10 CFR 73 SGI, Environmental Assessment

ENVIRONMENTAL ASSESSMENT AND

FINDING OF NO SIGNIFICANT IMPACT

FOR THE FINAL RULE

AMENDING 10 CFR PART 73

Safeguards Information Protection Requirements

U.S. Nuclear Regulatory Commission

SUMMARY: The Nuclear Regulatory Commission (NRC) is amending its regulations for the protection of Safeguards Information (SGI) to protect SGI from inadvertent release and unauthorized disclosure which might compromise the security of nuclear facilities and materials. The amendments modify the requirements for the protection of SGI with respect to persons, information, and materials subject to the regulations, as well as those that are not. These modifications are within the scope of Commission authority under the Atomic Energy Act of 1954, as amended (AEA). The NRC originally published a proposed rule on SGI on February 11, 2005 (70 FR 7196). On October 31, 2006 (71 FR 64004), the NRC published a revised proposed rule on the subject of protection of SGI. The purpose of publishing a second proposed rule was to allow the public to comment on changes to the proposed rule text made in response to public comment, the amendments to the AEA in the Energy Policy Act of 2005 (EPA), and Commission Orders issued to licensees authorized to possess and transfer items containing certain quantities of radioactive material.

I. INTRODUCTION

Safeguards Information (SGI) as currently defined in § 73.2 of the Commission’s regulations in Title 10 of the Code of Federal Regulations (10 CFR) means:

Information not otherwise classified as National Security Information or Restricted Data which specifically identifies a licensee’s or applicant’s detailed security measures for the physical protection of special nuclear material, or security measures for the physical protection and location of certain plant equipment vital to the safety of production and utilization facilities.

SGI is a special category of sensitive unclassified information to be protected from unauthorized disclosure under Section 147 of the Atomic Energy Act of 1954, as amended (AEA). Although SGI is considered to be sensitive unclassified information, it is handled and protected more like classified confidential information than like other sensitive unclassified information (e.g., privacy and proprietary information). 10 CFR Part 73, “Physical Protection of Plants and Materials,” contains requirements for the protection of SGI. These requirements apply to SGI in the hands of any person, whether or not a licensee of the Commission, who produces, receives, or acquires SGI. An individual’s access to SGI is controlled by a valid “need to know” such information and a background check to determine the individual’s trustworthiness and reliability. The background check includes a criminal history records check, including verification of identity based on fingerprinting. Power and certain research and test reactors and independent spent fuel storage installations are examples of the categories of licensees currently within the scope of the provisions of Part 73 for the protection of SGI. Examples of the types of information designated as SGI include the physical security plan for a licensee’s facility; the design features of such a licensee’s physical protection system; and operational procedures for the licensee’s security organization.

The Commission has authority under Section 147 of the AEA to designate, by regulation or order, other types of information as SGI. For example, Section 147.a.(2) allows the Commission to designate as SGI a licensee’s or applicant’s detailed security measures (including security plans, procedures and equipment) for the physical protection of source material or byproduct material in quantities determined by the Commission to be significant to the public health and safety or the common defense and security. The Commission has, by order, imposed SGI handling requirements on certain categories of these other licensees and materials. An example is a November 25, 2003 order issued to certain materials licensees.¹

Regulations or orders may impose requirements on licensees for the protection of SGI. The Commission has been issuing orders to licensees to extend the SGI protection requirements to certain categories of licensees and to protect additional types of information as SGI. Because source and byproduct material licensees are not currently subject to Part 73, the orders for certain categories of those licensees imposing security measures contain provisions so that the information in those measures can be designated as SGI and thus be protected from unauthorized disclosure. Orders have been issued on a case-by-case basis and additional orders for certain materials licensees may be issued.

Changes in the threat environment have revealed the need to protect as SGI additional types of security information held by a broader group of licensees. Under the current regulations, some categories of licensees are not explicitly included in the categories of licensees subject to the general performance requirements in § 73.21(a). Similarly, the current regulations do not specify all of the types of information that the Commission now recognizes to be significant to the public health and safety or the common defense and security. The unauthorized release of this information could result in harm to the public health and safety and the Nation’s common defense and security, as well as damage to the Nation’s critical infrastructure, including nuclear power plants and other facilities and materials licensed and regulated by the NRC.

Since September 11, 2001, the NRC has issued orders that have increased the number of licensees whose security measures will be protected as SGI and have added additional types of security information considered SGI. Orders have been issued to power reactor licensees, fuel cycle facility licensees, certain source material licensees, and certain byproduct material licensees. Some of the orders expanded the types of information to be protected for licensees who already have an SGI protection program, such as nuclear power reactor licensees. Other orders were issued to licensees that have not previously been explicitly subject to SGI requirements in the regulations, such as certain licensees authorized to manufacture or initially transfer items containing radioactive material.² Some orders impose a new designation of Safeguards Information: Safeguards Information-Modified Handling (SGI-M). SGI-M is SGI subject to handling requirements that are modified from the specific SGI handling requirements that are applicable to SGI needing a higher level of protection.

Some of the requirements imposed by orders that have increased the types of information to be considered SGI are not covered by the current regulations. Although new SGI requirements could continue to be imposed through the issuance of orders, the regulations would not reflect current Commission SGI policy and/or requirements.

II. THE ACTION

NRC Staff review of the SGI regulatory program indicates that changes in the regulations are needed to address issues such as access to SGI, types of security information to be protected, and handling and storage requirements. The purpose of this rulemaking is to: 1) revise the definition of “need to know” in 10 CFR 73.2; 2) implement the expanded fingerprinting and criminal history check requirements imposed by the EPAct for individuals who will have access to SGI; 3) implement a requirement for background checks demonstrating trustworthiness and reliability for individuals who will have access to SGI; 4) make generically applicable in the regulations the SGI requirements imposed by the orders; 5) expand the scope of Part 73 to include additional categories of licensees (e.g., source and byproduct material licensees, research and test reactors not previously covered, and fuel cycle facilities not previously covered); 6) expand the types of security information covered by the definition of SGI in § 73.2 and the information categories described in §§ 73.22 and 73.23 to include security measures for the physical protection of byproduct, source, and special nuclear material; emergency planning scenarios and implementing procedures; uncorrected vulnerabilities or weaknesses in a security system; and some training and qualification information; and 7) modify the requirements for obtaining access to and protection of SGI in the context of adjudications to reflect the changes in Part 73 and to clarify appeal procedures available.

A graded approach based on the risks and consequences of information disclosure was used in determining which category of licensee or type of information is subject to certain protection requirements. This graded approach has been applied to issues such as the type of information to be protected, the classes of licensees subject to the rule, and the level of handling requirements necessary for the various licensees. For example, the graded approach allows certain categories of licensees to employ the modified-handling procedures introduced in various orders and now set forth in the SGI-M provisions of the amended rule.

III. NEED FOR THE ACTION

The NRC’s current regulations require each person who produces, receives, or acquires SGI to protect it. However, under the current regulations in Part 73, only certain information held by certain types of licensees, such as a licensee authorized to operate a nuclear power reactor or licensees possessing a formula quantity of strategic special nuclear material (SNM), is subject to being categorized as SGI.

In addition, Section 652 of the EPA, which amended Section 149 of the AEA, orders the Commission to require fingerprinting of all individuals to be granted access to SGI by: 1) individuals engaged in activities subject to regulation by the Commission; 2) applicants for a license or certificate to engage in Commission-regulated activities; and 3) individuals who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission.

IV. ALTERNATIVES TO THE ACTION 

The Commission considered but rejected the alternative of no rulemaking because although new SGI requirements could continue to be imposed by orders, the regulations would not reflect current Commission SGI policy and/or requirements. In addition, orders, unlike rules, do not apply prospectively to applicants for new licenses. Also, imposing requirements through orders has not traditionally been the agency’s preferred regulatory vehicle in the long term. A rulemaking also potentially improves public confidence by providing a more open process for imposing requirements. The increase in cost incurred through rulemaking is justified and necessary in the interest of protection of the public health and safety and promotion of the common defense and security. The rulemaking is consistent with the strategic plan and performance goals of the NRC, largely by contributing to the development of clear, concise, and up-to-date regulations.

V. ENVIRONMENTAL IMPACTS OF THE ACTION

The final rulemaking does not have an environmental impact. The rulemaking makes generically applicable in NRC regulations recent Commission practices set forth in orders and threat advisories for the designation, handling, and protection of SGI. The rulemaking also implements Congressionally-mandated fingerprinting of individuals to be granted access to SGI. Imposing these requirements by making them generically applicable in the regulations does not in and of itself result in any environmental impacts.

VI. AGENCIES AND PERSONS CONSULTED, AND SOURCES USED

The NRC staff solicited comment from Agreement States through transmittal of the original draft Federal Register document, including proposed draft rule text, to the Agreement States website. The NRC also provided the revised proposed draft rule text to the Agreement States website. The NRC also sent a copy of the revised draft environmental assessment along with the revised proposed rule to every State Liaison Officer and requested their comments on the revised draft environmental assessment. In the notice of proposed rulemaking published in the Federal Register (71 FR 64004; October 31, 2006), the NRC also requested public comment on the revised draft assessment. The NRC did not receive any comments on the revised draft environmental assessment.

VII. FINDING OF NO SIGNIFICANT IMPACT

The Commission has determined under the National Environmental Policy Act of 1969, as amended, and the NRC’s regulations in Subpart A of 10 CFR Part 51, that this final rule is not a major Federal action significantly affecting the quality of the human environment; therefore, an environmental impact statement is not required. The Commission has concluded on the basis of an environmental assessment that the requirements for the designation, handling, and protection of SGI will not have any significant effects on the environment.