Facility Security Clearance and Safeguarding of National Security Information and Restricted Data, 48037-48042 [2013-18947]
Download as PDF
Federal Register / Vol. 78, No. 152 / Wednesday, August 7, 2013 / Rules and Regulations
SBREFA) and FSA is not required to
delay the effective date for 60 days from
the date of publication to allow for
Congressional review. Accordingly, this
rule is effective on the date of
publication in the Federal Register.
Federal Assistance Programs
The title and number of the Federal
Domestic Assistance Program in the
Catalog of Federal Domestic Assistance
to which this rule applies is the
Conservation Reserve Program—10.069.
Paperwork Reduction Act
E-Government Act Compliance
CCC is committed to complying with
the E-Government Act, to promote the
use of the Internet and other
information technologies to provide
increased opportunities for citizen
access to Government Information and
services, and for other purposes.
List of Subjects in 7 CFR Part 1410
Administrative practice and
procedure, Agriculture, Environmental
protection, Grant programs—
Agriculture, Natural resources,
Reporting and recordkeeping
requirements, Soil conservation,
Technical assistance, Water resources,
Wildlife.
For the reasons explained above, CCC
amends 7 CFR part 1410 as follows:
PART 1410—CONSERVATION
RESERVE PROGRAM
1. The authority citation for 7 CFR
part 1410 continues to read as follows:
■
Authority: 15 U.S.C. 714b and 714c; 16
U.S.C. 3801–3847.
[Amended]
2. Amend § 1410.6, paragraph (c)(2),
by removing the words ‘‘and (3)’’.
emcdonald on DSK67QTVN1PROD with RULES
■
Signed on July 29, 2013.
Juan M. Garcia,
Executive Vice President, Commodity Credit
Corporation.
[FR Doc. 2013–19017 Filed 8–6–13; 8:45 am]
BILLING CODE 3410–05–P
VerDate Mar<15>2010
15:58 Aug 06, 2013
10 CFR Part 95
[NRC–2011–0268]
RIN 3150–AJ07
Facility Security Clearance and
Safeguarding of National Security
Information and Restricted Data
Nuclear Regulatory
Commission.
ACTION: Direct final rule.
AGENCY:
The U.S. Nuclear Regulatory
Commission (NRC) is updating its
regulations to standardize the frequency
of required security education training
for employees of NRC licensees
possessing security clearances so that
such training will be conducted
annually consistent with the objectives
of Executive Order 13526, Classified
National Security Information. The rule
allows licensees flexibility in
determining the means and methods for
providing this training. This action
establishes uniformity in the frequency
of licensee security education and
training programs and enhances the
protection of classified information.
DATES: This rule is effective October 21,
2013 unless significant adverse
comments are received by September 6,
2013.
ADDRESSES: Please refer to Docket ID
NRC–2011–0268 when contacting the
NRC about the availability of
information for this direct final rule.
You may access information and
comment submittals related to this
direct final rule, which the NRC
possesses and is publicly available, by
any of the following methods:
• Federal Rulemaking Web site: Go to
https://www.regulations.gov and search
for Docket ID NRC–2011–0268. Address
questions about NRC dockets to Carol
Gallagher; telephone: 301–287–3422;
email: Carol.Gallagher@nrc.gov. For
technical questions, please contact the
individual listed in the FOR FURTHER
INFORMATION CONTACT section of this
proposed rule.
• NRC’s Agencywide Documents
Access and Management System
(ADAMS): You may access publicly
available documents online in the NRC
Library at https://www.nrc.gov/readingrm/adams.html. To begin the search,
select ‘‘ADAMS Public Documents’’ and
then select ‘‘Begin Web-based ADAMS
Search.’’ For problems with ADAMS,
please contact the NRC’s Public
Document Room (PDR) reference staff at
1–800–397–4209, 301–415–4737, or by
email to pdr.resource@nrc.gov. The
SUMMARY:
The regulations in this rule are
exempt from the requirements of the
Paperwork Reduction Act (44 U.S.C.
Chapter 35), as specified in section 2904
of the 2008 Farm Bill, which provides
that these regulations be promulgated
and the programs in Title II of the 2008
Farm Bill be administered without
regard to the Paperwork Reduction Act.
§ 1410.6
NUCLEAR REGULATORY
COMMISSION
Jkt 229001
PO 00000
Frm 00003
Fmt 4700
Sfmt 4700
48037
ADAMS accession number for each
document referenced in this document
(if that document is available in
ADAMS) is provided the first time that
a document is referenced.
• NRC’s PDR: You may examine and
purchase copies of public documents at
the NRC’s PDR, Room O1–F21, One
White Flint North, 11555 Rockville
Pike, Rockville, Maryland 20852.
FOR FURTHER INFORMATION CONTACT:
Daniel W. Lenehan, Office of the
General Counsel, U.S. Nuclear
Regulatory Commission, Washington,
DC 20555–0001; telephone: 301–415–
3501, email: Daniel.Lenehan@nrc.gov.
SUPPLEMENTARY INFORMATION:
I. Background
II. Discussion
III. Section-by-Section Analysis
IV. Procedural Background
V. Compatibility of Agreement State
Regulations
VI. Plain Writing
VII. Voluntary Consensus Standards
VIII. Environmental Impact: Categorical
Exclusion
IX. Paperwork Reduction Act Statement
X. Regulatory Analysis
XI. Regulatory Flexibility Act Certification
XII. Backfitting
XIII. Congressional Review Act
I. Background
On December 29, 2009, the President
signed Executive Order 13526,
Classified National Security
Information, which was published in
the Federal Register on January 5, 2010
(75 FR 707). The Executive Order
prescribes training requirements
applicable to the NRC for the proper
safeguarding of national security
information and requires the NRC to
ensure that classified information
disseminated outside the executive
branch is protected ‘‘in a manner
equivalent to that provided within the
executive branch.’’ The Information
Security Oversight Office (ISOO) within
the National Archives and Records
Administration, which is responsible for
issuing guidance to Federal agencies on
the implementation of the Executive
Order, issued a final rule (75 FR 37254;
June 28, 2010) amending 32 CFR parts
2001 and 2003 (ISOO Regulations). The
final rule requires executive branch
agencies to conduct classified
information security refresher briefings
for all cleared employees at least
annually, and to provide derivative
classification training for employees
authorized to apply derivative
classifications prior to exercising such
authority and at least once every 2 years
thereafter. This rulemaking will
establish standard training requirements
for NRC licensee security education and
E:\FR\FM\07AUR1.SGM
07AUR1
48038
Federal Register / Vol. 78, No. 152 / Wednesday, August 7, 2013 / Rules and Regulations
emcdonald on DSK67QTVN1PROD with RULES
training programs in a manner
equivalent to that provided within the
executive branch.
II. Discussion
The NRC is issuing this direct final
rule to update part 95 of Title 10 of the
Code of Federal Regulations (10 CFR),
Facility Security Clearance and
Safeguarding of National Security
Information and Restricted Data,
§ 95.33, Security Education. These
updates require NRC licensees (or their
designees) to conduct classified
information security refresher briefings
for all cleared employees at least
annually, and to provide derivative
classification training for employees
authorized to apply derivative
classifications before exercising this
authority and then at least once every 2
years thereafter. This rule also gives
licensees flexibility in determining the
means and methods for providing this
training. The NRC regulations at 10 CFR
95.33 currently require NRC licensees,
or their designees, to conduct classified
information security refresher briefings
for all cleared employees every 3 years.
These regulations do not mandate a
uniform training frequency for
derivative classifiers.
The NRC has determined that
requiring cleared licensee employees to
undergo classified information security
refresher briefings at least annually and
standardizing the derivative
classification training for licensee
employees enhances the protection of
classified information by ensuring that
cleared individuals are properly aware
of their responsibilities to protect
classified information and conform NRC
regulations with executive branch
policies.
Section 4.1(e) of Executive Order
13526, Classified National Security
Information (75 FR 707; January 5, 2010)
(the Executive Order) requires the NRC
to ensure that classified information
disseminated outside the executive
branch is protected ‘‘in a manner
equivalent to that provided within the
executive branch.’’ The Information
Security Oversight Office (ISOO) within
the National Archives and Records
Administration is responsible for
issuing guidance to Federal agencies on
the implementation of the Executive
Order. On June 28, 2010, ISOO issued
a final rule (75 FR 37254; June 28, 2010;
amending 32 CFR parts 2001 and 2003
(ISOO Regulations)). The ISOO
Regulations require executive branch
agencies to conduct classified
information security refresher briefings
for all cleared employees at least
annually, and to provide derivative
classification training for employees
VerDate Mar<15>2010
15:58 Aug 06, 2013
Jkt 229001
authorized to apply derivative
classifications prior to exercising such
authority and at least once every 2 years
thereafter. This rulemaking will
standardize the frequency of required
security education training for NRC
licensee employees possessing security
clearances in a manner equivalent to
that provided within the executive
branch.
This direct final rule will establish
standard training requirements for NRC
licensee security education and training
programs. Implementation of this rule
will enhance the protection of classified
information, and ensure the protection
of classified information in a manner
equivalent to that provided within the
executive branch. Current NRC
regulations only require refresher
security education and training once
every 3 years for all NRC licensee
personnel who handle or generate
classified information. Updating 10 CFR
95.33 to require annual training will
enhance the protection of classified
information by ensuring that all NRC
licensee employees who create, process,
or handle classified information have a
satisfactory knowledge and
understanding of classification,
safeguarding, and declassification
policies and procedures.
Additionally, the current text of 10
CFR 95.33 does not provide for
education and training of NRC licensee
personnel authorized to apply
derivative classification markings. This
rulemaking enhances the protection of
classified information through uniform
training requirements for derivative
classifiers. The uniform standard will
have the beneficial effect of reducing
instances of over-classification or
improper classification, improper
safeguarding, and inappropriate or
inadequate declassification practices.
Finally, these updated requirements
are equivalent to requirements
applicable to the Commission itself via
the Executive Order and the ISOO
Regulations. The NRC has determined
that the updated requirements in this
final rule are consistent with the NRC
obligation, stated in Section 4.1(e) of the
Executive Order, to ensure that the
protection of classified information by
NRC licensees is performed in a manner
equivalent to that required within the
executive branch.
III. Section-by-Section Analysis
The initial paragraph of 10 CFR 95.33,
Security education, is amended to state
that program officials are responsible for
determining the methods for providing
security education and training. This
requirement is equivalent to
requirements applicable to the
PO 00000
Frm 00004
Fmt 4700
Sfmt 4700
Commission pursuant to 32 CFR
2001.70(c).
A new paragraph (e) has been added
to specify that access by licensees’
employees to classified information is
subject to a favorable eligibility
determination, signing an approved
non-disclosure agreement and the
employee’s need-to-know. This
requirement is equivalent to
requirements applicable to the
Commission pursuant to Section 4.1(a)
of the Executive Order.
Current paragraph (e) is redesignated
as paragraph (f) and revised to specify
that initial security training will be
provided to every person who has met
the criteria set forth in new paragraph
(e) before being granted access to
classified information. This requirement
is equivalent to requirements applicable
to the Commission pursuant to 32 CFR
2001.70(d)(1).
Current paragraph (f) is redesignated
as paragraph (g) and revised to specify
that the requirement for conducting
refresher briefings for all of a licensee’s
cleared employees is changed from
every 3 years to at least annually. This
requirement is equivalent to
requirements applicable to the
Commission pursuant to 32 CFR
2001.70(d)(4).
Current paragraph (g) is redesignated
as paragraph (i) and former paragraph
(h) is redesignated as paragraph (j).
New paragraph (h) specifies that
derivative classifiers are to receive
training prior to derivatively classifying
information and at least once every 2
years. This requirement is equivalent to
requirements applicable to the
Commission pursuant to 32 CFR
2001.70(d)(3).
Minor editorial changes were also
made to § 95.33.
IV. Procedural Background
Because the NRC considers this action
to be non-controversial, the NRC is
using the direct final rule process for
this rule. The amendments in this rule
will become effective on October 21,
2013. However, if the NRC receives
significant adverse comments on this
direct final rule by September 6, 2013,
then the NRC will publish a document
that withdraws this action and will
subsequently address the comments
received in a final rule as a response to
the companion proposed rule published
elsewhere in this issue of the Federal
Register. Absent significant
modifications to the proposed revisions
requiring republication, the NRC will
not initiate a second comment period on
this action.
A significant adverse comment is a
comment where the commenter
E:\FR\FM\07AUR1.SGM
07AUR1
Federal Register / Vol. 78, No. 152 / Wednesday, August 7, 2013 / Rules and Regulations
explains why the rule would be
inappropriate, including challenges to
the rule’s underlying premise or
approach, or would be ineffective or
unacceptable without a change. A
comment is adverse and significant if:
(1) The comment opposes the rule and
provides a reason sufficient to require a
substantive response in a notice-andcomment process. For example, a
substantive response is required when:
(A) The comment causes the NRC to
reevaluate (or reconsider) its position or
conduct additional analysis;
(B) The comment raises an issue
serious enough to warrant a substantive
response to clarify or complete the
record; or
(C) The comment raises a relevant
issue that was not previously addressed
or considered by the NRC.
(2) The comment proposes a change
or an addition to the rule and it is
apparent that the rule would be
ineffective or unacceptable without
incorporation of the change or addition.
(3) The comment causes the NRC to
make a change (other than editorial) to
the rule.
For detailed instruction on submitting
a comment, please see the companion
proposed rule published elsewhere in
this issue of the Federal Register.
V. Compatibility of Agreement State
Regulations
emcdonald on DSK67QTVN1PROD with RULES
Under the ‘‘Policy Statement on
Adequacy and Compatibility of
Agreement State Programs,’’ approved
by the Commission on June 30, 1997,
and published in the Federal Register
on September 3, 1997 (62 FR 46517),
this rule is classified as Compatibility
Category ‘‘NRC.’’ Compatibility is not
required for Category ‘‘NRC’’
regulations. The NRC program elements
in this category are those that relate
directly to areas of regulation reserved
to the NRC by the Atomic Energy Act of
1954, as amended, or the provisions of
10 CFR. Although an Agreement State
may not adopt program elements
reserved to the NRC, it may wish to
inform its licensees of certain
requirements via a mechanism that is
consistent with the particular State’s
administrative procedure laws but does
not confer regulatory authority on the
State.
VI. Plain Writing
The Plain Writing Act of 2010 (Pub.
L. 111–274) requires Federal agencies to
write documents in a clear, concise, and
well-organized manner. The NRC has
written this document to be consistent
with the Plain Writing Act as well as the
Presidential Memorandum, ‘‘Plain
VerDate Mar<15>2010
15:58 Aug 06, 2013
Jkt 229001
Language in Government Writing,’’
published June 10, 1998 (63 FR 31883).
VII. Voluntary Consensus Standards
The National Technology Transfer
and Advancement Act of 1995, Public
Law 104–113, requires Federal agencies
to use technical standards developed or
adopted by voluntary consensus
standards bodies unless the use of such
a standard is inconsistent with
applicable law or is otherwise
impractical. This direct final rule
amends the frequency of the training
required for employees of NRC licensees
handling classified information. This
action is administrative in nature and
does not involve the establishment or
application of a technical standard
containing generally applicable
requirements.
VIII. Environmental Impact:
Categorical Exclusion
The NRC has determined that this
direct final rule is the type of action
described in categorical exclusions 10
CFR 51.22(c)(1), (2), and (3)(iv).
Therefore, neither an environmental
impact statement nor an environmental
assessment has been prepared for this
direct final rule.
IX. Paperwork Reduction Act
Statement
This direct final rule does not contain
new or amended information collection
requirements subject to the Paperwork
Reduction Act of 1995 (44 U.S.C. 3501
et seq.). Existing requirements were
approved by the Office of Management
and Budget (OMB), approval number
3150–0047.
Public Protection Notification
The NRC may neither conduct nor
sponsor, and a person is not required to
respond to, an information collection
request or requirement unless the
requesting document displays a
currently valid OMB control number.
X. Regulatory Analysis
The NRC has prepared a regulatory
analysis on this regulation. The analysis
examines the costs and benefits of the
alternatives considered by the NRC.
Statement of the Problem and Reasons
for the Rulemaking
The NRC regulations in 10 CFR part
95 establish procedures for safeguarding
Secret and Confidential National
Security Information and Restricted
Data received or developed in
conjunction with activities licensed,
certified, or regulated by the
Commission. The requirements set forth
in 10 CFR 95.33 currently require
PO 00000
Frm 00005
Fmt 4700
Sfmt 4700
48039
security refresher training for all cleared
employees every 3 years. However, they
do not address initial or refresher
training for persons who apply
derivative classification markings.
The NRC has determined that
requiring cleared employees of NRC
licensees to undergo classified
information security refresher briefings
at least annually and standardizing the
derivative classification training for
cleared employees of NRC licensees will
enhance the protection of classified
information. Annual classified
information security refresher briefings
will help ensure that cleared employees
of NRC licensees have adequate
knowledge and understanding of proper
classification policies and procedures
and thereby help reduce instances of
improper processing, handling, storage,
and declassification of classified
information. Standardized derivative
classification training will help ensure
that cleared employees of NRC licensees
will have a proper understanding of
derivative classification policies and
procedures and thereby help reduce
instances of improper classification of
derivative documents containing
classified information.
Furthermore, this rulemaking will
bring the requirements for licensee
protection of classified information into
alignment with two new requirements
imposed on the Commission for the
protection of classified information by
Executive Order 13526 and the ISOO
Regulations implementing the
requirements of the Executive Order set
forth at 32 CFR part 2001.
The Executive Order and the ISOO
Regulations at 32 CFR 2001.70(d)(3)
specify that Federal government
employees who ‘‘apply derivative
classification markings shall receive
training in the proper application of the
derivative classification principles of
the Executive Order prior to derivatively
classifying information and at least once
every 2 years.’’ Additionally, 32 CFR
2001.70(d)(4) directs each U.S.
Government agency to ‘‘provide some
form of refresher security education and
training at least annually for all its
personnel who handle or generate
classified information.’’
The purpose of this rulemaking is
twofold. First, this rulemaking ensures
that classified information possessed or
accessed by employees of NRC licensees
is effectively safeguarded. The NRC has
determined that successful safeguarding
of classified information requires
effective security education and training
programs. The NRC has further
determined that updating its 10 CFR
part 95 security education and training
programs to achieve parity with the
E:\FR\FM\07AUR1.SGM
07AUR1
48040
Federal Register / Vol. 78, No. 152 / Wednesday, August 7, 2013 / Rules and Regulations
Executive Order and the ISOO
Regulations is necessary to ensure these
programs are effective. Second, this
rulemaking ‘‘ensure[s] the protection of
[classified] information in a manner
equivalent to that provided within the
executive branch,’’ as required by
Section 4.1(e) of the Executive Order by
updating training requirements
applicable to licensees to be equivalent
to training requirements applicable to
the Commission itself.
Background
Regulatory Objective
The NRC objective for this final rule
is to require that all cleared employees
of NRC licensees receive security
refresher training on an annual basis. In
addition, all licensee employees who
apply derivative classification markings
shall receive training in their derivative
classification duties prior to derivatively
classifying information and at least once
every 2 years thereafter.
Identification and Preliminary Analysis
of Alternative Approaches
No-Action Alternative: Under this
option, the NRC would not amend the
current regulations under 10 CFR part
95 to require security refresher training
every year rather than every 3 years. The
NRC would also not amend the current
regulations under 10 CFR part 95 to
require training for derivative classifiers
prior to derivatively classifying
information and at least once every 2
years. This option would avoid certain
costs that the rule will impose.
However, taking no action would mean
that licensees who handle and store
classified information are not protecting
that information in accordance with the
requirements the NRC considers
necessary to be consistent with the
objectives of Executive Order 13526 to
enhance the adequate protection of
classified information consistent with
the goal of protecting national security.
This no-action alternative is the baseline
for this regulatory analysis.
emcdonald on DSK67QTVN1PROD with RULES
Estimate and Evaluation of Values and
Impacts
Overview: This final rule revises the
governing regulations under 10 CFR part
95 to require licensees to handle
classified information in the same
manner as is required of employees of
Federal agencies by the Executive
Order. This rulemaking adds value
because it ensures those licensees who
are handling and derivatively marking
classified information are appropriately
trained in the protection of classified
information in accordance with current
federal standards and requirements.
VerDate Mar<15>2010
15:58 Aug 06, 2013
Jkt 229001
Impacts on Licensees: Impacts upon
licensees from this final rule will be
minimal. Only the three 10 CFR part 70
licensees and one Part 76 Certificate
holder, for which the NRC is the
Cognizant Security Agency (CSA),
would be affected by the rule. A fourth
10 CFR part 70 licensee will be affected
later this year when it becomes a
possessor of classified matter. Of those
three, two already commit in their
internal procedures to annual security
education briefings of all their
employees and are conducting initial
and refresher training of their
employees who apply derivative
classification markings more frequently
than every 2 years. The other licensee is
conducting annual refresher training
and training its derivative classifiers at
least every 2 years but does not commit
to those requirements in its security
program. It is estimated that there will
be no one-time cost associated with
amending their licenses through
security plan changes since the only
change is from three years to annually.
Two of the three licensees have
contractors who possess classified
information and therefore, have their
own independent security plans. It is
estimated that there will also be no onetime cost associated with amending
their licenses through security plan
changes since the only change is from
three years to annually. Since the
majority of the training is administered
electronically, there is little to no cost
of preparing and administering the
training sessions. Those 10 CFR part 50
licensees who only access classified
information but do not possess it will be
impacted minimally from the increase
in frequency of security education
briefings, since those licensees only
have three to five employees who are
cleared to access classified information.
The associated security plan change
would merely update the frequency of
refresher training from 3 years to
annually. In addition, none of their
employees are derivative classifiers.
Impacts on the NRC: The primary
impact on the NRC will be the resources
expended in conducting this rulemaking
and reviewing the amended security
plans and programs. The staff time to
review revisions to security plans and
programs to ensure commitment to the
new requirements is minimal. It is
estimated that this will require no more
than 20 hours and will be accomplished
by existing staff as part of their normal
workload.
Impacts on Other Stakeholders: The
NRC staff has identified one impact to
other stakeholders. Those contractors
that support licensees who handle
classified information but are not
PO 00000
Frm 00006
Fmt 4700
Sfmt 4700
cleared for storage will have to amend
their security plans to change the
frequency of refresher training from 3
years to annually. These contractors are
not required to have derivative
classifiers.
XI. Regulatory Flexibility Act
Certification
Under the Regulatory Flexibility Act,
5 U.S.C 605(b), the Commission certifies
that this direct final rule amending 10
CFR part 95 does not have a significant
economic impact on a substantial
number of small entities. This direct
final rule applies to those licensees who
generate, receive, safeguard, and store
National Security Information or
Restricted Data (as defined in 10 CFR
part 95). The requirements in this direct
final rule apply to licensees who operate
power reactors as well as licensees
operating fuel cycle facilities. None of
these licensees are ‘‘small entities’’ as
defined in the Regulatory Flexibility Act
or the size standards established by the
NRC (10 CFR 2.810). This direct final
rule also applies to contractors of those
licensees required to comply with this
direct final rule who generate, receive,
safeguard, and store National Security
Information or Restricted Data (as
defined in 10 CFR part 95), received or
developed in conjunction with activities
licensed, certified, or regulated by the
Commission. Some of these contractors
may be ‘‘small entities’’ as defined in
the Regulatory Flexibility Act or the
NRC’s size standards. However, the
impact on these contractors is not
significant because it is the licensees,
not the contractors, who are required to
offer the training and absorb its costs.
XII. Backfitting
This direct final rule will apply to all
NRC licensees who receive or possess
Classified National Security
Information. The NRC has determined
that the modifications constitute
backfitting as defined in 10 CFR 50.109
for power reactors, 10 CFR 76.76 for
gaseous diffusion plants, 10 CFR 72.62
for independent spent fuel storage
installations or monitored retrievable
storage installations, and 10 CFR 70.76
for special nuclear material licensees.
Consequently, the NRC has prepared the
following backfit analysis. The
Commission has determined that there
will be a substantial increase in the
overall common defense and security
derived from the backfit, and that the
direct and indirect costs that will result
from the implementation of the backfit
are justified.
E:\FR\FM\07AUR1.SGM
07AUR1
Federal Register / Vol. 78, No. 152 / Wednesday, August 7, 2013 / Rules and Regulations
A Statement of the Specific Objectives
That the Backfit is Designed to Achieve.
The Commission is amending its
regulations at 10 CFR 95.33 to update
the frequency of training requirements
applicable to licensees in order to
enhance the protection of classified
information, and to ensure that there is
no discrepancy in the level of protection
afforded such information regardless of
whether it is in the possession of the
NRC or of its licensees. The objective of
the backfit is to ensure that protection
of Secret and Confidential National
Security Information and Restricted
Data received or developed in
conjunction with activities licensed,
certified, or regulated by the
Commission, in the possession of
Commission licensees is enhanced and
is as well protected as such information
would be if it was in the hands of the
Commission itself.
A General Description of the Activity
That Would Be Required of the Licensee
or the Applicant To Complete the
Backfit.
Licensee personnel who apply
derivative classification markings will
receive training in the proper
application of the derivative
classification principles, with an
emphasis on avoiding overclassification, at least once every 2
years. In addition, licensees will be
required to provide some form of
refresher security education and
training at least annually for all of its
personnel who handle or generate
classified information.
The Potential Change in the Risk to the
Public From the Accidental Offsite
Release of Radioactive Material.
None.
emcdonald on DSK67QTVN1PROD with RULES
The Potential Impact on the
Radiological Exposure of Facility
Employees.
None.
The Installation and Continuing Costs
Associated With the Backfit, Including
the Cost of Facility Downtime or the
Cost of Construction Delay.
Impacts upon licensees from this
direct final rule will be minimal. There
are only three 10 CFR part 70 licensees
and one Part 76 Certificate holder who
possess classified information. A fourth
10 CFR part 70 licensee will be affected
later this year when it becomes a
possessor of classified matter. Of those
three, two already commit in their
internal procedures to annual security
education briefings of all their
employees and are conducting initial
and refresher training of their
VerDate Mar<15>2010
15:58 Aug 06, 2013
Jkt 229001
employees who apply derivative
classification markings more frequently
than every 2 years. The other licensee is
conducting annual refresher training
and training its derivative classifiers at
least every 2 years but does not commit
to those requirements in its security
program. It is estimated that there will
be no one-time cost associated with
amending licenses through security plan
changes since the only change is from
three years to annually. Two of the three
licensees have contractors who possess
classified information and therefore,
have their own independent security
plans. It is estimated that there will also
be no one-time cost associated with
amending licenses through security plan
changes ranges since the only change is
from three years to annually. Since the
majority of the training is administered
electronically, there is little to no cost
of preparing and administering the
training sessions. Those 10 CFR part 50
licensees who only access classified
information but do not posses it will be
impacted minimally from the increase
in frequency of security education
briefings since those licensees only have
three to five employees who are cleared
for access to classified information. The
associated security plan change would
merely update the frequency of refresher
training from 3 years to annually. In
addition, none of their employees are
derivative classifiers.
The NRC staff has identified one
impact to other stakeholders. Those
contractors that support licensees who
handle classified information but are
not cleared for storage will have to
amend their security plans to change the
frequency of refresher training from 3
years to annually. These contractors are
not required to have derivative
classifiers.
The Potential Safety Impact of Changes
in Plant or Operational Complexity,
Including the Relationship to Proposed
and Existing Regulatory Requirements.
None.
The Estimated Resource Burden on the
NRC Associated With the Backfit and
the Availability of NRC Resources.
The primary impact on the NRC will
be the resources expended in
conducting this rulemaking and
reviewing the amended security plans
and programs. The staff time to review
revisions to security plans to ensure
commitment to the new requirements is
minimal.
PO 00000
Frm 00007
Fmt 4700
Sfmt 4700
48041
The Potential Impact of Differences in
Facility Type, Design, or Age on the
Relevance and Practicality of the
Backfit.
None.
Whether the Backfit is Interim or Final
and, if Interim, the Justification for
Imposing the Backfit on an Interim
Basis.
The backfit is final.
XIII. Congressional Review Act
Under the Congressional Review Act
of 1996, the NRC has determined that
this action is not a major rule and has
verified this determination with the
Office of Information and Regulatory
Affairs of OMB.
List of Subjects in 10 CFR Part 95
Classified information, Criminal
penalties, Reporting and recordkeeping
requirements, Security measures.
For the reasons set forth in the
preamble and under the authority of the
Atomic Energy Act of 1954, as amended;
the Energy Reorganization Act of 1974,
as amended; and 5 U.S.C. 552 and 553;
the NRC is adopting the following
amendments to 10 CFR part 95.
PART 95—FACILITY SECURITY
CLEARANCE AND SAFEGUARDING
OF NATIONAL SECURITY
INFORMATION AND RESTRICTED
DATA
1. The authority citation for part 95
continues to read as follows:
■
Authority: Atomic Energy Act Secs. 145,
161, 223, 234 (42 U.S.C. 2165, 2201, 2273,
2282); Energy Reorganization Act sec. 201 (42
U.S.C.5841); Government Paperwork
Elimination Act sec. 1704 (44 U.S.C. 3504
note); E.O. 10865, as amended, 3 CFR 1959–
1963 Comp., p. 398 (50 U.S.C. 401, note);
E.O. 12829, 3 CFR, 1993 Comp., p. 570; EO
13526, 3 CFR 2010 Comp., pp. 298–327; E.O.
12968, 3 CFR, 1995 Comp., p. 391; E.O.
13526, 3 CFR, 2010 Comp., p. 298.
■
2. Revise § 95.33 to read as follows:
§ 95.33
Security education.
All cleared employees must be
provided with security training and
briefings commensurate with their
involvement with classified
information. The facility official(s)
responsible for the program shall
determine the means and methods for
providing security education and
training. A licensee or other entity
subject to part 95 may obtain defensive
security, threat awareness, and other
education and training information and
material from their Cognizant Security
Agency (CSA) or other appropriate
sources.
E:\FR\FM\07AUR1.SGM
07AUR1
emcdonald on DSK67QTVN1PROD with RULES
48042
Federal Register / Vol. 78, No. 152 / Wednesday, August 7, 2013 / Rules and Regulations
(a) Facility Security Officer Training.
Licensees or other entities subject to
part 95 are responsible for ensuring that
the Facility Security Officer, and other
personnel performing security duties,
complete security training deemed
appropriate by the CSA. Training
requirements must be based on the
facility’s involvement with classified
information and may include a Facility
Security Officer Orientation Course and,
for Facility Security Officers at facilities
with safeguarding capability, a Facility
Security Officer Program Management
Course. Training, if required, should be
completed within 1 year of appointment
to the position of Facility Security
Officer.
(b) Government-Provided Briefings.
The CSA is responsible for providing
initial security briefings to the Facility
Security Officer, and for ensuring that
other briefings required for special
categories of information are provided.
(c) Temporary Help Suppliers. A
temporary help supplier, or other
contractor who employs cleared
individuals solely for dispatch
elsewhere, is responsible for ensuring
that required briefings are provided to
their cleared personnel. The temporary
help supplier or the using licensee’s,
certificate holder’s, or other person’s
facility may conduct these briefings.
(d) Classified Information
Nondisclosure Agreement (SF–312). The
SF–312 is an agreement between the
United States and an individual who is
cleared for access to classified
information. An employee issued an
initial access authorization must, in
accordance with the requirements of
§ 25.23 of this chapter, execute an SF–
312 before being granted access to
classified information. The Facility
Security Officer shall forward the
executed SF–312 to the CSA for
retention. If the employee refuses to
execute the SF–312, the licensee or
other facility shall deny the employee
access to classified information and
submit a report to the CSA. The SF–312
must be signed and dated by the
employee and witnessed. The
employee’s and witness’ signatures
must bear the same date.
(e) Access to Classified Information.
Employees may have access to classified
information only if:
(1) A favorable determination of
eligibility for access has been made with
respect to such employee by the CSA;
(2) The employee has signed an
approved non-disclosure agreement;
and
(3) The employee has a need-to-know
the information.
(f) Initial Security Briefings. Initial
training shall be provided to every
VerDate Mar<15>2010
15:58 Aug 06, 2013
Jkt 229001
employee who has met the standards for
access to classified information in
accordance with paragraph (e) of this
section before the employee is granted
access to classified information. The
initial training shall include the
following topics:
(1) A Threat Awareness Briefing;
(2) A Defensive Security Briefing;
(3) An overview of the security
classification system;
(4) Employee reporting obligations
and requirements; and
(5) Security procedures and duties
applicable to the employee’s job.
(g) Refresher Briefings. The licensee or
other entities subject to part 95 shall
conduct refresher briefings for all
cleared employees at least annually. As
a minimum, the refresher briefing must
reinforce the information provided
during the initial briefing and inform
employees of appropriate changes in
security regulations. This requirement
may be satisfied by use of audio/video
materials and/or by issuing written
materials to cleared employees.
(h) Persons who apply derivative
classification markings shall receive
training specific to the proper
application of the derivative
classification principles of Executive
Order 13526, Classified National
Security Information (75 FR 707;
January 5, 2010), before derivatively
classifying information and at least once
every 2 years thereafter.
(i) Debriefings. Licensee and other
facilities shall debrief cleared
employees at the time of termination of
employment (discharge, resignation, or
retirement); when an employee’s access
authorization is terminated, suspended,
or revoked; and upon termination of the
Facility Clearance.
(j) Records reflecting an individual’s
initial and refresher security
orientations and security termination
must be maintained for 3 years after
termination of the individual’s access
authorization.
Dated at Rockville, Maryland, this 23rd day
of July, 2013.
For the Nuclear Regulatory Commission.
R. William Borchardt,
Executive Director for Operations.
[FR Doc. 2013–18947 Filed 8–6–13; 8:45 am]
BILLING CODE 7590–01–P
PO 00000
Frm 00008
Fmt 4700
Sfmt 4700
DEPARTMENT OF DEFENSE
Department of the Navy
32 CFR Part 706
Certifications and Exemptions Under
the International Regulations for
Preventing Collisions at Sea, 1972
Department of the Navy, DoD.
Final rule.
AGENCY:
ACTION:
The Department of the Navy
(DoN) is amending its certifications and
exemptions under the International
Regulations for Preventing Collisions at
Sea, 1972 (72 COLREGS), to reflect that
the Deputy Assistant Judge Advocate
General (DAJAG)(Admiralty and
Maritime Law) has determined that USS
INDEPENDENCE (LCS 2) is a vessel of
the Navy which, due to its special
construction and purpose, cannot fully
comply with certain provisions of the 72
COLREGS without interfering with its
special function as a naval ship. The
intended effect of this rule is to warn
mariners in waters where 72 COLREGS
apply.
DATES: This rule is effective August 7,
2013 and is applicable beginning July
24, 2013.
FOR FURTHER INFORMATION CONTACT:
Lieutenant Jocelyn Loftus-Williams,
JAGC, U.S. Navy, Admiralty Attorney,
(Admiralty and Maritime Law), Office of
the Judge Advocate General, Department
of the Navy, 1322 Patterson Ave., SE.,
Suite 3000, Washington Navy Yard, DC
20374–5066, telephone number: 202–
685–5040.
SUPPLEMENTARY INFORMATION: Pursuant
to the authority granted in 33 U.S.C.
1605, the DoN amends 32 CFR Part 706.
This amendment provides notice that
the DAJAG (Admiralty and Maritime
Law), of the DoN, under authority
delegated by the Secretary of the Navy,
has certified that USS INDEPENDENCE
(LCS 2) is a vessel of the Navy which,
due to its special construction and
purpose, cannot fully comply with the
following specific provisions of 72
COLREGS without interfering with its
special function as a naval ship: Annex
I paragraph 2 (a)(i), pertaining to the
location of the forward masthead light at
a height not less than 12 meters above
the hull; Annex I, paragraph 3(a),
pertaining to the location of the forward
masthead light in the forward quarter of
the ship, and the horizontal distance
between the forward and after masthead
lights. The DAJAG (Admiralty and
Maritime Law) has also certified that the
lights involved are located in closest
possible compliance with the applicable
72 COLREGS requirements.
SUMMARY:
E:\FR\FM\07AUR1.SGM
07AUR1
Agencies
[Federal Register Volume 78, Number 152 (Wednesday, August 7, 2013)]
[Rules and Regulations]
[Pages 48037-48042]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-18947]
=======================================================================
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
10 CFR Part 95
[NRC-2011-0268]
RIN 3150-AJ07
Facility Security Clearance and Safeguarding of National Security
Information and Restricted Data
AGENCY: Nuclear Regulatory Commission.
ACTION: Direct final rule.
-----------------------------------------------------------------------
SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is updating its
regulations to standardize the frequency of required security education
training for employees of NRC licensees possessing security clearances
so that such training will be conducted annually consistent with the
objectives of Executive Order 13526, Classified National Security
Information. The rule allows licensees flexibility in determining the
means and methods for providing this training. This action establishes
uniformity in the frequency of licensee security education and training
programs and enhances the protection of classified information.
DATES: This rule is effective October 21, 2013 unless significant
adverse comments are received by September 6, 2013.
ADDRESSES: Please refer to Docket ID NRC-2011-0268 when contacting the
NRC about the availability of information for this direct final rule.
You may access information and comment submittals related to this
direct final rule, which the NRC possesses and is publicly available,
by any of the following methods:
Federal Rulemaking Web site: Go to https://www.regulations.gov and search for Docket ID NRC-2011-0268. Address
questions about NRC dockets to Carol Gallagher; telephone: 301-287-
3422; email: Carol.Gallagher@nrc.gov. For technical questions, please
contact the individual listed in the FOR FURTHER INFORMATION CONTACT
section of this proposed rule.
NRC's Agencywide Documents Access and Management System
(ADAMS): You may access publicly available documents online in the NRC
Library at https://www.nrc.gov/reading-rm/adams.html. To begin the
search, select ``ADAMS Public Documents'' and then select ``Begin Web-
based ADAMS Search.'' For problems with ADAMS, please contact the NRC's
Public Document Room (PDR) reference staff at 1-800-397-4209, 301-415-
4737, or by email to pdr.resource@nrc.gov. The ADAMS accession number
for each document referenced in this document (if that document is
available in ADAMS) is provided the first time that a document is
referenced.
NRC's PDR: You may examine and purchase copies of public
documents at the NRC's PDR, Room O1-F21, One White Flint North, 11555
Rockville Pike, Rockville, Maryland 20852.
FOR FURTHER INFORMATION CONTACT: Daniel W. Lenehan, Office of the
General Counsel, U.S. Nuclear Regulatory Commission, Washington, DC
20555-0001; telephone: 301-415-3501, email: Daniel.Lenehan@nrc.gov.
SUPPLEMENTARY INFORMATION:
I. Background
II. Discussion
III. Section-by-Section Analysis
IV. Procedural Background
V. Compatibility of Agreement State Regulations
VI. Plain Writing
VII. Voluntary Consensus Standards
VIII. Environmental Impact: Categorical Exclusion
IX. Paperwork Reduction Act Statement
X. Regulatory Analysis
XI. Regulatory Flexibility Act Certification
XII. Backfitting
XIII. Congressional Review Act
I. Background
On December 29, 2009, the President signed Executive Order 13526,
Classified National Security Information, which was published in the
Federal Register on January 5, 2010 (75 FR 707). The Executive Order
prescribes training requirements applicable to the NRC for the proper
safeguarding of national security information and requires the NRC to
ensure that classified information disseminated outside the executive
branch is protected ``in a manner equivalent to that provided within
the executive branch.'' The Information Security Oversight Office
(ISOO) within the National Archives and Records Administration, which
is responsible for issuing guidance to Federal agencies on the
implementation of the Executive Order, issued a final rule (75 FR
37254; June 28, 2010) amending 32 CFR parts 2001 and 2003 (ISOO
Regulations). The final rule requires executive branch agencies to
conduct classified information security refresher briefings for all
cleared employees at least annually, and to provide derivative
classification training for employees authorized to apply derivative
classifications prior to exercising such authority and at least once
every 2 years thereafter. This rulemaking will establish standard
training requirements for NRC licensee security education and
[[Page 48038]]
training programs in a manner equivalent to that provided within the
executive branch.
II. Discussion
The NRC is issuing this direct final rule to update part 95 of
Title 10 of the Code of Federal Regulations (10 CFR), Facility Security
Clearance and Safeguarding of National Security Information and
Restricted Data, Sec. 95.33, Security Education. These updates require
NRC licensees (or their designees) to conduct classified information
security refresher briefings for all cleared employees at least
annually, and to provide derivative classification training for
employees authorized to apply derivative classifications before
exercising this authority and then at least once every 2 years
thereafter. This rule also gives licensees flexibility in determining
the means and methods for providing this training. The NRC regulations
at 10 CFR 95.33 currently require NRC licensees, or their designees, to
conduct classified information security refresher briefings for all
cleared employees every 3 years. These regulations do not mandate a
uniform training frequency for derivative classifiers.
The NRC has determined that requiring cleared licensee employees to
undergo classified information security refresher briefings at least
annually and standardizing the derivative classification training for
licensee employees enhances the protection of classified information by
ensuring that cleared individuals are properly aware of their
responsibilities to protect classified information and conform NRC
regulations with executive branch policies.
Section 4.1(e) of Executive Order 13526, Classified National
Security Information (75 FR 707; January 5, 2010) (the Executive Order)
requires the NRC to ensure that classified information disseminated
outside the executive branch is protected ``in a manner equivalent to
that provided within the executive branch.'' The Information Security
Oversight Office (ISOO) within the National Archives and Records
Administration is responsible for issuing guidance to Federal agencies
on the implementation of the Executive Order. On June 28, 2010, ISOO
issued a final rule (75 FR 37254; June 28, 2010; amending 32 CFR parts
2001 and 2003 (ISOO Regulations)). The ISOO Regulations require
executive branch agencies to conduct classified information security
refresher briefings for all cleared employees at least annually, and to
provide derivative classification training for employees authorized to
apply derivative classifications prior to exercising such authority and
at least once every 2 years thereafter. This rulemaking will
standardize the frequency of required security education training for
NRC licensee employees possessing security clearances in a manner
equivalent to that provided within the executive branch.
This direct final rule will establish standard training
requirements for NRC licensee security education and training programs.
Implementation of this rule will enhance the protection of classified
information, and ensure the protection of classified information in a
manner equivalent to that provided within the executive branch. Current
NRC regulations only require refresher security education and training
once every 3 years for all NRC licensee personnel who handle or
generate classified information. Updating 10 CFR 95.33 to require
annual training will enhance the protection of classified information
by ensuring that all NRC licensee employees who create, process, or
handle classified information have a satisfactory knowledge and
understanding of classification, safeguarding, and declassification
policies and procedures.
Additionally, the current text of 10 CFR 95.33 does not provide for
education and training of NRC licensee personnel authorized to apply
derivative classification markings. This rulemaking enhances the
protection of classified information through uniform training
requirements for derivative classifiers. The uniform standard will have
the beneficial effect of reducing instances of over-classification or
improper classification, improper safeguarding, and inappropriate or
inadequate declassification practices.
Finally, these updated requirements are equivalent to requirements
applicable to the Commission itself via the Executive Order and the
ISOO Regulations. The NRC has determined that the updated requirements
in this final rule are consistent with the NRC obligation, stated in
Section 4.1(e) of the Executive Order, to ensure that the protection of
classified information by NRC licensees is performed in a manner
equivalent to that required within the executive branch.
III. Section-by-Section Analysis
The initial paragraph of 10 CFR 95.33, Security education, is
amended to state that program officials are responsible for determining
the methods for providing security education and training. This
requirement is equivalent to requirements applicable to the Commission
pursuant to 32 CFR 2001.70(c).
A new paragraph (e) has been added to specify that access by
licensees' employees to classified information is subject to a
favorable eligibility determination, signing an approved non-disclosure
agreement and the employee's need-to-know. This requirement is
equivalent to requirements applicable to the Commission pursuant to
Section 4.1(a) of the Executive Order.
Current paragraph (e) is redesignated as paragraph (f) and revised
to specify that initial security training will be provided to every
person who has met the criteria set forth in new paragraph (e) before
being granted access to classified information. This requirement is
equivalent to requirements applicable to the Commission pursuant to 32
CFR 2001.70(d)(1).
Current paragraph (f) is redesignated as paragraph (g) and revised
to specify that the requirement for conducting refresher briefings for
all of a licensee's cleared employees is changed from every 3 years to
at least annually. This requirement is equivalent to requirements
applicable to the Commission pursuant to 32 CFR 2001.70(d)(4).
Current paragraph (g) is redesignated as paragraph (i) and former
paragraph (h) is redesignated as paragraph (j).
New paragraph (h) specifies that derivative classifiers are to
receive training prior to derivatively classifying information and at
least once every 2 years. This requirement is equivalent to
requirements applicable to the Commission pursuant to 32 CFR
2001.70(d)(3).
Minor editorial changes were also made to Sec. 95.33.
IV. Procedural Background
Because the NRC considers this action to be non-controversial, the
NRC is using the direct final rule process for this rule. The
amendments in this rule will become effective on October 21, 2013.
However, if the NRC receives significant adverse comments on this
direct final rule by September 6, 2013, then the NRC will publish a
document that withdraws this action and will subsequently address the
comments received in a final rule as a response to the companion
proposed rule published elsewhere in this issue of the Federal
Register. Absent significant modifications to the proposed revisions
requiring republication, the NRC will not initiate a second comment
period on this action.
A significant adverse comment is a comment where the commenter
[[Page 48039]]
explains why the rule would be inappropriate, including challenges to
the rule's underlying premise or approach, or would be ineffective or
unacceptable without a change. A comment is adverse and significant if:
(1) The comment opposes the rule and provides a reason sufficient
to require a substantive response in a notice-and-comment process. For
example, a substantive response is required when:
(A) The comment causes the NRC to reevaluate (or reconsider) its
position or conduct additional analysis;
(B) The comment raises an issue serious enough to warrant a
substantive response to clarify or complete the record; or
(C) The comment raises a relevant issue that was not previously
addressed or considered by the NRC.
(2) The comment proposes a change or an addition to the rule and it
is apparent that the rule would be ineffective or unacceptable without
incorporation of the change or addition.
(3) The comment causes the NRC to make a change (other than
editorial) to the rule.
For detailed instruction on submitting a comment, please see the
companion proposed rule published elsewhere in this issue of the
Federal Register.
V. Compatibility of Agreement State Regulations
Under the ``Policy Statement on Adequacy and Compatibility of
Agreement State Programs,'' approved by the Commission on June 30,
1997, and published in the Federal Register on September 3, 1997 (62 FR
46517), this rule is classified as Compatibility Category ``NRC.''
Compatibility is not required for Category ``NRC'' regulations. The NRC
program elements in this category are those that relate directly to
areas of regulation reserved to the NRC by the Atomic Energy Act of
1954, as amended, or the provisions of 10 CFR. Although an Agreement
State may not adopt program elements reserved to the NRC, it may wish
to inform its licensees of certain requirements via a mechanism that is
consistent with the particular State's administrative procedure laws
but does not confer regulatory authority on the State.
VI. Plain Writing
The Plain Writing Act of 2010 (Pub. L. 111-274) requires Federal
agencies to write documents in a clear, concise, and well-organized
manner. The NRC has written this document to be consistent with the
Plain Writing Act as well as the Presidential Memorandum, ``Plain
Language in Government Writing,'' published June 10, 1998 (63 FR
31883).
VII. Voluntary Consensus Standards
The National Technology Transfer and Advancement Act of 1995,
Public Law 104-113, requires Federal agencies to use technical
standards developed or adopted by voluntary consensus standards bodies
unless the use of such a standard is inconsistent with applicable law
or is otherwise impractical. This direct final rule amends the
frequency of the training required for employees of NRC licensees
handling classified information. This action is administrative in
nature and does not involve the establishment or application of a
technical standard containing generally applicable requirements.
VIII. Environmental Impact: Categorical Exclusion
The NRC has determined that this direct final rule is the type of
action described in categorical exclusions 10 CFR 51.22(c)(1), (2), and
(3)(iv). Therefore, neither an environmental impact statement nor an
environmental assessment has been prepared for this direct final rule.
IX. Paperwork Reduction Act Statement
This direct final rule does not contain new or amended information
collection requirements subject to the Paperwork Reduction Act of 1995
(44 U.S.C. 3501 et seq.). Existing requirements were approved by the
Office of Management and Budget (OMB), approval number 3150-0047.
Public Protection Notification
The NRC may neither conduct nor sponsor, and a person is not
required to respond to, an information collection request or
requirement unless the requesting document displays a currently valid
OMB control number.
X. Regulatory Analysis
The NRC has prepared a regulatory analysis on this regulation. The
analysis examines the costs and benefits of the alternatives considered
by the NRC.
Statement of the Problem and Reasons for the Rulemaking
The NRC regulations in 10 CFR part 95 establish procedures for
safeguarding Secret and Confidential National Security Information and
Restricted Data received or developed in conjunction with activities
licensed, certified, or regulated by the Commission. The requirements
set forth in 10 CFR 95.33 currently require security refresher training
for all cleared employees every 3 years. However, they do not address
initial or refresher training for persons who apply derivative
classification markings.
The NRC has determined that requiring cleared employees of NRC
licensees to undergo classified information security refresher
briefings at least annually and standardizing the derivative
classification training for cleared employees of NRC licensees will
enhance the protection of classified information. Annual classified
information security refresher briefings will help ensure that cleared
employees of NRC licensees have adequate knowledge and understanding of
proper classification policies and procedures and thereby help reduce
instances of improper processing, handling, storage, and
declassification of classified information. Standardized derivative
classification training will help ensure that cleared employees of NRC
licensees will have a proper understanding of derivative classification
policies and procedures and thereby help reduce instances of improper
classification of derivative documents containing classified
information.
Furthermore, this rulemaking will bring the requirements for
licensee protection of classified information into alignment with two
new requirements imposed on the Commission for the protection of
classified information by Executive Order 13526 and the ISOO
Regulations implementing the requirements of the Executive Order set
forth at 32 CFR part 2001.
The Executive Order and the ISOO Regulations at 32 CFR
2001.70(d)(3) specify that Federal government employees who ``apply
derivative classification markings shall receive training in the proper
application of the derivative classification principles of the
Executive Order prior to derivatively classifying information and at
least once every 2 years.'' Additionally, 32 CFR 2001.70(d)(4) directs
each U.S. Government agency to ``provide some form of refresher
security education and training at least annually for all its personnel
who handle or generate classified information.''
The purpose of this rulemaking is twofold. First, this rulemaking
ensures that classified information possessed or accessed by employees
of NRC licensees is effectively safeguarded. The NRC has determined
that successful safeguarding of classified information requires
effective security education and training programs. The NRC has further
determined that updating its 10 CFR part 95 security education and
training programs to achieve parity with the
[[Page 48040]]
Executive Order and the ISOO Regulations is necessary to ensure these
programs are effective. Second, this rulemaking ``ensure[s] the
protection of [classified] information in a manner equivalent to that
provided within the executive branch,'' as required by Section 4.1(e)
of the Executive Order by updating training requirements applicable to
licensees to be equivalent to training requirements applicable to the
Commission itself.
Background
Regulatory Objective
The NRC objective for this final rule is to require that all
cleared employees of NRC licensees receive security refresher training
on an annual basis. In addition, all licensee employees who apply
derivative classification markings shall receive training in their
derivative classification duties prior to derivatively classifying
information and at least once every 2 years thereafter.
Identification and Preliminary Analysis of Alternative Approaches
No-Action Alternative: Under this option, the NRC would not amend
the current regulations under 10 CFR part 95 to require security
refresher training every year rather than every 3 years. The NRC would
also not amend the current regulations under 10 CFR part 95 to require
training for derivative classifiers prior to derivatively classifying
information and at least once every 2 years. This option would avoid
certain costs that the rule will impose. However, taking no action
would mean that licensees who handle and store classified information
are not protecting that information in accordance with the requirements
the NRC considers necessary to be consistent with the objectives of
Executive Order 13526 to enhance the adequate protection of classified
information consistent with the goal of protecting national security.
This no-action alternative is the baseline for this regulatory
analysis.
Estimate and Evaluation of Values and Impacts
Overview: This final rule revises the governing regulations under
10 CFR part 95 to require licensees to handle classified information in
the same manner as is required of employees of Federal agencies by the
Executive Order. This rulemaking adds value because it ensures those
licensees who are handling and derivatively marking classified
information are appropriately trained in the protection of classified
information in accordance with current federal standards and
requirements.
Impacts on Licensees: Impacts upon licensees from this final rule
will be minimal. Only the three 10 CFR part 70 licensees and one Part
76 Certificate holder, for which the NRC is the Cognizant Security
Agency (CSA), would be affected by the rule. A fourth 10 CFR part 70
licensee will be affected later this year when it becomes a possessor
of classified matter. Of those three, two already commit in their
internal procedures to annual security education briefings of all their
employees and are conducting initial and refresher training of their
employees who apply derivative classification markings more frequently
than every 2 years. The other licensee is conducting annual refresher
training and training its derivative classifiers at least every 2 years
but does not commit to those requirements in its security program. It
is estimated that there will be no one-time cost associated with
amending their licenses through security plan changes since the only
change is from three years to annually. Two of the three licensees have
contractors who possess classified information and therefore, have
their own independent security plans. It is estimated that there will
also be no one-time cost associated with amending their licenses
through security plan changes since the only change is from three years
to annually. Since the majority of the training is administered
electronically, there is little to no cost of preparing and
administering the training sessions. Those 10 CFR part 50 licensees who
only access classified information but do not possess it will be
impacted minimally from the increase in frequency of security education
briefings, since those licensees only have three to five employees who
are cleared to access classified information. The associated security
plan change would merely update the frequency of refresher training
from 3 years to annually. In addition, none of their employees are
derivative classifiers.
Impacts on the NRC: The primary impact on the NRC will be the
resources expended in conducting this rulemaking and reviewing the
amended security plans and programs. The staff time to review revisions
to security plans and programs to ensure commitment to the new
requirements is minimal. It is estimated that this will require no more
than 20 hours and will be accomplished by existing staff as part of
their normal workload.
Impacts on Other Stakeholders: The NRC staff has identified one
impact to other stakeholders. Those contractors that support licensees
who handle classified information but are not cleared for storage will
have to amend their security plans to change the frequency of refresher
training from 3 years to annually. These contractors are not required
to have derivative classifiers.
XI. Regulatory Flexibility Act Certification
Under the Regulatory Flexibility Act, 5 U.S.C 605(b), the
Commission certifies that this direct final rule amending 10 CFR part
95 does not have a significant economic impact on a substantial number
of small entities. This direct final rule applies to those licensees
who generate, receive, safeguard, and store National Security
Information or Restricted Data (as defined in 10 CFR part 95). The
requirements in this direct final rule apply to licensees who operate
power reactors as well as licensees operating fuel cycle facilities.
None of these licensees are ``small entities'' as defined in the
Regulatory Flexibility Act or the size standards established by the NRC
(10 CFR 2.810). This direct final rule also applies to contractors of
those licensees required to comply with this direct final rule who
generate, receive, safeguard, and store National Security Information
or Restricted Data (as defined in 10 CFR part 95), received or
developed in conjunction with activities licensed, certified, or
regulated by the Commission. Some of these contractors may be ``small
entities'' as defined in the Regulatory Flexibility Act or the NRC's
size standards. However, the impact on these contractors is not
significant because it is the licensees, not the contractors, who are
required to offer the training and absorb its costs.
XII. Backfitting
This direct final rule will apply to all NRC licensees who receive
or possess Classified National Security Information. The NRC has
determined that the modifications constitute backfitting as defined in
10 CFR 50.109 for power reactors, 10 CFR 76.76 for gaseous diffusion
plants, 10 CFR 72.62 for independent spent fuel storage installations
or monitored retrievable storage installations, and 10 CFR 70.76 for
special nuclear material licensees. Consequently, the NRC has prepared
the following backfit analysis. The Commission has determined that
there will be a substantial increase in the overall common defense and
security derived from the backfit, and that the direct and indirect
costs that will result from the implementation of the backfit are
justified.
[[Page 48041]]
A Statement of the Specific Objectives That the Backfit is Designed to
Achieve.
The Commission is amending its regulations at 10 CFR 95.33 to
update the frequency of training requirements applicable to licensees
in order to enhance the protection of classified information, and to
ensure that there is no discrepancy in the level of protection afforded
such information regardless of whether it is in the possession of the
NRC or of its licensees. The objective of the backfit is to ensure that
protection of Secret and Confidential National Security Information and
Restricted Data received or developed in conjunction with activities
licensed, certified, or regulated by the Commission, in the possession
of Commission licensees is enhanced and is as well protected as such
information would be if it was in the hands of the Commission itself.
A General Description of the Activity That Would Be Required of the
Licensee or the Applicant To Complete the Backfit.
Licensee personnel who apply derivative classification markings
will receive training in the proper application of the derivative
classification principles, with an emphasis on avoiding over-
classification, at least once every 2 years. In addition, licensees
will be required to provide some form of refresher security education
and training at least annually for all of its personnel who handle or
generate classified information.
The Potential Change in the Risk to the Public From the Accidental
Offsite Release of Radioactive Material.
None.
The Potential Impact on the Radiological Exposure of Facility
Employees.
None.
The Installation and Continuing Costs Associated With the Backfit,
Including the Cost of Facility Downtime or the Cost of Construction
Delay.
Impacts upon licensees from this direct final rule will be minimal.
There are only three 10 CFR part 70 licensees and one Part 76
Certificate holder who possess classified information. A fourth 10 CFR
part 70 licensee will be affected later this year when it becomes a
possessor of classified matter. Of those three, two already commit in
their internal procedures to annual security education briefings of all
their employees and are conducting initial and refresher training of
their employees who apply derivative classification markings more
frequently than every 2 years. The other licensee is conducting annual
refresher training and training its derivative classifiers at least
every 2 years but does not commit to those requirements in its security
program. It is estimated that there will be no one-time cost associated
with amending licenses through security plan changes since the only
change is from three years to annually. Two of the three licensees have
contractors who possess classified information and therefore, have
their own independent security plans. It is estimated that there will
also be no one-time cost associated with amending licenses through
security plan changes ranges since the only change is from three years
to annually. Since the majority of the training is administered
electronically, there is little to no cost of preparing and
administering the training sessions. Those 10 CFR part 50 licensees who
only access classified information but do not posses it will be
impacted minimally from the increase in frequency of security education
briefings since those licensees only have three to five employees who
are cleared for access to classified information. The associated
security plan change would merely update the frequency of refresher
training from 3 years to annually. In addition, none of their employees
are derivative classifiers.
The NRC staff has identified one impact to other stakeholders.
Those contractors that support licensees who handle classified
information but are not cleared for storage will have to amend their
security plans to change the frequency of refresher training from 3
years to annually. These contractors are not required to have
derivative classifiers.
The Potential Safety Impact of Changes in Plant or Operational
Complexity, Including the Relationship to Proposed and Existing
Regulatory Requirements.
None.
The Estimated Resource Burden on the NRC Associated With the Backfit
and the Availability of NRC Resources.
The primary impact on the NRC will be the resources expended in
conducting this rulemaking and reviewing the amended security plans and
programs. The staff time to review revisions to security plans to
ensure commitment to the new requirements is minimal.
The Potential Impact of Differences in Facility Type, Design, or Age on
the Relevance and Practicality of the Backfit.
None.
Whether the Backfit is Interim or Final and, if Interim, the
Justification for Imposing the Backfit on an Interim Basis.
The backfit is final.
XIII. Congressional Review Act
Under the Congressional Review Act of 1996, the NRC has determined
that this action is not a major rule and has verified this
determination with the Office of Information and Regulatory Affairs of
OMB.
List of Subjects in 10 CFR Part 95
Classified information, Criminal penalties, Reporting and
recordkeeping requirements, Security measures.
For the reasons set forth in the preamble and under the authority
of the Atomic Energy Act of 1954, as amended; the Energy Reorganization
Act of 1974, as amended; and 5 U.S.C. 552 and 553; the NRC is adopting
the following amendments to 10 CFR part 95.
PART 95--FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL
SECURITY INFORMATION AND RESTRICTED DATA
0
1. The authority citation for part 95 continues to read as follows:
Authority: Atomic Energy Act Secs. 145, 161, 223, 234 (42 U.S.C.
2165, 2201, 2273, 2282); Energy Reorganization Act sec. 201 (42
U.S.C.5841); Government Paperwork Elimination Act sec. 1704 (44
U.S.C. 3504 note); E.O. 10865, as amended, 3 CFR 1959-1963 Comp., p.
398 (50 U.S.C. 401, note); E.O. 12829, 3 CFR, 1993 Comp., p. 570; EO
13526, 3 CFR 2010 Comp., pp. 298-327; E.O. 12968, 3 CFR, 1995 Comp.,
p. 391; E.O. 13526, 3 CFR, 2010 Comp., p. 298.
0
2. Revise Sec. 95.33 to read as follows:
Sec. 95.33 Security education.
All cleared employees must be provided with security training and
briefings commensurate with their involvement with classified
information. The facility official(s) responsible for the program shall
determine the means and methods for providing security education and
training. A licensee or other entity subject to part 95 may obtain
defensive security, threat awareness, and other education and training
information and material from their Cognizant Security Agency (CSA) or
other appropriate sources.
[[Page 48042]]
(a) Facility Security Officer Training. Licensees or other entities
subject to part 95 are responsible for ensuring that the Facility
Security Officer, and other personnel performing security duties,
complete security training deemed appropriate by the CSA. Training
requirements must be based on the facility's involvement with
classified information and may include a Facility Security Officer
Orientation Course and, for Facility Security Officers at facilities
with safeguarding capability, a Facility Security Officer Program
Management Course. Training, if required, should be completed within 1
year of appointment to the position of Facility Security Officer.
(b) Government-Provided Briefings. The CSA is responsible for
providing initial security briefings to the Facility Security Officer,
and for ensuring that other briefings required for special categories
of information are provided.
(c) Temporary Help Suppliers. A temporary help supplier, or other
contractor who employs cleared individuals solely for dispatch
elsewhere, is responsible for ensuring that required briefings are
provided to their cleared personnel. The temporary help supplier or the
using licensee's, certificate holder's, or other person's facility may
conduct these briefings.
(d) Classified Information Nondisclosure Agreement (SF-312). The
SF-312 is an agreement between the United States and an individual who
is cleared for access to classified information. An employee issued an
initial access authorization must, in accordance with the requirements
of Sec. 25.23 of this chapter, execute an SF-312 before being granted
access to classified information. The Facility Security Officer shall
forward the executed SF-312 to the CSA for retention. If the employee
refuses to execute the SF-312, the licensee or other facility shall
deny the employee access to classified information and submit a report
to the CSA. The SF-312 must be signed and dated by the employee and
witnessed. The employee's and witness' signatures must bear the same
date.
(e) Access to Classified Information. Employees may have access to
classified information only if:
(1) A favorable determination of eligibility for access has been
made with respect to such employee by the CSA;
(2) The employee has signed an approved non-disclosure agreement;
and
(3) The employee has a need-to-know the information.
(f) Initial Security Briefings. Initial training shall be provided
to every employee who has met the standards for access to classified
information in accordance with paragraph (e) of this section before the
employee is granted access to classified information. The initial
training shall include the following topics:
(1) A Threat Awareness Briefing;
(2) A Defensive Security Briefing;
(3) An overview of the security classification system;
(4) Employee reporting obligations and requirements; and
(5) Security procedures and duties applicable to the employee's
job.
(g) Refresher Briefings. The licensee or other entities subject to
part 95 shall conduct refresher briefings for all cleared employees at
least annually. As a minimum, the refresher briefing must reinforce the
information provided during the initial briefing and inform employees
of appropriate changes in security regulations. This requirement may be
satisfied by use of audio/video materials and/or by issuing written
materials to cleared employees.
(h) Persons who apply derivative classification markings shall
receive training specific to the proper application of the derivative
classification principles of Executive Order 13526, Classified National
Security Information (75 FR 707; January 5, 2010), before derivatively
classifying information and at least once every 2 years thereafter.
(i) Debriefings. Licensee and other facilities shall debrief
cleared employees at the time of termination of employment (discharge,
resignation, or retirement); when an employee's access authorization is
terminated, suspended, or revoked; and upon termination of the Facility
Clearance.
(j) Records reflecting an individual's initial and refresher
security orientations and security termination must be maintained for 3
years after termination of the individual's access authorization.
Dated at Rockville, Maryland, this 23rd day of July, 2013.
For the Nuclear Regulatory Commission.
R. William Borchardt,
Executive Director for Operations.
[FR Doc. 2013-18947 Filed 8-6-13; 8:45 am]
BILLING CODE 7590-01-P