Cyber Security Programs for Nuclear Power Reactors, 12208-12209 [2022-04464]
Download as PDF
12208
Federal Register / Vol. 87, No. 42 / Thursday, March 3, 2022 / Notices
the medical use of byproduct material
for diagnosis and therapy.
Responsibilities include providing
guidance and comments on current and
proposed NRC regulations and
regulatory guidance concerning medical
use; evaluating certain non-routine uses
of byproduct material for medical use;
and evaluating training and experience
of proposed authorized users. The
members are involved in preliminary
discussions of major issues in
determining the need for changes in
NRC policy and regulation to ensure the
continued safe use of byproduct
material. Each member provides
technical assistance in his/her specific
area(s) of expertise, particularly with
respect to emerging technologies.
Members also provide guidance as to
NRC’s role in relation to the
responsibilities of other Federal
agencies as well as of various
professional organizations and boards.
Members of this Committee have
demonstrated professional
qualifications and expertise in both
scientific and non-scientific disciplines
including nuclear medicine; nuclear
cardiology; radiation therapy; medical
physics; nuclear pharmacy; State
medical regulation; patient’s rights and
care; health care administration; and
Food and Drug Administration
regulation.
Dated at Rockville, Maryland, this 28th day
of February, 2022.
For the U.S. Nuclear Regulatory
Commission.
Russell E. Chazell,
Federal Advisory Committee Management
Officer.
[FR Doc. 2022–04463 Filed 3–2–22; 8:45 am]
BILLING CODE 7590–01–P
NUCLEAR REGULATORY
COMMISSION
[NRC–2021–0143]
Cyber Security Programs for Nuclear
Power Reactors
Nuclear Regulatory
Commission.
ACTION: Draft regulatory guide; request
for comment.
AGENCY:
The U.S. Nuclear Regulatory
Commission (NRC) is issuing for public
comment a draft regulatory guide (DG),
DG–5061, Revision 1, ‘‘Cyber Security
Programs for Nuclear Power Reactors.’’
DG 5061, Revision 1, incorporates
reference to industry whitepapers on
identifying safety, important to safety,
balance of plant, and emergency
preparedness Critical Digital Assets. It
khammond on DSKJM1Z7X2PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
18:23 Mar 02, 2022
Jkt 256001
also clarifies guidance on defense-indepth for cyber security and includes
updated text based on the latest
National Institute of Standards and
Technology (NIST) and International
Atomic Energy Agency cyber security
guidance. Specifically, this proposed
revision clarifies issues identified from
cyber security inspections, insights
gained through the Security Frequently
Asked Questions (SFAQ) process,
documented cyber security attacks, new
technologies, and new regulations. This
proposed revision also considers the
changes in the most recent revision to
the NIST Special Publications (SP) 800–
53, upon which Revision 0 of
Regulatory Guide (RG) 5.71, ‘‘Cyber
Security Programs for Nuclear
Facilities’’ was based.
Submit comments by May 2,
2022. Comments received after this date
will be considered if it is practical to do
so, but the NRC is able to ensure
consideration only for comments
received on or before this date.
DATES:
You may submit comments
by any of the following methods;
however, the NRC encourages electronic
comment submission through the
Federal Rulemaking Website:
• Federal Rulemaking Website: Go to
https://www.regulations.gov and search
for Docket ID NRC–2021–0143. Address
questions about Docket IDs in
Regulations.gov to Stacy Schumann;
telephone: 301–415–0624; email:
Stacy.Schumann@nrc.gov. For technical
questions, contact the individuals listed
in the FOR FURTHER INFORMATION
CONTACT section of this document.
• Mail comments to: Office of
Administration, Mail Stop: TWFN–7–
A60M, U.S. Nuclear Regulatory
Commission, Washington, DC 20555–
0001, ATTN: Program Management,
Announcements and Editing Staff.
For additional direction on obtaining
information and submitting comments,
see ‘‘Obtaining Information and
Submitting Comments’’ in the
SUPPLEMENTARY INFORMATION section of
this document.
ADDRESSES:
Kim
Lawson-Jenkins, Office of Nuclear
Security and Incident Response,
telephone: 301–287–3656, email:
Kim.Lawson-Jenkins@nrc.gov and
Mekonen Bayssie, Office of Nuclear
Regulatory Research, telephone: 301–
415–1699, email: Mekonen.Bayssie@
nrc.gov. Both are staff of the U.S.
Nuclear Regulatory Commission,
Washington, DC 20555–0001.
FOR FURTHER INFORMATION CONTACT:
SUPPLEMENTARY INFORMATION:
PO 00000
Frm 00135
Fmt 4703
Sfmt 4703
I. Obtaining Information and
Submitting Comments
A. Obtaining Information
Please refer to Docket ID NRC–2021–
0143 when contacting the NRC about
the availability of information for this
action. You may obtain publicly
available information related to this
action by any of the following methods:
• Federal Rulemaking Website: Go to
https://www.regulations.gov and search
for Docket ID NRC–2021–0143.
• NRC’s Agencywide Documents
Access and Management System
(ADAMS): You may obtain publicly
available documents online in the
ADAMS Public Documents collection at
https://www.nrc.gov/reading-rm/
adams.html. To begin the search, select
‘‘Begin Web-based ADAMS Search.’’ For
problems with ADAMS, please contact
the NRC’s Public Document Room (PDR)
reference staff at 1–800–397–4209, 301–
415–4737, or by email to
PDR.Resource@nrc.gov. The ADAMS
accession number for each document
referenced (if it is available in ADAMS)
is provided the first time that it is
mentioned in this document.
• NRC’s PDR: You may examine and
purchase copies of public documents,
by appointment, at the NRC’s PDR,
Room P1 B35, One White Flint North,
11555 Rockville Pike, Rockville,
Maryland 20852. To make an
appointment to visit the PDR, please
send an email to PDR.Resource@nrc.gov
or call 1–800–397–4209 or 301–415–
4737, between 8:00 a.m. and 4:00 p.m.
(ET), Monday through Friday, except
Federal holidays.
B. Submitting Comments
The NRC encourages electronic
comment submission through the
Federal Rulemaking Website (https://
www.regulations.gov). Please include
Docket ID NRC–2021–0143 in your
comment submission.
The NRC cautions you not to include
identifying or contact information that
you do not want to be publicly
disclosed in your comment submission.
The NRC will post all comment
submissions at https://
www.regulations.gov as well as enter the
comment submissions into ADAMS.
The NRC does not routinely edit
comment submissions to remove
identifying or contact information.
If you are requesting or aggregating
comments from other persons for
submission to the NRC, then you should
inform those persons not to include
identifying or contact information that
they do not want to be publicly
disclosed in their comment submission.
Your request should state that the NRC
E:\FR\FM\03MRN1.SGM
03MRN1
Federal Register / Vol. 87, No. 42 / Thursday, March 3, 2022 / Notices
does not routinely edit comment
submissions to remove such information
before making the comment
submissions available to the public or
entering the comment into ADAMS.
khammond on DSKJM1Z7X2PROD with NOTICES
II. Additional Information
The NRC is issuing for public
comment a DG in the NRC’s ‘‘Regulatory
Guide’’ series. This series was
developed to describe and make
available to the public information
regarding methods that are acceptable to
the NRC staff for implementing specific
parts of the agency’s regulations, to
explain techniques that the staff uses in
evaluating specific issues or postulated
events, and to describe information that
the staff needs in its review of
applications for permits and licenses.
The DG, entitled ‘‘Cyber Security
Programs for Nuclear Power Reactors,’’
is temporarily identified by its task
number, DG–5061, Revision 1 (ADAMS
Accession No. ML21095A329) is a
proposed revision to RG 5.71, ‘‘Cyber
Security Programs for Nuclear
Facilities.’’ It provides NRC licensees
with guidance on meeting the cyber
security requirements described in
section 73.54 of title 10 of the Code of
Federal Regulations (10 CFR),
‘‘Protection of digital computer and
communication systems and networks.’’
The staff is also issuing for public
comment a draft regulatory analysis
(ADAMS Accession No. ML21130A636).
The staff developed the regulatory
analysis to assess the value of revising
RG 5.71 as well as alternative courses of
action.
DG–5061, Revision 1, clarifies issues
identified from cyber security
inspections, insights gained through the
SFAQ process, lessons learned from
international and domestic cyber
security attacks, new technologies, and
new regulations. In addition, it
considers changes in NIST SP 800–53,
upon which Revision 0 of RG 5.71 was
based. In 2010, the Commission issued
Staff Requirements Memorandum
(SRM), SRM–COMWCO–10–0001
(ADAMS Accession No. ML102940009)
which clarified the scope of the cyber
security rule regarding balance of plant
(BOP) systems. This proposed revision
to RG 5.71 includes guidance for
structures, systems, and components in
the BOP systems.
III. Backfitting, Forward Fitting, and
Issue Finality
DG–5061, Revision 1, if finalized,
would revise RG 5.71, which describes
methods acceptable for use by nuclear
power plant licensees in meeting the
requirements for the cyber security
requirements in 10 CFR 73.54. Issuance
VerDate Sep<11>2014
18:23 Mar 02, 2022
Jkt 256001
of DG–5061 Revision 1, if finalized,
would not constitute backfitting as
defined in 10 CFR 50.109, ‘‘Backfitting,’’
and as described in NRC Management
Directive (MD) 8.4, ‘‘Management of
Backfitting, Forward Fitting, Issue
Finality, and Information Requests’’;
constitute forward fitting as that term is
defined and described in MD 8.4; or
affect the issue finality of any approval
issued under 10 CFR part 52, ‘‘Licenses,
certifications, and approvals for nuclear
power plants.’’ As explained in DG–
5061 Revision 1, applicants and
licensees would not be required to
comply with the positions set forth in
DG–5061.
IV. Submitting Suggestions for
Improvement of Regulatory Guides
A member of the public may, at any
time, submit suggestions to the NRC for
improvement of existing RGs or for the
development of new RGs. Suggestions
can be submitted on the NRC’s public
website at https://www.nrc.gov/readingrm/doc-collections/reg-guides/
contactus.html. Suggestions will be
considered in future updates and
enhancements to the ‘‘Regulatory
Guide’’ series.
Dated: February 28, 2022.
For the Nuclear Regulatory Commission.
Meraj Rahimi,
Chief, Regulatory Guide and Programs
Management Branch, Division of Engineering,
Office of Nuclear Regulatory Research.
[FR Doc. 2022–04464 Filed 3–2–22; 8:45 am]
BILLING CODE 7590–01–P
NUCLEAR REGULATORY
COMMISSION
[NRC–2022–0054]
Guidance for the Application of
Radiological Sabotage Design-Basis
Threat in the Design, Development,
and Implementation of a Physical
Security Program That Meets 10 CFR
73.55 Requirements
Nuclear Regulatory
Commission.
ACTION: Regulatory guide; issuance.
AGENCY:
The U.S. Nuclear Regulatory
Commission (NRC) is issuing Revision 1
to Regulatory Guide (RG) 5.69,
‘‘Guidance for the Application of
Radiological Sabotage Design-Basis
Threat in the Design, Development, and
Implementation of a Physical Security
Program that Meets 10 CFR 73.55
Requirements,’’ as a final RG. RG 5.69
provides a method that the NRC staff
finds acceptable for an applicant or
licensee to use in applying the design-
SUMMARY:
PO 00000
Frm 00136
Fmt 4703
Sfmt 4703
12209
basis threats (DBTs) in the development
of a physical security program that
meets the requirements of NRC
regulations. Through interactions with
stakeholders during physical security
inspections, including security baseline
inspections, force-on-force exercises,
and enforcement activities, the NRC
identified areas where a need for
additional clarity and/or sufficient
technical information is warranted.
Revision 1 to RG 5.69 addresses these
areas. In addition, revisions to this
guidance include changes to the DBT
adversary characteristics necessary to
align with changes to NRC security
requirements made since the
publication of Revision 0 to RG 5.69 in
2007.
DATES: Revision 1 to RG 5.69 is available
on March 3, 2022.
ADDRESSES: Please refer to Docket ID
NRC–2022–0054 when contacting the
NRC about the availability of
information regarding this document.
Revision 1 to RG 5.69 contains
Safeguards Information (SGI). Therefore,
this RG is being withheld from public
disclosure, but is available to those
affected licensees and cleared
stakeholders who qualify for access and
have a demonstrated need-to-know. For
access to Revision 1 to RG 5.69, contact
the individuals listed in the FOR
FURTHER INFORMATION CONTACT section.
FOR FURTHER INFORMATION CONTACT: Niry
Simonian, Office of Nuclear Security
and Insident Response, telephone: 301–
287–3636, email: Niry.Simonian@
nrc.gov or Mekonen Bayssie, Office of
Nuclear Regulatory Research, telephone:
301–415–1699, email:
Mekonen.Bayssie@nrc.gov. Both are staff
of the U.S. Nuclear Regulatory
Commission, Washington, DC 20555–
0001. Please do not include any
potentially classified or sensitive
information in your email.
SUPPLEMENTARY INFORMATION:
I. Discussion
The NRC is issuing a revision to an
existing RG in the NRC’s ‘‘Regulatory
Guide’’ series. This series was
developed to describe and make
available to the public information
regarding methods that are acceptable to
the NRC staff for implementing specific
parts of the agency’s regulations,
techniques that the NRC staff uses in
evaluating specific issues or postulated
events, and data that the NRC staff
needs in its review of applications for
permits and licenses.
Revision 1 to RG 5.69 incorporates
methods to apply requirements of
updated regulations and lessons-learned
from regulatory oversight, including
E:\FR\FM\03MRN1.SGM
03MRN1
Agencies
[Federal Register Volume 87, Number 42 (Thursday, March 3, 2022)]
[Notices]
[Pages 12208-12209]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-04464]
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
[NRC-2021-0143]
Cyber Security Programs for Nuclear Power Reactors
AGENCY: Nuclear Regulatory Commission.
ACTION: Draft regulatory guide; request for comment.
-----------------------------------------------------------------------
SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is issuing for
public comment a draft regulatory guide (DG), DG-5061, Revision 1,
``Cyber Security Programs for Nuclear Power Reactors.'' DG 5061,
Revision 1, incorporates reference to industry whitepapers on
identifying safety, important to safety, balance of plant, and
emergency preparedness Critical Digital Assets. It also clarifies
guidance on defense-in-depth for cyber security and includes updated
text based on the latest National Institute of Standards and Technology
(NIST) and International Atomic Energy Agency cyber security guidance.
Specifically, this proposed revision clarifies issues identified from
cyber security inspections, insights gained through the Security
Frequently Asked Questions (SFAQ) process, documented cyber security
attacks, new technologies, and new regulations. This proposed revision
also considers the changes in the most recent revision to the NIST
Special Publications (SP) 800-53, upon which Revision 0 of Regulatory
Guide (RG) 5.71, ``Cyber Security Programs for Nuclear Facilities'' was
based.
DATES: Submit comments by May 2, 2022. Comments received after this
date will be considered if it is practical to do so, but the NRC is
able to ensure consideration only for comments received on or before
this date.
ADDRESSES: You may submit comments by any of the following methods;
however, the NRC encourages electronic comment submission through the
Federal Rulemaking Website:
Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC-2021-0143. Address
questions about Docket IDs in Regulations.gov to Stacy Schumann;
telephone: 301-415-0624; email: [email protected]. For technical
questions, contact the individuals listed in the FOR FURTHER
INFORMATION CONTACT section of this document.
Mail comments to: Office of Administration, Mail Stop:
TWFN-7-A60M, U.S. Nuclear Regulatory Commission, Washington, DC 20555-
0001, ATTN: Program Management, Announcements and Editing Staff.
For additional direction on obtaining information and submitting
comments, see ``Obtaining Information and Submitting Comments'' in the
SUPPLEMENTARY INFORMATION section of this document.
FOR FURTHER INFORMATION CONTACT: Kim Lawson-Jenkins, Office of Nuclear
Security and Incident Response, telephone: 301-287-3656, email:
[email protected] and Mekonen Bayssie, Office of Nuclear
Regulatory Research, telephone: 301-415-1699, email:
[email protected]. Both are staff of the U.S. Nuclear Regulatory
Commission, Washington, DC 20555-0001.
SUPPLEMENTARY INFORMATION:
I. Obtaining Information and Submitting Comments
A. Obtaining Information
Please refer to Docket ID NRC-2021-0143 when contacting the NRC
about the availability of information for this action. You may obtain
publicly available information related to this action by any of the
following methods:
Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC-2021-0143.
NRC's Agencywide Documents Access and Management System
(ADAMS): You may obtain publicly available documents online in the
ADAMS Public Documents collection at https://www.nrc.gov/reading-rm/adams.html. To begin the search, select ``Begin Web-based ADAMS
Search.'' For problems with ADAMS, please contact the NRC's Public
Document Room (PDR) reference staff at 1-800-397-4209, 301-415-4737, or
by email to [email protected]. The ADAMS accession number for each
document referenced (if it is available in ADAMS) is provided the first
time that it is mentioned in this document.
NRC's PDR: You may examine and purchase copies of public
documents, by appointment, at the NRC's PDR, Room P1 B35, One White
Flint North, 11555 Rockville Pike, Rockville, Maryland 20852. To make
an appointment to visit the PDR, please send an email to
[email protected] or call 1-800-397-4209 or 301-415-4737, between
8:00 a.m. and 4:00 p.m. (ET), Monday through Friday, except Federal
holidays.
B. Submitting Comments
The NRC encourages electronic comment submission through the
Federal Rulemaking Website (https://www.regulations.gov). Please
include Docket ID NRC-2021-0143 in your comment submission.
The NRC cautions you not to include identifying or contact
information that you do not want to be publicly disclosed in your
comment submission. The NRC will post all comment submissions at
https://www.regulations.gov as well as enter the comment submissions
into ADAMS. The NRC does not routinely edit comment submissions to
remove identifying or contact information.
If you are requesting or aggregating comments from other persons
for submission to the NRC, then you should inform those persons not to
include identifying or contact information that they do not want to be
publicly disclosed in their comment submission. Your request should
state that the NRC
[[Page 12209]]
does not routinely edit comment submissions to remove such information
before making the comment submissions available to the public or
entering the comment into ADAMS.
II. Additional Information
The NRC is issuing for public comment a DG in the NRC's
``Regulatory Guide'' series. This series was developed to describe and
make available to the public information regarding methods that are
acceptable to the NRC staff for implementing specific parts of the
agency's regulations, to explain techniques that the staff uses in
evaluating specific issues or postulated events, and to describe
information that the staff needs in its review of applications for
permits and licenses.
The DG, entitled ``Cyber Security Programs for Nuclear Power
Reactors,'' is temporarily identified by its task number, DG-5061,
Revision 1 (ADAMS Accession No. ML21095A329) is a proposed revision to
RG 5.71, ``Cyber Security Programs for Nuclear Facilities.'' It
provides NRC licensees with guidance on meeting the cyber security
requirements described in section 73.54 of title 10 of the Code of
Federal Regulations (10 CFR), ``Protection of digital computer and
communication systems and networks.''
The staff is also issuing for public comment a draft regulatory
analysis (ADAMS Accession No. ML21130A636). The staff developed the
regulatory analysis to assess the value of revising RG 5.71 as well as
alternative courses of action.
DG-5061, Revision 1, clarifies issues identified from cyber
security inspections, insights gained through the SFAQ process, lessons
learned from international and domestic cyber security attacks, new
technologies, and new regulations. In addition, it considers changes in
NIST SP 800-53, upon which Revision 0 of RG 5.71 was based. In 2010,
the Commission issued Staff Requirements Memorandum (SRM), SRM-COMWCO-
10-0001 (ADAMS Accession No. ML102940009) which clarified the scope of
the cyber security rule regarding balance of plant (BOP) systems. This
proposed revision to RG 5.71 includes guidance for structures, systems,
and components in the BOP systems.
III. Backfitting, Forward Fitting, and Issue Finality
DG-5061, Revision 1, if finalized, would revise RG 5.71, which
describes methods acceptable for use by nuclear power plant licensees
in meeting the requirements for the cyber security requirements in 10
CFR 73.54. Issuance of DG-5061 Revision 1, if finalized, would not
constitute backfitting as defined in 10 CFR 50.109, ``Backfitting,''
and as described in NRC Management Directive (MD) 8.4, ``Management of
Backfitting, Forward Fitting, Issue Finality, and Information
Requests''; constitute forward fitting as that term is defined and
described in MD 8.4; or affect the issue finality of any approval
issued under 10 CFR part 52, ``Licenses, certifications, and approvals
for nuclear power plants.'' As explained in DG-5061 Revision 1,
applicants and licensees would not be required to comply with the
positions set forth in DG-5061.
IV. Submitting Suggestions for Improvement of Regulatory Guides
A member of the public may, at any time, submit suggestions to the
NRC for improvement of existing RGs or for the development of new RGs.
Suggestions can be submitted on the NRC's public website at https://www.nrc.gov/reading-rm/doc-collections/reg-guides/contactus.html.
Suggestions will be considered in future updates and enhancements to
the ``Regulatory Guide'' series.
Dated: February 28, 2022.
For the Nuclear Regulatory Commission.
Meraj Rahimi,
Chief, Regulatory Guide and Programs Management Branch, Division of
Engineering, Office of Nuclear Regulatory Research.
[FR Doc. 2022-04464 Filed 3-2-22; 8:45 am]
BILLING CODE 7590-01-P