Cyber Security Programs for Nuclear Power Reactors, 9117-9118 [2023-02941]
Download as PDF
<![CDATA[
Federal Register / Vol. 88, No. 29 / Monday, February 13, 2023 / Rules and Regulations
NUCLEAR REGULATORY
COMMISSION
10 CFR Part 73
[NRC–2021–0143]
Cyber Security Programs for Nuclear
Power Reactors
Nuclear Regulatory
Commission.
ACTION: Regulatory guide; issuance.
AGENCY:
The U.S. Nuclear Regulatory
Commission (NRC) is issuing Revision 1
to Regulatory Guide (RG) 5.71, ‘‘Cyber
Security Programs for Nuclear Power
Reactors.’’ Revision 1 incorporates
references to industry guidance on
identifying and protecting critical
digital assets for safety-related,
important to safety, balance of plant,
and emergency preparedness
equipment. It also clarifies guidance on
defense-in-depth for cyber security and
includes updated text based on the
latest National Institute of Standards
and Technology (NIST) and
International Atomic Energy Agency
(IAEA) cyber security guidance.
Specifically, this revision clarifies
issues identified from cyber security
inspections, insights gained through the
Security Frequently Asked Questions
(SFAQ) process, documented cyber
security attacks, new technologies, and
new regulations. This revision also
considers the changes in the most recent
revision to the NIST Special
Publications (SP) 800–53, upon which
Revision 0 of Regulatory Guide (RG)
5.71, ‘‘Cyber Security Programs for
Nuclear Facilities’’ was based.
DATES: Revision 1 to RG 5.71 is available
on February 13, 2023.
ADDRESSES: Please refer to Docket ID
NRC–2021–0143 when contacting the
NRC about the availability of
information regarding this document.
You may obtain publicly available
information related to this document
using any of the following methods:
• Federal Rulemaking Website: Go to
https://www.regulations.gov and search
for Docket ID NRC–2021–0143. Address
questions about Docket IDs in
Regulations.gov to Stacy Schumann;
telephone: 301–415–0624; email:
Stacy.Schumann@nrc.gov. For technical
questions, contact the individuals listed
in the FOR FURTHER INFORMATION
CONTACT section of this document.
• NRC’s Agencywide Documents
Access and Management System
(ADAMS): You may obtain publicly
available documents online in the
ADAMS Public Documents collection at
https://www.nrc.gov/reading-rm/
khammond on DSKJM1Z7X2PROD with RULES
SUMMARY:
VerDate Sep<11>2014
16:19 Feb 10, 2023
Jkt 259001
adams.html. To begin the search, select
‘‘Begin Web-based ADAMS Search.’’ For
problems with ADAMS, please contact
the NRC’s Public Document Room (PDR)
reference staff at 1–800–397–4209, 301–
415–4737, or by email to
PDR.Resource@nrc.gov. The ADAMS
accession number for each document
referenced (if it is available in ADAMS)
is provided the first time that it is
mentioned in this document.
• NRC’s PDR: You may examine and
purchase copies of public documents,
by appointment, at the NRC’s Public
Document Room (PDR), Room P1 B35,
One White Flint North, 11555 Rockville
Pike, Rockville, Maryland 20852. To
make an appointment to visit the PDR,
please send an email to PDR.Resource@
nrc.gov or call 1–800–397–4209 or 301–
415–4737, between 8 a.m. and 4 p.m.
eastern time (ET), Monday through
Friday, except Federal holidays.
Revision 1 to RG 5.71 and the
regulatory analysis may be found in
ADAMS under Accession No.
ML22258A204 and ML21130A636,
respectively.
Regulatory guides are not
copyrighted, and NRC approval is not
required to reproduce them.
FOR FURTHER INFORMATION CONTACT: Kim
Lawson-Jenkins, Office of Nuclear
Security and Incident Response,
telephone: 301–287–3656, email:
Kim.Lawson-Jenkins@nrc.gov and
Stanley Gardocki, Office of Nuclear
Regulatory Research, telephone: 301–
415–1067, email: Stanley.Gardocki@
nrc.gov. Both are staff of the U.S.
Nuclear Regulatory Commission,
Washington, DC 20555–0001.
SUPPLEMENTARY INFORMATION:
I. Discussion
The NRC is issuing a revision to an
existing guide in the NRC’s ‘‘Regulatory
Guide’’ series. This series was
developed to describe methods that are
acceptable to the NRC staff for
implementing specific parts of the
agency’s regulations, to explain
techniques that the staff uses in
evaluating specific issues or postulated
events, and to describe information that
the staff needs in its review of
applications for permits and licenses.
RG 5.71, Revision 1 is entitled ‘‘Cyber
Security Programs for Nuclear Power
Reactors.’’ It provides NRC licensees
with guidance on meeting the cyber
security requirements described in
section 73.54 of title 10 of the Code of
Federal Regulations (10 CFR),
‘‘Protection of digital computer and
communication systems and networks.’’
Revision 1 clarifies guidance on
defense-in-depth for cyber security and
PO 00000
Frm 00013
Fmt 4700
Sfmt 4700
9117
updates guidance based on the latest
NIST and IAEA cyber security guidance.
Revision 1 also clarifies issues
identified from cyber security
inspections, insights gained through the
SFAQ process, lessons learned from
international and domestic cyber
security attacks, new technologies, and
new regulations.
The proposed Revision 1 to RG 5.71
was issued with a temporary
identification Draft Regulatory Guide
(DG) 5061.
II. Additional Information
The NRC published a notice of
availability of DG–5061 (ADAMS
Accession No. ML18016A129) in the
Federal Register on August 23, 2018 (83
FR 42623) for a 60-day public comment
period. The public comment period
closed on October 22, 2018. Public
comments received on DG–5061 and the
staff responses are available in ADAMS
under Accession No. ML21266A132.
In order to incorporate updates in
industry documents, DG–5061 was reissued in the Federal Register on March
3, 2022 (87 FR 12208) for a 60-day
public comment period. The public
comment period closed on May 2, 2022.
Public comments received on DG–5061
and the staff responses are available in
ADAMS under Accession No.
ML22258A200.
As noted in the Federal Register on
December 9, 2022 (87 FR 75671), this
document is being published in the
‘‘Rules’’ section of the Federal Register
to comply with publication
requirements under 1 CFR chapter I.
III. Congressional Review Act
This RG is a rule as defined in the
Congressional Review Act (5 U.S.C.
801–808). However, the Office of
Management and Budget has not found
it to be a major rule as defined in the
Congressional Review Act.
IV. Backfitting, Forward Fitting, and
Issue Finality
RG 5.71 describes methods acceptable
to the NRC staff for complying with the
NRC’s regulations to meet the regulatory
requirements in 10 CFR 73.54. Issuance
of this RG, would not constitute
backfitting as defined in 10 CFR 50.109,
‘‘Backfitting,’’ and as described in NRC
Management Directive (MD) 8.4,
‘‘Management of Backfitting, Forward
Fitting, Issue Finality, and Information
Requests,’’ constitute forward fitting as
that term is defined and described in
MD 8.4; or affect the issue finality of any
approval issued under 10 CFR part 52,
‘‘Licenses, certifications, and approvals
for nuclear power plants.’’
E:\FR\FM\13FER1.SGM
13FER1
9118
Federal Register / Vol. 88, No. 29 / Monday, February 13, 2023 / Rules and Regulations
V. Submitting Suggestions for
Improvement of Regulatory Guides
A member of the public may, at any
time, submit suggestions to the NRC for
improvement of existing RGs or for the
development of new RGs. Suggestions
can be submitted on the NRC’s public
website at https://www.nrc.gov/readingrm/doc-collections/reg-guides/
contactus.html. Suggestions will be
considered in future updates and
enhancements to the ‘‘Regulatory
Guide’’ series.
Dated: February 7, 2023.
For the Nuclear Regulatory Commission.
Meraj Rahimi,
Chief, Regulatory Guide and Programs
Management Branch, Division of Engineering,
Office of Nuclear Regulatory Research.
[FR Doc. 2023–02941 Filed 2–10–23; 8:45 am]
BILLING CODE 7590–01–P
DEPARTMENT OF ENERGY
10 CFR Part 430
[EERE–2019–BT–STD–0030]
RIN 1904–AE40
Energy Conservation Program: Energy
Conservation Standards for General
Service Fluorescent Lamps
Office of Energy Efficiency and
Renewable Energy, Department of
Energy.
ACTION: Final determination.
AGENCY:
The Energy Policy and
Conservation Act, as amended (EPCA),
prescribes energy conservation
standards for various consumer
products and certain commercial and
industrial equipment, including general
service fluorescent lamps (GSFLs).
EPCA also requires the U.S. Department
of Energy (DOE) to periodically
determine whether more-stringent,
amended standards would be
technologically feasible and
economically justified, and would result
in significant energy savings. In this
final determination, DOE has
determined that energy conservation
standards for GSFLs do not need to be
amended.
DATES: The effective date of this final
determination is March 15, 2023.
ADDRESSES: The docket for this activity,
which includes Federal Register
notices, public meeting attendee lists
and transcripts, comments, and other
supporting documents/materials, is
available for review at
www.regulations.gov. All documents in
the docket are listed in the
www.regulations.gov index. However,
khammond on DSKJM1Z7X2PROD with RULES
SUMMARY:
VerDate Sep<11>2014
16:19 Feb 10, 2023
Jkt 259001
some documents listed in the index,
such as information that is exempt from
public disclosure, may not be publicly
available.
The docket web page can be found at
https://www.regulations.gov/docket/
EERE-2019-BT-STD-0030. The docket
web page contains instructions on how
to access all documents, including
public comments, in the docket.
For further information on how to
review the docket, contact the
Appliance and Equipment Standards
Program staff at (202) 287–1445 or by
email: ApplianceStandardsQuestions@
ee.doe.gov.
FOR FURTHER INFORMATION CONTACT:
Mr. Bryan Berringer, U.S. Department
of Energy, Office of Energy Efficiency
and Renewable Energy, Building
Technologies Office, EE–5B, 1000
Independence Avenue SW, Washington,
DC, 20585–0121. Email:
ApplianceStandardsQuestions@
ee.doe.gov.
Ms. Celia Sher, U.S. Department of
Energy, Office of the General Counsel,
GC–33, 1000 Independence Avenue SW,
Washington, DC, 20585–0121.
Telephone: (202) 287–6122. Email:
Celia.Sher@hq.doe.gov.
SUPPLEMENTARY INFORMATION:
Table of Contents
I. Synopsis of the Final Determination
II. Introduction
A. Authority
B. Background
1. Current Standards
2. History of Standards Rulemakings for
GSFLs
III. General Discussion
A. Product Classes and Scope of Coverage
B. Test Procedure
C. Technological Feasibility
1. General
2. Maximum Technologically Feasible
Levels
D. Energy Savings
1. Determination of Savings
2. Significance of Savings
E. Cost Effectiveness
F. Further Considerations
IV. Methodology and Discussion of Related
Comments
A. Market and Technology Assessment
1. Scope of Coverage and Product Classes
2. Technology Options
3. Screening Analysis
a. Screened-Out Technologies
b. Remaining Technologies
4. Product Classes
a. Existing Product Classes
b. Summary
B. Engineering and Cost Analysis
1. Efficiency Analysis
a. Representative Product Classes
b. Baseline Efficiency
c. More Efficacious Substitutes
d. Higher Efficiency Levels
e. Lamp-and-Ballast Systems
f. Scaling to Other Product Classes
PO 00000
Frm 00014
Fmt 4700
Sfmt 4700
2. Cost Analysis
C. Energy Use Analysis
D. Life-Cycle Cost and Payback Period
Analysis
E. Shipments Analysis
F. National Impact Analysis
1. Product Efficiency Trends
2. National Energy Savings
3. Net Present Value Analysis
V. Analytical Results and Conclusions
A. Economic Impacts on Individual
Consumers
B. National Impact Analysis
1. Significance of Energy Savings
2. Net Present Value of Consumer Costs
and Benefits
C. Final Determination
1. Technological Feasibility
2. Cost Effectiveness
3. Significant Conservation of Energy
4. Further Considerations
5. Summary
VI. Procedural Issues and Regulatory Review
A. Review Under Executive Orders 12866
and 13563
B. Review Under the Regulatory Flexibility
Act
C. Review Under the Paperwork Reduction
Act
D. Review Under the National
Environmental Policy Act of 1969
E. Review Under Executive Order 13132
F. Review Under Executive Order 12988
G. Review Under the Unfunded Mandates
Reform Act of 1995
H. Review Under the Treasury and General
Government Appropriations Act, 1999
I. Review Under Executive Order 12630
J. Review Under the Treasury and General
Government Appropriations Act, 2001
K. Review Under Executive Order 13211
L. Review Under the Information Quality
Bulletin for Peer Review
M. Congressional Notification
VII. Approval of the Office of the Secretary
I. Synopsis of the Final Determination
The Energy Policy and Conservation
Act, Public Law 94–163, as amended
(‘‘EPCA’’), 1 authorizes DOE to regulate
the energy efficiency of a number of
consumer products and certain
industrial equipment. (42 U.S.C. 6291–
6317) Title III, Part B of EPCA 2
established the Energy Conservation
Program for Consumer Products Other
Than Automobiles. (42 U.S.C. 6291–
6309) These products include GSFLs,
the subject of this final determination.
(42 U.S.C. 6292(a)(14)), 42 U.S.C.
6295(i)(3)–(5))
DOE is issuing this final
determination pursuant to the EPCA
requirement that not later than 6 years
after issuance of any final rule
establishing or amending a standard,
1 All references to EPCA in this document refer
to the statute as amended through the Energy Act
of 2020, Public Law 116–260 (Dec. 27, 2020), which
reflect the last statutory amendments that impact
Parts A and A–1 of EPCA.
2 For editorial reasons, upon codification in the
U.S. Code, Part B was redesignated Part A.
E:\FR\FM\13FER1.SGM
13FER1
]]>Agencies
[Federal Register Volume 88, Number 29 (Monday, February 13, 2023)]
[Rules and Regulations]
[Pages 9117-9118]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-02941]
[[Page 9117]]
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
10 CFR Part 73
[NRC-2021-0143]
Cyber Security Programs for Nuclear Power Reactors
AGENCY: Nuclear Regulatory Commission.
ACTION: Regulatory guide; issuance.
-----------------------------------------------------------------------
SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is issuing
Revision 1 to Regulatory Guide (RG) 5.71, ``Cyber Security Programs for
Nuclear Power Reactors.'' Revision 1 incorporates references to
industry guidance on identifying and protecting critical digital assets
for safety-related, important to safety, balance of plant, and
emergency preparedness equipment. It also clarifies guidance on
defense-in-depth for cyber security and includes updated text based on
the latest National Institute of Standards and Technology (NIST) and
International Atomic Energy Agency (IAEA) cyber security guidance.
Specifically, this revision clarifies issues identified from cyber
security inspections, insights gained through the Security Frequently
Asked Questions (SFAQ) process, documented cyber security attacks, new
technologies, and new regulations. This revision also considers the
changes in the most recent revision to the NIST Special Publications
(SP) 800-53, upon which Revision 0 of Regulatory Guide (RG) 5.71,
``Cyber Security Programs for Nuclear Facilities'' was based.
DATES: Revision 1 to RG 5.71 is available on February 13, 2023.
ADDRESSES: Please refer to Docket ID NRC-2021-0143 when contacting the
NRC about the availability of information regarding this document. You
may obtain publicly available information related to this document
using any of the following methods:
Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC-2021-0143. Address
questions about Docket IDs in Regulations.gov to Stacy Schumann;
telephone: 301-415-0624; email: [email protected]. For technical
questions, contact the individuals listed in the FOR FURTHER
INFORMATION CONTACT section of this document.
NRC's Agencywide Documents Access and Management System
(ADAMS): You may obtain publicly available documents online in the
ADAMS Public Documents collection at https://www.nrc.gov/reading-rm/adams.html. To begin the search, select ``Begin Web-based ADAMS
Search.'' For problems with ADAMS, please contact the NRC's Public
Document Room (PDR) reference staff at 1-800-397-4209, 301-415-4737, or
by email to [email protected]. The ADAMS accession number for each
document referenced (if it is available in ADAMS) is provided the first
time that it is mentioned in this document.
NRC's PDR: You may examine and purchase copies of public
documents, by appointment, at the NRC's Public Document Room (PDR),
Room P1 B35, One White Flint North, 11555 Rockville Pike, Rockville,
Maryland 20852. To make an appointment to visit the PDR, please send an
email to [email protected] or call 1-800-397-4209 or 301-415-4737,
between 8 a.m. and 4 p.m. eastern time (ET), Monday through Friday,
except Federal holidays.
Revision 1 to RG 5.71 and the regulatory analysis may be found in
ADAMS under Accession No. ML22258A204 and ML21130A636, respectively.
Regulatory guides are not copyrighted, and NRC approval is not
required to reproduce them.
FOR FURTHER INFORMATION CONTACT: Kim Lawson-Jenkins, Office of Nuclear
Security and Incident Response, telephone: 301-287-3656, email:
[email protected] and Stanley Gardocki, Office of Nuclear
Regulatory Research, telephone: 301-415-1067, email:
[email protected]. Both are staff of the U.S. Nuclear Regulatory
Commission, Washington, DC 20555-0001.
SUPPLEMENTARY INFORMATION:
I. Discussion
The NRC is issuing a revision to an existing guide in the NRC's
``Regulatory Guide'' series. This series was developed to describe
methods that are acceptable to the NRC staff for implementing specific
parts of the agency's regulations, to explain techniques that the staff
uses in evaluating specific issues or postulated events, and to
describe information that the staff needs in its review of applications
for permits and licenses.
RG 5.71, Revision 1 is entitled ``Cyber Security Programs for
Nuclear Power Reactors.'' It provides NRC licensees with guidance on
meeting the cyber security requirements described in section 73.54 of
title 10 of the Code of Federal Regulations (10 CFR), ``Protection of
digital computer and communication systems and networks.''
Revision 1 clarifies guidance on defense-in-depth for cyber
security and updates guidance based on the latest NIST and IAEA cyber
security guidance. Revision 1 also clarifies issues identified from
cyber security inspections, insights gained through the SFAQ process,
lessons learned from international and domestic cyber security attacks,
new technologies, and new regulations.
The proposed Revision 1 to RG 5.71 was issued with a temporary
identification Draft Regulatory Guide (DG) 5061.
II. Additional Information
The NRC published a notice of availability of DG-5061 (ADAMS
Accession No. ML18016A129) in the Federal Register on August 23, 2018
(83 FR 42623) for a 60-day public comment period. The public comment
period closed on October 22, 2018. Public comments received on DG-5061
and the staff responses are available in ADAMS under Accession No.
ML21266A132.
In order to incorporate updates in industry documents, DG-5061 was
re-issued in the Federal Register on March 3, 2022 (87 FR 12208) for a
60-day public comment period. The public comment period closed on May
2, 2022. Public comments received on DG-5061 and the staff responses
are available in ADAMS under Accession No. ML22258A200.
As noted in the Federal Register on December 9, 2022 (87 FR 75671),
this document is being published in the ``Rules'' section of the
Federal Register to comply with publication requirements under 1 CFR
chapter I.
III. Congressional Review Act
This RG is a rule as defined in the Congressional Review Act (5
U.S.C. 801-808). However, the Office of Management and Budget has not
found it to be a major rule as defined in the Congressional Review Act.
IV. Backfitting, Forward Fitting, and Issue Finality
RG 5.71 describes methods acceptable to the NRC staff for complying
with the NRC's regulations to meet the regulatory requirements in 10
CFR 73.54. Issuance of this RG, would not constitute backfitting as
defined in 10 CFR 50.109, ``Backfitting,'' and as described in NRC
Management Directive (MD) 8.4, ``Management of Backfitting, Forward
Fitting, Issue Finality, and Information Requests,'' constitute forward
fitting as that term is defined and described in MD 8.4; or affect the
issue finality of any approval issued under 10 CFR part 52, ``Licenses,
certifications, and approvals for nuclear power plants.''
[[Page 9118]]
V. Submitting Suggestions for Improvement of Regulatory Guides
A member of the public may, at any time, submit suggestions to the
NRC for improvement of existing RGs or for the development of new RGs.
Suggestions can be submitted on the NRC's public website at https://www.nrc.gov/reading-rm/doc-collections/reg-guides/contactus.html.
Suggestions will be considered in future updates and enhancements to
the ``Regulatory Guide'' series.
Dated: February 7, 2023.
For the Nuclear Regulatory Commission.
Meraj Rahimi,
Chief, Regulatory Guide and Programs Management Branch, Division of
Engineering, Office of Nuclear Regulatory Research.
[FR Doc. 2023-02941 Filed 2-10-23; 8:45 am]
BILLING CODE 7590-01-P
