Protection of Safeguards Information, 7196-7217 [05-2665]

Agencies

• NUCLEAR REGULATORY COMMISSION

[Federal Register Volume 70, Number 28 (Friday, February 11, 2005)]
[Proposed Rules]
[Pages 7196-7217]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 05-2665]


=======================================================================
-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION

10 CFR Parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76 and 150

RIN: 3150-AH57


Protection of Safeguards Information

AGENCY: Nuclear Regulatory Commission.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Nuclear Regulatory Commission (NRC) is proposing to amend 
its regulations for the protection of Safeguards Information (SGI) to 
protect SGI from inadvertent release and unauthorized disclosure which 
might compromise the security of nuclear facilities and materials. The 
proposed amendments are consistent with recent Commission practices 
reflected in orders and threat advisories, issued since September 11, 
2001. The proposed amendments would affect certain licensees, 
information, and materials not currently specified in the regulations, 
but which are within the scope of Commission authority under the Atomic 
Energy Act of 1954, as amended (AEA).

DATES: The comment period expires March 28, 2005. Submit comments 
specific to the information collections aspects of this rule March 14, 
2005. Comments received after that date will be considered if it is 
practical to do so, but the NRC is able to ensure consideration only 
for comments received on or before this date.

ADDRESSES: You may submit comments by any one of the following methods. 
Please include the following number (RIN 3150-AH57) in the subject line 
of your comments. Comments on this rulemaking submitted in writing or 
in electronic form will be made available for public inspection. 
Because your comments will not be edited to remove any identifying or 
contact information, the NRC cautions you against including personal 
information such as social security numbers and birth dates in your 
submission.
    Mail comments to: Secretary, U.S. Nuclear Regulatory Commission, 
Washington, DC 20555-0001, Attn: Rulemakings and Adjudications Staff.
    E-mail comments to: SECY@nrc.gov. If you do not receive a reply e-
mail confirming that we have received your comments, contact us 
directly at (301) 415-1966. You may also submit comments via the NRC's 
rulemaking Web site at https://ruleforum.llnl.gov. Address questions 
about our rulemaking Web site to Carol Gallagher at (301) 415-5905; e-
mail cag@nrc.gov. Comments can also be submitted via the Federal 
Rulemaking Portal https://www.regulations.gov.
    Hand-deliver comments to: 11555 Rockville Pike, Rockville, Maryland 
20852, between 7:30 a.m. and 4:15 p.m. Federal workdays. (Telephone: 
(301) 415-1966).
    Fax comments to: Secretary, U.S. Nuclear Regulatory Commission at 
(301) 415-1101. Publicly available documents related to this rulemaking 
may be examined and copied for a fee at the NRC's Public Document Room 
(PDR), Public File Area O1F21, One White Flint North, 11555 Rockville 
Pike, Rockville, Maryland. Selected documents, including comments, can 
be reviewed and downloaded electronically via the NRC rulemaking Web 
site at https://ruleforum.llnl.gov.
    You may submit comments on the information collections by the 
methods indicated in the Paperwork Reduction Act Statement.
    Publicly available documents created or received at the NRC after 
November 1, 1999, are available electronically at the NRC's Electronic 
Reading Room at https://www.nrc.gov/NRC/ADAMS/. From this 
site, the public can gain entry into the NRC's Agencywide Document 
Access and Management System (ADAMS), which provides text and image 
files of NRC's public documents. If you do not have access to ADAMS or 
if there are problems in accessing the documents located in ADAMS, 
contact the NRC's PDR Reference staff at 1-800-397-4209, 301-415-4737 
or by e-mail to pdr@nrc.gov.

FOR FURTHER INFORMATION CONTACT: Marjorie Rothschild, Office of the 
General Counsel, U.S. Nuclear Regulatory Commission, Washington, DC 
20555-0001, telephone (301) 415-1633, e-mail MUR@nrc.gov or Bernard 
Stapleton, Office of Nuclear Security and Incident Response, Nuclear 
Regulatory Commission, Washington, DC 20555-0001, (301) 415-2432, e-
mail BWS2@nrc.gov.

SUPPLEMENTARY INFORMATION:
I. Background
II. Need for Rule
III. Purpose of Rulemaking
IV. Request for Specific Comment
V. Discussion of Proposed Amendments by Section
VI. Criminal Penalties
VII. Agreement State Issues
VIII. Plain Language
IX. Voluntary Consensus Standards
X. Finding of No Significant Impact: Environmental Assessment
XI. Paperwork Reduction Act Statement
XII. Regulatory Analysis
XIII. Regulatory Flexibility Analysis
XIV. Backfit Analysis

I. Background

    Safeguards Information (SGI) is a special category of sensitive 
unclassified information to be protected from unauthorized disclosure 
under section 147 of the Atomic Energy Act of 1954, as amended (AEA). 
Although SGI is considered to be sensitive unclassified information, it 
is handled and protected more like classified National Security 
Information than like other sensitive unclassified information (e.g., 
privacy and proprietary information). Part 73, ``Physical Protection of 
Plants and Materials,'' of the Commission's regulations in Title 10 of 
the Code of Federal Regulations contains requirements for the 
protection of SGI. Commission orders issued since September 11, 2001, 
have also imposed requirements for the designation and protection of 
SGI. These requirements apply to SGI in the hands of any person, 
whether or not a licensee of the Commission, who produces, receives, or 
acquires SGI. An individual's access to SGI requires both a valid 
``need to know'' such information and authorization based on an 
appropriate background investigation. Power reactors, certain research 
and test reactors, and spent fuel storage installations are examples of 
the categories of licensees currently within the scope of the 
provisions of part 73 for the protection of SGI. Examples of the types 
of information designated as SGI include the physical security plan for 
a licensee's facility; the design features of such a licensee's 
physical protection system; and operational procedures for the 
licensee's security organization.
    The Commission has authority under section 147 of the AEA to 
designate, by regulation or order, other types of information as SGI. 
For example, section 147.a.(2) allows the Commission to designate as 
SGI a licensee's or applicant's detailed security measures (including 
security plans, procedures and equipment) for the physical protection 
of source material or byproduct material in quantities determined by 
the Commission to be significant to the public health and

[[Page 7197]]

safety or the common defense and security. The Commission has, by 
order, imposed SGI handling requirements on certain categories of these 
other licensees. An example is a November 25, 2003 order issued to 
certain materials licensees.\1\
---------------------------------------------------------------------------

    \1\ This order was published in the Federal Register as ``All 
Licensees Authorized to Manufacture or Initially Transfer Items 
Containing Radioactive Material for Sale or Distribution and Who 
Possess Certain Radioactive Material of Concern and All Persons Who 
Obtain Safeguards Information Described Herein; Order Issued on 
November 25, 2003 Imposing Requirements for the Protection of 
Certain Safeguards Information (Effective Immediately),'' (69 FR 
3397 (January 23, 2004).
---------------------------------------------------------------------------

    Violations of SGI handling and protection requirements, whether 
those specified in part 73 or those imposed by order, are subject to 
the applicable civil and criminal sanctions. Employees, past or 
present, and all persons who have had access to SGI have a continuing 
obligation to protect SGI in order to prevent inadvertent release and 
unauthorized disclosure. Information designated as SGI must be withheld 
from public disclosure and must be physically controlled and protected. 
Protection requirements include (1) secure storage; (2) document 
marking; (3) restriction of access; (4) limited reproduction; (5) 
protected transmission; and (6) controls for information processing on 
electronic systems.
    Inadequate protection of SGI, including inadvertent release and 
unauthorized disclosure, may result in civil and/or criminal penalties. 
The AEA explicitly provides in section 147.a. that ``any person, 
whether or not a licensee of the Commission, who violates any 
regulations adopted under this section shall be subject to the civil 
monetary penalties of section 234 of this Act.'' Furthermore, willful 
violation of any regulation or order governing SGI is a felony subject 
to criminal penalties in the form of fines or imprisonment, or both, as 
prescribed in section 223 of the AEA.

II. Need for Rule

    Changes in the threat environment have revealed the need to protect 
additional types of security information held by a broader group of 
licensees as SGI. Under the current regulations, some categories of 
licensees are not explicitly included in the categories of licensees 
subject to the general performance requirements in 10 CFR 73.21(a). 
Similarly, the current regulations do not specify all of the types of 
information that are now recognized to be significant to the public 
health and safety or the common defense and security. The unauthorized 
release of this information could result in harm to the public health 
and safety and the Nation's common defense and security, as well as 
damage to the Nation's critical infrastructure, including nuclear power 
plants and other facilities and materials licensed and regulated by the 
NRC.
    Since September 11, 2001, the NRC has issued orders that have 
increased the number of licensees whose security measures will be 
protected as SGI and have added additional types of security 
information considered to be SGI. Orders have been issued to power 
reactor licensees, fuel cycle facility licensees, certain source 
material licensees, and certain byproduct material licensees. Some of 
the orders expanded the types of information to be protected by 
licensees who already have an SGI protection program, such as nuclear 
power reactor licensees. Other orders were issued to licensees that 
have not previously been explicitly subject to SGI protection 
requirements in the regulations, such as certain licensees authorized 
to manufacture or initially transfer items containing radioactive 
material.\2\ Some orders impose a new designation: Safeguards 
Information--Modified Handling (SGI-M). SGI-M pertains to certain SGI 
subject to handling requirements that are modified from what part 73 
itself currently requires. This designation for SGI applies to certain 
quantities of source, byproduct, and special nuclear materials for 
which the risk of unauthorized disclosure of information is relatively 
low. In contrast, more stringent requirements are imposed for the 
protection of SGI pertaining to licensees such as power reactors and 
certain fuel cycle facilities.
---------------------------------------------------------------------------

    \2\ See 69 FR 3397 (January 23, 2004).
---------------------------------------------------------------------------

    Some of the requirements imposed by orders that have increased the 
types of information to be considered SGI are not covered by the 
current regulations. Although new SGI requirements could continue to be 
imposed through the issuance of orders, the regulations would not 
reflect current Commission SGI policy and/or requirements. Orders apply 
only to the licensees named in the orders, and enforcement orders do 
not apply prospectively to applicants for new licenses such as a rule 
would. Duke Energy Corp. (Catawba Nuclear Station, Units 1 and 2), CLI-
04-6, 59 NRC 62 (2004) (February 18, 2004). Finally, it has been 
Commission policy to codify requirements in the regulations and not to 
rely on orders indefinitely to impose requirements that should have 
generic application.

III. Purpose of Rulemaking

    NRC staff review of the SGI regulatory program indicates that 
changes in the regulations are needed to address issues such as access 
to SGI, types of security information to be protected, and handling and 
storage requirements.\3\
---------------------------------------------------------------------------

    \3\ The NRC staff is in the process of revising the guidance for 
designation of SGI and has issued a draft document for comment 
(Nuclear Regulatory Commission Draft Guide for the Designation of 
Safeguards Information, July 2004).
---------------------------------------------------------------------------

    This rulemaking would:
    Codify the SGI requirements imposed by the orders;
    Expand the scope of part 73 to include additional categories of 
licensees (e.g., source and byproduct material licensees, research and 
test reactors not previously covered, and fuel cycle facilities not 
previously covered);
    Expand the types of security information covered by the definition 
of SGI in Sec.  73.21 to include access authorization for background 
screening, detailed emergency planning scenarios and implementing 
procedures, vulnerabilities or weaknesses corrected in a security 
system, and some training and qualification information; and
    Update Sec.  73.21 to address advanced technology, such as new 
types of portable communication devices and copiers using digital 
technology.
    A graded approach based on the risks and consequences of 
information disclosure is being used in determining which category of 
licensee or type of information will be subject to certain protection 
requirements. This graded approach can be applied to such issues as the 
type of information to be protected, the classes of licensees subject 
to the rule, and the level of handling requirements necessary for the 
various licensees. For example, the graded approach allows certain 
licensees, whose quantities and forms of material pose a low risk from 
unauthorized information disclosure, to employ the modified-handling 
procedures introduced in recent orders for Safeguards Information 
designated as SGI-M.
    The requirements set forth in this proposed rule are the minimum 
restrictions the Commission believes to be necessary in the current 
threat environment to protect Safeguards Information against 
inadvertent release or unauthorized disclosure which might compromise 
the health and safety of the public or the common defense and security. 
The proposed rule covers those facilities and materials the Commission 
has already determined need to be protected against theft or sabotage. 
The

[[Page 7198]]

categories of information constituting SGI relate to the types of 
facilities and the quantities of special nuclear material, source 
material and byproduct material determined by the Commission to be 
significant and therefore subject to protection against unauthorized 
disclosure pursuant to section 147 of the AEA. Unauthorized release of 
Safeguards Information could reduce the deterrence value of systems and 
measures used to protect nuclear facilities and materials and allow for 
the possible compromise of those facilities and materials. Such 
disclosures could also facilitate advance planning by an adversary 
intent on committing acts of theft or sabotage against the facilities 
and materials within the scope of the rule. The rule requirements 
satisfy the minimum restrictions provision of section 147.a.(3)(A) of 
the AEA. Further, the Commission has determined, pursuant to section 
147.a.(3)(B) of the AEA, that the unauthorized disclosure of the 
information that is the subject of the proposed rule could reasonably 
be expected to have a significant adverse effect on the health and 
safety of the public or the common defense and security by 
significantly increasing the likelihood of theft, diversion, or 
sabotage of nuclear material or a facility.

IV. Request for Specific Comment

    The NRC is soliciting specific public comment on the following 
issue associated with the proposed rulemaking action:
    Differing Requirements for Access to SGI and SGI-M--sections 
73.22(b)(1) and 73.23(b)(1) contain differing requirements for 
performing background checks and making trustworthiness and reliability 
determinations for granting personnel access to SGI or SGI-M. 
Specifically, under Sec.  73.22(b)(1)(i)(A), an individual to be 
authorized access to SGI by a nuclear power reactor applicant or 
licensee must demonstrate trustworthiness and reliability and undergo a 
Federal Bureau of Investigation criminal history check to the extent 
required by Sec.  73.57, which includes fingerprinting. Individuals to 
be authorized access to SGI by other applicants or licensees covered by 
Sec.  73.22 or by a source, byproduct, or special nuclear material 
applicant or licensee pursuant to Sec.  73.23(b)(1)(i) must demonstrate 
trustworthiness and reliability through a comprehensive background 
check or other means approved by the Commission. These different 
requirements are based on the statutory authorization in section 149 of 
the AEA for the NRC to require fingerprinting of individuals to be 
granted access to SGI by nuclear power reactor applicants or licensees. 
There is not a similar statutory authorization to require 
fingerprinting by other applicants or licensees.
    The NRC specifically invites comment on whether stakeholders would 
perceive difficulties in complying with these varying requirements. If 
so, the Commission would welcome stakeholder's suggestions, comments, 
and/or proposals which would provide a more uniform approach to 
background checks and trustworthiness and reliability determinations.

V. Discussion of Proposed Amendments by Section

    Conforming changes to 10 CFR part 2, ``Rules of practice for 
domestic licensing proceedings and issuance of orders,'' would be made 
to the following sections to include citation of 10 CFR 73.22 and 
73.23, in addition to citation of current Sec.  73.21, as applicable 
appropriate: paragraph (f) of Sec.  2.709, ``Discovery against NRC 
staff;'' \4\ paragraph (a)(4)(iii) of Sec.  2.1003, ``Availability of 
material;'' and paragraph (b)(6) of Sec.  2.1010, ``Pre-License 
application presiding officer.''
---------------------------------------------------------------------------

    \4\ In Sec.  2.709(f), which replaces former Sec.  2.744(e), a 
few changes in the language and citations in former Sec.  2.744(e), 
not relevant here, were made as part of a separate rulemaking 
amending 10 CFR part 2. ``Changes to Adjudicatory Process; Final 
Rule,'' 69 FR 2182, 2262 (January 14, 2004).
---------------------------------------------------------------------------

    Conforming changes are also being proposed to 10 CFR part 30, 
``Rules of general applicability to domestic licensing of byproduct 
material,'' and 10 CFR part 40, ``Domestic licensing of source 
material.'' The proposed changes would add provisions to the sections 
of those parts addressing applications for specific licenses and terms 
and conditions of licenses. In part 30, Sec. Sec.  30.32, ``Application 
for specific licenses'' and 30.34, ``Terms and conditions of 
licenses,'' would be amended to include citation of Sec. Sec.  73.21 
and 73.23. In part 40, corresponding sections (Sec. Sec.  40.41 and 
40.31) would be amended to include citation of Sec.  73.21 and the 
requirements of Sec.  73.22 or Sec.  73.23, as applicable. With these 
additions, it should be clear that part 30 and part 40 licensees and 
applicants (subject to 10 CFR part 73), under each part would be 
required to protect categories of documents and information in 
accordance with the requirements of part 73.
    Conforming changes to 10 CFR part 50, ``Domestic licensing of 
production and utilization facilities,'' would add to Sec.  50.34, 
``Contents of applications; technical information'' and Sec.  50.54, 
``Conditions of licenses,'' citations to Sec.  73.22, ``Protection of 
Safeguards Information: Specific Requirements'' and Sec.  73.23, 
``Protection of Safeguards Information-Modified Handling: Specific 
Requirements.'' The purpose of these changes would be to reflect that 
specific requirements for protecting SGI relating to such licensees and 
materials would be moved from Sec.  73.21 to proposed Sec.  73.22 and 
Sec.  73.23, of this chapter, as applicable.
    Conforming changes are also being proposed to 10 CFR part 52, 
``Early site permits; standard design certifications; and combined 
licenses for nuclear power plants.'' Specifically, Sec.  52.47, 
``Contents of applications,'' relating to standard design 
certifications, would be amended to add as paragraph (c) the 
requirement that an applicant for a standard design certification under 
part 52 shall protect SGI against unauthorized disclosure in accordance 
with the requirements of Sec. Sec.  73.21 and 73.22 of this chapter, as 
applicable. A similar conforming change is being proposed for Sec.  
52.79, ``Contents of application; technical information,'' relating to 
combined licenses for nuclear power facilities.
    Part 60, ``Disposal of high-level Radioactive wastes in geologic 
repositories,'' would be amended to add in Sec.  60.21, ``Content of 
application,'' new paragraph (d). That paragraph would state that the 
application for a license for a geologic repository operations area 
shall protect as SGI detailed security measures and related 
information, in accordance with the requirements of Sec.  73.21 and the 
requirements of Sec.  73.22 or Sec.  73.23 of this chapter, as 
applicable. A parallel change would be made to a new paragraph (d) to 
Sec.  60.42, ``Conditions of license.''
    Part 63, ``Disposal of high-level radioactive wastes In a geologic 
repository at Yucca Mountain, Nevada,'' would be amended to add new 
paragraph (d) to Sec.  63.21, ``Content of application.'' That section 
would state that the applicant for a license to receive and possess 
source, byproduct, and special nuclear material at a geologic 
repository at Yucca Mountain, Nevada shall protect the detailed 
security measures for the physical protection of high-level radioactive 
waste as SGI in accordance with Sec. Sec.  73.21 and 73.22. A 
corresponding change (i.e., adding new paragraph (e)) would be made to 
Sec.  63.42, ``Conditions of license.''
    Conforming changes are being proposed for 10 CFR part 70, 
``Domestic licensing of special nuclear material,'' subpart D--
``License applications.'' Specifically, Sec.  70.22, ``Contents of 
applications,'' and Sec.  70.32 ``Conditions of licenses,'' would be 
modified to add citation of proposed Sec.  73.23. These modifications 
are being proposed to be

[[Page 7199]]

consistent with the addition of proposed Sec.  73.23 containing 
specific requirements for Safeguards Information--Modified Handling 
related to certain quantities of source and byproduct material and 
special nuclear material of moderate or low strategic significance, 
except for those materials covered under Sec.  73.22.
    Part 71, ``Packaging and transportation of radioactive material,'' 
would be amended to add new Sec.  71.11, ``Protection of Safeguards 
Information'' because licensees, certificate holders, or applicants for 
a Certificate of Compliance for transport of radioactive material would 
be required to protect Safeguards Information in accordance with the 
applicable amended requirements in part 73. The proposed revision does 
not address the protection of design-related information with respect 
to transportation packages.
    Part 72, ``Licensing requirements of the independent storage of 
spent nuclear fuel, high-level radioactive waste, and reactor-related 
greater than Class C waste,'' would also be amended. A new paragraph 
(f) would be added to Sec.  72.22, ``Contents of application; General 
and financial information,'' to require that each applicant for a 
license under part 72 would be required to protect SGI against 
unauthorized disclosure in accordance with Sec.  73.21 and the 
requirements of Sec.  73.22 or Sec.  73.23, of this chapter, as 
applicable. In Sec.  72.44, ``License conditions,'' paragraph (h) would 
include a similar requirement for each licensee subject to part 73. 
Section 72.212 would be changed to designate paragraph (b)(5)(v) as 
paragraph (b)(5)(vi) and a new paragraph (b)(5)(v) would be added to 
require that each general licensee that receives, transfers, and 
possesses power reactor spent fuel, power reactor-related Greater than 
Class C (GTCC) waste, and other radioactive materials associated with 
spent fuel storage shall protect Safeguards Information against 
unauthorized disclosure in accordance with the requirements of Sec.  
73.21 and the requirements of Sec.  73.22 or Sec.  73.23, of this 
chapter, as applicable. A new paragraph (n) would be added to Sec.  
72.236, ``Specific requirements for spent fuel storage cask approval 
and fabrication,'' to note that Safeguards Information shall be 
protected against unauthorized disclosure in accordance with the 
requirements of Sec.  73.21 and the requirements of Sec.  73.22 or 
Sec.  73.23 of this chapter, as applicable.

Section 73.1 Purpose and Scope

    Paragraph (b)(7) of this section would be amended to include a 
reference to ``Safeguards Information-Modified Handling'' (SGI-M), the 
designation for marking of documents containing Safeguards Information 
(SGI) to which the Commission has determined modified protection 
requirements apply. Orders to certain materials licensees contain this 
new SGI-M designation and the handling requirements for such 
information.

Section 73.2 Definitions

    This section would be amended to add definitions of the terms 
Individual Authorized Access to Safeguards Information and Individual 
Authorized Access to Safeguards Information-Modified Handling; 
Trustworthiness and Reliability, and Safeguards Information-Modified 
Handling Requirements. In addition, the definition of the term 
Safeguards Information would be modified.
    The new terms Individual Authorized Access to Safeguards 
Information and Individual Authorized Access to Safeguards Information-
Modified Handling, would be added to distinguish such individuals from 
an ``authorized individual,'' which is defined now to apply only to the 
control of and access to special nuclear material, without reference to 
handling of information or documents.
    The new term, Safeguards Information-Modified Handling, would be 
added to reflect the new designation for marking of SGI subject to this 
regulation. This marking has been previously established through 
Commission orders.
    The new term, Trustworthiness and Reliability, would be added to 
reflect Commission expectations regarding positive character attributes 
for access to SGI and SGI-M handling in addition to an individual's 
``need to know'' such information. This expectation is embodied 
elsewhere in part 73 (Sec.  73.56, ``Personnel access authorization 
requirements for nuclear power plants.'') and in 10 CFR 26.10, 
``General performance objectives,'' for fitness-for-duty. Specifically, 
Sec.  73.56(b) requires, as a performance objective of a licensee's 
access authorization program, ``high assurance'' that individuals 
granted unescorted access to a nuclear power plant's protected and 
vital areas are trustworthy and reliable. Similarly, under Sec.  
26.10(a), a licensee's fitness-for-duty program must provide reasonable 
assurance that covered personnel will perform their tasks in a 
``trustworthy and reliable manner.''
    The definition of ``Safeguards Information'' would be changed to 
reflect that certain categories of information relating to source and 
byproduct material are subject to protection as SGI against 
unauthorized disclosure pursuant to section 147 of the AEA. In 
addition, this definition would embody the Commission's authority under 
section 147 of the AEA to determine, by order or regulation, that the 
unauthorized disclosure of other information could reasonably be 
expected to have an adverse effect on the health and safety of the 
public or the common defense and security by significantly increasing 
the likelihood of theft, diversion, or sabotage of materials and 
facilities. The Commission may from time to time exercise its authority 
under section 147.a.\5\ of the AEA to define additional information as 
SGI. Thus, the public and other stakeholders would, through orders or 
new regulations, be given notice of any additional definitions of SGI.
---------------------------------------------------------------------------

    \5\ In the exercise of this authority, the Commission makes 
certain determinations and applies the minimum restrictions 
necessary to protect SGI, in compliance with section 147 of the AEA.
---------------------------------------------------------------------------

    The proposed definition of SGI would also delete the words 
``licensee's or applicant's'' [information]. This change is being 
proposed to reflect in the regulations the Commission's authority under 
section 147 of the AEA to determine that other information involving 
the materials described in that provision shall be protected as SGI. 
This authority can be exercised if the unauthorized disclosure of that 
information could reasonably be expected to have an adverse effect on 
the health and safety of the public or the common defense and security 
by significantly increasing the likelihood of theft, diversion, or 
sabotage of materials and facilities regulated by the Commission. The 
proposed change is also based on the Commission's very broad authority 
under section 161.b. of the AEA to regulate the use and possession of 
source, byproduct, and special nuclear material in order to promote the 
common defense and security or to protect health and minimize danger to 
life or property.

Section 73.21 Protection of Safeguards Information: Performance 
Requirements

    This section would be revised as follows:

Section 73.21(a) General Performance Requirements

    The language in paragraph (a) would be simplified and revised to 
state at the outset that any person, including a licensee or an 
applicant, who produces, receives or acquires SGI shall ensure that it 
is protected against unauthorized disclosure. Although this is not a 
new requirement under Sec.  73.21(a), the current language and format 
of that paragraph does not emphasize this as an

[[Page 7200]]

obligation that extends to any person who produces, receives, or 
acquires SGI.
    Revised paragraphs Sec.  73.21(a)(1)(i) and (a)(1)(ii) would embody 
the general performance requirement in paragraph (a) of current Sec.  
73.21 that licensees, applicants, and persons subject to that section 
must establish, implement, and maintain an information protection 
system that includes specified measures. However, the proposed rule 
presents separate requirements for the different categories of 
licensees.
    Proposed Sec.  73.22 contains the specific requirements for 
Safeguards Information related to power reactors, licensees authorized 
to possess a formula quantity of strategic special nuclear material, 
transportation of or delivery to a carrier for transportation of a 
formula quantity of strategic special nuclear material or more than 100 
grams of irradiated reactor fuel, and fuel cycle facilities required to 
implement security measures. Measures for protecting SGI relating to 
certain quantities of source and byproduct material, and special 
nuclear material of moderate or low strategic significance are 
specified in proposed Sec.  73.23.\6\
---------------------------------------------------------------------------

    \6\ The quantities are those determined by the Commission 
through order or regulation to be significant to the public health 
and safety or the common defense and security.
---------------------------------------------------------------------------

    Although the measures for the protection of SGI are applicable if 
the information is produced, received, or acquired, if licensees do not 
have such information then the associated requirements would not apply. 
For example, research and test reactors are not required to implement 
the power reactor Design Basis Threat (DBT),\7\ and therefore, in all 
likelihood would not possess DBT-related information. However, should a 
research and test reactor receive or acquire such information, it would 
be required to protect the information in accordance with applicable 
measures.
---------------------------------------------------------------------------

    \7\ The DBTs, as described in 10 CFR 73.1, provide specific 
adversary characteristics which power reactor and Category I fuel 
cycle facilities need to protect against. The DBTs form the basis 
for site-specific defensive strategies as set forth in a site's 
physical security plan and contingency plan.
---------------------------------------------------------------------------

    Including the references to source, byproduct, and special nuclear 
material in these new paragraphs would reflect the full scope of 
section 147 of the AEA. That section authorizes the Commission to 
protect against the unauthorized disclosure of SGI which specifically 
identifies a licensee's or applicant's detailed procedures or security 
measures relating to special nuclear material, byproduct material, and 
source material, in quantities determined by the Commission through 
order or regulation to be significant. This change would lessen the 
need for the Commission to issue orders to licensees for the protection 
of SGI relating to categories of licensees, information, or materials 
not currently within the scope of part 73.
    Section 73.21(a)(1)(i) and (a)(1)(ii) would also add the word 
``implement'' to the requirement in current Sec.  73.21(a) that 
licensees and persons subject to this section must establish and 
maintain an information protection system to protect against the 
unauthorized disclosure of SGI.

Section 73.21(b) Commission Authority

    This is a new paragraph that recognizes the Commission's broad 
authority and flexibility under section 147 of the AEA to designate 
information as SGI or SGI-M and to impose levels of handling 
requirements on any person who produces, receives, or acquires SGI. In 
exercising this authority, the Commission is required to make a finding 
that the unauthorized disclosure of such information could reasonably 
be expected to have a significant adverse effect on the health and 
safety of the public or the common defense and security by 
significantly increasing the likelihood of the theft, diversion, or 
sabotage of a facility or source, byproduct, and special nuclear 
material. In addition, the Commission is to impose the minimum 
restrictions necessary to protect the health and safety of the public 
or the common defense and security.
    The remaining paragraphs of Sec.  73.21 will be renumbered into new 
Sec. Sec.  73.22 and 73.23, and modified as noted.

Section 73.22 Protection of Safeguards Information: Specific 
Requirements

    New Sec.  73.22 would be added, containing specific requirements 
for Safeguards Information related to power reactors, licensees 
authorized to possess a formula quantity of strategic special nuclear 
material, transportation of or delivery to a carrier for transportation 
of a formula quantity of strategic special nuclear material or more 
than 100 grams of irradiated reactor fuel, and fuel cycle facilities 
required to implement security measures.

Section 73.22(a) Information To Be Protected

    Current Sec.  73.21(b) ``Information To Be Protected,'' would be 
renumbered as Sec.  73.22(a) and be revised to add specificity to the 
types of information and documents that must be protected as SGI. Such 
information and documents would include the elements and 
characteristics of the DBT in a level of detail greater than that 
specified in Sec.  73.1, as well as security-related requirements to be 
protected against unauthorized disclosure such as protective measures, 
interim compensatory measures, and additional security measures. These 
changes are necessary to codify in the regulations the recent practices 
of the Commission as reflected in orders and threat advisories issued 
since September 11, 2001.
    Section 73.21(a)(1), ``Physical Protection at Fixed Sites,'' would 
be changed to be consistent with the language in section 147.a.(1), 
(2), and (3) of the AEA to include information relating to all of the 
materials there specified. As revised, paragraph (a)(1) of Sec.  73.21 
would not be limited to information concerning the protection of power 
reactors authorized to operate and facilities that possess formula 
quantities of strategic special nuclear material, as is current Sec.  
73.21(b)(1). Section (a)(1)(i) would be revised to delete the word 
``nuclear'' to be consistent with the terminology in section 147 of the 
AEA. In addition, the words ``All portions of'' would be added at the 
beginning of this category to make clear the broader scope of this 
category of information intended to be protected as SGI.
    Sections 73.22(a)(1)(iii) and 73.22(a)(1)(v) embody changes to 
current Sec.  73.21(b)(1)(iii) and current Sec.  73.21(b)(1)(v). The 
new Sec.  73.22(a)(ii) would delete the words ``Details of'' at the 
beginning of these categories of information to make clear the broader 
scope of the information intended to be protected as SGI.
    Section 73.22(a)(1)(vi) would be current Sec.  73.21(b)(1)(vi) and 
would be amended to include the phrase ``passwords integral to the 
physical security system'' because such passwords constitute the type 
of information that should be protected as SGI.
    Section 73.22(a)(1)(viii), current Sec.  73.21(b)(1)(viii), and 
Sec.  73.22(a)(1)(ix), current Sec.  73.21(b)(1)(ix), would be revised 
to add at the beginning of each category the words ``All portions of.'' 
This change would make it clear that the referenced plans in their 
entirety and subparts are intended to be designated as SGI. In 
addition, current Sec.  73.21(a)(1)(ix) would be changed to recognize 
the importance of the licensee's overall facility guard training and 
qualification plan as a ``composite'' plan.
    New Sec.  73.22(a)(1)(x) would reflect a combination of current 
paragraphs Sec.  73.21(b)(1)(x), Sec.  73.21(b)(1)(xi), and

[[Page 7201]]

Sec.  73.21(b)(1)(xii). As revised, this paragraph would specify the 
enumerated aspects of response forces.
    Proposed Sec.  73.22(a)(1)(xi) would be added to cover information 
concerning the size, tactics and capabilities required to defend 
against the DBT or information that would disclose elements and 
characteristics of the DBT in a greater level of detail than that 
specified in Sec.  73.1.
    Proposed Sec.  73.22(a)(1)(xii) would be added to specify for 
protection as SGI engineering and safety analyses, emergency planning 
procedures or scenarios, and other similar information relating to the 
physical protection of a facility or materials if the unauthorized 
disclosure of such information could reasonably be expected to have a 
significant adverse effect on the health and safety of the public or 
the common defense and security by significantly increasing the 
likelihood of theft, diversion, or sabotage of such material or such 
facility.
    Proposed Sec.  73.22(a)(1)(xiii) is the current Sec.  
73.21(b)(1)(xiii).

Section 73.22(a)(2) Physical Protection in Transit

    The introductory paragraph in current Sec.  73.21(b)(2) and Sec.  
73.21(b)(2)(i), Sec.  73.21(b)(2)(iii) and Sec.  73.21(b)(2)(iv) are 
renumbered as new introductory paragraph Sec.  73.22(a)(2), Sec.  
73.22(a)(2)(i), Sec.  73.22(a)(2)(iii) and Sec.  73.22(a)(2)(iv). The 
introductory paragraph would be changed to reflect the applicability of 
Sec.  73.22 to the transportation of or delivery to a carrier for 
transportation of a formula quantity of strategic special nuclear 
material or more than 100 grams of irradiated reactor fuel.
    Section 73.22(a)(2)(i) would be revised to include the words ``All 
portions of'' to make it clear that these plans in their entirety and 
subparts are intended to be designated as SGI.
    Current Sec.  73.21(b)(2)(ii) would be re-numbered as Sec.  
73.22(a)(2)(ii) but would otherwise be unchanged.
    Current Sec.  73.21(b)(2)(iii) would be renumbered as Sec.  
73.22(a)(2)(iii) and changed to delete the words ``Details of'' to 
clarify that the features, devices, and systems in their entirety are a 
category of SGI to be protected as such.
    Current Sec.  73.21(b)(2)(iv) would be renumbered as Sec.  
73.22(a)(2)(iv) and would be otherwise unchanged.
    Current Sec.  73.21(b)(2)(v) would be renumbered as Sec.  
73.22(a)(2)(v) and would delete the words ``radio-telephone'' so as to 
encompass the more modern means of communications. This section would 
also delete the words ``Details regarding'' to clarify that all aspects 
of communications during transport are included in this category of 
information.
    Current Sec.  73.21(b)(2)(vi) would be re-numbered as Sec.  
73.22(a)(2)(vi) and would add the word ``security'' before the word 
``emergencies'.
    Section 73.22(a)(2)(vii) is new and its purpose would be to 
encompass information concerning the tactics and capabilities required 
to defend against attempted radiological sabotage or theft and 
diversion of formula quantities of special nuclear material or related 
information.
    Section 73.22(a)(2)(viii) would be added to include as information 
to be protected as SGI, engineering or safety analyses and emergency 
planning procedures or scenarios relating to the protection of a 
facility or material if the unauthorized disclosure of that information 
could reasonably be expected to have a significant adverse effect on 
the health and safety of the public or the common defense and security 
by significantly increasing the likelihood of theft, diversion, or 
sabotage of such facility or material.
    Section 73.22(a)(3) is based on current Sec.  73.21(b)(3), 
``Inspections, audits and evaluations,'' and would be broadened to 
cover specific requirements for Safeguards Information related to power 
reactors, licensees authorized to possess a formula quantity of 
strategic special nuclear material, transportation of or delivery to a 
carrier for transportation of a formula quantity of strategic special 
nuclear material or more than 100 grams of irradiated reactor fuel, and 
fuel cycle facilities required to implement security measures. Detailed 
information regarding defects, weaknesses or vulnerabilities is 
generally not released because identical circumstances may apply to a 
licensee or applicant employing similar security measures. In addition, 
the types of inspections and reports within the scope of the section 
would not be limited to safeguards inspections and reports. This 
language would recognize that documents concerning other types of 
inspections could contain SGI.
    Current Sec.  73.21(b)(4), Correspondence, would be renumbered 
Sec.  73.22(a)(4) and would be otherwise unchanged.
    Section 73.22(a)(5) would be new and would reflect the authority of 
the Commission under Section 147.a. of the AEA to designate as SGI such 
other information as the Commission may determine by order or 
regulation could reasonably be expected to have a significant adverse 
effect on the health and safety of the public or the common defense and 
security by significantly increasing the likelihood of theft, 
diversion, or sabotage of material or a facility (within the scope of 
Sec.  73.22). The Commission, may from time to time, exercise its 
authority under section 147.a.\8\ of the AEA to define additional 
information as SGI and the public and other stakeholders would have 
notice as to what these additional definitions of SGI are, through 
orders or new regulations, that would specifically define SGI.
---------------------------------------------------------------------------

    \8\ In the exercise of this authority, the Commission would make 
certain determinations and apply the minimum restrictions necessary 
to protect SGI.
---------------------------------------------------------------------------

    Section 73.22(b) is based on current Sec.  73.21(c) through (i), 
which address access to SGI and specific requirements for protecting it 
from unauthorized disclosure. The Commission is proposing to re-
structure part 73 to accommodate the separate handling requirements for 
SGI-M, imposed by order or regulation on certain byproduct, source, and 
special nuclear materials licensees. Proposed Sec.  73.22 would contain 
the specific requirements for Safeguards Information related to power 
reactors, licensees authorized to possess a formula quantity of 
strategic special nuclear material, transportation of or delivery to a 
carrier for transportation of a formula quantity of strategic special 
nuclear material or more than 100 grams of irradiated reactor fuel, and 
fuel cycle facilities required to implement security measures. 
Corresponding specific requirements for SGI-M relating to certain 
quantities of source and byproduct material, and special nuclear 
material of low or moderate strategic significance would be set forth 
in proposed Sec.  73.23.
    Section 73.22(b)(1) would state, as does current Sec.  73.21(c)(1), 
the requirement that no person may have access to SGI unless the person 
has an established ``need to know'' the information and fits within 
described occupational categories (proposed Sec.  73.22(b)(1)(i) 
through (vii)). The new Sec.  73.22(b)(1)(i)(A) and (B) add the 
requirement that individuals authorized access to SGI by a nuclear 
power reactor licensee and non-power reactor licensees and applicants, 
demonstrate ``trustworthiness and reliability'' prior to such access. 
The Commission has also updated the descriptions in Sec.  
73.21(c)(1)(ii) through (vi) of some of the occupational groups and 
added a new group, as described below.
    The description of the occupational category in Sec.  
73.22(b)(1)(i), (Commission, U.S. government, or licensee or applicant 
employee, agent, or contractor) would change the language in current 
Sec.  73.21(c)(1)(i) from

[[Page 7202]]

``U.S. Government'' to ``Executive Branch'' of the U.S. Government. 
This change is necessary because for purposes of access to SGI, members 
of Congress are covered separately in the occupational category 
specified in proposed Sec.  73.22(b)(1)(i).
    Additionally, new Sec.  73.22(b)(1)(i)(A) would require that an 
individual authorized access to SGI by a nuclear power reactor facility 
applicant or licensee must undergo an FBI criminal history check and 
must demonstrate trustworthiness and reliability. Another new 
paragraph, Sec.  73.22(b)(1)(i)(B) would be added, mandating that 
individuals to be authorized access to SGI by a non-power reactor 
facility applicant or licensee must also demonstrate trustworthiness 
and reliability. However, this demonstration would be based on a 
comprehensive background check or other means approved by the 
Commission in lieu of the FBI criminal history check.
    Section 73.22(b)(1)(ii) is based on current Sec.  73.21(c)(1)(ii) 
but would delete the phrase ``a duly authorized committee of'' [the 
Congress]. Under the Commission's current regulations in Sec.  
73.21(c)(1)(ii), a member of a ``duly authorized committee of the 
Congress'' with a ``need to know'' SGI is given access to such 
information. This section of the regulations does not set forth the 
meaning of a ``duly authorized committee.'' If narrowly interpreted, 
this occupational category might only apply to members of Congress who 
serve on NRC oversight committees. The deletion in the proposed rule of 
the phrase ``a duly authorized committee'' [of the Congress] would mean 
that the authorization would extend to all members of Congress (with a 
``need to know'' SGI). This change would be made because many members 
of Congress are not on NRC oversight committees, yet they may need 
access to SGI because of the presence of nuclear facilities or 
materials in their states or districts. As amended, the language would 
not alter the Commission's current practices in responding to requests 
from members of Congress for access to SGI.
    In addition, the authorization in current Sec.  73.21(c)(1)(ii) 
does not extend to congressional staff. The Commission is not proposing 
to extend the authorization to congressional staff. On a case-by-case 
basis, with explicit authorization from the appropriate NRC office, the 
NRC staff could share SGI with a Congressional staff member with a 
``need to know'' SGI and who otherwise meets the requirements for 
access to such information.
    Section 73.22(b)(1)(iii) renumbers current Sec.  73.21(c)(1)(iii) 
and would be otherwise unchanged.
    Section 73.22(b)(1)(iv) is based on current Sec.  73.21(c)(1)(iv) 
but the word ``representative'' is being made plural to account for the 
fact that more than one representative may be designated under this 
occupational category. The plural form is consistent with similar 
language in the descriptions of occupational categories in current 
Sec.  73.21(c)(1).
    Current Sec.  73.21(c)(1)(v) would be re-numbered as paragraph 
(b)(1)(v) and the description of this occupational category would be 
changed to ``employees'' (which would include the current term 
``member'') of a state or local law enforcement authority who are 
responsible for responding to requests for assistance during safeguards 
or securities emergencies.
    Section 73.22(b)(1)(vi) includes as an occupational category, State 
Radiation Control Program Directors and Homeland Security Advisors or 
their designated representatives. This category corresponds to Sec.  
73.23(b)(1)(iii).
    Section 73.22(b)(1)(vii) is current Sec.  73.21(c)(1)(vi) and 
substitutes the citation of 10 CFR Sec.  2.709(f) for Sec.  2.744(e) 
because the latter citation is outdated.
    Section 73.22(b)(2) contains a statement contained in a recent 
Commission order \9\ that finds that individuals in the occupational 
categories described in Sec.  73.22(b)(1)(ii) through Sec.  
73.22(b)(1)(vii) \10\ are considered to be trustworthy and reliable by 
virtue of their occupational status. For non-governmental individuals 
described in Sec.  73.22(b)(1)(i), a determination of trustworthiness 
and reliability is required prior to granting access to SGI. Discretion 
must be exercised in granting access to these individuals. If there is 
any indication that the recipient would be unwilling or unable to 
provide proper protection for the SGI, they are not authorized to 
receive SGI-M.
---------------------------------------------------------------------------

    \9\ e.g., ``All Licensees Authorized to Manufacture or Initially 
Transfer Items Containing Radioactive Material for Sale or 
Distribution and Possess Certain Radioactive Material of Concern and 
All Other Persons Who Obtain Safeguards Information; Order Imposing 
Requirements for the Protection of Certain Safeguards Information 
(Effective Immediately) (69 FR 3397, 3399; January 23, 2004).
    \10\ Individuals (or in some cases, their designated 
representatives) in the following occupational groups are included: 
State Governors, representatives of the IAEA, employees of state or 
local law enforcement, State Radiation Control Program Directors and 
State Homeland Security Advisors, and individuals to whom disclosure 
is ordered pursuant to 10 CFR 2.709(f). (69 FR 3399; January 23, 
2004).
---------------------------------------------------------------------------

Section 73.22(c) Protection While in Use or Storage

    Section 73.22(c)(1) contains the identical requirement in current 
Sec.  73.21(d), that while in use, matter containing SGI shall be under 
the control of an individual authorized access to SGI.
    Under certain conditions the general control exercised over 
security zones or areas would be considered to meet this requirement. 
Some examples of these areas would be: Alarm stations, guard posts and 
guard ready rooms; engineering or drafting areas if visitors are 
escorted and information is not clearly visible; plant maintenance 
areas if access is restricted and information is not clearly visible; 
administrative offices (e.g., central records or purchasing) if 
visitors are escorted and information is not clearly visible. The 
primary consideration is limiting access to those who have a ``need to 
know'' and are authorized to have access. Section 73.22(c)(2) would be 
revised to limit access to lock combinations.

Section 73.22(d) Preparation and Marking of Documents or Other Matter

    Section 73.22(d) would revise current Sec.  73.21(e) to add in the 
title ``or other matter,'' to be consistent with the language in the 
substantive paragraphs that follow. In addition, a new provision would 
be added to require certification that a document or other matter 
contains SGI and the certification must set forth the name and title of 
the certifying official and the certification date. Also, portion 
marking would be required for correspondence to NRC. Such marking would 
have to be sufficient to allow the recipient to identify and 
distinguish those sections of the document or other matter containing 
the protected information from the information that is otherwise 
unprotected.

Section 73.22(e) Reproduction of Matter Containing Safeguards 
Information

    Section 73.21(f) is renumbered to become Sec.  73.22(e) and the 
text is revised to include direction for the use of digital copiers and 
to delete language regarding destruction of SGI, which has been 
relocated to Sec.  73.22(i).

Section 73.22(f) External Transmission of Documents and Material

    Section 73.22(f)(1) would amend Sec.  73.21(g)(1) to set forth 
detailed requirements for packaging SGI when transmitted outside an 
authorized place of use or storage. These prescriptive requirements are 
consistent with the current practices of nuclear power

[[Page 7203]]

reactor licensees and the Commission now deems it necessary to require 
them to adequately protect SGI or SGI-M when such information is 
transmitted externally.
    Section 73.22(f)(2) would amend Sec.  73.21(g)(2) to conform to 
other changes made by this rulemaking.
    Section 73.22(f)(3) would add language to current Sec.  73.21(g)(3) 
to permit transmission of SGI by protected telecommunication circuits 
(including facsimile) or encryption (Federal Information Processing 
Standard). Both of these means of transmission must be approved by the 
appropriate NRC office.

Section 73.22(g) Processing of SGI on Electronic Systems

    This section updates the title and expands the content of current 
Sec.  73.21(h), ``Use of automatic data processing (ADP) systems,'' to 
refer to the processing of SGI on electronic systems and to add 
specific requirements applicable to the computer processing of SGI.

Section 73.22(h) Removal From Safeguards Information Category

    Section 73.22(h) revises current Sec.  73.21(i) to add further 
restrictions on decontrolling SGI. One proposed change concerns the 
degree of care that must be exercised in removing information from the 
SGI category. The other new requirement would specify that the 
authority to determine that a document may be decontrolled shall be 
exercised only by the NRC or with NRC approval, or in consultation with 
the individual or organization that made the original determination, if 
possible. Removal from the SGI-M category is addressed in Sec.  
73.23(h).

Section 73.22(i) Destruction of Matter Containing SGI

    Section 73.22(i) contains revised language from current Sec.  
73.21(f) to be consistent with the policies set forth in the orders 
regarding the destruction of documents.
    New Section 73.23 Protection of Safeguards Information-Modified 
Handling: Specific Requirements.
    This is a new section which would set forth the specific 
requirements for Safeguards Information--Modified Handling related to 
certain quantities of source and byproduct material and special nuclear 
material of moderate or low strategic significance, except for those 
materials covered under section 73.22. The term ``SGI-M'' would be used 
as the distinguishing marking for SGI relating to certain source, 
byproduct, and special nuclear material licensees. Section 73.23 is 
based on the Commission's orders and threat advisories issued to 
certain byproduct materials licensees.

Section 73.23(a) Information To Be Protected

    Section 73.23(a) sets forth the information to be protected in 
accordance with the handling requirements specified in Sec.  73.23(c) 
through (i). In general terms, information deemed SGI-M is information 
the disclosure of which could reasonably be expected to have a 
significant adverse effect on the health and safety of the public or 
the common defense and security by significantly increasing the 
likelihood of theft, diversion, or sabotage of materials or facilities 
subject to NRC jurisdiction. SGI-M is the designation and marking for 
SGI which is subject to these requirements. The overall measure for 
consideration of SGI-M is the usefulness of the information (security 
or otherwise) to an adversary in planning or attempting a malevolent 
act; the more specific the information, the more likely that it will be 
useful to an adversary.
    Section 73.23(a) states that the specific types of information and 
documents to be protected as SGI-M include security-related 
requirements that must be protected from unauthorized disclosure such 
as protective measures, interim compensatory measures, and additional 
safety features. Sections 73.23(a)(1) through (a)(4) enumerate and 
describe the specific categories of SGI-M to be protected. These 
categories of information are based on those proposed in Sec.  
73.22(a)(1) through (a)(5), as applicable, which in turn update the 
types of information specified in current Sec.  73.21(b)(1) through 
(b)(4). In reference to proposed Sec.  73.23(a)(3)(i), regarding 
portions of certain inspection reports, evaluations, audits, or 
investigations, detailed information regarding defects, weaknesses or 
vulnerabilities is generally not released because identical 
circumstances may apply to licensees or applicants employing similar 
security measures. Section 73.23(a)(4) references correspondence as it 
pertains to this section.
    Section 73.23(a)(5) would be new and would reflect the authority of 
the Commission under section 147a of the AEA to designate as SGI such 
other information as the Commission may determine by order or 
regulation could reasonably be expected to have a significant adverse 
effect on the health and safety of the public or the common defense and 
security by significantly increasing the likelihood of theft, 
diversion, or sabotage of material or a facility (within the scope of 
Sec.  73.22). The Commission, may from time to time, exercise its 
authority under section 147.a.\11\ of the AEA to define additional 
information as SGI and the public and other stakeholders would have 
notice as to what these additional definitions of SGI are, through 
orders or new regulations, that would specifically define SGI.
---------------------------------------------------------------------------

    \11\ In the exercise of this authority, the Commission would 
make certain determinations and apply the minimum restrictions 
necessary to protect SGI.
---------------------------------------------------------------------------

    Section 73.23(b)(1) addresses conditions for access to SGI-M. 
Authorization for access to SGI-M by licensee employees, agents, or 
contractors must be based on both an appropriate ``need to know'' 
determination by the licensee, as well as a determination concerning 
the trustworthiness and reliability of individuals having access to the 
information. Employees of an organization associated with the 
licensee's company, for example, a parent company, may be considered as 
employees of the licensee for access purposes. A recipient of SGI-M 
should be made aware that the information is SGI-M and those having 
access to it are subject to the requirements for its protection as well 
as civil and criminal sanctions for mishandling the information.
    Section 73.23(b)(1)(ii) through (vi) describes occupational groups 
who are deemed to be trustworthy and reliable by virtue of their 
employment status. For non-governmental individuals in Sec.  
73.23(b)(1)(i) and (vii), a determination of trustworthiness and 
reliability is required. Discretion must be exercised in granting 
access to these individuals. If there is any indication that the 
recipient would be unwilling or unable to provide proper protection of 
the SGI-M, they are not authorized to receive SGI-M.
    Section 73.23(b)(1)(ii) is identical to the current Sec.  
73.21(c)(1)(ii), except the phrase ``a duly authorized committee of'' 
[the Congress] would be deleted. Under the Commission's current 
regulations in Sec.  73.21(c)(1)(ii), a member of a ``duly authorized 
committee of the Congress'' with a ``need to know'' SGI is given access 
to such information. This section of the regulations does not set forth 
the meaning of a ``duly authorized committee.'' The deletion in the 
proposed rule of the phrase ``a duly authorized committee'' [of the 
Congress] would mean that the authorization would extend to all members 
of Congress (with a ``need to know'' SGI-

[[Page 7204]]

M). This change would be made because many members of Congress are not 
on NRC oversight committees, yet may need access to SGI-M because 
nuclear facilities or materials are located in their states or 
districts. As amended, the language would not alter the Commission's 
current practices in responding to requests from members of Congress 
for access to SGI.
    In addition, the authorization in current Sec.  73.21(c)(1)(ii) 
does not extend to Congressional staff. The Commission is not proposing 
to extend the authorization to Congressional staff. On a case-by-case 
basis, with explicit authorization from the appropriate NRC office, the 
NRC staff could share SGI-M with a Congressional staff member with a 
``need to know'' SGI and who otherwise meets the requirements for 
access to such information.
    Section 73.23(b)(1)(iii) corresponds to Sec.  73.22(b)(1)(iii), 
which includes the Governor of a state or designated representatives as 
an occupational category presumed to be trustworthy and reliable for 
access to SGI.
    Section 73.23(b)(1)(iv) is based on Sec.  73.21(c)(1)(iv) and the 
only change is to make ``representative'' plural because that would be 
consistent with language for other occupational categories in which the 
plural form is used.
    Section 73.23(b)(1)(v) corresponds to proposed Sec.  
73.22(b)(1)(v), in which the description of this occupational category 
would be changed to ``employees'' (which would include the current term 
``member'') of a state or local law enforcement authority who are 
responsible for responding to requests for assistance during safeguards 
or securities emergencies.
    Section 73.23(b)(1)(vi) is the same occupational category of 
individuals in Sec.  73.22(b)(1)(vi). Because homeland security 
advisors is the correct title of the individuals to be included in this 
occupational category, that title is contained in proposed rule text.
    Section 73.23(b)(1)(vii) corresponds to proposed Sec.  
73.22(c)(1)(vi), which is based on current Sec.  73.21(c)(1)(vi). As 
proposed, this paragraph substitutes the citation of 10 CFR 2.709(f) 
for Sec.  2.744(e) because the latter citation is outdated.
    The subject of Sec.  73.23(c) is protection of SGI-M while in use 
or storage. While in use, SGI-M shall be under the control of an 
individual authorized access to Safeguards Information Modified 
Handling. This requirement is satisfied if the SGI-M is attended by an 
authorized individual in certain locations even though the information 
is in fact not constantly being used. Examples of such locations 
include: Engineering or drafting areas, plant maintenance areas, or 
administrative offices (e.g., central records or purchasing) if 
visitors are escorted and information is not clearly visible in these