ML22280A116

From kanterella
Revision as of 10:10, 20 October 2022 by StriderTol (talk | contribs) (StriderTol Bot insert)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
2022 Cybersecurity Inspections Lessons Learned - Open
ML22280A116
Person / Time
Issue date: 10/13/2022
From: Tammie Rivera
NRC/NSIR/DPCP/CSB
To:
Rivera T
References
Download: ML22280A116 (8)
v  d  e


Text

2022 Cybersecurity Inspections Lessons Learned Public Meeting (Open Session)

October 13, 2022 1:00 - 3:00 P.M.

Tammie Rivera, Cyber Security Specialist Cyber Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response

Topics

  • Background
  • Discuss lessons learned and best practices
  • Comments and feedback 2

Key Messages

  • Staff identified lessons learned and trends from the 2022 cybersecurity inspections.
  • Focused on the inspection activities from February through September 2022.
  • Identified lessons learned and best practices to assist in developing action plans to ensure efficiency and effectiveness for future inspections.

3

Background

1. To provide assurance that digital equipment associated with safety, security, or emergency preparedness (SSEP) functions are adequately protected against cyber-attacks in accordance with (10 CFR) 73.54 and the licensee's approved cyber security plan (CSP).
2. To verify that CSP changes and reports are in accordance with 10 CFR 50.54(p).

4

Background Continued

  • ROP baseline cyber inspections 2022

- IP 71130.10 revised to reflect baseline inspection objectives

- Biennial baseline inspections started Feb 2022

- Evaluate changes to the program, critical systems, and CDAs 5

Lessons Learned - Inspection Process

  • Request for information (RFI) process
  • During inspection prep week, questions forwarded to licensee support team prior to the inspection
  • Length of the inspection causes tight inspection schedule

- Issues often dispositioned after inspection week

- Conducting virtual entrance and exit meetings 6

Positive Observations

  • Sites with complete, accurate, and well-documented CDA assessments often prevent downstream cyber questions and demonstrate program health
  • Knowledgeable and competent staff as POCs critical to successful and efficient inspection
  • Timely documentation and resolution of issues 7

Meeting Feedback & POCs To submit feedback and comments please:

  • Navigate to this meeting on the NRC Public Meeting Schedule
Retrieved from "https://kanterella.com/w/index.php?title=ML22280A116&oldid=3516364"