Request for Approval of Cyber Security Plan

ML093290109
Person / Time
Site:	Calvert Cliffs, Nine Mile Point, Ginna
Issue date:	11/23/2009
From:	Korsnick M Constellation Energy Nuclear Group
To:	Document Control Desk, Office of Nuclear Reactor Regulation
References
Download: ML093290109 (18)
v • d • e

Text

CONTAINS SECURITY-RELATED INFORMATION Mary G. Korsnick Constellation Energy Nuclear Group, LLC Senior Vice President Operations and 100 Constellation Way Chief Operations Officer Suite 200C Baltimore, MD 21202 10 CFR 50.90 10 CFR 73.54 November 23, 2009 U.S. Nuclear Regulatory Commission Washington, DC 20555-0001 ATTENTION:

Document Control Desk

SUBJECT:

Calvert Cliffs Nuclear Power Plant Unit Nos. 1 & 2; Docket Nos. 50-317 & 50-318 Nine Mile Point Nuclear Station Unit Nos. I & 2; Docket Nos. 50-220 & 50-4 10 R. E. Ginna Nuclear Power Plant Docket No. 50-244 Request for Approval of the Constellation Encray Nuclear Group Cyber Security Plan In accordance with the provisions of 10 CFR 50.4 and 50.90, Constellation Energy Nuclear Group, LLC is submitting a request for an amendment to the Renewed Facility Operating Licenses for Calvert Cliffs Nuclear Power Plant, Units I and 2, Nine Mile Point Nuclear Station, Units I and 2, and R. E. Ginna Nuclear Power Plant.

As required by 10 CFR 73.54, this proposed amendment requests Nuclear Regulatory Commission approval of the Constellation Energy Nuclear Group Cyber Security Plan and requests approval of the addition of a sentence to the existing physical protection license condition to require these licensees to fully implement and maintain in effect all provisions of the approved Cyber Security Plan.

As required, an implementation schedule, consistent with the Nuclear Regulatory Commission-approved schedule, is also provided.

This proposed amendment conforms to the model application provided in Nuclear Energy Institute 08-09, Revision 3.

Attachment (1) provides an evaluation of the proposed change.

Attachment (2) provides a copy of the proposed Cyber Security Plan, which is a stand-alone document that will be incorporated by reference into the physical security plan for each licensee upon approval. We request that Attachment (2), which contains security-related information, be withheld from public disclosure in accordance with 10 CFR 2.390(d)(1).

Attachments (3) through (5) provide the markups for the licenses for the three licensees.

Document Control Desk November 23, 2009 Page 2 Attachment (6) provides the required implementation schedule, which is composed of three Regulatory Commitments.

We request approval of the Cyber Security Plan, the proposed implementation schedule and the changes to the licenses by June 1, 2010 and an implementation period for the license changes of 60 days from date of issuance.

If there are any questions regarding this transmittal, please contact Bruce Montgomery at 41 0-470-3777 or Bruce.S.Montgomery@cengllc.com.

Sincerely, MaryG. Kosnick STATE OF MARYLAND TO WIT:

CITY OF BALTIMORE I, Mary G. Korsnick, state that I am the Senior Vice President Operations and Chief Operations Officer for Constellation Energy Nuclear Group, LLC, for Calvert Cliffs Nuclear Power Plant, LLC, Nine Mile Point Nuclear Station, LLC, and R. E. Ginna Nuclear Power Plant, LLC, and that I am duly authorized to execute and file this submittal on behalf of these companies. To the best of my knowledge and belief, the statements contained in this document with respect to these companies are true and correct. To the extent that these statements are not based on my personal knowledge, they are based upon information provided by employees and/or consultants of the companies. Such information has been reviewed in accordance with company practice, and I believe it to be reliable.

/

S~pbscribed and sworpj before me a Notary Public in and for the State of Maryland and County of

, this I day of WcAl, efA

'2009.

WITNESS my Hand and Notarial Seal:

-Nc ry Public y42rJý-

Date HBB/EMT/bjd

Document Control Desk November: 23, 2009 Page 3 Attachments:

(i)

(2)

(3)

(4)

(5)

(6)

Evaluation of the Proposed Change Proposed Cyber Security Plan (Security-Related Information)

Calvert Cliffs Nuclear Power Plant Units I & 2 License.Markups R.E. Ginna Nuclear Power Plant License Markup Nine Mile Point Nuclear Station Units 1 & 2 License Markups Cyber Security Plan Implementation Schedule cc:

D. V. Pickett, NRC R. V. Guzman, NRC S. J. Collins, NRC Without Attachment (2)

Resident Inspector, NRC (Calvert Cliffs)

Resident Inspector, NRC (Ginna)

Resident Inspector, NRC (Nine Mile Point)

M. F. Weber, NMSS S. Gray, Maryland DNR A. L. Peterson, NYSERDA P. D. Eddy, New York State Department of Public Service

ATTACHMENT (1)

EVALUATION OF THE PROPOSED CHANGE TABLE OF CONTENTS 1.0

SUMMARY

DESCRIPTION 2.0, DETAILED DESCRIPTION

3.0 TECHNICAL ANALYSIS

4.0 REGULATORY EVALUATION

4.1 APPLICABLE REGULATORY REQUIREMENTS/CRITERIA 4.2 NO SIGNIFICANT HAZARDS DETERMINATION

4.3 CONCLUSION

5.0 ENVIRONMENTAL CONSIDERATION

6.0 REFERENCES

Constellation Energ Nuclear Group, LLC' November,23, 2009

ATTACHMENT (1)

EVALUATION OF THE PROPOSED CHANGE 1.0

SUMMARY

DESCRIPTION The license amendment trequest. (LAR) includes the proposed Cyber Security Plan for Calvert Cliffs Nuclear Power Plant (CCNPP), Nine Mile. Point Nuclear Station (NMPNS), and R.E. Ginna.Nuclear.

Power Plant(Ginna), an implementation schedule for each station, and a proposed.sentenceto be added to each existing physical protection license condition, 2.0 DETAILED DESCRIPTION The LAR includes two parts: the proposed Cyber Security Plan.and a proposed sentence to be added toý the existing physical protection license condition to require CCNPP, NMPNS, and Ginna to fully implement and maintain in effect all provisions of the Cornmission-approved::Cyber security plan as required by 1.0 CFR 73.54.

An implementation schedule is also included as Attachment (6). The regulations in 10 CFR 73.54, "Protection of Digital Computer and Communication 'Systems and Networks," establish the requirements for a'cyber security program. Thisý,regulation:specifically: requires each licensee currently licensed to operate a nuclear power plant under Part:50 offTitle 10 to'submit.a cyber security plan that satisfies the requirements of the Rule. Each. submittal must iniclude a proposed implementation schedule, which must be consistent withzthe approved. schedule The*background for this application is addressed by the Nuclear Regulatory Commission (NRC) Notice of Availability, 74 FR 13926, published on March27, 2009 (Reference 1).

3.0 TECHNICAL ANALYSIS

Federal Register Notice 74 FR 13926 issued the final Rule that amended.10 CFR Part 73. Cybersecurity requirements are codified as..10 CFR 73.54 and are designed to prdvide high assurance that digital computer and communication systems and networks are ade*quately prdtectedagainst cyber attacks up to and including the design basis threat established by 10 CFR 73.1(a)(l)(v).

These requirements are substantial improvements upon the requirements imposed by EA;-02-026 (Reference 2).

This LAR includes the proposed plan. (Attachment,2) that conforms to the template provided in Nuclear Energy Institute (NET) 08-09, Revision 3. In addition,, the LAR includes the proposed change to the cxisting. license.condition for, physical protection for Calvert Cliffs Nuclear Power Plant, Units 1 and 2, R.E. Ginna Nuclear Power Plant, and Nine.Mile P6int Nuclear Station, Units 1 and 2. (Attachments.3, 4, and 5, respectively).

Finally, this LAR contains the proposed ;ýimplementation schedule for the cyber security program (Attachment 6).

4.0 REGULATORY EVALUATION

4.1 APPLICABLE REGULATORY REQUIREMENTS/CRITERIA

'This LAR is submitted pursuant to'10 CFR 73.54 which requires licensees currently: licensed to operate a nuclear power plant.,under 10 CFR Part 50 to submit a Cyber Security. Plan, an implementation plananda change to the license basis as specified.in 10: CFR 5014 aind 10 CFR 50.90.

4.2 NO SIGNIFICANT HAZARDS'DETERMINATION:

Constellation Energy Nuclear Group, LLC on behalf of CCNPP, NMPNS, and Ginna, is submitting the' attached Cyber Security Plan, an implementation plan and a change to :the license basis for Nuclear Regulatory Commission review and.approval. The licensees, ha*ve evaluated: whether or not, a. significant hazards consideration is. involved with the proposed amendment by assessing the change using the three criteria of 10 CFR 50.92 as discussed below:

ATTACHMENT (I)

EVALUATION OF THE PROPOSED CHANGE Criterion 1: The proposed change does notinvolve a significant increase, in the probability or. consequences of an accident previously evaluated.

The proposed change is required by 10 CFR 73.514. One part is the submittal of the Cyber Security Plan for NRC review and approval. 1The plan: conforms to the template provided: in NEI 08-09, Revision 3 and provides a description of how the-requiremenftS§ of the Rule will be ýimplemented at Calvert Cliffs Nuclear Power Plant, Units 1 and 2, Nine Mile Point Nuclear Station, Units. I and 2 and R 'E. Ginna Nuclear Power Plant. The plan establishes the licensing basis for theicyber security program for the three stations and establishes how to achieve high assurance that; nuclear power plant digital computer and commuiication systems and networks associated with the following are adequately protected against cyber attacks up to and including.the design basis threat:

1. Safety-relatedand important-to-safety functions,

2.

Security functions,

3.

Emergency preparedness functions including offsite communications,

4.

Support systems and equipment which if compromised, would adversely impact safety, security, oremergency preparedness functions.

This part of the proposed change is designed to. achieve high, assurance that the systems 'are protected from cyber attacks.

The plan, itself does not require any plant modifications.

However, the plan does describe, how plant modifications that involve digital computer.

systems are reviewed to provide high assiurance of adequate protectiont against cyber attacks, up to:and including the design basis. threat as defined in the Rule', The proposed change does not alter the plant configuration, require new plant equipment.to: be installed, alter, accident analysis assumptions, add any initiators, or affect the function of plant systems or. the manner in which systems are 'operated, miaaintained, modified, tested, or inspected. This part of the,'proposed change, is':designed to achieve high assumnce that the, systems within the scope of the Rule are protected from cyber attacks and has no impact on the probability or consequences of an accident previously evaluated.

The other part of the proposed change adds a sentence to.the existing license condition for physical protection. This change.is.administrative and has no impact on the probability or consequences of an accident previously evaluated..

Therefore, it is§ concluded that this change dqes::not: involve a significant increase in the probability or consequencesof an accident previously evaluated.

Criterion 2: The proposed change does-not c crate the possibility of a new or differenp :kind of accident from :any 'accident previously evaluated.

The proposed'change is required by 10 CFR 73.54. One part is the submittal of the Cyber Security Plan for NRC review and:approval. Thesplan conformsto: the template provided in NEI 08-09, Revision 3 and provides a description of howithe requirements of the Rule, will be. implemented at Calvert Cliffs Nuclear Powe'r Plant, Units 1: and 2, Nine Mile Point Nuclear Station, Units I and 2 and R.E. Ginna Nuclear Power Plant. The plan establishes the licefising" basis for the, cyber security program 'for the three stations and. establishes how to achieve high.'assurance that nuclear power plant digital, computer and communication 2ý

ATTACHMENT(1)

EVALUATION.OF THEPROPOSED CHANGE.

systems and networks, associated with the following are adequatelyprotected against cyber attacks up to and including the design basis threat:

1. Safety-related and: important-to-safety functions,

2. Security functions,

3. Emergency preparedness functions includingoffsite communications,

4. Support systems and equipment: whichif compromised, -would adversely impact'safety, security, or emergency preparedness functions.

ýThis part of the proposed change is designed: to achieve high.assurance that the, systems. are protected from cyber attacks. The plan. itself does not 'equire any plant modifications.

Howeverý the plan,does describe: how plant modifications that involve digital computer

,systems are reviewed to provide high assurance:of adequate protection against cyber attacks,,

up to and including the design basis. threat as defined ind theRule. The proposed change does not. alter the plant configuration, requirenew plant equipment to be installed, alter accident analysis assumptions, add any initiators, or affect. the, function of plant systems or the manner in.which systems are operated, maintained, modified, tested, or inspected. This part of the proposed change is designed to achieve high. assurance. that the systems'within the scope of the Rule are protected from cyber attacks and does not create the possibility of a new ordifferent kind of accident from any previously evaluated.

The other part, of the prOpoSed change,.add.s a sentence to the. existing license, condition fof physical protection. This change is, administrative, and does not create the possibility of a new or different kindof accident fiom any previously evaluated.

Therefore,.. the proposed change, does not create the possibility of a new or different kind of accident from any' previously evaluated.

Criterion 3: 'The proposed change do.s not involve a significant reduction in a margin of safety.

The proposed change, is required by 10 CFR 73:.54. One part i§ the submittal of the Cyber Security. Plan for NRC review and approval. The plan *conforms.to the template provided fin NEI 08-09, Revisin.3 and provides a description:of how the requirements of the Rule will be implemented at Calvert Cliffs 'Nuclear :Pwer Plant, Units !I and.::2, Nineý Mile Point Nuclear Station, Units I and 2 and R.E. Ginna Nuclear Power Plant. The plan establishes.

the licensingbasis for the cyber security program for the three stations and establishes how to achieve high assurance that nuclear power plant digital computer and communication:

systems and networks associated with the following:are adequately protected'against cyber attacksup to and including the design basis threat:

1. Safety-related and important-to-safety functions,

2.

Security functions, 3.. Emergency preparedness functions.including offsite communications,

4.

Support systems and.equipment which.if compromised, would adversely 'impact safety, security, or emergency preparedness functions.

This.part of the proposed change is designed to achieve, high. assurance that;the systems are protected from cyber attacks. The plan itself does not require:.any plant modifications.

However, the plan does describe how plant modifications that involve digital. computer 3

ATTACHMENT (1)

EVALUATION OFTHE PROPOSED CHANGE systems Are reyiewed to provide high assurance of.adequate protection against cyber attacks, up'to and including the design basis threat as defined in the Rule. The proposed change does not alterthe plant configuration, require new plant equipment to be installed, alter accident

• analysis assumptions,, add any initiators, or affect the function of plant systems or the manner in which systems are operated, maintained, modified, tested, or inspected*. 'This part of the proposed change is designed to achieve high assurance that, the systems within the scope "of the Rule are protected from cyber Attacks and does not involve' a significant

.:reduction, in a margin of safety.

The other part of the proposed change'adds a sentence to the existing license condition for physical protection.

This, change 'is, adminfiStrative and does not involve a' significant reduction ina margin of safety.

Therefore, the proposed change does not involve -a sign'ificant reduction in. a margin Of safety.

Based on:.the above, we cIonclude that the proposed change presents no significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of no significant hazards consideration is justified.

4.3 CONCLUSION

In conclusion, based. on the considerations discussed above:

(1) there is reasonable assurancethat'the health and safety of the public wil!!not be endangered by Operation inthe proposed manner; (2)' such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the.amendment Will not be inimical to the common defense and security or to the health and safety ofthe.public,

5.0 ENVIRONMENTAL CONSIDERATION

Theproposed amendment establishes. the licensing. basis for a Cyber Security Program for CCNPPI NMPNS, and Ginna and will be a part of each site's physical security plan., This proposed, amendment will not:involve any significant construction -impacts. Pursuant to 10 CFR 51.22(c)(12),,no environmental impact statement or environmental assessment need" be prepared in connection with: theissuance of the amendment.

6.0:

REFERENCES

.1; Federal Register Notice, 'Final Rule 10 CFR, Part 73,, Power Reactor Security. Requirements, published on.March 27, 2009, 74 FR 13926:

2..EA-02-026, Order Modifying Licenses, :Safeguards and Security Plan Requirements, issued February 25, 2002 4

ATTACHMENT (3)

CALVERT CLIFFS NUCLEAR POWER PLANT UNITS I.&:2LICENSE MARKUPS Constellation Energy Nuclear Group, LLC November 23, 2009:

all Q_

'K 4

\\j J

v~

~

N

~

.377 0

0-

~y 2~

~

0

-.'0

~

3 V

-,L.

~V

-- 4.

~I

'31

• J

.1 V

c.

Identification of process sampling points;,

d.

Procedur~efor recording and management of data;

e.

Procedures defining corrective actions.for off control point chemistry conditions; and

f.

A procedure. identifying the, authority responsible for the interpretation of the data and the sequence and timing of administrative events required to initiate corrective action.

(5)

Mitigation Strategy The Calvert, Cliffs Nuclear Power Plant. Inc., shall.develop and maintain strategies for addressing large fires and explosions.that inclUde the following key areas:

(a)

Fire fighting response strategy with the following: elements:

1.

Pre-defined coordinated fire response strategyand guidance

2.

Assessment of mutual aid fire fighting assets

3.

Designated staging areas for equipment.and materials

4.

Command and control

5.

Training of response personnel (b)

Operations to mitigate fuel damage considering thefollowing:

(-J~

'0 S..

A

~

v~I0 o

43 N

0 k---

~

~,

(-

(\\-

'-ci

-\\

1 2.

3.

4.

5.

6.

7.

Protection and use of personnel assets Communications Minimizing fire spread Procedures for implementing integrated-fire response strategy Identification of readily available pre-staged equipment Training on integrated fire response strategy Spent fuel pool mitigation measures (c)

Actions to minimize release to include consideration of:

1.

Water spray scrubbing

2.

Dose to onsite. responders D.

The licensee shall: fully implement and maintain in effect all.provisions'of the Commission-approved physical security, training and qualification, and safeguards contingency plans, including amendments made pursuantto, provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 7.3.55 (51 FR:.27817 and 27822):and to the authority ýof 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans,. which: contain Safeguards Information protected under 10 CFR 73.21, is entitled: "Calvert Cliffs Nuclear Power Plant Security.Plan, Training and. Qualification Plan, and Safeguards Contingency Plan, Revision 1" submitted May 19, 2006. 4, Amendment No. 273 Revised by letter dated JUly 11 2007 E..

_4 j4 e-~:

4.

Procedures for implementing integrated fire response strategy

5.

Identification of readily available pre-staged equipment

6.

Training on integrated fire response strategy

7.

Spent fuel pool mitigation measures (c)

Actions to minimize release to include consideration of:

1.

2.

Water spray scrubbing Dose to onsite responders The licensee shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans, including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27817 and 27822) and the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards Information protected under 10 CFR 73.21, is entitled: "Calvert Cliffs Nuclear Power Plant Security Plan, Training and Qualification Plan, and Safeguards Contingency Plan, Revision 1" submitted dated May 19, 2006.

The Calvert Cliffs Nuclear Power Plant, Inc., shall implement and maintain in effect all provisions of the approved fire protection program as described in the Updated Final Safety Analysis Report for the facility and as approved in the SER dated September 14, 1979,,and Supplements dated October 2, 1980; March 18, 1982; and September 27, 1982; and Exemptions dated August 16, 1982; April 21, 1983; March 15, 1984; August 22, 1990; and April 7, 1999 subject to the following provision: The Calvert Cliffs Nuclear Power Plant, Inc. may make changes to the approved fire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire, At the time of the next scheduled update to the FSAR required pursuant to 10 CFR 50.71(e)(4) following the issuance of this renewed license, the licensee shall update the FSAR to include the FSAR supplement submitted pursuant to 10 CFR 54.21(d), as amended and supplemented by the program descriptions in Appendix E to.the Safety Evaluation Report, NUREG-1705. Until that FSAR update is complete, the licensee may make changes to the programs described in Appendix E without prior Commission approval, provided that the licensee evaluates each such change pursuant to the criteria set forth in 10 CFR 50.59 and otherwise complies with the requirements in that section.

Any future actions listed in Appendix E to the Safety Evaluation Report; NUREG-1705, shall be included in the FSAR. The licensee shall complete these actions by August 13, 2016.

Amendment No. 250 Revised by letter dated July 11, 2007

ATTACHMENT (4)!

R.E. GINNA NUCLEAR POWER PLANT LICENSE MARKUP

/1 Constellation Energy Nuclear Group, LLC November 23,2009

-4J

'p A

1)

F F

P 4)

~3) 5 A

V F

2)

V 2) 0.

p.,

0 0

f1

~~2 I)

F ii 14

.0 rJ LL U

0 accordance with an acceptable calculational-model which conforms to the, provisions in Appendix K (SER dated.April 18, 1978). The exemrpition will expire upon receipt and approval of revised ECCS calculatonsr The aforementioned exemption is authorized by law: and will not endanger life: property orthe common defense and securityand is otherwise in the public interest. Therefore, the exemption.is hereby granted pursuant to 10 CFR. 50.12.

E.

The licensee shall fully'imp!ement and maintain in;effect all provisions.of the Commission-approved physical security, training and qualification, and safeguards contingency plans including amendments made.pursuant to provisions of the Miscellaneous Amendments and Search Requirements revisions to 10 CFR 73.55 (51 FR 27827 and 27822) and to the.authority of 10 CFR 50.90 and 10 CFR50.54(p). The combined set of plans, which-contains Safeguards Information protected under 10 CFR 73.21, is entitled: "R. E. Ginna Nuclear Power Plant;Security Plan, Training and Qualification Plan, and Safeguards Contingency Plan," submitted by letter dated May 15, 2006*.

F.

The Updated Final Safety Analysis Report supplement, submitted pursuant to 10 CFR 54.21(d), describes certainý future activities to be completed prior to the period of extended operation. Ginna LLC shall complete these. activities:no later than September 18, 2009, and shall notify the Commission in writi.ngwhen implementation of these activities is complete and can be verffied byNRC-inspection, The Updated Final SafetyAnalysis: Report supplement, as revised, shall be included in the next scheduled update to the Updated Final Safety Analysis Report required:by 10:CFR 50.71(e)(4),following issuance ofthis renewed license. Until that update is complete,. Ginna LLC may make changes to the programs, andactivities described in the supplement without prior Commission approval, provided that Ginna LLC evaluates each such change pursuant to the criteria set forth in 10 CFR 50.59. and'otherwise complies with the requirements in that section.

G.

All capsules in the reactor vessel,that are removed and tested must meet the test procedures-and reporting,requirements of ASTM E 185-82 to the_ extent.

practicable for the configuration of the specimens in the capsule. Any changes to the capsule withdrawal schedUle, including spare capsules, must be approved by the NRC. prior to implementation. Any capsules placed in storage must be maintained for future insertion, unless approved by the NRC.

I j

F p

V 4)3

.J

,~,

~Jo j

-O

'-4 Revised by correction letter-dated November'2, 2009

ATTACHMENT (5)

NINE MILE POINT NUCLEAR STATION UNITS 1 &2 LICENSE MARKUPS Constellation Energy.Nuclear Group,,LLC Novembcr 23, 2009

-44 D.

This'license is subject to the following additional conditions:

(1)

The licensee will complete construction of a new radwaste facility in.

conformance with the design defined and evaluated in the FES, to be operational no later than June 1976.

(2)

Deleted by Ucense Amendment No.:51

--(3) Deleted by. License Amendment No. 51 (4)

Security, Training and Qualification and Sency Plans The licensee shall fully implement and maintain in effect, all provisions of

.;,the Commission-approved physicalsecurity.,trainingandqualification,

.T7.Iand safeguards contingency plans, including amendments made pursuant to the provisions of the Miscellaneous Amendments and Search 4

Requirements revisions-to 10%CFR 73.55(51 FR 27817 and 27822) and to the, authorityof 10CFR 50.90 and 1 Ci0FR 50.54(p}). The combined set of plans, which contain, Safeguardsinformaition protected under

10.CFR 73.21 is entitled 'Nine Mile.Point Nuclear.Statio, LLCPhysical Security, Safeguards.Contingency, and Serity Training and.

Qualification Plan, Revision I,' and was submitted byletter dated L.

April 26, 2006. A (5)

Paragraph 2.D(5) of thelicense.has been combined with paragraph 2.D(4) as amendedabo~eintom a single paragraph.

(6)

Recirculaton System SafeWend.Replacement o "* *The mcirculation systemand safe-end replacement program incuding:

-jthe cutting and welding of the replacement componentsandthedose mitigationprogram (ALARA) is approved, subject to the following conditions:

a.

The licensee shall complete the recirculation piping stress reanalysis prior to restart of:Nine Mile, Point Nuclear Power o

Station, Unit No. I. The resultsof this analysisfors.elected o

" representative portions of the recirculationzsystem shallbe "VI submitted to the NRC prort restart of thefacifity.

• o * *t 0.b.

All fuel-and controlrrods shall be removed*frm *the reactor pressure vessel and stored in the spent;fuel pool during the period

'that work on the safe-end and recirculation system replacement

• O (-program is in progress.

Revisedby lee d

-Aendmfe4No. 496 V8 3 '21 v) 3 vi)

A schedular exemption to 10 CFR 50.55a(h) for the Neutron Monitoring System until completion of the first refueling outage to allow the operating licensee to provide qualified isolation devices for Class 1 E/non-IE interfaces described in their letters of June 23, 1987 (NMP2L 1057) and June 25, 1987 (NMP2L 1058). (Section 7.2.2.10, SSER 6).

For the schedular exemptions in iv), v), and vi), above, the operating licensee, in accordance with its letter of October 31, 1986, shall certify thatall systems, components, and modifications have been completed to meet the requirements of the regulations for which the-exemptions have been granted and shall provide asummary description of actions taken to ensure that the regulations have been met. This certifcation and summary shall be provided W0 days prior to the expiration of each exemption period as described above.

The exemptions set forth in this Section 2.D are authorized by law, will not, present an undue risk to public health and safety, and are consistent with the common defense and security. These exemptions are hereby granted. The special circumstances regarding each exemption are identified in the referenced section of the Safety Evaluation Report and the supplements thereto. The exemptions in ii) through vi) are granted pursuant to 10 CFR 50.12.

With these exemptions, the facility will operate to the extent authorized herein, in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission.

Nine Mile Poini Nuclear Station, LLC shall fully implement and maintain in effect all provisions of the Commission-approved physical security, training and qualification, and safeguards contingency plans, including amendments made pursuant to provisions-of the Miscellaneous Amendments and. Search Requirements revisions to 10 CFR 73155 (51 FR 27817 and 27822) and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p). The combined set of plans, which contain Safeguards information protected under 10 CFR 73.21 is entitled

'Nine Mile Point Nuclear-Station, LLC Physical Security; Safeguards Contingency, and Security Training and Qualification Plan, Revision 1,' and was submitted by letter dated April26, 2006. Changes made in accordance with 10 CFR 73.55 shall be implemented in accordance with the schedule set forth therein.k Nine Mile Point Nuclear Station, LLC shall implement and maintain in effect all provisions of the approved fire protection prograrnvas described in the Final Safety Analysis Report for the facility through Amendment No. 27 and as described in submittals dated March 25, May 7 and 9, June 10 and 25, July 11 and 16, August 19 and 22, September 5, 12, and 23, October 10, 21, and 22, and December 9, 1986, and April 10 and May 20 1987, and as approved in the SER dated February 1985 (and Supplements 1 through 6) subject to the following provision:

Rncw Lo-,

No. NPF59 E.

F.

Revispd by lcftto date~ A.--f

)I On

ATTACHMENT (6)

CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE Constellation Energy Nuclear Group, LLC November 23,2009

ATTACHMENT (6)

CYBER SECURITY PLAN IMPLEMENTATION SCHEDULE, Regulatory Commitments Completion Date

1. The analysis of digital computer systems and networks in accordance.with 36 months after NRC Section 3 of the Cyber SecurityPlan will be performed and results approval.of Cyber documented as required.

Security Plan

.2.

For cyber security controls-that have beenfidentified for implementation by 48 months after NRC the process described in Section 3 of the Cyber Security Plan, an approval of'Cyber implementation plan will be prepared and available for NRC inspection.

Security Plan

3. The elements of the Cyber Security Program.to establish, implement,, and

'60 months after NRC maintain the program as described in Section 4. of the Cyber Security Plan approval of Cyber will be implemented.

Security Plan I