Controlled Unclassified Information Program, 62713-62714 [2021-24543]

Download as PDF 62713 Rules and Regulations Federal Register Vol. 86, No. 216 Friday, November 12, 2021 This section of the FEDERAL REGISTER contains regulatory documents having general applicability and legal effect, most of which are keyed to and codified in the Code of Federal Regulations, which is published under 50 titles pursuant to 44 U.S.C. 1510. The Code of Federal Regulations is sold by the Superintendent of Documents. NUCLEAR REGULATORY COMMISSION 10 CFR Chapter I [NRC–2021–0204] Controlled Unclassified Information Program Nuclear Regulatory Commission. ACTION: Policy statement; issuance. AGENCY: The U.S. Nuclear Regulatory Commission (NRC) is issuing this Statement of Policy to set forth its expectation regarding the treatment of controlled unclassified information (CUI). This final policy statement describes how the NRC will comply with regulations issued by the National Archives and Records Administration (NARA) that direct agencies to minimize the risk of unauthorized disclosure of controlled unclassified information while allowing timely access by authorized holders. This policy statement aligns with similar actions taken by other Federal agencies to communicate changes in agency CUI policy to align with NARA requirements. During the transition to the CUI program, all elements of the NRC’s existing Sensitive Unclassified Non-Safeguards Information (SUNSI) program will remain in place. DATES: The policy statement is effective on November 12, 2021. ADDRESSES: Please refer to Docket ID NRC–2021–0204 when contacting the NRC about the availability of information regarding this document. You may obtain publicly-available information related to this document using any of the following methods: • Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC–2021–0204. Address questions about NRC dockets to Dawn Forder; telephone: 301–415–3407; email: Dawn.Forder@nrc.gov. For technical questions, contact the individual listed in the FOR FURTHER lotter on DSK11XQN23PROD with RULES1 SUMMARY: VerDate Sep<11>2014 15:55 Nov 10, 2021 Jkt 256001 section of this document. • NRC’s Agencywide Documents Access and Management System (ADAMS): You may obtain publiclyavailable documents online in the ADAMS Public Documents collection at http://www.nrc.gov/reading-rm/ adams.html. To begin the search, select ‘‘Begin Web-based ADAMS Search.’’ For problems with ADAMS, please contact the NRC’s Public Document Room (PDR) reference staff at 1–800–397–4209, 301– 415–4737, or by email to pdr.resource@ nrc.gov. The ADAMS accession number for each document referenced (if it is available in ADAMS) is provided the first time that it is mentioned in this document. • Attention: The Public Document Room (PDR), where you may examine and order copies of public documents is currently closed. You may submit your request to the PDR via email at pdr.resource@nrc.gov or call 1–800– 397–4209 between 8:00 a.m. and 4:00 p.m. (EST), Monday through Friday, except Federal holidays. FOR FURTHER INFORMATION CONTACT: Tanya Mensah, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555–0001; telephone: 301–415– 3610, email: Tanya.Mensah@nrc.gov. SUPPLEMENTARY INFORMATION: INFORMATION CONTACT I. Background In November 2010, the President issued Executive Order (E.O.) 13556, ‘‘Controlled Unclassified Information (CUI),’’ to ‘‘establish an open and uniform program for managing unclassified information that requires safeguarding or dissemination controls.’’ According to the E.O., agency-specific approaches have created an inefficient and confusing patchwork system, resulting in inconsistent marking and safeguarding of information and unnecessarily restricted informationsharing. On September 14, 2016, the National Archives and Records Administration (NARA) published in the Federal Register a final CUI rule adding new part 2002 to title 32 of the Code of Federal Regulations (32 CFR) (81 FR 63324). The CUI rule went into effect on November 14, 2016, and established requirements for CUI designation, safeguarding, dissemination, marking, decontrolling, destruction, incident management, self- PO 00000 Frm 00001 Fmt 4700 Sfmt 4700 inspection, and oversight across the executive branch. The CUI rule applies directly to Federal executive branch agencies, including the NRC, and the rule’s primary function is to define how the CUI program will be implemented within these agencies. Controlled unclassified information does not include Classified National Security Information that has been classified pursuant to E.O. 13526 or the Atomic Energy Act of 1954 (AEA), as amended, or information a non-executive branch entity (e.g., contractors, licensees, Agreement States,1 intervenors) possesses and maintains in its own systems that did not come from, or was not created or possessed by or for, an executive branch agency or an entity acting for such an agency. However, the CUI rule can apply indirectly, through information-sharing agreements, to nonexecutive branch entities that are provided access to information that has been designated as CUI. II. Statement of Policy In November 2010, the President issued E.O. 13556, ‘‘Controlled Unclassified Information (CUI),’’ to ‘‘establish an open and uniform program for managing unclassified information that requires safeguarding or dissemination controls.’’ On September 14, 2016, NARA published 32 CFR part 2002 in the Federal Register (81 FR 63324). It is the Commission’s policy that the NRC will comply with 32 CFR part 2002, ‘‘Controlled Unclassified Information (CUI)’’ (CUI rule), in order to minimize the risk of unauthorized disclosure of CUI while allowing timely access by authorized holders. The CUI rule went into effect on November 14, 2016. It defines CUI as information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls. The CUI rule established requirements for CUI designation, safeguarding, dissemination, marking, decontrolling, destruction, incident management, self1 Agreement States are States that have entered into formal agreements with the NRC, pursuant to Section 274 of the AEA, to regulate certain quantities of AEA material at facilities located within their borders. E:\FR\FM\12NOR1.SGM 12NOR1 lotter on DSK11XQN23PROD with RULES1 62714 Federal Register / Vol. 86, No. 216 / Friday, November 12, 2021 / Rules and Regulations inspection, and oversight across the executive branch. The CUI rule identifies NARA as the Executive Agent responsible for implementing E.O. 13556 and overseeing agency actions to ensure compliance with the E.O., the CUI rule, and the CUI registry. The CUI registry is an online repository located on the NARA website (https:// www.archives.gov/cui) which, among other information, identifies all approved CUI categories, provides general descriptions for each, identifies the basis for controls, establishes markings, and includes guidance on handling procedures. The categories within the CUI registry serve as the exclusive designations for identifying CUI. The CUI program at the NRC will replace the SUNSI program and will also include, within its scope, Safeguards Information (SGI) and Safeguards Information—Modified Handling. Section 147 of the AEA, as amended, provides NRC with the statutory authority to prohibit the unauthorized disclosure of SGI. Even though SGI is a form of CUI under the CUI rule, specific controls found in part 73 of title 10 of the Code of Federal Regulations, ‘‘Physical Protection of Plants and Materials,’’ continue to apply to SGI. The NRC recognizes that the CUI rule could alter how information is shared between the agency and external parties, including licensees, applicants, Agreement and non-Agreement States, and others. The NRC is committed to avoiding unintended consequences that unnecessarily increase the burden on external stakeholders while also maintaining adequate protective measures for CUI. The CUI program is separate from the Classified National Security Information program. While the two programs may share similar language and some similar requirements, the CUI program’s requirements for designating, protecting, accessing, sharing, and decontrolling information, as well as the repercussions for misuse, differ from those for the Classified National Security Information program. The CUI program does not change NRC policy and practices in responding to a Freedom of Information Act (FOIA) request. Marking and designating information as CUI does not preclude information from release under the FOIA or preclude it from otherwise being considered for public release. The staff must still review the information and apply FOIA exemptions appropriately. VerDate Sep<11>2014 15:55 Nov 10, 2021 Jkt 256001 While the NRC transitions to the CUI program, all elements of the NRC’s SUNSI program will remain in place. If NRC employees or contractors receive CUI before the implementation of the CUI program at the NRC, they will continue to follow current NRC guidance to protect sensitive information. Key Elements of the CUI Program (1) The NRC’s CUI Program Office: The NRC’s CUI Senior Agency Official (SAO) is responsible for planning, directing, and overseeing the implementation of a comprehensive, coordinated, integrated, efficient, and cost-effective NRC CUI program, consistent with applicable laws, regulations, and Commission direction and policies. The SAO’s duties are assigned to the Director, Governance and Enterprise Management Services Division, in the Office of the Chief Information Officer. (2) Applicability: This policy applies to all NRC employees and contractors. The CUI rule also may apply indirectly through information-sharing agreements to persons or entities that are provided access to information that has been designated as CUI. In accordance with the CUI rule, the NRC’s CUI program will contain the following elements: • Safeguarding standards, including for marking, physical protection, and destruction; • Information technology and cybersecurity control standards; • Access and dissemination standards, including, where feasible, agreements with external parties for sharing information; • Training; • Processes for decontrolling information, issuing waivers, managing incidents, and challenging designations of information as CUI; and • A self-inspection and corrective action program. Management Directive 12.6, ‘‘NRC Controlled Unclassified Information Program,’’ will provide detailed guidance to NRC staff and contractors for the handling, marking, protecting, sharing, destroying, and decontrolling of CUI. Dated: November 4, 2021. For the Nuclear Regulatory Commission. Annette Vietti-Cook, Secretary of the Commission. [FR Doc. 2021–24543 Filed 11–10–21; 8:45 am] BILLING CODE 7590–01–P PO 00000 Frm 00002 Fmt 4700 Sfmt 4700 DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 39 [Docket No. FAA–2021–0620; Project Identifier 2019–SW–074–AD; Amendment 39–21766; AD 2021–21–06] RIN 2120–AA64 Airworthiness Directives; He´licopte`res Guimbal Helicopters Federal Aviation Administration (FAA), DOT. ACTION: Final rule. AGENCY: The FAA is adopting a new airworthiness directive (AD) for He´licopte`res Guimbal (HG) Model Cabri G2 helicopters with certain partnumbered aluminum cooling fans (cooling fan) installed. This AD was prompted by a report of an occurrence of an in-flight shutdown due to a crack and subsequent failure of the cooling fan. This AD requires removing certain part-numbered cooling fans from service, or modifying certain partnumbered cooling fans before exceeding a certain total hours time-in-service (TIS), and installing newly designed cooling fans. This AD also prohibits installing any affected cooling fan on any helicopter. The FAA is issuing this AD to address the unsafe condition on these products. DATES: This AD is effective December 17, 2021. The Director of the Federal Register approved the incorporation by reference of a certain document listed in this AD as of December 17, 2021. ADDRESSES: For service information identified in this final rule, contact He´licopte`res Guimbal, Basile Ginel, 1070, rue du Lieutenant Parayre, Ae´rodrome d’Aix-en-Provence, 13290 Les Milles, France; telephone 33–04– 42–39–10–88; email basile.ginel@ guimbal.com; web https:// www.guimbal.com. You may view the referenced service information at the FAA, Office of the Regional Counsel, Southwest Region, 10101 Hillwood Pkwy., Room 6N–321, Fort Worth, TX 76177. For information on the availability of this material at the FAA, call (817) 222–5110. Service information that is incorporated by reference is also available at https://www.regulations.gov by searching for and locating Docket No. FAA–2021–0620. SUMMARY: Examining the AD Docket You may examine the AD docket at https://www.regulations.gov by searching for and locating Docket No. E:\FR\FM\12NOR1.SGM 12NOR1

Agencies

[Federal Register Volume 86, Number 216 (Friday, November 12, 2021)]
[Rules and Regulations]
[Pages 62713-62714]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-24543]



========================================================================
Rules and Regulations
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains regulatory documents 
having general applicability and legal effect, most of which are keyed 
to and codified in the Code of Federal Regulations, which is published 
under 50 titles pursuant to 44 U.S.C. 1510.

The Code of Federal Regulations is sold by the Superintendent of Documents. 

========================================================================


Federal Register / Vol. 86, No. 216 / Friday, November 12, 2021 / 
Rules and Regulations

[[Page 62713]]



NUCLEAR REGULATORY COMMISSION

10 CFR Chapter I

[NRC-2021-0204]


Controlled Unclassified Information Program

AGENCY: Nuclear Regulatory Commission.

ACTION: Policy statement; issuance.

-----------------------------------------------------------------------

SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is issuing this 
Statement of Policy to set forth its expectation regarding the 
treatment of controlled unclassified information (CUI). This final 
policy statement describes how the NRC will comply with regulations 
issued by the National Archives and Records Administration (NARA) that 
direct agencies to minimize the risk of unauthorized disclosure of 
controlled unclassified information while allowing timely access by 
authorized holders. This policy statement aligns with similar actions 
taken by other Federal agencies to communicate changes in agency CUI 
policy to align with NARA requirements. During the transition to the 
CUI program, all elements of the NRC's existing Sensitive Unclassified 
Non-Safeguards Information (SUNSI) program will remain in place.

DATES: The policy statement is effective on November 12, 2021.

ADDRESSES: Please refer to Docket ID NRC-2021-0204 when contacting the 
NRC about the availability of information regarding this document. You 
may obtain publicly-available information related to this document 
using any of the following methods:
     Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC-2021-0204. Address 
questions about NRC dockets to Dawn Forder; telephone: 301-415-3407; 
email: [email protected]. For technical questions, contact the 
individual listed in the FOR FURTHER INFORMATION CONTACT section of 
this document.
     NRC's Agencywide Documents Access and Management System 
(ADAMS): You may obtain publicly-available documents online in the 
ADAMS Public Documents collection at http://www.nrc.gov/reading-rm/adams.html. To begin the search, select ``Begin Web-based ADAMS 
Search.'' For problems with ADAMS, please contact the NRC's Public 
Document Room (PDR) reference staff at 1-800-397-4209, 301-415-4737, or 
by email to [email protected]. The ADAMS accession number for each 
document referenced (if it is available in ADAMS) is provided the first 
time that it is mentioned in this document.
     Attention: The Public Document Room (PDR), where you may 
examine and order copies of public documents is currently closed. You 
may submit your request to the PDR via email at [email protected] or 
call 1-800-397-4209 between 8:00 a.m. and 4:00 p.m. (EST), Monday 
through Friday, except Federal holidays.

FOR FURTHER INFORMATION CONTACT: Tanya Mensah, Office of the Chief 
Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 
20555-0001; telephone: 301-415-3610, email: [email protected].

SUPPLEMENTARY INFORMATION:

I. Background

    In November 2010, the President issued Executive Order (E.O.) 
13556, ``Controlled Unclassified Information (CUI),'' to ``establish an 
open and uniform program for managing unclassified information that 
requires safeguarding or dissemination controls.'' According to the 
E.O., agency-specific approaches have created an inefficient and 
confusing patchwork system, resulting in inconsistent marking and 
safeguarding of information and unnecessarily restricted information-
sharing. On September 14, 2016, the National Archives and Records 
Administration (NARA) published in the Federal Register a final CUI 
rule adding new part 2002 to title 32 of the Code of Federal 
Regulations (32 CFR) (81 FR 63324). The CUI rule went into effect on 
November 14, 2016, and established requirements for CUI designation, 
safeguarding, dissemination, marking, decontrolling, destruction, 
incident management, self-inspection, and oversight across the 
executive branch. The CUI rule applies directly to Federal executive 
branch agencies, including the NRC, and the rule's primary function is 
to define how the CUI program will be implemented within these 
agencies. Controlled unclassified information does not include 
Classified National Security Information that has been classified 
pursuant to E.O. 13526 or the Atomic Energy Act of 1954 (AEA), as 
amended, or information a non-executive branch entity (e.g., 
contractors, licensees, Agreement States,\1\ intervenors) possesses and 
maintains in its own systems that did not come from, or was not created 
or possessed by or for, an executive branch agency or an entity acting 
for such an agency. However, the CUI rule can apply indirectly, through 
information-sharing agreements, to non-executive branch entities that 
are provided access to information that has been designated as CUI.
---------------------------------------------------------------------------

    \1\ Agreement States are States that have entered into formal 
agreements with the NRC, pursuant to Section 274 of the AEA, to 
regulate certain quantities of AEA material at facilities located 
within their borders.
---------------------------------------------------------------------------

II. Statement of Policy

    In November 2010, the President issued E.O. 13556, ``Controlled 
Unclassified Information (CUI),'' to ``establish an open and uniform 
program for managing unclassified information that requires 
safeguarding or dissemination controls.'' On September 14, 2016, NARA 
published 32 CFR part 2002 in the Federal Register (81 FR 63324). It is 
the Commission's policy that the NRC will comply with 32 CFR part 2002, 
``Controlled Unclassified Information (CUI)'' (CUI rule), in order to 
minimize the risk of unauthorized disclosure of CUI while allowing 
timely access by authorized holders.
    The CUI rule went into effect on November 14, 2016. It defines CUI 
as information the Government creates or possesses, or that an entity 
creates or possesses for or on behalf of the Government, that a law, 
regulation, or Government-wide policy requires or permits an agency to 
handle using safeguarding or dissemination controls. The CUI rule 
established requirements for CUI designation, safeguarding, 
dissemination, marking, decontrolling, destruction, incident 
management, self-

[[Page 62714]]

inspection, and oversight across the executive branch.
    The CUI rule identifies NARA as the Executive Agent responsible for 
implementing E.O. 13556 and overseeing agency actions to ensure 
compliance with the E.O., the CUI rule, and the CUI registry. The CUI 
registry is an online repository located on the NARA website (https://www.archives.gov/cui) which, among other information, identifies all 
approved CUI categories, provides general descriptions for each, 
identifies the basis for controls, establishes markings, and includes 
guidance on handling procedures. The categories within the CUI registry 
serve as the exclusive designations for identifying CUI.
    The CUI program at the NRC will replace the SUNSI program and will 
also include, within its scope, Safeguards Information (SGI) and 
Safeguards Information--Modified Handling. Section 147 of the AEA, as 
amended, provides NRC with the statutory authority to prohibit the 
unauthorized disclosure of SGI. Even though SGI is a form of CUI under 
the CUI rule, specific controls found in part 73 of title 10 of the 
Code of Federal Regulations, ``Physical Protection of Plants and 
Materials,'' continue to apply to SGI.
    The NRC recognizes that the CUI rule could alter how information is 
shared between the agency and external parties, including licensees, 
applicants, Agreement and non-Agreement States, and others. The NRC is 
committed to avoiding unintended consequences that unnecessarily 
increase the burden on external stakeholders while also maintaining 
adequate protective measures for CUI.
    The CUI program is separate from the Classified National Security 
Information program. While the two programs may share similar language 
and some similar requirements, the CUI program's requirements for 
designating, protecting, accessing, sharing, and decontrolling 
information, as well as the repercussions for misuse, differ from those 
for the Classified National Security Information program.
    The CUI program does not change NRC policy and practices in 
responding to a Freedom of Information Act (FOIA) request. Marking and 
designating information as CUI does not preclude information from 
release under the FOIA or preclude it from otherwise being considered 
for public release. The staff must still review the information and 
apply FOIA exemptions appropriately.
    While the NRC transitions to the CUI program, all elements of the 
NRC's SUNSI program will remain in place. If NRC employees or 
contractors receive CUI before the implementation of the CUI program at 
the NRC, they will continue to follow current NRC guidance to protect 
sensitive information.

Key Elements of the CUI Program

    (1) The NRC's CUI Program Office: The NRC's CUI Senior Agency 
Official (SAO) is responsible for planning, directing, and overseeing 
the implementation of a comprehensive, coordinated, integrated, 
efficient, and cost-effective NRC CUI program, consistent with 
applicable laws, regulations, and Commission direction and policies. 
The SAO's duties are assigned to the Director, Governance and 
Enterprise Management Services Division, in the Office of the Chief 
Information Officer.
    (2) Applicability: This policy applies to all NRC employees and 
contractors. The CUI rule also may apply indirectly through 
information-sharing agreements to persons or entities that are provided 
access to information that has been designated as CUI.
    In accordance with the CUI rule, the NRC's CUI program will contain 
the following elements:
     Safeguarding standards, including for marking, physical 
protection, and destruction;
     Information technology and cybersecurity control 
standards;
     Access and dissemination standards, including, where 
feasible, agreements with external parties for sharing information;
     Training;
     Processes for decontrolling information, issuing waivers, 
managing incidents, and challenging designations of information as CUI; 
and
     A self-inspection and corrective action program.
    Management Directive 12.6, ``NRC Controlled Unclassified 
Information Program,'' will provide detailed guidance to NRC staff and 
contractors for the handling, marking, protecting, sharing, destroying, 
and decontrolling of CUI.

    Dated: November 4, 2021.

    For the Nuclear Regulatory Commission.
Annette Vietti-Cook,
Secretary of the Commission.
[FR Doc. 2021-24543 Filed 11-10-21; 8:45 am]
BILLING CODE 7590-01-P