|
|
| Line 1: |
Line 1: |
| {{Adams | | {{Adams |
| | number = ML22308A191 | | | number = ML23164A271 |
| | issue date = 11/06/2022 | | | issue date = 06/13/2023 |
| | title = Information Request for the Cybersecurity Baseline Inspection, Notification to Perform Inspection 05000313/2023401 and 05000368/2023401 | | | title = Cyber Security Inspection Report 05000313/2023401 and 05000368/2023401 |
| | author name = Graves S | | | author name = Sacko F |
| | author affiliation = NRC/RGN-IV/DORS/EB2 | | | author affiliation = NRC/RGN-IV/DORS/EB2 |
| | addressee name = O'Sullivan J | | | addressee name = Sullivan J |
| | addressee affiliation = Entergy Operations, Inc | | | addressee affiliation = Entergy Operations, Inc |
| | docket = 05000313, 05000368 | | | docket = 05000313, 05000368 |
| | license number = DPR-051, NPF-006 | | | license number = DPR-051, NPF-006 |
| | contact person = Graves S | | | contact person = Sacko F |
| | document report number = IR 2023401 | | | document report number = IR 2023401 |
| | document type = Inspection Report, Letter | | | document type = Letter |
| | page count = 9 | | | page count = 3 |
| }} | | }} |
|
| |
|
| Line 18: |
Line 18: |
|
| |
|
| =Text= | | =Text= |
| {{#Wiki_filter:November 6, 2022 | | {{#Wiki_filter:June 13, 2023 |
|
| |
|
| ==SUBJECT:== | | ==SUBJECT:== |
| ARKANSAS NUCLEAR ONE INFORMATION REQUEST FOR THE CYBERSECURITY BASELINE INSPECTION, NOTIFICATION TO PERFORM INSPECTION 05000313/2023401 AND 05000368/2023401 | | ARKANSAS NUCLEAR ONE - CYBER SECURITY INSPECTION REPORT 05000313/2023401 AND 05000368/2023401 |
|
| |
|
| ==Dear Mr. Sullivan:== | | ==Dear Joseph Sullivan:== |
| On February 6, 2023, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline inspection in accordance with Inspection Procedure (IP) 71130.10 Cybersecurity, at your Arkansas Nuclear One, Units 1 and 2. The inspection objectives are to provide assurance that the digital computer and communication systems and networks associated with safety, security, and emergency preparedness (SSEP) functions are adequately protected against cyberattacks in accordance with Title 10 of the Code of Federal Regulations (10 CFR) 73.54 and your approved cybersecurity plan (CSP), and to verify that any CSP changes and reports have been made in accordance with 10 CFR 50.54(p). | | On May 11, 2023, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Arkansas Nuclear One and discussed the results of this inspection with Doug Pehrson, General Manager (Acting Vice President), and other members of your staff. The results of this inspection are documented in the enclosed report. |
|
| |
|
| Experience has shown that baseline inspections are extremely resource intensive, both for the NRC inspectors and licensee staff. In an effort to minimize the inspection impact on the site and to ensure a productive inspection for both parties, we have enclosed a request for documents needed for the inspection. These documents have been divided into four groups.
| | Three findings of very low security significance (Green) are documented in this report. The three findings involved violations of NRC requirements. We are treating these violations as non-cited violations (NCVs) consistent with Section 2.3.2 of the Enforcement Policy. |
|
| |
|
| The first group specifies information necessary to assist the inspection team in choosing the focus areas (i.e., sample set) to be inspected by the cyber security IP. This information should be made available via digital media (CD/DVD) or an online document repository and delivered/available to the regional office no later than December 9, 2022. The inspection team will review this information and, by January 6, 2023, will request the specific items that should be provided for review.
| | Three licensee-identified violations which were determined to be of very low security significance are documented in this report. We are treating these violations as non-cited violations (NCVs) consistent with Section 2.3.2 of the Enforcement Policy. |
|
| |
|
| The second group of requested documents will assist the inspection team in the evaluation of the critical systems and critical digital assets (CSs/CDAs), defensive architecture, and the areas of your cyber security program selected for review. This information will be requested for review in the regional office prior to the inspection by January 23, 2023, as identified above.
| | If you contest the violations or the significance or severity of the violations documented in this inspection report, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN: |
| | Document Control Desk, Washington, DC 20555-0001; with copies to the Regional Administrator, Region IV; the Director, Office of Enforcement; the Director, Office of Nuclear Security and Incident Response; and the NRC Resident Inspector at Arkansas Nuclear One. |
|
| |
|
| The third group of requested documents consists of additional items that the inspection team will review, or need access to, during the inspection. Please have this information available by the first day of the onsite inspection, February 6, 2023. | | The following cross cutting aspects were assigned to findings using Inspection Manual Chapter 0310 Aspects Within Cross Cutting Areas: one [H.14] - Conservative Bias, one [H.1] - |
| | Resources, and one [H.12] - Avoid Complacency. |
|
| |
|
| The fourth group of information aids the inspection team in tracking issues identified during the inspection. It is requested that this information be provided to the lead inspector as the information is generated during the inspection. It is important that all requested documents are up to date and complete to minimize the number of additional documents requested during the preparation and/or the onsite portions of the inspection.
| | If you disagree with a cross-cutting aspect assignment in this report, you should provide a response within 30 days of the date of this inspection report, with the basis for your disagreement, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, DC 20555-0001; with copies to the Regional Administrator, Region IV; the Director, Office of Nuclear Security and Incident Response; and the NRC Resident Inspector at Arkansas Nuclear One. |
|
| |
|
| The lead inspector for this inspection is Sam Graves. We understand that our regulatory contact for this inspection is Donna Boyd of your organization. If there are any questions about the inspection or the material requested, please contact the lead inspector at 817-200-1102 or via e-mail at samuel.graves@nrc.gov.
| | This letter will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding. |
|
| |
|
| Paperwork Reduction Act Statement This letter contains mandatory information collections that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). The Office of Management and Budget (OMB)
| | The enclosed report contains Security-Related Information, so the enclosed report will not be made publicly available in accordance with Title 10 of the Code of Federal Regulations (10 CFR) 2.390(d)(1). If you choose to provide a response that contains Security-Related Information, please mark your entire response Security-Related Information-Withhold from public disclosure under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). The NRC is waiving the affidavit requirements for your response in accordance with 10 CFR 2.390(b)(1)(ii). |
| approved these information collections under approval number 3150-0011. The burden to the public for these information collections is estimated to average 40 hour(s) per response. Send comments regarding this information collection to the FOIA, Library and Information Collection Branch, Office of the Chief Information Officer, Mail Stop: T6-A10M, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by email to Infocollects.Resource@nrc.gov, and to the Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202, (3150-0011)
| |
| OMB, Washington, DC 20503.
| |
|
| |
|
| Public Protection Notification The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid Office of Management and Budget control number.
| | Sincerely, Signed by Sacko, Fanta on 06/13/23 Fanta Sacko, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket Nos. 05000313 ,05000368 License Nos. DPR-51, NPF-6 Enclosure: |
| | | As stated cc w/o encl: Distribution via LISTSERV ML23157A208 (Cover letter w/ enclosure(s)) |
| In accordance with 10 CFR 2.390 of the NRCs Rules of Practice and Procedure, a copy of this letter, its enclosures, and your response will be made available electronically for public inspection in the NRC Public Document Room or in the NRCs Agencywide Documents Access and Management System (ADAMS), accessible from the NRC website at http://www.nrc.gov/reading-rm/adams.html. To the extent possible, any response should not include any personal privacy or proprietary information so that it can be made available to the public without redaction.
| | Non-Public Designation Category: MD 3.4 Non-Public (A.3 - A.7 or B.1) |
| | | ADAMS ACCESSION NUMBER: ML23164A271(Cover letter) |
| Sincerely, Signed by Graves, Samuel on 11/07/22 Sam Graves, Senior Reactor Inspector Engineering Branch 2 Division of Operating Reactor Safety Docket Nos. 05000313 and 05000368 License Nos. DPR-51 and NPF-6 Enclosure: | | Entire Report: Non-Sensitive Publicly Available x SUNSI Review x Sensitive x Non-Publicly Available Cover Letter Only: x Non-Sensitive x Publicly Available x SUNSI Review Sensitive Non-Publicly Available OFFICE SRI:DORS/EB2 RI:DORS/EB2 C:DORS/EB2 NAME S. Graves N. Okonkwo F. Sacko SIGNATURE STG2 NPO1 FXS5 DATE 06/07/23 06/07/23 06/13/23 |
| Arkansas Nuclear One, Units 1 And 2 Cyber-Security Inspection Document Request cc w/encl: Distribution via LISTSERV
| |
| | |
| ML22308A191 OFFICE RIV:SRI/DORS/EB2 NAME S. Graves SIGNATURE STG DATE 11/6/22
| |
| | |
| Inspection Report: 05000313/2023401; 05000368/2023401 Inspection Dates: Week of February 6, 2023 Inspection Procedure: IP 71130.10, CYBERSECURITY Reference: ML21330A088, Guidance Document for Development of the Request for Information (RFI) and Notification Letter for IP 71130.10 Cyber Security Inspection, Revision 2 NRC Inspectors: Sam Graves, Lead Nnaerika Okonkwo 817-200-1102 817-200-1114 Samuel.graves@nrc.gov Nnaerika.Okonkwo@nrc.gov NRC Contractors: Tim Marshall Trace Coleman 301-415-7000 301-415-7000 Timothy.marshall@nrc.gov trace.coleman@nrc.gov I. Information Requested for In-Office Preparation This initial request for information (i.e., Table RFI #1) concentrates on providing the inspection team with information necessary to select appropriate components and cyber security program elements to develop a site-specific inspection plan. The first RFI is used to identify the critical digital assets or systems to be chosen as the sample set required to be inspected by the cyber-security IP. The first RFIs requested information is specified below in Table RFI #1.
| |
| | |
| Please provide the information requested in Table RFI #1 to the regional office by December 9, 2023, or sooner, to facilitate the selection of the specific items for review.
| |
| | |
| The inspection team will examine the documentation from the first RFI and select specific systems and equipment to provide a more focused follow-up request to develop the second RFI.
| |
| | |
| The inspection team will submit the specific systems and equipment list to your staff by January 6, 2023, which will be utilized to evaluate the equipment, defensive architecture, and the areas of the licensees cyber security program for review.
| |
| | |
| Please provide the information requested by the second RFI to the regional office by January 23, 2023. All requests for information shall follow the guidance document referenced above (ML21330A088). For information requests that have more than ten (10) documents, please provide a compressed (i.e., Zip) file of the documents.
| |
| | |
| The required Table RFI #1 information shall be provided on digital media (CD/DVD)) or an online document repository to the lead inspector by December 9, 2023. Please provide four copies of each media submitted (i.e., one for each inspector/contactor). The preferred file format for all lists is a searchable Excel spreadsheet file. The media (CDs/DVDs) should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
| |
| | |
| Enclosure
| |
| | |
| Table RFI #1 Section 3, Paragraph Number/Title: IP Ref. Items 1 A list of all Identified Critical Systems and Critical Digital Assets, - Overall highlight/note any additions, deletions, reclassifications due to new guidance from white papers, changes to NEI 10-04, 13-10, etc. since the last cyber security inspection.
| |
| | |
| 2 A list of EP and Security onsite and offsite digital communication systems Overall 3 Network Topology Diagrams to include information and data flow for critical Overall systems in levels 2, 3 and 4 (If available)
| |
| 4 Ongoing Monitoring and Assessment program documentation 03.01(a)
| |
| 5 The most recent Effectiveness Analysis of the Cyber Security Program 03.01(b)
| |
| 6 Vulnerability screening/assessment and scan program documentation 03.01(c)
| |
| 7 Cyber Security Incident response documentation, including incident 03.02(a) and detection, response, and recovery documentation as well as contingency 03.04(b)
| |
| plan development, implementation and including any program documentation that requires testing of security boundary device functionality 8 Device Access and Key Control documentation 03.02(d)
| |
| 9 Password/Authenticator documentation 03.02(d)
| |
| 10 User Account/Credential documentation 03.02(d)
| |
| 11 Portable Media and Mobile Device control documentation, including kiosk 03.02(e)
| |
| security control assessment/documentation 12 Design change/modification program documentation and a list of all cyber- 03.03(a)
| |
| related design changes completed since the last cyber security inspection, including either a summary describing the design change or the 50.59 documentation for the change.
| |
| | |
| 13 Supply Chain Management documentation including any security impact 03.03(a), (b)
| |
| analysis for new acquisitions and (c)
| |
| 14 Configuration Management documentation including any security impact 03.03(a) and analysis performed due to configuration changes since the last inspection (b)
| |
| 15 Cyber Security Plan and any 50.54(p) analysis to support changes to the 03.04(a)
| |
| plan since the last inspection 16 Cyber Security Metrics tracked (if applicable) 03.06 (b)
| |
| 17 Provide documentation describing any cyber security changes to the access Overall authorization program since the last cyber security inspection.
| |
| | |
| 18 Provide a list of all procedures and policies provided to the NRC with their descriptive name and associated number (if available)
| |
| 19 Performance testing report (if applicable) 03.06 (a)
| |
| | |
| In addition to the above information please provide the following:
| |
| (1) Electronic copy of the UFSAR and technical specifications. | |
| | |
| (2) Name(s) and phone numbers for the regulatory and technical contacts.
| |
| | |
| (3) Current management and engineering organizational charts.
| |
| | |
| (4) Implementing and program procedures in a single folder.
| |
| | |
| Based on this information, the inspection team will identify and select specific systems and equipment (e.g., CSs/CDAs) from the information requested by Table RFI #1 and submit a list of specific systems and equipment to your staff by January 6, 2023, for the second RFI (i.e., RFI
| |
| #2).
| |
| | |
| II. Additional Information Requested to be Available Prior to Inspection.
| |
| | |
| As stated in Section I above, the inspection team will examine the returned documentation requested from Table RFI #1 and submit the list of specific systems and equipment to your staff by January 6, 2023, for the second RFI (i.e., RFI #2). The second RFI will request additional information required to evaluate the CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the cybersecurity inspection. The additional information requested for the specific systems and equipment is identified in Table RFI #2. All requested information shall follow the guidance document referenced above (ML21330A088).
| |
| | |
| The Table RFI #2 information shall be provided on digital media (CD/DVD) or an online document repository to the lead inspector by January 23, 2023. Please provide four copies of each media (CD/DVD) submitted (i.e., one for each inspector/contactor). The preferred file format for all lists is a searchable Excel spreadsheet file. The digital media (CDs/DVDs) should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
| |
| | |
| Table RFI #2 Section 3, IP Ref.
| |
| | |
| Paragraph Number/Title: Items For the system(s) chosen for inspection provide:
| |
| 1 Ongoing Monitoring and Assessment activity performed on the system(s) 03.01(a)
| |
| 2 All Security Control Assessments for the selected system(s) 03.01(a)
| |
| All vulnerability screenings/assessments associated with, or scans 3 03.01(c)
| |
| performed on the selected system(s) since the last cyber security inspection Documentation (including configuration files and rules sets) for Network-based Intrusion Detection/Protection Systems (NIDS/NIPS), Host-based 4 03.02(b)
| |
| Intrusion Detection Systems (HIDS), and Security Information and Event Management (SIEM) systems for system(s) chosen for inspection
| |
| | |
| Table RFI #2 Section 3, IP Ref.
| |
| | |
| Paragraph Number/Title: Items Documentation (including configuration files and rule sets) for intra-security 5 03.02(c)
| |
| level firewalls and boundary devices used to protect the selected system(s)
| |
| Copies of all periodic reviews of the access authorization list for the selected 6 03.02(d)
| |
| systems since the last inspection 7 Baseline configuration data sheets for the selected CDAs 03.03(a)
| |
| Documentation on any changes, including Security Impact Analyses, 8 03.03(b)
| |
| performed on the selected system(s) since the last inspection Copies of the purchase order documentation for any new equipment 9 03.03(c)
| |
| purchased for the selected systems since the last inspection Copies of any reports/assessment for cyber security drills performed since 03.02(a)
| |
| | |
| the last inspection. 03.04(b)
| |
| Copy of the individual recovery plan(s) for the selected system(s) including 03.02(a)
| |
| | |
| documentation of the results the last time the backups were executed. 03.04(b)
| |
| Corrective actions taken as a result of cyber security incidents/issues to 12 include previous NRC violations and Licensee Identified Violations since the 03.05 last cyber security inspection III. Information Requested to be Available on First Day of Inspection For the specific systems and equipment identified in Section II above, provide the following RFI (i.e., Table Onsite Week) on digital media (CD/DVD) or an online document repository by February 6, 2023, the first day of the inspection. All requested information shall follow the guidance document referenced above (ML21330A088).
| |
| | |
| Please provide four copies of each passive digital media (CD/DVD) submitted (i.e., one for each inspector/contactor). The preferred file format for all lists is a searchable Excel spreadsheet file.
| |
| | |
| The digital media (CDs/DVDs) should be indexed and hyper-linked to facilitate ease of use. If you have any questions regarding this information, please call the inspection team leader as soon as possible.
| |
| | |
| Table Onsite Week Section 3, Paragraph Number/Title: Items Any cyber security event reports submitted in accordance with 1 03.04(a)
| |
| 10 CFR 73.77 since the last cyber security inspection Updated Copies of corrective actions taken as a result of cyber security incidents/issues, to include previous NRC violations and 2 03.04(d)
| |
| Licensee Identified Violations since the last cyber security inspection, as well as vulnerability-related corrective actions
| |
| | |
| In addition to the above information please provide the following:
| |
| (1) Copies of the following documents do not need to be solely available to the inspection team as long as the inspectors have easy and unrestrained access to them:
| |
| a. Updated Final Safety Analysis Report, if not previously provided; b. Original FSAR Volumes; c. Original SER and Supplements; d. FSAR Question and Answers; e. Quality Assurance Plan; f. Technical Specifications, if not previously provided; g. Latest IPE/PRA Report; and (2) Vendor Manuals, Assessments and Corrective Actions:
| |
| a. The most recent Cyber-Security Quality Assurance (QA) audit and/or self-assessment; and b. Corrective action documents (e.g., condition reports, including status of corrective actions) generate as a result of the most recent Cyber-Security Quality Assurance (QA) audit and/or self-assessment.
| |
| | |
| IV. Information Requested To Be Provided Throughout the Inspection (1) Copies of any corrective action documents generated as a result of the inspection teams questions or queries during the inspection.
| |
| | |
| (2) Copies of the list of questions submitted by the inspection team members and the status/resolution of the information requested (provided daily during the inspection to each inspection team member).
| |
| | |
| If you have any questions regarding the information requested, please contact the inspection team leader.
| |
| | |
| 5
| |
| }} | | }} |
|
|---|
Category:Letter
MONTHYEARML24318C2732024-11-13013 November 2024
Request for Exemptions from 10 CFR 50.82(a)(8)(i) and (II) for Use of Nuclear Decommissioning Trust Funds for Disposal of Major Radioactive Components During Operations
ML24316A0032024-11-11011 November 2024
Relief Request ANO2-RR-24-001, Half-Nozzle Repair of Reactor Vessel Closure Head Penetration 71 – One Cycle Justification
ML24295A1202024-10-21021 October 2024
Relief Request ANO2-RR-24-001, Half-Nozzle Repair of Reactor Vessel Closure Head Penetration 71
ML24185A2602024-10-0404 October 2024
Issuance of Amendment No. 335 to Revise Typographical Errors in Technical Specifications
IR 05000368/20253012024-09-0909 September 2024
Notification of NRC Initial Operator Licensing Examination 05000368/2025301
ML24255A8642024-09-0606 September 2024
Rscc Wire & Cable LLC Dba Marmon Industrial Energy & Infrastructure - Part 21 Retraction of Final Notification
IR 05000313/20240112024-09-0505 September 2024
Comprehensive Engineering Team Inspection Report 05000313/2024011 and 05000368/2024011
ML24239A3972024-08-23023 August 2024
Rssc Wire & Cable LLC Dba Marmon - Part 21 Final Notification - 57243-EN 57243
IR 05000313/20240052024-08-21021 August 2024
Updated Inspection Plan for Arkansas Nuclear One – Units 1 and 2 (Report 05000313/2024005, 05000368/2024005)
ML24198A0722024-08-21021 August 2024
Correction to Issuance of Amendment No. 333 Revision to Technical Specifications to Adopt TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b
ML24220A2642024-08-20020 August 2024
Entergy Operations, Inc. - Entergy Fleet Project Manager Assignment
ML24185A1522024-08-13013 August 2024
Issuance of Amendment Nos. 334, 235, and 215, Respectively, to Revise TSs to Adopt TSTF-205
IR 05000313/20240022024-08-0606 August 2024
Integrated Inspection Report 05000313/2024002 and 05000368/2024002
ML24208A0962024-07-25025 July 2024
57243-EN 57243 - Rssc Wire & Cable LLC, Dba Marmon - Part 21 Notification
05000313/LER-2024-001, Source Range Nuclear Instrument Failure Resulting in Condition Prohibited by Technical Specifications2024-07-0101 July 2024
Source Range Nuclear Instrument Failure Resulting in Condition Prohibited by Technical Specifications
ML24101A1792024-06-25025 June 2024
Issuance of Amendment No. 333 Revision to Technical Specifications to Adopt TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b
ML24143A0632024-05-22022 May 2024
Notification of Inspection (NRC Inspection Report 05000368/2024003) and Request for Information
ML24128A2472024-05-0808 May 2024
Project Manager Assignment
IR 05000313/20240012024-05-0808 May 2024
Integrated Inspection Report 05000313/2024001 and 05000368/2024001
ML24017A2982024-04-18018 April 2024
Summary of Regulatory Audit Regarding the License Amendment Request to Revise Technical Specifications to Adopt TSTF 505, Revision 2, Provide Risk-Informed Extended Completion Times RITSTF Initiative 4b
ML24107A0282024-04-17017 April 2024
Notification of Comprehensive Engineering Team Inspection (05000313/2024011 and 05000368/2024011) and Request for Information
ML24086A5412024-04-10010 April 2024
Authorization of Request for Alternative ANO1-ISI-037 Regarding Extension of Reactor Vessel Inservice Inspection Interval
IR 05000313/20244022024-04-0808 April 2024
Security Baseline Inspection Report 05000313/2024402 and 05000368/2024402 (Full Report)
IR 05000313/20244042024-04-0808 April 2024
Information Request for the Cybersecurity Baseline Inspection, Notification to Perform Inspection (05000313/2024404 and 05000368/2024404)
ML24089A2262024-03-29029 March 2024
Entergy Response to Regulatory Issue Summary 2024-01, Preparation and Scheduling of Operator Licensing Exams
ML24075A1712024-03-15015 March 2024
Nuclear Onsite Property Damage Insurance (10 CFR 50.54(w)(3))
ML24074A2892024-03-14014 March 2024
Proof of Financial Protection (10 CFR 140.15)
ML24031A6442024-03-14014 March 2024
Issuance of Amendment No. 282 to Modify Technical Specification 3.3.1, Reactor Pressure System (RPS) Instrumentation, Turbine Trip Function on Low Control Oil Pressure
ML24102A1342024-03-12012 March 2024
AN1-2024-03 Post Exam Submittal
IR 05000313/20230062024-02-28028 February 2024
Annual Assessment Letter for Arkansas Nuclear One- Units 1 and 2 Report 05000313/2023006 and 05000368/2023006
IR 05000313/20243012024-02-27027 February 2024
NRC Initial Operator Licensing Examination Approval 05000313/2024301
IR 05000313/20230042024-02-0808 February 2024
Integrated Inspection Report 05000313/2023004 and 05000368/2023004 and Independent Spent Fuel Storage Installation Inspection Report 07200013/2023002
ML24012A0502024-02-0202 February 2024
Exemption from Select Requirements of 10 CFR Part 73 (EPID L-2023-LLE-0054 (Security Notifications, Reports, and Recordkeeping and Suspicious Activity Reporting))
ML23326A0392024-01-24024 January 2024
Issuance of Amendment No. 281 Revision to Technical Specifications to Adopt TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b
ML24017A1582024-01-17017 January 2024
Submittal of Emergency Plan Revision 50
IR 05000313/20234202024-01-10010 January 2024
Security Baseline Inspection Report 05000313/2023420 and 05000368/2023420
IR 05000313/20234022024-01-0202 January 2024
Security Baseline Inspection Report 05000313/2023402 and 05000368/2023402
ML23354A0022023-12-21021 December 2023
Request for Withholding Information from Public Disclosure
ML23349A1672023-12-21021 December 2023
Request for Withholding Information from Public Disclosure
ML23348A3572023-12-14014 December 2023
Application to Revise Technical Specifications to Use Online Monitoring Methodology – Slides and Affidavit for Pre-Submittal Meeting
ML23340A1592023-12-13013 December 2023
Entergy Operations, Inc. - Entergy Fleet Project Manager Assignment
ML23352A0292023-12-13013 December 2023
Entergy - 2024 Nuclear Energy Liability Evidence of Financial Protection
IR 05000313/20234052023-12-12012 December 2023
– Security Baseline Inspection Report 05000313/2023405 and 05000368/2023405
ML23341A0832023-12-11011 December 2023
– Material Control and Accounting Program Inspection Report 05000313/368/2023404- Cover Letter
ML23305A0922023-12-0707 December 2023
– Summary of Regulatory Audit Regarding License Amendment Request to Revise Technical Specifications to Adopt TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times RITSTF Initiative 4b
ML23333A1362023-11-29029 November 2023
Supplement to Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications Implementation
ML23275A2072023-11-28028 November 2023
Issuance of Amendment No. 280 Removal of Technical Specification Condition Allowing Two Reactor Coolant Pump Operation
ML23325A1412023-11-21021 November 2023
Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications Implementation
IR 05000313/20230032023-11-21021 November 2023
Revised - ANO Revised Integrated Inspection Report 05000313/2023003 and 05000368/2023003 and Independent Spent Fuel Storage Installation Inspection Report 07200013/ 2023001
ML23324A0172023-11-16016 November 2023
Submittal of Amendment 31 to Safety Analysis Report
2024-09-09
[Table view] |
Text
June 13, 2023
SUBJECT:
ARKANSAS NUCLEAR ONE - CYBER SECURITY INSPECTION REPORT 05000313/2023401 AND 05000368/2023401
Dear Joseph Sullivan:
On May 11, 2023, the U.S. Nuclear Regulatory Commission (NRC) completed an inspection at Arkansas Nuclear One and discussed the results of this inspection with Doug Pehrson, General Manager (Acting Vice President), and other members of your staff. The results of this inspection are documented in the enclosed report.
Three findings of very low security significance (Green) are documented in this report. The three findings involved violations of NRC requirements. We are treating these violations as non-cited violations (NCVs) consistent with Section 2.3.2 of the Enforcement Policy.
Three licensee-identified violations which were determined to be of very low security significance are documented in this report. We are treating these violations as non-cited violations (NCVs) consistent with Section 2.3.2 of the Enforcement Policy.
If you contest the violations or the significance or severity of the violations documented in this inspection report, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN:
Document Control Desk, Washington, DC 20555-0001; with copies to the Regional Administrator, Region IV; the Director, Office of Enforcement; the Director, Office of Nuclear Security and Incident Response; and the NRC Resident Inspector at Arkansas Nuclear One.
The following cross cutting aspects were assigned to findings using Inspection Manual Chapter 0310 Aspects Within Cross Cutting Areas: one [H.14] - Conservative Bias, one [H.1] -
Resources, and one [H.12] - Avoid Complacency.
If you disagree with a cross-cutting aspect assignment in this report, you should provide a response within 30 days of the date of this inspection report, with the basis for your disagreement, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, DC 20555-0001; with copies to the Regional Administrator, Region IV; the Director, Office of Nuclear Security and Incident Response; and the NRC Resident Inspector at Arkansas Nuclear One.
This letter will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with Title 10 of the Code of Federal Regulations 2.390, Public Inspections, Exemptions, Requests for Withholding.
The enclosed report contains Security-Related Information, so the enclosed report will not be made publicly available in accordance with Title 10 of the Code of Federal Regulations (10 CFR) 2.390(d)(1). If you choose to provide a response that contains Security-Related Information, please mark your entire response Security-Related Information-Withhold from public disclosure under 10 CFR 2.390 in accordance with 10 CFR 2.390(d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1). The NRC is waiving the affidavit requirements for your response in accordance with 10 CFR 2.390(b)(1)(ii).
Sincerely, Signed by Sacko, Fanta on 06/13/23 Fanta Sacko, Chief Engineering Branch 2 Division of Operating Reactor Safety Docket Nos. 05000313 ,05000368 License Nos. DPR-51, NPF-6 Enclosure:
As stated cc w/o encl: Distribution via LISTSERV ML23157A208 (Cover letter w/ enclosure(s))
Non-Public Designation Category: MD 3.4 Non-Public (A.3 - A.7 or B.1)
ADAMS ACCESSION NUMBER: ML23164A271(Cover letter)
Entire Report: Non-Sensitive Publicly Available x SUNSI Review x Sensitive x Non-Publicly Available Cover Letter Only: x Non-Sensitive x Publicly Available x SUNSI Review Sensitive Non-Publicly Available OFFICE SRI:DORS/EB2 RI:DORS/EB2 C:DORS/EB2 NAME S. Graves N. Okonkwo F. Sacko SIGNATURE STG2 NPO1 FXS5 DATE 06/07/23 06/07/23 06/13/23
