[Federal Register Volume 62, Number 70 (Friday, April 11, 1997)]
[Rules and Regulations]
[Pages 17683-17698]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-9063]
�========================================================================
�Rules and Regulations
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains regulatory documents
�having general applicability and legal effect, most of which are keyed
�to and codified in the Code of Federal Regulations, which is published
�under 50 titles pursuant to 44 U.S.C. 1510.
�
�The Code of Federal Regulations is sold by the Superintendent of Documents.
�Prices of new books are listed in the first FEDERAL REGISTER issue of each
�week.
�
�========================================================================
�
��Federal Register / Vol. 62, No. 70 / Friday, April 11, 1997 / Rules
and Regulations��
[[Page 17683]]
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
10 CFR Parts 25, 50, 54 and 95
RIN 3150-AF37
Access to and Protection of Classified Information
AGENCY: Nuclear Regulatory Commission.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Nuclear Regulatory Commission (NRC) is amending its
regulations to conform the requirements for the protection of and
access to classified information to new national security policy
documents. This final rule is necessary to ensure that classified
information in the possession of NRC licensees and others under the
NRC's regulatory requirements is protected in accordance with current
national policies.
EFFECTIVE DATE: May 12, 1997.
FOR FURTHER INFORMATION CONTACT: Duane G. Kidd, Division of Security,
Office of Administration, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, telephone (301) 415-7403, Email [email protected].
SUPPLEMENTARY INFORMATION:
I. Background
On August 5, 1996 (61 FR 40555), the NRC published a proposed rule
in the Federal Register to amend 10 CFR Parts 25 and 95 pertaining to
the protection of Restricted Data and classified National Security
Information at licensee, certificate holder and other facilities. The
proposed amendments were intended to conform NRC regulations to new
national requirements for the protection of and access to classified
National Security Information that were revised by the issuance of the
National Industrial Security Program Operating Manual (NISPOM),
Executive Order (E.O.) 12958, ``Classified National Security
Information,'' dated April 17, 1995, and E.O. 12968, ``Access to
Classified Information,'' dated August 2, 1995. The requirements of 10
CFR Parts 25 and 95, and the sections of Parts 50 and 54 that contain
requirements for access to Restricted Data, were substantially based on
E.O. 12356, dated April 6, 1982, which was superseded by E.O. 12958 and
supplemented by the NISPOM.
The final rule amends the provisions of 10 CFR Parts 25, 50, 54,
and 95 that deal with requirements for access to and protection of
classified information that have been changed or added by the NISPOM or
the Executive Orders with the exception of those requirements related
to personnel security clearance for access to Secret Restricted Data.
The proposed rule would have permitted, in Secs. 25.15 and 95.35,
access to most Secret Restricted Data, other than that defined as
Critical Secret Restricted Data in the NISPOM and its supplement, with
an ``L'' clearance based on a National Agency Check with Inquiries and
Credit Check (NACIC). The Department of Energy (DOE) objected to this
change in their formal comments on the proposed rule. DOE believes
that, pending completion of the Joint DOE/DoD Nuclear Weapons Access
Authorization Review Group determination of what constitutes the most
sensitive Restricted Data, the subsequent review of all classification
guidance to determine if the guidance contains this type of
information, and the upgrading of this information to Top Secret, all
personnel with access to Secret Restricted Data must have a ``Q''
clearance based on a Single Scope Background Investigation (SSBI).
Given DOE's special statutory authorities in establishing controls for
Restricted Data, their views deserve special consideration. However,
because this requirement may exceed the requirements of applicable
National Policy (i.e., the NISPOM), and result in additional costs to
licensees and certificate holders, the NRC has decided to withdraw the
changes to Secs. 25.15 and 95.35 in this final rulemaking and to
republish them separately for additional public comment. This will
provide interested parties an equal opportunity to address the issues
and provide supporting rationale for their recommendations and
comments.
Other aspects of the proposed rule were generally acceptable to all
commenters. Those changes included revised and added definitions such
as Cognizant Security Agency, Classified National Security Information,
Classified Information, Facility Security Clearance, Foreign Ownership,
Control, or Influence as well as numerous amendments to reflect the
fact that the NRC may permit another Cognizant Security Agency (DOE,
DoD, or CIA) to assume some or all of the security oversight functions
at an NRC facility under the requirements of 10 CFR Parts 25 and/or 95
when that agency also has a significant security interest at the
facility (Secs. 25.13, 25.17, 25.19, 25.21, 25.23, 25.25, 25.27, 25.29,
25.33, 95.17, 95.18, 95.19, 95.25, 95.27, 95.29, 95.31, 95.33, 95.37,
95.39, 95.43, 95.47, 95.49, 95.51, 95.53, 95.57 and 95.59). The final
rule addresses the intent of E.O. 12829, ``National Industrial Security
Program,'' to reduce wasteful and inefficient duplicative oversight of
private facilities which have classified interests from more than one
government agency.
The final rule also adopts new requirements in areas where the
Executive Orders or the NISPOM, mandate specific requirements not
included in the previous versions of the rules. These new requirements
include:
Requiring that key management personnel have access authorizations
as well as those employees with access to classified information
(Secs. 95.17 and 95.18);
Permitting reinstatement of an access authorization up to 24 months
after termination instead of the previous 6 months(Sec. 25.29);
Permitting facility security officers to issue visit authorization
letters directly rather than processing authorization requests through
the NRC Division of Security (Sec. 25.35);
Requiring a finding that a facility is not under foreign ownership,
control or influence (Secs. 95.15 and 95.17);
Requiring facility security officers to have specific training
related to their position (Sec. 95.33);
Permitting the use of reinforced steel filing cabinets with
lockbars and key locks for classified information (provided appropriate
supplemental protection is in place during non-working hours)
(Sec. 95.25);
[[Page 17684]]
Changing the security classification markings to conform to E.O.
12958 (Sec. 95.37);
Reducing the accountability requirements for Secret documents
(Sec. 95.41);
Defining procedures for challenging classification decisions that
one believes to be in error (Sec. 95.37);
Allowing for additional methods of transmitting classified
information (Sec. 95.39);
Changing 10 CFR Parts 50 and 54 to refer to current procedures in
10 CFR Parts 25 and/or 95 for access to classified information
(Secs. 50.37 and 54.17); and
Imposing fewer limitations on a facility's authority to reproduce
classified information when operationally necessary (Sec. 95.43).
II. Comments on the Proposed Rule
The Commission received two letters commenting on the proposed
rule, one from Georgia Power Company and one from the DOE. Copies of
the letters are available for public inspection and copying for a fee
at the Commission's Public Document Room, located at 2120 L Street, NW.
(Lower Level), Washington, DC. Both comments support the rulemaking,
but provide recommendations for clarifications and improvements. The
Georgia Power Company recommends that the NRC:
(1) Provide a procedure for the designation of the Cognizant
Security Agency (CSA) for a facility;
(2) Address the Commission's role in ensuring compliance with the
rules of other CSA's;
(3) Reconcile Restricted Data requirements in 10 CFR Parts 50 and
54 of the Commission's regulations with the proposed changes to 10 CFR
Parts 25 and 95; and,
(4) Define when a facility clearance from the Commission is
required. The DOE recommends that the NRC:
(1) Use either ``access authorization'' throughout the rule or
indicate that ``personnel security clearance'' is a synonym for
``access authorization;''
(2) Eliminate the use of the term ``Critical Secret Restricted
Data'' and require all Secret Restricted Data to be protected at the
level required by the February 1995 NISPOM Supplement;
(3) Clarify the definition of ``access authorization'' in
Sec. 25.5;
(4) Clarify the requirements for review of the SF-86 in
Sec. 25.17(e);
(5) Clarify the scope of information to be protected in Sec. 95.3;
(6) Change the term ``survey'' to ``review'' in Sec. 95.17(a)(2);
(7) Clarify the level of access authorization required for senior
management in Sec. 95.18;
(8) Raise the level of protection for Secret Restricted Data in
Sec. 95.25 to the requirements of the NISPOM Supplement;
(9) Eliminate the requirements in Sec. 95.25(c)(2)(v) to change
security container combinations once every 12 months which exceeds the
NISPOM requirements;
(10) Require that documents indicating ``multiple sources'' as the
basis for classification have those sources identified on the record
copy of the document; and,
(11) Require that ``person'' not be referred to as able to possess
a facility clearance in Sec. 95.57.
Comments From Georgia Power
Comment: The commenter stated that ``* * * the proposed rule does
not explain which of these agencies is the appropriate CSA in a given
situation or for a given facility, or who makes that determination.
Conceivably, more than one of the agencies could be the CSA.'' Georgia
Power recommended that the final rule include a more precise definition
of CSA or a procedure for designating a CSA in a given situation.
Response: The definition of a CSA in 10 CFR Parts 25 and 95 has
been changed to reflect that the CSA is the agency that exercises
primary authority for the protection of the classified information at
the facility and is the agency with which the facility interacts in
these matters. The NRC agreement with the DoD and DOE implementing the
National Industrial Security Program clearly indicates that one agency,
the one with the greater security interest as determined between the
agencies, would serve as the CSA and would be the agent of the other
for matters relating to the protection of classified information. The
facility would normally deal directly with the CSA on all issues
related to the protection of classified information at that facility
and the CSA would inform the other agency of issues related to its
security interest.
Comment: With respect to the issue of the Commission's role of
ensuring compliance with the rules of other CSAs, the commenter's
concern was ``* * * how the Commission will be notified regarding
access authorizations requested from another agency. Does an NRC
licensee have an obligation to notify the Commission if it applies to
another CSA for an access authorization?''
Response: Section 25.17 has been revised to require a facility,
with a CSA other than NRC, to advise the NRC when it submits an
individual for an access authorization for access to NRC classified
information. The NRC does not need to be notified when the facility
submits access authorization requests for access to classified
information of the other agency. In keeping with the comment that the
process should be simple, the change merely requires a letter of
request for access to NRC classified information. The NRC must be
involved when access to NRC classified information is requested since
the NRC must make the need-to-know determination. The NRC will handle
any necessary coordination between itself and the CSA.
Comment: The commenter noted an apparent conflict between
Secs. 50.37 and 54.17(g) and other Commission regulations.
Response: The NRC has revised those paragraphs to resolve the
conflict. The NRC has clarified that compliance with 10 CFR Parts 25
and/or 95 satisfies the requirements of Secs. 50.37 and 54.17(g) as
they relate to the protection of classified information.
Comment: The commenter indicated that Sec. 95.15 was unclear on
whether a facility clearance was required under certain circumstances
for licensee activities at other facilities. Specifically, the
commenter stated, ``As revised by the proposed rule, it is unclear
whether 10 CFR 95.15 requires an NRC licensee to obtain a facility
clearance from the Commission in order for employees of that licensee
to `use' or `handle' classified information which is located at a
completely different facility, including facilities subject to the
oversight of another agency. For example, does 10 CFR 95.15 require a
facility clearance from the Commission in order for employees of an NRC
licensed facility to use or handle classified information which is
maintained at a DOE facility? Conversely, does 10 CFR 95.15 require the
NRC to clear the non-NRC licensed facility? Although it does not appear
to be the Commission's intent to require a facility clearance in either
situation, an affirmative statement in this regard would assist in the
implementation of the rule.''
Response: Section 95.15 has been modified to clarify that an NRC
facility clearance is only required for the use or possession of NRC
classified information at the facility. A licensee or other facility
whose personnel are cleared by another agency for access to that
agency's information at another facility does not require a facility
clearance under Sec. 95.15, nor would NRC clear the other facility.
However, it should be clear that if a licensee or other facility has a
facility clearance for NRC classified information and they wish
[[Page 17685]]
another facility (e.g., one of their contractors) to have access to the
NRC classified information at their (the contractor's) facility, that
contractor would require an NRC facility clearance.
Comments From DOE
Comment: DOE had two comments relating to ``access authorization:''
(1) While ``access authorization'' was the commonly used term * * *
``The introduction to the proposed rule references `personnel security
clearance' and some of the language in the text contains variations,
such as `personnel access authorization'. A common term should be used
throughout, or the fact that a personnel security clearance is a
synonym for access authorization established.''
(2) The definition for ``access authorization'' is confusing,
stating that it means an individual is eligible for ``security
clearance for access to classified information.''
Response: The term ``personnel security clearance'' in the
Supplementary section of the final rule, which is an explanatory
section rather than a portion of the rule, has been changed to ``access
authorization.'' The other changes have not been adopted since this is
a recommendation for an editorial change and, in each case where the
terms are used the meaning is clear. The definition of ``access
authorization'' has been used within the NRC industrial security
program since the early 1980's, including at sites with joint DOE
security interests, and within the NRC internal program since the
inception of the agency, without confusion. The only change to the
definition in this rule is to include certificate holders within its
scope.
Comment: The commenter noted that the proposed rule contains the
term ``Critical Restricted Data.'' They state that this term has not
been adopted by any agency and that the level of protection for Secret
Restricted Data was not adequate. Specifically the commenter stated,
``The draft regulation uses the term `Critical Secret Restricted Data.'
This term has not be (sic) implemented by any agency. A review group
was formed to review this issue and has decided not to use this term.
Instead, information will be appropriately upgraded to Top Secret. It
is strongly recommended that NRC not use the term ``Critical Secret
Restricted Data'' in this regulation. Instead we suggest that all
Secret Restricted Data continue to be protected at the NISPOM
supplement level until the critical information has been upgraded to
Top Secret.'' The commenter further states ``The storage requirements
for Secret contained in this(sic) sections are not consistent with the
storage requirements for Secret Restricted Data in the NISPOM
supplement.''
Response: Because of DOE's statutory responsibilities for the
protection of Restricted Data, the potential economic impact on
licensees and certificate holders and possible discrepancies with the
requirements of the NISPOM, NRC is withdrawing the changes to
Secs. 25.15 and 95.35 which deal with the level of clearance/type of
background investigation required for access to Secret Restricted Data
and will republish those changes separately for public comment.
Additionally, although the term ``Critical Secret Restricted Data'' is
defined in and the security requirements for it are specified in
Chapter 9, ``Restricted Data,'' of the NISPOM Supplement, dated
February 1995, the Supplement also indicates that a Joint DOE/DoD
Nuclear Weapons Access Authorization Group is reviewing this issue and
that there are ongoing efforts by the DOE and DoD to revise the
requirements reflected in the Supplement. Because that group has
decided not to use the term ``Critical Restricted Data,'' it has been
removed from Sec. 95.31(b) and a description of the information it was
intended to protect has been substituted. However, because the level of
physical protection required for Secret Restricted Data in the proposed
rule is essentially the same as the requirements of the current, long
standing Part 95, and those requirements appear to meet the
requirements of the NISPOM, it is difficult for the NRC to justify
increasing its physical security requirements for all Secret Restricted
Data, at increased financial and administrative burden to licensees and
certificate holders at this time. However, if new policies for
Restricted Data are approved and issued the NRC, at that time, will
consider revising its regulations to reflect the new policies.
Comment: The commenter questioned whether Sec. 25.17(e) requires a
licensee/contractor to review Part 2 of the SF-86.
Response: It is not the intent of this section that personnel at a
licensee, certificate holder, or other facility review Part 2 of the
SF-86, nor has it been NRC practice that this occur. The NRC's
instructions for completing the SF-86 explicitly state that Part 2 of
the SF-86 is to be placed in a sealed envelope by the individual
completing the form and that the envelope is to be forwarded to the NRC
unopened. Section 25.17(d)(1)(i) has been clarified to ensure that
these requirements are clear.
Comment: The commenter is concerned that Sec. 95.3 does not include
Formerly Restricted Data.
Response: While Formerly Restricted Data (FRD), information related
primarily to the military use of atomic weapons, is rare in the NRC
program, the NRC agrees that its regulations should clearly address all
forms of classified information. Section 95.3 has been revised
accordingly.
Comment: The commenter is concerned that the term ``security
survey'' is used in 10 CFR Part 95 instead of the NISPOM term
``security review.''
Response: The term ``survey'' in Secs. 95.17(a)(2) and 95.59 has
been changed to ``review.''
Comment: The commenter is concerned that Sec. 95.18 is not
sufficiently clear about the level of access authorizations required
for senior management. Specifically, the commenter states, ``Senior
management cannot be cleared to the ``level of the facility'' by NRC,
as NRC can only grant ``Q'' and ``L'' access authorizations, and
facilities are classified as Secret, Top Secret, etc. Perhaps senior
management could be cleared to a level commensurate with that of the
facility clearance.''
Response: Section 95.18 has been revised to reflect that senior
management will be cleared to a level commensurate with that of the
facility clearance.
Comment: The commenter is concerned that the requirement to change
security container combinations once every 12 months exceeds the
requirements of the NISPOM.
Response: Section 95,25(c)(2)(v) has been deleted, eliminating this
requirement.
Comment: The commenter is concerned that documents classified from
multiple sources will not have an adequate record of what those sources
were. Specifically, the commenter states, ``Suggest a sentence be added
to indicate that on a document marked `multiple sources' that the
multiple sources must be identified in the records copy of the
document.''
Response: The suggested revision is already contained in
Sec. 95.37(c)(1)(iv).
Comment: The commenter is concerned about the use of the term
``person'' in association with a facility clearance and that the
definition of facility clearance should be more detailed.
Response: It is clear from the definitions and the context that any
possessor of a facility clearance is obligated to immediately report
certain types of information. The definition
[[Page 17686]]
``facility (security) clearance'' is a verbatim extract from the NISPOM
and the definition of ``person'' used in Part 95 is similarly defined
throughout 10 CFR and has been used for many years without confusion as
to its meaning.
III. The Final Rule
With the exception of the items addressed under ``Comments on the
Proposed Rule'' and a slight change to the definition of ``Visit
Authorization Letter'' in Sec. 25.5, the final rule is the same as the
proposed rule. The specific changes from the proposed rule are--
The proposed revisions to Secs. 25.15 and 95.35 have been
withdrawn;
The definition of ``CSA'' in 10 CFR Parts 25 and 95 has been
revised to reflect that the CSA is the agency which exercises primary
authority for the protection of the classified information at the
facility and is the agency with which the facility interacts in these
matters;
The definition of ``Visit Authorization Letter'' in Sec. 25.5 has
been revised to clarify that such a letter is only required for
information specifically related to the license, certificate, or other
NRC program at the facility;
Section 25.17 has been amended to require a facility, with a CSA
other than NRC, to advise the NRC when it submits an individual for an
access authorization for access to NRC classified information, but not
when the facility submits access authorization requests for access to
the classified information of the other agency;
Section 95.31(b) has been revised to delete the term ``Critical
Secret Restricted Data'' and replace it with a generic description of
the type of data it was intended to protect;
Section 25.17(d)(1)(i) has been modified to clarify that facility
security personnel are not to review Part 2 of the SF-86;
Sections 50.37 and 54.17(g) have been amended to clarify that
compliance with 10 CFR Parts 25 and/or 95 satisfies the requirements of
10 CFR Parts 50 and 54;
Section 95.3 has been modified to include Formerly Restricted Data
within its scope;
Section 95.15 has been modified to clarify that an NRC facility
clearance is only required for the use or possession of NRC classified
information at the facility;
Sections 95.17(a)(2) and 95.59 have been revised to change
``survey'' to ``review'';
Section 95.18 has been revised to reflect that senior management
will be cleared to a level commensurate with the facility clearance
rather than ``to the level of'' the facility clearance; and,
Section 95.25 has been revised to eliminate the requirement for
changing security container combinations once every twelve months.
Small Business Regulatory Enforcement Fairness Act
In accordance with the Small Business Regulatory Enforcement
Fairness Act of 1996, the NRC has determined that this action is not a
major rule and has verified this determination with the Office of
Information and Regulatory Affairs of OMB.
Environmental Impact: Categorical Exclusion
The NRC has determined that this final rule is the type of action
described in categorical exclusion 10 CFR 51.22(c)(2). Therefore,
neither an environmental impact statement nor an environmental
assessment has been prepared for this final rule.
Paperwork Reduction Act Statement
This final rule amends information collection requirements that are
subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501, et
seq.). These requirements were approved by the Office of Management and
Budget, approval numbers 3150-0046, 3150-0047, and 3150-0050.
The public reporting burden for this collection of information is
estimated to average .5 hours per response, including the time for
reviewing instructions, searching existing data sources, gathering and
maintaining the data needed, and completing and reviewing the
collection of information.
Send comments on any aspect of this collection of information,
including suggestions for reducing the burden, to the Information and
Records Management Branch (T-6 F33), U.S. Nuclear Regulatory
Commission, Washington, DC 20555-0001, or by Internet electronic mail
at [email protected]; and to the Desk Officer, Office of Information and
Regulatory Affairs, NEOB-10202, (3150-0046, -0047 and -0050), Office of
Management and Budget, Washington, DC 20503.
Public Protection Notification
The NRC may not conduct or sponsor, and a person is not required to
respond to, a collection of information unless it displays a currently
valid OMB control number.
Regulatory Analysis
The Commission has prepared a regulatory analysis for this final
regulation. The analysis examines the costs and benefits of the
alternatives considered by the Commission. Interested persons may
examine a copy of the regulatory analysis at the NRC Public Document
Room, 2120 L Street, NW. (Lower Level), Washington, DC. Single copies
of the analysis may be obtained from Duane G. Kidd, Division of
Security, Office of Administration, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, telephone (301) 415-7403.
Regulatory Flexibility Certification
As required by the Regulatory Flexibility Act of 1980 (5 U.S.C.
605(b)), the Commission certifies that this rule does not have a
significant economic impact upon a substantial number of small
entities. The NRC carefully considered the effect on small entities in
developing this final rule on the protection of classified information
and has determined that none of the facilities affected by this rule
would qualify as a small entity under the NRC's size standards (10 CFR
2.810).
Backfit Analysis
The NRC has determined that the backfit rule, 10 CFR 50.109,
applies to this rulemaking initiative because it falls within the
criteria of 10 CFR Part 50.109(a)(1), but that a backfit analysis is
not required because this rulemaking qualifies for exemption under 10
CFR 50.109(a)(4)(iii) that reads ``That the regulatory action involves
* * * redefining what level of protection to the * * * common defense
and security should be regarded as adequate.''
List of Subjects
10 CFR Part 25
Classified information, Criminal penalties, Investigations,
Reporting and recordkeeping requirements, Security measures.
10 CFR Part 50
Antitrust, Classified information, Criminal penalties, Fire
protection, Intergovernmental relations, Nuclear power plants and
reactors, Radiation protection, Reactor siting criteria, Reporting and
recordkeeping requirements.
10 CFR Part 54
Administrative practice and procedure, Aging management review,
Backfitting, Classified information, Criminal penalties, Nuclear power
plants and reactors, Reporting and recordkeeping requirements.
[[Page 17687]]
10 CFR Part 95
Classified information, Criminal penalties, Reporting and
recordkeeping requirements, Security measures.
For the reasons set out in the preamble and under the authority of
the Atomic Energy Act of 1954, as amended, the Energy Reorganization
Act of 1974, as amended, and 5 U.S.C. 552 and 553, the NRC is adopting
the following amendments to 10 CFR Parts 25, 50, 54 and 95.
PART 25--ACCESS AUTHORIZATION FOR LICENSEE PERSONNEL
1. The authority citation for Part 25 is revised to read as
follows:
Authority: Secs. 145, 161, 68 Stat. 942, 948, as amended (42
U.S.C. 2165, 2201); sec. 201, 88 Stat. 1242, as amended (42 U.S.C.
5841); E.O. 10865, as amended, 3 CFR 1959--1963 Comp., p. 398 (50
U.S.C. 401, note); E.O. 12829, 3 CFR, 1993 Comp., p. 570; E.O.
12958, 3 CFR, 1995 Comp., p. 333; E.O. 12968, 3 CFR, 1995 Comp., p.
396.
Appendix A also issued under 96 Stat. 1051 (31 U.S.C. 9701).
2. Section 25.1 is revised to read as follows:
Sec. 25.1 Purpose.
The regulations in this part establish procedures for granting,
reinstating, extending, transferring, and terminating access
authorizations of licensee personnel, licensee contractors or agents,
and other persons (e.g., individuals involved in adjudicatory
procedures as set forth in 10 CFR Part 2, subpart I) who may require
access to classified information.
3. Section 25.3 is revised to read as follows:
Sec. 25.3 Scope.
The regulations in this part apply to licensees and others who may
require access to classified information related to a license or an
application for a license.
4. Section 25.5 is amended by revising the definitions Access
authorization and Need-to-know and by adding the definitions of
Certificate holder, Classified information, Classified National
Security Information, Cognizant Security Agency, and Visit
authorization letters in alphabetical order to read as follows:
Sec. 25.5 Definitions.
Access authorization means an administrative determination that an
individual (including a consultant) who is employed by or an applicant
for employment with the NRC, NRC contractors, agents, licensees and
certificate holders, or other person designated by the Executive
Director for Operations, is eligible for a security clearance for
access to classified information.
* * * * *
Certificate holder means a facility operating under the provisions
of Parts 71 or 76 of this chapter.
Classified information means either classified National Security
Information, Restricted Data, or Formerly Restricted Data or any one of
them. It is the generic term for information requiring protection in
the interest of National Security whether classified under an Executive
Order or the Atomic Energy Act.
Classified National Security Information means information that has
been determined pursuant to E.O. 12958 or any predecessor order to
require protection against unauthorized disclosure and that is so
designated.
Cognizant Security Agency (CSA) means agencies of the Executive
Branch that have been authorized by E.O. 12829 to establish an
industrial security program for the purpose of safeguarding classified
information under the jurisdiction of those agencies when disclosed or
released to U.S. industry. These agencies are the Department of
Defense, the Department of Energy, the Central Intelligence Agency, and
the Nuclear Regulatory Commission. A facility has a single CSA which
exercises primary authority for the protection of classified
information at the facility. The CSA for the facility provides security
representation for other government agencies with security interests at
the facility. The Secretary of Defense has been designated as Executive
Agent for the National Industrial Security Program.
* * * * *
Need-to-know means a determination made by an authorized holder of
classified information that a prospective recipient requires access to
specific classified information to perform or assist in a lawful and
authorized governmental function under the cognizance of the
Commission.
* * * * *
Visit authorization letters (VAL) means a letter, generated by a
licensee, certificate holder or other organization under the
requirements of 10 CFR Parts 25 and/or 95, verifying the need-to-know
and access authorization of an individual from that organization who
needs to visit another authorized facility for the purpose of
exchanging or acquiring classified information related to the license.
5. In Sec. 25.8, paragraphs (a) and (b) are revised to read as
follows:
Sec. 25.8 Information collection requirements: OMB approval.
(a) The Nuclear Regulatory Commission has submitted the information
collection requirements contained in this part to the Office of
Management and Budget (OMB) for approval as required by the Paperwork
Reduction Act (44 U.S.C. 3501 et seq.). The NRC may not conduct or
sponsor and a person is not required to respond to a collection of
information unless it displays a currently valid OMB control number.
OMB has approved the information collection requirements contained in
this part under control number 3150-0046.
(b) The approved information collection requirements contained in
this part appear in Secs. 25.11, 25.17, 25.21, 25.23, 25.25, 25.27,
25.29, 25.31, 25.33, and 25.35.
* * * * *
6. In Sec. 25.13, paragraph (a) is revised to read as follows:
Sec. 25.13 Maintenance of records.
(a) Each licensee or organization employing individuals approved
for personnel security access authorization under this part, shall
maintain records as prescribed within the part. These records are
subject to review and inspection by CSA representatives during security
reviews.
* * * * *
7. Section 25.17 is revised to read as follows:
Sec. 25.17 Approval for processing applicants for access
authorization.
(a) Access authorizations must be requested for licensee employees
or other persons (e.g., 10 CFR Part 2, subpart I) who need access to
classified information in connection with activities under 10 CFR parts
50, 52, 54, 70, 72, or 76.
(b) The request must be submitted to the facility CSA. If the NRC
is the CSA, the procedures in Sec. 25.17 (c) and (d) will be followed.
If the NRC is not the CSA, the request will be submitted to the CSA in
accordance with procedures established by the CSA. The NRC will be
notified of the request by a letter that includes the name, Social
Security number and level of access authorization.
(c) The request must include a completed personnel security packet
(see Sec. 25.17(d)) and request form (NRC Form 237) signed by a
licensee, licensee contractor official, or other authorized person.
(d)(1) Each personnel security packet submitted must include the
following completed forms:
[[Page 17688]]
(i) Questionnaire for National Security Positions (SF-86, Parts 1
and 2) (Part 2 is to be completed by the applicant and placed in a
sealed envelope which is to be forwarded to NRC unopened. No licensee,
licensee contractor official, or other person at a facility is
permitted to review Part 2 information);
(ii) Two standard fingerprint cards (FD-258);
(iii) Security Acknowledgment (NRC Form 176); and
(iv) Other related forms where specified in accompanying
instructions (NRC Form 254).
(2) Only a Security Acknowledgment (NRC Form 176) need be completed
by any person possessing an active access authorization, or who is
being processed for an access authorization, by another Federal agency.
The active or pending access authorization must be at an equivalent
level to that required by the NRC and be based on an adequate
investigation not more than five years old.
(e) To avoid delays in processing requests for access
authorizations, each security packet should be reviewed for
completeness and correctness (including legibility of response on the
forms) before submittal.
(f) Applications for access authorization or access authorization
renewal processing that are submitted to the NRC for processing must be
accompanied by a check or money order, payable to the United States
Nuclear Regulatory Commission, representing the current cost for the
processing of each ``Q'' and ``L'' access authorization, or renewal
request. Access authorization and access authorization renewal fees
will be published each time the Office of Personnel Management notifies
the NRC of a change in the rates it charges the NRC for the conduct of
investigations. Any changed access authorization or access
authorization renewal fees will be applicable to each access
authorization or access authorization renewal request received upon or
after the date of publication. Applications from individuals having
current Federal access authorizations may be processed more
expeditiously and at less cost, since the Commission may accept the
certification of access authorization and investigative data from other
Federal Government agencies that grant personnel access authorizations.
8. Section 25.19 is revised to read as follows:
Sec. 25.19 Processing applications.
Each application for access authorization or access authorization
renewal must be submitted to the CSA. If the NRC is the CSA, the
application and its accompanying fee must be submitted to the NRC
Division of Security. If necessary, the NRC Division of Security may
obtain approval from the appropriate Commission office exercising
licensing or regulatory authority before processing the access
authorization or access authorization renewal request. If the applicant
is disapproved for processing, the NRC Division of Security shall
notify the submitter in writing and return the original application
(security packet) and its accompanying fee.
9. Section 25.21 is revised to read as follows:
Sec. 25.21 Determination of initial and continued eligibility for
access authorization.
(a) Following receipt by the CSA of the reports of the personnel
security investigations, the record will be reviewed to determine that
granting an access authorization or renewal of access authorization
will not endanger the common defense and security and is clearly
consistent with the national interest. If this determination is made,
access authorization will be granted or renewed. If the NRC is the CSA,
questions as to initial or continued eligibility will be determined in
accordance with Part 10 of Chapter I. If another agency is the CSA,
that agency will, under the requirements of the NISPOM, have
established procedures at the facility to resolve questions as to
initial or continued eligibility for access authorization. These
questions will be determined in accordance with established CSA
procedures already in effect for the facility.
(b) The CSA must be promptly notified of developments that bear on
continued eligibility for access authorization throughout the period
for which the authorization is active (e.g., persons who marry
subsequent to the completion of a personnel security packet must report
this change by submitting a completed NRC Form 354, ``Data Report on
Spouse'' or equivalent CSA form).
(c)(1) Except as provided in paragraph (c)(2) of this section, NRC
``Q'' and ``L'' access authorizations must be renewed every five years
from the date of issuance. An application for renewal must be submitted
at least 120 days before the expiration of the five year period, and
must include:
(i) A statement by the licensee or other person that the individual
continues to require access to classified National Security Information
or Restricted Data; and
(ii) A personnel security packet as described in Sec. 25.17(d).
(2) Renewal applications and the required paperwork are not
required for individuals who have a current and active access
authorization from another Federal agency and who are subject to a
reinvestigation program by that agency that is determined by the NRC to
meet the NRC's requirements. (The DOE Reinvestigation Program has been
determined to meet the NRC's requirements). For these individuals, the
submission of the SF-86 by the licensee or other person to the other
government agency pursuant to their reinvestigation requirements will
satisfy the NRC renewal submission and paperwork requirements, even if
less than five years has passed since the date of issuance or renewal
of the NRC ``Q'' or ``L'' access authorization. Any NRC access
authorization continued in response to the provisions of this paragraph
will, thereafter, not be due for renewal until the date set by the
other government agency for the next reinvestigation of the individual
pursuant to the other agency's reinvestigation program. However, the
period of time for the initial and each subsequent NRC ``Q'' or NRC
``L'' renewal application to the NRC may not exceed seven years. Any
individual who is subject to the reinvestigation program requirements
of another Federal agency but, for administrative or other reasons,
does not submit reinvestigation forms to that agency within seven years
of the previous submission, shall submit a renewal application to the
NRC using the forms prescribed in Sec. 25.17(d) before the expiration
of the seven-year period.
(3) If the NRC is not the CSA, reinvestigation program procedures
and requirements will be set by the CSA.
10. Section 25.23 is revised to read as follows:
Sec. 25.23 Notification of grant of access authorization.
The determination to grant or renew access authorization will be
furnished in writing to the licensee or organization that initiated the
request. Upon receipt of the notification of original grant of access
authorization, the licensee or organization shall obtain, as a
condition for grant of access authorization and access to classified
information, an executed ``Classified Information Nondisclosure
Agreement'' (SF-312) from the affected individual. The SF-312 is an
agreement between the United States and an individual who is cleared
for access to classified information. An employee issued an initial
access authorization shall execute a SF-312 before being granted access
to classified
[[Page 17689]]
information. The licensee or other organization shall forward the
executed SF-312 to the CSA for retention. If the employee refuses to
execute the SF-312, the licensee or other organization shall deny the
employee access to classified information and submit a report to the
CSA. The SF-312 must be signed and dated by the employee and witnessed.
The employee's and witness' signatures must bear the same date. The
individual shall also be given a security orientation briefing in
accordance with Sec. 95.33 of this chapter. Records of access
authorization grant and renewal notification must be maintained by the
licensee or other organization for three years after the access
authorization has been terminated by the CSA. This information may also
be furnished to other representatives of the Commission, to licensees,
contractors, or other Federal agencies. Notifications of access
authorization will not be given in writing to the affected individual
except:
(a) In those cases in which the determination was made as a result
of a Personnel Security Hearing or by Personnel Security Review
Examiners; or
(b) When the individual also is the official designated by the
licensee or other organization to whom written NRC notifications are
forwarded.
11. Section 25.25 is revised to read as follows:
Sec. 25.25 Cancellation of requests for access authorization.
When a request for an individual's access authorization or renewal
of access authorization is withdrawn or canceled, the requestor shall
notify the CSA immediately by telephone so that the full field
investigation, National Agency Check with Credit Investigation, or
other personnel security action may be discontinued. The requestor
shall identify the full name and date of birth of the individual, the
date of request, and the type of access authorization or access
authorization renewal requested. The requestor shall confirm each
telephone notification promptly in writing.
12. Section 25.27 is revised to read as follows:
Sec. 25.27 Reopening of cases in which requests for access
authorizations are canceled.
(a) In conjunction with a new request for access authorization (NRC
Form 237 or CSA equivalent) for individuals whose cases were previously
canceled, new fingerprint cards (FD-257) in duplicate and a new
Security Acknowledgment (NRC Form 176), or CSA equivalents, must be
furnished to the CSA along with the request.
(b) Additionally, if 90 days or more have elapsed since the date of
the last Questionnaire for Sensitive Positions (SF-86), or CSA
equivalent, the individual must complete a personnel security packet
(see Sec. 25.17(d)). The CSA, based on investigative or other needs,
may require a complete personnel security packet in other cases as
well. A fee, equal to the amount paid for an initial request, will be
charged only if a new or updating investigation by the NRC is required.
13. Section 25.29 is revised to read as follows:
Sec. 25.29 Reinstatement of access authorization.
(a) An access authorization can be reinstated provided that:
(1) No more than 24 months has lapsed since the date of termination
of the clearance;
(2) There has been no break in employment with the employer since
the date of termination of the clearance;
(3) There is no known adverse information;
(4) The most recent investigation must not exceed 5 years (Top
Secret, Q) or 10 years (Secret, L); and
(5) The most recent investigation must meet or exceed the scope of
the investigation required for the level of access authorization that
is to be reinstated or granted.
(b) An access authorization can be reinstated at the same, or
lower, level by submission of a CSA-designated form to the CSA. The
employee may not have access to classified information until receipt of
written confirmation of reinstatement and an up-to-date personnel
security packet will be furnished with the request for reinstatement of
an access authorization. A new Security Acknowledgment will be obtained
in all cases. Where personnel security packets are not required, a
request for reinstatement must state the level of access authorization
to be reinstated and the full name and date of birth of the individual
to establish positive identification. A fee, equal to the amount paid
for an initial request, will be charged only if a new or updating
investigation by the NRC is required.
14. In Sec. 25.31, paragraphs (a) and (c) are revised to read as
follows:
Sec. 25.31 Extensions and transfers of access authorizations.
(a) The NRC Division of Security may, on request, extend the
authorization of an individual who possesses an access authorization in
connection with a particular employer or activity, to permit access to
classified information in connection with an assignment with another
employer or activity.
* * * * *
(c) Requests for extension or transfer of access authorization must
state the full name of the person, his date of birth and level of
access authorization. The Director, Division of Security, may require a
new personnel security packet (see Sec. 25.17(c)) to be completed by
the applicant. A fee, equal to the amount paid for an initial request,
will be charged only if a new or updating investigation by the NRC is
required.
* * * * *
15. Section 25.33 is revised to read as follows:
Sec. 25.33 Termination of access authorizations.
(a) Access authorizations will be terminated when:
(1) Access authorization is no longer required;
(2) An individual is separated from the employment or the activity
for which he obtained an access authorization for a period of 90 days
or more; or
(3) An individual, pursuant to 10 CFR part 10 or other CSA approved
adjudicatory standards, is no longer eligible for access authorization.
(b) A representative of the licensee or other organization that
employs the individual whose access authorization will be terminated
shall immediately notify the CSA when the circumstances noted in
paragraph (a)(1) or (a)(2) of this section exist; inform the individual
that his access authorization is being terminated, and the reason; and
that he will be considered for reinstatement of access authorization if
he resumes work requiring it.
(c) When an access authorization is to be terminated, a
representative of the licensee or other organization shall conduct a
security termination briefing of the individual involved, explain the
Security Termination Statement (NRC Form 136 or CSA approved form) and
have the individual complete the form. The representative shall
promptly forward the original copy of the completed Security
Termination Statement to CSA.
16. Section 25.35 is revised to read as follows:
Sec. 25.35 Classified visits.
(a) The number of classified visits must be held to a minimum. The
licensee, certificate holder, or other facility shall determine that
the visit is necessary and that the purpose of the visit cannot be
achieved without access
[[Page 17690]]
to, or disclosure of, classified information. All classified visits
require advance notification to, and approval of, the organization to
be visited. In urgent cases, visit information may be furnished by
telephone and confirmed in writing.
(b) Representatives of the Federal Government, when acting in their
official capacities as inspectors, investigators, or auditors, may
visit a licensee, certificate holder or other's facility without
furnishing advanced notification, provided these representatives
present appropriate government credentials upon arrival. Normally,
however, Federal representatives will provide advance notification in
the form of an NRC Form 277, ``Request for Visit or Access Approval,''
with the ``need-to-know'' certified by the appropriate NRC office
exercising licensing or regulatory authority and verification of NRC
access authorization by the Division of Security.
(c) The licensee, certificate holder, or others shall include the
following information in all Visit Authorization Letters (VAL) which
they prepare.
(1) Visitor's name, address, and telephone number and certification
of the level of the facility security clearance;
(2) Name, date and place of birth, and citizenship of the
individual intending to visit;
(3) Certification of the proposed visitor's personnel clearance and
any special access authorizations required for the visit;
(4) Name of person(s) to be visited;
(5) Purpose and sufficient justification for the visit to allow for
a determination of the necessity of the visit; and
(6) Date or period during which the VAL is to be valid.
(d) Classified visits may be arranged for a 12 month period. The
requesting facility shall notify all places honoring these visit
arrangements of any change in the individual's status that will cause
the visit request to be canceled before its normal termination date.
(e) The responsibility for determining need-to-know in connection
with a classified visit rests with the individual who will disclose
classified information during the visit. The licensee, certificate
holder or other facility shall establish procedures to ensure positive
identification of visitors before the disclosure of any classified
information.
PART 50--DOMESTIC LICENSING OF PRODUCTION AND UTILIZATION
FACILITIES
17. The authority citation for Part 50 is revised to read as
follows:
Authority: Secs. 102, 103, 104, 105, 161, 182, 183, 186, 189, 68
Stat. 936, 937, 938, 948, 953, 954, 955, 956, as amended, sec. 234,
83 Stat. 1244, as amended (42 U.S.C. 2132, 2133, 2134, 2135, 2201,
2232, 2233, 2236, 2239, 2282); secs. 201, as amended, 202, 206, 88
Stat. 1242, as amended, 1244, 1246 (42 U.S.C. 5841, 5842, 5846),
E.O. 12829, 3 CFR, 1993 Comp., p. 570; E.O. 12958, as amended, 3
CFR, 1995 Comp., p. 333; E.O. 12968, 3 CFR, 1995 Comp., p. 391.
Section 50.7 also issued under Pub. L. 95-601, sec. 10, 92 Stat.
2951 (42 U.S.C. 5851). Section 50.10 also issued under secs. 101,
185, 68 Stat. 955 as amended (42 U.S.C. 2131, 2235), sec. 102, Pub.
L. 91-190, 83 Stat. 853 (42 U.S.C. 4332). Sections 50.13, 50.54(dd),
and 50.103 also issued under sec. 108, 68 Stat. 939, as amended (42
U.S.C. 2138). Sections 50.23, 50.35, 50.55, and 50.56 also issued
under sec. 185, 68 Stat. 955 (42 U.S.C. 2235). Sections 50.33a,
50.55a and Appendix Q also issued under sec. 102, Pub. L. 91-190, 83
Stat. 853 (42 U.S.C. 4332). Sections 50.34 and 50.54 also issued
under sec. 204, 88 Stat. 1245 (42 U.S.C. 5844). Sections 50.58,
50.91, and 50.92 also issued under Pub. L. 97-415, 96 Stat. 2073 (42
U.S.C. 2239). Section 50.78 also issued under sec. 122, 68 Stat. 939
(42 U.S.C. 2152). Sections 50.80--50.81 also issued under sec. 184,
68 Stat. 954, as amended (42 U.S.C. 2234). Appendix F also issued
under sec. 187, 68 Stat. 955 (42 U.S.C 2237).
18. Section 50.37 is revised to read as follows:
Sec. 50.37 Agreement limiting access to Classified Information.
As part of its application and in any event before the receipt of
Restricted Data or classified National Security Information or the
issuance of a license or construction permit, the applicant shall agree
in writing that it will not permit any individual to have access to or
any facility to possess Restricted Data or classified National Security
Information until the individual and/or facility has been approved for
such access under the provisions of 10 CFR Parts 25 and/or 95. The
agreement of the applicant in this regard shall be deemed part of the
license or construction permit, whether so stated therein or not.
PART 54--REQUIREMENTS FOR RENEWAL OF OPERATING LICENSES FOR NUCLEAR
POWER PLANTS
19. The authority citation for Part 54 is revised to read as
follows:
Authority: Secs. 102, 103, 104, 161, 181, 182, 183, 186, 189, 68
Stat. 936, 937, 938, 948, 953, 954, 955, as amended, sec. 234, 83
Stat. 1244, as amended (42 U.S.C. 2132, 2133, 2134, 2135, 2201,
2232, 2233, 2236, 2239, 2282); secs 201, 202, 206, 88 Stat. 1242,
1244, as amended (42 U.S.C. 5841, 5842), E.O. 12829, 3 CFR, 1993
Comp., p. 570; E.O. 12958, as amended, 3 CFR, 1995 Comp., p. 333;
E.O. 12968, 3 CFR, 1995 Comp., p. 391.
20. In Sec. 54.17, paragraph (g) is revised to read as follows:
Sec. 54.17 Filing of application.
* * * * *
(g) As part of its application, and in any event before the receipt
of Restricted Data or classified National Security Information or the
issuance of a renewed license, the applicant shall agree in writing
that it will not permit any individual to have access to or any
facility to possess Restricted Data or classified National Security
Information until the individual and/or facility has been approved for
such access under the provisions of 10 CFR Parts 25 and/or 95. The
agreement of the applicant in this regard shall be deemed part of the
renewed license, whether so stated therein or not.
PART 95--SECURITY FACILITY APPROVAL AND SAFEGUARDING OF NATIONAL
SECURITY INFORMATION AND RESTRICTED DATA
21. The authority citation for Part 95 is revised to read as
follows:
Authority: Secs. 145, 161, 193, 68 Stat. 942, 948, as amended
(42 U.S.C. 2165, 2201); sec. 201, 88 Stat. 1242, as amended (42
U.S.C. 5841); E.O. 10865, as amended, 3 CFR 1959-1963 COMP., p. 398
(50 U.S.C. 401, note); E.O. 12829, 3 CFR, 1993 Comp., p. 570; E.O.
12958, as amended, 3 CFR, 1995 Comp., p. 333; E.O. 12968, 3 CFR,
1995 Comp., p. 391.
22. Section 95.1 is revised to read as follows:
Sec. 95.1 Purpose.
The regulations in this part establish procedures for obtaining
security facility approval and for safeguarding Secret and Confidential
National Security Information and Restricted Data received or developed
in conjunction with activities licensed, certified or regulated by the
Commission. This part does not apply to Top Secret information because
Top Secret information may not be forwarded to licensees, certificate
holders, or others within the scope of an NRC license or certificate.
23. Section 95.3 is revised to read as follows:
Sec. 95.3 Scope.
The regulations in this part apply to licensees, certificate
holders and others regulated by the Commission who may require access
to classified National Security Information and/or Restricted
[[Page 17691]]
Data and/or Formerly Restricted Data (FRD) that is used, processed,
stored, reproduced, transmitted, transported, or handled in connection
with a license or certificate or an application for a license or
certificate.
24. In Sec. 95.5, the definitions for Authorized classifier,
National Security Information, NRC access authorization, Security
facility approval, and Security survey are removed and the definitions
Classified mail address, Infraction, and Need-to-know are revised and
the definitions Access authorization, Classified National Security
Information, Classified shipping address, Closed area, Cognizant
Security Agency, Facility (Security) clearance, Foreign ownership
control or influence, Restricted area, Security reviews, Supplemental
Protection and Violation are added in alphabetical order to read as
follows:
Sec. 95.5 Definitions.
Access authorization means an administrative determination that an
individual (including a consultant) who is employed by or an applicant
for employment with the NRC, NRC contractors, agents, licensees and
certificate holders, or other person designated by the Executive
Director for Operations, is eligible for a security clearance for
access to classified information.
* * * * *
Classified mail address means a mail address established for each
facility approved by the NRC, to which all classified information for
the facility is to be sent.
* * * * *
Classified National Security Information means information that has
been determined pursuant to E.O. 12958 or any predecessor order to
require protection against unauthorized disclosure and that is so
designated.
Classified shipping address means an address established for a
facility, approved by the NRC to which classified material that cannot
be transmitted as normal mail is to be sent.
Closed area means an area that meets the requirements of the CSA,
for the purpose of safeguarding classified material that, because of
its size, nature, or operational necessity, cannot be adequately
protected by the normal safeguards or stored during nonworking hours in
approved containers.
Cognizant Security Agency (CSA) means agencies of the Executive
Branch that have been authorized by E.O. 12829 to establish an
industrial security program for the purpose of safeguarding classified
information under the jurisdiction of those agencies when disclosed or
released to U.S. industry. These agencies are the Department of
Defense, the Department of Energy, the Central Intelligence Agency, and
the Nuclear Regulatory Commission. A facility has a single CSA which
exercises primary authority for the protection of classified
information at the facility. The CSA for the facility provides security
representation for other government agencies with security interests at
the facility. The Secretary of Defense has been designated as Executive
Agent for the National Industrial Security Program.
* * * * *
Facility (Security) Clearance (FCL) means an administrative
determination that, from a security viewpoint, a facility is eligible
for access to classified information of a certain category (and all
lower categories).
Foreign ownership, control, or influence (FOCI) means a foreign
interest has the power, direct or indirect, whether or not exercised,
and whether or not exercisable through the ownership of a U.S.
company's securities, by contractual arrangements or other means, to
direct or decide matters affecting the management or operations of that
company in a manner which may result in unauthorized access to
classified information or may affect adversely the performance of
classified contracts.
Infraction means any knowing, willful, or negligent action contrary
to the requirements of E.O. 12958, or its implementing directives, that
does not comprise a ``violation,'' as defined in this section.
* * * * *
Need-to-know means a determination made by an authorized holder of
classified information that a prospective recipient requires access to
specific classified information in order to perform or assist in a
lawful and authorized governmental function under the cognizance of the
Commission.
* * * * *
Restricted area means a controlled access area established to
safeguard classified material, that because of its size or nature,
cannot be adequately protected during working hours by the usual
safeguards, but that is capable of being stored during non-working
hours in an approved repository or secured by other methods approved by
the CSA.
* * * * *
Security reviews means aperiodic security reviews of cleared
facilities conducted to ensure that safeguards employed by licensees
and others are adequate for the protection of classified information.
Supplemental protection means additional security procedures such
as intrusion detection systems, security guards, and access control
systems.
Violation means any knowing, willful, or negligent action that
could reasonably be expected to result in an unauthorized disclosure of
classified information or any knowing, willful, or negligent action to
classify or continue the classification of information contrary to the
requirements of E.O. 12958 or its implementing directives.
25. Section 95.8 is revised to read as follows:
Sec. 95.8 Information collection requirements: OMB approval.
(a) The Nuclear Regulatory Commission has submitted the information
collection requirements contained in this part to the Office of
Management and Budget (OMB) for approval as required by the Paperwork
Reduction Act (44 U.S.C. 3501 et seq.). The NRC may not conduct or
sponsor and a person is not required to respond to a collection of
information unless it displays a currently valid OMB control number.
OMB has approved the information collection requirements contained in
this part under control number 3150-0047.
(b) The approved information collection requirements contained in
this part appear in Secs. 95.11, 95.15, 95.18, 95.19, 95.21, 95.25,
95.29, 95.33, 95.36, 95.37, 95.39, 95.41, 95.43, 95.45, 95.47, 95.53
and 95.57.
26. In Sec. 95.13, paragraph (a) is revised to read as follows:
Sec. 95.13 Maintenance of records.
(a) Each licensee, certificate holder or other person granted
facility clearance under this part shall maintain records as prescribed
within the part. These records are subject to review and inspection by
CSA representatives during security reviews.
* * * * *
27. In Sec. 95.15, the section heading and paragraphs (a) and (b)
are revised to read as follows:
Sec. 95.15 Approval for processing licensees and others for facility
clearance.
(a) A licensee, certificate holder or other person who has a need
to use, process, store, reproduce, transmit, transport, or handle NRC
classified information at any location in connection with Commission
related activities shall promptly request an NRC facility clearance.
This specifically includes situations where a licensee, certificate
holder or other person needs
[[Page 17692]]
a contractor or consultant to have access to NRC classified
information. However, it is not necessary for a licensee, certificate
holder or other person to request an NRC facility clearance for access
to another agency's classified information at that agency's facilities
or to store that agency's classified information at their facility,
provided no NRC classified information is involved and they meet the
security requirements of the other agency. If NRC classified
information is involved the requirements of Sec. 95.17 apply.
(b) The request must include the name of the facility, the location
of the facility and an identification of any facility clearance issued
by another government agency. If there is no existing facility
clearance, the request must include a security Standard Practice
Procedures Plan that outlines the facility's proposed security
procedures and controls for the protection of classified information, a
floor plan of the area in which the matter is to be used, processed,
stored, reproduced, transmitted, transported or handled; and Foreign
Ownership, Control or Influence information.
* * * * *
28. Section 95.17 is revised to read as follows:
Sec. 95.17 Processing facility clearance.
(a) Following the receipt of an acceptable request for facility
clearance, the NRC will either accept an existing facility clearance
granted by a current CSA and authorize possession of license or
certificate related classified information or process the facility for
a facility clearance. Processing will include--
(1) A determination based on review and approval of a Standard
Practice Procedure Plan that granting of the Facility Clearance would
not be inconsistent with the national interest, including a finding
that the facility is not under foreign ownership, control, or influence
to such a degree that a determination could not be made;
(2) An acceptable security review conducted by the NRC;
(3) Submitting key management personnel for personnel clearances
(PCLs); and
(4) Appointing a U.S. citizen employee as the facility security
officer.
(b) An interim Facility Clearance may be granted by the CSA on a
temporary basis pending completion of the full investigative
requirements.
Secs. 95.18 and 95.19 [Redesignated]
29. Secs. 95.18 and 95.19 are redesignated as Secs. 95.19 and
95.20.
30. A new Sec. 95.18 is added to read as follows:
Sec. 95.18 Key personnel.
The senior management official and the Facility Security Officer
must always be cleared to a level commensurate with the Facility
Clearance. Other key management officials, as determined by the CSA,
must be granted an access authorization or be excluded from classified
access. When formal exclusion action is required, the organization's
board of directors or similar executive body shall affirm the
following, as appropriate.
(a) Officers, directors, partners, regents, or trustees (designated
by name) that are excluded may not require, may not have, and can be
effectively excluded from access to all classified information
disclosed to the organization. These individuals also may not occupy
positions that would enable them to adversely affect the organization's
policies or practices in the performance of activities involving
classified information. This action will be made a matter of record by
the organization's executive body. A copy of the resolution must be
furnished to the CSA.
(b) Officers, directors, partners, regents, or trustees (designated
by name) that are excluded may not require, may not have, and can be
effectively denied access to higher-level classified information
(specify which higher level(s)). These individuals may not occupy
positions that would enable them to adversely affect the organization's
policies or practices in the protection of classified information. This
action will be made a matter of record by the organization's executive
body. A copy of the resolution must be furnished to the CSA.
31. In the newly redesignated Sec. 95.19, the introductory text of
paragraphs (a) and (b) are revised to read as follows:
Sec. 95.19 Changes to security practices and procedures.
(a) Except as specified in paragraph (b) of this section, each
licensee, certificate holder or other person shall obtain prior CSA
approval for any proposed change to the name, location, security
procedures and controls, or floor plan of the approved facility. A
written description of the proposed change must be furnished to the CSA
with copies to the Director, Division of Security, Office of
Administration, NRC, Washington, DC 20555-0001 (if NRC is not the CSA),
and the NRC Regional Administrator of the cognizant Regional Office
listed in appendix A of part 73. The CSA shall promptly respond in
writing to all such proposals. Some examples of substantive changes
requiring prior CSA approval include--
* * * * *
(b) A licensee or other person may effect a minor, non-substantive
change to an approved Standard Practice Procedures Plan for the
safeguarding of classified information without receiving prior CSA
approval, provided prompt notification of such minor change is
furnished to the addressees noted in paragraph (a) of this section, and
the change does not decrease the effectiveness of the Standard Practice
Procedures Plan. Some examples of minor, non-substantive changes to the
Standard Practice Procedures Plan include--
* * * * *
32. The newly redesignated Sec. 95.20 is revised to read as
follows:
Sec. 95.20 Grant, denial or termination of facility clearance.
The Division of Security shall provide notification in writing (or
orally with written confirmation) to the licensee or other organization
of the Commission's grant, acceptance of another agency's Facility
Clearance, denial, or termination of facility clearance. This
information must also be furnished to representatives of the NRC, NRC
licensees, NRC certificate holders, NRC contractors, or other Federal
agencies having a need to transmit classified information to the
licensee or other person.
33. Section 95.21 is revised to read as follows:
Sec. 95.21 Withdrawal of requests for facility clearance.
When a request for facility clearance is to be withdrawn or
canceled, the requester shall notify the NRC Division of Security
immediately by telephone so that processing for this approval may be
terminated. The notification must identify the full name of the
individual requesting discontinuance, his position with the facility,
and the full identification of the facility. The requestor shall
confirm the telephone notification promptly in writing.
34. Section 95.23 is revised to read as follows:
Sec. 95.23 Termination of facility clearance.
(a) Facility clearance will be terminated when--
(1) There is no longer a need to use, process, store, reproduce,
transmit, transport or handle classified matter at the facility; or
(2) The Commission makes a determination that continued facility
[[Page 17693]]
clearance is not in the interest of national security.
(b) When facility clearance is terminated, the licensee or other
person will be notified in writing of the determination and the
procedures outlined in Sec. 95.53 apply.
35. In Sec. 95.25, the section heading and paragraphs (a), (b),
(c), (d), (g), (h), and (i) are revised and paragraph (j) is added to
read as follows:
Sec. 95.25 Protection of classified information in storage.
(a) Secret documents, while unattended or not in actual use, must
be stored in--
(1) A safe, steel file cabinet, or safe-type steel file container
that has an automatic unit locking mechanism. All such receptacles will
be accorded supplemental protection during non-working hours; or
(2) Any steel file cabinet that has four sides and a top and bottom
(all permanently attached by welding, rivets or peened bolts so the
contents cannot be removed without leaving visible evidence of entry)
and is secured by a rigid metal lock bar and an approved key operated
or combination padlock. The keepers of the rigid metal lock bar must be
secured to the cabinet by welding, rivets, or bolts, so they cannot be
removed and replaced without leaving evidence of the entry. The drawers
of the container must be held securely, so their contents cannot be
removed without forcing open the drawer. This type cabinet will be
accorded supplemental protection during non-working hours.
(b) Confidential matter while unattended or not in use must be
stored in the same manner as SECRET matter except that no supplemental
protection is required.
(c) Classified lock combinations.
(1) A minimum number of authorized persons may know the
combinations to authorized storage containers. Security containers,
vaults, cabinets, and other authorized storage containers must be kept
locked when not under the direct supervision of an authorized person
entrusted with the contents.
(2) Combinations must be changed by a person authorized access to
the contents of the container, or by the Facility Security Officer or
his or her designee. Combinations must be changed upon--
(i) The initial use of an approved container or lock for the
protection of classified material;
(ii) The termination of employment of any person having knowledge
of the combination, or when the clearance granted to any such person
has been withdrawn, suspended, or revoked;
(iii) The compromise or suspected compromise of a container or its
combination, or discovery of a container left unlocked and unattended;
or
(iv) At other times when considered necessary by the Facility
Security Officer or CSA.
(d) Records of combinations. If a record is made of a combination,
the record must be marked with the highest classification of material
authorized for storage in the container. Superseded combinations must
be destroyed.
* * * * *
(g) Posted information. Containers may not bear external markings
indicating the level of classified material authorized for storage. A
record of the names of persons having knowledge of the combination must
be posted inside the container.
(h) End of day security checks.
(1) Facilities that store classified material shall establish a
system of security checks at the close of each working day to ensure
that all classified material and security repositories have been
appropriately secured.
(2) Facilities operating with multiple work shifts shall perform
the security checks at the end of the last working shift in which
classified material had been removed from storage for use. The checks
are not required during continuous 24-hour operations.
(i) Unattended security container found opened. If an unattended
security container housing classified matter is found unlocked, the
custodian or an alternate must be notified immediately. The container
must be secured by protective personnel and the contents inventoried as
soon as possible but not later than the next workday. A report
reflecting all actions taken must be submitted to the responsible
Regional Office (see appendix A, 10 CFR part 73 for addresses) with an
information copy to the NRC Division of Security. The licensee shall
retain records pertaining to these matters for three years after
completion of final corrective action.
(j) Supervision of keys and padlocks. Use of key-operated padlocks
are subject to the following requirements:
(1) A key and lock custodian shall be appointed to ensure proper
custody and handling of keys and locks used for protection of
classified material;
(2) A key and lock control register must be maintained to identify
keys for each lock and their current location and custody;
(3) Keys and locks must be audited each month;
(4) Keys must be inventoried with each change of custody;
(5) Keys must not be removed from the premises;
(6) Keys and spare locks must be protected equivalent to the level
of classified material involved;
(7) Locks must be changed or rotated at least annually, and must be
replaced after loss or compromise of their operable keys; and
(8) Master keys may not be made.
36. Section 95.27 is revised to read as follows:
Sec. 95.27 Protection while in use.
While in use, matter containing classified information must be
under the direct control of an authorized individual to preclude
physical, audio, and visual access by persons who do not have the
prescribed access authorization or other written CSA disclosure
authorization (see Sec. 95.36 for additional information concerning
disclosure authorizations).
37. Section 95.29 is revised to read as follows:
Sec. 95.29 Establishment of Restricted or Closed areas.
(a) If, because of its nature, sensitivity or importance, matter
containing classified information cannot otherwise be effectively
controlled in accordance with the provisions of Secs. 95.25 and 95.27,
a Restricted or Closed Area must be established to protect such matter.
(b) The following measures apply to Restricted Areas:
(1) Restricted areas must be separated from adjacent areas by a
physical barrier designed to prevent unauthorized access (physical,
audio, and visual) into these areas.
(2) Controls must be established to prevent unauthorized access to
and removal of classified matter.
(3) Access to classified matter must be limited to persons who
possess appropriate access authorization or other written CSA
disclosure authorization and who require access in the performance of
their official duties or regulatory obligations.
(4) Persons without appropriate access authorization for the area
visited must be escorted by an appropriate CSA access authorized person
at all times while within Restricted or Closed Areas.
(5) Each individual authorized to enter a Restricted or Closed Area
must be issued a distinctive form of identification (e.g., badge) when
the number of employees assigned to the area exceeds thirty per shift.
(6) During nonworking hours, admittance must be controlled by
protective personnel. Protective personnel shall conduct patrols during
nonworking hours at least every 8 hours
[[Page 17694]]
and more frequently if necessary to maintain a commensurate level of
protection. Entrances must be continuously monitored by protective
personnel or by an approved alarm system.
(c) Due to the size and nature of the classified material, or
operational necessity, it may be necessary to construct Closed Areas
for storage because GSA-approved containers or vaults are unsuitable or
impractical. Closed Areas must be approved by the CSA. The following
measures apply to Closed Areas:
(1) Access to Closed Areas must be controlled to preclude
unauthorized access. This may be accomplished through the use of a
cleared employee or by a CSA approved access control device or system.
(2) Access must be limited to authorized persons who have an
appropriate security clearance and a need-to-know for the classified
material/information within the area. Persons without the appropriate
level of clearance and/or need-to-know must be escorted at all times by
an authorized person where inadvertent or unauthorized exposure to
classified information cannot otherwise be effectively prevented.
(3) The Closed Area must be accorded supplemental protection during
non-working hours. During these hours, admittance to the area must be
controlled by locked entrances and exits secured by either an approved
built-in combination lock or an approved combination or key-operated
padlock. However, doors secured from the inside with a panic bolt (for
example, actuated by a panic bar), a dead bolt, a rigid wood or metal
bar, or other means approved by the CSA, do not require additional
locking devices.
(4) Open shelf or bin storage of classified documents in Closed
Areas requires CSA approval. Only areas protected by an approved
intrusion detection system will qualify for approval.
38. Section 95.31 is revised to read as follows:
Sec. 95.31 Protective personnel.
Whenever protective personnel are used to protect classified
information they shall:
(a) Possess an ``L'' access authorization (or CSA equivalent) if
the licensee or other person possesses information classified
Confidential National Security Information, Confidential Restricted
Data or Secret National Security Information.
(b) Possess a ``Q'' access authorization (or CSA equivalent) if the
licensee or other person possesses Secret Restricted Data related to
nuclear weapons design, manufacturing and vulnerability information;
and certain particularly sensitive Naval Nuclear Propulsion Program
information (e.g., fuel manufacturing technology) and the protective
personnel require access as part of their regular duties.
39. Section 95.33 is revised to read as follows:
Sec. 95.33 Security education.
All cleared employees must be provided with security training and
briefings commensurate with their involvement with classified
information. The facility may obtain defensive security, threat
awareness, and other education and training information and material
from their CSA or other sources.
(a) Facility Security Officer Training. Licensees and others are
responsible for ensuring that the Facility Security Officer, and others
performing security duties, complete security training deemed
appropriate by the CSA. Training requirements must be based on the
facility's involvement with classified information and may include a
Facility Security Officer orientation course and, for Facility Security
Officers at facilities with safeguarding capability, a Facility
Security Officer Program Management Course. Training, if required,
should be completed within 1 year of appointment to the position of
Facility Security Officer.
(b) Government-Provided Briefings. The CSA is responsible for
providing initial security briefings to the Facility Security Officer,
and for ensuring that other briefings required for special categories
of information are provided.
(c) Temporary Help Suppliers. A temporary help supplier, or other
contractor who employs cleared individuals solely for dispatch
elsewhere, is responsible for ensuring that required briefings are
provided to their cleared personnel. The temporary help supplier or the
using licensee or other facility may conduct these briefings.
(d) Classified Information Nondisclosure Agreement (SF-312). The
SF-312 is an agreement between the United States and an individual who
is cleared for access to classified information. An employee issued an
initial access authorization must, in accordance with the requirements
of Sec. 25.23 of this chapter, execute an SF-312 before being granted
access to classified information. The Facility Security Officer shall
forward the executed SF-312 to the CSA for retention. If the employee
refuses to execute the SF-312, the licensee or other facility shall
deny the employee access to classified information and submit a report
to the CSA. The SF-312 must be signed and dated by the employee and
witnessed. The employee's and witness' signatures must bear the same
date.
(e) Initial Security Briefings. Before being granted access to
classified information, an employee shall receive an initial security
briefing that includes the following topics:
(1) A Threat Awareness Briefing.
(2) A Defensive Security Briefing.
(3) An overview of the security classification system.
(4) Employee reporting obligations and requirements.
(5) Security procedures and duties applicable to the employee's
job.
(f) Refresher Briefings. The licensee or other facility shall
conduct periodic refresher briefings for all cleared employees. As a
minimum, the refresher briefing must reinforce the information provided
during the initial briefing and inform employees of appropriate changes
in security regulations. This requirement may be satisfied by use of
audio/video materials and by issuing written materials on a regular
basis.
(g) Debriefings. Licensee and other facilities shall debrief
cleared employees at the time of termination of employment (discharge,
resignation, or retirement); when an employee's access authorization is
terminated, suspended, or revoked; and upon termination of the Facility
Clearance.
(h) Records reflecting an individual's initial and refresher
security orientations and security termination must be maintained for
three years after termination of the individual's access authorization.
40. Section 95.36 is revised to read as follows:
Sec. 95.36 Access by representatives of the International Atomic
Energy Agency or by participants in other international agreements.
(a) Based upon written disclosure authorization from the NRC
Division of Security that an individual is an authorized representative
of the International Atomic Energy Agency (IAEA) or other international
organization and that the individual is authorized to make visits or
inspections in accordance with an established agreement with the United
States Government, a licensee, certificate holder or other person
subject to this part shall permit the individual (upon presentation of
the credentials specified in Sec. 75.7 of this chapter and any other
credentials identified in the disclosure
[[Page 17695]]
authorization) to have access to matter which is classified National
Security Information that is relevant to the conduct of a visit or
inspection. A disclosure authorization under this section does not
authorize a licensee, certificate holder, or other person subject to
this part to provide access to Restricted Data.
(b) For purposes of this section, classified National Security
Information is relevant to the conduct of a visit or inspection if--
(1) In the case of a visit, this information is needed to verify
information according to Sec. 75.13 of this chapter; or
(2) In the case of an inspection, an inspector is entitled to have
access to the information under Sec. 75.42 of this chapter.
(c) In accordance with the specific disclosure authorization
provided by the Division of Security, licensees or other persons
subject to this part are authorized to release (i.e., transfer
possession of) copies of documents which contain classified National
Security Information directly to IAEA inspectors and other
representatives officially designated to request and receive classified
National Security Information documents. These documents must be marked
specifically for release to IAEA or other international organizations
in accordance with instructions contained in the NRC's disclosure
authorization letter. Licensees and other persons subject to this part
may also forward these documents through the NRC to the international
organization's headquarters in accordance with the NRC disclosure
authorization. Licensees and other persons may not reproduce documents
containing classified National Security Information except as provided
in Sec. 95.43.
(d) Records regarding these visits and inspections must be
maintained for five years beyond the date of the visit or inspection.
These records must specifically identify each document which has been
released to an authorized representative and indicate the date of the
release. These records must also identify (in such detail as the
Division of Security, by letter, may require) the categories of
documents that the authorized representative has had access and the
date of this access. A licensee or other person subject to this part
shall also retain Division of Security disclosure authorizations for
five years beyond the date of any visit or inspection when access to
classified information was permitted.
(e) Licensees or other persons subject to this part shall take such
measures as may be necessary to preclude access to classified matter by
participants of other international agreements unless specifically
provided for under the terms of a specific agreement.
41. Section 95.37 is revised to read as follows:
Sec. 95.37 Classification and preparation of documents.
(a) Classification. Classified information generated or possessed
by a licensee or other person must be appropriately marked. Classified
material which is not conducive to markings (e.g., equipment) may be
exempt from this requirement. These exemptions are subject to the
approval of the CSA on a case-by-case basis. If a person or facility
generates or possesses information that is believed to be classified
based on guidance provided by the NRC or by derivation from classified
documents, but which no authorized classifier has determined to be
classified, the information must be protected and marked with the
appropriate classification markings pending review and signature of an
NRC authorized classifier. This information shall be protected as
classified information pending final determination.
(b) Classification consistent with content. Each document
containing classified information shall be classified Secret or
Confidential according to its content. NRC licensees or others subject
to the requirements of 10 CFR Part 95 may not make original
classification decisions.
(c) Markings required on face of documents.
(1) For derivative classification of classified National Security
Information:
(i) Derivative classifications of classified National Security
Information must contain the identity of the source document or the
classification guide, including the agency and office of origin, on the
``Derived From'' line and its classification date. If more than one
source is cited, the ``Derived From'' line should indicate ``Multiple
Sources.''
(ii) Declassification instructions. When marking derivatively
classified documents, the ``DECLASSIFY ON'' line must carry forward the
declassification instructions as reflected in the original document. If
multiple sources are used, the instructions will carry forward the
longest duration.
(iii) If the source document used for derivative classification
contains the declassification instruction, ``Originating Agency's
Determination Required'' (OADR), the new document should reflect the
date of the original classification of the information as contained in
the source document or classification guide. An example of the stamp
might be as follows:
Derived From-----------------------------------------------------------
(Source)
Reason-----------------------------------------------------------------
Declassify On: Source Marked ``OADR''
Date of Source:--------------------------------------------------------
Classifier:------------------------------------------------------------
(Name/Title/Number)
(iv) The derivative classifier shall maintain the identification of
each source with the file or record copy of the derivatively classified
document.
(2) For Restricted Data documents:
(i) Identity of the classifier. The identity of the classifier must
be shown by completion of the ``Derivative Classifier'' line. The
``Derivative Classifier'' line must show the name of the person
classifying the document and the basis for the classification. Dates
for downgrading or declassification do not apply.
(ii) Classification designation (e.g., Secret, Confidential) and
Restricted Data. NOTE: No ``Declassification'' instructions will be
placed on documents containing Restricted Data.
(d) Placement of markings. The highest classification marking
assigned to a document must be placed in a conspicuous fashion in
letters at the top and bottom of the outside of the front covers and
title pages, if any, and first and last pages on which text appears, on
both bound and unbound documents, and on the outside of back covers of
bound documents. The balance of the pages must be marked at the top and
bottom with:
(1) The overall classification marking assigned to the document;
(2) The highest classification marking required by content of the
page; or
(3) The marking UNCLASSIFIED if they have no classified content.
(e) Additional markings.
(1) If the document contains any form of Restricted Data, it must
bear the appropriate marking on the first page of text, on the front
cover and title page, if any. For example: ``This document contains
Restricted Data as defined in the Atomic Energy Act of 1954.
Unauthorized disclosure subject to Administrative and Criminal
Sanctions.''
(2) Limitation on reproduction or dissemination. If the originator
or classifier determines that reproduction or further dissemination of
a document should be restricted, the following additional wording may
be placed on the face of the document:
Reproduction or Further Dissemination Requires Approval of
�----------------------------------------------------------------------
[[Page 17696]]
If any portion of this additional marking does not apply, it should
be crossed out.
(f) Portion markings. In addition to the information required on
the face of the document, each classified document is required, by
marking or other means, to indicate clearly which portions are
classified (e.g., paragraphs or pages) and which portions are not
classified. The symbols (S) for Secret, (C) for Confidential, (U) for
Unclassified, or (RD) for Restricted Data may be used immediately
preceding or following the text to which it applies, except that the
designation must follow titles or subjects. (Portion marking of
paragraphs is not required for documents containing Restricted Data.)
If this type of portion marking is not practicable, the document must
contain a description sufficient to identify the classified information
and the unclassified information.
Example
Pages 1-3 Secret
Pages 4-19 Unclassified
Pages 20-26 Secret
Pages 27-32 Confidential
(g) Transmittal document. If a document transmitting classified
information contains no classified information or the classification
level of the transmittal document is not as high as the highest
classification level of its enclosures, then the document must be
marked at the top and bottom with a classification at least as high as
its highest classified enclosure. The classification may be higher if
the enclosures, when combined, warrant a higher classification than any
individual enclosure. When the contents of the transmittal document
warrants a lower classification than the highest classified
enclosure(s) or combination of enclosures or requires no
classification, a stamp or marking such as the following must also be
used on the transmittal document:
UPON REMOVAL OF ATTACHMENTS THIS DOCUMENT IS:
(Classification level of transmittal document standing alone or the
word ``UNCLASSIFIED'' if the transmittal document contains no
classified information.)
(h) Classification challenges. Persons in authorized possession of
classified National Security Information who in good faith believe that
the information's classification status (i.e. that the document), is
classified at either too high a level for its content
(overclassification) or too low for its content (underclassification)
are expected to challenge its classification status. Persons who wish
to challenge a classification status shall--
(1) Refer the document or information to the originator or to an
authorized NRC classifier for review. The authorized classifier shall
review the document and render a written classification decision to the
holder of the information.
(2) In the event of a question regarding classification review, the
holder of the information or the authorized classifier shall consult
the NRC Division of Security, Information Security Branch, for
assistance.
(3) Persons who challenge classification decisions have the right
to appeal the classification decision to the Interagency Security
Classification Appeals Panel.
(4) Persons seeking to challenge the classification of information
will not be the subject of retribution.
(i) Files, folders or group of documents. Files, folders, binders,
or groups of physically connected documents must be marked at least as
high as the highest classified document which they contain.
(j) Drafts and working papers. Drafts of documents and working
papers which contain, or which are believed to contain, classified
information must be marked as classified information.
(k) Classification guidance. Licensees, certificate holders, or
other persons subject to this part shall classify and mark classified
matter as National Security Information or Restricted Data, as
appropriate, in accordance with classification guidance provided by the
NRC as part of the facility clearance process.
42. Section 95.39 is revised to read as follows:
Sec. 95.39 External transmission of documents and material.
(a) Restrictions. Documents and material containing classified
information received or originated in connection with an NRC license or
certificate must be transmitted only to CSA approved security
facilities.
(b) Preparation of documents. Documents containing classified
information must be prepared in accordance with the following when
transmitted outside an individual installation.
(1) The documents must be enclosed in two sealed opaque envelopes
or wrappers.
(2) The inner envelope or wrapper must contain the addressee's
classified mail address and the name of the intended recipient. The
appropriate classification must be placed on both sides of the envelope
(top and bottom) and the additional markings, as appropriate, referred
to in Sec. 95.37(e) must be placed on the side bearing the address.
(3) The outer envelope or wrapper must contain the addressee's
classified mail address. The outer envelope or wrapper may not contain
any classification, additional marking or other notation that indicates
that the enclosed document contains classified information.
(4) A receipt that contains an unclassified description of the
document, the document number, if any, date of the document,
classification, the date of transfer, the recipient and the person
transferring the document must be enclosed within the inner envelope
containing the document and be signed by the recipient and returned to
the sender whenever the custody of a Secret document is transferred.
This receipt process is at the option of the sender for Confidential
information.
(c) Methods of transportation.
(1) Secret matter may be transported only by one of the following
methods within and directly between the U.S., Puerto Rico, or a U.S.
possession or trust territory:
(i) U.S. Postal Service Express Mail and U.S. Postal Service
Registered Mail.
Note: The ``Waiver of Signature and Indemnity'' block on the
U.S. Postal Service Express Mail Label 11-B may not be executed and
the use of external (street side) express mail collection boxes is
prohibited.
(ii) A cleared ``Commercial Carrier.''
(iii) A cleared commercial messenger service engaged in the
intracity/local area delivery (same day delivery only) of classified
material.
(iv) A commercial delivery company, approved by the CSA, that
provides nationwide, overnight service with computer tracing and
reporting features. These companies need not be security cleared.
(v) Other methods as directed, in writing, by the CSA.
(2) Confidential matter may be transported by one of the methods
set forth in paragraph (c)(1) of this section, by U.S. first class,
express or certified mail. First class, express, or certified mail may
be used in transmission of Confidential documents to Puerto Rico or any
United States territory or possession.
(d) Telecommunication of classified information. Classified
information may not be telecommunicated unless the telecommunication
system has been approved by the CSA. Licensees, certificate holders or
other persons who may require a secure telecommunication system shall
submit a telecommunication plan as part of their
[[Page 17697]]
request for facility clearance, as outlined in Sec. 95.15, or as an
amendment to their existing Standard Practice Procedures Plan for the
protection of classified information.
(e) Security of classified information in transit. Classified
matter that, because of its nature, cannot be transported in accordance
with Sec. 95.39(c), may only be transported in accordance with
procedures approved by the CSA. Procedures for transporting classified
matter are based on a satisfactory transportation plan submitted as
part of the licensee's, certificate holder, or other person's request
for facility clearance or submitted as an amendment to its existing
Standard Practice Procedures Plan.
43. Section 95.41 is revised to read as follows:
Sec. 95.41 External receipt and dispatch records.
Each licensee, certificate holder or other person possessing
classified information shall maintain a record that reflects:
(a) The date of the material;
(b) The date of receipt or dispatch;
(c) The classification;
(d) An unclassified description of the material; and
(e) The identity of the sender from which the material was received
or recipient to which the material was dispatched. Receipt and dispatch
records must be retained for 2 years.
44. Section 95.43 is revised to read as follows:
Sec. 95.43 Authority to reproduce.
(a) Each licensee or other person possessing classified information
shall establish a reproduction control system to ensure that
reproduction of classified material is held to the minimum consistent
with operational requirements. Classified reproduction must be
accomplished by authorized employees knowledgeable of the procedures
for classified reproduction. The use of technology that prevents,
discourages, or detects the unauthorized reproduction of classified
documents is encouraged.
(b) Unless restricted by the CSA, Secret and Confidential documents
may be reproduced. Reproduced copies of classified documents are
subject to the same protection as the original documents.
(c) All reproductions of classified material must be conspicuously
marked with the same classification markings as the material being
reproduced. Copies of classified material must be reviewed after the
reproduction process to ensure that these markings are visible.
45. Section 95.45 is revised to read as follows:
Sec. 95.45 Changes in classification.
(a) Documents containing classified National Security Information
must be downgraded or declassified as authorized by the NRC
classification guides or as determined by the NRC. Requests for
downgrading or declassifying any NRC classified information should be
forwarded to the NRC Division of Security, Office of Administration,
Washington, DC 20555-0001. Requests for downgrading or declassifying of
Restricted Data will be forwarded to the NRC Division of Security for
coordination with the Department of Energy.
(b) If a change of classification or declassification is approved,
the previous classification marking must be canceled and the following
statement, properly completed, must be placed on the first page of the
document:
Classification canceled (or changed to)
�----------------------------------------------------------------------
(Insert appropriate classification)
By authority of
�----------------------------------------------------------------------
(Person authorizing change in classification)
By
�----------------------------------------------------------------------
(Signature of person making change and date thereof)
(c) New markings reflecting the current classification status of
the document will be applied in accordance with the requirements of
Sec. 95.37.
(d) Any persons making a change in classification or receiving
notice of such a change shall forward notice of the change in
classification to holders of all copies as shown on their records.
46. Section 95.47 is revised to read as follows:
Sec. 95.47 Destruction of matter containing classified information.
Documents containing classified information may be destroyed by
burning, pulping, or another method that ensures complete destruction
of the information that they contain. The method of destruction must
preclude recognition or reconstruction of the classified information.
Any doubts on methods should be referred to the CSA. If the document
contains Secret information, a record of the subject or title, document
number, if any, originator, its date of origination and the date of
destruction must be signed by the person destroying the document and
must be maintained in the office of the custodian at the time of
destruction. These destruction records must be retained for two years
after destruction.
47. Section 95.49 is revised to read as follows:
Sec. 95.49 Security of automatic data processing (ADP) systems.
Classified data or information may not be processed or produced on
an ADP system unless the system and procedures to protect the
classified data or information have been approved by the CSA. Approval
of the ADP system and procedures is based on a satisfactory ADP
security proposal submitted as part of the licensee's or other person's
request for facility clearance outlined in Sec. 95.15 or submitted as
an amendment to its existing Standard Practice Procedures Plan for the
protection of classified information.
48. Section 95.51 is revised to read as follows:
Sec. 95.51 Retrieval of classified matter following suspension or
revocation of access authorization.
In any case where the access authorization of an individual is
suspended or revoked in accordance with the procedures set forth in
part 25 of this chapter, or other relevant CSA procedures, the
licensee, certificate holder or other organization shall, upon due
notice from the Commission of such suspension or revocation, retrieve
all classified information possessed by the individual and take the
action necessary to preclude that individual having further access to
the information.
49. Section 95.53 is revised to read as follows:
Sec. 95.53 Termination of facility clearance.
(a) If the need to use, process, store, reproduce, transmit,
transport, or handle classified matter no longer exists, the facility
clearance will be terminated. The facility may deliver all documents
and materials containing classified information to the Commission or to
a person authorized to receive them or destroy all such documents and
materials. In either case, the facility shall submit a certification of
nonpossession of classified information to the NRC Division of
Security.
(b) In any instance where facility clearance has been terminated
based on a determination of the CSA that further possession of
classified matter by the facility would not be in the interest of the
national security, the facility shall, upon notice from the CSA,
immediately deliver all classified documents and materials to the
Commission along with a certificate of nonpossession of classified
information.
50. Section 95.55 is revised to read as follows:
[[Page 17698]]
Sec. 95.55 Continued applicability of the regulations in this part.
The suspension, revocation or other termination of access
authorization or the termination of facility clearance does not relieve
any person from compliance with the regulations in this part.
51. Section 95.57 is revised to read as follows:
Sec. 95.57 Reports.
Each licensee or other person having a facility clearance shall
immediately report to the CSA and the Regional Administrator of the
appropriate NRC Regional Office listed in appendix A, 10 CFR part 73:
(a) Any alleged or suspected violation of the Atomic Energy Act,
Espionage Act, or other Federal statutes related to classified
information.
(b) Any infractions, losses, compromises or possible compromise of
classified information or classified documents not falling within
paragraph (a) of this section.
(c) In addition, an authorized classifier of a licensee,
certificate holder or other organization subject to this Part shall
complete an NRC Form 790, ``Classification Record,'' whenever matter
containing classified information is generated, its classification
changed or it is declassified. Notification of declassification is not
required for any document or material which has an automatic
declassification date. Completed NRC Form 790 must be submitted to the
NRC Division of Security, Washington, DC 20555-0001, on a monthly
basis.
52. Section 95.59 is revised to read as follows:
Sec. 95.59 Inspections.
The Commission shall make inspections and reviews of the premises,
activities, records and procedures of any person subject to the
regulations in this part as the Commission and CSA deem necessary to
effect the purposes of the Act, E.O. 12958 and/or NRC rules.
Dated at Rockville, Maryland, this 26th day of March 1997.
For the Nuclear Regulatory Commission.
L. Joseph Callan,
Executive Director for Operations.
[FR Doc. 97-9063 Filed 4-11-97; 8:45 am]
BILLING CODE 7590-01-P