Regulatory Guide: Cybersecurity Event Notifications, 48717-48718 [2023-15990]
Download as PDF
<![CDATA[
48717
Rules and Regulations
Federal Register
Vol. 88, No. 144
Friday, July 28, 2023
This section of the FEDERAL REGISTER
contains regulatory documents having general
applicability and legal effect, most of which
are keyed to and codified in the Code of
Federal Regulations, which is published under
50 titles pursuant to 44 U.S.C. 1510.
The Code of Federal Regulations is sold by
the Superintendent of Documents.
NUCLEAR REGULATORY
COMMISSION
10 CFR Part 73
[NRC–2023–0068]
Regulatory Guide: Cybersecurity Event
Notifications
Nuclear Regulatory
Commission.
ACTION: Final guide; issuance.
AGENCY:
The U.S. Nuclear Regulatory
Commission (NRC) is issuing Revision 1
to Regulatory Guide (RG), 5.83,
‘‘Cybersecurity Event Notifications.’’
This revision describes methods that the
staff of the NRC considers acceptable for
licensees to meet requirements in NRC
regulations to report and record
cybersecurity events.
DATES: Revision 1 to RG 5.83 is available
on July 28, 2023.
ADDRESSES: Please refer to Docket ID
NRC–2023–0068 when contacting the
NRC about the availability of
information regarding this document.
You may obtain publicly available
information related to this document
using any of the following methods:
• Federal Rulemaking Website: Go to
https://www.regulations.gov and search
for Docket ID NRC–2023–0068. Address
questions about Docket IDs in
Regulations.gov to Stacy Schumann;
telephone: 301–415–0624; email:
Stacy.Schumann@nrc.gov. For technical
questions, contact the individuals listed
in the FOR FURTHER INFORMATION
CONTACT section of this document.
• NRC’s Agencywide Documents
Access and Management System
(ADAMS): You may obtain publicly
available documents online in the
ADAMS Public Documents collection at
https://www.nrc.gov/reading-rm/
adams.html. To begin the search, select
‘‘Begin Web-based ADAMS Search.’’ For
problems with ADAMS, please contact
the NRC’s Public Document Room (PDR)
reference staff at 1–800–397–4209, at
301–415–4737, or by email to
lotter on DSK11XQN23PROD with RULES1
SUMMARY:
VerDate Sep<11>2014
16:04 Jul 27, 2023
Jkt 259001
PDR.Resource@nrc.gov. The ADAMS
accession number for each document
referenced (if it is available in ADAMS)
is provided the first time that it is
mentioned in this document.
• NRC’s PDR: The PDR, where you
may examine and order copies of
publicly available documents, is open
by appointment. To make an
appointment to visit the PDR, please
send an email to PDR.Resource@nrc.gov
or call 1–800–397–4209 or 301–415–
4737, between 8 a.m. and 4 p.m. eastern
time (ET), Monday through Friday,
except Federal holidays.
Revision 1 to RG 5.83 and the
response to public comments may be
found in ADAMS under Accession Nos.
ML23087A017 and ML23087A018,
respectively.
Regulatory guides are not
copyrighted, and NRC approval is not
required to reproduce them.
FOR FURTHER INFORMATION CONTACT:
Daniel Warner, Office of Nuclear
Security and Incident Response,
telephone: 301–287–3642; email:
Daniel.Warner@nrc.gov; and Stanley
Gardocki, Office of Nuclear Regulatory
Research, telephone: 301–415–1067;
email: Stanley.Gardocki@nrc.gov. Both
are staff of the U.S. Nuclear Regulatory
Commission, Washington, DC 20555–
0001.
SUPPLEMENTARY INFORMATION:
I. Discussion
The NRC is issuing a revision in the
NRC’s ‘‘Regulatory Guide’’ series. This
series was developed to describe
methods that are acceptable to the NRC
staff for implementing specific parts of
the agency’s regulations, to explain
techniques that the staff uses in
evaluating specific issues or postulated
events, and to describe information that
the staff needs in its review of
applications for permits and licenses.
The proposed Revision 1 to RG 5.83
was issued with a temporary
identification of Draft Regulatory Guide,
DG–5079 (ADAMS Accession No.
ML22250A443).
This revision of the guide (Revision 1)
addresses new concerns identified since
the NRC first issued RG 5.83 in 2015.
The primary changes made have been to
align the definitions in the glossary with
those in recent updates to RG 5.71, and
to provide clarification in the eight-hour
notification section about the
reportability of malicious activity
PO 00000
Frm 00001
Fmt 4700
Sfmt 4700
against devices that reside on the same
networks as critical digital assets (CDAs)
or that support CDAs.
II. Additional Information
The NRC published a notice of the
availability of DG–5079 in the Federal
Register on April 24, 2023 (88 FR
24715), for a 30-day public comment
period. The public comment period
closed on May 24, 2023. Public
comments on DG–5079 and the staff
responses to the public comments are
available under ADAMS under
Accession No. ML23087A018.
As noted in the Federal Register on
December 9, 2022 (87 FR75671), this
document is being published in the
‘‘Rules’’ section of the Federal Register
to comply with publication
requirements under title 1 of the Code
of Federal Regulations (1 CFR), chapter
I.
III. Congressional Review Act
This RG is a rule as defined in the
Congressional Review Act (5 U.S.C.
801–808). However, the Office of
Management and Budget has not found
it to be a major rule as defined in the
Congressional Review Act.
IV. Backfitting, Forward Fitting, and
Issue Finality
Issuance of RG 5.83, Revision 1, does
not constitute backfitting as defined in
§ 50.109 of title 10 of the Code of
Federal Regulations (10 CFR),
‘‘Backfitting,’’ and as described in NRC
Management Directive (MD) 8.4,
‘‘Management of Backfitting, Forward
Fitting, Issue Finality, and Information
Requests’’ (ADAMS Accession No.
ML18093B087); constitute forward
fitting as that term is defined and
described in MD 8.4; or affect issue
finality of any approval issued under 10
CFR part 52, ‘‘Licenses, Certifications,
and Approvals for Nuclear Power
Plants.’’ As explained in RG 5.83,
Revision 1, applicants and licensees are
not required to comply with the
positions set forth in this guide.
V. Submitting Suggestions for
Improvement of Regulatory Guides
A member of the public may, at any
time, submit suggestions to the NRC for
improvement of existing RGs or for the
development of new RGs. Suggestions
can be submitted on the NRC’s public
website at https://www.nrc.gov/readingrm/doc-collections/reg-guides/
E:\FR\FM\28JYR1.SGM
28JYR1
48718
Federal Register / Vol. 88, No. 144 / Friday, July 28, 2023 / Rules and Regulations
contactus.html. Suggestions will be
considered in future updates and
enhancements to the ‘‘Regulatory
Guide’’ series.
Dated: July 24, 2023.
For the Nuclear Regulatory Commission.
Meraj Rahimi,
Chief, Regulatory Guide and Programs
Management Branch, Division of Engineering,
Office of Nuclear Regulatory Research.
[FR Doc. 2023–15990 Filed 7–27–23; 8:45 am]
BILLING CODE 7590–01–P
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 39
FOR FURTHER INFORMATION CONTACT:
[Docket No. FAA–2023–0935; Project
Identifier MCAI–2022–01311–T; Amendment
39–22491; AD 2023–13–06]
RIN 2120–AA64
Airworthiness Directives; Bombardier,
Inc., Airplanes
Federal Aviation
Administration (FAA), DOT.
ACTION: Final rule.
AGENCY:
The FAA is adopting a new
airworthiness directive (AD) for all
Bombardier, Inc., Model BD–100–1A10
airplanes. This AD was prompted by an
in-service event where the nose gear
door amber caution message displayed
on the crew alerting system during the
initial climb after gear retraction. This
AD requires revising the existing
maintenance or inspection program, as
applicable, to incorporate new or more
restrictive airworthiness limitations.
The FAA is issuing this AD to address
the unsafe condition on these products.
DATES: This AD is effective September 1,
2023.
The Director of the Federal Register
approved the incorporation by reference
of certain publications listed in this AD
as of September 1, 2023.
ADDRESSES:
AD Docket: You may examine the AD
docket at regulations.gov under Docket
No. FAA–2023–0935; or in person at
Docket Operations between 9 a.m. and
5 p.m., Monday through Friday, except
Federal holidays. The AD docket
contains this final rule, the mandatory
continuing airworthiness information
(MCAI), any comments received, and
other information. The address for
Docket Operations is U.S. Department of
Transportation, Docket Operations, M–
30, West Building Ground Floor, Room
W12–140, 1200 New Jersey Avenue SE,
Washington, DC 20590.
lotter on DSK11XQN23PROD with RULES1
SUMMARY:
VerDate Sep<11>2014
16:04 Jul 27, 2023
Material Incorporated by Reference:
• For service information identified
in this final rule, contact Bombardier
Business Aircraft Customer Response
Center, 400 Coˆte-Vertu Road West,
Dorval, Que´bec H4S 1Y9, Canada;
telephone 514–855–2999; email ac.yul@
aero.bombardier.com; website
bombardier.com.
• You may view this service
information at the FAA, Airworthiness
Products Section, Operational Safety
Branch, 2200 South 216th St., Des
Moines, WA. For information on the
availability of this material at the FAA,
call 206–231–3195. It is also available at
regulations.gov under Docket No. FAA–
2023–0935.
Jkt 259001
Gabriel D. Kim, Aviation Safety
Engineer, FAA, 1600 Stewart Avenue,
Suite 410, Westbury, NY 11590;
telephone 516–228–7343; email 9-avsnyaco-cos@faa.gov.
SUPPLEMENTARY INFORMATION:
Background
The FAA issued a notice of proposed
rulemaking (NPRM) to amend 14 CFR
part 39 by adding an AD that would
apply to all Bombardier, Inc., Model
BD–100–1A10 airplanes. The NPRM
published in the Federal Register on
April 25, 2023 (88 FR 24924). The
NPRM was prompted by AD CF–2022–
57, dated October 5, 2022, issued by
Transport Canada, which is the aviation
authority for Canada (referred to after
this as the MCAI). The MCAI states an
in-service event occurred where the
nose gear door amber caution message
displayed on the crew alerting system
during the initial climb after gear
retraction. After landing, an inspection
found that one of the nose landing gear
(NLG) door hinge fitting assemblies
were broken. The absence of an
inspection to detect cracks in the fillet
radii of the NLG door hinge fitting could
result in door misalignment with the
airplane.
In the NPRM, the FAA proposed to
require revising the existing
maintenance or inspection program, as
applicable, to incorporate new or more
restrictive airworthiness limitations.
The FAA is issuing this AD to address
cracked fillet radii of NLG door hinge
fittings. The unsafe condition, if not
addressed, could result in a NLG door
misalignment, which could increase the
drag and yawing movement during
flight, could cause jamming of the door
affecting the ability to extend or retract
the NLG, or could potentially result in
the NLG door detaching from the
airplane.
PO 00000
Frm 00002
Fmt 4700
Sfmt 4700
You may examine the MCAI in the
AD docket at regulations.gov under
Docket No. FAA–2023–0935.
Discussion of Final Airworthiness
Directive
Comments
The FAA received no comments on
the NPRM or on the determination of
the cost to the public.
Conclusion
This product has been approved by
the aviation authority of another
country and is approved for operation in
the United States. Pursuant to the FAA’s
bilateral agreement with this State of
Design Authority, it has notified the
FAA of the unsafe condition described
in the MCAI referenced above. The FAA
reviewed the relevant data and
determined that air safety requires
adopting this AD as proposed.
Accordingly, the FAA is issuing this AD
to address the unsafe condition on this
product. Except for minor editorial
changes, this AD is adopted as proposed
in the NPRM. None of the changes will
increase the economic burden on any
operator.
Related Service Information Under 1
CFR Part 51
The FAA reviewed Bombardier
Challenger 300 BD–100 Time Limits/
Maintenance Checks Temporary
Revision (TR) TR5–2–101, dated June
30, 2022; and (Bombardier) Challenger
350 BD–100 Time Limits/Maintenance
Checks Temporary Revision TR5–2–30,
dated June 30, 2022. This service
information specifies new or more
restrictive airworthiness limitations for
the NLG door hinge fittings fillet radii.
These documents are distinct because
they apply to different airplane
configurations.
This service information is reasonably
available because the interested parties
have access to it through their normal
course of business or by the means
identified in the ADDRESSES section.
Costs of Compliance
The FAA estimates that this AD,
would affect 716 airplanes of U.S.
registry. The FAA estimates the
following costs to comply with this AD:
The FAA has determined that revising
the maintenance or inspection program
takes an average of 90 work-hours per
operator, although the agency
recognizes that this number may vary
from operator to operator. Since
operators incorporate maintenance or
inspection program changes for their
affected fleet(s), the FAA has
determined that a per-operator estimate
is more accurate than a per-airplane
E:\FR\FM\28JYR1.SGM
28JYR1
]]>Agencies
[Federal Register Volume 88, Number 144 (Friday, July 28, 2023)]
[Rules and Regulations]
[Pages 48717-48718]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-15990]
�========================================================================
�Rules and Regulations
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains regulatory documents
�having general applicability and legal effect, most of which are keyed
�to and codified in the Code of Federal Regulations, which is published
�under 50 titles pursuant to 44 U.S.C. 1510.
�
�The Code of Federal Regulations is sold by the Superintendent of Documents.
�
�========================================================================
�
��Federal Register / Vol. 88, No. 144 / Friday, July 28, 2023 / Rules
and Regulations��
[[Page 48717]]
NUCLEAR REGULATORY COMMISSION
10 CFR Part 73
[NRC-2023-0068]
Regulatory Guide: Cybersecurity Event Notifications
AGENCY: Nuclear Regulatory Commission.
ACTION: Final guide; issuance.
-----------------------------------------------------------------------
SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is issuing
Revision 1 to Regulatory Guide (RG), 5.83, ``Cybersecurity Event
Notifications.'' This revision describes methods that the staff of the
NRC considers acceptable for licensees to meet requirements in NRC
regulations to report and record cybersecurity events.
DATES: Revision 1 to RG 5.83 is available on July 28, 2023.
ADDRESSES: Please refer to Docket ID NRC-2023-0068 when contacting the
NRC about the availability of information regarding this document. You
may obtain publicly available information related to this document
using any of the following methods:
Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC-2023-0068. Address
questions about Docket IDs in Regulations.gov to Stacy Schumann;
telephone: 301-415-0624; email: [email protected]. For technical
questions, contact the individuals listed in the FOR FURTHER
INFORMATION CONTACT section of this document.
NRC's Agencywide Documents Access and Management System
(ADAMS): You may obtain publicly available documents online in the
ADAMS Public Documents collection at https://www.nrc.gov/reading-rm/adams.html. To begin the search, select ``Begin Web-based ADAMS
Search.'' For problems with ADAMS, please contact the NRC's Public
Document Room (PDR) reference staff at 1-800-397-4209, at 301-415-4737,
or by email to [email protected]. The ADAMS accession number for
each document referenced (if it is available in ADAMS) is provided the
first time that it is mentioned in this document.
NRC's PDR: The PDR, where you may examine and order copies
of publicly available documents, is open by appointment. To make an
appointment to visit the PDR, please send an email to
[email protected] or call 1-800-397-4209 or 301-415-4737, between 8
a.m. and 4 p.m. eastern time (ET), Monday through Friday, except
Federal holidays.
Revision 1 to RG 5.83 and the response to public comments may be
found in ADAMS under Accession Nos. ML23087A017 and ML23087A018,
respectively.
Regulatory guides are not copyrighted, and NRC approval is not
required to reproduce them.
FOR FURTHER INFORMATION CONTACT: Daniel Warner, Office of Nuclear
Security and Incident Response, telephone: 301-287-3642; email:
[email protected]; and Stanley Gardocki, Office of Nuclear
Regulatory Research, telephone: 301-415-1067; email:
[email protected]. Both are staff of the U.S. Nuclear Regulatory
Commission, Washington, DC 20555-0001.
SUPPLEMENTARY INFORMATION:
I. Discussion
The NRC is issuing a revision in the NRC's ``Regulatory Guide''
series. This series was developed to describe methods that are
acceptable to the NRC staff for implementing specific parts of the
agency's regulations, to explain techniques that the staff uses in
evaluating specific issues or postulated events, and to describe
information that the staff needs in its review of applications for
permits and licenses.
The proposed Revision 1 to RG 5.83 was issued with a temporary
identification of Draft Regulatory Guide, DG-5079 (ADAMS Accession No.
ML22250A443).
This revision of the guide (Revision 1) addresses new concerns
identified since the NRC first issued RG 5.83 in 2015. The primary
changes made have been to align the definitions in the glossary with
those in recent updates to RG 5.71, and to provide clarification in the
eight-hour notification section about the reportability of malicious
activity against devices that reside on the same networks as critical
digital assets (CDAs) or that support CDAs.
II. Additional Information
The NRC published a notice of the availability of DG-5079 in the
Federal Register on April 24, 2023 (88 FR 24715), for a 30-day public
comment period. The public comment period closed on May 24, 2023.
Public comments on DG-5079 and the staff responses to the public
comments are available under ADAMS under Accession No. ML23087A018.
As noted in the Federal Register on December 9, 2022 (87 FR75671),
this document is being published in the ``Rules'' section of the
Federal Register to comply with publication requirements under title 1
of the Code of Federal Regulations (1 CFR), chapter I.
III. Congressional Review Act
This RG is a rule as defined in the Congressional Review Act (5
U.S.C. 801-808). However, the Office of Management and Budget has not
found it to be a major rule as defined in the Congressional Review Act.
IV. Backfitting, Forward Fitting, and Issue Finality
Issuance of RG 5.83, Revision 1, does not constitute backfitting as
defined in Sec. 50.109 of title 10 of the Code of Federal Regulations
(10 CFR), ``Backfitting,'' and as described in NRC Management Directive
(MD) 8.4, ``Management of Backfitting, Forward Fitting, Issue Finality,
and Information Requests'' (ADAMS Accession No. ML18093B087);
constitute forward fitting as that term is defined and described in MD
8.4; or affect issue finality of any approval issued under 10 CFR part
52, ``Licenses, Certifications, and Approvals for Nuclear Power
Plants.'' As explained in RG 5.83, Revision 1, applicants and licensees
are not required to comply with the positions set forth in this guide.
V. Submitting Suggestions for Improvement of Regulatory Guides
A member of the public may, at any time, submit suggestions to the
NRC for improvement of existing RGs or for the development of new RGs.
Suggestions can be submitted on the NRC's public website at https://
www.nrc.gov/reading-rm/doc-collections/reg-guides/
[[Page 48718]]
contactus.html. Suggestions will be considered in future updates and
enhancements to the ``Regulatory Guide'' series.
Dated: July 24, 2023.
For the Nuclear Regulatory Commission.
Meraj Rahimi,
Chief, Regulatory Guide and Programs Management Branch, Division of
Engineering, Office of Nuclear Regulatory Research.
[FR Doc. 2023-15990 Filed 7-27-23; 8:45 am]
BILLING CODE 7590-01-P
