Letter Sequence Draft RAI |
---|
|
|
MONTHYEARNLS2010059, Withdrawal and Resubmission of License Amendment Request for Approval of the Cyber Security Plan2010-07-20020 July 2010 Withdrawal and Resubmission of License Amendment Request for Approval of the Cyber Security Plan Project stage: Request ML1022203232010-08-10010 August 2010 Acceptance Review for License Amendment Request (TAC No. ME4270), Cooper Nuclear Station Project stage: Acceptance Review ML1105507952011-02-24024 February 2011 Draft Generic Request for Additional Information, License Amendment Request to Revise License Condition and Approve Cyber Security Plan Based on NEI 08-09, Revision 3 Project stage: Draft RAI ML1105507902011-02-24024 February 2011 Email, Draft Generic Request for Additional Information, License Amendment Request to Revise License Condition and Approve Cyber Security Plan Based on NEI 08-09, Revision 3 Project stage: Draft RAI ML1106105162011-03-0303 March 2011 Generic Request for Additional Information, License Amendment Request to Revise License Condition and Approve Cyber Security Plan Based on NEI 08-09, Revision 3 Project stage: RAI NLS2011028, Response to Request for Additional Information Regarding Revision to Renewed Facility Operating License and Request for Review and Approval of the Cyber Security Plan2011-03-30030 March 2011 Response to Request for Additional Information Regarding Revision to Renewed Facility Operating License and Request for Review and Approval of the Cyber Security Plan Project stage: Response to RAI ML1118010812011-07-27027 July 2011 License Amendment, Issuance of Amendment No. 238, Revise License Condition and Approve Cyber Security Plan and Associated Implementation Schedule Project stage: Approval ML1129302452011-11-28028 November 2011 Correction to Safety Evaluation of Amendment No. 238, Revise License Condition and Approve Cyber Security Plan and Associated Implementation Schedule Project stage: Approval 2011-02-24
[Table View] |
|
---|
Category:Request for Additional Information (RAI)
MONTHYEARML24010A1172024-01-10010 January 2024 NRR E-mail Capture - Cooper Nuclear Station - LAR Dfo Tank Inspection RAI Issuance ML24010A0902024-01-0404 January 2024 RAI - 10120-R1 - Final Dfo Tank Inspections LAR ML23352A2472023-12-18018 December 2023 NRR E-mail Capture - Cooper Nuclear Station - Relief Request RC3-02 Drywell Head Inspection RAI Issuance ML23257A2192023-09-14014 September 2023 NRR E-mail Capture - Cooper - Final RAI LAR to Adopt TSTF-551, Revision 3 ML22276A1562022-10-0505 October 2022 Notification of Commercial Grade Dedication Inspection 05000298/2023011 and Request for Information ML22208A0642022-07-26026 July 2022 Notification of Inspection and Request for Information for NRC Inspection Report 05000298/2022004 ML22179A3152022-06-28028 June 2022 Notification of Post-Approval Site Inspection for License Renewal (Phase 4) (NRC Inspection Report 05000298/2022011) and Request for Information ML22010A2632022-01-10010 January 2022 NRR E-mail Capture - Cooper - Final RAI Relief Request RR5-01 Revision 1 ML21321A3742021-11-10010 November 2021 NRR E-mail Capture - Cooper - Final RAI Alternative Request RI5-02 Revision 3 ML21258A2632021-09-15015 September 2021 NRR E-mail Capture - Cooper - Final RAI Alternative Request RS-01 ML21109A2222021-04-15015 April 2021 Email with RFI Document for CNS PIR 2021012 ML21026A3112021-01-27027 January 2021 Notification of NRC Design Bases Assurance Inspection (Team) (NRC Inspection Report 05000298/2021010) and Initial Request for Information ML20315A3922020-11-10010 November 2020 Email 11-10-2020 - Cooper EP Prog Insp RFI ML20203M3692020-07-21021 July 2020 NRR E-mail Capture - Cooper - Final RAI License Amendment Request for Approval of EAL Scheme Change (EPID L-LLA-2020-0028) ML18306A5582018-10-30030 October 2018 Notification of Cyber Security Inspection(Nrc Inspection Report 05000298/2019410) and Request for Information ML18060A0272018-02-28028 February 2018 Enclosurequest for Additional Information (Letter to J. Shaw Request for Additional Information Regarding Nebraska Public Power District'S Decommissioning Funding Plan Update for Cooper Nuclear Station ISFSI) ML18037B0002018-02-0606 February 2018 NRR E-mail Capture - Cooper Nuclear Station - Final RAI Relief Requests RR-02 and RR-03 (EPIDs L-2017-LRR-065 and -066) ML18025C0042018-01-25025 January 2018 Notification of NRC Design Bases Assurance Inspection (Teams) (05000298/2018011) and Initial Request for Information ML18024A3752018-01-24024 January 2018 NRR E-mail Capture - Cooper Nuclear Station - Final RAI LAR to Adopt TSTF-542 (CAC MG0138; EPID L-2017-LLA-0290) IR 05000298/20170032017-11-13013 November 2017 NRC Integrated Inspection Report 05000298/2017003 and Independent Spent Fuel Storage Installation Inspection Report 07200066/2017001 ML17177A2432017-06-26026 June 2017 Notification of NRC Design Bases Assurance Inspection (Programs) (05000298/2017007) and Initial Request for Information ML17024A3292016-12-15015 December 2016 NRR E-mail Capture - Rec 2.1 Seismic: Cooper'S SFP Evaluation ML16335A0152016-11-29029 November 2016 NRR E-mail Capture - Cooper Nuclear Station - Formal Request for Additional Information Concerning License Amendment Request to Adopt TSTF-425 Revision 3 ML16112A2732016-04-21021 April 2016 Notification of NRC Triennial Fire Protection Baseline Inspection (05000298/2016008) and Request for Information ML15107A2542015-05-0404 May 2015 Request for Additional Information Associated with Near-Term Task Force Recommendation 2.1, Seismic Hazard and Screening Report ML15051A4872015-02-20020 February 2015 Notification of NRC Component Design Bases Inspection 05000298/2015007 and Initial Request for Information ML13323A1052013-12-0404 December 2013 Interim Staff Evaluation and Request for Additional Information, Overall Integrated Plan in Response to 3/12/12 Commission Order Modifying Licenses with Regard to Reliable Spent Fuel Pool Instrumentation (Order EA-12-051) ML13304B4182013-11-0101 November 2013 Request for Additional Information Associated with Near-Term Task Force Recommendation 2.3, Seismic Walkdowns ML13256A0822013-09-12012 September 2013 Request for Additional Information Email, Overall Integrated Plan in Response to 3/12/12 Commission Order Modifying Licenses with Regard to Reliable Spent Fuel Pool Instrumentation (Order EA-12-051) ML13246A3482013-08-29029 August 2013 Draft Request for Additional Information Email, Overall Integrated Plan in Response to 3/12/12 Commission Order Modifying Licenses with Regard to Reliable Spent Fuel Pool Instrumentation (Order EA-12-051) NLS2013082, Letter Requesting Information from the United States Army Corps of Engineers to Provide Response to March 12, 2012 Letter Regarding Enclosure 2, Recommendation 2.1, Flooding2013-08-22022 August 2013 Letter Requesting Information from the United States Army Corps of Engineers to Provide Response to March 12, 2012 Letter Regarding Enclosure 2, Recommendation 2.1, Flooding ML13155A0112013-06-0303 June 2013 Request for Additional Information Email, 2013 Decommissioning Funding Status Report ML13144A5202013-05-24024 May 2013 Request for Additional Information Email, Decommissioning Funding Status Report ML13133A0802013-05-24024 May 2013 (Redacted) - Request for Additional Information, Review of License Renewal Commitment NLS2009100-1 - Core Rim Plate Bolts ML13095A1602013-04-0404 April 2013 Email, Draft Request for Additional Information - Review of License Renewal Commitment NLS2009100-1 - Core Rim Plate Bolts ML13059A3452013-03-0808 March 2013 Request for Additional Information, License Amendment Request to Revise the Updated Safety Analysis Report to Reflect Changes to Fuel Handling Accident Dose Calculation ML13053A3422013-02-22022 February 2013 E-mail, Draft Request for Additional Information, License Amendment Request to Revise the Updated Safety Analysis Report to Reflect Changes to Fuel Handling Accident Dose Calculation ML12338A2642012-12-0303 December 2012 Email, Round 3, Request for Additional Information, License Amendment Request to Revise Technical Specification 3.4.9, RCS Pressure and Temperature (P/T) Limits, to Revise Limit Curves and SRs ML12312A2812012-11-14014 November 2012 Request for Additional Information, License Amendment Request to Adopt National Fire Protection Agency (NFPA) 805, Performance-Based Standard for Fire Protection for LWR Electric Generating Plants ML12283A4002012-10-0909 October 2012 Email, Draft Request for Additional Information, License Amendment Request to Adopt National Fire Protection Agency (NFPA)-805 Performance-Based Standard for Fire Protection for LWR Electric Generating Plants ML12251A0582012-09-0606 September 2012 Request for Additional Information, License Amendment Request, Round 2, Revise Technical Specifications to Implement a 24-Month Fuel Cycle and Adopt TSTF-493, Revision 4, Option a ML12235A2522012-09-0505 September 2012 Request for Additional Information License Amendment Request to Revise Technical Specifications - Safety Limit Minimum Critical Power Ratio ML12205A2162012-08-10010 August 2012 Request for Additional Information, Round 2, License Amendment Request to Revise Technical Specification 3.4.9, RCS Pressure and Temperature (P/T) Limits, to Revise Limit Curves and Surveillance Requirements ML1217400512012-06-21021 June 2012 List of Questions for Supplement to Complete Acceptance Review, License Amendment Request to Adopt NFPA-805 Performance-Based Standard for Fire Protection for LWR Electric Generating Plants ML12157A5412012-06-11011 June 2012 Second Request for Additional Information Request for Relief for the Fourth 10-Year Pump and Value Inservice Testing Program ML12159A2992012-06-11011 June 2012 Request for Additional Information, Relief Request RI-07 from ASME Code Requirements for Residual Heat Removal Shell Circumferential and Nozzle to Head Welds, Fourth 4th 10-Year Inservice Inspection Interval ML12153A0642012-05-31031 May 2012 Notification of Inspection (NRC Inspection Report 05000298/2012005) and Request for Information ML1213905092012-05-18018 May 2012 Email, Draft Request for Additional Information, Second Round, Relief Request Nos. RV-07 and RV-01, Revision 1, Fourth 10-Year Inservice Testing Program Interval ML1213905112012-05-18018 May 2012 Draft Request for Additional Information, Second Round, Relief Request Nos. RV-07 and RV-01, Revision 1, Fourth 10-Year Inservice Testing Program Interval ML1213205752012-05-11011 May 2012 Request for Additional Information, Relief Request RI-07 from ASME Code Requirements for Residual Heat Removal Shell Circumferential and Nozzle to Head Welds, Fourth 4th 10-Year Inservice Inspection Interval 2024-01-04
[Table view] |
Text
Generic Request for Additional Information (RAI)
RAI 1: Records Retention Title 10 of the Code of Federal Regulations (10 CFR) Paragraph 73.54(c)(2) requires licensees to design a cyber security program to ensure the capability to detect, respond to, and recover from cyber attacks. Furthermore, 10 CFR 73.54(e)(2)(i) requires licensees to maintain a cyber security plan that describes how the licensee will maintain the capability for timely detection and response to cyber attacks. The ability for a licensee to detect and respond to cyber attacks requires accurate and complete records and is further supported by 10 CFR 73.54(h), which states that the licensee shall retain all records and supporting technical documentation required to satisfy the requirements of 10 CFR Section 73.54 as a record until the Commission terminates the license for which the records were developed, and shall maintain superseded portions of these records for at least 3 years after the record is superseded, unless otherwise specified by the Commission.
The licensees Cyber Security Plan (CSP) in Section [4.13] states that Critical Digital Asset (CDA) audit records and audit data (e.g., operating system logs, network device logs) are retained for a period of time that is less than what is required by 10 CFR 73.54(h).
Explain the deviation from the 10 CFR 73.54(h) requirement to retain records and supporting technical documentation until the Commission terminates the license (or to maintain superseded portions of these records for at least 3 years) and how that meets the requirements of 10 CFR 73.54.
RAI 2: Implementation Schedule The regulation at 10 CFR 73.54, Protection of digital computer and communication systems and networks, requires licensees to submit a CSP that satisfies the requirements of this section for Commission review and approval. Furthermore, each submittal must include a proposed implementation schedule and the implementation of the licensees cyber security program must be consistent with the approved schedule. Paragraph 73.54(a) of 10 CFR requires licensees to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks, up to and including the design basis threat.
The completion of several key intermediate milestones (Items (a) through (g) below) would demonstrate progress toward meeting the requirements of 10 CFR 73.54. The Nuclear Regulatory Commission (NRC) staffs expectation is that the key intermediate milestones will be completed in a timely manner, but no later than December 31, 2012. The key CSP implementation milestones are as follows:
(a) Establish, train and qualify Cyber Security Assessment Team, as described in Section 3.1.2, Cyber Security Assessment Team, of the CSP.
(b) Identify Critical Systems and CDAs, as described in Section 3.1.3, Identification of Critical Digital Assets, of the CSP.
Enclosure
(c) Implement cyber security defense-in-depth architecture by installation of
[deterministic one-way] devices, as described in Section 4.3, Defense-In-Depth Protective Strategies of the CSP.
(d) Implement the management, operational and technical cyber security controls that address attacks promulgated by use of portable media, portable devices, and portable equipment as described in Appendix D Section 1.19 Access Control for Portable and Mobile Devices, of Nuclear Energy Institute (NEI) 08-09, Revision 6.
(e) Implement observation and identification of obvious cyber related tampering to existing insider mitigation rounds as described in Appendix E Section 4.3, Personnel Performing Maintenance and Testing Activities, and Appendix E Section 10.3, Baseline Configuration of NEI 08-09, Revision 6.
(f) Identify, document, and implement cyber security controls to physical security target set CDAs in accordance with Section 3.1.6, Mitigation of Vulnerabilities and Application of Cyber Security Controls, of the CSP.
(g) Ongoing monitoring and assessment activities will commence for those target set CDAs whose security controls have been implemented, as described in Section 4.4, Ongoing Monitoring and Assessment, of the CSP (h) Full implementation of the CSP for all safety, security, and emergency preparedness functions.
Provide a revised CSP implementation schedule that identifies the appropriate milestones, completion dates, supporting rationale, and level of detail to allow the NRC to evaluate the licensees proposed schedule and associated milestone dates which include the final completion date. It is the NRCs intention to develop a license condition incorporating your revised CSP implementation schedule containing the key milestone dates.
RAI 3: Scope of Systems Paragraph 73.54(a) of 10 CFR requires licensees to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks, up to and including the design basis threat as described in 10 CFR 73.1. In addition, 10 CFR 73.54(a)(1) states that the licensee shall protect digital computer and communication systems and networks associated with:
(i) Safety-related and important-to-safety functions; (ii) Security functions; (iii) Emergency preparedness functions, including offsite communications; and (iv) Support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness functions.
Subsequent to the issuance of the cyber security rule, the NRC stated that 10 CFR 73.54 should be interpreted to include structures, systems, and components (SSCs) in the balance of plant (BOP) that have a nexus to radiological health and safety (Agencywide Documents Access and Management System (ADAMS) Accession No. ML103490344, dated November 19, 2010). The SSCs in the BOP are those that could directly or indirectly affect reactivity of a nuclear power plant and could result in an unplanned reactor shutdown or transient and are therefore, within the scope of important-to-safety functions described in 10 CFR 73.54(a)(1). Furthermore, the NRC issued a letter to NEI dated January 5, 2011 (ADAMS Accession No. ML103550480) that provided licensees with additional guidance on one acceptable approach to comply with the Commissions policy determination.
Explain how the scoping of systems provided by [site/licensee]s CSP meets the requirements of 10 CFR 73.54 and the additional guidance provided by the NRC.