In the Matter of USEC Inc. (Lead Cascade Facility) and All Other Persons Who Seek or Obtain Access to Safeguards Information Described Herein; Order Imposing Requirements for the Protection of and Access to Safeguards Information (Effective Immediately), 62318-62323 [E6-17752]
Download as PDF
62318
Federal Register / Vol. 71, No. 205 / Tuesday, October 24, 2006 / Notices
Florida Power and Light Company,
Docket No. 50–250, Turkey Point
Nuclear Plant, Unit 3, Miami-Dade
County, Florida
NUCLEAR REGULATORY
COMMISSION
[EA–06–223]
Date of amendment request:
September 8, 2006.
Description of amendment request:
The amendment allows the use of an
alternate method for determining the
position of Control Rod M–6, which has
an inoperable analog rod position
indicator (ARPI), until the ARPI is
repaired, but no later than the Cycle 23
refueling outage scheduled for the fall of
2007.
Date of issuance: October 5, 2006.
Effective date: As of the date of
issuance.
Amendment No.: 230.
Facility Operating License Nos. DPR–
31: Amendment revises the technical
specifications.
Public comments requested as to
proposed no significant hazards
consideration (NSHC): Yes (71 FR
54691, dated September 18, 2006). The
notice provided an opportunity to
submit comments on the Commission’s
proposed NSHC determination. No
comments have been received. The
notice also provided an opportunity to
request a hearing by November 17, 2006,
but indicated that if the Commission
makes a final NSHC determination, any
such hearing would take place after
issuance of the amendment.
The Commission’s related evaluation
of the amendment, finding of exigent
circumstances, state consultation, and
final NSHC determination are contained
in a safety evaluation dated October 5,
2006.
Attorney for licensee: M.S. Ross,
Managing Attorney, Florida power and
Light Company, P.O. Box 14000, Juno
Beach, FL 33408–0420.
NRC Branch Chief: L. Raghavan.
Dated at Rockville, Maryland, this 13th day
of October 2006.
For the Nuclear Regulatory Commission.
Catherine Haney,
Director, Division of Operating Reactor
Licensing, Office of Nuclear Reactor
Regulation.
[FR Doc. E6–17546 Filed 10–23–06; 8:45 am]
rmajette on PROD1PC67 with NOTICES1
BILLING CODE 7590–01–P
VerDate Aug<31>2005
14:25 Oct 23, 2006
Jkt 211001
In the Matter of USEC Inc. (Lead
Cascade Facility) and All Other
Persons Who Seek or Obtain Access
to Safeguards Information Described
Herein; Order Imposing Requirements
for the Protection of and Access to
Safeguards Information (Effective
Immediately)
I
USEC Inc. (USEC or the Licensee)
holds a license, issued in accordance
with the Atomic Energy Act (AEA) of
1954, by the U.S. Nuclear Regulatory
Commission (NRC or Commission)
authorizing it to construct and operate
a uranium enrichment test and
demonstration facility in Piketon, Ohio.
On July 15, 2003, NRC provided USEC,
for its information, copies of Orders
issued to Category III facilities on
interim measures to enhance physical
security at those facilities. Those Orders
contained Safeguards Information.1 In
addition, in the future, the Commission
may issue the Licensee additional
Orders that require compliance with
specific additional security measures to
enhance security at the facility. These
Orders are also expected to contain
Safeguards Information, which cannot
be released to the public and must be
protected from unauthorized disclosure.
Therefore, the Commission is imposing
the requirements, as set forth in
Attachments A, B, and C of this Order,
so that the Licensee can receive these
documents. This Order also imposes
requirements for the protection of
Safeguards Information in the hands of
any person,2 whether or not a Licensee
of the Commission, who produces,
receives, or acquires Safeguards
Information.
On August 8, 2005, the Energy Policy
Act of 2005 (EPAct) was enacted.
Section 652 of the EPAct amended
Section 149 of the AEA to require
fingerprinting and a Federal Bureau of
1 Safeguards Information is a form of sensitive,
unclassified, security-related information that the
Commission has the authority to designate and
protect under section 147 of the AEA.
2 Person means: (1) any individual, corporation,
partnership, firm, association, trust, estate, public
or private institution, group, government agency
other than the Commission or the Department of
Energy, except that the Department of Energy shall
be considered a person with respect to those
facilities of the Department specified in section 202
of the Energy Reorganization Act of 1974 (88 Stat.
1244), any State or any political subdivision of, or
any political entity within a State, any foreign
government or nation or any political subdivision
of any such government or nation, or other entity;
and (2) any legal successor, representative, agent, or
agency of the foregoing.
PO 00000
Frm 00081
Fmt 4703
Sfmt 4703
Investigation (FBI) identification and
criminal history records check of any
person who is to be permitted to have
access to Safeguards Information. The
NRC’s implementation of this
requirement cannot await the
completion of the Safeguards
Information rulemaking, which is
underway, because the EPAct
fingerprinting and criminal history
check requirements for access to
Safeguards Information were
immediately effective upon enactment
of the EPAct. Although the EPAct
permits the Commission by rule to
except certain categories of individuals
from the fingerprinting requirement,
which the Commission has done (see 10
CFR 73.59, 71 FR 33,989 (June 13,
2006)), it is unlikely that many Licensee
employees are excepted from the
fingerprinting requirement by the
‘‘fingerprinting relief’’ rule. Individuals
relieved from the fingerprinting and
criminal history checks under the relief
rule include Federal, State, and local
officials and law enforcement
personnel; Agreement State inspectors,
who conduct security inspections on
behalf of the NRC; members of Congress
and certain employees of members of
Congress or Congressional Committees;
representatives of the International
Atomic Energy Agency or certain
foreign government organizations. In
addition, individuals who have a
favorably-decided U.S. Government
criminal history check within the last
five (5) years, and individuals who have
active Federal security clearances
(provided in either case that they make
available the appropriate
documentation), have satisfied the
EPAct fingerprinting requirement and
need not be fingerprinted again.
Therefore, in accordance with section
149 of the AEA, as amended by the
EPAct, the Commission is imposing
additional requirements, as set forth by
this Order, for access to Safeguards
Information so that affected licensees
can obtain and grant access to
Safeguards Information. This Order also
imposes requirements for access to
Safeguards Information by any person,
from any person, whether or not a
Licensee, Applicant, or Certificate
Holder of the Commission or Agreement
States.
Subsequent to the terrorist events of
September 11, 2001, the NRC issued
Orders requiring certain entities to
implement Additional Security
Measures (ASM) or Compensatory
Measures (CM) for certain radioactive
materials. The requirements imposed by
these Orders, and certain measures
licensees have developed to comply
E:\FR\FM\24OCN1.SGM
24OCN1
Federal Register / Vol. 71, No. 205 / Tuesday, October 24, 2006 / Notices
with the Orders, were designated by the
NRC as Safeguards Information. For
some materials licensees, the storage
and handling requirements for the
Safeguards Information have been
modified from the existing 10 CFR part
73 Safeguards Information requirements
for reactors and fuel cycle facilities that
require a higher level of protection; such
Safeguards Information is designated as
Safeguards Information—Modified
Handling (SGI–M). However, the
information subject to the SGI–M
handling and protection requirements is
Safeguards Information, and licensees
and other persons who seek or obtain
access to such Safeguards Information
are subject to this Order.
rmajette on PROD1PC67 with NOTICES1
II
The Commission has broad statutory
authority to protect Safeguards
Information and prohibit its
unauthorized disclosure. Section 147 of
the AEA, as amended, grants the
Commission explicit authority to
‘‘* * * issue such orders, as necessary
to prohibit the unauthorized disclosure
of safeguards information * * *.’’
Furthermore, section 652 of the EPAct
amended section 149 of the AEA to
require fingerprinting and an FBI
identification and a criminal history
records check of each individual who
seeks access to Safeguards Information.
In addition, no person may have access
to Safeguards Information unless the
person has an established need-to-know
and satisfies the trustworthy and
reliability requirements of those Orders.
Licensees and all persons who
produce, receive, or acquire Safeguards
Information must ensure proper
handling and protection of Safeguards
Information, to avoid unauthorized
disclosure, in accordance with the
specific requirements for the protection
of Safeguards Information contained in
Attachments A, B, and C. The
Commission hereby provides notice that
it intends to treat violations of the
requirements contained in Attachments
A, B, and C, applicable to the handling
and unauthorized disclosure of
Safeguards Information, as serious
breaches of adequate protection of the
public health and safety and the
common defense and security of the
United States. Access to Safeguards
Information is limited to those persons
who have established a need-to-know
the information, and are considered to
be trustworthy and reliable, and who
satisfy the fingerprinting and criminal
history records check required by the
EPAct and this Order. A ‘‘need-toknow’’ means a determination by a
person having responsibility for
protecting Safeguards Information that a
VerDate Aug<31>2005
14:25 Oct 23, 2006
Jkt 211001
proposed recipient’s access to
Safeguards Information is necessary in
the performance of official, contractual,
or Licensee duties of employment. The
Licensee and all other persons who
obtain Safeguards Information must
ensure that they develop, maintain, and
implement strict policies and
procedures for the proper handling of
Safeguards Information, to prevent
unauthorized disclosure, in accordance
with the requirements in Attachments
A, B, and C. The Licensee must ensure
that all contractors whose employees
may have access to Safeguards
Information either adhere to the
Licensee’s policies and procedures on
Safeguards Information or develop,
maintain, and implement their own
acceptable policies and procedures. The
Licensee remains responsible for the
conduct of its contractors. The policies
and procedures necessary to ensure
compliance with applicable
requirements contained in Attachments
A, B, and C must address, at a
minimum, the following: (1) The general
performance requirement that each
person who produces, receives, or
acquires Safeguards Information shall
ensure that Safeguards Information is
protected against unauthorized
disclosure; (2) protection of Safeguards
Information at fixed sites, in use and in
storage, and while in transit; (3)
correspondence containing Safeguards
Information; (4) access to Safeguards
Information; (5) preparation, marking,
reproduction, and destruction of
documents; (6) external transmission of
documents; (7) use of automatic data
processing systems; and (8) removal of
the Safeguards Information category.
To provide assurance that the
Licensee is implementing appropriate
measures to achieve a consistent level of
protection to prohibit the unauthorized
disclosure of Safeguards Information,
the Licensee shall implement the
requirements for access to Safeguards
Information in this Order, including the
requirements in Attachments A, B, and
C of this Order. In addition, pursuant to
10 CFR § 2.202, I find that in light of the
common defense and security matters
identified above, which warrant the
issuance of this Order, the public
health, safety, and interest require that
this Order be effective immediately.
III
Accordingly, pursuant to sections 53,
62, 63, 81, 147, 149, 161b, 161i, 161o,
182, and 186 of the Atomic Energy Act
of 1954, as amended, and the
Commission’s regulations in 10 CFR
2.202, 10 CFR part 30, 10 CFR part 40,
and 10 CFR part 70, IT IS HEREBY
ORDERED, EFFECTIVE IMMEDIATELY,
PO 00000
Frm 00082
Fmt 4703
Sfmt 4703
62319
THAT LICENSEE AND ALL OTHER
PERSONS WHO PRODUCE, RECEIVE,
OR ACQUIRE THE ADDITIONAL
SECURITY MEASURES IDENTIFIED
ABOVE (WHETHER DRAFT OR
FINAL), OR WHO SEEK OR OBTAIN
ACCESS TO SAFEGUARDS
INFORMATION, SHALL COMPLY
WITH THE REQUIREMENTS SET
FORTH IN THIS ORDER, INCLUDING
THE REQUIREMENTS IN
ATTACHMENTS A, B, AND C.
A. 1. No person may have access to
Safeguards Information unless that
person has a need-to-know the
Safeguards Information, has been
fingerprinted or who has a favorably
decided FBI identification and criminal
history records check, and satisfies all
other applicable requirements for access
to Safeguards Information.
Fingerprinting and the FBI
identification and criminal history
records check are not required,
however, for any person who is relieved
from that requirement by 10 CFR 73.59
(71 FR 33,989 (June 13, 2006)) or who
has a favorably-decided U.S.
Government criminal history check
within the last five (5) years, or who has
an active Federal security clearance,
provided in each case that the
appropriate documentation is made
available to the Licensee’s NRCapproved reviewing official.
2. No person may have access to any
Safeguards Information if the NRC has
determined, based on fingerprinting and
an FBI identification and criminal
history records check, that the person
may not have access to Safeguards
Information.
B. No person may provide Safeguards
Information to any other person except
in accordance with condition III.A
above. Prior to providing Safeguards
Information to any person, a copy of this
Order shall be provided to that person.
C. The Licensee shall comply with the
following requirements:
1. The Licensee shall, within twenty
(20) days of the date of this Order,
establish and maintain a fingerprinting
program that meets the requirements of
Attachment C to this Order.
2. The Licensee shall, within twenty
(20) days of the date of this Order,
submit the fingerprints of one (1)
individual who needs access to
Safeguards Information and who the
Licensee nominates as the ‘‘reviewing
official’’ for determining access to
Safeguards Information by other
individuals. The NRC will determine
whether this individual (or any
subsequent reviewing official) may have
access to Safeguards Information and,
therefore, will be permitted to serve as
E:\FR\FM\24OCN1.SGM
24OCN1
62320
Federal Register / Vol. 71, No. 205 / Tuesday, October 24, 2006 / Notices
rmajette on PROD1PC67 with NOTICES1
the Licensee’s reviewing official.3 The
Licensee may, at the same time or later,
submit the fingerprints of other
individuals to whom the Licensee seeks
to grant access to Safeguards
Information. Fingerprints shall be
submitted and reviewed in accordance
with the procedures described in
Attachment C of this Order.
3. The Licensee shall, in writing,
within twenty (20) days of the date of
this Order, notify the Commission, (1) if
it is unable to comply with any of the
requirements described in the Order,
including Attachments A, B, and C, or
(2) if compliance with any of the
requirements is unnecessary in its
specific circumstances. The notification
shall provide the Licensee’s justification
for seeking relief from or variation of
any specific requirement.
Licensee responses to C.1., C.2., and
C.3. above shall be submitted to the
Director, Office of Nuclear Material
Safety and Safeguards, U.S. Nuclear
Regulatory Commission, Washington,
DC 20555. In addition, Licensee
responses shall be marked as ‘‘SecurityRelated Information—Withhold Under
10 CFR 2.390.’’ The Director, Office of
Nuclear Material Safety and Safeguards,
may, in writing, relax or rescind any of
the above conditions, on demonstration
of good cause by the Licensee.
IV
In accordance with 10 CFR 2.202, the
Licensee must, and any other person
adversely affected by this Order may,
submit an answer to this Order, and
may request a hearing on this Order,
within twenty (20) days of the date of
this Order. Where good cause is shown,
consideration will be given to extending
the time to request a hearing. A request
for extension of time in which to submit
an answer or request a hearing must be
made in writing to the Director, Office
of Nuclear Material Safety and
Safeguards, U.S. Nuclear Regulatory
Commission, Washington, DC 20555,
and include a statement of good cause
for the extension. The answer may
consent to this Order. Unless the answer
consents to this Order, the answer shall,
in writing and under oath or
affirmation, specifically set forth the
matters of fact and law on which the
Licensee or other person adversely
affected relies, and the reasons as to
why the Order should not have been
issued. Any answer or request for a
hearing shall be submitted to the
3 The NRC’s determination of this individual’s
access to Safeguards Information in accordance
with the process described in Enclosure 3 to the
transmittal letter of this Order is an administrative
determination that is outside the scope of this
Order.
VerDate Aug<31>2005
14:25 Oct 23, 2006
Jkt 211001
Secretary, Office of the Secretary, U.S.
Nuclear Regulatory Commission, ATTN:
Rulemakings and Adjudications Staff,
Washington, DC 20555. Copies also
shall be sent to the Director, Office of
Nuclear Material Safety and Safeguards,
U.S. Nuclear Regulatory Commission,
Washington, DC 20555; to the Assistant
General Counsel for Materials Litigation
and Enforcement, at the same address;
and to the Licensee, if the answer or
hearing request is by a person other than
the Licensee. Because of possible delays
in delivery of mail to United States
Government offices, it is requested that
answers and requests for hearing be
transmitted to the Secretary of the
Commission, either by means of
facsimile transmission, to 301–415–
1101, or by e-mail, to
hearingdocket@nrc.gov; and also to the
Office of the General Counsel, either by
means of facsimile transmission, to 301–
415–3725, or by e-mail, to
OGCMailCenter@nrc.gov. If a person
other than the Licensee requests a
hearing, that person shall set forth with
particularity the manner in which their
interest is adversely affected by this
Order and shall address the criteria set
forth in 10 CFR 2.309.
If a hearing is requested by the
Licensee or a person whose interest is
adversely affected, the Commission will
issue an Order designating the time and
place of any hearing. If a hearing is held,
the issue to be considered at such
hearing shall be whether this Order
should be sustained.
Pursuant to 10 CFR 2.202(c)(2)(i), the
Licensee may, in addition to demanding
a hearing, at the time the answer is filed
or sooner, move the presiding officer to
set aside the immediate effectiveness of
the Order on the grounds that the Order,
including the need for immediate
effectiveness, is not based on adequate
evidence, but on mere suspicion,
unfounded allegations, or error. In the
absence of any request for hearing, or
written approval of an extension of time
in which to request a hearing, the
provisions specified in Section III above
shall be final twenty (20) days from the
date of this Order, without further order
or proceedings. If an extension of time
for requesting a hearing has been
approved, the provisions specified in
Section III shall be final when the
extension expires, if a hearing request
has not been received. AN ANSWER OR
A REQUEST FOR HEARING SHALL
NOT STAY THE IMMEDIATE
EFFECTIVENESS OF THIS ORDER.
Dated this 4th day of October 2006.
PO 00000
Frm 00083
Fmt 4703
Sfmt 4703
For the Nuclear Regulatory Commission.
Jack R. Strosnider,
Director, Office of Nuclear Material Safety
and Safeguards.
Attachment A—Modified Handling
Requirements for the Protection of
Certain Safeguards Information (SGI–
M)
General Requirement
Information and material that the U.S.
Nuclear Regulatory Commission (NRC)
determines are safeguards information must
be protected from unauthorized disclosure.
In order to distinguish information needing
modified protection requirements from the
safeguards information for reactors and fuel
cycle facilities that require a higher level of
protection, the term ‘‘Safeguards
Information—Modified Handling’’ (SGI–M) is
being used as the distinguishing marking for
certain materials licensees. Each person who
produces, receives, or acquires SGI–M shall
ensure that it is protected against
unauthorized disclosure. To meet this
requirement, licensees and persons shall
establish and maintain an information
protection system that includes the measures
specified below. Information protection
procedures employed by state and local
police forces are deemed to meet these
requirements.
Persons Subject to These Requirements
Any person, whether or not a licensee of
the NRC, who produces, receives, or acquires
SGI–M is subject to the requirements (and
sanctions) of this document. Firms and their
employees that supply services or equipment
to materials licensees fall under this
requirement if they possess SGI–M. A
licensee must inform contractors and
suppliers of the existence of these
requirements and the need for proper
protection. (See more under Conditions for
Access).
State or local police units who have access
to SGI–M are also subject to these
requirements. However, these organizations
are deemed to have adequate information
protection systems. The conditions for
transfer of information to a third party, i.e.,
need-to-know, would still apply to the police
organization as would sanctions for unlawful
disclosure. Again, it would be prudent for
licensees who have arrangements with local
police to advise them of the existence of SGI–
M requirements.
Criminal and Civil Sanctions
The Atomic Energy Act of 1954, as
amended, explicitly provides that any
person, ‘‘whether or not a licensee of the
Commission, who violates any regulations
adopted under this section shall be subject to
the civil monetary penalties of section 234 of
this Act.’’ Furthermore, willful violation of
any regulation or order governing safeguards
information is a felony subject to criminal
penalties in the form of fines or
imprisonment, or both. See sections 147b.
and 223 of the Act.
Conditions for Access
Access to SGI–M beyond the initial
recipients of the order will be governed by
E:\FR\FM\24OCN1.SGM
24OCN1
Federal Register / Vol. 71, No. 205 / Tuesday, October 24, 2006 / Notices
the background check requirements imposed
by the order. Access to SGI–M by licensee
employees, agents, or contractors must
include both an appropriate need-to-know
determination by the licensee, as well as a
determination concerning the
trustworthiness of individuals having access
to the information. Employees of an
organization affiliated with the licensee’s
company, e.g., a parent company, may be
considered as employees of the licensee for
access purposes.
Need-To-Know
Need-to-know is defined as a
determination by a person having
responsibility for protecting SGI–M that a
proposed recipient’s access to SGI–M is
necessary in the performance of official,
contractual, or licensee duties of
employment. The recipient must be made
aware that the information is SGI–M and
those having access to it are subject to these
requirements as well as criminal and civil
sanctions for mishandling the information.
rmajette on PROD1PC67 with NOTICES1
Occupational Groups
Dissemination of SGI–M is limited to
individuals who have an established need-toknow and who are members of certain
occupational groups. These occupational
groups are:
1. An employee, agent, or contractor of an
applicant, a licensee, the Commission, or the
United States Government;
2. A member of a duly authorized
committee of the Congress;
3. The Governor of a State or his
designated representative;
4. A representative of the International
Atomic Energy Agency (IAEA) engaged in
activities associated with the U.S./IAEA
Safeguards Agreement who has been certified
by the NRC;
5. A member of a state or local law
enforcement authority that is responsible for
responding to requests for assistance during
safeguards emergencies;
6. A person to whom disclosure is ordered
pursuant to section 2.744(e) of part 2 of part
10 of the Code of Federal Regulations; or
7. State Radiation Control Program
Directors (and State Homeland Security
Directors) or their designees.
In a generic sense, the individuals
described above in (A) through (G) are
considered to be trustworthy by virtue of
their employment status. For nongovernmental individuals in group (A) above,
a determination of reliability and
trustworthiness is required. Discretion must
be exercised in granting access to the
individuals in group (A). If there is any
indication that the recipient would be
unwilling or unable to provide proper
protection for the SGI–M, they are not
authorized to receive SGI–M.
Information Considered for Safeguards
Information Designation
Information deemed SGI–M is information
the disclosure of which could reasonably be
expected to have a significant adverse effect
on the health and safety of the public or the
common defense and security by
significantly increasing the likelihood of
VerDate Aug<31>2005
14:25 Oct 23, 2006
Jkt 211001
theft, diversion, or sabotage of materials or
facilities subject to NRC jurisdiction.
SGI–M identifies safeguards information
which is subject to these requirements. These
requirements are necessary in order to
protect quantities of nuclear material
significant to the health and safety of the
public or common defense and security.
The overall measure for consideration of
SGI–M is the usefulness of the information
(security or otherwise) to an adversary in
planning or attempting a malevolent act. The
specificity of the information increases the
likelihood that it will be useful to an
adversary.
Protection While in Use
While in use, SGI–M shall be under the
control of an authorized individual. This
requirement is satisfied if the SGI–M is
attended by an authorized individual even
though the information is in fact not
constantly being used. SGI–M, therefore,
within alarm stations, continuously manned
guard posts or ready rooms need not be
locked in file drawers or storage containers.
Under certain conditions the general
control exercised over security zones or areas
would be considered to meet this
requirement. The primary consideration is
limiting access to those who have a need-toknow. Some examples would be:
Alarm stations, guard posts and guard
ready rooms;
Engineering or drafting areas if visitors are
escorted and information is not clearly
visible;
Plant maintenance areas if access is
restricted and information is not clearly
visible;
Administrative offices (e.g., central records
or purchasing) if visitors are escorted
and information is not clearly visible;
Protection While in Storage
While unattended, SGI–M shall be stored
in a locked file drawer or container.
Knowledge of lock combinations or access to
keys protecting SGI–M shall be limited to a
minimum number of personnel for operating
purposes who have a ‘‘need-to-know’’ and
are otherwise authorized access to SGI–M in
accordance with these requirements. Access
to lock combinations or keys shall be strictly
controlled so as to prevent disclosure to an
unauthorized individual.
Transportation of Documents and Other
Matter
Documents containing SGI–M when
transmitted outside an authorized place of
use or storage shall be enclosed in two sealed
envelopes or wrappers. The inner envelope
or wrapper shall contain the name and
address of the intended recipient, and be
marked both sides, top and bottom with the
words ‘‘Safeguards Information—Modified
Handling.’’ The outer envelope or wrapper
must be addressed to the intended recipient,
must contain the address of the sender, and
must not bear any markings or indication that
the document contains SGI–M.
SGI–M may be transported by any
commercial delivery company that provides
nation-wide overnight service with computer
tracking features, U.S. first class, registered,
express, or certified mail, or by any
PO 00000
Frm 00084
Fmt 4703
Sfmt 4703
62321
individual authorized access pursuant to
these requirements.
Within a facility, SGI–M may be
transmitted using a single opague envelope.
It may also be transmitted within a facility
without single or double wrapping, provided
adequate measures are taken to protect the
material against unauthorized disclosure.
Individuals transporting SGI–M should retain
the documents in their personal possession at
all times or ensure that the information is
appropriately wrapped and also secured to
preclude compromise by an unauthorized
individual.
Preparation and Marking of Documents
While the NRC is the sole authority for
determining what specific information may
be designated as ‘‘SGI–M,’’ originators of
documents are responsible for determining
whether those documents contain such
information. Each document or other matter
that contains SGI–M shall be marked
‘‘Safeguards Information—Modified
Handling’’ in a conspicuous manner on the
top and bottom of the first page to indicate
the presence of protected information. The
first page of the document must also contain
(i) the name, title, and organization of the
individual authorized to make a SGI–M
determination, and who has determined that
the document contains SGI–M, (ii) the date
the document was originated or the
determination made, (iii) an indication that
the document contains SGI–M, and (iv) an
indication that unauthorized disclosure
would be subject to civil and criminal
sanctions. Each additional page shall be
marked in a conspicuous fashion at the top
and bottom with letters denoting ‘‘Safeguards
Information—Modified Handling.’’
In additional to the ‘‘Safeguards
Information—Modified Handling’’ markings
at the top and bottom of page, transmittal
letters or memoranda which do not in
themselves contain SGI–M shall be marked to
indicate that attachments or enclosures
contain SGI–M but that the transmittal does
not (e.g., ‘‘When separated from SGI–M
enclosure(s), this document is
decontrolled’’).
In addition to the information required on
the face of the document, each item of
correspondence that contains SGI–M shall,
by marking or other means, clearly indicate
which portions (e.g., paragraphs, pages, or
appendices) contain SGI–M and which do
not. Portion marking is not required for
physical security and safeguards contingency
plans.
All documents or other matter containing
SGI–M in use or storage shall be marked in
accordance with these requirements. A
specific exception is provided for documents
in the possession of contractors and agents of
licensees that were produced more than one
year prior to the effective date of the order.
Such documents need not be marked unless
they are removed from file drawers or
containers. The same exception applies to
old documents stored away from the facility
in central files or corporation headquarters.
Since information protection procedures
employed by state and local police forces are
deemed to meet NRC requirements,
documents in the possession of these
E:\FR\FM\24OCN1.SGM
24OCN1
62322
Federal Register / Vol. 71, No. 205 / Tuesday, October 24, 2006 / Notices
agencies need not be marked as set forth in
this document.
Removal From SGI–M Category
Documents containing SGI–M shall be
removed from the SGI–M category
(decontrolled) only after the NRC determines
that the information no longer meets the
criteria of SGI–M. Licensees have the
authority to make determinations that
specific documents which they created no
longer contain SGI–M information and may
be decontrolled. Consideration must be
exercised to ensure that any document
decontrolled shall not disclose SGI–M in
some other form or be combined with other
unprotected information to disclose SGI–M.
The authority to determine that a
document may be decontrolled may be
exercised only by, or with the permission of,
the individual (or office) who made the
original determination. The document shall
indicate the name and organization of the
individual removing the document from the
SGI–M category and the date of the removal.
Other persons who have the document in
their possession should be notified of the
decontrolling of the document.
rmajette on PROD1PC67 with NOTICES1
Reproduction of Matter Containing SGI–M
SGI–M may be reproduced to the minimum
extent necessary consistent with need
without permission of the originator. Newer
digital copiers which scan and retain images
of documents represent a potential security
concern. If the copier is retaining any
information in memory, the copier cannot be
connected to a network. It should also be
placed in a location that is cleared and
controlled for the authorized processing of
SGI–M information. Different copiers have
different capabilities, including some which
come with features that allow the memory to
be erased. Each copier would have to be
examined from a physical security
perspective.
Use of Automatic Data Processing (ADP)
Systems
SGI–M may be processed or produced on
an ADP system provided that the system is
assigned to the licensee’s or contractor’s
facility and requires the use of an entry code/
password for access to stored information.
Licensees must process this information in a
computing environment that has adequate
computer security controls in place to
prevent unauthorized access to the
information. An ADP system is defined here
as a data processing system having the
capability of long term storage of
information. Word processors such as
typewriters are not subject to the
requirements as long as they do not transmit
information off-site. (NOTE: If SGI–M is
produced on a typewriter, the ribbon must be
removed and stored in the same manner as
other SGI–M information or media.) The
basic objective of these restrictions is to
prevent access and retrieval of stored SGI–M
by unauthorized individuals, particularly
from remote terminals. Specific files
containing SGI–M will be password
protected to preclude access by an
unauthorized individual. SGI–M files may be
transmitted over a network if the file is
encrypted. In such cases, the licensee will
VerDate Aug<31>2005
14:25 Oct 23, 2006
Jkt 211001
select a commercially available encryption
system that National Institute of Standards
and Technology (NIST) has validated as
conforming to Federal Information
Processing Standards (FIPS). SGI–M files
shall be properly labeled as ‘‘Safeguards
Information—Modified Handling’’ and saved
to removable media and stored in a locked
file drawer or cabinet. The NIST maintains a
listing of all validated encryption systems at
https://csrc.nist.gov/cryptval/140–1/
1401val.htm.
Telecommunications
SGI–M may not be transmitted by
unprotected telecommunications circuits
except under emergency or extraordinary
conditions. For the purpose of this
requirement, emergency or extraordinary
conditions are defined as any circumstances
that require immediate communications in
order to report, summon assistance for, or
respond to a security event (or an event that
has potential security significance).
This restriction applies to telephone,
telegraph, teletype, facsimile circuits, and to
radio. Routine telephone or radio
transmission between site security personnel,
or between the site and local police, should
be limited to message formats or codes that
do not disclose facility security features or
response procedures. Similarly, call-ins
during transport should not disclose
information useful to a potential adversary.
Infrequent or non-repetitive telephone
conversations regarding a physical security
plan or program are permitted provided that
the discussion is general in nature.
Individuals should use care when
discussing SGI–M at meetings or in the
presence of others to ensure that the
conversation is not overheard by persons not
authorized access. Transcripts, tapes or
minutes of meetings or hearings that contain
SGI–M shall be marked and protected in
accordance with these requirements.
Destruction
Documents containing SGI–M must be
destroyed when no longer needed. They may
be destroyed by tearing into small pieces,
burning, shredding or any other method that
precludes reconstruction by means available
to the public at large. Piece sizes one half
inch or smaller composed of several pages or
documents and thoroughly mixed are
considered completely destroyed.
Attachment B—Trustworthiness and
Reliability Requirements for
Individuals Handling Safeguards
Information
Licensees shall document the basis for
concluding that there is reasonable assurance
that individuals granted access to safeguards
information are trustworthy and reliable, and
do not constitute an unreasonable risk for
malevolent use of the regulated material.
The trustworthiness, reliability, and
verification of an individual’s true identity
shall be determined based on a background
investigation. The background investigation
shall address at least the past three (3) years,
and, as a minimum, include a Federal Bureau
of Investigation fingerprinting and criminal
history check, verification of employment
PO 00000
Frm 00085
Fmt 4703
Sfmt 4703
history, education, employment eligibility,
credit check, and personal references. If an
individual’s employment has been less than
the required three (3) year period,
educational references may be used in lieu of
employment history.
The licensee’s background investigation
requirements may be satisfied for an
individual that has an active Federal security
clearance.
Attachment C—Requirements for
Fingerprinting and Criminal History
Checks of Individuals When Licensee’s
Reviewing Official Is Determining
Access to Safeguards Information
General Requirements
Licensees shall comply with the
requirements of this attachment.
1. a. Each Licensee subject to the
provisions of this attachment shall
fingerprint each individual who is seeking or
permitted access to Safeguards Information
(SGI). The Licensee shall review and use the
information received from the Federal
Bureau of Investigation (FBI) and ensure that
the provisions contained in the subject Order
and this attachment are satisfied.
b. The Licensee shall notify each affected
individual that the fingerprints will be used
to secure a review of his/her criminal history
record and inform the individual of the
procedures for revising the record or
including an explanation in the record, as
specified in the ‘‘Right to Correct and
Complete Information’’ section of this
attachment.
c. Fingerprints need not be taken if an
employed individual (e.g., a Licensee
employee, contractor, manufacturer, or
supplier) is relieved from the fingerprinting
requirement by 10 CFR 73.59, has a
favorably-decided U.S. Government criminal
history check within the last five (5) years,
or has an active Federal security clearance.
Written confirmation from the Agency/
employer which granted the Federal security
clearance or reviewed the criminal history
check must be provided. The Licensee must
retain this documentation for a period of
three (3) years from the date the individual
no longer requires access to SGI associated
with the Licensee’s activities.
d. All fingerprints obtained by the Licensee
pursuant to this Order must be submitted to
the Commission for transmission to the FBI.
e. The Licensee shall review the
information received from the FBI and
consider it, in conjunction with the
trustworthy and reliability requirements, in
making a determination whether to grant
access to Safeguards Information to
individuals who have a need-to-know the
SGI.
f. The Licensee shall use any information
obtained as part of a criminal history records
check solely for the purpose of determining
an individual’s suitability for access to
Safeguards Information.
g. The Licensee shall document the basis
for its determination whether to grant access
to SGI.
2. The Licensee shall notify the NRC of any
desired change in reviewing officials. The
NRC will determine whether the individual
E:\FR\FM\24OCN1.SGM
24OCN1
Federal Register / Vol. 71, No. 205 / Tuesday, October 24, 2006 / Notices
nominated as the new reviewing official may
have access to Safeguards Information based
on a previously-obtained or new criminal
history check and, therefore, will be
permitted to serve as the Licensee’s
reviewing official.
rmajette on PROD1PC67 with NOTICES1
Prohibitions
A Licensee shall not base a final
determination to deny an individual access
to Safeguards Information solely on the basis
of information received from the FBI
involving: an arrest more than one (1) year
old for which there is no information of the
disposition of the case, or an arrest that
resulted in dismissal of the charge or an
acquittal.
A Licensee shall not use information
received from a criminal history check
obtained pursuant to this Order in a manner
that would infringe upon the rights of any
individual under the First Amendment to the
Constitution of the United States, nor shall
the Licensee use the information in any way
which would discriminate among
individuals on the basis of race, religion,
national origin, sex, or age.
Procedures for Processing Fingerprint Checks
For the purpose of complying with this
Order, Licensees shall, using an appropriate
method listed in 10 CFR 73.4, submit to the
NRC’s Division of Facilities and Security,
Mail Stop T–6E46, one completed, legible
standard fingerprint card (Form FD–258,
ORIMDNRCOOOZ) or, where practicable,
other fingerprint records for each individual
seeking access to Safeguards Information, to
the Director of the Division of Facilities and
Security, marked for the attention of the
Division’s Criminal History Check Section.
Copies of these forms may be obtained by
writing the Office of Information Services,
U.S. Nuclear Regulatory Commission,
Washington, DC 20555–0001, by calling (301)
415–5877, or by e-mail to forms@nrc.gov.
Practicable alternative formats are set forth in
10 CFR 73.4. The Licensee shall establish
procedures to ensure that the quality of the
fingerprints taken results in minimizing the
rejection rate of fingerprint cards due to
illegible or incomplete cards.
The NRC will review submitted fingerprint
cards for completeness. Any Form FD–258
fingerprint record containing omissions or
evident errors will be returned to the
Licensee for corrections. The fee for
processing fingerprint checks includes one
re-submission if the initial submission is
returned by the FBI because the fingerprint
impressions cannot be classified. The one
free re-submission must have the FBI
Transaction Control Number reflected on the
re-submission. If additional submissions are
necessary, they will be treated as initial
submittals and will require a second payment
of the processing fee.
Fees for processing fingerprint checks are
due upon application. Licensees shall submit
payment with the application for processing
fingerprints by corporate check, certified
check, cashier’s check, money order, or
electronic payment, made payable to ‘‘U.S.
NRC.’’ [For guidance on making electronic
payments, contact the Facilities Security
Branch, Division of Facilities and Security, at
VerDate Aug<31>2005
14:25 Oct 23, 2006
Jkt 211001
(301) 415–7739]. Combined payment for
multiple applications is acceptable. The
application fee (currently $27) is the sum of
the user fee charged by the FBI for each
fingerprint card or other fingerprint record
submitted by the NRC on behalf of a
Licensee, and an NRC processing fee, which
covers administrative costs associated with
NRC handling of Licensee fingerprint
submissions. The Commission will directly
notify Licensees who are subject to this
regulation of any fee changes.
The Commission will forward to the
submitting Licensee all data received from
the FBI as a result of the Licensee’s
application(s) for criminal history checks,
including the FBI fingerprint record.
Right To Correct and Complete Information
Prior to any final adverse determination,
the Licensee shall make available to the
individual the contents of any criminal
records obtained from the FBI for the purpose
of assuring correct and complete information.
Written confirmation by the individual of
receipt of this notification must be
maintained by the Licensee for a period of
one (1) year from the date of the notification.
If, after reviewing the record, an individual
believes that it is incorrect or incomplete in
any respect and wishes to change, correct, or
update the alleged deficiency, or to explain
any matter in the record, the individual may
initiate challenge procedures. These
procedures include either direct application
by the individual challenging the record to
the agency (i.e., law enforcement agency) that
contributed the questioned information, or
direct challenge as to the accuracy or
completeness of any entry on the criminal
history record to the Assistant Director,
Federal Bureau of Investigation Identification
Division, Washington, DC 20537–9700 (as set
forth in 28 CFR 16.30 through 16.34). In the
latter case, the FBI forwards the challenge to
the agency that submitted the data and
requests that agency to verify or correct the
challenged entry. Upon receipt of an official
communication directly from the agency that
contributed the original information, the FBI
Identification Division makes any changes
necessary in accordance with the information
supplied by that agency. The Licensee must
provide at least ten (10) days for an
individual to initiate an action challenging
the results of an FBI criminal history records
check after the record is made available for
his/her review. The Licensee may make a
final SGI access determination based upon
the criminal history record only upon receipt
of the FBI’s ultimate confirmation or
correction of the record. Upon a final adverse
determination on access to SGI, the Licensee
shall provide the individual its documented
basis for denial. Access to SGI shall not be
granted to an individual during the review
process.
Protection of Information
1. Each Licensee who obtains a criminal
history record on an individual pursuant to
this Order shall establish and maintain a
system of files and procedures for protecting
the record and the personal information from
unauthorized disclosure.
2. The Licensee may not disclose the
record or personal information collected and
PO 00000
Frm 00086
Fmt 4703
Sfmt 4703
62323
maintained to persons other than the subject
individual, his/her representative, or to those
who have a need to access the information
in performing assigned duties in the process
of determining access to Safeguards
Information. No individual authorized to
have access to the information may redisseminate the information to any other
individual who does not have a need-toknow.
3. The personal information obtained on an
individual from a criminal history record
check may be transferred to another Licensee
if the Licensee holding the criminal history
check record receives the individuals’
written request to re-disseminate the
information contained in his/her file, and the
gaining Licensee verifies information such as
the individual’s name, date of birth, social
security number, sex, and other applicable
physical characteristics for identification
purposes.
4. The Licensee shall make criminal
history records, obtained under this section,
available for examination by an authorized
representative of the NRC to determine
compliance with the regulations and laws.
5. The Licensee shall retain all fingerprint
and criminal history records received from
the FBI, or a copy if the individual’s file has
been transferred, for three (3) years after
termination of employment or denial of
access to SGI. After the required three (3)
year period, these documents shall be
destroyed by a method that will prevent
reconstruction of the information in whole or
in part.
[FR Doc. E6–17752 Filed 10–23–06; 8:45 am]
BILLING CODE 7590–01–P
NUCLEAR REGULATORY
COMMISSION
[NUREG–1852]
Demonstrating the Feasibility and
Reliability of Operator Manual Actions
in Response to Fire, Draft Report for
Comment
AGENCY: Nuclear Regulatory
Commission.
ACTION: Extension of comment period
for NUREG 1852, ‘‘Demonstrating the
Feasibility and Reliability of Operator
Manual Actions in Response to Fire,
Draft Report for Comment.’’
SUMMARY: On October 12, 2006 (71 FR
60200), the Nuclear Regulatory
Commission (NRC) issued for public
comment NUREG 1852, ‘‘Demonstrating
the Feasibility and Reliability of
Operator Manual Actions in Response to
Fire, Draft Report for Comment.’’ A
request has been made to extend the
public comment period such that the
public will have a full 60 days to review
this report. Currently, the Federal
Register specifies that the public
comment period ends on November 6,
2006, less than 30 days after the
issuance of the Federal Register Notice.
E:\FR\FM\24OCN1.SGM
24OCN1
Agencies
[Federal Register Volume 71, Number 205 (Tuesday, October 24, 2006)]
[Notices]
[Pages 62318-62323]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E6-17752]
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
[EA-06-223]
In the Matter of USEC Inc. (Lead Cascade Facility) and All Other
Persons Who Seek or Obtain Access to Safeguards Information Described
Herein; Order Imposing Requirements for the Protection of and Access to
Safeguards Information (Effective Immediately)
I
USEC Inc. (USEC or the Licensee) holds a license, issued in
accordance with the Atomic Energy Act (AEA) of 1954, by the U.S.
Nuclear Regulatory Commission (NRC or Commission) authorizing it to
construct and operate a uranium enrichment test and demonstration
facility in Piketon, Ohio. On July 15, 2003, NRC provided USEC, for its
information, copies of Orders issued to Category III facilities on
interim measures to enhance physical security at those facilities.
Those Orders contained Safeguards Information.\1\ In addition, in the
future, the Commission may issue the Licensee additional Orders that
require compliance with specific additional security measures to
enhance security at the facility. These Orders are also expected to
contain Safeguards Information, which cannot be released to the public
and must be protected from unauthorized disclosure. Therefore, the
Commission is imposing the requirements, as set forth in Attachments A,
B, and C of this Order, so that the Licensee can receive these
documents. This Order also imposes requirements for the protection of
Safeguards Information in the hands of any person,\2\ whether or not a
Licensee of the Commission, who produces, receives, or acquires
Safeguards Information.
---------------------------------------------------------------------------
\1\ Safeguards Information is a form of sensitive, unclassified,
security-related information that the Commission has the authority
to designate and protect under section 147 of the AEA.
\2\ Person means: (1) any individual, corporation, partnership,
firm, association, trust, estate, public or private institution,
group, government agency other than the Commission or the Department
of Energy, except that the Department of Energy shall be considered
a person with respect to those facilities of the Department
specified in section 202 of the Energy Reorganization Act of 1974
(88 Stat. 1244), any State or any political subdivision of, or any
political entity within a State, any foreign government or nation or
any political subdivision of any such government or nation, or other
entity; and (2) any legal successor, representative, agent, or
agency of the foregoing.
---------------------------------------------------------------------------
On August 8, 2005, the Energy Policy Act of 2005 (EPAct) was
enacted. Section 652 of the EPAct amended Section 149 of the AEA to
require fingerprinting and a Federal Bureau of Investigation (FBI)
identification and criminal history records check of any person who is
to be permitted to have access to Safeguards Information. The NRC's
implementation of this requirement cannot await the completion of the
Safeguards Information rulemaking, which is underway, because the EPAct
fingerprinting and criminal history check requirements for access to
Safeguards Information were immediately effective upon enactment of the
EPAct. Although the EPAct permits the Commission by rule to except
certain categories of individuals from the fingerprinting requirement,
which the Commission has done (see 10 CFR 73.59, 71 FR 33,989 (June 13,
2006)), it is unlikely that many Licensee employees are excepted from
the fingerprinting requirement by the ``fingerprinting relief'' rule.
Individuals relieved from the fingerprinting and criminal history
checks under the relief rule include Federal, State, and local
officials and law enforcement personnel; Agreement State inspectors,
who conduct security inspections on behalf of the NRC; members of
Congress and certain employees of members of Congress or Congressional
Committees; representatives of the International Atomic Energy Agency
or certain foreign government organizations. In addition, individuals
who have a favorably-decided U.S. Government criminal history check
within the last five (5) years, and individuals who have active Federal
security clearances (provided in either case that they make available
the appropriate documentation), have satisfied the EPAct fingerprinting
requirement and need not be fingerprinted again. Therefore, in
accordance with section 149 of the AEA, as amended by the EPAct, the
Commission is imposing additional requirements, as set forth by this
Order, for access to Safeguards Information so that affected licensees
can obtain and grant access to Safeguards Information. This Order also
imposes requirements for access to Safeguards Information by any
person, from any person, whether or not a Licensee, Applicant, or
Certificate Holder of the Commission or Agreement States.
Subsequent to the terrorist events of September 11, 2001, the NRC
issued Orders requiring certain entities to implement Additional
Security Measures (ASM) or Compensatory Measures (CM) for certain
radioactive materials. The requirements imposed by these Orders, and
certain measures licensees have developed to comply
[[Page 62319]]
with the Orders, were designated by the NRC as Safeguards Information.
For some materials licensees, the storage and handling requirements for
the Safeguards Information have been modified from the existing 10 CFR
part 73 Safeguards Information requirements for reactors and fuel cycle
facilities that require a higher level of protection; such Safeguards
Information is designated as Safeguards Information--Modified Handling
(SGI-M). However, the information subject to the SGI-M handling and
protection requirements is Safeguards Information, and licensees and
other persons who seek or obtain access to such Safeguards Information
are subject to this Order.
II
The Commission has broad statutory authority to protect Safeguards
Information and prohibit its unauthorized disclosure. Section 147 of
the AEA, as amended, grants the Commission explicit authority to ``* *
* issue such orders, as necessary to prohibit the unauthorized
disclosure of safeguards information * * *.'' Furthermore, section 652
of the EPAct amended section 149 of the AEA to require fingerprinting
and an FBI identification and a criminal history records check of each
individual who seeks access to Safeguards Information. In addition, no
person may have access to Safeguards Information unless the person has
an established need-to-know and satisfies the trustworthy and
reliability requirements of those Orders.
Licensees and all persons who produce, receive, or acquire
Safeguards Information must ensure proper handling and protection of
Safeguards Information, to avoid unauthorized disclosure, in accordance
with the specific requirements for the protection of Safeguards
Information contained in Attachments A, B, and C. The Commission hereby
provides notice that it intends to treat violations of the requirements
contained in Attachments A, B, and C, applicable to the handling and
unauthorized disclosure of Safeguards Information, as serious breaches
of adequate protection of the public health and safety and the common
defense and security of the United States. Access to Safeguards
Information is limited to those persons who have established a need-to-
know the information, and are considered to be trustworthy and
reliable, and who satisfy the fingerprinting and criminal history
records check required by the EPAct and this Order. A ``need-to-know''
means a determination by a person having responsibility for protecting
Safeguards Information that a proposed recipient's access to Safeguards
Information is necessary in the performance of official, contractual,
or Licensee duties of employment. The Licensee and all other persons
who obtain Safeguards Information must ensure that they develop,
maintain, and implement strict policies and procedures for the proper
handling of Safeguards Information, to prevent unauthorized disclosure,
in accordance with the requirements in Attachments A, B, and C. The
Licensee must ensure that all contractors whose employees may have
access to Safeguards Information either adhere to the Licensee's
policies and procedures on Safeguards Information or develop, maintain,
and implement their own acceptable policies and procedures. The
Licensee remains responsible for the conduct of its contractors. The
policies and procedures necessary to ensure compliance with applicable
requirements contained in Attachments A, B, and C must address, at a
minimum, the following: (1) The general performance requirement that
each person who produces, receives, or acquires Safeguards Information
shall ensure that Safeguards Information is protected against
unauthorized disclosure; (2) protection of Safeguards Information at
fixed sites, in use and in storage, and while in transit; (3)
correspondence containing Safeguards Information; (4) access to
Safeguards Information; (5) preparation, marking, reproduction, and
destruction of documents; (6) external transmission of documents; (7)
use of automatic data processing systems; and (8) removal of the
Safeguards Information category.
To provide assurance that the Licensee is implementing appropriate
measures to achieve a consistent level of protection to prohibit the
unauthorized disclosure of Safeguards Information, the Licensee shall
implement the requirements for access to Safeguards Information in this
Order, including the requirements in Attachments A, B, and C of this
Order. In addition, pursuant to 10 CFR Sec. 2.202, I find that in
light of the common defense and security matters identified above,
which warrant the issuance of this Order, the public health, safety,
and interest require that this Order be effective immediately.
III
Accordingly, pursuant to sections 53, 62, 63, 81, 147, 149, 161b,
161i, 161o, 182, and 186 of the Atomic Energy Act of 1954, as amended,
and the Commission's regulations in 10 CFR 2.202, 10 CFR part 30, 10
CFR part 40, and 10 CFR part 70, IT IS HEREBY ORDERED, EFFECTIVE
IMMEDIATELY, THAT LICENSEE AND ALL OTHER PERSONS WHO PRODUCE, RECEIVE,
OR ACQUIRE THE ADDITIONAL SECURITY MEASURES IDENTIFIED ABOVE (WHETHER
DRAFT OR FINAL), OR WHO SEEK OR OBTAIN ACCESS TO SAFEGUARDS
INFORMATION, SHALL COMPLY WITH THE REQUIREMENTS SET FORTH IN THIS
ORDER, INCLUDING THE REQUIREMENTS IN ATTACHMENTS A, B, AND C.
A. 1. No person may have access to Safeguards Information unless
that person has a need-to-know the Safeguards Information, has been
fingerprinted or who has a favorably decided FBI identification and
criminal history records check, and satisfies all other applicable
requirements for access to Safeguards Information. Fingerprinting and
the FBI identification and criminal history records check are not
required, however, for any person who is relieved from that requirement
by 10 CFR 73.59 (71 FR 33,989 (June 13, 2006)) or who has a favorably-
decided U.S. Government criminal history check within the last five (5)
years, or who has an active Federal security clearance, provided in
each case that the appropriate documentation is made available to the
Licensee's NRC-approved reviewing official.
2. No person may have access to any Safeguards Information if the
NRC has determined, based on fingerprinting and an FBI identification
and criminal history records check, that the person may not have access
to Safeguards Information.
B. No person may provide Safeguards Information to any other person
except in accordance with condition III.A above. Prior to providing
Safeguards Information to any person, a copy of this Order shall be
provided to that person.
C. The Licensee shall comply with the following requirements:
1. The Licensee shall, within twenty (20) days of the date of this
Order, establish and maintain a fingerprinting program that meets the
requirements of Attachment C to this Order.
2. The Licensee shall, within twenty (20) days of the date of this
Order, submit the fingerprints of one (1) individual who needs access
to Safeguards Information and who the Licensee nominates as the
``reviewing official'' for determining access to Safeguards Information
by other individuals. The NRC will determine whether this individual
(or any subsequent reviewing official) may have access to Safeguards
Information and, therefore, will be permitted to serve as
[[Page 62320]]
the Licensee's reviewing official.\3\ The Licensee may, at the same
time or later, submit the fingerprints of other individuals to whom the
Licensee seeks to grant access to Safeguards Information. Fingerprints
shall be submitted and reviewed in accordance with the procedures
described in Attachment C of this Order.
---------------------------------------------------------------------------
\3\ The NRC's determination of this individual's access to
Safeguards Information in accordance with the process described in
Enclosure 3 to the transmittal letter of this Order is an
administrative determination that is outside the scope of this
Order.
---------------------------------------------------------------------------
3. The Licensee shall, in writing, within twenty (20) days of the
date of this Order, notify the Commission, (1) if it is unable to
comply with any of the requirements described in the Order, including
Attachments A, B, and C, or (2) if compliance with any of the
requirements is unnecessary in its specific circumstances. The
notification shall provide the Licensee's justification for seeking
relief from or variation of any specific requirement.
Licensee responses to C.1., C.2., and C.3. above shall be submitted
to the Director, Office of Nuclear Material Safety and Safeguards, U.S.
Nuclear Regulatory Commission, Washington, DC 20555. In addition,
Licensee responses shall be marked as ``Security-Related Information--
Withhold Under 10 CFR 2.390.'' The Director, Office of Nuclear Material
Safety and Safeguards, may, in writing, relax or rescind any of the
above conditions, on demonstration of good cause by the Licensee.
IV
In accordance with 10 CFR 2.202, the Licensee must, and any other
person adversely affected by this Order may, submit an answer to this
Order, and may request a hearing on this Order, within twenty (20) days
of the date of this Order. Where good cause is shown, consideration
will be given to extending the time to request a hearing. A request for
extension of time in which to submit an answer or request a hearing
must be made in writing to the Director, Office of Nuclear Material
Safety and Safeguards, U.S. Nuclear Regulatory Commission, Washington,
DC 20555, and include a statement of good cause for the extension. The
answer may consent to this Order. Unless the answer consents to this
Order, the answer shall, in writing and under oath or affirmation,
specifically set forth the matters of fact and law on which the
Licensee or other person adversely affected relies, and the reasons as
to why the Order should not have been issued. Any answer or request for
a hearing shall be submitted to the Secretary, Office of the Secretary,
U.S. Nuclear Regulatory Commission, ATTN: Rulemakings and Adjudications
Staff, Washington, DC 20555. Copies also shall be sent to the Director,
Office of Nuclear Material Safety and Safeguards, U.S. Nuclear
Regulatory Commission, Washington, DC 20555; to the Assistant General
Counsel for Materials Litigation and Enforcement, at the same address;
and to the Licensee, if the answer or hearing request is by a person
other than the Licensee. Because of possible delays in delivery of mail
to United States Government offices, it is requested that answers and
requests for hearing be transmitted to the Secretary of the Commission,
either by means of facsimile transmission, to 301-415-1101, or by e-
mail, to hearingdocket@nrc.gov; and also to the Office of the General
Counsel, either by means of facsimile transmission, to 301-415-3725, or
by e-mail, to OGCMailCenter@nrc.gov. If a person other than the
Licensee requests a hearing, that person shall set forth with
particularity the manner in which their interest is adversely affected
by this Order and shall address the criteria set forth in 10 CFR 2.309.
If a hearing is requested by the Licensee or a person whose
interest is adversely affected, the Commission will issue an Order
designating the time and place of any hearing. If a hearing is held,
the issue to be considered at such hearing shall be whether this Order
should be sustained.
Pursuant to 10 CFR 2.202(c)(2)(i), the Licensee may, in addition to
demanding a hearing, at the time the answer is filed or sooner, move
the presiding officer to set aside the immediate effectiveness of the
Order on the grounds that the Order, including the need for immediate
effectiveness, is not based on adequate evidence, but on mere
suspicion, unfounded allegations, or error. In the absence of any
request for hearing, or written approval of an extension of time in
which to request a hearing, the provisions specified in Section III
above shall be final twenty (20) days from the date of this Order,
without further order or proceedings. If an extension of time for
requesting a hearing has been approved, the provisions specified in
Section III shall be final when the extension expires, if a hearing
request has not been received. AN ANSWER OR A REQUEST FOR HEARING SHALL
NOT STAY THE IMMEDIATE EFFECTIVENESS OF THIS ORDER.
Dated this 4th day of October 2006.
For the Nuclear Regulatory Commission.
Jack R. Strosnider,
Director, Office of Nuclear Material Safety and Safeguards.
Attachment A--Modified Handling Requirements for the Protection of
Certain Safeguards Information (SGI-M)
General Requirement
Information and material that the U.S. Nuclear Regulatory
Commission (NRC) determines are safeguards information must be
protected from unauthorized disclosure. In order to distinguish
information needing modified protection requirements from the
safeguards information for reactors and fuel cycle facilities that
require a higher level of protection, the term ``Safeguards
Information--Modified Handling'' (SGI-M) is being used as the
distinguishing marking for certain materials licensees. Each person
who produces, receives, or acquires SGI-M shall ensure that it is
protected against unauthorized disclosure. To meet this requirement,
licensees and persons shall establish and maintain an information
protection system that includes the measures specified below.
Information protection procedures employed by state and local police
forces are deemed to meet these requirements.
Persons Subject to These Requirements
Any person, whether or not a licensee of the NRC, who produces,
receives, or acquires SGI-M is subject to the requirements (and
sanctions) of this document. Firms and their employees that supply
services or equipment to materials licensees fall under this
requirement if they possess SGI-M. A licensee must inform
contractors and suppliers of the existence of these requirements and
the need for proper protection. (See more under Conditions for
Access).
State or local police units who have access to SGI-M are also
subject to these requirements. However, these organizations are
deemed to have adequate information protection systems. The
conditions for transfer of information to a third party, i.e., need-
to-know, would still apply to the police organization as would
sanctions for unlawful disclosure. Again, it would be prudent for
licensees who have arrangements with local police to advise them of
the existence of SGI-M requirements.
Criminal and Civil Sanctions
The Atomic Energy Act of 1954, as amended, explicitly provides
that any person, ``whether or not a licensee of the Commission, who
violates any regulations adopted under this section shall be subject
to the civil monetary penalties of section 234 of this Act.''
Furthermore, willful violation of any regulation or order governing
safeguards information is a felony subject to criminal penalties in
the form of fines or imprisonment, or both. See sections 147b. and
223 of the Act.
Conditions for Access
Access to SGI-M beyond the initial recipients of the order will
be governed by
[[Page 62321]]
the background check requirements imposed by the order. Access to
SGI-M by licensee employees, agents, or contractors must include
both an appropriate need-to-know determination by the licensee, as
well as a determination concerning the trustworthiness of
individuals having access to the information. Employees of an
organization affiliated with the licensee's company, e.g., a parent
company, may be considered as employees of the licensee for access
purposes.
Need-To-Know
Need-to-know is defined as a determination by a person having
responsibility for protecting SGI-M that a proposed recipient's
access to SGI-M is necessary in the performance of official,
contractual, or licensee duties of employment. The recipient must be
made aware that the information is SGI-M and those having access to
it are subject to these requirements as well as criminal and civil
sanctions for mishandling the information.
Occupational Groups
Dissemination of SGI-M is limited to individuals who have an
established need-to-know and who are members of certain occupational
groups. These occupational groups are:
1. An employee, agent, or contractor of an applicant, a
licensee, the Commission, or the United States Government;
2. A member of a duly authorized committee of the Congress;
3. The Governor of a State or his designated representative;
4. A representative of the International Atomic Energy Agency
(IAEA) engaged in activities associated with the U.S./IAEA
Safeguards Agreement who has been certified by the NRC;
5. A member of a state or local law enforcement authority that
is responsible for responding to requests for assistance during
safeguards emergencies;
6. A person to whom disclosure is ordered pursuant to section
2.744(e) of part 2 of part 10 of the Code of Federal Regulations; or
7. State Radiation Control Program Directors (and State Homeland
Security Directors) or their designees.
In a generic sense, the individuals described above in (A)
through (G) are considered to be trustworthy by virtue of their
employment status. For non-governmental individuals in group (A)
above, a determination of reliability and trustworthiness is
required. Discretion must be exercised in granting access to the
individuals in group (A). If there is any indication that the
recipient would be unwilling or unable to provide proper protection
for the SGI-M, they are not authorized to receive SGI-M.
Information Considered for Safeguards Information Designation
Information deemed SGI-M is information the disclosure of which
could reasonably be expected to have a significant adverse effect on
the health and safety of the public or the common defense and
security by significantly increasing the likelihood of theft,
diversion, or sabotage of materials or facilities subject to NRC
jurisdiction.
SGI-M identifies safeguards information which is subject to
these requirements. These requirements are necessary in order to
protect quantities of nuclear material significant to the health and
safety of the public or common defense and security.
The overall measure for consideration of SGI-M is the usefulness
of the information (security or otherwise) to an adversary in
planning or attempting a malevolent act. The specificity of the
information increases the likelihood that it will be useful to an
adversary.
Protection While in Use
While in use, SGI-M shall be under the control of an authorized
individual. This requirement is satisfied if the SGI-M is attended
by an authorized individual even though the information is in fact
not constantly being used. SGI-M, therefore, within alarm stations,
continuously manned guard posts or ready rooms need not be locked in
file drawers or storage containers.
Under certain conditions the general control exercised over
security zones or areas would be considered to meet this
requirement. The primary consideration is limiting access to those
who have a need-to-know. Some examples would be:
Alarm stations, guard posts and guard ready rooms;
Engineering or drafting areas if visitors are escorted and
information is not clearly visible;
Plant maintenance areas if access is restricted and information
is not clearly visible;
Administrative offices (e.g., central records or purchasing) if
visitors are escorted and information is not clearly visible;
Protection While in Storage
While unattended, SGI-M shall be stored in a locked file drawer
or container. Knowledge of lock combinations or access to keys
protecting SGI-M shall be limited to a minimum number of personnel
for operating purposes who have a ``need-to-know'' and are otherwise
authorized access to SGI-M in accordance with these requirements.
Access to lock combinations or keys shall be strictly controlled so
as to prevent disclosure to an unauthorized individual.
Transportation of Documents and Other Matter
Documents containing SGI-M when transmitted outside an
authorized place of use or storage shall be enclosed in two sealed
envelopes or wrappers. The inner envelope or wrapper shall contain
the name and address of the intended recipient, and be marked both
sides, top and bottom with the words ``Safeguards Information--
Modified Handling.'' The outer envelope or wrapper must be addressed
to the intended recipient, must contain the address of the sender,
and must not bear any markings or indication that the document
contains SGI-M.
SGI-M may be transported by any commercial delivery company that
provides nation-wide overnight service with computer tracking
features, U.S. first class, registered, express, or certified mail,
or by any individual authorized access pursuant to these
requirements.
Within a facility, SGI-M may be transmitted using a single
opague envelope. It may also be transmitted within a facility
without single or double wrapping, provided adequate measures are
taken to protect the material against unauthorized disclosure.
Individuals transporting SGI-M should retain the documents in their
personal possession at all times or ensure that the information is
appropriately wrapped and also secured to preclude compromise by an
unauthorized individual.
Preparation and Marking of Documents
While the NRC is the sole authority for determining what
specific information may be designated as ``SGI-M,'' originators of
documents are responsible for determining whether those documents
contain such information. Each document or other matter that
contains SGI-M shall be marked ``Safeguards Information--Modified
Handling'' in a conspicuous manner on the top and bottom of the
first page to indicate the presence of protected information. The
first page of the document must also contain (i) the name, title,
and organization of the individual authorized to make a SGI-M
determination, and who has determined that the document contains
SGI-M, (ii) the date the document was originated or the
determination made, (iii) an indication that the document contains
SGI-M, and (iv) an indication that unauthorized disclosure would be
subject to civil and criminal sanctions. Each additional page shall
be marked in a conspicuous fashion at the top and bottom with
letters denoting ``Safeguards Information--Modified Handling.''
In additional to the ``Safeguards Information--Modified
Handling'' markings at the top and bottom of page, transmittal
letters or memoranda which do not in themselves contain SGI-M shall
be marked to indicate that attachments or enclosures contain SGI-M
but that the transmittal does not (e.g., ``When separated from SGI-M
enclosure(s), this document is decontrolled'').
In addition to the information required on the face of the
document, each item of correspondence that contains SGI-M shall, by
marking or other means, clearly indicate which portions (e.g.,
paragraphs, pages, or appendices) contain SGI-M and which do not.
Portion marking is not required for physical security and safeguards
contingency plans.
All documents or other matter containing SGI-M in use or storage
shall be marked in accordance with these requirements. A specific
exception is provided for documents in the possession of contractors
and agents of licensees that were produced more than one year prior
to the effective date of the order. Such documents need not be
marked unless they are removed from file drawers or containers. The
same exception applies to old documents stored away from the
facility in central files or corporation headquarters.
Since information protection procedures employed by state and
local police forces are deemed to meet NRC requirements, documents
in the possession of these
[[Page 62322]]
agencies need not be marked as set forth in this document.
Removal From SGI-M Category
Documents containing SGI-M shall be removed from the SGI-M
category (decontrolled) only after the NRC determines that the
information no longer meets the criteria of SGI-M. Licensees have
the authority to make determinations that specific documents which
they created no longer contain SGI-M information and may be
decontrolled. Consideration must be exercised to ensure that any
document decontrolled shall not disclose SGI-M in some other form or
be combined with other unprotected information to disclose SGI-M.
The authority to determine that a document may be decontrolled
may be exercised only by, or with the permission of, the individual
(or office) who made the original determination. The document shall
indicate the name and organization of the individual removing the
document from the SGI-M category and the date of the removal. Other
persons who have the document in their possession should be notified
of the decontrolling of the document.
Reproduction of Matter Containing SGI-M
SGI-M may be reproduced to the minimum extent necessary
consistent with need without permission of the originator. Newer
digital copiers which scan and retain images of documents represent
a potential security concern. If the copier is retaining any
information in memory, the copier cannot be connected to a network.
It should also be placed in a location that is cleared and
controlled for the authorized processing of SGI-M information.
Different copiers have different capabilities, including some which
come with features that allow the memory to be erased. Each copier
would have to be examined from a physical security perspective.
Use of Automatic Data Processing (ADP) Systems
SGI-M may be processed or produced on an ADP system provided
that the system is assigned to the licensee's or contractor's
facility and requires the use of an entry code/password for access
to stored information. Licensees must process this information in a
computing environment that has adequate computer security controls
in place to prevent unauthorized access to the information. An ADP
system is defined here as a data processing system having the
capability of long term storage of information. Word processors such
as typewriters are not subject to the requirements as long as they
do not transmit information off-site. (Note: If SGI-M is produced on
a typewriter, the ribbon must be removed and stored in the same
manner as other SGI-M information or media.) The basic objective of
these restrictions is to prevent access and retrieval of stored SGI-
M by unauthorized individuals, particularly from remote terminals.
Specific files containing SGI-M will be password protected to
preclude access by an unauthorized individual. SGI-M files may be
transmitted over a network if the file is encrypted. In such cases,
the licensee will select a commercially available encryption system
that National Institute of Standards and Technology (NIST) has
validated as conforming to Federal Information Processing Standards
(FIPS). SGI-M files shall be properly labeled as ``Safeguards
Information--Modified Handling'' and saved to removable media and
stored in a locked file drawer or cabinet. The NIST maintains a
listing of all validated encryption systems at https://csrc.nist.gov/
cryptval/140-1/1401val.htm.
Telecommunications
SGI-M may not be transmitted by unprotected telecommunications
circuits except under emergency or extraordinary conditions. For the
purpose of this requirement, emergency or extraordinary conditions
are defined as any circumstances that require immediate
communications in order to report, summon assistance for, or respond
to a security event (or an event that has potential security
significance).
This restriction applies to telephone, telegraph, teletype,
facsimile circuits, and to radio. Routine telephone or radio
transmission between site security personnel, or between the site
and local police, should be limited to message formats or codes that
do not disclose facility security features or response procedures.
Similarly, call-ins during transport should not disclose information
useful to a potential adversary. Infrequent or non-repetitive
telephone conversations regarding a physical security plan or
program are permitted provided that the discussion is general in
nature.
Individuals should use care when discussing SGI-M at meetings or
in the presence of others to ensure that the conversation is not
overheard by persons not authorized access. Transcripts, tapes or
minutes of meetings or hearings that contain SGI-M shall be marked
and protected in accordance with these requirements.
Destruction
Documents containing SGI-M must be destroyed when no longer
needed. They may be destroyed by tearing into small pieces, burning,
shredding or any other method that precludes reconstruction by means
available to the public at large. Piece sizes one half inch or
smaller composed of several pages or documents and thoroughly mixed
are considered completely destroyed.
Attachment B--Trustworthiness and Reliability Requirements for
Individuals Handling Safeguards Information
Licensees shall document the basis for concluding that there is
reasonable assurance that individuals granted access to safeguards
information are trustworthy and reliable, and do not constitute an
unreasonable risk for malevolent use of the regulated material.
The trustworthiness, reliability, and verification of an
individual's true identity shall be determined based on a background
investigation. The background investigation shall address at least
the past three (3) years, and, as a minimum, include a Federal
Bureau of Investigation fingerprinting and criminal history check,
verification of employment history, education, employment
eligibility, credit check, and personal references. If an
individual's employment has been less than the required three (3)
year period, educational references may be used in lieu of
employment history.
The licensee's background investigation requirements may be
satisfied for an individual that has an active Federal security
clearance.
Attachment C--Requirements for Fingerprinting and Criminal History
Checks of Individuals When Licensee's Reviewing Official Is Determining
Access to Safeguards Information
General Requirements
Licensees shall comply with the requirements of this attachment.
1. a. Each Licensee subject to the provisions of this attachment
shall fingerprint each individual who is seeking or permitted access
to Safeguards Information (SGI). The Licensee shall review and use
the information received from the Federal Bureau of Investigation
(FBI) and ensure that the provisions contained in the subject Order
and this attachment are satisfied.
b. The Licensee shall notify each affected individual that the
fingerprints will be used to secure a review of his/her criminal
history record and inform the individual of the procedures for
revising the record or including an explanation in the record, as
specified in the ``Right to Correct and Complete Information''
section of this attachment.
c. Fingerprints need not be taken if an employed individual
(e.g., a Licensee employee, contractor, manufacturer, or supplier)
is relieved from the fingerprinting requirement by 10 CFR 73.59, has
a favorably-decided U.S. Government criminal history check within
the last five (5) years, or has an active Federal security
clearance. Written confirmation from the Agency/employer which
granted the Federal security clearance or reviewed the criminal
history check must be provided. The Licensee must retain this
documentation for a period of three (3) years from the date the
individual no longer requires access to SGI associated with the
Licensee's activities.
d. All fingerprints obtained by the Licensee pursuant to this
Order must be submitted to the Commission for transmission to the
FBI.
e. The Licensee shall review the information received from the
FBI and consider it, in conjunction with the trustworthy and
reliability requirements, in making a determination whether to grant
access to Safeguards Information to individuals who have a need-to-
know the SGI.
f. The Licensee shall use any information obtained as part of a
criminal history records check solely for the purpose of determining
an individual's suitability for access to Safeguards Information.
g. The Licensee shall document the basis for its determination
whether to grant access to SGI.
2. The Licensee shall notify the NRC of any desired change in
reviewing officials. The NRC will determine whether the individual
[[Page 62323]]
nominated as the new reviewing official may have access to
Safeguards Information based on a previously-obtained or new
criminal history check and, therefore, will be permitted to serve as
the Licensee's reviewing official.
Prohibitions
A Licensee shall not base a final determination to deny an
individual access to Safeguards Information solely on the basis of
information received from the FBI involving: an arrest more than one
(1) year old for which there is no information of the disposition of
the case, or an arrest that resulted in dismissal of the charge or
an acquittal.
A Licensee shall not use information received from a criminal
history check obtained pursuant to this Order in a manner that would
infringe upon the rights of any individual under the First Amendment
to the Constitution of the United States, nor shall the Licensee use
the information in any way which would discriminate among
individuals on the basis of race, religion, national origin, sex, or
age.
Procedures for Processing Fingerprint Checks
For the purpose of complying with this Order, Licensees shall,
using an appropriate method listed in 10 CFR 73.4, submit to the
NRC's Division of Facilities and Security, Mail Stop T-6E46, one
completed, legible standard fingerprint card (Form FD-258,
ORIMDNRCOOOZ) or, where practicable, other fingerprint records for
each individual seeking access to Safeguards Information, to the
Director of the Division of Facilities and Security, marked for the
attention of the Division's Criminal History Check Section. Copies
of these forms may be obtained by writing the Office of Information
Services, U.S. Nuclear Regulatory Commission, Washington, DC 20555-
0001, by calling (301) 415-5877, or by e-mail to forms@nrc.gov.
Practicable alternative formats are set forth in 10 CFR 73.4. The
Licensee shall establish procedures to ensure that the quality of
the fingerprints taken results in minimizing the rejection rate of
fingerprint cards due to illegible or incomplete cards.
The NRC will review submitted fingerprint cards for
completeness. Any Form FD-258 fingerprint record containing
omissions or evident errors will be returned to the Licensee for
corrections. The fee for processing fingerprint checks includes one
re-submission if the initial submission is returned by the FBI
because the fingerprint impressions cannot be classified. The one
free re-submission must have the FBI Transaction Control Number
reflected on the re-submission. If additional submissions are
necessary, they will be treated as initial submittals and will
require a second payment of the processing fee.
Fees for processing fingerprint checks are due upon application.
Licensees shall submit payment with the application for processing
fingerprints by corporate check, certified check, cashier's check,
money order, or electronic payment, made payable to ``U.S. NRC.''
[For guidance on making electronic payments, contact the Facilities
Security Branch, Division of Facilities and Security, at (301) 415-
7739]. Combined payment for multiple applications is acceptable. The
application fee (currently $27) is the sum of the user fee charged
by the FBI for each fingerprint card or other fingerprint record
submitted by the NRC on behalf of a Licensee, and an NRC processing
fee, which covers administrative costs associated with NRC handling
of Licensee fingerprint submissions. The Commission will directly
notify Licensees who are subject to this regulation of any fee
changes.
The Commission will forward to the submitting Licensee all data
received from the FBI as a result of the Licensee's application(s)
for criminal history checks, including the FBI fingerprint record.
Right To Correct and Complete Information
Prior to any final adverse determination, the Licensee shall
make available to the individual the contents of any criminal
records obtained from the FBI for the purpose of assuring correct
and complete information. Written confirmation by the individual of
receipt of this notification must be maintained by the Licensee for
a period of one (1) year from the date of the notification. If,
after reviewing the record, an individual believes that it is
incorrect or incomplete in any respect and wishes to change,
correct, or update the alleged deficiency, or to explain any matter
in the record, the individual may initiate challenge procedures.
These procedures include either direct application by the individual
challenging the record to the agency (i.e., law enforcement agency)
that contributed the questioned information, or direct challenge as
to the accuracy or completeness of any entry on the criminal history
record to the Assistant Director, Federal Bureau of Investigation
Identification Division, Washington, DC 20537-9700 (as set forth in
28 CFR 16.30 through 16.34). In the latter case, the FBI forwards
the challenge to the agency that submitted the data and requests
that agency to verify or correct the challenged entry. Upon receipt
of an official communication directly from the agency that
contributed the original information, the FBI Identification
Division makes any changes necessary in accordance with the
information supplied by that agency. The Licensee must provide at
least ten (10) days for an individual to initiate an action
challenging the results of an FBI criminal history records check
after the record is made available for his/her review. The Licensee
may make a final SGI access determination based upon the criminal
history record only upon receipt of the FBI's ultimate confirmation
or correction of the record. Upon a final adverse determination on
access to SGI, the Licensee shall provide the individual its
documented basis for denial. Access to SGI shall not be granted to
an individual during the review process.
Protection of Information
1. Each Licensee who obtains a criminal history record on an
individual pursuant to this Order shall establish and maintain a
system of files and procedures for protecting the record and the
personal information from unauthorized disclosure.
2. The Licensee may not disclose the record or personal
information collected and maintained to persons other than the
subject individual, his/her representative, or to those who have a
need to access the information in performing assigned duties in the
process of determining access to Safeguards Information. No
individual authorized to have access to the information may re-
disseminate the information to any other individual who does not
have a need-to-know.
3. The personal information obtained on an individual from a
criminal history record check may be transferred to another Licensee
if the Licensee holding the criminal history check record receives
the individuals' written request to re-disseminate the information
contained in his/her file, and the gaining Licensee verifies
information such as the individual's name, date of birth, social
security number, sex, and other applicable physical characteristics
for identification purposes.
4. The Licensee shall make criminal history records, obtained
under this section, available for examination by an authorized
representative of the NRC to determine compliance with the
regulations and laws.
5. The Licensee shall retain all fingerprint and criminal
history records received from the FBI, or a copy if the individual's
file has been transferred, for three (3) years after termination of
employment or denial of access to SGI. After the required three (3)
year period, these documents shall be destroyed by a method that
will prevent reconstruction of the information in whole or in part.
[FR Doc. E6-17752 Filed 10-23-06; 8:45 am]
BILLING CODE 7590-01-P