Cyber Security Programs for Nuclear Power Reactors, 9117-9118 [2023-02941]

Download as PDF Federal Register / Vol. 88, No. 29 / Monday, February 13, 2023 / Rules and Regulations NUCLEAR REGULATORY COMMISSION 10 CFR Part 73 [NRC–2021–0143] Cyber Security Programs for Nuclear Power Reactors Nuclear Regulatory Commission. ACTION: Regulatory guide; issuance. AGENCY: The U.S. Nuclear Regulatory Commission (NRC) is issuing Revision 1 to Regulatory Guide (RG) 5.71, ‘‘Cyber Security Programs for Nuclear Power Reactors.’’ Revision 1 incorporates references to industry guidance on identifying and protecting critical digital assets for safety-related, important to safety, balance of plant, and emergency preparedness equipment. It also clarifies guidance on defense-in-depth for cyber security and includes updated text based on the latest National Institute of Standards and Technology (NIST) and International Atomic Energy Agency (IAEA) cyber security guidance. Specifically, this revision clarifies issues identified from cyber security inspections, insights gained through the Security Frequently Asked Questions (SFAQ) process, documented cyber security attacks, new technologies, and new regulations. This revision also considers the changes in the most recent revision to the NIST Special Publications (SP) 800–53, upon which Revision 0 of Regulatory Guide (RG) 5.71, ‘‘Cyber Security Programs for Nuclear Facilities’’ was based. DATES: Revision 1 to RG 5.71 is available on February 13, 2023. ADDRESSES: Please refer to Docket ID NRC–2021–0143 when contacting the NRC about the availability of information regarding this document. You may obtain publicly available information related to this document using any of the following methods: • Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC–2021–0143. Address questions about Docket IDs in Regulations.gov to Stacy Schumann; telephone: 301–415–0624; email: Stacy.Schumann@nrc.gov. For technical questions, contact the individuals listed in the FOR FURTHER INFORMATION CONTACT section of this document. • NRC’s Agencywide Documents Access and Management System (ADAMS): You may obtain publicly available documents online in the ADAMS Public Documents collection at https://www.nrc.gov/reading-rm/ khammond on DSKJM1Z7X2PROD with RULES SUMMARY: VerDate Sep<11>2014 16:19 Feb 10, 2023 Jkt 259001 adams.html. To begin the search, select ‘‘Begin Web-based ADAMS Search.’’ For problems with ADAMS, please contact the NRC’s Public Document Room (PDR) reference staff at 1–800–397–4209, 301– 415–4737, or by email to PDR.Resource@nrc.gov. The ADAMS accession number for each document referenced (if it is available in ADAMS) is provided the first time that it is mentioned in this document. • NRC’s PDR: You may examine and purchase copies of public documents, by appointment, at the NRC’s Public Document Room (PDR), Room P1 B35, One White Flint North, 11555 Rockville Pike, Rockville, Maryland 20852. To make an appointment to visit the PDR, please send an email to PDR.Resource@ nrc.gov or call 1–800–397–4209 or 301– 415–4737, between 8 a.m. and 4 p.m. eastern time (ET), Monday through Friday, except Federal holidays. Revision 1 to RG 5.71 and the regulatory analysis may be found in ADAMS under Accession No. ML22258A204 and ML21130A636, respectively. Regulatory guides are not copyrighted, and NRC approval is not required to reproduce them. FOR FURTHER INFORMATION CONTACT: Kim Lawson-Jenkins, Office of Nuclear Security and Incident Response, telephone: 301–287–3656, email: Kim.Lawson-Jenkins@nrc.gov and Stanley Gardocki, Office of Nuclear Regulatory Research, telephone: 301– 415–1067, email: Stanley.Gardocki@ nrc.gov. Both are staff of the U.S. Nuclear Regulatory Commission, Washington, DC 20555–0001. SUPPLEMENTARY INFORMATION: I. Discussion The NRC is issuing a revision to an existing guide in the NRC’s ‘‘Regulatory Guide’’ series. This series was developed to describe methods that are acceptable to the NRC staff for implementing specific parts of the agency’s regulations, to explain techniques that the staff uses in evaluating specific issues or postulated events, and to describe information that the staff needs in its review of applications for permits and licenses. RG 5.71, Revision 1 is entitled ‘‘Cyber Security Programs for Nuclear Power Reactors.’’ It provides NRC licensees with guidance on meeting the cyber security requirements described in section 73.54 of title 10 of the Code of Federal Regulations (10 CFR), ‘‘Protection of digital computer and communication systems and networks.’’ Revision 1 clarifies guidance on defense-in-depth for cyber security and PO 00000 Frm 00013 Fmt 4700 Sfmt 4700 9117 updates guidance based on the latest NIST and IAEA cyber security guidance. Revision 1 also clarifies issues identified from cyber security inspections, insights gained through the SFAQ process, lessons learned from international and domestic cyber security attacks, new technologies, and new regulations. The proposed Revision 1 to RG 5.71 was issued with a temporary identification Draft Regulatory Guide (DG) 5061. II. Additional Information The NRC published a notice of availability of DG–5061 (ADAMS Accession No. ML18016A129) in the Federal Register on August 23, 2018 (83 FR 42623) for a 60-day public comment period. The public comment period closed on October 22, 2018. Public comments received on DG–5061 and the staff responses are available in ADAMS under Accession No. ML21266A132. In order to incorporate updates in industry documents, DG–5061 was reissued in the Federal Register on March 3, 2022 (87 FR 12208) for a 60-day public comment period. The public comment period closed on May 2, 2022. Public comments received on DG–5061 and the staff responses are available in ADAMS under Accession No. ML22258A200. As noted in the Federal Register on December 9, 2022 (87 FR 75671), this document is being published in the ‘‘Rules’’ section of the Federal Register to comply with publication requirements under 1 CFR chapter I. III. Congressional Review Act This RG is a rule as defined in the Congressional Review Act (5 U.S.C. 801–808). However, the Office of Management and Budget has not found it to be a major rule as defined in the Congressional Review Act. IV. Backfitting, Forward Fitting, and Issue Finality RG 5.71 describes methods acceptable to the NRC staff for complying with the NRC’s regulations to meet the regulatory requirements in 10 CFR 73.54. Issuance of this RG, would not constitute backfitting as defined in 10 CFR 50.109, ‘‘Backfitting,’’ and as described in NRC Management Directive (MD) 8.4, ‘‘Management of Backfitting, Forward Fitting, Issue Finality, and Information Requests,’’ constitute forward fitting as that term is defined and described in MD 8.4; or affect the issue finality of any approval issued under 10 CFR part 52, ‘‘Licenses, certifications, and approvals for nuclear power plants.’’ E:\FR\FM\13FER1.SGM 13FER1 9118 Federal Register / Vol. 88, No. 29 / Monday, February 13, 2023 / Rules and Regulations V. Submitting Suggestions for Improvement of Regulatory Guides A member of the public may, at any time, submit suggestions to the NRC for improvement of existing RGs or for the development of new RGs. Suggestions can be submitted on the NRC’s public website at https://www.nrc.gov/readingrm/doc-collections/reg-guides/ contactus.html. Suggestions will be considered in future updates and enhancements to the ‘‘Regulatory Guide’’ series. Dated: February 7, 2023. For the Nuclear Regulatory Commission. Meraj Rahimi, Chief, Regulatory Guide and Programs Management Branch, Division of Engineering, Office of Nuclear Regulatory Research. [FR Doc. 2023–02941 Filed 2–10–23; 8:45 am] BILLING CODE 7590–01–P DEPARTMENT OF ENERGY 10 CFR Part 430 [EERE–2019–BT–STD–0030] RIN 1904–AE40 Energy Conservation Program: Energy Conservation Standards for General Service Fluorescent Lamps Office of Energy Efficiency and Renewable Energy, Department of Energy. ACTION: Final determination. AGENCY: The Energy Policy and Conservation Act, as amended (EPCA), prescribes energy conservation standards for various consumer products and certain commercial and industrial equipment, including general service fluorescent lamps (GSFLs). EPCA also requires the U.S. Department of Energy (DOE) to periodically determine whether more-stringent, amended standards would be technologically feasible and economically justified, and would result in significant energy savings. In this final determination, DOE has determined that energy conservation standards for GSFLs do not need to be amended. DATES: The effective date of this final determination is March 15, 2023. ADDRESSES: The docket for this activity, which includes Federal Register notices, public meeting attendee lists and transcripts, comments, and other supporting documents/materials, is available for review at www.regulations.gov. All documents in the docket are listed in the www.regulations.gov index. However, khammond on DSKJM1Z7X2PROD with RULES SUMMARY: VerDate Sep<11>2014 16:19 Feb 10, 2023 Jkt 259001 some documents listed in the index, such as information that is exempt from public disclosure, may not be publicly available. The docket web page can be found at https://www.regulations.gov/docket/ EERE-2019-BT-STD-0030. The docket web page contains instructions on how to access all documents, including public comments, in the docket. For further information on how to review the docket, contact the Appliance and Equipment Standards Program staff at (202) 287–1445 or by email: ApplianceStandardsQuestions@ ee.doe.gov. FOR FURTHER INFORMATION CONTACT: Mr. Bryan Berringer, U.S. Department of Energy, Office of Energy Efficiency and Renewable Energy, Building Technologies Office, EE–5B, 1000 Independence Avenue SW, Washington, DC, 20585–0121. Email: ApplianceStandardsQuestions@ ee.doe.gov. Ms. Celia Sher, U.S. Department of Energy, Office of the General Counsel, GC–33, 1000 Independence Avenue SW, Washington, DC, 20585–0121. Telephone: (202) 287–6122. Email: Celia.Sher@hq.doe.gov. SUPPLEMENTARY INFORMATION: Table of Contents I. Synopsis of the Final Determination II. Introduction A. Authority B. Background 1. Current Standards 2. History of Standards Rulemakings for GSFLs III. General Discussion A. Product Classes and Scope of Coverage B. Test Procedure C. Technological Feasibility 1. General 2. Maximum Technologically Feasible Levels D. Energy Savings 1. Determination of Savings 2. Significance of Savings E. Cost Effectiveness F. Further Considerations IV. Methodology and Discussion of Related Comments A. Market and Technology Assessment 1. Scope of Coverage and Product Classes 2. Technology Options 3. Screening Analysis a. Screened-Out Technologies b. Remaining Technologies 4. Product Classes a. Existing Product Classes b. Summary B. Engineering and Cost Analysis 1. Efficiency Analysis a. Representative Product Classes b. Baseline Efficiency c. More Efficacious Substitutes d. Higher Efficiency Levels e. Lamp-and-Ballast Systems f. Scaling to Other Product Classes PO 00000 Frm 00014 Fmt 4700 Sfmt 4700 2. Cost Analysis C. Energy Use Analysis D. Life-Cycle Cost and Payback Period Analysis E. Shipments Analysis F. National Impact Analysis 1. Product Efficiency Trends 2. National Energy Savings 3. Net Present Value Analysis V. Analytical Results and Conclusions A. Economic Impacts on Individual Consumers B. National Impact Analysis 1. Significance of Energy Savings 2. Net Present Value of Consumer Costs and Benefits C. Final Determination 1. Technological Feasibility 2. Cost Effectiveness 3. Significant Conservation of Energy 4. Further Considerations 5. Summary VI. Procedural Issues and Regulatory Review A. Review Under Executive Orders 12866 and 13563 B. Review Under the Regulatory Flexibility Act C. Review Under the Paperwork Reduction Act D. Review Under the National Environmental Policy Act of 1969 E. Review Under Executive Order 13132 F. Review Under Executive Order 12988 G. Review Under the Unfunded Mandates Reform Act of 1995 H. Review Under the Treasury and General Government Appropriations Act, 1999 I. Review Under Executive Order 12630 J. Review Under the Treasury and General Government Appropriations Act, 2001 K. Review Under Executive Order 13211 L. Review Under the Information Quality Bulletin for Peer Review M. Congressional Notification VII. Approval of the Office of the Secretary I. Synopsis of the Final Determination The Energy Policy and Conservation Act, Public Law 94–163, as amended (‘‘EPCA’’), 1 authorizes DOE to regulate the energy efficiency of a number of consumer products and certain industrial equipment. (42 U.S.C. 6291– 6317) Title III, Part B of EPCA 2 established the Energy Conservation Program for Consumer Products Other Than Automobiles. (42 U.S.C. 6291– 6309) These products include GSFLs, the subject of this final determination. (42 U.S.C. 6292(a)(14)), 42 U.S.C. 6295(i)(3)–(5)) DOE is issuing this final determination pursuant to the EPCA requirement that not later than 6 years after issuance of any final rule establishing or amending a standard, 1 All references to EPCA in this document refer to the statute as amended through the Energy Act of 2020, Public Law 116–260 (Dec. 27, 2020), which reflect the last statutory amendments that impact Parts A and A–1 of EPCA. 2 For editorial reasons, upon codification in the U.S. Code, Part B was redesignated Part A. E:\FR\FM\13FER1.SGM 13FER1

Agencies

[Federal Register Volume 88, Number 29 (Monday, February 13, 2023)]
[Rules and Regulations]
[Pages 9117-9118]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-02941]



[[Page 9117]]

-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION

10 CFR Part 73

[NRC-2021-0143]


Cyber Security Programs for Nuclear Power Reactors

AGENCY: Nuclear Regulatory Commission.

ACTION: Regulatory guide; issuance.

-----------------------------------------------------------------------

SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is issuing 
Revision 1 to Regulatory Guide (RG) 5.71, ``Cyber Security Programs for 
Nuclear Power Reactors.'' Revision 1 incorporates references to 
industry guidance on identifying and protecting critical digital assets 
for safety-related, important to safety, balance of plant, and 
emergency preparedness equipment. It also clarifies guidance on 
defense-in-depth for cyber security and includes updated text based on 
the latest National Institute of Standards and Technology (NIST) and 
International Atomic Energy Agency (IAEA) cyber security guidance. 
Specifically, this revision clarifies issues identified from cyber 
security inspections, insights gained through the Security Frequently 
Asked Questions (SFAQ) process, documented cyber security attacks, new 
technologies, and new regulations. This revision also considers the 
changes in the most recent revision to the NIST Special Publications 
(SP) 800-53, upon which Revision 0 of Regulatory Guide (RG) 5.71, 
``Cyber Security Programs for Nuclear Facilities'' was based.

DATES: Revision 1 to RG 5.71 is available on February 13, 2023.

ADDRESSES: Please refer to Docket ID NRC-2021-0143 when contacting the 
NRC about the availability of information regarding this document. You 
may obtain publicly available information related to this document 
using any of the following methods:
     Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC-2021-0143. Address 
questions about Docket IDs in Regulations.gov to Stacy Schumann; 
telephone: 301-415-0624; email: [email protected]. For technical 
questions, contact the individuals listed in the FOR FURTHER 
INFORMATION CONTACT section of this document.
     NRC's Agencywide Documents Access and Management System 
(ADAMS): You may obtain publicly available documents online in the 
ADAMS Public Documents collection at https://www.nrc.gov/reading-rm/adams.html. To begin the search, select ``Begin Web-based ADAMS 
Search.'' For problems with ADAMS, please contact the NRC's Public 
Document Room (PDR) reference staff at 1-800-397-4209, 301-415-4737, or 
by email to [email protected]. The ADAMS accession number for each 
document referenced (if it is available in ADAMS) is provided the first 
time that it is mentioned in this document.
     NRC's PDR: You may examine and purchase copies of public 
documents, by appointment, at the NRC's Public Document Room (PDR), 
Room P1 B35, One White Flint North, 11555 Rockville Pike, Rockville, 
Maryland 20852. To make an appointment to visit the PDR, please send an 
email to [email protected] or call 1-800-397-4209 or 301-415-4737, 
between 8 a.m. and 4 p.m. eastern time (ET), Monday through Friday, 
except Federal holidays.
    Revision 1 to RG 5.71 and the regulatory analysis may be found in 
ADAMS under Accession No. ML22258A204 and ML21130A636, respectively.
    Regulatory guides are not copyrighted, and NRC approval is not 
required to reproduce them.

FOR FURTHER INFORMATION CONTACT: Kim Lawson-Jenkins, Office of Nuclear 
Security and Incident Response, telephone: 301-287-3656, email: 
[email protected] and Stanley Gardocki, Office of Nuclear 
Regulatory Research, telephone: 301-415-1067, email: 
[email protected]. Both are staff of the U.S. Nuclear Regulatory 
Commission, Washington, DC 20555-0001.

SUPPLEMENTARY INFORMATION:

I. Discussion

    The NRC is issuing a revision to an existing guide in the NRC's 
``Regulatory Guide'' series. This series was developed to describe 
methods that are acceptable to the NRC staff for implementing specific 
parts of the agency's regulations, to explain techniques that the staff 
uses in evaluating specific issues or postulated events, and to 
describe information that the staff needs in its review of applications 
for permits and licenses.
    RG 5.71, Revision 1 is entitled ``Cyber Security Programs for 
Nuclear Power Reactors.'' It provides NRC licensees with guidance on 
meeting the cyber security requirements described in section 73.54 of 
title 10 of the Code of Federal Regulations (10 CFR), ``Protection of 
digital computer and communication systems and networks.''
    Revision 1 clarifies guidance on defense-in-depth for cyber 
security and updates guidance based on the latest NIST and IAEA cyber 
security guidance. Revision 1 also clarifies issues identified from 
cyber security inspections, insights gained through the SFAQ process, 
lessons learned from international and domestic cyber security attacks, 
new technologies, and new regulations.
    The proposed Revision 1 to RG 5.71 was issued with a temporary 
identification Draft Regulatory Guide (DG) 5061.

II. Additional Information

    The NRC published a notice of availability of DG-5061 (ADAMS 
Accession No. ML18016A129) in the Federal Register on August 23, 2018 
(83 FR 42623) for a 60-day public comment period. The public comment 
period closed on October 22, 2018. Public comments received on DG-5061 
and the staff responses are available in ADAMS under Accession No. 
ML21266A132.
    In order to incorporate updates in industry documents, DG-5061 was 
re-issued in the Federal Register on March 3, 2022 (87 FR 12208) for a 
60-day public comment period. The public comment period closed on May 
2, 2022. Public comments received on DG-5061 and the staff responses 
are available in ADAMS under Accession No. ML22258A200.
    As noted in the Federal Register on December 9, 2022 (87 FR 75671), 
this document is being published in the ``Rules'' section of the 
Federal Register to comply with publication requirements under 1 CFR 
chapter I.

III. Congressional Review Act

    This RG is a rule as defined in the Congressional Review Act (5 
U.S.C. 801-808). However, the Office of Management and Budget has not 
found it to be a major rule as defined in the Congressional Review Act.

IV. Backfitting, Forward Fitting, and Issue Finality

    RG 5.71 describes methods acceptable to the NRC staff for complying 
with the NRC's regulations to meet the regulatory requirements in 10 
CFR 73.54. Issuance of this RG, would not constitute backfitting as 
defined in 10 CFR 50.109, ``Backfitting,'' and as described in NRC 
Management Directive (MD) 8.4, ``Management of Backfitting, Forward 
Fitting, Issue Finality, and Information Requests,'' constitute forward 
fitting as that term is defined and described in MD 8.4; or affect the 
issue finality of any approval issued under 10 CFR part 52, ``Licenses, 
certifications, and approvals for nuclear power plants.''

[[Page 9118]]

V. Submitting Suggestions for Improvement of Regulatory Guides

    A member of the public may, at any time, submit suggestions to the 
NRC for improvement of existing RGs or for the development of new RGs. 
Suggestions can be submitted on the NRC's public website at https://www.nrc.gov/reading-rm/doc-collections/reg-guides/contactus.html. 
Suggestions will be considered in future updates and enhancements to 
the ``Regulatory Guide'' series.

    Dated: February 7, 2023.

    For the Nuclear Regulatory Commission.
Meraj Rahimi,
Chief, Regulatory Guide and Programs Management Branch, Division of 
Engineering, Office of Nuclear Regulatory Research.
[FR Doc. 2023-02941 Filed 2-10-23; 8:45 am]
BILLING CODE 7590-01-P


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.