Geologic Repository Operations Area Security and Material Control and Accounting Requirements, 72522-72562 [E7-24346]

Agencies

• NUCLEAR REGULATORY COMMISSION

[Federal Register Volume 72, Number 244 (Thursday, December 20, 2007)]
[Proposed Rules]
[Pages 72522-72562]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E7-24346]



[[Page 72521]]

-----------------------------------------------------------------------

Part III





Nuclear Regulatory Commission





-----------------------------------------------------------------------



10 CFR Parts 60, 63, 73 and 74



Geologic Repository Operations Area Security and Material Control and 
Accounting Requirements; Proposed Rule

Federal Register / Vol. 72, No. 244 / Thursday, December 20, 2007 / 
Proposed Rules

[[Page 72522]]


-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION

10 CFR Parts 60, 63, 73, and 74

RIN 3150-AI06


Geologic Repository Operations Area Security and Material Control 
and Accounting Requirements

AGENCY: Nuclear Regulatory Commission.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Nuclear Regulatory Commission (NRC) is proposing to amend 
its regulations to revise the security requirements and material 
control and accounting (MC&A) requirements for a geologic repository 
operations area (GROA). The goal of this rulemaking is to ensure that 
effective security measures are in place for the protection of high-
level radioactive waste (HLW) and other radioactive material at a GROA 
given the post-September 11, 2001, threat environment. New requirements 
for specific training enhancements, improved access authorization, 
enhancements to defensive strategies, and enhanced reporting 
requirements would be incorporated. The proposed rule would establish 
general performance objectives and corresponding system capabilities 
for the GROA MC&A program, with a focus on strengthening, streamlining, 
and consolidating all MC&A regulations specific to a GROA. In addition, 
the proposed rule would require the emergency plan to address 
radiological emergencies.

DATES: The comment period expires March 4, 2008. Comments received 
after this date will be considered if it is practical to do so, but the 
NRC is able to assure consideration only for comments received on or 
before this date.

ADDRESSES: You may submit comments by any one of the following methods. 
Please include the number RIN 3150-AI06 in the subject line of your 
comments. Comments on rulemakings submitted in writing or in electronic 
form will be made available to the public in their entirety on the NRC 
rulemaking Web site. Personal information such as name, address, 
telephone, e-mail address, etc., will not be removed from your 
submission.
    Mail comments to: Secretary, U.S. Nuclear Regulatory Commission, 
Washington, DC 20555-0001, ATTN: Rulemakings and Adjudications Staff.
    E-mail comments to: SECY@nrc.gov. If you do not receive a reply e-
mail confirming that we have received your comments, contact us 
directly at (301) 415-1677.
    Comments can also be submitted via the Federal eRulemaking Portal 
https://www.regulations.gov.
    Hand deliver comments to: 11555 Rockville Pike, Rockville, Maryland 
20852, between 7:30 am and 4:15 pm Federal workdays. (Telephone (301) 
415-1677).
    Fax comments to: Secretary, U.S. Nuclear Regulatory Commission at 
(301) 415-1101.
    Publicly available documents related to this rulemaking, including 
comments, may be viewed electronically on the public computers located 
at the NRC's Public Document Room (PDR), O1 F21, One White Flint North, 
11555 Rockville Pike, Rockville, Maryland. The PDR reproduction 
contractor will copy documents for a fee.
    Publicly available documents created or received at the NRC after 
November 1, 1999, are available electronically at the NRC's Electronic 
Reading Room at https://www.nrc.gov/reading-rm/adams.html. From this 
site, the public can gain entry into the NRC's Agencywide Document 
Access and Management System (ADAMS), which provides text and image 
files of NRC's public documents. If you do not have access to ADAMS or 
if there are problems in accessing the documents located in ADAMS, 
contact the NRC PDR Reference staff at 1-800-397-4209, 301-415-4737, or 
by e-mail to pdr@nrc.gov.

FOR FURTHER INFORMATION CONTACT: Merri Horn, Office of Federal and 
State Materials and Environmental Management Programs, U.S. Nuclear 
Regulatory Commission, Washington, DC 20555-0001, telephone (301) 415-
8126, e-mail, mlh1@nrc.gov.

SUPPLEMENTARY INFORMATION:

I. Background
II. Discussion
    A. What Action Is the NRC Taking?
    B. Whom Would This Action Affect?
    C. Why Do the Requirements Need to be Revised?
    D. When Do the Security and MC&A Plans Need To Be Submitted?
    E. What Types of Material Would Be Covered by the New Security 
and MC&A Requirements?
    F. What Are the Key Aspects of the Proposed MC&A Requirements?
    G. What Kinds of Systems Capabilities Would Be Proposed for the 
MC&A Program?
    H. Would Shipper-Receiver Comparisons With Independent 
Measurements Be Required for Receipts?
    I. What Measurements Would Be Necessary Under the GROA MC&A 
Program?
    J. What Would an MC&A Detection and Response Program Involve?
    K. What Additional Requirements Would Be Imposed if DOE 
Possesses Formula Quantities of Strategic SNM That Is in a Form 
Other Than as Irradiated Nuclear Reactor Fuel?
    L. What Special MC&A-Related Needs Exist?
    M. What Is the Objective of the Proposed Physical Security 
Requirements?
    N. What Threat Would a GROA Be Required To Defend Against?
    O. Why Do the Security Requirements Differ for Various Aspects 
of a GROA?
    P. Would Access Authorization Requirements Apply to a GROA and 
What Would They Cover?
    Q. Would Criminal History Checks Apply to a GROA?
    R. What Are the Key Aspects of the Security Requirements?
    S. What Is a Target Set as it Applies to a GROA?
    T. What Weapons Authorization Would Be Necessary for the GROA 
Operations?
    U. Would DOE Be Required To Conduct Force-on-Force Exercises for 
the GROA Facility?
    V. How Would the Security Plans Handle Construction at a GROA 
After Receipt of HLW Begins?
    W. Does This Rulemaking Cover Transportation of High-Level 
Radioactive Waste to a GROA?
    X. Would the Security and MC&A Plans Cover Postclosure?
    Y. What Safeguards Reporting Requirements Would Be Proposed for 
a GROA?
    Z. Does the NRC Plan To Issue Guidance Documents?
    AA. Would the GROA Facilities Be Subject to IAEA Safeguards?
    BB. What Changes Would Be Made to the Emergency Plan 
Requirements?
    CC. What Should I Consider as I Prepare My Comments to NRC?
III. Discussion of Proposed Amendments by Section
IV. Criminal Penalties
V. Agreement State Compatibility
VI. Plain Language
VII. Voluntary Consensus Standards
VIII. Finding of No Significant Environmental Impact
IX. Paperwork Reduction Act Statement
X. Public Protection Notification
XI. Regulatory Analysis
XII. Regulatory Flexibility Certification
XIII. Backfit Analysis

I. Background

    On November 2, 2001 (66 FR 55732), the NRC published its final rule 
governing disposal of HLW in a potential geologic repository at Yucca 
Mountain in Nevada. The U.S. Department of Energy (DOE) must comply 
with these regulations for NRC to authorize construction and license 
operation of a potential repository at Yucca Mountain in Nevada. The 
security requirements applicable to a GROA in these regulations were 
developed prior to September 11, 2001, under a previous and very 
different

[[Page 72523]]

threat environment. Currently, there is no distinction between the 
security and MC&A requirements for independent spent fuel storage 
installations (ISFSIs) and the requirements for larger, more 
complicated geologic repositories for permanent disposal of HLW. At the 
time the security provisions were established, the NRC used the same 
regulatory approach for protecting a GROA as that for protecting spent 
nuclear fuel storage facilities licensed under 10 CFR part 72. GROA 
operations, at least those conducted in surface facilities, seemed 
vulnerable to the same kinds of potential threats that were 
characteristic of the storage of spent nuclear fuel (SNF). The same 
level of protection was deemed sufficient to protect against acts that 
might be inimical to the common defense and security. The same 
reasoning applies to the MC&A requirements.
    The NRC's regulatory approach was predicated on maintaining the 
physical integrity of the SNF rods. In the event the physical integrity 
of the SNF rods could not be maintained, the staff planned to address 
the additional security measures that would be necessary by 
incorporating conditions into the license.
    Potential surface operations at a GROA have become more complex 
over the years. For example, the DOE has indicated that it now plans to 
include bare SNF handling operations within a spent fuel pool to 
transfer SNF from a non-TAD (transfer, aging, disposal) canister to a 
TAD canister, which would then be utilized for emplacement and 
permanent disposal of the SNF in the Yucca Mountain repository.
    Because both the threat environment and the plans for surface 
operations at the GROA have changed, the NRC now believes that a 
separate regulatory approach for protecting and safeguarding a GROA is 
necessary. The DOE has not set forth a final concept of operations for 
the GROA. Therefore, it is not clear what types of facilities will be 
part of the surface operations or what type of handling of the HLW 
within the surface facilities may occur.
    The new security and MC&A requirements also should be broad enough 
and sufficiently flexible to cover a range of possible types of non-HLW 
radioactive materials without the need for additional rulemaking. The 
DOE, in its Final Environmental Impact Statement (FEIS) for a geologic 
repository at Yucca Mountain, considered the possibility that 
radioactive waste types other than SNF and HLW, such as Greater-Than-
Class-C low-level radioactive waste (LLW) and Special-Performance-
Assessment-Required LLW might be disposed of in a geologic repository. 
See Final Environmental Impact Statement for a Geologic Repository for 
the Disposal of Spent Nuclear Fuel and High-Level Radioactive Waste at 
Yucca Mountain, Nye County, Nevada, February 2002, Vol. II, A-1, A-57-
A-64. Disposal of such non-HLW could require new legislation or a 
determination by the NRC that these wastes require permanent isolation. 
The NRC is not making such a determination in this rulemaking. However, 
the security and MC&A requirements being proposed for a GROA take 
account of the possibility that the geologic repository might be used 
for the disposal of radioactive materials which are not SNF or HLW.
    Following the terrorist attacks on September 11, 2001, the NRC 
conducted a thorough review of its security requirements to ensure that 
special nuclear material (SNM) at fixed sites and in transit continued 
to have effective security measures in place given the changing threat 
environment. Through a series of security orders issued to certain NRC 
licensees, the Commission specified changes to the Design Basis Threat 
(DBT) for power reactor and Category I Strategic SNM licensees, and 
implemented enhanced requirements for specific training, access 
authorization, defensive strategies, and security. Through generic 
communications, the Commission specified expectations about enhanced 
notifications to the NRC for certain security events or suspicious 
activities. These enhancements resulted in some licensees revising 
their physical security plans, security personnel training and 
qualification plans, and safeguards contingency plans to defend against 
the supplemental DBT requirements. These security orders specifically 
required certain licensees to: (1) Increase patrols; (2) augment the 
security force capabilities and security posts; (3) add and modify 
existing physical security barriers; (4) move vehicle check points to a 
greater standoff distance; (5) enhance coordination with local law 
enforcement agency (LLEA) and military authorities; (6) augment their 
security and emergency response training, equipment, and 
communications; and (7) strengthen off-site access controls, including 
additional background and screening checks of employees. The enhanced 
security measures have yet to be imposed on a GROA. This rulemaking is 
the mechanism the NRC is using to impose the new requirements on the 
DOE for operations at a GROA.
    This rulemaking to upgrade the requirements for physical protection 
of HLW and other radioactive materials at a GROA combines lessons 
learned, current/best practices, and requirements based on those 
contained in security orders issued to NRC licensees that address the 
post-September 11, 2001, threat environment. The security orders, as 
well as other ongoing security rulemakings, are used as the basis for 
upgrading the GROA security requirements. Specifically, the security 
requirements for power reactors are being used as the starting point 
for the security requirements for this proposed rule. The reactor 
requirements are used as the stating point because of the similarity in 
material, the material's attractiveness for malevolent use, and the 
potential consequences of its malevolent use. The security requirements 
should provide protection equivalent to a power reactor. The reactor 
requirements have been proposed in a rule entitled ``Power Reactor 
Security Requirements'' (71 FR 62664; October 26, 2006).
    Section 653 of the Energy Policy Act of 2005 (EPAct), signed into 
law on August 8, 2005, allows the NRC to authorize licensees to use, as 
part of their protective strategies, an expanded arsenal of weapons, 
including machine guns and semi-automatic assault weapons. Section 653 
requires that all security personnel with access to any weapons undergo 
a background check that includes fingerprinting and a check against the 
Federal Bureau of Investigation's (FBI) National Instant Criminal 
Background Check System (NICS) database. Under Section 161k. of the 
Atomic Energy Act (AEA), as amended, the DOE has authority for 
authorization of weapons. The NRC does not plan to use its authority 
under Section 653 of the EPAct. The DOE, under its own authority under 
Section 161k. of the AEA, may authorize the use of an expanded weapons 
arsenal and the use of force in accordance with the requirements of 10 
CFR part 1047.
    The goal of this rulemaking is to ensure that effective security 
measures are in place for the protection of HLW and other radioactive 
materials given the post-September 11, 2001, threat environment. New 
requirements for specific training enhancements, improved access 
authorization, and enhancements to defensive strategies would be 
incorporated. The proposed rule would establish general performance 
objectives and corresponding system capabilities for the GROA MC&A 
program, with a focus on strengthening, streamlining, and consolidating 
into 10 CFR Part 74 all MC&A regulations specific to a GROA. In 
addition, the proposed rule would

[[Page 72524]]

require the emergency plan to address radiological emergencies.

II. Discussion

A. What Action Is the NRC Taking?

    The NRC is proposing to amend its regulations primarily to 
establish new physical security and MC&A requirements for HLW and other 
radioactive materials at a GROA. The requirements specified in this 
rulemaking would establish the objectives and minimum performance 
standards that the DOE must meet to protect against each threat (theft 
or diversion and radiological sabotage) at a GROA, and the objectives 
and minimum capabilities for the MC&A program. The proposed rule is 
risk-informed and performance-based.

B. Whom Would This Action Affect?

    Only the DOE, as the potential operator of any repository, would be 
impacted by this proposed rule. The regulations in 10 CFR Part 63 are 
specific for the Yucca Mountain repository.

C. Why Do the Requirements Need To be Revised?

    The current regulations for MC&A and security for a GROA were 
developed under a different threat environment, and the threat 
environment has changed, as have the plans for surface operations at a 
GROA. The NRC now believes that a new regulatory approach for 
protecting a GROA is necessary. In addition, the DOE has not set forth 
a final concept of operations document for the GROA; therefore, the 
types and forms of material to be handled and disposed of at a GROA 
have not been finalized. The current security and MC&A requirements for 
a GROA are not adequate to protect the common defense and security or 
the public health and safety. The new security and MC&A requirements 
must be broad enough and sufficiently flexible to cover a range of 
possible activities without the need for additional rulemaking. This 
rulemaking to upgrade the requirements for physical protection of HLW 
and other radioactive materials at a GROA capitalizes on the lessons 
learned, current/best practices, and security orders issued to NRC 
licensees to address the post-September 11, 2001, threat environment. 
The security orders, as well as ongoing security rulemakings, have been 
used as the basis for upgrading the GROA security requirements. The 
proposed rule would also establish general performance objectives and 
corresponding system capabilities for the GROA MC&A program, with a 
particular focus on strengthening, streamlining, and consolidating into 
10 CFR part 74 all MC&A regulations specific to a GROA.

D. When Do the Security and MC&A Plans Need To Be Submitted?

    The DOE should include a description of the security and MC&A plans 
in its license application when it is submitted. The actual plans would 
be submitted no later than 180 days after the Commission grants the 
construction authorization for the GROA. A description of the security 
and MC&A plans is necessary at the time of the application to 
demonstrate that the DOE can adequately address and meet the NRC 
requirements for security and MC&A. Additionally, there may be some 
aspects that would be better integrated during construction. Submitting 
the plans after the Commission grants a construction authorization 
allows the DOE to take advantage of any new technology and concepts 
that may not be available at the time the construction application is 
submitted. The timing still allows some aspects, if appropriate, to be 
addressed during construction. The plans would not need to be 
implemented until the Commission grants a license to receive and 
possess source, special nuclear, or byproduct material at a GROA.

E. What Types of Material Would Be Covered by the New Security and MC&A 
Requirements?

    This rule would cover the security and MC&A aspects for the 
radioactive material at both surface and subsurface areas where waste 
handling activities are conducted. This radioactive material can 
include HLW in the form of irradiated reactor fuel and reprocessing 
wastes. Section 63.102(b)(4) provides that if the DOE proposes to use 
the GROA for storage of radioactive waste other than HLW, the storage 
of this radioactive waste is subject to the requirements of 10 CFR Part 
63. Irradiated reactor fuel contains SNM and fission byproducts. 
Depending on the enrichment and quantity, the SNM may be considered 
strategic special nuclear material, SNM of moderate strategic 
significance, or SNM of low strategic significance. The higher the 
enrichment of the SNM, the more attractive the material may be for 
malevolent purposes. While it is expected that the primary waste to be 
handled at a GROA is irradiated reactor fuel, it is possible that the 
DOE may propose the storage of other types of radioactive waste. 
Therefore, the Commission has attempted in this proposed rule to 
develop security and MC&A requirements that are broad enough to cover 
the spectrum of waste materials that could potentially be dispositioned 
at a GROA without the need for future rulemaking. The security 
requirements that would be established are, in part, based on the 
attractiveness of the waste material, shape, size, and the potential 
consequences if the waste were used for malevolent purposes. The MC&A 
requirements pertain to the SNM content of the waste.

F. What Are the Key Aspects of the Proposed MC&A Requirements?

    The proposed rule would establish general performance objectives 
and corresponding systems capabilities for the GROA MC&A program, with 
a particular focus on strengthening, streamlining, and consolidating in 
10 CFR Part 74 all MC&A regulations specific to a GROA. Proposed 
objectives for the GROA MC&A program would center on detecting and 
responding to a potential loss of SNM, including theft and diversion, 
commensurate with the strategic worth of the SNM. The DOE would be 
required to submit an MC&A plan describing how those objectives would 
be achieved through the implementation of specified system capabilities 
commensurate with safeguards risks.

G. What Kinds of Systems Capabilities Would Be Proposed for the MC&A 
Program?

    The DOE would be required to establish and maintain internal 
control, inventory, auditing, and recordkeeping capabilities. Internal 
controls would include comprehensive measures for management 
structuring, personnel qualification and training, validating receipts 
and any shipments, item control, collusion protection, measurements, 
and measurement control for resolving anomalies (as needed). This would 
include an overall detection and response program and a collusion 
program to thwart theft or diversion and would include incorporating 
checks and balances that are sufficient to detect falsification of data 
and reports that could conceal the theft or diversion of SNM.
    Item control of SNM and continuous assurance of its integrity from 
receipt to emplacement would be important. If necessary, additional 
item control and physical inventory measures may be required for 
recovery of waste packages or retrieval of waste packages from 
emplacement in Yucca Mountain to an alternate storage or an area for 
possible examination or external shipment.

[[Page 72525]]

H. Would Shipper-Receiver Comparisons With Independent Measurements Be 
Required for Receipts?

    No, the DOE would not be required to conduct independent 
measurements on receipts of HLW or SNM at a GROA. The DOE would be 
allowed to accept the originator-assigned values. However, the DOE 
would be required to routinely assure the validity of each originator's 
assigned SNM content values and the integrity of receipts (with 
validating physical checking of unique identity, intactness, and 
tamper-safing) accepted at a GROA. No routine nondestructive assay 
(NDA) measurements of receipts would be required. The DOE would be 
required to closely coordinate with originators to adequately 
understand the technical basis for assigning SNM content and procedures 
to be followed for packaging and assuring item identification and 
integrity, (e.g., with reactor fuel burnup calculations, unique serial 
numbers, and the tamper-safing of canisters and shipment overpacts). 
Tamper-safing refers to the use of devices on containers in a manner 
that ensures a clear indication if the device has been removed to allow 
opening of the container.
    For shipments of commercial SNF to the proposed Yucca Mountain 
repository, the DOE is currently expected to be the shipper as the DOE 
is expected to take possession of the material at the nuclear reactor. 
However, for the purposes of reporting to the Nuclear Material 
Management Safeguards System (NMMSS), power reactor utilities would be 
expected to complete and file the DOE/NRC Form-741 for transferring the 
SNM to the GROA using their respective NRC Reporting Identification 
Symbol (RIS). As a result, following the instructions in NUREG/BR-0007 
and NMMSS Report D-24, the transfer for MC&A technical purposes would 
be made between two NRC RISs--from a power reactor utility RIS to that 
assigned to the GROA for receiving and possessing SNM under license. 
This is not a new requirement as licensees are currently required to 
report transfers of SNM. In their reference to shippers, the MC&A 
regulations at Sec.  74.15 are addressing the licensed utilities who 
are originating and reporting the transfers with SNM content values 
technically assigned by the utility. Any required tamper-safing of 
shipments to assure their integrity (e.g., the welding of canisters or 
the affixing of tamper-indicating devices on shipping overpacts) would 
also be done by such originating shippers from a shipper-receiver 
validation/comparison.

I. What Measurements Would Be Necessary Under the GROA MC&A Program?

    As warranted, independent confirmatory weight and NDA measurements 
of HLW and SNM would be required for off-normal circumstances (e.g., in 
resolving certain types of anomalies that may arise and trigger 
investigations and special reporting of safeguards events). The state-
of-the-art for NDA and other practical limitations shall be considered 
for such nonroutine measurements (e.g., at a wet transfer facility 
where bare spent fuel assemblies may be handled). At this point, no 
routine onsite measurements are foreseen as necessary to further 
validate/accept SNM content values assigned to receipts by the 
originators.

J. What Would an MC&A Detection and Response Program Involve?

    The focus would be on rapidly detecting and responding to 
indications of SNM loss, including possible theft or diversion. This 
includes triggering investigations and resolving action on anomalies, 
as well as a way to thwart any attempts to covertly steal or divert SNM 
by insiders acting individually or in collusion. The design of measures 
to counter such a potential internal threat is to include a diversion 
path analysis or risk analysis of postulated scenarios considering 
conceivable ways and means potential insiders might try to steal or 
divert SNM at a GROA.
    As background, the general diversion path analysis method that has 
been used by the NRC is described in the open literature (R. Hawkins, 
S. Baloga, N. Zack, W. Stanbro, and J. Markin, ``Diversion Path 
Analysis--A New Approach,'' INMM Proceedings XXI, 763-769, 1992). This 
technical paper expanded on diversion path analysis methods originally 
developed by the U.S. Bureau of Standards and published by the U.S. 
Energy Research and Development Administration (ERDA) (M. Maltese, K. 
Goodwin, and J. Scheter, ``Diversion Path Analysis Handbook,'' ERDA, 
October 1976). In addition, diversion path analysis methods have been 
extensively applied by the International Atomic Energy Agency (IAEA) 
for designing and implementing its safeguards strategy under the Treaty 
on the Non-Proliferation of Nuclear Weapons. Regarding the generic 
safeguarding of geologic repositories, the IAEA has published a 
comprehensive, multi-volume document (``Safeguards for the Final 
Disposal of Spent Fuel in Geologic Repositories,'' STR-312, IAEA, 
Department of Safeguards, September 1998), which identifies and 
analyzes, in considerable detail, resulting diversion paths for a 
hypothetical facility.

K. What Additional Requirements Would Be Imposed if the DOE Possesses 
Formula Quantities of Strategic SNM That Is in a Form Other Than as 
Irradiated Nuclear Reactor Fuel?

    Additional requirements would be included for specified system 
capabilities for strategic SNM. These requirements include additional 
measures for item monitoring and more rigorous access control, quality 
assurance, and alarm resolution in concert with any enhanced physical 
protection to be provided under 10 CFR Part 73.

L. What Special MC&A-Related Needs Exist?

    There is a need to consider risk-informed, performance-based 
alternatives for resolving anomalies, particularly onsite NDA 
measurements by the DOE in cases where item identity and integrity may 
have been compromised. Another need is the extent of item control and 
physical inventorying that would be necessary for SNM (in HLW and other 
radioactive waste) in underground drifts and at aging pads, especially 
from a containment, surveillance, and access control perspective, and a 
worker perspective that involves reducing radiation exposure to 
personnel to as low as is reasonably achievable, as well as other 
impact aspects. The MC&A plan also needs to address SNM control and 
accounting functional aspects of retrievability and alternate storage 
capabilities that are required by Sec. Sec.  60.21(c)(12) and 
63.21(c)(7).

M. What Is the Objective of the Proposed Physical Security 
Requirements?

    The objective of the proposed physical security requirements is to 
provide high assurance that activities at a GROA are not inimical to 
the common defense and security, and do not constitute an unreasonable 
risk to the public health and safety. In order to provide a high 
assurance of protection, the NRC's philosophy is to use a defense-in-
depth strategy towards the protection of HLW. Defense-in-depth relies 
on a holistic approach towards the protection of these materials and 
other radioactive materials, which includes using people, processes, 
equipment, and facilities to protect HLW and other radioactive 
materials from theft or diversion or radiological sabotage for 
malevolent purposes. The GROA physical security requirements would

[[Page 72526]]

be determined using a graded approach related to the projected risk 
from radiological sabotage, theft, or diversion of HLW and other 
radioactive materials.

N. What Threat Would a GROA Be Required To Defend Against?

    The design basis threat defined in Sec.  73.1(a) would apply to a 
GROA in the specific circumstances where a radiological sabotage or 
theft and diversion event may involve formula quantities of SNM. Under 
the proposed rule, the threat to a GROA is largely defined by specific 
security scenarios which represent the greatest threats against which 
GROA security forces must be able to defend against, with a high 
assurance of success. A GROA would have graded security measures based 
on the material, waste form, and operations within a particular 
facility at a GROA. Therefore, depending on the material content, 
quantity, and consequence from a radiological sabotage event, as well 
as the theft or diversion of certain material, the security measures 
may rely on the design basis threat defined in Sec.  73.1(a) or may 
rely on other Commission requirements. The NRC specifically invites 
comment on the physical protection protocol for a GROA. We are 
interested in information concerning: Do we need a specific physical 
protection protocol for a GROA or should we apply the existing DBT and 
increased controls as appropriate.

O. Why Do the Security Requirements Differ for Various Aspects of a 
GROA?

    The consequences of radiological and theft or diversion security 
events are highly dependent on the characteristics and packaging of the 
HLW and other radioactive materials and their location within a GROA. 
The activities and operations at a GROA aid in defining the physical 
security requirements and protective strategies that would be 
implemented. At this time, the GROA concept of operations has not been 
fully defined by the DOE; therefore, the NRC is establishing physical 
security requirements that would be dependent upon the consequences of 
a potential radiological event and the theft or diversion of certain 
material. These physical security requirements would be based on five 
proposed protection levels. The highest protection level would be for 
waste containing strategic SNM with the protection system designed to 
protect the material against the design basis threat for both theft or 
diversion and radiological sabotage. The next protection level would be 
for radioactive material that could result in a significant 
radiological sabotage event releasing radioactive materials in 
sufficient quantity such that any individual located at the lesser of 
the controlled area boundary or 400 meters from the source could 
receive a total effective dose equivalent equal to or greater than 0.25 
Sv (25 rem). For these materials, the protection system must be 
designed to protect against the design basis threat for radiological 
sabotage. The third protection level would be for radioactive material 
that could result in a moderate radiological sabotage event releasing 
radioactive materials in sufficient quantity such that any individual 
located at the lesser of the controlled area boundary or 400 meters 
from the source could receive a total effective dose equivalent equal 
to or greater than 0.05 Sv (5 rem) but less than 0.25 Sv (25 rem). For 
these materials, the protection system must be designed to protect the 
material against radiological sabotage. The fourth protection level 
would be for all other radioactive material containing SNM. The 
physical protection system would be designed to protect the material 
against security-related events specified for theft and diversion. The 
lowest protection level would be for other solidified radioactive 
material and material that would meet the criteria in appendix P to 10 
CFR part 110 (Categories 1 and 2 radioactive materials). The protective 
strategy for these materials would be equivalent to the increased 
controls (i.e., prevent or impede removal, locate and prompt recovery, 
and mitigation of any potential consequence).

P. Would Access Authorization Requirements Apply to a GROA and What 
Would They Cover?

    Yes, access authorization requirements would apply to a GROA. The 
facilities that possess large radiation sources, such as irradiated 
nuclear reactor fuels (e.g., SNF), are attractive targets for those who 
seek to commit radiological malevolent acts. Insiders who have 
unescorted access to facilities that possess such radiation sources, 
including a GROA, could pose a threat to the public health and safety 
or the common defense and security because they may have the ability to 
commit radiological malevolent acts. Therefore, imposing access 
authorization requirements is a prudent security measure to ensure that 
individuals who are granted unescorted access to the protected area of 
a GROA: (1) Are trustworthy and reliable; (2) do not impose an 
unreasonable risk to the health and safety of the public or the common 
defense and security (as a result of increasing the likelihood of an 
insider threat); and (3) do not pose a potential threat to commit 
radiological malevolent acts or theft or diversion of HLW. Fingerprints 
are required of any individual granted unescorted access to the 
protected area of a GROA.

Q. Would Criminal History Checks Apply to a GROA?

    Section 652 of the EPAct amended Section 149 of the AEA to require 
fingerprinting and a Federal Bureau of Investigation identification and 
criminal history records check of any person who is permitted 
unescorted access to radioactive materials subject to regulation by the 
Commission, and which the Commission determines to be of such 
significance to the public health and safety or the common defense and 
security as to warrant fingerprinting and background checks. The 
Commission has determined that the radioactive material at a GROA is of 
such significance and is proposing to implement the requirement for 
fingerprinting and a FBI identification and criminal history records 
check of any person who is permitted unescorted access to radioactive 
materials at a GROA. Background investigations, which include criminal 
history checks, represent a key element of the access authorization 
program ensuring that individuals who have unescorted access to a GROA 
are trustworthy and reliable. To accomplish this task, requirements 
were developed that focused on accumulating data on an individual's 
past that would produce an overall perspective of the individual's 
character and allow the licensee to make a determination of 
trustworthiness and reliability.

R. What Are the Key Aspects of the Security Requirements?

    The key aspects of the security requirements for a GROA are similar 
to the security requirements for similar types of NRC-licensed material 
and facilities. The proposed regulations would require an integrated 
security plan that would implement defense-in-depth concepts and 
protective strategies based on protecting target sets from various 
threat scenarios. The requirements are performance based and include an 
access authorization program and a physical protection system to 
detect, delay, and respond to postulated threat scenarios in such a way 
that prevents or mitigates undesirable consequences of malevolent 
actions. The postulated threat scenarios include the theft or diversion 
of SNM and HLW as well as radiological sabotage. The access 
authorization program requirements include measures

[[Page 72527]]

necessary to assure that personnel having critical safety or security 
functions or having access to certain nuclear materials remain 
trustworthy and reliable. The physical protection system requirements 
for detection measures include intrusion sensing, alarm communication, 
alarm assessment, and entry or access controls. Detection would be 
provided through the use of detection equipment, patrols, access 
controls, and other program elements required by this proposed rule. It 
also would provide notification to the licensee that a potential threat 
is present and where the threat is located. Alarm assessment is the 
mechanism through which the licensee obtains the information necessary 
to identify the nature of the threat detected and to determine how to 
respond. There are access control requirements for personnel, vehicles, 
and hazardous materials. The requirements for delay measures include 
barriers to delay adversarial actions to allow a timely response by 
security personnel. The requirements for responding to malevolent 
events allow the DOE to develop effective response strategies to 
challenge intruders so they cannot accomplish actions that are 
necessary to achieving undesirable consequences. In some instances, the 
strategy may include neutralizing adversaries to deny access to the 
nuclear material. The proposed rule uses a risk-informed approach for 
response requirements that permits protective strategies to be tailored 
to the type of material being protected, operations that involve 
handling this material and the potential consequences of postulated 
threat scenarios.
    Security personnel who are responsible for the protection of the 
radioactive waste would be required to meet minimum requirements and 
performance criteria. The DOE would have to meet general criteria 
requirements for selection, training, equipping, testing, 
qualification, and contingency plans of security forces involved in 
GROA operations. These requirements would include hiring personnel who 
function as drill and exercise controllers to ensure that security 
forces are trained and qualified to execute their assigned duties. 
Drills and exercises are key elements to assuring the preparedness of 
the security force and must be conducted in a manner that demonstrates 
the DOE's ability to execute the protective strategy as described in 
the site security plans. As for contingency plans, the information 
required in the safeguards contingency plans includes responses to 
threats, up to and including design basis threats, as described in 
Sec.  73.1(a). The DOE would be required to submit for NRC approval a 
plan detailing how the prescribed criteria are going to be met.

S. What Is a Target Set as it Applies to a GROA?

    As it applies to a GROA, target set means the combination of 
equipment or operator actions which, if all are prevented from 
performing their intended safety function or prevented from being 
accomplished, would likely result in significant operational disruption 
or radiological contamination barring extraordinary action by site 
operators. For a GROA, a target set means the quantities and form of 
HLW and other radioactive material and the protective and mitigative 
measures to protect against potential large scale releases of fission 
products from malevolent actions. For example, a target set with 
respect to spent fuel sabotage at a GROA could be draining the spent 
fuel pool leaving the spent fuel uncovered for a period of time, 
allowing spent fuel to heat up, and the associated potential for 
release of fission products. Due to the sensitivity of this 
information, specific target sets to the GROA will not be available in 
a public document.

T. What Weapons Authorization Would Be Necessary for the GROA 
Operations?

    There are two ways weapons may be authorized for use at a GROA. 
First, section 161A of the AEA allows the NRC to authorize licensees to 
use, as part of their protective strategies, an expanded arsenal of 
weapons, including machine guns. Section 161A was added to the AEA 
under the EPAct. Secondly, under section 161k. of the AEA, the DOE has 
separate authority for authorization of weapons on any of its sites. 
The DOE, under its own authority under section 161k. of the AEA, may 
authorize the use of an expanded weapons arsenal, limited arrest 
authority, and the use of force in accordance with the DOE's current 
regulations under 10 CFR part 1047. The NRC does not plan to use its 
authority under Section 161A of the AEA.

U. Would DOE Be Required To Conduct Force-on-Force Exercises for the 
GROA Facility?

    Yes, some type of force-on-force exercises are necessary to test 
the effectiveness of the DOE's protective strategies for the high-
consequence target sets. The requirement for annual force-on-force 
exercises only applies to formula quantities of strategic SNM and 
significant radiological sabotage consequence target sets.

V. How Would the Security Plans Handle Construction at a GROA After 
Receipt of HLW Begins?

    A license to receive and possess source, special nuclear, or 
byproduct material at a GROA may only be issued by the Commission on a 
finding that construction of the GROA has been substantially completed. 
Construction may be considered substantially complete if the 
construction of surface and interconnecting structures, systems, and 
components and any underground storage space required for initial 
operation are substantially complete. Some construction activities 
could continue once receipt of material begins.
    The NRC's security requirements are designed to protect all 
material at a GROA. Handling, storage, and emplacement operations for 
HLW and other radioactive materials shall be conducted inside a 
protected area. The NRC's security requirements are flexible enough to 
allow the DOE to establish a protected area that could separate 
remaining construction activities from operations involving HLW and 
other radioactive material. Any construction activity occurring within 
the protected area would be subject to the NRC's security requirements. 
Any construction activities outside the protected area, but within the 
DOE controlled area, would be subject to some NRC security controls and 
DOE security orders. The protected area and security plans would be 
expanded to include new facilities or areas before radioactive material 
could be received in that new facility or area.

W. Does This Rulemaking Cover Transportation of High-Level Radioactive 
Waste to a GROA?

    No, the NRC's regulatory authority is limited to the operations at 
a GROA. As an independent Federal Agency, the DOE must comply with its 
own internal requirements (DOE orders) and Departments of 
Transportation and Homeland Security regulations when transporting HLW 
and other radioactive materials to a GROA. However, the DOE must use 
shipping containers certified by the NRC under the regulations in 10 
CFR part 71. Part 71 is not being revised by this proposed rule.

X. Would the Security and MC&A Plans Cover Postclosure?

    No, these plans would not cover the postclosure period. Once the 
NRC license is terminated, the NRC would no longer have regulatory 
authority. However, the DOE plans for continued

[[Page 72528]]

oversight of the Yucca Mountain site after permanent closure.

Y. What Safeguards Reporting Requirements Would Be Proposed for a GROA?

    Prompt notification to the NRC of a security event involving an 
actual or imminent threat would permit the NRC to contact other Federal 
authorities and other licensees, as appropriate. The Commission would 
expect the DOE to notify the NRC Operations Center as soon as possible 
after they notify local law enforcement agencies, but within 15 
minutes. A written 60-day report would also be required for these 
notifications. This new reporting requirement would require the DOE to 
promptly notify the NRC of any event involving an actual or imminent 
threat at the GROA.
    Four-hour notification would be proposed for suspicious activities, 
attempts at access, etc., that may indicate pre-operational 
surveillance, reconnaissance, or intelligence gathering activities 
targeted against the GROA. This would assist the intelligence and 
homeland security communities in evaluating threats across critical 
infrastructure sectors.
    The current provision for one-hour notifications for certain 
safeguards events (e.g., theft or unlawful diversion of SNM, 
significant physical damage to the facility, entry of an unauthorized 
person into protected areas) would be retained, with some modifications 
to include attempted actions and to broaden the scope of the language 
used for specific areas. The provision for events to be recorded in the 
safeguards log would also be retained.

Z. Does the NRC Plan To Issue Guidance Documents?

    Yes, the NRC intends to issue guidance documents. The NRC intends 
to issue a GROA-specific regulatory guidance document. This document 
would address adversary characteristics for the design basis threats 
and describe details of the GROA security-related threats. Other 
guidance documents are under consideration. The publication of the 
guidance documents is planned after the publication of the final rule. 
Because the guidance documents may contain Safeguards Information and/
or classified information, these documents would only be available to 
those with a need-to-know, and who are qualified to have access to 
Safeguards Information and/or classified information, as applicable. 
However, the NRC has determined that access to these guidance documents 
is not necessary for the public or other stakeholders to provide 
informed comment on this proposed rule.

AA. Would the GROA Facilities Be Subject to IAEA Safeguards?

    The U.S. Government has not yet made a determination as to whether 
a GROA can be subject to IAEA safeguards.

BB. What Changes Would Be Made to the Emergency Plan Requirements?

    The emergency plan requirements would be changed to reflect the 
need to respond to radiological emergencies instead of radiological 
accidents. The term radiological emergencies is more inclusive of the 
types of situations that the emergency plan may need to address. In 
addition, Sec.  63.21(c)(21) requires a description of the plan for 
responding to, and recovering from, radiological emergencies; the 
proposed change is consistent with this language.

CC. What Should I Consider as I Prepare My Comments to NRC?

    Tips for preparing your comments--when submitting your comments, 
remember to:
    i. Identify the rulemaking (RIN 3150-AI06).
    ii. Explain why you agree or disagree; suggest alternatives and 
substitute language for your requested changes.
    iii. Describe any assumptions and provide any technical information 
and/or data that you used.
    iv. If you estimate potential costs or burdens, explain how you 
arrived at your estimate in sufficient detail to allow for it to be 
reproduced.
    v. Provide specific examples to illustrate your concerns, and 
suggest alternatives.
    vi. Explain your views as clearly as possible.
    vii. Make sure to submit your comments by the comment period 
deadline identified.
    viii. See item N of the Discussion portion of this notice for NRC's 
specific request for comments on the need for a specific physical 
protection protocol for a GROA. See Section VI of the preamble for the 
request for comments on the use of plain language and Section XI for 
the request for comments on the draft regulatory analysis.

III. Discussion of Proposed Amendments by Section

Section 60.21 Content of Application

    Paragraph (b)(3) would be revised to change the reference for the 
security requirements from Sec.  73.51 to the new requirements in Sec.  
73.53 and to require a description instead of plans. Paragraph (b)(4) 
would be revised to change the reference for the MC&A requirements from 
Sec.  60.78 to the new requirements in 10 CFR Part 74. The actual plans 
would be submitted after the construction authorization was issued. The 
security and MC&A plans would not be implemented until SNM is received 
at the GROA.

Section 60.24 Updating of Application and Environmental Impact 
Statement

    Paragraph (d) would be added to require the DOE to submit the 
actual security plans and MC&A plan for NRC approval no later than 180 
days after the Commission issues the construction authorization. Under 
the current regulations, the DOE was not required to submit the actual 
MC&A plan for NRC approval. This requirement corrects that oversight.

Section 60.78 Criticality Reporting

    This section would be renamed to reflect the criticality reporting 
that remains after the MC&A requirements are relocated to 10 CFR part 
74. Currently, the criticality reporting requirement is captured by the 
reference to Sec.  72.74. The section would be revised to include the 
criticality reporting requirement instead of a reference to another 
section. The actual requirements would not change.

Section 63.21 Content of Application

    Paragraph (b)(3) would be revised to change the reference for the 
security requirements from Sec.  73.51 to the new requirements in Sec.  
73.53 and would clarify that only a description of the program need be 
submitted with the construction application. Paragraph (b)(4) would be 
revised to change the reference for the MC&A requirements from Sec.  
63.78 to the new requirements in 10 CFR part 74. The actual security 
and MC&A plans would be submitted after the construction authorization 
was issued. The security and MC&A plans would not be implemented until 
SNM is received at the GROA.

Section 63.24 Updating of Application and Environmental Impact 
Statement

    Paragraph (d) would be added to require the DOE to submit the 
actual security plans and MC&A plan for NRC approval no later than 180 
days after the Commission issues the construction authorization. Under 
the current regulations, the DOE was not required to submit the actual 
plans for NRC approval. This requirement corrects that oversight.

Section 63.78 Criticality Reporting

    This section would be renamed to reflect the criticality reporting 
that remains after the MC&A requirements are relocated to 10 CFR part 
74.

[[Page 72529]]

Currently, the criticality reporting requirement is captured by the 
reference to Sec.  72.74. The section would be revised to include the 
criticality reporting requirement instead of a reference to another 
section. The actual requirements would not change.

Section 63.161 Emergency Plan for the Geologic Repository Operations 
Area Through Permanent Closure

    This section would be revised to refer to radiological emergencies 
instead of radiological accidents. The term radiological emergencies is 
more inclusive of the types of situations that the emergency plan may 
need to address. In addition, Sec.  63.21(c)(21) requires a description 
of the plan for responding to, and recovering from, radiological 
emergencies; the proposed change is consistent with that language. The 
reference to develop and implement a plan to ``cope with radiological 
accidents'' is changed to a plan to ``provide reasonable assurance that 
adequate protective measures can and would be taken in the event of a 
radiological emergency.''

Section 73.2 Definitions

    This section would be revised to incorporate the definition for 
high-level radioactive waste in 10 CFR part 63 and to add a definition 
for target set for application to a GROA.

Section 73.50 Requirements for Physical Protection of Licensed 
Activities

    This section would be revised to include a reference to Sec.  73.53 
to retain the exemption for a GROA from the security requirements 
listed in the section. Requirements for a GROA are specified in 
proposed Sec.  73.53.

Section 73.51 Requirements for Physical Protection of Stored Spent 
Nuclear Fuel and High-Level Radioactive Waste

    This section would be revised to remove references to a GROA. The 
security requirements for an ISFSI and a monitored retrievable storage 
installation would remain unchanged. The requirements for a GROA would 
be contained in new section 73.53.

Section 73.53 Requirements for Physical Protection at a Geologic 
Repository Operations Area

    The proposed rule would create a new section for the GROA physical 
protection requirements. The existing requirements for GROA security 
are contained in Sec.  73.51(b), (c), and (d). The requirements have 
been expanded and strengthened to reflect the post-September 11, 2001, 
threat environment and placed in this new section.
    Paragraph (a) would establish that the physical protection 
requirements in this section apply to The DOE for the operation of a 
GROA.
    Paragraph (b)(1) would require The DOE to submit a Physical 
Security Plan, Training and Qualification Plan, and Safeguards 
Contingency Plan that describe how the requirements of the section 
would be met. The plans would be submitted no later than 180 days after 
the NRC issues a construction authorization for a GROA. Paragraph 
(b)(1) would also establish the implementation timeframe. Paragraph 
(b)(2) would exempt the DOE from the security requirements after 
permanent closure of a GROA. This provision is currently located at 
Sec.  73.51(e).
    Paragraph (c) would establish the performance objectives. Paragraph 
(c)(1) would establish the general performance objective to provide 
high assurance that activities involving radioactive waste are not 
inimical to the common defense and security and do not constitute an 
unreasonable risk to the public health and safety. The current general 
objective does not address common defense and security. Paragraphs 
(c)(2) and (c)(3) would establish objectives based on the type and form 
of material and the consequences of a postulated radiological sabotage 
event. The more risk-significant the material, the higher the level of 
protection required.
    Paragraph (d) would establish general requirements for the physical 
security program. The DOE would be required to design and implement a 
program to satisfy the performance requirements and to ensure that no 
single act can disable the personnel, equipment, or systems necessary 
to prevent the theft of strategic SNM and significant radiological 
sabotage. The DOE would also be required to establish and maintain a 
written performance evaluation program, an access authorization 
program, an insider mitigation program, and a corrective action 
program.
    Paragraph (e) would require the DOE to develop security plans that 
describe how the physical protection program would prevent the theft or 
diversion and radiological sabotage of SNM and byproduct material and 
to protect safeguards information against unauthorized disclosure. The 
DOE would be required to establish, implement, and maintain written 
procedures and to have a process for the DOE's approval of implementing 
procedures. The DOE would be allowed to make changes to the security 
plans without NRC approval as long as the changes do not decrease the 
plan's effectiveness. The DOE would be required to establish, maintain, 
and follow a Commission-approved training and qualification plan and a 
safeguards contingency plan and to establish, implement, and maintain a 
Commission-approved physical security plan.
    Paragraph (f) would require the DOE to establish and maintain a 
security organization designed, staffed, trained, and equipped to 
provide early detection, assessment, and response to unauthorized 
activities within any area of the facility. The Commission expectation 
would be that the management system oversee all aspects of the onsite 
physical protection program to ensure the effective implementation of 
Commission requirements through the approved security plans and 
implementing procedures. The DOE would also be required to ensure that 
any written agreement with any contractor used to implement the onsite 
physical protection program was retained as a record for the duration 
of the contract and that the contract clearly state several conditions 
related to training, access authorization, and document availability. 
Provisions regarding the security organization are currently addressed 
at Sec.  73.51(d)(5). The proposed requirements would strengthen and 
expand on the current requirements.
    Paragraph (g) would provide a performance-based requirement for 
determining the use and placement of physical barriers for the 
protection of personnel, equipment, and systems, the failure of which 
could directly or indirectly endanger public health and safety. The DOE 
would be required to establish and maintain physical barriers in the 
controlled area, as necessary, to deter, delay, or prevent unauthorized 
access; facilitate the early detection of unauthorized activities; and 
control approach routes to the facility. Paragraph (g) would establish 
requirements related to physical barriers (paragraph (g)(3)), isolation 
zones (paragraph (g)(4)), protected areas (paragraph (g)(5)), vital 
areas (paragraph (g)(6)), vehicle barrier systems (paragraph (g)(7)), 
and unattended openings (paragraph (g)(8)). Current provisions 
addressing physical barriers are located at Sec.  73.51(d)(1). The 
proposed requirements would strengthen and expand on the current 
requirements.
    Paragraph (h) would require the DOE to develop and identify target 
sets and document the analyses and methodologies used to determine and 
group the target set equipment or

[[Page 72530]]

elements. The DOE would also be required to implement a program for the 
oversight of certain facility equipment and systems documented as part 
of the DOE protective strategy.
    Paragraph (i) would require the DOE to establish an access control 
program for personnel, vehicles, and material. The paragraph would 
establish the features required for the access control program, 
including access control points, emergency conditions, vehicles, access 
control devices, visitors, and escorts. Current provisions addressing 
access control are found at Sec.  73.51(b)(2), 73.51(d)(7), and 
73.51(d)(9). The proposed requirements would strengthen and expand on 
the current requirements.
    Paragraph (j) would establish the requirements for search programs 
for individuals, packages, and vehicles. This paragraph would expand 
and strengthen the current requirements located in Sec.  73.51(d)(9).
    Paragraph (k) would establish the requirements for the detection 
and assessment systems. The DOE would be required to establish and 
maintain an intrusion detection and assessment system that must provide 
the capability for early detection and assessment of unauthorized 
persons and activities. This proposed requirement would not mandate 
specific intrusion detection equipment for any specific area, but 
rather would require that the system provide detection and assessment 
capabilities that meet Commission requirements. The current 
requirements addressing detection and assessment systems are located at 
Sec.  73.51(b)(2), 73.51(d)(2), 73.51(d)(3), 73.51(d)(4), and 
73.51(d)(11). The proposed requirements would strengthen and expand on 
the current requirements.
    Paragraph (l) would require the DOE to establish and maintain 
continuous communication capability with onsite and offsite resources 
to ensure effective command and control during both normal and 
emergency situations. The chosen communication method would be 
available and operating any time it would be needed to communicate 
information. The proposed requirements would strengthen and expand on 
the current requirements located at Sec.  73.51(b)(2), 73.51(d)(6), and 
73.51(d)(8).
    Paragraph (m) would establish the response requirements for 
personnel and equipment and armed responders. The DOE would be required 
to establish and maintain the minimum number of properly trained and 
equipped personnel required to intercept, challenge, delay and/or 
neutralize any security related events.
    Paragraph (n) would require the DOE to implement a cyber-security 
program that provides high assurance that computer systems, which if 
compromised could adversely impact safety, security, and emergency 
preparedness, are protected from cyber attacks.
    Paragraph (o) would establish the requirements for security program 
reviews and audits. The DOE would be required to review the physical 
protection program at intervals not to exceed 12 months or as necessary 
based upon assessments or other performance indicators with each 
element being reviewed at least every 24 months. The DOE would also be 
required to conduct quarterly drills and annual exercises in accordance 
with Section III of Appendix C of 10 CFR part 73 and the DOE 
performance evaluation program. The proposed requirements expand on the 
current requirement for a physical protection program review every 24 
months that is in Sec.  73.51(d)(12).
    Paragraph (p) would require the DOE to implement a maintenance, 
testing and calibration program to ensure that security programs and 
equipment are tested for operability and performance at predetermined 
intervals, are maintained in operable condition, and are capable of 
performing their intended function when needed.
    Paragraph (q) would require the DOE to identify measures and 
criteria needed to compensate for the loss or reduced performance of 
personnel, equipment systems, and components that are required to meet 
the requirements.
    Paragraph (r) would authorize the DOE to suspend implementation of 
affected requirements of Sec.  73.53 in an emergency when action is 
immediately needed to protect the public health and safety and during 
severe weather when the suspension is needed to protect personnel from 
a life threatening situation. In both cases, a designated senior site 
manager would need to approve the suspension before taking the action.
    Paragraph (s) would require the DOE to maintain all records 
required to be kept until the Commission terminates the license and to 
maintain superseded portions of these records for at least 3 years 
after the record is superseded.
    Paragraph (t) would require the DOE to develop and implement a 
process to inform and coordinate safety and security activities to 
ensure that these requirements do not adversely affect the capabilities 
of the security organization to satisfy the security requirements or 
overall GROA safety.
    Paragraph (u) would provide a mechanism for the DOE to receive 
approval for use of alternative measures to those required by Sec.  
73.53. Current provisions for alternative measures are covered by Sec.  
73.51(d).
    Paragraph (v) would contain additional performance capabilities 
that must be met if the DOE were to possess formula quantities of 
strategic SNM, unless otherwise approved by the Commission. These 
additional measures include requirements on the security organization; 
physical barrier subsystem; access control subsystem and procedures; 
search programs; detection, surveillance, and alarm subsystems and 
procedures; and response requirements.

Section 73.56a Personnel Access Authorization Requirements for a 
Geologic Repository Operations Area

    This section would be added to address the requirements for the 
personnel access authorization program for a GROA. The current 
regulations require the DOE to grant access to the protected area only 
to individuals who are authorized to enter the protected area; however, 
there are no specific requirements for the access authorization 
program. The proposed program addresses the integration of the access 
authorization requirements and security program requirements. The 
proposed performance objective is to provide high assurance that 
individuals granted unescorted access are trustworthy and reliable, 
such that they do not constitute an unreasonable risk to public health 
and safety or the common defense and security, includin