|
---|
Category:Letter
MONTHYEARIR 05000346/20243012024-02-0202 February 2024 NRC Initial License Examination Report 05000346/2024301 IR 05000346/20230042024-01-31031 January 2024 Integrated Inspection Report 05000346/2023004 ML23313A1352024-01-17017 January 2024 Authorization and Safety Evaluation for Alternative Request RP 5 for the Fifth 10 Year Interval Inservice Testing Program ML23353A1192023-12-19019 December 2023 Operator Licensing Examination Approval Davis Besse Nuclear Power Station, January 2024 L-23-260, Corrections to the 2022 Combined Annual Radiological Environmental Operating Report and Radioactive Effluent Release Report for the Davis-Besse Nuclear Power Station2023-12-0707 December 2023 Corrections to the 2022 Combined Annual Radiological Environmental Operating Report and Radioactive Effluent Release Report for the Davis-Besse Nuclear Power Station L-23-243, Independent Spent Fuel Storage Installation - Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications Implementation2023-12-0606 December 2023 Independent Spent Fuel Storage Installation - Request for Exemption from Enhanced Weapons, Firearms Background Checks, and Security Event Notifications Implementation ML23338A3172023-12-0606 December 2023 Notification of NRC Baseline Inspection and Request for Information; Inspection Report 05000346/2024001 IR 05000346/20234032023-11-0202 November 2023 Security Baseline Inspection Report 05000346/2023403 ML23293A0612023-11-0101 November 2023 Letter to the Honorable Marcy Kaptur, from Chair Hanson Responds to Letter Regarding Follow Up on Concerns Raised by Union Representatives During the June Visit to the Davis-Besse Nuclear Power Plant L-23-215, Changes to Emergency Plan2023-10-19019 October 2023 Changes to Emergency Plan ML23237B4222023-09-28028 September 2023 Energy Harbor Nuclear Corp. - Vistra Operations Company LLC - Letter Regarding Order Approving Transfer of Licenses and Draft Conforming License Amendments ML23269A1242023-09-27027 September 2023 Request for Withholding Information from Public Disclosure IR 05000346/20234012023-09-13013 September 2023 Security Baseline Inspection Report 05000346/2023401 (Public) L-23-205, Supplement to Application for Order Consenting to Transfer of Licenses and Conforming License Amendments2023-09-12012 September 2023 Supplement to Application for Order Consenting to Transfer of Licenses and Conforming License Amendments L-23-172, Quality Assurance Program Manual2023-08-31031 August 2023 Quality Assurance Program Manual IR 05000346/20230112023-08-30030 August 2023 Biennial Problem Identification and Resolution Inspection Report 05000346/2023011 ML23129A1722023-08-25025 August 2023 Request for Withholding Information from Public Disclosure for Beaver Valley Power Station, Units 1 and 2; Davis Besse Nuclear Power Station, Unit 1; and Perry Nuclear Power Plant, Unit 1 IR 05000346/20230052023-08-24024 August 2023 Updated Inspection Plan for Davis-Besse Nuclear Power Station (Report 05000346/2023005) L-23-188, Energy Harbor Nuclear Corp., Supplement to Application for Order Consenting to Transfer of Licenses and Conforming License Amendments2023-08-0707 August 2023 Energy Harbor Nuclear Corp., Supplement to Application for Order Consenting to Transfer of Licenses and Conforming License Amendments IR 05000346/20230502023-08-0303 August 2023 Special Inspection Report 05000346/2023050 IR 05000346/20230902023-08-0101 August 2023 EA-23-002 Davis-Besse Nuclear Power Station - NRC Inspection Report No. 05000346/2023090 (Public) ML23178A2742023-08-0101 August 2023 Letter to the Honorable Marcy Kaptur from Chair Hanson Responds to Letter Regarding the License Transfer Application for the Davis-Besse Nuclear Power Station L-23-175, Submittal of Fifth Ten Year Inservice Testing Program2023-08-0101 August 2023 Submittal of Fifth Ten Year Inservice Testing Program IR 05000346/20230022023-07-27027 July 2023 Integrated Inspection Report 05000346/2023002 ML23193A7842023-07-13013 July 2023 Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000346/2023402 ML23178A2422023-06-28028 June 2023 Reassignment of the U.S. Nuclear Regulatory Commission Branch Chief in the Division of Operating Reactor Licensing for Plant Licensing Branch III ML23160A2342023-06-13013 June 2023 Confirmation of Initial License Examination L-23-034, 2022 Annual 10 CFR 50.46 Report of Changes to or Errors in Emergency Core Cooling System Evaluation Models2023-06-13013 June 2023 2022 Annual 10 CFR 50.46 Report of Changes to or Errors in Emergency Core Cooling System Evaluation Models IR 05000346/20235012023-06-13013 June 2023 Emergency Preparedness Biennial Exercise Inspection Report 05000346/2023501 L-23-135, Response to Regulatory Issue Summary 2023-01, Preparation and Scheduling of Operator Licensing Examinations2023-05-31031 May 2023 Response to Regulatory Issue Summary 2023-01, Preparation and Scheduling of Operator Licensing Examinations L-23-065, Annual Financial Report2023-05-22022 May 2023 Annual Financial Report ML23124A1742023-05-17017 May 2023 Energy Harbor Fleet Vistra License Transfer - Request for Withholding Information from Public Disclosure for Commance Peak Plant, Units 1 & 2, Beaver Valley Station, Units 1 & 2, Davis Besse Station, Unit 1 and Perry Plant, Unit 1 ML23129A0112023-05-16016 May 2023 Notice of Consideration of Approval of Indirect and Direct License Transfer for Comanche Peak Plant, Units 1 & 2, Beaver Valley Station, Units 1 & 2, Davis Besse Station, Unit 1 and Perry Plant, Unit 1 (EPID L-2023-LLM-0000) (Letter) ML23131A2732023-05-15015 May 2023 Notification of NRC Supplemental Inspection 95001 and Request for Information L-23-101, Combined Annual Radiological Environmental Operating Report and Radioactive Effluent Release Report for the Davis-Besse Nuclear Power Station - 20222023-05-12012 May 2023 Combined Annual Radiological Environmental Operating Report and Radioactive Effluent Release Report for the Davis-Besse Nuclear Power Station - 2022 L-23-131, Readiness for Resumption of NRC Supplemental Inspection2023-05-12012 May 2023 Readiness for Resumption of NRC Supplemental Inspection IR 05000346/20230102023-05-0909 May 2023 Commercial Grade Dedication Inspection Report 05000346/2023010 ML23123A1272023-05-0303 May 2023 Information Request to Support Upcoming Problem Identification and Resolution Inspection at Davis-Besse Nuclear Power Station IR 05000346/20230012023-05-0101 May 2023 Integrated Inspection Report 05000346/2023001 and 07200014/2022001 L-23-092, Occupational Radiation Exposure Report for Year 20222023-04-27027 April 2023 Occupational Radiation Exposure Report for Year 2022 ML23111A1972023-04-26026 April 2023 Information Meeting with Question and Answer Session to Discuss NRC 2022 End-of-Cycle Plant Performance Assessment of Davis-Besse Nuclear Power Plant Station ML23114A1062023-04-25025 April 2023 Information Request to Support the NRC Annual Baseline Emergency Action Level and Emergency Plan Changes Inspection CP-202300181, ISFSI, Beaver Valley, Units 1 and 2, ISFSI, Davis-Besse, Unit 1, ISFSI, Perry, Unit 1, ISFSI, Corrected Affidavit for Application for Order Consenting to Transfer of Licenses and Conforming License Amendments2023-04-20020 April 2023 ISFSI, Beaver Valley, Units 1 and 2, ISFSI, Davis-Besse, Unit 1, ISFSI, Perry, Unit 1, ISFSI, Corrected Affidavit for Application for Order Consenting to Transfer of Licenses and Conforming License Amendments CP-202300157, ISFSI, Beaver Valley, Units 1 and 2, ISFSI, Davis-Besse, Unit 1, ISFSI, Perry, Unit 1, and ISFSI, Application for Order Consenting to Transfer of Licenses and Conforming License Amendments2023-04-14014 April 2023 ISFSI, Beaver Valley, Units 1 and 2, ISFSI, Davis-Besse, Unit 1, ISFSI, Perry, Unit 1, and ISFSI, Application for Order Consenting to Transfer of Licenses and Conforming License Amendments ML23096A1382023-04-11011 April 2023 Review of the Spring 2022 Steam Generator Tube Inspection Report L-23-061, Submittal of the Decommissioning Funding Status Reports2023-03-31031 March 2023 Submittal of the Decommissioning Funding Status Reports L-23-037, and Perry Nuclear Power Plant - Independent Spent Fuel Storage Installation Changes, Tests, and Experiments2023-03-29029 March 2023 and Perry Nuclear Power Plant - Independent Spent Fuel Storage Installation Changes, Tests, and Experiments L-23-066, Annual Notification of Property Insurance Coverage2023-03-21021 March 2023 Annual Notification of Property Insurance Coverage ML23066A2892023-03-14014 March 2023 Request for Threshold Determination Under 10 CFR 50.80 and 10 CFR 72.50 for an Amendment to the Voting Agreement ML23066A2592023-03-14014 March 2023 Request for Withholding Information from Public Disclosure for Beaver Valley Power Station, Units 1 and 2, Davis Besse Nuclear Power Station, Unit 1, and Perry Nuclear Power Plant, Unit 1 2024-02-02
[Table view] Category:Request for Additional Information (RAI)
MONTHYEARML23338A3172023-12-0606 December 2023 Notification of NRC Baseline Inspection and Request for Information; Inspection Report 05000346/2024001 ML23193A7842023-07-13013 July 2023 Information Request for the Cyber-Security Baseline Inspection, Notification to Perform Inspection 05000346/2023402 ML23131A2732023-05-15015 May 2023 Notification of NRC Supplemental Inspection 95001 and Request for Information ML23033A0322023-02-0101 February 2023 NRR E-mail Capture - Request for Additional Information for Davis-Besse's 2022 Steam Generator Inspection Report (L-2022-LRO-0115) ML22357A0302022-12-23023 December 2022 Request for Information for NRC Commercial Grade Dedication Inspection: Inspection Report 05000346/2023010 ML22266A1102022-09-23023 September 2022 NRR E-mail Capture - Davis-Besse Nuclear Power Station, Unit No. 1 - Request for Additional Information Regarding July 21, 2022, Request for Withholding Information from Public Disclosure ML22214A7042022-08-0202 August 2022 Reissue - Davis-Besse Nuclear Power Station, Unit 1 Notification of Nrc Fire Protection Team Inspection Request for Information: Inspection Report 05000346/2022011 ML22187A0992022-07-0606 July 2022 Notification of NRC Supplemental Inspection (95001) and Request for Information ML22164A8572022-06-13013 June 2022 NRR E-mail Capture - Davis-Besse Nuclear Power Station, Unit No. 1 - Request for Additional Information Regarding License Amendment Request to Revise the Emergency Plan ML22118A6862022-04-28028 April 2022 NRR E-mail Capture - Davis-Besse Nuclear Power Station, Unit No. 1 - Request for Additional Information Regarding Alternative to Extend the Steam Generator Weld Inspection Interval ML22112A1092022-04-22022 April 2022 NRR E-mail Capture - Davis-Besse Nuclear Power Station, Unit No. 1 - Request for Additional Information Regarding License Amendment Request to Revise the Design Basis for the Shield Building ML22055A0872022-02-23023 February 2022 NRR E-mail Capture - Davis-Besse Nuclear Power Station, Unit No. 1 - Request for Additional Information Regarding Relief Request RP-3 IR 05000346/20210912021-12-17017 December 2021 NRC Inspection Report (05000346/2021091) Preliminary Greater than Green Finding ML21321A3792021-11-16016 November 2021 NRR E-mail Capture - Davis-Besse Nuclear Power Station, Unit No. 1 - Request for Additional Information Regarding Alternative to Extend the Steam Generator Weld Inspection Interval ML21301A0992021-10-28028 October 2021 Draft Request for Additional Information: Proposed Alternate for Examination of Steam Generator Welds - Energy Harbor Nuclear Corp., Davis-Besse Nuclear Power Station, Unit No. 1 ML21203A3252021-07-28028 July 2021 Request for Information for an NRC Triennial Baseline Design Bases Assurance Inspection (Team): Inspection Report 05000346/2021011 ML21155A1952021-06-0404 June 2021 Information Request to Support Upcoming Problem Identification and Resolution (Pi&R) Inspection at Davis Besse Nuclear Power Station ML21041A5452021-02-10010 February 2021 NRR E-mail Capture - Davis-Besse Nuclear Power Station, Unit No. 1 - Request for Additional Information Regarding Steam Generator Tube Inspection Reports ML21007A3732021-01-0707 January 2021 NRR E-mail Capture - (External_Sender) (External) Request for Additional Information Regarding License Amendment Request to Incorporate the Applicable Standard Technical Specification 5.2.2, Unit Staff, ML21004A1442020-12-30030 December 2020 NRR E-mail Capture - Request for Additional Information Regarding License Amendment Request to Incorporate the Applicable Standard Technical Specification 5.2.2, Unit Staff ML20300A5592020-10-27027 October 2020 Notification of an NRC Biennial Licensed Operator Requalification Program Inspection and Request for Information ML20154K7642020-06-0202 June 2020 NRR E-mail Capture - Davis-Besse Nuclear Power Station, Unit No. 1 - Request for Additional Information Regarding License Amendment Request to Adopt TSTF-425 ML20133J9792020-05-14014 May 2020 Information Request to Support the NRC Annual Baseline Emergency Action Level and Emergency Plan Changes Inspection ML20127H8672020-05-0606 May 2020 NRR E-mail Capture - Beaver Valley, Davis-Besse, and Perry - Request for Additional Information Regarding Request for Exemptions from Part 73 Security Requalification Requirements ML20021A3162020-01-21021 January 2020 NRR E-mail Capture - Davis-Besse Nuclear Power Station - Request for Additional Information Regarding License Amendment Request to Revise Containment Leakage Rate Testing ML19192A2222019-07-18018 July 2019 Request for Additional Information Regarding Application for Order Consenting to Transfer of Licenses and Conforming License Amendments ML19179A1382019-06-28028 June 2019 NRR E-mail Capture - Davis-Besse - Request for Additional Information Regarding the Decommissioning Quality Assurance Program ML19164A1532019-06-13013 June 2019 NRR E-mail Capture - Davis-Besse Nuclear Power Station - Request for Additional Information Regarding License Amendment Request for Post-Shutdown Emergency Plan ML19162A3922019-06-11011 June 2019 NRR E-mail Capture - Davis-Besse Nuclear Power Station - Request for Additional Information Regarding License Amendment Request for Permanently Defueled Technical Specifications ML19143A0732019-05-29029 May 2019 FENOC Fleet - Beaver Valley, Units 1 and 2; Davis-Besse, Unit 1, Perry, Unit 1 - Supplemental Information Needed for Acceptance of Requested Licensing Action; Application for Order Consenting to License Transfer and Conforming Amendments ML18305B0192018-11-0101 November 2018 18 Davis-Besse Nuclear Power Station - Notification of an NRC Biennial Licensed Operator Requalification Program Inspection and Request for Information(Rdb) ML18201A4122018-07-19019 July 2018 NRR E-mail Capture - Davis-Besse - Request for Additional Information Regarding License Amendment Request to Adopt NFPA 805 ML18190A4902018-07-0909 July 2018 Request for Information for an NRC Triennial Baseline Design Bases Assurance Inspection (Team), Inspection Report 05000346/2018011 (DRP-DXB) ML18102B0852018-04-12012 April 2018 NRR E-mail Capture - Follow-up Request for Additional Information (RAI) FENOC FLEET-- Exemption Request for a Physical Barrier Requirement for Beaver ML18043A0102018-02-0909 February 2018 NRR E-mail Capture - FENOC--MG0010-MG0011, MG-0012, MG0013-- Request for Additional Information (RAI) - Exemption Request Security Barrier in Physical Plans ML17355A3722017-12-21021 December 2017 NRR E-mail Capture - Davis-Besse Nuclear Power Station, Unit No. 1 - Request for Additional Information Regarding License Amendment Request to Adopt NFPA 805 ML17303B1582017-11-0707 November 2017 FENOC-Beaver Valley Power Station, Units 1 and 2, Davis-Besse Nuclear Power Station, Unit 1, Perry Nuclear Power Plant Unit 1 - Generic Letter 2016-01, Request for Supplemental Information ML17257A1402017-09-14014 September 2017 NRR E-mail Capture - Davis-Besse Nuclear Power Station, Unit No. 1 - Request for Additional Information Regarding License Amendment Request to Adopt NFPA 805 ML17135A3612017-05-12012 May 2017 Information Request for NRC Triennial Evaluations of Changes, Tests, and Experiments (50.59) Baseline Inspection 05000346/2017010 (Jvb) ML17129A4112017-05-0909 May 2017 Request for Additional Information Regarding Evaluation Submitted in Response to License Renewal Commitment No. 54 ML17100A1732017-04-19019 April 2017 Request for Additional Information Regarding License Amendment Request to Adopt National Fire Protection Associated Standard 805 ML16364A2792017-01-23023 January 2017 Request for Additional Information Regarding License Renewal Commitment No. 42 ML16355A0352016-12-19019 December 2016 Ltr 12/19/16 Davis-Besse Nuclear Power Station, Unit 1 - Information Request for an NRC Post-Approval Site Inspection for License Renewal 05000346/2017009 (Bxj) ML16256A0662016-10-18018 October 2016 Request for Additional Information Regarding License Amendment Request to Adopt National Fire Protection Associated Standard 805 ML16196A0152016-07-22022 July 2016 Request for Additional Information Regarding Amendment Request to Revise Emergency Action Level Scheme L-16-122, Completion of Required Action by NRC Order EA-12-051, Reliable Spent Fuel Pool Instrumentation2016-06-24024 June 2016 Completion of Required Action by NRC Order EA-12-051, Reliable Spent Fuel Pool Instrumentation ML16060A0122016-02-29029 February 2016 FENOC - Email RAI to Licensee Regarding LAR for Changes to TS 5.3.1 CAC Nos. MF7118, MF7119, and MF7120 ML16047A1452016-02-22022 February 2016 Supplemental Information Needed for Acceptance of License Amendment Request to Adopt National Fire Protection Associated Standard 805 ML16019A3972016-01-20020 January 2016 Request for Additional Information Related to Amendment Request for Emergency Diesel Generator Minimum Voltage Surveillance Requirements ML15222A1792015-09-21021 September 2015 Request for Additional Information Related to Amendment Request for Emergency Diesel Generator Minimum Voltage Surveillance Requirements (TAC No. MF6060)(L-15-117) 2023-07-13
[Table view] |
See also: IR 05000346/2023402
Text
July 13, 2023
Terry Brown
Site Vice President
Energy Harbor Nuclear Corp.
Davis-Besse Nuclear Power Station
5501 N. State Rte. 2, Mail Stop A-DB-3080
Oak Harbor, OH 43449-9760
SUBJECT: DAVIS-BESSE NUCLEAR POWER STATION - INFORMATION REQUEST FOR
THE CYBER-SECURITY BASELINE INSPECTION, NOTIFICATION TO
PERFORM INSPECTION 05000346/2023402
Dear Terry Brown:
On November 6, 2023, the U.S. Nuclear Regulatory Commission (NRC) will begin a baseline
inspection in accordance with Inspection Procedure (IP) 71130.10 Cyber-Security, Revision 0
at your Davis-Besse Nuclear Power Station. The inspection will be performed to evaluate and
verify your ability to meet the NRCs Cyber-Security Rule, Title 10, Code of Federal Regulations
(CFR), Part 73, Section 54, Protection of Digital Computer and Communication Systems and
Networks. The onsite portion of the inspection will take place November 6-10, 2023.
Experience has shown that baseline inspections are extremely resource intensive, both for the
NRC inspectors and the licensee staff. In order to minimize the inspection impact on the site
and to ensure a productive inspection for both parties, we have enclosed a request for
documents needed for the inspection. These documents have been divided into four groups.
The first group specifies information necessary to assist the inspection team in choosing the
focus areas (i.e., sample set) to be inspected by the cyber-security IP. This information should
be made available electronically no later than September 12, 2023. The inspection team will
review this information and, by September 25, 2023, will request the specific items that should
be provided for review.
The second group of additional requested documents will assist the inspection team in the
evaluation of the critical systems and critical digital assets (CSs/CDAs), defensive architecture,
and the areas of the licensees Cyber Security Plan (CSP) selected for the cyber-security
inspection. This information will be requested for review in the regional office prior to the
inspection by October 25, 2023, as identified above.
The third group of requested documents consists of those items that the inspection team will
review, or need access to, during the inspection. Please have this information available by the
first day of the onsite inspection, November 6, 2023.
T. Brown -2-
The fourth group of information is necessary to aid the inspection team in tracking issues
identified as a result of the inspection. It is requested that this information be provided to the
lead inspector as the information is generated during the inspection. It is important that all of
these documents are up to date and complete in order to minimize the number of additional
documents requested during the preparation and/or the onsite portions of the inspection.
The lead inspector for this inspection is Jasmine Gilliam. We understand that our regulatory
contact for this inspection is Gerald Wolf of your organization. If there are any questions about
the inspection or the material requested, please contact the lead inspector at 630-829-9831 or
via e-mail at Jasmine.Gilliam@nrc.gov.
This letter does not contain new or amended information collection requirements subject to the
Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing information collection
requirements were approved by the Office of Management and Budget, Control
Number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to
respond to, a request for information or an information collection requirement unless the
requesting document displays a currently valid Office of Management and Budget control
number.
In accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding,
of the NRC's "Rules of Practice," a copy of this letter and its enclosure will be available
electronically for public inspection in the NRCs Public Document Room or from the Publicly
Available Records (PARS) component of the NRC's Agencywide Documents Access and
Management System (ADAMS). ADAMS is accessible from the NRC Web site at
http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).
Sincerely,
Signed by Gilliam, Jasmine
on 07/13/23
Jasmine Gilliam, Senior Reactor Inspector
Engineering Branch 2
Division of Operating Reactor Safety
Docket No. 50-346
License No. NPF-3
Enclosure:
Cyber-Security Inspection
Document Request
cc w/encl: Distribution via LISTSERV
T. Brown -3-
Letter to T. Brown from J. Gilliam dated July 13, 2023.
SUBJECT: DAVIS-BESSE NUCLEAR POWER STATION - INFORMATION REQUEST FOR
THE CYBER-SECURITY BASELINE INSPECTION, NOTIFICATION TO
PERFORM INSPECTION 05000346/2023402
DISTRIBUTION:
Jeffrey Josey
RidsNrrDorlLpl3
RidsNrrPMDavisBesse Resource
RidsNrrDroIrib Resource
John Giessner
Mohammed Shuaibi
Diana Betancourt-Roldan
Allan Barker
R3-DORS
ADAMS Accession Number: ML23193A784
Publicly Available Non-Publicly Available Sensitive Non-Sensitive
OFFICE RIII
NAME JGilliam:do
DATE 07/13/2023
OFFICIAL RECORD COPY
Inspection Report: 05000346/2023402
Inspection Dates: November 6-10, 2023
Inspection Procedure: IP 71130.10, Cyber-Security, Revision 0
NRC Inspectors: Jasmine Gilliam, Lead Kevin Fay
630-829-9831 630-829-9866
Jasmine.Gilliam@nrc.gov Kevin.Fay@nrc.gov
NRC Contractors: Tim Marshall Michael Shock
Timothy.Marshall@nrc.gov Michael.Shock@nrc.gov
I. Information Requested for In-Office Preparation
The initial request for information (i.e., first RFI) concentrates on providing the inspection
team with the general information necessary to select appropriate components and
Cyber Security Plan (CSP) elements to develop a site-specific inspection plan. The first
RFI is used to identify the list of critical systems and critical digital assets (CSs/CDAs)
plus operational and management (O&M) security control portions of the CSP to be
chosen as the sample set required to be inspected by the cyber-security IP. The first
RFIs requested information is specified below in Table RFI #1. The Table RFI #1
information is requested to be provided to the regional office by September 12, 2023, or
sooner, to facilitate the selection of the specific items that will be reviewed during the
onsite inspection weeks.
The inspection team will examine the returned documentation from the first RFI and
identify/select specific systems and equipment (e.g., CSs/CDAs) to provide a more
focused follow-up request to develop the second RFI. The inspection team will submit
the specific systems and equipment list to your staff by September 25, 2023, which will
identify the specific systems and equipment that will be utilized to evaluate the
CSs/CDAs, defensive architecture, and the areas of the licensees CSP selected for the
cyber-security inspection. We request that the additional information provided from the
second RFI be made available to the regional office prior to the inspection by
October 25, 2023.
The required Table RFI 1 information shall be provided electronically to the lead
inspector by September 12, 2023. If a compact disk (CD) is provided, please provide
four copies (one for each inspector/contactor). The preferred file format for all lists is a
searchable Excel spreadsheet file. These files should be indexed and hyper-linked to
facilitate ease of use. If you have any questions regarding this information, please call
the inspection team leader as soon as possible.
Enclosure
Table RFI #1
Request: IP Ref
A list of all Identified CSs/CDAs-highlight/note any additions,
deletions, reclassifications due to new guidance from white papers,
1 Overall
changes to NEI 10-04, 13-10, etc., since the last cyber-security
inspection
A list of Emergency Preparedness and Security onsite and offsite
2 Overall
digital communication systems
Network Topology Diagrams to include information and data flow for
3 Overall
critical systems in levels 2, 3 and 4 (If available)
4 Ongoing Monitoring and Assessment program documentation 03.01(a)
The most recent effectiveness analysis of the Cyber-Security
5 03.01(b)
Program
6 Vulnerability screening/assessment and scan program documentation 03.01(c)
Cyber-Security Incident response documentation, including incident
detection, response, and recovery documentation as well as 03.02(a)
7 contingency plan development, implementation and including any and
program documentation that requires testing of security boundary 03.04(b)
device functionality
8 Device Access and Key Control documentation 03.02(c)
9 Password/Authenticator documentation 03.02(c)
10 User Account/Credential documentation 03.02(d)
Portable Media and Mobile Device control documentation, including
11 03.02(e)
kiosk security control assessment/documentation
Design change/modification program documentation and a list of all
design changes that affected CDAs that have been installed and
12 completed since the last cyber-security inspection, including either a 03.03(a)
summary of the design change or the 50.59 documentation of the
change
03.03(a)
Supply Chain Management documentation including any security
13 , (b) and
impact analysis for new acquisitions
(c)
Configuration Management documentation including any security
03.03(a)
14 impact analysis performed due to configuration changes since the last
and (b)
inspection
2
Table RFI #1
Request: IP Ref
Cyber-Security Plan and any 50.54(p) analysis to support changes to
15 03.04(a)
the plan since the last inspection
03.06
16 Cyber-Security Metrics tracked (if applicable)
(b)
Provide documentation describing any cyber-security changes to the
17 Overall
access authorization program since the last cyber-security inspection
Provide a list of all procedures and policies provided to the NRC with
18 Overall
their descriptive name and associated number (if available)
03.06
19 Performance testing report (if applicable)
(a)
In addition to the above information please provide the following:
(1) Electronic copy of the Updated Final Safety Analysis Report (UFSAR) and
technical specifications.
(2) Name(s) and phone numbers for the regulatory and technical contacts.
(3) Current management and engineering organizational charts.
Based on this information, the inspection team will identify and select specific systems
and equipment (e.g., CSs/CDAs) from the information requested by Table RFI #1 and
submit a list of specific systems and equipment to your staff by August 02, 2023, for the
second RFI (i.e., RFI #2).
II. Additional Information Requested to be Available Prior to Inspection
As stated in Section I above, the inspection team will examine the returned
documentation requested from Table RFI #1 and submit the list of specific systems
and equipment to your staff by September 25, 2023, for the second RFI (i.e., RFI #2).
The second RFI will request additional information required to evaluate the CSs/CDAs,
defensive architecture, and the areas of the licensees CSP selected for the cyber-
security inspection. The additional information requested for the specific systems and
equipment is identified in Table RFI #2.
The Table RFI #2 information shall be provided electronically to the lead inspector by
October 25, 2023. If a CD is provided, please provide four copies (one for each
inspector/contactor). The preferred file format for all lists is a searchable Excel
spreadsheet file. These files should be indexed and hyper-linked to facilitate ease of
use. If you have any questions regarding this information, please call the inspection
team leader as soon as possible.
3
Table RFI #2
Request
Items
For the system(s) chosen for inspection provide:
Ongoing Monitoring and Assessment activity performed on the
1 03.01(a)
system(s)
2 All Security Control Assessments for the selected system(s) 03.01(a)
All vulnerability screenings/assessments associated with or scans
3 performed on the selected system(s) since the last cyber-security 03.01(c)
inspection
Documentation (including configuration files and rules sets) for
Network-based Intrusion Detection/Protection Systems (NIDS/NIPS),
4 Host-based Intrusion Detection Systems (HIDS), and Security 03.02(b)
Information and Event Management (SIEM) systems for system(s)
chosen for inspection)
Documentation (including configuration files and rule sets) for
5 intra-security level firewalls and boundary devices used to protect 03.02(c)
the selected system(s)
Copies of all periodic reviews of the access authorization list for the
6 selected systems since the last inspection 03.02(d)
7 Baseline configuration data sheets for the selected CDAs 03.03(a)
Documentation on any changes, including Security Impact Analyses,
8 performed on the selected system(s) since the last inspection 03.03(b)
Copies of the purchase order documentation for any new equipment
9 purchased for the selected systems since the last inspection 03.03(c)
Copies of any cyber-security drills performed since the last 03.02(a)
10 inspection, along with any reports or assessments generated 03.04(b)
Copy of the individual recovery plan(s) for the selected system(s)
03.02(a)
11 including documentation of the results the last time the backups 03.04(b)
were executed
Corrective actions taken as a result of cyber-security
12 incidents/issues to include previous NRC violations and Licensee 03.04(d)
Identified Violations since the last cyber-security inspection
4
III. Information Requested to be Available on First Day of Inspection
For the specific systems and equipment identified in Section II above, provide the
following RFI (i.e., Table 1ST Week Onsite) electronically by November 6, 2023, the first
day of the inspection.
Table 1ST Week Onsite
Request: Items
Any cyber-security event reports submitted in accordance with
1 03.04(a)
10 CFR 73.77 since the last cyber-security inspection
Updated Copies of corrective actions taken as a result of
cyber-security incidents/issues, to include previous NRC violations
2 03.04(d)
and Licensee Identified Violations since the last cyber-security
inspection, as well as vulnerability-related corrective actions
In addition to the above information please provide the following:
(1) Copies of the following documents do not need to be solely available to the
inspection team as long as the inspectors have easy and unrestrained access to
them.
a. UFSAR, if not previously provided;
b. Original Final Safety Analysis Report (FSAR) Volumes;
c. Original Safety Evaluation Report (SER) and Supplements;
d. FSAR Question and Answers;
e. Quality Assurance (QA) Plan;
f. Technical Specifications, if not previously provided; and
g. Latest Individual Plant Examination and Probabilistic Risk Assessment
(IPE/PRA) Report.
(2) Vendor Manuals, Assessment and Corrective Actions:
a. The most recent Cyber-Security QA audit and/or self-assessment; and
b. Corrective action documents (e.g., condition reports, including status of
corrective actions) generate as a result of the most recent Cyber-Security QA
audit and/or self-assessment.
5
IV. Information Requested to be Provided Throughout the Inspection
(1) Copies of any corrective action documents generated as a result of the
inspection teams questions or queries during the inspection.
(2) Copies of the list of questions submitted by the inspection team members and
the status/resolution of the information requested (provided daily during the
inspection to each inspection team member).
If you have any questions regarding the information requested, please contact the inspection
team leader.
6