Draft Regulatory Guide: Cybersecurity Event Notifications, 24715-24716 [2023-08532]
Download as PDF
<![CDATA[
24715
Proposed Rules
Federal Register
Vol. 88, No. 78
Monday, April 24, 2023
This section of the FEDERAL REGISTER
contains notices to the public of the proposed
issuance of rules and regulations. The
purpose of these notices is to give interested
persons an opportunity to participate in the
rule making prior to the adoption of the final
rules.
For additional direction on obtaining
information and submitting comments,
see ‘‘Obtaining Information and
Submitting Comments’’ in the
SUPPLEMENTARY INFORMATION section of
this document.
FOR FURTHER INFORMATION CONTACT:
Draft Regulatory Guide: Cybersecurity
Event Notifications
Daniel Warner, Office of Nuclear
Security and Incident Response,
telephone: 301–287–3642; email:
Daniel.Warner@nrc.gov and Stanley
Gardocki, Office of Nuclear Regulatory
Research, telephone: 301–415–1067;
email: Stanley.Gardocki@nrc.gov. Both
are staff of the U.S. Nuclear Regulatory
Commission, Washington, DC 20555–
0001.
Nuclear Regulatory
Commission.
ACTION: Draft guide; request for
comment.
I. Obtaining Information and
Submitting Comments
NUCLEAR REGULATORY
COMMISSION
10 CFR Part 73
[NRC–2023–0068]
AGENCY:
The U.S. Nuclear Regulatory
Commission (NRC) is issuing for public
comment a draft regulatory guide (DG),
DG–5079, ‘‘Cybersecurity Event
Notifications.’’ This DG is proposed
Revision 1 to Regulatory Guide (RG)
5.83 of the same name. This proposed
revision describes methods that the staff
of the NRC considers acceptable for
licensees to meet requirements in NRC
regulations to report and record
cybersecurity events.
DATES: Submit comments by May 24,
2023. Comments received after this date
will be considered if it is practical to do
so, but the NRC is able to ensure
consideration only for comments
received on or before this date.
ADDRESSES: You may submit comments
by any of the following methods;
however, the NRC encourages electronic
comment submission through the
Federal rulemaking website:
• Federal rulemaking website: Go to
https://www.regulations.gov and search
for Docket ID NRC–2023–0068. Address
questions about Docket IDs in
Regulations.gov to Stacy Schumann;
telephone: 301–415–0624; email:
Stacy.Schumann@nrc.gov. For technical
questions, contact the individuals listed
in the FOR FURTHER INFORMATION
CONTACT section of this document.
• Mail comments to: Office of
Administration, Mail Stop: TWFN–7–
A60M, U.S. Nuclear Regulatory
Commission, Washington, DC 20555–
0001, ATTN: Program Management,
Announcements and Editing Staff.
SUMMARY:
ddrumheller on DSK120RN23PROD with PROPOSALS1
SUPPLEMENTARY INFORMATION:
VerDate Sep<11>2014
17:14 Apr 21, 2023
Jkt 259001
A. Obtaining Information
Please refer to Docket ID NRC–2023–
0068 when contacting the NRC about
the availability of information for this
action. You may obtain publicly
available information related to this
action by any of the following methods:
• Federal Rulemaking Website: Go to
https://www.regulations.gov and search
for Docket ID NRC–2023–0068.
• NRC’s Agencywide Documents
Access and Management System
(ADAMS): You may obtain publicly
available documents online in the
ADAMS Public Documents collection at
https://www.nrc.gov/reading-rm/
adams.html. To begin the search, select
‘‘Begin Web-based ADAMS Search.’’ For
problems with ADAMS, please contact
the NRC’s Public Document Room (PDR)
reference staff at 1–800–397–4209, 301–
415–4737, or by email to
PDR.Resource@nrc.gov. The ADAMS
accession number for each document
referenced (if it is available in ADAMS)
is provided the first time that it is
mentioned in this document.
• NRC’s PDR: You may examine and
purchase copies of public documents,
by appointment, at the NRC’s PDR,
Room P1 B35, One White Flint North,
11555 Rockville Pike, Rockville,
Maryland 20852. To make an
appointment to visit the PDR, please
send an email to PDR.Resource@nrc.gov
or call 1–800–397–4209 or 301–415–
4737, between 8 a.m. and 4 p.m. eastern
time (ET), Monday through Friday,
except Federal holidays.
PO 00000
Frm 00001
Fmt 4702
Sfmt 4702
B. Submitting Comments
The NRC encourages electronic
comment submission through the
Federal rulemaking website (https://
www.regulations.gov). Please include
Docket ID NRC–2023–0068 in your
comment submission.
The NRC cautions you not to include
identifying or contact information that
you do not want to be publicly
disclosed in your comment submission.
The NRC will post all comment
submissions at https://
www.regulations.gov as well as enter the
comment submissions into ADAMS.
The NRC does not routinely edit
comment submissions to remove
identifying or contact information.
If you are requesting or aggregating
comments from other persons for
submission to the NRC, then you should
inform those persons not to include
identifying or contact information that
they do not want to be publicly
disclosed in their comment submission.
Your request should state that the NRC
does not routinely edit comment
submissions to remove such information
before making the comment
submissions available to the public or
entering the comment into ADAMS.
II. Additional Information
The NRC is issuing for public
comment a DG in the NRC’s ‘‘Regulatory
Guide’’ series. This series was
developed to describe methods that are
acceptable to the NRC staff for
implementing specific parts of the
agency’s regulations, to explain
techniques that the staff uses in
evaluating specific issues or postulated
events, and to describe information that
the staff needs in its review of
applications for permits and licenses.
The DG, entitled ‘‘Cybersecurity Event
Notifications,’’ (ADAMS Accession No.
ML22250A443) is temporarily identified
by its task number, DG–5079, which is
proposed Revision 1 of RG 5.83 of the
same name.
The DG describes methods that the
staff of the NRC considers acceptable for
licensees to report and record
cybersecurity events as required under
section 73.77 of title 10 of the Code of
Federal Regulations (10 CFR), ‘‘Cyber
security event notifications.’’ This guide
applies to nuclear power reactor
licensees that are licensed to operate
under 10 CFR part 50, ‘‘Domestic
Licensing of Production and Utilizations
E:\FR\FM\24APP1.SGM
24APP1
24716
Federal Register / Vol. 88, No. 78 / Monday, April 24, 2023 / Proposed Rules
Facilities,’’ or 10 CFR part 52,
‘‘Licenses, Certifications, and Approvals
for Nuclear Power Plants.’’
The staff is also issuing for public
comment a regulatory analysis (ADAMS
Accession No. ML22250A472). The staff
developed a regulatory analysis to
assess the value of issuing or revising a
regulatory guide as well as alternative
courses of action.
As noted in the Federal Register on
December 9, 2022 (87 FR 75671), this
document is being published in the
‘‘Proposed Rules’’ section of the Federal
Register to comply with publication
requirements under 1 CFR chapter I.
III. Backfitting, Forward Fitting, and
Issue Finality
Issuance of DG–5079, if finalized,
would not constitute backfitting as
defined in 10 CFR 50.109, ‘‘Backfitting,’’
and as described in NRC Management
Directive (MD) 8.4, ‘‘Management of
Backfitting, Forward Fitting, Issue
Finality, and Information Requests’’
(ADAMS Accession No. ML18093B087);
constitute forward fitting as that term is
defined and described in MD 8.4; or
affect issue finality of any approval
issued under 10 CFR part 52, ‘‘Licenses,
Certifications, and Approvals for
Nuclear Power Plants.’’ As explained in
DG–5079, applicants and licensees
would not be required to comply with
the positions set forth in this guide.
IV. Submitting Suggestions for
Improvement of Regulatory Guides
A member of the public may, at any
time, submit suggestions to the NRC for
improvement of existing RGs or for the
development of new RGs. Suggestions
can be submitted on the NRC’s public
website at https://www.nrc.gov/readingrm/doc-collections/reg-guides/
contactus.html. Suggestions will be
considered in future updates and
enhancements to the ‘‘Regulatory
Guide’’ series.
Dated: April 18, 2023.
For the Nuclear Regulatory Commission.
Meraj Rahimi,
Chief, Regulatory Guide and Programs
Management Branch, Division of Engineering,
Office of Nuclear Regulatory Research.
[FR Doc. 2023–08532 Filed 4–21–23; 8:45 am]
ddrumheller on DSK120RN23PROD with PROPOSALS1
BILLING CODE 7590–01–P
FEDERAL TRADE COMMISSION
16 CFR Part 425
RIN 3084–AB60
Negative Option Rule
AGENCY:
Federal Trade Commission.
VerDate Sep<11>2014
17:14 Apr 21, 2023
Jkt 259001
ACTION:
Proposed rule.
The Federal Trade
Commission (‘‘FTC’’ or ‘‘Commission’’)
seeks public comment on proposed
amendments to the Commission’s
Negative Option Rule (or ‘‘Rule’’) to
combat unfair or deceptive practices
that include recurring charges for
products or services consumers do not
want and cannot cancel without undue
difficulty.
DATES: Written comments must be
received on or before June 23, 2023.
Parties interested in presenting views
orally should submit a request to do so
as explained below, and such requests
must be received on or before June 23,
2023.
ADDRESSES: Interested parties may file a
comment online or on paper, by
following the instructions in the
Request for Comment part of the
SUPPLEMENTARY INFORMATION section
below. Write ‘‘Negative Option Rule;
Project No. P064202’’ on your comment
and file your comment online through
https://www.regulations.gov. If you
prefer to file your comment on paper,
mail your comment to the following
address: Federal Trade Commission,
Office of the Secretary, 600
Pennsylvania Avenue NW, Suite CC–
5610 (Annex N), Washington, DC 20580.
FOR FURTHER INFORMATION CONTACT:
Hampton Newsome, Attorney, (202)
326–2889, Division of Enforcement,
Bureau of Consumer Protection, Federal
Trade Commission, 600 Pennsylvania
Avenue NW, Washington, DC 20580.
SUPPLEMENTARY INFORMATION:
SUMMARY:
I. Overview
The Commission seeks comment on a
proposal to improve its existing
regulations for negative option
programs. These programs are
widespread in the marketplace and can
provide substantial benefits for sellers
and consumers. However, consumers
cannot reap these benefits when
marketers fail to make adequate
disclosures, bill consumers without
their consent, or make cancellation
difficult or impossible. Problematic
negative option practices have remained
a persistent source of consumer harm
for decades, saddling shoppers with
recurring payments for products and
services they never intended to
purchase or did not want to continue
buying. In the past, the Commission
sought to address these practices
through individual law enforcement
cases and a patchwork of laws and
regulations. Nevertheless, problems
persist, and consumers continue to
PO 00000
Frm 00002
Fmt 4702
Sfmt 4702
submit thousands of complaints to the
FTC each year.
To solicit input about these issues, the
Commission published an advance
notice of proposed rulemaking (ANPR)
on October 2, 2019 (84 FR 52393). After
reviewing the comments received in
response and issuing an ‘‘Enforcement
Policy Statement Regarding Negative
Option Marketing’’ on November 4,
2021 (86 FR 60822), the Commission, as
detailed in this document, now
proposes to amend the existing Rule to
implement new requirements to provide
important information to consumers,
obtain consumers’ express informed
consent, and ensure consumers can
easily cancel these programs when they
choose. All these proposed changes
would be applicable to all forms of
negative option marketing in all media
(e.g., telephone, internet, traditional
print media, and in-person
transactions).1
II. Negative Option Marketing
Negative option offers come in a
variety of forms, but all share a central
feature: each contain a term or condition
that allows a seller to interpret a
customer’s silence, or failure to take an
affirmative action, as acceptance of an
offer.2 Before describing the proposed
amendments, it is helpful to review the
various forms such an offer can take.
Negative option marketing generally
falls into four categories: prenotification
plans, continuity plans, automatic
renewals, and free trial (i.e., free-to-pay
or nominal-fee-to-pay) conversion
offers.
Prenotification plans are the only
negative option practice currently
covered by the Commission’s Negative
Option Rule. Under such plans (e.g.,
product-of-the-month clubs), sellers
provide periodic notices offering goods
to participating consumers and then
send—and charge for—those goods only
if the consumers take no action to
decline the offer. The periodic
announcements and shipments can
continue indefinitely. In continuity
plans, consumers agree in advance to
receive periodic shipments of goods or
provision of services (e.g., bottled water
1 The Commission proposes to issue such
amendments pursuant to Section 18 of the FTC Act,
which authorizes the Commission to promulgate
rules specifying acts or practices in or affecting
commerce which are unfair or deceptive. 15 U.S.C.
57a(a)(2).
2 The Commission’s Telemarking Sales Rule
defines a negative option feature as a provision in
an offer or agreement to sell or provide any goods
or services ‘‘under which the customer’s silence or
failure to take an affirmative action to reject goods
or services or to cancel the agreement is interpreted
by the seller as acceptance of the offer.’’ 16 CFR
310.2(w).
E:\FR\FM\24APP1.SGM
24APP1
]]>Agencies
[Federal Register Volume 88, Number 78 (Monday, April 24, 2023)]
[Proposed Rules]
[Pages 24715-24716]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-08532]
�========================================================================
�Proposed Rules
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains notices to the public of
�the proposed issuance of rules and regulations. The purpose of these
�notices is to give interested persons an opportunity to participate in
�the rule making prior to the adoption of the final rules.
�
�========================================================================
�
��Federal Register / Vol. 88, No. 78 / Monday, April 24, 2023 /
Proposed Rules��
[[Page 24715]]
NUCLEAR REGULATORY COMMISSION
10 CFR Part 73
[NRC-2023-0068]
Draft Regulatory Guide: Cybersecurity Event Notifications
AGENCY: Nuclear Regulatory Commission.
ACTION: Draft guide; request for comment.
-----------------------------------------------------------------------
SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is issuing for
public comment a draft regulatory guide (DG), DG-5079, ``Cybersecurity
Event Notifications.'' This DG is proposed Revision 1 to Regulatory
Guide (RG) 5.83 of the same name. This proposed revision describes
methods that the staff of the NRC considers acceptable for licensees to
meet requirements in NRC regulations to report and record cybersecurity
events.
DATES: Submit comments by May 24, 2023. Comments received after this
date will be considered if it is practical to do so, but the NRC is
able to ensure consideration only for comments received on or before
this date.
ADDRESSES: You may submit comments by any of the following methods;
however, the NRC encourages electronic comment submission through the
Federal rulemaking website:
Federal rulemaking website: Go to https://www.regulations.gov and search for Docket ID NRC-2023-0068. Address
questions about Docket IDs in Regulations.gov to Stacy Schumann;
telephone: 301-415-0624; email: [email protected]. For technical
questions, contact the individuals listed in the For Further
Information Contact section of this document.
Mail comments to: Office of Administration, Mail Stop:
TWFN-7-A60M, U.S. Nuclear Regulatory Commission, Washington, DC 20555-
0001, ATTN: Program Management, Announcements and Editing Staff.
For additional direction on obtaining information and submitting
comments, see ``Obtaining Information and Submitting Comments'' in the
SUPPLEMENTARY INFORMATION section of this document.
FOR FURTHER INFORMATION CONTACT: Daniel Warner, Office of Nuclear
Security and Incident Response, telephone: 301-287-3642; email:
[email protected] and Stanley Gardocki, Office of Nuclear
Regulatory Research, telephone: 301-415-1067; email:
[email protected]. Both are staff of the U.S. Nuclear Regulatory
Commission, Washington, DC 20555-0001.
SUPPLEMENTARY INFORMATION:
I. Obtaining Information and Submitting Comments
A. Obtaining Information
Please refer to Docket ID NRC-2023-0068 when contacting the NRC
about the availability of information for this action. You may obtain
publicly available information related to this action by any of the
following methods:
Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC-2023-0068.
NRC's Agencywide Documents Access and Management System
(ADAMS): You may obtain publicly available documents online in the
ADAMS Public Documents collection at https://www.nrc.gov/reading-rm/adams.html. To begin the search, select ``Begin Web-based ADAMS
Search.'' For problems with ADAMS, please contact the NRC's Public
Document Room (PDR) reference staff at 1-800-397-4209, 301-415-4737, or
by email to [email protected]. The ADAMS accession number for each
document referenced (if it is available in ADAMS) is provided the first
time that it is mentioned in this document.
NRC's PDR: You may examine and purchase copies of public
documents, by appointment, at the NRC's PDR, Room P1 B35, One White
Flint North, 11555 Rockville Pike, Rockville, Maryland 20852. To make
an appointment to visit the PDR, please send an email to
[email protected] or call 1-800-397-4209 or 301-415-4737, between 8
a.m. and 4 p.m. eastern time (ET), Monday through Friday, except
Federal holidays.
B. Submitting Comments
The NRC encourages electronic comment submission through the
Federal rulemaking website (https://www.regulations.gov). Please
include Docket ID NRC-2023-0068 in your comment submission.
The NRC cautions you not to include identifying or contact
information that you do not want to be publicly disclosed in your
comment submission. The NRC will post all comment submissions at
https://www.regulations.gov as well as enter the comment submissions
into ADAMS. The NRC does not routinely edit comment submissions to
remove identifying or contact information.
If you are requesting or aggregating comments from other persons
for submission to the NRC, then you should inform those persons not to
include identifying or contact information that they do not want to be
publicly disclosed in their comment submission. Your request should
state that the NRC does not routinely edit comment submissions to
remove such information before making the comment submissions available
to the public or entering the comment into ADAMS.
II. Additional Information
The NRC is issuing for public comment a DG in the NRC's
``Regulatory Guide'' series. This series was developed to describe
methods that are acceptable to the NRC staff for implementing specific
parts of the agency's regulations, to explain techniques that the staff
uses in evaluating specific issues or postulated events, and to
describe information that the staff needs in its review of applications
for permits and licenses.
The DG, entitled ``Cybersecurity Event Notifications,'' (ADAMS
Accession No. ML22250A443) is temporarily identified by its task
number, DG-5079, which is proposed Revision 1 of RG 5.83 of the same
name.
The DG describes methods that the staff of the NRC considers
acceptable for licensees to report and record cybersecurity events as
required under section 73.77 of title 10 of the Code of Federal
Regulations (10 CFR), ``Cyber security event notifications.'' This
guide applies to nuclear power reactor licensees that are licensed to
operate under 10 CFR part 50, ``Domestic Licensing of Production and
Utilizations
[[Page 24716]]
Facilities,'' or 10 CFR part 52, ``Licenses, Certifications, and
Approvals for Nuclear Power Plants.''
The staff is also issuing for public comment a regulatory analysis
(ADAMS Accession No. ML22250A472). The staff developed a regulatory
analysis to assess the value of issuing or revising a regulatory guide
as well as alternative courses of action.
As noted in the Federal Register on December 9, 2022 (87 FR 75671),
this document is being published in the ``Proposed Rules'' section of
the Federal Register to comply with publication requirements under 1
CFR chapter I.
III. Backfitting, Forward Fitting, and Issue Finality
Issuance of DG-5079, if finalized, would not constitute backfitting
as defined in 10 CFR 50.109, ``Backfitting,'' and as described in NRC
Management Directive (MD) 8.4, ``Management of Backfitting, Forward
Fitting, Issue Finality, and Information Requests'' (ADAMS Accession
No. ML18093B087); constitute forward fitting as that term is defined
and described in MD 8.4; or affect issue finality of any approval
issued under 10 CFR part 52, ``Licenses, Certifications, and Approvals
for Nuclear Power Plants.'' As explained in DG-5079, applicants and
licensees would not be required to comply with the positions set forth
in this guide.
IV. Submitting Suggestions for Improvement of Regulatory Guides
A member of the public may, at any time, submit suggestions to the
NRC for improvement of existing RGs or for the development of new RGs.
Suggestions can be submitted on the NRC's public website at https://www.nrc.gov/reading-rm/doc-collections/reg-guides/contactus.html.
Suggestions will be considered in future updates and enhancements to
the ``Regulatory Guide'' series.
Dated: April 18, 2023.
For the Nuclear Regulatory Commission.
Meraj Rahimi,
Chief, Regulatory Guide and Programs Management Branch, Division of
Engineering, Office of Nuclear Regulatory Research.
[FR Doc. 2023-08532 Filed 4-21-23; 8:45 am]
BILLING CODE 7590-01-P
