RIS 2003-08, Summary of Safeguards Information Requirements, Attachment 1 to NRC Regulatory Issue Summary 2003-08: Protection of Safeguards Information from Unauthorized Disclosure
| ML080940292 | |
| Person / Time | |
|---|---|
| Site: | Watts Bar  |
| Issue date: | 04/03/2008 |
| From: | NRC/RGN-II |
| To: | |
| References | |
| RIS-03-008 | |
| Preceding documents: |
|
| Download: ML080940292 (4) | |
SUMMARY OF SAFEGUARDS INFORMATION REQUIREMENTSI. AUTHORITYThe Atomic Energy Act of 1954, as amended, 42 U.S.C. §§ 2011 et seq. (Act), grants theNuclear Regulatory Commission broad and unique authority to prohibit the unauthorizeddisclosure of Safeguards Information upon a determination that the unauthorized disclosure of such information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of materials or facilities subject to NRC jurisdiction.
Section 147 of the Act, 42 U.S.C. § 2167. For licensees and any other person, whether or not a licensee (primarily 10 C.F.R. Part 50reactor licensees, 10 C.F.R. Part 70 licensees for special nuclear material, and their employeesand contractors) subject to the requirements in 10 C.F.R. Part 73, Safeguards Information is defined by NRC regulation as follows:Safeguards Information means information not otherwise classified as NationalSecurity Information or Restricted Data which specifically identifies a licensee's or applicant's detailed, (1) security measures for the physical protection of special nuclear material, or (2) security measures for the physical protection and location of certain plant equipment vital to the safety of production or utilization facilities. 10 C.F.R. § 73.2.Specific requirements for the protection of Safeguards Information are contained in10 C.F.R. § 73.21. Access to Safeguards Information is limited as follows:(c) Access to Safeguards Information. (1) Except as the Commission mayotherwise authorize, no person may have access to Safeguards Information unless the person has an established "need to know" for the information and is: (i) An employee, agent, or contractor of an applicant, a licensee, theCommission, or the United States Government. However, an individual to be authorized access to Safeguards Information by a nuclear power reactor applicant or licensee must undergo a Federal Bureau of Investigation criminal history check to the extent required by 10 CFR 73.57; (ii) A member of a duly authorized committee of the Congress; (iii) The Governor of a State or designated representatives;
(iv) A representative of the International Atomic Energy Agency (IAEA) engagedin activities associated with the U.S./IAEA Safeguards Agreement who has beencertified by the NRC; (v) A member of a state or local law enforcement authority that is responsible forresponding to requests for assistance during safeguards emergencies; or(vi) An individual to whom disclosure is ordered pursuant to § 2.744(e) of thischapter [10 CFR 2.744(e)]. (2) Except as the Commission may otherwise authorize, no person may discloseSafeguards Information to any other person except as set forth in paragraph (c)(1) of this section. 10 C.F.R. § 73.21(c).The "need to know" requirement is specified by NRC regulation as follows:Need to know means a determination by a person having responsibility forprotecting Safeguards Information that a proposed recipient's access toSafeguards Information is necessary in the performance of official, contractual, or licensee duties of employment.10 C.F.R. § 73.2.Thus, unless otherwise authorized by the Commission, NRC regulations limit access toSafeguards Information to certain specified individuals who have been determined to have a
"need to know," i.e., specified individuals whose access has been determined to be necessary in the performance of official, contractual or licensee duties of employment. Furthermore, except as otherwise authorized by the Commission, no person may discloseSafeguards Information to any other person unless that other person is one of the specified persons listed in 10 C.F.R. § 73.21(c)(1) and that person also has a "need to know."
10 C.F.R. § 73.21(c)(2). These regulations and prohibitions on unauthorized disclosure of Safeguards Information are applicable to all licensees and all individuals:This part [10 C.F.R. Part 73] prescribes requirements for the protection of Safeguards Information in the hands of any person, whether or not a licensee of the Commission, who produces, receives, or acquires Safeguards Information.10 C.F.R. § 73.1(b)(7).The Commission's statutory authority to protect and prohibit the unauthorized disclosure ofSafeguards Information is even broader than is reflected in these regulations. Section 147 of the Act grants the Commission explicit authority to "issue such orders, as necessary to prohibit the unauthorized disclosure of safeguards information . . . ." This authority extends to information concerning special nuclear material, source material, and byproduct material, as well as production and utilization facilities. The Act explicitly provides: "Any person, whether or not a licensee of the Commission, who violates any regulations adopted under this section shall be subject to the civil monetary penalties of Section 234 of this Act." Section 147a of the Act. Section 234a of the Actprovides for a civil monetary penalty not to exceed $120,000 for each violation. See10 C.F.R. § 2.205(j) (2003). Furthermore, a willful violation of any regulation or order governingSafeguards Information is a felony subject to criminal penalties in the form of fines or imprisonment, or both. See Sections 147b and 223a of the Act. The NRC Enforcement Policy outlines potential NRC actions against both licensees andindividuals for violations of the regulations and Orders using criteria that evaluate both the details and severity of the violation. II. DISCUSSIONAll licensees and all other persons who now have, or in the future may have, access to Safeguards Information must comply with all applicable requirements delineated in regulations and Orders governing the handling and unauthorized disclosure of Safeguards Information. As stipulated in 10 C.F.R. § 73.21(a), licensees and persons who produce, receive or acquire Safeguards Information are required to ensure that Safeguards Information is protected against unauthorized disclosure. To meet this requirement, licensees and persons subject to
10 C.F.R. § 73.21(a) shall establish and maintain an information protection system governing the proper handling and unauthorized disclosure of Safeguards Information. All licensees should be aware that since the requirements of 10 C.F.R. § 73.21(a) apply to all persons who receive Safeguards Information, they apply to all contractors whose employees may haveaccess to Safeguards Information and they must either adhere to the licensee's policies andprocedures on Safeguards Information or develop, maintain and implement their own information protection system, but the licensees remain responsible for the conduct of their contractors. The elements of the required information protection system are specified in
10 C.F.R. § 73.21(b) through (i). The information protection system must address, at a minimum, the following: the general performance requirement that each person who produces, receives, or acquires Safeguards Information shall ensure that Safeguards Information is protected against unauthorized disclosure; protection of Safeguards Information at fixed sites, in use and in storage, and while in transit; inspections, audits and evaluations; correspondence containing Safeguards Information; access to Safeguards Information; preparation, marking, reproduction and destruction of documents; external transmission of documents; use of automatic data processing systems; and removal of the Safeguards Information category.As noted above, in addition to the responsibility of each licensee to ensure that all of itsemployees, contractors and subcontractors, and their employees comply with applicable requirements, all contractors, subcontractors, and individual employees also are individually responsible for complying with applicable requirements and all are subject to civil and criminal sanctions for failures to comply. The NRC considers that violations of the requirements applicable to the handling of Safeguards Information are a serious breach of adequate protection of the public health and safety and the common defense and security of the United States. As a result, the staff intends to use the NRC Enforcement Policy, including the discretion to increase penalties for violations, to determine appropriate sanctions against licensees and individuals who violate these requirements. In addition, the Commission may use its discretion,based on the severity of the violation, to further increase the penalty for any violation up to thestatutory maximum. Willful violations of these requirements will also be referred to the Department of Justice for a determination of whether criminal penalties will be pursued.