AGENCY:

Nuclear Regulatory Commission.

ACTION:

Draft guide; request for comment.

SUMMARY:

The U.S. Nuclear Regulatory Commission (NRC) is issuing for public comment a draft regulatory guide (DG), DG–5079, “Cybersecurity Event Notifications.” This DG is proposed Revision 1 to Regulatory Guide (RG) 5.83 of the same name. This proposed revision describes methods that the staff of the NRC considers acceptable for licensees to meet requirements in NRC regulations to report and record cybersecurity events.

DATES:

Submit comments by May 24, 2023. Comments received after this date will be considered if it is practical to do so, but the NRC is able to ensure consideration only for comments received on or before this date.

ADDRESSES:

You may submit comments by any of the following methods; however, the NRC encourages electronic comment submission through the Federal rulemaking website:

• Federal rulemaking website: Go to https://www.regulations.gov and search for Docket ID NRC–2023–0068. Address questions about Docket IDs in Regulations.gov to Stacy Schumann; telephone: 301–415–0624; email: Stacy.Schumann@nrc.gov. For technical questions, contact the individuals listed in the For Further Information Contact section of this document.

• Mail comments to: Office of Administration, Mail Stop: TWFN–7–A60M, U.S. Nuclear Regulatory Commission, Washington, DC 20555–0001, ATTN: Program Management, Announcements and Editing Staff.

For additional direction on obtaining information and submitting comments, see “Obtaining Information and Submitting Comments” in the SUPPLEMENTARY INFORMATION section of this document.

FOR FURTHER INFORMATION CONTACT:

Daniel Warner, Office of Nuclear Security and Incident Response, telephone: 301–287–3642; email: Daniel.Warner@nrc.gov and Stanley Gardocki, Office of Nuclear Regulatory Research, telephone: 301–415–1067; email: Stanley.Gardocki@nrc.gov. Both are staff of the U.S. Nuclear Regulatory Commission, Washington, DC 20555–0001.

SUPPLEMENTARY INFORMATION:

I. Obtaining Information and Submitting Comments

A. Obtaining Information

Please refer to Docket ID NRC–2023–0068 when contacting the NRC about the availability of information for this action. You may obtain publicly available information related to this action by any of the following methods:

• Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC–2023–0068.

• NRC's Agencywide Documents Access and Management System (ADAMS): You may obtain publicly available documents online in the ADAMS Public Documents collection at https://www.nrc.gov/​reading-rm/​adams.html. To begin the search, select “Begin Web-based ADAMS Search.” For problems with ADAMS, please contact the NRC's Public Document Room (PDR) reference staff at 1–800–397–4209, 301–415–4737, or by email to PDR.Resource@nrc.gov. The ADAMS accession number for each document referenced (if it is available in ADAMS) is provided the first time that it is mentioned in this document.

• NRC's PDR: You may examine and purchase copies of public documents, by appointment, at the NRC's PDR, Room P1 B35, One White Flint North, 11555 Rockville Pike, Rockville, Maryland 20852. To make an appointment to visit the PDR, please send an email to PDR.Resource@nrc.gov or call 1–800–397–4209 or 301–415–4737, between 8 a.m. and 4 p.m. eastern time (ET), Monday through Friday, except Federal holidays.

B. Submitting Comments

The NRC encourages electronic comment submission through the Federal rulemaking website ( https://www.regulations.gov). Please include Docket ID NRC–2023–0068 in your comment submission.

The NRC cautions you not to include identifying or contact information that you do not want to be publicly disclosed in your comment submission. The NRC will post all comment submissions at https://www.regulations.gov as well as enter the comment submissions into ADAMS. The NRC does not routinely edit comment submissions to remove identifying or contact information.

If you are requesting or aggregating comments from other persons for submission to the NRC, then you should inform those persons not to include identifying or contact information that they do not want to be publicly disclosed in their comment submission. Your request should state that the NRC does not routinely edit comment submissions to remove such information before making the comment submissions available to the public or entering the comment into ADAMS.

II. Additional Information

The NRC is issuing for public comment a DG in the NRC's “Regulatory Guide” series. This series was developed to describe methods that are acceptable to the NRC staff for implementing specific parts of the agency's regulations, to explain techniques that the staff uses in evaluating specific issues or postulated events, and to describe information that the staff needs in its review of applications for permits and licenses.

The DG, entitled “Cybersecurity Event Notifications,” (ADAMS Accession No. ML22250A443) is temporarily identified by its task number, DG–5079, which is proposed Revision 1 of RG 5.83 of the same name.

The DG describes methods that the staff of the NRC considers acceptable for licensees to report and record cybersecurity events as required under section 73.77 of title 10 of the Code of Federal Regulations (10 CFR), “Cyber security event notifications.” This guide applies to nuclear power reactor licensees that are licensed to operate under 10 CFR part 50, “Domestic Licensing of Production and Utilizations Start Printed Page 24716 Facilities,” or 10 CFR part 52, “Licenses, Certifications, and Approvals for Nuclear Power Plants.”

The staff is also issuing for public comment a regulatory analysis (ADAMS Accession No. ML22250A472). The staff developed a regulatory analysis to assess the value of issuing or revising a regulatory guide as well as alternative courses of action.

As noted in the Federal Register on December 9, 2022 (87 FR 75671), this document is being published in the “Proposed Rules” section of the Federal Register to comply with publication requirements under 1 CFR chapter I.

III. Backfitting, Forward Fitting, and Issue Finality

Issuance of DG–5079, if finalized, would not constitute backfitting as defined in 10 CFR 50.109, “Backfitting,” and as described in NRC Management Directive (MD) 8.4, “Management of Backfitting, Forward Fitting, Issue Finality, and Information Requests” (ADAMS Accession No. ML18093B087); constitute forward fitting as that term is defined and described in MD 8.4; or affect issue finality of any approval issued under 10 CFR part 52, “Licenses, Certifications, and Approvals for Nuclear Power Plants.” As explained in DG–5079, applicants and licensees would not be required to comply with the positions set forth in this guide.

IV. Submitting Suggestions for Improvement of Regulatory Guides

A member of the public may, at any time, submit suggestions to the NRC for improvement of existing RGs or for the development of new RGs. Suggestions can be submitted on the NRC's public website at https://www.nrc.gov/​reading-rm/​doc-collections/​reg-guides/​contactus.html. Suggestions will be considered in future updates and enhancements to the “Regulatory Guide” series.