ML16078A068: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
| Line 18: | Line 18: | ||
=Text= | =Text= | ||
{{#Wiki_filter:UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 Vice President, Operations Entergy Nuclear Operations, Inc. Palisades Nuclear Plant 27780 Blue Star Memorial Highway Covert, Ml 49043-9530 May 2, 2016 SUBJECT: PALISADES NUCLEAR PLANT -ISSUANCE OF AMENDMENT RE: CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE (CAC NO. MF6351) Dear Sir or Madam: The U.S. Nuclear Regulatory Commission (NRC) has issued the enclosed Amendment No. 259 to Renewed Facility Operating License No. DPR-20 for the Palisades Nuclear Plant (PNP). The amendment consists of changes to the facility operating license in response to your application dated June 11, 2015. The amendment approves the revised schedule for full implementation of the cyber security plan (CSP) from June 30, 2016, to December 15, 2017, and revises Paragraph 2.E of Renewed Facility Operating License No. DPR-20 for PNP, to incorporate the revised CSP implementation schedule. A copy of the related safety evaluation is also enclosed. The Notice of Issuance will be included in the Commission's biweekly Federal Register notice. Docket No. 50-255 Enclosures: 1. Amendment No. 259 to DPR-20 2. Safety Evaluation cc: Distribution via ListServ Sincerely, Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 ENTERGY NUCLEAR OPERATIONS. INC. DOCKET NO. 50-255 PALISADES NUCLEAR PLANT AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 259 Renewed Facility Operating License No. DPR-20 1. The U.S. Nuclear Regulatory Commission (the Commission) has found that: A. The application for amendment by Entergy Nuclear Operations, Inc. (ENO, or the licensee), dated June 11, 2015, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act}, and the Commission's rules and regulations set forth in 1 O CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public; and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied. Enclosure 1 | {{#Wiki_filter:UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 Vice President, Operations Entergy Nuclear Operations, Inc. Palisades Nuclear Plant 27780 Blue Star Memorial Highway Covert, Ml 49043-9530 May 2, 2016 | ||
==SUBJECT:== | |||
* Title 1 O of the Code of Federal Regulations (10 CFR), Section 73.54, "Protection of digital computer and communication systems and networks," which states, in part: Enclosure 2 | PALISADES NUCLEAR PLANT -ISSUANCE OF AMENDMENT RE: CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE (CAC NO. MF6351) | ||
==Dear Sir or Madam:== | |||
The U.S. Nuclear Regulatory Commission (NRC) has issued the enclosed Amendment No. 259 to Renewed Facility Operating License No. DPR-20 for the Palisades Nuclear Plant (PNP). The amendment consists of changes to the facility operating license in response to your application dated June 11, 2015. The amendment approves the revised schedule for full implementation of the cyber security plan (CSP) from June 30, 2016, to December 15, 2017, and revises Paragraph 2.E of Renewed Facility Operating License No. DPR-20 for PNP, to incorporate the revised CSP implementation schedule. A copy of the related safety evaluation is also enclosed. The Notice of Issuance will be included in the Commission's biweekly Federal Register notice. Docket No. 50-255 | |||
==Enclosures:== | |||
1. Amendment No. 259 to DPR-20 2. Safety Evaluation cc: Distribution via ListServ Sincerely, Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 ENTERGY NUCLEAR OPERATIONS. INC. DOCKET NO. 50-255 PALISADES NUCLEAR PLANT AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 259 Renewed Facility Operating License No. DPR-20 1. The U.S. Nuclear Regulatory Commission (the Commission) has found that: A. The application for amendment by Entergy Nuclear Operations, Inc. (ENO, or the licensee), dated June 11, 2015, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act}, and the Commission's rules and regulations set forth in 1 O CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public; and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied. Enclosure 1 2. Accordingly, the license is amended by changes as indicated in the attachment to this license amendment, and Paragraph 2. E of Renewed Facility Operating License No. DPR-20 is hereby amended to read as follows: ENO shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Entergy Nuclear Palisades Nuclear Plant Physical Security Plan." ENO shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Palisades CSP was approved by License Amendment No. 243 as supplemented by changes approved by License Amendment Nos. 248, 253, and 259. 3. This license amendment is effective as of the date of issuance and shall be implemented within 30 days from the date of issuance. The full implementation of the CSP shall be in accordance with the implementation schedule submitted by the licensee on June 11, 2015, and approved by the NRC staff with this license amendment. All subsequent changes to the NRC-approved CSP implementation schedule will require NRC approval pursuant to 10 CFR 50.90. | |||
==Attachment:== | |||
Changes to the Renewed Facility Operating License No. DPR-20 Date of Issuance: May 2, 201 6 FOR THE NUCLEAR REGULATORY COMMISSION C)J 9. v ---David J. Wrona, Chief Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation ATTACHMENT TO LICENSE AMENDMENT NO. 259 RENEWED FACILITY OPERATING LICENSE NO. DPR-20 DOCKET NO. 50-255 Replace the following page of the Renewed Facility Operating License No. DPR-20 with the attached revised page. The changed area is identified by a marginal line. REMOVE INSERT Page 6 Page 6 D. The facility has been granted certain exemptions from Appendix J to 1 O CFR Part 50, "Primary Reactor Containment Leakage Testing for Water Cooled Power Reactors." This section contains leakage test requirements, schedules and acceptance criteria for tests of the leak-tight integrity of the primary reactor containment and systems and components which penetrate the containment. These exemptions were granted in a letter dated December 6, 1989. These exemptions granted pursuant to 1 O CFR 50. 12, are authorized by law, will not present an undue risk to the public health and safety, and are consistent with the common defense and security. With these exemptions, the facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission. E. ENO shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Entergy Nuclear Palisades Nuclear Plant Physical Security Plan." ENO shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Palisades CSP was approved by License Amendment No. 243 as supplemented by changes approved by License Amendment Nos. 248, 253, and 259. F. [deleted] G. ENP and ENO shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims. Renewed License No. DPR-20 Amendment No. 2-M, 259 UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NO. 259 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-20 ENTERGY NUCLEAR OPERATIONS, INC. PALISADES NUCLEAR PLANT DOCKET NO. 50-255 | |||
==1.0 INTRODUCTION== | |||
By letter dated June 11, 2015 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML 15162A736), Entergy Nuclear Operations, Inc. (ENO, the licensee) requested a change to the renewed facility operating license for Palisades Nuclear Plant (PNP). The NRC staff initially reviewed and approved the licensee's Cyber Security Plan (CSP) implementation schedule for PNP by letter dated July 28, 2011, Amendment No. 243 (ADAMS Accession No. ML111801243). Subsequently, by letter dated December8, 2014 (ADAMS Accession No. ML 14237A144), the NRC staff reviewed and approved Amendment No. 253, which extended the CSP implementation schedule. This schedule required PNP to fully implement and maintain all provisions of the CSP no later than June 30, 2016. The proposed change would revise the date of CSP Implementation Schedule Milestone 8 and Paragraph 2. E in the renewed facility operating license from June 30, 2016, to December 15, 2017. Milestone 8 of the CSP implementation schedule concerns the full implementation of the CSP. The NRC issued a proposed finding that the amendment involves no significant hazards consideration in the Federal Register on August 4, 2015 (80 FR 46349). The NRC has not received any public comments on this determination. | |||
==2.0 REGULATORY EVALUATION== | |||
The NRC staff considered the following regulatory requirements and guidance in its review of the June 11, 2015, license amendment request to modify the existing CSP implementation schedule: | |||
* Title 1 O of the Code of Federal Regulations (10 CFR), Section 73.54, "Protection of digital computer and communication systems and networks," which states, in part: Enclosure 2 Each [CSP] submittal must include a proposed implementation schedule. Implementation of the licensee's cyber security program must be consistent with the approved schedule. | |||
* The licensee's renewed facility operating license includes a license condition that requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved CSP. | * The licensee's renewed facility operating license includes a license condition that requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved CSP. | ||
* Review criteria provided by the NRC staff's internal memorandum, "Review Criteria for Title 10 of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," dated October 24, 2013 (ADAMS Accession No. ML 13295A467), to be considered for evaluating licensees' requests to postpone their cyber security program implementation date (commonly known as Milestone 8). The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that states, in part, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No. ML 110980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRG-approved CSP implementation schedule, thus, will require prior NRC approval pursuant to 10 CFR 50.90, "Application for amendment of license, construction permit, or early site permit." 3.0 TECHNICAL EVALUATION 3.1 Licensee's Requested Change The NRC staff issued Amendment No. 253 to Renewed Facility Operating License DPR-20 for PNP by letter dated December 8, 2014. The staff approved a change to the licensee's CSP implementation schedule, as discussed in the safety evaluation issued with the amendment. The licensee's original implementation schedule for the Cyber Security Program identified completion dates and bases for the following eight milestones: 1) Establish the Cyber Security Assessment Team (CSAT); 2) Identify Critical Systems (CSs) and Critical Digital Assets (CDAs); 3) Install a deterministic one-way device between lower level devices and higher level devices; 4) Implement the security control "Access Control For Portable And Mobile Devices;" 5) Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds; | * Review criteria provided by the NRC staff's internal memorandum, "Review Criteria for Title 10 of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," dated October 24, 2013 (ADAMS Accession No. ML 13295A467), to be considered for evaluating licensees' requests to postpone their cyber security program implementation date (commonly known as Milestone 8). The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that states, in part, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No. ML 110980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRG-approved CSP implementation schedule, thus, will require prior NRC approval pursuant to 10 CFR 50.90, "Application for amendment of license, construction permit, or early site permit." | ||
==3.0 TECHNICAL EVALUATION== | |||
3.1 Licensee's Requested Change The NRC staff issued Amendment No. 253 to Renewed Facility Operating License DPR-20 for PNP by letter dated December 8, 2014. The staff approved a change to the licensee's CSP implementation schedule, as discussed in the safety evaluation issued with the amendment. The licensee's original implementation schedule for the Cyber Security Program identified completion dates and bases for the following eight milestones: 1) Establish the Cyber Security Assessment Team (CSAT); 2) Identify Critical Systems (CSs) and Critical Digital Assets (CDAs); 3) Install a deterministic one-way device between lower level devices and higher level devices; 4) Implement the security control "Access Control For Portable And Mobile Devices;" 5) Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds; 6) Identify, document, and implement cyber security controls in accordance with "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment; 7) Ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and 8) Fully implement the CSP. Currently, Milestone 8 of the PNP CSP requires the licensee to fully implement the CSP by June 30, 2016. By letter dated June 11, 2015, ENO proposed to modify the Milestone 8 completion date to December 15, 2017. The licensee provided the following information pertinent to each of the criteria identified in the NRC guidance memorandum dated October 24, 2013. 1) Identification of the specific requirement or requirements of the cyber security plan that the licensee needs additional time to implement. The licensee stated that the requirements of the CSP that need additional time to implement are Section 3, "Analyzing Digital Computer Systems and Networks," and Section 4, "Establishing, Implementing and Maintaining the Cyber Security Program." The licensee further noted that these sections describe requirements for application of cyber security controls and describes the process of security control assessments. The licensee also noted any combination of physical, logical (software-related), or programmatic/procedural changes could be required. 2) Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified. The licensee stated that it had hosted a "pilot" Milestone 8 inspection at the Indian Point Energy Center in March 2014. During the pilot, insight was gained into the NRC perspective on how to apply the cyber security controls listed in NEI 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors" (ADAMS Accession No. ML 101180437). During the pilot inspection, the NRC team reviewed several examples of CDAs with ENO and indicated the level of detail and depth expected in the technical analyses for cyber security controls referenced in NEI 08-09. Based on this review, ENO stated that the detail and depth of the technical analysis exceeds EN O's prior understanding and necessitates a greater effort to achieve than initially anticipated. The licensee also stated that during 2015, each operating ENO licensee has an inspection of compliance with interim Milestones 1 through 7. The preparation for and support of these inspections required a significant commitment of time from ENO's most knowledgeable subject matter experts on nuclear cyber security, exceeding the estimate previously developed and thereby, drawing those resources away from Milestone 8 implementation activities. | |||
3) A proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available. The licensee proposed a Milestone 8 completion date of December 15, 2017. As discussed in the licensee's response to criterion (2) above, the proposed completion date for Milestone 8 is primarily based on ENO's assessment of the pilot inspection. ENO stated that the remaining work, including the detail and depth of the technical analysis, exceeds the licensee's prior understanding and necessitates a greater effort to achieve than initially anticipated. 4) An evaluation of the impact that the additional time to implement the requirements will have on the effectiveness of the licensee's overall cyber security program in the context of milestones already completed. The licensee stated the following: The impact of the requested additional implementation time on the effectiveness of the overall cyber security program is considered to be very low, because the interim milestones that have already been completed have resulted in a high degree of protection of safety-related, important-to-safety, and security CDAs against threat vectors associated with external connectivity (both wired and wireless), and portable digital media and devices. Additionally, extensive physical and administrative measures are already in place for CDAs because they are plant components, pursuant to the PNP Physical Security Plan and Technical Specification requirements. The licensee also briefly described how it had implemented Milestones 1 through 7. 5) A description of the licensee's methodology for prioritizing completion of work for critical digital assets associated with significant safety, security, or emergency preparedness consequences and with reactivity effects in the balance of plant. The licensee stated the following: Because CDAs are plant components, prioritization follows the normal work management process that places the highest priority on apparent conditions adverse to quality in system, structure, and component design function and related factors such as safety risk and nuclear defense-in-depth, as well as threats to continuity of electric power generation in the balance-of-plant (BOP). High focus continues to be maintained on prompt attention to any emergent issue with [safety related, security and important to safety (including BOP)] CDAs that would potentially challenge the established cyber protective barriers. Additionally, it should be noted that these CDAs encompass those associated with physical security target sets. | |||
6) A discussion of the licensee's cyber security program performance up to the date of the license amendment request. The licensee stated the following: No compromise of [safety, security, and emergency preparedness (SSEP)] function by cyber means has been identified. Additionally, a Quality Assurance (QA) audit was conducted in the fourth quarter of 2014 pursuant to the physical security program review required by 10 CFR 73.55(m), Requirements for Physical Protection of Licensed Activities in Nuclear Power Reactors Against Radiological Sabotage; Security Program Reviews. The QA audit included review of cyber security program implementation. There were no significant findings related to overall cyber security program performance and effectiveness. 7) A discussion of cyber security issues pending in the licensee's corrective action program (CAP). The licensee stated the following: No significant (with 'significant' meaning constituting a threat to a CDA via cyber means or calling into question program effectiveness) nuclear cyber security issues are currently pending in the CAP. Several non-significant issues identified during the QA audit described above and identified during NRC inspections of compliance with nuclear cyber security Interim Milestones 1 through 7 have been entered into CAP. 8) A discussion of modifications completed to support the cyber security program and a discussion of pending cyber security modifications. The licensee discussed completed modifications and pending modifications. 3.2 NRC Staff Evaluation The NRC staff has evaluated the licensee's application using the regulatory requirements and guidance above. The NRC staff's evaluation is below. The staff finds that the actions the licensee noted as being required to implement CSP, Section 3, "Analyzing Digital Computer Systems and Networks.'' and Section 4, "Establishing, Implementing and Maintaining the Cyber Security Program.'' are reasonable as discussed below. The licensee indicated that the activities described in Milestones 1 through 7, which have all been fully implemented, provide a high degree of protection of safety-related, safety, and security CDAs against common threat vectors. The NRC staff concludes that the licensee's site is more secure after the implementation of Milestones 1 through 7 because the activities the licensee has completed mitigate the most significant cyber attack vectors for the most significant CDAs. Therefore, the NRC has reasonable assurance that full implementation of the CSP by December 15, 2017, will provide adequate protection of the public health and safety and the common defense and security. | |||
The licensee stated that the detail and depth of the technical analysis exceeds ENO's prior understanding and necessitates a greater time and effort to achieve than ENO anticipated when the current implementation schedule was developed. The NRC staff has had extensive interaction with the nuclear industry since licensees first developed their CSP implementation schedules. The NRC staff recognizes that CDA assessment work including application of controls is more complex and resource intensive than ENO anticipated. As a result, the licensee has a large number of additional tasks not considered when developing its current CSP implementation schedule. The staff concludes that the licensee's request for additional time to implement Milestone 8 is reasonable given the complexity, volume, and scope of the remaining work required to fully implement its CSP. The licensee proposed a Milestone 8 completion date of December 15, 2017. The licensee's prioritization of completion of work for CDAs follows the normal work management process that places the highest priority on apparent conditions adverse to quality in system, structure, and component design function and related factors such as safety risk and nuclear depth. High focus continues to be maintained on prompt attention to any emergent issue with safety related, security and important to safety (including BOP) CDAs that would potentially challenge the established cyber protective barriers. The NRC staff concludes that the licensee's methodology for prioritizing work on CDAs is appropriate. The staff further concludes that the licensee's request to delay final implementation of the CSP until December 15, 2017, is reasonable given the complexity of the remaining work. 3.3 Technical Evaluation Conclusion Based on its review of the licensee's application, the NRC staff concludes that the licensee's request to delay full implementation of its CSP until December 15, 2017, is reasonable for the following reasons: (i) the licensee's implementation of Milestones 1 through 7 provides mitigation for significant cyber attack vectors for the most significant CDAs; (ii) the scope of the work required to come into full compliance with the CSP implementation schedule was much more complicated than the licensee anticipated when the current CSP implementation schedule was developed; and (iii) the licensee has reasonably prioritized and scheduled the work required to come into full compliance with its CSP implementation schedule. Therefore, the NRC staff finds the proposed change acceptable. 3.4 Revision to License Condition 2.E By letter dated June 11, 2015, the licensee proposed to modify Paragraph 2.E of Renewed Facility Operating License No. DPR-20 for PNP, which provides a license condition to require the licensee to fully implement and maintain in effect all provisions of the approved CSP. The current license condition in Paragraph 2.E of Renewed Facility Operating License No. DPR-20 for PNP states, in part: ENO shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Palisades CSP was approved by License Amendment No. 243 as supplemented by changes approved by License Amendment Nos. 248 and 253. The revised portion of the license condition in Paragraph 2.E of Renewed Facility Operating License No. DPR-20 for PNP would state: ENO shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Palisades CSP was approved by License Amendment No. 243 as supplemented by changes approved by License Amendment Nos. 248, 253, and 259. Based on the information in Section 3.0 of this safety evaluation and the modified license condition described above, the NRC staff concludes this is acceptable. 4.0 REGULATORY COMMITMENTS By letter dated June 11, 2015, the licensee made the following regulatory commitment: Full implementation of Palisades Nuclear Plant Cyber Security Plan for all safety, security, and emergency preparedness functions will be achieved. Scheduled Completion Date: December 15, 2017 The above stated commitment is consistent with the revised Milestone 8 implementation date proposed by the licensee and evaluated by the NRC staff. | |||
==5.0 STATE CONSULTATION== | |||
In accordance with the Commission's regulations, the Michigan State official was notified of the proposed issuance of the amendment. The Michigan State official had no comments. | |||
==6.0 ENVIRONMENTAL CONSIDERATION== | |||
This is an amendment to a 10 CFR Part 50 license that relates solely to safeguards matters and does not involve any significant construction impacts. This amendment is an administrative change to extend the date by which the licensee must have its cyber security plan fully implemented. Accordingly, the amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(12). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment. | |||
==7.0 CONCLUSION== | |||
The Commission has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. Principal Contributor: John Rycyna, NSIR/CSD Date: May 2, 2016 Vice President, Operations Entergy Nuclear Operations, Inc. Palisades Nuclear Plant 27780 Blue Star Memorial Highway Covert, Ml 49043-9530 May 2, 2016 | |||
==SUBJECT:== | |||
PALISADES NUCLEAR PLANT -ISSUANCE OF AMENDMENT RE: CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE (CAC NO. MF6351) | |||
==Dear Sir or Madam:== | |||
The U.S. Nuclear Regulatory Commission (NRC) has issued the enclosed Amendment No. 259 to Renewed Facility Operating License No. DPR-20 for the Palisades Nuclear Plant (PNP). The amendment consists of changes to the facility operating license in response to your application dated June 11, 2015. The amendment approves the revised schedule for full implementation of the cyber security plan (CSP) from June 30, 2016, to December 15, 2017, and revises Paragraph 2.E of Renewed Facility Operating License No. DPR-20 for PNP, to incorporate the revised CSP implementation schedule. A copy of the related safety evaluation is also enclosed. The Notice of Issuance will be included in the Commission's biweekly Federal Register notice. Sincerely, IRA/ Jennivine K. Rankin, Project Manager Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-255 | |||
==Enclosures:== | |||
1. Amendment No. 259 to DPR-20 2. Safety Evaluation cc: Distribution via ListServ DISTRIBUTION: PUBLIC LPL3-1 Reading RidsNrrDorlDpr Resource RidsNrrDorllpl3-1 Resource RidsRgn3MailCenter Resource RidsNrrLAMHenderson Resource JRycyna, NSIR/CSD ADAMS Accession No. ML 16078A068 OFFICE NRR/DORL/LPL3-1/PM NRR/DORL/LPL3-1/LA NAME JRankin MHenderson DATE 03/30/16 03/28/16 OFFICE OGC NRR/DORL/LPL3-1 /BC NAME Llondon DWrona DATE 04/11/16 04/29/16 OFFICIAL AGENCY RECORD RidsAcrs_MailCTR Resource RidsNrrPMPalisades Resource RidsNsirCsd Resource *via email NSIR/CSD/DD (A)* JBeardsley 03/16/16 NRR/DORL/LPL3-1/PM JRankin 05/02/16 | |||
}} | }} | ||
Revision as of 04:02, 5 April 2018
| ML16078A068 | |
| Person / Time | |
|---|---|
| Site: | Palisades  |
| Issue date: | 05/02/2016 |
| From: | Rankin J K Plant Licensing Branch III |
| To: | Entergy Nuclear Operations |
| Rankin J K, NRR/DORL/LPL3-1, 415-1530 | |
| References | |
| CAC MF6351 | |
| Download: ML16078A068 (14) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 Vice President, Operations Entergy Nuclear Operations, Inc. Palisades Nuclear Plant 27780 Blue Star Memorial Highway Covert, Ml 49043-9530 May 2, 2016
SUBJECT:
PALISADES NUCLEAR PLANT -ISSUANCE OF AMENDMENT RE: CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE (CAC NO. MF6351)
Dear Sir or Madam:
The U.S. Nuclear Regulatory Commission (NRC) has issued the enclosed Amendment No. 259 to Renewed Facility Operating License No. DPR-20 for the Palisades Nuclear Plant (PNP). The amendment consists of changes to the facility operating license in response to your application dated June 11, 2015. The amendment approves the revised schedule for full implementation of the cyber security plan (CSP) from June 30, 2016, to December 15, 2017, and revises Paragraph 2.E of Renewed Facility Operating License No. DPR-20 for PNP, to incorporate the revised CSP implementation schedule. A copy of the related safety evaluation is also enclosed. The Notice of Issuance will be included in the Commission's biweekly Federal Register notice. Docket No. 50-255
Enclosures:
1. Amendment No. 259 to DPR-20 2. Safety Evaluation cc: Distribution via ListServ Sincerely, Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 ENTERGY NUCLEAR OPERATIONS. INC. DOCKET NO. 50-255 PALISADES NUCLEAR PLANT AMENDMENT TO RENEWED FACILITY OPERATING LICENSE Amendment No. 259 Renewed Facility Operating License No. DPR-20 1. The U.S. Nuclear Regulatory Commission (the Commission) has found that: A. The application for amendment by Entergy Nuclear Operations, Inc. (ENO, or the licensee), dated June 11, 2015, complies with the standards and requirements of the Atomic Energy Act of 1954, as amended (the Act}, and the Commission's rules and regulations set forth in 1 O CFR Chapter I; B. The facility will operate in conformity with the application, the provisions of the Act, and the rules and regulations of the Commission; C. There is reasonable assurance (i) that the activities authorized by this amendment can be conducted without endangering the health and safety of the public; and (ii) that such activities will be conducted in compliance with the Commission's regulations; D. The issuance of this amendment will not be inimical to the common defense and security or to the health and safety of the public; E. The issuance of this amendment is in accordance with 10 CFR Part 51 of the Commission's regulations and all applicable requirements have been satisfied. Enclosure 1 2. Accordingly, the license is amended by changes as indicated in the attachment to this license amendment, and Paragraph 2. E of Renewed Facility Operating License No. DPR-20 is hereby amended to read as follows: ENO shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Entergy Nuclear Palisades Nuclear Plant Physical Security Plan." ENO shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Palisades CSP was approved by License Amendment No. 243 as supplemented by changes approved by License Amendment Nos. 248, 253, and 259. 3. This license amendment is effective as of the date of issuance and shall be implemented within 30 days from the date of issuance. The full implementation of the CSP shall be in accordance with the implementation schedule submitted by the licensee on June 11, 2015, and approved by the NRC staff with this license amendment. All subsequent changes to the NRC-approved CSP implementation schedule will require NRC approval pursuant to 10 CFR 50.90.
Attachment:
Changes to the Renewed Facility Operating License No. DPR-20 Date of Issuance: May 2, 201 6 FOR THE NUCLEAR REGULATORY COMMISSION C)J 9. v ---David J. Wrona, Chief Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation ATTACHMENT TO LICENSE AMENDMENT NO. 259 RENEWED FACILITY OPERATING LICENSE NO. DPR-20 DOCKET NO. 50-255 Replace the following page of the Renewed Facility Operating License No. DPR-20 with the attached revised page. The changed area is identified by a marginal line. REMOVE INSERT Page 6 Page 6 D. The facility has been granted certain exemptions from Appendix J to 1 O CFR Part 50, "Primary Reactor Containment Leakage Testing for Water Cooled Power Reactors." This section contains leakage test requirements, schedules and acceptance criteria for tests of the leak-tight integrity of the primary reactor containment and systems and components which penetrate the containment. These exemptions were granted in a letter dated December 6, 1989. These exemptions granted pursuant to 1 O CFR 50. 12, are authorized by law, will not present an undue risk to the public health and safety, and are consistent with the common defense and security. With these exemptions, the facility will operate, to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission. E. ENO shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Entergy Nuclear Palisades Nuclear Plant Physical Security Plan." ENO shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Palisades CSP was approved by License Amendment No. 243 as supplemented by changes approved by License Amendment Nos. 248, 253, and 259. F. [deleted] G. ENP and ENO shall have and maintain financial protection of such type and in such amounts as the Commission shall require in accordance with Section 170 of the Atomic Energy Act of 1954, as amended, to cover public liability claims. Renewed License No. DPR-20 Amendment No. 2-M, 259 UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO AMENDMENT NO. 259 TO RENEWED FACILITY OPERATING LICENSE NO. DPR-20 ENTERGY NUCLEAR OPERATIONS, INC. PALISADES NUCLEAR PLANT DOCKET NO. 50-255
1.0 INTRODUCTION
By letter dated June 11, 2015 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML 15162A736), Entergy Nuclear Operations, Inc. (ENO, the licensee) requested a change to the renewed facility operating license for Palisades Nuclear Plant (PNP). The NRC staff initially reviewed and approved the licensee's Cyber Security Plan (CSP) implementation schedule for PNP by letter dated July 28, 2011, Amendment No. 243 (ADAMS Accession No. ML111801243). Subsequently, by letter dated December8, 2014 (ADAMS Accession No. ML 14237A144), the NRC staff reviewed and approved Amendment No. 253, which extended the CSP implementation schedule. This schedule required PNP to fully implement and maintain all provisions of the CSP no later than June 30, 2016. The proposed change would revise the date of CSP Implementation Schedule Milestone 8 and Paragraph 2. E in the renewed facility operating license from June 30, 2016, to December 15, 2017. Milestone 8 of the CSP implementation schedule concerns the full implementation of the CSP. The NRC issued a proposed finding that the amendment involves no significant hazards consideration in the Federal Register on August 4, 2015 (80 FR 46349). The NRC has not received any public comments on this determination.
2.0 REGULATORY EVALUATION
The NRC staff considered the following regulatory requirements and guidance in its review of the June 11, 2015, license amendment request to modify the existing CSP implementation schedule:
- Title 1 O of the Code of Federal Regulations (10 CFR), Section 73.54, "Protection of digital computer and communication systems and networks," which states, in part: Enclosure 2 Each [CSP] submittal must include a proposed implementation schedule. Implementation of the licensee's cyber security program must be consistent with the approved schedule.
- The licensee's renewed facility operating license includes a license condition that requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved CSP.
- Review criteria provided by the NRC staff's internal memorandum, "Review Criteria for Title 10 of the Code of Federal Regulations Part 73.54, Cyber Security Implementation Schedule Milestone 8 License Amendment Requests," dated October 24, 2013 (ADAMS Accession No. ML 13295A467), to be considered for evaluating licensees' requests to postpone their cyber security program implementation date (commonly known as Milestone 8). The NRC staff does not regard the CSP milestone implementation dates as regulatory commitments that can be changed unilaterally by the licensee, particularly in light of the regulatory requirement at 10 CFR 73.54, that states, in part, that "[i]mplementation of the licensee's cyber security program must be consistent with the approved schedule." As the NRC staff explained in its letter to all operating reactor licensees dated May 9, 2011 (ADAMS Accession No. ML 110980538), the implementation of the plan, including the key intermediate milestone dates and the full implementation date shall be in accordance with the implementation schedule submitted by the licensee and approved by the NRC. All subsequent changes to the NRG-approved CSP implementation schedule, thus, will require prior NRC approval pursuant to 10 CFR 50.90, "Application for amendment of license, construction permit, or early site permit."
3.0 TECHNICAL EVALUATION
3.1 Licensee's Requested Change The NRC staff issued Amendment No. 253 to Renewed Facility Operating License DPR-20 for PNP by letter dated December 8, 2014. The staff approved a change to the licensee's CSP implementation schedule, as discussed in the safety evaluation issued with the amendment. The licensee's original implementation schedule for the Cyber Security Program identified completion dates and bases for the following eight milestones: 1) Establish the Cyber Security Assessment Team (CSAT); 2) Identify Critical Systems (CSs) and Critical Digital Assets (CDAs); 3) Install a deterministic one-way device between lower level devices and higher level devices; 4) Implement the security control "Access Control For Portable And Mobile Devices;" 5) Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds; 6) Identify, document, and implement cyber security controls in accordance with "Mitigation of Vulnerabilities and Application of Cyber Security Controls" for CDAs that could adversely impact the design function of physical security target set equipment; 7) Ongoing monitoring and assessment activities for those target set CDAs whose security controls have been implemented; and 8) Fully implement the CSP. Currently, Milestone 8 of the PNP CSP requires the licensee to fully implement the CSP by June 30, 2016. By letter dated June 11, 2015, ENO proposed to modify the Milestone 8 completion date to December 15, 2017. The licensee provided the following information pertinent to each of the criteria identified in the NRC guidance memorandum dated October 24, 2013. 1) Identification of the specific requirement or requirements of the cyber security plan that the licensee needs additional time to implement. The licensee stated that the requirements of the CSP that need additional time to implement are Section 3, "Analyzing Digital Computer Systems and Networks," and Section 4, "Establishing, Implementing and Maintaining the Cyber Security Program." The licensee further noted that these sections describe requirements for application of cyber security controls and describes the process of security control assessments. The licensee also noted any combination of physical, logical (software-related), or programmatic/procedural changes could be required. 2) Detailed justification that describes the reason the licensee requires additional time to implement the specific requirement or requirements identified. The licensee stated that it had hosted a "pilot" Milestone 8 inspection at the Indian Point Energy Center in March 2014. During the pilot, insight was gained into the NRC perspective on how to apply the cyber security controls listed in NEI 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors" (ADAMS Accession No. ML 101180437). During the pilot inspection, the NRC team reviewed several examples of CDAs with ENO and indicated the level of detail and depth expected in the technical analyses for cyber security controls referenced in NEI 08-09. Based on this review, ENO stated that the detail and depth of the technical analysis exceeds EN O's prior understanding and necessitates a greater effort to achieve than initially anticipated. The licensee also stated that during 2015, each operating ENO licensee has an inspection of compliance with interim Milestones 1 through 7. The preparation for and support of these inspections required a significant commitment of time from ENO's most knowledgeable subject matter experts on nuclear cyber security, exceeding the estimate previously developed and thereby, drawing those resources away from Milestone 8 implementation activities.
3) A proposed completion date for Milestone 8 consistent with the remaining scope of work to be conducted and the resources available. The licensee proposed a Milestone 8 completion date of December 15, 2017. As discussed in the licensee's response to criterion (2) above, the proposed completion date for Milestone 8 is primarily based on ENO's assessment of the pilot inspection. ENO stated that the remaining work, including the detail and depth of the technical analysis, exceeds the licensee's prior understanding and necessitates a greater effort to achieve than initially anticipated. 4) An evaluation of the impact that the additional time to implement the requirements will have on the effectiveness of the licensee's overall cyber security program in the context of milestones already completed. The licensee stated the following: The impact of the requested additional implementation time on the effectiveness of the overall cyber security program is considered to be very low, because the interim milestones that have already been completed have resulted in a high degree of protection of safety-related, important-to-safety, and security CDAs against threat vectors associated with external connectivity (both wired and wireless), and portable digital media and devices. Additionally, extensive physical and administrative measures are already in place for CDAs because they are plant components, pursuant to the PNP Physical Security Plan and Technical Specification requirements. The licensee also briefly described how it had implemented Milestones 1 through 7. 5) A description of the licensee's methodology for prioritizing completion of work for critical digital assets associated with significant safety, security, or emergency preparedness consequences and with reactivity effects in the balance of plant. The licensee stated the following: Because CDAs are plant components, prioritization follows the normal work management process that places the highest priority on apparent conditions adverse to quality in system, structure, and component design function and related factors such as safety risk and nuclear defense-in-depth, as well as threats to continuity of electric power generation in the balance-of-plant (BOP). High focus continues to be maintained on prompt attention to any emergent issue with [safety related, security and important to safety (including BOP)] CDAs that would potentially challenge the established cyber protective barriers. Additionally, it should be noted that these CDAs encompass those associated with physical security target sets.
6) A discussion of the licensee's cyber security program performance up to the date of the license amendment request. The licensee stated the following: No compromise of [safety, security, and emergency preparedness (SSEP)] function by cyber means has been identified. Additionally, a Quality Assurance (QA) audit was conducted in the fourth quarter of 2014 pursuant to the physical security program review required by 10 CFR 73.55(m), Requirements for Physical Protection of Licensed Activities in Nuclear Power Reactors Against Radiological Sabotage; Security Program Reviews. The QA audit included review of cyber security program implementation. There were no significant findings related to overall cyber security program performance and effectiveness. 7) A discussion of cyber security issues pending in the licensee's corrective action program (CAP). The licensee stated the following: No significant (with 'significant' meaning constituting a threat to a CDA via cyber means or calling into question program effectiveness) nuclear cyber security issues are currently pending in the CAP. Several non-significant issues identified during the QA audit described above and identified during NRC inspections of compliance with nuclear cyber security Interim Milestones 1 through 7 have been entered into CAP. 8) A discussion of modifications completed to support the cyber security program and a discussion of pending cyber security modifications. The licensee discussed completed modifications and pending modifications. 3.2 NRC Staff Evaluation The NRC staff has evaluated the licensee's application using the regulatory requirements and guidance above. The NRC staff's evaluation is below. The staff finds that the actions the licensee noted as being required to implement CSP, Section 3, "Analyzing Digital Computer Systems and Networks. and Section 4, "Establishing, Implementing and Maintaining the Cyber Security Program. are reasonable as discussed below. The licensee indicated that the activities described in Milestones 1 through 7, which have all been fully implemented, provide a high degree of protection of safety-related, safety, and security CDAs against common threat vectors. The NRC staff concludes that the licensee's site is more secure after the implementation of Milestones 1 through 7 because the activities the licensee has completed mitigate the most significant cyber attack vectors for the most significant CDAs. Therefore, the NRC has reasonable assurance that full implementation of the CSP by December 15, 2017, will provide adequate protection of the public health and safety and the common defense and security.
The licensee stated that the detail and depth of the technical analysis exceeds ENO's prior understanding and necessitates a greater time and effort to achieve than ENO anticipated when the current implementation schedule was developed. The NRC staff has had extensive interaction with the nuclear industry since licensees first developed their CSP implementation schedules. The NRC staff recognizes that CDA assessment work including application of controls is more complex and resource intensive than ENO anticipated. As a result, the licensee has a large number of additional tasks not considered when developing its current CSP implementation schedule. The staff concludes that the licensee's request for additional time to implement Milestone 8 is reasonable given the complexity, volume, and scope of the remaining work required to fully implement its CSP. The licensee proposed a Milestone 8 completion date of December 15, 2017. The licensee's prioritization of completion of work for CDAs follows the normal work management process that places the highest priority on apparent conditions adverse to quality in system, structure, and component design function and related factors such as safety risk and nuclear depth. High focus continues to be maintained on prompt attention to any emergent issue with safety related, security and important to safety (including BOP) CDAs that would potentially challenge the established cyber protective barriers. The NRC staff concludes that the licensee's methodology for prioritizing work on CDAs is appropriate. The staff further concludes that the licensee's request to delay final implementation of the CSP until December 15, 2017, is reasonable given the complexity of the remaining work. 3.3 Technical Evaluation Conclusion Based on its review of the licensee's application, the NRC staff concludes that the licensee's request to delay full implementation of its CSP until December 15, 2017, is reasonable for the following reasons: (i) the licensee's implementation of Milestones 1 through 7 provides mitigation for significant cyber attack vectors for the most significant CDAs; (ii) the scope of the work required to come into full compliance with the CSP implementation schedule was much more complicated than the licensee anticipated when the current CSP implementation schedule was developed; and (iii) the licensee has reasonably prioritized and scheduled the work required to come into full compliance with its CSP implementation schedule. Therefore, the NRC staff finds the proposed change acceptable. 3.4 Revision to License Condition 2.E By letter dated June 11, 2015, the licensee proposed to modify Paragraph 2.E of Renewed Facility Operating License No. DPR-20 for PNP, which provides a license condition to require the licensee to fully implement and maintain in effect all provisions of the approved CSP. The current license condition in Paragraph 2.E of Renewed Facility Operating License No. DPR-20 for PNP states, in part: ENO shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Palisades CSP was approved by License Amendment No. 243 as supplemented by changes approved by License Amendment Nos. 248 and 253. The revised portion of the license condition in Paragraph 2.E of Renewed Facility Operating License No. DPR-20 for PNP would state: ENO shall fully implement and maintain in effect all provisions of the Commission-approved cyber security plan (CSP), including changes made pursuant to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The Palisades CSP was approved by License Amendment No. 243 as supplemented by changes approved by License Amendment Nos. 248, 253, and 259. Based on the information in Section 3.0 of this safety evaluation and the modified license condition described above, the NRC staff concludes this is acceptable. 4.0 REGULATORY COMMITMENTS By letter dated June 11, 2015, the licensee made the following regulatory commitment: Full implementation of Palisades Nuclear Plant Cyber Security Plan for all safety, security, and emergency preparedness functions will be achieved. Scheduled Completion Date: December 15, 2017 The above stated commitment is consistent with the revised Milestone 8 implementation date proposed by the licensee and evaluated by the NRC staff.
5.0 STATE CONSULTATION
In accordance with the Commission's regulations, the Michigan State official was notified of the proposed issuance of the amendment. The Michigan State official had no comments.
6.0 ENVIRONMENTAL CONSIDERATION
This is an amendment to a 10 CFR Part 50 license that relates solely to safeguards matters and does not involve any significant construction impacts. This amendment is an administrative change to extend the date by which the licensee must have its cyber security plan fully implemented. Accordingly, the amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(12). Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.
7.0 CONCLUSION
The Commission has concluded, based on the considerations discussed above, that: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) there is reasonable assurance that such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. Principal Contributor: John Rycyna, NSIR/CSD Date: May 2, 2016 Vice President, Operations Entergy Nuclear Operations, Inc. Palisades Nuclear Plant 27780 Blue Star Memorial Highway Covert, Ml 49043-9530 May 2, 2016
SUBJECT:
PALISADES NUCLEAR PLANT -ISSUANCE OF AMENDMENT RE: CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE (CAC NO. MF6351)
Dear Sir or Madam:
The U.S. Nuclear Regulatory Commission (NRC) has issued the enclosed Amendment No. 259 to Renewed Facility Operating License No. DPR-20 for the Palisades Nuclear Plant (PNP). The amendment consists of changes to the facility operating license in response to your application dated June 11, 2015. The amendment approves the revised schedule for full implementation of the cyber security plan (CSP) from June 30, 2016, to December 15, 2017, and revises Paragraph 2.E of Renewed Facility Operating License No. DPR-20 for PNP, to incorporate the revised CSP implementation schedule. A copy of the related safety evaluation is also enclosed. The Notice of Issuance will be included in the Commission's biweekly Federal Register notice. Sincerely, IRA/ Jennivine K. Rankin, Project Manager Plant Licensing Branch 111-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-255
Enclosures:
1. Amendment No. 259 to DPR-20 2. Safety Evaluation cc: Distribution via ListServ DISTRIBUTION: PUBLIC LPL3-1 Reading RidsNrrDorlDpr Resource RidsNrrDorllpl3-1 Resource RidsRgn3MailCenter Resource RidsNrrLAMHenderson Resource JRycyna, NSIR/CSD ADAMS Accession No. ML 16078A068 OFFICE NRR/DORL/LPL3-1/PM NRR/DORL/LPL3-1/LA NAME JRankin MHenderson DATE 03/30/16 03/28/16 OFFICE OGC NRR/DORL/LPL3-1 /BC NAME Llondon DWrona DATE 04/11/16 04/29/16 OFFICIAL AGENCY RECORD RidsAcrs_MailCTR Resource RidsNrrPMPalisades Resource RidsNsirCsd Resource *via email NSIR/CSD/DD (A)* JBeardsley 03/16/16 NRR/DORL/LPL3-1/PM JRankin 05/02/16