L-2009-238, Approval of Cyber Security Plan

From kanterella
Revision as of 00:56, 14 November 2019 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Approval of Cyber Security Plan
ML093350539
Person / Time
Site: Turkey Point  NextEra Energy icon.png
Issue date: 11/19/2009
From: Kiley M
Florida Power & Light Co
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
L-2009-238
Download: ML093350539 (18)
v  d  e


Text

0 SECURITY-RELATED INFORMATION - WITHHOLD UNDER 10 CFR 2.390 10 CFR 50.90 FPL. L-2009-238 POWERING TODAY.

EMPOWERING TOMORROW.@ November 19, 2009 U.S. Nuclear Regulatory Commission Document Control Desk Washington, D.C. 20555-0001 Re: Turkey Point Nuclear Generating Station Docket Nos. 50-250 and 50-251 License Amendment Request No. 203 Approval of the Turkey Point Nuclear Generating Station Cyber Security Plan In accordance with the provisions of 10 CFR 50.4 and 50.90, Florida Power and Light Company (FPL) hereby requests an amendment to the Renewed Facility Operating Licenses (FOL) for Turkey Point Nuclear Generating Station Units 3 and 4. This application requests NRC approval of the Turkey Point Nuclear Generating Station Cyber Security Plan, provides an implementation schedule, and adds a sentence to the existing FOL Physical Protection license condition to require FPL to fully implement and maintain in effect all provisions of the Commission approved Cyber Security Plan.

Enclosure 1 provides an evaluation of the proposed change. Enclosure 1 also contains the following attachments:

  • Attachment 1 provides the existing FOL pages marked up to show the proposed change.

" Attachment 2provides the proposed FOL changes in final typed format.

Enclosure 2 provides a copy of the Turkey Point Nuclear Generating Station Implementation Schedule.

Enclosure 3 provides a copy of the Turkey Point Nuclear Generating Station Cyber Security Plan which is a stand alone document that will be incorporated by reference into the Turkey Point Nuclear Generating Station Physical Security Plan upon approval. FPL requests that Enclosure 3, which contains security related information, be withheld from public disclosure in accordance with 10 CFR 2.390.

In accordance with 10 CFR 50.91, a copy of this application, with attachments, is being provided to the designated official of the State of Florida.

FPL requests an implementation period of 36 months following NRC approval of the license amendment.

Enclosure 3 to this letter contains security related information.

Withhold from public disclosure in accordance with 10 CFR 2.390.

Upon removal of Enclosure 3, this letter is decontrolled. SwI-an FPL Group company

SECURITY-RELATED INFORMATION - WITHHOLD UNDER 10 CFR 2.390 Florida Power and Light Company L-2009-238 Turkey Point Nuclear Generating Station License Amendment Request No. 203 Approval of the Turkey Point Nuclear Generating Station Cyber Security Plan If you should have any questions regarding this application, please contact Robert Tomonto, Licensing Manager, at 305-246-7327.

I declare under penalty of perjury that the foregoing is true and correct.

Very truly yours, Executed on Michael Kiley Vice President - Turkey Point Nuclear Plant

Enclosures:

1) Evaluation of Proposed Change
2) Cyber Security Plan Implementation Schedule
3) Turkey Point Nuclear Generating Station Cyber Security Plan cc: Regional Administrator, Region II, USNRC Senior Resident Inspector, USNRC, Turkey Point USNRC Project Manager for Turkey Point Mr. W. A. Passetti, Florida Department of Health (w/o Enclosure 3)

Enclosure 3 to this letter contains security related information.

Withhold from public disclosure in accordance with 10 CFR 2.390.

Upon removal of Enclosure 3, this letter is decontrolled.

Enclosure 1 Turkey Point Unit 3 Docket No. 50-250 License No. DPR-31 Turkey Point Unit 4 Docket No. 50-251 License No. DPR-41 License Amendment Request No. 203 Evaluation of Proposed Change Request for Approval of the Turkey Point Nuclear Generating Station Cyber Security Plan Contents 1.0 Summary Description 2.0 Detailed Description 3.0 Technical Evaluation 4.0 Regulatory Evaluation 4.1 Applicable Regulatory Requirements/Criteria 4.2 Significant Hazards Consideration 5.0 Environmental Consideration 6.0 References ATTACHMENTS - Marked FOL pages - FOL changes in final typed format.

Florida Power and Light Company L-2009-238 Turkey Point Nuclear Generating Station Enclosure 1 License Amendment Request No. 203 Page 1 of 6 Approval of the Turkey Point Nuclear Generating Station Cyber Security Plan 1.0

SUMMARY

DESCRIPTION The license amendment request (LAR) includes the proposed Turkey Point Nuclear Generating Station Cyber Security Plan (Plan), an Implementation Schedule, and a proposed sentence to be added to the existing Renewed Facility Operating License (FOL) Physical Protection license condition.

2.0 DETAILEDI DESCRIPTION The LAR includes three parts: the proposed Plan, an Implementation Schedule, and a proposed sentence to be added to the existing FOL Physical Protection license condition to require Florida Power and Light Company to fully implement and maintain in effect all provisions of the Commission approved cyber security plan as required by 10 CFR § 73.54. Federal Register

  • notice74 FR 13926 (Reference 1) issued the final rule that amended 10 CFR Part 73. The regulations in 10 CFR § 73.54, "Protection of digital computer and communication systems and networks," establish the requirements for a cyber security program. This regulation specifically requires each licensee currently licensed to operate a nuclear power plant under Part 50 of this chapter to submit a cyber security plan that satisfies the requirements of the Rule. Each submission must include a proposed implementation schedule and implementation of the licensee's cyber security program must be consistent with the approved schedule. The background for this application is addressed by the NRC Notice of Availability published on March 27, 2009, 74 FR 13926 (Reference 1).

3.0 TECHNICAL EVALUATION

Federal Register notice 74 FR 13926 issued the final rule that amended 10 CFR Part 73. Cyber security requirements are codified as new § 73.54 and are designed to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks up to and including the design basis threat established by § 73.1(a)(1)(v). These requirements enhance the requirements imposed by Order EA-02-026 (Reference 2).

This LAR includes the proposed Plan (Enclosure 3) that conforms to the template provided in NEI 08-09 (Reference 3) with clarifications identified below. In addition, the LAR includes the proposed change to the existing FOL license condition for "Physical Protection" (Attachments 1 and 2). Finally, the LAR contains the proposed Implementation Schedule (Enclosure 2) as required by 10 CFR § 73.54.

Emergency Preparedness 10 CFR 73.54 requires protecting digital computer and communication systems and networks associated with emergency preparedness (EP) functions, including offsite communications. The

Florida Power and Light Company L-2009-238 Turkey Point Nuclear Generating Station Enclosure 1 License Amendment Request No. 203 Page 2 of 6 Approval of the Turkey Point Nuclear Generating Station Cyber Security Plan EP functions within the scope of the Plan are those functions which support implementation of the Risk Significant Planning Standards* (RSPSs) as defined in NRC Inspection Manual Chapter 0609, Appendix B. The RSPSs are the subset of EP Planning Standards, defined in 10 CFR 50.47(b), which play the greatest role in protecting public health and safety. In terms of importance, this approach aligns the selected EP functions with other system functions which are "Safety-Related" or "Important-to-Safety".

10 CFR 73.56(b)(ii) requires that any individual whose duties and responsibilities permit the individual to take actions by electronic means, either on site or remotely, that could adversely impact the licensee's emergency preparedness be subject to an access authorization program.

However, some systems, or portions of systems, which perform a RSPS-related EP function may be located in offsite locations not under the control of the licensee and/or not staffed by licensee personnel. Similarly, there may be system components that are normally installed, modified or maintained by non-licensee personnel (e.g., a telecommunications company technician, an employee of a State agency, etc.).

Therefore, the systems and portions of systems to be protected from cyber attack in accordance with 10 CFR 73.54(a)(1)(iii), must:

1) Perform a RSPS-related EP function, and
2) Be within the licensee's complete custody and control.

The RSPSs are 10 CFR 50.47(b)(4), (5), (9), or (10), including the related sections of Appendix E to 10 CFR Part 50. 10 CFR 50.47(b)(10) has two aspects that are of differing risk-significance. Only the portion dealing with the development of protective action recommendations (PARs) is integral to protection of public health and safety and is considered to be an RSPS.

Senior Nuclear Management Senior nuclear management is defined as Vice President Nuclear Plant Support (and successor titles with security responsibility) who is accountable for nuclear plant security. The NEI 08-09 template defines this position as accountable for nuclear plant operations. The position of Vice President Nuclear Plant Support (and successor titles with security responsibility) better reflects the duties and responsibilities of the Turkey Point Nuclear Generating Station Cyber Security Plan.

List of Critical Systems The NEI 08-09 Revision 3 template included a list of critical systems and included this list as Table 1. Table 1 is not included in this plan. These critical systems will be identified and evaluated during cyber security assessment program development.

Florida Power and Light Company L-2009-238 Turkey Point Nuclear Generating Station Enclosure 1 License Amendment Request No. 203 Page 3 of 6 Approval of the Turkey Point Nuclear Generating Station Cyber Security Plan NEI 08-09, Revision 3, Section 2.2.6 Reference Change The reference to 10 CFR 73.54(g) inSection 2.2.6 has been changed to 73.54(b)(2).

4.0 REGULATORY EVALUATION

4.1 Applicable Regulatory Requirements/Criteria This LAR is submitted pursuant to 10 CFR § 73.54 which requires licensees currently licensed to operate a nuclear power plant under 10 CFR Part 50 to submit a Cyber Security Plan as specified in § 50.4 and § 50.90.

4.2 Significant Hazards Consideration FPL has evaluated the proposed changes using the criteria in 10 CFR 50.92 and has determined that the proposed changes do not involve a significant hazards consideration.

An analysis of the issue of no significant hazards consideration is presented below:

Criterion 1: The proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.

The proposed change is required by 10 CFR § 73.54 and includes three parts. The first part is the submission of the Plan for NRC review and approval. The Plan conforms to the template provided in NEI 08-09 (as clarified in Section 3.0 of this evaluation) and provides a description of how the requirements of the Rule will be implemented at Turkey Point Nuclear Generating Station. The Plan establishes the licensing basis for the Turkey Point Nuclear Generating Station Cyber Security Program. The Plan establishes how to achieve high assurance that nuclear power plant digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks up to and including the design basis threat:

1. Safety-related and important-to-safety functions,
2. Security functions,
3. Emergency preparedness functions including offsite communications, and
4. Support systems and equipment which if compromised, would adversely impact safety, security, or emergency preparedness functions.

Part one of the proposed change is designed to achieve high assurance that the systems are protected from cyber attacks. The Plan describes how plant modifications which involve digital computer systems are reviewed to provide high assurance of adequate protection against cyber attacks, up to and including the design basis threat as defined in the Rule. The proposed change does not alter accident analysis assumptions, add any

Florida Power and Light Company L-2009-238 Turkey Point Nuclear Generating Station Enclosure 1 License Amendment Request No. 203 Page 4 of 6 Approval of the Turkey Point Nuclear Generating Station Cyber Security Plan initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The first part of the proposed change is designed to achieve high assurance that the systems within the scope of the Rule are protected from cyber attacks and has no impact on the probability or consequences of an accident previously evaluated.

The second part of the proposed change is an Implementation Schedule. The third part adds a sentence to the existing FOL license condition for Physical Protection. Both of these changes are administrative and have no impact on the probability or consequences of an accident previously evaluated.

Therefore, it is concluded that this change does not involve a significant increase in the probability or consequierfces of an accident previously evaluated.

Criterion 2: The proposed change does not create the possibility of a new or different kind of accident from any accident previously evaluated.

The proposed change is required by 10 CFR § 73.54 and includes three parts. The first part is the submission of the Plan for NRC review and approval. The Plan conforms to the template provided by NEI 08-09 (as clarified in Section 3.0 of this evaluation) and provides a description of how the requirements of the Rule will be implemented at Turkey Point Nuclear Generating Station. The Plan establishes the licensing basis for the Turkey Point Nuclear Generating Station Cyber Security Program. The Plan establishes how to achieve high assurance that nuclear power plant digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks up to and including the design basis threat:

1. Safety-related and important-to-safety functions,
2. Security functions,
3. Emergency preparedness functions including offsite communications and
4. Support systems and equipment which if compromised, would adversely impact safety, security, or emergency preparedness functions.

Part one of the proposed change is designed to achieve high assurance that the systems within the scope of the Rule are protected from cyber attacks. The Plan describes how plant modifications involved digital computer systems are reviewed to provide high assurance of adequate protection against cyber attacks, up to and including the design basis threat defined in the Rule. The proposed change does not alter accident analysis assumptions, add any initiators, or effect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected. The first part of the proposed change is designed to achieve high assurance that the systems within the scope of the Rule are protected from cyber attacks and does not create the possibility of a new or different kind of accident from any previously evaluated.

Florida Power and Light Company L-2009-238 Turkey Point Nuclear Generating Station Enclosure 1 License Amendment Request No. 203 Page 5 of 6 Approval of the Turkey Point Nuclear Generating Station Cyber Security Plan The second part of the proposed change is an Implementation Schedule. The third part adds a sentence to the existing FOL license condition for Physical Protection. Both of these changes are administrative and do not create the possibility of a new or different kind of accident from any previously evaluated.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.

Criterion 3: The proposed change does not involve a significant reduction in a margin of safety.

The proposed change is required by 10 CFR § 73.54 and includes three parts. The first part is the submission of the Plan for NRC review and approval. The Plan conforms to the template provided by NEI 08-09 (as clarified in Section 3.0 of this evaluation) and provides a description of how the requirements of the Rule will be implemented at Turkey Point Nuclear Generating Station. The Plan establishes the licensing basis for the Turkey Point Nuclear Generating Station Cyber Security Program. The Plan establishes how to achieve high assurance that nuclear power plant digital computer and communication systems and networks associated with the following are adequately protected against cyber attacks up to and including the design basis threat:

1. Safety-related and important-to-safety functions,
2. Security functions,
3. Emergency preparedness functions including offsite communications, and
4. Support systems and equipment which if compromised, would adversely impact safety, security, or emergency preparedness functions.

Part one of the proposed change is designed to achieve high assurance that the systems within the scope of the Rule are protected from cyber attacks. Plant safety margins are established through Limiting Conditions for Operation, Limiting Safety System Settings and Safety Limits specified in the Technical Specifications. Because there is no change to these established safety margins, the proposed change does not involve a significant reduction in a margin of safety.

The second part of the proposed change is an Implementation Schedule. The third part adds a sentence to the existing FOL license condition for Physical Protection. Both of these changes are administrative and do not involve a significant. reduction in a margin of safety.

Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Based on the above, FPL concludes that the proposed change presents no significant

Florida Power and Light Company L-2009-238 Turkey Point Nuclear Generating Station Enclosure 1 License Amendment Request No. 203 Page'6 of 6 Approval of the Turkey Point Nuclear Generating Station Cyber Security Plan hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of no significant hazards consideration is justified.

4.3 Conclusion In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

5.0 ENVIRONMENTAL CONSIDERATION

The proposed amendment establishes the licensing basis for a Cyber Security Program for the Turkey Point Nuclear Generating Station and will be a part of the Physical Security Plan. This proposed amendment will not involve any significant construction impacts. Pursuant to 10 CFR 51.22(c)(12) no environmental impact statement or environmental assessment need be prepared in connection with the issuance of the amendment.

6.0 REFERENCES

1. Federal Register Notice, Final Rule 10 CFR Part 73, Power Reactor Security Requirements, published on March 27, 2009, 74 FR 13926.
2. EA-02-026, Order Modifying Licenses, Safeguards and Security Plan Requirements, issued February 25, 2002.
3. NEI 08-09, Cyber Security Plan for Nuclear Power Reactors, Revision 3.

Attachment 1 Turkey Point Unit 3 Docket No. 50-250 License No. DPR-31 Turkey Point Unit 4 Docket No. 50-251 License No. DPR-41 License Amendment Request No. 203 Proposed Facility Operating License Change (Mark-Up) 4 Pages

4 D. Fire Protection FPL shall implement and maintain in effect all provisions of the approved Fire Protection Program as described in the Updated Final Safety Analysis Report (UFSAR) for Turkey Point Units 3 and 4 and as approved in the Safety Evaluation Report (SER) dated March 21, 1979 and supplemented by NRC letters dated April 3, 1980, July 9, 1980, December 8, 1980, January 26, 1981, May 10, 1982, March 27, 1984, April 16, 1984, August 12, 1987, and by Safety Evaluations dated February 25, 1994, February 24, 1998, October8, 1998, December 22, 1998, May 4, 1999, and May 5, 1999, subject to the following provision:

The licensee may make changes to the approved Fire Protection Program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

E. The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provision of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Florida Power and Light

& FPL Energy Seabrook Physical Security Plan, Training and Qualification Plan and Safeguards Contingency Plan - Revision 3 "submitted by letter dated May 18, 2006.

F. 1. The licensee shall restrict the combined number of fuel assemblies loaded in the existing spent fuel pool storage racks and cask pit rack to no more than the capacity of the spent fuel pool storage racks. This condition applies at all times, except during activities associated with a reactor core offload/reload refueling condition. This restriction will ensure the capability to unload and remove the cask pit rack when cask loading operations are necessary.

2. The licensee shall establish two hold points within the rack installation procedure to ensure proper orientation of the cask rack in each unit's spent fuel pool. Verification of proper cask pit rack orientation will be implemented by an authorized Quality Control inspector during installation of the racks to ensure consistency with associated spent fuel pool criticality analysis assumptions.

Renewed License No. DPR-31 AMENDMENT NO. 226 Revised by letter dated May 3, 2007

Insert the following text within the current FOL license condition for Physical Protection and after its existing text:

Turkey Point Nuclear Generating Station shall fully implement and maintain in effect all provisions of the Commission-approved Turkey Point Nuclear Generating Station Cyber Security Plan submitted by letter dated November 19, 2009 and withheld from public disclosure in accordance with 10 CFR § 2.390.

4 D. Fire Protection FPL shall implement and maintain in effect all provisions of the approved Fire Protection Program as described in the Updated Final Safety Analysis Report (UFSAR) for Turkey Point Units 3 and 4 and as approved in the Safety Evaluation Report (SER) dated March 21, 1979 and supplemented by NRC letters dated April 3, 1980, July 9, 1980, December 8, 1980, January 26, 1981, May 10, 1982, March 27, 1984, April 16, 1984, August 12, 1987, and by Safety Evaluations dated February 25, 1994, February 24, 1998, October 8, 1998, December 22, 1998, May 4, 1999, and May 5, 1999, subject to the following provision:

The licensee may make changes to the approved Fire Protection Program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

E. The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provision of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Florida Power and Light

& FPL Energy Seabrook Physical Security Plan, Training and Qualification Plan and Safeguards Contingency Plan Revision 3, "submitted by letter dated May 18, 2006 F. 1. The licensee shall restrict the combined number of fuel assemblies loaded in the existing spent fuel pool storage racks and cask pit rack to no more than the capacity of the spent fuel pool storage racks. This condition applies at all times, except during activities associated with a reactor core offload/reload refueling condition. This restriction will ensure the capability to unload and remove the cask pit rack when cask loading operations are necessary.

2. The licensee shall establish two hold points within the rack installation procedure to ensure proper orientation of the cask rack in each unit's spent fuel pool. Verification of proper cask pit rack orientation will be implemented by an authorized Quality Control inspector during installation of the racks to ensure consistency with associated spent fuel pool criticality analysis assumptions.

Renewed License No. DPR-41 AMENDMENT NO. 222 Revised by letter dated May 3, 2007

Insert the following text within the current FOL license condition for Physical Protection and after its existing text:

Turkey Point Nuclear Generating Station shall fully implement and maintain in effect all provisions of the Commission-approved Turkey Point Nuclear Generating Station Cyber Security Plan submitted by letter dated November 19, 2009 and withheld from public disclosure in accordance with 10 CFR § 2.390.

Attachment 2 Turkey Point Unit 3 Docket No. 50-250 License No. DPR-31 Turkey Point Unit 4 Docket No. 50-251 License No. DPR-41 License Amendment Request No. 203 Proposed Facility Operating License Change (Re-Typed) 2 Pages

4 D. Fire Protection FPL shall implement and maintain in effect all provisions of the approved Fire Protection Program as described in the Updated Final Safety Analysis Report (UFSAR) for Turkey Point Units 3 and 4 and as approved in the Safety Evaluation Report (SER) dated March 21, 1979 and supplemented by NRC letters dated April 3, 1980, July 9, 1980, December 8, 1980, January 26, 1981, May 10, 1982, March 27, 1984, April 16, 1984, August 12, 1987, and by Safety Evaluations dated February 25, 1994, February 24, 1998, October 8, 1998, December 22, 1998, May 4, 1999, and May 5, 1999, subject to the following provision:

The licensee may make changes to the approved Fire Protection Program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

E. The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provision of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Florida Power and Light

& FPL Energy Seabrook Physical Security Plan, Training and Qualification Plan and Safeguards Contingency Plan - Revision 3 "submitted by letter dated May 18, 2006.

Turkey Point Nuclear Generating Station shall fully implement and maintain in effect all provisions of the Commission-approved Turkey Point Nuclear Generating Station Cyber Security Plan submitted by letter dated November 19, 2009 and withheld from public disclosure in accordance with 10CFR § 2.390.

F. 1. The licensee shall restrict the combined number of fuel assemblies loaded in the existing spent fuel pool storage racks and cask pit rack to no more than the capacity of the spent fuel pool storage racks. This condition applies at all times, except during activities associated with a reactor core offload/reload refueling condition. This restriction will ensure the capability to unload and remove the cask pit rack when cask loading operations are necessary.

2. The licensee shall establish two hold points within the rack installation procedure to ensure proper orientation of the cask rack in each unit's spent fuel pool. Verification of proper cask pit rack orientation will be implemented by an authorized Quality Control inspector during installation of the racks to ensure consistency with associated spent fuel pool criticality analysis assumptions.

Renewed License No. DPR-31 AMENDMENT NO.

Revised by letter dated

4 D. Fire Protection FPL shall implement and maintain in effect all provisions of the approved Fire Protection Program as described in the Updated Final Safety Analysis Report (UFSAR) for Turkey.Point Units 3 and 4 and as approved in the Safety Evaluation Report (SER) dated March 21, 1979 and supplemented by NRC letters dated April 3, 1980, July 9, 1980, December 8, 1980, January 26, 1981, May 10, 1982, March 27, 1984, April 16, 1984, August 12, 1987, and by Safety Evaluations dated February 25, 1994, February 24, 1998, October 8, 1998, December 22, 1998, May 4, 1999, and May 5, 1999, subject to the following provision:

The licensee may make changes to the approved Fire Protection Program without prior approval of the Commission only ifthose changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

E. The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made pursuant to provision of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contains Safeguards Information protected under 10 CFR 73.21, is entitled: "Florida Power and Light &

FPL Energy Seabrook Physical Security Plan, Training and Qualification Plan and Safeguards Contingency Plan Revision 3, "submitted by letter dated May 18, 2006 Turkey Point Nuclear Generating Station shall fully implement and maintain in effect all provisions of the Commission-approved Turkey Point Nuclear Generating Station Cyber Security Plan submitted by letter dated November 19, 2009 and withheld from public disclosure in accordance with 10CFR § 2.390.

F. 1. The licensee shall restrict the combined number of fuel assemblies loaded in the existing spent fuel pool storage racks and cask pit rack to no more than the capacity of the spent fuel pool storage racks. This condition applies at all times, except during activities associated with a reactor core offload/reload refueling condition. This restriction will ensure the capability to unload and remove the cask pit rack when cask loading operations are necessary.

2. The licensee shall establish two hold points within the rack installation procedure to ensure proper orientation of the cask rack in each unit's spent fuel pool. Verification of proper cask pit rack orientation will be implemented by an authorized Quality Control inspector during installation of the racks to ensure consistency with associated spent fuel pool criticality analysis assumptions.

Renewed License No. DPR-41 AMENDMENT NO.

Revised by letter dated

Enclosure 2 Turkey Point Unit 3 Docket No. 50-250 License No. DPR-31 Turkey Point Unit 4 Docket No. 50-251 License No. DPR-41 License Amendment Request No. 203 Turkey Point Nuclear Generating Station Cyber Security Plan Implementation Schedule Commitment* Completion Date Team.3 months after NRC approval of

1. Establish a Cyber Security Project Team. serity Pan Cyber Security Plan
2. Establish and maintain cyber security policies. 6mnh fe R prvlo 3 1 months Cyber after NRC Security Plan approval o
3. Identify Critical Digital Assets (CDAs) within scope of 10 10 months after NRC approval CFR 73.54(a). of Cyber Security Plan
4. Review and Validate CDA connections. 12 months after NRC approval of Cyber Security Plan
5. Complete baseline assessments (Operational Security 24 months after NRC approval Control, Management Security Controls, and Technical of Cyber Security Plan Security Controls) and schedule mitigation actions.

24 months after NRC approval

6. Implement Cyber

_________________________________________of on Security program, procedures, training. after NrC Cyber Security ap Plan

7. Implement defensive architecture. 36 monthsSecurity of Cyber after NRC Planapproval
8. Perform vulnerability and effectiveness analysis, and 36 months after NRC approval document gaps in condition reporting program. of Cyber Security Plan
  • Any commitment changes will be managed in accordance with NEI 99-04, "Guidelines for Managing NRC Commitment Changes."
Retrieved from "https://kanterella.com/w/index.php?title=L-2009-238,_Approval_of_Cyber_Security_Plan&oldid=2139240"