Draft Regulatory Guide; Issuance, Availability

Federal Register: June 22, 2010 (Volume 75, Number 119)

Notices

Page 35508-35510

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

DOCID:fr22jn10-75

NUCLEAR REGULATORY COMMISSION

NRC-2010-0216

Draft Regulatory Guide: Issuance, Availability

AGENCY: Nuclear Regulatory Commission.

ACTION: Notice of Issuance and Availability of Draft Regulatory Guide,

DG-1249, ``Criteria for Use of Computers in Safety Systems of Nuclear

Power Plants.''

FOR FURTHER INFORMATION CONTACT: Timothy Mossman, U.S. Nuclear

Regulatory Commission, Washington, DC 20555-0001, telephone: (301) 415- 3647, e-mail Timothy.Mossman@nrc.gov or Deanna Zhang, U.S. Nuclear

Regulatory Commission, Washington, DC 20555-0001, telephone: (301) 415- 1946, e-mail Deanna.Zhang@nrc.gov.

Page 35509

SUPPLEMENTARY INFORMATION:

  1. Introduction

    The U.S. Nuclear Regulatory Commission (NRC) is issuing for public comment a draft guide in the agency's ``Regulatory Guide'' series. This series was developed to describe and make available to the public such information as methods that are acceptable to the NRC staff for implementing specific parts of the NRC's regulations, techniques that the staff uses in evaluating specific problems or postulated accidents, and data that the staff needs in its review of applications for permits and licenses.

    The draft regulatory guide (DG) is temporarily identified with its task number, DG-1249, which should be mentioned in all related correspondence. DG-1249 is proposed Revision 3 of Regulatory Guide 1.152, dated January 2006. This guide describes a method that the staff of the NRC considers acceptable to implement Title 10, of the Code of

    Federal Regulations, Part 50, ``Domestic Licensing of Production and

    Utilization Facilities'' (10 CFR Part 50); 10 CFR 50.55a(h); General

    Design Criterion (GDC) 21, ``Protection System Reliability and

    Testability,'' of Appendix A, ``General Design Criteria for Nuclear

    Power Plants,'' to 10 CFR Part 50; and Criterion III, ``Design

    Control,'' of Appendix B, ``Quality Assurance Criteria for Nuclear

    Power Plants and Fuel Reprocessing Plants,'' to 10 CFR Part 50 with regard to use of computers in safety systems of nuclear power plants.

    This guide applies to all types of commercial nuclear power plants.

    DG-1249 acknowledges that 10 CFR 73.54, ``Protection of Digital

    Computer and Communication Systems and Networks,'' requires licensees to develop cyber-security plans and programs to protect critical digital assets, including digital safety systems, from malicious cyber attacks. Regulatory Guide 5.71, ``Cyber Security Programs for Nuclear

    Facilities,'' provides guidance to meet the requirements of 10 CFR 73.54. The combination of DG-1249 and the programmatic provisions under 10 CFR 73.54 should seamlessly address the secure design, development, and operation of digital safety systems. To seamlessly address these issues, DG-1249: 1. Eliminates all reference to cyber security, malicious activity, or attacks, as those considerations now fall under the purview of 10

    CFR 73.54. Since there is now a regulation and associated guidance specifically designed to address cyber security, Regulatory Guide 1.152 no longer needs to address cyber security. To eliminate any duplication between the documents, references to cyber security and any protection against a malicious, intelligent adversary have been removed. 2. Emphasizes Regulatory Guide 1.152's focus on security for the protection of digital safety systems against non-malicious events, per

    Clauses 5.6.3 and 5.9 of the Institute of Electrical and Electronic

    Engineer (IEEE) standard 603-1991. Non-malicious events include incidents in which an operator or other plant personnel could inadvertently access the digital safety system and affect its ability to reliably perform its safety function. Non-malicious events also include undesirable behavior of connected systems which could degrade the reliable operation of the digital safety system. 3. Deletes Regulatory Positions 2.6 through 2.9, which address security in the operational phases of a system's life cycle. Licensing is complete once the Factory Acceptance Testing is concluded. The licensee's cyber security programs, to meet the requirements of 10 CFR 73.54, should now address these considerations. (Regulatory Positions 2.1 through 2.5 apply to licensing determinations in the evaluation of applications for license amendments, design certifications, and combined operating licenses.)

    ``Security,'' in the context of DG-1249, refers to protective actions taken against a predictable set of non-malicious acts (e.g., inadvertent operator actions or the undesirable behavior of connected systems) that could challenge the integrity, reliability, or functionality of a digital safety system.

    ``Cyber security'' refers to those measures and controls taken as part of compliance with 10 CFR 73.54 that protect digital systems against the malicious acts of an intelligent adversary.

    The objective of this revision is to (1) clarify the relationship between 10 CFR Part 50 and 10 CFR Part 73, ``Physical Protection of

    Plants and Materials,'' regarding the security of digital safety systems, (2) remove regulatory positions that are now covered by other regulations to eliminate the potential for any perceived conflict, and

    (3) to clarify the remaining regulatory positions.

    The NRC staff is revising Regulatory Guide 1.152 to provide what the staff considers to be an acceptable method of meeting the NRC regulations. Previous revisions should not be used by applicants for new licensing actions. NRC staff believes that continued use of previous revisions of the Regulatory Guide by existing nuclear power plant licensees is acceptable (i.e., meets all NRC requirements, and provides reasonable assurance of adequate protection to public health and safety, and common defense and security). Revision of this

    Regulatory Guide does not modify any prior commitments made by licensees to the NRC or Agreement States. Therefore, a licensee that has made a commitment must continue to meet that prior commitment, or the commitment should be modified in accordance with the licensee's commitment management process. The previous revision of this Regulatory

    Guide will continue to be publically available on the NRC public Web site.

  2. Further Information

    The NRC staff is soliciting comments on DG-1249. Comments may be accompanied by relevant information or supporting data and should mention DG-1249 in the subject line. Comments submitted in writing or in electronic form will be made available to the public in their entirety through the NRC's Agencywide Documents Access and Management

    System (ADAMS).

    ADDRESSES: You may submit comments by any one of the following methods.

    Please include Docket ID NRC-2010-0216 in the subject line of your comments. Comments submitted in writing or in electronic form will be posted on the NRC Web site and on the Federal rulemaking Web site

    Regulations.gov. Because your comments will not be edited to remove any identifying or contact information, the NRC cautions you against including any information in your submission that you do not want to be publicly disclosed.

    The NRC requests that any party soliciting or aggregating comments received from other persons for submission to the NRC inform those persons that the NRC will not edit their comments to remove any identifying or contact information, and therefore, they should not include any information in their comments that they do not want publicly disclosed.

    Federal Rulemaking Web site: Go to http://www.regulations.gov and search for documents filed under Docket ID NRC-2010-0216. Address questions about NRC dockets to Carol Gallagher 301-492-3668; e-mail

    Carol.Gallagher@nrc.gov.

    Mail comments to: Cindy K. Bladey, Chief, Rules, Announcements, and

    Directives Branch, Office of Administration, Mail Stop: TWB-05-B01M,

    U.S. Nuclear Regulatory Commission, Washington, DC 20555-

    Page 35510

    0001, or by fax to RDB at (301) 492-3446.

    You can access publicly available documents related to this notice using the following methods:

    NRC's Public Document Room (PDR): The public may examine and have copied for a fee publicly available documents at the NRC's PDR, Room O1

    F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland.

    NRC's Agencywide Documents Access and Management System (ADAMS):

    Publicly available documents created or received at the NRC are available electronically at the NRC's Electronic Reading Room at http:/

    /www.nrc.gov/reading-rm/adams.html. From this page, the public can gain entry into ADAMS, which provides text and image files of NRC's public documents. If you do not have access to ADAMS or if there are problems in accessing the documents located in ADAMS, contact the NRC's PDR reference staff at 1-800-397-4209, 301-415-4737, or by e-mail to pdr.resource@nrc.gov. DG-1249 is available electronically under ADAMS

    Accession Number ML100490539. The regulatory analysis may be found in

    ADAMS under Accession No. ML101320317. In addition, electronic copies of DG-1249 are available through the NRC's public Web site under Draft

    Regulatory Guides in the ``Regulatory Guides'' collection of the NRC's

    Electronic Reading Room at http://www.nrc.gov/reading-rm/doc- collections/

    Federal Rulemaking Web site: Public comments and supporting materials related to this notice can be found at http:// www.regulations.gov by searching on Docket ID: NRC-2010-0216.

    Comments would be most helpful if received by August 20, 2010.

    Comments received after that date will be considered if it is practical to do so, but the NRC is able to ensure consideration only for comments received on or before this date. Although a time limit is given, comments and suggestions in connection with items for inclusion in guides currently being developed or improvements in all published guides are encouraged at any time.

    Regulatory guides are not copyrighted, and Commission approval is not required to reproduce them.

    Dated at Rockville, Maryland, this 14th day of June, 2010.

    For the Nuclear Regulatory Commission.

    Andrea D. Valentin,

    Chief, Regulatory Guide Development Branch, Division of Engineering,

    Office of Nuclear Regulatory Research.

    FR Doc. 2010-15022 Filed 6-21-10; 8:45 am

    BILLING CODE 7590-01-P

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT