AGENCY:

Nuclear Regulatory Commission.

ACTION:

Solicitation of public comment.

SUMMARY:

The Nuclear Regulatory Commission (NRC) is soliciting public comment on its draft information security strategic plan (ISSP) for Fiscal Year 2010-2015 (ADAMS Accession No. ML090230026). The purpose of the NRC's ISSP is to establish an information security (IS) vision and to focus the NRC's IS program on attaining that vision.

DATES:

Comments must be filed no later than 30 days from the date of publication of this notice in the Federal Register. Comments received after this date will be considered, if it is practical to do so, but the Commission is able to ensure consideration only for comments received on or before this date.

ADDRESSES:

Comments submitted in writing or in electronic form will be made available to the public in their entirety through the NRC's Agencywide Documents Access and Management System (ADAMS).

We request that any party soliciting or aggregating comments received from other persons for submission to the NRC to inform those persons that the NRC will not edit their comments to remove any identifying or contact information, and therefore, they should not include any information in their comments that they do not want it to be publicly disclosed.

Comments may be mailed to: Chief, Rulemaking and Directives Branch, Mail Stop: TWB-05-B01M, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

Persons may also provide comments through the Federal e-Rulemaking Portal: http://www.regulations.gov;​; search on docket ID: NRC-2009-0311. Address questions about NRC dockets to Carol Gallagher, (301) 492-3668; e-mail Carol.Gallagher@nrc.gov. You can also fax comments to: Rulemaking and Directives Branch, Office of Administration, U.S. Nuclear Regulatory Commission at (301) 492-3446.

The NRC maintains ADAMS, which provides text and image files of NRC's public documents. These documents may be accessed through the NRC's Public Electronic Reading Room on the Internet at http://www.nrc.gov/​reading-rm/​adams.html. Persons who do not have access to ADAMS or who encounter problems in accessing the documents located in ADAMS should contact the NRC Public Document Room reference staff at 1-800-397-4209, 301-415-4737, or by e-mail at pdr.resource@nrc.gov.

FOR FURTHER INFORMATION CONTACT:

Ms. Kathy Lyons-Burke, Senior IT Security Officer, Computer Security Office, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; telephone 301-415-6595 or e-mail at Kathy.Lyons-Burke@nrc.gov or Mr. Scott Morris, Deputy Director for Reactor Security, Division of Security Policy, Office of Nuclear Security and Incident Response, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; telephone 301-415-7083 or e-mail at Scott.Morris@nrc.gov.

SUPPLEMENTARY INFORMATION:

The NRC staff is issuing this notice to solicit public comments on the draft ISSP. After the NRC staff considers any public comments, it will make a determination regarding the draft ISSP.

The IS involves: (1) Ensuring that accurate information is available to those authorized to access the information when they need it, and (2) protecting information an information systems from unauthorized access, use, disclosure, disruption, modification, and destruction. The NRC's Draft ISSP defines IS as (1) protecting NRC and licensee information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction; (2) protecting electronic control functions from unauthorized access or manipulation; and (3) ensuring that adequate controls for protecting security-related information are used in the conduct of NRC business, both internal and external to the agency. The ISSP describes the NRC's strategy for strengthening its capabilities across all aspects of the IS program. This plan provides a strategic approach for planning and decision making and focuses on all types of activities closely related to IS, including but not limited to: (1) Physical and environmental security, (2) personnel security, (3) classification management, (4) documentation, (5) systems, (6) telecommunications, (7) embedded information, (8) intelligence information, and (9) cyber-terrorism in its various forms. The IS program addresses activities in the following areas: requirements and guidance, licensing and approval, inspection, enforcement, allegation processing, and emergency preparedness and incident response.