-
Start Preamble
Start Printed Page 64004
AGENCY:
Nuclear Regulatory Commission.
ACTION:
Proposed rule.
SUMMARY:
The Nuclear Regulatory Commission (NRC) is proposing to amend its regulations for the protection of Safeguards Information (SGI) to protect SGI from inadvertent release and unauthorized disclosure which might compromise the security of nuclear facilities and materials. The amendments would affect certain licensees, information, and materials not currently subject to SGI regulations, but which are within the scope of Commission authority under the Atomic Energy Act of 1954, as amended (AEA). The NRC originally published a proposed rule on SGI on February 11, 2005 (70 FR 7196). The NRC is again publishing the proposed rule on SGI protection requirements in order to allow the public to comment on changes to the proposed rule text in response to public comment and to reflect amendments to the AEA in the Energy Policy Act of 2005 (EPAct) and Commission Orders issued to licensees authorized to possess and transfer items containing certain quantities of radioactive material.
DATES:
The comment period expires January 2, 2007. Submit comments specific to information collection aspects of this rule January 2, 2007. Comments received after that date will be considered if it is practical to do so, but the NRC is able to ensure consideration only for comments received on or before this date.
ADDRESSES:
You may submit comments by any one of the following methods. Please include the following number (RIN 3150-AH57) in the subject line of your comments. Comments on this rulemaking submitted in writing or in electronic form will be made available for public inspection. Because your comments will not be edited to remove identifying information, the NRC cautions against including personal information such as social security numbers and birth dates in your submission.
Mail comments to: Secretary, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, Attn: Rulemaking and Adjudications Staff.
E-mail comments to: SECY@nrc.gov. If you do not receive a reply e-mail confirming that we have received your comments, contact us directly at (301) 415-1966. You may also submit comments via the NRC's rulemaking Web site at http://ruleforum.llnl.gov. Address questions about our rulemaking Web site to Carol Gallagher at (301) 415-5905; e-mail: cag@nrc.gov. Comments can also be submitted via the Federal Rulemaking Portal http://www.regulations.gov.
Hand deliver comments to 11555 Rockville Pike, Rockville, Maryland, 20852, between 7:30 a.m. and 4:15 p.m. Federal workdays. (Telephone: (301) 415-1966).
Fax comments to: Secretary, U.S. Nuclear Regulatory Commission at (301) 415-1101. Publicly available documents related to this rulemaking may be examined and copied for a fee at the NRC's Public Document Room (PDR), Public File Area 01F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland. Selected documents, including comments, can be reviewed and downloaded electronically via the NRC rulemaking Web site at http://ruleforum.llnl.gov.
You may submit comments on the information collections by the methods indicated in the Paperwork Reduction Act Statement.
Publicly available documents created or received at the NRC after November 1, 1999, are available electronically at the NRC's Electronic Reading Room at http://www.nrc.gov/ NRC/ADAMS/index.html. From this site, the public can gain entry into the NRC's Agencywide Document Access and Management System (ADAMS), which provides text and image files of NRC's public documents. If you do not have access to ADAMS or if there are problems in accessing the documents located in ADAMS, contact the NRC's PDR Reference staff at 1-800-397-4209, 301-415-4737 or by e-mail to pdr@nrc.gov.
Start Further InfoFOR FURTHER INFORMATION CONTACT:
Marjorie Rothschild, Senior Attorney, Office of the General Counsel, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, telephone (301) 415-1633, e-mail MUR@nrc.gov or Bernard Stapleton, Office of Nuclear Security and Incident Response, Nuclear Regulatory Commission, Washington, DC 20555-0001, telephone (301) 415-2432, e-mail BWS2@nrc.gov.
End Further Info End Preamble Start Supplemental InformationSupplementary Information:
I. Background
II. Need for Rule
III. Purpose of Rulemaking
IV. Discussion
A. Overview of Public Comments on the Original Proposed Rule
B. Comments and Issues
1. Comments in Response to Specific Request for Comments
2. General Issues
3. Section-Specific Comments
C. Section-by-Section Analysis
D. Request for Specific Comment
V. Criminal Penalties
VI. Agreement State Issues
VII. Voluntary Consensus Standards
VIII. Finding of No Significant Impact: Environmental Assessment
IX. Paperwork Reduction Act Statement
X. Regulatory Analysis
XI. Regulatory Flexibility Certification
XII. Backfit Analysis
I. Background
The NRC first published proposed amendments to its rules in parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76, 150 governing the handling of Safeguards Information and creating a new category of protected material, Safeguards Information-Modified Handling on February 11, 2005 (70 FR 7196). Subsequently, Congress passed the Energy Policy Act of 2005 (EPAct), Pub. L. No. 109-58, 119 Stat. 594. Section 652 of the EPAct amended section 149 of the Atomic Energy Act (AEA) to require fingerprinting, for criminal history check purposes, of a broader class of persons. With regard to access to SGI before the EPAct, the NRC's fingerprinting authority was limited to requiring licensees and applicants for a license to operate a nuclear power reactor under 10 CFR part 50 to fingerprint individuals prior to granting access to SGI. The EPAct expanded the NRC's authority to require fingerprinting of only individuals with access to SGI. Under the EPAct, NRC has the authority to require that the following individuals conduct fingerprinting before granting access to SGI: (1) Individuals licensed or certified to engage in an activity subject to regulation by the Commission; (2) individuals who have filed an application for a license or certificate to engage in Commission-regulated activities; and (3) have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission. Previously, section 149 of the AEA only required fingerprinting and criminal history records checks of individuals seeking access to SGI (as defined in § 73.2) from a power reactor licensee or license applicant.
The EPAct preserved the Commission's authority in section 149 to relieve by rule certain persons from the fingerprinting, identification, and Start Printed Page 64005criminal history records checks. The Commission recently exercised that authority to relieve by rule certain categories of persons from those requirements including Federal, State, and local officials involved in security planning and incident response, Agreement State employees who evaluate licensee compliance with security-related orders, members of Congress who request SGI as part of their oversight function, and certain foreign representatives. These exemptions are based on the Commission's findings that (1) interrupting those individuals' access to SGI to perform fingerprinting and criminal history checks would harm vital inspection, oversight, planning, and enforcement functions, (2) it would impair communications among the NRC, its licensees, and first responders in the event of an imminent security threat or other emergency, and (3) it could strain the Commission's cooperative relationships with its international counterparts, and might delay needed exchanges of information to the detriment of current security initiatives both at home and abroad. The final rule was published in the Federal Register on June 13, 2006 (71 FR 33,989). That final rule was necessary to avoid disruption of the Commission's information sharing activities during the interim period while the Commission completes the overall revision of the regulations in this rulemaking.
We have revised the original proposed rule to reflect the new requirements under the EPAct, and the final rule cited above, and we are again seeking public comment before promulgating a final SGI rule. We have also made revisions to reflect public comments on the original proposed rule, recent Commission direction, and Orders issued to licensees authorized to possess and transfer items containing certain quantities of radioactive material.
The Commission requests that comments on this revised proposed rule focus on the changes and additions to the original proposed rule and not on areas discussed in previous comments. Because the public has already had opportunity to comment on much of the material contained in this revised proposed rule, the Commission has determined that a 60-day comment period is appropriate, and requests for extension of the commenting period will not be granted.
SGI is a special category of sensitive unclassified information to be protected from unauthorized disclosure under Section 147 of the AEA. Although SGI is considered to be sensitive unclassified information, it is handled and protected more like Classified National Security Information than like other sensitive unclassified information (e.g., privacy and proprietary information). Part 73, “Physical Protection of Plants and Materials,” of the NRC's regulations in Title 10 of the Code of Federal Regulations (CFR) contains requirements for the protection of SGI. Commission orders issued since September 11, 2001, have also imposed requirements for the designation and protection of SGI. These requirements apply to SGI in the hands of any person, whether or not a licensee of the Commission, who produces, receives, or acquires SGI. An individual's access to SGI requires both a valid “need to know” the information and authorization based on an appropriate background investigation. Power reactors, certain research and test reactors, and independent spent fuel storage installations are examples of the categories of licensees currently subject to the provisions of 10 CFR part 73 for the protection of SGI. Examples of the types of information designated as SGI include the physical security plan for a licensee's facility, the design features of a licensee's physical protection system, and operational procedures for the licensee's security organization.
The Commission has authority under Section 147 of the AEA to designate, by regulation or order, other types of information as SGI. For example, Section 147a.(2) allows the Commission to designate as SGI a licensee's or applicant's detailed security measures (including security plans, procedures and equipment) for the physical protection of source material or byproduct material in quantities determined by the Commission to be significant to the public health and safety or the common defense and security. The AEA explicitly provides in Section 147a. that “any person, whether or not a licensee of the Commission, who violates any regulations adopted under this section shall be subject to the civil monetary penalties of Section 234 of this Act.” Furthermore, willful violation of any regulation or order governing SGI is a felony subject to criminal penalties in the form of fines or imprisonment, or both, as prescribed in Section 223 of the AEA.
The Commission has, by order, imposed SGI handling requirements on certain categories of these licensees. An example is the November 25, 2003 Order issued to certain materials licensees.[1] Violations of SGI handling and protection requirements, whether those specified in part 73 or those imposed by order, are subject to civil and criminal sanctions. Licensee employees, past or present, and all other persons who have had access to SGI have a continuing obligation to protect SGI in order to prevent inadvertent release and unauthorized disclosure. Information designated as SGI must be withheld from public disclosure and must be physically controlled and protected. Protection requirements include: (1) Secure storage; (2) document marking; (3) restriction of access; (4) limited reproduction; (5) protected transmission; (6) controls for information processing on electronic systems; and (7) destruction of SGI. The AEA explicitly provides in Section 147a. that “any person, whether or not a licensee of the Commission, who violates any regulations adopted under this section shall be subject to the civil monetary penalties of Section 234 of this Act.” Furthermore, willful violation of any regulation or order governing SGI is a felony subject to criminal penalties in the form of fines or imprisonment, or both, as prescribed in Section 223 of the AEA.
II. Need for Rule
Changes in the threat environment have revealed the need to protect as SGI additional types of security information held by a broader group of licensees. The current regulations do not specify all of the types of information that could be designated as SGI and are now recognized to be significant to the public health and safety or the common defense and security. The unauthorized release of this information could result in harm to the public health and safety and the Nation's common defense and security, as well as damage to the Nation's critical infrastructure, including nuclear power plants and other facilities and materials licensed and regulated by the NRC or Agreement States.
Since September 11, 2001, the NRC has issued orders that have increased the number of licensees whose security measures will be protected as SGI and added types of security information considered to be SGI. Orders have been issued to power reactor licensees, fuel cycle facility licensees, certain source material licensees, and certain byproduct material licensees. Some of Start Printed Page 64006the orders expanded the types of information to be protected by licensees who already have an SGI protection program, such as nuclear power reactor licensees. Other orders were issued to licensees that have not previously been subject to SGI protection requirements in the regulations, such as certain licensees authorized to manufacture or initially transfer items containing radioactive material.[2] Some orders imposed a new designation detailing modified handling requirements for certain SGI: Safeguards Information-Modified Handling (SGI-M). The more precise term is “Safeguards Information-designated as Safeguards Information-Modified Handling” to distinguish between “type of information”—SGI, and the two sets of handling requirements “SGI” and “SGI-M”. We are not seeking to create another type of information separate from SGI, and in fact SGI-M is SGI.
SGI-M refers to SGI with handling requirements that are modified somewhat due to the lower risk posed by unauthorized disclosure of the information. The SGI-M protection requirements apply to certain security-related information regarding quantities of source, byproduct, and special nuclear materials for which the harm caused by unauthorized disclosure of information would be less than that for SGI.
Some of the requirements imposed by orders that have increased the types of information to be considered SGI are not covered by the current regulations. Although the Commission has the authority to impose new SGI requirements through the issuance of orders, the regulations would not reflect current Commission SGI policy and/or requirements. Consequently, the NRC has opted to amend its regulations.
III. Purpose of Rulemaking
NRC staff review of the SGI regulatory program indicates that changes in the regulations are needed to address issues such as access to SGI, types of security information to be protected, and handling and storage requirements.
This rulemaking will:
(1) Revise the definition of “need to know” in 10 CFR 73.2;
(2) Implement expanded fingerprinting and criminal history check procedures for broader categories of individuals who will have access to SGI unless exempt from those requirements;
(3) Implement a requirement for background checks which form the basis for demonstrating trustworthiness and reliability for individuals who will have access to SGI unless exempt from those requirements. As discussed in detail later, background checks are comprised of several elements, which would now include a criminal history check;
(4) Modify part 73 to reflect the Commission's recent experience and actions, including addressing requirements contained in Orders issued following the terrorist attacks of September 11, 2001;
(5) Expand the scope of part 73 to include additional categories of licensees (e.g., source and byproduct material licensees, research and test reactors not previously covered, and fuel cycle facilities not previously covered);
(6) Expand the types of security information covered by the definition of SGI in § 73.2 and the information categories described in §§ 73.22 and 73.23 to include detailed security measures for the physical protection of byproduct, source, and special nuclear material; security-related scenarios and implementing procedures; uncorrected vulnerabilities or weaknesses in a security system; and certain training and qualification information; and
(7) Clarify requirements for obtaining access to SGI in the context of adjudications and clarify the appeal procedures available.
(8) Modify the original proposed rule to align it with the final rule in 10 CFR 73.59 granting relief from the identification and criminal history records check element (including fingerprinting) of background checks for designated categories of individuals.
(9) Modify 10 CFR 73.59 to make it consistent with the language and structure of the proposed SGI rule.
A graded approach based on the risks and consequences of information disclosure would be used in determining which category of licensee or type of information would be subject to certain protection requirements. This graded approach can be applied to issues such as the type of information to be protected, the classes of licensees subject to the rule, and the level of handling requirements necessary for the various licensees. For example, the graded approach would allow certain licensees to employ the modified-handling procedures introduced in recent orders and now set forth in the provisions of this revised proposed rule.
The requirements set forth in this revised proposed rule are the minimum restrictions the Commission finds necessary to protect SGI against inadvertent release or unauthorized disclosure which might compromise the health and safety of the public or the common defense and security. The revised proposed rule would cover those facilities and materials the Commission has already determined need to be protected against theft or sabotage. The categories of information constituting SGI relate to the types of facilities and the quantities of special nuclear material, source material and byproduct material determined by the Commission to be significant and therefore subject to protection against unauthorized disclosure pursuant to Section 147 of the AEA. Unauthorized release of SGI could reduce the deterrence value of systems and measures used to protect nuclear facilities and materials and allow for the possible compromise of those facilities and materials. Such disclosures could also facilitate advance planning by an adversary intent on committing acts of theft or sabotage against the facilities and materials within the scope of the revised proposed rule. Further, the Commission has determined, pursuant to Section 147a.(3)(B) of the AEA, that the unauthorized disclosure of the information that is the subject of this revised proposed rule could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of nuclear material or a production or utilization facility. The Commission has distinguished SGI designated as SGI-M, needing modified protection, from SGI for reactors and fuel cycle facilities that require a higher level of protection.
IV. Discussion
A. Overview of Public Comments on the Original Proposed Rule
On February 11, 2005, (70 FR 7196), the Commission published a proposed rule and requested public comments by March 28, 2005. Twenty-five comment letters were received, in addition to 622 letters from members of the public that were substantively identical. Copies of those letters are available for public inspection and copying for a fee at the NRC Public Document Room, 11555 Rockville Pike, Rockville, Maryland, or on the NRC's Agencywide Document Access and Management System, available online at: http://www.nrc.gov/reading-rm/adams/web-based.html.
Two comment letters were from trade unions, four were from public interest or government watchdog groups, one was from a journalist group, three were from members of the public, one was from a State government agency, two were from the U.S. Department of Start Printed Page 64007Energy, one was from a law firm that represents nuclear utilities, and eleven were from utilities or nuclear industry groups. The comment letters provided various points of view and suggestions for clarifications, additions, deletions, and changes. Responses to the comments, including those in the 622 letters from the public, are set forth below.
B. Comments and Issues
1. Comments In Response to Specific Request for Comments
In the February 2005 proposed rule, the NRC solicited specific public comment on the issue associated with differing requirements for access to SGI and SGI-M. The original proposed rule §§ 73.22(b)(1) and 73.23(b)(1) contained different requirements for performing background checks and making trustworthiness and reliability determinations for granting personnel access to SGI or SGI-M. These proposed requirements were based on the then-existing statutory authorization in Section 149 of the AEA for the NRC to require nuclear power reactor applicants or licensees to fingerprint individuals to be granted access to SGI. Before enactment of the EPAct on August 8, 2005, there was no similar statutory authorization to require fingerprinting by other applicants or licensees. Section 652 of the EPAct, however, amended Section 149 of the AEA to authorize the NRC to require fingerprinting of individuals granted access to SGI by all: (1) Individuals and entities engaged in activities subject to regulation by the Commission; (2) applicants for a license or certificate to engage in Commission-regulated activities; and (3) individuals and entities who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulations by the Commission.
The NRC published the original proposed rule six months before the Energy Policy was enacted, specifically inviting comment on whether stakeholders perceived difficulties in complying with the varying requirements of SGI and SGI-M. The Commission has considered stakeholders' suggestions, comments, and proposals regarding the issue of whether a more uniform approach can be provided for background checks and trustworthiness and reliability determinations. Although comments may not have explicitly referred to this request for specific comment, many comments addressed the issue of performing background checks and the criteria for determining trustworthiness and reliability for access to SGI and SGI-M. These comments and detailed responses are set forth below. Commission views are also presented.
One commenter expressed concern that the criteria to judge “trustworthiness and reliability” could be applied arbitrarily to restrict access to information by persons deemed to have interests opposing the NRC or nuclear industry. Commenters also questioned how a “comprehensive background check” would be conducted and what “the other means” for determining “trustworthiness and reliability” would be. Other commenters noted that the definition of “trustworthiness and reliability” does not clearly address how its requirements will be uniformly applied for all classes of individuals (for example, an individual who is not a utility employee such as an attorney for a utility or intervenor in an NRC adjudicatory proceeding), and whether there is a need for continued monitoring. Another commenter requested that the NRC address when background checks are required for persons requiring infrequent access to SGI or SGI-M such as commercial vendors periodically supplying security equipment and needed services to facilities. Some commenters requested greater detail on the criteria the NRC will use to determine access to SGI-M and that such criteria should allow for greater access to SGI-M because it poses “a lower security risk.”
In response to these comments, the Commission notes that the purpose of the criteria to determine “trustworthiness and reliability” for access to SGI is to provide reasonable assurance to the person granting access and to the Commission that granting an individual access to SGI does not constitute an unreasonable risk to the public health and safety or the common defense and security. Applying the criteria to improperly restrict access to SGI on the basis of an individual's support or opposition to the nuclear industry is not consistent with the regulatory framework the Commission has established for granting access to SGI.
The changes to the original proposed rule text reflect Commission efforts to more thoroughly address the criteria for determining access to SGI. For example, the revised proposed rule defines the term “background check” and provides greater specificity in the definition of the term “trustworthiness and reliability.” The revised proposed rule provides procedural protections to individuals seeking access to SGI in the context of adjudication both before and after an adverse determination of trustworthiness and reliability by the NRC Office of Administration. Before an adverse determination of trustworthiness and reliability is made, individuals would be entitled to use the procedures set forth in § 73.57. In the context of NRC adjudications, individuals receiving an adverse determination on their background check for trustworthiness and reliability would be able to appeal that adverse determination to the presiding officer of the proceeding in which the SGI is sought. Potential witnesses, participants without attorneys, and attorneys would be able to request that the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the determination. Moreover, in the revised proposed rule, the Commission has standardized the criteria for access to SGI to implement amendments to Section 149 of the AEA contained in Section 652 of the EPAct. The revised proposed rule would require a Federal Bureau of Investigation criminal history check as part of the background check used to determine whether an individual is trustworthy and reliable before obtaining access to SGI, unless the Commission has otherwise provided. This requirement would extend to participants in NRC adjudicatory proceedings.
The frequency with which access to SGI is needed is not a factor for determining access to SGI or SGI-M based on the governing provisions of the AEA or the Commission's regulatory framework implementing those provisions. Establishing an individual's need-to-know the information and trustworthiness and reliability is necessary whether an individual needs a one-time access to SGI or SGI-M or access multiple times. A trustworthiness and reliability determination based on a background check must be made except for individuals enumerated in § 73.59 including contractors of an applicant or licensee. The Commission has determined that access to SGI and Safeguards Information designated as SGI-M by licensee employees, agents, vendors, or contractors must include both an appropriate need-to-know finding by the licensee and a finding concerning the trustworthiness and reliability of individuals having access to the information. Although a separate need-to-know determination will be required for each specific request for access to SGI, the requirement for a determination of trustworthiness and Start Printed Page 64008reliability based on a background check could be considered satisfied within a certain period of time, 5 years for example. The same interval would apply to criminal history records checks (including fingerprinting), which are an element of a background check to determine trustworthiness and reliability.
A commenter also questioned why the Commission would institute requirements applicable to SGI-M and suggested that the “less risk-associated information” be “Official Use Only” while some of the more sensitive information be “Classified National Security Information.” The Commission has distinguished SGI designated as SGI-M, needing a lower level of protection. Information meeting the definition of SGI in Section 147 of the AEA is being protected as such rather than under the designations proposed by this commenter because such information should be protected as SGI does not constitute Classified National Security Information.
2. General Issues
Comment: Some commenters stated that the proposed regulations go beyond the “minimum restrictions” needed to protect the health and safety of the public or the common defense and security, as required by Section 147 of the AEA. Rather than applying this provision, the Commission has expanded the SGI category to include virtually anything it wants to withhold. Therefore, the original proposed rule should be withdrawn or drastically revised.
Response: The Commission recognizes there are limits to its discretion under Section 147 of the AEA in determining what information presents security concerns significant enough to warrant protection as SGI. The revised proposed rule does not expand the Commission's discretion beyond statutory limits—the revised proposed rule describes the information the Commission considers SGI and is within the scope of the authority granted by Section 147 of the AEA.
Section 147 of the AEA authorizes the Commission to protect information that specifically identifies the control and accounting procedures or security measures, including plans, procedures, and equipment used to protect source, byproduct, and special nuclear material. The categories of information to be protected under the rule fall well within this scope. Sections 73.22(a)(1) and 73.23(a)(1) would protect information associated with physical protection such as alarm system layouts, intrusion detection equipment, and security communications systems, among other information. Sections 73.22(a)(2) and 73.23(a)(2) would protect information associated with physical protection such as intrusion alarms, vehicle immobilization features, and plans for law enforcement coordination. Sections 73.22(a)(3) and 73.23(a)(3) would protect inspection reports, audits, and evaluations to the extent they discuss security measures or security vulnerabilities. All of this and other information categorized in the regulations, if publicly disclosed, could be used to specifically identify the control and accounting procedures or security measures, including security plans, procedures, and equipment used to protect source, byproduct, and special nuclear material and allow the circumvention of those plans, procedures, or equipment.
The Commission's proposed conditions for access to SGI are not overly restrictive. Persons authorized access must be trustworthy and reliable based upon a background check to ensure that they will not purposely or inadvertently compromise the information. Access to SGI is limited to those with a “need to know” the information to avoid unnecessarily broad distribution of the information, which would increase the risk of inadvertent disclosures. As in the current SGI regulations, certain persons would be deemed trustworthy and reliable by virtue of their occupational status-these persons are generally members of government or law enforcement agencies, who in many cases have undergone background checks as a condition of their employment. Representatives of foreign governments or organizations would also not be subject to the background and criminal history checks, if approved by the Commission for access to SGI. Such an exemption is consistent with the Commission's historical practice. All of these persons would still be required to demonstrate a “need to know” the information.
The Commission's proposed SGI handling requirements are not overly restrictive. Document marking requirements are necessary to distinguish SGI from other information so that it can be properly controlled. Locking up SGI while unattended is necessary to prevent unauthorized access to the information, as is limiting access to keys and knowledge of lock combinations. Restrictions on electronic processing, telecommunications and transmission are important to prevent interception of SGI, whether by electronic surveillance or other means.
Comment: Many commenters suggested that the SGI designation does not permit the NRC to withhold all information and that the NRC is acting illegally and trying to silence those who are trying to improve nuclear safety. If instituted, these regulations would compromise the public's ability to hold the nuclear industry and its government regulators accountable for their management of nuclear facilities and materials.
Response: The Commission recognizes that there are statutory limits to the use of the SGI designation. The revised proposed rule remains within these limits and describes categories of information that may properly be considered SGI. The revised proposed rule recognizes the Commission's authority to issue further orders or regulations designating information as SGI, provided it is within the scope of Section 147 of the AEA.
The Commission's purpose in proposing this rulemaking is not to unnecessarily withhold information from the public, to silence criticism of nuclear safety or security policies or to prevent the public from offering suggestions for improvement. The proposed SGI regulations are intended to ensure adequate protection of the public health and safety and the common defense and security by preventing authorized disclosure of certain, limited category of information that could be used to compromise the security of nuclear facilities and materials.
The Commission always welcomes public input on nuclear safety and nuclear security. Members of the public may write letters to the Commission, file petitions for rulemaking under 10 CFR 2.802, and file requests to institute a proceeding to modify, suspend, or revoke a license under 10 CFR 2.206. Members of the public may seek to initiate or participate in adjudications held in connection with proposed licensing actions. They may also attend public meetings to communicate their safety and security concerns. The NRC will always consider and respond to public concerns, but it must do so without compromising the safety and security of nuclear materials and facilities.
Comment: One commenter stated that the original proposed rule would create a system without rights, duties, and obligations such as those in the Freedom of Information Act (FOIA), which would abuse the open government principles on which the United States was founded. Other commenters proposed that a final rule include procedures for designating Start Printed Page 64009officials who may withhold SGI, to provide oversight of the system, and to allow for review or appeal of SGI or SGI-M determinations. A commenter stated that the NRC has not provided an individual the opportunity to challenge an SGI determination by appealing to the head of the agency. A commenter expressed concerns that a final rule needed the types of controls and checks that are built into the national security classification system. According to the commenter, there are no mechanisms for reviewing and appealing decisions to categorize information as SGI; the rule has an inadequate mechanism for removing information from SGI status once it has been categorized; there are no truly independent bodies to exercise oversight over SGI determinations; there is no recognized channel for getting disputes over SGI status into court; and there are insufficient mechanisms for making the portions of SGI information which would not present a risk in the form of redacted documents available to Congress, the news media, and the public.
Response: Section 147 of the AEA sets forth the substantive legal requirements governing the protection of SGI. Section 147 of the AEA does not require the Commission to develop FOIA-like appeal procedures to resolve individual challenges to SGI designation on a case-by-case basis.
Creation of FOIA-like appeal procedures would result in a cumbersome administrative process for SGI designation and potentially require substantial resources to implement and administer. The preferred approach is the one the Commission is proposing here—providing the public notice of and opportunity to comment on categories of information the Commission would consider SGI.
Throughout this rulemaking, the Commission has been open about the categories of information it seeks to protect and the reasons for protecting that information. The Commission is giving the public adequate notice of the approach and ample opportunity to challenge the Commission's SGI designations on a generic basis. There is no need to develop procedures for challenging the designation of information as SGI or SGI-M.
Comment: One commenter proposed that the NRC should followup this rulemaking with the deletion of or revisions to current orders and advisory letters. In the interim, NRC should, by order or regulation, state that the revised regulations supersede all conflicting orders and advisory letters issued prior to the effective date of the revision to the regulations.
Response: This revised proposed rule incorporates the requirements for SGI protection previously described in NRC orders and advisory letters. The final rule would, on its effective date, supersede all SGI orders and advisory letters issued prior to that effective date. The Commission will, however, take administrative action to withdraw all previously orders where appropriate.
Comment: One commenter recommended that the NRC rule specify that security information or plans associated with a licensee possessing, using, transporting, or offering for transport greater than or equal to Category (CAT) I quantities of Strategic Special Nuclear Material (SSNM) be controlled as Classified National Security Information in accordance with the provisions of 10 CFR parts 25 and 95. In addition, the commenter recommends that the NRC revise the final rule with respect to the protection of information associated with security information and plans for a licensee possessing, using, transporting, or offering for transport CAT II and III quantities of special nuclear material (SNM) to utilize a risk-informed and graded approach consistent with the change to CAT I SSNM, specifically:
(1) Security information and plans for licensees possessing, using, transporting, or offering for transport less than a formula quantity of SSNM but greater than or equal to a CAT II quantity of SNM (consisting of U-233, Pu, or high-enriched U-235 (enriched to 20 percent or more)) should be controlled as SGI per the requirements of §§ 73.21 and 73.22 of the original proposed rule;
(2) Security information and plans for licensees possessing, using, transporting, or offering for transport less than a CAT II quantity of SNM (consisting of U-233, Pu, or high-enriched U-235 (enriched to 20 percent or more)), but more than 10 kg of a CAT III quantity of SNM, or a CAT II quantity of low-enriched U-235 (enriched to less than 20%) should be controlled as SGI-M per the requirements of §§ 73.21 and 73.23 of the original proposed rule;
(3) The risks associated with security information and plans for licensees possessing, using, transporting, or offering for transport less than a CAT III of SNM do not require protection under part 73.
The commenter suggests that this approach would provide greater regulatory clarity than the NRC's original proposed rule language of “fuel cycle facilities required to implement security measures” and “fuel cycle facilities” in §§ 73.21(a)(1)(i) and 73.22 introductory text, respectively, by clearly identifying de minimis levels of SNM requiring protection.
The commenter also recommends that the NRC revise part 76 to incorporate this graded approach for certificate holders under part 76, because the requirements for protection of CAT I, II, or III SNM under parts 70 and 76 should be the same.
Response: The revised proposed rule language clearly indicates that it only applies to information that is not classified as Restricted Data or National Security Information. If the specific information is considered to be Restricted Data or National Security Information it would be protected as such and the SGI provisions would not apply.
The NRC staff agrees that a graded approach should be used, and the revised proposed rule uses a graded approach. The staff agrees that additional clarification is necessary to explain what is meant by fuel cycle facilities. The original proposed rule text has been revised to add clarity. Fuel fabrication facilities, uranium enrichment facilities, uranium hexafluoride conversion facilities, and independent spent fuel storage installations will be subject to the provisions in § 73.22 for SGI. Research and test reactors and other facilities that have special nuclear material of low or moderate strategic significance will be subject to the provisions of § 73.23 for SGI-M.
Comment: One commenter suggested that a final rule either: (1) Remove the designation of site access information as SGI; or (2) specify that the “need to know” includes the protection of employment and labor rights, so that individuals involved in employment-related grievances, arbitration, litigation, and/or labor contract negotiations and administration may gain access to relevant SGI when such individuals qualify as “Individuals Authorized to Access Safeguards Information”. Also, the commenter requests that the rule set forth a procedure by which employees and their representatives may apply to gain access to relevant SGI for the protection of employment and labor rights so that individuals involved in employment-related grievances, arbitration, litigation and/or labor contract negotiations and administration may gain access to relevant SGI when such individuals do not qualify as “Individuals Authorized to Access Safeguards information.”
The commenter asserts that it is additionally problematic that site access information is SGI because it could lead to an unnecessary chilling effect having adverse safety implications. Removing Start Printed Page 64010site access information as SGI or, alternatively, establishing provisions whereby employees and their representatives may obtain such information, will prevent violations of individuals' rights under applicable laws and will not compromise the safety of nuclear facilities.
Response: The revised proposed rule would not designate “site access information” as SGI and is not intended to discourage individuals from raising safety or security concerns to licensees or the NRC. Employees of NRC licensees who feel they have been retaliated against for raising safety or security concerns are encouraged to seek potential enforcement action through the NRC and to go to the Department of Labor for potential personal remedies.
There is no presumptive “need to know” for agents representing employees of NRC licensees in employment-related grievances. The revised proposed rule would not establish a special procedure by which agents representing employees of NRC licensees may have access to SGI, but the Commission retains the authority to grant such access if the circumstances of an individual case so require.
Comment: One commenter contended that the Commission lacks the statutory authority to impose regulations for the protection of SGI pertaining to the security measures of State licensees. According to this commenter, the licensees or applicants referred to in Section 147 of the AEA are clearly those of the Commission only, and not of the Agreement States.
Response: Section 147a. of the AEA requires the Commission, in relevant part, to prescribe such regulations or issue such orders as necessary to prohibit the unauthorized disclosure of SGI. The Commission also has authority under Subsections 161b. and 161i. to issue rules, regulations, or orders to protect the common defense and security. Moreover, Section 274m. of the AEA, “Cooperation with States,” provides that no agreement entered into pursuant to Section 274b. shall affect the Commission's authority under Subsections 161b. and, 161i.
As to the commenter's assertions regarding the terms “licensee” or “applicant,” the plain language of Section 147 refers simply to “licensee's or applicant's [detailed information].” Section 147 draws no distinction between a “Commission licensee” as the commenter asserts and an “Agreement State licensee.” Thus, on its face, the statute does not support the commenter's viewpoint.
Comment: One commenter suggested that a final rule should focus not only on SGI and SGI-M material, but should include rules for the protection of other levels of information.
Response: The scope of this rulemaking, as stated in the original proposed rule, is limited to amending the regulations for the protection of SGI. Other types of information are governed by separate requirements. For example, an executive order, applicable government-wide, controls Classified National Security Information. E.O. 12958, as amended, “Classified National Security Information”, and related directives of the Information Security Oversight Office, National Archives and Records Administration, April 20, 1995. NRC regulations found in 10 CFR 2.390 govern handling of other categories of sensitive unclassified information. The NRC has determined that no further changes to NRC regulations are warranted at this time.
Comment: One commenter questioned the “correct” categorization of information the NRC considers to be SGI. According to the commenter, when a Department of Energy (DOE) facility is licensed, there may be difficulties in deciding if the information should be Classified National Security Information (CNSI) or SGI. On the other hand, the commenter asserted that “Official Use Only” should be considered before marking the information as SGI.
Response: The proposed amendments to the regulations reflect the statutory definitions of SGI in Section 147 of the AEA. The Commission believes that the definitions in the revised proposed rule accurately reflect the information described in Section 147 as SGI. Both the relevant proposed amendments to part 73 as well as guidance that would be issued by the staff would assist licensees in correctly designating information to be protected as SGI. The DOE has previously demonstrated that it has a comprehensive program governing the classification of information. As noted in the original proposed rule, any information classified as National Security Information would carry that designation and not be designated as SGI.
It is appropriate for any entity possessing sensitive information, classified or otherwise, to consider all possible and appropriate classifications/designations of information when making decisions to protect such information from public disclosure. The Commission expects that information falling within the definition of SGI will be so designated, thus mandating the withholding of the information from public disclosure and that only information properly characterized as SGI will be designated as such. In this regard, the Commission notes that information marked as “Official Use Only” does not assure that the information will be withheld from public disclosure.
Comment: One commenter recognized that requirements in 10 CFR 73.22, for SGI, would apply to reactors and licensees authorized to possess a formula quantity of SSNM, while requirements in 10 CFR 73.23, for SGI-M, would apply to licensees authorized to possess certain quantities of source and byproduct material and SNM of moderate or low strategic significance. The commenter pointed out that some licensees are authorized to possess, in one license, in excess of a formula quantity of SSNM, in addition to a significant quantity of source material and byproduct material. The commenter suggested that the rule is not clear on whether such a licensee should follow § 73.22 or § 73.23. The commenter further suggested that it would seem burdensome for a single licensee to have separate SGI and SGI-M programs. Another commenter noted that industry discussions with the NRC led it to believe that controlling SGI-M documents under its existing SGI program was acceptable; however, the proposed changes in paragraph (d) of §§ 73.22 and 73.23 appear to contradict that position and expand the marking and handling requirements to apply to both SGI and SGI-M documents. That commenter noted that, given the effectiveness of the current program, there does not appear to be any justification for the additional marking requirements in paragraph (d).
Response: The NRC agrees with the comment that it could be inefficient for licensees possessing categories or quantities of material under §§ 73.22 and 73.23 to implement both information protection schemes. Licensees subject to both §§ 73.22 and 73.23 would be in compliance with the requirements for protection of SGI if they implement the higher protection standards in § 73.22, or they may choose to implement a multi-level approach. Licensees with a single-level information security system could use the marking “Safeguards Information” in place of “Safeguards Information—Modified Handling.” This alternative would be appropriate because the facility security measures and associated information protection requirements would be based on the higher category of asset possessed by the licensee.
A primary difference between the SGI protection requirements in § 73.22 and the SGI-M protection requirements in § 73.23 is how the information is Start Printed Page 64011marked and stored. SGI in the former category is marked “Safeguards Information” while the latter category is marked “Safeguards Information designated as Safeguards Information-Modified Handling.” The different markings are associated with different storage requirements. SGI described in § 73.22 must be stored in a locked security storage container, but SGI described in § 73.23 has a less stringent storage requirement—the information must be stored in a locked file drawer or cabinet or may be stored in a security container as described in § 73.22.
Proper marking is necessary when SGI is communicated between entities or parties so that the recipient does not receive a document with markings that would require storage in a container that the recipient does not possess. It is the duty of the licensee or applicant who transfers documents containing SGI to a party beyond their control to ensure that the document is properly marked. Without the appropriate document markings, the sender inadvertently could cause a violation of the regulations.
Comment: One commenter noted that the expanded types of documents that must be handled as SGI or SGI-M and the addition of marking requirements will require additional effort and time to implement. Therefore, the commenter suggested that the rule allow at least one year for the licensee to effectively implement the requirements.
Response: The NRC recognizes that SGI requirements require effort and time to implement, but does not concur that one year is necessary for implementation. This revised proposed rule reflects orders already imposed by the Commission and would expand the types of security information covered by § 73.2. Considering the scope of the rule, the Commission proposes to set an effective date for the final rule of 90 days from publication in the Federal Register.
Comment: One commenter stated that the reference in the Supplementary Information portion of the original proposed rule to criminal penalties for violation of Commission requirements governing SGI should clarify that criminal sanctions are only imposed for willful violations.
Response: In response to this comment, the relevant language in Section I. (“Background”) of this revised proposed rule has been changed to remove ambiguity about the application of criminal penalties for violations of the AEA (i.e., such penalties apply to willful violations only).
Comment: One commenter asked whether DOE facilities licensed by the NRC would be excluded from all orders.
Response: To the extent that the NRC has regulatory authority over a DOE facility, the NRC has the authority to issue orders to the DOE applicable to that facility.
3. Section-Specific Comments
Parts 60 and 63: Disposal of High-Level Radioactive Waste in Geologic Repositories; Disposal of High-Level Radioactive Wastes in a Geologic Repository in Yucca Mountain, Nevada
Comment: One commenter suggested that the degree of information security required for facilities licensed under parts 60 and 63 is insufficient for the protection of National Security Information and is inconsistent with long-standing NRC classification guidance, recent Commission and staff actions, as well as the 2004 “Joint DOE and NRC Sensitive Unclassified Information and Classification Guide for the Office of Civilian Radioactive Waste Management Program” (CG-OCRWM-1, which is non-public). The commenter contends that this inconsistency in language will cause regulatory confusion and could lead to inadequate protection of National Security Information or inadequate enforcement authority.
Specifically, the commenter notes that the proposed language in §§ 70.22, 70.32, 73.2, and 73.22 refers to physical security, safeguards contingency, and guard qualification and training plans information being controlled as SGI per §§ 73.21 and 73.22. However, CG-OCRWM-1, the commenter notes, indicates that certain information associated with the proposed Yucca Mountain repository will be considered National Security Information.
In addition, the commenter contends that §§ 60.21, 60.42, 63.21, and 63.42 refer to the “design for physical security” to be protected as SGI, but does not mention the “physical security plan.” The commenter suggests that the NRC explicitly require the physical security plan for a repository licensed under parts 60 or 63 be protected as SGI or classified information, to ensure that the plan itself is properly protected and that greater regulatory consistency is maintained. In addition, the commenter recommends that the NRC revise parts 60 and 63 to require design for physical security and the physical security, safeguards contingency, and guard qualification and training plans be controlled as SGI or classified information per parts 25 and 95.
Response: The SGI definition includes the disclaimer that it does not include information classified as National Security Information or Restricted Data. Any information covered by the classification guide as constituting National Security Information would continue to be classified. The proposed regulation would cover security related information that is not covered by the classification guide. Changes to this revised proposed rule are not necessary to specify which information is considered to be National Security Information and which is SGI, however, changes to the original proposed rule have been made in §§ 60.21, 60.42, 63.21, and 63.42 to clarify that security information associated with a geologic repository would be protected as SGI or as classified information. The NRC has also revised the original proposed rule language to remove the inconsistency in terminology for the “physical security,” “safeguards contingency,” and “guard qualification and training plans.”
Comment: One commenter suggested that the program entitled “Joint DOE and NRC Sensitive Unclassified Information and Classification Guide for the Office of Civilian Radioactive Waste Management Program” remains an adequate and acceptable program, as written, for the identification of SGI and its continued use in the part 63 licensing process will be in compliance with this rulemaking.
Response: A classification/designation guide, “Joint DOE and NRC Sensitive Unclassified Information and Classification Guide for the Office of Civilian Radioactive Waste Management Program,” has been issued by the NRC and the DOE. This guide reflects the current laws and regulations governing classification and designation of information required to be protected from unauthorized disclosure. The NRC staff believes that this guide represents the information proposed to be protected by the current rulemaking.
Part 73: Physical Protection of Plants and Materials
Section 73.2 Definitions
The Commission received numerous comments on the definitions. Commenters asked the Commission to revise, delete, or add definitions for terms used in the rule. Some new terms have been added because of changes made in other sections of the revised proposed rule. Public comments and responses to the comments, as well other reasons for changes to § 73.2, are presented below.Start Printed Page 64012
Comprehensive Background Check
Comment: Commenters suggested that the term “comprehensive background check” be defined.
Response: The Commission has changed the phrase “comprehensive background check” to “background check” in the new proposed rule. The change is intended to more clearly distinguish the background check requirements of this revised proposed rule from the background investigation requirements of other regulations governing access authorization (10 CFR 73.56). Background investigations required under those regulations are arguably more comprehensive. To avoid the impression that the background check that would be required by this rule would be more stringent or probing than background investigations, the word “comprehensive” has been deleted.
The Commission has included a general definition of “background check” in § 73.2 of the revised proposed rule. A background check performed to determine the trustworthiness and reliability of an individual to be authorized access to SGI or SGI-M includes, at a minimum, a criminal history check, verification of identity, employment history, education, and personal references. The EPAct expanded the NRC's authority to fingerprint, and as such, entities engaged in activities subject to regulation by the Commission, entities who applied for licenses or certificates to engage in Commission-regulated activities, and entities who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission would be required under 10 CFR 73.57 to conduct criminal history checks, including fingerprints, before granting access to SGI or SGI-M to the employees of the individual's organization.
Ultimately, the decision whether an individual is sufficiently trustworthy and reliable to receive SGI or SGI-M is made by the person granting access. In the case of information held by the NRC staff and the originator, the NRC staff would make the determination. The background check must be sufficient to support a trustworthiness and reliability determination so that the person granting access and the Commission have reasonable assurance that individuals granted access to SGI do not constitute an unreasonable risk to the public health and safety or the common defense and security.
To reiterate, the background check that would be required by this revised proposed rule may not completely satisfy the background investigations required under other regulations. Nor does the trustworthiness and reliability determination based on the background check that would be required by this revised proposed rule satisfy the trustworthiness and reliability objectives of other regulations. For example, determining trustworthiness and reliability under 10 CFR 73.56 requires not only a background investigation, but a psychological assessment and behavioral observation as well. Determining trustworthiness and reliability under 10 CFR 26.10 requires chemical and alcohol testing under a fitness-for-duty program. Those requirements are separate from the requirements of this revised proposed rule.
The NRC staff plans to issue further guidance that will include a discussion of acceptable background checks to support a licensee's trustworthiness and reliability determinations.
Detailed Control and Accounting Procedures
Comment: One commenter suggested that the term “detailed control and accounting procedures” for SNM needs clarification, for example, as to whether it includes: (1) The written directions for transferring fuel between the fuel pool and the reactor; (2) the outage schedule that shows when fuel movement occurs; (3) the real-time communication channels or video-monitoring to support fuel movement; or (4) the computer and software that performs the isotopic calculations for irradiated fuel. The commenter is concerned that restricting access to these types of detailed information would significantly hamper work coordination and communication within the protected area, without affecting what is commonly known outside the protected area in a more general sense.
Response: In response to the request in this comment, the Commission notes that “detailed control and accounting procedures” do not include any of the four types of information set forth in this comment. Therefore, there should be no concern about restricting access to these types of information on the basis that they are SGI.
High-Level Radioactive Waste, Spent Nuclear Fuel, and Irradiated Reactor Fuel
Comment: A commenter requested that these terms be defined in § 73.2.
Response: The revised proposed rule would make conforming changes to 10 CFR part 72, “Licensing Requirements for the Independent Storage of Spent Nuclear Fuel, High-Level Radioactive Waste, and Reactor-Related Greater than Class C Waste.” The terms “high-level radioactive waste” and “spent nuclear fuel” are defined in existing 10 CFR 72.3. These definitions of “high-level radioactive waste” and “spent nuclear fuel” would not be affected and would continue to apply. The description of “irradiated reactor fuel” provided in § 73.37 includes certain spent fuel described in parts 71 and 72, is consistent with the definition of spent fuel in the Nuclear Waste Policy Act (NWPA), and appropriately uses a graded approach for physical protection and safeguards considerations. Therefore, the Commission does not believe a separate definition of the term is needed in § 73.2.
Safeguards Information (“SGI”)
Comment: Commenters stated that the definition of this term in the original proposed rule is too broad. They asked that the terms used in Section 147 of the AEA, “a licensee's or applicant's” detailed information, be included in the rule's definition of SGI.
Response: This revised proposed rule modifies the definition of SGI to more closely track the language in Section 147, by including the term “licensee's or applicant's [detailed information].” However, SGI could include information other entities generate, e.g. vendors, as such information could ultimately identify a licensee's or applicant's detailed procedures, security measures, or other information within the scope of Section 147.
Comment: A commenter suggested that while security measures to protect certain plant equipment vital to the safety of production or utilization facilities should be protected as SGI, the location of the equipment should not be included within the definition of SGI.
Response: As set forth in Section 147 of the AEA, SGI includes “security measures for the physical protection of and the “location of certain plant equipment vital to the safety of production or utilization facilities involving nuclear material covered by paragraphs (1) and (2) [of Section 147a]”. The Commission has determined, in accordance with Section 147a.(3) of the AEA, that the unauthorized disclosure of this type of information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security. As required by Section Start Printed Page 64013147a.(3)(A), the Commission applied the minimum restrictions necessary to protect the health and safety of the public or the common defense and security in making this determination. As noted in the Statement of Considerations for the original proposed rule, one purpose of this rulemaking is to include in part 73 the types of information the Commission may protect as SGI, based on the description of SGI in Section 147 of the AEA. Accordingly, the Commission is keeping the language which is the subject of this comment in the definition of SGI in § 73.2.
Comment: A commenter requested that the definition of SGI in § 73.2 include language that allows for temporary status of SGI, based, for example, on a six-month period in which there would be an immediate risk if the information were disclosed.
Response: Designation of information as SGI is not static. Section 73.22(h), “Removal from Safeguards Information category” would require that documents originally containing SGI must be removed from the SGI category, in accordance with the criteria in § 73.22(h), at such time as the information no longer meets the criteria contained in part 73. In addition, a review of such documents to make that determination shall be conducted every 10 years. Documents that are 10 years or older and designated as SGI or SGI-M shall be reviewed for a decontrol determination if they are currently in use or removed from storage. The Commission sees no need to modify the definition of SGI to reflect the non-permanent nature of the SGI designation, as the commenter requests.
Comment: According to another comment, the definition of SGI should not allow a source or byproduct material “exemption” that would allow the NRC to categorize anything as SGI if it believed disclosure of that information could have an adverse effect on the public health and safety or the common defense and security. The commenter expressed concern that such language could be overused or abused, and therefore suggested that it be eliminated and that the definition of SGI be more precise and have clearly defined limits.
Response: Section 147a.(2) of the AEA specifically includes as SGI security measures for the physical protection of source material or byproduct material in quantities determined by the Commission to be significant to the public health and safety or the common defense and security. The Commission has appropriately defined the categories of information to be protected as SGI or SGI-M in this rulemaking. Those categories are within the limits of the Commission's authority under Section 147 of the AEA.
Comment: A commenter objected to the “blanket exemption” in the definition of SGI and requested that this “exemption” be eliminated. According to the commenter, such an “exemption” was unnecessary and could adversely impact workers” and communities' abilities to monitor health risks.
Response: The definition of SGI does not contain any explicit “exemption.” Therefore, the Commission can only surmise as to the “exemption” to which this comment refers. The commenter may be referring to that portion of the definition which reflects the Commission's authority, under Section 147a.(3) of the AEA, to determine certain security measures to be SGI, provided certain findings are made pursuant to Sections 147a.(3)(A) and (B). In exercising this authority, the Commission would, as reflected in the SGI definition, make the designation by order or regulation as specified in revised 73.22(a)(5) and 73.23(a)(5). The Commission is proposing to modify this portion of the definition of SGI to make clear that the “other information” would be within the scope of Section 147.
Safeguards Information-Modified Handling (“SGI-M”)
Comment: A commenter believes that the definition of this term is unclear and should be defined as “lower-risk information” and therefore have less rigorous restrictions and greater public access.
Response: The definition of SGI-M in § 73.2 is not as specific as the definition of SGI in § 73.2. The main reason for this is that SGI-M is SGI for which modified handling requirements apply. As stated in the Statement of Considerations for the original proposed rule, the term SGI-M “would be added to reflect this new designation for marking [and handling] of SGI subject to this regulation.” 70 FR at 7199. The marking and handling requirements for SGI-M are set forth in § 73.23, “Protection of Safeguards Information-Modified Handling: Specific Requirements.” Those requirements are less restrictive than for information marked SGI, for example, requirements for unattended storage of SGI-M set forth in § 73.23(c)(2). The introductory text of § 73.23 and paragraph (a) of that section specifically describe the types of information SGI-M that are subject to the handling requirements. Therefore, the Commission sees no need to modify the definition of SGI-M in the revised proposed rule.
Significant Adverse Effect
Comment: One commenter proposed that a final rule define the term “significant adverse effect”.
Response: The term “significant adverse effect” appears in Section 147.a. of the AEA, in the proposed definition of SGI, and elsewhere in the revised proposed rule. The term reflects the Commission's authority under Section 147a.(2) and (3) to protect against a certain type of unauthorized disclosure of information. Such an unauthorized disclosure is one which “could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage” of material or a facility. Thus, a “significant adverse effect” is one which could significantly increase the likelihood of such effects. The Commission believes that this statement adequately describes the term and a separate definition is not necessary.
Transportation Physical Security Plan
Comment: One commenter proposed that the final rule define the term “transportation physical security plan”.
Response: The phrase “transportation physical security plan” does not appear in the revised proposed rule. The new proposed rule would require protection of “the composite physical security plan for transportation” in § 73.22(a)(2)(i), and “information regarding transportation security measures, including physical security plans and procedures” in § 73.23(a)(2)(i). The revision was made in part because not all licensees who would be subject to the revised proposed rule are explicitly required to have a “transportation security plan.”
The revised proposed rule is intended to protect information detailing the physical security measures and procedures used to protect source, byproduct, and special nuclear material in transit, whether or not those measures and procedures are contained in a document labeled “transportation security plan.” Because the term “transportation physical security plan” is not used in the revised proposed rule, there is no need to provide a definition.
Threat Environment
Comment: One commenter proposed that a final rule define the term “threat environment.”
Response: The phrase, “threat environment,” does not appear in the revised proposed rule text and, therefore, a definition for that term is not warranted.Start Printed Page 64014
Trustworthiness and Reliability
Comment: Several commenters from both public interest and industry groups expressed concern with the proposed definition of “Trustworthiness and Reliability” and whether it is sufficiently clear. One commenter wrote that it is conceivable that the criteria used to judge “trustworthiness and reliability” could be applied arbitrarily to restrict access to information by persons deemed to have interests in opposition to the NRC or the nuclear industry. This commenter also expressed concern that the procedure by which the “comprehensive background check” would be conducted is not clear.
Another commenter expressed the opinion that the “definition of trustworthiness and reliability does not clearly address how its requirements will be uniformly applied for all classes of individuals, nor is it clear as to whether there is a necessity for continued monitoring, nor is it clear what process an individual who is not a utility employee and does not have unescorted access must undergo to satisfy the criteria.”
A third commenter suggested that the definition of trustworthiness and reliability should include a link to §§ 73.56 and 26.10 such that a positive conclusion for access authorization and fitness for duty would allow a licensee to conclude an individual is trustworthy and reliable; however, unescorted access should not be a requirement for “trustworthiness and reliability.”
Finally, along similar lines, one commenter questioned whether elements in §§ 73.56 and 26.10 must be completed in order to determine trustworthiness and reliability. If that is the case, the commenter suggested that it should be specified. The commenter also expressed concerns that such a definition would be challenging to administer, especially for contract engineering firms who are never at the site.
Response: Ultimately, the decision whether an individual is sufficiently trustworthy and reliable to receive SGI is made by the person granting access based on a background check. The background check must be sufficient to support the trustworthiness and reliability determination so that the person granting access and the Commission have reasonable assurance that granting an individual access to SGI does not constitute an unreasonable risk to the public health and safety or the common defense and security. The general elements of a background check are defined in the revised proposed rule and discussed briefly above.
Not all persons who would be subject to this rule will have fitness for duty or access authorization programs, so the revised proposed rule does not include cross-references to trustworthiness and reliability requirements in §§ 26.10 or 73.56. Trustworthiness and reliability determinations required by those regulations may inform or serve as the trustworthiness and reliability determination that would be required under this revised proposed rule, if those determinations are based on a background check that also meet the requirements of this rule. The NRC staff plans to issue further guidance that will include discussion of acceptable background checks to support a licensee's trustworthiness and reliability determinations.
There is no requirement in this revised proposed rule that an individual determined to be trustworthy and reliable undergo a periodic background check to confirm or monitor trustworthiness and reliability. However, should a licensee learn of information that would reasonably call into question the trustworthiness and reliability of an individual authorized access to SGI or SGI-M, the licensee should re-evaluate the individual. In the case of NRC adjudicatory proceedings where subsequent requests for access are made, a new determination may be required depending on the length of time that has elapsed between requests.
The trustworthiness and reliability determination based on a background check that would be required does not necessarily satisfy the trustworthiness and reliability objectives of other regulations. For example, determining trustworthiness and reliability under 10 CFR 73.56 requires not only a background investigation, but a psychological assessment and behavioral observation as well. Determining trustworthiness and reliability under 10 CFR 26.10 requires chemical and alcohol testing under a fitness-for-duty program. Those requirements are separate from the requirements of this rule.
The Commission realizes that the trustworthiness and reliability requirement could be difficult to administer. But the same is true of many requirements aimed at monitoring the behavior and character of individuals. That does not make the requirement any less essential to ensuring safety and security. Determining trustworthiness and reliability is crucial to minimizing the risk that SGI will be compromised, and the Commission expects persons making trustworthiness and reliability determinations to do so in a fair and reasoned way.
Section 73.21 Protection of Safeguards Information: Performance Requirements
Comment: One commenter suggested that § 73.21 be revised to require SGI protection for information associated with the transportation of spent nuclear fuel (SNF) or high level waste (HLW) in greater quantities than 15 grams in order to be consistent with the NRC's fissile exemption limit for transportation purposes found in § 71.15(b). As a conforming change, the commenter also proposed that § 73.2 be revised to include definitions for “spent nuclear fuel,” “high-level radioactive waste,” and “irradiated nuclear fuel,” and that § 73.72 should be revised in the final rule to refer to advance notifications of shipments of greater than 15 grams of SNF or HLW.
Response: The Commission believes that the physical protection measures for shipments involving 100 grams or more of irradiated reactor fuel are appropriately controlled as SGI per § 73.22. Detailed security measures, physical security plans and procedures for the transportation of source, byproduct, and SNM in greater than or equal to Category 1 quantities of concern are designated as SGI-M pursuant to § 73.23(a)(2)(i). Those quantities cover the lower threshold for material as proposed by the commenter. NRC orders issued to persons transporting such materials require protection of such information and material when in transit.
In response to the comment requesting definitions of the terms “spent nuclear fuel,” “high-level radioactive waste,” and “irradiated nuclear fuel,” the Commission noted that the first two terms are defined in 10 CFR 72.3 and the third term is described in § 73.37. Therefore, separate definitions of these terms in part 73 are unnecessary.
Section 73.21(a)(1)
Comment: Two commenters suggested that the use of the terms “fuel cycle facilities required to implement security measures” in § 73.21(a)(1)(i) and “fuel cycle facilities” in the introductory language of § 73.22 are unclear. The commenters requested clarification on whether this is meant to apply to all fuel cycle facilities, or only those authorized to possess a formula quantity of special nuclear material, and not low strategic significance fuel cycle facilities, where SGI-M requirements might apply.
Response: The Commission has changed the text of the new proposed rule by deleting the phrase “fuel cycle facilities” and replacing it with “uranium hexafluoride production Start Printed Page 64015facilities, fuel fabrication facilities, and uranium enrichment facilities.” Fuel cycle licensees authorized to possess a formula quantity of SSNM remain subject to the requirements of § 73.22 as originally proposed.
Section 73.21(a)(2)
Comment: Two commenters proposed that § 73.21(a)(2) be amended to state that information protection procedures employed by Federal law enforcement agencies are also deemed to meet the general performance requirement, as some licensee facilities are located on Federal lands and Federal law enforcement officers respond to security events.
Response: In response to this comment, the proposed § 73.21(a)(2) is being modified to provide that information protection procedures employed by law enforcement agencies are presumed to meet the general performance requirements included in that section.
Section 73.22 Protection of Safeguards Information: Specific Requirements
Section 73.22(a) Information To Be Protected
Comment: One comment recommended that the NRC should specify all the types of information and documents that are part of the “expansion” of what is considered to be SGI. Clarification is needed as to the meaning and application of undefined terms such as “additional security measures,” “protective measures,” and “interim compensatory measures.”
Response: Both the definition of SGI and the description of the specific types of information to be protected as SGI provide sufficient details as to what information constitutes SGI. Any other information to be designated as SGI would be set forth in an order or regulation, in compliance with Section 147 of the AEA. Additionally, the terms “additional security measures,” “protective measures,” and “interim compensatory measures,” are being deleted from the text of § 73.22(a), and therefore need not be defined.
Section 73.22(a)(1) and 73.23(a)(1) Physical Protection
Comment: A commenter suggested that §§ 73.22(a)(1) and 73.23(a)(1) should be narrowed to those documents that contain sufficient detail on the licensee's actual strategies or procedures that, if inadvertently disclosed, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of material or a facility. The commenter indicated that it is unnecessary to categorize documents as SGI or SGI-M unless the information is specific to the facility or its protective strategy, or unless the protective features cannot be readily observed by an unauthorized individual from outside the Protected Area.
Response: Proposed §§ 73.22 and 73.23 would not protect all information related to the materials and facilities described in those sections. Sections 73.22 and 73.23 are explicitly limited to the protection of SGI and SGI-M. By definition, SGI and SGI-M is information the unauthorized disclosure of which could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of sabotage or theft or diversion of source, byproduct, or SNM. Sections 73.22(a)(1) and 73.23(a)(1) do not expand that limited scope. No changes have been made to the revised proposed rule.
The Commission disagrees that SGI should include only information specific to a facility or its defensive strategy. While such information clearly requires protection, so does certain generic information, such as the design basis threat implementing guidance, which describe in detail the specific operational and tactical capabilities of the hypothetical adversary force more generally described in the design basis threat rule. Those details, which are generically applicable to a number of licensees, could be used to identify licensee security measures, and if disclosed, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of material or a facility.
Comment: One commenter suggested that § 73.22(a)(1)(ii) be amended to clarify the term “substantially represent the final design features.” The commenter suggests, for example, that the language “substantially represent the final design features such that an engineer or security professional could detect vulnerabilities” would provide the necessary clarity.
Response: The Commission does not believe the language the commenter proposes would clarify this provision because the inclusion of the phrase “such that an engineer or security professional could detect vulnerabilities” adds an unnecessary level of complexity. Determining “which site specific drawings, diagrams, sketches, or maps substantially represent final design features of the physical security system,” as stated in the revised proposed rule text, is less subjective. In addition, SGI need not contain information limited to vulnerabilities.
Comment: A commenter recommended that § 73.22(a)(1)(ii) be modified to exclude from the SGI designation site specific drawings, diagrams, sketches, or maps that substantially represent the final design features of the physical security system which are accessible to members of the public. According to the commenter, information relating to security features such as fences, barriers, guard posts, and certain security cameras are in plain view and therefore not appropriate for designation as SGI. The commenter also proposed a similar change to § 73.22(1)(a)(iii) that would apply to alarm system layouts showing the location of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power sources, and duress alarms which are accessible to the public.
Response: In response to these comments, the paragraphs cited above are being changed to add the phrase “not clearly discernible by members of the public” at the end of each paragraph.
Comment: Two commenters felt that the meaning of “emergency power sources” in §§ 73.22(a)(1)(iii) and 73.23(a)(1)(ii) is not sufficiently clear as to whether it included emergency power sources for alarm systems only or any and all emergency power systems. One commenter proposed changing the language to read: “As installed details of alarm system layouts, location, and electrical design, that if disclosed, could facilitate gaining unauthorized access to special nuclear material, nuclear facilities, or Safeguards Information”.
Response: The Commission has modified the revised proposed rule text in response to this comment by inserting the additional words “for security equipment” after the term “emergency power sources”.
Comment: Two commenters noted, with respect to § 73.22(a)(1)(iv), that not all written physical security orders and procedures need to be SGI, as some security procedures are general or administrative and do not require SGI protection. Moreover, the commenters stated, designation of all security procedures as SGI would delay training new employees in the security force. Therefore, the commenters proposed that § 73.22(a)(1)(iv) be modified to allow flexibility in the control of security procedures. Another commenter proposed amending Start Printed Page 64016§ 73.22(a)(1)(iv) to read “[w]ritten physical security protective strategy orders and procedures for members of the security organization, duress codes, and patrol routes”.
Response: In response to these comments, the phrase “Written physical security orders and procedures for members of the security organization, duress codes, and patrol schedules” is modified in the revised proposed rule to read “Physical security orders and procedures issued by the licensee for members of the security organization detailing duress codes, patrol routes and schedules, or responses to security contingency events”.
Comment: A commenter suggested that it is unnecessary to classify documents as SGI or SGI-M unless the information is specific to the facility and its protective strategy. Therefore, the commenter proposed changing § 73.22(a)(1)(v) to read “[s]ite-specific design features or evaluations of site-specific plant radio and telephone communications systems revealing vulnerabilities or limitations in operating capability” in order to narrow the scope of documents to those that contain sufficient detail on the licensee's actual strategies or procedures that, if disclosed, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of material or a facility.
Response: In response to this comment, the language of § 73.22(a)(1)(v) has been changed in the revised proposed rule to read “Site specific design features of plant security” at the beginning of the section. These modifications to the text are not meant to address the broader concern already addressed in response to comments on § 73.22(a)(1) and § 73.23(a)(1). In addition, and as previously stated, the incorporation of such language in this section of the rule does not exclude certain generic information applicable to a number of licensees. Such information could be used, for example, to identify a specific licensee's security measures.
Comment: One comment stated that §§ 73.22(a)(1)(vii), 73.22(a)(1)(viii), and 73.22(a)(1)(ix) reference the safeguards contingency plan and training and qualification plan. The commenter then pointed out that these are now part of the composite security plan that was submitted as a result of the April 29, 2003 Order.
Response: Before the April 2003 Order, power reactor licensees were required to have the following three separate plans: “physical security plan”, “safeguards contingency plan”, and “guard training and qualification plan”. In response to that order, power reactor licensees chose to consolidate these three separate plans into a single “security plan”. The original proposed rule text has been revised in response to the comment to make clear that the composite physical security plan is considered SGI under § 73.22(a)(1)(i).
Comment: One commenter suggests modifying § 73.22(a)(1)(ix) to read “[a]ll portions of the composite facility guard qualification and training program that addresses the licensee's protective strategy”, which would delete the language “plan disclosing features of the physical security system or response procedures” from the end of that paragraph. The commenter further suggests that, given that most training and qualification plans do not include detailed information, these plans be “decontrolled” by the NRC.
Response: In response to this comment, the beginning of § 73.22(a)(1)(ix) has been changed in the revised proposed rule to delete the phrase “all portions of [the composite facility guard qualification and training plan]”. The Commission acknowledges that there may be some non-SGI in various licensee security plans and accordingly is deleting the phrase “all portions”. It is not entirely clear what this commenter means in seeking to have this category of information “decontrolled”. To the extent the commenter wants training and qualification plans to no longer be considered SGI, the Commission is not taking that action. Contrary to what is asserted in support of this request, this category of information includes details warranting protection against unauthorized disclosure.
Comment: One commenter proposes changing the word “identity” in § 73.22(a)(1)(x) to “agency” or “organization” to eliminate any potential confusion that “identity” could refer to identification of specific individuals. In addition, the commenter proposes replacing “safeguards or security emergencies” with “security contingency events” and making clear that “armament” refers specifically to the armament of response forces. To have “armament” apply to licensees would seem to require licensees to protect as SGI each purchase order for weapons. The commenter further proposes eliminating “information concerning” language and using the current part 73 language, and therefore having the subsection read “[r]esponse plans to specific threats detailing size, disposition, response times, and armament of responding forces.”
Response: The Commission is changing the language of this provision in the revised proposed rule by deleting the phrase “safeguards or security emergencies” and inserting the phrase “security contingency events.” As so worded, the section emphasizes that the requirement is security-related and also maintains consistency with other regulatory provisions. Also, the word “identity” is being deleted from the phrase to avoid the implication that this provision refers to the identification of specific individuals. Finally, the phrase “of response forces” is added after the word “armament” in the revised proposed rule. The Commission is retaining the language in this paragraph connoting that there could be features of response forces related to or derived from those specified in the rule text which also warrant protection as SGI. The Commission also declines to adopt the commenter's proposed language that would replace the term “response forces” with “response plans” because security-related plans are addressed elsewhere in §§ 73.22(a)(1).
Comment: One commenter suggested modifying § 73.22(a)(1)(xi) to delete the language “including the tactics and capabilities required to defend against that threat” because this is covered elsewhere in the regulations. In addition, the commenter suggested deleting “or other information” as it leaves too much room for interpretation. Another commenter suggested deleting references to the design basis threat in this subsection and elsewhere, or creating more prescribed provisions for exactly what is to be covered with respect to design basis threat information, as such information is important to public participation and knowledge.
Response: The phrase “or other information” is deleted and the section is reworded to clarify which information related to the design basis threat would be considered SGI. Specifically, the Adversary Characteristics Document and other design basis threat implementing guidance, which describe in detail the specific operational and tactical capabilities of the hypothetical adversary force more generally described in the design basis threat rule, are considered SGI. The phrase “including the tactics and capabilities required to defend against the threat” is deleted from the revised proposed rule because it is not necessary. Those tactics and capabilities are described in licensee security plans which are considered to be SGI.Start Printed Page 64017
Comment: Several commenters expressed the concern that language in § 73.22(a)(1)(xii) would include engineering and safety analyses and emergency planning procedures or scenarios within SGI protection, and this would suppress information of significant concern to the public. Commenters also suggested that the criterion found in § 73.22(a)(1)(xii) was not sufficiently precise so as to alert a licensee as to the type of information to be protected, that the proposed language “exposes such a licensee to second-guessing or enforcement action.” One commenter representing a public interest watchdog group stated that the public has a “right to know what risks they face from nearby nuclear facilities” and that “public participation has proven an effective tool for improving facility performance and safety.” The commenter expressed concern that if the public does not know what is going on at a facility, it cannot effectively engage the facility and advocate for safety improvements and that if the public was not aware of emergency planning procedures, it would be at risk from an accident or a possible attack against a facility. In addition, the commenter proposes that the NRC should retain the current rule language that allows only “portions of” documents to be protected as SGI, in order to maximize the amount of information that the public receives without divulging any protected information.
Another commenter similarly stated that “it is crucially important that the public has access to information regarding protective measures taken by operators to defend their facilities so that they may be held accountable” and that the “broad category of information that is included in these sections, including, especially, safety analyses, emergency planning procedures, and any other information related to the security of a nuclear facility, sharply hinders the public's ability to judge the competency of nuclear operators and the adequacy of their programs to protect their facilities and materials.”
Another commenter expressed concerns that § 73.22(a)(1)(xii) could be used to “suppress faulty assumptions as the basis for engineering and safety analyses, which is a significant concern to public safety policy analysts and intervenors.”
Other commenters also provided comments with regard to §§ 73.22(a)(1)(xii) and 73.22(a)(2)(viii). One commenter proposed that it should be clear that “engineering and safety analyses” mean only such analyses pertinent to physical security and not plant safety, as that information is already public. Industry commenters expressed concern that control of emergency planning procedures as SGI would make coordination with local and state agencies difficult, as well as affected non-governmental entities, and could jeopardize effective and safe operation of a plant. More specifically, one commenter notes broad interpretation of these requirements would require state and local governmental entities who are not in law enforcement but are involved in emergency planning to be verified as “trustworthy and reliable” by the licensee in order for the licensee to comply with 10 CFR part 50, Appendix E IV.B.
One commenter recommends revising the wording at the end of § 73.22(a)(1)(xii), proposed as “by significantly increasing the likelihood of theft, diversion, or sabotage of material or a facility,” to “significantly increasing the likelihood of radiological sabotage or theft or diversion of source, byproduct, or special nuclear material,” in order to correspond to the wording used in the definition of SGI.
Response: In response to these comments, the phrase “related to” at the beginning of § 73.22(a)(1)(xii) is being changed in the revised proposed rule to “revealing site specific details of”. The phrase “unauthorized disclosure of such information” is changed to “unauthorized disclosure of such analyses, procedures, scenarios, and information”. These revisions clarify that the analyses, procedures, scenarios, and other information described in this section are considered to be SGI only if they reveal “site specific details” about the physical protection of the facility or source material, byproduct material, or SNM. To clarify the fact that “emergency planning procedures or scenarios” should remain publicly available, to the extent possible, that phrase is being changed here and elsewhere in the rule text, to “security-related procedures or scenarios”. However, security-related information, wherever it occurs, including security information that is found within a specific emergency preparedness procedure, could potentially need to be protected as SGI. Also, in order to provide greater specificity in the revised proposed rule text, the phrase “material or facility” at the end of the revised proposed rule text is changed to “source, byproduct, or special nuclear material”.
Certain sections of the current rule language, as well as sections of the revised proposed rule text, refer to “portions of” documents to be protected as SGI. For example, current § 73.21(b)(3)(i) designates, in pertinent part, “[p]ortions of safeguards inspection reports” to be SGI. Similarly, in the revised proposed rule text, § 73.22(a)(3)(i) refers to “portions of” inspection reports as constituting SGI. Therefore, it is not correct that the current rule only allows protection of portions of documents or information as SGI.
Because the Commission is revising the original proposed rule to more closely track the language of Section 147 of the AEA, the Commission is declining to make the suggested change to the end of § 73.22(a)(1)(xii) by substituting “radiological sabotage” for the statutory language of “sabotage.” The relevant portions of Section 147 refer simply to “sabotage” and the Commission is using that term in the revised proposed rule.
The Commission's intent in revising the requirements in part 73 for protection of SGI is not to deprive the public of information or to suppress faulty assumptions in engineering analyses and safety analyses, as some commenters assert. One of the main purposes of these proposed amendments is to provide in 10 CFR part 73 the breadth of information that Section 147 of the AEA requires the Commission to protect. The Commission determined that unauthorized release of this information could result in harm to the public health and safety or the common defense and security.
Comment: One commenter noted that, “as proposed, § 73.22(a)(1)(xiii) requires ‘Information required by the Commission pursuant to 10 CFR 73.55(c)(8) and (9)’ to be protected as SGI without explicitly identifying what must be protected as SGI”. The commenter suggested that there is no apparent reason to protect this information as SGI and the requirement should therefore be deleted.
Response: The Commission is deleting this paragraph because the information described in this paragraph would be protected in § 73.22(a)(1)(xi).
Section 73.22(a)(2) Physical Protection in Transit
Comment: One commenter stated that §§ 73.22(a)(2) and 73.23(a)(2) would cover transportation related information that is under the DOT's regulations in 49 CFR part 15, “Protection of Sensitive Security Information (SSI)”. If implemented in its current form, the commenter continues, these regulations will require licensees to handle, at a minimum, transportation security plan risk assessments as both SSI and SGI or SGI-M, duplicative requirements that Start Printed Page 64018add no discernible benefit. Furthermore, the commenter states, classification of certain transportation related information as SGI will be unworkable. Therefore, the commenter proposes, all of the regulatory agencies should reach consensus on what information should be protected, reduce the number of classifications, and develop a single cohesive nationwide set of information security protection standards that includes a clear definition of each classification. If the NRC does impose duplicative requirements for protection of transportation security-related information in addition to DOT's regulations, the commenter further suggests, the NRC should replace “transportation physical security plan” with “transportation security plan” to be consistent with DOT regulations, or provide a definition of “transportation physical security plan.”
Response: The NRC recognizes that transportation of radioactive material may be subject to the requirements of both the DOT and the NRC with respect to protective markings, SSI, SGI, and SGI-M. However, requirements for the protection SSI are not as strict as NRC SGI or SGI-M protection requirements. The NRC believes that the information described in § 73.22(a)(2)(i) requires the higher protection afforded by the designation SGI. Similarly, the information set forth in § 73.23(a)(2)(i) must be protected as SGI-M. Finally, as noted previously, the Commission has replaced the phrase “transportation physical security plan” with “composite physical security plan for transportation” to distinguish NRC-required plans from others.
Comment: One commenter contended that the new language of § 73.22(a)(2)(ii), “Routes and quantities for shipments of spent fuel are not withheld from public disclosure,” no longer assures public access to route and quantity information for shipments of byproduct or source material or nuclear waste. The commenter expresses concern that the NRC does not have the authority to limit access to this information, for which Congress has specifically protected public disclosure in the AEA. The commenter therefore proposes that the NRC ensure that the language in the final rule does not undermine the AEA by narrowing disclosure requirements.
Response: The revised proposed rule would not designate shipping routes and quantities as SGI or SGI-M. However, the rule would designate schedules and itineraries as SGI and SGI-M. Schedules and itineraries combine route and quantity information with specific information about the timing and security of a shipment to create information that, if disclosed, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of sabotage or theft or diversion of nuclear material. Section 147a.(3) of the AEA provides in part that “[n]othing in this Act shall authorize the Commission to prohibit the public disclosure of information pertaining to routes and quantities of shipments of source material, by-product material, high level nuclear waste, or irradiated nuclear reactor fuel.” The revised proposed rule text has been revised to be more consistent with the language of Section 147a.(3) of the AEA.
Comment: One commenter proposed removing § 73.22(a)(2)(vii) on the grounds that it is extremely vague and would allow the NRC to protect from public disclosure any “information concerning the tactics and capabilities required to defend against attempted radiological sabotage, or theft and diversion of formula quantities of special nuclear material, or related information.” The commenter expressed concern over the NRC's use of “vague terms” such as “any information concerning” and “related information” and suggested that this provision could be used to conceal information about a town's capabilities to respond to an attack on a rail car passing through it.
Response: The language “related information” portion of this section has been deleted from the text of the revised proposed rule because it is redundant of the language at the beginning of this section (“information concerning”). The text of the rule does not include the phrase “any information concerning” as stated in the comment.
Comment: Commenters expressed concerns that § 73.22(a)(2)(viii) would exempt safety analyses, emergency planning procedures, or other information about the protection of transported materials from public disclosure as SGI. Accordingly, commenters recommended revising or removing § 73.22(a)(2)(viii) in order to ensure that the public has access to emergency procedures and safety analyses information they need to protect their community. A commenter proposed removing the proposed §§ 73.22(a)(2)(viii) and 73.23(a)(2)(iv) and (v) on the grounds that these proposed changes would prevent communities from learning what steps are being taken to protect them and from participating in the process of keeping the community safe. The commenter expressed concerns that these provisions are overly vague in what information may be protected from public disclosure and could result in too much information being concealed from the public.
Response: The Commission recognizes that the public needs information about safety and emergency planning and will continue to make much of that information publicly available. Therefore, the phrase “emergency planning procedures or scenarios” is being changed to “security-related procedures or scenarios”. But a limited amount of safety and emergency planning-related information, if publicly disclosed, could be used to identify security measures for the protection of nuclear facilities and materials, thereby significantly increasing the likelihood of sabotage or theft and diversion. For example, emergency planning information that specifies response times for local law enforcement, or identifies the size, tactics, and capabilities of first responders to a radiological event could be very useful to a potential adversary in planning an attack. Accordingly, that information could conceivably need to be protected as SGI.
The Commission's intent is not to prevent public knowledge of vital safety and emergency information. Hence, the revised proposed rule has been changed in response to comments that it was too broadly worded as originally proposed. The protection required for engineering and safety analyses and security-related procedures or scenarios under § 73.23(a)(1)(x) would be appropriately limited to information that could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source material, byproduct material, or SNM.
Section 73.22(a)(3) Inspections, Audits, and Evaluations
Comment: A commenter objected to what it saw as the broadening of § 73.22(a)(3) and stated that the proposed change lacks specificity and could potentially conceal public health, safety, security, and environmental concerns from public disclosure. The commenter expressed concern that the provision could be interpreted to include and suppress information that rightfully should be brought to the attention of the public and policy makers.
Response: The Commission has eliminated references to specific licensees from the revised proposed rule. This clarifies the scope of the rule Start Printed Page 64019and simplifies the text. The commenter provides no basis for the assertion that the Commission would use revised § 73.22(a)(3) to conceal information from public disclosure. The regulations provide access to individuals who have a “need to know” the information and who are trustworthy and reliable. Protecting SGI and SGI-M from unauthorized disclosure does not equate to concealing or suppressing information that should be in the public domain.
Comment: Another commenter suggested that the NRC restore the provision in proposed § 73.22(a)(3)(i) to allow the release of information developed in inspections, audits, and evaluations concerning weaknesses and problems that have been corrected.
This paragraph retains the provision in current § 73.21(b)(3)(i) which designates as SGI portions of safeguards inspection reports, evaluations, audits, or investigations that contain details of a licensee's or applicant's physical security system or that disclose uncorrected defects, weaknesses, or vulnerabilities in a licensee's or applicant's physical security system. This provision implies that corrected defects, weaknesses, or vulnerabilities will be released.
Response: In response to this comment, the proposed rule is revised in part, to carry over the portion of § 73.21 that provides for the release of information regarding defects, weaknesses, or vulnerabilities after corrections have been made. However, as stated in the revised text, the disclosure of such information is not automatic, and is subject to an assessment taking into account such factors as the results of trend analyses and the impacts of disclosures on other licensees having similar physical security systems. The partial revision of the proposed rule text is consistent with the policy to increase the amount of public information released pursuant to the Security Oversight Process.
Section 73.22(a)(5)
Comment: Two commenters suggested that § 73.22(a)(5) lacked specificity. One commenter expressed concerns that § 73.22(a)(5) was not specific enough to “allay growing public concerns that the agency could arbitrarily and capriciously further conceal or subordinate significant public health, safety, and security issues to economically shield and benefit the nuclear industry.” Another commenter suggested that the language of § 73.22(a)(5) was an “incredible expansion of government secrecy that could allow instances of extreme operational incompetence to go unnoticed by the public.” That commenter suggested deleting the “other information” language to narrow and clarify the rule.
Another commenter proposed making § 73.22(a)(5) reflect the preamble of § 73.22 by stating that orders will only be used to classify information in an emergency when rulemaking is not available.
Response: Section 147 of the AEA explicitly authorizes the Commission to proceed by order or regulation to prohibit the unauthorized disclosure of SGI. Nothing in the AEA limits the use of the Commission's ordering authority to emergency situations. Such a restriction could hinder security and safety in the event the Commission needs to act quickly to protect SGI not already identified in the regulations. The Commission declines to adopt such a limitation. However, the Commission has changed the revised proposed rule language to clarify that any information that would be categorized as SGI under § 73.22(a)(5) would have to be within the scope of Section 147 of the AEA, and would be imposed by a new order or rulemaking.
Section 73.22(b) Conditions for Access
Comment: One commenter remarked that, in the context of § 73.22(b), there is no benefit from imposing different access authorization requirements for nuclear power reactors as compared to other licensees.
Response: In the original proposed rule, access requirements varied depending on whether an individual is to be granted access by a nuclear power reactor licensee or applicant, as set forth in § 73.22(b)(1)(i)(A) or by other licensees or applicants covered by § 73.22, pursuant to § 73.22(b)(1)(i)(B). Such variation was based on Section 149 of the AEA, which required each licensee or applicant for a license to operate a nuclear power reactor to fingerprint each individual permitted access to SGI. The EPAct, however, amended Section 149 to authorize fingerprinting all individuals engaged in an activity subject to regulation by the Commission, licensees, all applicants for a license to engage in Commission-regulated activities, and all individuals who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission. Fingerprints would be submitted to the U.S. Department of Justice for a criminal history check, which would be assessed as part of the background check that provides the basis for a trustworthiness and reliability determination.
Section 73.22(b)(1)
Comment: Several comments stated that §§ 73.22(b)(1)(i)(B) and 73.23(b)(1)(i) in the original proposed rule were unclear as to what is meant by “comprehensive background check or other means as approved by the Commission.” One commenter noted that requiring a background investigation has proven to be challenging for transportation companies, because the time required for background investigations has often prevented transportation companies from bidding on some jobs. That commenter suggested that the NRC specify the “other means” that would be acceptable for entities implementing an SGI-M program. Another commenter expressed concern that if the “comprehensive background check” was similar to the “Q” or “L” access authorization investigations or checks of 10 CFR part 25, it would impose an intolerable burden because of the time and resources necessary for the completion of such a check, particularly for those entities developing new SGI or SGI-M programs.
Response: As previously discussed, a definition of “background check” is now included § 73.2. NRC staff plans to issue further guidance that will include a discussion of acceptable background checks that would satisfy the rule requirements by “other means” and support a licensee's trustworthiness and reliability determinations. The requirements for access to SGI are different from the provisions for access to classified information (part 25) or for access under part 95 to Classified National Security Information and/or, Restricted Data, and/or Formerly Restricted Data.
Comment: A commenter expressed the concern that § 73.22(b)(1)(ii)-(vi) in the original proposed rule in combination with § 73.22(b)(2) appears to require licensees to perform a Federal Bureau of Investigation (FBI) criminal history check for NRC personnel. If this is not the case, the commenter proposed that (b)(2) of both sections should be modified to state: “The individuals described in paragraph (b)(1)(i) through (vi).”
Response: The Commission does not interpret the cited provisions of the original proposed rule set forth by the commenter as requiring licensees to perform FBI criminal history checks for NRC personnel. Section 73.22(b)(3) would exempt governmental individuals from the requirement for a Start Printed Page 64020determination of trustworthiness and reliability, including NRC employees.
Comment: One commenter stated that § 73.22(b)(1)(vii) would require a licensee to demonstrate trustworthiness and reliability for an individual to whom disclosure is ordered pursuant to 10 CFR 2.709(f). The commenter noted that a licensee should not bear the responsibility for making this finding for an intervenor. The commenter also noted that the rule was not clear as to when a presiding officer would have the responsibility to make this determination—when an intervenor wants access to SGI or only if an intervenor appeals a party's determination. For these reasons, the commenter suggested rethinking the application of these criteria to adjudicatory hearing matters and resolving such issues in a separate rulemaking or by issuing Commission orders in each case where controlling the dissemination and use of SGI might be an issue.
Response: The rule is not intended to require licensees to determine whether intervenors in an adjudicatory proceeding are trustworthy and reliable to receive SGI or SGI-M. Presiding officers have the authority to make determinations about information disclosures if a dispute over access to SGI or SGI-M documents arises. Section 73.22(b)(4) and 73.23(b)(4) have been added to the revised rule to make this clear. Sections 2.709(f) and 2.1010(b)(6) have been revised and new §§ 2.336(f) and 2.705(c)(2) have been added to the revised proposed rule to specify procedures to be followed in the event of such a dispute.
Under the procedures set forth in these provisions, when a party or participant in an adjudicatory proceeding seeks production of SGI from another party or participant that refuses to produce it, the presiding officer has the authority to decide the dispute. The presiding officer will make the first determination necessary for access to SGI, which is whether the individual seeking access has the requisite “need to know”, as defined in 10 CFR 73.2. If so, the presiding officer may order production of the SGI after the second determination is made, namely whether the individual to be authorized access to SGI has been found to be trustworthy and reliable by the NRC Office of Administration, based on a background check (including a criminal history records check and fingerprinting). Procedurally, the presiding officer may issue an order that designates the information as necessary and relevant and that requires the party or participant seeking access to SGI or SGI-M to designate those individuals who would receive it. The order would also require the NRC Office of Administration to determine the trustworthiness and reliability of those individuals designated to receive SGI in accordance with the provisions of §§ 73.22(b) or 73.23(b), as appropriate.
If the NRC Office of Administration concludes that the designated individuals are trustworthy and reliable to receive SGI, the presiding officer would issue a second order requiring production of the SGI or SGI-M under the provisions of a protective order. Presiding officers have the authority to hear appeals on the NRC Office of Administration's trustworthiness and reliability determination.
If parties or participants in an adjudicatory proceeding agree that an intervenor has a “need to know” and are willing to share the SGI or SGI-M without seeking a determination on “need to know” from the presiding officer, then the parties or participants may do so, provided that a protective order has been issued by the presiding officer and a trustworthiness and reliability determination has been made by the NRC Office of Administration. If the SGI sought by the intervenor is held solely by the licensee or applicant, and not the NRC, the licensee or applicant may provide the SGI to the intervenor under the terms of the protective order. If the SGI is held by both the licensee or applicant and the NRC (“dual holders”), the NRC will provide the SGI to the intervenor, under the terms of the protective order.
Section 73.22(c)(1) Protection While in Use or Storage
Comment: Commenters proposed that § 73.22(c)(1) be amended to authorize SGI to be stored in the Reactor Control Room not in a locked security storage container. The basis for this request is that control rooms are continuously manned and this change would allow rapid access, if necessary, to pertinent SGI material (e.g., controlled operating procedures).
Response: In response to these comments, §§ 73.22(c)(1) and 73.23(c)(1) are being changed to delete the phrase “Safeguards Information within alarm stations, manned guard posts or ready rooms need not be locked in a locked security storage container.” A new phrase is being added to state “Safeguards Information within alarm stations, or rooms continuously occupied by individuals need not be stored in a locked security storage container.”
Section 73.22(c)(2)
Comment: One commenter proposed that § 73.22(c)(2) be modified to allow licensees to mark containers as containing SGI, because this practice ensures that the importance of those containers is clearly understood and because those containers are typically located in areas with no public access.
Response: The Commission is declining to adopt the change proposed by the commenter because marking locked security storage containers to indicate they contain SGI may assist in identifying the location of SGI. The fact that such containers may typically be located in areas without public access is irrelevant because not all individuals in such areas are authorized for access to SGI. An unauthorized individual seeking access to SGI might be aided by such markings, regardless of whether the SGI is stored in areas without public access.
Section 73.22(d)(1)
Comment: One commenter proposed that the term “first page” in § 73.22(d)(1) be changed to “first page or cover sheet” to allow licensees to continue with current practice which meets the intent of the revised proposed rule.
Response: The Commission is not modifying § 73.22(d)(1) as the commenter suggests because the information specified in § 73.22(d)(1)(i) through (iii) should be noted on the first page of the document itself rather than in a separate document, such as a cover sheet. The Commission does not expect that licensees or applicants must go back and mark documents for which a cover sheet was used for the required information instead of the first page of the document, as set forth in § 73.22(d)(1).
Comment: One commenter suggested that the requirement in § 73.22(d)(1)(i), and a similar provision in § 73.23(d)(1)(i), regarding “the individual authorized to make a * * * [SGI] determination, and who has determined that the document contains” SGI is not clear, for example, as to whether training is required or whether a SGI or SGI-M determination requires one or two individuals.
Response: The commenter is correct that the rule does not prescribe specific qualifications for persons who will determine whether or not particular information is SGI or SGI-M. Licensees have an incentive to select and train competent persons to make these determinations, because a finding that a document contains SGI or SGI-M will add to the licensee's document-handling Start Printed Page 64021burdens. At the same time, the Commission recognizes that when there is any doubt about whether information is or is not SGI or SGI-M, there is an incentive to mark it as SGI. This “err on the safe side” tendency could lead to unnecessary burdens and over-use of the SGI or SGI-M designations. The Commission will consider making appropriate additions or changes to resolve this problem if it should arise. Such changes might include specifying qualifications for persons who make SGI or SGI-M determinations if experience shows this to be necessary. The number of individuals necessary to make these designations may vary from one licensee to another. The Commission expects that the individual(s) who are “authorized to make a Safeguards Information determination” are the same as the individual(s) who “determined that the document contains Safeguards Information.” In other words, the individual or individuals making the determination must be authorized to do so.
Comment: A commenter suggested that the requirement to designate the individual making the SGI determination is “redundant and unnecessary” for pleadings. The commenter stated that the determination can be attributed to the individual signing the pleading.
Response: The Commission disagrees with this comment, as oftentimes the person making an SGI determination will not be the signatory of a pleading. Section 73.22(d)(1) ensures that the identity of the person making the SGI determination—be it the individual signing the pleading or some other individual—is clear. If the signatory also makes the SGI determination, the document should be marked in accordance with § 73.22(d)(1). The Commission does not view this as redundant or unnecessary and declines to adopt the commenter's suggestion.
Section 73.22(d)(3)
Comment: A commenter questioned whether pleadings filed in an adjudicatory proceeding would be considered correspondence to the NRC requiring portion marking pursuant to § 73.22(d)(3). The commenter stated that SGI in a pleading is “usually integral to the entire pleading such that removal of such information would render the remainder [of the pleading] of marginal or no use, if released.” The commenter indicated that substantial effort would be required to portion-mark pleadings containing SGI. Additionally, the commenter concluded that intervenors have a general reluctance to designate a particular piece of information as non-SGI because they “will be second-guessed by the licensee or NRC staff.” For these reasons, the commenter stated that there appeared to be little utility added by this requirement.
Response: Pleadings filed in an adjudicatory proceeding before the NRC are considered correspondence and therefore would require portion marking in accordance with § 73.22(d)(3). Attachments and exhibits to pleadings, however, are not considered to be correspondence and, therefore, do not require portion marking. For example, a pleading may attach portions of a security plan as an exhibit. The attached plan would not be required to be portion marked, but instead can be treated in its entirety as SGI. The NRC uses portion marking to ensure that the pleading is made public without the portion-marked SGI. Although the Commission acknowledges that additional effort will be required by participants in adjudicatory proceedings to portion mark pleadings, the Commission does not believe that the burden is undue, especially when compared with the potentially adverse consequences of a malevolent adversary obtaining SGI. Finally, the Commission disagrees with the commenter's conclusions about intervenors' reluctance to designate information as non-SGI. The Commission declines to change § 73.22(d) in response to these comments.
Comment: Several comments were received to the effect that the portion marking requirements of §§ 73.22(d)(3) and 73.23(d)(3) for “Engineering and safety analyses, emergency planning procedures or scenarios” would be burdensome and that the portion marking of documents sent to the NRC would impose an unnecessary burden on licensees and should therefore not be required. One commenter noted that the portion marking requirements would be unnecessary because licensees control entire documents as SGI and that the administrative benefit to the NRC would not be worth the substantial burden on licensees.
Response: This comment refers to burden on licensees to portion mark “Engineering and safety analyses emergency planning procedures or scenarios” when such information is included in correspondence to or from the NRC. For the reason previously stated, the designation of “Engineering and safety analyses emergency planning procedures or scenarios” as SGI has been changed throughout the rule text to “security-related procedures or scenarios.” Because many commenters otherwise requested clarification of this category of information, these sections also have been revised to clarify that the analyses, procedures, scenarios, and other information described in this section would be considered SGI only if they reveal “site-specific details” about the physical protection of the facility or source, byproduct, or SNM. Licensees and applicants would only be required to portion mark analyses, procedures, or scenarios that contain SGI when included in transmittal documents for correspondence with the NRC.
Comment: Another commenter proposed modifying § 73.22(d)(3) to provide flexibility on portion marking of correspondence to and from the NRC as follows: “Portion marking of documents or other information is allowed for correspondence to and from the NRC,” which would replace “required” with “allowed.” The commenter suggested that this would allow licensees to designate entire documents as SGI without having to mark each paragraph if appropriate.
Another commenter suggested that a document containing SGI should be marked as SGI in its entirety, and that when it is appropriate to produce documents that contain both SGI and non-SGI, attempts should then be made to segregate the SGI into separate sections. The commenter noted that in such cases, it would be reasonable to require portion marking but not in all cases. Therefore, the commenter proposed, the rule must reflect that portion marking is only to be required for documents transmitted to or from the NRC in which significant portions of the document are clearly non-SGI.
Response: In response to comments, § 73.22(d)(3) is being modified to replace the phrase “Portion marking of documents or other information is required for correspondence to and from the NRC” with the phrase “Portion marking is required only for correspondence to and from the NRC (i.e., cover letters, but not attachments) that contains Safeguards Information.” The NRC declines, however, to amend the revised proposed rule so that portion marking of correspondence to and from the NRC would be optional. Portion marking of such correspondence allows the NRC to release non-SGI to the public.
Sections 73.22(d)(4) and 73.23(d)(3)
Comment: Four commenters suggested that §§ 73.22(d)(4) and 73.23(d)(3) should not require the marking of documents and other matter containing SGI in the hands of contractors and agents of licensees that were produced within one year prior to the effective date of this rule. One commenter suggested that to the extent Start Printed Page 64022that these new requirements are different from the existing ones, the differences are minor and that, therefore, the regulation should not require the conduct of an extensive review of documents produced within the last year prior to the promulgation of a final rule. Another commenter similarly proposed that marking requirements should only be applied to documents generated after the effective date of a final rule and should not be applied retroactively to previously generated documents. One commenter suggested that § 73.22(d)(4) implies that if the document is taken out of storage, even if more than a year old, it must be marked.
Response: The requirement that documents and other matter containing SGI in the hands of contractors and agents of licensees be marked if they were produced within one year prior to the effective date of the rule has been removed from the rule in response to comments. Therefore, the marking requirements set forth in this rule would apply only to documents generated after the effective date of a final rule.
Section 73.22(d)(5)
Comment: Two commenters proposed that § 73.22(d)(5) should be eliminated, as it is redundant to, but inconsistent with, § 73.22(d)(1), which requires material to be marked “Safeguards Information” at the top and bottom of each page. One commenter noted that the “Safeguards Information” designation required in § 73.22(d)(5) may not alert someone who is not familiar with that initialism to the fact that it is SGI and, therefore, that inconsistency between §§ 73.22(d)(5) and 73.22(d)(1) should be eliminated.
Response: The revised proposed rule has been changed to eliminate the redundancies and inconsistencies identified by the commenter. Section 73.22(d)(5) in the original proposed rule has been renumbered as § 73.22(d)(4) in the revised proposed rule.
Section 73.22(e) Reproduction of Matter Containing Safeguards Information
Comment: One commenter suggested that the new requirement prohibiting digital copiers connected to a network, found at §§ 73.22(e) for SGI and 73.23(e) for SGI-M, is difficult in today's electronic office environment. Another commenter proposed that § 73.22(e) should not prohibit the use of a copier, printer, or scanner connected to the closed network in the “stand alone” computer system allowed in § 73.22(g).
Response: The revised proposed rule has been modified to be less prescriptive and more performance-based. Under the revised proposed rule, any equipment may be used to reproduce SGI, provided unauthorized individuals cannot gain access to SGI by accessing, using, or manipulating the equipment (for example, by gaining access to retained memory or using network connectivity to access SGI).
Sections 73.22(f) and 73.23(f) External Transmission of Documents and Material
Comment: One comment noted that the double packaging requirement for external transmittal of SGI, found in §§ 73.22(f) and 73.23(f), although not onerous, is akin to the protection afforded to classified matter. Another commenter proposed that § 73.22(f)(2) be rewritten to state that SGI may be transported by any commercial delivery or courier company that provides service with tracking features, rather than any commercial delivery company that provides “nationwide overnight service with computer tracking features” as the original proposed rule reads. The commenter suggests that this would allow licensees to continue to use current trusted local delivery services.
Response: The double packaging requirements of the original proposed rule are necessary to prevent unauthorized individuals from readily identifying that the package contains SGI while in transit, and to prevent recipients from inadvertently disclosing SGI to unauthorized individuals upon receipt. The double packaging requirements have not been changed in the revised proposed rule.
However, the Commission agrees that local delivery services, so long as the carriers have computer tracking capabilities, may be permitted to transport SGI. Computer tracking capabilities are necessary to aid in quickly determining the location of the information so that the risk of unauthorized disclosure may be minimized. Sections 73.22(f)(2) and 73.23(f)(2) have been changed to reflect that nationwide, overnight service would not be a requirement for a commercial delivery company to transport SGI.
Section 73.22(g) Processing of Safeguards Information on Electronic Systems
Comment: One commenter proposed that § 73.22(g) contain a provision permitting transfer of encrypted SGI over a computer network, similar to the proposed § 73.23(g)(2). In addition, a comment received noted that the DOE has an SGI protection plan that was approved by the NRC to satisfy current § 73.21(h) and has a need to retain capabilities for handling SGI as approved, due to a distanced-managed site. This commenter therefore proposes adding a provision to § 73.22(g) to allow the use of other protective measures approved by the NRC pursuant to old § 73.21(h) or new § 73.22(g).
Response: Section 73.22(f)(3) permits electronic transmission of SGI by protected telecommunications circuits (including facsimile) or encryption (Federal Information Processing Standard [FIPS] 140-2 or later).
Section 73.21(b)(1) of the revised proposed rule would explicitly preserve the Commission's authority to require different SGI protection requirements in individual cases. If alternative protection methods can be devised that provide an equivalent level of protection for SGI, the Commission would consider approving those methods on a case-by-case basis.
Section 73.22(i) Destruction of Matter Containing Safeguards Information
Comment: Two commenters expressed concern over § 73.22(i), which contains requirements for the destruction of matter containing SGI. One commenter suggests that § 73.22(i) seemingly permits the use of “strip shredders” for destruction if pieces are one-half inch or less and mixed. The commenter states that this is inconsistent with advice given by NRC staff members who believe that a cross-cut shredder must be utilized and proposes that the rule clarify whether the use of “strip shredders” is permissible. Another commenter suggested that the wording of § 73.22(i) be modified to specify pieces one-half inch or smaller on a side to provide important clarification of how small the pieces would have to be to constitute destruction.
Response: The revised proposed rule has been changed in response to this comment. The rule would allow the use of strip shredders and other shredders that shred pieces no wider than a quarter of an inch if the pieces are thoroughly mixed.
§ 73.23 Protection of Safeguards Information—Modified Handling: Specific Requirements
Comment: A commenter suggested that establishment and implementation of the SGI-M program by licensees with an existing SGI program is unnecessary.
Response: Persons who establish, implement, and maintain handling, access, and control procedures for SGI described in § 73.22 would have a program sufficient to protect SGI-M Start Printed Page 64023described in § 73.23 and would not need to establish a second or separate SGI-M program. However, special attention would be required when transmitting SGI to ensure proper document marking and handling.
A primary difference between the SGI protection requirements in §§ 73.22 and 73.23 is in the marking of the information. SGI in the former category is marked “Safeguards Information” while the latter category is marked “Safeguards Information—Modified Handling.” The different markings are associated with different storage requirements. SGI described in § 73.22 must be stored in a locked security storage container, but SGI described in § 73.23 and marked as SGI-M has a less stringent storage requirement—the information must be stored in a locked file drawer or cabinet.
A person who possesses both types of SGI—i.e., that described in §§ 73.22 and 73.23—and who always stores SGI in a locked security storage container under § 73.22(c)(2) would be in compliance with the regulations because that person would achieve the maximum level of protection required by the regulations. But not everyone will possess both types of SGI—some will only possess SGI falling under § 73.23, in which case a locked security storage container would not be required. Thus, when a person with a § 73.22 program sends SGI to a person with only a § 73.23 program, proper document marking would be essential.
Proper marking is necessary when SGI is communicated so that the recipient does not receive a document with markings that would require storage in a container that the recipient does not possess. Without the appropriate document markings, the sender could cause a violation of the regulations.
This commenter implies that the SGI-M designation means the information will be held “secret,” which is not the case. Individuals with a “need to know” the information who are determined to be trustworthy and reliable may be granted access to SGI. Access to “secret” National Security Information is beyond the scope of this rulemaking and is governed by separate requirements.
Comment: One commenter stated that if the NRC believes that information associated with less than 15 grams of SNF or HLW should be protected as SGI, it should be designated as “SGI-M.” The commenter also proposed that information associated with the transportation of 15 grams of SNF or HLW should be protected as SGI pursuant to §§ 73.21 and 73.22.
Response: The Commission did not propose to protect the information identified by the commenter as SGI or SGI-M. If in the future the Commission establishes physical security requirements for the transportation of the materials referred to by the commenter, the Commission will determine whether to also require protection of security-related information as SGI or SGI-M in accordance with §§ 73.21(b)(1) and (2).
Comment: A commenter recommended against the creation of the SGI-M category because the category is overly broad, the need for restrictions on such material has not been clearly established, and the risks associated with the release of such information do not justify secrecy. This commenter expressed concerns that holding less-dangerous SGI-M information as secret will decrease accountability and eliminate the public's ability to be aware of and participate in safety matters that concern their communities.
Response: The Commission disagrees that protection of the SGI described in § 73.23 is unnecessary. The information that would be protected under § 73.23 describes security measures and physical protection information related to radioactive materials that could be used in a radiological dispersion device. Securing those materials is vital to the public health and safety and the common defense and security. Protecting detailed information about how those materials are secured is equally vital.
This rulemaking is not intended to decrease the Commission's accountability or unduly burden the public's ability to participate in NRC proceedings. Members of the public are always free to submit their views on safety and security matters by filing a petition for rulemaking under 10 CFR 2.802, by filing a request to institute proceedings to modify, suspend, or revoke a license under 10 CFR 2.206, and by attending public meetings or writing letters to the NRC. In addition, members of the public may comment on rulemakings and environmental impact statements, and where appropriate, file a petition to intervene and/or request a hearing in an adjudicatory matter.
Comment: A commenter questioned the appropriateness of a statement in the original proposed rule implying that the risk of theft of materials covered by § 73.23, particularly special nuclear material, could be low.
Response: Special nuclear material would be addressed by §§ 73.22 and 73.23 and would require different levels of protection based on its form and quantity. The Commission believes that a graded approach based on risk and associated consequences is appropriate. As a result, a higher risk of disclosure or higher consequence due to a malevolent act requires commensurate levels of protection. The same is true whether the assets are source, byproduct, or special nuclear materials.
Comment: One commenter suggested that the NRC, in its final rule, provide greater detail on the criteria for deciding access to SGI-M material. In addition, the commenter suggested that, because of the lower risk status of SGI-M material, the NRC should allow greater access to SGI-M by establishing less rigorous restrictions and easier procedures for public access.
Response: The Commission agrees that SGI-M material presents lesser risks if publicly disclosed than SGI material, but the risks are still significant. Because of those risks, broad public access is not permitted. Only trustworthy and reliable individuals who have a “need to know” the information may be authorized access to SGI-M.
The revised proposed rule defines “background check” and “trustworthiness and reliability” to clarify the Commission's general expectations for granting access to SGI or SGI-M. Specifying discrete qualifying or disqualifying factors is not possible because trustworthiness and reliability determinations and need-to-know determinations must be made on a case-by-case basis after considering all relevant information.
To implement the amendments to section 149 of the AEA contained in the Energy Policy Act of 2005, the revised proposed rule would require fingerprinting and Federal Bureau of Investigation criminal history checks, which would constitute part of the background check used to determine trustworthiness and reliability, before access to SGI.
Comment: One commenter proposed that the NRC modify the preamble to define the exact materials and quantities to which the SGI-M requirements of § 73.23 would apply.
Response: The introductory text to § 73.23 has been revised to define exactly the facilities, materials, and quantities for which the SGI-M requirements of § 73.23 apply. The section would apply to panoramic and underwater irradiators, defined in 10 CFR 36.2, that possess greater than 370 TBq (10,000 Ci) of byproduct material in the form of sealed sources; manufacturers and distributors of items containing source, byproduct, or special nuclear material in greater than or equal to Category 2 quantities of concern; research and test reactors that possess less than a formula quantity of strategic Start Printed Page 64024special nuclear material; and transportation of greater than or equal to Category 1 quantities of concern.
Comment: One commenter stated that § 73.23 would conflict with existing requirements in 49 CFR part 15 with respect to the protection of information associated with transporting radioactive materials. The commenter suggests that if the rule is adopted as proposed, licensees may be contending with two sets of regulations.
Response: The NRC's regulations are not in conflict with DOT regulations. DOT regulations in 49 CFR 172.804 provide that DOT-required security plans “that conform to regulations, standards, protocols, or guidelines issued by other Federal agencies * * * may be used to satisfy the requirements in this subpart, provided such security plans address requirements specified in this subpart”. Thus, security plans required by the NRC can be developed so that they also comply with DOT requirements.
DOT information protection requirements for transportation security plans are less stringent than the SGI and SGI-M requirements established by this rule. As a general matter, the Commission does not intend that transportation security plans required by the DOT be protected under this rule. However, licensees subject to this rule who would be required by NRC regulations or orders to implement transportation security measures would be required to protect those measures and plans as SGI or SGI-M, as appropriate. Licensees that incorporate NRC-required security measures and procedures into existing DOT-required transportation security plans would be required to protect portions of the transportation security plan under this revised proposed rule. To avoid that result, licensees may wish to keep descriptions of their NRC-required security measures and procedures separate from DOT-required security plans.
Section 73.23(a) Information To Be Protected
Section 73.23(a)(1) Physical Protection
Comment: One commenter objected to § 73.23(a)(1)(i) as too broad in its use of the term “all portions” with respect to the NRC's authority to restrict physical security plans that are labeled as SGI-M. The commenter suggested that § 73.23(a)(1)(i) creates an “unnecessary level of secrecy” and contends that establishing “such intense secrecy for a brand new and less dangerous category of information seems completely unwarranted.” The commenter recommended instead that if portions of the physical security plans can be released to the public, the agency should be permitted to disclose those portions.
Response: The Commission agrees that some portions of a licensee's physical security plan or procedures may be non-SGI and has deleted the phrase “all portions of” from revised proposed rule. The Commission disagrees that protection of the SGI described in § 73.23 is unnecessary. The information protected under § 73.23 describes security measures and physical protection programs for radioactive materials that could be used in a radiological dispersion device. Securing those materials is vital to the public health and safety and the common defense and security. Protecting detailed information about how those materials are secured is equally vital.
Comment: One commenter proposed that the NRC clarify the identification of emergency power sources in § 73.23(a)(1)(iii) to apply only to alarm system power sources.
Response: The revised proposed rule would protect information in alarm system layouts and is intended to protect information that identifies emergency power sources for alarm systems. The revised proposed rule text has been changed to clarify this point.
Comment: One commenter suggested that the NRC revise § 73.23(a)(1)(vii) to agree with the wording in § 73.22(a)(1)(ix).
Response: The Commission agrees with the comment and the revised proposed rule has been revised to add the word “composite” to § 73.23(a)(1)(vii).
Comment: One commenter proposed the deletion of § 73.23(a)(1)(viii) as it is redundant with other § 73.23(a)(1) subsections.
Response: The commenter did not identify a specific redundancy or point out how the proposed language would cause confusion or other harm. Retaining the provision affords protection for SGI that might not fit squarely under other categories. Consequently, the Commission has not changed the provision in the revised proposed rule.
Comment: Two commenters proposed replacing the phrase “safeguards or security emergencies” in § 73.23(a)(1)(ix) with “security contingency events,” which is used more frequently. Another commenter suggested that the words “Information concerning” in § 73.23(a)(1)(ix) were unclear and suggested that the NRC specify what information concerning response forces qualifies as SGI-M.
Response: The Commission has changed the revised rule to make consistent use of the phrase “security contingency events.” The phrase “information concerning” in § 73.23(a)(1)(ix) has been changed to “information relating to.” The original proposed rule adequately describes the types of information that would be protected by § 73.23(a)(1)(ix) by giving a number of examples of the information the Commission seeks to protect, including response force size, armament of the response forces, and arrival times. Similar information about the operational and tactical capabilities of response forces would be protected by § 73.23(a)(1)(ix). The revised proposed rule has not been revised to provide further examples.
Comment: Three commenters provided comments on § 73.23(a)(1)(x). Two commenters recommended revising the wording at the end of the paragraph to read: “by significantly increasing the likelihood of radiological sabotage or theft or diversion of source, byproduct, or special nuclear material,” in order to correspond to the phrase used in the definition of “SGI” in the proposed § 73.2. One commenter suggested that withholding such information from disclosure as SGI-M would prevent public knowledge of safety and emergency information that would directly impact nearby communities in the event of an accident, and doing so under the SGI-M provisions would “allow the agency to apply vague and broad secrecy authority to an already broad and undefined category since NRC does not detail precisely which facilities and materials SGI-M covers.” Therefore, this commenter recommends that the NRC eliminate this provision and not allow emergency planning and safety reports to be protected from public disclosure under the new SGI-M category.
Response: The revised proposed rule text has been changed in response to the first comment. The wording at the end of § 73.23(a)(1)(x) now corresponds with the definition of SGI in § 73.2.
The Commission disagrees that § 73.23(a)(1)(x) is overly broad, or that it would prevent public knowledge of vital safety and emergency information. The protection that would be required for engineering and safety analyses and emergency planning information under § 73.23(a)(1)(x) is appropriately limited to information that could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and Start Printed Page 64025security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material.
The Commission recognizes that the public needs information about safety and emergency planning and will continue to make much of that information publicly available. But a limited amount of safety and emergency planning related information, if publicly disclosed, could be used to identify security measures for the protection of nuclear facilities and materials, thereby significantly increasing the likelihood of radiological sabotage or theft and diversion. For example, emergency planning information that specifies response times for local law enforcement, or identifies the size, tactics, and capabilities of first responders to a radiological event could be useful to a potential adversary in planning an attack.
Section 73.23(a)(2) Physical Protection in Transit
Comment: One commenter suggests that, in the final rule, § 73.23(a)(2)(i) use the term “transportation security plan” for consistency, rather than “transportation physical security plan” as the original proposed rule reads. Another commenter suggests that § 73.23(a)(2)(i) is too broad in that it does not specify what information falls into this category. This commenter recommends that at least some portion of transportation security plans should be available to communities to foster awareness about the safety measures applied to nuclear materials shipments passing through their towns. In addition, the commenter proposes that § 73.23(a)(2)(i) be reworded to clarify that the public will retain access to all information to which it is entitled by the AEA.
Response: The phrase “transportation physical security plan” does not appear in the revised proposed rule. The revised proposed rule would require protection of “the composite physical security plan for transportation” in § 73.22(a)(2)(i) and “information regarding transportation security measures, including physical security plans and procedures” in § 73.23(a)(2)(i). The revision was made in part because not all licensees subject to the rule are explicitly required to have a “transportation physical security plan.”
The revised proposed rule is intended to protect information detailing the physical security measures and procedures used to protect source, byproduct, and special nuclear material in transit, whether or not those measures and procedures are contained in a document labeled “transportation security plan.” Therefore no definition of “transportation security plan” or its revised formulations is needed.
The NRC frequently shares general transportation security information with communities and other stakeholders. Licensees may be able to share general information about their security procedures as well, however, the Commission strongly cautions against this practice to avoid an inadvertent disclosure of SGI.
The Commission disagrees that § 73.23(a)(2)(i) needs to be reworded to make clear that the public will retain access to all information to which it is legally entitled. The comment states a truism that need not be incorporated into NRC regulations.
Comment: One commenter suggested that §§ 73.23(a)(2)(ii) and (iii) are not clear in what is considered SGI, for example, if the regulation pertains to a specific shipment or only to the general arrangements for all shipments that may be affected. The commenter stated that, if specific to the shipment, it is burdensome in that it requires face-to-face meetings when such arrangements are normally made over the telephone. In addition, the commenter stated that the phrase “limitations of communication during transport” in § 73.23(a)(2)(iii) was not sufficiently clear.
Response: These sections apply to information related to the protection of shipments of certain quantities of source material, byproduct material, and SNM in greater than or equal to Category 1 quantities of concern. The information described in § 73.23(a)(2)(ii) concerns arrangements with and capabilities of local police response forces, and locations of safe havens, whether related to a specific shipment or arrangements for shipments that may be affected. The handling requirements for SGI-M do not mandate “face-to-face” meetings. With respect to telephone conversations, § 73.23(f)(3) provides that SGI-M must be transmitted electronically only by protected telecommunications circuits or encryption approved by the NRC except under emergency or extraordinary conditions. To the extent that the commenter is referring to arrangements regarding scheduling and itinerary information, the revised proposed rule text specifies that such information is not considered SGI-M. See 10 CFR 73.23(a)(2)(i). The phrase “limitations of communication during transport” in § 73.23(a)(2)(iii) of the original proposed rule (now § 73.23(a)(2)(iv)) has been deleted and replaced by the phrase “Details of alarm and communication systems, communication procedures, and duress codes.”
Comment: One commenter expressed concerns that § 73.23(a)(2)(v) would exempt safety analyses, emergency planning procedures, or other information about the protection of transported materials from public disclosure as SGI-M. The commenter recommended revising § 73.23(a)(2)(v) in order to ensure that the public has access to emergency procedures and safety analyses information needed to protect communities.
Response: In response to this and other comments, the phrase “emergency planning procedures or scenarios” has been changed to “security-related procedures or scenarios”. The Commission recognizes that the public needs information about safety and emergency planning and will continue to make much of that information publicly available. But a limited amount of safety and emergency planning-related information, if publicly disclosed, could be used to identify security measures for the protection of nuclear facilities and materials, thereby significantly increasing the likelihood of sabotage or theft and diversion. For example, emergency planning information that specifies response times for local law enforcement, or identifies the size, tactics, and capabilities of first responders to a radiological event could be useful to a potential adversary in planning an attack.
The Commission disagrees that this revised proposed rule would prevent public knowledge of vital safety and emergency information. The protection required for the information designated under § 73.23(a)(1)(x) would be appropriately limited to information that could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or SNM.
Section 73.23(a)(3) Inspections, Audits, and Evaluations
Comment: One commenter expressed concerns over the proposed § 73.23(a)(3) and recommended that the NRC add current regulations that allow the public to access SGI-M information about defects and weaknesses at nuclear facilities after they have been corrected. The commenter suggested that the existing provision is useful and logical in maintaining accountability and public confidence, particularly given the lower risk associated with material Start Printed Page 64026in the new SGI-M category. The commenter noted that the NRC proposes to eliminate this provision with respect to SGI information and recommends that the NRC add the provision to the SGI-M regulations.
Response: The Commission agrees with this comment and has revised the proposed rule in part, accordingly. However, as stated in the revised text, the disclosure of such information is not automatic, and is subject to an assessment taking into account such factors as the results of trend analyses and the impacts of disclosures on other licensees having similar physical security systems. The partial revision of the proposed rule text is consistent with the policy to increase the amount of public information released pursuant to the Security Oversight Process.
Section 73.23(h) Decontrolling Information
Comment: One commenter stated that the decision to decontrol information would be a difficult assessment if consideration has to be given to using it in combination with non-SGI, and that detailed guidance and/or training would need to be given. The rule says that the approval to decontrol information can be made by three options: (1) Only by the NRC; or (2) the licensee with NRC approval; or (3) in consultation with the individual that made the original determination, if possible. The commenter stated that having these three options does not make sense, as there should be one ultimate authority that states whether it is permissible to decontrol the information so that there is no ambiguity and all licensees use the same method.
Response: The Commission agrees that the decision to remove information from the SGI category can be difficult. Consideration must be given not only to the nature of the information itself, but to whether public disclosure of that information would identify other SGI. If so, the information should not be decontrolled.
Persons in possession of SGI who are considering decontrolling the information should consult with the NRC, although the revised proposed rule would not require it in every case. Information could be decontrolled without NRC approval after consulting with the individual or organization that originally made the SGI determination, provided the information no longer meets the criteria of this rule. Retaining this option gives licensees and others a measure of flexibility in their SGI-protection procedures.
SGI generated by the NRC would only be decontrolled with NRC approval. This would ensure that NRC orders, guidance, and other regulatory documents would not be inconsistently decontrolled.
Part 76: Certification of Gaseous Diffusion Plants
Comment: One commenter suggested that § 76.113(c) should be revised to provide that information on the security of CAT I SSNM should be protected under 10 CFR parts 25 and 95 as classified information.
Response: The rule language in §§ 73.21 and 73.22 clearly indicates that it would only apply to information that is not classified as Restricted Data or National Security Information. If the specific information is considered to be Restricted Data or National Security Information it would be protected as such and the SGI provisions would not apply. However, the Commission recognizes that the current language in § 76.113(c), which suggests that security information related to formula quantities of strategic special nuclear material would be protected as SGI, may be perceived as inconsistent with the NRC's general practice of treating that information as classified Restricted Data or National Security Information. The revised proposed rule text has been changed to provide clarity.
Comment: One commenter recommended that changes to §§ 76.115(d) and 76.117(c) should be deleted from the revised proposed rule because documents transmitted to gaseous diffusion plants (GDP) by the NRC are protected as classified material and because the classified matter protection program at each GDP already meets or exceeds the protection requirements for SGI, both current and proposed. Therefore, the commenter believes that the current programs at the GDPs provide for adequate protection of sensitive information, that application of the proposed SGI requirements to the GDPs will cause the expenditure of resources with little additional protection of sensitive information, and that, therefore, the proposed revision to §§ 76.115(d) and 76.117(c) is not necessary. Two commenters suggest that §§ 76.115 and 76.117 should refer to §§ 73.21 and 73.23, not § 73.22.
Response: The NRC Staff believes that the proper category for security-related information at the GDPs is SGI. While the GDPs are protecting their security plans and other related documents as classified material, other persons that might obtain the information would have no obligation to protect the security-related information as SGI or as classified material. The NRC does not believe that protection of the security-related information as proprietary under § 2.390 provides adequate protection, particularly if a third party were to somehow obtain the information. The GDPs may continue to protect the security-related information covered by the rule as classified material, however, the information should be properly marked as SGI. This is consistent with the treatment of similar information for part 70 licensees. No changes to the revised proposed rule text are necessary.
Comment: One commenter proposed that § 76.113 be revised to specify whether NRC certificate holders should protect DOE's Unclassified Controlled Nuclear Information (UCNI) information to a level equivalent to SGI or SGI-M. The commenter supports protection of UCNI to an SGI-equivalent level.
Response: Section 76.133 has been changed in the revised proposed rule to make it clear that the information would be protected in accordance with DOE requirements.
Part 150 Exemptions and Continued Regulatory Authority in Agreement States and in Offshore Waters Under Section 274
Comment: One commenter suggested that a provision be added to § 150.15 to indicate that persons in Agreement States remain under the jurisdiction of the NRC's regulations for control of SGI, as the current rule by its terms only provides that persons in Agreement States remain under the jurisdiction of NRC regulations for control of SGI-M, not SGI. The commenter recommends that the NRC should retain full authority over all SGI regulations and therefore recommends that § 150.15(a)(9) be revised in the final rule to include § 73.22.
Response: There are no Agreement State licensees that would possess SGI, only SGI-M. However, the NRC has added § 73.22 to the revised proposed rule to cover the possibility that an Agreement State licensee in the future might need to possess SGI.
Other or Related Issues
Comment: One commenter suggested that although the original proposed rule states that the purpose of the rule is to “[e]xpand the types of security information covered by the definition of SGI in § 73.21 to include access authorization for background screening” there is no associated requirement that can be found in either §§ 73.22 or 73.23 for background screening information to be protected as SGI. Another commenter noted that it would fully support changes in regulations on SGI that would preserve access authorizations for appropriate persons when needed, as Start Printed Page 64027well as allow union leadership access to applicable safeguarded information.
Response: The commenter is correct about the lack of an explicit requirement in either §§ 73.22 or 73.23 for “access authorization for background screening.” Detailed background screening requirements for determining trustworthiness and reliability are set forth in a licensee's or an applicant's composite physical security plan, which is included in §§ 73.22(a)(1)(i) and 73.23(a)(1)(i) as a type of SGI.
As to the second comment, authorization for access to SGI always considers need because one criterion for granting such access is an established “need-to-know”. The revised proposed rule preserves the application of the “need to know” criterion as a requirement in §§ 73.22(b) and 73.23(b). The issue of access to SGI by agents representing employees of NRC licensees in employment-related grievances has previously been addressed in response to an earlier comment on that subject.
Comments on Information Collection Requirements
Comment: The Office of Management and Budget (OMB) received two comment letters on the proposed information collection requirements associated with §§ 73.21, 73.22, and 73.23. An industry commenter stated that the estimate of the total number of hours needed annually to complete the requirement or request (5,926 or an average of nine hours per recordkeeper) is incorrect. The commenter estimates that initially thousands of hours will be required of each recordkeeper to review and mark the additional SGI or SGI-M documents as required in §§ 73.22(a)(1)(xii) and 73.23(a)(1)(x). In addition, the ongoing requirement of the original proposed rule would also exceed nine hours per recordkeeper.
Response: The average number of hours that would be needed annually to complete the information collection requirement in the original proposed rule of 9 hours per respondent was an average that covered a wide range of entities from nuclear power reactors to irradiators. The calculation of the 9 hours accounted for the range of those affected by the information collection requirement by assuming larger entities would have a larger number of documents to mark than smaller entities. The average burden of 9 hours seems low because there are many more smaller entities in the calculation than larger entities. The burden for power reactors, including implementation and ongoing burden, was approximately 26 hours annually for each power reactor site. It is expected that the information collection burdens for the revised proposed rule will change to reflect the requirements in the revised rule.
Comment: The commenter also disagreed with the following statement in the Abstract portion of the Paperwork Reduction Act Statement in the Federal Register notice for the original proposed rule: “The proposed amendments would be consistent with Commission practices reflected in previously issued orders and advisories.” According to the commenter, this statement is incorrect because the NRC has not previously directed that all of the information specified in proposed 10 CFR 73.22 be protected as SGI.
Response: The original proposed amendments reflected Commission practices set forth in previously issued orders and advisories, results of the Commission's comprehensive review of security policies and requirements, and comments received in the original proposed rulemaking. Any increased information collection burdens associated with the revised proposed amendments will be accounted for in the calculation of the burden estimate in a new OMB clearance package.
Comment: A commenter suggested that eliminating portion marking requirements for documents containing SGI, and allowing the entire document to be marked as SGI, was a way to minimize the information collection burden.
Response: Under §§ 73.22(d)(3) and 73.23(d)(3), portion marking would only be required for transmittal documents for correspondence with the NRC. For example, cover letters that transmit a security plan or license application are required to be portion marked, but the attached plan or application is not. The burden associated with portion marking these documents is small, and would be outweighed by the benefit of being able to make correspondence with the NRC publicly available.
Comment: A commenter provided two burden estimates for nuclear power reactor implementation of the original proposed rule. The first estimate assumed that the commenter's “comments or similar clarifications” would not be accounted for in the final rule. The second estimate assumed the commenter's “comments or similar clarifications” would be accounted for in the final rule. The commenter concluded that the estimates showed a “great and expansive potential for misinterpretation” of the original proposed rule.
Response: The NRC has revised the original proposed rule language so that potential for misinterpretation would be minimized. The NRC has revised the number of recordkeepers in the OMB clearance package associated with power reactors from 104 to 64. The decrease in recordkeepers reflects multiple reactors at one site sharing SGI documents. The NRC has not included the cost of a dedicated copy machine and dedicated computers for reproducing and processing SGI documents. These costs are not requirements of the revised proposed rule and therefore will not be included in the OMB clearance package.
Comment: One commenter requested that an accurate regulatory analysis and backfit analysis be completed and made available for public comment before the rule is finalized.
Response: The regulatory analysis for the original proposed rule was available for public comment. It has been revised where appropriate in response to those comments and is being made available for comment with this revised proposed rule. A backfit analysis is not required because the requirements of this revised proposed rule that are not in the current 10 CFR 73.21 are being proposed as a matter of adequate protection.
Comment: A commenter requested that the NRC develop a rulemaking associated with the transportation of certain types and quantities of radioactive materials with the DOT.
Response: A coordinated rulemaking with the DOT is not possible given the expedited rulemaking required for the protection of the common defense and security.
Comment: A public meeting was requested by industry to ensure that the NRC staff understands certain concerns, such as the impacts on licensees of implementation of the rule, due to the large number of documents and the breadth of information held by a greater number of licensees.
Response: The expedited rulemaking schedule did not allow the NRC time to hold a public meeting. However, NRC staff had several telephone conversations with the commenter in order to understand the commenter's concerns regarding the OMB clearance package and the regulatory analysis.
Comments on Regulatory Analysis
Comment: One comment stated that the full-compliance baseline assumption in the main analysis of the regulatory analysis is incorrect because it is assumed that all licensee costs were incurred under Commission orders that were never imposed and that this does not account for licensee costs incurred under the rule. In addition, under the “Pre-Order Analysis” in the regulatory analysis, the period of compliance is Start Printed Page 64028assumed to be ten years. This time period is too short given the perpetual nature of the rule.
Response: The NRC concurs with the comment that the full-compliance baseline assumption of the main analysis does not capture the costs associated with the rule that have not already been incurred under the current regulation at 10 CFR 73.21 or under Commission orders. Accordingly, the regulatory analysis has been revised to capture these costs under the main analysis. The NRC also concurs that the assumed ten year period of compliance is not long enough for some licensees, such as nuclear power reactors. Therefore, the NRC has calculated the annual costs for nuclear power reactors over a 33-year period. This is the approximate length of plant life remaining for power reactors assuming 100 percent license renewal.
Comment: A commenter stated that the assertion in the regulatory analysis that the original proposed rule would increase public confidence in the NRC and its licensees is not supported by data, nor is there a basis for such a subjective judgment.
Response: In response to the comment that there is no basis for the qualitative benefit of increased public confidence resulting from the revised proposed rule, the NRC has revised the regulatory analysis to exclude either a qualitative value or impact related to public confidence in the NRC or its licensees.
Comment: Another comment on the regulatory analysis is that the backfit analysis in Section XIV only considers the “main” analysis and therefore does not consider the perpetual and substantial costs to licensees associated with the rule.
Response: A backfit analysis is not required because the requirements of this rule that are not in the current 10 CFR 73.21 are being proposed as a matter of adequate protection.
Comment: A commenter suggested that the rule be delayed until an accurate regulatory analysis and backfit analysis are completed.
Response: The NRC believes that the revised regulatory analysis is an accurate analysis of the values and impacts associated with the revised proposed rule. The original regulatory analysis was available for public comment and has been revised where appropriate in response to comments. As stated above, a backfit analysis is not required.
Comment: The regulatory analysis should consider the actual substantial cost of implementing the rule and should also quantify the need for SGI-M under § 73.23.
Response: The regulatory analysis accounts for the costs of implementing the revised proposed rule. Assigning a quantitative value to the need for SGI-M under § 73.23 is not possible. However, as discussed in the regulatory analysis, there are substantial qualitative benefits associated with protecting SGI-M under § 73.23.
C. Section-by-Section Analysis
Table 1.—Changes to the Original Proposed Rule Text and Explanation of Changes
[Additional details regarding the changes may be found in the responses to comments.]
10 CFR section Changes from the original proposed rule text Explanation of changes 2.4 A new definition of Safeguards Information is added to § 2.4: Safeguards Information means information not classified as National Security Information or Restricted Data which specifically identifies a licensee's or applicant's detailed control and accounting procedures for the physical protection of special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; detailed security measures (including security plans, procedures, and equipment) for the physical protection of source, byproduct, or special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; security measures for the physical protection and location of certain plant equipment vital to the safety of production or utilization facilities; and any other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, the unauthorized disclosure of which, as determined by the Commission through order or regulation, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of sabotage or theft or diversion of source, by product, or special nuclear material A definition of Safeguards Information has been added to this section in the revised proposed rule because the term is used in this part. This definition also appears in § 73.2. 2.336(f)(1) The following paragraph is added to § 2.336, “General discovery.” “In the event of a dispute over disclosure of documents and records including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act, as amended, the presiding officer may issue an order requiring disclosure if—“[the requirements in § 2.336(f)(1)(i) through (iv) are met] This paragraph is added to the revised proposed rule in response to comments regarding discovery of Safeguards Information in NRC adjudicatory proceedings. Section 2.336(f)(1) applies only in a dispute over disclosure of Safeguards Information. In the absence of a dispute over disclosure, participants in an adjudicatory proceeding may exchange information, including Safeguards Information. However, such disclosures would be subject to a protective order issued by the presiding officer of the proceeding to protect against the unauthorized disclosure of the information. Start Printed Page 64029 2.336(f)(1)(i) The following paragraph is added: “The presiding officer finds that the individual seeking access to Safeguards Information to participate in an NRC adjudication has the requisite “need to know”, as defined in § 73.2;” This paragraph makes clear that: (1) “Need to know,” as defined in § 73.2, applies in NRC adjudicatory proceedings, and (2) the presiding officer of the proceeding makes the “need to know” determination for access to SGI in a dispute over the “need to know” determination. In other words, access to Safeguards Information always requires a “need to know.” In the specific instance of a dispute over “need to know” in an NRC adjudicatory proceeding, the presiding officer makes the “need to know” determination as defined in § 73.2. 2.336(f)(1)(ii) The following paragraph is added: “The individual has undergone an FBI criminal history check, unless exempt under §§ 73.22(b)(3) or 73.23(b)(3), as applicable, by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington DC 20555-0001, and otherwise following the procedures in § 73.57(d) for submitting and processing fingerprints. However, before an adverse determination by the NRC Office of Administration on an individual's criminal history check, the individual shall be afforded the protections of § 73.57;” This paragraph requires that individuals seeking access to Safeguards Information in order to participate in an NRC adjudicatory proceeding must undergo an FBI criminal history check, including fingerprinting, unless they are exempt from this requirement under §§ 73.22(b)(3) or 73.23(b)(3). Those provisions cross-reference § 73.59, which lists categories of individuals who are exempt from the FBI criminal history and background check requirements for access to Safeguards Information by virtue of their occupational status. This paragraph also extends the protections provided by § 73.57 to participants in NRC adjudicatory proceedings before an adverse determination is made by the NRC Office of Administration on their criminal history check. 2.336(f)(1)(iii) The following paragraph is added: “The NRC Office of Administration has found, based upon a background check, that the individual is trustworthy and reliable, unless exempt from the background check requirement pursuant to §§ 73.22(b)(3) or 73.23(b)(3), as applicable. However, before adverse determination by the NRC Office of Administration on an individual's background check for trustworthiness and reliability, the individual shall be afforded the protections provided by § 73.57.” This paragraph requires that individuals seeking access to Safeguards Information in order to participate in an NRC adjudicatory proceeding must undergo a background check for trustworthiness and reliability unless exempt from that requirement under §§ 73.22(b)(3) or 73.23(b)(3), which cross-reference § 73.59. This paragraph extends the protections provided by § 73.57 to participants in NRC adjudicatory proceedings before an adverse determination by the NRC Office of Administration on their background checks for trustworthiness and reliability. 2.336(f)(1)(iv) Participants, potential witnesses, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request the presiding officer to review the adverse determination. The request may also seek to have the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the presiding officer. The request must be filed within 15 days after receipt of the adverse determination by the individual against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination This paragraph establishes detailed procedures for participants, potential witnesses, and attorneys to appeal a final adverse determination by the NRC Office of Administration on an individual's trustworthiness and reliability determination for access to SGI. Participants, potential witnesses, and attorneys may request that the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the proceeding officer of the proceeding to review the NRC Office of Administration's adverse determination. In addition, this paragraph contains the following requirements: Documentation by the Office of Administration of an adverse determination and the time periods for filing and service of the request for review, and issuance by the presiding officer of a decision on the request for review. The standard for reversal by the presiding officer of the Office of Administration's adverse determination is a finding that the determination constitutes an abuse of discretion. 2.336(f)(2) The following paragraph is added: “The presiding officer may include in an order any protective terms and conditions (including affidavits of non-disclosure) as may be necessary and appropriate to limit the disclosure to parties in the proceeding, to interested States and other governmental entities participating under § 2.315(c), and to their qualified witnesses and counsel.” This provision authorizes the presiding officer to prescribe terms and conditions necessary and appropriate to ensure that disclosure of Safeguards Information is limited to authorized individuals. Start Printed Page 64030 2.336(f)(3) The following paragraph is added: “When Safeguards Information protected from unauthorized disclosure under Section 147 of the Atomic Energy Act, as amended, is received and possessed by a participant other than the NRC staff, it must also be protected according to the requirements of § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable.” This paragraph extends requirements for the protection of Safeguards information in §§ 73.21, 73.22, and 73.23, as applicable, to anyone in possession or receipt of Safeguards Information. 2.336(f)(4) The following paragraph is added: “The presiding officer may also prescribe additional procedures to effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved.” This paragraph authorizes the presiding officer of the proceeding to prescribe measures in addition to those described in §§ 73.21, 73.22, and 73.23, as applicable, to prevent the disclosure of Safeguards Information to unauthorized individuals. 2.336(f)(5) The following paragraph is added: “In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, may be subject to a civil penalty imposed under § 2.205.” This paragraph authorizes civil penalties for disclosure of Safeguards Information in violation of a presiding officer's protective order or orders. 2.336(f)(6) The following paragraph is added: “For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act, as amended, any order issued pursuant to this paragraph with respect to Safeguards Information is considered to be an order issued under Section 161b of the Atomic Energy Act.” This paragraph authorizes criminal penalties for disclosure of Safeguard Information in violation of a presiding officer's protective order or orders. 2.705(c)(2) The following paragraph is added to § 2.705, “Discovery—additional methods.” “In the case of documents and records including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act, as amended, the presiding officer may issue an order requiring disclosure if—” This paragraph is added to the revised proposed rule in response to comments regarding discovery of SGI in NRC adjudicatory proceedings. The paragraph authorizes the presiding officer to issue an order requiring disclosure of certain documents and records, including Safeguards Information, provided that the requirements noted and discussed below are met. 2.705(c)(2)(i) The following paragraph is added: “The presiding officer finds that the individual seeking access to Safeguards Information in order to participate in an NRC proceeding has the requisite “ need to know,” as defined in § 73.2”; This provision makes clear that a “need to know,” as defined in § 73.2, applies to an individual seeking access to SGI in order to participate in an NRC proceeding. The presiding officer of the proceeding makes the “need to know” determination for access to SGI in a dispute over the “need to know” determination. In other words, access to Safeguards Information always require a “need to know.” In the specific instance of a dispute over the “need to know” in an NRC adjudicatory proceeding, the presiding officer makes the “need to know” determination as defined in § 73.2. 2.705(c)(2)(ii) The following paragraph is added: “The individual has undergone an FBI criminal history check, unless exempt under §§ 73.22(b)(3) or 73.23(b)(3), as applicable, by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and otherwise follow the procedures in § 73.57(d) for submitting and processing fingerprints. However, before an adverse determination by the NRC Office of Administration on an individual criminal history check, the individual shall be afforded the protections of 73.57; and” This paragraph requires that individuals seeking access to Safeguards Information in order to participate in an NRC adjudicatory proceeding must under go an FBI criminal history check, including fingerprinting, unless they are exempt from this requirement under §§ 73.22(b)(3) or 73.23(b)(3). Those provisions cross-reference § 73.59, which lists categories of individuals who are exempt from the FBI criminal history and background check requirements for access to Safeguards Information by virtue of their occupational status. This paragraph also extends the protections provided by § 73.57 to participants in NRC adjudicatory proceedings before an adverse determination is made by the NRC Office of Administration on their FBI criminal history check. Start Printed Page 64031 2.705(c)(2)(iii) The following paragraph is added: “NRC Office of Administration has found, based upon a background check, that the individual is trustworthy and reliable, unless exempt §§ 73.22(b)(3) or 73.23(b)(3) However, before an adverse determination by the NRC Office of Administration on an individual's background check for trustworthiness and reliability, the individual shall be afforded the protections provided by § 73.57.” This paragraph provides that individuals seeking access to Safeguards Information in order to participate in an NRC adjudicatory proceeding must under go a background check for trustworthiness and reliability unless exempt from this requirement under §§ 73.22(b)(3) or 73.23(b)(3). Those provisions cross-reference § 73.59, which lists categories of individuals who are exempt from the FBI criminal history check and background check requirements for access to SGI by virtue of their occupational status. This paragraph also extends the protections provided by § 73.57 before an adverse determination by the NRC Office of Administration on a background check for trustworthiness and reliability. 2.705(c)(2)(iv) The following paragraph is added: “An individual seeking to participate in an NRC adjudicatory proceeding for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request the presiding officer to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the presiding officer. The request must be filed within 15 days after receipt of the adverse determination by the individual against whom the adverse determination has been made. Within 10 days of receipt the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination.” This paragraph establishes detailed procedures for an individual seeking access to SGI in order to participate in an NRC adjudicatory proceeding to appeal a final adverse determination by the NRC Office of Administration on trustworthiness and reliability for access to SGI. The paragraph contains the following requirements: Documentation by the Office of Administration of an adverse determination and the time periods for filing and service of the request for review, responding to the request, and for issuance of a decision by the presiding officer on a request for review. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. 2.705(c)(3) The following paragraph is added: “The presiding officer may include in an order any protective terms and conditions (including affidavits of non-disclosure) as may be necessary and appropriate to limit the disclosure to parties in the proceeding, to interested States and other governmental entities participating under § 2.315(c), and to their qualified witnesses and counsel.” This provision authorizes the presiding officer to prescribe terms and conditions necessary and appropriate to ensure that disclosure of Safeguards Information is limited to authorized individuals. 2.705(c)(4) The following paragraph is added: “When Safeguards Information protected from unauthorized disclosure under Section 147 of the Atomic Energy Act, as amended, is received and possessed by a party other than the NRC staff, it must also be protected according to the requirements of § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable.” This paragraph extends requirements for protection of Safeguards Information in § §73.21, 73.22, and 73.23, as applicable, to anyone in possession of Safeguards Information. 2.705(c)(5) The following paragraph is added: “The presiding officer may also prescribe additional procedures to effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved.” This paragraph authorizes the presiding officer of the proceeding to prescribe measures in addition to those described in §§ 73.21, 73.22, and 73.23, as applicable, to prevent disclosure of Safeguards Information to unauthorized individuals. 2.705(c)(6) The following paragraph is added: “In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, may be subject to a civil penalty imposed under § 2.205.” This paragraph authorizes civil penalties for disclosure of Safeguards Information in violation of a presiding officer's protective order or orders. Start Printed Page 64032 2.705(c)(7) The following paragraph is added: “For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act, as amended, any order issued pursuant to this paragraph with respect to Safeguards Information is considered to be an order issue under section 161b of the Atomic Energy Act.” This paragraph authorizes criminal penalties for disclosure of Safeguards Information in violation of a presiding officer's protective order or orders. 2.709(f) This subsection of § 2.709, “Discovery against the NRC staff” has been revised and subdivided as noted below. This paragraph has been revised in response to comments regarding discovery of SGI in NRC adjudicator proceedings. It has been subdivided in the revised proposed rule for clarity. This paragraph continues to apply to discovery documents and records including Safeguards Information, against the NRC staff. 2.709(f)(1) This paragraph reads: “In the case of requested documents and records, (including Safeguards Information referred to in Section 147 and 181 of the Atomic Energy Act, as amended) exempt from disclosure under § 2.390, the presiding officer may issue an order disclosure to the Executive Director of Operations or delegate of the Executive Director for Operations, to produce the documents or records (or any other order issued ordering productions of the document or records) if—” This paragraph sets forth the circumstances in which § 2.709(f) applies. As in the original proposed rule, § 2.709(f) establishes procedures for the discovery against the NRC staff of documents and records, including Safeguards Information, which are exempt from disclosure under § 2.390, “Public inspections, exemptions, requests for withholding.” 2.709(f)(1)(i) The following is added: “The presiding officer finds that the individual seeking access to Safeguards Information to participate in an NRC adjudication has the requisite “need to know”, as defined in § 73.2;” The phrase “but whose disclosure is found by the presiding officer to be necessary to a proper decision in the proceeding” has been deleted from § 2.709(f) This paragraph makes clear that: (1) “Need to know,” as defined in § 73.2, applies in NRC adjudicatory proceedings, and (2) the presiding officer of the proceeding makes the “need to know” determination for access to SGI in a dispute over the “need to know” determination. In other words access to Safeguards Information always requires a “need to know.” In the specific instance of a dispute over “need to know” in an NRC adjudicatory proceeding, the presiding officer makes the “need to know” determination as defined in § 73.2. 2.709(f)(1)(ii) The following paragraph is added: “The individual has undergone an FBI criminal history check, unless exempt §§ 73.22(b)(3) or § 73.23(b)(3), by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington DC 20555-0001, and otherwise following the procedures in § 73.57(d) for submitting and processing fingerprints. However, before an adverse determination by the NRC Office of Administration on an individual's criminal history check the individual shall be afforded the protections provided by § 73.57; and” This paragraph makes clear that individuals seeking access to Safeguards Information in order to participate in an NRC adjudicatory proceeding must undergo an FBI criminal history check, including fingerprinting, unless they are exempt from this requirement under §§ 73.22(b)(3) or 73.23(b)(3), which cross-reference § 73.59. Section 73.59 lists categories of individuals who are exempt from the FBI criminal history and background check requirements for access to Safeguards Information by virtue of their occupational status. This paragraph extends the protections provided by § 73.57 to participants in NRC adjudications before an adverse determination by the NRC Office of Administration on their FBI criminal history check. 2.709(f)(1)(iii) The following paragraph is added: “The NRC Office of Administration finds, based upon a background check, that the individual is trustworthy and reliable, unless exempt under §§ 73.22(b)(3) or 73.23(b)(3), as applicable. However, before an adverse determination by the NRC Office of Administration on an individual's background check for trustworthiness and reliability, the individual shall be afforded the protections provided by § 73.57.” This paragraph makes clear that individuals seeking access to Safeguards Information in order to participate in an NRC adjudicatory proceeding must undergo a background check for trustworthiness and reliability unless exempt from this requirement under §§ 73.22(b)(3) or 73.23(b)(3), as applicable. These provisions cross-reference § 73.59, which lists categories of individuals who are exempt from the FBI criminal history check and background check requirements for access to SGI by virtue of their occupational status. This paragraph extends the protections provided by § 73.57 to participants in NRC adjudications before an adverse determination by the NRC Office of Administration on their background checks. Start Printed Page 64033 2.709(f)(1)(iv) The following paragraph is added: Participants, potential witnesses, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request the presiding officer to review the adverse determination. The request may also seek to have the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the presiding officer. The request must be filed within 15 days after receipt of the adverse determination by the individual against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination This paragraph establishes detailed procedures for participants, potential witnesses, and attorneys to appeal a final adverse determination by the NRC Office of Administration on an individual's trustworthiness and reliability determination for access to SGI. Participants, potential witnesses, and attorneys may request that the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the proceeding officer of the proceeding to review the NRC Office of Administration's adverse determination. In addition, this paragraph contains the following requirements: Documentation by the Office of Administration of an adverse determination and the time periods for filing and service of the request for review, and issuance by the presiding officer of a decision on the request for review. The standard for reversal by the presiding officer of the NRC Office of Administration's final adverse determination is a finding that the determination constitutes an abuse of discretion. 2.709(f)(2) The following paragraph is added: “The presiding officer may include in an order any protective terms and conditions (including affidavits of non-disclosure) as may be necessary and appropriate to limit the disclosure to parties in a proceeding, to interested States and other governmental entities participating under § 2.315(c), and to their qualified witnesses and counsel.” This provision authorizes the presiding officer to prescribe terms and conditions necessary and appropriate to ensure that disclosure of Safeguards Information is limited to authorized individuals. 2.709(f)(3) The following paragraph is added: “When Safeguards Information protection from unauthorized disclosure under Section 147 of the Atomic Energy Act, as amended, is received and possessed by a participant other than the NRC staff, it must also be protected according to the requirements of § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable.” This paragraph extends requirements for protection of Safeguards Information in §§ 73.21, 73.22, and 73.23, as applicable, to anyone in possession of Safeguards Information. 2.709(f)(4) The following paragraph is added: “The presiding officer may also prescribe additional procedures to effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved.” This paragraph authorizes the presiding officer of the proceeding to prescribe measures in addition to those described in §§ 73.21, 73.22, and 73.23, as applicable to prevent disclosure of Safeguards Information to unauthorized individuals. 2.709(f)(5) The following paragraph is added: “In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, may be subject to a civil penalty imposed under § 2.205.” This paragraph authorizes civil penalties for disclosure of Safeguards Information in violation of a presiding officer's protective order or orders. 2.709(f)(6) The following paragraph is added: “For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act, as amended, any order issued pursuant to this paragraph with respect to Safeguards Information is considered to be an order under Section 161b of the Atomic Energy Act.” This paragraph authorizes criminal penalties for disclosure of Safeguards Information in violation of a presiding officer's protective order or orders. 2.1010(b)(6) This paragraph of § 2.1010, “Pre-License application presiding officer” has been reorganized and subdivided. The paragraph begins as follows: “Whether the material should be disclosed under a protective order containing such protective terms and conditions (including affidavits of nondisclosure) as may be necessary and appropriate to limit the disclosure to potential parties, interested government participants, and parties in a proceeding, or to their qualified witnesses and counsel.” This paragraph is revised in response to comments regarding discovery of SGI in NRC adjudicatory proceedings. It has been subdivided for clarity. As in § 2.1010(b)(6) of the original proposed rule, this paragraph authorizes the Pre-License Application Presiding Officer to resolve disputes over disclosure of Safeguards Information. Start Printed Page 64034 2.1010(b)(6)(i) The following paragraph is added: “The Pre-License Application Presiding Office may issue an order requiring disclosure of Safeguards Information if—” This paragraph authorizes the Pre-License Application Presiding Officer to issue an order requiring disclosure of Safeguards Information if the requirements in the subsequent provisions are met. 2.1010(b)(6)(i)(A) The following paragraph is added: “The Pre-License Application Presiding Officer finds that the individual seeking access to Safeguards Information in order to participate in an NRC adjudication has the requisite “need to know,” as defined in § 73.2”; This paragraph makes clear that (1) “need to know”, as defined in § 73.2, applies in the context of NRC adjudicatory proceedings, and (2) the presiding officer of the proceeding makes the “need to know” determination for access to SGI in a dispute over the “need to know” determination. In other words, access to Safeguards Information always requires a “need to know.” In a dispute over “need to know” in an NRC adjudicatory proceeding, the presiding officer makes the “need to know” determination as that term is defined in § 73.2. 2.1010(b)(6)(i)(B) The following paragraph is added: “The individual has undergone an FBI criminal history check, unless exempt under §§ 73.22(b)(3) or 73.23(b)(3), as applicable by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington D.C. 20555-0001, and otherwise following the procedures in § 73.57(d) for submitting and processing fingerprints. However, before an adverse determination by the NRC Office of Administration on an individual's criminal history check, the individual shall be afforded the protections of § 73.57;” This paragraph requires that individuals seeking access to Safeguards Information in order to participate in an NRC adjudicatory proceeding must undergo an FBI criminal history check, including fingerprinting, unless they are exempt from this requirement under §§ 73.22(b) or 73.23(b). Those provisions cite § 73.59, which lists categories of individuals who are exempt from the FBI criminal history check and background requirements for access to Safeguards Information by virtue of their occupational status. This paragraph also extends the protections provided by § 73.57 to participants in NRC adjudications before an adverse determination by the NRC Office of Administration on their FBI criminal history checks. 2.1010(b)(6)(i)(C) The following paragraph is added: “A finding by the NRC Office of Administration, based upon a background check, that the individual is trustworthy and reliable, unless exempt under §§ 73.22(b)(3) or 73.23(b)(3), as applicable. However, before an adverse determination on an individual's background check for trustworthiness and reliability, the individual shall be afforded the protections provided by § 73.57.” This paragraph makes clear that individuals seeking access to Safeguards Information in order to participate in an NRC adjudicatory proceeding must undergo a background check for trustworthiness and reliability unless exempt from this requirement under §§ 73.22(b)(3)(b)(3) or 73.23(b)(3). Those provisions contain a cross-reference to § 73.59, which lists categories of individuals who are exempt from the FBI criminal history check and background check requirements for access to Safeguards Information by virtue of their occupational status. This paragraph extends the protections provided by § 73.57 to participants in NRC adjudications before an adverse determination by the NRC Office of Administration on their background checks for trustworthiness and reliability. 2.1010(b)(6)(i)(D) Participants, potential witnesses, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request the presiding officer to review the adverse determination. The request may also seek to have the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the presiding officer. The request must be filed within 15 days after receipt of the adverse determination by the individual against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination This paragraph establishes detailed procedures for participants, potential witnesses, and attorneys to appeal a final adverse determination by the NRC Office of Administration on an individual's trustworthiness and reliability determination for access to SGI. Participants, potential witnesses, and attorneys may request that the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the proceeding officer of the proceeding to review the NRC Office of Administration's adverse determination. In addition, this paragraph contains the following requirements: documentation by the Office of Administration of an adverse determination and the time periods for filing and service of the request for review, responding to the request, and for issuance of a decision by the presiding officer. The standard for reversal by the presiding officer of the NRC Office of Administration's final adverse determination made by the NRC Office of Administration. Start Printed Page 64035 2.1010(b)(6)(ii) The following provision is added: “The Pre-License Application Presiding Officer may include in an order any protective terms and conditions (including affidavits of non-disclosure) as may be necessary and appropriate to limit the disclosure to parties in the proceeding, to interested States and other governmental entities participating under § 2.315(c) and to their qualified witnesses and counsel.” This provision authorizes the Pre-License Application Presiding Officer to prescribe terms and conditions necessary to insure that disclosure of Safeguards Information is limited to authorized individuals. 2.1010(b)(6)(iii) The following paragraph is added: “When Safeguards Information protected from unauthorized disclosure under Section 147 of the Atomic Energy Act of 1954, as amended, is received and possessed by a party other than the NRC staff, it must also be protected according to the requirement of § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable.” This paragraph extends requirements for protection of Safeguards Information in §§ 73.21, 73.22, and 73.23, as applicable, to anyone in possession of Safeguards Information. 2.1010(b)(6)(iv) The following paragraph is added: “The Pre-License Application Presiding Officer may also prescribe additional procedures as will effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved.” This paragraph authorizes the Pre-License Application Presiding Officer to prescribe measures in addition to those described in §§ 73.21, 73.22, and 73.23 as applicable, to prevent disclosure of Safeguards Information to unauthorized individuals. 2.1010(b)(6)(v) The following paragraph is added: “In addition to any other sanction that may be imposed by the Pre-License Application Presiding Officer for violation of an order issued pursuant to this paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act of 1954, as amended, may be subject to a civil penalty imposed under § 2.205.” This paragraph authorizes civil penalties for disclosure of Safeguards Information in violation of a protective order or orders. 2.1010(b)(6)(vi) The following paragraph is added: “For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act of 1954, as amended, any order issued pursuant to this paragraph with respect to Safeguards Information is considered to be an order under Section 161b of the Atomic Energy Act of 1954, as amended.” This paragraph authorizes criminal penalties for disclosure of Safeguards Information in violation of a protective order or orders. 30.32(j) The following phrases are deleted: “in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security who prepares a physical security plan, security procedures for emergencies, or guard qualification and training procedures,” and “the plans, procedures, and other related.” The phrase “subject to the requirements of part 73 of this chapter” is added The deletions are made to simplify the original proposed rule text and make clear that applicants must protect all SGI and SGI-M, not just that contained in physical security plans, security procedures for emergencies, or guard qualification and training procedures. The addition to the text makes clear that not all applicants for a part 30 license would be subject to physical security or information security requirements. 30.34(i) The following phrase is deleted: “physical security plans, security procedures for emergencies, guard qualification and training procedures, and other related.” The word “are” is changed to “is.” This change conforms this section with the requirements of § 30.32(j). 40.31(m) A new first sentence is added: ``Each applicant for a license for the possession of source material at a facility for the production of uranium hexafluoride shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in §§ 73.21 and 73.22 of this chapter, as applicable.'' A new second sentence is added: ``Each applicant for a license for source material subject to the requirements of part 73 of this chapter shall protect unauthorized disclosure in accordance with the requirements in § 73.21 and the requirements in § 73.22 or § 73.23 of this chapter, as applicable.'' This change clarifies that applicants for licenses for the production of uranium hexafluoride would be required to protect security information as SGI in accordance with §§ 73.21 and 73.22. Other source material licensees must protect SGI and SGI-M in accordance with §§ 73.21, 73.22, and 73.23, as applicable. 40.41(h) The phrase “physical security plans, security procedures for emergencies, guard qualification and training procedures, and other related” is removed. The word “are” is changed to “is.” The change corrects a verb tense and also simplifies the text to make clear that applicants would be required to protect all SGI and SGI-M not just that contained in physical security plans, security procedures for emergencies, or guard qualification and training procedures. 50.34(e) The section is revised to read “Each applicant for a license to operate a production or utilization facility shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in § 73.21 and the requirements in § 73.22 or § 73.23 of this chapter, as applicable.” This change is made to simplify the revised proposed rule text and make clear that applicants would be required to protect all SGI and SGI-M, not just that contained in physical security plans, security procedures for emergencies, or guard qualification and training procedures. Start Printed Page 64036 50.54(v) The following phrase is deleted: “Physical security, safeguards contingency and guard qualification and training plans and other related.” The word “are” is changed to “is.” This change is to conform with the change in § 50.34(e). 52.17(d) The addition of this section requires applicants for early site permits under this part to protect Safeguards Information against unauthorized disclosure in accordance with the requirements in §§ 73.21 and 73.22 of this chapter, as applicable This change is made in concert with the change to §§ 52.47 and 52.79 to require applicants for standard design certifications and combined licenses to protect SGI from unauthorized disclosure. 60.21(d) The word “as” is deleted. The phrase “the detailed security measures for physical protection of high-level radioactive waste, including the design for physical protection, the safeguards contingency plan, the security organization personnel training and qualification plan, and other related security information” is replaced with “and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable.” This change is made to simplify the revised proposed rule text and make clear that applicants would be required to protect all SGI and SGI-M, not just that contained in physical security, safeguards contingency, or guard qualification and training plans. The change also reflects that applicants under Part 60 would be required to protect classified information. 60.42(d) The phrase “the detailed security measures for physical protection of high-level radioactive waste, including the design for physical protection, the safeguards contingency plan, the security organization personnel training and qualification plan, and other related security information” is replaced with “Safeguards Information.” A new sentence is added: “The licensee shall ensure that classified information is protected in accordance with the requirements of parts 25 and 95 of this chapter, as applicable.” This change conforms this section to the requirements of § 60.21(d). 63.21(d) A cross-reference to § 73.23 is added. The word “as” is deleted. The phrase “the detailed security measures for physical protection of high-level radioactive waste, including the design for physical protection, the safeguards contingency plan, and the security organization personnel training and qualification plan, and other related Safeguards Information” is replaced with “as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable.” This change is made in concert with the change to part 60 to reflect protection of the same type of information for part 60 and part 63 applicants. 63.42(e) A cross-reference to § 73.23 is added. The phrase “the detailed security measures for physical protection of high-level radioactive waste, including the design for physical protection, the safeguards contingency plan, and security organization personnel training and qualification plan, and other related” is removed. The phrase “and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable” is added This change conforms this section to the requirements of § 63.21(d). 70.22(l) The section is revised to read “Each applicant for a license shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable.” This change is made to simplify the rule text and make clear that all SGI and SGI-M would have to be protected, not just that contained in physical security, safeguards contingency, or guard qualification and training plans. The change also reflects that applicants under part 70 would be required to protect classified information. 70.22(o) This paragraph is deleted This paragraph is eliminated as it is no longer necessary in light of the change to § 70.22(l). § 70.32(j) The phrases “a formula quantity of strategic” and “physical security, safeguards contingency, and guard qualification and training plans and other related” are deleted. The word “are” is changed to “is.” The phrase “and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable” is added The deletions are made to simplify the revised proposed rule text and make clear that all SGI and SGI-M would have to be protected, not just SGI or SGI-M contained in physical security, safeguards contingency, or guard qualification and training plans. There is also a change to correct verb tense. The deletions are made to simplify the revised proposed rule text and make clear that all SGI and SGI-M would have to be protected, not just SGI or SGI-M contained in physical security, safeguards contingency, or guard qualification and training plans. 70.32(l) The paragraph is deleted This paragraph is eliminated as it is no longer necessary in light of the change to § 70.32(j). 71.11 The phrase “spent fuel” is changed to “irradiated reactor fuel.” The word “a'' is added before “critical mass.” This change corrects a grammatical error and makes the terminology consistent with that used in 10 CFR part 73. Start Printed Page 64037 72.212(b)(5)(v) The phrase “receives, transfers, and possesses power reactor spent fuel, power reactor-related Greater than Class C (GTCC) waste, and other” is changed to “receives and possesses power reactor spent fuel and other.” This change recognizes that generally licensed independent spent fuel storage installations are not authorized to transfer SNF pursuant to § 72.120, nor are such facilities authorized to possess Greater than Class C waste. 73.2 Definitions of the new terms “background check” and “quantities of concern” are added. The revised proposed rule states; “Background check includes, at a minimum, a criminal history check, verification of identify, employment history, education, and personal references. Individuals engaged in activities subject to regulation by the Commission, applicants for licenses to engage in Commission-regulated activities, and individuals who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission are required under § 73.57 to conduct criminal history checks before granting access to Safeguards Information. A background check must be sufficient to support the trustworthiness and reliability determination so that the person performing the check and the Commission have assurance that granting individuals access to Safeguards Information does not constitute an unreasonable risk to the public health and safety or the common defense and security.” The term “background check” replaces the term “comprehensive background check” to more clearly distinguish the background check requirements for access to SGI from other regulations requiring a “background investigation” for other purposes (10 CFR 73.56, “Personnel access authorization requirements for nuclear power plants). In additional criminal history check, including fingerprinting, is included as part of the background check because the background check establishes the overall trustworthiness and reliability of an individual for access to SGI. The response to comments on the definition of “background check” contains more details on this definition. The definition of “quantities of concern” reads: “ ‘Quantities of Concern’ means the quantities of the radionuclides meeting or exceeding the threshold limits set forth in Table I-1 of Appendix I of this part.” The term “quantities of concern” is being added to the revised proposed rule because the term now appears in new “Appendix I to part 73, Category 1 and Category 2 Radioactive Materials, Table I-1—Quantities of Concern Threshold Limits.” As defined, the term would mean the quantities of the radionuclides meeting or exceeding the threshold limits set forth in the table. The revised proposed rule would amend definition of “need to know” to read: “ ‘Need to know’ means a determination by a person having responsibility for protecting Safeguards Information that a proposed recipient's access to Safeguards Information is necessary in the performance of official, contractual, licensee, applicant, or certificate holder employment.” The definition of the term “need to know” is amended to make clear that the term applies to licensees, applicants, certificate holders, and participants in adjudications. In an adjudication, “need to know” means a determination by the originator of the information that (a) the information is necessary to enable the proposed recipient to proffer and/or adjudicate a specific contention in that proceeding, and (b) the proposed recipient of the specific Safeguards Information possesses demonstrable knowledge, skill, training, or education to effectively utilize the specific Safeguards Information in the proceeding. Where the information is in the possession of the originator and the NRC staff (dual possession), whether in its original form or incorporated into another document by the recipient, the NRC staff makes the determination. In the event of a dispute regarding “need to know” determination, the presiding officer of the proceeding makes the determination The definition of “need to know” has two parts to add specificity to the definition. The first part defines “need to know” determinations outside of adjudications. The second part defines “need to know” determinations in the context of adjudications. 73.2 Cont The definition of “Safeguards Information” is amended to add the phrases “licensee's or applicant's,” “the physical protection of,” and “within the scope of Section 147 of the Atomic Energy Act of 1954, as amended,” to change the phrase “radiological sabotage” to “sabotage,” and to remove the word “otherwise.” The definition of “SGI” is changed in order to provide clarification that SGI is information that identifies a “licensee's or applicant's” detailed control and accounting procedures for the physical protection of special nuclear material and includes only information “within the scope of Section 147 of the Atomic Energy Act of 1954, as amended. The definition of “trustworthiness and reliability” has been revised by deleting the original proposed definition and substituting “Trustworthiness and reliability are characteristics of an individual considered dependable in judgment, character, and performance, such that disclosure of Safeguards Information to that individual does not constitute an unreasonable risk to the public health and safety or common defense and security.” The definition of “trustworthiness and reliability” is changed in response to comments that it was not sufficiently clear. Start Printed Page 64038 73.8(b) Section (b) is updated to read: “The approved information collection requirements contained in this part appear in §§ 73.5, 73.20, 73.21, 73.22, 73.23, 73.24, 73.25, 73.26, 73.27, 73.37, 73.40, 73.45, 73.46, 73.50, 73.55, 73.56, 73,57, 73.60, 73.67, 73.70, 73.71, 73.72, 73.73, 73.74, and appendices B, C, and G.” This paragraph is updated to include all of the approved information collection requirements contained in part 73. 73.21(a)(1)(i) This paragraph is reorganized and edited to read: “Establish, implement, and maintain an information protection system that includes the applicable measures for Safeguards Information specified in § 73.22 related to: Power reactors; a formula quantity of strategic special nuclear material; transportation of or delivery to a carrier for transportation of a formula quantity of strategic special nuclear material or more than 100 grams of irradiated reactor fuel; uranium hexafluoride production facilities; fuel fabrication facilities; uranium enrichment facilities; independent spent fuel storage installations; and geologic repository operations areas.” This paragraph is changed in response to comments to more clearly set out which facilities, materials, and licensees are subject to the requirements of § 73.22. The paragraph is reorganized for clarity. 73.21(a)(1)(ii) This paragraph is reorganized and edited to read: “Establish, implement, and maintain an information protection system that includes the applicable measures for Safeguards Information specified in § 73.23 related to: Panoramic and underwater irradiators that possess greater than 370 TBq (10,000 Ci) of byproduct material in the form of sealed sources; manufacturers and distributors of items containing source, byproduct, or special nuclear material in greater than or equal to Category 2 quantities of concern; research and test reactors that possess special nuclear material of moderate strategic significance or special nuclear material of low strategic significance; and transportation of greater than or equal to Category 2 quantities of concern.” This subsection is changed in response to comments to more clearly set out which facilities, materials, and licensees are subject to the requirements of § 73.23. The paragraph is reorganized for clarity. This paragraph has been drafted to be consistent with orders previously issued by the Commission, e.g., Panoramic and Underwater Irradiator Security Orders, RAMQC Transportation Orders, Manufacturer and Distributor Security Orders, Increased Controls Orders. 73.21(a)(2) The word “Federal” is added to the list of law enforcement officials and the cross reference is changed from “§ 73.21(a)(i)” to “§ 73.21(a)(1).” The word “deemed” is changed to “presumed.” In response to a comment, this paragraph is amended to provide that information protection procedures used by Federal police are presumed to meet the general performance requirement of § 73.21(a)(1). The word “deemed” is changed to “presumed” to be consistent with § 73.21(b)(1), which preserves the Commission's authority to impose different SGI handling requirements on any person who produces, receives, or acquires SGI. The cross-reference to § 73.21(a)(i) is changed to § 73.21(a)(1) to correct a typographical error. 73.21(b)(1) The phrase “Safeguards Information handling requirements” is changed to “Safeguards Information protection requirements.” The phrase “or in addition to” is added. The cross-reference to §§ 73.21(a)(1) and (2) are deleted and reference to “this part” is substituted This change clarifies that the Commission may impose information protection requirements different from or in addition to those specified in part 73 on any person who produces, receives, or acquires SGI, provided the Commission's action is within the scope of its authority under Section 147 of the Atomic Energy Act of 1954, as amended. 73.21(b)(2) A new section is added: “The Commission may require, by regulation or order, that information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended related to facilities or materials not specifically described in §§ 73.21, 73.22 or 73.23 be protected under this part.” This paragraph is added to indicate that the Commission may impose the requirements of part 73 on facilities or materials not specifically described in §§ 73.21, 73.22, or 73.23, provided the Commission's action is within the scope of Section 147 of the Atomic Energy Act of 1954, as amended. 73.22 The phrase “licensees authorized to possess” is deleted. The phrase “and fuel cycle facilities” is deleted and replaced with “uranium hexafluoride production facilities, fuel fabrication facilities, and uranium enrichment facilities; independent spent fuel storage installations; and geologic repository operations areas.” The introductory text to § 73.22 is changed to conform with the changes in § 73.21(a)(1)(i). The change specifically identifies which fuel cycle facilities are subject to the requirements of § 73.22. 73.22(a) The phrase “non-public” is added. The phrase “protective measures, interim compensatory measures, additional security measures, and the following as applicable” is deleted The first change clarifies that only non-public security-related requirements are to be protected as SGI. The second change more closely tracks the current rule language in § 73.21(b)(1). 73.22(a)(1) The section is revised to read “Information not classified as Restricted Data or National Security Information related to physical protection, including: ” References to specific licensees are eliminated. The original proposed rule language inappropriately limited the scope of the section. The revision clarifies the scope of the revised proposed rule and simplifies the rule text. Start Printed Page 64039 73.22(a)(1)(i) The phrase “All portions of” is deleted This paragraph, which, as originally proposed, would have protected “all portions” of a composite physical security plan for a site, is amended in response to comments that such plans may contain a mix of safeguards and non-SGI. The NRC acknowledges that there may be some non-SGI in various licensee security plans and accordingly has deleted the phrase “all portions” in the revised proposed rule text. 73.22(a)(1)(ii) The phrase “not easily discernible by members of the public” is added The phrase “not easily discernible to members of the public” is added to reflect that aspects of a licensee's or applicant's physical security system that can be readily observed by members of the public are not necessarily considered SGI. 73.22(a)(1)(iii) The phrases “for security equipment” and “not easily discernible by members of the public” are added The phrase “for security equipment” is added in response to comments requesting clarification of which emergency power sources are referred to in the rule. The phrase “not easily discernible to members of the public” is added to reflect that aspects of a licensee's or applicant's alarm system layouts that can be readily observed by members of the public are not necessarily considered SGI. 73.22(a)(1)(iv) The phrase “Written physical security orders and procedures for members of the security organization, duress codes, and patrol schedules” is revised to read “Physical security orders and procedures issued by the licensee for members of the security organization detailing duress codes, patrol routes and schedules, or responses to security contingency events”; This paragraph, which, as originally proposed, covered only written physical security orders and procedures, is amended so that it would not be limited to written security orders and procedures. The paragraph is also changed to clarify that it would apply to physical security orders and procedures written by the licensee. In addition, the revised proposed rule replaces “patrol routes” with “patrol routes and schedules.” The phrase “safeguards or security emergencies” is changed to “security contingency events” to emphasize that the requirement is security-related, and to maintain consistency with other regulatory provisions. 73.22(a)(1)(v) The phrase “On-site and off-site communications systems in regard to their use for security purposes” is revised to read “Site-specific design features of plant security communications systems.” This paragraph, which, as originally proposed, would have protected “[o]n-site and off-site communications systems in regard to their use for security purposes,” is amended in the revised proposed rule to read “[s]ite-specific design features of plant security communications systems,” in response to a comment that licensees cannot and should not control information describing off-site communications systems. The revised proposed rule would require protection only of information regarding on-site communications systems. 73.22(a)(1)(vii) The phrase “physical security plans, safeguards contingency plans” is changed to “security plans, contingency measures.” This change uses broader language so that SGI protection is not limited to formal security plans or contingency plans. Not all licensees will have formally designated plans. The goal is to protect information about the physical security system and security procedures, whether or not they are contained in a single written plan. 73.22(a)(1)(viii) The phrase “All portions of” is deleted. The phrase “safeguards contingency plan” is changed to “safeguards contingency plan/measures.” This paragraph, which, as proposed, would have protected “all portions” of a composite safeguards contingency plan, is amended in response to comments that such plans may contain a mix of safeguards and non-SGI. The NRC acknowledges that there may be some non-SGI in various licensee security plans and accordingly deleted the phrase “all potions.” The revision also protects information about contingency measures not contained in a formal contingency plan. 73.22(a)(1)(ix) The phrase “All portions of” is deleted. The phrase “guard qualification and training plan” is changed to “guard qualification and training plan/measures.” This paragraph, which, as originally proposed, would have protected “all portions” of a composite guard qualification and training plan, is amended in response to comments that such plans may contain a mix of safeguards and non-SGI. The NRC acknowledges that there may be some non-SGI in various licensee security plans and accordingly deleted the phrase “all portions.” The revised proposed rule would also protect information about guard training not contained in a formal training and qualification plan. Start Printed Page 64040 73.22(a)(1)(x) The phrase “Information concerning onsite or offsite response forces, including size, identity, armament, and arrival times of such forces committed to respond to security emergencies” is revised to read “Information relating to onsite or offsite response forces, including size, armament of response forces, and arrival times of such forces committed to respond to security contingency events;” This paragraph is reworded slightly for clarification. The phrase “safeguards or security emergencies” is changed to “security contingency events” to emphasize that the requirement is security-related, and to maintain consistency with other regulatory provisions. 73.22(a)(1)(xi) The phrase “The elements and characteristics of the Design Basis Threat in a level of detail greater than as specified in § 73.1 or other information that would disclose the Design Basis Threat, including the tactics and capabilities required to defend against that threat” is revised to read: “The Adversary Characteristics Document or other implementing guidance associated with the Design Basis Threat in § 73.1;” As originally proposed, this section referred generically to “information that would disclose the details of the Design Basis Threat.” The section has been reworded to explicitly identify the information that would be protected under the revised proposed rule. The Design Basis Threat is set out in its entirety in § 73.1. The information protected is the Adversary Characteristics Document and other Design Basis Threat implementing guidance, which contain detailed descriptions of the operational and tactical capabilities of the hypothetical adversary force more generally described in the Design Basis Threat rule. 73.22(a)(1)(xii) The phrase “related to the physical protection” at the beginning of the original proposed rule text is changed to “revealing site-specific details.” The phrase “unauthorized disclosure of such information” is changed to “unauthorized disclosure of such analyses, procedures, scenarios, or other information.” In addition, the phrase “emergency planning” is deleted and is replaced with “security-related.” The phrase “material or a facility” at the end of the original proposed rule text is changed to “source, byproduct, or special nuclear material.” This paragraph is revised in response to comments that the section was too broadly-worded as proposed. The revision clarifies that the analyses, procedures, scenarios, and other information described in this section are considered SGI only if they reveal “site-specific details” about the physical protection of the facility or source, byproduct, or special nuclear material. The substitution of “security-related” for “emergency planning” is made to clarify that emergency preparedness plans should remain publicly available, unless a specific emergency preparedness procedure contains information which could potentially need to be protected as SGI. 73.22(a)(1)(xiii) This paragraph is deleted This paragraph is deleted as unnecessary. The information this section would have protected is protected under § 73.22(a)(1)(xi). 73.22(a)(2) The word “otherwise” and the phrase “protection of” are deleted The words “protection of” are deleted to correct a grammatical error in the original proposed rule. The word “otherwise” is deleted to simplify the revised proposed rule text. 73.22(a)(2)(i) The phrase “All portions of the composite transportation physical security plan” is changed to “The composite physical security plan for transportation;” This paragraph, which, as proposed, would have protected “all portions” of a composite physical security plan for transportation, is amended in response to comments that such plans may contain a mix of SGI and non-SGI. The NRC acknowledges that there may be some non-SGI in various licensee security plans and accordingly deleted the phrase “all portions.” 73.22(a)(2)(ii) The section is revised to read “Schedules and itineraries for specific shipments of source material, byproduct material, high-level nuclear waste, or irradiated reactor fuel. Schedules for shipments of source material, byproduct material, high-level nuclear waste, or irradiated reactor fuel are no longer controlled as Safeguards Information 10 days after the last shipment of a current series”; This section has been changed to more closely track the relevant statutory language in Section 147 of the AEA, and to reflect the NRC's practice of decontrolling shipment schedules and itineraries after completion of the shipment. 73.22(a)(2)(vi) The phrase “safeguards or security emergencies” is changed to “security contingency events.” This paragraph is reworded slightly for clarification. The phrase “safeguards or security emergencies” is changed to “security contingency events” to emphasize that the requirement is security-related, and to maintain consistency with other regulatory provisions. 73.22(a)(2)(vii) The phrase “radiological sabotage” is changed to “sabotage.” The phrase “irradiated reactor fuel” is added The word “radiological” is deleted because the definition of SGI relates broadly to sabotage, not only “radiological sabotage.” The addition of “irradiated reactor fuel” makes the terminology of this paragraph consistent with that used elsewhere in 10 CFR part 73. 73.22(a)(2)(viii) The phrase “and other information” is added. The phrase “unauthorized disclosure of such information” is changed to “unauthorized disclosure of such analyses, procedures, scenarios, or other information.” The phrase “such material” at the end of the original proposed rule text is changed to “source, byproduct, or special nuclear material.” This paragraph is revised in response to comments that the section was too broadly worded as proposed. The revision clarifies that the analyses, procedures, scenarios, and other information described in this section are considered SGI only if they reveal site-specific details about the physical protection of the facility or source, byproduct, or special nuclear material. Start Printed Page 64041 73.22(a)(3) The section is revised to read “Information not classified as National Security Information or Restricted Data pertaining to safeguards and security inspections and reports, including:” References to specific licensees are eliminated. The original proposed rule language inappropriately limited the scope of the section. The revisions clarify the scope of the revised proposed rule and simplify the rule text. 73.22(a)(3)(ii) The phrase “after the investigation has been completed” is changed to “after corrective actions have been completed.” This paragraph is changed to reflect that NRC will release general investigation reports after corrective action has been taken, unless the information is properly withheld under the Freedom of Information Act. Reports of investigation will not be released before corrective action is taken because the reports could be used to exploit security deficiencies. 73.22(a)(4) The word “paragraph” is changed to “section.” The words “as defined” are changed to “as set forth.” This paragraph is changed to correct a grammatical error. 73.22(a)(5) The phrase “Other information” is changed to “Other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended.” The phrase “material or a facility” at the end of the original proposed rule text is changed to “source, byproduct, or special nuclear material or a facility.” This paragraph is changed in response to comments that it was too broadly-worded as proposed. The change makes clear that the Commission retains the authority to issue further orders or regulations requiring the protection of categories of information not described in the regulations, provided the information still falls within the cope of Section 147 of the Atomic Energy Act of 1954, as amended. 73.22(b) This paragraph has been revised and reorganized in the revised proposed rule for clarity. However, the conditions of access to SGI—established need to know, FBI criminal history check, and background check to determine trustworthiness and reliability—have not changed. The background check to determine trustworthiness and reliability contained in § 73.22(b)(1)(i)(A) of the original proposed rule is in § 73.22(b)(2) of the revised proposed rule. The exemptions from criminal history and background checks contained in § 73.22(b)(1)(i)-(vi) are cross-referenced in § 73.22(b)(3) of revised proposed rule. The specific exemptions are listed in § 73.59 The structure of this paragraph has been revised for clarification. These revisions are intended to make clear that no one would have access to SGI without first establishing a “need to know”. They are intended to make clear that unless an individual is exempt by virtue of his or her occupational status all individuals would be required to undergo an FBI criminal history check and a background check to determine trustworthiness and reliability before obtaining access to SGI. 73.22(b)(1) This section has been revised and simplified. It now reads in its entirety: “Except as the Commission may otherwise authorize, no person may have access to Safeguards Information unless the person has an established “need to know” for the information and has undergone a Federal Bureau of Investigation criminal history check using the procedures set forth in § 73.57.” This paragraph has been revised to require an established “need to know” and an FBI criminal history check before access to SGI. There would be no exception to the ‘need to know’ requirement. All exemptions to the FBI criminal history and background check requirements are now contained in § 73.22(b)(3)(i)-(vii). 73.22(b)(2) This section now reads: “In addition, a person to be granted access to SGI must be trustworthy and reliable, based on a background check or other means approved by the Commission.” The paragraph has been revised to clarify that individuals are subject to a background check before they must be granted access to SGI. The determination that an individual is trustworthy and reliable would be based upon a background check. The background check for trustworthiness and reliability would be in addition the FBI criminal history check. The term “background check” is defined in §73.2. 73.22(b)(3) This section provides that §73.59 lists the categories of individuals who are exempt from the requirements of § 73.22(b)(1) & (2) by virtue of their occupational status This paragraph provides that § 73.59 lists the categories of individuals who would be exempt from a FBI criminal history check requirement in § 73.22(b)(1) and the background check to determine trustworthiness and reliability requirements in § 73.22(b)(2) by virtue of their occupation status. These individuals are not exempt from the “need to know” requirement. 73.22(b)(4) This section has been added. It reads: “For persons participating in an NRC adjudicatory proceeding other than those identified in § 73.9, the “need to know” determination shall be made by the originator of the Safeguards Information upon receipt of a request for access to the Safeguards Information. Where the information is in the possession of the originator and the NRC staff (dual possession), whether in its original form or incorporated into another document by the recipient, the NRC staff makes the determination. In the event of a dispute regarding the “need to know” determination, the presiding officer of the proceeding shall determine whether the “need to know” findings in § 73.2 can be made.” This paragraph was added to clarify when the need to know determination would be made and who would determine whether a participant in an NRC adjudicatory proceeding has a “need to know.” Start Printed Page 64042 73.22(b)(5) This paragraph was § 73.22(b)(3) in the original proposed rule. The phrase “except as set forth in paragraph (b)(1)” has been deleted and replaced with “except as set forth in this section.” The change of the phrase “as set forth in paragraph (b)(1)” to “as set in this section” results from the restructuring of § 73.22(b). 73.22(c)(1) The phrase “Safeguards Information within alarm stations, continuously manned guard posts or ready rooms need not be locked in a locked security storage container” is changed to “Safeguards Information within alarm stations, or rooms continuously occupied by authorized individuals need not be stored in a locked security storage container.” This paragraph is revised to make clear that SGI could be left outside of a locked security storage container if attended by individuals authorized access to SGI. The original proposed rule could have been interpreted to allow unauthorized persons access to SGI. 73.22(c)(2) The phrase “so as to prevent disclosure to an unauthorized individual not authorized access to Safeguards Information” is changed to “so as to prevent disclosure to an individual not authorized access to Safeguards Information.” The word “may” is changed to “shall.” The word “unauthorized” is removed because it was redundant. The word “shall” is replacing “may” because it is a requirement that locked security storage containers do not identify contents as SGI. 73.22(d)(1) The phrase “must be marked ‘Safeguards Information' ” is changed to “must be marked to indicate the presence of such information.” The phrase “to indicate the presence of protected information” is deleted from the end of the first sentence. The word “each” in the last sentence is changed to “the.” This paragraph is revised in response to comments that the proposed document-marking language was too prescriptive. The changes are intended to allow more flexibility in document marking. The change from “each” to “the” is to conform this paragraph with § 73.23(d)(1). 73.22(d)(1)(iii) The word “would” is changed to “will” The word “would” is changed to “will.” 73.22(d)(2) The phrase “In addition to the ‘Safeguards Information' markings” is changed to “In addition to the markings.” The phrase “transmittal letters or memoranda” is changed to “any transmittal letters or memoranda to or from the NRC,” and “e.g.” is changed to “i.e.” This paragraph is revised in response to comments that the proposed language was too prescriptive. The changes are intended to allow more flexibility in document marking. 73.22(d)(3) The phrase “Portion marking of documents or other information is required for correspondence to and from the NRC” is changed to “Portion marking is required only for correspondence to and from the NRC (i.e., cover letters, but not attachments) that contains Safeguards Information.” The word “transmittal” is added before “document.” This paragraph is revised in response to comments seeking clarification of which documents require portion marking. The intent of the revised section is to require portion marking only for cover letters and similar documents that transmit correspondence to or from the NRC. Attachments to the transmittal document do not need to be portion marked. This requirement would enable the NRC to better identify some of its security-related regulatory activities to the public because it will be administratively easier to redact and disclose portion-marked transmittal documents. 73.22(d)(4) This paragraph as proposed is deleted and substituted with a revision of the proposed § 73.22(d)(5). The revised proposed rule § 73.22(d)(4) reads “Marking of documents containing or transmitting Safeguards Information shall, at a minimum include the words ‘Safeguards Information’ to ensure identification of protected information for the protection of facilities and material covered by 10 CFR 73.22.” This paragraph is deleted from the revised proposed rule in response to comments opposing the requirement to re-mark SGI that existed before the effective date of a final rule. 73.22(d)(5) The proposed paragraph was revised and moved to § 73.22(d)(4). The paragraph is reworded and renumbered as § 73.22(d)(4) in the revised proposed rule. The revision requires that future document markings include the words “Safeguards Information” ensure easy identification and a level of consistency among those required to mark such information. 73.22(e) The phrase “If Safeguards Information is reproduced on a digital copier that would retain Safeguards Information in its memory, then the copier may not be connected to a network” is changed to “Equipment used to reproduce Safeguards Information must be evaluated to ensure that unauthorized individuals cannot access Safeguards Information (e.g., unauthorized individuals cannot access SGI by gaining access to retained memory or network connectivity).” This paragraph is revised to provide more general instructions on reproduction of SGI. The original proposed rule limited the instructions to digital copiers. The revision applies a performance-based standard to any equipment used to reproduce SGI. 73.22(f)(2) The phrase “nationwide overnight” is deleted This paragraph is revised so that commercial delivery companies transporting SGI do not have to provide nationwide overnight service. SGI may be transported by trusted, local carriers, so long as the carrier has computer tracking capabilities. Start Printed Page 64043 73.22(f)(3) This paragraph has been revised to read: “Except under emergency or extraordinary conditions, Safeguards Information shall be transmitted outside an authorized place of use or storage only by (a) NRC approved secure electronic devices, such as facsimiles or telephone devices, provided that transmitters and receivers implement processes that will provide high assurance that Safeguards Information is protected before and after the transmission or (b) electronic mail through the internet, provided that (i) the information is encrypted by the NRC-approved encryption modules and algorithms; (ii) the information is produced by a self contained secure automatic data process system; and (iii) transmitters and receivers implement the information handling processes that will provide high assurance that Safeguards Information is protected before and after transmission. Physical security events required to be reported pursuant to § 73.71 are considered to be extraordinary conditions.” The paragraph has been revised and updated to more accurately reflect information security requirements. 73.22(g)(1) The word “may” is changed to “shall” in the third sentence. The phrase “shall be” is replacing “may be” to clarify that stand-alone computers or computer systems are required not to be physically or in any other way connected to a network accessible by users who are not authorized access to SGI. 73.22(g)(3) The word “automated” is deleted The word “automated” unnecessarily appeared in the original proposed rule and has been deleted. 73.22(i) The phrase “tearing into small pieces” is deleted from the second sentence. The third sentence is change from “Piece sizes one half inch or smaller composed of several pages or documents and thoroughly mixed would be considered completely destroyed” to “Piece sizes no wider than one quarter inch composed of several pages or documents and thoroughly mixed are considered completely destroyed.” The word “must” is changed to “shall.” This paragraph is revised to eliminate redundant language and to clarify that document destruction results in piece sizes no wider than one-quarter inch, thoroughly mixed. Changing the word “must” to “shall” conforms this paragraph with § 73.23(i). 73.23 The first sentence is deleted and replaced with “This section contains specific requirements for the protection of Safeguards Information related to panoramic and underwater irradiators that possess greater than 370 TBq (10,000 Ci) of byproduct material in the form of sealed sources; manufactures and distributors of items containing source, byproduct, or special nuclear material in greater than or equal to Category 2 quantities of concern; transportation of more than 1000 TBq (27,000 Ci) but less than or equal to 100 grams of spent nuclear fuel; research and test reactors that possess special nuclear material of moderate strategic significance or special nuclear material of low strategic significance; and transportation of greater than or equal to Category 2 quantities of concern.” In the second sentence, the word “protection” is replaced by “handling.” This section is changed in response to comments requesting that the rule more clearly set out which facilities, materials, and licensees and subject to the requirements of § 73.23. It has been drafted to be consistent with orders previously issued by the Commission, e.g., Panoramic and Underwear Irradiator Security Orders, RAMQC Transportation Orders, Manufacturer and Distributor Orders, Increased Control Orders. The word “handling” is used to conform the sentence with the paragraph. 73.23(a) The phrase “non-public” is added. The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information-Modified Handling.” The words “non-public” are added for clarification. The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information-Modified Handling” to better distinguish SGI-M, needing modified protection, from SGI for reactors and fuel cycle facilities that require a higher level of protection. 73.23(a)(1). This section is revised to read “Information not classified as Restricted Data or National Security Information related to physical protection, including:” References to specific licensees are eliminated. The original proposed rule language improperly limited the scope of the section. The revision clarify the scope of the revised proposed rule and simplify the rule text. 73.23(a)(1)(i) The phrase “All portions of” is deleted This paragraph, which, as originally proposed, would have protected “all portions” of a composite physical security plan, is amended in response to comments that such plans may contain a mix of SGI and non-SGI. The NRC acknowledges that there may be some non-SGI in various licensee security plans and accordingly deleted the phrase “all portions” in the revised proposed rule. 73.23(a)(1)(ii) The phrase “not easily discernible by members of the public” is added The phrase “not easily discernible to members of the public” is added to reflect that aspects of a licensee's or applicant's alarm system layouts that can be readily observed by members of the public are not necessarily considered SGI. Start Printed Page 64044 73.23(a)(1)(iii) The phrases “for security equipment” and “not easily discernible by members of the public” are added The phrase “for security equipment” is added in response to comments requesting clarification of which emergency power sources are referred to in the rule. The phrase “not easily discernible to members of the public” is added to reflect that aspects of a licensee's or applicant's alarm system layouts that can be readily observed by members of the public would not necessarily be considered SGI. 73.23(a)(1)(iv) The phrase “Written physical security orders and procedures for members of the security organization, duress codes, and patrol schedules” is revised to read “Physical security orders and procedures issued by the licensee for members of the security organization detailing duress codes, patrol routes and schedules, or responses to security contingency events”; This paragraph is revised to clarify that it applies to orders and procedures issued by the licensee regarding certain security activities. 73.23(a)(1)(v) The phrase “On-site and off-site communications systems in regard to their use for security purposes” is revised to read “Site-specific design features of plant security communications systems”; This paragraph is revised in response to comments that the original proposed rule was overly broad. This paragraph now requires protection of site-specific design features of facility communications systems. 73.23(a)(1)(vii) The words “The composite” are added at the beginning of the section. The phrase “guard qualification and training procedures” is changed to “guard qualification and training plan/measures.” This paragraph is revised to more closely track the language in § 73.22(a)(1)(ix). Also, the revision protects information about guard training not contained in a formal training and qualification plan. 73.23(a)(1)(ix) The phrase “Information concerning offsite response forces, including size, identity, armament, and arrival times of such forces committed to respond to safeguards or security emergencies” is revised to read “Information relating to onsite or offsite response forces, including size, armament of response forces, and arrival times of such forces committed to respond to security contingency events; and” The paragraph is reworded slightly for clarification. The phrase “safeguards or security emergencies” is changed to “security contingency events” to emphasize that the requirement is security-related, and to maintain consistency with other regulatory provisions. 73.23(a)(1)(x) The phrase “related to the physical protection of” at the beginning of the original proposed rule text is changed to “revealing site-specific details of.” The phrase “unauthorized disclosure of such information” is changed to “unauthorized disclosure of such analyses, procedures, scenarios, and information.” In addition, the phrase “emergency planning” is deleted and is replaced with “security-related.” The phrase “material or a facility” at the end of the original proposed rule text is changed to “source, byproduct, or special nuclear material” This paragraph is revised in response to comments that the section was too broadly worded as proposed. The revision clarifies that the analyses, procedures, scenarios, and other information described in this section are considered SGI only if they reveal “site-specific details” about the physical protection of the facility or source, byproduct, or special nuclear material”. The substitution of “security-related” for “emergency planning” is made to clarify that emergency preparedness plans should remain publicly available, unless a specific emergency preparedness procedure contains information which could potentially need to be protected as SGI. 73.23(a)(2) This section is revised to read “Information not classified as Restricted Data or National Information related to the physical protection of shipments of more than 1000 Tbq (27,000 Ci) but less than or equal to 100 grams of spent nuclear fuel, source material and byproduct material in Category 2 quantities of concern, and special nuclear material in less than a formula quantity (except for those materials covered under § 73.22), including:” The language is revised to more precisely define which types of information would be protected under the revised proposed rule. The word “otherwise” is removed to simplify the revised proposed rule text. 73.23(a)(2)(i) The phrase “security features of a transportation physical security plan” is changed to “transportation security measures, including physical security plans and procedures, immobilization devices, and escort requirements, more detailed than NRC regulations.” The phrase “Scheduling and itinerary information may be shared with others on a “need to know” basis and is not designated as Safeguards Information-Modified Handling” has been deleted from this paragraph of the revised proposed rule This paragraph is revised so that it more accurately describes the type of information that would be protected. The original proposed rule would have required protection of a “transportation physical security plan,” but not all licensees subject to this section will have such a plan. The revised language is broader and would cover “information regarding transportation security measures, including physical security plans and procedures * * *” Start Printed Page 64045 73.23(a)(2)(ii) The text that appeared in this paragraph of the original proposed rule is renumbered to § 73.23(a)(2)(iii). In its place, the following paragraph has been added: “Scheduling and itinerary information for shipments (scheduling and itinerary information for shipments that are inherently self-disclosing may be decontrolled after shipment departure. Scheduling and itinerary information for shipments that are not inherently self-disclosing may be decontrolled 2 days after the shipment is completed. Scheduling and itinerary information used for the purpose of preplanning, coordination, and advance notification may be shared with others on a “need to know” basis and need not be designated Safeguards Information-Modified Handling);” This paragraph has been added to include protection of information associated with transportation of radioactive materials in greater than or equal to Category 1 quantities of concern. 73.23(a)(2)(iii) Due to renumbering, this paragraph now reads: “Arrangements with and capabilities of local police response forces, and locations of safe havens;” The paragraph reading: “Limitations of communications during transport,” which appeared in this paragraph of the original proposed rule has been deleted This paragraph was renumbered from (ii) to (iii). 73.23(a)(2)(iv) In the revised proposed rule this paragraph reads: “Details of alarm and communication systems, communication procedures, and duress codes;” This paragraph has been added to include protection of information associated with the transportation of radioactive material in greater than or equal to Category 1 quantities of concern. 73.23(a)(2)(v) The phrase “safeguards or security emergencies” is changed to “security contingency events; and” This paragraph, which as (iv) in the original proposed rule, is reworded slightly for clarification in the revised proposed rule. The phrase “safeguards or security emergencies” is changed to “security contingency events” to emphasize that the requirement is security-related, and to maintain consistency with other regulatory provisions. 73.23(a)(2)(vi) The phrase “emergency planning” is deleted and is replaced with “security-related.” The phrase “and other information” is added after “security-related procedures or scenarios.” The phrase “unauthorized disclosure of such information” is changed to “unauthorized disclosure of such analyses, procedures, scenarios, or other information.” The phrase “sabotage of such material” at the end of the original proposed rule text is changed to “sabotage of source, byproduct, or special nuclear material.” This paragraph is revised in response to comments that the section was too broadly worded as proposed. The revision clarifies that the analyses, procedures, scenarios, and other information described in this section are considered SGI only if they reveal “site-specific details” about the physical protection of the facility or source, byproduct, or special nuclear material. The substitution of “security-related” for “emergency planning” is made to clarify that emergency preparedness plans should remain publicly available, unless a specific emergency preparedness procedure contains information which could potentially need to be protected as SGI. 73.23(a)(3) The phrase “relating to inspections and reports” is changed to “pertaining to safeguards and security inspections and reports.” The words “such as” are changed to “including,” and the word “otherwise” is deleted This paragraph is revised to more precisely define its scope, simplify the revised proposed rule text, and to be consistent with § 73.22(a)(2). 73.23(a)(3)(ii) The phrase “after the investigation has been completed” is changed to “after corrective actions have been completed.” This paragraph is changed to reflect that NRC would release general investigation reports after corrective action has been taken, unless the information is properly withheld under the Freedom of Information Act. Reports of investigation would not be released before corrective action is taken because the reports could be used to exploit security deficiencies. 73.23(a)(4) The phrase “Safeguards Information” is changed to “Safeguards Information—Modified Handling.” The word “defined” is changed to “set forth.” The phrase “Safeguards Information” is changed to “Safeguards Information—Modified Handling” to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirements. 73.23(a)(5) The phrase “Other information” is changed to “Other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended.” The phrase “material or a facility” at the end of the original proposed rule text is changed to “source, byproduct, or special nuclear material or a facility.” This paragraph is changed in response to comments that it was too broadly-worded as proposed. The change makes clear that the Commission retains the authority to issue further orders or regulations requiring the protection of categories of information not described in the regulations, provided the information still falls within the scope of Section 147 of the Atomic Energy Act of 1954, as amended. Start Printed Page 64046 73.23(b) This paragraph has been revised and reorganized in the revised proposed rule. The revised proposed rule adds the requirement that before an individual may be granted access to SGI-M the individual must undergo an FBI criminal history check. The FBI criminal history check is in addition to an established “need to know” and a background check for trustworthiness and reliability This paragraph has been revised in the revised proposed rule to implement Section 652 of the Energy Policy Act of 2005, to clarify the requirements for access to SGI-M, and to make the structure and language this section identical the structure and language of § 73.22(b). Note that pursuant to the Energy Policy Act of 2005, individuals to be granted access to SGI-M would be fingerprinted for purposes of an FBI criminal history check. 73.23(b)(1) The phrase “Safeguards Information” is changed to “Safeguards Information—Modified Handling.” The phrase “a determination of trustworthiness and reliability” is changed to “has undergone a Federal Bureau of Investigation criminal history check using the procedures set forth in § 73.57.” Section 73.23(b)(1) now reads in its entirety: “Except as the Commission may otherwise authorize, no person may have access to Safeguards Information designated as Safeguards Information—Modified Handling unless the person has an established “need to know” for the information and has undergone a Federal Bureau of Investigation criminal history check using the procedures set forth in § 73.57.” The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information—Modified Handling” to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirements. The phrase “and undergo a Federal Bureau of Investigation criminal history check to the extent required by 10 CFR 73.57 before such access” has been added to this paragraph to implement Section 652 of the Energy Policy Act 2005, which amended Section 149 of the AEA. Under the revised proposed rule, an FBI criminal history check, an established “need to know”, and a background check for trustworthiness and reliability would be required to access to SGI. 73.23(b)(2) This section now reads: “In addition, a person to be granted access to SGI must be trustworthy and reliable, based on a background check or other means approved by the Commission.” This paragraph has been revised to clarify that individuals would subject to a background check before they may be granted access to SGI. The determination that an individual is trustworthy and reliable is based upon a background check, or other means approved by the Commission. The requirement of a background check for trustworthiness and reliability is in addition to the FBI criminal history check requirement. The term “background check” is defined in § 73.2. The requirement that individuals undergo a background check to determine their trustworthiness and reliability prior to access to SGI-M was in § 73.23(b)(1)(i) of the original proposed rule. 73.23(b)(3) This section provides that § 73.59 lists the categories of individuals exempt from the criminal history and background check requirements of § 73.23(b)(1)&(2) by virtue of their occupational status. This paragraph is revised to provide that § 73.59 lists the individuals who would be exempt from the FBI criminal history check requirement in § 73.23(b)(1) and the background check for trustworthiness and reliability requirement in § 73.23(b)(2) by virtue of their occupational status. 73.23(b)(4) The following paragraph has been added: “For persons participating in an NRC adjudicatory proceeding other than those specified in § 73.59, the ‘need to know’ determination shall be made by the originator of the Safeguards Information upon receipt of a request for access to the Safeguards Information. Where the information is in the possession of the originator and the NRC staff, whether in its original form or incorporated into another document by the recipient, the NRC staff shall make the determination. In the event of a dispute regarding the ‘need to know’ determination, the presiding officer of the proceeding shall determine whether the ‘need to know’ findings in § 73.2 can be made.” This paragraph was added to clarify when the “need to know” determination would be made and who would determine whether a participant in an NRC adjudicatory proceeding has a “need to know”. 73.23(b)(5) This paragraph was § 73.23(b)(3) in the original proposed rule. The phrase “except as set forth in paragraph (b)(1)” has been deleted and replaced with “except as set forth in this section.” The change to this paragraph is the results from the restructuring of § 73.23(b). 73.23(c)(1) The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information-Modifed Handling.” The phrase “Safeguards Information within alarm stations, continuously manned guard posts or ready rooms need not be locked in a file drawer or cabinet” is changed to “Safeguards Information designated as Safeguards Information-Modifed Handling within alarm stations or rooms continuously occupied by authorized individuals need not be locked in a file drawer or cabinet.” This paragraph is revised to make clear that SGI can be left outside of a locked security storage container if attended by individuals authorized access to SGI. The original proposed rule could have been interpreted to allow unauthorized persons access to SGI. The phrase “Safeguards Information” is changed to “Safeguards Information—Modified Handling” to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirements. Start Printed Page 64047 73.23(c)(2) The phrase “Safeguards Information” is changed to “Safeguards Information—Modified Handling.” The word “may” is changed to “shall.” The phrase “Safeguards Information” is changed to “Safeguards Information—Modified Handling” to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirements. The word “shall” is replacing “may” because it is a requirement that locked file drawers or cabinets do not identify contents as SGI-M. 73.23(d)(1) The phrase “must be marked ‘SGI-Modified Handling’ ” is changed to “must be marked to indicate the presence of Safeguards Information with modified handling requirements.” The phrase “to indicate the presence of protected information” is deleted from the end of the first sentence. The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information—Modified Handling.” This paragraph is revised in response to comments that the proposed document-marking language was too prescriptive. The changes are intended to allow more flexibility in document marking. The phrase “Safeguards Information” is changed to “Safeguards Information—Modified Handling” to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirements. 73.23(d)(1)(i) The second appearance of the phrase “safeguards information” is deleted. The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information—Modified Handling.” The word “designation” is changed to “determination.” The phrase “Safeguards Information” is changed to “Safeguards Information—Modified Handling” to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirements. The word “designation” was changed to “determination” to conform § 73.23(d)(1)(i) to §73.22(d)(1)(i). The second reference to safeguards information is removed because it was redundant. 73.23(d)(1)(iii) The word “would” is changed to “will” The word “would” is changed to “will.” 73.23(d)(2) The phrase “In addition to the ‘SGI-Modified Handling’ markings” is changed to “In addition to the markings.” The phrase “transmittal letter or memoranda” is changed to “any transmittal letters or memoranda to or from the NRC,” “e.g.” is changed to “i.e.,” and “must” is changed to “shall.” The phrase “Safeguards Information” is changed to “Safeguard Information designated as Safeguards Information—Modified Handling.” The word “document” is added after “transmittal.” This paragraph is revised in response to comments that the proposed language was too prescriptive. The changes are intended to allow more flexibility in document marking. The phrase “Safeguards Information” is changed to “Safeguards Information—Modified Handling” to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirements. The word “document” was added to conform this paragraph to § 73.22(d)(2). 73.23(d)(3) The phrase “Portion marking of document or other information is required for correspondence to and from the NRC” is changed to “Portion marking is required only for correspondence to and from the NRC (i.e., cover letters, but not attachments) that contains Safeguards Information—Modified Handling.” The last sentence of the original proposed rule text is deleted. The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information—Modified Handling.” The word “transmittal” is added before “document.” This paragraph is revised in response to comments seeking clarification of which documents require portion marking. The intent of the revised section is to require portion marking only for cover letters and similar documents that transmit correspondence to or from the NRC. Attachments to the transmittal document do not need to be portion marked. This requirement would enable the NRC to better identify some of its security-related regulatory activities to the public because it will be administratively easier to redact and disclose portion-marked transmittal documents. The phrase “Safeguards Information” is changed to “Safeguards Information—Modified Handling” to better distinguish between these levels of Safeguards Information, which require different marking, storage, and handling requirements. 73.23(d)(4) This paragraph did not appear in the original proposed rule and is added to parallel the requirement in § 73.22(d)(4). This paragraph did not appear in the original proposed rule and is added to parallel the requirement in § 73.22(d)(4). This paragraph is added to parallel the requirement in § 73.22(d)(4) that documents be marked with some minimum level of consistency. Consistency in document marking is important to ensure ready and proper identification of SGI, as well as consistent handling. 73.23(e) The phrase “If Safeguards Information is reproduced on a digital copier that would retain Safeguards Information in its memory, then the copier may not be connected to a network” is changed to “Equipment used to reproduce Safeguards Information designated as Safeguards Information-Modified Handling must be evaluated to ensure that unauthorized individuals cannot access the information (e.g., unauthorized individuals cannot access SGI by gaining access to retained memory or network connectivity).” The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information-Modified Handling.” This paragraph is revised to provide more general instructions on reproduction of SGI. The original proposed paragraph limited the instructions to digital copiers. The revision applies a performance-based standard to any equipment used to reproduce SGI. The phrase “Safeguards Information” is changed to “Safeguards Information-Modified Handling” to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirements. 73.23(f)(1) The phrase “Safeguards Information” and “SGI—Modified Handling” are changed to “Safeguards Information designated as Safeguards Information-Modified Handling.” The phrase “Safeguards Information” is changed to “Safeguards Information-Modified Handling” to better distinguish between these levels of safeguards information, which would require different marking, storage, and handling requirements. Start Printed Page 64048 73.23(f)(2) The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information-Modified Handling.” The words “nationwide overnight” are deleted The phrase “Safeguards Information” is changed to “Safeguards Information-Modified Handling” to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirements. The removal of the words “nationwide overnight” indicates that commercial delivery companies transporting SGI-M would not have to provide nationwide overnight service. SGI-M may be transported by trusted, local carriers, so long as the carrier has computer tracking capabilities. 73.23(f)(3) The words “or later” are added after “Federal Information Processing Standard [FIPS] 140-2.” The phrase “respond to a security event” is changed to “respond to a security contingency event.” The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information-Modified Handling.” The paragraph is reworded slightly for clarification. The phrase “safeguards or security event” is changed to “security contingency event” to emphasize that the requirement is security-related, and to maintain consistency with other regulatory provisions. The phrase “or later” is added to clarify that encryption technology that meets future Federal Information Processing Standards will be acceptable. The phrase “Safeguards Information” is changed to “Safeguards Information-Modified Handling” to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirement. 73.23(g)(1) The phrase “Each file containing Safeguards Information” is changed to “Safeguards Information files.” The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information-Modified Handling.” The second sentence is edited to be more concise. The phrase “Safeguards Information” is changed to “Safeguards Information-Modified Handling” to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirements. 73.23(g)(2) The phrase “files shall be properly labeled as ‘SGI-Modified Handling’ ” is changed to “files shall be properly labeled to indicate the presence of Safeguards Information with modified handling requirements.” The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information-Modified Handling.” This paragraph is revised in response to comments that the proposed language was too prescriptive. The changes are intended to allow more flexibility in document marking. The phrase “Safeguards Information” is changed to “Safeguards Information-Modified Handling” to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirements. 73.23(g)(3) The word “automated” is deleted. The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information-Modified Handling.” The word “automated” unnecessarily appeared in the original proposed rule and is deleted. The phrase “Safeguards Information” is changed to “Safeguards Inforation-Modified Handling” to better distinguish between these levels of safeguards information, which would require different marking, storage, and handling requirements. 73.23(h) The word “must” in the last sentence is changed to “shall.” The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information-Modified Handling.” The word “must” is changed to “shall” to be consistent with § 73.22(h). The phrase “Safeguards Information” is changed to “Safeguards Information-Modified Handling” to better distinguish between these levels of safeguards information, which require different marking, storage, and handling requirements. 73.23(i) The phrase “tearing into small pieces” is deleted from the second sentence. The third sentence is changed from “Piece sizes one half inch or smaller composed of several pages or documents and thoroughly mixed would be considered completely destroyed” to “Piece sizes no wider than one quarter inch composed of several pages or documents and thoroughly mixed are considered completely destroyed.” The phrase “Safeguards Information” is changed to “Safeguards Information designated as Safeguards Information-Modifed Handling.” This paragraph is revised to eliminate redundant language and to clarify that document destruction results in piece sizes no wider than one-quarter inch, thoroughly mixed. The phrase “Safeguards Information” is changed to “Safeguards Information-Modified Handling” to better distinguish between these levels of Safeguards Information, which require different marking, storage, and handling requirements. 73.37(f)(2)(iv) This section is revised to read “A statement that the information described below in § 73.37(f)(3) is required by NRC regulations to be protected in accordance with the requirements of §§ 73.21 and 73.22.” This change conforms cross-references in part 73 with the revised proposed rule. 73.37(f)(3)(iii) This section is revised to read “For the case of a single shipment whose schedule is not related to the schedule of any subsequent shipment, a statement that schedule information must be protected in accordance with the provisions of §§ 73.21 and 73.22 until at least 10 days after the shipment has entered or originated within the State.” This change conforms cross-references in part 73 with the revised proposed rule. Start Printed Page 64049 73.37(f)(3)(iv) This section is revised to read “For the case of a shipment in a series of shipments whose schedules are related, a statement that schedule information must be protected in accordance with the provisions of §§ 73.21 and 73.22 until 10 days after the last shipment in the series has entered or originated within the State and an estimate of the date on which the last shipment in the series will enter or originate within the State.” This change conforms cross-references in part 73 with the revised proposed rule. 73.37(g) This section is revised to read “State officials, State employees, and other individuals, whether or not licensees of the Commission, who receive schedule information of the kind specified in § 73.37(f)(3) shall protect that information against unauthorized disclosure as specified in §§ 73.21 and 73.22.” This change conforms cross-references in part 73 with the revised proposed rule. 73.57 The revised proposed rule would revise the title of this section to read “Requirements for criminal history checks of individuals granted unescorted access to a nuclear power facility or access to Safeguards Information.” The title of this section would be changed to reflect application of the criminal history check requirement, including fingerprinting, to employees of entities engaged in an activity subject to regulation by the Commission and entities who have provided written notice to the Commission of intent to file an application for licensing, certification, permitting, or approval of a product subject to regulation by the Commission. This change implements the Energy Policy Act of 2005. 73.57(a)(1) The revised proposed rule adds the phrase “or to engage in an activity subject to regulation by the Commission” to existing § 73.57(a)(1) The original proposed rule has been revised to implement the Energy Policy Act of 2005's requirement that all individuals with access to Safeguards Information undergo an FBI criminal history check, including fingerprinting. 73.57(a)(2) The revised proposed rule adds the phrase “to engage in an activity subject to regulation by the Commission, as well as each entity who has provided written notice to the Commission of intent to file an application for licensing, certification, permitting, or approval of a product subject to regulation by the Commission” to existing § 73.57(a)(2) The original proposed rule has been revised to implement the Energy Policy Act of 2005's requirement that all individuals with access to Safeguards Information undergo an FBI criminal history check, including fingerprinting. 73.57(b)(2)(i) The revised proposed rule deletes the phrase “or for access to Safeguards Information.” It adds a reference to § 73.23 The phrase “or access to Safeguards Information” was deleted so that this paragraph would only address individuals exempt from § 73.57(b) for purposes of unescorted access to nuclear power facilities. 73.57(b)(2)(ii) The revised proposed rule revises the list of individuals exempt from § 73.57(b)(1). The phrase “Employees of other agencies of the United States Government” is changed to “An employee of the Commission or the Executive Branch of the United States Government.” The phrase “the Governor of a State or his or her designated employee representatives” is changed to “The Governor of a State or his or her designated State employee representative.” The revised proposed rule adds “Representatives of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement who have been certified by the NRC,” “Federal, State or local law enforcement personnel,” “State Radiation Control Program Directors and State Homeland Security Advisors or their designated State employee representatives,” and “Any agent, contractor, or consultant of aforementioned persons who has undergone equivalent criminal history and background checks” to the list of individuals exempt from § 73.57(b)(1). The revised proposed rule deletes “individuals to whom disclosure is ordered pursuant to § 2.709(f)” from the list The list of individuals exempt from the requirements of § 73.57(b) for purposes of access to SGI has been revised to be consistent with the list of individuals exempt from the criminal history and background check requirements for access to SGI in §§ 73.22(b)(3) and 73.23(b)(3). Consistent with the statement of considerations accompanying § 73.57 when it was first promulgated (52 FR 6310; (March 2, 1987)), the list of exempt individuals continues to be limited to individuals who have undergone the same or similar criminal history and background checks as a condition of employment or who have been certified by the NRC. Start Printed Page 64050 73.57(e)(3) The following paragraph has been added: “In addition to the right to obtain records from the FBI in paragraph (e)(1) of this section and the right to initiate challenge procedures inparagraph (e)(2) of this section, an individual participating in an NRC adjudication and seeking to obtain SGI for use in that adjudication may appeal a final adverse determination by the NRC Office of Administration to the Presiding Officer of the proceeding. Potential witnesses, participants without attorneys, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request that the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the Presiding Officer of the proceeding to review the adverse determination.” This paragraph makes clear that an individual participating in an NRC adjudication and seeking access to SGI for use in the adjudication, may appeal to the presiding officer a final adverse determination by the NRC Office of Administration on the individual's trustworthiness and reliability. 73.59 The title of this section is changed to: “Relief from fingerprinting, identification and criminal history records checks and background checks for designated categories of individuals.” The changes in the title of this section is needed because of changes in the text to broaden its scope to include relief from the requirements for background checks. The recently promulgated § 73.59 did not relieve the specified categories of individuals from background checks because no requirement to perform background checks prior to granting access to SGI currently existed. Thus, no relief was needed. Relieving these categories of individuals from the fingerprinting requirements while at the same time subjecting them to background checks would not be consistent with the underlying premise that these categories of individuals are trustworthy and reliable by virtue of their occupational status. In addition, § 73.59(a) would be deleted in its entirety, including the definition of SGI. The remainder of the section is redesignated to comply with Office of the Federal Register requirements Section 73.59(a) is being deleted in its entirety because that definition of SGI is captured in 10 CFR § 73.2. Instead, a cross-reference to the definition of SGI (and SGI-M) in § 73.2 is made. including SGI-M within the scope of § 73.59 is necessary is necessary to be consistent with the structure of the rest of the proposed SGI rule, which refers to both SGI and SGI-M. Section 73.59(d) is new and adds as a category of individuals: “The Comptroller General or an employee of the Government Accountability Office who has undergone fingerprinting for a prior U.S. Government criminal history check.” Section 73.59(d) is added because the Commission has determined to grant relief under § 73.59 for the Comptroller General or an employee of the Government Accountability Office who has undergone fingerprinting for a prior U.S. Government criminal history check. Section 73.59(f) would be revised to refer to both Safeguards Information and Safeguards Information designated as Safeguards Information-Modified Handling (SGI-M) This revision is necessary to reflect the change in terminology in the FRN clarifying that SGI-M is Safeguards Information. Section 73.59(k) is also new and would exempt “Any agent, contractor, or consultant of the * * * persons who have undergone the equivalent criminal history and background checks to those required by 10 CFR §§ 73.22(b) or 73.23(b).” New § 73.59(k) carries over into the new proposed rule the category of individuals described in former proposed §§ 73.22(b)(3)(vii) and 73.23(b)(3)(vii). 10 CFR part 73 Appendix I A new Appendix I is added that defines the quantities of concern described in the revised proposed rule In response to comments, the Commission has included a table of radionuclides and quantities that establishes the “quantities of concern” referenced in this revised proposed rule. The table is based on International Atomic Energy Agency recommendation in its Code of Conduct on the Safety and Security of Radioactive Sources, and has been used to determine the types and quantities of materials that warrant additional security requirements, some of which have already been issued by order. Other protective measures are under development based in part on the threshold quantities established in this table. Radium-226 is being added to the listing of radionuclides Section 651(e) of the Energy Policy Act of 2005 amended Section 11e. of the Atomic Energy Act of 1954 to include in the definition of byproduct material “any discrete source of radium-226 that is produced, extracted, or converted after extraction, before, on, or after the date of enactment of this paragraph for use for a commercial, medical, or research activity.” Start Printed Page 64051 76.113(c) The phrase “and parts 25 and 95 of this chapter” is added to the end of the first sentence. The second sentence reads: “Information designated by the U.S. Department of Energy (DOE) as Unclassified Controlled Nuclear Information must be protected in accordance with DOE requirements In response to public comment, this paragraph has been revised. As revised, Unclassified Controlled Nuclear Information would be protected in accordance with DOE requirements. 150.15(a)(9) A cross-reference to § 73.22 and the phrase “as applicable” are added A cross-reference to § 73.22 and the words “as applicable” are added for completeness. D. Request for Specific Comment
A background check, which would contain as an element, a criminal history check (including fingerprinting), is necessary for access to SGI, in all circumstances, unless specifically exempt in accordance with the concepts in § 73.22(b)(3) and § 73.23(b)(3). Those provisions contain cross-reference to § 73.59, which describes categories of individuals who are exempt from the criminal history check and background check requirements by virtue of their occupational status. These exemptions are authorized by section 149(a)(4)(B) of the AEA, under which the Commission may, by rule, exempt or relieve individuals from the fingerprinting, identification, and criminal history check requirements. The exercise of such authority pursuant to section 149(a)(4)(B) requires a finding by the Commission that such action is consistent with its obligations to promote the common defense and security and to protect the health and safety of the public.” In the final rule promulgating § 73.59, the Commission made the required finding. The Commission is specifically seeking comment on the appropriateness of these revised provisions, as they apply to various categories of individuals.
V. Criminal Penalties
For the purpose of Section 223 of the Atomic Energy Act (AEA), the Commission is proposing to amend 10 CFR parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76, and 150 under one or more of Sections 147, 161b., 161i., or 161o. of the AEA. Willful violations of the revised proposed rule would be subject to criminal enforcement.
VI. Agreement State Issues
The rule proposes changes to parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76, and 150 would be considered to be Category NRC compatibility and therefore are areas of exclusive NRC authority. Nonetheless, the original proposed rule was provided to the Agreement States for their review and comment prior to its publication of draft rule text on the NRC Web site and the publication of the rule in the Federal Register. Agreement States had an opportunity to review the revised proposed rule prior to publication.
The Agreement States of Illinois and Washington commented on the original proposed rule prior to publication in the Federal Register. Both states expressed concern about the breadth of rule text reflecting the Commission's authority to prohibit the unauthorized disclosure of SGI relating to such quantities of special nuclear material, source, and byproduct material as the Commission determines to be significant to the public health and safety or the common defense and security. In response to this concern, the Commission notes that it needs such broad authority to adequately protect SGI, and Section 147 of the AEA provides such authority to the Commission. The Commission has, however, modified certain aspects of the revised proposed rule, e.g. the definition of SGI, to more closely track the language in Section 147 of the AEA.
An agency of the State of New York commented on the original proposed rule and asserted that the Commission lacks the statutory authority to impose regulations for the protection of SGI pertaining to Agreement State licensees. According to these comments, the term “licensee's or “applicant's” [detailed information] in Section 147 cannot be construed as inclusive of State licensees or applicants. As explained previously in response to specific comments, the Commission does not agree with this commenter's interpretation of Section 147.
VII. Voluntary Consensus Standards
The National Technology Transfer Act of 1995 (Pub. L. 104-113), requires that Federal agencies use technical standards that are developed or adopted by voluntary consensus standards bodies unless the use of such a standard is inconsistent with applicable law or otherwise impractical. In this revised proposed rule, the NRC is using the following Government-unique standard: National Institute of Standards and Technology, Federal Information Processing Standard [FIPS] PUB-140-2, “Security Requirements for Cryptographic Modules,” May 25, 2001. The NRC has determined that using this Government-unique standard is justified because no voluntary consensus standard has been identified that could be used instead. In addition, this Government-unique standard was developed using the same procedures used to create a voluntary consensus standard.
VIII. Finding of No Significant Impact: Environmental Assessment
The Commission has determined under the National Environmental Policy Act of 1969, as amended, and the Commission's regulations in subpart A of 10 CFR part 51, that this revised proposed rule, if adopted, would not constitute a major Federal action significantly affecting the quality of the human environment and, therefore, an environmental impact statement is not required. The basis for this determination is that the revised proposed rule relates to the designation, handling and protection of SGI and the collection of information on which a determination to grant individuals access to this information is based. The determination of this environmental assessment is that there would be no significant environmental impacts from this action.
The NRC has sent a copy of the environmental assessment and the revised proposed rule to every State Liaison Officer and requested comments on the environmental assessment. No State provided comments on the draft environmental assessment.
IX. Paperwork Reduction Act Statement
This proposed rule amends information collection requirements that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). This rule has been submitted to the Start Printed Page 64052Office of Management and Budget for review and approval of the information collection requirements.
Type of submission, new or revision: Revision.
The title of the information collection: 10 CFR part 73, “Protection of Safeguards Information.”
The form number if applicable: Not applicable.
How often the collection is required: On occasion. Any person (including an individual) or entity who is permitted access to SGI or Safeguards Information designated for modified handling (SGI-M) must undergo a background check, including fingerprinting, to establish trustworthiness and reliability. That determination is valid for a 5-year period. Licensees must mark and protect SGI or SGI-M information from unauthorized disclosure on a continuous basis.
Who will be required or asked to report: Persons (including individuals) or entities who are licensed, certified, or permitted to engage in an activity subject to regulation by the Commission, including utilization facilities; vendors; individuals who have filed an application for a license or certificate to engage in Commission-regulated activities; and individuals who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission.
An estimate of the number of annual responses: 485.
The estimated number of annual respondents: 485.
An estimate of the total number of hours needed annually to complete the requirement or request: 4,741 (9.78 hours per recordkeeper).
Abstract: The NRC is proposing to amend its regulations for the protection of Safeguards Information (SGI) and add requirements for Safeguards Information for modified handling (SGI-M) to protect SGI and SGI-M from inadvertent release and unauthorized disclosure which might compromise the security of nuclear facilities and materials. The proposed amendments would affect certain licensees, information, and materials not currently subject to SGI regulations, but which are within the scope of Commission authority under the Atomic Energy Act of 1954, as amended (AEA). The NRC originally published the proposed rule in the Federal Register on February 11, 2005 (70 FR 7196). The NRC is again publishing the proposed rule on SGI in order to allow the public to comment on changes to the rule text. These changes are in response to public comments and amendments to the AEA in the Energy Policy Act of 2005 (EPAct) and Commission Orders issued to licensees authorized to possess and transfer items containing certain quantities of radioactive material.
The U.S. Nuclear Regulatory Commission is seeking public comment on the potential impact of the information collections contained in this proposed rule and on the following issues:
1. Is the proposed information collection necessary for the proper performance of the functions of the NRC, including whether the information will have practical utility?
2. Is the estimate of burden accurate?
3. Is there a way to enhance the quality, utility, and clarity of the information to be collected?
4. How can the burden of the information collection be minimized, including the use of automated collection techniques?
A copy of the OMB clearance package may be viewed free of charge at the NRC Public Document Room, One White Flint North, 11555 Rockville Pike, Room O-1 F21, Rockville, MD 20852. The OMB clearance package and rule are available at the NRC worldwide Web site: http://www.nrc.gov/public-involve/doc-comment/omb/index.html for 60 days after the signature date of this notice and are also available at the RuleForum site, http://ruleforum.llnl.gov.
Send comments on any aspect of these proposed information collections, including suggestions for reducing the burden and on the above issues, by November 30, 2006 to the Records and FOIA/Privacy Services Branch (T-5 F52), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by Internet electronic mail to INFOCOLLECTS@NRC.GOV and to the Desk Officer, John A. Asalone, Office of Information and Regulatory Affairs, NEOB-10202, (3150-0002), Office of Management and Budget, Washington, DC 20503. Comments received after this date will be considered if it is practical to do so, but assurance of consideration cannot be given to comments received after this date. You may also e-mail comments to John_A._Asalone@omb.eop.gov or comment by telephone at (202) 395-4650.
Public Protection Notification
The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid OMB control number.
X. Regulatory Analysis
The Commission has prepared a revised regulatory analysis on this revised proposed rule. The revised analysis examines the costs and benefits of the alternatives considered by the Commission. The revised regulatory analysis is available for inspection in the NRC Public Document Room, 11555 Rockville Pike, Rockville, MD 20852. The revised regulatory analysis is also available electronically via the NRC rulemaking Web site at http://ruleforum.llnl.gov. Single copies of the revised analysis may be obtained from the Office of the General Counsel, U.S. Nuclear Regulatory Commission, at 301-415-1633 or by e-mail at mur@nrc.gov.
XI. Regulatory Flexibility Certification
In accordance with the Regulatory Flexibility Act of 1980, 5 U.S.C. 605(b), the NRC has determined that this rule, if adopted, would not have a significant economic impact upon a substantial number of small entities. The NRC estimates that the proposed regulation will affect approximately 152 NRC licensees, 87 Agreement State licensees, 200 State contacts, and 29 applicants for licenses. The NRC estimates that small businesses as defined by 10 CFR 2.810 comprise less than 1 percent of the total number of NRC licensees and state contacts affected by this regulation. The NRC does not have information on the small business status of the Agreement State licensees or applicants for NRC and Agreement State licenses affected by this regulation, therefore, in its February 11, 2005 original proposed rule and the regulatory analysis developed in support of the original proposed rule, the NRC requested public comments on the impact of the original proposed rule on small businesses. No comments were received. In the absence of information on the small business status of the Agreement State licensees and applicants for NRC and Agreement State licenses affected by this regulation and based on the small proportion of NRC licensees that qualify as small entities, the NRC estimates that the number of small entities among these licensees is also less than 1 percent. For a small entity, the implementation burden imposed by the regulation is estimated to be 41.8 hours, and the annual burden is estimated to be 3.5 hours.
The potential benefits of preventing disclosure of SGI by unauthorized persons would significantly outweigh the economic impact on small licensees. Start Printed Page 64053
XII. Backfit Analysis
The Commission has concluded, on the basis of the documented evaluation in the revised regulatory analysis, that the majority of the requirements in the revised proposed rule would not be backfits as defined in 10 CFR 50.109(a)(4)(ii), 70.76(a)(4)(iii), 72.62, and 76.76(a)(4)(ii). The Commission has also concluded that the requirements in the rule that would constitute backfits are necessary to ensure insure that the facilities and materials described in the rule provide adequate protection to the public health and safety and are in accord with the common defense and security, as applicable. Therefore, a backfit analysis is not required and the cost-benefit standards of 10 CFR 50.109(a)(3), 70.76, 72.62, and 76.76, do not apply. The documented evaluation in the revised regulatory analysis includes a statement of the objectives of and the reasons for the backfits that would be required by the revised proposed rule and sets forth the Commission's conclusion that these backfits are not subject to the cost-benefit standards of 10 CFR 50.109(a)(3), 70.76, 72.62, and 76.76.
Start List of SubjectsList of Subjects
10 CFR Part 2
- Administrative practice and procedure
- Antitrust
- Byproduct material
- Classified information
- Environmental protection
- Nuclear materials
- Nuclear power plants and reactors
- Penalties
- Sex discrimination
- Source material
- Special nuclear material
- Waste treatment and disposal
10 CFR Part 30
- Byproduct material
- Criminal penalties
- Government contracts
- Intergovernmental relations
- Isotopes
- Nuclear materials
- Radiation protection
- Reporting and recordkeeping requirements
10 CFR Part 40
- Criminal penalties
- Government contracts
- Hazardous materials transportation
- Nuclear materials
- Reporting and recordkeeping requirements
- Source material
- Uranium
10 CFR Part 50
- Antitrust
- Classified information
- Criminal penalties
- Fire protection
- Intergovernmental relations
- Nuclear power plants and reactors
- Radiation protection
- Reactor siting criteria
- Reporting and recordkeeping requirements
10 CFR Part 52
- Administrative practice and procedure
- Antitrust
- Backfitting
- Combined license
- Early site permit
- Emergency planning
- Fees
- Inspection
- Limited work authorization
- Nuclear power plants and reactors
- Probabilistic risk assessment
- Prototype
- Reactor siting criteria
- Redress of site
- Reporting and recordkeeping requirements
- Standard design
- Standard design certification
10 CFR Part 60
- Criminal penalties
- High-level waste
- Nuclear materials
- Nuclear power plants and reactors
- Reporting and recordkeeping requirements
- Waste treatment and disposal
10 CFR Part 63
- Criminal penalties
- High-level waste
- Nuclear power plants and reactors
- Reporting and recordkeeping requirements
- Waste treatment and disposal
10 CFR Part 70
- Criminal penalties
- Hazardous materials transportation
- Material control and accounting
- Nuclear materials
- Packaging and containers
- Radiation protection
- Reporting and recordkeeping requirements
- Scientific equipment
- Security measures
- Special nuclear material
10 CFR Part 71
- Criminal penalties
- Hazardous materials transportation
- Nuclear materials
- Packaging and containers
- Reporting and recordkeeping requirements
10 CFR Part 72
- Administrative practice and procedure
- Criminal penalties
- Manpower training programs
- Nuclear materials
- Occupational safety and health
- Penalties
- Radiation protection
- Reporting and recordkeeping requirements
- Security measures
- Spent fuel
- Whistleblowing
10 CFR Part 73
- Criminal penalties
- Export
- Hazardous materials transportation
- Import
- Nuclear materials
- Nuclear power plants and reactors
- Reporting and recordkeeping requirements
- Security measures
10 CFR Part 76
- Certification
- Criminal penalties
- Radiation protection
- Reporting and record keeping requirements
- Security measures
- Special nuclear material
- Uranium enrichment by gaseous diffusion
10 CFR Part 150
- Criminal penalties
- Hazardous materials transportation
- Intergovernmental relations
- Nuclear materials
- Reporting and recordkeeping requirements
- Security measures
- Source material
- Special nuclear material
For the reasons set out in the preamble and under the authority of the Atomic Energy Act of 1954, as amended; the Energy Reorganization Act of 1974, as amended; and 5 U.S.C. 553; the NRC is proposing to adopt the following amendments to 10 CFR parts 2, 30, 40, 50, 52, 60, 63, 70, 71, 72, 73, 76 and 150.
Start PartPART 2—RULES OF PRACTICE FOR DOMESTIC LICENSING PROCEEDINGS AND ISSUANCE OF ORDERS
1. The authority citation for part 2 is revised to read as follows:
2. In § 2.4, a new definition for Safeguards Information is added in alphabetical order to read as follows:
Definitions.* * * * *Safeguards Information means information not classified as National Security Information or Restricted Data which specifically identifies a licensee's or applicant's detailed control and accounting procedures for the physical protection of special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; detailed security measures (including security plans, procedures, and equipment) for the physical protection of source, byproduct, or special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; security measures for the physical protection and location of certain plant equipment vital to the safety of production or utilization facilities; and any other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, the unauthorized disclosure of which, as determined by the Commission through order or regulation, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of sabotage or theft or diversion of source, byproduct, or special nuclear material.
* * * * *3. In § 2.336, paragraph (f) is redesignated as (g), and a new paragraph (f) is added to read as follows:
General discovery.* * * * *(f)(1) In the event of a dispute over disclosure of documents and records including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act, as amended, the presiding officer may issue an order requiring disclosure if—
(i) The presiding officer finds that the individual seeking access to Safeguards Information to participate in an NRC adjudication has the requisite “need to know”, as defined in § 73.2;
(ii) The individual has undergone an FBI criminal history check, unless exempt under §§ 73.22(b)(3) or 73.23(b)(3), as applicable, by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington D.C. 20555-0001, and otherwise following the procedures in § 73.57(d) for submitting and processing of fingerprints. However, before an adverse determination by the NRC Office of Administration on an individual's criminal history check, the individual shall be afforded the protections provided by § 73.57; and
(iii) The NRC Office of Administration has found, based upon a background check, that the individual is trustworthy and reliable, unless exempt under §§ 73.22(b)(3) or 73.23(b)(3), as applicable. However, before an adverse determination on an individual's background check for trustworthiness and reliability, the individual shall be afforded the protections provided by § 73.57.
(iv) Participants, potential witnesses, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request the presiding officer to review the adverse determination. The request may also seek to have the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the presiding officer. The request must be filed within 15 days after receipt of the adverse determination by the person against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination.
(2) The presiding officer may include in an order any protective terms and conditions (including affidavits of non-disclosure) as may be necessary and appropriate to limit the disclosure to parties in the proceeding, to interested States and other governmental entities participating under § 2.315(c), and to their qualified witnesses and counsel.
(3) When Safeguards Information protected from unauthorized disclosure under Section 147 of the Atomic Energy Act, as amended, is received and possessed by a participant other than the NRC staff, it must also be protected according to the requirements of § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable.
(4) The presiding officer may also prescribe additional procedures to effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved.
(5) In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, may be subject to a civil penalty imposed under § 2.205.
(6) For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act, as amended, any order issued pursuant to this paragraph with respect to Safeguards Information is considered to be an order issued under Section 161b. of the Atomic Energy Act.
* * * * *4. In § 2.705, paragraph (c)(2) is revised and new paragraphs (c)(3) through (7) are added to read as follows:
Discovery-additional methods.* * * * *(c) * * *
(2) In the case of documents and records including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act, as amended, the presiding officer may issue an order requiring disclosure if—
(i) The presiding officer finds that the individual seeking access to Safeguards Information in order to participate in an NRC proceeding has the requisite “need to know”, as defined in § 73.2;
(ii) The individual has undergone an FBI criminal history check, unless exempt under §§ 73.22(b)(3) or 73.23(b)(3), as applicable by submitting fingerprints to the NRC Office of Administration, Security Processing Start Printed Page 64055Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington DC 20555-0001, and otherwise following the procedures in § 73.57(d) for submitting and processing fingerprints. However, before an adverse determination on an individual's criminal history check by the NRC Office of Administration, the individual shall be afforded the protections of § 73.57; and
(iii) The NRC Office of Administration has found, based upon a background check, that the individual is trustworthy and reliable, unless exempt under §§ 73.22(b)(3) or 73.23(b)(3). However, before an adverse determination on an individual's background check for trustworthiness and reliability, the individual shall be afforded the protections of § 73.57.
(iv) Participants, potential witnesses, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request the presiding officer to review the adverse determination. The request may also seek to have the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the presiding officer. The request must be filed within 15 days after receipt of the adverse determination by the person against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination.
(3) The presiding officer may include in an order any protective terms and conditions (including affidavits of non-disclosure) as may be necessary and appropriate to limit the disclosure to parties in the proceeding, to interested States and other governmental entities participating under § 2.315(c), and to their qualified witnesses and counsel.
(4) When Safeguards Information protected from unauthorized disclosure under Section 147 of the Atomic Energy Act, as amended, is received and possessed by a participant other than the NRC staff, it must also be protected according to the requirements of § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable.
(5) The presiding officer may also prescribe additional procedures to effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved.
(6) In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, may be subject to a civil penalty imposed under § 2.205.
(7) For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act, as amended, any order issued pursuant to this paragraph with respect to Safeguards Information is considered to be an order issued under Section 161b. of the Atomic Energy Act.
* * * * *5. In § 2.709, paragraph (f) is revised to read as follows:
Discovery against NRC staff.* * * * *(f) (1) In the case of requested documents and records (including Safeguards Information referred to in Sections 147 and 181 of the Atomic Energy Act, as amended) exempt from disclosure under § 2.390, the presiding officer may issue an order requiring disclosure to the Executive Director for Operations or a delegate of the Executive Director for Operations, to produce the document or records (or any other order issued ordering production of the document or records) if—
(i) The presiding officer finds that the individual seeking access to Safeguards Information to participate in an NRC adjudication has the requisite “need to know”, as defined in § 73.2;
(ii) The individual has undergone an FBI criminal history check, unless exempt under §§ 73.22(b)(3) or 73.23(b)(3), by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington DC 20555-0001, and otherwise following the procedures in § 73.57(d) for submitting and processing fingerprints. However, before an adverse determination by the NRC Office of Administration on an individual's criminal history check, the individual shall be afforded the protections of § 73.57; and
(iii) The NRC Office of Administration finds, based on a background check, that the individual is trustworthy and reliable, unless exempt under §§ 73.22(b)(3) or 73.23(b)(3), as applicable. However, before an adverse determination by the NRC Office of Administration on an individual's background check for trustworthiness and reliability, the individual shall be afforded the protections of § 73.57.
(iv) Participants, potential witnesses, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request the presiding officer to review the adverse determination. The request may also seek to have the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the presiding officer. The request must be filed within 15 days after receipt of the adverse determination by the person against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination.
(2) The presiding office may include in an order any protective terms and Start Printed Page 64056conditions (including affidavits of non-disclosure) as may be necessary and appropriate to limit the disclosure to parties in the proceeding, to interested States and other governmental entities participating under § 2.315(c), and to their qualified witnesses and counsel.
(3) When Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, is received and possessed by a participant other than the NRC staff, it must also be protected according to the requirements of § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable.
(4) The presiding officer may also prescribe additional procedures to effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved.
(5) In addition to any other sanction that may be imposed by the presiding officer for violation of an order issued pursuant to this paragraph, violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act, as amended, may be subject to a civil penalty imposed under § 2.205.
(6) For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act, as amended, any order issued pursuant to this paragraph with respect to Safeguards Information is considered to be an order issued under Section 161b. of the Atomic Energy Act.
* * * * *6. In § 2.1003, paragraph (a)(4)(iii) is revised to read as follows:
Availability of material.(a) * * *
(4) * * *
(iii) Which constitutes Safeguards Information under § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable.
* * * * *7. In § 2.1010, paragraph (b)(6) is revised to read as follows:
Pre-License application presiding officer.* * * * *(b) * * *
(6) Whether the material should be disclosed under a protective order containing such protective terms and conditions (including affidavits of nondisclosure) as may be necessary and appropriate to limit the disclosure to potential parties, interested governmental participants, and parties in the proceeding, or to their qualified witnesses and counsel.
(i) The Pre-License Application Presiding Officer may issue an order requiring disclosure of Safeguards Information if—
(A) The Pre-License Application Presiding Officer finds that the individual seeking access to Safeguards Information in order to participate in an NRC adjudication has the requisite “need to know”, as defined in § 73.2;
(B) The individual has undergone an FBI criminal history check, unless exempt under §§ 73.22(b)(3) or 73.23(b)(3), as applicable by submitting fingerprints to the NRC Office of Administration, Security Processing Unit, Mail Stop T-6E46, U.S. Nuclear Regulatory Commission, Washington DC 20555-0001, and otherwise following the procedures in § 73.57(d) for submitting and processing fingerprints. However, before an adverse determination by the NRC Office of Administration on an individual's criminal history, the individual shall be afforded the protections of § 73.57; and
(C) A finding by the NRC Office of Administration, based on a background check, that the individual is trustworthy and reliable, unless exempt under §§ 73.22(b)(3) or 73.23(b)(3), as applicable. However, before an adverse determination by the NRC Office of Administration on an individual's background check for trustworthiness and reliability, the individual shall be afforded the protections on § 73.57.
(D) Participants, potential witnesses, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request the presiding officer to review the adverse determination. The request may also seek to have the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the adverse determination. For purposes of review, the adverse determination must be in writing and set forth the grounds for the determination. The request for review shall be served on the NRC staff and may include additional information for review by the presiding officer. The request must be filed within 15 days after receipt of the adverse determination by the person against whom the adverse determination has been made. Within 10 days of receipt of the request for review and any additional information, the NRC staff will file a response indicating whether the request and additional information has caused the NRC Office of Administration to reverse its adverse determination. The presiding officer may reverse the Office of Administration's final adverse determination only if the officer finds, based on all the information submitted, that the adverse determination constitutes an abuse of discretion. The presiding officer's decision must be rendered within 15 days after receipt of the staff filing indicating that the request for review and additional information has not changed the NRC Office of Administration's adverse determination.
(ii) The Pre-License Application Presiding Officer may include in an order any protective terms and conditions (including affidavits of non-disclosure) as may be necessary and appropriate to limit the disclosure to parties in the proceeding, to interested states and other governmental entities participating under § 2.315(c), and to their qualified witnesses and counsel.
(iii) When Safeguards Information, protected from disclosure under Section 147 of the Atomic Energy Act of 1954, as amended, is received and possessed by a potential party, interested government participant, or party, other than the NRC staff, it shall also be protected according to the requirements of § 73.21 and the requirements of §§ 73.22 or 73.23 of this chapter, as applicable.
(iv) The Pre-License Application Presiding Officer may also prescribe such additional procedures as will effectively safeguard and prevent disclosure of Safeguards Information to unauthorized persons with minimum impairment of the procedural rights which would be available if Safeguards Information were not involved.
(v) In addition to any other sanction that may be imposed by the Pre-License Application Presiding Officer for violation of an order pertaining to the disclosure of Safeguards Information protected from disclosure under Section 147 of the Atomic Energy Act of 1954, as amended, the entity in violation may be subject to a civil penalty imposed pursuant to § 2.205.
(vi) For the purpose of imposing the criminal penalties contained in Section 223 of the Atomic Energy Act of 1954, as amended, any order issued pursuant to this paragraph with respect to Safeguards Information shall be deemed to be an order issued under Section 161b. of the Atomic Energy Act of 1954, as amended.
* * * * *PART 30—RULES OF GENERAL APPLICABILITY TO DOMESTIC LICENSING OF BYPRODUCT MATERIAL
8. The authority citation for part 30 is revised to read as follows:
9. In § 30.32, paragraph (j) is added to read as follows:
Application for specific licenses.* * * * *(j) Each applicant for a license for byproduct material subject to the requirements of part 73 of this chapter shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in §§ 73.21 and 73.23 of this chapter, as applicable.
10. In § 30.34, paragraph (j) is added to read as follows:
Terms and conditions of licenses.* * * * *(j) Each licensee subject to the requirements of part 73 of this chapter shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in §§ 73.21 and 73.23 of this chapter, as applicable.
PART 40—DOMESTIC LICENSING OF SOURCE MATERIAL
11. The authority citation for part 40 is revised to read as follows:
12. In § 40.31, paragraph (m) is added to read as follows:
Application for specific licenses.* * * * *(m) Each applicant for a license for the possession of source material at a facility for the production of uranium hexafluoride shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in §§ 73.21 and 73.22 of this chapter, as applicable. Each applicant for a license for source material subject to the requirements of part 73 of this chapter shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable.
13. In § 40.41, paragraph (h) is added to read as follows:
Terms and conditions of licenses.* * * * *(h) Each licensee subject to the requirements of part 73 of this chapter shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable.
PART 50—DOMESTIC LICENSING OF PRODUCTION AND UTILIZATION FACILITIES
14. The authority citation for part 50 is revised to read as follows:
Sections 50.23, 50.35, 50.55, and 50.56 also issued under sec. 185, 68 Stat. 955 (42 U.S.C. 2235). Sections 50.33a, 50.55a and Appendix Q also issued under sec. 102, Pub. L. 91-190, 83 Stat. 853 (42 U.S.C. 4332). Sections 50.34 and 50.54 also issued under sec. 204, 88 Stat. 1245 (42 U.S.C. 5844). Sections 50.58, 50.91, and 50.92 also issued under Pub. L. 97-415, 96 Stat. 2073 (42 U.S.C. 2239). Section 50.78 also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Sections 50.80—50.81 also issued under sec. 184, 68 Stat. 954, as amended (42 U.S.C. 2234). Appendix F also issued under sec. 187, 68 Stat. 955 (42 U.S.C. 2237).
15. In § 50.34, paragraph (e) is revised to read as follows:
Contents of applications; technical information.* * * * *(e) Each applicant for a license to operate a production or utilization facility shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in § 73.21 and the requirements in § 73.22 or § 73.23 of this chapter, as applicable.
* * * * *16. In § 50.54, paragraph (v) is revised to read as follows:
Conditions of licenses.* * * * *(v) Each licensee subject to the requirements of part 73 of this chapter shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in § 73.21 and the requirements in § 73.22 or § 73.23 of this chapter, as applicable.
* * * * *PART 52—EARLY SITE PERMITS; STANDARD DESIGN CERTIFICATIONS; AND COMBINED LICENSES FOR NUCLEAR POWER PLANTS
17. The authority citation for part 52 is revised to read as follows:
18. In § 52.17, paragraph (d) is added to read as follows:
Start Printed Page 64058Contents of applications.* * * * *(d) Each applicant for an early site permit under this part shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in §§ 73.21 and 73.22 of this chapter, as applicable.
19. In § 52.47, paragraph (c) is added to read as follows:
Contents of applications.* * * * *(c) Each applicant for a standard design certification under this part shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in §§ 73.21 and 73.22 of this chapter, as applicable.
20. In § 52.79, paragraph (e) is added to read as follows:
Contents of application; technical information.* * * * *(e) Each applicant for a combined license under this subpart shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in §§ 73.21 and 73.22 of this chapter, as applicable.
PART 60—DISPOSAL OF HIGH-LEVEL RADIOACTIVE WASTES IN GEOLOGIC REPOSITORIES
21. The authority citation for part 60 is revised to read as follows:
22. In § 60.21, paragraph (d) is added to read as follows:
Content of application.* * * * *(d) The applicant for a license to receive and possess source, special nuclear, and byproduct material at a geologic repository operations area sited, constructed, or operated in accordance with the Nuclear Waste Policy Act of 1982 shall protect Safeguards Information in accordance with the requirements in § 73.21 and the requirements in § 73.22 or § 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable.
23. In § 60.42, paragraph (d) is added to read as follows:
Conditions of license.* * * * *(d) The licensee shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in § 73.21 and the requirements in § 73.22 or § 73.23 of this chapter, as applicable. The licensee shall ensure that classified information is protected in accordance with the requirements of parts 25 and 95 of this chapter, as applicable.
PART 63—DISPOSAL OF HIGH-LEVEL RADIOACTIVE WASTES IN A GEOLOGIC REPOSITORY AT YUCCA MOUNTAIN, NEVADA
24. The authority citation for part 63 is revised to read as follows:
25. In § 63.21, paragraph (d) is added to read as follows:
Content of application.* * * * *(d) The applicant for a license to receive and possess source, special nuclear, and byproduct material at a geologic repository at Yucca Mountain, Nevada, shall protect Safeguards Information in accordance with the requirements in § 73.21, and the requirements in § 73.22, or § 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable.
26. In § 63.42, paragraph (e) is added to read as follows:
Conditions of license.* * * * *(e) The licensee shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in § 73.21, and the requirements in § 73.22, or § 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable.
PART 70—DOMESTIC LICENSING OF SPECIAL NUCLEAR MATERIAL
27. The authority citation for part 70 is revised to read as follows:
Section 70.7 also issued under Pub. L. 95-601, sec. 10, 92 Stat. 2951 (42 U.S.C. 5851). Section 70.21(g) also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Section 70.31 also issued under sec. 57d, Pub. L. 93-377, 88 Stat. 475 (42 U.S.C. 2077). Sections 70.36 and 70.44 also issued under sec. 184, 68 Stat. 954, as amended (42 U.S.C. 2234). Section 70.81 also issued under secs. 186, 187, 68 Stat. 955 (42 U.S.C. 2236, 2237). Section 70.82 also issued under sec. 108, 68 Stat. 939, as amended (42 U.S.C. 2138).
28. In § 70.22, paragraph (l) is revised to read as follows:
Contents of applications.* * * * *(l) Each applicant for a license shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in § 73.21 and the requirements of § 73.22, or 73.23 of this chapter, as applicable, and shall protect classified information in accordance with the requirements of parts 25 and 95 of this chapter, as applicable.
* * * * *29. In § 70.32, paragraph (j) is revised to read as follows:
Conditions of licenses.* * * * *(j) Each licensee who possesses special nuclear material, or who transports, or delivers to a carrier for transport, a formula quantity of strategic special nuclear material, special nuclear material of moderate strategic significance, or special nuclear material of low strategic significance, or more than 100 grams of irradiated reactor fuel shall ensure that Safeguards Information is protected against unauthorized disclosure in accordance with the requirements in § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable, and shall protect classified information in accordance Start Printed Page 64059with the requirements of parts 25 and 95 of this chapter, as applicable.
* * * * *PART 71—PACKAGING AND TRANSPORTATION OF RADIOACTIVE MATERIAL
30. The authority citation for part 71 is revised to read as follows:
31. Section 71.11 is added to read as follows:
Protection of Safeguards Information.Each licensee, certificate holder, or applicant for a Certificate of Compliance for a transportation package for transport of irradiated reactor fuel, strategic special nuclear material, a critical mass of special nuclear material, or byproduct material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security, shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable.
PART 72—LICENSING REQUIREMENTS FOR THE INDEPENDENT STORAGE OF SPENT NUCLEAR FUEL, HIGH-LEVEL RADIOACTIVE WASTE, AND REACTOR-RELATED GREATER THAN CLASS C WASTE
32. The authority citation for part 72 is revised to read as follows:
Section 72.44(g) also issued under secs. 142(b) and 148(c), (d), Pub. L. 100-203, 101 Stat. 1330-232, 1330-236 (42 U.S.C. 10162(b), 10168(c), (d)). Section 72.46 also issued under sec. 189, 68 Stat. 955 (42 U.S.C. 2239); sec. 134, Pub. L. 97-425, 96 Stat. 2230 (42 U.S.C. 10154). Section 72.96(d) also issued under sec. 145(g), Pub. L. 100-203, 101 Stat. 1330-235 (42 U.S.C. 10165(g)). Subpart J also issued under secs. 2(2), 2(15), 2(19), 117(a), 141(h), Pub. L. 97-425, 96 Stat. 2202, 2203, 2204, 2222, 2224 (42 U.S.C. 10101, 10137(a), 10161(h)). Subparts K and L are also issued under sec. 133, 98 Stat. 2230 (42 U.S.C. 10153) and sec. 218(a), 96 Stat. 2252 (42 U.S.C. 10198).
33. In § 72.22, paragraph (f) is added to read as follows:
Contents of application: General and financial information.* * * * *(f) Each applicant for a license under this part to receive, transfer, and possess power reactor spent fuel, power reactor-related Greater than Class C (GTCC) waste, and other radioactive materials associated with spent fuel storage in an independent spent fuel storage installation (ISFSI) shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements in § 73.21 and the requirements of § 73.22 or § 73.23, as applicable.
34. In § 72.44, paragraph (h) is added to read as follows:
License conditions.* * * * *(h) Each licensee subject to the requirements of part 73 of this chapter shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements of § 73.21 and the requirements of § 73.22 or § 73.23, as applicable.
35. In § 72.212, paragraph (b)(5)(v) is redesignated as (b)(5)(vi) and a new paragraph (b)(5)(v) is added to read as follows:
Conditions of general license issued under § 72.210.* * * * *(b) * * *
(5) * * *
(v) Each general licensee that receives and possesses power reactor spent fuel and other radioactive materials associated with spent fuel storage shall protect Safeguards Information against unauthorized disclosure in accordance with the requirements of § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable.
* * * * *36. In § 72.236, paragraph (n) is added to read as follows:
Specific requirements for spent fuel storage cask approval and fabrication.* * * * *(n) Safeguards Information shall be protected against unauthorized disclosure in accordance with the requirements of § 73.21 and the requirements of § 73.22 or § 73.23 of this chapter, as applicable.
PART 73—PHYSICAL PROTECTION OF PLANTS AND MATERIALS
37. The authority citation for part 73 is revised to read as follows:
Section 73.1 also issued under secs. 135, 141, Pub. L. 97-425, 96 Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 73.37(f) also issued under sec. 301, Pub. L. 96-295, 94 Stat. 789 (42 U.S.C. 5841 note). Section 73.57 is issued under sec. 606, Pub. L. 99-399, 100 Stat. 876 (42 U.S.C. 2169).
38. In § 73.1, paragraph (b)(7) is revised to read as follows:
Purpose and scope.* * * * *(b) * * *
(7) This part prescribes requirements for the protection of Safeguards Information (including the designation or marking: Safeguards Information—Modified Handling) in the hands of any person, whether or not a licensee of the Commission, who produces, receives, or acquires that information.
* * * * *39. In § 73.2, new definitions Background Check, Individual Authorized Access to Safeguards Information, Individual Authorized Access to Safeguards Information—Modified Handling, Quantities of Concern, Safeguards Information—Modified Handling, and Trustworthiness and Reliability, are added in alphabetical order and the definitions of Safeguards Information and “Need to Know” are revised to read as follows:
Definitions.* * * * *Background check includes, at a minimum, a criminal history check, verification of identity, employment history, education, and personal references. Individuals engaged in activities subject to regulation by the Start Printed Page 64060Commission, applicants for licenses to engage in Commission-regulated activities, and individuals who have notified the Commission in writing of an intent to file an application for licensing, certification, permitting, or approval of a product or activity subject to regulation by the Commission are required under § 73.57 to conduct criminal history checks before granting access to Safeguards Information. A background check must be sufficient to support the trustworthiness and reliability determination so that the person performing the check and the Commission have assurance that granting individuals access to Safeguards Information does not constitute an unreasonable risk to the public health and safety or the common defense and security.
* * * * *Individual Authorized Access to Safeguards Information is an individual authorized to have access to and handle such information pursuant to the requirements of §§ 73.21 and 73.22.
Individual Authorized Access to Safeguards Information—Modified Handling is an individual authorized to have access to and handle such information pursuant to the requirements of §§ 73.21 and 73.23 of this chapter.
* * * * *“Need to Know” means a determination by a person having responsibility for protecting Safeguards Information that a proposed recipient's access to Safeguards Information is necessary in the performance of official, contractual, licensee, applicant, or certificate holder employment. In an adjudication, “need to know” means a determination by the originator of the information that the information is necessary to enable the proposed recipient to proffer and/or adjudicate a specific contention in that proceeding, and the proposed recipient of the specific Safeguards Information possesses demonstrable knowledge, skill, training, or education to effectively utilize the specific Safeguards Information in the proceeding. Where the information is in the possession of the originator and the NRC staff (dual possession), whether in its original form or incorporated into another document by the recipient, the NRC staff makes the determination. In the event of a dispute regarding the “need to know” determination, the presiding officer of the proceeding shall make the “need to know” determination.
* * * * *Quantities of Concern means the quantities of the radionuclides meeting or exceeding the threshold limits set forth in Table I-1 of Appendix I of this part.
* * * * *Safeguards Information means information not classified as National Security Information or Restricted Data which specifically identifies a licensee's or applicant's detailed control and accounting procedures for the physical protection of special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; detailed security measures (including security plans, procedures, and equipment) for the physical protection of source, byproduct, or special nuclear material in quantities determined by the Commission through order or regulation to be significant to the public health and safety or the common defense and security; security measures for the physical protection of and location of certain plant equipment vital to the safety of production or utilization facilities; and any other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, the unauthorized disclosure of which, as determined by the Commission through order or regulation, could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of sabotage or theft or diversion of source, byproduct, or special nuclear material.
Safeguards Information—Modified Handling is the designation or marking applied to Safeguards Information which the Commission has determined requires handling requirements modified from the specific Safeguards Information handling requirements.
* * * * *Trustworthiness and reliability are characteristics of an individual considered dependable in judgment, character, and performance, such that disclosure of Safeguards Information to that individual does not constitute an unreasonable risk to the public health and safety or common defense and security. A determination of trustworthiness and reliability is based upon a background check.
* * * * *40. Section 73.8(b) is revised to read as follows:
Information collection requirements: OMB approval.* * * * *(b) The approved information collection requirements contained in this part appear in §§ 73.5, 73.20, 73.21, 73.22, 73.23, 73.24, 73.25, 73.26, 73.27, 73.37, 73.40, 73.45, 73.46, 73.50, 73.55, 73.56, 73.57, 73.60, 73.67, 73.70, 73.71, 73.72, 73.73, 73.74, and appendices B, C, and G.
41. Section 73.21 is revised to read as follows:
Protection of Safeguards Information: Performance Requirements.(a) General performance requirement. (1) Each licensee, applicant, or other person who produces, receives, or acquires Safeguards Information shall ensure that it is protected against unauthorized disclosure. To meet this general performance requirement, such licensees, applicants, or other persons subject to this section shall:
(i) Establish, implement, and maintain an information protection system that includes the applicable measures for Safeguards Information specified in § 73.22 related to: Power reactors; a formula quantity of strategic special nuclear material; transportation of or delivery to a carrier for transportation of a formula quantity of strategic special nuclear material or more than 100 grams of irradiated reactor fuel; uranium hexafluoride production facilities; fuel fabrication facilities; uranium enrichment facilities; independent spent fuel storage installations; and geologic repository operations areas.
(ii) Establish, implement, and maintain an information protection system that includes the applicable measures for Safeguards Information specified in § 73.23 related to: Panoramic and underwater irradiators that possess greater than 370 TBq (10,000 Ci) of byproduct material in the form of sealed sources; manufacturers and distributors of items containing source, byproduct, or special nuclear material in greater than or equal to Category 2 quantities of concern; research and test reactors that possess special nuclear material of moderate strategic significance or special nuclear material of low strategic significance; and transportation of greater than or equal to Category 2 quantities of concern.
(2) Information protection procedures employed by Federal, State, and local law enforcement agencies are presumed to meet the general performance requirement in § 73.21(a)(1).
(b) Commission Authority. (1) Pursuant to Section 147 of the Atomic Energy Act of 1954, as amended, the Start Printed Page 64061Commission may impose, by order or regulation, Safeguards Information protection requirements different from or in addition to those specified in this part on any person who produces, receives, or acquires Safeguards Information.
(2) The Commission may require, by regulation or order, that information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, related to facilities or materials not specifically described in §§ 73.21, 73.22 or 73.23 be protected under this part.
42. Section 73.22 is added to read as follows:
Protection of Safeguards Information: Specific Requirements.This section contains specific requirements for the protection of Safeguards Information related to power reactors; a formula quantity of strategic special nuclear material; transportation of or delivery to a carrier for transportation of a formula quantity of strategic special nuclear material or more than 100 grams of irradiated reactor fuel; uranium hexafluoride production facilities, fuel fabrication facilities, and uranium enrichment facilities; independent spent fuel storage installations; and geologic repository operations areas.
(a) Information to be protected. The types of information and documents that must be protected as Safeguards Information include non-public security-related requirements such as:
(1) Physical Protection. Information not classified as Restricted Data or National Security Information related to physical protection, including:
(i) The composite physical security plan for the facility or site;
(ii) Site specific drawings, diagrams, sketches, or maps that substantially represent the final design features of the physical security system not easily discernible by members of the public;
(iii) Alarm system layouts showing the location of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power sources for security equipment, and duress alarms not easily discernible by members of the public;
(iv) Physical security orders and procedures issued by the licensee for members of the security organization detailing duress codes, patrol routes and schedules, or responses to security contingency events;
(v) Site-specific design features of plant security communications systems;
(vi) Lock combinations, mechanical key design, or passwords integral to the physical security system;
(vii) Documents and other matter that contain lists or locations of certain safety-related equipment explicitly identified in the documents as vital for purposes of physical protection, as contained in security plans, contingency measures, or plant specific safeguards analyses;
(viii) The composite safeguards contingency plan/measures for the facility or site;
(ix) The composite facility guard qualification and training plan/measures disclosing features of the physical security system or response procedures;
(x) Information relating to on-site or off-site response forces, including size, armament of response forces, and arrival times of such forces committed to respond to security contingency events;
(xi) The Adversary Characteristics Document or other implementing guidance associated with the Design Basis Threat in § 73.1; and
(xii) Engineering and safety analyses, security-related procedures or scenarios, and other information revealing site-specific details of the facility or materials if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material.
(2) Physical protection in transit. Information not classified as Restricted Data or National Security Information related to the transportation of, or delivery to a carrier for transportation of a formula quantity of strategic special nuclear material or more than 100 grams of irradiated reactor fuel, including:
(i) The composite physical security plan for transportation;
(ii) Schedules and itineraries for specific shipments of source material, byproduct material, high-level nuclear waste, or irradiated reactor fuel. Schedules for shipments of source material, byproduct material, high-level nuclear waste, or irradiated reactor fuel are no longer controlled as Safeguards Information 10 days after the last shipment of a current series;
(iii) Vehicle immobilization features, intrusion alarm devices, and communications systems;
(iv) Arrangements with and capabilities of local police response forces, and locations of safe havens;
(v) Limitations of communications during transport;
(vi) Procedures for response to security contingency events;
(vii) Information concerning the tactics and capabilities required to defend against attempted sabotage, or theft and diversion of formula quantities of special nuclear material, irradiated reactor fuel, or related information; and
(viii) Engineering or safety analyses, security-related procedures or scenarios and other information related to the protection of the transported material if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material.
(3) Inspections, audits and evaluations. Information not classified as National Security Information or Restricted Data pertaining to safeguards and security inspections and reports, including:
(i) Portions of inspection reports, evaluations, audits, or investigations that contain details of a licensee's or applicant's physical security system or that disclose uncorrected defects, weaknesses, or vulnerabilities in the system. Disclosure of corrected defects, weaknesses, or vulnerabilities is subject to an assessment taking into account such factors as trending analyses and the impacts of disclosure on licensees having similar physical security systems; and
(ii) Reports of investigations containing general information may be released after corrective actions have been completed, unless withheld pursuant to other authorities, e.g., the Freedom of Information Act (5 U.S.C. 552).
(4) Correspondence. Portions of correspondence insofar as they contain Safeguards Information as set forth in paragraphs (a)(1) through (a)(3) of this section.
(5) Other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, that the Commission determines by order or regulation could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material or a facility.
(b) Conditions for access.
(1) Except as the Commission may otherwise authorize, no person may have access to Safeguards Information unless the person has an established “need to know” for the information and has undergone a Federal Bureau of Start Printed Page 64062Investigation criminal history check using the procedures set forth in § 73.57.
(2) In addition, a person to be granted access to SGI must be trustworthy and reliable, based on a background check or other means approved by the Commission.
(3) The categories of individuals specified in 10 CFR 73.59 are exempt from the criminal history and background check requirements in paragraphs (b)(1) and (b)(2) of this section by virtue of their occupational status:
(4) For persons participating in an NRC adjudicatory proceeding other than those specified in § 73.59, the “need to know” determination shall be made by the originator of the Safeguards Information upon receipt of a request for access to the Safeguards Information. Where the information is in the possession of the originator and the NRC staff, whether in its original form or incorporated into another document by the recipient, the NRC staff shall make the determination. In the event of a dispute regarding the “need to know” determination, the presiding officer of the proceeding shall determine whether the “need to know” findings in § 73.2 can be made.
(5) Except as the Commission may otherwise authorize, no person may disclose Safeguards Information to any other person except as set forth in this section.
(c) Protection while in use or storage.
(1) While in use, matter containing Safeguards Information must be under the control of an individual authorized access to Safeguards Information. This requirement is satisfied if the Safeguards Information is attended by such an individual even though the information is in fact not constantly being used. Safeguards Information within alarm stations, or rooms continuously occupied by authorized individuals need not be stored in a locked security storage container.
(2) While unattended, Safeguards Information must be stored in a locked security storage container. The container shall not identify the contents of the matter contained and must preclude access by individuals not authorized access in accordance with the provisions of this section. Knowledge of lock combinations protecting Safeguards Information must be limited to a minimum number of personnel for operating purposes who have a “need to know” and are otherwise authorized access to Safeguards Information in accordance with the provisions of this part. Access to lock combinations must be strictly controlled so as to prevent disclosure to an individual not authorized access to Safeguards Information.
(d) Preparation and marking of documents or other matter.
(1) Each document or other matter that contains Safeguards Information as described in § 73.21(a)(1)(i) and this section must be marked to indicate the presence of such information in a conspicuous manner on the top and bottom of each page. The first page of the document must also contain:
(i) The name, title, and organization of the individual authorized to make a Safeguards Information determination, and who has determined that the document contains Safeguards Information;
(ii) The date the determination was made; and
(iii) An indication that unauthorized disclosure will be subject to civil and criminal sanctions.
(2) In addition to the markings at the top and bottom of each page, any transmittal letters or memoranda to or from the NRC which do not in themselves contain Safeguards Information shall be marked to indicate that attachments or enclosures contain Safeguards Information but that the transmittal document does not (i.e., “When separated from Safeguards Information enclosure(s), this document is decontrolled”).
(3) Any transmittal document forwarding Safeguards Information must alert the recipient that protected information is enclosed. Certification that a document or other media contains Safeguards Information must include the name and title of the certifying official and date designated. Portion marking is required only for correspondence to and from the NRC (i.e., cover letters, but not attachments) that contains Safeguards Information. The portion marking must be sufficient to allow the recipient to identify and distinguish those sections of the transmittal document or other information containing the Safeguards Information from non-Safeguards Information.
(4) Marking of documents containing or transmitting Safeguards Information shall, at a minimum include the words “Safeguards Information” to ensure identification of protected information for the protection of facilities and material covered by § 73.22.
(e) Reproduction of matter containing Safeguards Information. Safeguards Information may be reproduced to the minimum extent necessary consistent with need without permission of the originator. Equipment used to reproduce Safeguards Information must be evaluated to ensure that unauthorized individuals cannot access Safeguards Information (e.g., unauthorized individuals cannot access SGI by gaining access to retained memory or network connectivity).
(f) External transmission of documents and material.
(1) Documents or other matter containing Safeguards Information, when transmitted outside an authorized place of use or storage, must be packaged in two sealed envelopes or wrappers to preclude disclosure of the presence of protected information. The inner envelope or wrapper must contain the name and address of the intended recipient and be marked on both sides, top and bottom, with the words “Safeguards Information.” The outer envelope or wrapper must be opaque, addressed to the intended recipient, must contain the address of the sender, and may not bear any markings or indication that the document contains Safeguards Information.
(2) Safeguards Information may be transported by any commercial delivery company that provides service with computer tracking features, U.S. first class, registered, express, or certified mail, or by any individual authorized access pursuant to these requirements.
(3) Except under emergency or extraordinary conditions, Safeguards Information shall be transmitted outside an authorized place of use or storage only by (a) NRC approved secure electronic devices, such as facsimiles or telephone devices, provided that transmitters and receivers implement processes that will provide high assurance that Safeguards Information is protected before and after the transmission or (b) electronic mail through the internet, provided that (i) the information is encrypted by the NRC-approved encryption modules and algorithms; (ii) the information is produced by a self contained secure automatic data process system; and (iii) transmitters and receivers implement the information handling processes that will provide high assurance that Safeguards Information is protected before and after transmission. Physical security events required to be reported pursuant to § 73.71 are considered to be extraordinary conditions.
(g) Processing of Safeguards Information on electronic systems.
(1) Safeguards Information may be stored, processed or produced on a stand-alone computer (or computer system) for processing of Safeguards Information. “Stand-alone” means a computer or computer system to which access is limited to individuals authorized access to Safeguards Information. A stand-alone computer or Start Printed Page 64063computer system shall not be physically or in any other way connected to a network accessible by users who are not authorized access to Safeguards Information.
(2) Each computer not located within an approved and lockable security storage container that is used to process Safeguards Information must have a removable storage medium with a bootable operating system. The bootable operating system must be used to load and initialize the computer. The removable storage medium must also contain the software application programs, and all data must be processed and saved on the same removable storage medium. The removable storage medium must be secured in a locked security storage container when not in use.
(3) A mobile device (such as a laptop computer) may also be used for the processing of Safeguards Information provided the device is secured in a locked security storage container when not in use. Other systems may be used if approved for security by the appropriate NRC office.
(h) Removal from Safeguards Information category. Documents originally containing Safeguards Information must be removed from the Safeguards Information category at such time as the information no longer meets the criteria contained in this part. A review of such documents to make that determination shall be conducted every 10 years. Documents that are 10 years or older and designated as SGI or SGI-M shall be reviewed for a decontrol determination if they are currently in use or removed from storage. Care must be exercised to ensure that any document decontrolled not disclose Safeguards Information in some other form or be combined with other unprotected information to disclose Safeguards Information. The authority to determine that a document may be decontrolled shall be exercised only by the NRC or with NRC approval, or if possible, in consultation with the individual or organization that made the original determination.
(i) Destruction of matter containing Safeguards Information. Documents or other media containing Safeguards Information shall be destroyed when no longer needed. The information can be destroyed by burning, shredding or any other method that precludes reconstruction by means available to the public at large. Piece sizes no wider than one quarter inch composed of several pages or documents and thoroughly mixed are considered completely destroyed.
43. Section 73.23 is added to read as follows:
Protection of Safeguards Information-Modified Handling: Specific Requirements.This section contains specific requirements for the protection of Safeguards Information related to panoramic and underwater irradiators that possess greater than 370 TBq (10,000 Ci) of byproduct material in the form of sealed sources; manufacturers and distributors of items containing source, byproduct, or special nuclear material in greater than or equal to Category 2 quantities of concern; transportation of more than 1,000 Tbq (27,000 Ci) but less than or equal to 100 grams of spent nuclear fuel; research and test reactors that possess special nuclear material of moderate strategic significance or special nuclear material of low strategic significance; and transportation of greater than or equal to Category 2 quantities of concern. The requirements of this section distinguish Safeguards Information requiring modified handling requirements (SGI-M) from Safeguards Information for facilities and materials needing a higher level of protection, as set forth in § 73.22.
(a) Information to be protected. The types of information and documents that must be protected as Safeguards Information-Modified Handling include non-public security-related requirements such as protective measures, interim compensatory measures, additional security measures, and the following, as applicable:
(1) Physical Protection. Information not classified as Restricted Data or National Security Information related to physical protection, including:
(i) The composite physical security plan for the facility or site;
(ii) Site specific drawings, diagrams, sketches, or maps that substantially represent the final design features of the physical security system not easily discernible by members of the public;
(iii) Alarm system layouts showing the location of intrusion detection devices, alarm assessment equipment, alarm system wiring, emergency power sources for security equipment, and duress alarms not easily discernible by members of the public;
(iv) Physical security orders and procedures issued by the licensee for members of the security organization detailing duress codes, patrol routes and schedules, or responses to security contingency events;
(v) Site specific design features of plant security communications systems;
(vi) Lock combinations, mechanical key design, or passwords integral to the physical security system;
(vii) The composite facility guard qualification and training plan/measures disclosing features of the physical security system or response procedures;
(viii) Descriptions of security activities which disclose features of the physical security system or response measures;
(ix) Information relating to onsite or offsite response forces, including size, armament of the response forces, and arrival times of such forces committed to respond to security contingency events; and
(x) Engineering and safety analyses, security-related procedures or scenarios, and other information revealing site-specific details of the facility or materials if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material.
(2) Physical protection in transit. Information not classified as Restricted Data or National Security Information related to the physical protection of shipments of more than 1000 Tbq (27,000 Ci) but less than or equal to 100 grams of spent nuclear fuel, source material and byproduct material in Category 2 quantities of concern, and special nuclear material in less than a formula quantity (except for those materials covered under § 73.22), including:
(i) Information regarding transportation security measures, including physical security plans and procedures, immobilization devices, and escort requirements, more detailed than NRC regulations;
(ii) Scheduling and itinerary information for shipments (scheduling and itinerary information for shipments that are inherently self-disclosing, such as a shipment that created extensive news coverage or an announcement by a public official confirming receipt, may be decontrolled after shipment departure. Scheduling and itinerary information for shipments that are not inherently self-disclosing may be decontrolled 2 days after the shipment is completed. Scheduling and itinerary information used for the purpose of preplanning, coordination, and advance notification may be shared with others on a “need to know” basis and need not Start Printed Page 64064be designated as Safeguards Information-Modified Handling);
(iii) Arrangements with and capabilities of local police response forces, and locations of safe havens;
(iv) Details of alarm and communication systems, communication procedures, and duress codes;
(v) Procedures for response to security contingency events; and
(vi) Engineering or safety analyses, security-related procedures or scenarios and other information related to the protection of the transported material if the unauthorized disclosure of such analyses, procedures, scenarios, or other information could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material.
(3) Inspections, audits and evaluations. Information not classified as National Security Information or Restricted Data pertaining to safeguards and security inspections and reports, including:
(i) Portions of inspection reports, evaluations, audits, or investigations that contain details of a licensee's or applicant's physical security system or that disclose uncorrected defects, weaknesses, or vulnerabilities in the system. Disclosure of corrected defects, weaknesses, or vulnerabilities is subject to an assessment taking into account such factors as trending analyses and the impacts of disclosure on licensees having similar physical security systems; and
(ii) Reports of investigations containing general information may be released after the corrective actions have been completed, unless withheld pursuant to other authorities, e.g., the Freedom of Information Act (5 U.S.C. 552).
(4) Correspondence. Portions of correspondence insofar as they contain Safeguards Information designated as Safeguards Information-Modifed Handling, as set forth in paragraphs (a)(1) through (a)(3) of this section.
(5) Other information within the scope of Section 147 of the Atomic Energy Act of 1954, as amended, that the Commission determines by order or regulation could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by significantly increasing the likelihood of theft, diversion, or sabotage of source, byproduct, or special nuclear material or a facility.
(b) Conditions for access,
(1) Except as the Commission may otherwise authorize, no person may have access to Safeguards Information designated as Safeguards Information-Modified Handling unless the person has an established “need to know” for the information and has undergone a Federal Bureau of Investigation criminal history check using the procedures set forth in § 73.57.
(2) In addition, a person to be granted access to SGI must be trustworthy and reliable, based on a background check or other means approved by the Commission.
(3) The categories of individuals specified in 10 CFR § 73.59 are exempt from the background check requirements in paragraphs (b)(1) and (b)(2) of this section by virtue of their occupational status:
(4) For persons participating in an NRC adjudicatory proceeding other than those specified in § 73.59, the “need to know” determination shall be made by the originator of the Safeguards Information upon receipt of a request for access to the Safeguards Information. Where the information is in the possession of the originator and the NRC staff, whether in its original form or incorporated into another document by the recipient, the NRC staff shall make the determination. In the event of a dispute regarding the “need to know” determination, the presiding officer of the proceeding shall determine whether the “'need to know”' findings in § 73.2 can be made.
(5) Except as the Commission may otherwise authorize, no person may disclose Safeguards Information to any other person except as set forth in this section.
(c) Protection while in use or storage.
(1) While in use, matter containing Safeguards Information designated as Safeguards Information-Modified Handling must be under the control of an individual authorized access to such information. This requirement is satisfied if the Safeguards Information designated as Safeguards Information-Modified Handling is attended by such an individual even though the information is in fact not constantly being used. Safeguards Information designated as Safeguards Information-Modified Handling within alarm stations, or rooms continuously occupied by authorized individuals, need not be locked in a file drawer or cabinet.
(2) While unattended, Safeguards Information designated as Safeguards Information-Modified Handling must be stored in a locked file drawer or cabinet. The container shall not identify the contents of the matter contained and must preclude access by individuals not authorized access in accordance with the provisions of this section. Knowledge of lock combinations or access to keys protecting Safeguards Information designated as Safeguards Information-Modified Handling must be limited to a minimum number of personnel for operating purposes who have a “need to know” and are otherwise authorized access to Safeguards Information in accordance with the provisions of this part. Access to lock combinations must be strictly controlled so as to prevent disclosure to an individual not authorized access to Safeguards Information designated as Safeguards Information-Modified Handling.
(d) Preparation and marking of documents or other matter.
(1) Each document or other matter that contains Safeguards Information designated as Safeguards Information-Modified Handling as described in § 73.23(a) and in this section must be marked to indicate the presence of Safeguards Information with modified handling requirements in a conspicuous manner on the top and bottom of each page. The first page of the document must also contain:
(i) The name, title, and organization of the individual authorized to make a “Safeguards Information designated as Safeguards Information-Modified Handling” determination, and who has determined that the document contains Safeguards Information designated as Safeguards Information-Modified Handling;
(ii) The date the determination was made; and
(iii) An indication that unauthorized disclosure will be subject to civil and criminal sanctions.
(2) In addition to the markings at the top and bottom of each page, any transmittal letters or memoranda to or from the NRC which do not in themselves contain Safeguards Information designated as Safeguards Information-Modified Handling shall be marked to indicate that attachments or enclosures contain Safeguards Information designated as Safeguards Information-Modified Handling but that the transmittal document does not (i.e., “When separated from Safeguards Information designated as Safeguards Information-Modified Handling enclosure(s), this document is decontrolled”).
(3) Any transmittal document forwarding Safeguards Information designated as Safeguards Information-Modified Handling must alert the recipient that protected information is Start Printed Page 64065enclosed. Certification that a document or other media contains Safeguards Information designated as Safeguards Information-Modified Handling must include the name and title of the certifying official and date designated. Portion marking is required only for correspondence to and from the NRC (i.e., cover letters, but not attachments) that contains Safeguards Information designated as Safeguards Information-Modified Handling. The portion marking must be sufficient to allow the recipient to identify and distinguish those sections of the transmittal document or other information containing the Safeguards Information from non-Safeguards Information.
(4) Marking of documents containing or transmitting Safeguards Information with modified handling requirements shall, at a minimum include the words “Safeguards Information-Modified Handling” to ensure identification of protected information for the protection of facilities and material covered by § 73.23.
(e) Reproduction of matter containing Safeguards Information designated as Safeguards Information-Modified Handling. Safeguards Information designated as Safeguards Information-Modified Handling may be reproduced to the minimum extent necessary, consistent with need, without permission of the originator. Equipment used to reproduce Safeguards Information designated as Safeguards Information-Modified Handling must be evaluated to ensure that unauthorized individuals cannot access the information (e.g., unauthorized individuals cannot access SGI by gaining access to retained memory or network connectivity).
(f) External transmission of documents and material.
(1) Documents or other matter containing Safeguards Information designated as Safeguards Information-Modified Handling, when transmitted outside an authorized place of use or storage, must be packaged in two sealed envelopes or wrappers to preclude disclosure of the presence of protected information. The inner envelope or wrapper must contain the name and address of the intended recipient and be marked on both sides, top and bottom, with the words “Safeguards Information-Modified Handling.” The outer envelope or wrapper must be opaque, addressed to the intended recipient, must contain the address of the sender, and may not bear any markings or indication that the document contains Safeguards Information designated as Safeguards Information-Modified Handling.
(2) Safeguards Information designated Safeguards Information-Modified Handling may be transported by any commercial delivery company that provides service with computer tracking features, U.S. first class, registered, express, or certified mail, or by any individual authorized access pursuant to these requirements.
(3) Except under emergency or extraordinary conditions, Safeguards Information designated as Safeguards Information-Modified Handling must be transmitted electronically only by protected telecommunications circuits (including facsimile) or encryption (Federal Information Processing Standard [FIPS] 140-2 or later) approved by the appropriate NRC office. For the purpose of this section, emergency or extraordinary conditions are defined as any circumstances that require immediate communications in order to report, summon assistance for, or respond to a security contingency event or an event that has potential security significance. Physical security events required to be reported pursuant to § 73.71 are considered to be extraordinary conditions.
(g) Processing of Safeguards Information-Modified Handling on electronic systems.
(1) Safeguards Information designated for modified handling may be stored, processed or produced on a computer or computer system, provided that the system is assigned to the licensee's or contractor's facility. Safeguards Information designated as Safeguards Information-Modified Handling files must be protected, either by a password or encryption, to prevent unauthorized individuals from gaining access. Word processors such as typewriters are not subject to these requirements as long as they do not transmit information off-site. (Note: if Safeguards Information designated as Safeguards Information-Modified Handling is produced on a typewriter, the ribbon must be removed and stored in the same manner as other Safeguards Information designated as Safeguards Information-Modified Handling.)
(2) Safeguards Information designated as Safeguards Information-Modified Handling files may be transmitted over a network if the file is encrypted. In such cases, the licensee will select a commercially available encryption system that the National Institute of Standards and Technology (NIST) has validated as conforming to Federal Information Processing Standards (FIPS). Safeguards Information designated as Safeguards Information-Modified Handling files shall be properly labeled to indicate the presence of Safeguards Information with modified handling requirements and saved to removable media and stored in a locked file drawer or cabinet.
(3) A mobile device (such as a laptop computer) may also be used for the processing of Safeguards Information designated as Safeguards Information-Modified Handling provided the device is secured in an appropriate locked storage container when not in use. Other systems may be used if approved for security by the appropriate NRC office.
(h) Removal from Safeguards Information-Modified Handling category. Documents originally containing Safeguards Information designated as Safeguards Information-Modified Handling must be removed from the Safeguards Information category at such time as the information no longer meets the criteria contained in this Part. A review of such documents to make that determination shall be conducted every 10 years. Documents that are 10 years or older and designated as SGI or SGI-M shall be reviewed for a decontrol determination if they are currently in use or removed from storage. Care must be exercised to ensure that any document decontrolled shall not disclose Safeguards Information in some other form or be combined with other unprotected information to disclose Safeguards Information. The authority to determine that a document may be decontrolled shall be exercised only by the NRC or with NRC approval, or if possible, in consultation with the individual or organization that made the original determination.
(i) Destruction of matter containing Safeguards Information designated as Safeguards Information-Modified Handling. Documents or other media containing Safeguards Information shall be destroyed when no longer needed. The information can be destroyed by burning, shredding, or any other method that precludes reconstruction by means available to the public at large. Piece sizes no wider than one quarter inch composed of several pages or documents and thoroughly mixed are considered completely destroyed.
44. In § 73.37, paragraphs (f)(2)(iv), (f)(3)(iii) and (iv), and (g) are revised as follows:
Requirement for the physical protection of irradiated reactor fuel in transit.(f) * * *
(2) * * *
(iv) A statement that the information described below in § 73.37(f)(3) is required by NRC regulations to be Start Printed Page 64066protected in accordance with the requirements of §§ 73.21 and 73.22.
(3) * * *
(iii) For the case of a single shipment whose schedule is not related to the schedule of any subsequent shipment, a statement that schedule information must be protected in accordance with the provisions of §§ 73.21 and 73.22 until at least 10 days after the shipment has entered or originated within the state.
(iv) For the case of a shipment in a series of shipments whose schedules are related, a statement that schedule information must be protected in accordance with the provisions of §§ 73.21 and 73.22 until 10 days after the last shipment in the series has entered or originated within the state and an estimate of the date on which the last shipment in the series will enter or originate within the state.
* * * * *(g) State officials, state employees, and other individuals, whether or not licensees of the Commission, who receive schedule information of the kind specified in § 73.37(f)(3) shall protect that information against unauthorized disclosure as specified in §§ 73.21 and 73.22.
45. In § 73.57 paragraphs (a)(1) and (2) and (b)(2)(i) and (ii) are revised and paragraph (e)(3) is added to read as follows:
Requirements for criminal history checks of individuals granted unescorted access to a nuclear power facility or access to Safeguards Information.(a) General. (1) Each licensee who is authorized to operate a nuclear power reactor under part 50 or to engage in an activity subject to regulation by the Commission shall comply with the requirements of this section.
(2) Each applicant for a license to operate a nuclear power reactor under part 50 of this chapter or to engage in an activity subject to regulation by the Commission, as well as each entity who has provided written notice to the Commission of intent to file an application for licensing, certification, permitting, or approval of a product subject to regulation by the Commission shall submit fingerprints for those individuals who will have access to Safeguards Information.
(b) * * *
(2) * * *
(i) For unescorted access to the nuclear power facility or (but must adhere to provisions contained in §§ 73.21 and 73.22): NRC employees and NRC contractors on official agency business; individuals responding to a site emergency in accordance with the provisions of § 73.55(a); a representative of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement at designated facilities who has been certified by the NRC; law enforcement personnel acting in an official capacity; State or local government employees who have had equivalent reviews of FBI criminal history data; and individuals employed at a facility who possess “Q” or “L” clearances or possess another active government granted security clearance, i.e, Top Secret, Secret, or Confidential;
(ii) For access to Safeguards Information only but must adhere to provisions contained in §§ 73.21, 73.22, and 73.23: The categories of individuals specified in 10 CFR § 73.59.
* * * * *(e) * * *
(3) In addition to the right to obtain records from the FBI in paragraph (e)(1) of this section and the right to initiate challenge procedures in paragraph (e)(2) of this section, an individual participating in an NRC adjudication and seeking to obtain SGI for use in that adjudication may appeal a final adverse determination by the NRC Office of Administration to the Presiding Officer of the proceeding. Potential witnesses, participants without attorneys, and attorneys for whom the NRC Office of Administration has made a final adverse determination on trustworthiness and reliability may request that the Chairman of the Atomic Safety and Licensing Board Panel designate an officer other than the presiding officer of the proceeding to review the adverse determination.
* * * * *46. In § 73.59 is revised to read as follows:
Relief from fingerprinting, identification and criminal history records checks and background checks for designated categories of individuals.Fingerprinting, and the identification and criminal history records checks required by section 149 of the Atomic Energy Act of 1954, as amended, and background checks are not required for the following individuals prior to granting access to Safeguards Information or Safeguards Information designated as Safeguards Information—Modifed Handling as defined in 10 CFR 73.2:
(a) An employee of the Commission or the Executive Branch of the United States government who has undergone fingerprinting for a prior U.S. government criminal history check;
(b) A member of Congress;
(c) An employee of a member of Congress or Congressional committee who has undergone fingerprinting for a prior U.S. government criminal history check;
(d) The Comptroller General or an employee of the Government Accountability Office who has undergone fingerprinting for a prior U.S. Government criminal history check.
(e) The Governor of a State or his or her designated State employee representative;
(f) A representative of a foreign government organization that is involved in planning for, or responding to, nuclear or radiological emergencies or security incidents who the Commission approves for access to Safeguards Information or Safeguards Information designated as Safeguards Information—Modifed Handling;
(g) Federal, State, or local law enforcement personnel;
(h) State Radiation Control Program Directors and State Homeland Security Advisors or their designated State employee representatives;
(i) Agreement State employees conducting security inspections on behalf of the NRC pursuant to an agreement executed under section 274.i. of the Atomic Energy Act;
(j) Representatives of the International Atomic Energy Agency (IAEA) engaged in activities associated with the U.S./IAEA Safeguards Agreement who have been certified by the NRC;
(k) Any agent, contractor, or consultant of the aforementioned persons who has undergone equivalent criminal history and background checks to those required by 10 CFR §§ 73.22(b) or 73.23(b).
47. A new Appendix I to part 73 is added to read as follows:
Appendix I to Part 73—Category 1 and 2 Radioactive Materials Start Printed Page 64067
Table I−1.—Quantities of Concern Threshold Limits
Radionuclides Category 1 Category 2 Terabecquerels (TBq) Curies (Ci)1 Terabecquerels (TBq) Curies (Ci)1 Americium-241 6×101 1.6×103 6×10−1 1.6×101 Americium-241/Be 6×101 1.6×103 6×10−1 1.6×101 Californium-252 2×101 5.4×102 2×10−1 5.4 Curium-244 5×101 1.4×103 5×10−1 1.4×101 Cobalt-60 3×101 8.1×102 3×10−1 8.1 Cesium-137 1×102 2.7×103 1 2.7×101 Gadolinium-153 1×103 2.7×104 1×101 2.7×102 Iridium-192 8×101 2.2×103 8×10−1 2.2×101 Promethium-147 4×104 1.1×106 4×102 1.1×104 Plutonium-238 6×101 1.6×103 6×10−1 1.6×101 Plutonium-239/Be 6×101 1.6×103 6×10−1 1.6×101 Radium-226 4×101 1.1×103 4×10−1 1.1×101 Selenium-75 2×102 5.4×103 2 5.4×101 Strontium-90 (Y-90) 1×103 2.7×104 1×101 2.7×102 Thulium-170 2×104 5.4×105 2×102 5.4×103 Ytterbium-169 3×102 8.1×103 3 8.1×101 1 The regulatory standard values are given in TBq. Curie (Ci) values are provided for practical usefulness only and are rounded after conversion. Calculations Concerning Multiple Sources or Multiple Radionuclides
The “sum of fractions” methodology for evaluating combinations of multiple sources or multiple radionuclides, is to be used in determining whether a facility or activity meets or exceeds the threshold limits and is thus subject to the physical and/or information security requirements of this part.
I. If multiple sources and/or multiple radionuclides are present in a facility or activity, the sum of the fractions of the activity of each of the radionuclides must be determined to verify the facility or activity is less than the Category 1 or 2 limits of Table 1, as appropriate. Otherwise, if the calculated sum of the fractions ratio, using the following equation, is greater than or equal to 1.0, then the facility or activity meets or exceeds the threshold limits of Table 1 and the applicable physical and/or information security provisions of this part apply.
II. Use the equation below to calculate the sum of the fractions ratio by inserting the actual activity of the applicable radionuclides from Table 1 or of the individual sources (of the same radionuclides from Table 1) in the numerator of the equation and the corresponding threshold activity limit from the Table 1 in the denominator of the equation. Sum of the fraction calculations must be performed in metric values (i.e., TBq) and the numerator and denominator values must be in the same units.
R1 = activity for radionuclides or source number 1
R2 = activity for radionuclides or source number 2
Rn = activity for radionuclides or source number n
AR1 = activity limit for radionuclides or source number 1
AR2 = activity limit for radionuclides or source number 2
ARn = activity limit for radionuclides or source number n
PART 76—CERTIFICATION OF GASEOUS DIFFUSION PLANTS
48. The authority citation for part 76 is revised to read as follows:
Formula quantities of strategic special nuclear material—Category I.* * * * *(c) The requirements for the protection of Safeguards Information pertaining to formula quantities of strategic special nuclear material (Category I) are contained in §§ 73.21 and 73.22 and parts 25 and 95 of this chapter. Information designated by the U.S. Department of Energy (DOE) as Unclassified Controlled Nuclear Information must be protected in accordance with DOE requirements.
* * * * *50. In § 76.115, paragraph (d) is added to read as follows:
Special nuclear material of moderate strategic significance— Category II.* * * * *(d) The requirements for the protection of Safeguards Information pertaining to special nuclear material of moderate strategic significance—Category II are contained in §§ 73.21 and 73.22 of this chapter.
51. In § 76.117, paragraph (c) is added to read as follows:
Special nuclear material of low strategic significance—Category III.* * * * *(c) The requirements for the protection of Safeguards Information pertaining to special nuclear material of low strategic significance—Category III are contained in §§ 73.21 and 73.22 of this chapter.
PART 150—EXEMPTIONS AND CONTINUED REGULATORY AUTHORITY IN AGREEMENT STATES AND IN OFFSHORE WATERS UNDER SECTION 274
52. The authority citation for part 150 is revised to read as follows:
Sections 150.3, 150.15, 150.15a, 150.31, 150.32 also issued under secs. 11e(2), 81, 68 Stat. 923, 935, as amended, secs. 83, 84, 92 Stat. 3033, 3039 (42 U.S.C. 2014e(2), 2111, 2113, 2114). Section 150.14 also issued under sec. 53, 68 Stat. 930, as amended (42 U.S.C. 2073).
Section 150.15 also issued under secs. 135, 141, Pub. L. 97-425, 96 Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 150.17a also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Section 150.30 also issued under sec. 234, 83 Stat. 444 (42 U.S.C. 2282).
53. In § 150.15, paragraph (a)(9) is added to read as follows:
Persons not exempt.(a) * * *
(9) The requirements for the protection Safeguards Information in § 73.21 and the requirements in § 73.22 or § 73.23 of this chapter, as applicable.
* * * * *Dated at Rockville, Maryland this 19th day of October 2006.
Annette L. Vietti-Cook,
Secretary of the Commission.
Footnotes
1. This Order was published in the Federal Register as “Licensees Authorized to Manufacture or Initially Transfer Items Containing Radioactive Material for Sale or Distribution and Who Possess Certain Radioactive Material of Concern and all Persons Who Obtain Safeguards Information Described Herein; Order Issued on November 25, 2003, Imposing Requirements for the Protection of Certain Safeguards Information (Effective Immediately),” (69 FR 3397; Jan. 23, 2004).
Back to Citation2\1. See Order (69 FR 3397; January 23, 2004).
Back to Citation[FR Doc. 06-8900 Filed 10-30-06; 8:45 am]
BILLING CODE 7590-01-P
Document Information
- Published:
- 10/31/2006
- Department:
- Nuclear Regulatory Commission
- Entry Type:
- Proposed Rule
- Action:
- Proposed rule.
- Document Number:
- 06-8900
- Dates:
- The comment period expires January 2, 2007. Submit comments specific to information collection aspects of this rule January 2, 2007. Comments received after that date will be considered if it is practical to do so, but the NRC is able to ensure consideration only for comments received on or before this date.
- Pages:
- 64003-64068 (66 pages)
- Topics:
- Administrative practice and procedure, Antitrust, Classified information, Environmental protection, Exports, Fees, Government contracts, Hazardous materials transportation, Imports, Intergovernmental relations, Manpower training programs, Nuclear materials, Nuclear power plants and reactors, Occupational safety and health, Packaging and containers, Penalties, Radiation protection, Reporting and recordkeeping requirements, Reporting and recordkeeping requirements, Reporting and recordkeeping ...
- PDF File:
- 06-8900.pdf
- CFR: (39)
- 10 CFR 2.4
- 10 CFR 2.336
- 10 CFR 2.705
- 10 CFR 2.709
- 10 CFR 2.1003
- More ...