[Federal Register Volume 62, Number 231 (Tuesday, December 2, 1997)]
[Rules and Regulations]
[Pages 63640-63644]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-31515]


-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION

10 CFR Part 73

RIN 3150-AF53


Changes to Nuclear Power Plant Security Requirements

AGENCY: Nuclear Regulatory Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Nuclear Regulatory Commission (NRC) is revising its 
regulations to delete certain security requirements associated with an 
internal threat. This action follows the NRC's reconsideration of 
nuclear power plant physical security requirements to identify those 
requirements that are marginal to safety, redundant, or no longer 
effective. This action will reduce the regulatory burden on licensees 
without compromising physical protection against radiological sabotage 
required for public health and safety.

EFFECTIVE DATE: January 16, 1998.

FOR FURTHER INFORMATION CONTACT: Dr. Sandra Frattali, Office of Nuclear 
Regulatory Research, U.S. Nuclear Regulatory Commission, Washington, DC 
20555-0001, telephone (301) 415-6261, e-mail [email protected].

[[Page 63641]]

SUPPLEMENTARY INFORMATION:

Background

    On February 20, 1997, the NRC published a proposed rule in the 
Federal Register (62 FR 7721) that would revise the NRC's regulations 
associated with an internal threat to nuclear power plants that are 
contained in 10 CFR part 73, ``Physical Protection of Plants and 
Materials.'' The five changes, which provide significant relief to 
licensees without compromising the physical security of the plants, 
involve changes to--
    1. Search requirements for on-duty guards, Sec. 73.55(d)(1);
    2. Requirements for vehicle escort, Sec. 73.55(d)(4);
    3. Control of contractor employee badges, Sec. 73.55(d)(5);
    4. Maintenance of access lists for each vital area, 
Sec. 73.55(d)(7)(i)(A); and
    5. Key controls for vital areas, Sec. 73.55(d)(8).
    The Commission received 9 letters commenting on the proposed rule. 
Eight were from utilities and one was from an industry group. Copies of 
the letters are available for public inspection and copying for a fee 
at the Commission's Public Document Room, located at 2120 L Street, NW 
(Lower Level), Washington, DC.

Discussion

    The public comments supported the proposed rulemaking in general. 
Seven of the nine commenters recommended additional relief from the 
vehicle escort provisions. One commenter recommended additional relief 
from the search requirements for armed guards. Two commenters 
recommended changes to the regulations without support that were 
outside the scope of this rulemaking.
    For three of the changes in the proposed rule, only the language 
that had been changed was provided in the proposed rule language. The 
language that did not change in those paragraphs was inadvertently 
omitted. This language has been put back in the final rule. The three 
paragraphs affected are: search requirements for on-duty guards, 
Sec. 73.55(d)(1); requirements for vehicle escort, Sec. 73.55(d)(4); 
and maintenance of access lists for each vital area, 
Sec. 73.55(d)(7)(i)(A).
    The comments are discussed below.

Comment Resolution

1. Search Requirements for On-duty Guards (Sec. 73.55(d)(1))

    Under the current regulations, armed security guards who leave the 
protected area as part of their duties must be searched for firearms, 
explosives, and incendiary devices upon re-entry into the protected 
area. Requiring a guard to go through an explosives detector or 
searching packages carried by the guard protects against the 
introduction of contraband. Because an armed guard carries a weapon 
onsite, passage of the guard through the metal detector, the principal 
purpose of which is to detect firearms, serves little purpose. The 
guard has to either remove the weapon while passing through the 
detector or be subject to a hands on search. Either approach makes 
little sense for the guard who is authorized to carry a weapon onsite. 
Further, removing and handling the guard's weapon could present a 
safety risk to the guard and other personnel. This rule will allow 
armed security guards who are on duty and have exited the protected 
area to reenter the protected area without being searched for firearms 
(by a metal detector).
    Comment. All commenters supported this action. One commenter 
recommended that the words ``on official business'' be removed.
    Response. The term ``on official business'' has been replaced by 
the term ``on duty.'' The rationale given in the proposed rule to 
eliminate the searches would also apply when the guard reenters the 
protected area at other times, for example, after lunch where the lunch 
area is outside the protected area, as is the case at some facilities. 
The meaning of ``on duty'' is not meant to extend to ``on call'' or to 
personal activities.
    The amended rule allows armed security guards who are on duty and 
have exited the protected area to reenter the protected area without 
being searched for firearms (by a metal detector). Note that the rule 
says ``reenter.'' This means that the guards have been searched on 
their initial entry into the protected area. Unarmed guards and 
watchpersons will continue to meet all search requirements. All guards 
will continue to be searched for explosives and incendiary devices 
because they are not permitted to carry these devices into the plant.

2. Requirements for Vehicle Escort (Sec. 73.55(d)(4))

    The present requirement that a searched, licensee-owned vehicle 
within the protected area must be escorted by a member of the security 
organization, even when the driver is badged for unescorted access, 
does not contribute significantly to the security of the plant. Under 
the current regulations, all vehicles must be searched prior to entry 
into the protected area except under emergency conditions. Also under 
the current regulations, all vehicles must be escorted by a member of 
the security organization while inside the protected area except for 
``designated licensee vehicles.'' ``Designated licensee vehicles'' are 
those vehicles that are limited in their use to onsite plant functions 
and remain in the protected area except for operational, maintenance, 
repair, security, and emergency purposes. Under the current 
requirement, all other vehicles that are not ``designated licensee 
vehicles'' must be escorted at all times while in the protected area 
even when they are driven by personnel with unescorted access.
    Comment. Seven commenters were concerned that the proposed rule 
would only allow a vehicle to be unescorted when being operated by 
licensee employees having unescorted access. These commenters wanted 
this extended to contractor employees who are cleared for unescorted 
access as well.
    Response. This change has been made. Since both licensee employees 
and contractor employees are subject to equivalent access authorization 
programs, the level of trustworthiness is deemed to be equivalent. 
There is no compelling reason to distinguish between the two. The 
amended rule eliminates the requirement for escort of licensee-owned or 
leased vehicles entering the protected area for work-related purposes 
provided these vehicles are driven by personnel who have unescorted 
access. This change provides burden relief to licensees without 
significantly increasing the level of risk to the plant.
    Comment. Five comments were made that limiting unescorted vehicles 
to those that were licensee-owned was unduly restrictive, and wanted 
this extended to licensee-owned or leased vehicles. One commenter 
wanted it further extended to contractor- or vendor-owned or leased 
vehicles.
    Response. The rule language was changed to allow for licensee-
leased vehicles to be unescorted when driven by personnel who have 
unescorted access. The NRC staff recognizes that licensees may lease 
rather than buy vehicles. However, the staff believes that this 
provision should not be extended indiscriminately to contractor or 
vendor vehicles because licensees have no knowledge or control over how 
contractor or vendor vehicles may be used for purposes other than those 
for which the licensee has contracted.

[[Page 63642]]

3. Control of Contractor Employee Badges (Sec. 73.55(d)(5))

    Contractor employees with unescorted access are required to return 
their badges when leaving the protected area. Current regulatory 
practice allows licensee employees to leave the protected area with 
their badges if adequate safeguards are in place to ensure that the 
proper use of the badge is not compromised or that a system such as 
biometrics is in place to ensure that only the proper person uses the 
badge for gaining access to the protected area. Because contractors and 
licensees are subject to the same programs required for unescorted 
access, there is no reason to employ more stringent badge control 
requirements for contractor employees.
    This amended rulemaking allows contractor employees to take their 
badges offsite under the same conditions as licensee employees.
    Comment. All commenters supported this provision.
    Response. The final rule will be published as proposed, with a 
sentence added to ensure that the integrity of the access controls are 
not adversely affected.
    Comment. One commenter wanted the physical differentiation between 
contractor and employee badges eliminated.
    Response. This comment provided no reason for changing the current 
requirement of having employee and contractor badges distinguishable. 
Further the staff has no reason to make such a change. Because of this 
and the fact that this comment is outside the scope of this rulemaking 
this change is not being made.

4. Maintenance of Access Lists for Each Vital Area 
(Sec. 73.55(d)(7)(i)(A))

    Maintaining separate access lists for each vital area and 
reapproval of these lists on a monthly basis is of marginal value. At 
many sites, persons granted access to one vital area also have access 
to most or all vital areas. Licensees presently derive little 
additional benefit from maintaining discrete lists of individuals 
allowed access to each separate vital area in the facility. Also, 
licensee managers or supervisors are required to update the access 
lists at least once every 31 days to add or delete individuals from 
these lists as appropriate. There is also a requirement to reapprove 
the list every 31 days. However, reapproval of all individuals on the 
lists at least every 31 days, to validate that the lists have been 
maintained accurately is unnecessarily burdensome.
    This rulemaking replaces separate access authorization lists for 
each vital area of the facility with a single list of all persons who 
have access to any vital area. It also changes the requirement to 
reapprove the list at least once every 31 days to quarterly. Reapproval 
consists of a review to ensure that the list is current and that only 
those individuals requiring routine access to a vital area are 
included. Because a manager or supervisor must update the list, 
conducting this comprehensive reapproval every 31 days is of marginal 
value.
    Comment. All commenters supported these provisions.
    Response. The final rule will be published as proposed.
    The Commission desires to remind licensees that they are 
responsible for properly controlling access, and that the changes to 
Sec. 73.55(d)(7)(i)(A) do not remove their responsibility to establish 
procedures to ensure that persons no longer needing unescorted access 
are not granted such access.

5. Key Controls for Vital Areas (Sec. 73.55(d)(8))

    Under the current regulations, licensees must change or rotate all 
keys, locks, combinations, and related access control devices at least 
once every twelve months. The rule also requires that these be changed 
whenever there is a possibility they have been compromised, or when an 
individual with access to the keys, locks, or combinations has been 
terminated for reasons of trustworthiness, reliability, or inadequate 
work performance. Additionally requiring such change every 12 months 
has been determined by the NRC to be only marginal to security.
    This amended rule removes the requirement for changing access 
control devices at least every 12 months while retaining the 
requirement to make changes for cause, and when an access control 
device has been, or there is a suspicion that it may have been, 
compromised.
    Comment. One commenter requested that the words ``inadequate work 
performance'' in the rule language be removed or defined.
    Response. The NRC sees no need to define ``inadequate work 
performance'' because the term characterizes many factors and 
judgements involving removal for cause. Further, the comment is outside 
the scope of this rulemaking.

Regulatory Action

    The final rule will be promulgated with the changes made to the 
proposed rule in response to the public comments. Two of the public 
comments were not accommodated because they requested changes to the 
regulations that were not put forward in the proposed rule.

Environmental Impact: Categorical Exclusion

    The Commission has determined that this final rule is the type of 
action described as a categorical exclusion in 10 CFR 51.22(c)(3)(i). 
Therefore, neither an environmental impact statement nor an 
environmental assessment has been prepared for this final rule.

Paperwork Reduction Act Statement

    This final rule amends information collection requirements that are 
subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et 
seq.). These requirements were approved by the Office of Management and 
Budget, approval number 3150-0002.
    Because the rule will reduce existing information collection 
requirements, the public burden for this collection of information is 
expected to be decreased by 100 hours per licensee. This reduction 
includes the time required for reviewing instructions, searching 
existing data sources, gathering and maintaining the data needed, and 
completing and reviewing the collection of information. Send comments 
on any aspect of this collection of information, including suggestions 
for further reducing the burden, to the Information and Records 
Management Branch (T-6 F33), U.S. Nuclear Regulatory Commission, 
Washington, DC 20555-0001, or by Internet electronic mail to 
[email protected]; and to the Desk Officer, Office of information and 
Regulatory Affairs, NEOB-10202, (3150-0002), Office of Management and 
Budget, Washington, DC 20503.

Public Protection Notification

    The NRC may not conduct or sponsor, and a person is not required to 
respond to, a collection of information unless it displays a currently 
valid OMB control number.

Regulatory Analysis

    A discussion of each of the five changes in this final rule is 
provided above in the supplementary information section. The costs and 
benefits for each of the changes in this rulemaking are as follows.

1. Search Requirements for On-Duty Guards (Sec. 73.55(d)(1))

    The regulatory burden on licensees will be reduced by eliminating 
unnecessary weapon searches of guards who are already allowed to carry 
a

[[Page 63643]]

weapon on site, which will result in better utilization of licensee 
resources. There will be no reduction in plant security, and there is 
no reduction in the total size of the security force. Further, the 
potential safety risk to personnel caused by removing and handling a 
guard's weapon will be eliminated.

2. Requirements for Vehicle Escort (Sec. 73.55(d)(4))

    The regulatory burden on licensees will be reduced by requiring 
fewer vehicle escorts, which will allow personnel to be utilized more 
effectively or for other purposes. Resources could be redirected to 
areas in which they will be more cost effective. The decrease in 
security will be marginal, because unescorted access will be restricted 
to vehicles owned or leased by the licensee being driven by personnel 
with unescorted access.
    Assuming the number of such entries of licensee owned or leased 
vehicles driven by personnel having unescorted access is 10 per day per 
site, the average time needed for escort is 3 hours, and the cost per 
hour for security personnel is $30 (loaded), a rough estimate of the 
potential savings per site per year is about $330,000 (10 escorts/day/
site  x  365 days/year  x  3 hrs/escort  x  $30/hr). With 75 sites, the 
savings to the industry per year will be approximately $24,000,000.

3. Control of Contractor Employee Badges (Sec. 73.55(d)(5))

    The regulatory burden on licensees will be reduced by a more 
effective use of security personnel, who will no longer need to handle 
badges for contractor personnel who have unescorted access. There will 
be no reduction in plant security because adequate safeguards will be 
in place to ensure that badges are properly used and not compromised, 
and a system such as biometrics is in place to ensure that only the 
proper person uses the badge to gain access to the protected area.
    Assuming that two security persons per working shift change, 5 
shifts per day, one hour per shift are relieved from the duties of 
controlling contractor employee badges during an outage lasting 3 
months. Further, assuming that the cost per hour for security personnel 
is $30 (loaded), a rough estimate of the potential savings per site per 
year is about $27,000 (10 hours/day  x  90 days/year  x  $30 hr). With 
75 sites, the savings to the industry per year will be approximately 
$2,000,000.

4. Maintenance of Access Lists for Each Vital Area 
(Sec. 73.55(d)(7)(i)(A))

    The regulatory burden on licensees will be reduced because 
licensees will have to keep only one access list for all vital areas 
and reapprove it quarterly, rather than keep individual access lists 
for each vital area that must be reapproved monthly.
    Assuming that the time to reapprove each of the individual lists is 
1 hour per month, that a combined list will take 1.5 hours per month, 
that the average number of vital areas per site is 10, and that the 
cost of a clerk including overhead is $30 per hour (loaded), a rough 
estimate of the potential savings per site per year is about $3,400 
[(1 x 10 vital areas/month  x  12 months/yr-1.5 x 1 combined vital 
area/quarter  x  4 quarters/yr)  x  $30/hr]. With 75 sites, the savings 
to the industry per year will be approximately $260,000.

5. Key Controls for Vital Areas (Sec. 73.55(d)(8))

    The regulatory burden on the licensees will be reduced because 
fewer resources will be needed to maintain the system.
    Assuming that, of approximately 60 locks that are changed each year 
under the current requirement, half of them were changed because an 
individual was removed for cause or the lock may have been compromised, 
30 locks remain in need of change. Assuming that it takes a locksmith 
10 hours to change all 30 locks at a cost (loaded) of $45 per hour, a 
rough estimate of the potential savings per site per year is about $450 
(10 hrs/year  x  $45/hr). With 75 sites, the savings to the industry 
per year will be approximately $34,000.

Regulatory Flexibility Certification

    As required by the Regulatory Flexibility Act as amended, 5 U.S.C. 
605(b), the Commission certifies that this final rule, if adopted, will 
not have a significant economic impact on a substantial number of small 
entities. This final rule will affect only licensees authorized to 
operate nuclear power reactors. These licensees do not fall within the 
scope of the definition of ``small entities'' set forth in the 
Regulatory Flexibility Act, or the Small Business Size Standards set 
out in regulations issued by the Small Business Administration Act, 13 
CFR part 121.

Small Business Regulatory Enforcement Fairness Act

    In accordance with the Small Business Regulatory Enforcement 
Fairness Act of 1996, the NRC has determined that this action is not a 
major rule and has verified this determination with the Office of 
Information and Regulatory Affairs, Office of Management and Budget.

Backfit Analysis

    The Commission has determined that the backfit rule, 10 CFR 50.109, 
does not apply to this final amendment because this amendment will not 
impose new requirements on existing 10 CFR part 50 licensees. The 
changes to physical security are voluntary and should the licensee 
decide to implement this amendment, will be a reduction in burden to 
the licensee. Therefore, a backfit analysis has not been prepared for 
this amendment.

List of Subjects in 10 CFR Part 73

    Criminal penalties, Hazardous materials transportation, Export, 
Import, Nuclear materials, Nuclear power plants and reactors, Reporting 
and recordkeeping requirements, Security measures.

    For the reasons set out in the preamble and under the authority of 
the Atomic Energy Act of 1954, as amended; the Energy Reorganization 
Act of 1974, as amended; and 5 U.S.C. 552 and 553; the NRC is adopting 
the following amendments to 10 CFR part 73.

PART 73--PHYSICAL PROTECTION OF PLANTS AND MATERIALS

    1. The authority citation for Part 73 continues to read as follows:

    Authority: Secs. 53, 161, 68 Stat. 930, 948, as amended, sec. 
147, 94 Stat. 780 (42 U.S.C. 2073, 2167, 2201); sec. 201, as 
amended, 204, 88 Stat. 1242, as amended, 1245, sec. 1701, 106 Stat. 
2951, 2952, 2953 (42 U.S.C. 5841, 5844, 2297f).

    Section 73.1 also issued under secs. 135, 141, Pub. L. 97-425, 96 
Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 73.37(f) also issued 
under sec. 301, Pub. L. 96-295, 94 Stat. 789 (42 U.S.C. 5841 note). 
Section 73.57 is issued under sec. 606, Pub. L. 99-399, 100 Stat. 876 
(42 U.S.C. 2169).
    2. Section 73.55 is amended by revising paragraphs (d)(1), (d)(4), 
(d)(5), (d)(7)(i)(A), and (d)(8) to read as follows:


Sec. 73.55  Requirements for physical protection of licensed activities 
in nuclear power reactors against radiological sabotage.

* * * * *
    (d) *  *  *
    (1) The licensee shall control all points of personnel and vehicle 
access into a protected area. Identification and search of all 
individuals unless otherwise provided in this section must be made and 
authorization must be checked at these points. The search

[[Page 63644]]

function for detection of firearms, explosives, and incendiary devices 
must be accomplished through the use of both firearms and explosive 
detection equipment capable of detecting those devices. The licensee 
shall subject all persons except bona fide Federal, State, and local 
law enforcement personnel on official duty to these equipment searches 
upon entry into a protected area. Armed security guards who are on duty 
and have exited the protected area may reenter the protected area 
without being searched for firearms. When the licensee has cause to 
suspect that an individual is attempting to introduce firearms, 
explosives, or incendiary devices into protected areas, the licensee 
shall conduct a physical pat-down search of that individual. Whenever 
firearms or explosives detection equipment at a portal is out of 
service or not operating satisfactorily, the licensee shall conduct a 
physical pat-down search of all persons who would otherwise have been 
subject to equipment searches. The individual responsible for the last 
access control function (controlling admission to the protected area) 
must be isolated within a bullet-resisting structure as described in 
paragraph (c)(6) of this section to assure his or her ability to 
respond or to summon assistance.
* * * * *
    (4) All vehicles, except under emergency conditions, must be 
searched for items which could be used for sabotage purposes prior to 
entry into the protected area. Vehicle areas to be searched must 
include the cab, engine compartment, undercarriage, and cargo area. All 
vehicles, except as indicated in this paragraph, requiring entry into 
the protected area must be escorted by a member of the security 
organization while within the protected area and, to the extent 
practicable, must be off loaded in the protected area at a specific 
designated materials receiving area that is not adjacent to a vital 
area. Escort is not required for designated licensee vehicles or 
licensee-owned or leased vehicles entering the protected area and 
driven by personnel having unescorted access. Designated licensee 
vehicles shall be limited in their use to onsite plant functions and 
shall remain in the protected area except for operational, maintenance, 
repair, security and emergency purposes. The licensee shall exercise 
positive control over all such designated vehicles to assure that they 
are used only by authorized persons and for authorized purposes.
    (5)(i) A numbered picture badge identification system must be used 
for all individuals who are authorized access to protected areas 
without escort. An individual not employed by the licensee but who 
requires frequent and extended access to protected and vital areas may 
be authorized access to such areas without escort provided that he or 
she displays a licensee-issued picture badge upon entrance into the 
protected area which indicates:
    (A) Non-employee no escort required;
    (B) Areas to which access is authorized; and
    (C) The period for which access has been authorized.
    (ii) Badges shall be displayed by all individuals while inside the 
protected area. Badges may be removed from the protected area when 
measures are in place to confirm the true identity and authorization 
for access of the badge holder upon entry into the protected area.
* * * * *
    (7) *  *  *
    (i) *  *  *
    (A) Establish a current authorization access list for all vital 
areas. The access list must be updated by the cognizant licensee 
manager or supervisor at least once every 31 days and must be 
reapproved at least quarterly. The licensee shall include on the access 
list only individuals whose specific duties require access to vital 
areas during nonemergency conditions.
* * * * *
    (8) All keys, locks, combinations, and related access control 
devices used to control access to protected areas and vital areas must 
be controlled to reduce the probability of compromise. Whenever there 
is evidence or suspicion that any key, lock, combination, or related 
access control devices may have been compromised, it must be changed or 
rotated. The licensee shall issue keys, locks, combinations and other 
access control devices to protected areas and vital areas only to 
persons granted unescorted facility access. Whenever an individual's 
unescorted access is revoked due to his or her lack of trustworthiness, 
reliability, or inadequate work performance, keys, locks, combinations, 
and related access control devices to which that person had access, 
must be changed or rotated.
* * * * *
    Dated at Rockville, Maryland, this 24th day of November, 1997.

    For the Nuclear Regulatory Commission.
John C. Hoyle,
Secretary of the Commission.
[FR Doc. 97-31515 Filed 12-1-97; 8:45 am]
BILLING CODE 7590-01-P