Controlled Unclassified Information Program, 62713-62714 [2021-24543]
Download as PDF
<![CDATA[
62713
Rules and Regulations
Federal Register
Vol. 86, No. 216
Friday, November 12, 2021
This section of the FEDERAL REGISTER
contains regulatory documents having general
applicability and legal effect, most of which
are keyed to and codified in the Code of
Federal Regulations, which is published under
50 titles pursuant to 44 U.S.C. 1510.
The Code of Federal Regulations is sold by
the Superintendent of Documents.
NUCLEAR REGULATORY
COMMISSION
10 CFR Chapter I
[NRC–2021–0204]
Controlled Unclassified Information
Program
Nuclear Regulatory
Commission.
ACTION: Policy statement; issuance.
AGENCY:
The U.S. Nuclear Regulatory
Commission (NRC) is issuing this
Statement of Policy to set forth its
expectation regarding the treatment of
controlled unclassified information
(CUI). This final policy statement
describes how the NRC will comply
with regulations issued by the National
Archives and Records Administration
(NARA) that direct agencies to minimize
the risk of unauthorized disclosure of
controlled unclassified information
while allowing timely access by
authorized holders. This policy
statement aligns with similar actions
taken by other Federal agencies to
communicate changes in agency CUI
policy to align with NARA
requirements. During the transition to
the CUI program, all elements of the
NRC’s existing Sensitive Unclassified
Non-Safeguards Information (SUNSI)
program will remain in place.
DATES: The policy statement is effective
on November 12, 2021.
ADDRESSES: Please refer to Docket ID
NRC–2021–0204 when contacting the
NRC about the availability of
information regarding this document.
You may obtain publicly-available
information related to this document
using any of the following methods:
• Federal Rulemaking Website: Go to
https://www.regulations.gov and search
for Docket ID NRC–2021–0204. Address
questions about NRC dockets to Dawn
Forder; telephone: 301–415–3407;
email: Dawn.Forder@nrc.gov. For
technical questions, contact the
individual listed in the FOR FURTHER
lotter on DSK11XQN23PROD with RULES1
SUMMARY:
VerDate Sep<11>2014
15:55 Nov 10, 2021
Jkt 256001
section of this
document.
• NRC’s Agencywide Documents
Access and Management System
(ADAMS): You may obtain publiclyavailable documents online in the
ADAMS Public Documents collection at
https://www.nrc.gov/reading-rm/
adams.html. To begin the search, select
‘‘Begin Web-based ADAMS Search.’’ For
problems with ADAMS, please contact
the NRC’s Public Document Room (PDR)
reference staff at 1–800–397–4209, 301–
415–4737, or by email to pdr.resource@
nrc.gov. The ADAMS accession number
for each document referenced (if it is
available in ADAMS) is provided the
first time that it is mentioned in this
document.
• Attention: The Public Document
Room (PDR), where you may examine
and order copies of public documents is
currently closed. You may submit your
request to the PDR via email at
pdr.resource@nrc.gov or call 1–800–
397–4209 between 8:00 a.m. and 4:00
p.m. (EST), Monday through Friday,
except Federal holidays.
FOR FURTHER INFORMATION CONTACT:
Tanya Mensah, Office of the Chief
Information Officer, U.S. Nuclear
Regulatory Commission, Washington,
DC 20555–0001; telephone: 301–415–
3610, email: Tanya.Mensah@nrc.gov.
SUPPLEMENTARY INFORMATION:
INFORMATION CONTACT
I. Background
In November 2010, the President
issued Executive Order (E.O.) 13556,
‘‘Controlled Unclassified Information
(CUI),’’ to ‘‘establish an open and
uniform program for managing
unclassified information that requires
safeguarding or dissemination controls.’’
According to the E.O., agency-specific
approaches have created an inefficient
and confusing patchwork system,
resulting in inconsistent marking and
safeguarding of information and
unnecessarily restricted informationsharing. On September 14, 2016, the
National Archives and Records
Administration (NARA) published in
the Federal Register a final CUI rule
adding new part 2002 to title 32 of the
Code of Federal Regulations (32 CFR)
(81 FR 63324). The CUI rule went into
effect on November 14, 2016, and
established requirements for CUI
designation, safeguarding,
dissemination, marking, decontrolling,
destruction, incident management, self-
PO 00000
Frm 00001
Fmt 4700
Sfmt 4700
inspection, and oversight across the
executive branch. The CUI rule applies
directly to Federal executive branch
agencies, including the NRC, and the
rule’s primary function is to define how
the CUI program will be implemented
within these agencies. Controlled
unclassified information does not
include Classified National Security
Information that has been classified
pursuant to E.O. 13526 or the Atomic
Energy Act of 1954 (AEA), as amended,
or information a non-executive branch
entity (e.g., contractors, licensees,
Agreement States,1 intervenors)
possesses and maintains in its own
systems that did not come from, or was
not created or possessed by or for, an
executive branch agency or an entity
acting for such an agency. However, the
CUI rule can apply indirectly, through
information-sharing agreements, to nonexecutive branch entities that are
provided access to information that has
been designated as CUI.
II. Statement of Policy
In November 2010, the President
issued E.O. 13556, ‘‘Controlled
Unclassified Information (CUI),’’ to
‘‘establish an open and uniform program
for managing unclassified information
that requires safeguarding or
dissemination controls.’’ On September
14, 2016, NARA published 32 CFR part
2002 in the Federal Register (81 FR
63324). It is the Commission’s policy
that the NRC will comply with 32 CFR
part 2002, ‘‘Controlled Unclassified
Information (CUI)’’ (CUI rule), in order
to minimize the risk of unauthorized
disclosure of CUI while allowing timely
access by authorized holders.
The CUI rule went into effect on
November 14, 2016. It defines CUI as
information the Government creates or
possesses, or that an entity creates or
possesses for or on behalf of the
Government, that a law, regulation, or
Government-wide policy requires or
permits an agency to handle using
safeguarding or dissemination controls.
The CUI rule established requirements
for CUI designation, safeguarding,
dissemination, marking, decontrolling,
destruction, incident management, self1 Agreement States are States that have entered
into formal agreements with the NRC, pursuant to
Section 274 of the AEA, to regulate certain
quantities of AEA material at facilities located
within their borders.
E:\FR\FM\12NOR1.SGM
12NOR1
lotter on DSK11XQN23PROD with RULES1
62714
Federal Register / Vol. 86, No. 216 / Friday, November 12, 2021 / Rules and Regulations
inspection, and oversight across the
executive branch.
The CUI rule identifies NARA as the
Executive Agent responsible for
implementing E.O. 13556 and
overseeing agency actions to ensure
compliance with the E.O., the CUI rule,
and the CUI registry. The CUI registry is
an online repository located on the
NARA website (https://
www.archives.gov/cui) which, among
other information, identifies all
approved CUI categories, provides
general descriptions for each, identifies
the basis for controls, establishes
markings, and includes guidance on
handling procedures. The categories
within the CUI registry serve as the
exclusive designations for identifying
CUI.
The CUI program at the NRC will
replace the SUNSI program and will
also include, within its scope,
Safeguards Information (SGI) and
Safeguards Information—Modified
Handling. Section 147 of the AEA, as
amended, provides NRC with the
statutory authority to prohibit the
unauthorized disclosure of SGI. Even
though SGI is a form of CUI under the
CUI rule, specific controls found in part
73 of title 10 of the Code of Federal
Regulations, ‘‘Physical Protection of
Plants and Materials,’’ continue to apply
to SGI.
The NRC recognizes that the CUI rule
could alter how information is shared
between the agency and external parties,
including licensees, applicants,
Agreement and non-Agreement States,
and others. The NRC is committed to
avoiding unintended consequences that
unnecessarily increase the burden on
external stakeholders while also
maintaining adequate protective
measures for CUI.
The CUI program is separate from the
Classified National Security Information
program. While the two programs may
share similar language and some similar
requirements, the CUI program’s
requirements for designating, protecting,
accessing, sharing, and decontrolling
information, as well as the
repercussions for misuse, differ from
those for the Classified National
Security Information program.
The CUI program does not change
NRC policy and practices in responding
to a Freedom of Information Act (FOIA)
request. Marking and designating
information as CUI does not preclude
information from release under the
FOIA or preclude it from otherwise
being considered for public release. The
staff must still review the information
and apply FOIA exemptions
appropriately.
VerDate Sep<11>2014
15:55 Nov 10, 2021
Jkt 256001
While the NRC transitions to the CUI
program, all elements of the NRC’s
SUNSI program will remain in place. If
NRC employees or contractors receive
CUI before the implementation of the
CUI program at the NRC, they will
continue to follow current NRC
guidance to protect sensitive
information.
Key Elements of the CUI Program
(1) The NRC’s CUI Program Office:
The NRC’s CUI Senior Agency Official
(SAO) is responsible for planning,
directing, and overseeing the
implementation of a comprehensive,
coordinated, integrated, efficient, and
cost-effective NRC CUI program,
consistent with applicable laws,
regulations, and Commission direction
and policies. The SAO’s duties are
assigned to the Director, Governance
and Enterprise Management Services
Division, in the Office of the Chief
Information Officer.
(2) Applicability: This policy applies
to all NRC employees and contractors.
The CUI rule also may apply indirectly
through information-sharing agreements
to persons or entities that are provided
access to information that has been
designated as CUI.
In accordance with the CUI rule, the
NRC’s CUI program will contain the
following elements:
• Safeguarding standards, including
for marking, physical protection, and
destruction;
• Information technology and
cybersecurity control standards;
• Access and dissemination
standards, including, where feasible,
agreements with external parties for
sharing information;
• Training;
• Processes for decontrolling
information, issuing waivers, managing
incidents, and challenging designations
of information as CUI; and
• A self-inspection and corrective
action program.
Management Directive 12.6, ‘‘NRC
Controlled Unclassified Information
Program,’’ will provide detailed
guidance to NRC staff and contractors
for the handling, marking, protecting,
sharing, destroying, and decontrolling of
CUI.
Dated: November 4, 2021.
For the Nuclear Regulatory Commission.
Annette Vietti-Cook,
Secretary of the Commission.
[FR Doc. 2021–24543 Filed 11–10–21; 8:45 am]
BILLING CODE 7590–01–P
PO 00000
Frm 00002
Fmt 4700
Sfmt 4700
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 39
[Docket No. FAA–2021–0620; Project
Identifier 2019–SW–074–AD; Amendment
39–21766; AD 2021–21–06]
RIN 2120–AA64
Airworthiness Directives; He´licopte`res
Guimbal Helicopters
Federal Aviation
Administration (FAA), DOT.
ACTION: Final rule.
AGENCY:
The FAA is adopting a new
airworthiness directive (AD) for
He´licopte`res Guimbal (HG) Model Cabri
G2 helicopters with certain partnumbered aluminum cooling fans
(cooling fan) installed. This AD was
prompted by a report of an occurrence
of an in-flight shutdown due to a crack
and subsequent failure of the cooling
fan. This AD requires removing certain
part-numbered cooling fans from
service, or modifying certain partnumbered cooling fans before exceeding
a certain total hours time-in-service
(TIS), and installing newly designed
cooling fans. This AD also prohibits
installing any affected cooling fan on
any helicopter. The FAA is issuing this
AD to address the unsafe condition on
these products.
DATES: This AD is effective December
17, 2021.
The Director of the Federal Register
approved the incorporation by reference
of a certain document listed in this AD
as of December 17, 2021.
ADDRESSES: For service information
identified in this final rule, contact
He´licopte`res Guimbal, Basile Ginel,
1070, rue du Lieutenant Parayre,
Ae´rodrome d’Aix-en-Provence, 13290
Les Milles, France; telephone 33–04–
42–39–10–88; email basile.ginel@
guimbal.com; web https://
www.guimbal.com. You may view the
referenced service information at the
FAA, Office of the Regional Counsel,
Southwest Region, 10101 Hillwood
Pkwy., Room 6N–321, Fort Worth, TX
76177. For information on the
availability of this material at the FAA,
call (817) 222–5110. Service information
that is incorporated by reference is also
available at https://www.regulations.gov
by searching for and locating Docket No.
FAA–2021–0620.
SUMMARY:
Examining the AD Docket
You may examine the AD docket at
https://www.regulations.gov by
searching for and locating Docket No.
E:\FR\FM\12NOR1.SGM
12NOR1
]]>Agencies
[Federal Register Volume 86, Number 216 (Friday, November 12, 2021)]
[Rules and Regulations]
[Pages 62713-62714]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-24543]
�========================================================================
�Rules and Regulations
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains regulatory documents
�having general applicability and legal effect, most of which are keyed
�to and codified in the Code of Federal Regulations, which is published
�under 50 titles pursuant to 44 U.S.C. 1510.
�
�The Code of Federal Regulations is sold by the Superintendent of Documents.
�
�========================================================================
�
��Federal Register / Vol. 86, No. 216 / Friday, November 12, 2021 /
Rules and Regulations��
[[Page 62713]]
NUCLEAR REGULATORY COMMISSION
10 CFR Chapter I
[NRC-2021-0204]
Controlled Unclassified Information Program
AGENCY: Nuclear Regulatory Commission.
ACTION: Policy statement; issuance.
-----------------------------------------------------------------------
SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is issuing this
Statement of Policy to set forth its expectation regarding the
treatment of controlled unclassified information (CUI). This final
policy statement describes how the NRC will comply with regulations
issued by the National Archives and Records Administration (NARA) that
direct agencies to minimize the risk of unauthorized disclosure of
controlled unclassified information while allowing timely access by
authorized holders. This policy statement aligns with similar actions
taken by other Federal agencies to communicate changes in agency CUI
policy to align with NARA requirements. During the transition to the
CUI program, all elements of the NRC's existing Sensitive Unclassified
Non-Safeguards Information (SUNSI) program will remain in place.
DATES: The policy statement is effective on November 12, 2021.
ADDRESSES: Please refer to Docket ID NRC-2021-0204 when contacting the
NRC about the availability of information regarding this document. You
may obtain publicly-available information related to this document
using any of the following methods:
Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC-2021-0204. Address
questions about NRC dockets to Dawn Forder; telephone: 301-415-3407;
email: [email protected]. For technical questions, contact the
individual listed in the FOR FURTHER INFORMATION CONTACT section of
this document.
NRC's Agencywide Documents Access and Management System
(ADAMS): You may obtain publicly-available documents online in the
ADAMS Public Documents collection at https://www.nrc.gov/reading-rm/adams.html. To begin the search, select ``Begin Web-based ADAMS
Search.'' For problems with ADAMS, please contact the NRC's Public
Document Room (PDR) reference staff at 1-800-397-4209, 301-415-4737, or
by email to [email protected]. The ADAMS accession number for each
document referenced (if it is available in ADAMS) is provided the first
time that it is mentioned in this document.
Attention: The Public Document Room (PDR), where you may
examine and order copies of public documents is currently closed. You
may submit your request to the PDR via email at [email protected] or
call 1-800-397-4209 between 8:00 a.m. and 4:00 p.m. (EST), Monday
through Friday, except Federal holidays.
FOR FURTHER INFORMATION CONTACT: Tanya Mensah, Office of the Chief
Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC
20555-0001; telephone: 301-415-3610, email: [email protected].
SUPPLEMENTARY INFORMATION:
I. Background
In November 2010, the President issued Executive Order (E.O.)
13556, ``Controlled Unclassified Information (CUI),'' to ``establish an
open and uniform program for managing unclassified information that
requires safeguarding or dissemination controls.'' According to the
E.O., agency-specific approaches have created an inefficient and
confusing patchwork system, resulting in inconsistent marking and
safeguarding of information and unnecessarily restricted information-
sharing. On September 14, 2016, the National Archives and Records
Administration (NARA) published in the Federal Register a final CUI
rule adding new part 2002 to title 32 of the Code of Federal
Regulations (32 CFR) (81 FR 63324). The CUI rule went into effect on
November 14, 2016, and established requirements for CUI designation,
safeguarding, dissemination, marking, decontrolling, destruction,
incident management, self-inspection, and oversight across the
executive branch. The CUI rule applies directly to Federal executive
branch agencies, including the NRC, and the rule's primary function is
to define how the CUI program will be implemented within these
agencies. Controlled unclassified information does not include
Classified National Security Information that has been classified
pursuant to E.O. 13526 or the Atomic Energy Act of 1954 (AEA), as
amended, or information a non-executive branch entity (e.g.,
contractors, licensees, Agreement States,\1\ intervenors) possesses and
maintains in its own systems that did not come from, or was not created
or possessed by or for, an executive branch agency or an entity acting
for such an agency. However, the CUI rule can apply indirectly, through
information-sharing agreements, to non-executive branch entities that
are provided access to information that has been designated as CUI.
---------------------------------------------------------------------------
\1\ Agreement States are States that have entered into formal
agreements with the NRC, pursuant to Section 274 of the AEA, to
regulate certain quantities of AEA material at facilities located
within their borders.
---------------------------------------------------------------------------
II. Statement of Policy
In November 2010, the President issued E.O. 13556, ``Controlled
Unclassified Information (CUI),'' to ``establish an open and uniform
program for managing unclassified information that requires
safeguarding or dissemination controls.'' On September 14, 2016, NARA
published 32 CFR part 2002 in the Federal Register (81 FR 63324). It is
the Commission's policy that the NRC will comply with 32 CFR part 2002,
``Controlled Unclassified Information (CUI)'' (CUI rule), in order to
minimize the risk of unauthorized disclosure of CUI while allowing
timely access by authorized holders.
The CUI rule went into effect on November 14, 2016. It defines CUI
as information the Government creates or possesses, or that an entity
creates or possesses for or on behalf of the Government, that a law,
regulation, or Government-wide policy requires or permits an agency to
handle using safeguarding or dissemination controls. The CUI rule
established requirements for CUI designation, safeguarding,
dissemination, marking, decontrolling, destruction, incident
management, self-
[[Page 62714]]
inspection, and oversight across the executive branch.
The CUI rule identifies NARA as the Executive Agent responsible for
implementing E.O. 13556 and overseeing agency actions to ensure
compliance with the E.O., the CUI rule, and the CUI registry. The CUI
registry is an online repository located on the NARA website (https://www.archives.gov/cui) which, among other information, identifies all
approved CUI categories, provides general descriptions for each,
identifies the basis for controls, establishes markings, and includes
guidance on handling procedures. The categories within the CUI registry
serve as the exclusive designations for identifying CUI.
The CUI program at the NRC will replace the SUNSI program and will
also include, within its scope, Safeguards Information (SGI) and
Safeguards Information--Modified Handling. Section 147 of the AEA, as
amended, provides NRC with the statutory authority to prohibit the
unauthorized disclosure of SGI. Even though SGI is a form of CUI under
the CUI rule, specific controls found in part 73 of title 10 of the
Code of Federal Regulations, ``Physical Protection of Plants and
Materials,'' continue to apply to SGI.
The NRC recognizes that the CUI rule could alter how information is
shared between the agency and external parties, including licensees,
applicants, Agreement and non-Agreement States, and others. The NRC is
committed to avoiding unintended consequences that unnecessarily
increase the burden on external stakeholders while also maintaining
adequate protective measures for CUI.
The CUI program is separate from the Classified National Security
Information program. While the two programs may share similar language
and some similar requirements, the CUI program's requirements for
designating, protecting, accessing, sharing, and decontrolling
information, as well as the repercussions for misuse, differ from those
for the Classified National Security Information program.
The CUI program does not change NRC policy and practices in
responding to a Freedom of Information Act (FOIA) request. Marking and
designating information as CUI does not preclude information from
release under the FOIA or preclude it from otherwise being considered
for public release. The staff must still review the information and
apply FOIA exemptions appropriately.
While the NRC transitions to the CUI program, all elements of the
NRC's SUNSI program will remain in place. If NRC employees or
contractors receive CUI before the implementation of the CUI program at
the NRC, they will continue to follow current NRC guidance to protect
sensitive information.
Key Elements of the CUI Program
(1) The NRC's CUI Program Office: The NRC's CUI Senior Agency
Official (SAO) is responsible for planning, directing, and overseeing
the implementation of a comprehensive, coordinated, integrated,
efficient, and cost-effective NRC CUI program, consistent with
applicable laws, regulations, and Commission direction and policies.
The SAO's duties are assigned to the Director, Governance and
Enterprise Management Services Division, in the Office of the Chief
Information Officer.
(2) Applicability: This policy applies to all NRC employees and
contractors. The CUI rule also may apply indirectly through
information-sharing agreements to persons or entities that are provided
access to information that has been designated as CUI.
In accordance with the CUI rule, the NRC's CUI program will contain
the following elements:
Safeguarding standards, including for marking, physical
protection, and destruction;
Information technology and cybersecurity control
standards;
Access and dissemination standards, including, where
feasible, agreements with external parties for sharing information;
Training;
Processes for decontrolling information, issuing waivers,
managing incidents, and challenging designations of information as CUI;
and
A self-inspection and corrective action program.
Management Directive 12.6, ``NRC Controlled Unclassified
Information Program,'' will provide detailed guidance to NRC staff and
contractors for the handling, marking, protecting, sharing, destroying,
and decontrolling of CUI.
Dated: November 4, 2021.
For the Nuclear Regulatory Commission.
Annette Vietti-Cook,
Secretary of the Commission.
[FR Doc. 2021-24543 Filed 11-10-21; 8:45 am]
BILLING CODE 7590-01-P
