DPSP/CSB (attending by virtual conference) 4.0 INFORMATION AND OTHER MATERIAL NECESSARY FOR THE AUDIT No documents are requested prior to the audit. During the audit, documents may be requested by the NRC staff to aid in understanding the scope of the LAA request and the process used for the basis of the LAA. 5.0 LOGISTICS This regulatory audit is starting on July 10, 2017, and will last approximately 1 % days. The NRC staff conducted a conference call on June 26, 2017, to discuss the details of the audit plan. The audit will take place in the Generation Support Building within the Site Owner Controlled Area at IPEC where the necessary reference material and appropriate subject matter experts will be available to support the review. Visitor access will be requested for the entire audit team. | ||
The audit team will require the following to support the regulatory audit: | |||
* Telephone available to call NRG headquarters. | * Telephone available to call NRG headquarters. | ||
* Virtual conferencing capability to facilitate additional NRG staff participation. | * Virtual conferencing capability to facilitate additional NRG staff participation. |
Revision as of 00:31, 5 April 2018
ML17187A195 | |
Person / Time | |
---|---|
Site: | Indian Point |
Issue date: | 07/06/2017 |
From: | Guzman R V Plant Licensing Branch 1 |
To: | Vitale A J Entergy Nuclear Operations |
Guzman R V, NRR/DORL/LPL1 | |
References | |
CAC MF9656, CAC MF9657, CAC MF9658 | |
Download: ML17187A195 (5) | |
Text
!\Eau( UNITED STATES "'>-.. 011,,_ NUCLEAR REGULATORY COMMISSION /!! o WASHINGTON, D.C. 20555-0001 <t 0 : July 6, 2017 '<'/. 1-'? **M: Anthony J. Vitale Site Vice President Entergy Nuclear Operations, Inc. Indian Point Energy Center 450 Broadway, GSB P.O. Box 249 Buchanan, NY 10511-0249
SUBJECT:
INDIAN POINT NUCLEAR GENERATING UNIT NOS. 1, 2 AND 3 -REGULATORY AUDIT PLAN FOR JULY 10-11, 2017, AUDIT IN SUPPORT OF LICENSE AMENDMENT REQUEST TO EXTEND MILESTONE 8 IMPLEMENTATION DATE (CAC NOS. MF9656, MF9657, AND MF9658)
Dear Mr. Vitale:
By application dated April 28, 2017 (Agencywide Documents Access and Management System Accession No. ML 17129A612), Entergy Nuclear Operations, Inc. submitted a license amendment request to implement a change to the Indian Point Energy Center Cyber Security Plan implementation schedule Milestone 8 full implementation date. To support its safety evaluation, the U.S. Nuclear Regulatory Commission staff will conduct an audit at the Indian Point Energy Center in Buchanan, New York, on July 10-11, 2017. The Regulatory Audit Plan is enclosed. If you have any questions, please contact me at 301-415-1030 or Richard.Guzman@nrc.gov. Docket Nos.50-003, 50-247, and 50-286
Enclosure:
Regulatory Audit Plan cc w/encl: Distribution via Listserv Sincerely, Richard V. Guzman, Senior Project Manager Plant Licensing Branch I Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation REGULATORY AUDIT IN SUPPORT OF LICENSE AMENDMENT REQUEST TO IMPLEMENT A CHANGE TO THE INDIAN POINT ENERGY CENTER CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE MILESTONE 8 FULL IMPLEMENTATION DATE ENTERGY NUCLEAR OPERATIONS, INC. INDIAN POINT NUCLEAR GENERATING UNIT NOS. 1, 2, AND 3 DOCKET NOS.50-003, 50-247, AND 50-286 (CAC NOS. MF9656, MF9657, AND MF9658) 1.0 PURPOSE AND SCOPE Entergy Nuclear Operations, Inc. (Entergy, the licensee) submitted a license amendment request (LAR) (Reference 1) to change the Indian Point Energy Center (IPEC) Cyber Security Plan (CSP) Milestone 8 full implementation date as set forth in the CSP implementation schedule approved by Reference 2, as amended by References 3, 4, and 5. The U.S. Nuclear Regulatory Commission (NRC) staff's review of the LAR has commenced in accordance with the Office of Nuclear Reactor Regulation's (NRR's) Office Instruction LIC-101, "License Amendment Review Procedures." The NRC staff has determined that a regulatory audit of the IPEC's LAR will be conducted in accordance with NRR Office Instruction LIC-111, "Regulatory Audits," for the staff to gain a better understanding of the licensee's proposed change to the implementation schedule. A regulatory audit is a planned license or regulation-related activity that includes the examination and evaluation of primarily non-docketed information. A regulatory audit is conducted with the intent to gain understanding, verify information, and/or identify information that will require docketing to support the basis of a licensing or regulatory decision. Performing a regulatory audit of the licensee's information is expected to assist the staff in efficiently conducting its review or gain insights on the licensee's processes or procedures. 2.0 AUDIT AGENDA The audit is scheduled to start on the afternoon of July 1 O, 2017, and finish on July 11, 2017, at IPEC in Buchanan, New York. The agenda will include discussion and/or examination of:
- Definition of "high-risk safety-related Critical Digital Assets (CDA)."
- The IPEC probabilistic risk assessment (PRA) technical acceptability, per guidance in Regulatory Guide (RG) 1.174, Revision 2, "An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Enclosure Basis," and RG 1.200, Revision 2, "An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities," for use in this LAA. This includes discussion of the basis for risk threshold metrics, the methodology for relating CDAs to components and systems, and qualitative and quantitative screening results.
- Impact to safety, security, and emergency preparedness functions of CDAs excluded from the high-risk safety-related CDAs group.
- Balance-of-plant CDAs that cause a direct turbine trip versus balance-of-plant CDAs that can indirectly cause a turbine trip.
- Specific controls that are implemented in the Entergy fleet Milestone 8 program.
- Discussion of cyber security issues pending in the corrective action program.
- Discussion of the timeline for modifications pending to support the cyber security program. 3.0 AUDIT TEAM The audit will be conducted by NRC staff from the Office of Nuclear Security and Incident Response (NSIR)/Division of Physical and Security Policy (DPSP)/Cyber Security Branch (CSB) and the Office of Nuclear Reactor Regulation (NRR)/Division of Risk Assessment (DRA)/PRA Licensing Branch-2 (APLB). Observers at the audit may include the NRA project managers and regional inspectors. The audit team will consist of:
- James Beardsley, Team Leader, Chief, NSIR/DPSP/CSB
- Cathy Allen, Cyber Security Specialist, NSIR/DPSP/CSB
- Kim Lawson-Jenkins, Cyber Security Specialist, NSIR/DPSP/CSB
- Jeff Rady, Reactor Inspector, Engineering Branch 2, Region I
- Candace de Messieres, Reliability and Risk Analyst, NRR/DRA/APLB, Risk-Informed Licensing Initiatives Team
- Richard Guzman, Sr., Project Manager, NRA, Division of Operating Reactor Licensing (attending by virtual conference)
- Eric Lee, Sr., Cyber Security Specialist, NSIR/DPSP/CSB (attending by virtual conference) 4.0 INFORMATION AND OTHER MATERIAL NECESSARY FOR THE AUDIT No documents are requested prior to the audit. During the audit, documents may be requested by the NRC staff to aid in understanding the scope of the LAA request and the process used for the basis of the LAA. 5.0 LOGISTICS This regulatory audit is starting on July 10, 2017, and will last approximately 1 % days. The NRC staff conducted a conference call on June 26, 2017, to discuss the details of the audit plan. The audit will take place in the Generation Support Building within the Site Owner Controlled Area at IPEC where the necessary reference material and appropriate subject matter experts will be available to support the review. Visitor access will be requested for the entire audit team.
The audit team will require the following to support the regulatory audit:
- Telephone available to call NRG headquarters.
- Virtual conferencing capability to facilitate additional NRG staff participation.
- Designated private space for internal NRG staff discussion.
- Wireless internet in meeting spaces. 6.0 DELIVERABLES Following the audit, the NRG staff will prepare an audit summary documenting the information reviewed during the audit and any open items identified as a result of the audit. The NRG staff will also document its understanding of the proposed resolution of any identified open items. The audit summary may be provided to the licensee in draft form for proprietary markup. The audit summary will be placed in the Agencywide Documents Access and Management System (ADAMS). 7.0 REFERENCES 1. Letter from Anthony J. Vitale, Site Vice President, Entergy, Indian Point Energy Center, to NRG, "License Amendment Request -Cyber Security Plan Implementation Schedule, Indian Point Unit Nos. 1, 2, and 3," dated April 28, 2017 (ADAMS Accession No. ML 17129A612). 2. NRG letter to Entergy, "Indian Point Nuclear Generating Unit Nos. 1, 2 and 3 -Issuance of Amendments Re: License Amendment Request -Cyber Security Plan," dated August 2, 2011 (ADAMS Accession No. ML 11152A027). 3. NRG letter to Entergy, "Indian Point Nuclear Generating Unit Nos. 1, 2 and 3 -Issuance of Amendments Re: Cyber Security Plan Implementation Schedule Milestones," dated November 28, 2012 (ADAMS Accession No. ML 12258A268). 4. NRG memorandum to Barry Westreich from Russell Felts, "Review Criteria for Title 10 of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," dated October 24, 2013 (ADAMS Accession No. ML 13295A467). 5. NRG letter to Entergy, "Indian Point Nuclear Generating Unit Nos. 1, 2 and 3 -Issuance of Amendments Re: Cyber Security Plan Implementation Schedule," dated December 11, 2014 (ADAMS Accession No. ML 14316A526).
SUBJECT:
INDIAN POINT NUCLEAR GENERATING UNIT NOS. 1, 2 AND 3 -REGULATORY AUDIT PLAN FOR JULY 10-11, 2017, AUDIT IN SUPPORT OF LICENSE AMENDMENT REQUEST TO EXTEND MILESTONE 8 IMPLEMENTATION DATE (CAC NOS. MF9656, MF9657, AND MF9658) DATED JULY 6, 2017 DISTRIBUTION: PUBLIC RidsACRS_MailCTR Resource RidsNrrDorlLp11 Resource RidsNrrDraAplb Resource RidsNrrLALRonewicz Resource RidsNrrPMlndianPoint Resource RidsRgn1 MailCenter Resource JBeardsley, NSIR CAiien, NSIR KLawson-Jenkins, NSIR CDeMessieres, NRR ADAMS A ccess1on N ML 17187A195 o.: OFFICE NRR/DORL/LPL 1/PM NRR/DORL/LPL 1/LA NAME RGuzman LRonewicz DATE 07/06/2017 07/05/2017 OFFICE NSI R/DPCP/CSB/BC* NRR/DORL/LPL 1/BC NAME JBeardsley JDanna DATE 07/06/2017 07/06/2017 OFFICIAL RECORD COPY *b >Y e-ma1 NRR/DRA/APLA/BC* GCasto 07/06/2017 NRR/DORL/LPL 1/PM RGuzman 07/06/2017