3150-0046 Part 25 Final supporting statement

Download: docx | pdf

FINAL SUPPORTING STATEMENT

FOR

10 CFR PART 25

ACCESS AUTHORIZATION

(3150-0046)

REVISION

Description of the Information Collection

Title 10 of the Code of Federal Regulations (10 CFR) Part 25, “Access Authorization,” establishes procedures for granting, reinstating, extending, transferring, and terminating access authorizations. In Part 25, “access authorization” means an administrative determination that an individual (including a consultant) is eligible for a security clearance for access to classified information. Part 25 applies only to licensees, certificate holders, and others who may require access to classified information related to a license, certificate, an application for a license or certificate, or other activities as the Commission may determine. There are a total of 78 licensees and other organizations who must comply with the reporting and recordkeeping requirements contained in 10 CFR Part 25.

After obtaining an access authorization, the individual is required to report all information that bears on their continued eligibility for access authorization, such as arrests, court actions, foreign contacts, foreign travels, and foreign activities, firing from a job, criminal conduct, alcohol abuse, use of illegal drugs, psychological, and financial matters. The individual must comply with the reporting requirements set forth in Security Executive Agent Directive (SEAD 3). There are an estimated 54 individuals annually who will make notifications to the NRC with information that bears on continued their eligibility for access authorization, access to classified information, or a sensitive position. The current submission includes information collections contained in a new online portal for the reporting of unofficial foreign travel as required by SEAD3.

Each licensee or organization employing individuals approved for personnel security access authorization under this part, maintains records pertaining to the personnel access authorization, a termination, cancellation or reinstatement or a request for exemption from10 CFR Part 25. These records are subject to review and inspection by Cognizant Security Agency (CSA) representatives during security reviews.

1. JUSTIFICATION

1. Need for and Practical Utility of the Information Collection

10 CFR Part 25 contains requirements for submittal of personnel security access authorization and access authorization renewal requests, security recordkeeping requirements, and security reporting and notification procedures relative to access authorizations. Some of the information submitted pursuant to Part 25 is cleared under separate OMB control numbers, including:

• NRC Form 237, “Request for Access Authorization” (3150-0050)

• NRC Form 354, “Data Report on Spouse” (3150-0026)

• NRC Form 176 – “A. Security Acknowledgment, B. Special Nuclear Material Access Authorization Acknowledgment” (3150-0239)

• NRC Form 277, “Request for Visit” (3150-0051)

All of the remaining requirements in Part 25 for reporting and recordkeeping, are necessary for one or more of the reasons listed below.

1. To obtain the essential data from individuals necessary to determine their eligibility or continuing eligibility for an NRC access authorization for access to classified information and to comply with the pertinent statutes and Executive Orders which authorize background investigations on an individual’s character, associations, and loyalty. The authority for 10 CFR Part 25 is: Atomic Energy Act of 1954, secs. 145, 161, 223, 234 (42 U.S.C. 2165, 2201, 2273, 2282); Energy Reorganization Act of 1974, sec. 201 (42 U.S.C. 5841); 44 U.S.C. 3504 note; E.O. 10865, 25 FR 1583, as amended, 3 CFR, 1959–1963 Comp., p. 398; E.O. 12829, 58 FR 3479, 3 CFR, 1993 Comp., p. 570; E.O. 13526, 75 FR 707, 3 CFR, 2009 Comp., p. 298; E.O. 12968, 60 FR 40245, 3 CFR, 1995 Comp., p. 391. Section 25.17(f) and Appendix A also issued under 31 U.S.C. 9701; 42 U.S.C. 2214.

2. To obtain essential data describing normal operating procedures pertinent to personnel security and visitor control activities to ensure that regulatory requirements are being met by licensees and other organizations.

3. To obtain essential data which serves as the basis for determining continued eligibility of an individual for an NRC access authorization when occurrences or developments arise which may affect the initial determination.

The information collection requirements of 10 CFR Part 25 are identified and described in the “Description of Information Collection Requirements” at the end of this supporting statement.

2. Agency Use of Information

Personal history information which is submitted by applicants for access authorizations or access authorization renewal is reviewed, evaluated by NRC’s Division of Facilities and Security personnel, and provided to the Office of Personnel Management (OPM) which conducts background investigations. The NRC reviews the data from these investigations and makes determinations regarding the eligibility of applicants for access or continued access to classified information. If the information collection was not conducted, individuals would not be permitted access to NRC classified information. If no access authorization/security clearances were granted, the licensee employees would not have access to the areas in facilities and/or the data required to perform their daily duties

3. Reduction of Burden Through Information Technology

The NRC has issued Guidance for Electronic Submissions to the NRC which provides direction for the electronic transmission and submittal of documents to the NRC. Electronic transmission and submittal of documents can be accomplished via the following avenues: the Electronic Information Exchange (EIE) process, which is available from the NRC's “Electronic Submittals” Web page, by Optical Storage Media (OSM) (e.g. CD-ROM, DVD), by facsimile or by e-mail. It is estimated that approximately 95% of the potential responses are filed electronically.

4. Effort to Identify Duplication and Use Similar Information

No sources of similar information are available. There is no duplication of requirements.

5. Effort to Reduce Small Business Burden

None of the licensees affected qualify as small business enterprises or entities.

6. Consequences to Federal Program or Policy Activities if the Collection Is Not Conducted or Is Conducted Less Frequently

Information is collected at the initiation of a clearance. For a “Secret” clearance it is collected every 10 years and for “Top Secret” every 5 years. If the information is collected less frequently, the assurance that only appropriately cleared individuals have access to NRC classified information is reduced, which may endanger the U.S. common defense and national security. Classified information may be compromised if furnished to individuals without an access authorization or an out-of-date access authorization.

7. Circumstances Which Justify Variation from OMB Guidelines

Section 25.25 identifies when a request for access authorization or renewal of access authorization is withdrawn or canceled. The requestor shall immediately notify the CSA so that the personnel security investigation, or other action may be discontinued. The information is used by NRC to terminate its processing of the individual and to notify the investigating agency that the investigation may be canceled. This action saves the U.S. Government specific processing costs and curtails unnecessary investigations and invasions of privacy.

Section 25.33 identifies when an access authorization is to be terminated. The requestor shall immediately notify the CSA when an access authorization is terminated or is no longer needed. The information is used by NRC to update all databases with the termination date to ensure the individual is no longer able to access classified information.

8. Consultations Outside the NRC

Opportunity for public comment on the information collection requirements for this clearance package has been published In the Federal Register on August 31, 2022 (87 FR 53511). A small sample of users of the SEAD3 Portal System were contacted via email to provide input about the system, including three contractors and seven NRC employees. No comments were received in responses to these consultations.

9. Payment or Gift to Respondents

Not applicable.

10. Confidentiality of the Information

Confidential and proprietary information is protected in accordance with NRC regulations at 10 CFR 9.17 (a) and 10 CFR 2.390 (b).

Upon receipt of the notification of original grant of access authorization, the licensee or organization obtains an executed SF 312, “Classified Information Nondisclosure Agreement” from the affected individual. Once received by the NRC, the SF-312 is put into the Personnel Security Adjudication and Tracking System (PSATS), which is covered under system of records notice NRC-39. “Personnel Security Files and Associated Records” (December 27, 2019, 84 FR 71568)

Notifications of visits consist of a Visit Authorization Letter (VAL) prepared by the licensee, certificate holder, or others and submitted to the NRC in accordance with Section 25.35(c). VALs are entered into the Personnel Security Adjudication and Tracking System (PSATS), which is covered under system of records notice NRC-39. “Personnel Security Files and Associated Records.”

Notice of unofficial foreign travel by NRC contractors and licensees submitted to the NRC are entered into the SEAD3 portal; which is a subset of Personnel Security Adjudication and Tracking System PSATS, which is covered under system of records notice NRC-39. “Personnel Security Files and Associated Records.”

11. Justification for Sensitive Questions

Sensitive information collected includes matters such as arrests, court actions, foreign contacts, foreign travels, and foreign activities, firing from a job, criminal conduct, alcohol abuse, use of illegal drugs, psychological, and financial matters. Once an access authorization has been granted the individual must comply with the reporting requirements set forth in Security Executive Agent Directive (SEAD 3). This information is needed to ensure that individuals are trustworthy prior to granting a security clearance for access to classified information and for continuing eligibility for a clearance.

12. Estimated Burden and Burden Hour Cost

The burden estimates for 10 CFR Part 25 information collection requirements are based on submittals to NRC in past years and NRC staff experience.

The total annual burden and cost for complying with the information collection requirements in 10 CFR Part 25 is estimated to be 226 hours at a cost of $65,540 (226 hrs x $290/hr).

Burden is broken down according to the number of respondents for each requirement on the supplemental burden table.

The $290 hourly rate used in the burden estimates is based on the Nuclear Regulatory Commission’s fee for hourly rates as noted in 10 CFR 170.20 “Average cost per professional staff-hour.”  For more information on the basis of this rate, see the Revision of Fee Schedules; Fee Recovery for Fiscal Year 2022 (87 FR 37197, June 22, 2022).

13. Estimate of Other Additional Costs

The NRC has determined that the quantity of records to be maintained is roughly proportional to the recordkeeping burden and, therefore, can be used to calculate approximate records storage costs. Based on the number of pages maintained for a typical clearance, the records storage cost has been determined to be equal to 0.0004 times the recordkeeping burden cost. Because the recordkeeping burden is estimated to be 66 hours, the storage cost for this clearance is $8 (66 hours x 0.0004 x $290/hour).

14. Estimated Annualized Cost to the Federal Government

The effort associated with these requirements includes reviewing the SF-86 and electronically submitting it to OPM for an investigation via the internet through the e-QIP system, reviewing other personnel security forms required for access authorization processing; evaluating reports of developments which may affect continued eligibility for access authorization; and renewing, reinstating or transferring access authorizations. The estimated cost to the Federal Government for professional effort is based on current and past experience under 10 CFR Part 25.

The clerical effort associated with these requirements includes requesting background investigations required for access authorizations; which includes initiating applicants into the e-QIP system, pre-screening documents for accuracy, scanning, processing name changes, processing visit requests; and canceling and terminating access authorization requests.

6 hours per case x 250 cases = 1,500 hours x $290 = $435,000

The records are held in the Division of Facilities and Security, Personnel Security Branch (PSB) secure vault and stored within PSB Personnel Security Adjudication Tracking System (PSATS). The annual cost for the record holding requirements is 1 cubic foot x $209/cubic feet = $209.

The total annual cost is $435,209 ($435,000 + $209).

15. Reasons for Changes in Burden or Cost

The overall burden for this clearance has increased from 189 hours and 384 responses in the previous renewal to 226 hours and 534 responses per year in this clearance cycle, an increase of 37.5 hours and increase of 150.2 responses.

The submission has been marked as a revision due to the new online reporting portal for unofficial travel. This travel is reported by NRC contractors and licensees with access to classified information or who hold a sensitive position. This reporting portal fulfills the requirements of Security Executive Agent Directive 3 (SEAD 3) and is estimated to take 15 minutes. The burden for reporting unofficial travel was previously estimated at 15 minutes, but the online reporting portal was developed in 2022. Reporting using the online portal increased by the burden for the information collection by 37.5 hours. Other burden associated with Part 25 remains unchanged.

In addition, the annual fee rate has increased from $275/hr. to $288/hr.

16. Publication for Statistical Use

There is no application of statistics in the information collected. There is no publication of this information.

17. Reason for Not Displaying the Expiration Date

The recordkeeping and reporting requirements for this information collection are associated with regulations and are not submitted on instruments such as forms or surveys. For this reason, there are no data instruments on which to display an OMB expiration date. Furthermore, amending the regulatory text of the CFR to display information that, in an annual publication, could become obsolete would be unduly burdensome and too difficult to keep current. The expiration date will be displayed on the SEAD3 foreign travel reporting portal.

18. Exceptions to the Certification Statement

Not applicable.

2. COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS

Not applicable.

DESCRIPTION OF INFORMATION COLLECTION REQUIREMENTS

CONTAINED IN

10 CFR PART 25

ACCESS AUTHORIZATION

Section 25.11 NRC may grant exemptions from the requirements of the regulations of this part upon application by any person or upon its own initiative provided the exemptions are authorized by law, will not present an undue risk to the public health and safety, and are consistent with the common defense and security.

Section 25.21(b) The CSA must be promptly notified of developments that bear on continued eligibility for access authorization throughout the period for which the authorization is active.

The NRC policy is that the occurrence of any of the following must be reported within 5 days:

• Arrests, charges, or detentions;

• Involvement in civil court actions;

• Change in marital status (including legal separation);

• Change of name;

• Change in cohabitation;

• Outside employment that creates a conflict of interest;

• Foreign national contacts including business or personal contacts;

• Travel to a foreign country for which the U.S. Department of State has issued a travel warning (travel warnings can be found at http://travel.state.gov/travel/);

• Any arrests and detentions, issues with customs or law enforcement, or concerns that you were being followed or monitored while on official or unofficial travel;

• Travel to a foreign country where a passport other than a U.S. passport is used to enter or leave the country;

• Enrollment in a drug or alcohol treatment program;

• Changes in financial status (notice of debt collection, bankruptcy, collection activity, foreclosure, Federally guaranteed loans, tax liens, or failure to file or pay Federal or State taxes); or

• Treatment for emotional, mental, or personality disorders (except marriage, grief, or family counseling).

Security Executive Agent Directive (SEAD 3) Reporting Requirements for Personnel With Access to Classified Information or Who Hold a Sensitive Position, effective 12 June 2017 is a policy issued by the Office of the Director of National Intelligence, which includes requirements to report information that pertains to the continued eligibility for a security clearance. NRC staff has combined the burden for responding to SEAD 3 requirements with the burden for reporting under 25.21, due to the significant overlap of the requirements. Under SEAD 3, Covered individuals include contractors, subcontractors, licensees, certificate holders, grantees, experts, and consultants who perform work for or on behalf of the executive branch who have been granted access to classified information or who hold a sensitive position; perform work for or on behalf of a state, local, tribal, or private sector entity, who have been granted access to classified information; or serve in the legislative or judicial branches and have been granted access to classified information The SEAD 3 reporting requirements have been uploaded as an IC instrument in ROCIS. As part of NRC’s effort to implement SEAD3 reporting requirements for foreign travel the agency has implemented an intranet portal that captures the travelers name, names of travel companions, passport numbers, travel itinerary, countries visited, and lodging information. All unofficial foreign travel, regardless of country, for those employees that hold a security clearance must be reported. This information will be submitted into the SEAD3 portal and will be stored in the PSATS database for retrieval, if needed, at a later date. Screen shots have been provided as a supplementary document to this submission. A post-travel survey will allow participants to report any changes in their itinerary or any interactions with foreign intelligence agencies or foreign nationals.

Section 25.23 Upon receipt of the notification of original grant of access authorization, the licensee or organization shall obtain an executed SF 312, “Classified Information Nondisclosure Agreement” from the affected individual. An employee issued an initial access authorization shall execute an SF-312 before being granted access to classified information. The licensee or other organization shall forward the executed SF-312 to the CSA for retention. If the employee refuses to execute the SF-312, the licensee or other organization shall deny the employee access to classified information and submit a report to the CSA. The SF-312 must be signed and dated by the employee and witnessed. Once received by the NRC, the SF-312 is put into the Personnel Security Adjudication and Tracking System (PSATS), which is covered under system of records notice NRC-39. “Personnel Security Files and Associated Records.”

The employee’s and witness’ signatures must bear the same date. The individual shall also be given a security orientation briefing in accordance with 10 CFR 95.33. Based on past experience, no individual has refused to execute the SF 312. Therefore, no burden is expected for this report. Records of access authorization grant and renewal notification must be maintained by the licensee or other organization for 3 years after the access authorization has been terminated by the CSA.

The reports and information required by this section ensure that only individuals who have agreed to properly protect classified information have access to such information.. This recordkeeping requirement ensures these records are available for review by NRC inspectors and that they can be compared against records held by the NRC Division of Facilities and Security. The records under this section must be kept for 3 years following the access authorization termination date.

Section 25.25 When a request for an individual's access authorization or renewal of access authorization is withdrawn or canceled, the requestor shall immediately notify the CSA by telephone so that the personnel security investigations, or other action may be discontinued. The requestor shall identify the full name and date of birth of the individual, the date of request, and the type of access authorization or access authorization renewal requested. The requestor shall confirm each telephone notification promptly in writing.

The information required by this section is necessary each time a licensee or other organization wishes to withdraw or cancel an access authorization or access authorization renewal they have requested. The information is used by NRC to terminate its processing of the individual and to notify the investigating agency that the investigation may also be canceled. This action saves the U.S. Government specific processing costs and curtails unnecessary investigations and invasions of privacy.

Section 25.27(a) In conjunction with a new request for access authorization (NRC Form 237 or CSA equivalent) for individuals whose cases were previously canceled, new fingerprint cards (FD-257) in duplicate and a new NRC Form 176, “Security Acknowledgment” or CSA equivalents, must be furnished to the CSA along with the request.

Section 25.27(b) This section requires that if 90 days or more have elapsed since the date of the last SF-86, or CSA equivalent, the individual must complete a personnel security packet (see Section 25.17(d)). The CSA, based on investigative or other needs, may require a complete up-to-date personnel security packet in other cases as well.

These procedures and information in Sections 25.27(a) and (b) are used by NRC to reopen and complete the access authorization processing and to determine the respondent’s trustworthiness and eligibility for an access authorization.

Section 25.29(a) An access authorization can be reinstated provided that no more than 24 months has lapsed since the date of termination of the clearance; there has been no break in employment with the employer since the date of termination of the clearance; there is no known adverse information; the most recent investigation does not exceed 5 years; and the most recent investigation meets or exceeds the scope of the investigation required for the level of access authorization that is to be reinstated or granted.

Section 25.29(b) An access authorization can be reinstated at the same, or lower, level by submission of a CSA-designated form to the CSA. The employee may not have access to classified information until an up-to-date personnel security packet is furnished with the request for reinstatement of an access authorization and receipt of written confirmation of reinstatement. A new NRC Form 176 will be obtained in all cases. Where personnel security packets are not required, a request for reinstatement must state the level of access authorization to be reinstated and the full name and date of birth of the individual.

The purpose of this requirement is to provide that information which may be necessary (depending upon when the access authorization was terminated) to reinstate or reactivate the access authorization.

Section 25.31(c) Requests for extension or transfer of access authorization must state the full name of the person, his date of birth, and level of access authorization. The NRC’s Director, Division of Facilities and Security may require a new personnel security packet to be completed by the applicant.

These procedures and requirements provide the necessary information to properly identify and process an individual for an extension or transfer of their access authorization.

Section 25.33 requires the licensee or other organization to notify the CSA when an individual’s access authorization is being terminated.  This is done using the NRC Form 136, and the burden is captured under that clearance.

These procedures ensure that only properly authorized individuals who require access to classified matter as a part of their official duties will have such access during visits to other facilities and agencies. They also require the requesting facility to notify places receiving long-term visit requests of any changes in the individual’s status as they occur

Section 25.35(a) This section requires that the number of classified visits must be held to a minimum. The licensee, certificate holder, or other facility shall determine that the visit is necessary and that the purpose of the visit cannot be achieved without access to, or disclosure of, classified information. All classified visits require advance notification to, and approval of, the organization to be visited. In urgent cases, visit information may be furnished by telephone and confirmed in writing. Notifications of visits shall consist of a Visit Authorization Letter (VAL) prepared by the licensee, certificate holder, or others and submitted to the NRC in accordance with Section 25.35(c). VALs are entered into the Personnel Security Adjudication and Tracking System (PSATS), which is covered under system of records notice NRC-39. “Personnel Security Files and Associated Records.”

Section 25.35(d) Classified visits may be arranged for a 12-month period. The requesting facility shall notify all places honoring these visit arrangements of any change in the individual’s status that will cause the visit request to be canceled before its normal termination date.

Section 25.35(e) requires the licensee, certificate holder or other facility shall establish procedures to ensure positive identification of visitors before the disclosure of any classified information.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	Benney, Kristen
File Modified	0000-00-00
File Created	2023-08-29