[Federal Register Volume 75, Number 119 (Tuesday, June 22, 2010)]
[Notices]
[Pages 35508-35510]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-15022]


=======================================================================
-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION

[NRC-2010-0216]


Draft Regulatory Guide: Issuance, Availability

AGENCY: Nuclear Regulatory Commission.

ACTION: Notice of Issuance and Availability of Draft Regulatory Guide, 
DG-1249, ``Criteria for Use of Computers in Safety Systems of Nuclear 
Power Plants.''

-----------------------------------------------------------------------

FOR FURTHER INFORMATION CONTACT: Timothy Mossman, U.S. Nuclear 
Regulatory Commission, Washington, DC 20555-0001, telephone: (301) 415-
3647, e-mail [email protected] or Deanna Zhang, U.S. Nuclear 
Regulatory Commission, Washington, DC 20555-0001, telephone: (301) 415-
1946, e-mail [email protected].

[[Page 35509]]


SUPPLEMENTARY INFORMATION:

I. Introduction

    The U.S. Nuclear Regulatory Commission (NRC) is issuing for public 
comment a draft guide in the agency's ``Regulatory Guide'' series. This 
series was developed to describe and make available to the public such 
information as methods that are acceptable to the NRC staff for 
implementing specific parts of the NRC's regulations, techniques that 
the staff uses in evaluating specific problems or postulated accidents, 
and data that the staff needs in its review of applications for permits 
and licenses.
    The draft regulatory guide (DG) is temporarily identified with its 
task number, DG-1249, which should be mentioned in all related 
correspondence. DG-1249 is proposed Revision 3 of Regulatory Guide 
1.152, dated January 2006. This guide describes a method that the staff 
of the NRC considers acceptable to implement Title 10, of the Code of 
Federal Regulations, Part 50, ``Domestic Licensing of Production and 
Utilization Facilities'' (10 CFR Part 50); 10 CFR 50.55a(h); General 
Design Criterion (GDC) 21, ``Protection System Reliability and 
Testability,'' of Appendix A, ``General Design Criteria for Nuclear 
Power Plants,'' to 10 CFR Part 50; and Criterion III, ``Design 
Control,'' of Appendix B, ``Quality Assurance Criteria for Nuclear 
Power Plants and Fuel Reprocessing Plants,'' to 10 CFR Part 50 with 
regard to use of computers in safety systems of nuclear power plants. 
This guide applies to all types of commercial nuclear power plants.
    DG-1249 acknowledges that 10 CFR 73.54, ``Protection of Digital 
Computer and Communication Systems and Networks,'' requires licensees 
to develop cyber-security plans and programs to protect critical 
digital assets, including digital safety systems, from malicious cyber 
attacks. Regulatory Guide 5.71, ``Cyber Security Programs for Nuclear 
Facilities,'' provides guidance to meet the requirements of 10 CFR 
73.54. The combination of DG-1249 and the programmatic provisions under 
10 CFR 73.54 should seamlessly address the secure design, development, 
and operation of digital safety systems. To seamlessly address these 
issues, DG-1249:
    1. Eliminates all reference to cyber security, malicious activity, 
or attacks, as those considerations now fall under the purview of 10 
CFR 73.54. Since there is now a regulation and associated guidance 
specifically designed to address cyber security, Regulatory Guide 1.152 
no longer needs to address cyber security. To eliminate any duplication 
between the documents, references to cyber security and any protection 
against a malicious, intelligent adversary have been removed.
    2. Emphasizes Regulatory Guide 1.152's focus on security for the 
protection of digital safety systems against non-malicious events, per 
Clauses 5.6.3 and 5.9 of the Institute of Electrical and Electronic 
Engineer (IEEE) standard 603-1991. Non-malicious events include 
incidents in which an operator or other plant personnel could 
inadvertently access the digital safety system and affect its ability 
to reliably perform its safety function. Non-malicious events also 
include undesirable behavior of connected systems which could degrade 
the reliable operation of the digital safety system.
    3. Deletes Regulatory Positions 2.6 through 2.9, which address 
security in the operational phases of a system's life cycle. Licensing 
is complete once the Factory Acceptance Testing is concluded. The 
licensee's cyber security programs, to meet the requirements of 10 CFR 
73.54, should now address these considerations. (Regulatory Positions 
2.1 through 2.5 apply to licensing determinations in the evaluation of 
applications for license amendments, design certifications, and 
combined operating licenses.)
    ``Security,'' in the context of DG-1249, refers to protective 
actions taken against a predictable set of non-malicious acts (e.g., 
inadvertent operator actions or the undesirable behavior of connected 
systems) that could challenge the integrity, reliability, or 
functionality of a digital safety system.
    ``Cyber security'' refers to those measures and controls taken as 
part of compliance with 10 CFR 73.54 that protect digital systems 
against the malicious acts of an intelligent adversary.
    The objective of this revision is to (1) clarify the relationship 
between 10 CFR Part 50 and 10 CFR Part 73, ``Physical Protection of 
Plants and Materials,'' regarding the security of digital safety 
systems, (2) remove regulatory positions that are now covered by other 
regulations to eliminate the potential for any perceived conflict, and 
(3) to clarify the remaining regulatory positions.
    The NRC staff is revising Regulatory Guide 1.152 to provide what 
the staff considers to be an acceptable method of meeting the NRC 
regulations. Previous revisions should not be used by applicants for 
new licensing actions. NRC staff believes that continued use of 
previous revisions of the Regulatory Guide by existing nuclear power 
plant licensees is acceptable (i.e., meets all NRC requirements, and 
provides reasonable assurance of adequate protection to public health 
and safety, and common defense and security). Revision of this 
Regulatory Guide does not modify any prior commitments made by 
licensees to the NRC or Agreement States. Therefore, a licensee that 
has made a commitment must continue to meet that prior commitment, or 
the commitment should be modified in accordance with the licensee's 
commitment management process. The previous revision of this Regulatory 
Guide will continue to be publically available on the NRC public Web 
site.

II. Further Information

    The NRC staff is soliciting comments on DG-1249. Comments may be 
accompanied by relevant information or supporting data and should 
mention DG-1249 in the subject line. Comments submitted in writing or 
in electronic form will be made available to the public in their 
entirety through the NRC's Agencywide Documents Access and Management 
System (ADAMS).

ADDRESSES: You may submit comments by any one of the following methods. 
Please include Docket ID NRC-2010-0216 in the subject line of your 
comments. Comments submitted in writing or in electronic form will be 
posted on the NRC Web site and on the Federal rulemaking Web site 
Regulations.gov. Because your comments will not be edited to remove any 
identifying or contact information, the NRC cautions you against 
including any information in your submission that you do not want to be 
publicly disclosed.
    The NRC requests that any party soliciting or aggregating comments 
received from other persons for submission to the NRC inform those 
persons that the NRC will not edit their comments to remove any 
identifying or contact information, and therefore, they should not 
include any information in their comments that they do not want 
publicly disclosed.
    Federal Rulemaking Web site: Go to http://www.regulations.gov and 
search for documents filed under Docket ID NRC-2010-0216. Address 
questions about NRC dockets to Carol Gallagher 301-492-3668; e-mail 
[email protected].
    Mail comments to: Cindy K. Bladey, Chief, Rules, Announcements, and 
Directives Branch, Office of Administration, Mail Stop: TWB-05-B01M, 
U.S. Nuclear Regulatory Commission, Washington, DC 20555-

[[Page 35510]]

0001, or by fax to RDB at (301) 492-3446.
    You can access publicly available documents related to this notice 
using the following methods:
    NRC's Public Document Room (PDR): The public may examine and have 
copied for a fee publicly available documents at the NRC's PDR, Room O1 
F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland.
    NRC's Agencywide Documents Access and Management System (ADAMS): 
Publicly available documents created or received at the NRC are 
available electronically at the NRC's Electronic Reading Room at http://www.nrc.gov/reading-rm/adams.html. From this page, the public can gain 
entry into ADAMS, which provides text and image files of NRC's public 
documents. If you do not have access to ADAMS or if there are problems 
in accessing the documents located in ADAMS, contact the NRC's PDR 
reference staff at 1-800-397-4209, 301-415-4737, or by e-mail to 
[email protected]. DG-1249 is available electronically under ADAMS 
Accession Number ML100490539. The regulatory analysis may be found in 
ADAMS under Accession No. ML101320317. In addition, electronic copies 
of DG-1249 are available through the NRC's public Web site under Draft 
Regulatory Guides in the ``Regulatory Guides'' collection of the NRC's 
Electronic Reading Room at http://www.nrc.gov/reading-rm/doc-collections/
    Federal Rulemaking Web site: Public comments and supporting 
materials related to this notice can be found at http://www.regulations.gov by searching on Docket ID: NRC-2010-0216.
    Comments would be most helpful if received by August 20, 2010. 
Comments received after that date will be considered if it is practical 
to do so, but the NRC is able to ensure consideration only for comments 
received on or before this date. Although a time limit is given, 
comments and suggestions in connection with items for inclusion in 
guides currently being developed or improvements in all published 
guides are encouraged at any time.
    Regulatory guides are not copyrighted, and Commission approval is 
not required to reproduce them.

    Dated at Rockville, Maryland, this 14th day of June, 2010.

    For the Nuclear Regulatory Commission.
Andrea D. Valentin,
Chief, Regulatory Guide Development Branch, Division of Engineering, 
Office of Nuclear Regulatory Research.
[FR Doc. 2010-15022 Filed 6-21-10; 8:45 am]
BILLING CODE 7590-01-P