In the Matter of All Licensees Who Possess Radioactive Material In Quantities of Concern and All Other Persons Who Obtain Safeguards Information Described Herein; Order Imposing Requirements for the Protection of Certain Safeguards Information (Effective Immediately), 74567-74571 [E6-21044]
Download as PDF
Federal Register / Vol. 71, No. 238 / Tuesday, December 12, 2006 / Notices
available. If you are interested in
receiving this Commission meeting
schedule electronically, please send an
electronic message to dkw@nrc.gov.
Dated: December 7, 2006.
R. Michelle Schroll,
Office of the Secretary.
[FR Doc. 06–9653 Filed 12–8–06; 10:10 am]
BILLING CODE 7590–01–P
NUCLEAR REGULATORY
COMMISSION
[EA–06–289]
In the Matter of All Licensees Who
Possess Radioactive Material In
Quantities of Concern and All Other
Persons Who Obtain Safeguards
Information Described Herein; Order
Imposing Requirements for the
Protection of Certain Safeguards
Information (Effective Immediately)
I
jlentini on PROD1PC65 with NOTICES
The Licensees, identified in
Attachment 1 1 to this Order, hold
licenses issued in accordance with the
Atomic Energy Act of 1954, by the U.S.
Nuclear Regulatory Commission (NRC
or Commission) or an Agreement State,
authorizing them to possess and transfer
items containing radioactive material
quantities of concern. The NRC intends
to issue security Orders to these
licensees in the near future. Orders will
be issued to both NRC and Agreement
State materials licensees who may
transport radioactive material quantities
of concern. The Orders will require
compliance with specific Additional
Security Measures to enhance the
security for transport of certain
radioactive material quantities of
concern. The NRC will issue Orders to
both NRC and Agreement State
licensees under its authority to protect
the common defense and security,
which has not been relinquished to the
Agreement States. The Commission has
determined that these documents will
contain Safeguards Information (SGI),
will not be released to the public, and
must be protected from unauthorized
disclosure. Therefore, the Commission
is imposing the requirements, as set
forth in Attachments 2 and 3 to this
Order and in Order EA–06–290, so that
affected Licensees can receive these
documents. This Order also imposes
requirements for the protection of SGI in
the hands of any person,2 whether or
1 Attachment 1 contains sensitive information
and will not be released to the public.
2 Person means (1) any individual, corporation,
partnership, firm, association, trust, estate, public
or private institution, group, government agency
other than the Commission or the Department,
VerDate Aug<31>2005
18:00 Dec 11, 2006
Jkt 211001
not a licensee of the Commission, who
produces, receives, or acquires SGI.
II
The Commission has broad statutory
authority to protect and prohibit the
unauthorized disclosure of SGI. Section
147 of the Atomic Energy Act of 1954,
as amended, grants the Commission
explicit authority to ‘‘* * * issue such
orders, as necessary to prohibit the
unauthorized disclosure of safeguards
information * * *’’ This authority
extends to information concerning
transfer of special nuclear material,
source material, and byproduct material.
Licensees and all persons who produce,
receive, or acquire SGI must ensure
proper handling and protection of SGI
to avoid unauthorized disclosure in
accordance with the specific
requirements for the protection of SGI
contained in Attachments 2 and 3 to
this Order. The Commission hereby
provides notice that it intends to treat
violations of the requirements contained
in Attachments 2 and 3 to this Order
applicable to the handling and
unauthorized disclosure of SGI as
serious breaches of adequate protection
of the public health and safety and the
common defense and security of the
United States. Access to SGI is limited
to those persons who have established
a need-to-know the information, are
considered to be trustworthy and
reliable, and meet the requirements of
Order EA–06–290. A need-to-know
means a determination by a person
having responsibility for protecting SGI
that a proposed recipient’s access to SGI
is necessary in the performance of
official, contractual, or licensee duties
of employment. Licensees and all other
persons who obtain SGI must ensure
that they develop, maintain and
implement strict policies and
procedures for the proper handling of
SGI to prevent unauthorized disclosure,
in accordance with the requirements in
Attachments 2 and 3 to this Order. All
licensees must ensure that all
contractors whose employees may have
access to SGI either adhere to the
licensee’s policies and procedures on
SGI or develop, maintain and
implement their own acceptable
policies and procedures. The licensees
remain responsible for the conduct of
their contractors. The policies and
except that the Department shall be considered a
person with respect to those facilities of the
Department specified in section 202 of the Energy
Reorganization Act of 1974 (88 Stat. 1244), any
State or any political subdivision of, or any political
entity within a State, any foreign government or
nation or any political subdivision of any such
government or nation, or other entity; and (2) any
legal successor, representative, agent, or agency of
the foregoing.
PO 00000
Frm 00083
Fmt 4703
Sfmt 4703
74567
procedures necessary to ensure
compliance with applicable
requirements contained in Attachments
2 and 3 to this Order must address, at
a minimum, the following: the general
performance requirement that each
person who produces, receives, or
acquires SGI shall ensure that SGI is
protected against unauthorized
disclosure; protection of SGI at fixed
sites, in use and in storage, and while
in transit; correspondence containing
SGI; access to SGI; preparation,
marking, reproduction and destruction
of documents; external transmission of
documents; use of automatic data
processing systems; removal of the SGI
category; the need-to-know the
information; and background checks to
determine access to the information.
In order to provide assurance that the
licensees are implementing prudent
measures to achieve a consistent level of
protection to prohibit the unauthorized
disclosure of Safeguards Information, all
licensees who hold licenses issued by
the NRC or an Agreement State
authorizing them to possess and who
may transport items containing
radioactive material quantities of
concern shall implement the
requirements identified in Attachments
2 and 3 to this Order. The Commission
recognizes that licensees may have
already initiated many of the measures
set forth in Attachments 2 and 3 to this
Order for handling of SGI in
conjunction with current NRC license
requirements or previous NRC Orders.
Additional measures set forth in
Attachments 2 and 3 to this Order
should be incorporated into the
licensee’s current program for SGI. In
addition, pursuant to 10 CFR 2.202, I
find that in light of the common defense
and security matters identified above,
which warrant the issuance of this
Order, the public health, safety and
interest require that this Order be
effective immediately.
III
Accordingly, pursuant to Sections 81,
147, 161b, 161i, 161o, 182 and 186 of
the Atomic Energy Act of 1954, as
amended, and the Commission’s
regulations in 10 CFR 2.202, 10 CFR
Part 30, 10 CFR Part 32, 10 CFR Part 35,
and 10 CFR Part 70, it is hereby ordered,
effective immediately, that all licensees
identified in attachment 1 to this order
and all other persons who produce,
receive, or acquire the additional
security measures identified above
(whether draft or final) or any related
SGI shall comply with the requirements
of attachments 2 and 3 to this order.
The Director, Office of Federal and
State Materials and Environmental
E:\FR\FM\12DEN1.SGM
12DEN1
74568
Federal Register / Vol. 71, No. 238 / Tuesday, December 12, 2006 / Notices
jlentini on PROD1PC65 with NOTICES
Management Programs, may, in writing,
relax or rescind any of the above
conditions upon demonstration of good
cause by the licensee.
IV
In accordance with 10 CFR 2.202, the
Licensee must, and any other person
adversely affected by this Order may,
submit an answer to this Order, and
may request a hearing on this Order,
within twenty (20) days of the date of
this Order. Where good cause is shown,
consideration will be given to extending
the time to request a hearing. A request
for extension of time in which to submit
an answer or request a hearing must be
made in writing to the Director, Office
of Federal and State Materials and
Environmental Management Programs,
U.S. Nuclear Regulatory Commission,
Washington, DC 20555, and include a
statement of good cause for the
extension. The answer may consent to
this Order. Unless the answer consents
to this Order, the answer shall, in
writing and under oath or affirmation,
specifically set forth the matters of fact
and law on which the Licensee or other
person adversely affected relies and the
reasons as to why the Order should not
have been issued. Any answer or
request for a hearing shall be submitted
to the Secretary, Office of the Secretary
of the Commission, U.S. Nuclear
Regulatory Commission, ATTN:
Rulemakings and Adjudications Staff,
Washington, DC 20555. Copies also
shall be sent to the Director, Office of
Nuclear Material Safety and Safeguards,
U.S. Nuclear Regulatory Commission,
Washington, DC 20555, to the Assistant
General Counsel for Materials Litigation
and Enforcement at the same address,
and to the Licensee if the answer or
hearing request is by a person other than
the Licensee. Because of possible delays
in delivery of mail to United States
Government offices, it is requested that
answers and requests for hearing be
transmitted to the Secretary of the
Commission either by means of
facsimile transmission to 301–415–1101
or by e-mail to hearingdocket@nrc.gov
and also to the Office of the General
Counsel either by means of facsimile
transmission to 301–415–3725 or by email to OGCMailCenter@nrc.gov. If a
person other than the Licensee requests
a hearing, that person shall set forth
with particularity the manner in which
his interest is adversely affected by this
Order and shall address the criteria set
forth in 10 CFR 2.309.
If a hearing is requested by the
Licensee or a person whose interest is
adversely affected, the Commission will
issue an Order designating the time and
place of any hearing. If a hearing is held,
VerDate Aug<31>2005
18:00 Dec 11, 2006
Jkt 211001
the issue to be considered at such
hearing shall be whether this Order
should be sustained.
Pursuant to 10 CFR 2.202(c)(2)(i), the
Licensee may, in addition to demanding
a hearing, at the time the answer is filed
or sooner, move the presiding officer to
set aside the immediate effectiveness of
the Order on the ground that the Order,
including the need for immediate
effectiveness, is not based on adequate
evidence but on mere suspicion,
unfounded allegations, or error. In the
absence of any request for hearing, or
written approval of an extension of time
in which to request a hearing, the
provisions specified in Section III above
shall be final twenty (20) days from the
date of this Order without further order
or proceedings. If an extension of time
for requesting a hearing has been
approved, the provisions specified in
Section III shall be final when the
extension expires if a hearing request
has not been received.
An answer or a request for hearing
shall not stay the immediate
effectiveness of this order.
Dated this 1st day of December 2006.
For the Nuclear Regulatory Commission.
Charles L. Miller,
Director, Office of Federal and State Materials
and Environmental Management Programs.
Attachments:
1. List of Applicable Materials Licensees.
2. Modified Handling Requirements for the
Protection of Certain Safeguards Information
(SGI–M).
3. Trustworthy and Reliability
Requirements for Individuals Handling
Safeguards Information.
Attachment 1: List of Applicable
Materials Licensees Redacted
Attachment 2: Modified Handling
Requirements for the Protection of
Certain Safeguards Information (SGI–
M)
Modified Handling Requirements for
the Protection of Certain Safeguards
Information (SGI–M)
General Requirement
Information and material that the U.S.
Nuclear Regulatory Commission (NRC)
determines are safeguards information
must be protected from unauthorized
disclosure. In order to distinguish
information needing modified
protection requirements from the
safeguards information for reactors and
fuel cycle facilities that require a higher
level of protection, the term ‘‘Safeguards
Information-Modified Handling’’ (SGI–
M) is being used as the distinguishing
marking for certain materials licensees.
Each person who produces, receives, or
acquires SGI–M shall ensure that it is
PO 00000
Frm 00084
Fmt 4703
Sfmt 4703
protected against unauthorized
disclosure. To meet this requirement,
licensees and persons shall establish
and maintain an information protection
system that includes the measures
specified below. Information protection
procedures employed by state and local
police forces are deemed to meet these
requirements.
Persons Subject to These Requirements
Any person, whether or not a licensee
of the NRC, who produces, receives, or
acquires SGI–M is subject to the
requirements (and sanctions) of this
document. Firms and their employees
that supply services or equipment to
materials licensees would fall under this
requirement if they possess facility SGIM. A licensee must inform contractors
and suppliers of the existence of these
requirements and the need for proper
protection. (See more under Conditions
for Access.)
State or local police units who have
access to SGI–M are also subject to these
requirements. However, these
organizations are deemed to have
adequate information protection
systems. The conditions for transfer of
information to a third party, i.e., needto-know, would still apply to the police
organization as would sanctions for
unlawful disclosure. Again, it would be
prudent for licensees who have
arrangements with local police to advise
them of the existence of these
requirements.
Criminal and Civil Sanctions
The Atomic Energy Act of 1954, as
amended, explicitly provides that any
person, ‘‘whether or not a licensee of the
Commission, who violates any
regulations adopted under this section
shall be subject to the civil monetary
penalties of section 234 of this Act.’’
Furthermore, willful violation of any
regulation or order governing safeguards
information is a felony subject to
criminal penalties in the form of fines
or imprisonment, or both. See sections
147b. and 223 of the Act.
Conditions for Access
Access to SGI–M beyond the initial
recipients of the order will be governed
by the background check requirements
imposed by the order. Access to SGI–M
by licensee employees, agents, or
contractors must include both an
appropriate need-to-know
determination by the licensee, as well as
a determination concerning the
trustworthiness of individuals having
access to the information. Employees of
an organization affiliated with the
licensee’s company, e.g., a parent
company, may be considered as
E:\FR\FM\12DEN1.SGM
12DEN1
Federal Register / Vol. 71, No. 238 / Tuesday, December 12, 2006 / Notices
employees of the licensee for access
purposes.
Need-to-Know
Need-to-know is defined as a
determination by a person having
responsibility for protecting SGI–M that
a proposed recipient’s access to SGI–M
is necessary in the performance of
official, contractual, or licensee duties
of employment. The recipient should be
made aware that the information is SGI–
M and those having access to it are
subject to these requirements as well as
criminal and civil sanctions for
mishandling the information.
jlentini on PROD1PC65 with NOTICES
Occupational Groups
Dissemination of SGI–M is limited to
individuals who have an established
need-to-know and who are members of
certain occupational groups. These
occupational groups are:
A. An employee, agent, or contractor
of an applicant, a licensee, the
Commission, or the United States
Government;
B. A member of a duly authorized
committee of the Congress;
C. The Governor of a State or his
designated representative;
D. A representative of the
International Atomic Energy Agency
(IAEA) engaged in activities associated
with the U.S./IAEA Safeguards
Agreement who has been certified by
the NRC;
E. A member of a state or local law
enforcement authority that is
responsible for responding to requests
for assistance during safeguards
emergencies; or
F. A person to whom disclosure is
ordered pursuant to Section 2.709(f) of
Part 2 of Title 10 of the Code of Federal
Regulations.
G. State Radiation Control Program
Directors (and State Homeland Security
Directors) or their designees.
In a generic sense, the individuals
described above in (A) through (G) are
considered to be trustworthy by virtue
of their employment status. For nongovernmental individuals in group (A)
above, a determination of reliability and
trustworthiness is required. Discretion
must be exercised in granting access to
these individuals. If there is any
indication that the recipient would be
unwilling or unable to provide proper
protection for the SGI–M, they are not
authorized to receive SGI–M.
and safety of the public or the common
defense and security by significantly
increasing the likelihood of theft,
diversion, or sabotage of materials or
facilities subject to NRC jurisdiction.
SGI–M identifies safeguards
information which is subject to these
requirements. These requirements are
necessary in order to protect quantities
of nuclear material significant to the
health and safety of the public or
common defense and security.
The overall measure for consideration
of SGI–M is the usefulness of the
information (security or otherwise) to an
adversary in planning or attempting a
malevolent act. The specificity of the
information increases the likelihood
that it will be useful to an adversary.
Protection While in Use
While in use, SGI–M shall be under
the control of an authorized individual.
This requirement is satisfied if the SGI–
M is attended by an authorized
individual even though the information
is in fact not constantly being used.
SGI–M, therefore, within alarm stations,
continuously manned guard posts or
ready rooms need not be locked in file
drawers or storage containers.
Under certain conditions the general
control exercised over security zones or
areas would be considered to meet this
requirement. The primary consideration
is limiting access to those who have a
need-to-know. Some examples would
be:
Alarm stations, guard posts and guard
ready rooms;
Engineering or drafting areas if
visitors are escorted and information is
not clearly visible;
Plant maintenance areas if access is
restricted and information is not clearly
visible; Administrative offices (e.g.,
central records or purchasing) if visitors
are escorted and information is not
clearly visible;
Information Considered for Safeguards
Information Designation
Protection While in Storage
While unattended, SGI–M shall be
stored in a locked file drawer or
container. Knowledge of lock
combinations or access to keys
protecting SGI–M shall be limited to a
minimum number of personnel for
operating purposes who have a ‘‘needto-know’’ and are otherwise authorized
access to SGI–M in accordance with
these requirements. Access to lock
combinations or keys shall be strictly
controlled so as to prevent disclosure to
an unauthorized individual.
Information deemed SGI–M is
information the disclosure of which
could reasonably be expected to have a
significant adverse effect on the health
Transportation of Documents and Other
Matter
Documents containing SGI–M when
transmitted outside an authorized place
VerDate Aug<31>2005
18:00 Dec 11, 2006
Jkt 211001
PO 00000
Frm 00085
Fmt 4703
Sfmt 4703
74569
of use or storage shall be enclosed in
two sealed envelopes or wrappers. The
inner envelope or wrapper shall contain
the name and address of the intended
recipient, and be marked both sides, top
and bottom with the words ‘‘Safeguards
Information—Modified Handling.’’ The
outer envelope or wrapper must be
addressed to the intended recipient,
must contain the address of the sender,
and must not bear any markings or
indication that the document contains
SGI–M.
SGI–M may be transported by any
commercial delivery company that
provides nation-wide overnight service
with computer tracking features, U.S.
first class, registered, express, or
certified mail, or by any individual
authorized access pursuant to these
requirements.
Within a facility, SGI–M may be
transmitted using a single opague
envelope. It may also be transmitted
within a facility without single or
double wrapping, provided adequate
measures are taken to protect the
material against unauthorized
disclosure. Individuals transporting
SGI–M should retain the documents in
their personal possession at all times or
ensure that the information is
appropriately wrapped and also secured
to preclude compromise by an
unauthorized individual.
Preparation and Marking of Documents
While the NRC is the sole authority
for determining what specific
information may be designated as ‘‘SGI–
M,’’ originators of documents are
responsible for determining whether
those documents contain such
information. Each document or other
matter that contains SGI–M shall be
marked ‘‘Safeguards Information—
Modified Handling’’ in a conspicuous
manner on the top and bottom of the
first page to indicate the presence of
protected information. The first page of
the document must also contain (i) the
name, title, and organization of the
individual authorized to make a SGI–M
determination, and who has determined
that the document contains SGI–M, (ii)
the date the document was originated or
the determination made, (iii) an
indication that the document contains
SGI–M, and (iv) an indication that
unauthorized disclosure would be
subject to civil and criminal sanctions.
Each additional page shall be marked in
a conspicuous fashion at the top and
bottom with letters denoting
‘‘Safeguards Information—Modified
Handling.’’
In additional to the ‘‘Safeguards
Information—Modified Handling’’
markings at the top and bottom of each
E:\FR\FM\12DEN1.SGM
12DEN1
74570
Federal Register / Vol. 71, No. 238 / Tuesday, December 12, 2006 / Notices
page, transmittal letters or memoranda
which do not in themselves contain
SGI–M shall be marked to indicate that
attachments or enclosures contain SGI–
M but that the transmittal does not (e.g.,
‘‘When separated from SGI–M
enclosure(s), this document is
decontrolled’’).
In addition to the information
required on the face of the document,
each item of correspondence that
contains SGI–M shall, by marking or
other means, clearly indicate which
portions (e.g., paragraphs, pages, or
appendices) contain SGI–M and which
do not. Portion marking is not required
for physical security and safeguards
contingency plans.
All documents or other matter
containing SGI–M in use or storage shall
be marked in accordance with these
requirements. A specific exception is
provided for documents in the
possession of contractors and agents of
licensees that were produced more than
one year prior to the effective date of the
order. Such documents need not be
marked unless they are removed from
file drawers or containers. The same
exception applies to old documents
stored away from the facility in central
files or corporation headquarters.
Since information protection
procedures employed by state and local
police forces are deemed to meet NRC
requirements, documents in the
possession of these agencies need not be
marked as set forth in this document.
jlentini on PROD1PC65 with NOTICES
Removal From SGI–M Category
Documents containing SGI–M shall be
removed from the SGI–M category
(decontrolled) only after the NRC
determines that the information no
longer meets the criteria of SGI–M.
Licensees have the authority to make
determinations that specific documents
which they created no longer contain
SGI–M information and may be
decontrolled. Consideration must be
exercised to ensure that any document
decontrolled shall not disclose SGI–M
in some other form or be combined with
other unprotected information to
disclose SGI–M.
The authority to determine that a
document may be decontrolled may be
exercised only by, or with the
permission of, the individual (or office)
who made the original determination.
The document shall indicate the name
and organization of the individual
removing the document from the SGI–
M category and the date of the removal.
Other persons who have the document
in their possession should be notified of
the decontrolling of the document.
VerDate Aug<31>2005
18:00 Dec 11, 2006
Jkt 211001
Reproduction of Matter Containing
SGI–M
SGI–M may be reproduced to the
minimum extent necessary consistent
with need without permission of the
originator. Newer digital copiers which
scan and retain images of documents
represent a potential security concern. If
the copier is retaining SGI–M
information in memory, the copier
cannot be connected to a network. It
should also be placed in a location that
is cleared and controlled for the
authorized processing of SGI–M
information. Different copiers have
different capabilities, including some
which come with features that allow the
memory to be erased. Each copier would
have to be examined from a physical
security perspective.
Use of Automatic Data Processing (ADP)
Systems
SGI–M may be processed or produced
on an ADP system provided that the
system is assigned to the licensee’s or
contractor’s facility and requires the use
of an entry code/password for access to
stored information. Licensees are
encouraged to process this information
in a computing environment that has
adequate computer security controls in
place to prevent unauthorized access to
the information. An ADP system is
defined here as a data processing system
having the capability of long term
storage of SGI–M. Word processors such
as typewriters are not subject to the
requirements as long as they do not
transmit information off-site. (Note: if
SGI–M is produced on a typewriter, the
ribbon must be removed and stored in
the same manner as other SGI–M
information or media.) The basic
objective of these restrictions is to
prevent access and retrieval of stored
SGI–M by unauthorized individuals,
particularly from remote terminals.
Specific files containing SGI–M will be
password protected to preclude access
by an unauthorized individual. The
National Institute of Standards and
Technology (NIST) maintains a listing of
all validated encryption systems at
https://csrc.nist.gov/cryptval/140–1/
1401val.htm. SGI–M files may be
transmitted over a network if the file is
encrypted. In such cases, the licensee
will select a commercially available
encryption system that NIST has
validated as conforming to Federal
Information Processing Standards
(FIPS). SGI–M files shall be properly
labeled as ‘‘Safeguards Information—
Modified Handling’’ and saved to
removable media and stored in a locked
file drawer or cabinet.
PO 00000
Frm 00086
Fmt 4703
Sfmt 4703
Telecommunications
SGI–M may not be transmitted by
unprotected telecommunications
circuits except under emergency or
extraordinary conditions. For the
purpose of this requirement, emergency
or extraordinary conditions are defined
as any circumstances that require
immediate communications in order to
report, summon assistance for, or
respond to a security event (or an event
that has potential security significance).
This restriction applies to telephone,
telegraph, teletype, facsimile circuits,
and to radio. Routine telephone or radio
transmission between site security
personnel, or between the site and local
police, should be limited to message
formats or codes that do not disclose
facility security features or response
procedures. Similarly, call-ins during
transport should not disclose
information useful to a potential
adversary. Infrequent or non-repetitive
telephone conversations regarding a
physical security plan or program are
permitted provided that the discussion
is general in nature.
Individuals should use care when
discussing SGI–M at meetings or in the
presence of others to insure that the
conversation is not overheard by
persons not authorized access.
Transcripts, tapes or minutes of
meetings or hearings that contain SGI–
M shall be marked and protected in
accordance with these requirements.
Destruction
Documents containing SGI–M should
be destroyed when no longer needed.
They may be destroyed by tearing into
small pieces, burning, shredding or any
other method that precludes
reconstruction by means available to the
public at large. Piece sizes one half inch
or smaller composed of several pages or
documents and thoroughly mixed
would be considered completely
destroyed.
Attachment 3: Trustworthy and
Reliability Requirements for
Individuals Handling Safeguards
Information
Trustworthiness and Reliability
Requirements for Individuals Handling
Safeguards Information
In order to ensure the safe handling,
use, and control of information
designated as Safeguards Information,
each licensee shall control and limit
access to the information to only those
individuals who have established the
need-to-know the information, and are
considered to be trustworthy and
reliable. Licensees shall document the
basis for concluding that there is
E:\FR\FM\12DEN1.SGM
12DEN1
Federal Register / Vol. 71, No. 238 / Tuesday, December 12, 2006 / Notices
reasonable assurance that individuals
granted access to Safeguards
Information are trustworthy and
reliable, and do not constitute an
unreasonable risk for malevolent use of
the information.
The Licensee shall comply with the
requirements of this attachment:
1. The trustworthiness and reliability
of an individual shall be determined
based on a background investigation:
(a) The background investigation shall
address at least the past three (3) years,
and, at a minimum, include verification
of employment, education, and personal
references. The licensee shall also, to
the extent possible, obtain independent
information to corroborate that provided
by the employee (i.e., seeking references
not supplied by the individual).
(b) If an individual’s employment has
been less than the required three (3)
year period, educational references may
be used in lieu of employment history.
The licensee’s background
investigation requirements may be
satisfied for an individual that has an
active Federal security clearance.
2. The licensee shall retain
documentation regarding the
trustworthiness and reliability of
individual employees for three years
after the individual’s employment ends.
[FR Doc. E6–21044 Filed 12–11–06; 8:45 am]
Notice is
hereby given that as a result of the
President’s major disaster declaration on
10/23/2006, Private Non-Profit
organizations that provide essential
services of a governmental nature may
file disaster loan applications at the
address listed above or other locally
announced locations.
The following areas have been
determined to be adversely affected by
the disaster:
Primary Counties: Hawaii; City and
County of Honolulu; Maui.
The Interest Rates are:
Other (Including Non-Profit
Organizations) With Credit Available
Elsewhere 5.000.
Businesses And Non-Profit
Organizations Without Credit Available
Elsewhere 4.000.
The number assigned to this disaster
for physical damage is 10746.
SUPPLEMENTARY INFORMATION:
(Catalog of Federal Domestic Assistance
Number 59008)
Herbert L. Mitchell,
Associate Administrator, for Disaster
Assistance.
[FR Doc. E6–21027 Filed 12–11–06; 8:45 am]
BILLING CODE 8025–01–P
DEPARTMENT OF STATE
[Public Notice 5642]
BILLING CODE 7590–01–P
SMALL BUSINESS ADMINISTRATION
[Disaster Declaration #10746]
Hawaii Disaster #HI–00007
U.S. Small Business
Administration.
ACTION: Notice.
AGENCY:
SUMMARY: This is a Notice of the
Presidential declaration of a major
disaster for Public Assistance Only for
the State of Hawaii (FEMA–1664–DR),
dated 10/23/2006.
Incident: Kiholo Bay Earthquake.
Incident Period: 10/15/2006 and
continuing.
10/23/2006.
Physical Loan Application Deadline
Date: 12/22/2006.
ADDRESSES: Submit completed loan
applications to: U.S. Small Business
Administration, Processing and
Disbursement Center, 14925 Kingsport
Road, Fort Worth, TX 76155.
FOR FURTHER INFORMATION CONTACT:
A. Escobar, Office of Disaster
Assistance, U.S. Small Business
Administration, 409 3rd Street, SW.,
Suite 6050, Washington, DC 20416.
jlentini on PROD1PC65 with NOTICES
EFFECTIVE DATE:
VerDate Aug<31>2005
18:00 Dec 11, 2006
Jkt 211001
Culturally Significant Objects Imported
for Exhibition; eterminations:
‘‘Modernism: Designing a New World
1914–1939’’
SUMMARY: Notice is hereby given of the
following determinations: Pursuant to
the authority vested in me by the Act of
October 19, 1965 (79 Stat. 985; 22 U.S.C.
2459), Executive Order 12047 of March
27, 1978, the Foreign Affairs Reform and
Restructuring Act of 1998 (112 Stat.
2681, et seq.; 22 U.S.C. 6501 note, et
seq.), Delegation of Authority No. 234 of
October 1, 1999, Delegation of Authority
No. 236 of October 19, 1999, as
amended, and Delegation of Authority
No. 257 of April 15, 2003 [68 FR 19875],
I hereby determine that the objects to be
included in the exhibition ‘‘Modernism:
Designing a New World 1914–1939’’,
imported from abroad for temporary
exhibition within the United States, are
of cultural significance. The objects are
imported pursuant to loan agreements
with the foreign owners or custodians.
I also determine that the exhibition or
display of the exhibit objects at The
Corcoran Gallery of Art, Washington,
DC, from on or about March 17, 2007
until on or about July 29, 2007, and at
possible additional venues yet to be
determined, is in the national interest.
PO 00000
Frm 00087
Fmt 4703
Sfmt 4703
74571
Public Notice of these Determinations is
ordered to be published in the Federal
Register.
FOR FURTHER INFORMATION CONTACT: For
further information, including a list of
the exhibit objects, contact Wolodymyr
Sulzynsky, Attorney-Adviser, Office of
the Legal Adviser, U.S. Department of
State (telephone: (202) 453–8050). The
address is U.S. Department of State, SA–
44, 301 4th Street, SW., Room 700,
Washington, DC 20547–0001.
Dated: December 7, 2006.
C. Miller Crouch,
Principal Deputy Assistant Secretary for
Educational and Cultural Affairs, Department
of State.
[FR Doc. E6–21176 Filed 12–11–06; 8:45 am]
BILLING CODE 4710–05–P
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
Advisory Circular No. 20–73A, Aircraft
Ice Protection
Federal Aviation
Administration, DOT.
ACTION: Notice of issuance of Advisory
Circular.
AGENCY:
SUMMARY: This notice announces the
issuance of Advisory Circular (AC) 20–
73A, Aircraft Ice Protection. This AC
tells type certificate and supplemental
type certificate applicants how to
comply with ice protection
requirements of Title 14 of the Code of
Federal Regulations (14 CFR) parts 23,
25, 29, 33, and 35.
DATES: The Federal Aviation
Administration’s, Aircraft Engineering
Division, issued AC 20–73A on August
16, 2006.
FOR FURTHER INFORMATION CONTACT: The
Federal Aviation Administration, Attn:
George T. Soteropoulos, Aircraft
Engineering Division’s Technical
Programs and Continued Airworthiness
Branch, AIR–120, 800 Independence
Avenue, SW., Washington, DC 20591;
telephone (202) 267–9796; fax (202)
267–5340; E-mail
george.soteropoulos@faa.gov.
SUPPLEMENTARY INFORMATION: We have
filed in the docket all substantive
comments received, and a report
summarizing them. If you wish to
review the docket in person, you may
do so by going to the above address
between 9 a.m. and 4:30 p.m., Monday
through Friday, except Federal holidays.
If you wish to contact the above named
individual directly, you can use the
above telephone number or e-mail
address.
E:\FR\FM\12DEN1.SGM
12DEN1
Agencies
[Federal Register Volume 71, Number 238 (Tuesday, December 12, 2006)]
[Notices]
[Pages 74567-74571]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E6-21044]
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
[EA-06-289]
In the Matter of All Licensees Who Possess Radioactive Material
In Quantities of Concern and All Other Persons Who Obtain Safeguards
Information Described Herein; Order Imposing Requirements for the
Protection of Certain Safeguards Information (Effective Immediately)
I
The Licensees, identified in Attachment 1 \1\ to this Order, hold
licenses issued in accordance with the Atomic Energy Act of 1954, by
the U.S. Nuclear Regulatory Commission (NRC or Commission) or an
Agreement State, authorizing them to possess and transfer items
containing radioactive material quantities of concern. The NRC intends
to issue security Orders to these licensees in the near future. Orders
will be issued to both NRC and Agreement State materials licensees who
may transport radioactive material quantities of concern. The Orders
will require compliance with specific Additional Security Measures to
enhance the security for transport of certain radioactive material
quantities of concern. The NRC will issue Orders to both NRC and
Agreement State licensees under its authority to protect the common
defense and security, which has not been relinquished to the Agreement
States. The Commission has determined that these documents will contain
Safeguards Information (SGI), will not be released to the public, and
must be protected from unauthorized disclosure. Therefore, the
Commission is imposing the requirements, as set forth in Attachments 2
and 3 to this Order and in Order EA-06-290, so that affected Licensees
can receive these documents. This Order also imposes requirements for
the protection of SGI in the hands of any person,\2\ whether or not a
licensee of the Commission, who produces, receives, or acquires SGI.
---------------------------------------------------------------------------
\1\ Attachment 1 contains sensitive information and will not be
released to the public.
\2\ Person means (1) any individual, corporation, partnership,
firm, association, trust, estate, public or private institution,
group, government agency other than the Commission or the
Department, except that the Department shall be considered a person
with respect to those facilities of the Department specified in
section 202 of the Energy Reorganization Act of 1974 (88 Stat.
1244), any State or any political subdivision of, or any political
entity within a State, any foreign government or nation or any
political subdivision of any such government or nation, or other
entity; and (2) any legal successor, representative, agent, or
agency of the foregoing.
---------------------------------------------------------------------------
II
The Commission has broad statutory authority to protect and
prohibit the unauthorized disclosure of SGI. Section 147 of the Atomic
Energy Act of 1954, as amended, grants the Commission explicit
authority to ``* * * issue such orders, as necessary to prohibit the
unauthorized disclosure of safeguards information * * *'' This
authority extends to information concerning transfer of special nuclear
material, source material, and byproduct material. Licensees and all
persons who produce, receive, or acquire SGI must ensure proper
handling and protection of SGI to avoid unauthorized disclosure in
accordance with the specific requirements for the protection of SGI
contained in Attachments 2 and 3 to this Order. The Commission hereby
provides notice that it intends to treat violations of the requirements
contained in Attachments 2 and 3 to this Order applicable to the
handling and unauthorized disclosure of SGI as serious breaches of
adequate protection of the public health and safety and the common
defense and security of the United States. Access to SGI is limited to
those persons who have established a need-to-know the information, are
considered to be trustworthy and reliable, and meet the requirements of
Order EA-06-290. A need-to-know means a determination by a person
having responsibility for protecting SGI that a proposed recipient's
access to SGI is necessary in the performance of official, contractual,
or licensee duties of employment. Licensees and all other persons who
obtain SGI must ensure that they develop, maintain and implement strict
policies and procedures for the proper handling of SGI to prevent
unauthorized disclosure, in accordance with the requirements in
Attachments 2 and 3 to this Order. All licensees must ensure that all
contractors whose employees may have access to SGI either adhere to the
licensee's policies and procedures on SGI or develop, maintain and
implement their own acceptable policies and procedures. The licensees
remain responsible for the conduct of their contractors. The policies
and procedures necessary to ensure compliance with applicable
requirements contained in Attachments 2 and 3 to this Order must
address, at a minimum, the following: the general performance
requirement that each person who produces, receives, or acquires SGI
shall ensure that SGI is protected against unauthorized disclosure;
protection of SGI at fixed sites, in use and in storage, and while in
transit; correspondence containing SGI; access to SGI; preparation,
marking, reproduction and destruction of documents; external
transmission of documents; use of automatic data processing systems;
removal of the SGI category; the need-to-know the information; and
background checks to determine access to the information.
In order to provide assurance that the licensees are implementing
prudent measures to achieve a consistent level of protection to
prohibit the unauthorized disclosure of Safeguards Information, all
licensees who hold licenses issued by the NRC or an Agreement State
authorizing them to possess and who may transport items containing
radioactive material quantities of concern shall implement the
requirements identified in Attachments 2 and 3 to this Order. The
Commission recognizes that licensees may have already initiated many of
the measures set forth in Attachments 2 and 3 to this Order for
handling of SGI in conjunction with current NRC license requirements or
previous NRC Orders. Additional measures set forth in Attachments 2 and
3 to this Order should be incorporated into the licensee's current
program for SGI. In addition, pursuant to 10 CFR 2.202, I find that in
light of the common defense and security matters identified above,
which warrant the issuance of this Order, the public health, safety and
interest require that this Order be effective immediately.
III
Accordingly, pursuant to Sections 81, 147, 161b, 161i, 161o, 182
and 186 of the Atomic Energy Act of 1954, as amended, and the
Commission's regulations in 10 CFR 2.202, 10 CFR Part 30, 10 CFR Part
32, 10 CFR Part 35, and 10 CFR Part 70, it is hereby ordered, effective
immediately, that all licensees identified in attachment 1 to this
order and all other persons who produce, receive, or acquire the
additional security measures identified above (whether draft or final)
or any related SGI shall comply with the requirements of attachments 2
and 3 to this order.
The Director, Office of Federal and State Materials and
Environmental
[[Page 74568]]
Management Programs, may, in writing, relax or rescind any of the above
conditions upon demonstration of good cause by the licensee.
IV
In accordance with 10 CFR 2.202, the Licensee must, and any other
person adversely affected by this Order may, submit an answer to this
Order, and may request a hearing on this Order, within twenty (20) days
of the date of this Order. Where good cause is shown, consideration
will be given to extending the time to request a hearing. A request for
extension of time in which to submit an answer or request a hearing
must be made in writing to the Director, Office of Federal and State
Materials and Environmental Management Programs, U.S. Nuclear
Regulatory Commission, Washington, DC 20555, and include a statement of
good cause for the extension. The answer may consent to this Order.
Unless the answer consents to this Order, the answer shall, in writing
and under oath or affirmation, specifically set forth the matters of
fact and law on which the Licensee or other person adversely affected
relies and the reasons as to why the Order should not have been issued.
Any answer or request for a hearing shall be submitted to the
Secretary, Office of the Secretary of the Commission, U.S. Nuclear
Regulatory Commission, ATTN: Rulemakings and Adjudications Staff,
Washington, DC 20555. Copies also shall be sent to the Director, Office
of Nuclear Material Safety and Safeguards, U.S. Nuclear Regulatory
Commission, Washington, DC 20555, to the Assistant General Counsel for
Materials Litigation and Enforcement at the same address, and to the
Licensee if the answer or hearing request is by a person other than the
Licensee. Because of possible delays in delivery of mail to United
States Government offices, it is requested that answers and requests
for hearing be transmitted to the Secretary of the Commission either by
means of facsimile transmission to 301-415-1101 or by e-mail to
hearingdocket@nrc.gov and also to the Office of the General Counsel
either by means of facsimile transmission to 301-415-3725 or by e-mail
to OGCMailCenter@nrc.gov. If a person other than the Licensee requests
a hearing, that person shall set forth with particularity the manner in
which his interest is adversely affected by this Order and shall
address the criteria set forth in 10 CFR 2.309.
If a hearing is requested by the Licensee or a person whose
interest is adversely affected, the Commission will issue an Order
designating the time and place of any hearing. If a hearing is held,
the issue to be considered at such hearing shall be whether this Order
should be sustained.
Pursuant to 10 CFR 2.202(c)(2)(i), the Licensee may, in addition to
demanding a hearing, at the time the answer is filed or sooner, move
the presiding officer to set aside the immediate effectiveness of the
Order on the ground that the Order, including the need for immediate
effectiveness, is not based on adequate evidence but on mere suspicion,
unfounded allegations, or error. In the absence of any request for
hearing, or written approval of an extension of time in which to
request a hearing, the provisions specified in Section III above shall
be final twenty (20) days from the date of this Order without further
order or proceedings. If an extension of time for requesting a hearing
has been approved, the provisions specified in Section III shall be
final when the extension expires if a hearing request has not been
received.
An answer or a request for hearing shall not stay the immediate
effectiveness of this order.
Dated this 1st day of December 2006.
For the Nuclear Regulatory Commission.
Charles L. Miller,
Director, Office of Federal and State Materials and Environmental
Management Programs.
Attachments:
1. List of Applicable Materials Licensees.
2. Modified Handling Requirements for the Protection of Certain
Safeguards Information (SGI-M).
3. Trustworthy and Reliability Requirements for Individuals
Handling Safeguards Information.
Attachment 1: List of Applicable Materials Licensees Redacted
Attachment 2: Modified Handling Requirements for the Protection of
Certain Safeguards Information (SGI-M)
Modified Handling Requirements for the Protection of Certain Safeguards
Information (SGI-M)
General Requirement
Information and material that the U.S. Nuclear Regulatory
Commission (NRC) determines are safeguards information must be
protected from unauthorized disclosure. In order to distinguish
information needing modified protection requirements from the
safeguards information for reactors and fuel cycle facilities that
require a higher level of protection, the term ``Safeguards
Information-Modified Handling'' (SGI-M) is being used as the
distinguishing marking for certain materials licensees. Each person who
produces, receives, or acquires SGI-M shall ensure that it is protected
against unauthorized disclosure. To meet this requirement, licensees
and persons shall establish and maintain an information protection
system that includes the measures specified below. Information
protection procedures employed by state and local police forces are
deemed to meet these requirements.
Persons Subject to These Requirements
Any person, whether or not a licensee of the NRC, who produces,
receives, or acquires SGI-M is subject to the requirements (and
sanctions) of this document. Firms and their employees that supply
services or equipment to materials licensees would fall under this
requirement if they possess facility SGI-M. A licensee must inform
contractors and suppliers of the existence of these requirements and
the need for proper protection. (See more under Conditions for Access.)
State or local police units who have access to SGI-M are also
subject to these requirements. However, these organizations are deemed
to have adequate information protection systems. The conditions for
transfer of information to a third party, i.e., need-to-know, would
still apply to the police organization as would sanctions for unlawful
disclosure. Again, it would be prudent for licensees who have
arrangements with local police to advise them of the existence of these
requirements.
Criminal and Civil Sanctions
The Atomic Energy Act of 1954, as amended, explicitly provides that
any person, ``whether or not a licensee of the Commission, who violates
any regulations adopted under this section shall be subject to the
civil monetary penalties of section 234 of this Act.'' Furthermore,
willful violation of any regulation or order governing safeguards
information is a felony subject to criminal penalties in the form of
fines or imprisonment, or both. See sections 147b. and 223 of the Act.
Conditions for Access
Access to SGI-M beyond the initial recipients of the order will be
governed by the background check requirements imposed by the order.
Access to SGI-M by licensee employees, agents, or contractors must
include both an appropriate need-to-know determination by the licensee,
as well as a determination concerning the trustworthiness of
individuals having access to the information. Employees of an
organization affiliated with the licensee's company, e.g., a parent
company, may be considered as
[[Page 74569]]
employees of the licensee for access purposes.
Need-to-Know
Need-to-know is defined as a determination by a person having
responsibility for protecting SGI-M that a proposed recipient's access
to SGI-M is necessary in the performance of official, contractual, or
licensee duties of employment. The recipient should be made aware that
the information is SGI-M and those having access to it are subject to
these requirements as well as criminal and civil sanctions for
mishandling the information.
Occupational Groups
Dissemination of SGI-M is limited to individuals who have an
established need-to-know and who are members of certain occupational
groups. These occupational groups are:
A. An employee, agent, or contractor of an applicant, a licensee,
the Commission, or the United States Government;
B. A member of a duly authorized committee of the Congress;
C. The Governor of a State or his designated representative;
D. A representative of the International Atomic Energy Agency
(IAEA) engaged in activities associated with the U.S./IAEA Safeguards
Agreement who has been certified by the NRC;
E. A member of a state or local law enforcement authority that is
responsible for responding to requests for assistance during safeguards
emergencies; or
F. A person to whom disclosure is ordered pursuant to Section
2.709(f) of Part 2 of Title 10 of the Code of Federal Regulations.
G. State Radiation Control Program Directors (and State Homeland
Security Directors) or their designees.
In a generic sense, the individuals described above in (A) through
(G) are considered to be trustworthy by virtue of their employment
status. For non-governmental individuals in group (A) above, a
determination of reliability and trustworthiness is required.
Discretion must be exercised in granting access to these individuals.
If there is any indication that the recipient would be unwilling or
unable to provide proper protection for the SGI-M, they are not
authorized to receive SGI-M.
Information Considered for Safeguards Information Designation
Information deemed SGI-M is information the disclosure of which
could reasonably be expected to have a significant adverse effect on
the health and safety of the public or the common defense and security
by significantly increasing the likelihood of theft, diversion, or
sabotage of materials or facilities subject to NRC jurisdiction.
SGI-M identifies safeguards information which is subject to these
requirements. These requirements are necessary in order to protect
quantities of nuclear material significant to the health and safety of
the public or common defense and security.
The overall measure for consideration of SGI-M is the usefulness of
the information (security or otherwise) to an adversary in planning or
attempting a malevolent act. The specificity of the information
increases the likelihood that it will be useful to an adversary.
Protection While in Use
While in use, SGI-M shall be under the control of an authorized
individual. This requirement is satisfied if the SGI-M is attended by
an authorized individual even though the information is in fact not
constantly being used. SGI-M, therefore, within alarm stations,
continuously manned guard posts or ready rooms need not be locked in
file drawers or storage containers.
Under certain conditions the general control exercised over
security zones or areas would be considered to meet this requirement.
The primary consideration is limiting access to those who have a need-
to-know. Some examples would be:
Alarm stations, guard posts and guard ready rooms;
Engineering or drafting areas if visitors are escorted and
information is not clearly visible;
Plant maintenance areas if access is restricted and information is
not clearly visible; Administrative offices (e.g., central records or
purchasing) if visitors are escorted and information is not clearly
visible;
Protection While in Storage
While unattended, SGI-M shall be stored in a locked file drawer or
container. Knowledge of lock combinations or access to keys protecting
SGI-M shall be limited to a minimum number of personnel for operating
purposes who have a ``need-to-know'' and are otherwise authorized
access to SGI-M in accordance with these requirements. Access to lock
combinations or keys shall be strictly controlled so as to prevent
disclosure to an unauthorized individual.
Transportation of Documents and Other Matter
Documents containing SGI-M when transmitted outside an authorized
place of use or storage shall be enclosed in two sealed envelopes or
wrappers. The inner envelope or wrapper shall contain the name and
address of the intended recipient, and be marked both sides, top and
bottom with the words ``Safeguards Information--Modified Handling.''
The outer envelope or wrapper must be addressed to the intended
recipient, must contain the address of the sender, and must not bear
any markings or indication that the document contains SGI-M.
SGI-M may be transported by any commercial delivery company that
provides nation-wide overnight service with computer tracking features,
U.S. first class, registered, express, or certified mail, or by any
individual authorized access pursuant to these requirements.
Within a facility, SGI-M may be transmitted using a single opague
envelope. It may also be transmitted within a facility without single
or double wrapping, provided adequate measures are taken to protect the
material against unauthorized disclosure. Individuals transporting SGI-
M should retain the documents in their personal possession at all times
or ensure that the information is appropriately wrapped and also
secured to preclude compromise by an unauthorized individual.
Preparation and Marking of Documents
While the NRC is the sole authority for determining what specific
information may be designated as ``SGI-M,'' originators of documents
are responsible for determining whether those documents contain such
information. Each document or other matter that contains SGI-M shall be
marked ``Safeguards Information--Modified Handling'' in a conspicuous
manner on the top and bottom of the first page to indicate the presence
of protected information. The first page of the document must also
contain (i) the name, title, and organization of the individual
authorized to make a SGI-M determination, and who has determined that
the document contains SGI-M, (ii) the date the document was originated
or the determination made, (iii) an indication that the document
contains SGI-M, and (iv) an indication that unauthorized disclosure
would be subject to civil and criminal sanctions. Each additional page
shall be marked in a conspicuous fashion at the top and bottom with
letters denoting ``Safeguards Information--Modified Handling.''
In additional to the ``Safeguards Information--Modified Handling''
markings at the top and bottom of each
[[Page 74570]]
page, transmittal letters or memoranda which do not in themselves
contain SGI-M shall be marked to indicate that attachments or
enclosures contain SGI-M but that the transmittal does not (e.g.,
``When separated from SGI-M enclosure(s), this document is
decontrolled'').
In addition to the information required on the face of the
document, each item of correspondence that contains SGI-M shall, by
marking or other means, clearly indicate which portions (e.g.,
paragraphs, pages, or appendices) contain SGI-M and which do not.
Portion marking is not required for physical security and safeguards
contingency plans.
All documents or other matter containing SGI-M in use or storage
shall be marked in accordance with these requirements. A specific
exception is provided for documents in the possession of contractors
and agents of licensees that were produced more than one year prior to
the effective date of the order. Such documents need not be marked
unless they are removed from file drawers or containers. The same
exception applies to old documents stored away from the facility in
central files or corporation headquarters.
Since information protection procedures employed by state and local
police forces are deemed to meet NRC requirements, documents in the
possession of these agencies need not be marked as set forth in this
document.
Removal From SGI-M Category
Documents containing SGI-M shall be removed from the SGI-M category
(decontrolled) only after the NRC determines that the information no
longer meets the criteria of SGI-M. Licensees have the authority to
make determinations that specific documents which they created no
longer contain SGI-M information and may be decontrolled. Consideration
must be exercised to ensure that any document decontrolled shall not
disclose SGI-M in some other form or be combined with other unprotected
information to disclose SGI-M.
The authority to determine that a document may be decontrolled may
be exercised only by, or with the permission of, the individual (or
office) who made the original determination. The document shall
indicate the name and organization of the individual removing the
document from the SGI-M category and the date of the removal. Other
persons who have the document in their possession should be notified of
the decontrolling of the document.
Reproduction of Matter Containing SGI-M
SGI-M may be reproduced to the minimum extent necessary consistent
with need without permission of the originator. Newer digital copiers
which scan and retain images of documents represent a potential
security concern. If the copier is retaining SGI-M information in
memory, the copier cannot be connected to a network. It should also be
placed in a location that is cleared and controlled for the authorized
processing of SGI-M information. Different copiers have different
capabilities, including some which come with features that allow the
memory to be erased. Each copier would have to be examined from a
physical security perspective.
Use of Automatic Data Processing (ADP) Systems
SGI-M may be processed or produced on an ADP system provided that
the system is assigned to the licensee's or contractor's facility and
requires the use of an entry code/password for access to stored
information. Licensees are encouraged to process this information in a
computing environment that has adequate computer security controls in
place to prevent unauthorized access to the information. An ADP system
is defined here as a data processing system having the capability of
long term storage of SGI-M. Word processors such as typewriters are not
subject to the requirements as long as they do not transmit information
off-site. (Note: if SGI-M is produced on a typewriter, the ribbon must
be removed and stored in the same manner as other SGI-M information or
media.) The basic objective of these restrictions is to prevent access
and retrieval of stored SGI-M by unauthorized individuals, particularly
from remote terminals. Specific files containing SGI-M will be password
protected to preclude access by an unauthorized individual. The
National Institute of Standards and Technology (NIST) maintains a
listing of all validated encryption systems at https://csrc.nist.gov/
cryptval/140-1/1401val.htm. SGI-M files may be transmitted over a
network if the file is encrypted. In such cases, the licensee will
select a commercially available encryption system that NIST has
validated as conforming to Federal Information Processing Standards
(FIPS). SGI-M files shall be properly labeled as ``Safeguards
Information--Modified Handling'' and saved to removable media and
stored in a locked file drawer or cabinet.
Telecommunications
SGI-M may not be transmitted by unprotected telecommunications
circuits except under emergency or extraordinary conditions. For the
purpose of this requirement, emergency or extraordinary conditions are
defined as any circumstances that require immediate communications in
order to report, summon assistance for, or respond to a security event
(or an event that has potential security significance).
This restriction applies to telephone, telegraph, teletype,
facsimile circuits, and to radio. Routine telephone or radio
transmission between site security personnel, or between the site and
local police, should be limited to message formats or codes that do not
disclose facility security features or response procedures. Similarly,
call-ins during transport should not disclose information useful to a
potential adversary. Infrequent or non-repetitive telephone
conversations regarding a physical security plan or program are
permitted provided that the discussion is general in nature.
Individuals should use care when discussing SGI-M at meetings or in
the presence of others to insure that the conversation is not overheard
by persons not authorized access. Transcripts, tapes or minutes of
meetings or hearings that contain SGI-M shall be marked and protected
in accordance with these requirements.
Destruction
Documents containing SGI-M should be destroyed when no longer
needed. They may be destroyed by tearing into small pieces, burning,
shredding or any other method that precludes reconstruction by means
available to the public at large. Piece sizes one half inch or smaller
composed of several pages or documents and thoroughly mixed would be
considered completely destroyed.
Attachment 3: Trustworthy and Reliability Requirements for Individuals
Handling Safeguards Information
Trustworthiness and Reliability Requirements for Individuals Handling
Safeguards Information
In order to ensure the safe handling, use, and control of
information designated as Safeguards Information, each licensee shall
control and limit access to the information to only those individuals
who have established the need-to-know the information, and are
considered to be trustworthy and reliable. Licensees shall document the
basis for concluding that there is
[[Page 74571]]
reasonable assurance that individuals granted access to Safeguards
Information are trustworthy and reliable, and do not constitute an
unreasonable risk for malevolent use of the information.
The Licensee shall comply with the requirements of this attachment:
1. The trustworthiness and reliability of an individual shall be
determined based on a background investigation:
(a) The background investigation shall address at least the past
three (3) years, and, at a minimum, include verification of employment,
education, and personal references. The licensee shall also, to the
extent possible, obtain independent information to corroborate that
provided by the employee (i.e., seeking references not supplied by the
individual).
(b) If an individual's employment has been less than the required
three (3) year period, educational references may be used in lieu of
employment history.
The licensee's background investigation requirements may be
satisfied for an individual that has an active Federal security
clearance.
2. The licensee shall retain documentation regarding the
trustworthiness and reliability of individual employees for three years
after the individual's employment ends.
[FR Doc. E6-21044 Filed 12-11-06; 8:45 am]
BILLING CODE 7590-01-P