FINAL SUPPORTING STATEMENT
FOR
10 CFR PART 73
PHYSICAL PROTECTION OF PLANTS AND MATERIALS
(3150-0002)
---
REVISION
Description of the Information Collection
The U.S. Nuclear Regulatory Commission (NRC) regulations in Title 10 of the Code of Federal Regulations (10 CFR) Part 73 prescribe requirements for the establishment and maintenance of a system for physical protection of special nuclear material (SNM) at fixed sites, SNM in transit and of plants in which SNM is utilized. Part 73 contains reporting and recordkeeping requirements which are necessary to help ensure that an adequate level of protection is provided for nuclear facilities and nuclear material, such as:
Development and maintenance of security documents, including a physical security plan (PSP), training and qualification plan (T&QP), safeguards contingency plan (SCP), cyber security plan (CSP), and security implementing procedures;
Notifications to the NRC regarding safeguards and cyber security events;
Notifications to state governors and tribes of shipments of irradiated reactor fuel; and
Requirements for conducting criminal history records checks of individuals granted unescorted access to a nuclear power facility, a non-power reactor, or access to Safeguards Information (SGI).
A. JUSTIFICATION
Need for and Practical Utility of the Information
The regulations are issued pursuant to the Atomic Energy Act of 1954, as amended, and Title II of the Energy Reorganization Act of 1974, as amended. In general, the reports and records are necessary for one or more of the following reasons:
Information describing the content and planned operation of the licensee's physical protection system (e.g., CSP, security plan, contingency plan, or T&QP). This information is essential to enable the NRC to make a determination about the adequacy of the licensee's planned system in meeting regulatory requirements.
For a CSP, in regard to nuclear power reactors, this information includes descriptions of how a licensee protects computer and communication systems and networks against cyber-attacks, up to and including the design basis threat in 73.1.
For a PSP, in regard to Category I SNM sites and nuclear power reactors, this includes the capabilities to detect, assess, interdict, and neutralize threats up to and including the design basis threat described in 10 CFR Section 73.1. Other PSPs include descriptions of how the requirements of 10 CFR Section 73.67 “Licensee fixed site and in-transit requirements for the physical protection of SNM of moderate and low strategic significance” will be met at a fixed site or during transport.
For a SCP, in regard to Category I SNM sites and nuclear power reactors, this includes a description of how licensee personnel implement their physical protection program to defend against threats to their facility, up to and including the design basis threat 73.1.
For a T&QP, in regard to Category I SNM sites and nuclear power reactors, this includes information on the criteria for the selection, training, equipping, testing, and qualification of individuals who will be responsible for protecting SNM, nuclear facilities, and nuclear shipments.
Information describing the normal operation of the physical protection system (e.g., access authorizations, equipment performance logs). This information is needed to permit the NRC to make a determination as to reasonable assurance that the physical protection system operates in accordance with the regulatory requirements.
Information notifying the NRC of the occurrence of and circumstances surrounding abnormal events (e.g., report of theft, sabotage, or overdue shipment). This information is needed to enable the NRC to fulfill its responsibilities to respond to, investigate, and correct situations which adversely affect public health and safety or the common defense and security.
Specific requirements in 10 CFR Part 73 are described at the end of this supporting statement in “Description of Requirements.”
Agency Use of the Information
The information included in the applications, reports, and records is reviewed by the NRC staff to assess the adequacy of the applicant's physical plant, equipment, organization, training, experience, procedures, and plans for protection of public health and safety and the common defense and security. The NRC review and the findings form the basis for NRC licensing decisions related to SNM.
The agency has developed a series of regulatory guides for materials and plant protection and provides guidance on how to meet the requirements above. They can be found at https://www.nrc.gov/reading-rm/doc-collections/reg-guides/protection/rg/ . A list of applicable guidance documents can be found in a table at the end of this supporting statement.
Reduction of Burden Through Information Technology
There are no legal obstacles to reducing the burden associated with this information collection. The NRC encourages respondents to use information technology when it would be beneficial to them.
The NRC has issued Guidance for Electronic Submissions to the NRC which provides direction for the electronic transmission and submittal of documents to the NRC. Electronic transmission and submittal of documents can be accomplished via the following avenues: the electronic information exchange (EIE) process, which is available from the NRC's “Electronic Submittals” Web page, by Optical Storage Media (OSM) (e.g. CD-ROM, DVD), by facsimile or by e-mail. It is estimated that approximately 90% of the potential responses are filed electronically. Due to the classification level of some documents, licensees choose to submit some documents as a hard-copy.
However, all (100%) of fingerprint submissions from the 61 nuclear power reactor facilities and 4 decommissioning reactor facilities are submitted electronically. Other licensees continue to submit fingerprints through non‑electronic means.
Effort to Identify Duplication and Use Similar Information
Paragraph 73.38(d) eliminates duplication by specifying that background investigations do not apply to Federal, State or local law enforcement personnel who are performing escort duties.
Paragraph 73.38(g) eliminates duplication by specifying that individuals who have a valid unescorted access authorization pursuant to an NRC order or regulation within 5 years of the effective date of the spent nuclear fuel (SNF) in transit final will not be required to have a new fingerprint-based Federal Bureau of Investigations (FBI) criminal history records check.
Effort to Reduce Small Business Burden
It is possible for licensees who use SNM be small businesses. Since the consequences to the common defense and security or to the health and safety of the public of inadequate safeguards for SNM are the same for large and small entities, it is not possible to reduce the burden on small businesses by less frequent or less complete reports, records, plans, and procedures. The NRC staff estimates that none of the current licensees who use SNM and are subject to 10 CFR Part 73 information collection requirements are small businesses.
Consequences to Federal Program or Policy Activities if the Collection is Not Conducted or is Conducted Less Frequently
If the information collection was not conducted or was conducted less frequently, the NRC would not be notified in time to provide rapid response and quick assistance in achieving timely resolution of safeguards events. Reports are submitted and evaluated as events occur. Applications for new licenses and amendments may be submitted at any time. Information submitted in previous applications may be referenced without being resubmitted.
Circumstances Which Justify Variation from Office of Management and Budget Guidelines
Certain sections of 10 CFR Part 73 vary from the Office of Management and Budget (OMB) Guidelines by requiring that licensees submit reports to the NRC in less than 30 days. Sections 73.26, 73.27, 73.37, 73.67, and 73.71 of 10 CFR require immediate notifications to response forces, NRC, and local law enforcement authorities, communications between convoys and movement control centers, and immediate notifications of consignees and shippers. These notification requirements are needed to permit response forces, NRC, law enforcement authorities, shippers, and consignees to confirm the integrity of shipments or to determine whether there has been a loss or diversion of SNM and to initiate prompt action for recovery of such material.
Certain other sections of 10 CFR Part 73 vary from the OMB guidelines by requiring that licensees retain records for more than 3 years. Various sections require retention of records for 5 years, or for extended periods such as duration of possession of the material, duration of employment, or 5 years after termination of access authorization. These requirements are necessary to ensure that procedures for handling and safeguarding nuclear materials are available throughout the period in which the licensee possesses the material or operates the facility. Other records are required for inspection or for reconstruction of events in the event of a safeguards incident. Retention periods for all recordkeeping requirements are listed on the burden spreadsheet uploaded as a supplementary document.
Consultations Outside the NRC
Opportunity for public comment on the information collection requirements for this clearance package was published in the Federal Register on March 30, 2018 (83 FR 13801). Four nuclear power reactor licensees and two fuel cycle facility licensees were contacted via electronic mail. No comments were received in responses to these consultations. One anonymous public commenter expressed general support for the agency’s 10 CFR Part 73 background check program. In addition, the NRC received two public comments that were out-of-scope because they did not pertain to the 10 CFR Part 73 information collections.
Payment or Gift to Respondents
Not applicable.
Confidentiality of Information
Confidential and proprietary information is protected in accordance with NRC regulations at 10 CFR Paragraph 9.17(a) and 10 CFR Paragraph 2.390(b).
Certain information designated as SGI is prohibited from public disclosure in accordance with the provisions of the Atomic Energy Act of 1954, as amended,
Chapter 12, Section 147, or designated as classified National Security Information, in accordance with Executive Order 12958.
The NRC only collects the fingerprints, either on hardcopy cards or electronically. The NRC digitizes fingerprints captured via card and passes the fingerprints electronically to the FBI. The FBI runs the fingerprints and provides the criminal history report to the NRC. The NRC then passes the report on to the licensee, but does not retain a copy of this report. This information collection is listed in the NRC’s Annual Republication of Privacy Act Systems of Records Notice under the heading of NRC-39, Personnel Security Files and Associated Records (81 FR 81320). The NRC does not disclose or share the information with anyone (except the initial submittal of fingerprints to the FBI and passing on the FBI report to the licensee).
Justification for Sensitive Questions
Part 73 requires licensees to obtain criminal history records about individuals who are applying for or currently possess unescorted access to a nuclear power facility or a non-power reactor. This sensitive information is necessary because the licensees need to determine whether the individual is qualified to gain and maintain unescorted access to the site. Reviewing officials use the sensitive information to evaluate an individual’s trustworthiness and reliability. Licensees must inform any affected individual that the fingerprints will be used to secure a review of his/her criminal history record, and inform the individual of proper procedures for challenging or explaining the record. To protect this sensitive information, each licensee must establish and maintain a system of files and procedures to protect the personal information.
Paragraph 73.57(f)(2) of 10 CFR requires licensees to protect information obtained from individual criminal history records:
“The licensee may not disclose the record or personal information collected and maintained to persons other than the subject individual, his/her representative, or to those who have a need to have access to the information in performing assigned duties in the process of granting or denying unescorted access to the nuclear power facility, the non-power reactor or access to SGI. No individual authorized to have access to the information may re‑disseminate the information to any other individual who does not have a need to know.”
Estimated Burden and Burden Hour Cost
The estimated burden is based on the following respondents:
3 Category I fuel facilities;
4 Category II and III facilities;
60 power reactor facilities;
10 decommissioning reactor facilities;
31 research and test reactors; and
102 other entities who mark and handle SGI.
The estimated number of annual respondents is 210.
The overall estimated annual burden is 541,406 hours at an estimated annual cost of $142M (541,406 hrs x $263/hr). This includes 22,591 hours for reporting; 42,963 hours for third-party notification; and 475,852 hours for recordkeeping. Detailed burden tables have been uploaded as a supplementary document (Excel spreadsheet).
Burden Summary
|
Responses |
Hours |
Cost at $263/hr |
Reporting |
40,819.3 |
22,591.1 |
$ 5,941,464 |
Recordkeeping |
210.0 |
475,852.2 |
$125,149,136 |
Third Party Disclosure |
136,957.2 |
42,963.0 |
$ 11,299,277 |
Total |
177,986.5 |
541,406.4 |
$142,389,878 |
The $263 hourly rate used in the burden estimates is based on the NRC’s fee for hourly rates as noted in 10 CFR Section 170.20 “Average cost per professional staff-hour.” For more information on the basis of this rate, see the Revision of Fee Schedules; Fee Recovery for Fiscal Year 2017 (82 FR 30682; June 30, 2017).
Estimate of Other Additional Costs
The NRC has determined that the records storage cost is roughly proportional to the recordkeeping burden cost. Based on a typical clearance, the records storage cost has been determined to be equal to .0004% of the recordkeeping burden cost. Therefore, the records storage cost for this clearance is estimated to be $50,059 (475,852 recordkeeping hours x $263 x .0004).
In addition, the cost to licensees for processing fingerprint cards is $10 per card. The total cost for processing fingerprint cards is $388,340 (38,834 cards x $10/card).
The total additional costs to licensees for recordkeeping and fingerprint card processing is $438,399($50,059 + $388,340).
Estimated Annualized Cost to the Federal Government
The staff has developed estimates of annualized costs to the Federal Government related to the conduct of this collection of information. These estimates are based on staff experience and subject matter expertise and include the burden needed to review, analyze, and process the collected information and any relevant operational expenses. The estimated cost to the government for review of required reports and records is approximately $1,183,500 (4,500 hours at $263/hr) and is based on the NRC fee rate.
15. Reason for Change in Burden or Cost
The estimated burden has decreased from 551,995 hours to 541,406 hours, for a total decrease of 10,589 hours.
|
BURDEN CHANGE |
|||||
|
Current Burden in ROCIS |
2018 Estimates |
Changes |
|||
|
Hours |
Responses |
Hours |
Responses |
Hours |
Responses |
Reporting |
21,394 |
30,793 |
22,591 |
40,819 |
1,197 |
10,026 |
Recordkeeping |
495,159 |
581 |
475,852 |
210 |
(19,307) |
(371) |
Third Party Disclosure |
35,442 |
123,686 |
42,963 |
136,957 |
7,521 |
13,271 |
Total |
551,995 |
155,060 |
541,406 |
177,986 |
(10,589) |
22,926 |
Reasons for the change are as follows:
Removal of burden for completed requirements:
A number of one-time requirements were contained in the Power Reactor Cyber Security Requirements, Final Rule (approved by OMB in October 2015). An estimated 8,125 hours of burden were reduced to the completion of one-time recordkeeping requirements associated with implementing this rule.
In addition, 789 hours of burden (14 hours reporting and 775 hours recordkeeping) associated with the research and test reactor (i.e., non-power reactor) confirmatory action letter (CAL) has been removed. Confirmatory action letter implementation plans were submitted for this CAL when the compensatory measures were first issued back in 2003 and 2005 and there are currently no ongoing submissions. Compensatory measures have been incorporated into the PSP. Burden for ongoing recordkeeping is captured under estimates to establish and maintain NRC-approved physical protection, training and qualification and SCPs.
Increase in the estimated number of fingerprints submitted annually
The NRC staff reviewed historic data on the number of fingerprints submitted annually under 73.57 in order to assess the accuracy of the estimate. Based on this review and staff knowledge of changes in the industry, the estimated number of fingerprint submissions was increased from 27,682 to 38,834 responses (an increase of 11,152 responses). At half an hour per fingerprint submission, this represents a increase of 5,576 hours. This increase in reporting burden and responses was partially off-set by an overall decrease in the number of licenses responding to information collection requirements in Part 73 (described below) and the removal of burden for completed requirements (described above). Because the increase occurred in a high-response/low-burden requirement (fingerprints, at 0.5 hours/response), and the decrease occurred in a number of low-response/high-burden requirements (such as preplanning and coordinating shipments, at 25 hours/response), the net result was a greater increase in responses than in reporting hours (total increase in reporting burden of 1,197 hours and 10,026 responses.)
Change in the number of licensees:
The NRC staff corrected the total number of respondents to the 10 CFR Part 73 information collection. The previous submission included 200 state contacts; however, no 10 CFR Part 73 requirements apply to these entities. In addition, after reviewing the actual number of entities currently marking and handling SGI, the number of respondents in that category was reduced from 262 to 102 (a decrease of 160 respondents). The total number of respondents was reduced from 581 to 210, as shown on the table below:
|
2015 estimates |
2018 estimates |
Change |
Category I fuel facilities |
3 |
3 |
0 |
Category II and III facilities |
20 |
4 |
-16 |
Power reactors |
61 |
60 |
-1 |
Decommissioning reactors |
4 |
10 |
6 |
Research and test reactors |
31 |
31 |
0 |
Other entities who mark and handle SGI |
262 |
102 |
-160 |
State contacts |
200 |
0 |
-200 |
Total |
581 |
210 |
-371 |
Because all respondents are also recordkeepers, the decrease in the number of respondents also reduced the number of recordkeeping responses by 371.
Note that the removal of the state contacts as respondents did not affect the overall burden because, although they were previously reported as respondents in the supporting statement, the 200 state contacts were not included in the previous burden tables and no burden hours were associated with these respondents.
Some requirements were identified as third-party disclosure requirements that were previously listed on the reporting and recordkeeping tables. For example, requirements to label documents as containing SGI were moved from the recordkeeping table to the third-party disclosure table. As a result, the burden on the reporting and recordkeeping tables decreased, while the burden on the third‑party disclosure table increased. Overall, this did not affect the total burden for the 10 CFR Part 73 information collection; however, this greatly increased the number of responses. These requirements, when included on the recordkeeping table, had a minimal effect on recordkeeping responses because each record keeper is counted only once. When each disclosure is counted on the third-party disclosure table, the number of responses greatly increased. The number of third-party disclosures increased by 13,271 responses.
There is a change in additional costs because the licensee cost to submit fingerprint cards for processing (a cost of $388,340) has been included in the current submission. Fees for fingerprint processing ($10 per card) were not included in the previous submission for this information collection.
In addition, the hourly rate decreased from $272/hour to $263/hour.
Publication for Statistical Use
None.
Reasons for Not Displaying the Expiration Date
The recordkeeping and reporting requirements for this information collection are associated with regulations and are not submitted on instruments such as forms or surveys. For this reason, there are no data instruments on which to display an OMB expiration date. Furthermore, amending the regulatory text of the CFR to display information that, in an annual publication, could become obsolete would be unduly burdensome and too difficult to keep current.
Exceptions to the Certification Statement
None.
B. COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS
None.
PART 73 INFORMATION COLLECTION REQUIREMENTS
Section 73.5 provides that the Commission may grant exemptions from the requirements of the regulations in Part 73 under specified conditions, upon the application of any interested person or on its own initiative. Applications under this section are examined by the NRC staff to determine whether the requested exemption is authorized by law and whether it will not endanger life or property or the common defense and security, and to determine if it is otherwise in the public interest.
Paragraph 73.20(c) requires that each affected licensee establish, maintain, and follow NRC‑approved safeguards physical protection and safeguards contingency plans that describe how the licensee will comply with the requirements of paragraphs (a) and (b) of this section. The required plans are used to review the adequacy of a licensee's intended security system for compliance and enforcement purposes.
Paragraph 73.22(b) requires that each affected licensee make a trustworthiness and reliability determination based on a background check (or other means as approved by the Commission) for each individual seeking access to SGI, except for the categories of individuals enumerated in 10 CFR Section 73.59.
Paragraph 73.22(d) requires that each document or other matter that contains SGI be marked to indicate the presence of such information in a conspicuous manner on the top and bottom of each page and that the first page of the document or other matter also contain the name, title, and organization of the individual authorized to make a SGI determination, and who has determined that the document or other matter contains SGI; the date the determination was made; and an indication that unauthorized disclosure will be subject to civil and criminal sanctions. Transmittal letters or memoranda to or from the NRC which do not in themselves contain SGI must be marked to indicate that attachments or enclosures contain SGI but that the transmittal does not. Transmittal documents or other media containing SGI must include the name and title of the certifying official and the date it was designated as SGI. Portion marking is required for correspondence to and from the NRC (i.e., cover letters, but not attachments) that contains SGI. The portion marking must be sufficient to allow the recipient to identify and distinguish those sections of the transmittal document or other information containing the SGI from non-SGI. Documents or other matter containing or transmitting SGI, at a minimum, must include the words ‘‘SGI’’ to ensure identification of protected information for the protection of facilities and material covered by Section 73.22.
Paragraph 73.22(f) requires that when documents or other matter containing SGI are transmitted outside an authorized place of use or storage, they must be packaged in two sealed envelopes or wrappers to preclude disclosure of the presence of SGI. The inner envelope or wrapper must contain the name and address of the intended recipient and be marked on both sides, top and bottom, with the words SGI. The outer envelope or wrapper must be opaque, addressed to the intended recipient, contain the address of the sender, and may not bear any markings or indication that the document or other matter contains SGI.
Paragraph 73.23(b) requires that a trustworthiness and reliability determination based on a background check (or other means as approved by the Commission) be made for each individual seeking access to SGI designated as SGI-Modified Handling (SGI-M), except for the categories of individuals enumerated in of 10 CFR Section 73.59, relief from fingerprinting, identification and criminal history records checks and background checks for designated categories of individuals.
Paragraph 73.23(d) requires that a document or other matter containing SGI designated as SGI‑M be marked in a conspicuous manner on the top and bottom of each page to indicate the presence of SGI designated as SGI-M. In addition, the first page of SGI designated as SGI-M documents must include the name, title, and organization of the individual authorized to make a SGI designated as SGI-M determination, and who has determined that the document contains SGI designated as SGI-M; the date the determination was made; and an indication that unauthorized disclosure will be subject to civil and criminal sanctions. Transmittal letters or memoranda to or from the NRC that do not contain SGI designated as SGI-M must be marked to indicate that attachments or enclosures contain SGI designated as SGI-M but that the transmittal document does not. Transmittal documents forwarding SGI designated as SGI-M must alert the recipient that SGI designated as SGI-M is enclosed. Certification that a document or other matter contains SGI designated as SGI-M must include the name and title of the certifying official and the date designated. Portion marking showing which portions of the document contain SGI designated as SGI-M and which do not is required for transmittal documents to and from the NRC. The marking of documents containing or transmitting SGI designated as SGI-M must, at a minimum, include the words “SGI-Modified Handling.”
Paragraph 73.23(f) requires that documents or other matter containing SGI designated as SGI‑M transmitted outside an authorized place of use or storage, the SGI designated as SGI-M be packaged in two sealed envelopes or wrappers. The inner envelope or wrapper must contain the name and address of the intended recipient and be marked on both sides, top and bottom, with the words “SGI-Modified Handling.” The outer envelope or wrapper must be opaque, addressed to the intended recipient, must include the address of the sender, and must not bear any markings or indication that the document contains SGI designated as SGI-M.
Paragraph 73.24(b)(1) requires that licensees maintain a log of the arrival at the final destination of each shipment. The record is necessary to ensure that there are not two or more shipments of SNM in transit at the same time which together would constitute a formula quantity, and to ensure verification of the arrival of the shipment.
Paragraph 73.25(b) requires procedures in support of the physical protection system and plan required by 10 CFR Section 73.20. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.25(c) requires procedures in support of the physical protection system and plan required by 10 CFR Section 73.20. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.25(d) requires procedures in support of the physical protection system and plan required by 10 CFR Section 73.20. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.26(b)(3) requires that, prior to each SNM shipment, licensees provide information to NRC concerning the identity of the shipper, consignee, carriers, transfer points, modes of shipment, and security arrangements for the shipment. The information is needed to permit NRC to ensure that adequate measures will be taken to protect the material in transit.
Paragraph 73.26(c) describes the records retention schedule for records associated with Sections 73.25, 73.26, and 73.27. This requirement is not an information collection but provides added detail to information collections listed elsewhere in this part. Any burden
associated with records retention is recorded under the information collection containing the recordkeeping requirement.
Paragraph 73.26(d)(3) requires that licensees maintain a written management system to provide for the development, revision, implementation, and enforcement of transportation physical protection procedures. The information collection associated with this requirement is contained in 10 CFR Paragraph73.20(c).
Paragraph 73.26(d)(4) requires that licensees maintain documentation of qualification and requalification of members of the security organization. The record of initial qualification must be maintained for the term of employment and the record of re-qualification must be retained for three years. The information is reviewed by NRC inspectors to ensure that security organization members are properly qualified in accordance with the site training and qualification plan (T&QP) and implementing procedures.
Paragraph 73.26(e)(1) references the requirement for a written contingency plan. The contingency plan is required by 10 CFR Section 73.20. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.26(e)(2) requires that upon detection of abnormal presence or activity of persons or vehicles attempting to penetrate a moving convoy or persons attempting to gain access to a parked cargo vehicle or upon evidence or indication of penetration of the cargo vehicle, the armed escorts or other personnel inform local law enforcement agencies of the threat and request assistance.
Paragraph 73.26(f)(2) requires licensees to: (1) call remote location at least every 30 minutes to report status of SNM shipment; (2) if call is not received, licensee commander shall request assistance from local law enforcement agencies and notify shipment movement control center and initiate appropriate contingency plan; and (3) upon departure from transfer point, escorts shall notify the licensee of the latest status immediately thereafter departure. Calling the remote location every 30 minutes is a part of the security staffs normal duties and is not reported as part of the burden.
Paragraph 73.26(g)(1) requires a numbered picture badge identification procedure to be used to identify all individuals who will have custody of a shipment of SNM. All security officers assigned to duties involving shipments of nuclear material are required as a normal part of their duties to wear numbered picture badges and as such this is not reported as part of the burden; thus, the information collection is for the procedure only.
Paragraph 73.26(h)(5) requires procedures in support of the physical protection system and plan required by 10 CFR Section 73.20. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.26(h)(6) requires that licensees document the results of an annual audit of the transportation security program, along with recommendations for improvements, and that the documentation be retained as a record for 3 years. The records are reviewed by the NRC inspectors to ensure that the effectiveness of the physical security system is evaluated by licensee personnel independent of security management and supervision.
Paragraph 73.26(i)(1) requires that licensees prepare a detailed route plan showing the routes to be taken, refueling and rest stops, and call-in times to the movement control center. This document is used to plan the movement of the SNM shipment so that it is made on primary highways with minimum use of secondary roads, and to ensure that adequate measures for support and communications are available to protect the shipment.
Paragraph 73.26(i)(5) requires the establishment of procedures in support of the physical protection system. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.26(i)(6) requires that calls to the movement control center be made at least every half hour to convey the status and position of the shipment and that, in the event that no communication is received from the SNM shipment or escort personnel at a designated call-in time, the licensee must notify law enforcement authorities and the NRC immediately and initiate appropriate contingency plans. This notification is necessary so that the NRC can ensure that timely response or investigation actions may be undertaken. Calling the remote location every 30 minutes is a part of the security staff’s normal duties and is not reported as part of the burden.
Paragraph 73.26(j)(6) requires the establishment of procedures in support of the physical protection system. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph section 73.26(k)(2) requires the establishment of procedures in support of the physical protection system. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.26(k)(4) requires that, in the event that no communication is received from the SNM shipment or escort personnel at a designated call-in time, the licensee must notify law enforcement authorities and the NRC immediately and initiate appropriate contingency plans. This notification is necessary so that the NRC can ensure that timely response or investigation actions may be undertaken. The information collection associated with this requirement is captured under 10 CFR Paragraph 73.26(i)(6) as the requirement is the same, only transportation type varies.
Paragraph 73.27(a)(1) requires that a licensee who delivers formula quantities of strategic SNM (SSNM) to a carrier for transport must immediately notify the consignee by telephone, telegraph, or teletype, of the time of departure of the shipment and method of transportation, including names of carriers, and the estimated time of arrival at destination. This information is needed to ensure that the consignee is aware that the shipment is in route so the consignee can carry out the safeguards transportation protection plan.
Paragraph 73.27(a)(2) requires that, in the case of a free on board shipment, the licensee shipper must obtain written certification from the consignee who is to take delivery at the f.o.b. point that the required physical protection arrangements have been made. This information is needed to ensure that the safeguards transportation protection plan will be carried out.
Paragraph 73.27(a)(3) requires that a shipper make arrangements to obtain immediate notification from the consignee of the arrival of a shipment at its destination or of any shipment that is lost or unaccounted for after the estimated time of arrival at its destination. This information is required so that the licensee can promptly notify the NRC of any missing material so that a trace investigation may be initiated.
Paragraph 73.27(b) requires a licensee who receives a shipment of formula quantities of SSNM to immediately notify the shipper and the NRC of the arrival of the shipment at its destination, or of the failure of a shipment to arrive at its destination at the estimated time. In the latter event, the shipper must also notify the NRC of the actions being taken to trace the shipment. This information is needed to ensure that accountability is maintained for SSNM in transit, so that appropriate measures may be taken to initiate a trace and undertake recovery action if necessary.
Paragraph 73.27(c) requires that in the case of a lost or unaccounted for SNM shipment, the licensee who made the physical protection arrangements must conduct a trace investigation and file with the NRC a report of the investigation as specified in 10 CFR Section 73.71. This information is needed to permit the NRC to determine whether all appropriate measures have been taken to trace and recover the material. The information collection associated with this requirement is contained in 10 CFR Section 73.71.
Paragraph 73.37(a) requires licensees to provide notification to the appropriate response forces of any spent fuel shipment sabotage attempts as part of the physical protection system and plan required by 10 CFR Section 73.20. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.37(b)(1)(ii) requires that licensees preplan and coordinate F shipments. The information collection associated with this requirement is contained in 10 CFR Section 73.72.
Paragraph 73.37(b)(1)(iv) requires licensees to preplan and coordinate spent nuclear fuel (SNF) with the governor of a State, or the governor's designee, of a shipment of SNF through, or across their boundary.
Paragraph 73.37(b)(1)(vi) requires licensees to preplan and coordinate with the NRC to obtain advance approval of the routes used for road and rail shipments of SNF, and of any U.S. ports where vessels carrying spent fuel shipments are scheduled to stop.
Paragraph 73.37(b)(2) requires that licensees provide for notification of the NRC in advance of each shipment of SNF. The notification requirements are found in 10 CFR Section 73.72. The information collection associated with this requirement is contained in 10 CFR Section 73.72.
Paragraph 73.37(b)(2)(i-iii) requires licensees to notify State(s) prior to the shipment of SNF within or through a State. In addition, requires licensees to notify the Tribal official or Tribal official’s designee of each participating Tribe referenced in 10 CFR Paragraph 71.97(c)(3) prior to the transport of SNF within or across the Tribal reservation. This section also requires licensees to notify State(s) prior to the delivery for transport the licensed material outside the confines of the licensee’s facility or other place of use or storage.
Paragraph 73.37(b)(2)(iv) requires a licensees to notify by telephone a responsible individual in the office of the governor or in the office of the governor's designee and the office of the Tribal official or in the office of the Tribal official's designee of any schedule change that differs by more than 6 hours from the schedule information previously furnished under paragraph (b)(2)(iii) of this section, and shall inform that individual of the number of hours of advance or delay relative to the written schedule information previously furnished.
Paragraph 73.37(b)(2)(v) requires licensees who cancel a shipment for which advance notification has been sent shall send a cancellation notice to the governor or to the governor’s designee of each State previously notified, each Tribal official or the Tribal official’s designee previously notified, and to the NRC’s Director, Division of Security Policy, Office of Nuclear Security and Incident Response. The licensee shall state in the notice that it is a cancellation and identify the advance notification that is being canceled.
Paragraph 73.37(b)(2)(vi) requires licensees to retain a copy of the preplanning and coordination activities, advance notification, and any revision or cancellation notice as a record for 3 years.
Paragraph 73.37(b)(3)(iv) requires the movement control center personnel and escorts to maintain a written log for each SNF shipment, which will include information describing the shipment and significant events that occur during the shipment. The log will be available for review by authorized NRC personnel for a period of at least 3 years following completion of the shipment.
Paragraph 73.37(b)(3)(v) requires the licensee to develop, maintain, revise and implement written transportation physical protection procedures.
Paragraph 73.37(b)(3)(vi) requires the licensee to retain as a record the transportation physical protection procedures for 3 years after the close of period for which the licensee possesses the SNF.
Paragraph 73.37(b)(3)(vii)(B) requires as a part of the transportation physical protection system that shipment escorts make calls to the movement control center at random intervals, not to exceed 2 hours, to advise of the status of the shipment for road and rail shipments, and for sea shipments while shipment vessels are docked at U.S. ports.
Paragraph 73.37(b)(3)(vii)(C) requires that at least one armed escort remains alert at all times, maintain constant visual surveillance of the shipment, and periodically reports to the movement control center at regular pre-set intervals during periods when the shipment vehicle is stopped, or the shipment vessel is docked.
Paragraph 73.37(b)(4)(iii) requires the licensee to retain the contingency and response procedures as a record for 3 years after the close of period for which the licensee possesses the SNF under each license for which the plan is used and superseded material for 3 years after each change.
Paragraph 73.37(g)(iii) requires State officials, state employees, Tribal officials, Tribal employees, and other individuals who receive schedule information to protect the information against unauthorized disclosure.
Paragraph 73.38(a)(2) requires the licensee to establish, implement, and maintain its access authorization program.
Paragraph 73.38(c)(2)(v) requires a 3 year recordkeeping requirement pertaining to documentation for access authorization for any individual who has an active federal security clearance.
Paragraph 73.38(d) requires the licensee to conduct background investigations before allowing an individual to act as an armed escort or have unescorted access to SNF in transit
Paragraph 73.38(d)(1) requires the licensees not to initiate any element of a background investigation without the informed and signed consent of the subject individual.
Paragraph 73.38(d)(2) requires any individual who is required to have a background investigation under the licensee’s access authorization program to disclose personal history information that is necessary to make a determination of the individual’s trustworthiness and reliability.
Paragraph 73.38(d)(3) requires the licensee to conduct fingerprints and an Federal Bureau of Investigation (FBI) investigation and criminal history records check in accordance with 10 CFR Section 73.57. The form is FD–258, which is indicated as an acceptable method for submitting fingerprints. The fingerprint card Form FD–258, covered under the Office of Management and Budget (OMB) Clearance 1110-0046 states the following as the Authority for the collection of information:
“Authority: The FBI's acquisition, preservation, and exchange of information requested by this form is generally authorized under 28 U.S.C. Depending on the nature of your application, supplemental authorities include numerous Federal statutes, hundreds of State statutes pursuant to Pub.L. 92-544, Presidential executive orders, regulations and/or orders of the Attorney General of the United States, or other authorized authorities. Examples include, but are not limited to: 5 U.S.C. 9101; Pub.L. 94-29; Pub.L. 101-604; and Executive Orders 10450 and Executive Orders 10450 and 12968. Providing the requested information is voluntary; however, failure to furnish the information may affect timely completion or approval of your application.”
This requires the licensee to transmit the fingerprints to the NRC.
Paragraph 73.38(d)(5)(iv)(A) requires the licensee to document if a previous employer, educational institution, or any other entity with which the individual claims to have been engaged fails to provide information or indicates an inability or unwillingness to provide information the licensee shall obtain a confirmation of employment, educational enrollment and attendance, or other form of engagement claimed by the individual from at least one alternate source that has not been previously used.
Paragraph 73.38(d)(5)(vi) requires the licensee when obtaining information on employment history to document any telephone calls.
Paragraph 73.38(f)(5) requires the licensee to retain all fingerprint and criminal history records received from the FBI, or a copy if the file has been transferred, on an individual (including data indicating no record) for 5 years from the date the individual no longer requires unescorted access or access authorization relative to SNF in transit.
Paragraph 73.38(i) requires any individual who has applied for an access authorization or is maintaining an access authorization to report to the reviewing official, his or her supervisor, or other management personnel designated in licensee procedures any legal action(s) taken by a law enforcement authority or court of law to which the individual has been subject that could result in incarceration or a court order that requires a court appearance.
Paragraph 73.38(j) requires the licensee to develop, implement, and maintain written procedures for conducting background investigations for persons who are applying for unescorted access authorization for SNF in transit; for updating background investigations for persons who are applying for reinstatement of unescorted access or access authorization; to ensure that persons who have been denied unescorted access or access authorization are not allowed access to SNF in transit or information relative to SNF in transit; and for the notification of individuals who are denied unescorted access or access authorization for SNF in transit.
Paragraph 73.38(l) requires the licensee to maintain records of background investigations 5 years from the date the individual no longer requires access to SNF. This section also requires a copy of the access authorization program procedures as a record for 5 years after it is no longer needed. In addition, the licensee must retain the list of persons approved for unescorted access for 5 years after the list is superseded or replaced.
Section 73.40 Requires that licensees provide physical protection at a fixed site, or contiguous sites where licensed activities are conducted against radiological sabotage, or against theft of SNM, or against both in accordance with the applicable sections of this part for each specific class of facility or material licensee. If applicable, the licensees are required to establish and maintain physical security in accordance with security plans approved by the NRC. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Section 73.45 requires that the licensee's fixed site physical protection system (required by 10 CFR Section 73.20) contain certain provisions, procedures, and plans. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.46(b)(1) requires that, if a contract guard force is utilized, the licensee have a written agreement with the contractor that contains provisions showing that the licensee is responsible to NRC for maintaining safeguards in accordance with NRC regulations and the licensee's security plan, that NRC may inspect, copy, and remove copies of required reports and documents, and that the licensee must demonstrate the capability of the security force, including contractor personnel, to perform their assigned duties. This requirement is necessary to ensure that the licensee makes the security force contractor aware of its responsibilities.
Paragraph 73.46(b)(3) requires that the licensee have a management system that includes written security procedures which document the structure of the security organization and which detail the duties of the Tactical Response Team, guards, watchmen, and other individuals responsible for security. The licensee must also have provisions for written approval of such procedures and any revisions thereto by the individual with overall responsibility for the security function. These procedures are necessary to ensure that a management system is in place, that responsibilities and duties are set forth clearly, and that the security organization is adequate to provide protection in accordance with the security plan.
Paragraph 73.46(b)(4) requires that the licensee document the results of each weapons qualification and re-qualification, the annual physical fitness performance test or the quarterly administered site specific content-based test. These records verify that qualification and requalification have occurred and provide a record of individual performances. The burden for this information collection has been listed together with Paragraphs 73.46(b)(4),(7),(8) and 73.46(b)(11)(i).
Paragraph 73.46(b)(7) requires that licensees document the qualification and re‑qualification of Tactical Response Team members, armed response personnel, and guards in day and night firing. These records verify that qualification and re-qualification have occurred and provide a
record of individual performances. The burden for this information collection has been listed together with Paragraphs 73.46(b)(4),(7),(8) and 73.46(b)(11)(i).
Paragraph 73.46(b)(8) requires that licensees document the training of tactical response team members in response tactics. These records verify that training has occurred and provide a record of individual performances. The burden for this information collection has been listed together with Paragraphs 73.46(b)(4),(7),(8) and 73.46(b)(11)(i).
Paragraph 73.46(b)(9) requires that the licensee notify NRC at least 60 days in advance of a scheduled training exercise for the security force which is required to be observed by NRC. The licensee must also document the results of all exercises. The notification requirement allows the NRC to arrange for NRC inspectors to observe the exercise. The documentation verifies that the exercise was conducted and provides a record of security force performance.
Paragraph 73.46(b)(10)(iii) requires that the licensee obtain a written certification by an examining physician that there are no contraindications to individual's participation in the physical fitness training program.
Paragraph 73.46(b)(11)(i) requires that the licensee retain a record of each security force member's attempt to qualify or re-qualify by meeting or exceeding the applicable qualification criteria. This is a repetition of the requirement in 10 CFR Paragraph 73.46(b)(4) and is not, itself, an information collection.
Paragraph 73.46(b)(11)(iii) requires that prior to participation in the physical performance testing each security force member must obtain a medical clearance from a licensed practitioner stating that there are no medical contraindications to the individual's participation in such testing.
Paragraphs 73.46(b)(12) and 73.46(b)(12)(i) when taken together require the submission of the site specific content-based tests for NRC's approval. This information is incorporated into the licensee's physical protection plan and may be used by NRC to inspect the physical performance testing programs to ensure that they are adequate to protect the health and safety of the public. The burden for this information collection is incorporated into that of 10 CFR Paragraph 73.46(b)(4).
Paragraph 73.46(b)(12)(ii) requires that, prior to the administration of the site specific content‑based physical fitness tests and annually thereafter, a physical examination be conducted and a written certification, that there are no medical contraindications to participation in the tests, be obtained from a licensed physician.
Paragraph 73.46(d)(3) requires procedures in support of the physical protection system and plan required by 10 CFR Section 73.20. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.46(d)(10) requires that the licensee must maintain records of the findings of teams conducting drum scanning and tamper sealing of containers of contaminated waste. These records verify that the scanning was conducted and document the scan readings for later use in review of the waste shipments if needed.
Paragraph 73.46(d)(11) requires that licensee teams must verify and certify the contents of containers of SSNM being prepared for shipment offsite. These records verify the weight, assay, and tamper seal integrity of the containers.
Paragraph 73.46(d)(13) specifies that licensees must require that individuals provided escorted access to protected areas register their name, date, time, purpose of visit and employment affiliation, citizenship, and name of the individual to be visited in a log. The log serves as a record of visitors permitted access, serves as a document that may be inspected to verify that access control requirements are being followed, and facilitates any subsequent investigation of irregular events.
Paragraph 73.46(g)(5) requires procedures in support of the physical protection system and plan required by 10 CFR Section 73.20. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.46(g)(6) requires the documentation and reporting to management of the results of an annual independent review and audit of the security program. The records are reviewed by NRC inspectors to ensure that the effectiveness of the security program is evaluated by licensee personnel independent of security management and supervision and that the results of the review are reported to higher management. These records must be retained for 3 years.
Paragraph 73.46(h)(1) restates and provides details on the requirement in 10 CFR Section 73.20 to have a safeguards and contingency plan. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.46(h)(2) requires that licensees establish and document a response agreement with local law enforcement authorities. The agreement is used to verify law enforcement response capabilities and to ensure a clear understanding by both parties of what is expected and what law enforcement assistance will be provided in case of an emergency.
Paragraph 73.46(h)(3) requires that the basis for the determination of the size and availability of an additional force of guards or armed response personnel be included in the physical protection plans submitted to NRC as required by 10 CFR Section 73.20. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.46(h)(4)(iii)(B) requires that licensees inform local law enforcement agencies of any detected threat and request assistance. This notification requirement is necessary to ensure that law enforcement assistance is obtained to help neutralize any threat to vital areas or material access areas.
Paragraph 73.50(a)(3) requires that certain licensees who possess, use, or store formula quantities of SSNM must maintain written security procedures that document the structure of the security organization and detail the duties of guards, watchmen, and other individuals responsible for security.
Paragraph 73.50(a)(4) requires that licensees document the qualification and re‑qualification of guards, watchmen, and other members of the security organization. These records verify that qualification and re-qualification have occurred and provide a record of individual performances.
Paragraph 73.50(c)(5) specifies that licensees must require that individuals provided escorted access to protected areas register their name, date, time, purpose of visit and employment affiliation, citizenship, name and badge number of the escort, and name of the individual to be visited in a log. The log serves as a record of visitors permitted access, serves as a document that may be inspected to verify that access control requirements are being followed, and facilitates any subsequent investigation of irregular events.
Paragraph 73.50(g)(1) requires that licensees maintain an NRC‑approved safeguards contingency plan (SCP) for dealing with threats, thefts, and radiological sabotage related to SSNM and nuclear facilities. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.50(g)(2) requires that licensees establish and document a response agreement with local law enforcement authorities. The agreement is used to verify law enforcement response capabilities and to ensure a clear understanding by both parties of what is expected and what law enforcement assistance will be provided in case of an emergency.
Paragraph 73.50(g)(3)(iii)(B) requires that licensees inform local law enforcement agencies of any detected threat and request assistance. This notification requirement is necessary to ensure that law enforcement assistance is obtained to help neutralize any threat to vital areas or material access areas.
Paragraph 73.50(h) lists requirements for the NRC-approved T&QP, which is required by 10 CFR Section 73.20. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.51(d)(5) requires procedures in support of the physical protection system and plan required by 10 CFR Section 73.20.
Paragraph 73.51(d)(6) requires a licensee to establish a documented liaison with local law enforcement or designated response force to be included in the security plan.
Paragraph 73.51(d)(10) requires procedures in support of the physical protection system and plan required by 10 CFR Section 73.20.
Paragraph 73.51(d)(12) requires the licensee to review the physical protection program every 24 months by individuals independent of both physical protection program management and personnel who have direct responsibility for implementation of the physical protection program. The review must include an evaluation of the effectiveness of the physical protection system and verification of the liaison established with the designated response force or local law enforcement agency.
Section 73.54(intro) provides the submittal deadline for NRC-approved cyber security plans (CSPs). One-time burden associated with creating and submitting CSPs is captured in this requirement. This requirement is complete.
Paragraph 73.54(b)(1) requires analysis of digital computer and communications systems. This analysis is contained in the CSP required by 10 CFR Paragraph 73.54(e) and the information collection associated with this requirement is contained in that section.
Paragraph 73.54(e) requires licensees to establish, implement, and maintain an NRC-approved CSP that describes how the requirements will be implemented and accounts for the site-specific conditions that affect implementation. The CSP must include measures for incident response and recovery for cyber-attacks and must describe how the licensee will maintain the capability for timely detection and response to cyber-attacks, mitigate the consequences of cyber-attacks correct exploited vulnerabilities, and restore affected systems, networks, and/or equipment affected by cyber-attacks.
Paragraph 73.54(f) requires licensees to develop and maintain written policies in support of the CSP required by 10 CFR Paragraph 73.54(e). The information collection associated with this requirement is contained in 10 CFR Paragraph 73.54(e).
Paragraph 73.55(b)(6) describes the requirement for a performance evaluation program (PEP). The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(c)(4), as the PEP is documented in the T&QP.
Paragraph 73.55(b)(7) requires licensees to document the access authorization program in the security plan. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(c)(3).
Paragraph 73.55(b)(8) requires licensees to establish, maintain, and implement a cyber security program. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.54(e).
Paragraph 73.55(b)(9) requires licensees to document an insider mitigation program in the security plan. This is a one-time requirement connected to 10 CFR Paragraph 75.55(a). This requirement is complete.
Paragraph 73.55(b)(10) requires licensees to develop corrective action measures. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(m).
Paragraph 73.55(b)(11) requires that plan and procedure implementation be coordinated to preclude conflict. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.58(d), which requires the communication of potential conflicts.
Paragraph 73.55(c)(1) requires licensees to include certain descriptions in security plans. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(c)(3).
Paragraph 73.55(c)(3) requires licensees to establish and maintain a physical security plan (PSP), which includes analyses and site-specific information identified in this part as included in the security plan.
Paragraph 73.55(c)(4) requires licensees to establish, implement, and maintain a T&QP.
Paragraph 73.55(c)(5) requires licensees to establish, implement, and maintain a SCP.
Paragraph 73.55(c)(6) repeats the requirement for licensees to establish, implement, and maintain a CSP. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.54(e).
Paragraph 73.55(c)(7) requires licensees to establish, implement, and maintain written procedures that implement Commission requirements and security plans.
Paragraph 73.55(e)(1) requires that licensees describe barriers, barrier systems, and their functions in their security plans. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(c)(3).
Paragraph 73.55(e)(2) lists records retention requirements for barrier analyses and descriptions. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(c)(3).
Paragraph 73.55(e)(8)(iv) requires a description to be included in the security plan. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(c)(3).
Paragraph 73.55(e)(10)(ii)(A) requires licensees to identify areas from which a waterborne vehicle must be restricted and to coordinate with local, State, and Federal agencies having jurisdiction over waterway approaches to ensure that waterway approach routes are controlled. This is a one-time requirement connected to 10 CFR Paragraph 75.55(a), which requires revised documentation to support the revised requirements of this part. This requirement is complete for current nuclear power reactor licensees.
Paragraph 73.55(f) requires reactor licensees to document in site procedures the process used to develop and identify target sets, including the analyses and methodologies used to determine and group the target set equipment or elements, to include target set equipment or elements that are not contained within the protected or vital areas. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(c)(7).
Paragraph 73.55(g)(5)(ii) requires licensees to develop procedures for emergency conditions. This is a one-time requirement connected to 10 CFR Paragraph 75.55(a). This requirement is complete.
Paragraph 73.55(g)(6)(i)(B) requires reactor licensees to maintain a record (name and affiliation) of all individuals to whom access control devices have been issued and inventory appropriate access control devices at least annually.
Paragraph 73.55(g)(6)(ii)(C) requires licensees to maintain a record (name and areas to which unescorted access is granted) of all individuals to whom photo identification badge/key‑cards have been issued.
Paragraph 73.55(g)(6)(iii) requires licensees to issue passwords and combinations to access control personnel.
Paragraph 73.55(g)(7)(i)(A) requires licensees to implement procedures. This is a one-time requirement connected to 10 CFR Paragraph 75.55(a). This requirement is complete for current power reactor licensees.
Paragraph 73.55(g)(7)(i)(C) requires licensees to maintain a visitor control register into which all pertinent visitor information must be written.
Paragraph 73.55(g)(8)(v) requires licensees to describe visitor to escort ratios and implementing procedures for protected and vital areas in PSPs. This is a one-time requirement connected to 10 CFR Paragraph 75.55(a). This requirement is complete for current power reactor licensees.
Paragraph 73.55(h)(2)(ii) requires licensees to describe the vehicle search process in implementing procedures. This is a one-time requirement connected to 10 CFR Paragraph 75.55(a). This requirement is complete for current nuclear power reactor licensees.
Paragraph 73.55(h)(3)(iv) requires licensees to describe the vehicle search process in implementing procedures. This is a one-time requirement connected to 10 CFR Paragraph 75.55(a). This requirement is complete for current nuclear power reactor licensees.
Paragraph 73.55(h)(3)(v) requires licensees to describe items to be excepted from search in implementing procedures. This is a one-time requirement connected to 10 CFR Paragraph 75.55(a). This requirement is complete for current nuclear power reactor licensees.
Paragraph 73.55(i)(4)(ii)(H) requires licensees to maintain a record of all alarm annunciations, the cause of the alarm, and the disposition of each alarm.
Paragraph 73.55(i)(6)(iii) requires licensees to describe how lighting requirements are met in their security plans. This is a one-time requirement connected to 10 CFR Paragraph 75.55(a). This requirement is complete for current nuclear power reactor licensees.
Paragraph 73.55(j)(6) Requires that licensees account for areas where communication might be interrupted in implementing procedures. This is a one-time requirement connected to 10 CFR Paragraph 75.55(a). This requirement is complete for current nuclear power reactor licensees.
Paragraph 73.55(k)(5) requires licensees to document the number of armed responders in their security plans. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(c)(3).
Paragraph 73.55(k)(6) requires licensees to document the number of armed security officers in their security plans. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(c)(3).
Paragraph 73.55(k)(7) requires licensees to have procedures to reconstitute the documented number of available armed response personnel required to implement the protective strategy. This is a one-time requirement connected to 10 CFR Paragraph 75.55(a). This requirement is complete for current nuclear power reactor licensees.
Paragraph 73.55(k)(8) requires licensees to establish, maintain, and implement a written protective strategy to be documented in procedures. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(c)(7).
Paragraph 73.55(k)(8)(iii) requires that licensees notify law enforcement agencies upon receipt of an alarm or other indication of a threat.
Paragraph 73.55(k)(9) requires licensees to document and maintain current agreements with law enforcement agencies to include estimated response times and capabilities.
Paragraph 73.55(l)(3) requires licensees to describe in the security plans the operational and administrative controls to be implemented for the receipt, inspection, movement, storage, and protection of unirradiated mixed-oxide (MOX) fuel assemblies and to develop a Material Control and Accountability Program to focus on recordkeeping which describes the inventory and location of the SSNM within the assemblies. The information collections associated with this requirement are contained in 10 CFR Paragraph 73.55(c)(7).
Paragraph 73.55(l)(7) Requires that requests for use of MOX fuel assemblies containing greater than 20 weight percent PuO2 be reviewed and approved by the Commission before receipt of MOX fuel assemblies.
Paragraph 73.55(m) requires licensees to document and maintain written reports offering results and recommendations following onsite physical protection program reviews and audits, management’s findings regarding program effectiveness, and any actions taken as a result of recommendations from prior reviews and to enter findings from onsite physical protection program reviews, audits, and assessments into the site corrective action program.
Paragraph 73.55(n)(1) requires licensees to establish, maintain, and implement a maintenance testing and calibration program that is described in the PSP and implementing procedures to include the criteria for determining when problems, failures, deficiencies, and other findings are documented in the site corrective action plan. The information collections associated with this requirement are contained in 10 CFR Paragraph 73.55(c)(7).
Paragraph 73.55(n)(7) requires licensees to specify in implementing procedures a program for testing or verifying the operability of devices or equipment located in hazardous areas, which must define alternate measures to be taken to ensure the timely completion of testing or maintenance when the hazardous condition or other restrictions are no longer applicable. This is a one-time requirement connected to 10 CFR Paragraph 75.55(a). This requirement is complete for current nuclear power reactor licensees.
Paragraph 73.55(o) requires that licensees identify and describe in the security plans criteria and measures to compensate for degraded or inoperable equipment, systems, and components to meet the requirements of this section. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(c)(3).
Paragraph 73.55(p)(1) requires licensees to get approval, at a minimum, from a licensed senior operator prior to suspending safeguards measures during an emergency and requires licensees who suspend safeguards due to severe weather to get approval from the security supervisor and a licensed senior operator prior to taking this action. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(p)(3).
Paragraph 73.55(p)(3) requires licensees to document the suspension of safeguard measures in accordance with 10 CFR Section 73.71.
Paragraph 73.55(q)(2) lists records retention requirements for information collections identified elsewhere in this part. There is no information collection for this requirement.
Paragraph 73.55(q)(3) requires licensees to retain any written agreement with a contracted security force for its duration.
Paragraph 73.55(q)(4) requires licensees to retain all audit reports for three years, and make them available for inspection. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(m).
Paragraph 73.55(r) describes the process by which licensees may submit requests for alternative measures in accordance with 10 CFR Sections 50.4 and 50.90. There is no information collection for this section.
Paragraph 73.56(a)(4) allows licensees or applicants to accept, in part or whole, an access authorization program implemented by a contractor or vendor to satisfy appropriate elements of the licensee’s access authorization program in accordance with the requirements of this section. To be acceptable, contractors and vendors (C/Vs) must develop, implement, and maintain authorization programs or program elements that meet the requirements of 10 CFR Section 73.56.
Paragraph 73.56(d) requires a documented background investigation in order to grant an individual unescorted access to the protected or vital area of a nuclear power plant. This paragraph requires entities subject to this section to obtain written consent from individuals who are applying for unescorted access authorization before initiating the background investigation. The paragraph also requires licensees, applicants, and C/Vs to inform the individual of his or her right to review information that is collected to assure its accuracy and that withdrawal of consent will withdraw the individual’s current application for access authorization, and other licensees applicants, and C/Vs will have access to information documenting the withdrawal. Licensees, applicants and C/Vs must complete any background investigation elements that were in progress when an applicant withdraws his or her consent. The licensee must record the individual’s application for unescorted access authorization, his or her withdrawal of consent for the background investigation, the reason given for the withdrawal, if any, and any pertinent information collected from the background investigation elements that were completed. This section requires individuals who are applying for unescorted access authorization to disclose the personal history information that is required by the licensee’s, applicant’s or C/Vs authorization program, and any other information that may be necessary for the reviewing official to make a determination of the individual’s trustworthiness and reliability.
Paragraph 73.56(e) requires that a psychological assessment be completed and requires licensees to develop procedures to provide communication between the licensed psychologist or psychiatrist and other medical personnel; requires the licensed clinical psychologist or psychiatrist conducting the psychological assessment to inform the reviewing official of any indications or information related to a medical condition that could adversely impact the individual’s fitness for duty or trustworthiness and reliability. If the licensed psychologist or psychiatrist identifies or discovers any information that could adversely impact the fitness for duty or trustworthiness and reliability of those individuals who are currently granted unescorted access authorization status, he or she must inform the reviewing official of the discovery within 24 hours and the results of the evaluation and a recommendation shall be provided to the licensee’s or applicant’s reviewing official.
Paragraph 73.56(f) requires that each person subject to the behavior observation program to report any concerns arising from behavioral observation.
Paragraph 73.56(g) requires individuals who have applied for or are maintaining unescorted access authorization to promptly report to the reviewing official any formal actions taken against the individual by a law enforcement authority or court of law. This would include an arrest, indictment, the filing of charges or a conviction. Licensees must inform individuals of this obligation in writing prior to granting unescorted access or certifying unescorted access authorization.
Paragraph 73.56(i) requires licensees, applicants and C/Vs to complete a criminal history update, credit history re-evaluation, and psychological re‑assessment of the individual within five years of the date on which these elements were last completed, or more frequently, based on job assignment and requires licensees, applicants and C/Vs to administratively withdraw an individual’s unescorted access authorization if the criminal history update, credit history re‑evaluation, psychological re-assessment, and supervisory review have not been completed.
Paragraph 73.56(j) requires licensees to establish, implement, and maintain a list of individuals who are authorized to have unescorted access to specific nuclear power plant vital areas to assist in limiting access to those vital areas during non-emergency conditions. The list must be approved by a cognizant licensee or applicant manager or supervisor who is responsible for directing the work activities of the individual who is granted unescorted access to each vital area, and updated and re-approved no less frequently than every 31 days.
Paragraph 73.56(k) requires licensees, applicants, and C/Vs to conduct background checks on individuals who collect, process, or have access to the sensitive personal information required under this section increasing the scope of individuals who are subject to background checks.
Paragraph 73.56(l) requires licensees to include review and notification procedures in their access authorization program. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(c)(7).
Paragraph 73.56(m) requires licensees and C/Vs who collect personal information about an individual for the purpose of complying with this section to establish and maintain a system of files and procedures to protect the personal information.
Paragraph 73.56(m)(1) requires licensees and C/Vs to obtain a signed consent from the subject individual that authorizes the disclosure of the personal information collected and maintained under this section before disclosing the personal information and requires licensees to disclose personal information to other licensees and applicants, or their authorized representatives, such as contractors or vendors, who are legitimately seeking the information for unescorted access or unescorted access authorization determinations under this section and who have obtained signed consent to release this information from the subject individual.
Paragraph 73.56(m)(2) requires licensees, and C/Vs to provide copies of all records pertaining to a denial or unfavorable termination of unescorted access authorization to the subject individual or his or her designated representative upon written request.
Paragraph 73.56(m)(4) requires procedures for the secure storage and handling of personal information. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.55(c)(7).
Paragraph 73.56(n)(1) requires that licensees ensure that their entire access authorization programs are audited nominally every 24 months.
Paragraph 73.56(n)(2) requires that if a licensee or applicant relies upon a C/Vs program or program element to meet the requirements of this section, and if the C/Vs personnel providing the access authorization program service are off site or, if they are on site but not under the direct daily supervision or observation of the personnel of the licensee or applicant, then the licensee or applicant must audit the C/Vs program or program element on a nominal 12-month frequency. Also, it requires that any authorization program services that are provided to C/Vs by subcontractor personnel who are off site or are not under the direct daily supervision or observation of the contractors’/vendors’ personnel must be audited on a nominal 12-month frequency. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.56(n)(1).
Paragraph 73.56(n)(6) specifies how the audits required by 10 CFR Paragraphs 73.56(n)(1) and (n)(2) should be documented. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.56(n)(1).
Paragraph 73.57(a) requires that each applicant for a license to operate a nuclear power reactor as well as each entity who has provided written notice to the Commission of intent to file an application for licensing, certification, permitting, or approval of a product subject to regulation by the Commission shall submit a fingerprint card for individuals who have access to SGI and nuclear power plant licensees shall fingerprint each individual who has or will have access to SGI or who will require unescorted access to the nuclear power facility.
Paragraph 73.57(b)(1) requires that licensees must fingerprint each individual who is permitted or seeking unescorted access to the nuclear power facility, the non-power reactor facility in according with 10 CFR Paragraph 73.57(g), or access to SGI.
Paragraph 73.57(b)(3) requires that each nuclear power reactor licensee or non-power reactor licensee notify fingerprinted individuals that the fingerprints will be used to secure a review of his/her criminal history record, and inform the individual of proper procedures for revising the record or including explanation in the record.
Paragraph 73.57(b)(6) requires that nuclear power reactor licensees or non-power reactor licensees must submit fingerprints to the Attorney General of the United States through the NRC. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.57(b)(1).
Paragraph 73.57(d) provides the instructions for submitting the fingerprint cards. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.57(a).
Paragraph 73.57(d)(1) requires that nuclear power reactor licensees or non-power reactor licensees must obtain, complete, and send to the NRC one fingerprint record (FD Form-258) for each individual requiring unescorted access. The section also requires that licensees establish procedures to minimize the rejection rate of fingerprint cards. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.57(b)(1).
Paragraph 73.57(d)(2) requires the NRC to review applications for completeness and return incomplete applications or applications containing evident errors to licensees. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.57(b)(1).
Paragraph 73.57(e)(1) requires that, prior to any adverse action, the licensee must make available to the individual the contents of records obtained from the FBI for the purpose of assuring correct and complete information, and must retain a record of receipt by the individual of this notification for 1 year from the date of the notification. If, after reviewing the record, an individual believes that it is incorrect or incomplete, and wishes changes, corrections, or updating, or to explain any matter in the record, the individual may initiate challenge procedures. Additionally, an individual participating in an NRC adjudication and seeking to obtain SGI for use in that adjudication may appeal a final adverse determination by the NRC.
Paragraph 73.57(f)(1) requires nuclear power reactor licensees or non-power reactor licensees to establish and maintain a system of files and procedures to protect criminal history records and personal information from unauthorized disclosure.
Paragraph 73.57(f)(3) allows nuclear power reactor licensees or non-power reactor licensees to transfer records to another licensee upon the individual’s written request and verification of personal information by the gaining licensee.
Paragraph 73.57(f)(4) requires nuclear power reactor licensees or non-power reactor licensees to make records available to the NRC in order to determine compliance with the regulations and laws.
Paragraph 73.57(f)(5) requires nuclear power reactor licensees or non-power reactor licensees to retain all fingerprint and criminal history records, or a copy of the records, on an individual for 1 year after termination or denial of unescorted access to the nuclear power reactor facility or non‑power reactor facility.
Paragraph 73.57(g)(1) requires an NRC approved reviewing official to review an individual’s criminal history record before granting unescorted access to a nuclear power reactor facility or non-power reactor facility or access to SGI. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.57(b)(1).
Paragraphs 73.57(g)(2)(i) and 73.57(g)(2)(ii) require nuclear power reactor licensees or non‑power reactor licensees to obtain fingerprints for criminal history records checks for each individual seeking or permitted unescorted access to vital areas or SNM in the non-power reactor facility. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.57(b)(1).
Paragraph 73.58(b) requires licensees to assess and manage the potential for adverse effects on safety and security prior to implementing changes to plant configurations, procedures, facility conditions or security. As a result, licensees would need to maintain Safety/Security interface written procedures.
Paragraph 73.58(d) requires licensees to communicate identified adverse interactions to the appropriate licensee personnel and to take compensatory and/or mitigative actions to maintain safety and security.
Paragraph 73.60(e) requires the licensee to establish, maintain, and follow an NRC‑approved SCP. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.67(a) requires the physical protection system provide response to indications of unauthorized removal of SNM and notification of the appropriate response forces of its removal in order to facilitate its recovery.
Paragraph 73.67(c) requires the licensee to submit a security plan or amended security plan describing how the licensee will comply with the physical protection requirements of the regulations. The information collection associated with this requirement is contained in 10 CFR
Section 73.20.
Paragraph 73.67(d)(11) requires response procedures in support of the physical protection program. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.67(e)(1) requires that a licensee shipping SNM of moderate strategic significance provide advance notification to the receiver of any planned shipments specifying the mode of transport, estimated time of arrival, location of the nuclear material transfer point, name of the carrier, and transport identification. The licensee must also receive confirmation from the receiver prior to commencement of the shipment that the receiver will be ready to accept the shipment at the planned time and location and acknowledges the specified mode of transport. This information alerts the intended receiver of an impending shipment. The required notification and confirmation ensure that the shipper has preplanned the transportation of the material and that the receiver is ready to accept the material. It also helps ensure positive control of the material during transport and helps ensure traceability of any missing material.
Paragraph 73.67(e)(3) requires that a licensee who arranges for the in-transit physical protection of SNM of moderate strategic significance, or who takes delivery of the material free on board the point at which it is delivered to a carrier for transport, must establish and maintain written response procedures for dealing with thefts or threats of thefts of the material. The licensee must retain a copy of the procedures as a record. The information is used by the licensee to provide instructions to employees for dealing with contingencies and is inspected by NRC to ensure that the licensee has developed adequate procedures for dealing with thefts or threats of thefts. Licensees must make arrangements to be notified immediately of the arrival of the shipment at its destination, or of any such shipment that is lost or unaccounted for after the estimated time of arrival at its destination. This information is used by the licensee to determine that a shipment either arrived safely or is missing. Such notification gives the licensee a basis for initiating a trace investigation, which is required in the event a shipment becomes delayed or lost. Licensees must notify the NRC Operations Center within 1 hour after the discovery of the loss of the shipment and within 1 hour after recovery of or accounting for such lost shipment, in accordance with 10 CFR Section 73.71. This notification permits NRC to initiate or terminate a trace investigation if necessary.
Paragraphs 73.67(e)(4), 73.67(e)(5), and 73.67(e)(6)(i) list the records retention requirements for records required by 10 CFR Paragraphs 73.67(c) and (e). Burden for records retention is captured under each specific requirement.
Paragraph 73.67(e)(6)(ii) requires that a licensee notify the exporter who delivered the material to a carrier for transport of the arrival of such material. This information is used by the licensee to determine that a shipment either arrived safely or is missing. Such notification gives the licensee a basis for initiating a trace investigation in the event a shipment becomes delayed or lost.
Paragraph 73.67(e)(7)(i) requires that, upon request by the NRC, a shipper provide additional information regarding a planned shipment. This information, if requested, is used by the NRC to determine whether it is necessary to issue Orders to licensees in the event that it appears to the NRC that two or more shipments of SNM of moderate strategic significance, constituting in the aggregate an amount equal to or greater than a formula quantity of SSNM, may be in route at the same time.
Paragraph 73.67(e)(7)(ii) requires that the receiver, or the shipper if the receiver is not a licensee, notify the NRC by telephone within 24 hours after the arrival of the shipment at its final destination, or after the shipment has left the United States as an export. This notification permits the NRC to confirm the integrity of the shipment at the time of receipt or exit from the United States.
Paragraph 73.67(f)(4) requires response procedures in support of the physical protection program. The information collection associated with this requirement is contained in 10 CFR Paragraph 73.20.
Paragraph 73.67(g)(1) and (2) requires that a licensee shipping SNM of low strategic significance provide advance notification to the receiver of any planned shipments specifying the mode of transport, estimated time of arrival, location of the nuclear material transfer point, name of the carrier, and transport identification. The licensee must also receive confirmation from the receiver prior to commencement of the shipment that the receiver will be ready to accept the shipment at the planned time and location and acknowledges the specified mode of transport. The receiving licensee must notify the shipper of the receipt of the material in accordance with 10 CFR Section 74.15. The required notifications and confirmation ensure that the shipper has preplanned the transportation of the material and that the receiver is ready to accept the material. It also helps ensure positive control of the material during transport and helps ensure traceability of any missing material.
Paragraph 73.67(g)(3)(i) requires response procedures in support of the physical protection program. The information collection associated with this requirement is contained in 10 CFR Section 73.20.
Paragraph 73.67(g)(3)(ii) requires that a shipper of SNM of low strategic significance must make arrangements to be notified immediately of the arrival of the shipment at its destination, or of any such shipment that is lost or unaccounted for after the estimated time of arrival at its destination. This information is used by the licensee to determine that a shipment either arrived safely or is missing. Such notification gives the licensee a basis for initiating a trace investigation in the event a shipment becomes delayed or lost.
Paragraph 73.67(g)(3)(iii) requires that a licensee notify the NRC Operations Center within 1 hour after the discovery of the loss of the shipment and within 1 hour after recovery of or accounting for such lost shipment, in accordance with 10 CFR Section 73.71. This notification permits the NRC to initiate or terminate a trace investigation if necessary.
Paragraph 73.67(g)(4) Lists the records retention requirements for materials export records. Burden associated with records retention is reported under each specific requirement.
Paragraph 73.67(g)(5)(i) Lists the records retention requirements for materials import records. Burden associated with records retention is reported under each specific requirement.
Paragraph 73.67(g)(5)(ii) requires that a licensee notify the person who delivered the material to a carrier for transport of the arrival of such material. This information is used by the licensee to determine that a shipment either arrived safely or is missing. Such notification gives the licensee a basis for initiating a trace investigation in the event a shipment becomes delayed or lost.
Paragraph 73.70(a) requires that the licensee keep a record of the names and addresses of all authorized individuals. This information serves as a means of identifying those who have responsibility for surveillance of SNM, and of limiting the number of individuals with such responsibility. It identifies persons who had access in the event an investigation proves necessary and serves as a means of verification for inspection purposes to ensure that designation and access control procedures are being properly conducted.
Paragraph 73.70(b) requires that the licensee keep a record of the names, addresses, and badge numbers of all individuals authorized to have access to vital equipment or SNM, and the vital areas and material access areas to which authorization is granted. This record provides formal access authorization control. It provides verification that access control requirements are being met and serves to limit the number of individuals with such access.
Paragraph 73.70(c) requires that the licensee keep a register of visitors, vendors, and other individuals not employed by the licensee. The information collections associated with this requirement are contained in Sections 73.46, 73.50, and 73.55.
Paragraph 73.70(d) requires that the licensee keep a log of all individuals granted access to a vital area except those individuals entering or exiting the reactor control room. This record provides a means of determining who had access to vital areas. It is inspected to assess licensee performance in minimizing unnecessary access. It also can provide data to aid an investigation of an irregular event.
Paragraph 73.70(e) requires that the licensee keep documentation of all routine security tours and inspections, and of all tests, inspections, and maintenance performed on physical barriers, intrusion alarms, communications equipment, and other security related equipment. This requirement provides a record of security tours, tests and maintenance and is used to ensure that the frequency of tests and prompt maintenance of failures is verifiable by inspection. It also provides a maintenance history of equipment useful in evaluating operating performance.
Paragraph 73.70(f) requires that the licensee keep a record at each onsite alarm annunciation location of each alarm, false alarm, alarm check, and tamper indication. In addition, details of response by facility guards and watchmen to each alarm, intrusion, or other security incident must be recorded. This record provides verification that alarms are operating properly, that licensees respond properly, and that operational checks are conducted in accordance with the regulations. It also provides a means of evaluating the long term reliability of the alarm system. This includes all types of signals sent to the alarm systems main computer which incorporates authorized door openings and closings.
Paragraph 73.70(g) requires that the licensee keep a record of shipments of SNM subject to the requirements of 10 CFR Part 73, including names of carriers, major roads to be used, flight numbers for air shipments, dates and expected times of departure and arrival of shipments, verification of communications equipment on board the transfer vehicle, names of individuals who are to communicate with the transport vehicle, container seal descriptions and identification, and other details to confirm compliance with protection requirements. Information obtained during the course of the shipment such as reports of all communications, change of shipping plan, including monitor changes, trace investigations, and others, must also be recorded. These records serve as a part of the material control system by providing a record of bulk inventory change at any given plant. They also provide an audit trail and experience base for evaluating the transportation process at a later time.
Paragraph 73.70(h) requires that the licensee maintain written procedures for controlling access to protected areas and for controlling access to keys for locks used to protect SNM. This record serves to aid access control and lock and key control. It also serves as a record that may be inspected, of the licensee's performance in minimizing access and providing adequate control of key and lock operations.
Paragraph 73.71(a) requires that each licensee subject to the provisions of Sections 73.25, 73.26, or 73.37, Paragraphs 73.27(c), 73.67(e), or 73.67(g) notify the NRC Operations Center within 1 hour after the discovery of the loss of any shipment of SNM or SNF and within one 1 hour after recovery of or accounting for such lost shipment. This notification permits NRC to initiate or terminate a trace investigation if necessary. Each such licensee must follow the initial telephonic notification with a written report to the NRC within 60 days. This report permits NRC to analyze and evaluate the event and subsequent recovery efforts. The initial telephonic notification and written report must be followed by a follow-up telephonic notification and written report to NRC if any significant supplemental information is discovered or if corrections to previous reports are necessary. Copies of the written reports must be retained as a record for 3 years.
Paragraph 73.71(b) requires that each licensee subject to the provisions of Sections 73.20, 73.37, 73.50, 73.55, 73.60, or 73.67 notify the NRC Operations Center within 1 hour after the discovery of the theft or attempted theft or unlawful diversion of SNM.
Each licensee subject to the provisions of Sections 73.20, 73.37, 73.50, 73.55, 73.60, 73.51 or possessing SSNM and subject to 10 CFR Section 73.67 must notify the NRC Operations Center within 1 hour after the discovery of the following:
(a) an event involving actual or attempted significant physical damage to a nuclear power reactor or any facility possessing SSNM or its equipment or carrier equipment transporting nuclear fuel or SNF, or to the nuclear fuel or SNF a facility or carrier possesses;
(b) an event involving actual or attempted interruption of normal operation of a licensed nuclear power reactor through the unauthorized use of or tampering with its machinery, components, or controls including the security system;
(c) an actual entry of an unauthorized person into a protected area, material access area, controlled access area, vital area, or transport; or an event involving any failure, degradation, or the discovered vulnerability in a safeguard system that could allow unauthorized or undetected access to one of the above areas for which compensatory measures have not been employed.
Each licensee subject to the provisions of Sections 73.20, 73.37, 73.50, 73.55, or 73.60, must notify the NRC Operations Center within 1 hour after the discovery of an event involving actual or attempted introduction of contraband into one of the above areas. The Commission requires the reports made pursuant to 10 CFR Section 73.71 so that the Commission may be aware of events in order to determine their significance, whether a change in a licensee's safeguards plan is needed, and whether a report to Congress is necessary in accordance with Section 208 of the Energy Reorganization Act of 1974, as amended. The safeguards event reports are also needed for the development of a database whereby generic problems can be identified and feedback given to licensees for improving their safeguards systems.
Paragraph 73.71(c) requires that each licensee subject to the provisions of Sections 73.20, 73.37, 73.50, 73.51, 73.55, 73.60, or possessing SSNM and subject to 10 CFR Paragraph 73.67(d) must maintain a current log and record the safeguards events described in paragraphs II(a) and (b) of Appendix G to 10 CFR Part 73 within 24 hours of discovery by a licensee employee or member of the licensee's contract security organization.
Paragraph 73.71(d) provides guidance for the submission of 60-day reports required under the forgoing provisions of 10 CFR Section 73.71. It provides that power reactor licensees should submit the written report using NRC Form 366, "Licensee Event Report." Other licensees must submit the written report in letter format. NRC Form 366 has previously been cleared under OMB No. 3150-0104, which should be referred to for additional supporting information, burden and cost data. It is necessary for both the licensee and the NRC to maintain copies of the reports for the following reasons. The licensee must maintain copies to perform the yearly security audit required by 10 CFR Paragraphs 73.46(g)(6) for fuel facilities and 73.55(g)(4) for power reactors. This audit evaluates the effectiveness of the security system at these facilities. Also, in order to maintain the level of security deemed adequate by NRC, the licensee must observe and analyze the operational aspects of its security system. This can only be done through the maintenance and analysis of such records as those for security events. The NRC maintains copies of security event records to conduct analyses to identify and characterize generic and facility-specific precursors to certain safeguards events. Improving the ability of the NRC to identify generic precursors or defects provides the agency with a capability to initiate corrective action, if needed, prior to a vulnerability having a detrimental effect on public health and safety.
Section 73.72 requires that licensees shipping a formula quantity of SSNM, SNM of moderate strategic significance, or irradiated reactor fuel required to be protected pursuant to 10 CFR Section 73.37, must provide advance written notification to NRC at least 10 days prior to shipment, along with shipment details and itinerary, and must notify NRC by telephone of the transmittal of the advance notice and of any changes to the shipment itinerary. This requirement is necessary to allow the NRC to review shipment details and schedule appropriate monitoring of the shipment. It also serves as a means to verify shipment details during the inspection process.
Section 73.73 requires that licensees exporting SNM of low strategic significance to provide advance written notification to the NRC at least 10 days prior to shipment, along with shipment details and itinerary, and may notify the NRC by telephone of any changes to the shipment details or itinerary. This requirement is necessary to allow the NRC to review shipment details and schedule appropriate monitoring of the shipment. It also serves as a means to verify shipment details during the inspection process.
Section 73.74 requires that licensees importing SNM of low strategic significance from a country not a party to the Convention on the Physical Protection of Nuclear Material must provide advance written notification to NRC at least 10 days prior to shipment, along with shipment details and itinerary, and may notify the NRC by telephone of any changes to the shipment details or itinerary. This requirement is necessary to allow the NRC to review shipment details and schedule appropriate monitoring of the shipment. It also serves as a means to verify shipment details during the inspection process.
Paragraph 73.77(a)(1) requires licensees subject to the provisions of 10 CFR Section 73.54 to make a telephonic notification of the cyber security events identified at 10 CFR Paragraph 73.77(a)(1) to the NRC Headquarters Operations Center via the Emergency Notification System within one hour after discovery. Notifications must be made according to 10 CFR Paragraph 73.77(c).
Paragraph 73.77(a)(2) requires licensees subject to the provisions of 10 CFR Section 73.54 to make a telephonic notification of the cyber security events identified at 10 CFR Paragraphs 73.77(a)(2)(i)-(iii) to the NRC Headquarters Operations Center via the Emergency Notification System within four hours after discovery. Notifications must be made according to 10 CFR Paragraph 73.77(c).
Paragraph 73.77(a)(3) requires licensees subject to the provisions of 10 CFR Section 73.54 to make a telephonic notification of the cyber security events identified at 10 CFR Paragraph 73.77(a)(3) to the NRC Headquarters Operations Center via the Emergency Notification System within eight hours after discovery. Notifications must be made according to 10 CFR Paragraph 73.77(c).
Paragraph 73.77(b) requires licensees subject to the provisions of 10 CFR Section 73.54 to record cyber security events identified at 10 CFR Paragraph 73.77(b) in the site corrective action program within 24 hours after discovery.
Paragraphs 73.77(c)(1)-(4) describes the notification process. Burden for these notifications is captured under 10 CFR Paragraph 73.77(a) (1) – (3).
Paragraph 73.77(d) requires licensees making an initial telephonic notification of cyber security events to the NRC according to the provisions of Paragraphs 73.77(a)(1), (a)(2)(i), and (a)(2)(iii) to also submit a written security follow-up report to the NRC within 60 days of the telephonic notification using NRC Form 366, Licensee Event Report. Licensees are not required to submit a written security follow-up report following a telephonic notification made under Paragraphs 73.77(a)(2)(iii) and (a)(3).
Paragraph 73.77(d)(12) requires licensees to maintain a copy of the written security follow-up report of an event submitted under 10 CFR Section 73.77 as a record for a period of 3 years from the date of the report or until the Commission terminates the license for which the records were developed, whichever comes first.
Appendix B sets the minimum training and qualification criteria for security personnel. Much of the information in this Appendix repeats requirements listed earlier in this part with a greater level of detail. Where the Appendix identifies new or additional requirements, they are captured below.
Appendix B Section VI B.4.a.1 requires licensees to obtain and retain a written certification from the licensed physician that no medical conditions were disclosed by the medical examination that would preclude the individual’s ability to participate in the physical fitness tests or meet the physical fitness attributes or objectives associated with assigned duties.
Appendix B Section VI B.4.b.4 requires licensees to have documentation by a qualified training instructor the physical fitness qualification of each armed member of the security organization, this documentation must be attested to by a security supervisor. The information collection for this requirement includes the requalification requirement contained in Appendix B Section VI B.5.b.
Appendix B Section VI B.5.b requires licensees to have documentation by a qualified training instructor the physical fitness requalification of each armed member of the security organization, this documentation must be attested to by a security supervisor. The information collection associated with this requirement is contained in Appendix B Section VI B.4.b.4.
Appendix B Section VI C.2.b requires licensee training instructors to document on-the-job training and security supervisors to attest to an individual’s on-the-job training.
Appendix B Section VI C.3.a requires licensees to develop, implement, and maintain a documented PEP. The PEP shall be referenced in the T&QP. This is a one-time requirement connected to 10 CFR Paragraph 75.55(a).
Appendix B Section VI C.3.g requires licensees to document all findings, deficiencies, and failures identified during tactical response drills and force-on-force exercises deemed to adversely affect or decrease the effectiveness of the protective strategy and physical protection in the licensee’s corrective action program.
Appendix B Section VI C.3.h requires documentation of scenarios and participants for drills and exercises. The information collection associated with this requirement is contained in Appendix B Section VI C.3.g.
Appendix B Section VI C.3.i requires that findings, deficiencies, and failures identified in drills and exercises be entered into the corrective action program. The information collection associated with this requirement is contained in Appendix B Section VI C.3.g.
Appendix B Section VI C.3.m requires licensees to develop and document scenarios for drills and exercises. The information collection associated with this requirement is contained in Appendix B Section VI C.3.g.
Appendix B Section VI C.3.n.1 requires licensees to develop and document multiple scenarios for use in conducting quarterly tactical response drills and annual force-on-force exercises. The information collection associated with this requirement is contained in Appendix B Section VI C.3.g.
Appendix B Section VI E.1.b requires that licensees only use firearms instructors that are certified from a national or state recognized entity and that the certification specify the weapon type(s) for which the instructor is qualified to teach and that licensees only use firearms instructors who are recertified in accordance with the standards recognized by the certifying national or state entity, but in no case shall recertification exceed 3 years.
Appendix B Section VI E.1.d requires licensees to include in the T&QP the following additional standards: target identification and engagement, weapon malfunctions, cover and concealment, and weapon familiarization. This is a one-time requirement whose burden is included in 10 CFR Paragraph 73.55(a).
Appendix B Section VI F.1.b requires licensees to document and retain the results of weapons qualification and requalification.
Appendix B Section VI F.2 requires that a licensee’s written T&QP must describe the firearms used, the firearms qualification program, and other tactical training required to implement the Commission-approved security plans, licensee protective strategy, and implementing procedures. This is a one-time requirement whose burden is included in 10 CFR Paragraph 73.55(a).
Appendix B Section VI F.5.a requires licensees to re-qualify armed members of the security organization for each assigned weapon at least annually in accordance with Commission requirements and the Commission-approved T&QP and document and retain the results as a record. The information collection associated with this requirement is Appendix B, Section VI F.1.b.
Appendix B Section VI G.3.a requires licensees to include in the T&QP a firearms maintenance and accountability program to ensure weapons and ammunition are properly maintained, function as designed, and are properly stored and accounted for. This is a one-time requirement whose burden is included in 10 CFR Paragraph 73.55(a).
Appendix B Section VI H.1 requires licensees to retain all reports, records, or other documentation required by this appendix in accordance with the requirements of 10 CFR Paragraph 73.55(r). The burden for this requirement is included in each specific recordkeeping requirement
Appendix C describes the specific requirements for the SCP required by 10 CFR Section 73.20 and Paragraph 73.55(c)(5). There are no additional information collections in Appendix C.
Appendix G provides clarification of the requirements for reporting safeguards events. Safeguards events provide a vehicle for providing licensees with feedback about the effectiveness of safeguards systems. Some safeguards events require immediate response by the NRC. Under 10 CFR Section 73.71, these events are required to be reported within 1 hour of detection of their occurrence to assure timely response by NRC regional and headquarters staff, followed by a written report within 60 days. Other safeguards events, while of less significance, must be reported in order to determine trends in deficiencies in safeguards systems. The NRC has established a program for the collection and analysis of all pertinent safeguards data. This data is immediately entered into the NRC data base and analysis is begun as soon as the data is entered. Upon completion of the analysis, appropriate action and response are initiated. In order to achieve program objectives, a standardized level of detail is required for the evaluation of safeguards events. The results of the analyses are used to improve regulations for these facilities, for preparing for inspections, and to give feedback to licensees for improving their safeguards systems.
Confirmatory Action Letter, dated October 28, 2002, requires research and test reactors (currently called non-power reactors) to establish a physical security and access authorization program. Confirmatory action letter implementation plans were submitted for this CAL when the compensatory measures were first issued back in 2003 and 2005 and there are currently no ongoing submissions. Compensatory measures have been incorporated into the PSP. Burden for ongoing recordkeeping is captured under estimates to establish and maintain NRC‑approved physical protection, training and qualification and SCPs.
PART 73 GUIDANCE DOCUMENTS
Title |
Accession number or link |
NRC Regulatory Guides (RG) - Materials and Plant Protection (Division 5) |
https://www.nrc.gov/reading-rm/doc-collections/reg-guides/protection/rg/ |
RG 1.206 “Combined Operating Application for New Reactors” |
ML070630003 |
RG 5.52, ”Standard Format and Content of a Licensee Physical Protection Plan for Strategic SNM at Fixed Sites (Other than Nuclear Power Plants)” |
ML003739235 |
RG 5.54 “Standard Format and Content of a Safeguards Contingency Plan for Power Plants” |
SGI |
RG 5.55, “Standard Format and Content of Safeguards Contingency Plans for Fuel Cycle Facilities” |
ML003739256
|
RG 5.59. “Standard Format and Content for a Licensee Physical Security Plan for the Protection of SNM of Moderate or Low Strategic Significance” |
ML100341301 |
RG 5.62 “Reporting of Safeguards Events” |
ML003739271 |
RG 5.71 “Cyber Security Programs for Nuclear Facilities” |
ML090340159 |
RG 5.79 “Protection of SGI” |
ML103270219 |
RG 5.81 “Target Set Identification and Development for Nuclear Power Reactors” |
ML102720056 |
NUREG-0561, “Physical Protection of Shipments of Irradiated Reactor Fuel, Rev 2” |
ML13120A230 |
NUREG-1619 “Standard Review Plan for Physical Protection Plans for the Independent Storage of Spent Fuel and High Level Radioactive Waste” |
ML020720453
|
Generic Letter 91-03 “Reporting of Safeguards Events” |
ML031140131 |
NEI 03-12 “Template for the Physical Security Plan, Training and Qualification Plan, Safeguards Contingency Plan, [and Independent Spent Fuel Storage Installation Security Program] |
ML112800379 plus a SGI Document
|
NEI 08-09 (NRC endorsed) “Cyber Security Plan for Nuclear Power Reactors” |
ML101180437
|
NEI 11-08 “Guidance on Submitting Security Plan Changes” |
ML12216A194 |
NEI 99-02 “Regulatory Assessment Performance Indicator Guideline” |
ML092931123 |
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Title | DRAFT SUPPORTING STATEMENT |
| Author | dgh2 |
| File Modified | 0000-00-00 |
| File Created | 2021-01-20 |