[Federal Register Volume 78, Number 53 (Tuesday, March 19, 2013)]
[Rules and Regulations]
[Pages 16922-17022]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-05895]



[[Page 16921]]

Vol. 78

Tuesday,

No. 53

March 19, 2013

Part II





Nuclear Regulatory Commission





-----------------------------------------------------------------------





10 CFR Parts 20, 30, 32, et al.





Physical Protection of Byproduct Material; Rule

  Federal Register / Vol. 78 , No. 53 / Tuesday, March 19, 2013 / Rules 
and Regulations  

[[Page 16922]]


-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION

10 CFR Parts 20, 30, 32, 33, 34, 35, 36, 37, 39, 51, 71, and 73

[NRC-2008-0120; NRC-2010-0194]
RIN 3150-AI12


Physical Protection of Byproduct Material

AGENCY: Nuclear Regulatory Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is amending its 
regulations to establish security requirements for the use and 
transport of category 1 and category 2 quantities of radioactive 
material. The NRC considers these quantities to be risk significant 
and, therefore, to warrant additional protection. Category 1 and 
category 2 thresholds are based on the quantities established by the 
International Atomic Energy Agency (IAEA) in its Code of Conduct on the 
Safety and Security of Radioactive Sources, which the NRC endorses. The 
objective of this final rule is to provide reasonable assurance of 
preventing the theft or diversion of category 1 and category 2 
quantities of radioactive material. The regulations also include 
security requirements for the transportation of irradiated reactor fuel 
that weighs 100 grams or less in net weight of irradiated fuel. The 
final rule affects any licensee that possesses an aggregated category 1 
or category 2 quantity of radioactive material, any licensee that 
transports these materials using ground transportation, and any 
licensee that transports small quantities of irradiated reactor fuel. 
The rule also considers a petition for rulemaking (PRM-71-13) submitted 
by the State of Washington that requested that the NRC adopt the use of 
global positioning satellite tracking as a national requirement for 
vehicles transporting highly radioactive mobile or portable radioactive 
devices.

DATES: Effective Date: This final rule is effective on May 20, 2013.
    Compliance Date: Compliance with this final rule is required on 
March 19, 2014.

ADDRESSES: You can access publicly available documents related to this 
document using the following methods:
     NRC's Public Document Room (PDR): The public may examine 
and have copied, for a fee, publicly available documents at the NRC's 
PDR, O1-F21, One White Flint North, 11555 Rockville Pike, Rockville, 
Maryland 20852.
     NRC's Agencywide Documents Access and Management System 
(ADAMS): Publicly available documents created or received at the NRC 
are available online in the NRC Library at http://www.nrc.gov/reading-rm/adams.html. From this page, the public can gain entry into ADAMS, 
which provides text and image files of the NRC's public documents. If 
you do not have access to ADAMS or if there are problems in accessing 
the documents located in ADAMS, contact the NRC's PDR reference staff 
at 1-800-397-4209, 301-415-4737, or by email to nrc.gov">pdr.resource@nrc.gov.
     Federal Rulemaking Web site: Public comments and 
supporting materials related to this final rule can be found at http://www.regulations.gov by searching on Docket ID NRC-2008-0120. Public 
comments on the guidance document supporting this rule can be found by 
searching Docket ID NRC-2010-0194. Address questions about NRC dockets 
to Carol Gallagher, telephone: 301-492-3668; email: 
nrc.gov">Carol.Gallagher@nrc.gov.

Availability of Guidance

    The NRC is issuing new guidance for the implementation of the 
requirements of 10 CFR part 37. The guidance document is NUREG-2155, 
Implementation Guidance for 10 CFR part 37, ``Physical Protection of 
Category 1 and Category 2 Quantities of Radioactive Material'' (ADAMS 
Accession No. ML13053A061). This guidance is publicly available as 
stated in this ADDRESSES section.

FOR FURTHER INFORMATION CONTACT: Merri Horn, Office of Federal and 
State Materials and Environmental Management Programs, U.S. Nuclear 
Regulatory Commission, Washington, DC 20555-0001; telephone: 01-415-
8126, email: nrc.gov">Merri.Horn@nrc.gov.

SUPPLEMENTARY INFORMATION:

I. Background
    PRM 71-1
II. Discussion
    A. General Applicability
    B. Background Investigations and Access Authorization Program
    C. Physical Protection During Use
    D. Transportation Security
III. Summary and Analysis of Public Comments on the Proposed Rule
IV. Discussion of Final Amendments by Section
V. Criminal Penalties
VI. Agreement State Compatibility
VII. Plain Writing
VIII. Voluntary Consensus Standards
IX. Finding of No Significant Environmental Impact: Availability
X. Paperwork Reduction Act Statement
XI. Regulatory Analysis
XII. Regulatory Flexibility Certification
XIII. Backfit Analysis
XIV. Congressional Review Act

I. Background

    The NRC has long participated in efforts to ensure radioactive 
source protection and security. The terrorist attacks of September 11, 
2001, heightened concerns about the use of risk-significant radioactive 
materials in a malevolent act. Such an attack is of particular concern 
because of the widespread use of radioactive materials in the United 
States by industrial, medical, and academic institutions. The theft or 
diversion of risk-significant quantities of radioactive materials could 
lead to their use in a radiological dispersal device (RDD) or a 
radiological exposure device (RED).
    The NRC's current regulations provide requirements for the safe 
use, transportation, and control of licensed radioactive material. Loss 
of control of risk-significant radioactive material, whether 
inadvertent or through a deliberate act, could result in significant 
adverse impacts that could reasonably constitute a threat to the public 
health and safety or the common defense and security of the United 
States. In the changed threat environment after the attacks of 
September 11, 2001, the Commission determined that certain licensed 
material should be subject to enhanced security requirements and 
safeguarded during transport, and that individuals with unescorted 
access to risk-significant quantities of radioactive material should be 
subject to background investigations.
    As part of the development of the enhanced security measures, the 
NRC performed threat and vulnerability assessments to identify gaps or 
vulnerabilities in security and the effectiveness and costs of certain 
physical protection enhancements at various licensed facilities. The 
results of these assessments were used in the development of security 
enhancement orders that were issued to licensees using a graded 
approach based on the relative risk and quantity of material possessed 
by the licensee.
    The NRC issued the first series of orders to certain panoramic and 
underwater irradiator licensees that possessed more than 370 
Terabequerels (TBq) (10,000 curies (Ci)) of radioactive material (EA-
02-249; June 6, 2003) (68 FR 35458; June 13, 2003). The next series of 
orders were issued to certain manufacturing and distribution (M&D) 
licensees (EA-03-225; January 12, 2004) (69 FR 5375; February 4, 2004). 
These orders require the implementation of additional security measures 
and the protection of the licensee's physical

[[Page 16923]]

protection information as Safeguards Information--Modified Handling 
(SGI-M). The original orders are not publicly available because they 
contain detailed security requirements that are designated as SGI-M. 
However, redacted versions of these orders have been made available to 
the public (73 FR 33859; June 13, 2008, and 73 FR 49714; August 22, 
2008). These orders were issued to both NRC and Agreement State 
licensees under the NRC's authority to protect the common defense and 
security.
    Subsequently, the NRC issued Increased Control Orders (EA-05-090; 
November 14, 2005) (70 FR 72128; December 1, 2005) to other licensees 
authorized to possess certain risk-significant quantities of 
radioactive material (category 1 and category 2 quantities). The 
Increased Control Orders do not contain safeguards information (SGI) or 
SGI-M, and are available on the NRC's public Web site at http://www.nrc.gov/security/byproduct/orders.html. These orders were issued 
under the NRC's authority to protect public health and safety, and 
require licensees to implement enhanced security measures known as 
Increased Controls. To effect nationwide implementation of the 
Increased Control Orders, each Agreement State issued legally binding 
requirements to impose enhanced security measures, identical to the 
Increased Controls, for licensees under that State's regulatory 
jurisdiction.
    All of the orders described above specifically address the security 
of byproduct material possessed in quantities equal to or greater than 
category 1 or category 2 quantities. The orders provide for enhanced 
security measures for such things as license verification before the 
transfer of these materials, access control, intrusion detection and 
response, and coordination with local law enforcement authorities 
(LLEAs). The orders also contain requirements for the licensee to 
determine the trustworthiness and reliability of individuals permitted 
unescorted access to risk-significant radioactive materials. The 
determination involves a background investigation of the individual. 
The background investigations were originally limited to local criminal 
history records checks with law enforcement agencies, verification of 
employment history, education, personal references, and confirmation of 
employment eligibility (legal immigration status).
    In 2005, Congress passed, and the President signed, the Energy 
Policy Act of 2005 (EPAct). The EPAct amended Section 149 of the Atomic 
Energy Act (AEA) to authorize the Commission to require to be 
fingerprinted any individual who is permitted unescorted access to 
radioactive material or other property subject to regulation by the 
Commission that the Commission determines to be of such significance to 
the public health and safety or the common defense and security as to 
warrant fingerprinting and a Federal Bureau of Investigation (FBI) 
criminal history records check. With this new authority, the Commission 
determined that individuals who have access to category 1 and category 
2 quantities of radioactive material warrant fingerprinting and FBI 
criminal history records checks.
    On October 17, 2006, the NRC issued orders to panoramic and 
underwater irradiator licensees (EA-06-248) (71 FR 63043; October 27, 
2006), M&D licensees (EA-06-250) (71 FR 63046; October 27, 2006), and 
licensees making shipments of category 1 quantities of radioactive 
material (EA-06-249) (71 FR 62302; October 24, 2006) to require 
fingerprinting and FBI criminal history records checks for unescorted 
access to risk-significant quantities of radioactive material at their 
facilities. In issuing these orders, the NRC noted that a malevolent 
act by an individual with unescorted access to these materials could 
result in significant adverse impacts to the public health and safety 
or the common defense and security and, thus, necessitated expedited 
implementation of fingerprinting requirements. The orders were issued 
to both NRC and Agreement State licensees under the NRC's authority to 
protect the common defense and security. On December 5, 2007, the NRC 
issued orders to all other NRC licensees that possessed category 1 or 
category 2 quantities of radioactive material (EA-07-305) (72 FR 70901; 
December 13, 2007) to require fingerprinting and FBI criminal history 
records checks for unescorted access to category 1 or category 2 
quantities of radioactive material. These orders were issued under the 
NRC's authority to protect the public health and safety and are 
available on the NRC's public Web site at http://www.nrc.gov/security/byproduct/orders.html. To effect nationwide implementation, each 
Agreement State issued legally binding requirements consistent with the 
Increased Control Orders to licensees under their regulatory 
jurisdiction.
    In 2005, the NRC issued two sets of orders to licensees 
transporting radioactive material in quantities of concern. The first 
set of transportation security orders was issued to certain licensees 
that might be expected to transport radioactive materials in category 1 
quantities (EA-05-006; July 19, 2005) (70 FR 44407; August 2, 2005). 
These orders require the implementation of additional security measures 
and the protection of the licensee's physical protection information as 
SGI-M. The original orders are not publicly available because they 
contain detailed security requirements that are designated as SGI-M. 
However, a redacted version of the order is publicly available (73 FR 
51016; August 29, 2008). These orders were issued to both NRC and 
Agreement State licensees under the NRC's authority to protect the 
common defense and security.
    Subsequently, the NRC issued orders (EA-05-090; November 14, 2005) 
(70 FR 72128; December 1, 2005) to specifically address the 
transportation security of byproduct material transported in quantities 
equal to or greater than category 2. The Increased Control Orders 
mentioned earlier also contain requirements for transporting category 2 
quantities of radioactive material. The additional security measures 
contained in these two sets of orders provide for enhanced security 
measures during transportation that are beyond the regulations then 
applicable, and include: Enhanced security in preplanning and 
coordinating shipments; advance notification of shipments to the NRC 
and States through which the shipment will pass; control and monitoring 
of shipments that are underway; trustworthiness and reliability of 
transport personnel; information security considerations; and control 
of mobile or portable devices such as radiography cameras and well-
logging devices.
    In November 2009, the NRC issued the Increased Control Order and 
the Fingerprint Order to power reactor licensees that are undergoing 
decommissioning (EA-09-204 and EA-09-205; November 23, 2009) (74 FR 
66168 and 74 FR 66164; December 14, 2009). The orders required these 
licensees to implement the Increased Controls and to obtain 
fingerprints and criminal history records checks for individuals to 
have or continue having unescorted access to aggregated category 1 or 
category 2 quantities of radioactive material.
    In December 2009, the NRC issued orders to service provider 
licensees that were not manufacturers or distributors (EA-09-293; 
December 16, 2009 (75 FR 160; January 4, 2010). The order required 
service provider licensees to implement specific measures to ensure the 
trustworthiness and reliability of

[[Page 16924]]

their service representatives that have unescorted access to category 1 
or category 2 quantities of radioactive materials.
    The requirements put in place by all these above-described orders 
supplement the existing regulatory requirements. These additional 
requirements are primarily intended to provide reasonable assurance of 
preventing the theft or diversion of risk-significant radioactive 
material. These requirements provide the Commission with reasonable 
assurance that public health and safety and the common defense and 
security continue to be adequately protected.
    It is the Commission's preference to implement generically 
applicable requirements through rulemaking rather than by orders. An 
order is legally binding only on the licensee or licensees receiving 
the order. Further, the notice-and-comment rulemaking process allows 
members of the public to provide comments on the proposed rule.
    This rulemaking promulgates generically applicable security 
requirements for licensees possessing category 1 and category 2 
quantities of radioactive material in the regulations. New requirements 
for background investigations and an access authorization program are 
included to ensure that individuals who have access to these materials 
have gone through background investigations and are determined to be 
trustworthy and reliable. New requirements are also included to 
establish physical protection systems to detect, assess, and respond to 
unauthorized access to category 1 and category 2 quantities of 
radioactive material. For transport of the radioactive materials, new 
requirements for recipient license verification; preplanning and 
coordination of shipments; advance notification of shipments; 
notification of shipment delays, schedule changes, and suspected loss 
of a shipment; and control and monitoring of shipments are included. 
The amendments also include security requirements for shipments of 
irradiated reactor fuel that weigh 100 grams (g) (0.22 pounds (lb)) or 
less in net weight of irradiated fuel, exclusive of cladding or other 
structural or packaging material, which has a total external radiation 
dose rate in excess of 1 Gray (100 rad) per hour at a distance of 1 
meters (m) (3.3 feet (ft)) from any accessible surface without 
intervening shielding.
    In developing this final rule, the NRC considered, among other 
things, the various orders, lessons-learned during implementation of 
the orders, the recommendations of the Independent External Review 
Panel and the Materials Program Working Group, and stakeholder comments 
received on the proposed rule and the draft implementation guidance. 
The Commission chartered the Independent External Review Panel to: (1) 
Identify vulnerabilities in the NRC's materials licensing program with 
respect to import, export, specific, and general licenses; (2) validate 
the ongoing byproduct material security efforts; and (3) evaluate the 
apparent ``good faith presumption'' in the NRC licensing process that 
had in the past justified minimal investigation of new license 
applicants or inspection of their facilities before allowing their 
possession of radioactive material. The Panel's March 2008 report is 
available in ADAMS under Accession No. ML080700957. The Materials 
Program Working Group conducted a comprehensive evaluation of the 
materials program to identify short- and long-term strategies to 
mitigate security vulnerabilities. The Working Group report contains 
sensitive information and is not publicly available. However, the 
Group's comments on the Panel's report are publicly available in ADAMS 
under Accession No. ML080660424.

PRM-71-13

    On July 16, 2008 (73 FR 40767), the NRC published the resolution 
and closure of a petition for rulemaking filed by Christine O. 
Gregoire, Governor of the State of Washington (PRM-71-13). The NRC 
indicated that the issues raised by the petitioner would be considered 
in an ongoing rulemaking on security requirements for the 
transportation of radioactive material in quantities of concern.
    The petitioner requested that the NRC adopt the use of global 
positioning system (GPS) tracking as a national requirement for 
vehicles transporting highly radioactive mobile or portable radioactive 
devices. As an alternative, the petitioner stated that the Commission 
could grant States the flexibility to impose more stringent 
requirements than those required under the current Increased Controls 
Orders. The petitioner believes that GPS technology is an effective and 
relatively inexpensive tool that would give law enforcement a 
significant advantage in locating a missing source. However, the 
petitioner acknowledged that requiring a GPS on these vehicles does not 
ensure that the radiological source will be found.
    The NRC considered the issues identified by the petitioner and the 
petitioner's suggested approach to address those issues in the 
decision-making process and final determination of the rule 
requirements in the area of the petitioner's concern. The NRC 
ultimately did not include a requirement for GPS tracking in the rule. 
However, the rule does contain a requirement to use a telemetric 
position monitoring system or an alternative tracking system when 
transporting category 1 quantities of radioactive material. Use of GPS 
would be one method to satisfy this requirement. For licensees 
transporting category 2 quantities of radioactive material, tracking is 
not required. The licensee is required to maintain constant control or 
surveillance during transit. In addition, the rule at Sec.  37.53 
imposes additional security measures on mobile devices that includes 
using a method to disable the vehicle or trailer when not under direct 
control and constant surveillance by the licensee. The NRC believes 
that these requirements provide adequate protection for mobile devices 
and that GPS is neither justified nor necessary. The majority of the 
transportation security requirements are Compatibility Category B 
because there are direct and significant transboundary implications. 
Because the requirements are Compatibility B, Agreement States must 
adopt program elements essentially identical to those of the NRC and do 
not have the flexibility to adopt more stringent requirements. See also 
response to comment D29.

II. Discussion

    The NRC has determined that a new part for Title 10 of the Code of 
Federal Regulations (10 CFR) should be established for the security 
requirements for use and transportation of category 1 and category 2 
quantities of radioactive material. Separate safety and physical 
protection requirements have already been established for special 
nuclear material in 10 CFR part 73. The establishment of a new part for 
security-related requirements for byproduct material would be more 
effective and efficient compared to interspersing the requirements with 
safety requirements or placing them with the part 73 security 
requirements for special nuclear material. A new part specifically 
directed to byproduct material licensees should make applicable 
requirements easier for both licensees and other stakeholders to locate 
and understand.
    This discussion section has been divided into four subsections to 
better present information on the final rule. Each section presents 
information on a different aspect of the final rule. Section A provides 
information that is generally applicable to all aspects of this

[[Page 16925]]

rulemaking. Section B provides information on background investigations 
and the access authorization program. Section C provides information on 
the physical protection of the materials during use. Lastly, Section D 
provides information on transportation security aspects.

A. General Applicability

1. What action is the NRC taking?
    The NRC is amending its regulations to impose security requirements 
for the use and transportation of category 1 and category 2 quantities 
of radioactive material. The requirements establish the objectives and 
minimum requirements that licensees must meet to protect against theft 
or diversion of this material. These requirements are intended to 
increase the protection of the public against the unauthorized use of 
category 1 or category 2 quantities of radioactive material by reducing 
the risk of the theft or diversion of the material. The NRC is also 
amending the regulations to impose security requirements for the 
transportation of small quantities (100 grams or less) of irradiated 
fuel.
2. Why do the requirements need to be revised?
    Prior to September 11, 2001, the NRC requirements focused on safety 
and preventing inadvertent or accidental exposure of both workers and 
the public to these materials. These requirements also provided 
security for the material. The events of September 11, 2001, made the 
NRC take a broader look at its requirements and reevaluate what a 
terrorist might do to obtain these materials. From this effort, the NRC 
identified several areas where additional requirements were necessary 
to improve security. The security requirements need to be placed in the 
regulations so that they are generally applicable to all licensees. 
Publication of the proposed rule also provided an opportunity for all 
stakeholders to comment on the proposed requirements.
3. Why doesn't the NRC just keep the orders in effect?
    The orders issued by the NRC could stay in place indefinitely. 
However, the regulations would not reflect current Commission policy or 
requirements. Imposing long-term requirements through orders has not 
traditionally been the agency's preferred method of regulation. Orders, 
unlike rules, do not apply prospectively to applicants for new 
licenses. The NRC would have to periodically issue new orders to cover 
new and amended licenses, and perhaps reissue orders periodically to 
existing licensees if requirements or administrative practices change. 
In order to make the requirements generally applicable to all present 
and future licensees, the security-related requirements need to be 
placed in the regulations.
    The NRC is now formally revising its security requirements. The 
orders will remain in place for NRC licensees until the final rule is 
implemented (1 year after publication of the final rule). Once the 
final rule is implemented, the NRC will rescind the orders that were 
issued to its licensees. For Agreement State licensees that received an 
NRC order, the order will remain in place until the effective date of 
compatible requirements issued by the Agreement States. Each Agreement 
State will follow its own process for issuing these requirements. Once 
the State has issued its requirements and they become effective, the 
NRC will rescind the order.
4. Whom would this action affect?
    These requirements will apply to NRC and Agreement State licensees 
that possess an aggregated category 1 or category 2 quantity of 
radioactive material or that transport irradiated reactor fuel less 
than 100 grams net weight. This includes a wide range of licensees, 
including pool-type irradiator licensees; manufacturer and distributor 
licensees; medical facilities with gamma knife devices; self-shielded 
irradiator licensees (including blood irradiators); teletherapy unit 
licensees; radiographers; well loggers; broad scope users; radioisotope 
thermoelectric generator licensees; and licensees that ship or prepare 
for shipment category 1 or category 2 quantities of radioactive 
material. Nearly 1,400 licensees are implementing the various orders 
and are the entities that will be primarily impacted by this final 
rule. In addition, some fuel cycle and reactor licensees that possess 
sources at these levels may be impacted. Some decommissioning reactor 
licensees may also be impacted. Most licensees whose activities are 
covered under the physical protection requirements of 10 CFR part 73 
are exempt from the requirements of 10 CFR part 37. For example, a 
reactor licensed under part 50 that also possesses a radiography source 
under an NRC license does not need to implement the part 37 provisions 
if the source is protected under the reactor security program required 
by part 73. Licensees that possess an aggregated quantity of 
radioactive waste that equals or exceeds the category 2 threshold will 
need to meet some requirements, but would not need to meet most of the 
program elements in part 37.
    Aggregated quantity refers to the total quantity of radioactive 
material, calculated by use of the sum of fractions method discussed in 
question 7, that can be accessed by defeating a single physical 
barrier.
5. What are Category 1 and Category 2 quantities of radioactive 
material?
    Category 1 quantities of radioactive material have been called 
radioactive material in quantities of concern (RAMQC). Category 1 and 
category 2 quantities of radioactive material have been called risk-
significant radioactive material and refer specifically to 16 
radioactive materials (14 single radionuclides and 2 combinations). 
These materials are: Americium-241; americium-241/beryllium; 
californium-252; curium-244; cobalt-60; cesium-137; gadolinium-153; 
iridium-192; plutonium-238; plutonium-239/beryllium; promethium-147; 
radium-226; selenium-75; strontium-90 (yttrium-90); thulium-170; and 
ytterbium-169. Irradiated fuel and mixed oxide fuel are not included 
even though they may contain category 1 or category 2 quantities of 
radioactive material; these materials are covered by other regulations. 
The thresholds for category 1 and category 2 quantities of radioactive 
material are provided in the following table. Terabecquerels is the 
official unit to be used for determining whether a radioactive material 
is a category 1 or category 2 quantity. Because many licensees use 
curies in their activities instead of Becquerels, the table provides 
the curie value at three significant figures for convenience.

----------------------------------------------------------------------------------------------------------------
                                               Category 1 threshold                 Category 2 Threshold
                                       -------------------------------------------------------------------------
         Radioactive material            Terabecquerels                       Terabecquerels
                                              (TBq)          Curies (Ci)          (TBq)           Curies (Ci)
----------------------------------------------------------------------------------------------------------------
Americium-241.........................                60             1,620                0.6              16.2
Americium-241/Beryllium...............                60             1,620                0.6              16.2
Californium-252.......................                20               540                0.2               5.40

[[Page 16926]]

 
Curium-244............................                50             1,350                0.5              13.5
Cobalt-60.............................                30               810                0.3               8.10
Cesium-137............................               100             2,700                1                27.0
Gadolinium-153........................              1000            27,000               10.0             270
Iridium-192...........................                80             2,160                0.8              21.6
Plutonium-238.........................                60             1,620                0.6              16.2
Plutonium-239/Beryllium...............                60             1,620                0.6              16.2
Promethium-147........................            40,000         1,080,000              400            10,800
Radium-226............................                40             1,080                0.4              10.8
Selenium-75...........................               200             5,400                2.0              54.0
Strontium-90 (Yttrium-90).............             1,000            27,000               10.0             270
Thulium-170...........................            20,000           540,000              200             5,400
Ytterbium-169.........................               300             8,100                3                81.0
 
----------------------------------------------------------------------------------------------------------------

     These materials and thresholds are based on the IAEA Code of 
Conduct. The IAEA published these results in a document titled ``Code 
of Conduct on the Safety and Security of Radioactive Sources.'' A link 
to this document can be found on the NRC's Web site at http://www.nrc.gov/security/byproduct/enhanced-security.html. The NRC and the 
international community, led by the IAEA, revised the IAEA Code of 
Conduct in 2003, to establish common international guidance for safety 
and security measures for radioactive sources. In a separate effort, 
the U.S. Department of Energy (DOE) and the NRC reviewed the chemical, 
physical, and radiological characteristics of each radioactive material 
that is licensed in the United States, for its attractiveness to a 
terrorist. This effort identified 16 radioactive materials that could 
pose a serious threat to people and the environment if used 
malevolently. This effort further identified the different quantities 
or ``thresholds'' of materials that could be useful to a terrorist. The 
results of the DOE/NRC effort closely matched the Code of Conduct 
Category 2 quantities. The NRC adopted the IAEA Code of Conduct 
Category 1 and Category 2 threshold quantities to provide consistency 
between domestic and international efforts for security of radioactive 
materials that are deemed to be attractive targets for malevolent use.
    IAEA Safety Series RS-G-1.9, Categorization of Radioactive Sources, 
provides the underlying methodology for the development of the Code of 
Conduct thresholds. Safety Series RS-G-1.9 provides a risk-based 
ranking of radioactive sources in five categories in terms of their 
potential to cause severe deterministic effects for a range of 
scenarios that include both external exposure from an unshielded source 
and internal exposure following dispersal. The categorization system 
uses the `D' values as normalizing factors. The `D' value is the 
radionuclide specific activity of a source that, if not under control, 
could cause severe deterministic effects for a range of scenarios that 
include both external exposure from an unshielded source and internal 
exposure following dispersal of the source material. Safety Series RS-
G-1.9 is available on the IAEA's Web site at: http://www-pub.iaea.org/MTCD/publications/PDF/Pub1227_web.pdf.
6. Why are the requirements limited to these 16 radionuclides?
    The Radiation Source Protection and Security Task Force, an 
interagency task force established by the EPAct, concluded in its 2006 
report to Congress and the President (ADAMS Accession No. ML062190349) 
that the appropriate radioactive sources were being protected. The Task 
Force also concluded that the IAEA Code of Conduct serves as an 
appropriate framework for considering which sources warrant additional 
protection. For its 2010, report to Congress and the President (ADAMS 
Accession No. ML102230141), the Task Force conducted a reevaluation of 
the radionuclides that warrant additional security and protection. The 
Task Force found ``that the Category 1 and 2 quantities remain valid 
for sealed and unsealed sources as the list and threshold levels of 
radionuclides that could result in a significant RED or RDD event and 
therefore warrant enhanced security and protection.'' The Task Force 
identified seven additional radionuclides that may be of concern when 
aggregated, but the Task Force did not recommend at this time that 
these additional radionuclides should receive enhanced protection. If 
in the future the Task Force revises its view and determines that 
additional security is necessary for these materials, the NRC would 
consider requiring additional security for these materials. The Task 
Force periodically reevaluates the list of radionuclides that warrant 
additional security and protection. If the radionuclides and/or 
thresholds change in the future, any changes would be addressed in a 
future rulemaking.
7. What is the sum of fractions methodology or unity rule?
    The sum of fractions methodology, also known as the unity rule, is 
used to determine if a licensee is required to implement 10 CFR part 37 
requirements. A licensee may need to implement the requirements in 10 
CFR part 37 even if it does not possess any single source or single 
radionuclide in excess of the category 2 thresholds. For combinations 
of materials (to include sealed sources, unsealed sources, and bulk or 
loose material) and radionuclides, a licensee must include multiple 
items (including bulk material) of the same radionuclide and multiple 
items (including bulk material) of different radionuclides to determine 
if the requirements apply. For the purposes of this calculation, 
licensees are required to consider all of the aggregated radioactive 
material from the list of applicable radionuclides at any location 
where the material can be accessed by breaching a single barrier. The 
following formula for the unity rule is used to determine if a licensee 
is required to implement the part 37 requirements: [(Total amount of 
radionuclide A) / (category 2 threshold of radionuclide A)] + [(total 
amount of radionuclide B) / (category 2 threshold of radionuclide B)] + 
etc.....>= 1. If the sum is greater than or equal to 1, the licensee 
has at least a category 2 quantity of radioactive material, and the 10 
CFR part 37 requirements apply.

[[Page 16927]]

8. Does the NRC plan to issue guidance on these requirements?
    Yes, the NRC plans to issue guidance on the security requirements 
for category 1 and category 2 quantities of radioactive materials. The 
draft guidance was issued for public comment (75 FR 40756; July 14, 
2010) during the comment period on the proposed rule. The NRC is 
issuing new guidance for the implementation of the requirements of 10 
CFR part 37. The guidance document is NUREG-2155, Implementation 
Guidance for 10 CFR part 37, ``Physical Protection of Category 1 and 
Category 2 Quantities of Radioactive Material'' (ADAMS Accession No. 
ML13053A061). This guidance and public comments are available as stated 
in the ADDRESSES section of this document.
9. Will all of the information considered to be safeguards information 
under the orders now be made public?
    No. The orders issued to some licensees contained detailed security 
information that could be useful to an adversary. To increase public 
awareness and participation, the NRC identified the primary security 
concepts behind each security measure and included these concepts in 
the rule to allow discussion of the security measures in a public 
forum. But the specific measures that a licensee puts in place may be 
considered SGI-M. The final rule on safeguards information became 
effective on February 23, 2009 (73 FR 63546; October 24, 2008), and 
established as SGI-M certain physical protection information related to 
panoramic and underwater irradiators that possess greater than 370 TBq 
(10,000 Ci) of byproduct material in the form of sealed sources; 
manufacturers and distributors of items containing source material, 
byproduct material, or special nuclear material in greater than 
category 2 quantities; and transportation of source, byproduct, or 
special nuclear material in greater than or equal to category 1 
quantities. Physical protection information for other facilities that 
fall under the requirements of 10 CFR part 37 is considered physical 
protection information under 10 CFR 2.390(d)(1). Licensees are also 
required to protect the security plan and implementing information and 
the list of individuals that have unescorted access from unauthorized 
disclosure. The rule provisions that address SGI-M or include 
references to the SGI-M requirements in part 73 are reserved for the 
NRC and are considered compatibility category NRC.
10. What is the authority for this final rule?
    As noted in the background discussion, the NRC issued some orders 
under its authority to protect the common defense and security and some 
orders under its authority to protect the public health and safety. 
With respect to whether the following regulations are being issued 
under ``public health and safety'' or ``common defense and security,'' 
it should be recognized that almost all regulations relating to the 
security of materials serve both purposes to some degree. For example, 
securing radioactive materials with multiple barriers protects the 
public health and safety by preventing the unknowing theft of 
radioactive materials--such as someone stealing a vehicle with material 
stored in the vehicle, but whose target is the vehicle--which could 
result in the unintentional exposure of members of the public to the 
material. The barriers also protect the common defense and security by 
preventing the theft of the radioactive material by potential 
terrorists or others targeting the specific material intending to use 
it to affect the common defense and security by exposing members of the 
public to the material. However, the designation of the authority being 
used for these regulations does have significance in determining 
whether Agreement States or the NRC will be responsible for overseeing 
the implementation of these requirements for Agreement State licensees.
    Although section 274(b) of the AEA allows the NRC to relinquish its 
regulatory authority to Agreement States for certain radioactive 
materials and activities, section 274(m) of the AEA prevents such 
agreements from affecting the authority of the Commission to take 
regulatory action to protect the common defense and security. Thus, as 
evidenced by orders issued to Agreement State licensees after the 
events of September 11, 2001, the NRC has the ability to take necessary 
steps to address particular common defense and security needs. If these 
regulations were to be issued under the NRC's common defense and 
security authority, only the NRC would have the authority to impose 
these requirements on Agreement State licensees and the NRC would be 
responsible for inspection and enforcement of these requirements for 
Agreement State licensees.
    When regulations such as these complement both the NRC's public 
health and safety and common defense and security missions, the 
operative question is whether NRC oversight is necessary to fulfill the 
common defense and security aspects of the regulations. The NRC 
believes that the Agreement States can consistently and adequately 
implement the physical protection requirements on a nationwide basis, 
and as such, there will be no need for independent NRC action to 
protect the common defense and security. As always, the NRC retains the 
authority under section 274(m) of the AEA to take any necessary actions 
for protection of the common defense and security should individual 
licensees or Agreement State programs develop issues requiring 
immediate action. As long as all Agreement States continue to implement 
compatible and adequate security requirements, there appears to be no 
benefit to the public health and safety, or common defense and 
security, that would justify removing oversight of these requirements 
from an established regulatory program overseeing Agreement State 
licensees. Implementing these regulations under the NRC's public health 
and safety authority avoids potential complications with licensees 
being subject to dual regulatory authority for a single license. Thus, 
the NRC is issuing these regulations under its public health and safety 
authority, and these requirements are applicable to Agreement State 
licensees through the Agreement State Program.
11. When would the rule be effective?
    The final rule is effective 60 days after publication in the 
Federal Register; however, licensees do not need to comply with the 
rule until 1 year after publication. This provides time for licensees 
to put in place the necessary programs, develop procedures, and conduct 
training on the new requirements. While most of the provisions are 
similar to those contained in the orders, there are differences. The 
Agreement States will be required to issue compatible requirements 
within 3 years of the publication date of the final rule instead of 3 
years from the effective date of the rule. Licensees in an Agreement 
State will continue to operate under the orders or other legally 
binding requirements until the Agreement State issues compatible 
requirements and these requirements take effect. The provisions put in 
place for the inspection of licensees in Agreement States that received 
the orders issued under common defense and security will remain in 
place until the Agreement State implements the requirements. For those 
Agreement States that enter into 274i Agreements, the State can 
continue inspections

[[Page 16928]]

under the Agreement. For those Agreement States that did not enter into 
274i Agreements, the NRC will continue to conduct the inspections until 
the new Agreement State requirements become effective. The NRC will 
rescind the orders as the regulatory requirements become effective.
12. How does the NRC ensure licensees are following these rules?
    The NRC and Agreement States conduct inspections to ensure that 
licensees are following the requirements. The NRC and Agreement State 
inspectors will receive training and follow inspection procedures on 
how to ascertain whether licensees are meeting security requirements. 
Potential violations that are identified will be processed in 
accordance with the NRC Enforcement Policy, and depending on the 
severity of a violation, licensees could be subject to civil or 
criminal penalties. Additionally, the NRC has developed enforcement 
guidance to ensure consistency in the enforcement process. Agreement 
State licensees are subject to the State's enforcement process. Those 
Agreement State licensees that were issued NRC orders under common 
defense and security would remain subject to the NRC's enforcement 
process, until the Agreement State adopts the regulations with its own 
legally binding requirements.

B. Background Investigations and Access Authorization Program

1. Who is required to have an access authorization program?
    Any licensee that possesses category 1 or category 2 quantities of 
radioactive materials at a facility needs to determine whether it needs 
to have an access authorization program. Only those licensees that 
permit unescorted access to an aggregated category 1 or category 2 
quantity of radioactive material are required to establish and 
implement an access authorization program. If the material can be 
accessed by the breach of a single physical barrier, the licensee needs 
to implement an access authorization program. In addition, any 
applicant for a license or license amendment to possess category 1 or 
category 2 quantities of radioactive material at a facility is required 
to establish an access authorization program before obtaining the 
radioactive material, if it will be aggregating the material at or 
above the category 2 threshold.
2. What is the objective of the access authorization program?
    The main objective of the access authorization program is to ensure 
that individuals who have unescorted access to category 1 or category 2 
quantities of radioactive material are trustworthy and reliable and do 
not constitute an unreasonable risk to the public health and safety or 
common defense and security.
3. Who is subject to the licensee's access authorization program?
    Section 652 of the EPAct authorizes the Commission to require 
fingerprinting of any individual who is permitted unescorted access to 
``any radioactive material that the Commission determines to be of such 
significance to the public health and safety or the common defense and 
security as to warrant fingerprinting and background checks.'' The 
Commission has determined that the threshold that warrants 
fingerprinting and background checks is category 2. The Commission 
directed that any licensee implementing the Increased Control Orders 
should also have a fingerprinting and an FBI criminal records check for 
any individual with unescorted access to category 1 or category 2 
quantities of radioactive material. Because only licensees that had 
aggregated quantities at or above the category 2 threshold implemented 
the orders, these are the licensees that need to have an access 
authorization program, i.e., any licensee that has an aggregated 
quantity of radioactive material at or above the category 2 threshold. 
Therefore, individuals subject to a licensee's access authorization 
program include anyone permitted to have unescorted access to category 
1 or category 2 quantities of radioactive material. Unescorted access 
is defined as solitary access to category 1 or category 2 quantities of 
radioactive material or the devices that contain the material. The 
reviewing official is also included in the program to ensure that this 
individual is subjected to the same background check and degree of 
trustworthiness and reliability.
    The access authorization program may also include individuals that 
have access to SGI-M, such as vehicle drivers and accompanying 
individuals for road shipments of category 1 quantities of radioactive 
material, movement control center personnel for shipments of category 1 
quantities of radioactive material, and any individual whose assigned 
duties provide access to shipment information on category 1 quantities 
of radioactive material. Licensees may have a separate program for 
access to SGI or may include the program with the part 37 program for 
unescorted access to the material.
    Those individuals who have unescorted access to certain quantities 
of byproduct material could pose a threat to the public health and 
safety or the common defense and security because they could divert or 
steal risk-significant radioactive material, or could aid others in the 
commission of such acts. The Radiation Source Protection and Security 
Task Force encouraged the NRC to require fingerprinting and Federal 
criminal history checks of any individual with access to category 1 or 
category 2 quantities of radioactive material.
    Certain categories of individuals are relieved from the background 
investigation aspect of the access authorization program (see Section 
II, question B20 and B21). Licensees do have the option to escort an 
individual and not make a trustworthiness and reliability 
determination. The escorts need to be approved for unescorted access.
4. What are the key access authorization program requirements?
    The key components of an access authorization program are the 
reviewing official, a background investigation, use of procedures, and 
the individual's right to correct and complete the information on which 
the decision to grant unescorted access is based. Each of these areas 
is discussed in more detail in the following questions and answers.
5. What is the role of the reviewing official?
    The reviewing official is the individual that makes the 
trustworthiness and reliability determinations for the licensee; the 
reviewing official determines who can be allowed unescorted access 
authorization. Note that the Increased Control Fingerprinting Orders 
referred to a trustworthiness and reliability official (or T&R 
official) as the individual who made determinations on a subject 
individual's trustworthiness and reliability. Unlike the reviewing 
official, the T&R official did not have to be fingerprinted. Under this 
rule, fingerprints of the reviewing official(s) need to be taken by 
either a law enforcement agency, a Federal or State agency that 
provides fingerprinting services to the public, or a commercial 
fingerprinting service authorized by a State to take fingerprints and 
then be submitted to the NRC. This ensures the identification of the 
individual submitting the fingerprints. Without this requirement the 
reviewing official could

[[Page 16929]]

submit the fingerprints of another individual that is known not to have 
a criminal history or known terrorist ties. Reviewing officials must be 
permitted either access to safeguards information or unescorted access 
to category 1 or category 2 quantities of radioactive material because 
section 149 of the AEA only authorizes the collection of fingerprints 
for the purposes of unescorted access to radioactive material or access 
to safeguards information. After the licensee has completed the 
background investigation for the reviewing official and determined that 
the individual is trustworthy and reliable, the licensee must provide 
under oath and affirmation, a certification that the reviewing official 
is deemed trustworthy and reliable. For certain licensees, the NRC may 
have approved reviewing officials, either under the October 17, 2006, 
orders (EA-06-248, EA-06-250, and EA-06-249), under the August 21, 
2006, SGI-M Orders, or under other regulatory requirements. In those 
cases, the reviewing official may continue to act in that capacity. If 
the reviewing (or T&R) official has not had an FBI criminal records 
history check, he or she needs to be fingerprinted and undergo a 
background investigation and be named by the licensee before making 
additional trustworthiness and reliability determinations. If the 
individual falls under one of the categories of individuals granted 
relief from the background investigation, the individual can be 
determined to be trustworthy and reliable without going through a full 
background investigation. The NRC believes that it is important that 
the individual who is making the final determination on whether an 
individual is trustworthy and reliable be trustworthy and reliable 
themselves and have undergone the same background investigation as 
individuals who would be granted unescorted access, including 
fingerprinting and the FBI criminal records check. If the reviewing 
official is not fingerprinted, a gap could be created in the security 
program that could potentially be exploited. The reviewing official 
could have a criminal history or terrorist ties and allow other 
individuals with a criminal history or terrorist ties to have 
unescorted access to radioactive material in quantities of concern. 
This addresses the good faith presumption.
6. What is informed consent?
    Informed consent is the authorization provided by an individual 
that allows a background investigation to be conducted to determine 
whether the individual is trustworthy and reliable. The signed consent 
includes authorization to share personal information with other 
individuals or organizations as necessary to complete the background 
investigation. An individual can withdraw his or her consent at any 
time. After the withdrawal, the licensee may not initiate any elements 
of the background investigation that were not in process at the time of 
the withdrawal of consent. The licensee is required to inform the 
individual that withdrawal of consent for the background investigation 
is sufficient cause for denial or termination of unescorted access 
authorization.
    Licensees do not need to obtain signed consent from individuals 
that have already undergone a background investigation that included 
fingerprinting and an FBI criminal history records check, been 
determined to be trustworthy and reliable, and permitted unescorted 
access to category 1 or category 2 quantities of radioactive material 
under the NRC orders or the legally binding requirements issued by the 
Agreement States. A signed consent is needed for any reinvestigation.
7. What is a personal history disclosure?
    The personal history disclosure is the personal history required to 
be provided by the individual seeking unescorted access to category 1 
or category 2 quantities of radioactive material. The information 
includes items such as employment history, education, and any arrest 
record. This information provides the reviewing official with a 
starting point for the background investigation. Failure to provide the 
information or falsification of any information could be grounds for 
denial of the individual's request for unescorted access authorization 
or termination of access if the individual already has access. If the 
individual provides false information, it could be an indication that 
he or she is not trustworthy or reliable.
8. What are the components of a background investigation?
    A background investigation includes several components: 
Fingerprinting and an FBI identification and criminal history records 
check; verification of true identity; employment history verification; 
verification of education; and character and reputation determination.
    It is the licensee's responsibility to make a trustworthiness and 
reliability determination of an employee, contractor, or other 
individual who will be granted unescorted access to category 1 or 
category 2 quantities of radioactive material or a device containing 
such radioactive material. It is expected that licensees will use their 
best efforts to obtain the information required to conduct a background 
investigation to determine an individual's trustworthiness and 
reliability. Information previously obtained during the hiring process 
may be used to support a licensee's determination of an individual's 
trustworthiness and reliability without having to reverify that 
information. There is no particular piece of information that would 
automatically disqualify an individual from access. The intent is that 
the information is considered as a whole in determining if an 
individual is both trustworthy and reliable.
    Fingerprinting an individual for an FBI criminal history records 
check is an important element of the background investigation. It can 
provide comprehensive information regarding an individual's recorded 
criminal activities within the United States and its territories and 
the individual's known affiliations with violent gangs or terrorist 
organizations.
    Verification of true identity is necessary to make sure that the 
individual is who he or she claims to be and that the documentation 
matches. This check is important to make sure that someone is not 
posing as someone else.
    Employment history, education verification, character and 
reputation determination; and obtaining independent information are 
necessary to ensure that the individual is who they claim to be, that 
the individual has not made false claims, has a good reputation, and 
conducts his or herself in a trustworthy and reliable manner.
    The background investigation is a tool to determine whether 
individuals are trustworthy and reliable and could be permitted 
unescorted access to category 1 or category 2 quantities of radioactive 
material. It is essential to ensure that individuals seeking unescorted 
access to radioactive material are dependable in judgment, character, 
and performance, such that unescorted access to category 1 or category 
2 quantities of radioactive material by that individual does not 
constitute an unreasonable risk to the public health and safety or 
common defense and security.
    Nothing in the regulations prevents a licensee from including other 
elements in its background investigation. Although the NRC did not 
include the credit history check as a required element of the 
background investigation, a credit history check can provide 
supplemental information that could be useful to licensees, 
particularly in the situation where it is difficult to

[[Page 16930]]

make a trustworthiness and reliability determination. Information from 
a credit history check could provide additional information that would 
be useful in making that final decision. To the extent that a licensee 
decides to use a credit history check as a measure beyond the 
regulatory minimum required for the access authorization program, the 
NRC acknowledges the merit of such use.
9. Where does a licensee submit the fingerprints for processing?
    Under the EPAct, licensees are required to submit the fingerprints 
to the NRC, which forwards the fingerprints to the FBI for processing. 
If an individual comes under one of the categories for relief specified 
in 10 CFR 37.29, the licensee does not need to submit the individual's 
fingerprints to the NRC.
10. What should a licensee do if an individual or entity contacted as 
part of a background investigation refuses to respond?
    If a previous employer, educational institution, or any other 
entity fails to provide information or indicates an inability or 
unwillingness to provide information in a timely manner, the licensee 
is required to document the refusal, unwillingness, or inability to 
respond in the record of investigation. The licensee then needs to 
attempt to obtain confirmation from at least one alternate source that 
has not been previously used.
11. Does an individual have the right to correct his or her criminal 
history records?
    Yes, an individual has the right to correct his or her criminal 
history records before any final adverse determination is made. If the 
individual believes that his or her criminal history records are 
incorrect or incomplete in any respect, he or she can initiate 
challenge procedures. These procedures include direct application by 
the individual challenging the criminal history records to the law 
enforcement agency that contributed the questioned information. Before 
an adverse determination on a request for unescorted access, 
individuals have the right to provide additional information.
12. Is a licensee required to have procedures for implementing the 
access authorization program?
    Yes, licensees are required to develop, implement, and maintain 
written procedures for implementing the access authorization program. 
At a minimum, procedures need to address notification of individuals 
denied unescorted access authorization, including provisions for review 
of the denial.
13. What information should the reviewing official use to determine 
that an individual is trustworthy and reliable?
    The reviewing official uses all of the information gathered during 
the background investigation, including the information received from 
the FBI, in making a determination that an individual is trustworthy 
and reliable. The reviewing official may not determine that an 
individual is trustworthy and reliable and grant unescorted access 
until the information obtained for the background investigation has 
been evaluated. The reviewing official may deny unescorted access to 
any individual based on any information obtained at any time during the 
background investigation. However, as required by section 149.c(2)(c) 
of the AEA, the licensee may not base a final determination to deny an 
individual unescorted access to category 1 or category 2 quantities of 
radioactive material solely on the basis of information received from 
the FBI involving: (1) An arrest more than 1 year old for which there 
is no information of the disposition of the case; or (2) an arrest that 
resulted in dismissal of the charge or an acquittal. If there is no 
record on the disposition of the case, it may be that information on a 
dismissal or acquittal was not recorded.
14. How frequently is a reinvestigation required?
    A reinvestigation is required every 10 years to help maintain the 
integrity of the access authorization program. This is necessary 
because an individual's situation may change over time in a manner that 
can adversely affect his or her trustworthiness and reliability. The 
reinvestigation includes only the fingerprinting and the FBI criminal 
history check.
15. Are licensees required to protect information obtained during a 
background investigation?
    Yes, licensees are required to protect the information obtained 
during a background investigation. The licensee is required to 
establish and maintain a system of files and procedures for protection 
of the information from unauthorized disclosure. Licensees are only 
permitted to disclose the information to the subject individual, the 
individual's representative, those who have a need-to-know the 
information to perform their assigned duties to grant or deny 
unescorted access to category 1 or category 2 quantities of material or 
safeguards information, or an authorized representative of the NRC.
16. Can a licensee transfer personal information obtained during an 
investigation to another licensee?
    Yes, a licensee can transfer background information on an 
individual to another licensee if the individual makes a written 
request to the licensee to transfer the information contained in his or 
her file.
17. If I receive background investigation information from another 
licensee, can I rely on that information?
    Yes, a licensee can rely on the background investigation 
information that is transferred from another licensee. However, a 
licensee is required to verify information such as name, date of birth, 
social security number, gender, and other physical characteristics to 
ensure that the individual is the person whose file has been 
transferred. The licensee can also choose to verify other information 
that is transferred or to escort the individual and not grant him or 
her unescorted access.
18. What records are required to be maintained?
    Licensees are required to retain all fingerprint and criminal 
history records received from the FBI, or a copy if the individual's 
file has been transferred, for 3 years after the individual no longer 
requires unescorted access to category 1 or category 2 quantities of 
radioactive material. Licensees are also required to retain the written 
confirmation received from entities concerning a security clearance or 
favorably adjudicated criminal history records check and any written 
verifications received from service providers. A licensee is not 
required to retain the actual fingerprints. The licensee must keep the 
determination basis and the list of individuals permitted unescorted 
access.
19. How does a licensee determine the effectiveness of the access 
authorization control program?
    Licensees are required to review their program annually to confirm 
compliance with the requirements. The review evaluates all program 
performance objectives and requirements, documents any findings and 
corrective actions, and is conducted annually. Any records need to be 
maintained for 3 years.

[[Page 16931]]

20. Are individuals transporting radioactive material subject to the 
background investigation requirements?
    As part of this rulemaking, the NRC considered what level of 
responsibility to place on its licensees regarding fingerprinting and 
criminal history records checks for persons involved in the 
transportation of category 1 and category 2 quantities of radioactive 
material. Licensees covered by the fingerprinting and criminal history 
records check requirements of this final rule may decide to transfer 
radioactive material away from the site or may receive radioactive 
material from another entity.
    Such transfers or receipts may occur either as part of a shipment 
to or from a domestic company or an international company. Individuals 
involved in the shipment, in particular those employed by carriers or 
other organizations handling shipments, may have unescorted access to 
the material during the shipment process. These persons may not be 
employees of the licensee and thus may not be under the licensee's 
direct control. Section 37.29(a) grants relief from the background 
investigation for those individuals who are commercial vehicle drivers 
for road shipments of category 2 quantities of radioactive material and 
package handlers at transportation facilities such as freight terminals 
and railroad yards. Individuals that have access to SGI-M, such as 
drivers for category 1 shipments and movement control personnel for 
category 1 shipments, must undergo fingerprinting and an FBI criminal 
history records check as required by 10 CFR 73.21.
21. Who would be relieved from the background investigation 
requirements?
    Under section 149.b. of the AEA, the NRC may, by rule, relieve 
individuals from the fingerprinting, identification, and criminal 
history records check requirements if it finds that such action is 
``consistent with its obligations to promote the common defense and 
security and to protect the health and safety of the public.'' The NRC 
issued a final rule, 10 CFR 73.61, relieving certain individuals who 
are permitted unescorted access to radioactive materials from the 
fingerprinting, identification, and criminal history records checks 
required by section 149.a. of the AEA (72 FR 4945; February 2, 2007). 
The individuals relieved from fingerprinting, identification, and 
criminal history records checks under that rule include Federal, State, 
and local officials involved in security planning; Agreement State 
employees who conduct security inspections on behalf of the NRC 
pursuant to 274.i. of the AEA; and other government officials who may 
need unescorted access to radioactive materials or other property 
subject to regulation by the Commission as part of their oversight 
function. The categories of individuals relieved by the rule included 
the same individuals as those relieved in an earlier rulemaking from 
fingerprinting and criminal history records check requirements 
applicable to safeguards information (71 FR 33989; June 13, 2006).
    Under this final rule, the Commission is using the same listing of 
categories of individuals with the following modifications. Emergency 
response personnel who are responding to an emergency are relieved from 
the requirements because it is impossible to predict when emergency 
access might be necessary. The need to provide an escort for those 
responding to an emergency could impede the response function. 
Employees of carriers that transport category 2 quantities of 
radioactive material and package handlers at transportation facilities 
are also relieved. These individuals would typically be outside the 
control of the licensee and the licensee would have no way of knowing 
or influencing who those individuals might be. The NRC will rely on the 
U.S. Department of Transportation (DOT) and the Transportation Security 
Administration (TSA) programs for background investigations of these 
personnel. While the background investigation may not be identical to 
those required under 10 CFR part 37, the NRC believes that the 
potential risk that a commercial driver or package handler might pose 
due to any difference in the background investigation is acceptably 
small.
    Many of the individuals that are relieved from the background 
investigation requirements are considered trustworthy and reliable by 
virtue of their occupational status and have either already undergone a 
background investigation as a condition of their employment, or are 
subject to direct oversight by government authorities in their day-to-
day job functions.
    Certain persons, as part of the duties of their specific 
occupation, may be separately or previously subject to background 
investigations, either as a result of NRC requirements (such as under 
other requirements for access to SGI or SGI-M) or as a result of 
requirements of other agencies. These persons are not subject to 
separate background investigation requirements under this final rule; 
individuals who have undergone a background investigation, including 
fingerprinting, and been found acceptable for unescorted access under 
provisions of other such requirements, do not need to undergo another 
background investigation nor would a separate determination of their 
trustworthiness and reliability need to be made. Individuals that have 
undergone fingerprinting and an FBI criminal history records check 
under other agency programs do not need to be fingerprinted again, but 
would be subject to the other elements of the background investigation. 
These programs include the National Agency Check, Transportation Worker 
Identification Credentials (TWIC) under 49 CFR 1572, Bureau of Alcohol, 
Tobacco, Firearms, and Explosives background check and clearances under 
27 CFR 555, Health and Human Services security risk assessments for 
possession and use of select agents and toxins under 42 CFR 73, 
Hazardous Material security threat assessment for hazardous material 
endorsement to commercial drivers license under 49 CFR 1572, and 
Customs and Border Patrol's Free and Secure Trade (FAST) Program. The 
individual must make available the appropriate documentation. Written 
confirmation from the agency/employer that granted the Federal security 
clearance or reviewed the criminal history records check must be 
provided to the licensee.
    This rule does not authorize unescorted access to any radioactive 
materials or other property subject to regulation by the Commission. 
Rather, the rule makes clear that a licensee may permit unescorted 
access to certain categories of individuals otherwise qualified for 
access without performing a background investigation. Licensees still 
need to decide whether to grant or deny an individual unescorted access 
independently of this provision. Any required training needs to be 
conducted before allowing unescorted access.

C. Physical Protection During Use

1. Who is affected by the requirements?
    Any licensee that possesses an aggregated category 1 or category 2 
quantity of radioactive material is required to establish, implement, 
and maintain a security program meeting the requirements of 10 CFR part 
37 of subpart C. (The NRC considers material to be ``aggregated'' if an 
adversary could gain access to a category 2 or greater quantity by 
breaching a single physical barrier.) In addition, any applicant for a 
license or license amendment to possess category 1 or category 2 
quantities of radioactive material at a facility is

[[Page 16932]]

required to establish a security program before obtaining the 
radioactive material, if it will be aggregating the material at or 
above the category 2 threshold.
2. What is the objective of the security program and what are the key 
security program requirements?
    The final rule requires affected licensees to establish, implement, 
and maintain a security program. The objective of the security program 
is to monitor, and without delay detect, assess, and respond to any 
actual or attempted unauthorized access to category 1 or category 2 
quantities of radioactive materials. A licensee's security program 
needs to include a written security plan, implementing procedures, 
training, use of security zones, protection of information, 
coordination with the LLEA, testing and maintenance of security-related 
equipment, security measures, and a program review. Each of these areas 
is discussed in more detail in the following questions and answers.
3. What should a licensee's security plan address?
    The purpose of a security plan is to establish, in writing, the 
licensee's overall security strategy to ensure that all of the required 
security measures work effectively and in an integrated way for all 
facilities and operations where aggregated quantities of category 1 or 
category 2 quantities of radioactive material will be used or stored. 
The plan should, among other things, include a description of the 
measures and strategies to implement the security requirements and 
identify the security resources being used to meet the requirements.
    A licensee can revise its security plan to address changing 
circumstances. Any changes to the security plan, as well as the 
original plan, must be approved by the individual with overall 
responsibility for the security program. The security plan must be 
retained for 3 years after it is no longer needed. The licensee must 
retain any superseded portions of the security plan for 3 years.
    Security plans are important for the implementation of a 
performance-based regulation. An adequate plan requires a licensee to 
analyze the particular security needs of its individual facilities and 
to explain how it will implement its chosen security measures to ensure 
that they work together to meet the applicable performance objectives.
4. Is a licensee required to have security procedures?
    Yes, licensees are required to develop and maintain written 
implementing procedures that document how the security requirements and 
the security plan will be met. These procedures must be designed to 
meet the individualized security needs of each location where an 
aggregated category 1 or category 2 quantity of radioactive material is 
used or stored. Procedures need to be approved, in writing, by the 
individual with overall responsibility for the security program. 
Licensees are required to keep a copy of the current procedures as a 
record for 3 years. Superseded portions of the procedures are retained 
for 3 years. Licensees should not submit procedures to the NRC as part 
of the license application.
5. What training is required?
    As part of its physical protection program, each licensee is 
required to conduct training on the security plan to ensure that those 
individuals responsible for implementation of the plan possess and 
maintain the knowledge, skills, and abilities to carry out their 
assigned duties and responsibilities effectively. The extent of the 
training needs to be commensurate with the individual's potential 
involvement in the security of category 1 or category 2 quantities of 
radioactive material. Individuals need to be instructed in the 
licensee's security program and implementing procedures, their 
responsibilities, and the appropriate response to alarms. Licensees 
with dedicated security staff are encouraged to train their security 
personnel in the timely notification of affected LLEAs during 
emergencies.
    An individual subject to the training requirements of 10 CFR 
37.43(c) needs to complete the training before being allowed unescorted 
access to category 1 or category 2 quantities of radioactive material. 
The licensee needs to provide refresher training annually or when 
significant changes have been made to the security program. The 
refresher training addresses any significant changes; reports on 
relevant security issues, problems, or lessons learned; relevant 
results from NRC inspections; and relevant results from the licensee's 
program review and the testing and maintenance program. Training 
records must be maintained for 3 years and need to include training 
topics, training dates, and the list of personnel that attended the 
training.
    Training is essential if the licensee is to be adequately prepared 
for an effective and coordinated response to any effort to steal or 
divert category 1 or category 2 quantities of radioactive material. 
Adequate training is indispensable for an appropriate licensee response 
to an unauthorized intrusion.
6. Are licensees required to protect information concerning their 
security program?
    Yes. To prevent unauthorized disclosure, licensees are required to 
limit access to their security plans, implementing procedures, and the 
list of individuals that have unescorted access to the material. These 
efforts include measures to allow access to these documents only to 
those individuals who have a need to know the information to perform 
their duties and have been determined to be trustworthy and reliable 
based on the background investigation requirements set forth in 10 CFR 
37.25(a)(2) through (a)(7). Licensees are required to store security 
information in a manner to prevent unauthorized removal, such as 
storage in a locked office or desk drawer.
    To ensure that only trustworthy and reliable individuals with a 
need to know are allowed access to security plans and procedures, 
licensees need to develop, implement, and maintain written policies and 
procedures to control access to their security plan and security 
procedures. The licensee's information protection policies and 
procedures need to ensure the proper handling and protection of 
security plans and implementing procedures against unauthorized 
disclosure. Licensees are required to retain copies of the policies and 
procedures.
    Licensees that have SGI or SGI-M would remain subject to the more 
stringent information protection requirements of 10 CFR 73.21, 
including fingerprinting and an FBI criminal records check.
7. What is the purpose of a security zone?
    A security zone is any area established by a licensee to provide 
physical protection for category 1 or category 2 quantities of 
radioactive material. All category 1 and category 2 quantities of 
radioactive material need to be used and stored within a security zone.
    The purpose of security zones is to isolate and control access to 
the material to protect it more effectively and deter theft or 
diversion by providing, among other things, more time for licensees and 
LLEAs to respond. Isolation measures protect category 1 or category 2 
quantities of radioactive material by

[[Page 16933]]

allowing access to security zones only through established access 
control points. Access control measures allow only approved individuals 
to have unescorted access to the security zone, and ensure that other 
individuals with a need for access are escorted by approved 
individuals. A security zone effectively defines where the licensee 
will apply these isolation and access control measures.
    To limit unescorted access to only approved individuals, licensees 
could isolate the radioactive materials using continuous physical 
barriers that allow access to the security zone only through 
established access control points; or licensees could exercise direct 
control of the security zone by approved individuals at all times.
    Security zones may be permanent or temporary. Temporary security 
zones need to be established to meet transitory or intermittent 
operating requirements such as periods of maintenance, source delivery, 
and source replacement. A licensee could meet the requirements for a 
security zone at some temporary job sites (such as those involving 
onsite operations lasting less than a day) simply by keeping the area 
under ``direct supervision'' by authorized personnel. Similarly, when 
work is being done inside a temporary zone, a licensee could meet the 
requirements for controlling unescorted access by having the material, 
persons, and area within the zone under direct control of approved 
individuals at all times.
    Because the purpose of security zones is different from the 
radiation safety purposes of the restricted areas and controlled areas 
defined in 10 CFR part 20, the security zone does not have to be the 
same as either of these areas. Because measures to control access are 
required for both radiation protection and security, however, a 
licensee does have the flexibility to use an area required for 
radiation protection purposes to fulfill the required functions of a 
security zone. Thus, for a temporary well-logging operation within 
which the licensee is required by 10 CFR 39.71 to have a ``restricted 
area'' to ``maintain direct surveillance * * * to prevent unauthorized 
entry into a restricted area,'' a licensee could define a security zone 
with the same boundaries as this ``restricted area.'' Similarly, a 
radiographer could choose to define a security zone with the same 
boundaries as the ``high radiation area'' over which radiography 
licensees are required by 10 CFR 34.51 to ``maintain direct visual 
surveillance * * * to protect against unauthorized entry.''
    Because materials licensee sites are differently configured and do 
not lend themselves to generically defined physical areas, the security 
zone concept permits significant flexibility for licensees to account 
for a range of site-specific concerns. It also provides regulators with 
a well-defined and enforceable requirement keyed to performance 
objectives of isolation and access control.
8. When are special additional measures for category 1 quantities of 
radioactive material required?
    One provision of the final rule applies to category 1 quantities of 
radioactive material during periods of maintenance, source receipt, 
preparation for shipment, installation, or source removal or exchange. 
Licensees are required to provide, at a minimum, an approved individual 
to maintain continuous surveillance of sources in temporary security 
zones and in any security zone in which physical barriers or intrusion 
detection systems have been disabled to allow the specified activities.
    Due to the natural decay of their radioactivity, sources lose their 
effectiveness as they get older and have to be replaced or replenished 
periodically with new sources to maintain a device's expected 
performance. Tamper-indicating devices and other intrusion detection 
equipment typically must be disabled to permit the device to be opened 
without tripping alarms. The new sources are typically shipped by an 
offsite supplier, who also often performs removal and exchange or 
reinstallation. After replacement, the removed older sources must be 
prepared onsite for shipment back to the manufacturer or for storage 
and eventual disposal. These non-routine operations by non-licensee 
employees at the licensee's site, during a time when devices for 
detecting theft or diversion are disabled, call for additional measures 
to compensate for the temporary increase in vulnerability.
9. What is required to monitor and detect an unauthorized entry into a 
security zone?
    A licensee is required to establish and maintain the capability to 
continuously monitor and detect all unauthorized entries into its 
security zone(s). Monitoring and detection are performed by either a 
monitored intrusion detection system that is linked to an onsite or 
offsite central monitoring facility; electronic devices for intrusion 
detection alarms that would alert nearby facility personnel; monitoring 
by a video surveillance system; or direct visual surveillance by 
individuals.
    A licensee also needs the capability to detect unauthorized removal 
of the radioactive material. For category 1 quantities of radioactive 
material, a licensee needs to immediately detect any attempted 
unauthorized removal through the use of electronic sensors linked to an 
alarm or continuous visual surveillance. For category 2 quantities of 
radioactive material, a licensee needs to verify the presence of the 
radioactive material through weekly physical checks, tamper indicating 
devices, actual usage of the material, or other means.
10. What are the requirements for personnel communications and data 
transmission?
    Licensees are required to maintain continuous capability for 
personnel communication and electronic data transmission and processing 
among site security systems for any personnel and automated or 
electronic systems used to support the site security systems. Licensees 
are required to have alternative capability for any system in the event 
of loss of the primary means of communication or data transmission and 
processing. The alternative means cannot be subject to the same failure 
mode as the primary systems.
11. What does a licensee need to do when it detects an intrusion into 
its security zone?
    A licensee's response to an intrusion depends on the licensee's 
assessment of the purpose of the intrusion, but a response is required 
without delay. If the unauthorized access appeared to the licensee to 
be an actual or attempted theft, sabotage, or diversion of category 1 
or category 2 quantities of radioactive material, the licensee needs to 
immediately notify and request an armed response from the appropriate 
LLEA. An immediate response by the licensee permits a more timely 
response from law enforcement, thereby, reducing the risk that the 
material could be used for malevolent purposes. Immediate notification 
also allows for early warning to other possible targets of a 
simultaneous attempt to divert material from multiple locations.
    A licensee's decision to call the LLEA and the NRC depends not only 
on the licensee's assessment of the intent of the unauthorized access 
but also on whether the area where the breach occurred is an area the 
licensee had previously determined needed to be monitored in order to 
meet the NRC's physical protection requirements. Thus, a licensee's 
assessment and response to an intrusion alarm in the business office 
section of its facility could be entirely

[[Page 16934]]

different from its assessment and response to an intrusion alarm in a 
radioactive materials storage area.
12. Can a licensee use automated devices to assess an intrusion and 
alert an LLEA?
    Depending on the security system, the layout of controlled areas, 
and the design capabilities of the sensors, automated devices or 
systems may be programmed to automatically summon LLEA assistance in 
response to an intrusion alarm.
13. What coordination is required with LLEA?
    Licensees are required to coordinate, to the extent practicable, 
with the LLEA to discuss the LLEA response to threats to the licensee's 
use of Category 1 or 2 quantities of radioactive material. An LLEA is 
defined as a public or private organization that has been approved by a 
Federal, State, or local government to carry firearms and make arrests, 
and is authorized and has the capability to provide an armed response 
in the jurisdiction where the licensed category 1 or category 2 
quantity of radioactive material is used, stored, or transported. In 
the event of an actual or attempted theft, sabotage, or diversion of 
radioactive material, an armed response is likely to be necessary. 
Adversaries could be well armed, and the small unarmed or lightly-armed 
private security guard service typically used at byproduct material 
licensee sites would not be an adequate substitute for an LLEA. 
However, the LLEA need not be a municipal or county police force. If a 
hospital or university campus police force is the nearest law 
enforcement agency to the licensee's operation capable of providing an 
armed response and making arrests, that police force would meet the 
definition of an LLEA.
    Coordination activities include providing a description of the 
facility, radioactive materials, and security measures and notification 
that the licensee will request a timely and armed response to any 
actual or attempted theft, sabotage, or diversion of the licensee's 
radioactive materials. The licensee is required to document its 
coordination efforts. The documentation could include such items as the 
dates, times, and locations of meetings or phone calls and a list of 
licensee and LLEA staff present at the meetings. Licensees are required 
to coordinate with the LLEA at least every 12 months.
    Coordination with an LLEA is essential in developing an effective 
and efficient physical protection program. Because certain situations 
may necessitate an armed response, a strategy that is consistent in 
scope and timing with realistic potential vulnerabilities of the 
subject radioactive material should be coordinated well in advance with 
the LLEA. Another purpose of coordination is to provide the responsible 
LLEA with an understanding of the potential consequences associated 
with unauthorized use of the radioactive material of concern, so that 
the LLEA can determine the appropriate priority of its response. The 
LLEA response is needed not only to interdict and disrupt an attempted 
theft or sabotage onsite, but also possibly for offsite coordination to 
protect public health and safety and to mitigate the potential 
consequences of unauthorized use of the radioactive material.
14. What if the LLEA declines to coordinate with a licensee?
    The NRC recognizes that it cannot exercise authority over LLEAs, or 
any party over which a licensee has no control and the NRC has no legal 
jurisdiction. The NRC also recognizes that an LLEA may have good 
reasons for not engaging in coordination activities.
    An LLEA's refusal to coordinate with a licensee does not by itself 
render a licensee's security plan inadequate. The NRC recognizes that 
in an actual emergency, State and local government officials will 
respond to protect the health and safety of the public. A licensee is 
required under 10 CFR 37.45(a)(2) to notify the appropriate NRC 
regional office within 3 business days if the LLEA has not responded to 
a request for coordination within 60 days of the coordination request, 
or if the LLEA notifies the licensee that the LLEA does not plan to 
participate in coordination activities. The notification allows the NRC 
to contact the LLEA directly to ensure that the LLEA understands the 
importance of adequate coordination. In some cases, the NRC might 
contact the Department of Homeland Security (DHS) and request DHS 
assistance with the LLEA. If the LLEA refuses to coordinate beforehand, 
the licensee could still comply by making and documenting periodic 
good-faith efforts to elicit the LLEA's participation in planning for a 
timely and effective response.
15. What are the LLEA notification requirements for work at a temporary 
job site?
    The final rule does not require any notification of or coordination 
with the LLEA for work at temporary jobsites.
16. What are the special requirements for mobile sources?
    The rule requires licensees using mobile devices containing a 
category 1 or category 2 quantity of radioactive material to have two 
independent physical controls that form tangible barriers to prevent 
unauthorized removal of the device. For devices in or on a vehicle or 
trailer, a licensee is required to use a method to disable the vehicle 
or trailer when it is not under direct control and constant 
surveillance by the licensee. Licensees are not allowed to rely on the 
removal of an ignition key to meet this requirement. The rule does 
allow for the situation where a site's health and safety procedures 
prohibit the disabling of the ignition. In those instances, the 
licensee would not be required to disable the ignition. These 
provisions are in addition to the other requirements in subpart C.
    Mobile devices, particularly portable ones, are likely to be more 
vulnerable to attempted theft or diversion because an adversary could 
more easily remove these devices before the licensee or LLEA has an 
opportunity to respond. The objective of this requirement is to delay 
intruders long enough for a timely licensee and LLEA response.
    A mobile device is defined in the rule as a piece of equipment 
containing licensed radioactive material that is either: (1) Mounted on 
wheels or casters or otherwise equipped for moving without a need for 
disassembly or dismounting, or (2) designed to be hand carried. Mobile 
devices do not include stationary equipment installed in a fixed 
location, such as an irradiator, but the definition includes 
radiography cameras, source changers, well logging equipment, and 
gauges or controllers. The definition could also include storage 
containers, lead pigs for holding sources during a source exchange, and 
onsite or offsite transportation packages, if they contained category 1 
or category 2 quantities of radioactive material.
17. What maintenance and testing requirements apply to the security 
systems?
    Consistent with 10 CFR 37.51, licensees are required to test 
intrusion alarms, physical barriers, and other systems used for 
securing and monitoring access to radioactive material, and these items 
need to be maintained in operable condition. Each intrusion alarm and 
associated communication system subject to the rule's requirements for 
monitoring, detection, and assessment needs to be inspected and tested 
for performance.

[[Page 16935]]

The licensee only needs to test the equipment that it relies on to meet 
the requirements of 10 CFR part 37. This would include any backup 
equipment or systems relied upon in the event of a primary system 
failure. If the licensee has additional equipment or systems that are 
not relied on to meet the rule requirements, the extra equipment and 
systems would not need to be tested and maintained.
    The frequency for testing is based on the manufacturer's suggested 
timing. If the manufacturer does not suggest a frequency, the licensee 
must conduct the maintenance and testing at least annually. Licensees 
are required to maintain records of the maintenance and testing 
activities for 3 years.
18. What events does a licensee need to report to the NRC?
    A licensee is required to report any actual or attempted theft, 
sabotage, or diversion of a category 1 or category 2 quantity of 
radioactive material as soon as possible after initiating a response, 
which includes notification of the LLEA. The licensee is required to 
submit a written report to the NRC within 30 days after the initial 
notification. A licensee is also required to assess any suspicious 
activity related to possible theft, sabotage, or diversion of category 
1 or category 2 quantities of radioactive material and notify the LLEA 
as appropriate. If the licensee notifies the LLEA, it must also notify 
the NRC. The written 30-day report is not required for suspicious 
activity reports.
19. How does a licensee determine the effectiveness of the security 
program?
    Licensees are required to review the security program annually to 
confirm compliance with the requirements. The review is to evaluate the 
security program content and implementation. The licensee is required 
to document any review findings and corrective actions, and the records 
need to be maintained for 3 years.

D. Transportation Security

1. What is the NRC authority to issue these transportation security 
requirements?
    Sections 53, 81, and 161 of the AEA, as amended, provide the NRC 
with the statutory authority to issue these transportation security 
requirements. The NRC shares jurisdiction over the transport of 
radioactive material traveling over public roadways and by rail with 
DOT and DHS.
2. Why is this material being shipped?
    In general, category 1 and category 2 quantities of radioactive 
material are shipped to medical institutions, companies that support 
medical and academic institutions, and companies that manufacture and 
distribute radioactive material for various industrial applications. As 
radioactive sources get older, radioactive decay decreases the sources' 
strength and the sources lose their effectiveness and have to be 
replaced or replenished with new sources. The older sources must be 
transported for disposal or back to the manufacturer.
3. What are the new transportation security requirements?
    In general, the final rule includes requirements for pretransfer 
checks, preplanning and coordination of shipments, advance notification 
of shipments, control, monitoring, and communications during shipments, 
procedures, investigations of missing shipments, and reporting of 
missing material. Each of these areas is discussed in more detail in 
the following questions and answers.
    These requirements apply to ground transport of category 1 or 
category 2 quantities of radioactive material shipped in a single 
package or in multiple packages in a single conveyance. The category 1 
requirements also apply to shipments of irradiated reactor fuel 
weighing 100 g (0.22 lb) or less in net weight of irradiated fuel, 
exclusive of cladding or other structural or packaging material, which 
has a total external radiation does rate in excess of 1 Gray (100 rad) 
per hour at a distance of 1 m (3.3 ft) from any accessible surface 
without intervening shielding. Note that a licensee is not responsible 
for complying with these requirements when a carrier aggregates 
radioactive material, during transport or storage incidental to 
transport, for two or more conveyances from separate licensees that 
individually do not exceed the limits. The shipping licensee is 
responsible for meeting the requirements unless the receiving licensee 
agrees in writing to arrange for the in-transit physical protection, 
including preplanning and coordination activities.
4. Is verification of the transferee's license necessary?
    Yes, 10 CFR 37.71 requires any licensee transferring category 1 or 
category 2 quantities of radioactive material to a licensee of the NRC 
or an Agreement State to verify that the transferee's license 
authorizes the receipt of the type, form, and quantity of radioactive 
material to be transferred. Licensees that transfer material within the 
same organization do not need to verify the validity of the license 
(i.e., for companies that have licenses in several States). The 
licensee should know if its licenses are valid. For transfers of 
category 1 quantities of radioactive material, the transferring 
licensee is also required to verify that the licensee is authorized to 
receive radioactive material at the address requested for delivery. 
These verifications are conducted with the license issuing authority, 
i.e., the NRC or the appropriate Agreement State, or by using the 
license verification system. The license verification system is a new 
web-based system that NRC is developing that may be used to verify the 
validity of a license issued by either NRC or an Agreement State. The 
license verification system is currently scheduled to be operational by 
the effective date of the final rule. If it appears that the system 
will not be available in time to support the rule, the NRC will change 
the compliance date of this provision. Licensees should contact the 
appropriate NRC regional office to verify the validity of NRC 
licensees. Information on Agreement State contacts is provided on the 
NRC's Web page at http://nrc-stp.ornl.gov/asdirectory.html. If the 
license verification system is non-functional and the licensee cannot 
reach the license issuing authority, the rule does have a provision 
that allows the licensee to obtain certification from the requesting 
licensee. Licensees are required to document any method of 
verification, except for use of the license verification system. 
Licensees exporting material need to meet the requirements in 10 CFR 
part 110 for checking the documentation that the recipient has the 
necessary authorization under the laws and regulations of the importing 
country. These actions are intended to mitigate the risk that the 
material could be shipped to an unauthorized recipient.
5. Is preplanning and coordination of the shipments necessary?
    Yes, 10 CFR 37.75(a) requires preplanning and coordination of 
shipment information for shipments of category 1 quantities of 
radioactive material. The shipping licensee (licensee sending the 
licensed material) is required to coordinate the departure and arrival 
times with the receiving licensee (licensee receiving the licensed 
material). This coordination reduces the risk that theft or diversion 
of the material would go unnoticed or unreported. The licensee also 
needs to preplan and coordinate the shipment information with the 
State(s) through

[[Page 16936]]

which the shipment will pass. As part of the coordination activities, 
the licensee is required to discuss the State's intention to provide 
law enforcement escorts for the shipments and identify safe havens. 
Under the rule, safe havens are sites at which security is present or 
from which the transport crew can notify and wait for the local law 
enforcement authorities in the event of an emergency. The licensee is 
responsible for identification of the safe havens. The purpose of the 
information sharing is to ensure minimal delay of the shipment.
    For shipments of category 2 quantities of radioactive material, 10 
CFR 37.75(b) requires that the shipping licensee verify the shipment 
no-later-than arrival time and the expected arrival time with the 
receiving licensee.
    The definitions section of the final rule defines the term ``no-
later-than arrival time'' as the date and time that the shipping 
licensee and receiving licensee have established as the time at which 
an investigation will be initiated if the shipment has not arrived at 
the receiving facility. The no-later-than-arrival time may not be more 
than 6 hours after the estimated arrival time for category 2 shipments. 
Verifying that the shipment arrives on time provides the licensee with 
the means to identify and immediately report an unusual occurrence that 
could lead to the theft or diversion of the material.
6. What does the NRC consider to be a safe haven?
    A safe haven is a readily recognizable and readily accessible site 
at which security is present or from which, in the event of an 
emergency, the transport crew can notify and wait for the LLEA. The NRC 
expects safe havens to be identified and designated by the licensee.
    Licensees should use the following criteria in identifying safe 
havens for shipments: Close proximity to the route, i.e., readily 
available to the transport vehicle; security from local, State, or 
Federal assets is present or is accessible for timely response; the 
site is well lit, has adequate parking, and can be used for emergency 
repair or to wait for LLEA response on a 24-hour a day basis; and 
additional telephone facilities are available should the communications 
system of the transport vehicle not function properly. Possible safe 
haven sites include: Federal sites having significant security assets; 
secure company terminals; State weigh stations; truck stops with secure 
areas; and LLEA sites, including State police barracks.
7. Is the shipping licensee required to notify the receiving licensee 
if the no-later-than arrival time changes?
    Yes. If the no-later-than arrival time will not be met, the 
shipping licensee must inform the receiving licensee of the new no-
later-than arrival time for shipments of category 2 quantities of 
radioactive material. This provision allows licensees the ability to 
modify departure and arrival times due to unforeseen events.
8. Whom does the licensee notify when the shipment arrives?
    The receiving licensee is required to notify the shipping licensee 
when the shipment of a category 2 quantity of radioactive material 
arrives at its destination. This requirement ensures positive 
communication between the shipper and recipient. Additionally, this 
requirement ensures that the shipper does not unnecessarily start an 
investigation because they are not sure that the shipment has arrived. 
The receiving licensee must notify the shipping licensee if the 
shipment has not arrived by the no-later-than arrival time. This 
notification is the trigger to initiate an investigation into where the 
package is located.
9. What does the term state mean in the requirements?
    As used in the definitions section of the final rule, the term 
``State'' means the 50 States, the District of Columbia, the 
Commonwealth of Puerto Rico, the Virgin Islands, Guam, American Samoa, 
and the Commonwealth of the Northern Mariana Islands. A list of the 
contact information for the governor's designees is published annually 
in the Federal Register, most recently on October 31, 2011 (76 FR 
67229). An updated list is posted on the NRC's Web site at http://nrc-stp.ornl.gov/special/designee.pdf. Copies may also be obtained by 
contacting the Director, Division of Intergovernmental Liaison and 
Rulemaking, Office of Federal and State Materials and Environmental 
Management Programs, U.S. Nuclear Regulatory Commission, Washington, DC 
20555-0001. The NRC will work with the States to include a separate 
column.
10. What advance notifications are required?
    The final rule requires advance written notifications for shipments 
containing category 1 quantities of radioactive material. The advance 
notifications are made to the NRC (or Agreement State which then would 
notify the NRC) and to any State through which a shipment is being 
transported. The State notification is made to the governor or the 
governor's designee. The NRC shares the information with some of its 
Federal partners.
    Advance notification provides States and the NRC with knowledge of 
shipments so that in the event there is an increase in the risk of 
theft or diversion of the material, the regulator could delay or 
reroute the shipment to minimize the risk. This advance notification 
also allows States with escort requirements to engage in planning to 
support the shipment.
    Advance notifications are not required for shipments of category 2 
quantities of radioactive material, unless the shipment falls within 
the scope of 10 CFR 71.97(b).
11. What information should be included in an advance notification?
    The final rule requires that the following information be included 
in an advance notification for a category 1 shipment of radioactive 
material, if available at the time of notification: (1) The name, 
address, and telephone number of the shipper, carrier, and receiver of 
the shipment; (2) the license number of the shipper and receiver; (3) a 
description of the radioactive material contained in the shipment, 
including the radionuclides and quantity; (4) the point of origin of 
the shipment and the estimated time and date that shipment will 
commence; (5) the estimated time and date that the shipment is expected 
to enter each State along the route; (6) the estimated time and date of 
arrival of the shipment at the destination; and (7) the contact and 
telephone number for the point of contact. For the purpose of 
coordination only, the actual information in the advance notification 
would not be considered to be SGI-M. Any information that is not 
available at the time of the initial notification would be provided in 
a revised notification once the information becomes available.
12. What should a licensee do if the shipment schedule is revised or 
the shipment cancelled?
    If the category 1 shipment schedule is revised or cancelled, the 
final rule requires the shipping licensee to notify the appropriate 
States and the NRC.
13. What should a licensee do if the shipment does not arrive by the 
no-later-than arrival time?
    The final rule requires a licensee that has shipped category 2 
quantities of radioactive material to initiate an investigation for any 
shipment that has not arrived at the receiving licensee's facility by 
the designated no-later-than

[[Page 16937]]

arrival time. The no-later-than arrival time is defined as the date and 
time that the shipping licensee and receiving licensee have established 
as the time at which an investigation will be initiated if the shipment 
has not arrived at the receiving facility. The no-later-than-arrival 
time may not be longer than 6 hours after the estimated arrival time 
for a shipment of category 2 quantities of radioactive material. A no-
later-than arrival time was not included for category 1 shipments as 
the licensee is required to maintain continuous position monitoring and 
detect any unauthorized access to or removal of the material 
immediately. This would enable the shipping licensee of a category 1 
shipment to know right away if the shipment was late or experiencing 
problems.
14. When must a licensee make notification that a shipment is lost or 
missing?
    When a licensee determines that a shipment of a category 1 quantity 
of radioactive material is lost or missing, the rule requires the 
licensee to notify the LLEA in the area of the shipment's last 
confirmed location within 1 hour and then to notify the NRC's 
Operations Center. Notification to the NRC should be as prompt as 
possible, but not at the expense of causing delay or interference with 
the LLEA response to the event.
    When a licensee determines that a shipment of category 2 quantities 
of radioactive material is lost or missing, the rule requires the 
licensee to notify the NRC's Operations Center within 4 hours of such 
determination. The licensee is also required to immediately notify the 
NRC's Operations Center if, after 24 hours from its determination that 
the shipment was lost or missing, the location of the material still 
cannot be determined.
    Early notification provides for a more timely response from law 
enforcement, thereby reducing the risk of the misuse of the material.
15. Should licensees make notification that a lost or missing shipment 
has been found?
    Yes, 10 CFR 37.81(e) and (f), for category 1 shipments and category 
2 shipments, respectively, require the licensee to notify the NRC's 
Operations Center when a lost or missing shipment has been located. 
This notification is considered an update on the initial notification.
    Without this notification, regulatory authorities and LLEA may 
waste resources continuing any search for the material.
16. What is a licensee required to do if there is an attempt to steal 
or divert a shipment?
    For shipments of category 1 quantities of radioactive material, a 
licensee who discovers an actual or attempted theft or diversion of a 
shipment, or any suspicious activity related to a shipment, is required 
to notify the designated LLEA along the shipment route as soon as 
possible. After notifying the LLEA, the licensee is required to notify 
the NRC's Operations Center. The NRC's Operations Center will notify 
other affected States and the agency's Federal partners. For shipments 
of category 2 quantities of radioactive material, a licensee who 
discovers an actual or attempted theft or diversion of a shipment, or 
any suspicious activity related to a shipment, is required to notify 
the NRC's Operations Center as soon as possible. These security 
measures enhance the likelihood that the material will be successfully 
protected or recovered and allows for early warning of other possible 
victims of a simultaneous attempt to divert material from multiple 
locations.
17. What types of procedures are necessary for shipping category 1 
quantities of radioactive material?
    Licensees shipping category 1 quantities of radioactive material by 
road are required to ensure that normal and contingency procedures are 
developed to cover notifications; communication protocols; loss of 
communication; and response to an actual or attempted theft or 
diversion of a shipment, or any suspicious activity related to a 
shipment. The licensees are required to ensure that drivers, 
accompanying personnel, railroad personnel, and movement control center 
personnel have access to the normal and contingency procedures. 
Procedures provide reasonable assurance that these individuals are 
prepared for most situations and are able to act without delay to 
prevent the theft or diversion of shipments.
18. What should be included in the communication protocols?
    The final rule requires that the communication protocols include a 
strategy for the use of authentication and duress codes and provisions 
for refueling or other stops, detours, and locations where 
communication is expected to be temporarily lost.
19. What are the physical protection requirements for road shipments of 
category 1 quantities of radioactive material?
    The final rule requires that any licensee that ships category 1 
quantities of radioactive material by road either establish or use a 
carrier that has established, movement control centers that maintain 
position information from a location remote from the activity of the 
transport vehicle or trailer. The control centers are required to 
monitor shipments on a continuous and active monitoring basis (24 hours 
a day, 7 days a week), and have the ability to communicate immediately, 
in an emergency, with the appropriate law enforcement agencies.
    The final rule requires that the licensee ensure that redundant 
communications are in place that would allow the transport to contact 
an escort vehicle (if used) and the movement control center at all 
times. The redundant communication must not be subject to the same 
interference factors as the primary communication method. The same 
interference factors mean any two systems that rely on the same 
hardware or software to transmit their signal (e.g., cell tower or 
proprietary network).
    Redundant communications provide drivers with the means to 
immediately report an unusual occurrence that could lead to the theft 
or diversion of the material. Early notification would permit a more 
timely response from law enforcement, thereby, reducing the risk of the 
misuse of the material.
    The final rule also requires that the licensee ensure that category 
1 shipments are continuously and actively monitored by a telemetric 
position monitoring system or an alternative tracking system reporting 
to a movement control center. The movement control center is required 
to provide positive confirmation of the location, status, and control 
over the shipment and be prepared to implement preplanned procedures in 
response to deviations from the authorized route or to a notification 
of actual or attempted theft or diversion or suspicious activities 
related to the theft, loss, or diversion of a shipment. These 
procedures include the identification of, and contact information for, 
the appropriate LLEA along the shipment route.
    A telemetric position monitoring system is a data transfer system 
that captures information by instrumentation and/or measuring devices 
about the location and status of a transport vehicle or package between 
the departure and

[[Page 16938]]

destination locations. The gathering of this information permits remote 
monitoring and reporting of the location of a transport vehicle or 
package. GPS and radiofrequency identification (RFID) are examples of 
telemetric position monitoring systems.
    If the driving time period is greater than the maximum number of 
allowable hours of service in a 24-hour duty day as established by the 
DOT Federal Motor Carrier Safety Administration, the final rule 
requires that the licensee ensure that an accompanying individual is 
provided for the entire shipment. The accompanying individual may be 
another driver. This security measure provides reasonable assurance 
that the material will be protected from theft or diversion when it is 
stationary, as well as in emergency situations where it becomes 
necessary for the driver to stop or leave the vehicle.
20. Is GPS required?
    No, GPS is not required. For category 1 material, the NRC requires 
continuous and active monitoring for shipments. Continuous and active 
monitoring means that at any time while the shipment is enroute, the 
licensee must be knowledgeable of the shipment's whereabouts. Not 
specifying a particular technology provides licensees with flexibility 
to design a continuous and active monitoring system that meets their 
unique circumstances. However, GPS is considered an acceptable method 
of continuous and active monitoring.
21. What are the physical protection requirements for rail shipments of 
category 1 quantities of radioactive material?
    The final rule requires each licensee that ships category 1 
quantities of radioactive material by rail to ensure that rail 
shipments are monitored by a telemetric position monitoring system or 
an alternative tracking system reporting to a licensee, third party, or 
railroad communications center which meets certain criteria. The 
communications center needs to provide positive confirmation of the 
location of the shipment and its status. Rail shipment tracking 
provides the means for a communications center to immediately report an 
unusual occurrence that could lead to the theft or diversion of the 
material. Early notification provides for a more timely response from 
LLEAs, thereby reducing the risk of the misuse of the material.
22. What are the physical protection requirements for shipments of 
category 2 quantities of radioactive material?
    The final rule requires that a licensee shipping category 2 
quantities of radioactive material by road maintain constant control 
and/or surveillance during transit and have the capability for 
immediate communication to summon appropriate response or assistance. 
In the case of the licensee using a common carrier, the final rule 
requires that licensees use a carrier that has an established package 
tracking system. An established package tracking system means a 
documented, proven, and reliable system routinely used to transport 
objects of value. The package tracking system must allow the shipper or 
transporter to identify when and where the package was last and when it 
should arrive at the next point of control. The licensee is required to 
use a carrier that maintains constant control and surveillance during 
transit and has the capability for immediate communication to summon 
appropriate response or assistance. The carrier must also require an 
authorized signature prior to releasing the package for delivery or 
return.
    In general, the licensee must be able to contact the shipping 
carrier and determine the approximate location of the shipment. Package 
tracking systems, such as common overnight delivery service with 
standard tracking, are acceptable. These requirements mitigate with 
reasonable assurance the risk of loss, theft, or diversion of the 
material.
23. How long do records related to a shipment need to be maintained?
    Licensees are required to retain records for 3 years.
24. How is the public protected from loss, theft, or diversion of these 
shipments?
    Regulating transport of radioactive material is a joint 
responsibility of the NRC and DOT. The quantities of radioactive 
materials being considered as part of this rulemaking are transported 
in packages (casks) that meet rigorous NRC and DOT safety standards. 
The NRC fact sheet on transportation of radioactive materials can be 
found at: http://www.nrc.gov/reading-rm/doc-collections/fact-sheets/transport-spenfuel-radiomats-bg.html.
    The carrier transporting radioactive material must also meet DOT's 
requirements for shipment of the radioactive material. A link to DOT's 
Web site is provided on the NRC's Web site at: http://www.nrc.gov/materials/transportation.html.
25. What are the requirements for small quantities or irradiated 
reactor fuel?
    The final rule adds a new Sec.  73.35 to 10 CFR part 73, which 
provides that the requirements for shipments of irradiated reactor fuel 
weighing 100 g (0.22 lb) or less in net weight of irradiated fuel, 
exclusive of cladding or other structural or packaging material, which 
has a total external radiation dose rate in excess of 1 Gray (100 rad) 
per hour at a distance of 1 m (3.3 ft) from any accessible surface 
without intervening shielding. The requirements are the same as the 
requirements for shipments of category 1 quantities of radioactive 
material.
26. What means of transportation are not addressed in this rule?
    The rule does not address air or water transport. Transport of 
radioactive material within airports and by air is regulated by the 
Federal Aviation Administration. Transport of radioactive material 
within ports and by waterway is regulated by the U.S. Coast Guard.
    The rule also does not address transshipments of category 1 or 
category 2 quantities of radioactive material through the United 
States. Transshipments are shipments that are originated by a foreign 
company in one country, pass through the United States, and then 
continue on to a company in another country. Transshipments are 
regulated by DOT and DHS.
    Finally, this rulemaking does not address transport of spent fuel, 
except irradiated reactor fuel weighing 100 g (0.22 lb) or less in net 
weight of irradiated fuel, exclusive of cladding or other structural or 
packaging material, which has a total external radiation dose rate in 
excess of 1 Gray (100 rad) per hour at a distance of 1 m (3.3 ft) from 
any accessible surface without intervening shielding.

III. Summary and Analysis of Public Comments on the Proposed Rule

    The proposed rule was published on June 15, 2010 (75 FR 33902), for 
a 120-day public comment period that ended on October 13, 2010. After 
receiving several requests to extend the comment period, the NRC 
published an extension notice on October 8, 2010 (75 FR 62330), that 
extended the public comment period until January 18, 2011. The NRC 
received comments from 110 organizations and individuals. The 
commenters on the proposed rule included States, licensees, industry 
organizations, individuals, and a Federal agency.
    In general, there was a range of stakeholder views concerning the 
rulemaking, supporting some aspects of

[[Page 16939]]

the rulemaking, others opposing some aspects of the rulemaking. Some 
commenters described the new requirements as going beyond the order 
requirements. It is important to note that the Commission never 
intended to just place the orders into the regulations to make them 
generically applicable. The Commission always intended to consider 
insights gained from implementation of the orders and any lessons 
learned during implementation. In addition, the Commission considered 
recommendations from the Independent Review Panel and the Materials 
Working Group, as well as a petition filed by the State of Washington.
    The comments and responses have been grouped into five areas: 
General, access authorization program, security during use, 
transportation security, and miscellaneous. To the extent possible, all 
of the comments on a particular subject are grouped together. The 
Commission specifically requested input on eight subjects: (1) 
Fingerprinting of the reviewing official; (2) background investigation 
elements; (3) protection of information; (4) LLEA notification at 
temporary jobsites; (5) reporting requirements; (6) disabling vehicle 
exemption; (7) license verification; and (8) monitoring plans for 
railroad classification yard. These eight subjects are addressed within 
the appropriate area grouping. A discussion of the comments and the 
NRC's responses follow.

A. General

    Comment A1: One commenter stated that the definition for access 
control should be expanded to include persons with access to SGI, as 
such individuals are subject to the requirements in Sec.  37.21(c).
    Response: The NRC disagrees with the comment. A licensee may 
include the SGI component in its access authorization program, but it 
is not required to include SGI. The requirements for SGI are contained 
in 10 CFR part 73, and the licensee can choose to use the same 
reviewing official and process or may use a different reviewing 
official and process. If a licensee chooses to include SGI in its 
access authorization program under 10 CFR part 37, it will meet the 
requirements of 10 CFR part 73.
    Comment A2: One commenter noted that the definition for aggregated 
was unclear. Another commenter suggested including unsealed sources and 
bulk material in this definition. Commenters recommended either 
clarifying ``multiple sources of bulk material'' or giving it its own 
definition. A commenter noted it was unclear if the term bulk material 
aligns with DOT terminology for bulk packaging.
    Response: The NRC agrees that the definition could be confusing and 
has revised the definition to make it clear that radioactive material 
in any form should be included. The definition is not related to DOT. 
The intent was to include all material, whether it was in the form of a 
source (sealed or unsealed) or was contained in a container of some 
sort, such as feed material, that might be used to create a source.
    Comment A3: One commenter noted that the term ``Aggregated'' uses 
the term ``sealed source'' in its definition and that ``sealed source'' 
should be defined in 10 CFR part 37 as the use lacks clarity and safety 
significance. The commenter stated that the definition for sealed 
source should also be revised in 10 CFR parts 30 and 70. The commenter 
provided a suggested definition for ``sealed source'' as follows: 
``Sealed source means any radioactive material contained to minimize 
the spread of contamination in accordance with the presentation made in 
a Sealed Source and Device Registry certificate issued by the U.S. 
Nuclear Regulatory Commission, an Agreement State or the International 
Atomic Energy Agency.''
    Response: The NRC disagrees with the comment. The term ``sealed 
source'' has been in the regulations for a long time and the NRC is not 
aware of any issues that have arisen due to a lack of clarity or safety 
significance. The term does not need to also be defined in 10 CFR part 
37 as it is defined in the parts under which a sealed source would be 
licensed. Changing the definition of sealed source in 10 CFR parts 30 
and 70 is beyond the scope of this rulemaking.
    Comment A4: One commenter requested that the definition of 
``Escorted Access'' be revised to delete the term ``line-of-sight'' as 
it is too prescriptive and creates compliance issues should someone 
``look away'' or stand in an area of the security zone where the 
escorted individual's view may be blocked by some object or equipment 
in the zone. The commenter noted that surveillance can also be 
accomplished by remote video monitoring. Two commenters suggested that 
the term escorted access should be revised to allow for video 
surveillance. The commenters noted that, although the definition was a 
straightforward, easy way to define escorting, certain video 
surveillance systems provide improved security and should be allowed. 
The commenters suggested revising the definition as follows: ``Escorted 
access means that the actions of the individual are observed 100% of 
the time while they are in the security zone.''
    Response: The NRC agrees with the comment in part. The NRC has 
removed the term ``line-of-sight surveillance'' from the definition and 
changed it to ``direct continuous visual surveillance.'' The revised 
definition will provide greater flexibility for the licensee. The 
definition of escorted access was not intended to eliminate a 
licensee's use of video surveillance. Video surveillance is appropriate 
in some, but not all cases. For example, video surveillance of patients 
during a treatment would be appropriate.
    Comment A5: One commenter requested that the definition of license 
be revised as follows: ``License, except where otherwise specified, 
means a license for byproduct material issued pursuant to the 
regulations in 10 CFR parts 30 through 36 and 39 of this chapter or a 
permit issued by a master materials licensee.''
    Response: The NRC disagrees that the definition for license should 
be revised. The definition used in 10 CFR part 37 is identical to the 
definition used in 10 CFR part 30. No license will be issued under 10 
CFR part 37.
    Comment A6: One commenter requested that the definition of license 
issuing authority be revised to include a master materials licensee 
(MML) as the MML issues individual permits.
    Response: The NRC disagrees with the comment. An MML is not 
equivalent to an Agreement State and does not issue licenses. The MML 
does authorize individual permits for specific locations, but cannot 
authorize beyond what is specified on the MML license.
    Comment A7: Several commenters requested that the definition of 
LLEAs be revised by removing the requirement that the agency be a 
government entity and to broaden the definition to include private 
security forces that possess the authority to carry firearms and make 
arrests. Commenters felt that the definition was confusing and was not 
clear whether university police could be considered an LLEA under the 
definition. One of the commenters noted that some university police 
departments serve as the LLEA and are a fully badged and sworn police 
force with the authority to make arrests and provide armed response. 
Some of the commenters suggested revised rule language to clarify the 
definition.
    Response: The NRC agrees with the commenters and has revised the 
definition of LLEA as follows: ``Local law enforcement agency (LLEA) 
means a public or private organization that has been approved by a 
federal, state, or local government to carry firearms and

[[Page 16940]]

make arrests, and is authorized and has the capability to provide an 
armed response in the jurisdiction where the licensed category 1 or 
category 2 quantity of radioactive material is used, stored, or 
transported.''
    Comment A8: Five commenters suggested revising the definition of 
``Lost or missing licensed material.'' Commenters indicated that the 
definition contains subjective terms that make compliance with the 
reporting criteria difficult. Two commenters recommended removing 
``readily'' from the definition as it is too subjective and could lead 
to inadvertent noncompliance. One commenter recommended linking the 
definition for lost or missing licensed material with the no-later-than 
arrival time definition and providing a specific criterion in regards 
to time to locate material in transit. The commenter suggested the 
following definition: ``Lost or missing licensed material'' means 
licensed material whose location is unknown. It includes material that 
has been shipped but has not reached its destination and whose 
whereabouts have not been traced in the transportation system within 8 
hours past the scheduled no-later-than arrival time.'' The commenter 
noted that compliance and enforcement of the reporting criteria 
established in Sec.  37.81 is difficult and that an 8-hour 
investigation period seems reasonable. Another commenter noted that it 
typically gives the carrier 24 hours to trace within their 
transportation cycle, before the package is declared as lost or 
missing, and that anything less than the 24 hours does not allow 
sufficient time for the carrier to do a complete document and tracking 
search and/or a physical search at potential locations. The commenter 
noted that to declare the package as lost or missing before that will 
result in many false positives, as 99.99% of the time the package is 
located within the 24-hour window.
    Response: The NRC disagrees with the comment. The term ``lost and 
missing licensed material'' has been in part 20 for some time, and the 
definition in 10 CFR part 37 is identical. It would be confusing to 
have different definitions for the same term and concept in the 
regulations and licensees would still need to meet the 10 CFR part 20 
reporting requirements. A change to 10 CFR part 20 is beyond the scope 
of this rulemaking. The NRC will provide additional information on the 
security-specific meaning of ``lost or missing'' in the 10 CFR part 37 
guidance document.
    Comment A9: One commenter stated that the definition for reviewing 
official should include a trustworthiness and reliability determination 
of an individual who has access to SGI-M.
    Response: The NRC disagrees with the comment. A licensee may use 
the same reviewing official for trustworthiness and reliability 
determinations for both unescorted access and access to SGI. However, 
the licensee is not required to use the same reviewing official. 
Determining access for SGI can be a separate program.
    Comment A10: One commenter stated that the definition for 
``sabotage'' should include a definition of ``security system'' that is 
referenced in the definition.
    Response: The NRC disagrees with the comment. Security system does 
not need to be defined in the definition of Sabotage. The security 
system will be different for each licensee as it is the system that a 
licensee uses to protect its category 1 and category 2 quantities of 
radioactive material.
    Comment A11: Two commenters suggested modifications to the 
definition for safe haven. Another commenter noted that the provision 
cannot be implemented. The commenter noted that based on discussions 
with military and other Federal institutions, material shipments could 
not be diverted to them under any circumstances. The commenter 
suggested that safe havens be contacted, confirmed, and identified. The 
commenter noted that the licensee and carrier are capable of 
determining safe havens along the route and that past experience has 
shown that requesting a State to identify safe havens has been 
fruitless. Two commenters suggested that the NRC work with the States 
to identify potential safe havens and publish a list with the final 
rule. One commenter noted that a licensee does not need to work with 
the State to identify safe havens. Two commenters noted that the term 
``safe haven'' is loosely defined by various agencies and States, and 
that States do not recognize, identify, or acknowledge that they have 
such sites. Two commenters noted that DOT removed the term from its 
regulations because it could not be implemented.
    Response: The definition for safe haven has been retained in the 
final rule. Licensees, not States, are responsible for identifying safe 
havens. Identification of safe havens has been in the regulations for 
spent fuel transportation for a number of years and was included in the 
RAMQC Orders for transport of category 1 shipments, so it is not a new 
concept. If a licensee is having trouble identifying safe havens along 
a route, it may discuss possible locations with the NRC, State police, 
or the State's designated contact (usually State police).
    Comment A12: One commenter (a State) noted that the definition for 
temporary job site has a compatibility of Level B, which requires 
identical wording. The commenter noted that this definition does not 
meet its definition which is much more restrictive in that it limits 
the amount of time radioactive material can be used at a temporary job 
site. The commenter stated that there should not be two different 
definitions for the same word listed in different parts of the 
regulations. Another commenter stated that the temporary job site 
definition would be more appropriate with a designation of C instead of 
B as it would allow States to be more restrictive.
    Response: The NRC agrees with the comment in part and disagrees in 
part. The NRC tries to use the same definition for terms that are used 
in more than one part of the regulations. However, there are terms that 
have different meanings depending on the use. Temporary job site is 
defined in both 10 CFR part 34 and part 39 with definitions that are 
specific to the part. Since activities that are covered by both 10 CFR 
part 34 (radiography) and part 39 (well logging) may also be subject to 
10 CFR part 37 security provisions, the NRC extracted the common 
elements of the definitions for use in 10 CFR part 37. However, the 
requirements related to temporary job sites have been removed from 10 
CFR part 37, and the term is no longer defined in the rule.
    Comment A13: Three commenters suggested revising the definition of 
``Trustworthiness and reliability.'' One commenter stated that the 
definition is vague and subjective and that use of subjective terms in 
the definition such as ``dependable'' and ``unreasonable'' makes it 
impossible to apply. The commenter noted that a licensee cannot ensure 
that individuals are trustworthy and reliable and as such do not 
constitute an unreasonable risk to public health and safety. The 
commenter requested that concrete and nonsubjective criteria be 
provided. Another commenter requested that the definition be revised by 
adding ``or as provided for in Sec.  37.29'' to the end of the 
definition. One commenter stated that the definition should be modified 
to include characteristics required by individuals having access to 
SGI-M.
    Response: The NRC disagrees with the comment. The NRC does not 
believe that these terms make it impossible for licensees to determine 
trustworthiness and reliability. The concepts of dependable and 
unreasonable were also contained in the orders. The

[[Page 16941]]

determination is performance based and provides licensees the 
flexibility to develop programs and criteria that they are comfortable 
with. The definition in 10 CFR part 37 is consistent with the 
definition of the term in 10 CFR part 73. The NRC does not believe that 
it is necessary to add provisions that include access to SGI. Access to 
SGI is covered by 10 CFR part 73. While a licensee may use the same 
access authorization program for determinations for access to SGI, the 
licensee may have a separate program.
    Comment A14: One commenter suggested maintaining the current 
interpretation for unescorted access that an individual having 
unescorted access to several less than category 2 quantity sources 
which are secured behind their own physical barrier would not require 
inclusion in the trustworthiness and reliability determination program. 
The commenter noted that the rule defines unescorted access to include 
individuals who have access to sufficient quantities of radioactive 
materials such that the individual could successfully accumulate lesser 
quantities of material into a category 1 or category 2 quantity. The 
commenter noted that this is a significant change and would result in a 
big increase in the number of individuals who will need background 
checks completed or require very complex source handling procedures to 
prevent the ability to aggregate sources. One commenter noted that the 
examples provided in the Statements of Consideration did not appear to 
apply to an individual with access to multiple licensee facilities 
listed on the same license or multiple separate licenses by the same 
organization. The commenter noted that these persons could aggregate 
materials just as easily as if they were at a single location under one 
license, but the security rules would not apply to them. One commenter 
stated that the NRC should reevaluate the need to include accumulation 
considerations for access authorization control.
    Response: The NRC has reevaluated the requirement and has revised 
the definition for Unescorted access. All provisions of the rule now 
only apply to licensees that possess an aggregated quantity of 
radioactive material that equals or exceeds the category 2 threshold. 
The term aggregated contains the concept of co-location and breach of a 
barrier.
    Comment A15: One commenter requested that the NRC add a definition 
for master material license to 10 CFR part 37.
    Response: The NRC disagrees with the comment. Master material 
license is not specifically mentioned anywhere in the regulations, and 
the NRC does not believe that there is a need to mention it in 10 CFR 
part 37 as licenses are not issued under 10 CFR part 37.
    Comment A16: One commenter suggested including a definition for 
security plan at least to the extent that `security plan' is meant to 
encompass a description of a licensee's background investigation 
process, access control program, and physical protection measures with 
those specific features as identified elsewhere in the part.
    Response: The NRC disagrees with the comment and does not believe 
that a definition of security plan is necessary. Section 37.43(a) 
contains the purpose of the security plan and specifies in general 
terms what must be included in the security plan. A definition would 
not add further to the understanding.
    Comment A17: One commenter suggested that a limited exemption be 
provided to licensees who consistently meet the requirements imposed by 
the orders. The commenter noted that the NRC could establish criteria 
for the assessment of licensee's security programs and if the program 
was deemed inadequate, corrective action could be initiated.
    Response: The NRC disagrees with the comment. The NRC believes that 
the requirements in 10 CFR part 37 are necessary to ensure adequate 
protection of category 1 and category 2 quantities of radioactive 
material. A licensee can always ask for relief from a particular 
measure and if the NRC agrees that adequate basis exists and that it is 
protective of public health and safety, it can grant the request.
    Comment A18: One commenter, while supporting the decision to limit 
the rule to category 1 and category 2 sources, noted that not all 
category 2 sources are realistically in danger of being tampered with, 
particularly in large medical facilities with exhaustive security 
controls in place. The commenter noted that if a large medical 
facility's security measures are breached, sealed sources in medical 
devices are generally not readily accessible even by technicians with 
highly specialized skills and tools. Two commenters suggested exempting 
medical and research facilities from all of the 10 CFR part 37 
requirements except for the security program or security plan. The 
commenters noted that the public pays for and benefits from medical and 
research use of these sources, and as such, should have a higher 
acceptable risk. The commenters noted that this is similar to the basic 
premise behind the patient release criteria in 10 CFR part 35 (Sec.  
35.75), generally licensed sources, tritium exit signs, and smoke 
detectors, where the public can have a higher acceptable risk for the 
benefits which the materials bring them.
    Response: The NRC disagrees with the comment. The category 1 and 
category 2 quantities of radioactive material possessed by a medical 
facility present the same risk as category 1 and category 2 quantities 
of radioactive material possessed by other licensees. Almost any user 
could argue that its use benefits society in some manner. The 
comparison to generally-licensed sources is not applicable, as 
generally licensed sources contain less than category 2 quantities of 
radioactive material and are considered safe for use without additional 
measures.
    Comment A19: One commenter expressed concern that the source 
aggregation changes could cause additional medical facilities to come 
under the rule. The commenter was opposed to the rule applying to any 
facilities beyond those under the orders.
    Response: The application of the source aggregation criteria has 
not changed from the orders. The concept of co-location and breaching 
of a common physical barrier are still factors. While the rule may 
apply to licensees that were not subject to a particular order, the 
licensee would only be subject to the requirements if it aggregates the 
material. Some licensees that have an aggregated category 1 quantity 
may have only been subject to the Increased Control Orders and would 
now be subject to some additional requirements under the rule that 
apply to all licensees that possess a category 1 quantity of 
radioactive material.
    Comment A20: Several commenters expressed concern about the 
extension of applicability for the proposed rule beyond byproduct 
material licensees to power reactor, research and test reactor, and 
fuel cycle licensees. Commenters noted that extending the requirements 
to large component or radioactive material storage facilities located 
on power reactor plant sites appears unwarranted. Commenters 
recommended limiting the applicability to exclude material that meet a 
criterion for a specific activity, surface contaminated objects, bulk 
packages with mass exceeding 100 pounds or limit aggregating material 
to a small number (fewer than 10) of discrete sources, and areas where 
a large number of packages containing low concentrations of 
radionuclides of interest are stored over a very large area, because 
they believe the risk is low and should not present a security concern. 
Commenters recommended that an appropriate threshold be developed that

[[Page 16942]]

exempts large volume or weight of a single item or of the aggregated 
quantity such that exemption requests are not necessary and the 
security provisions of 10 CFR part 37 would not apply. Commenters noted 
that such materials are typically either of such large mass or volume, 
or of such a diffuse constitution, that they should be considered low 
risk for any malevolent purpose. Commenters noted that the industry is 
concerned that casting a wide net will present a situation whereby 
certain categories of facilities are regulated through exemptions.
    One commenter suggested that NRC should consider using dose rates 
at 1 meter relative to the Appendix I definitions in IAEA TECDOC-1344 
for other than sealed sources as an alternative. The commenter noted 
that the IAEA document acknowledges that the categorization system may 
not be appropriate for waste management. The commenter noted that 
tables in the document are based primarily on discrete sealed sources 
of very high specific activity and do not apply to packages in 
transport. The commenter further noted that IAEA also recommends 100 
rads (1 Gy) to bone marrow in 100 hours at 1 meter from sources that 
cannot be carried as the threshold for a ``dangerous'' source. With a 
category 2 source threshold at 10 x D, this also provides a practical 
justification for exempting low specific activity (LSA) materials, as 
they are restricted to dose rates of 1 rem/h at 3 meters. Using very 
restrictive point source consideration (i.e., an inverse square 
relationship), LSA materials cannot result in dose rates exceeding 10 
rads/h at 1 meter. The other deterministic considerations presented in 
the TECDOC are similarly bounded by the low specific activity of such 
wastes.
    Commenters noted that there is a distinct difference between a 
given amount of activity confined in a relatively small sealed source 
and the same quantity dispersed around a large site in numerous 
containers, none of which individually contains activity approaching a 
category 2 amount. Commenters noted that low specific activity 
material, objects with low levels of surface contamination, or numerous 
small sources would not be attractive for theft or sabotage because of 
the disperse nature of the radioactivity. One commenter noted that this 
is recognized in the transportation arena that allows use of industrial 
packages for low specific activity and surface contaminated materials 
versus more robust Type A or Type B packages for shipping higher 
activity materials.
    Commenters noted that the packaging of the source is relevant to 
potential theft and diversion. Commenters indicated that a quantity of 
material where the total activity exceeds a category 2 level but is 
dispersed in contaminated metal and other material within one or more 
large concrete and/or steel containers presents a different hazard than 
the same amount in a relatively small unshielded source. Commenters 
noted that large and heavy containers are difficult to move and steal 
without detection and that the containers themselves are self-
protecting from a sabotage point of view. The commenter noted that this 
is important for licensees engaged in decommissioning, processing, and 
shipping of bulk waste material. Commenters noted that the volume and 
mass required for a category 2 quantity of material renders theft an 
incredible scenario and that damaging and dispersing a category 2 
quantity of material such that deterministic effects result from 
internal or external exposures are not credible.
    Commenters provided examples of: (1) A commercial waste processor 
that could have several thousand packages in a common storage area, 
each containing waste forms of relatively low specific activity and 
each with a mass of several hundred to several thousand pounds and (2) 
a radioactive waste disposal facility that has a 60-car train of 
radioactive waste within its controlled area.
    Response: The NRC agrees with the comment in part. The NRC has 
determined that it is appropriate to include a partial exemption in the 
regulation instead of treating exemptions requests on a case-by-case 
basis. Paragraph (c) has been added to Sec.  37.11 to address 
radioactive waste materials. The provision does require that some 
security measures be applied to the waste, but the majority of the 10 
CFR part 37 requirements would not apply. Measures include the use of 
continuous physical barriers, alarmed locked gates or doors, and 
assessment and response of unauthorized entry. The provision does not 
include the use of dose rates, but would cover much of the low specific 
activity waste addressed by the comment.
    Comment A21: One commenter felt that the proposed requirements 
should not apply to holders of category 2 sources, particularly since 
the new requirements would not apply to the transshipment of category 1 
and category 2 sources. The commenter noted that if the Juarez, Goiana 
and Mayapuri radioactive material dispersal incidents all occurred in 
the United States, in a single year, the annualized risk of premature 
death would be a small fraction of the 1E-6 probability frequently used 
in establishing regulatory requirements.
    Response: The NRC disagrees with the comment that the security 
provisions should not apply to category 2 sources. The Commission has 
determined that category 2 sources are risk significant and, therefore, 
warrant additional security measures. The NRC does not regulate 
transshipments.
    Comment A22: One commenter noted that the scope suggests that 10 
CFR part 37 applies to any person who is authorized to possess or use 
category 1 or category 2 quantities of radioactive material at any site 
or contiguous sites subject to the control by the licensee. The 
commenter pointed out that when radioactive material is used at 
temporary job sites, the licensee will be in control of the quantities 
of radioactive material, but may not necessarily be in control of the 
sites. The commenter also noted that the scope does not indicate that 
this applies to persons who have access to SGI-M and implies it only 
applies to those authorized.
    Response: The NRC agrees that the language may be confusing as it 
applies to temporary job sites and has revised the scope to clarify the 
intent. The requirements of 10 CFR part 37 do not apply to SGI-M. 
However, some of the security information developed under 10 CFR part 
37 would be considered SGI-M and needs to be protected in accordance 
with 10 CFR part 73. The requirements for SGI-M are contained in 
Sec. Sec.  73.21 and 73.23.
    Comment A23: One commenter stated that the exemption provided in 
Sec.  37.11(b) for facilities with 10 CFR part 73 security plans should 
be retained but offered a suggested revision to clarify who has 
inspection/security oversight. The commenter noted that it would be a 
significant paperwork task to keep records showing compliance with both 
sets of controls without a real increase in the security of either 
material. The commenter also noted that it would be an added inspection 
burden if the program required separate inspections by an Agreement 
State and the NRC. The commenter suggested adding a sentence at the end 
of the paragraph: ``Although the NRC maintains primary oversight of 
these facilities, inspection by Agreement State representatives is 
permitted.''
    Response: The NRC is retaining the exemption for licensees that 
possess the category 1 or category 2 quantities of radioactive material 
under an NRC license. For those licensees located in

[[Page 16943]]

non-Agreement States, the licensee can choose if it wants to protect 
the material under the security plan required by 10 CFR part 73 and 
approved by the NRC or protect the material under a 10 CFR part 37 
security plan. If the material is protected under a 10 CFR part 73 
security plan, the licensee's records should note that the material is 
protected under a 10 CFR part 73 security plan. Any inspection would be 
against the security plan under which the material is protected. For 
licensees that are located in an Agreement State and possess category 1 
or category 2 quantities of radioactive material under an NRC license, 
the licensee can choose whether to protect the material under the 10 
CFR part 37 or the required and approved 10 CFR part 73 security plan. 
For licensees that possess the category 1 or category 2 quantities of 
radioactive material under an Agreement State license, it will be up to 
the Agreement State to decide if it will allow the licensee to protect 
the material under an NRC-required and approved 10 CFR part 73 security 
plan. The licensee would want to discuss this with its State regulator. 
Agreement States are not required to adopt the provision on exemptions 
in Sec.  37.11(b) as a matter of compatibility. As for adding a 
provision to allow State personnel to inspect, the NRC disagrees with 
the comment. A new provision is not necessary to allow an Agreement 
State to inspect against a license that it has issued.
    Comment A24: One commenter stated that the NRC should not 
promulgate the rule for licensees currently under NRC 274i Security and 
Fingerprinting Orders specified in EA-08-225 issued August 29, 2008. 
The commenter noted that these licensees are few in number, and the NRC 
should continue to regulate them under the existing orders. The 
commenter noted that this should include possession of certain isotopes 
greater than category 1. The commenter suggested new paragraphs for 
Sec.  30.34 as follows: ``30.34(m) Security requirements for licenses 
who possess an individual source less than category 1 but greater than 
or equal to category 2 of the isotopes listed in Appendix E to 10 CFR 
part 20--Nationally Tracked Sources Thresholds. Licensees or applicants 
must submit to NRC for review and approval of information to comply 
with the requirements and time frames specified in NRC Order EA-07-305 
dated December 5, 2007, and its attachments titled ``Table 1 
Radionuclide of Concern and Attachment 3 Specific Requirements 
Pertaining to Fingerprinting and Criminal Records Checks'' which are 
incorporated by reference (or listed in a new Appendix F of 10 CFR part 
30). This rule is in addition to any other requirements specified in 
applicable 10 CFR parts.'' and ``30.34(n) Licensees must notify NRC of 
their intention to possess an individual source greater than category 1 
of the isotopes listed in Appendix E to 10 CFR part 20--Nationally 
Tracked Sources Thresholds.''
    Two commenters stated that the authority to regulate the physical 
protection of category 1 and 2 quantities of material in transit 
(subpart D) should not be relinquished to the Agreement States. The 
commenter noted that while the adequacy and compatibility requirements 
of Agreement State programs would require the Agreement State 
regulations to be ``essentially identical'' to those contained in 
subpart D, there are several instances where Agreement State 
regulations include requirements in addition to those found in the 
analogous NRC regulations. The commenter noted that Agreement State 
regulations that go beyond those contained in subpart D could hinder 
interstate commerce and result in additional burden and expense to the 
licensees. Another commenter stated that there is value to Federal 
preemption in regulating the transportation security of category 1 and 
category 2 quantities of radioactive material as this would ensure 
uniformity of the administration of the requirements. One commenter 
suggested that the authority be transferred to DOT and not the States.
    Two commenters stated that the NRC should retain authority for the 
security of category 1 licensees under common defense and security 
unless the States are given authority to regulate all aspects of 
category 1 sources. The commenters noted that the rule does not give 
the States authority to regulate the safeguards information and, 
therefore, the regulatory authority would be split. Commenters 
suggested removing the SGI designation. One commenter noted that under 
Supplementary Information Item II.(A)(10), it states, ``Although the 
NRC relinquishes authority to States for certain materials, under 
section 274(m) of the AEA no such agreement will affect the authority 
of the Commission to take regulatory action to protect the common 
defense and security.'' The commenter noted that Item 11 states, ``The 
provisions put in place for the inspection of licensees that received 
the orders issued under common defense and security would remain in 
place until the State implements the requirements.'' The commenter 
stated that this contradicts Item 19 which states the NRC will not 
enter such agreement for common defense and security. The commenter 
indicated that category 1 materials must be considered under the terms 
of common defense and security and should remain under NRC jurisdiction 
for security. The commenter noted that the proposed rule states 
``licensees who activities are covered under part 73 would be exempt 
from part 37.'' The commenter stated that most of the irradiator 
requirements (SGI-M) are based in 10 CFR part 73 and therefore 
indicates that there are no category 1 licensees that are subject to 
State purview. The commenter noted that there are references to SGI-M 
in the proposed rule which further leads to the need for clarification.
    One commenter noted the drafted document appears to be inconsistent 
in this regard and that the issue of jurisdiction and responsibility 
for these licensees must be clearly made and the necessary inclusions 
and exclusions to the rules made accordingly.
    Response: The NRC disagrees with the comment. The NRC believes that 
it is appropriate for the Agreement States to regulate the physical 
protection of category 1 and category 2 quantities of radioactive 
material. Although some of the security information is considered to be 
SGI-M under 10 CFR part 73, the NRC does not believe that this prevents 
the Agreement States from regulating the security aspects for those 
facilities. While the State could not inspect the SGI provisions for 
protection of the material unless it entered into a 274i Agreement with 
the NRC, the State could inspect and enforce the provisions of 10 CFR 
part 37. The exemption provided in Sec.  37.11 was intended to only 
cover facilities that had a security plan under 10 CFR part 73 and not 
the information protection aspects. The NRC has clarified the 
exemption. See also the responses to comments A23, A46, and A47 and the 
response to question 10 in Section II.A of the Statement of 
Considerations.
    Comment A25: One commenter noted that the rule should adopt the 
entire categorization of radioactive sources from the IAEA Safety Guide 
No. RS-G-1.9--Categorization of Radioactive Sources. The commenter 
pointed out that the IAEA Safety Guide provides a more robust, risk-
based categorization of quantities than the categorization provided in 
the proposed rule as it describes five different categories that 
differentiate sources possessed by various licensees based on quantity 
as well as use. The commenter also stated that the rule should be 
limited to source quantities characterized as category 1 and category 2 
in the IAEA Safety

[[Page 16944]]

Guide. The commenter noted that the types of sources used in refineries 
and petrochemical plants are considered category 3 and according to the 
IAEA Safety Guide, the types of sources used in refineries and 
petrochemical plants present less risk than the source quantities in 
category 1 and 2.
    Response: While the NRC agrees that category 3 sources present less 
risk individually than category 2 sources, the NRC disagrees with the 
remainder of the comment. Unlike RS-G-1.9, the NRC and the IAEA Code of 
Conduct do not consider use (e.g., fixed gauges, well logging, and 
radiography) in the determination of source categorization. Regardless 
of its intended use, any category 2 quantity may pose a significant 
risk to individuals, society, and the environment. Additionally, 10 CFR 
part 37 applies not only to sources, but also to bulk material. The 
rule also addresses aggregation of radioactive material at or above the 
category 2 threshold. If several sources are stored together that 
individually are considered to be category 3 sources, but together form 
an aggregated category 2 quantity, the attractiveness of the material 
as a group would be the same as if there were only one category 2 
source. If the sources used in the refineries and petrochemical plants 
are not aggregated, 10 CFR part 37 would not apply.
    Comment A26: One commenter indicated that for facilities covered 
under the Maritime Transportation Security Act, the rule would mean 
additional burdens, redundancies and confusion. The commenter 
recommended that for facilities regulated under DHS/DOT Personnel 
Surety programs, the rule should allow a program of reciprocity to 
reduce redundancy. The commenter noted that at National Petrochemical & 
Refiners Association (NPRA) member facilities, the Radiation Safety 
Officer (RSO) and technicians have intimate contact with source holders 
and the rule would be best implemented by the RSO and technicians and 
not the entire facility population.
    Response: The NRC disagrees that the rule imposes additional 
burdens, redundancies, and confusion. The Maritime Transportation 
Security Act, which amends the Merchant Marine Act of 1936, establishes 
a program to ensure greater security for United States seaports and 
provides requirements pertaining to personnel whose duties are related 
to import and export activities at the ports. Part 37 transportation 
requirements only apply to the domestic portion of an import or export. 
For an import, the provisions would apply once the shipment clears 
customs and for exports, up to the point the shipment crosses the 
border. Holders of the TWIC do not need to undergo fingerprinting and 
the FBI criminal history records check again as Sec.  37.29 relieves 
them from the requirement. However, the individuals would need to 
undergo the remaining elements of the background investigation.
    As for the NPRA member facilities, the provisions for access 
authorization under 10 CFR part 37 would only apply if the facility 
allows unescorted access to category 1 or category 2 quantities of 
radioactive material. The licensee decides who is in charge of the 
security program as the regulations do not specify any specific 
position.
    Comment A27: One commenter asked for clarification whether the 
provisions apply to those licensees authorized to possess the material 
or those that actually possess the material. The commenter noted that 
the language discrepancy occurs throughout the rule and must be 
corrected. Another commenter asked that the requirements be spelled out 
separately to avoid confusion.
    Response: The proposed rule contained some provisions that 
pertained to licensees that were authorized to possess category 1 or 
category 2 quantities of radioactive material. The final rule contains 
provisions that apply only to those that actually possess and aggregate 
the material to a category 1 or category 2 quantity.
    Comment A28: Some commenters objected to the need to submit 
compliance information. The commenters felt that this is an unnecessary 
burden to both the licensees who have already implemented a program and 
the regulatory agency. The commenters noted that the licensees subject 
to this part have already been inspected multiple times and have 
established a compliance history, and therefore these licensees should 
be exempted from having to resubmit existing information. One commenter 
thought that the provision was vague as written and requested 
clarification that compliance with the provision would be achieved by 
submitting a letter to the NRC indicating that the licensee has 
successfully implemented the program. One commenter noted that the NRC 
must identify in the regulation what essential elements are to be 
included because placing the information in guidance is unacceptable. 
One commenter thought the provisions should be removed from the rule 
but if retained offered suggested language. One commenter stated 30 
days did not provide adequate time. Commenters noted that requiring a 
licensee to report compliance was an unnecessary burden as licensees 
are expected to comply and that the normal terms of implementation for 
rulemaking are adequate. One commenter suggested deleting Sec.  
37.41(d) as unnecessary since current implementation of the Increased 
Control Orders is an adequate basis to conclude the current licensees 
will transition to compliance with the new regulations.
    Response: The NRC agrees that the submittal of compliance 
information is not needed and has removed the requirement from the 
rule. The NRC and the Agreement States already know which licensees 
will need to implement 10 CFR part 37. A provision has been added in 
Sec.  37.41 to require a licensee that has never implemented the orders 
or 10 CFR part 37 to notify the NRC 90 days before aggregating material 
to a category 1 or category 2 quantity of radioactive material.
    Comment A29: One commenter stated that in Sec.  30.32 the wording 
implies the application must include an affirmation that the proposed 
security program meets the requirements in 10 CFR part 37. The 
commenter stated that instead the application should include a proposal 
as to how the requirements will be satisfied and be subject to 
evaluation for sufficiency. The commenter suggested the following 
language: ``(1) An application for a specific license to use, store, or 
transport category 1 or category 2 quantities of radioactive material 
must include information outlining the applicant's security program 
designed to satisfy the requirements in part 37 of this chapter.''
    Response: The NRC has reevaluated the need for the requirement and 
has decided that it is unnecessary. A new applicant will be evaluated 
on the need to implement 10 CFR part 37 as part of a prelicensing 
review and inspection. If the licensee will be aggregating the material 
to a category 1 or category 2 quantity of radioactive material, the 
licensee will be expected to implement the provisions of part 37 before 
receiving a license.
    Comment A30: One commenter noted that institutions that have 
aggregated material may require significant time to implement the 
provisions as it will require a financial investment. The commenter did 
not suggest an appropriate timeframe. Several commenters noted that 30 
days for implementation was not sufficient for the changes that need to 
be made. Two commenters suggested a 1-year effective

[[Page 16945]]

date. Commenters supported terminating the orders on the effective date 
of the rule to avoid confusion and noncompliance. One commenter stated 
that the rule should be clarified as to the compliance date and asked 
what happens if a licensee is not in compliance by that date. One 
commenter noted that it would be difficult to comply with the 30-day 
timeframe for preparing and implementing the security plan and 
implement the security program at least 90 days before it `` * * * 
aggregates radioactive material to a quantity that equals or exceeds 
the category 2 thresholds.'' The commenter further noted that work 
varies significantly from project to project and that security plans 
that are sufficiently robust to be effective also would vary 
significantly. The commenter noted that it is not possible to prepare 
or implement a project-specific security plan without knowing the 
details of the project and that frequently licensees need to mobilize 
and initiate work within a matter of a few days, which would not be 
possible if a 90-day advance notice was required.
    Response: The NRC notes that the proposed rule indicated that the 
final rule would be implemented 270 days after publication in the 
Federal Register. The 30-day timeframe was for the licensee to submit 
compliance information. The NRC has removed the requirement to submit 
the compliance information. In addition, the NRC is providing a 1-year 
implementation period for the final rule. This should allow ample time 
for licensees to implement the requirements, including the development 
of any new procedures and the conduct of necessary training. Agreement 
States will be given 3 years from publication of the final rule to 
adopt the rule provisions instead of from the effective date. This will 
still provide the States with a 3-year window to adopt the regulations.
    Comment A31: One commenter noted that its business depends on the 
ability to not co-locate or aggregate its radioactive material and that 
it manages its radioactive material through quantity control and 
physical separation of material not in use at any one time. The 
commenter noted that, if it was required to aggregate all of its 
material, which includes the standard, returned sources, sources packed 
and ready to ship, cell waste (cell sweep, dust, chips), plus isotope 
material, it would be continuously above the category 2 threshold, and 
the additional requirements would be a significant economic hardship on 
the company.
    Response: The rule does not require co-location or aggregation of 
radioactive material. If a licensee does not aggregate the material 
above a category 2 threshold, the licensee will not need to implement 
the provisions of 10 CFR part 37. The final rule only applies to those 
licensees that possess aggregated quantities at or above the category 2 
threshold.
    Comment A32: Several commenters objected to the change from a 3-
year retention period for records to a 5-year retention period. One of 
the commenters believed that the change from the standard practice 
where most documents in the industry have a mandated 3-year retention 
period is redundant and unnecessary and will add a potential for 
confusion where none need exist. One commenter questioned why there was 
a need to keep superseded portions of procedures and the security plan 
for 5 years. The commenter stated that this was an added burden and 
does not add to the security of the material or to the protection of 
the health and welfare of the general public. The commenter also 
questioned the need to keep training records for 5 years stating that 
it should be adequate for a licensee to show that it is conducting 
annual training and suggesting a 1-year retention period.
    Response: The NRC agrees with the comment on the retention period 
and has changed the record retention period for most records to 3 
years. Safety records are maintained for 3 years, and the NRC agrees 
that there is no benefit to keeping only the security records for 5 
years. There are a few licenses that have an inspection frequency of 5 
years; however, the majority of the licensees impacted by 10 CFR part 
37 have a 3-year inspection frequency. Superseded procedures and 
training records are necessary from an inspection and enforcement 
aspect.
    Comment A33: One commenter questioned how long to hold on to the 
old security plan once it is updated and how long the documentation of 
the coordination activities is to be maintained. Another commenter 
recommended changing the record retention period for the security plan 
so that the record could be destroyed 5 years after it is no longer 
needed. The commenter noted that there was no value in keeping the 
security plan once a licensee was no longer allowed to possess 
materials that would require a security plan.
    Response: Section 37.43(a)(4) specifies that the superseded 
portions of the security plan be retained for 3 years (note the 
proposed rule specified 5 years). For any record where a retention 
period is not specified, Sec.  37.103 specifies that the record be 
retained until the Commission terminates the license. The NRC has added 
a retention period of 3 years for the documentation records. The NRC 
agrees with the comment and has changed Sec.  37.43(a)(4) to indicate 
that the security plan must be retained for 3 years after it is no 
longer required.
    Comment A34: One commenter requested clarification in Sec.  37.101 
on the concept of ``safeguards against tampering with'' to preclude 
unwarranted interpretations during a regulatory inspection about the 
requirements for records. The commenter offered suggested language as 
follows: ``the licensee shall maintain adequate safeguards against 
tampering with and loss of records. The requirements in Sec.  37.43 for 
protection of information are not applicable to this section.'' Another 
commenter recommended replacing the term ``safeguard'' with ``protect'' 
in Sec.  37.101. The commenter felt that safeguard should be only used 
when referring to safeguards.
    Response: The NRC disagrees with the comment. The records provision 
in Sec.  37.101 is identical to provisions in other parts of the 
regulations. The NRC is not aware of any issues that have arisen over 
interpretation. The provisions of Sec.  37.43 would apply if the 
records were the security plan, implementing procedures, or the list of 
individuals allowed unescorted access.
    Comment A35: One commenter stated that the enforceability in 
regulations of records retention for reporting suspicious activities is 
unduly burdensome on the licensee. The commenter stated that due to the 
clandestine nature of reporting suspicious activities to LLEAs, the 
licensee may not have the LLEA's or NRC's fluid responses to these 
reports for security reasons and that ongoing investigations can 
encompass years, so the recordkeeping requirement is inconsistent and 
can be inconsistent with other recordkeeping requirements depending on 
the incident nature of the reporting.
    Response: The NRC does not understand the commenter's concern. 
There are no record retention requirements associated with reporting 
suspicious activities. The 30-day written report is not required for 
suspicious activity reporting. The licensee is required to assess the 
suspicious activities and notify the LLEA, only if the licensee 
believes it is appropriate to do so. The licensee is only required to 
notify the NRC if the LLEA is notified. The NRC acknowledges that there 
is

[[Page 16946]]

some subjectivity involved in determining what is considered to be 
suspicious.
    Comment A36: One commenter questioned who was authorized to 
authenticate reproduced records in Sec.  37.101.
    Response: ``Authorized personnel'' in Sec.  37.101 are those 
authorized by the licensee to authenticate duplicated documents.
    Comment A37: In the proposed rule, the NRC specifically requested 
comment on the reporting requirements. Commenters were requested to 
provide information on: (1) Whether the proposed rule contained the 
appropriate items and thresholds to be reported to the LLEA; (2) 
whether the proposed rule contained the appropriate items and 
thresholds to be reported to the NRC; (3) whether suspicious activities 
should be reported and if they are reported, what type of activities 
should be considered suspicious; and 4) whether the timeframe for 
reporting was appropriate. Fifteen commenters provided responses to the 
specific questions on this subject.
    Of those that provided responses to the questions on the reporting 
requirements, the majority agreed that the reportable items and 
thresholds were appropriate, and five commenters felt the items and/or 
thresholds should be changed. One of the commenters indicated that the 
NRC and/or FBI should be notified of any denial for cause of a request 
for unescorted access as this might be domestic intelligence 
information of interest to the FBI or DHS. The commenter also felt that 
the NRC/FBI should be notified of activities determined to be suspect 
by the LLEA. Three commenters stated that actual and attempted theft 
were appropriate reportable actions but that suspicious activities 
should be removed from the rule. Of the commenters that supported 
reporting of suspicious activities, no commenter offered suggestions as 
to what type of activities should be considered suspicious. A couple of 
the commenters stated that the licensee is the best judge of what type 
of activities would be considered suspicious at its facility. Other 
commenters just suggested that the NRC should provide guidance to 
assist the licensee. Most of the commenters indicated that the 
reporting timeframes were appropriate. One commenter stated that the 
timeframes did not allow for a realistic period of assessment. The 
commenter noted that classifying some of these events will be very 
subjective and some may be impossible to distinguish from events that 
are not malicious or not related to a category 1 or category 2 quantity 
of radioactive material. Another commenter stated that a specific 
timeframe should be specified instead of immediate and upon discovery. 
The commenter stated that failure to set specific time limits will 
result in delay in implementing the Federal response framework.
    In addition to those that provided responses to the specific 
questions, seven commenters addressed this subject in their comments. 
Two commenters noted that classifying some of these events will be very 
subjective and some are likely to be impossible to distinguish from 
events that are not malicious or are not related to category 1 or 
category 2 quantities of radioactive material. The commenters noted 
that reasonable persons could interpret the expectations of the NRC and 
the details of a specific event very differently. The commenters 
further noted that these events will require a period of assessment, 
and sometimes a lengthy period of assessment, to determine the nature 
of the event and that the timeframes for reporting do not anticipate a 
period of assessment. As an example the commenters provided the 
situation where a discrepancy in the inventory is discovered without 
any evidence of an ``actual theft'' (e.g., locks that have been cut), 
requiring a period of assessment to determine the nature of the event. 
Two commenters stated that the requirement for sabotage reporting 
should be removed. The commenters noted that it would not be possible 
for a licensee to determine the ``intent'' of the person causing any 
damage and whether his or her ``intent'' is malevolent. One commenter 
noted that Sec.  37.57(b) requires NRC notification when there is 
``suspicious'' activity related to ``possible'' theft, sabotage, or 
diversion. The commenter stated that it would only be appropriate to 
notify the NRC if the licensee, in conjunction with the LLEA, 
determines that there is some validity to the suspicion. The commenter 
noted that the NRC should encourage open communication between the 
licensee and LLEA, and licensees should feel free to express even minor 
concerns, uncertainties, etc. to LLEAs for their assistance without 
having to notify the NRC in each instance. One commenter agreed with 
the reporting requirement for suspicious activities but noted that it 
would be dependent on the licensee's judgment based on its 
circumstances. The commenter noted that it would be difficult to 
quantify what suspicious activity is ahead of time, and the licensee 
should not be second guessed on whether or not it made this type of 
notification. One commenter noted that suspicious activities should 
continue to be reported on a voluntary basis as it is very subjective 
and would be difficult to enforce. One commenter recommended defining 
suspicious activity. One commenter expressed concern over the 
requirement to report suspicious activities asking how it could be 
enforced as individual judgment may differ as to what constitutes a 
suspicious action. The commenter also questioned why, if the LLEA 
provides an immediate assessment and determines that the event is 
completely harmless, the NRC needs to be notified. The commenter 
suggested language for Sec.  37.57(b) to increase the clarity and to 
allow for some local interpretation. The suggested language is as 
follows: ``The licensee shall notify the LLEA upon the discovery, of 
any security-related events involving suspicious activity that may 
indicate preoperational surveillance, reconnaissance, or intelligence-
gathering activities directed against licensees, or their facilities 
related to possible theft, sabotage, or diversion of category 1 or 
category 2 quantities of radioactive material. If the event is not 
found to be harmless, the licensee should notify the NRC's Operations 
Center (301-816-5100) as soon as possible, but not later than 4 hours, 
after notifying the LLEA.''
    Response: The NRC has revised the reporting requirement to make it 
clear the licensee does not need to contact the LLEA when it has 
determined that an alarm was not the result of an attempted or actual 
theft, sabotage or diversion. The NRC does not believe that it is 
necessary for the licensee to report to the NRC the denials for 
unescorted access. The NRC has access to the information during 
inspections. The NRC has retained the reporting requirement for 
sabotage. If an individual has caused damage and placed the radioactive 
material at risk, the NRC wants to know regardless of the individual's 
intent. The NRC disagrees that it is necessary to establish a set 
timeframe for reporting attempted theft, diversion, or sabotage as the 
terminology is consistent with other similar reporting requirements. 
The NRC agrees that it is good practice to have open communication 
between the LLEA and the licensee.
    On the question of reporting suspicious activities, the NRC has 
decided to retain a requirement on suspicious activities. The reporting 
of suspicious activities is an important component of evaluating the 
threat against licensed facilities and material. The NRC reviews 
individual notifications of suspicious activities to evaluate whether 
potential

[[Page 16947]]

preoperational activities (i.e., multiple events at a single site or 
multiple events at multiple sites) may be part of a larger plan and to 
integrate this information with other agencies in the homeland security 
and intelligence communities. The NRC is not requesting that the 
licensees actively gather intelligence but rather that they report 
information they believe is relevant to the security of their facility 
or activity. The reporting requirements provide a consistent means of 
communicating this information to the NRC. The requirement has been 
revised to require the licensee to assess suspicious activities and to 
only contact the LLEA if the licensee believes it is appropriate to do 
so. The licensee is required to notify the NRC only if notifying the 
LLEA. Some suspicious actions may be successfully handled by the 
licensee without the need to involve law enforcement or the NRC. The 
NRC believes that the revision will provide the licensee more 
flexibility in determining how to address any situation that involves 
what might be considered suspicious activities. The NRC does recognize 
that what is considered to be suspicious is subjective and not all 
licensees will handle the same situation in the same way. On balance, 
the NRC believes that it will receive information on the more serious 
instances, but not the trivial instances.
    Comment A38: One commenter noted that in the absence of any 
suspicious or known mitigating factors, it has typically given the 
carrier 24 hours to trace within their transportation cycle, before the 
package is declared as lost or missing. The commenter noted that this 
has proven to be the most effective time period and that anything less 
than the 24 hours does not allow sufficient time for the carrier to do 
a complete document and tracking search and/or a physical search at 
potential locations. The commenter noted that to declare the package as 
lost or missing before that will result in many false positives, as 
99.99% of the time the package is located within the 24-hour window 
which will result in significant resources of both the regulatory 
agencies and licensees involved, trying to get useful information that 
just isn't available.
    Response: Part 37 requirements would not change this practice. The 
reporting requirement in Sec.  37.81(b) is similar to the requirement 
from the orders. The licensee is not required to notify the NRC when 
the material has not arrived by the no-later-than arrival time, rather 
it is to notify the NRC once it has been determined that the material 
is lost or missing. This allows some time for investigation before the 
first phone call to the NRC. Similar to the order requirement, the 
licensee is required to notify the NRC a second time if the material is 
still missing after 24 hours of investigating. The rule should not 
result in a change in practice and in fact gives the licensee 
additional time before starting an investigation.
    Comment A39: Several commenters requested information on how 
diversion differs from a theft as in both cases the material is removed 
and the movement is unauthorized. The commenters felt that the 
requirements for reporting diversion and suspicious activities were 
subjective and that the NRC's expectations concerning diversion and 
suspicious activities were not clear.
    Response: Diversion means the unauthorized movement of radioactive 
material subject to this part to a location different from the 
material's authorized destination inside or outside of the site at 
which the material is used or stored. As an example, a source purchased 
using a legitimate license may be shipped to an unauthorized location. 
Diversion does not require the adversary to defeat the licensee's 
physical security system. Theft is the act of taking material from a 
facility, vehicle, or temporary job site and requires the adversary to 
defeat the licensee's physical security system.
    What constitutes a suspicious activity can be subjective and may 
vary from one licensee to another. Examples of suspicious activities 
are provided in the guidance. The reporting of suspicious activities is 
an important component of evaluating the threat against licensed 
facilities and material. The NRC reviews individual notifications of 
suspicious activities to evaluate whether potential preoperational 
activities (i.e., multiple events at a single site or multiple events 
at multiple sites) may be part of a larger plan and to integrate this 
information with other agencies in the homeland security and 
intelligence communities. The NRC is not requesting that the licensees 
actively gather intelligence, but rather that they report information 
they believe is relevant to the security of their facility or activity. 
The reporting requirements provide a consistent means of communicating 
this information to the NRC.
    Comment A40: One commenter recommended placing the reporting 
requirements in Sec. Sec.  37.57 and 37.81 in subpart M of 10 CFR part 
20 to avoid duplicative regulations. The commenter stated that the 
notifications in Sec.  37.81 should be the same as 10 CFR part 20 and 
should be immediately after discovery, but only after initially 
notifying the LLEA. The commenter noted that immediate notifications of 
theft should be made to the LLEA, not as soon as possible as the 
proposed rule would allow. Another commenter noted that the reporting 
requirements should be consistent to ensure that multiple reports for 
the same event are not an unintended consequence.
    Response: The NRC disagrees with the need to move the 10 CFR part 
37 reporting requirements to 10 CFR part 20. The NRC has revised Sec.  
20.2201(c) to include a reference to 10 CFR part 37 so that duplicative 
reports are not required. The NRC disagrees with the comment to change 
as soon as possible to immediate in Sec.  37.81(c) and (d). The 
historic interpretation of immediate reporting has been up to 4 hours. 
The NRC does not believe that 4 hours is the appropriate timeframe for 
the notification; notifications need to be made promptly. For this 
reason, the NRC has used ``as soon as possible'' in both the orders and 
the rule language.
    Comment A41: One commenter questioned the difference between the 
requirements to report no later than 4 hours after the discovery of any 
actual theft or diversion in Sec.  37.57 and the requirement in Sec.  
37.81 to report within 1 hour of lost or missing material.
    Response: Under Sec.  37.57, the licensee is to immediately notify 
the LLEA and then to contact the NRC as soon as possible. If contacting 
the NRC would somehow interfere with or delay the LLEA response, the 
licensee can take up to 4 hours to notify the NRC. The LLEA would be in 
charge of any response as the occurrence was at a fixed location. It is 
the NRC's expectation that the notification would occur very quickly 
after the LLEA is notified. Under Sec.  37.81, the licensee is required 
to contact the NRC within 1 hour because the NRC may need to initiate a 
response as the occurrence was during transit.
    Comment A42: One commenter noted that the rule should not require 
the licensee to provide a copy of the reports required under Sec.  
37.81(g) to the Office of Nuclear Security and Incident Response 
(NSIR). The commenter believes that the NRC should provide the copy to 
NSIR. One commenter recommended that the written follow-up report for 
event reporting be submitted within 60 days instead of 30 days. The 
commenter noted that 30 days is insufficient time for licensees to 
complete an investigation, prepare, and submit a written report and 
that the 30 days is inconsistent with the timeframe for submittal of 
written follow-up reports that are required elsewhere in 10 CFR Chapter 
I. One commenter objected to the wording of the requirement in Sec.  
37.81(g) to ``include sufficient

[[Page 16948]]

information for NRC analysis and evaluation'' as it is too open-ended 
and the commenter felt that further explanation is necessary. The 
commenter stated that the NRC is doing a disservice to licensees if it 
wishes to claim that such items are difficult or impossible to predict 
for all cases or would be more fully addressed in guidance.
    Response: The NRC agrees with the comment in part and disagrees 
with the comment in part. The NRC often specifies that a copy of a 
report should be submitted to a specific office and does not believe 
that it presents a large burden on the licensee. While some of the 
follow-up reports contained in Title 10 Chapter I are submitted within 
60 days, some are submitted within 30 days. The 30-day timeframe for a 
written follow-up report is consistent with the requirement for the 
follow-up report for reporting lost and missing material contained in 
10 CFR part 20. If the investigation is not complete, a final report 
can be submitted upon completion. The NRC agrees with the comment on 
sufficient information and has added language similar to the provisions 
in Sec.  20.2201(b).
    Comment A43: One commenter requested that a subsection be added to 
Sec.  37.57 to clarify requirements for reporting by a licensee or 
permittee under a master materials license that has an onsite LLEA in 
order to preclude unwarranted interpretations during a regulatory 
inspection about reporting to NRC. The commenter offered suggested 
language as follows: ``(d) For a licensee or permittee under a master 
materials license with an on-site LLEA, reporting in this subsection is 
required only after the on-site LLEA has confirmed the attempted, 
actual, or actual activity related to theft, sabotage, or diversion of 
category 1 or category 2 quantities of radioactive material.''
    Response: The NRC disagrees with the comment. The reporting 
requirements remain the same whether the LLEA is on site or off site. 
The NRC does note that the LLEA does not need to be contacted until 
after the licensee has assessed the situation. The LLEA needs to be 
notified only if the licensee has determined that an attempted or 
actual theft, diversion, or sabotage act has occurred or is taking 
place, or, as appropriate, if the licensee has identified suspicious 
activities.
    Comment A44: One commenter recommended defining substantive 
information in Sec.  37.81(h). The commenter noted that the term 
substantive information indicated a higher priority notification than 
30 days.
    Response: The NRC disagrees with the comment. The provision is 
identical to the provision in Sec.  20.2201(d). A licensee should use 
judgment on whether the information should be provided sooner than 30 
days.
    Comment A45: One commenter stated that certain provisions of the 
proposed rule would be matters of mandatory compatibility between the 
NRC and the Agreement States. The commenter stated that the NRC has no 
statutory basis requiring an Agreement State to maintain regulations 
compatible with those of the Commission. The commenter believes that 
the Commission may request compatibility by the State, but cannot 
require it.
    Response: Section 274, ``Cooperation with States,'' of the AEA 
provides for cooperation with States, authorizing the Commission to 
enter into Agreements with States for certain materials provided that 
certain conditions are met. Two specific sections of the AEA provide 
for compatibility requirements: (1) Subsection 274d. gives the 
Commission the authority to enter into an Agreement with a State if the 
Commission finds that the State program is compatible with the 
Commission's program for regulation of such materials (subsection 
274d(2); and (2) under subsection 274g. of the AEA, the Commission is 
authorized and directed to cooperate with the States in the formulation 
of standards for protection against hazards of radiation to assure that 
the State and Commission programs for protection against hazards of 
radiation will be coordinated and compatible.
    In the Commission's policy statement, ``Policy Statement on 
Adequacy and Compatibility'' (62 FR 46517; September 3, 1997), the 
Commission addressed a similar comment. At that time, it was the 
Commission's view that, pursuant to section 274, an Agreement State's 
program should be compatible with NRC's program for the duration of the 
Agreement for the following reasons, set forth in the policy statement:

    Subsection 274g. authorizes and directs the Commission to 
cooperate with the States in the formulation of radiation protection 
standards ``to assure that the State and Commission programs for the 
protection against hazards of radiation will be coordinated and 
compatible.'' This provision demonstrates Congress' intention that 
the compatibility between the NRC and Agreement State programs 
should be maintained on a continuing basis.
    Subsection 274j.(1) calls on the Commission to suspend or 
terminate an Agreement State's program if ``the State has not 
complied with one or more of the requirements'' of Section 274. The 
Commission believes that this phrase ``one or more of the 
requirements,'' encompasses all requirements of Section 274, 
including the requirement for compatibility in Subsection 274(g).
    Under Subsection 274d.(2), the Commission is authorized to enter 
into an agreement with a State if the Commission makes both 
requisite findings that the State program is compatible with the 
NRC's program and adequate to protect public health and safety. 
Absent a continuing compatibility requirement, an Agreement State 
could divert from having a compatible program the day after any 
agreement is signed with NRC. This would render the Commission's 
initial compatibility finding required by Subsection 274d.(2) 
meaningless.

    In addition, the NRC has an obligation, pursuant to section 274j. 
of the AEA, to periodically review existing Agreement State programs to 
ensure continued adequacy and compatibility. Section 274j. of the AEA 
also provides that the NRC may terminate or suspend all or part of its 
agreement with a State if the Commission finds that such termination is 
necessary to protect public health and safety or that the State has not 
complied with the provisions of section 274j. In fulfilling this 
statutory responsibility, NRC provides oversight of Agreement State 
radiation control programs to ensure that they are adequate and 
compatible prior to entrance into a section 274b. agreement and that 
they continue to be adequate and compatible after an agreement is 
effective. The NRC, in cooperation with the Agreement States, 
established and implements a performance evaluation program to provide 
NRC and Agreement State management with systematic, integrated, and 
reliable evaluations of the strengths and weaknesses of their 
respective radiation control programs and identification of areas 
needing improvement, the Integrated Materials Performance Evaluation 
Program (IMPEP).
    There have been no changes to the AEA or to Commission policy that 
would render a different interpretation of these sections of the AEA. 
Therefore, no changes were made to the rule in response to this 
comment.
    Comment A46: Two commenters stated that it was unclear if the rule 
can be implemented under a public health and safety basis. The 
commenters noted that the performance objective in Sec.  37.21(b) is to 
prevent an unreasonable risk to public health and safety or the common 
defense and security, but that the basis for the rule is health and 
safety and not common defense and security.
    Response: This rule can be implemented under the NRC's authority to 
protect the public health and safety. The rule amends NRC's regulations 
to impose security requirements for the

[[Page 16949]]

use of category 1 and category 2 quantities of radioactive material. 
The proposed security requirements set forth the objectives and minimum 
requirements that licensees must meet to protect against theft or 
diversion of category 1 or category 2 quantities of radioactive 
material. Accordingly, these requirements increase the protection of 
the public from harm resulting from the unauthorized use of these 
materials.
    As discussed in the Statements of Consideration for the proposed 
rule (75 FR 33902, 33907 (June 15, 2010)), when regulations such as 
these address both the NRC's public health and safety and common 
defense and security missions, the operative question is whether NRC 
oversight is necessary to fulfill the common defense and security 
aspects of the regulations. The NRC believes that the Agreement States 
can consistently and adequately implement the physical protection 
requirements, and as such, there is no need for independent NRC action 
to protect the common defense and security. However, the NRC retains 
the authority under section 274(m) of the AEA to take any necessary 
actions for protection of common defense and security should individual 
licensees or the State program develop issues requiring immediate 
action.
    Implementing these regulations under the NRC's public health and 
safety authority avoids potential complications with licensees being 
subject to dual regulatory authorities for a single license. Agreement 
States can impose these security requirements because they provide a 
reasonable assurance of preventing the theft or diversion of category 1 
and category 2 quantities of radioactive material that has a potential 
to result in significant adverse health impacts and reasonably 
constitutes a threat to public health and safety. In addition, making 
these requirements applicable to Agreement State licensees through the 
Agreement State Program allows Agreement States to impose these 
requirements on its licensees and makes Agreement States responsible 
for enforcement of these requirements on its licensees.
    Comment A47: One commenter noted that while the NRC has regular 
oversight of individual Agreement State programs through its Integrated 
Materials Performance Evaluation Program (IMPEP), the NRC should 
evaluate its authority under IMPEP against the authority granted to the 
Secretary of Transportation under U.S.C. Title 49 Section 5125--
Preemption. Prior to relinquishing its regulatory authority to the 
Agreement State, the NRC should ensure that it is authorized and 
capable of preempting an Agreement State regulation pertaining to the 
physical protection in transit of category 1 and category 2 quantities 
of radioactive materials if the Agreement State regulation does not 
comply with the general criteria provided in 49 U.S.C. 5125. The 
commenter stated that if the NRC concludes that it is indeed 
appropriate for the Agreement States to regulate the physical 
protection of category 1 and 2 quantities of radioactive material while 
in transit then a mechanism has to be in place to ensure these 
Agreement State regulations cannot add requirements in addition to 
those provided in 10 CFR part 37.
    Response: The NRC in its Policy Statement on Criteria for Guidance 
of State and NRC in Discontinuance of NRC Regulatory Authority and 
Assumption Thereof by States Through Agreement, developed criteria to 
implement the Agreement State program, authorized by Public Law 86-373 
which was enacted in the form of a new section to the AEA (section 274) 
and approved by the President on September 23, 1959 (46 FR 7540-7546; 
January 23, 1981). Criterion 10 of the Policy Statement, Regulations 
Governing Shipment of Radioactive Materials, provides that the State 
shall to the extent of its jurisdiction promulgate regulations 
applicable to the shipment of radioactive materials, such regulations 
to be compatible with those established by the U.S. Department of 
Transportation and other agencies of the United States whose 
jurisdiction over interstate shipment of such materials necessarily 
continues. Therefore, State regulations regarding transportation of 
radioactive materials must be compatible with 10 CFR part 71.
    The NRC believes that it is indeed appropriate for the Agreement 
States to regulate the physical protection of category 1 and category 2 
quantities of radioactive material while in transit under the 
provisions of the 274b. Agreements and the continued oversight provided 
by the NRC. Many of the transportation requirements fall within the 
Compatibility Category B, Program Elements with Significant 
Transboundary Implications. Agreement State program elements under 
Compatibility Category B should be essentially identical to those of 
the NRC. The NRC evaluates these program elements under IMPEP and can 
take actions when a State has a program that is not compatible 
including termination or suspension of an agreement. We believe that 
this mechanism appropriately addresses the concern that a mechanism be 
in place to address the scenario of Agreement State regulations, adding 
requirements beyond those provided in 10 CFR part 37 where the 
additional requirements would not meet the compatibility designation 
for a given provision.
    Comment A48: Numerous commenters stated that the requirements 
created too much burden with little, if any, improvement in security 
and are not necessary or justified and are a waste of taxpayer money. 
Some commenters felt that the requirements were not commensurate with 
the risk of the material and were unnecessarily complex, complicated, 
and long. Some commenters noted that there were no quantifiable 
benefits, only qualitative benefits and, therefore, there is no 
evidence that additional measures are necessary. One commenter noted 
that there must be a balance between the real benefit of providing the 
services that the category 1 and category 2 sources provide, against a 
hypothetical malevolent act that may involve one of these sources. Some 
commenters felt that implementation of the new requirements would 
financially cripple small companies and would limit funding for new, 
safer technologies. Some commenters indicated that the burden could 
result in some medical facilities not offering radiation therapy 
services, a reduction in research, and will negatively impact patient 
care. One commenter was of the opinion that the number of licensees 
would drop by 25 to 30 percent. Commenters felt that the original order 
requirements are adequate and should be maintained with no additions as 
they were sufficient to ensure security. Commenters felt that 
additional requirements should be based on documented deficiencies in 
the orders and not on the very low likelihood of a terrorist event. One 
commenter noted that inspections insure that licensees are performing 
operations in such a manner as to meet regulatory requirements as they 
stand. One commenter noted that the NRC has not conducted a national 
performance-based assessment of the current orders. Commenters stated 
that the rule was overly prescriptive. Several commenters stated that 
the requirements should be graded for different types of facilities and 
material and fixed versus portable material. Some commenters felt that 
the NRC has lost touch with the way the industry operates or wouldn't 
suggest unnecessary changes.
    Commenters noted that monetary burden of compliance with the orders 
has required industry to reduce the amount of resources allocated for 
other aspects of its business and has made it challenging to compete in 
the global market. Some commenters expressed

[[Page 16950]]

concern over the cumulative impact noting the implementation of the 
National Source Tracking System and the license verification system. 
One commenter noted that it wasn't just the initial outlay, but also 
the annual burden that needed to be considered. One commenter noted 
that the rule would impact licensees who have previously not been 
impacted by the orders. The commenter noted that educating and 
inspecting these new licensees will impact the NRC staff resources, and 
could diminish their focus on ensuring security compliance for existing 
category 1 and category 2 sources. One commenter noted that the rule 
would be burdensome on the regulatory agency and LLEAs, as well as 
licensees.
    One commenter suggested placing generic requirements in the rule 
and then address subsets of licensees in the NUREG-1556 series. One 
commenter suggested that the proposed rule should be renoticed after 
making changes with more detail provided as to the actual safety and 
security benefits to be obtained. One commenter noted that the rule 
does not conform to the recent draft policy statement on the Protection 
of Cs-137 Chloride sources.
    Response: The NRC understands the concerns of the commenters and 
has tried to limit the burden while continuing to ensure the adequate 
safety and security of sources of concern. The security orders were 
issued based on the specific knowledge and information available to the 
Commission at the time the orders were issued. The NRC never intended 
to simply make generically applicable security requirements identical 
to the orders. The NRC always intended to consider insights gained from 
the implementation of the orders and implementation of the inspection 
program, as well as other factors. A number of changes have been made 
based on specific public comment. The result of these rule changes 
significantly reduces the burden of the final rule as compared to the 
proposed rule. The NRC believes that the provisions in the final rule 
are necessary to protect the public health and safety and ensure 
security. There could be some facilities impacted by the rule that were 
not impacted by the orders. Some facilities, such as reactors and fuel 
facilities, may be impacted by 10 CFR part 37. There should not be any 
byproduct material facilities newly impacted by 10 CFR part 37 that 
were not impacted by the orders.
    Comment A49: A couple of commenters stated that the NRC should only 
include the order provisions in the rule and then start work on 
developing a strategic rulemaking, which may need to include changes in 
legislative authority, to develop a 10 CFR part 37 with a more risk-
informed and performance-based model. The commenters noted that this 
effort should include evaluating requirements for different types and 
quantities of radioactive material and different uses, working with 
States and law enforcement groups to determine effective ways to 
transport material and working with law enforcement groups to determine 
effective ways that an LLEA can know and provide emergency response 
support to licensees. Another commenter suggested using subparts based 
on the type of business and security risks commensurate with each type. 
One commenter noted that the two-part approach would be a major 
accomplishment for the NRC and would be consistent with NRC's 
``Principles of Good Regulation.'' The commenter noted that this 
approach would reflect the Commission's Staff Requirements Memorandum 
(SRM) on the draft policy statement on the protection of Cesium-137 
Chloride sources (SRM for COMSECY-09-0029) which states: ``any 
additional efforts to enhance security for these sources should 
consider whether there are benefits of further risk reduction given the 
NRC's actions to date and the current threat environment.''
    Response: It was never the NRC's intent to include in the 
rulemaking only the order provisions. While there are differences from 
the orders, the NRC believes that the requirements contained in the 
final rule are necessary. As a general principle, the NRC prefers to 
construct performance-based regulation rather than explicit, 
prescriptive regulation where possible. The rule does not dictate what 
measures each licensee must use to protect the radioactive materials 
under its possession and control, rather the rule allows the licensee 
to choose those measures that best meet its needs. The NRC believes 
that the rule is risk informed and contains an optimized mix of 
performance-based and prescriptive requirements. A two-step process to 
conduct two rulemakings would be a waste of not only to the NRC and 
Agreement State resources but also those of licensees. The basic 
requirements in the orders were the same for all licensees. The NRC is 
aware of the areas that need enhancements and these areas are addressed 
in the rule. The NRC did add a new option to the regulatory analysis 
for the final rule that addresses only including the order provisions 
in the rule.
    Comment A50: One commenter stated that the total cost of the 10 CFR 
part 37 revision should include the costs that the licensees incurred 
to meet the orders and that the estimate and burden on licensees is out 
of proportion to the actual risk. Another commenter stated that the 
option 1 cost analysis was inappropriate because it assumed no security 
measures had been implemented, and it should have considered that the 
orders were in place. The commenter stated that an additional cost 
option determining the cost of implementing a new 10 CFR part 37 with 
requirements equivalent to the orders would be helpful. Several 
commenters stated that the cost estimates were underestimated but did 
not offer better cost estimates. One commenter stated that the annual 
recurring licensee cost was underestimated by at least a factor of 2. 
One commenter estimated that it would cost about $30,000 to implement 
the provisions and about $20,000 every year to maintain the plan and 
that the reinvestigation would cost between $10,000 and $20,000 
depending on the number of users that need to be rechecked. One 
commenter noted that the regulatory analysis did not specifically 
describe the average licensee on which the analysis is based. One 
commenter (a research facility) noted that it would need to process an 
additional 60 individuals per year and that the rule would cost 
approximately $23,000 per year and an initial outlay of $30,000. One 
commenter noted that it had added one additional employee to address 
the order requirements and that the rule would add yet more burden. One 
commenter stated that the regulatory analysis does not provide any 
technical data to support the statement that the qualitative benefits 
outweigh the costs of the rule. One commenter noted that a major 
medical facility could have hundreds of individuals in its access 
authorization program. One commenter noted that it had spent about 
$250,000 on physical site upgrades alone and has recurring costs of 
$50,000 annually for the alarm system to support the existing orders. 
One commenter stated that it spends approximately $100,000 a year for 
the transportation of category 1 and category 2 sources under the 
orders. The commenter noted that the amount of employee resources to 
implement and support the orders has been approximately 400 man days 
initially and 75 man days annually with total costs to date of 
approximately $1.5 million. The commenter estimated that to implement 
the additional requirements in the rule, it would cost

[[Page 16951]]

$250,000 initially which includes 100 man days to set up all the 
programs and procedures and an ongoing annual cost of $100,000 to 
$200,000 for hiring at least one to two individuals as a technical/
administrative resource to implement all the procedural and 
documentation requirements. The commenter stated that the costs assumed 
in the regulatory analysis ($25,000 initially and $27,000 annually) to 
be substantially underestimated. Some commenters noted that the 
regulatory analysis did not identify any quantifiable values and that 
the qualitative benefits were identical to the program in place today. 
One commenter noted that National Nuclear Security Agency (NNSA) is 
spending $26 million to implement voluntary enhancements at certain 
facilities. One commenter noted that it was not clear that NRC had 
considered the potential impacts to licensee safety programs, research, 
and an increase in disused sources due to ''deteriorating financial 
circumstances'' (mentioned in SECY 10-0164) that may result from the 
rulemaking.
    Response: The NRC appreciates the information provided on cost and 
considered that information when estimating the costs in the final 
regulatory analysis, increasing the annual cost of implementing the 
measures, increasing the number of individuals requiring a background 
investigation, and using different values for a small, medium, and 
large facility. The regulatory analysis prepared to support the 
proposed rule did contain the cost information on the orders. As the 
cost has already been expended, it is considered a sunk cost and is not 
included in the main analysis. The cost is provided for informational 
purposes. Many attributes considered in a regulatory analysis can only 
be expressed in a qualitative way and cannot be quantified. Differences 
in quality cannot be easily assessed or expressed. While it is possible 
that some licensees may decide to go out of business and there could be 
additional disused sources, the NRC is not able to predict how many, if 
any, companies might decide to go out of business.
    Comment A51: One commenter noted that the regulatory analysis and 
regulatory flexibility analysis did not reflect the actual number of 
licensees impacted (closer to 2,900) versus the number actually 
implementing the orders (about 1,400).
    Response: The regulatory analysis did reflect the 2,950 licensees 
that would be impacted by the proposed rule. Section 3.2.3 lays out the 
assumptions used in the analysis. The analysis assumed that 1,400 
licensees would need to fully implement the security provisions and 
that another 1,550 licensees would need to conduct some activities. The 
commenter is correct that the regulatory flexibility analysis only 
addressed those that fully implemented the provisions.
    Comment A52: Two commenters noted that the regulatory analysis does 
not address how harmonization between the NRC proposed rule and 
eventual Agreement State regulations will be assured; specifically in 
regards to the requirements contained in subpart D. The commenter noted 
that inconsistencies between Agreement State transport security 
requirements could greatly hinder the ability to transport category 1 
and 2 quantities of radioactive materials in commerce and could also 
serve as barriers to transporting category 1 and 2 quantities of 
materials through an Agreement State. The commenter noted that it is 
also unclear if the NRC considered what fees Agreement States may 
impose to fund the cost of regulating the physical protection of 
material in transit. The commenter noted that the State of Iowa 
currently has what Industry considers excessive fees to transport 
category 1 quantities of materials through the State.
    Response: The commenter is correct that harmonization of the 
requirements between the NRC and the Agreement States is not addressed 
in the regulatory analysis; the cost for the States to adopt the 
regulations is addressed. The final rule is a matter of compatibility 
between the NRC and the Agreement States. The NRC analyzed the final 
rule in accordance with the procedure established within Part III, 
``Categorization Process for NRC Program Elements,'' of Handbook 5.9 to 
Management Directive 5.9, ``Adequacy and Compatibility of Agreement 
State Programs.'' Most of the provisions in subpart D are Compatibility 
Category B because there are significant transboundary implications. 
The Agreement States must adopt Category B program elements in an 
essentially identical manner. The Agreement States do have 3 years to 
adopt the regulations. For transportation of category 1 quantities of 
radioactive material, an Agreement State licensee will continue to 
follow the NRC order on transportation until the State adopts the 
regulation. The order would then be withdrawn and the transportation 
would occur under the Agreement States' regulations. For category 2 
shipments, an Agreement State licensee will follow the Increased 
Control provisions on transportation until the State adopts the 
regulations. As for the fees that a State may charge, the NRC does not 
have any control as this is not a matter of compatibility. A State 
could choose to charge a fee whether the transport occurred under NRC 
or State requirements. The fees aspect is beyond the scope of this 
rulemaking.
    Comment A53: One commenter noted that because Agreement States have 
3 years to adopt regulations compatible with the final rule, provisions 
need to be made so licensees with both NRC and Agreement State licenses 
who modify their programs to comply with the NRC requirements are not 
cited as noncompliant with the Agreement State license.
    Response: A licensee must be in compliance with the regulations for 
the jurisdiction in which it operates. Part 37 is no different than any 
other regulation in that regard. A licensee that has implemented the 10 
CFR part 37 requirements should be in compliance with the majority of 
the provisions in the orders. The licensee can have discussions with 
its Agreement State regulator about adopting the provisions before the 
State has issued compatible requirements.
    Comment A54: One commenter addressed the questions related to small 
businesses. The commenter indicated that the rule needs to be more risk 
informed and better recognize the actual risk associated with category 
2 sources by providing more flexibility. The commenter indicated that 
the annual risk from a category 2 radioactive material dispersal device 
is between 10,000 and 100,000 times less likely than many other sources 
of premature death that the United States population commonly accepts 
from smoking, obesity, medical accidents, and auto accidents.
    Response: The Commission has determined that category 1 and 
category 2 quantities of radioactive material warrant additional 
security measures. In addition, the Radiation Source Protection and 
Security Task Force found that the category 1 and category 2 quantities 
warrant enhanced security and protection. See also QA5 and QA6 in 
Section II of this document.
    Comment A55: Two commenters provided input on the specific 
questions related to information collection. On the question of whether 
the proposed information collection is necessary for the proper 
performance of the functions of the NRC and the information has 
practical utility, one commenter agreed with the need for signed 
consent but questioned the usefulness of the credit history review and 
the FBI criminal history records check. The commenter agreed that a 
licensee needs to have an individual's employment and education 
history, but questioned the need to

[[Page 16952]]

require the individual to provide the information multiple times if the 
licensee already has the information in the individual's employment 
record. The commenter did not address the utility of any other aspects 
of the information collection. Two commenters did not agree with the 
burden estimate. One commenter stated that the estimate of the number 
of individuals who would need to have a background investigation was 
low; but provided no other estimates. The commenter also indicated that 
the cost of the background investigation was underestimated, and 
estimated that a background check would cost from $60 to $250 and 
higher. The commenter noted that it would take licensee personnel 10 
hours to gather, submit, and review background information for a normal 
background check, to more than 20 hours if the individual had resided 
in multiple State and foreign jurisdictions. The commenter estimated 
that it would take an individual 2 hours to complete a personal 
disclosure history, and that this was not included in the analysis. The 
commenter noted that a licensee would have to develop a compliance 
program required by the Fair Credit Reporting Act to obtain credit 
history and arrest records. A second commenter stated that the current 
labor rate for nonroutine technical support is $149 per hour. The 
commenter stated that first-year implementation would be about 320 
hours, or $47,000 and about $30,000 a year thereafter. On the question 
of whether the burden of the information collection could be minimized, 
one commenter noted that a more prudent and efficient method of 
checking background and overall status of an employee is to use the 
federal database ``E-verify.'' The commenter stated that the NRC could 
rely on the E-verify check as one of the background check tools for a 
licensee's access authorization program. The commenter also requested 
that guidance be given on FBI criminal background reports to assist a 
licensee's understanding of what the information in the report means.
    Response: The NRC notes that the FBI criminal history records check 
is required by the EPAct. The NRC has removed the requirement for a 
credit history evaluation as part of the background investigation. See 
response to Comment B67 for further discussion on credit history. There 
is no requirement for an individual to provide employment and education 
history multiple times. If the licensee already has that information, 
it does not need to go back to an individual to obtain the information 
a second time. Effort for the personal history disclosure was not 
included because it was viewed as information that would be provided 
when seeking employment and completing an application for employment. 
The information on cost and time was factored into the regulatory 
analysis for the final rule. As for the E-verify system, a licensee may 
use it as one tool for completing a background investigation, but use 
of E-verify alone would not meet the requirements for the background 
investigation. Guidance on the background investigation is available in 
the implementation guidance.
    Comment A56: Commenters requested guidance for various provisions 
of the rule, noting that the guidance was necessary for both the 
licensees and the regulatory agency. Commenters were specifically 
interested in guidance for both the determination on the reviewing 
official that would be used by the regulator and for the determination 
for those to be allowed unescorted access to the material that could be 
used by the reviewing official. Commenters felt that the lack of 
criteria or guidance will result in inconsistent approval or denial of 
the individuals. Commenters noted that compliance determinations are 
performance based and that the regulatory agency would have no recourse 
but to deem a licensee's determination appropriate as long as the 
licensee documented the basis. Several commenters agreed that licensees 
should be allowed flexibility in conducting the background reviews. One 
commenter suggested that the NRC should review 49 CFR 73.8 for specific 
guidance for denying an individual access.
    Response: Guidance on the rule is available in the document 
``Implementation Guidance for 10 CFR part 37 Physical Protection of 
Byproduct Material Category 1 and Category 2 Quantities of Radioactive 
Material,'' which will be published at approximately the same time as 
this final rule. Guidance on what should be considered in evaluating 
the results from the background investigation is in the document. The 
document does not contain a checklist, but provides general guidelines 
for making the determination on whether to grant an individual 
unescorted access. The determination basis is performance based; each 
licensee is responsible for making its own determination. Under the 
orders, the trustworthiness and reliability official made the 
determinations of who was granted access and that official is now 
called the reviewing official. Although there will be additional 
factors to consider, the decision-making responsibility remains 
unchanged.
    Comment A57: One commenter stated that the sections for the 
Paperwork Reduction Act Statement and Regulatory Flexibility 
Certification do not appear to have included pool irradiator and 
manufacturer/distributor licensees with category 1 quantities of 
radioactive material in their scope, and the documents will need to be 
augmented.
    Response: Pool irradiator and manufacturer/distributor licensees 
were included in the analysis conducted for the Paperwork Reduction Act 
Statement and the Regulatory Flexibility Certification.

B. Access Authorization Program

    Comment B1: One commenter stated that Sec.  37.21(a) did not 
address the requirements for currently approved access authorization 
programs or the actions that must be taken by the licensee within a 
specific timeframe. Another commenter noted that it was not clear what 
licensees that implemented the orders needed to do.
    Response: The NRC did not approve access authorization programs 
under the orders. The NRC approved them in the sense that we inspected 
and did not cite them if their programs were adequate. All licensees 
that allow unescorted access to an aggregated category 1 or category 2 
quantity of radioactive material must have an access authorization 
program that meets the requirements of subpart B on the date that the 
rule is effective in the State in which the licensee conducts its 
operations. The NRC is providing a 1-year implementation period for the 
final rule.
    Comment B2: One commenter requested clarification as to whether 
Sec.  37.21(a)(2) is based on possession or authorized possession.
    Response: The proposed rule contained several provisions that were 
based on authorization to possess. These provisions are not contained 
in the final rule. The NRC has revised the text to make clear that the 
provisions apply only to those that actually possess the material.
    Comment B3: One commenter stated that in Sec.  37.21(b), the term 
``unreasonable risk'' should be defined.
    Response: The NRC disagrees with the comment. The NRC acknowledges 
that implementation is dependent on the judgment of the reviewing 
official; however, this is a performance-based requirement and provides 
the licensee with flexibility in the implementation of its program. 
Although, the NRC has removed the term ``unreasonable risk''

[[Page 16953]]

from the requirement, the concept remains because the concept is 
inherent in the definition of trustworthy and reliable.
    Comment B4: One commenter stated that Sec.  37.21(c) should be 
deleted as being redundant to previous sections about who is approved 
for unescorted access.
    Response: The NRC disagrees that Sec.  37.21(c) is redundant. The 
section establishes the individuals that are subject to the access 
authorization program.
    Comment B5: One commenter stated that Sec.  37.21(c)(1) introduces 
new criteria for approval (individuals with job duties that require 
unescorted access) that are not otherwise used in the regulations. The 
commenter indicated that if it was considered necessary to limit 
approvals, the section should be modified by inserting the word 
``only.''
    Response: The NRC disagrees with the comment. Section 37.21(c)(1) 
establishes the individuals who are subject to the access authorization 
program and, therefore, need to undergo a background investigation and 
be determined to be trustworthy and reliable.
    Comment B6: One commenter asked if the shipper or the carrier was 
responsible in Sec.  37.21.
    Response: The licensee is responsible for assuring that all 
individuals who have unescorted access to the category 1 or category 2 
quantities of radioactive material have undergone a background 
investigation (or fall under one of the categories for relief) and been 
determined to be trustworthy and reliable. A commercial carrier is 
subject to separate State and federal transportation security 
requirements, and is not a licensee under 10 CFR part 37.
    Comment B7: One commenter noted that movement control center 
personnel were included in the list of individuals who were to be 
subject to an access control program. The commenter noted that the 
licensee may not have direct oversight of these centers and the center 
may be monitored by LLEA or other security or emergency personnel which 
could make enforcement difficult or impossible as these individuals 
would likely not be responding to an emergency. One commenter noted 
that the vehicle driver and accompanying individual(s) and movement 
control center personnel are typically employed by the carrier, and the 
access authorization program should be under the carrier's 
responsibility. One commenter stated that licensees can't implement the 
requirement of Sec.  37.21(c)(1)(ii) and (iii) when carriers are used 
for shipments of category 1 quantities.
    Response: The movement control center personnel were included 
because they have access to SGI-M. The vehicle driver and accompanying 
personnel were included, in part, because they have access to the SGI-M 
information. Whether these individuals come under 10 CFR part 37 access 
authorization program or not, they would still need to be fingerprinted 
and determined to be trustworthy and reliable under the requirements of 
10 CFR part 73. The NRC has revised Sec.  37.21(c) to reflect that 
those with access to SGI may be placed under 10 CFR part 37 access 
authorization program or they may be part of a separate program that 
meets the requirements of 10 CFR part 73. Law enforcement personnel are 
relieved from the fingerprinting and background check that are required 
for access to SGI and are relieved from the background investigation 
required under 10 CFR part 37.
    Comment B8: One commenter stated that Sec.  37.21(c)(3) conflicts 
with the requirements of Sec.  37.21(c)(1)(ii), (iii), (iv), and (v) as 
none of those personnel require unescorted access to radioactive 
material.
    Response: The NRC disagrees that there is conflict with the 
requirements. Some of the personnel referenced in Sec.  37.21(c)(1) 
were part of the access authorization program because they required 
access to SGI information which also requires a determination of 
trustworthiness and reliability. However, the requirements for the 
background investigation required for SGI and unescorted access are not 
identical, so the NRC has revised Sec.  37.21(c) to reflect that those 
requiring access to SGI may be included in the access authorization 
program, but are not required to be included. The licensee can choose 
to have a separate program to provide access to SGI information.
    Comment B9: One commenter noted that the specific requirement for 
access to materials included transport of category 1 and category 2 
materials and that the requirements should be consistent with 10 CFR 
part 71 and 49 CFR 171 through 180.
    Response: Part 71 does not contain requirements related to access 
of materials. The referenced DOT regulations do not contain 
requirements for access to materials, except for a driver who needs a 
hazardous material certification which includes fingerprints and an FBI 
criminal history check. Part 37 provides relief from the fingerprinting 
aspects of the background investigation for individuals that have 
undergone the DOT check.
    Comment B10: Two commenters requested clarification whether an 
engineer designing the security systems for an irradiator room would 
need unescorted access. The commenters noted that it would be 
beneficial if the requirements for individuals with access to sensitive 
information were clearly described.
    Response: Whether to grant unescorted access to an engineer 
designing the security systems would be up to the licensee. The 
licensee could arrange for the engineer to be escorted while in the 
irradiator room or could conduct a background investigation and grant 
the engineer unescorted access if the licensee believed it was 
warranted. The requirements for individuals with access to sensitive 
information are contained in Sec.  37.43(d).
    Comment B11: One commenter asked what shipping information requires 
an access authorization program.
    Response: The shipping information related to shipments of category 
1 quantities of radioactive material is considered to be SGI-M. Part 73 
contains requirements for individuals to undergo a background check and 
be determined to be trustworthy and reliable before being allowed 
access to SGI. A licensee can include those individuals needing access 
to SGI-M in its access authorization program under 10 CFR part 37 or in 
a separate program under 10 CFR part 73. If a licensee has an access 
authorization program that meets the requirements of 10 CFR part 37, 
the program will also meet the requirements of 10 CFR part 73 for 
access to SGI-M.
    Comment B12: One commenter noted that a licensee's access 
authorization program expands beyond those permitted to have unescorted 
access to category 1 or 2 sources and, therefore, the rule text must 
accurately reflect the need to include such individuals without 
requiring them to have unescorted access to the sources.
    Response: The access authorization program may also apply to those 
that require access to SGI, such as personnel involved in 
transportation of category 1 quantities of radioactive material. The 
rule has been clarified to reflect that those with access to SGI may be 
part of the access authorization program for materials unless the 
licensee chooses to have a separate program. Although the comment is 
not clear, the NRC believes that the commenter was referring to the 
reviewing official as someone that should not be required to have 
unescorted access to the sources. The NRC believes that it is important 
that

[[Page 16954]]

the reviewing official undergo the same background investigation as 
those being reviewed and approved by the reviewing official. Therefore, 
the reviewing official is included in the access authorization program. 
See also the responses to B14 and B15.
    Comment B13: One commenter noted that if the radioactive material 
is in a secured area within a room, then a trustworthiness and 
reliability determination shouldn't be required for personnel who need 
access to that room.
    Response: Secured area can mean different things. If the material 
is accessible by breaching a common barrier, then the individuals would 
need to undergo a background investigation and be determined to be 
trustworthy and reliable. See the implementation guidance for examples.
    Comment B14: In the proposed rule, the NRC specifically invited 
comment on the issue of fingerprinting the reviewing official. 
Commenters were specifically requested to provide information on: (1) 
Whether the reviewing official needs to be fingerprinted and have an 
FBI criminal records check conducted; (2) whether the other aspects of 
the background investigation are adequate to determine the 
trustworthiness and reliability of the reviewing official; (3) whether 
there are other methods that could be used to ensure that the reviewing 
official is trustworthy and reliable; (4) whether the requirement to 
fingerprint the reviewing official places too large of a burden on the 
licensee; and (5) whether the Agreement States have the necessary 
authority to conduct reviews of the nominated individual's criminal 
history record. Twenty commenters provided responses to the specific 
questions on this subject.
    Of those that provided responses to the questions on fingerprinting 
of reviewing officials, the commenters were evenly split on whether the 
reviewing official should be fingerprinted. Of those that responded no 
on the fingerprinting, most did not support the concept of a reviewing 
official at all and stated that the trustworthiness and reliability 
official established under the Increased Control Orders should remain 
in place. One of those opposed to the fingerprinting of the reviewing 
official stated that the official should be approved by the licensee as 
did a couple of the commenters that indicated support for 
fingerprinting. One of those supporting fingerprinting was opposed to 
requiring the individual to have access to radioactive material. The 
commenter suggested that the NRC table this element until NRC is 
granted authority to require fingerprinting of the reviewing official. 
The majority of those responding indicated that the other aspects of 
the background investigation were adequate to determine the 
trustworthiness and reliability of the reviewing official, including 
several commenters that supported the fingerprinting requirement. 
Several responded that specific guidance and acceptance or rejection 
criteria must be made available. Several commenters indicated that the 
reviewing official should meet all of the requirements for unescorted 
access. Three commenters stated that other aspects of the background 
investigation were not adequate but also indicated that they did not 
support the concept of a reviewing official. Based on its experience 
with the orders, one commenter stated that the criminal history derived 
from the FBI should serve as the sole basis. Most of the commenters did 
not think that the fingerprinting placed too large a burden on the 
licensee. Of the two commenters that felt that fingerprinting did place 
too large of a burden on the licensee, one of the commenters did not 
explain its rationale and the other stated that it was unnecessary for 
the reviewing official to have access to the material. One commenter 
indicated that this placed too large a burden on the States. On the 
question of whether the States have the authority to conduct reviews of 
the nominated individual's criminal history record, the response was 
inconclusive, with many commenters noting the authority was 
undetermined or not clear whether the State had authority. One State 
indicated that it did have the authority, two States that they probably 
had the authority, and one State indicated that it did only if specific 
disqualifying criteria are put in the regulations. Suggestions for 
other methods that could be used to ensure that the reviewing official 
is trustworthy and reliable included deferring the decision to licensee 
management using best business practices; using a background 
investigation by a professional such as a police investigator, private 
security clearance contractor, or human resource professional; and use 
of employment history with the licensee.
    In addition to those that addressed the specific questions, 33 
commenters addressed this subject. The Conference of Radiation Control 
Program Directors (CRCPD) conducted a survey of the Agreement States, 
and 69 percent of those that responded disagreed with the requirement 
for the regulatory body to approve the reviewing official. However, 62 
percent did support the requirement that the reviewing official be 
fingerprinted. Some commenters noted that there may be some States that 
may not have the authority to adjudicate fingerprints for approval. 
CRCPD reported that 69 percent of the responders to its survey 
indicated that they do not have the necessary authority to conduct the 
criminal history reviews without legislative action. Some of the States 
noted that they have the authority but do not want to conduct 
fingerprint reviews. One State indicated that it may not have the 
statutory authority to write a rule to approve the reviewing official, 
and another noted that it did not have the authority unless there were 
clear criteria. At least one State noted that it may not be able to 
completely protect the findings of the criminal history records check 
from public release. Several commenters expressed concern that the 
regulatory body (NRC or the Agreement State) would be basing the 
regulatory approval of the reviewing official on only the results of 
the fingerprints for a criminal history records check, and the other 
elements of the background investigation would not be part of the 
approval process. Commenters noted that neither the regulatory body nor 
the licensee would have the benefit of the complete information on an 
individual in order to make an informed determination. Commenters felt 
that the approval of the reviewing official should remain with the 
licensee and not the regulatory body because the licensee has more 
direct personal knowledge and experience with the individual, and the 
licensee has much more to lose by approving an incompetent reviewing 
official. Some commenters supported the approval of the reviewing 
official to be an outside agency such as the NRC as a logical 
methodology.
    Some commenters noted that the regulator should not deny someone 
based only on the fingerprint results. Several commenters noted that 
this would put additional resource burden on the regulatory body and 
that there is no compelling evidence of threat to public health and 
safety or security or that the current system is not working. Some 
States expressed concern over the possible liability for approving a 
reviewing official. Some commenters objected to the need to submit or 
remove the background check results outside of their offices and send 
them to the regulatory body. Commenters questioned how the Agreement 
State will be able to review the fingerprint results when the 
fingerprints are sent to the NRC. One commenter stated that the

[[Page 16955]]

rule should specify who evaluates all of the information for the 
reviewing official, as a licensee is required to have the information 
reviewed before submittal of the fingerprints. The proposed rule puts 
the burden of review of fingerprint results on the regulatory body 
which will result in a resource burden. Commenters noted that it is 
unknown what the impact on Agreement States' resources will be to begin 
approving reviewing officials.
    Response: After considering the comments, the NRC has decided to 
change the approval for the reviewing official. The NRC (or Agreement 
State) will no longer approve the reviewing official. The final rule 
adopts a similar process to what was in the Increased Control Orders. 
Each licensee will be required to provide the name of the reviewing 
official(s) to the NRC (or Agreement State) and certify, under oath or 
affirmation, that the reviewing official is trustworthy and reliable. 
By the licensee certifying under oath and affirmation that the 
individual is trustworthy and reliable, the NRC believes that it 
adequately addresses the good faith presumption concern. This 
certification occurs after the licensee has completed the background 
investigation for the reviewing official. The determination basis for 
the reviewing official is subject to inspection. If the individual has 
undergone fingerprinting and an FBI criminal history records check, a 
licensee can continue to use the trustworthiness and reliability 
official or the reviewing official used under the orders.
    Comment B15: Many commenters objected to the need to grant the 
reviewing official access to the radioactive material or SGI. Many 
licensees have used Human Resources (HR) personnel to conduct the 
background investigations under the orders as they are the hiring 
experts for their companies. It was further noted that HR personnel 
would not have a need for unescorted access to category 1 and category 
2 quantities of radioactive material. Licensees noted that this means 
that HR personnel are either prohibited from doing the access 
authorization or must be permitted access to the material or SGI. 
Further, commenters note that permitting HR personnel access creates 
possible radiation safety/security issues or creates an untenable 
business model for Increased Controls licensees with no evidence that 
the current system under the orders is flawed in any way. Some 
commenters noted that if it is the intent simply to have this person 
undergo the same level of scrutiny as those who would be given 
unescorted access, then the regulation should be amended to state as 
much. One commenter noted that the orders were quite emphatic that no 
individual should be granted access unless the individual actually 
needed access and that requiring the reviewing official to have access 
appears to reduce security. Several commenters noted that the 
workaround needed to require fingerprinting was an inappropriate 
approach and that NRC should complete the process of obtaining from 
Congress the authority to fingerprint the reviewing official. 
Commenters noted that the requirement is unduly restrictive on 
management options and an invasion of the rights to operate a business 
as they see fit. Commenters also noted that there may be other 
requirements surrounding unescorted access that could be implemented in 
the future and may not apply to the reviewing official that could cause 
hardships for licensees. While a few commenters were opposed to the 
requirement to have the reviewing official fingerprinted, most of the 
commenters did not object. One commenter noted that relying on someone 
to compile the information and have the reviewing official make the 
final decision also introduces the possibility of the individual 
compiling the information to act in a malevolent manner. One commenter 
suggested the following language: ``Reviewing officials must meet the 
necessary requirements to have unescorted access to category 1 or 
category 2 quantities of radioactive material.'' Two commenters noted 
that, if a reviewing official is granted unescorted access as a routine 
job requirement, the individual receive and satisfactorily complete 
radiation safety training required by the licensee.
    Response: The NRC believes that it is essential that the individual 
that approves others for unescorted access to radioactive material 
undergo the same background investigation before approving individuals 
for unescorted access. The NRC needs to have confidence in the 
integrity of the reviewing official. The reviewing official is one of 
the layers for defense-in-depth of the security program. If the 
reviewing official exercises the permission for unescorted access to 
the material, the individual would need to undergo any required 
training, including any safety training, before actually having 
unescorted access. There are often individuals at facilities that have 
unescorted access permission but seldom exercise the permission. The 
language has been revised slightly to note that the reviewing official 
must be permitted unescorted access, and the phrase ``as part of their 
job duties'' has been removed. However, these individuals are not being 
required to physically access the material. The changes were made to 
better match the language in the AEA. The compatibility of Sec.  
37.23(b)(3) was changed to Category C to allow States to be more 
restrictive as it relates to access to the material. Some States may 
have authority to require fingerprinting by use of other mechanisms 
than the AEA.
    Comment B16: Several commenters suggested allowing a reviewing 
official approve others to be a reviewing official as this would 
provide the licensee with more flexibility in assigning individual 
duties. Commenters noted that the restriction seemed arbitrary. One of 
the commenters noted that there was no reason why a reviewing official 
couldn't approve someone as there is no difference in the determination 
for a reviewing official and someone for unescorted access. Commenters 
noted that if this requirement was an attempt to maintain a list of 
reviewing officials it could be accomplished in a different manner.
    Response: The NRC does not believe that the reviewing official 
should be allowed to approve another individual to be a reviewing 
official. While the background investigation is identical, the 
responsibility for the reviewing official is greater. However, under 
the final rule, a licensee is able to name its own reviewing officials. 
The existing reviewing official could be involved in the background 
investigation evaluation. See also response to comment B14.
    Comment B17: One commenter suggested adding the word ``nominated'' 
before reviewing official in Sec.  37.23(b)(5) because the person is 
not a reviewing official until approved by the NRC.
    Response: The requirement for nominating a reviewing official has 
changed in the final rule. A licensee now names the reviewing official 
and certifies under oath and affirmation, to the NRC, that the 
reviewing official is trustworthy and reliable. See also response to 
Comment B14.
    Comment B18: Two commenters objected to the wording in Sec.  
37.23(b)(4) and (5) that implies that the reviewing official permits 
unescorted access. The commenters agreed that the reviewing official 
should be the individual who makes the trustworthiness and reliability 
determinations but asserted that the reviewing official should not be 
the individual who gives permission for unescorted access. The 
commenters noted that after a positive determination is made, the 
actual determinations for

[[Page 16956]]

unescorted access should be controlled by someone else such as the RSO. 
The commenters suggested that the two sections be revised to remove the 
permit unescorted access language. The commenters also suggested that 
Sec.  37.23(e)(2) be modified by changing the word ``permit'' to 
``authorize.''
    Response: The NRC agrees with the comment. The NRC has revised the 
language in Sec.  37.23(b)(1) (formerly paragraph (b)(4)) to read: 
``Reviewing officials are the only individuals who may make 
trustworthiness and reliability determinations that allow individuals 
to have unescorted access to category 1 or category 2 quantities of 
radioactive materials possessed by the licensee.'' The NRC has removed 
the provision in Sec.  37.23(b)(5) as it was duplicative of paragraph 
(b)(4) (now paragraph (b)(1)). The NRC has not revised the language in 
Sec.  37.23(e)(2) because permit is the term used in the AEA.
    Comment B19: One commenter noted that Sec.  37.23(b)(5) is 
redundant as Sec.  37.23(b)(4) conveys the same requirement.
    Response: The NRC agrees with the comment and has removed Sec.  
37.23(b)(5) from the rule.
    Comment B20: Two commenters recommended that the reviewing official 
be allowed to authorize access to SGI.
    Response: The reviewing official may approve individuals for access 
to SGI. Part 73 requires that a reviewing official conduct the 
background check review, but does not specify who that individual is or 
specify any qualifications for the position. A licensee can choose to 
use the same individual for both the SGI access under 10 CFR part 73 
and unescorted access under 10 CFR part 37.
    Comment B21: One commenter noted that licensees were allowed 
fingerprint exemptions based on submittal to other governmental 
programs, such as those to access Select Agents or government 
clearances. The commenter noted that these programs allow for licensee 
personnel to be trained to take the fingerprints but that the rule does 
not allow the reviewing official to be fingerprinted by the licensee 
personnel which will result in additional cost to travel to an 
authorized agency and fees to have the authorized agency take 
fingerprints. Two commenters noted that the requirement for the 
fingerprints of the reviewing official must be taken by a law 
enforcement agency, Federal or State agencies that provide 
fingerprinting services to the public, or commercial fingerprinting 
services authorized by a State to take fingerprints and that this 
seemed arbitrarily restrictive and was not a similar requirement for 
other individuals. The commenters also noted that 10 CFR part 73 did 
not contain a similar provision.
    Response: The NRC disagrees with the comment. Because the reviewing 
official has extra responsibility in the access authorization program 
and will be making the determinations to allow access, the NRC believes 
that it is necessary for the reviewing official's fingerprints to be 
taken by an entity that will verify that the identification matches the 
person being fingerprinted. This ensures the identification of the 
individual submitting the fingerprints. Without this requirement the 
reviewing official could submit the fingerprints of another individual 
that is known not to have a criminal history or known terrorist ties.
    Comment B22: Two commenters asked how a licensee will know if an 
appointed reviewing official has been approved. Commenters also asked 
how long the review would take. One commenter asked the NRC to describe 
the controls that will be in place to protect the personal information 
provided to the NRC on behalf of the prospective reviewing official. 
One commenter noted that the regulation does not indicate what the NRC 
will do with the fingerprints and how long the NRC retains personal 
information and the FBI data. The commenter wanted to know how long the 
FBI and NRC retain the fingerprints and personal information and who 
they can or will share that information with. Commenters were concerned 
how the transition period, before a reviewing official is approved, 
could impact a program. Some commenters questioned the length of time 
for NRC review.
    Response: The final rule does not contain the provision for the NRC 
(or Agreement State) to approve the reviewing official. The only 
information provided to the NRC is the name of the individual and the 
fingerprints. The NRC typically does not retain the fingerprints and 
FBI results beyond 30 days. Either the cards are destroyed or the 
electronic file is deleted in accordance with Federal guidelines.
    Comment B23: A few commenters indicated that the T&R officials 
under the orders would be grandfathered and become reviewing officials 
under the rule. Another commenter wanted to know what is meant by the 
statement that the already deemed reviewing official may continue to 
act in that capacity for an expanded set of persons, i.e., what is 
classified as an expanded set of persons. One commenter recommended 
revising the rule to relieve reviewing officials who already have 
fingerprints on file from submitting fingerprints again.
    Response: The NRC disagrees with the comment in part. The 
commenters have misunderstood the grandfather clause. The T&R officials 
would only be grandfathered if they had been fingerprinted under the 
orders for either unescorted access to the radioactive material or to 
SGI. If the T&R official has not previously undergone the 
fingerprinting and criminal history records check, he or she would need 
to complete the fingerprinting before making any additional 
determinations for access to material. The expanded set simply referred 
to those individuals, including new employees, who might newly require 
a background investigation.
    Comment B24: Several commenters noted that both the NRC-Agreement 
State working group and the NRC staff steering committee developing the 
fingerprinting orders discussed at great length whether to require 
fingerprinting and background checks for T&R officials. Under the 
orders, T&R officials were not subject to the requirements. Commenters 
noted that they were not aware of any subsequent developments that 
would change the situation and now warrant requiring fingerprinting and 
background checks for reviewing officials now required under part 37. 
The commenters objected to what they called the appearance of an 
attempt to incorporate in rule a concept that did not have consensus 
and was not incorporated after going through the previous security 
orders working group process. They are opposed to requiring the 
reviewing official to undergo fingerprinting and a background check 
because in their opinion the requirements provide no plausible added 
benefit to the existing structure under the orders.
    Response: The 10 CFR part 37 working group considered the order 
requirements, lessons learned, implementation issues, inspection 
issues, recommendations from other reviews, as well as the comments on 
the preliminary rule language. The 10 CFR part 37 working group 
determined that there was a potential gap with the individual approving 
others for access without undergoing the same background investigation. 
Requiring the reviewing official to undergo a background investigation 
addresses the good faith presumption. See also the response to question 
B5 in Section II.
    Comment B25: One commenter objected to the timing of the submittal 
of the fingerprints for the reviewing official, noting that the 
approval process would be timelier if the fingerprints

[[Page 16957]]

were processed at the same time the licensee is conducting the other 
elements of the background investigation.
    Response: The requirement for NRC approval of the reviewing 
official has been removed from the rule. The rule requires the licensee 
to certify that the reviewing official is trustworthy and reliable and 
to then provide the name of that individual designated as the reviewing 
official to the NRC. See also response to Comment B14.
    Comment B26: One commenter noted that many of the items in subparts 
A through D do not reference SGI, but the requirements in this rule 
apply, and the inconsistencies must be corrected.
    Response: The NRC disagrees with the comment. Requirements for 
protection of SGI are contained in 10 CFR part 73, not 10 CFR part 37. 
Part 37 contains appropriate references to the requirements for SGI 
that are contained in Sec. Sec.  73.21 and 73.23.
    Comment B27: One commenter requested that a section for a master 
materials licensee to approve reviewing officials at the permittee 
level facilities be added.
    Response: The licensee is now responsible for approving the 
reviewing official. See also the response to comment B14.
    Comment B28: One commenter noted that it was not clear how the 
licensee would comply with the requirement in Sec.  37.25(a)(1) to 
complete fingerprinting and an FBI identification and criminal history 
records check for reviewing officials before granting them unescorted 
access inasmuch as NRC (or the Agreement State) would have the 
responsibility of reviewing the FBI identification and criminal history 
records check information, in lieu of the licensee doing so.
    Response: The NRC (or the Agreement State) is no longer involved in 
the approval of the reviewing official. See also response to comment 
B14.
    Comment B29: One commenter raised the issue of how individuals 
denied approval for reviewing official duties will be tracked to avoid 
going to another jurisdiction for approval.
    Response: The final rule does not require the NRC to approve the 
reviewing official. The NRC does not plan a tracking system to track 
reviewing officials.
    Comment B30: Two commenters requested information on what happens 
if the company appointed reviewing official is denied, particularly in 
smaller companies where the owner, manager, or RSO may be the appointed 
reviewing official and how such a denial might affect the operation of 
the company.
    Response: The licensee is now responsible for approval of the 
reviewing official. The NRC is not involved in the decision. See also 
response to comment B14.
    Comment B31: One commenter suggested changing the characteristics 
derived from the background investigation. The commenter stated that 
for the reviewing official to state that an individual is ``trustworthy 
and reliable'' implies more of an intimate knowledge of the 
characteristics of a person than would be gained from simply running 
the required checks. The commenter suggested that defining an 
individual as ``low-risk'' may be more appropriate.
    Response: The NRC disagrees with the comment to change the rule. 
The NRC recognizes that determining that an individual is considered to 
be trustworthy and reliable is subjective, and not a guarantee that the 
individual won't ever commit, or conspire to assist others in 
committing, a malevolent act. The trustworthy and reliable concept is 
in the orders and is in other locations in the regulations.
    Comment B32: One commenter suggested that, for those individuals 
who are relieved from the fingerprinting, identification, and other 
elements under Sec.  37.29, the licensee should be exempt from the 
requirement in Sec.  37.23(c) to provide informed consent and obtain a 
signed consent form. The commenter noted that it conducts a background 
investigation on all badge-holders (employees, fellows, contractors, 
etc), the vast majority of whom have no intent of applying for purposes 
of unescorted access and that there is no opportunity, or it is a 
misplaced opportunity, to request an individual's signed consent under 
this regulation at the point of background investigation initiation. 
The commenter stated that there should also be an exemption for this 
situation as there is no need to repeat the background investigation 
just because an individual later determines a need to request 
unescorted access. Other commenters questioned why an individual that 
has already been subject to fingerprinting now needs to provide 
consent.
    Response: Section 37.23(c) states that the licensee does not need 
to obtain signed consent from those individuals who have undergone a 
background investigation under the orders or 10 CFR part 73. A signed 
consent is not necessary until the reinvestigation occurs. A licensee 
would not need to obtain a signed consent from an individual subject to 
Sec.  37.29, unless the licensee conducted one or more of the elements 
of the background investigation.
    Comment B33: One commenter questioned whether the NRC would develop 
a standard consent form and background questionnaire form so that 
everyone asks the same questions and evaluates on the same basis.
    Response: The NRC has included a consent form in the guidance that 
could be used by licensees. A standard background questionnaire was not 
included as this would be similar to the information included in 
applications for employment. Information would include job history, 
education history, and a list of references.
    Comment B34: One commenter stated that Sec.  37.23(e) was 
improperly named as no basis for making a determination was included, 
only a requirement for licensees to develop, implement, and maintain 
written procedures with the determination basis that they deem 
appropriate.
    Response: The NRC disagrees with the comment. The section contains 
the requirement for the reviewing official to make determinations on 
authorizing unescorted access, and the NRC believes that it is 
appropriately named. The licensee is provided flexibility in the 
criteria that it uses to make a determination.
    Comment B35: One commenter stated that NRC should provide the 
specific and detailed adjudication criteria that will be used to 
approve the reviewing official.
    Response: The guidance document contains the general criteria that 
the NRC used in approving reviewing officials under the orders. The 
specific criteria to be used are up to each licensee.
    Comment B36: One commenter stated that licensees are not in a 
position and do not have the knowledge and skill to ensure that 
personnel are trustworthy and reliable and that all that licensees can 
be expected to do is to follow the NRC rule that was presumably written 
to provide licensees with methods to screen personnel.
    Response: Licensees are required to follow the requirements in 10 
CFR part 37 to acquire information about personnel and to make their 
own judgments of the trustworthiness and reliability of their 
employees. These determinations do not require specialized knowledge or 
skill and are similar to the determinations that licensees make in 
hiring decisions.
    Comment B37: One commenter requested that Sec.  37.23(e)(1) and (2) 
be revised to remove the requirement to review all of the background 
investigation information required in

[[Page 16958]]

making a determination on trustworthiness and reliability. The 
commenter felt that some of the information would be impossible to 
obtain and therefore, if you are required to review all information, a 
licensee could never approve some personnel. The commenter suggested 
that the language be changed to ``collected background investigation 
information.'' Several commenters suggested removing the term 
``disqualifying'' from the paragraph as the NRC has not provided a list 
of disqualifying factors.
    Response: The NRC agrees with the comment and has revised the rule 
to specify that the evaluation is of the information collected to meet 
the requirements. The NRC has also removed the term ``disqualifying'' 
from Sec.  37.23(e)(2).
    Comment B38: Two commenters noted that in Sec.  37.23(e)(3) 
``reasonable assurance'' is not defined. One of the commenters felt 
that the lack of clarity in this requirement and in what documentation 
should consist of will result in disputes with NRC inspection findings. 
One commenter objected to the need to document the determination basis 
for granting someone unescorted access. The commenter felt that only 
the reasons for denial should be documented.
    Response: The NRC does not believe that ``reasonable assurance'' 
needs to be defined in the regulations. The determination basis is a 
performance-based requirement, and licensees are provided flexibility 
to develop criteria that best meet their needs. The NRC believes that 
documentation of the determination basis is essential. The 
documentation does not need to be extensive. It can consist only of an 
indication that no negative information was found during the 
investigation or an explanation of why negative information did not 
disqualify the individual. Without documentation an inspector could not 
be assured that the individual had actually undergone the required 
background investigation. Documentation of the basis is also beneficial 
to the licensee if it needs to reevaluate whether an individual should 
continue to have unescorted access.
    Comment B39: Several commenters objected to the requirement in 
Sec.  37.23(e)(3) to immediately remove the person from the approved 
list once he or she no longer require access. One commenter noted that 
``immediately'' is not defined and that it is not realistic for routine 
terminations such as student graduations and deaths. The commenter 
indicated that the only justification for immediate removal would be 
demonstrated unreliability that would result in withdrawal of the 
person's trustworthiness and reliability status. The other commenter 
stated that immediate removal was not warranted but should be done in a 
timely manner. The commenter suggested replacing ``immediately'' with 
``as soon as practical.'' Another commenter suggested removal from the 
list in a timely manner not to exceed 30 days after the determination.
    Response: The NRC agrees with the comment in part. An immediate 
removal from the list is probably not necessary. However, prompt 
actions do need to be taken to prevent access, such as deactivating his 
or her access code. The NRC has revised the language to reflect that 
the action should occur as soon as possible but no later than 7 working 
days. The NRC believes that it is important to maintain a current list 
of those individuals that are allowed unrestricted access to the 
material.
    Comment B40: One commenter questioned whether Sec.  37.23(e)(3) 
means that the licensee must document its basis for approval of the 
trustworthiness and reliability determination as a written policy. The 
commenter noted that an alternate interpretation could be that the 
licensee must document a rationale for each individual's 
trustworthiness and reliability approval, as opposed to a generic basis 
for approval for all applicants.
    Response: The licensee must document the rationale for each 
individual's trustworthiness and reliability determination. The 
documentation does not need to be extensive. The NRC notes that the 
orders also required the licensee to document the basis for concluding 
that there is reasonable assurance that an individual granted 
unescorted access is trustworthy and reliable.
    Comment B41: One commenter stated that the access authorization 
program requirements were overly prescriptive, particularly the number 
of required procedures and amount of associated documentation. The 
commenter noted that the licensee should be allowed to determine the 
level of detail of its program as appropriate depending on the size and 
complexity of the program.
    Response: The NRC agrees with the comment, in part, and has made 
some changes to the access authorization program. Section 37.23(f) has 
been revised to remove some of the specificity in the types of required 
procedures.
    Comment B42: Two commenters noted that the requirement to have 
procedures to ensure that individuals who have been denied unescorted 
access authorization are not allowed access was redundant. The 
commenters stated that a person denied unescorted access would not be 
provided with a key or codes to access the sources, and a procedure is 
not needed.
    Response: The NRC believes that procedures are necessary to 
implement the access authorization program. Not all licensees use keys 
or codes to control access to the material.
    Comment B43: Two commenters stated that for licensees subject to 10 
CFR part 73 with additional radioactive materials not covered by the 10 
CFR part 73 security plan, the procedures used for 10 CFR part 73 
background investigations and updating of background investigations, 
etc., should be considered adequate to meet the intent of 10 CFR part 
37. One of the commenters suggested adding a new paragraph (5) to Sec.  
37.23(f) to read as follows: ``Procedures and policies meeting the 
requirements of the security plans required by part 73 meet the 
requirements of this subpart B of this chapter.''
    Response: The NRC agrees that a licensee does not need to maintain 
two sets of procedures; however, a provision is not needed in the 
regulations. As long as 10 CFR part 73 procedure addresses the content 
of the required procedures under 10 CFR part 37, additional procedures 
are not necessary.
    Comment B44: One commenter suggested that NRC develop a generic set 
of procedures for the conduct of background investigations as guidance 
for licensees.
    Response: The NRC has not included generic procedures for 
conducting a background investigation. Implementation of background 
investigation requirements will vary with the circumstances of 
individual licensees. Guidance is available on the various elements.
    Comment B45: One commenter stated that in Sec.  37.23(g) at least 
10 days should be allowed for an individual to correct, complete, or 
explain other components of the background investigation.
    Response: The NRC has not specified a timeframe in order to allow 
licensees flexibility to choose a timeframe that they believe is 
appropriate for their program. The NRC has provided a 10-day timeframe 
to challenge the FBI criminal history records, and 10 days would be an 
appropriate timeframe for allowing a challenge of other aspects of the 
background investigation results. The licensee may choose the timeframe 
that works best for it.
    Comment B46: One commenter noted that since Sec.  37.23(g)(2) 
specifies that the licensee can't act on challenged

[[Page 16959]]

information until the FBI goes through their due process, the FBI needs 
to be on board. The commenter suggested adding a requirement to allow 
the licensee to make a final determination if nothing is heard from the 
FBI within 30 days.
    Response: The rule contains procedures for an individual to correct 
background check information that are identical to the procedures in 
Sec.  73.57(e)(2). The NRC disagrees that a 30-day cut-off period is 
needed because such a provision would circumvent an individual's right 
to complete, correct, and explain information obtained as a result of 
the licensee's background investigation. Further, the 30-day cut-off 
period may be unreasonably short. The FBI has indicated that once it 
receives a formal challenge to an individual's record, a recheck is 
completed within approximately 3-4 weeks (52 FR 6310; March 2, 1987). 
Given the rule's 10-day window for an individual to initiate a 
challenge, the timeframe for resolution of challenges could potentially 
be greater than 30 days. Accordingly, the NRC declines to impose a 30-
day time limit for challenges to an individual's background check 
information.
    Comment B47: One commenter stated that Sec.  37.23(h)(2) requires 
the licensee to retain a list of persons approved for unescorted access 
for 5 years after the list is superseded and noted that the word 
``list'' implies a written document. The commenter asked if the 
``list'' may include database records that contain unescorted access 
approval and removal dates and thus would allow discarding printed 
copies that are no longer useful. The commenter noted that other NRC 
regulations (e.g., Sec. Sec.  20.2110 and 37.51) allow records to ``be 
stored in electronic media with the capability for producing legible, 
accurate, and complete records during the required retention period.'' 
The commenter recommended changing the wording to add similar wording 
as in other NRC regulations making it clear that the ``lists'' do not 
need to be printed copies.
    Response: Section 37.101 already allows records to be maintained in 
electronic media. The language is similar to that provided in Sec.  
20.2110 and applies to all records that are required by 10 CFR part 37.
    Comment B48: Two commenters objected to the requirement in Sec.  
37.23(h)(3) to maintain a list of individuals not approved for access. 
Two commenters objected to the need to maintain every change to the 
list for 5 years. One commenter felt that it would seem reasonable to 
ask that a list of all persons currently granted unescorted access be 
maintained (+ a month) and that a list of all persons denied or removed 
from the unescorted access list be maintained ( a month). 
Another commenter noted that maintaining a list has no value as a 
licensee may develop a badge system that indicates a person's level of 
access. Another commenter noted that there was no value in keeping a 
list since the determination basis has to be documented.
    Response: The NRC agrees, in part, and disagrees, in part, with the 
comment. The NRC agrees that it is not necessary to maintain a list of 
those individuals not approved for access and has removed the 
provision. The fact that someone is not included on the access list 
means that they should not be granted unescorted access to the 
material, and a second list is not needed. There is currently no 
mechanism in place to share information among licensees, so there is no 
benefit in maintaining a list of those not approved for access. The NRC 
disagrees with the comment to remove the requirement to maintain every 
change to the list; however, the NRC has changed the retention time to 
3 years. The superseded lists are necessary for inspections. If an 
inspector discovers something during an inspection, the superseded list 
could be reviewed to determine who had unescorted access during a given 
time period.
    Comment B49: One commenter requested clarification whether the 
notification required by Sec.  37.27(a)(2) is different from the 
informed consent required by Sec.  37.23(c)(1).
    Response: The informed consent under Sec.  37.23(c)(1) is consent 
to conduct the background investigation. The notification required by 
Sec.  37.27(a)(2) is specifically for the FBI criminal history records 
check. The licensee may develop one consent form that covers both 
aspects.
    Comment B50: In the proposed rule, the NRC specifically invited 
comment on the appropriate elements for a background investigation. 
Commenters were requested to provide information on: (1) Whether a 
local criminal history review is necessary in light of the requirement 
for an FBI criminal history records check; (2) whether a credit history 
check provides valuable information for the determination of 
trustworthiness and reliability; (3) whether the Agreement States have 
the authority to require a credit history check as part of the 
background investigation; (4) the appropriate elements of a background 
investigation and why any suggested elements are appropriate; (5) 
whether the elements of the background investigation are too subjective 
to be effective; and (6) how much time a licensee typically spends 
conducting a background investigation for an individual. Twenty-seven 
commenters provided responses to the specific questions on this 
subject.
    Of those who provided responses to the questions on the background 
investigation elements, no one supported inclusion of the local 
criminal history check as part of the background investigation elements 
and only one commenter indicated that the credit history check added 
any value. Most commenters indicated that the FBI criminal history 
records check was sufficient, and that requiring a local criminal 
history check was redundant and overly burdensome. Many commenters 
noted that conducting a local criminal history check would be very 
difficult for foreign nationals and those who have moved frequently. 
Most commenters stated that the credit history evaluation was not 
useful, and that poor credit and untrustworthiness do not go hand-in-
hand. Commenters were also concerned that there were no clear 
guidelines on what credit score would be cause for concern. Many 
commenters expressed concern over the accuracy of information in credit 
histories. Some commenters questioned whether requiring a credit 
history check was legal in some States, noting that the requirement was 
an invasion of privacy. One commenter suggested Social Security number 
(SSN) validation instead of the credit history check.
    In response to the question of whether the Agreement States have 
the legal authority to require a credit history check, most commenters 
indicated that they did not know. One State responded that recent 
legislation prohibits discrimination based on credit history, but did 
note that the law provides for exceptions. One State indicated that it 
did have authority, and another noted it did if specific criteria were 
provided.
    The majority of commenters indicated that the current background 
investigation elements from the orders were adequate. One commenter 
suggested as appropriate elements: Verification of legal citizenship, 
personal references, former employers, education, fingerprinting and 
FBI criminal background investigation, and personal knowledge. Another 
commenter noted that the elements should be employment history, 
education history, reference check, and FBI history check. Two 
commenters noted that the background investigation should be limited to 
the fingerprint-based criminal history check, and that an adverse 
criminal history could be mitigated by satisfactory employment history 
with the licensee. One

[[Page 16960]]

commenter suggested a two-person rule for truly significant sources 
instead of a background check. One commenter indicated that the area 
that needed review is the background investigation for foreign 
nationals and students because the required information is troublesome 
to obtain.
    Most of the commenters felt that the elements of the background 
investigation were too subjective, and that guidance or criteria were 
needed so that the elements could be consistently applied across the 
country with minimum second guessing by auditors and inspectors. Other 
commenters stated that while the elements were subjective, this did not 
mean that they were ineffective. Commenters stated that there is a good 
mixture of subjectivity and objectivity for the reviewing official to 
use in making a determination of a person's trustworthiness and 
reliability. One commenter noted that some subjectivity is necessary to 
evaluate the situation and the individual, as strict adherence to 
guidelines could lead to rejection and a serious impact on an 
applicant's career.
    NRC also requested information on how much time a licensee spends 
conducting a background investigation. Responses varied from a few 
hours to months; the longer times typically included wait times and not 
actual effort.
    One commenter suggested centralization of the background 
investigation process, suggesting that the security clearance process 
performed by the Defense Industrial Clearance Security Offices for 
various Federal agencies could be tailored to meet the 10 CFR part 37 
requirements. The commenter indicated that this could be more efficient 
than requiring each licensee to develop a process.
    In addition to those who provided responses to the specific 
questions, 70 commenters addressed this topic. Several commenters felt 
that the current background investigation elements were sufficient and 
questioned the value of the proposed additional elements (credit 
history evaluation, verification of true identity, military history 
verification, and criminal history review from local criminal justice 
resources). Some commenters felt that specific justifiable evidence 
that current trustworthiness and reliability programs aren't working is 
needed to justify any new requirements, and that a cost-benefit 
analysis should be used to justify inclusion of any new elements. 
Several commenters noted that the cost of obtaining the necessary 
information may be burdensome in time and money, and that the 
requirements are overly prescriptive. Commenters expressed concern that 
the required checks could result in lost jobs if individuals did not 
meet the standards set forth by the licensee. One commenter noted that 
a licensee would probably investigate the individual before hiring, 
which would result in multiple expenditures for one eventual employee. 
One commenter noted that the background investigation could deter some 
talented and knowledgeable professionals from applying due to the 
potential invasion of privacy. One commenter noted that the NRC needs 
to find the fine line between cautious and correct and overly cautious 
and burdensome.
    Some commenters felt that the FBI criminal history checks and work 
history are sufficient. Two commenters felt that the background 
investigation should only require a fingerprint-based criminal history 
check and that adverse criminal history may be mitigated by the 
employment history of an employee with more than 3 years employment 
with the licensee. Commenters noted that employment history is far more 
accurate for determining trustworthiness and reliability than any other 
check proposed. One commenter suggested allowing licensees to use a 
graded approach taking into consideration multiple variables, such as: 
Whether the activity is category 1 or category 2; the desirability of 
the source to an adversary; the physical security present; how quickly 
the radioactivity could be removed from the device and readily 
dispersed or used to cause serious harm; the mobility of the source or 
device, and the frequency of physical inspection/observation by more 
than one individual. One commenter suggested revising the requirement 
so that the licensee could use either employment history evaluation, 
verification of employment, or military history evaluation. At least 
one commenter noted that the insider threat would be best controlled 
with monitoring and detection.
    Sixty commenters objected to the inclusion of the credit history 
element in the background investigation. Commenters noted that, in the 
current economic environment, a credit history evaluation could reflect 
an inaccurate and erroneous assessment of a person's trustworthiness 
and reliability and could result in some skilled individuals being 
removed from employment consideration. Commenters felt that the credit 
history check was an unnecessary invasion of privacy, and that most 
individuals would choose not to pursue unescorted access if faced with 
a credit history check. One commenter noted that when implementing the 
orders it had initiated a credit history evaluation that created a 
significant uproar and resulted in several researchers withdrawing 
their irradiator access privileges. The commenter noted that this 
created an atmosphere of distrust. Commenters felt that the information 
was not relevant when attempting to determine trustworthiness and 
reliability and was unjustified and not a valid gauge of 
trustworthiness and reliability. Commenters noted that having a bad 
credit history did not make the individual untrustworthy and that a 
good credit history did not define an individual as trustworthy and 
reliable. Some commenters requested that the NRC provide some study or 
peer reviewed document that demonstrates that persons with poor credit 
may be more easily coerced into helping terrorists. Some commenters 
stated that the requirement could potentially be viewed as 
discriminatory by workers. One commenter questioned how to deal with 
identity theft.
    Commenters noted the difficulty of obtaining a credit history of 
individuals who have lived outside the United States, such as foreign 
nationals. Commenters noted that in some cases it was impossible to 
obtain the information. Commenters noted that many countries do not 
have a combined credit history reporting agency. One commenter 
expressed concern that individuals who have established a credit 
history in the United States and whose credit history is poor will be 
at a disadvantage over individuals with a similar but undocumentable 
credit history in another country, as an employer may choose to allow 
access to the foreign national based on incomplete information and deny 
access to a United States citizen based on more extensive but 
unfavorable information.
    One commenter noted that Title 11 of the United States Code, 
Section 525, makes it illegal to discriminate against employees or job 
applicants solely because of filing for bankruptcy. Another commenter 
noted that the Equal Employment Opportunity Commission has been 
cracking down on efforts to disqualify potential hires with bad credit 
history as the practice can be discriminatory. Several commenters noted 
that some States have laws that prohibit employers from discriminating 
against employees on the basis of credit history and prevent employers 
from inquiring about credit history. One commenter stated that if 
Congress, in consultation with the NRC, had deemed credit history 
checks significantly useful to provide for the common defense, the 
checks would have been included

[[Page 16961]]

within the most recent amendments in section 149 of the AEA. Another 
commenter noted that Congress has considered passing an act to make it 
unlawful to base adverse employment decisions on consumer credit 
reports.
    In a CRCPD survey of Agreement States, 70 percent of those 
responding indicated that they did not have the authority to require a 
credit history check as part of a background investigation. Some 
Agreement States indicated that they were not sure if they had the 
authority to require a credit history check. One State indicated that 
(assuming it has authority) its administrative procedures would require 
specific criteria for pass/fail. One commenter noted that there are 
State laws that prohibit ``discrimination'' against employees due to 
credit history and asked how this would affect the credit history check 
requirement. The commenter noted that a Google search indicated that 
States that have and/or are considering such laws include: Connecticut, 
Wisconsin, Hawaii, Illinois, Missouri, New York, Oregon, Washington, 
and Texas.
    One commenter felt that much of the information obtained from a 
credit history report would already be included in the personal history 
disclosure. Two commenters stated that for category 2 sources it should 
be up to the reviewing official to decide if they have enough 
information to grant unescorted access to a category 2 source without 
the need for a credit history check. One commenter noted that 
individuals relieved from the background investigation elements were 
just as likely to have negative credit history but will not be subject 
to the same scrutiny. One commenter recommended defining ``full credit 
history,'' as a licensee can't comply with open-ended requirements. Two 
commenters noted that this concept had been considered in the working 
group for the orders but was rejected, and, therefore, should not have 
been included in the proposed rule.
    Several commenters opposed the inclusion of the criminal history 
check in the background investigation. They questioned why a criminal 
history check from local sources was necessary if a national check 
through the FBI was conducted. One commenter stated that the local 
check would be an added benefit if the FBI check was somehow 
inadequate. Commenters stated that the information would be difficult 
to obtain in many locales and would be an increased burden to both the 
licensee and local law enforcement without a corresponding benefit. 
Commenters also noted that the information would be impossible to 
obtain for foreign nationals, and that a provision must be provided 
that allows less-than-absolute compliance. One commenter noted that 
licensees in rural areas may have limited access to local resources, 
and that some local resources may have limited capabilities to respond 
to such requests. Commenters asked how to determine the appropriate 
local law enforcement agency and what constituted local.
    Several commenters objected to the inclusion of a character and 
reputation element in the background investigation. Commenters felt 
that the determination would be very subjective, added little value, 
and unnecessarily added to the licensee's burden. Commenters noted that 
an adverse judgment about an employee's character and reputation could 
be perceived as discriminatory. One commenter suggested removing the 
term ``trustworthy and reliable'' from the character and reputation 
element and thereby removing the connotation that a personal reference 
can attest to the present state of an individual's trustworthiness or 
reliability. The commenter noted that including a character and 
reputation check would require references to be knowledgeable about 
that definition, and very few references can attest to the present 
status of an individual, as required by the words ``continues to be.'' 
Some commenters expressed concern over possible invasion of privacy. 
One commenter recommended requiring a minimum of three references. One 
commenter noted that, for a reference to provide a worthwhile 
evaluation of the applicant, a minimum time frame for contact with the 
individual should be established in the rule. The commenter also 
cautioned that the reference should not be from someone, such as a 
supervisor, who may benefit from the applicant's unescorted access.
    Several commenters objected to the requirement to obtain 
independent information to corroborate the information provided by the 
individual. Commenters stated that the provision was vague and 
unreasonable, and they did not understand how it could be accomplished. 
Commenters stated that it was unreasonable to expect licensees to track 
down independent information, as they are not investigative agencies. 
Commenters noted that many entities cannot or will not provide 
background information, and licensees do not have the resources to 
obtain information elsewhere. Commenters noted that the cost would be 
prohibitive in many cases. One commenter recommended removing the 
phrase ``to the extent possible'' because it made the section 
meaningless. One commenter asked what he or she should do if it is not 
practicable to confirm information. Another commenter stated that the 
documentation would be excessive and time consuming. One commenter 
suggested requiring independent information only in situations where 
the accuracy or completeness of information provided by the applicant 
is in doubt, or where the licensee can't confidently make an evaluation 
based on an analysis of all of the gathered information. One commenter 
suggested changing the phrase ``to the extent possible'' to ``to the 
extent practicable.'' Three commenters objected to the need to obtain 
information from an alternate source when a previous employer or other 
entity does not respond. One commenter noted that where a company has 
gone out of business, it would be impossible to obtain confirmation 
that the individual worked at the company. The commenters felt that it 
was unclear how a licensee could obtain this information in some cases. 
One commenter noted that it doesn't have the resources to confirm an 
applicant's information independently, particularly if the person's 
family is excluded.
    Commenters noted that obtaining the information for some groups of 
people, (e.g., foreign nationals, research students, and citizens who 
have resided outside the United States for long periods), is difficult 
or impossible. Some commenters noted that licensees with a high 
turnover, such as universities and research facilities, would incur 
substantial cost and would have difficulty implementing the provisions. 
One commenter provided some cost information, noting that the current 
cost is $131 per applicant, excluding the $100 average cost for 
processing new employees. The costs included $25 for fingerprinting, 
$26 for fingerprint processing through the NRC and FBI, and $80 for a 
WorldScan. The commenter noted that adding the credit history and 
military history would increase the cost per approved person to $155 
for United States records, and even if the credit history and military 
records were obtainable and reliable, getting this information on 
foreign applicants would be prohibitively expensive. Two commenters 
noted that a foreign credit history check costs $170, and one commenter 
noted that that a credit check would cost $1,000 per individual for a 
foreign national, and another said that the cost of military 
verification was $80 per person. Another commenter noted that the 
current cost of conducting background investigations

[[Page 16962]]

was $125, and adding a credit check and military records check would 
increase this to $400 per person (assuming that half the individuals 
require foreign credit checks). One commenter noted that it would take 
2 to 3 person-days to perform the different checks.
    Several commenters recommended that NRC consider using the same 
background check process used by the Centers for Disease Control (CDC) 
for select agents because centralized NRC coordination would probably 
result in more consistent evaluations at reduced cost. Other commenters 
suggested that the NRC authorize unescorted access using a method 
similar to the Transportation Safety Administration's TWIC program. 
They noted that the CDC and the U.S. Department of Agriculture programs 
for select agents and the DOT system for issuing hazardous material 
certifications for Commercial Driver's Licenses, all have the 
applicable Federal government agency perform the reviews and grant the 
approvals. The commenters stated that this approach would provide 
consistency in the conduct of the reviews and would best assure that 
all needed information is collected and reviewed by well-trained 
individuals. One commenter suggested that the NRC review the visa 
process to see if any of the requirements could be replaced with a 
verification of visa, since foreign nationals must go through a 
Homeland Security review to get a visa. One commenter noted that it has 
reviewed 3,182 persons since the Fingerprint Order was implemented and 
has determined that 38 could not be judged trustworthy and reliable 
based only on the FBI criminal history report and not because of any 
other background investigation elements. The commenter noted that more 
than 90% of the persons it judged to be trustworthy and reliable were 
also judged trustworthy and reliable by the U.S. Bureau of Alcohol, 
Tobacco, Firearms, and Explosives (BATFE), and that this experience 
appears to validate why all other federal agencies that perform similar 
checks do so solely on the basis of the FBI criminal history.
    One commenter noted that his or her industry is subject to three 
different Federal background check programs (BATFE, DOT, and NRC), and 
recommended that the agencies come up with one background check that 
would satisfy all three.
    Response: The NRC has determined that the appropriate elements of 
the background investigation include: Fingerprinting and an FBI 
criminal history records check, verification of identity, employment 
history verification, education verification, and a character and 
reputation determination. Many of these items are part of routine 
employment checks that an individual may go through before being hired 
by a company. The NRC has removed military history verification from 
the elements as it is considered part of the employment history and 
does not need to be a separate element. The NRC has also removed the 
provision to conduct a local criminal history check as part of the 
background investigation. The NRC determined that while the local 
criminal history check would provide some beneficial information, the 
burden of obtaining the information is not justified by the limited 
benefit. The NRC recognizes that conducting the background 
investigation for some individuals, such as foreign nationals, may be 
difficult. If there was no education or military service in the 7-year 
period preceding the need for unescorted access to the material, the 
investigation would not need to include these items.
    After careful deliberation and consideration of all the comments 
received on including credit history as a background investigation 
element, the NRC has decided not to include credit history as a 
required element for the background investigation or reinvestigation. 
The credit history can provide information that is useful in making a 
determination that an individual is trustworthy and reliable. Credit 
history can add an extra layer of defense in mitigating the insider 
threat and can provide some information that is not easily available 
from other sources. Credit history was never intended to be the 
determining factor for trustworthiness and reliability but simply one 
more piece of information in making that determination. However, as 
many of the commenters pointed out, there are issues with the accuracy 
of credit reports, and a poor credit history is not necessarily an 
indicator that an individual is not trustworthy or reliable, 
particularly in these tough economic times. Although NRC disagrees, 
some of the commenters indicated that there is the potential that some 
Agreement States might not be able to implement the provision due to 
State laws. These things could result in uneven implementation of the 
provision across the country. As pointed out by the commenters, it is 
harder and more expensive to obtain a credit history for those that 
have resided in other countries for long periods of time. This could 
lead to an imbalance in the information collected and used in making 
the trustworthiness and reliability determination. In addition, some 
licensees may decide not to grant unescorted access to fully qualified 
individuals because of the lack of information or the difficulty in 
obtaining the information. Many smaller licensees may not have staff 
and/or knowledge to be able to fully utilize the information obtained 
from the credit history. The NRC has determined that the potential 
benefit of the credit history is not justified by the cost and, 
therefore, the NRC has not included credit history as a required 
element of the background investigation. While not requiring a credit 
history, the NRC does note that information obtained from the credit 
history could be useful to licensees, and nothing in the NRC 
regulations prohibits a licensee from conducting a credit history. In 
situations where a trustworthiness and reliability determination is 
difficult, the information from a credit history could provide the 
determining information. A licensee can always use measures beyond the 
regulatory minimum that is required by the access authorization 
program.
    The NRC is not providing specific criteria that would disqualify an 
individual from obtaining unescorted access to the material. There is 
no checklist. Because the individual circumstances of each applicant 
may vary significantly, each licensee needs the flexibility to 
establish its own program. The implementation guidance document does 
provide general information and items for consideration, but no 
specific disqualifying information. A licensee should consider any 
negative information together with all of the other information in 
making a final determination.
    At this time, the NRC has no plans to establish a new program to 
conduct background investigations similar to the TSA or CDC programs. 
The NRC does relieve individuals who have been approved under these 
programs from the fingerprinting element of the background 
investigation.
    Information provided by the commenters on the burden of conducting 
a background investigation has been factored into the final regulatory 
analysis, as appropriate.
    Comment B51: One commenter expressed concern that the new 
requirements could force employment decisions based on incomplete 
information and that this could lead to significant legal implications 
for the facility. The commenter noted that the intersection of these 
requirements with the Equal Employment Opportunity Act should be 
investigated.
    Response: The NRC does not agree that the background investigation

[[Page 16963]]

requirements force licensees to make employment decisions based on 
incomplete information. Individuals who are granted unescorted access 
to category 1 or category 2 quantities of radioactive material must be 
deemed trustworthy and reliable. The background investigation is one 
component designed to provide the licensee with sufficient relevant 
information before making this determination. It is the licensee's 
responsibility to evaluate the information received as a result of the 
background investigation and all other relevant information to make its 
trustworthiness and reliability determination. These requirements do 
not relieve a licensee from its obligation to comply with all 
applicable Federal and State labor laws. Further, the NRC does not 
believe that fulfillment of these trustworthiness and reliability 
determination requirements would cause the licensee to violate any 
labor laws. Accordingly, the NRC does not believe that it is necessary 
to develop guidance on this issue.
    Comment B52: Two commenters questioned the 10-year period for the 
background investigation versus the 3-year period contained in the 
orders. The commenters felt that 10 years is an arbitrary timeframe and 
that 3 years is sufficient. One of the commenters noted that going back 
10 years is more expensive and that it is more important what happened 
in the last few years of the person's life and not distant history. 
Another commenter suggested changing the timeframe to 7 years as the 
standard criminal history and credit checks only go back 7 years. The 
commenter noted that many States charge an extra fee to extend the 
check beyond 7 years. One commenter noted that there could be a problem 
when attempting to use the 10 year criteria for students. Another 
commenter asked for clarification for how far back the investigation 
should go and what sources could be used. One commenter noted that the 
employment history evaluation period of 10 years was not consistent 
with 10 CFR parts 26 and 73 which only cover the most recent 3 years 
and that justification should be provided for going with 10 years. One 
commenter suggested going back the last two employers or 10 years 
whichever is less restrictive. One commenter stated that the timeframe 
should be left to the discretion of the licensee based on the situation 
of the applicant. One commenter felt that 10 years was too long an 
evaluation period and that there was no stopping point to the 18th 
birthday. The commenter recommended changing the 10 years to 3 years or 
until the person's 18th birthday, whichever is shorter. One commenter 
requested that NRC clarify the date used to determine the 10-year 
reinvestigation. One commenter noted that the rule needs to be clear 
that the expectation for the review is to go back 10 years or to such 
time as the individual was a minor.
    Response: The NRC has reconsidered the time frame for the initial 
background investigation and has changed the timeframe to 7 years as 
suggested by the commenters. This may reduce the cost of the 
investigation. The rule does provide that the investigation only goes 
back to the individual's 18th birthday.
    Comment B53: One commenter noted that the rule did not provide a 
tiered approach for individuals who had been with the licensee for 
greater than 3 years. The commenter noted that under the orders the 
licensee could review the individual's employment history (i.e. 
personnel files) and obtain the supervisor's standardized 
recommendation. The commenter recommended retaining this system for the 
initial and reinvestigation for individuals who have been with the 
licensee for a long period of time (i.e. 10 years).
    Response: The NRC disagrees with the comment. The NRC believes that 
the longer timeframe is appropriate. If the individual has been with 
the company for 7 years, the licensee would not need to check with 
previous employers. The reinvestigation does not include all of the 
elements of the initial background investigation.
    Comment B54: One commenter requested clarification on whether the 
licensee verified the true identity of individuals or the licensee's 
reviewing official. The commenter also objected to the language in the 
rule to verify ``true identity'' and ``ensure'' the individual is who 
he or she claims to be. The commenter felt that making it the 
licensee's responsibility to establish anyone's ``true identity'' is 
not always possible as identification documents (IDs) can be forged, 
and very few licensees are experts at identifying forged documents. The 
commenter felt that the language is too strong, cannot be guaranteed, 
and needs to be rewritten to just state that the licensee is 
responsible to review the identification documents. The commenter also 
stated that the requirement to compare the personal information data to 
identify any discrepancy in the information is too vague. The commenter 
asked what personal information and what should be done when 
discrepancies are discovered. The commenter suggested that the language 
be revised to require that the licensee review available information 
from an ID that is provided to the licensee by the applicant, and 
resolve any discrepancies. One commenter asked how verification of true 
identity was supposed to be done and questioned the expense and value. 
One commenter noted that it already performed an I-9 or E-verify for 
employees but not in the case of students at universities.
    Response: The licensee is not expected to determine that an ID has 
been forged. Section 37.25(a)(2) states that the licensee is to review 
the identification documents provided, such as a driver's license or 
passport, to make sure that the information matches what was provided 
by the individual. If the information such as the name of the 
individual or social security number doesn't match, the licensee should 
investigate further. E-verify is one tool that can be used. The 
guidance document on the rule contains information on how this 
provision should be addressed.
    Comment B55: One commenter suggested that the requirements to 
verify employment history, education history, and military history were 
too rigid and that the language should be revised to ``the licensee 
shall attempt to verify * * *'' The commenter noted that this would 
recognize that businesses fail and overseas employers and schools may 
be impossible to contact. The commenter indicated that the unsuccessful 
attempts should then be documented. Another commenter noted that it 
could be very expensive to verify foreign employment.
    Response: The NRC agrees in part with the comment. Section 
37.25(a)(7) (previously (a)(10)) already contains a provision for when 
an employer or other entity doesn't provide any information. The 
provision had been modified to provide additional clarification and to 
add a requirement that the licensee document the actions taken when it 
is unsuccessful in verifying the history.
    Comment B56: One commenter questioned the relevance of obtaining 
military history and how the results would be used. The commenter 
stated that NRC should perform this service for foreign nationals. 
Another commenter noted that military history verification can be a 
lengthy and difficult process. The commenter noted that obtaining 
records from the Department of Veterans Affairs was difficult, 
particularly for Korean and Vietnam era veterans, and compliance is 
dependent on another Federal agency. One commenter noted that in some 
countries military service is a requirement of its citizens so 
verification has little bearing on an individual's trustworthiness and

[[Page 16964]]

reliability. Another commenter noted that the return rate for requests 
on military history has been about 20 percent and takes between 3-6 
months. Commenters do not believe that this adds any value. Another 
commenter questioned how to obtain military history verification.
    Response: Military history is considered part of the employment 
history. The rule text has been revised to include military history as 
part of the employment history instead of a separate element. For some 
individuals, military service could be their only employment. The 
licensee only needs to verify the service if the military service 
occurred in the last 7 years. Information on foreign nationals can be 
more difficult to obtain. The NRC notes that licensees always have the 
option of escorting the individuals. Additional guidance on foreign 
nationals is provided in the implementation guidance.
    Comment B57: One commenter questioned the value of verifying 
education history and questioned how the verification should be 
accomplished. Another commenter questioned how far back a company 
needed to go for someone employed at the company for 10 years. One 
commenter noted that the verification should be for the degree and not 
the time period of attendance. The commenter noted that it would be a 
huge burden to verify every time period at every institution for those 
who completed their education over numerous years at various 
institutions.
    Response: Education history is similar to employment history and 
helps to validate what the individual was engaged in during the noted 
timeframe. Education history would typically be verified by checking 
with the educational institution. Education history only needs to be 
verified if it occurred in the last 7 years.
    Comment B58: Two commenters felt that the employment history was 
completely ignored as the rule did not provide for limiting the 
background investigation to the FBI criminal history check for 
employees with more than 3 years with the licensee. The commenter noted 
that employment history is a factor that can be used when determining 
whether an employee with a criminal history is trustworthy and 
reliable. One of the commenters felt that employment history is a far 
more accurate set of data for determining trustworthiness and 
reliability than any other check proposed and that the employment 
history should not be ignored.
    Response: Employment history was not ignored by the NRC and it is 
one of the elements of the background investigation. The NRC agrees 
that employment history can and should be used when considering the 
information obtained during the background investigation. The licensee 
has the flexibility to determine how much weight to give each element 
of the background investigation.
    Comment B59: One commenter noted that it was impossible to verify 
employment if the individual has never worked before.
    Response: Part 37 specifically requires that the licensee verify 
the individual's employment with each previous employer for the most 
recent 7 years before the date of application. If an individual has 
never worked before, there is no previous employer and no employment to 
verify. For this individual, no employment verification would be 
required.
    Comment B60: One commenter questioned what was meant by the claimed 
period and indicated it should be defined in the rule.
    Response: The NRC disagrees that claimed period needs to be defined 
in the rule. The claimed period is simply the period of time for which 
the individual indicates that they were engaged in a particular 
activity such as attending college, being a member of the military, or 
working for a company.
    Comment B61: One commenter asked for the definition of ``timely 
manner'' for when an entity refuses to respond during a background 
investigation.
    Response: The rule itself does not use the term ``timely manner.'' 
The rule indicates that within a timeframe deemed appropriate by the 
licensee but at least after 10 business days of the request.
    Comment B62: One commenter objected to the language in response B8 
in the Statements of Consideration indicating that licensees should use 
their best efforts to obtain background information. The commenter 
noted that best efforts can't be enforced and must be clearly defined. 
The commenter also objected to the concept of dependable in judgment, 
character, and performance and noted that this must be reduced to 
something quantifiable and enforceable and not subject to disparate 
interpretations.
    Response: The NRC disagrees with the comment. The NRC believes that 
the concept of best efforts in this context is necessary because 
sometimes it is impossible to obtain information. Companies going out 
of business and entities refusing to provide information or not getting 
back to the licensee are examples of situations where the licensee's 
best efforts will suffice, as long as the licensee documents the 
efforts taken to obtain the information. The NRC understands that 
judgment and character are subjective items. Licensees make 
determinations on judgment and character every time they hire someone 
or trust an individual with company assets.
    Comment B63: One commenter stated that the NRC should ensure that 
the FBI check includes checks against known terrorists or denied entity 
lists.
    Response: In addition to a criminal history records check, the 
names and fingerprints sent to the FBI are checked against various 
terrorist watch lists.
    Comment B64: One commenter requested clarification on whether the 
fingerprints and associated criminal history records check was part of 
the background investigation conducted by the licensee since the FBI 
does the check and not the licensee.
    Response: The background investigation includes the collection and 
review of all the information submitted by the applicant and any 
information provided by outside sources upon the licensee's request. 
While the actual criminal records check is conducted by the FBI upon 
receipt of an applicant's fingerprints, the results of the FBI's check 
are returned to the licensee, and that information should be reviewed 
as part of the licensee's determination of an individual's 
trustworthiness and reliability.
    Comment B65: One commenter requested clarification on whether the 
background investigation elements could be outsourced by licensees to a 
third-party verification service. Another commenter requested 
clarification on whether some elements of the background investigation 
could be performed by HR personnel and have them certify what steps had 
been taken.
    Response: The background investigation elements could be 
outsourced. However, the final determination must be made by the 
licensee's reviewing official. If the investigation elements were 
outsourced, the licensee would need to assure that the information was 
properly protected and controlled.
    Comment B66: One commenter expressed support for grandfathering 
individuals already allowed unescorted access under the orders. One 
commenter recommended that the grandfathering provision also include 
those individuals determined trustworthy and reliable under 10 CFR part 
73.
    Response: The NRC agrees that those individuals deemed trustworthy 
and reliable under 10 CFR part 73 should be

[[Page 16965]]

grandfathered or relieved from the fingerprinting and background 
investigation elements. Those individuals who have been deemed to be 
trustworthy and reliable under other security fingerprinting orders 
(such as those for fuel cycle facilities and independent fuel storage 
installations) should also be grandfathered. The NRC has revised the 
rule to provide grandfathering for those individuals.
    Comment B67: Two commenters questioned the value of the 10-year 
reinvestigation. They felt that conducting a complete check again makes 
no sense if the employee has worked for the licensee that long. One 
commenter recommended removing the reinvestigation, or if it is 
retained, making it simpler, such as a local criminal history check and 
supervisor evaluation. One commenter stated that the reevaluation 
needed to include character and reputation determinations. The 
commenter noted that changes in a person's attitude or demeanor can 
indicate a change in circumstances that warrants restricting access, 
whereas there may have been no change in a credit or criminal history. 
Two commenters recommended using the FBI background check for the 10-
year reinvestigation. One commenter asserted that, if there are no 
indicators that something has changed, the FBI check should be adequate 
for a reinvestigation. The commenter noted that employees are typically 
evaluated by their employer at least annually, and this provides ample 
opportunity to ensure that there have been no changes negatively 
affecting security concerns. One commenter noted that Sec.  37.25(c) 
suggests that only a criminal history records check and credit history 
check are needed, and this implies that trustworthiness and reliability 
is not sufficiently demonstrated by 10 years' worth of access without 
an incident to revoke the individual's unescorted access. The commenter 
stated that the reinvestigation requirement seemed overly draconian, 
given that the federal Office of Personnel Management (OPM) standard 
for background investigations only requires a reinvestigation for a 
security level higher than even an NACIC--and the OPM reinvestigation 
is required only every 15 years. The commenter also asked for 
clarification on whether the relief provided by Sec.  37.29 applies to 
the reinvestigation. The commenter also requested clarification on when 
the 10-year reinvestigation is triggered. One commenter stated that 
reinvestigation requirement does not make sense as there would be 
insufficient information on whether the criminal history will really be 
the criminal history or just an arrest record.
    Response: The NRC believes that periodic reevaluation of an 
individual's trustworthiness and reliability is important. The 
reinvestigation is not a complete check. The reinvestigation is limited 
to the FBI criminal history records check. The relief provided by Sec.  
37.29 does apply to the reinvestigation. The licensee would need to 
check that the individual still meets the relief category.
    Comment B68: One commenter questioned whether the reviewing 
official was subject to the reinvestigation requirement.
    Response: The reviewing official is subject to the reinvestigation. 
The rule text has been revised.
    Comment B69: One commenter stated that Sec. Sec.  37.25 and 35.27 
have some duplication of information and that sections should be 
reviewed to avoid duplication.
    Response: There is some overlap in the requirements. However, the 
provisions of Sec.  35.27 apply solely to the fingerprints and FBI 
criminal history records checks. The provisions of Sec.  37.25 apply to 
the complete background investigation.
    Comment B70: One commenter noted that there is potential for 
discrepancy between different licensees' basis determination for 
unescorted access and questioned the wisdom of allowing transfer of an 
individual's trustworthiness and reliability determination under Sec.  
37.27(a)(4).
    Response: The commenter is correct that there may be differences 
between licensees' determination bases for unescorted access. The NRC 
still believes that there is merit in allowing licensees to transfer 
information and accept another licensee's determination on an 
individual. The individual has undergone a background investigation (or 
met one of the categories for relief) and been determined to be 
trustworthy and reliable. If the second licensee has reason to doubt 
the determination or does not feel comfortable relying on the first 
licensee's determination, the licensee is not obligated to allow the 
individual unescorted access. The licensee could also decide to conduct 
its own background investigation before allowing the individual 
unescorted access.
    Comment B71: One commenter questioned the language in Sec.  
37.27(a)(6) that limits use of information obtained as part of the 
criminal history records check (from the FBI) to determining an 
individual's suitability for unescorted access to the material or SGI. 
The commenter felt that if the information indicated that an employee 
lied on an employment application, the licensee should be able to fire 
the individual based on this information.
    Response: The NRC disagrees with the commenter's suggestion that 
Sec.  37.27(a)(6) be deleted. The language in Sec.  37.27(a)(6) of the 
proposed rule implements the statutory requirement set forth in section 
149c.(2)(B) of the AEA, 42 U.S.C. 2169(c)(2)(B). Information obtained 
from an FBI criminal history check shall be used by licensees solely to 
make suitability determinations for unescorted access to category 1 or 
category 2 quantities of radioactive material, or access to SGI. 
Information which pertains to the trustworthiness of an employee 
obviously is pertinent to a suitability determination. With that said, 
the NRC does not make employment decisions for the regulated community.
    Comment B72: One commenter stated that the requirement in Sec.  
37.27(b)(1) prohibiting a licensee from basing a final determination to 
deny an individual unescorted access solely on information received 
from the FBI is inconsistent with the intent of the rule to protect the 
public from category 1 and category 2 radioactive sources. The 
commenter questioned how a responsible licensee could not use 
information provided by the FBI to restrict a terrorist from access to 
these sources.
    Response: The prohibition on using information received from the 
FBI only involves information on an arrest more than a year old for 
which there is no information on the disposition of the case or an 
arrest that resulted in the dismissal of a case or an acquittal. The 
licensee may still consider the information, but it cannot base its 
decision solely on the information. If there is no disposition of the 
case in the file, the individual may have been acquitted of the charge, 
and an acquittal is information that would be pertinent to the decision 
to grant unescorted access.
    Comment B73: One commenter stated that a licensee would need to 
have in-depth knowledge of constitutional law to understand the 
requirement in Sec.  37.27(b)(2) that prohibits a licensee from using 
the information from a criminal history records check obtained under 10 
CFR part 37 in a manner that would infringe upon the rights of any 
individual under the first amendment of the Constitution. The commenter 
noted that NRC should not be proposing any regulation that will be 
unconstitutional or be apt to be used to infringe on the rights of 
workers.

[[Page 16966]]

    Response: The NRC disagrees with the commenter's suggestion that 
Sec.  37.27(b)(2) be deleted. The NRC is not proposing a regulation 
that is unconstitutional or that infringes on the rights of any 
individual. This provision implements section 149c.(2)(D) of the AEA, 
42 U.S.C. 2169c.(2)(D), which provides that the NRC is to protect 
individuals subject to fingerprinting from misuse of criminal history 
records. The onus is on the licensee, not the NRC, to ensure that the 
information it obtains as a result of an FBI criminal history records 
check will have limited use, and be used in accordance with all 
applicable Federal and State laws.
    Comment B74: One commenter stated that the licensee should be 
allowed to submit fingerprint cards to the FBI. The commenter noted 
that submittal of fingerprint cards to the NRC is cumbersome, time-
consuming, and apparently done only to provide an additional revenue 
source to the NRC. The commenter noted that it had experienced NRC 
losing one set of fingerprint cards. Another commenter noted that the 
rule does not allow licensees with a fully-accredited program to do 
their own collection and transmission of fingerprints to the FBI. The 
commenter requested an exemption to this restriction for licensees who 
possess a fully-accredited program.
    Response: The NRC cannot exempt a licensee from the statutory 
requirement to submit fingerprint cards to the Attorney General of the 
United States through the Commission, even if that licensee possesses a 
fully-accredited program to collect and transmit fingerprint cards to 
the FBI. Section 149 of the AEA states that fingerprints obtained by an 
individual or entity must be submitted to the Attorney General of the 
United States through the Commission for identification and a criminal 
history records check. Consistent with the statutory requirements, a 
licensee is required to submit fingerprint cards to the NRC. The NRC 
will then submit the fingerprint cards to the FBI for processing and 
transmit the results received back from the FBI to the licensee.
    Comment B75: One commenter stated that the fees for fingerprint 
processing should be placed in the regulations instead of a reference 
to the Web site.
    Response: The NRC disagrees with the comment. The fees change based 
on what the FBI charges. If the fee was placed in the regulations, it 
would require the NRC to conduct a rulemaking every time the fee 
changed. By placing the current fee information on the Web site, it can 
be changed quickly when necessary.
    Comment B76: Two commenters stated that Sec.  37.29 should be 
deleted and that there should not be any categories of individuals that 
are provided relief from the background investigation elements. One of 
the commenters noted that any person entering a facility and having 
unescorted access to or transporting category 1 or category 2 
quantities of radioactive material should be fingerprinted, without 
exemption or relief. The commenter stated that given the significance 
of theft of such material and the cost of dispersal of such radioactive 
material outside a controlled area, the cost and very minor use of time 
for fingerprinting is totally insignificant. The commenter noted that 
there are many examples of Congress or other persons who have been 
fingerprinted and who have broken criminal or other law and, therefore, 
should not be exempted. The commenter noted that fingerprinting is 
required in many situations not involving threats to national security 
or dispersal of radioactive material in public places and that the 
process is inexpensive, unobtrusive, and, if the person being 
fingerprinted has no reason to fear the process, insignificant and 
irrelevant. The commenter noted that most of the individuals covered by 
the relieved categories would be escorted and that providing relief 
causes confusion and makes the process more complicated. The commenter 
further noted that there is no more guarantee that these persons are 
more reliable than other workers; therefore, why proceed with 
exemptions that weaken the regulation.
    Response: The NRC disagrees with the comment. NRC continues to 
believe that these categories of individuals should be provided relief. 
Many of these individuals have undergone equivalent background 
investigations or by the nature of their positions are considered to be 
trustworthy and reliable as a matter of policy. Just because an 
individual is relieved from the background investigation elements, a 
licensee is not required to provide unescorted access to the material. 
For example, if a member of Congress were to visit a facility, the 
licensee would likely escort the individual and not allow him or her to 
wander the facility unescorted. An individual would still need to 
receive security and radiation protection training before being granted 
unescorted access.
    Comment B77: One commenter disagreed with providing relief from the 
background investigation elements other than the fingerprints and 
criminal history check. The commenter noted that the relief is 
inappropriate for certain categories of individuals, in particular 
those covered under Sec.  37.29(k). As an example, the commenter noted 
that a favorably adjudicated Security Risk Assessment under the Select 
Agent program does not assess the depth and breadth of information 
required under the full background checks specified either by existing 
orders or the proposed regulations. The commenter noted that the risk 
assessment only includes those checks specified under the Patriot Act 
and that character determination, credit history, verification of 
education, verification of employment, and the gathering of 
corroborating information are not explicitly included. The commenter 
noted that the acceptance of a Security Risk Assessment in place of the 
more extensive checks creates a double standard and introduces 
potential vulnerability into the personnel reliability process. The 
commenter noted that the information that would be analyzed for 
personnel under Sec.  37.29(k) does not provide sufficient basis to 
assess whether an individual is trustworthy and reliable under the 
requirements set forth under either the NRC orders or under the 
proposed background check requirements.
    Response: The NRC agrees with the comment and has revised the rule. 
The relief provided for individuals that come under Sec.  37.29(b) 
(formerly Sec.  37.39(k)) only applies to the fingerprints and FBI 
criminal history records checks; the other elements of the background 
investigation must still be completed. For the other categories of 
individuals in Sec.  37.29(a), relief is provided from all the 
background investigation elements.
    Comment B78: One commenter objected to exempting commercial vehicle 
drivers for road shipments of category 2 quantities of radioactive 
material. The commenter felt that devices and sources are more 
vulnerable during shipment by a nonlicensee carrier than under licensee 
or manufacturer control and, therefore, carriers must require a 
background investigation for their staff with unescorted access to 
category 2.
    Response: While understanding the commenter's concern, the NRC 
believes that the relief is appropriate. The licensee does not control 
the carrier or whom the carrier employs. However, the carriers are 
subject to DOT. Title 49 CFR 172.800 requires that each person who 
offers for transportation in commerce or transports in commerce 
category 1 or category 2 quantities of

[[Page 16967]]

radioactive material to develop and adhere to a transportation security 
plan. The components of the transportation security can be found in 49 
CFR 172.802.
    Comment B79: One commenter requested that information be provided 
on what elements of the background investigation each category of 
individual relieved from the background investigation under Sec.  37.29 
go through.
    Response: The NRC acknowledges that the background investigation 
conducted for individuals in the relieved categories contained in Sec.  
37.29 may not contain all of the aspects of the background 
investigation required under part 37. In some cases, the background 
investigation is more exhaustive, such as the Federal background 
investigation for access to classified information, and some may 
contain fewer elements. The licensee is not required to allow these 
individuals unescorted access to radioactive material and can choose to 
escort them. The licensee can also choose to conduct an investigation 
that included some or all of the background investigation elements 
before allowing such an individual unescorted access to the material.
    Comment B80: Two commenters recommended that the relief from the 
background investigation elements for individuals with a Federal 
security clearance be extended to include other aspects of the 
authorized individual process such as NRC approval of the reviewing 
official. One commenter requested clarification as to whether the 
relief granted by this regulation may be extended to individuals who 
will serve as the licensee's reviewing official.
    Response: The NRC agrees with the comment that if the potential 
reviewing official meets one of the relief categories of Sec.  37.29, 
the individual would not need to be fingerprinted and undergo a new 
background investigation. The rule has been clarified.
    Comment B81: One commenter requested that Sec.  37.29(g) be revised 
to include master materials licensee employees conducting inspections 
under their license authority. The commenter also requested that 
subparagraph (k) be revised to contain an explicit statement about 
whether persons approved under a government program have to be 
reapproved after a specified time interval.
    Response: The NRC disagrees with the comment. A licensee employee 
conducting an inspection on the licensee's own program is not the same 
thing as an NRC or Agreement State inspector. The NRC disagrees that 
the individual should be relieved from the background investigation 
elements as the individual is still a licensee employee. The 
individuals who were granted relief would be subject to the 10-year 
reinvestigation. If the individual still fell under one of the 
categories, such as Sec.  37.29(l), he or she would continue to be 
relieved. However, the licensee would need to document that the relief 
category still applied.
    Comment B82: One commenter requested that the relief provided by 
Sec.  37.29(i), from background investigations for emergency personnel 
responding to an emergency, be extended to emergency response personnel 
who are not responding to an emergency. The commenter pointed out that 
these individuals need frequent access for smoke detector checks, 
safety inspections of fire walls, assessment of and response to false 
alarms, etc.
    Response: The NRC disagrees with the comment. Fire department 
personnel who need to check smoke detectors and conduct safety 
inspections can be escorted. The NRC does not see why these individuals 
would need unescorted access to radioactive material. Someone 
responding to an alarm would be considered responding to an emergency, 
even if the alarm turned out to be false.
    Comment B83: One commenter suggested expanding Sec.  37.29(j) to 
include handlers at the transportation facilities, i.e., the people who 
physically handle the package at the freight terminals and move the 
packages from one location to another. The commenter noted that 
licensees cannot perform checks for these nonemployees.
    Response: The NRC agrees with the comment and has added a new 
category to include handlers at transportation facilities such as 
freight terminals and rail yards.
    Comment B84: One commenter noted that there is a gap whereby Sec.  
37.29(m) does not cover self-employed service provider licensees who 
are small business owners, for example, independent service technicians 
who are licensed to perform maintenance and repairs on sealed source 
irradiators. The commenter noted that these individuals are qualified 
in a similar way for the applicability of Sec.  37.29, yet the wording 
of this regulation does not appear to extend to them.
    Response: The NRC believes that Sec.  37.29(a)(13) (formerly Sec.  
37.29(m)) does cover a self-employed service provider. The access 
authorization program would not be required of a service provider that 
does not possess material; however, there is nothing in the regulation 
that would prevent the service provider from conducting background 
investigations that meet the requirements of Sec.  37.25. The service 
provider would need to provide written verification that the individual 
has been determined to be trustworthy and reliable under a subpart B 
program. Additional information has been added to the implementation 
guidance to address this situation.
    Comment B85: One commenter indicated that Sec.  37.29 should 
include exemption provisions for reputable security system vendors. The 
commenter noted that these vendors perform extensive background checks 
as part of their hiring process and it seems reasonable to consider the 
service providers, software engineers, etc. who work at or with a 
licensee's institution to be authorized to access the controlled areas. 
The commenter noted that it is unreasonable to expect the licensee to 
conduct its own background checks on all employees of the company who 
may be involved in the security system at the particular institution. 
The commenter noted that by not allowing this exemption, the licensee 
may be less inclined to use the state-of-the-art security systems 
available and this may be detrimental to the overall security of the 
material. The commenter noted that although security service providers 
are addressed in the ``protection of information'' section (Sec.  
37.43(d)), they should be included here as well, since they not only 
have knowledge of the security program but may also have the ability to 
grant access.
    Response: The NRC disagrees with the comment. It is not clear why 
security system vendors, particularly software engineers, would need to 
have unescorted access to the radioactive material. These individuals 
would need to have access to some of the licensee's security 
information, which is why they were included in Sec.  37.43(d). 
Security system vendors may or may not conduct fingerprinting and an 
FBI criminal history records check as part of their investigation 
during the hiring process. Licensees may accept documentation from 
vendors that vendor employees have undergone a background check meeting 
the requirements of this part, but in the absence of evidence that all 
vendors' employment checks meet part 37 requirements; vendor employees 
should not be exempted by rule. Licensees also retain the prerogative 
to escort such employees when they are onsite.
    Comment B86: One commenter, while noting that several State 
employees listed by job duties are listed as being relieved from the 
background investigation requirements, suggested that State licensing 
staff, information

[[Page 16968]]

technology staff, and legal staff be included. The commenter noted that 
these individuals may also have access to such information.
    Response: The NRC believes that the provisions in Sec.  37.29 are 
broad enough to include other State employees that may require access.
    Comment B87: The Nebraska Emergency Management Agency stated that 
it believes that it is exempt from the fingerprinting, identification, 
and criminal history records check requirements and only needs to 
provide physical security for its one category 2 quantity source until 
such time as the source is collected under the DOE source recovery 
program.
    Response: No licensee is exempt from the provision of 10 CFR part 
37. Section 37.29 does provide relief from the fingerprinting and 
background investigations for individuals that fall under one of the 
categories. State employees would likely come under the provision of 
Sec.  37.29(a)(4) or (6) and would be relieved from the background 
investigation elements.
    Comment B88: One commenter asked what ``other property'' refers to 
in Sec.  37.29.
    Response: The term ``other property'' comes from the AEA. The NRC 
has removed the term as it has no meaning in the context of 10 CFR part 
37.
    Comment B89: One commenter suggested that the regulation itself 
makes it clear that a licensee has the option of escorting the category 
of individuals provided relief from the background investigation (Sec.  
37.29), and that granting unescorted access to these individuals is not 
required. The commenter also noted that it should be made clear that 
the security training must be provided before granting unescorted 
access.
    Response: The NRC does not believe that the regulation needs to 
specify that the licensee has the option of escorting the individuals. 
It is always up to the licensee to decide whom it allows to have 
unescorted access. The provision in Sec.  37.29 only provides relief 
from the background investigation elements and does not require 
granting unescorted access to designated categories of individuals. Any 
individual allowed unescorted access to the material must meet all of 
the licensee's applicable training requirements before having 
unescorted access to the material.
    Comment B90: One commenter requested that each subsection in Sec.  
37.25, ``Background investigations,'' be revised to explicitly state if 
the subsection is applicable and must be followed for those who are 
relieved from elements of the background investigation under Sec.  
37.29.
    Response: The NRC does not believe that it is necessary to make the 
requested revisions. Section 37.29(a) relieves the licensee from 
conducting the fingerprinting and all other elements of the background 
investigation. However, the licensee can still choose to conduct all or 
some of the elements before providing unescorted access to an 
individual who is covered by one of the categories listed in Sec.  
37.29. The licensee will still need to verify identification.
    Comment B91: One commenter, while supporting the transfer of 
background information to outside entities allowed by Sec.  37.31(c) 
felt that it would create additional legal issues and burdens on the HR 
department that they would not be able to meet. The commenter was 
concerned about the ability to authenticate the documentation presented 
and avoid fraudulent documentation. The commenter is concerned that 
there is no legally proper way to transfer such private information in 
a secure manner that would not create legal failure points and possible 
violations, as such, they would neither request nor offer such 
information.
    Response: The language in the rulemaking under Sec.  37.31(c) 
states that the personal information obtained on an individual from a 
background investigation may be provided to another licensee. While an 
individual may request that this information be transferred or shared, 
the licensee is not required by these regulations to do so, thereby 
minimizing or eliminating additional legal issues or burdens on the HR 
department that could arise from such requests. Any decision to request 
or provide such information should be made at the licensee's 
discretion. The rule merely states that NRC considers it an acceptable 
practice, provided that the stipulations in Sec.  37.31(c) are met.
    Per the language provided in Sec.  37.31(c)(2), the recipient 
licensee must verify information such as name, date of birth, social 
security number, gender, and other applicable physical characteristics, 
which should aid in authentication and the avoidance of utilizing 
fraudulent documentation.
    Comment B92: Two commenters noted that the proposed rule has no 
mention of safeguards of the privacy of this background information, or 
of the method of review. One commenter requested clarification on 
whether the licensee needed to retain the fingerprints or just the 
records returned from the FBI.
    Response: Information protection provisions for the background 
investigation are located in Sec.  37.31. The licensee is only required 
to retain the records returned from the FBI and not the actual 
fingerprints. The NRC is not sure what the commenter meant by method of 
review.
    Comment B93: Two commenters suggested revising the language for the 
timing of the program review to ``periodically (at least annually) 
review'' similar to what is contained in Sec.  20.1101. The commenters 
stated that the proposed wording is onerous and unnecessary. Another 
commenter suggested adding the access authorization program review to 
the security program review. Several commenters suggested a 36-month 
timeframe or after changes to the program. The commenter noted that the 
program should see little revision once it is put in place and that an 
annual review seems excessive. One commenter indicated that NRC should 
specify those essential program elements for inclusion in the program 
review noting that placing such information in the guidance would not 
be enforceable and would be a disservice to licensees. Another 
commenter stated that there were too many criteria and it could lead 
someone to think that the annual security review was more important 
than the safety review. Another commenter suggested every 3 to 5 years 
for the program review. One commenter noted that the program review 
could take from 1 to 3 man days.
    Response: The NRC agrees with the comment in part and has revised 
the language for the program review to be consistent with Sec.  
20.1101. The use of consistent terminology between the safety and 
security programs should enhance the licensee's understanding of the 
requirement. The content of the program review has not been revised.
    Comment B94: Two commenters recommend that facilities utilizing 
Federal security clearances should be exempted from the program review.
    Response: The NRC disagrees with the comment. While the actual 
background investigations and protection of information would be 
covered by the Federal program, other aspects of the access 
authorization program would not necessarily be included in the Federal 
program. For example, the licensee would still need to have a program 
in place to document the information on who has access.
    Comment B95: One commenter stated that the reviewing official and 
the individual with overall responsibility for the security program 
should be required to review the access authorization program review 
findings. The commenter felt that it was logical for the individual 
with overall security

[[Page 16969]]

responsibility to be involved in the review; otherwise, the program 
could result in split responsibility for the security program.
    Response: The NRC disagrees that a rule change is warranted. The 
rule provides the licensee with flexibility as to who should be 
designated to review the program review findings. The NRC does agree 
that it would be appropriate for both the reviewing official and the 
individual with overall responsibility to conduct the review.
    Comment B96: One commenter questioned whether licensees should be 
obligated to provide unescorted access to any inspectors. The commenter 
asked whether Agreement State inspectors are required to present 
credentials indicating that they are in compliance with the background 
investigation.
    Response: Licensees are not obligated to provide unescorted access 
to an inspector. A licensee always has the option of accompanying the 
inspector. The regulations only require that the licensee ``shall 
afford to the Commission at all reasonable times opportunity to inspect 
category 1 or category 2 quantities of radioactive material and the 
premises and facilities wherein the nuclear material is used, produced, 
or stored.'' This means that the licensee must allow the inspector to 
go anywhere in the facility but can choose to accompany the inspector. 
A licensee has the right to request that an inspector present his or 
her credentials (e.g., an agency issued badge) and to confirm with the 
inspector's home office that the individual is indeed an employee of 
the agency. However, the inspector is relieved from the background 
investigation elements and does not need to present any documentation 
of compliance with the background investigation.
    Comment B97: One commenter recommended adding language that states 
that the licensee is not prohibited from revoking previously granted 
authorizations at any time.
    Response: The rule contains language in Sec.  37.23(e)(4) that 
allows the reviewing official to terminate or administratively withdraw 
an individual's unescorted access authorization based on information 
obtained after the individual has obtained unescorted access.
    Comment B98: One commenter noted that language needs to be included 
to allow access to SGI-M and other security related information 
identified in the part in addition to unescorted access privileges for 
category 1 and category 2 materials.
    Response: The NRC disagrees with the comment. Provisions for the 
protection of SGI, including access restrictions, are located in 
Sec. Sec.  73.21 and 73.23. The requirements do not need to be repeated 
in 10 CFR part 37. Part 37 contains appropriate references to the 10 
CFR part 73 SGI requirements.
    Comment B99: One commenter noted that language is necessary to 
include the phrase `unless otherwise suspended or revoked' to address 
those situations where such restrictive actions became necessary in 
regard to access to information or the material.
    Response: The NRC disagrees with the comment. Section 37.23(e)(4) 
contains language that permits the reviewing official to terminate or 
revoke an individual's unescorted access authorization. The NRC does 
not believe that additional language is necessary.
    Comment B100: One commenter indicated that the rule should include 
a limitation on escorted access to only those needing such access to 
perform a job function or assist in educational activities.
    Response: The NRC disagrees with the comment. The licensee should 
be allowed to determine who should be provided escorted access to the 
facility and materials. While there should be a need for the escorted 
access, there could be reasons other than to perform a job function or 
for educational activities.

C. Security During Use

    Comment C1: One commenter stated that Sec.  37.41(a) did not allow 
for the concept of co-location of sources, only addressing aggregated 
sources. The commenter noted that it was not cost effective to require 
increased controls on fixed gauges that are scattered throughout a 
facility.
    Response: The concept of co-location is built into the definition 
for aggregated. Fixed gauges that did not fall under the orders do not 
fall under 10 CFR part 37.
    Comment C2: Several commenters stated that the provisions in Sec.  
37.41(a)(2), providing for a 90-day notice before aggregation of 
material, were confusing and unnecessary and that aggregation would be 
detected during routine inspections. The commenters felt that the 
provisions would lead to unintentional noncompliance. Another commenter 
questioned how the agency would know when a licensee aggregated the 
material, indicating that it would be time consuming and costly to 
coordinate and track. Another commenter suggested adding language to 
address the permittee system under master materials licenses. One 
commenter noted that Sec.  37.41(a)(4) required implementation before 
possession. One commenter noted that it should be assumed that 
licensees are implementing the measures if they aggregate. One 
commenter disagreed with the notification for activation of the 
security plans.
    Response: The NRC agrees in part and disagrees in part. The 
provision was added to help licensees that do not routinely possess an 
aggregated category 2 quantity, but may on occasion. The provision was 
intended to provide some relief from the need to always meet the 
requirements. However, since the wording has caused confusion, the NRC 
has revised the provision to simplify and clarify the requirement. A 
licensee only needs to provide a 90-day notice before aggregating the 
material if the licensee has never implemented either the orders or the 
10 CFR part 37 provisions.
    Comment C3: One commenter suggested adding a provision in Sec.  
37.41(2) to note that the NRC or Agreement State may prohibit the 
transfer of radioactive material in quantities of concern should an 
evaluation of the security plan be found lacking until corrective 
measures are taken and verified.
    Response: The NRC disagrees with the comment. The NRC or State may 
take action to prohibit the transfer of material in such a situation; 
however, a provision in the regulations is not necessary. NRC would 
typically issue an order to the licensee or issue a confirmatory action 
letter documenting the licensee's agreement not to ship material until 
the issues have been resolved.
    Comment C4: One commenter recommended that the general performance 
objective in Sec.  37.41(b) be revised to remove the phrases ``without 
delay'' and ``an actual or attempted.'' Two commenters noted that this 
objective is unrealistic during normal business hours as unauthorized 
access, whether actual or attempted, would only be detected ``without 
delay'' if individuals were in the vicinity and could witness the 
access or attempt to access. One of the commenters stated that 
``without delay'' is unrealistic during normal business hours as a 
business' security system will not be set to alarm. One of the 
commenters noted that areas that may contain category 1 or category 2 
quantities may be locked and unoccupied but not monitored. The 
commenters further noted that, after business hours, an armed security 
system could detect (without delay) unauthorized access to an area that 
contained a category 1 or category 2 quantity of material but may not 
be able to detect an ``attempt'' to access the area

[[Page 16970]]

as the attempt may have failed without compromising a security measure 
or triggering an alarm. One commenter suggested revising the 
performance objective in Sec.  37.41(b) as follows: ``Each licensee 
shall establish, implement, and maintain a security program that is 
designed to monitor, detect, assess, and respond to unauthorized access 
to category 1 or category 2 quantities of radioactive material.'' One 
commenter recommended defining ``without delay'' in Sec.  37.41(b), 
particularly with regard to the assessment of an access incident. One 
commenter suggested the following language for Sec.  37.41(b): ``Each 
licensee shall establish, implement, and maintain a security program 
that is designed to monitor, and without undue delay detect, assess, 
and respond to an actual or attempted unauthorized access to category 1 
or category 2 quantities of radioactive material as outlined in their 
security plan.''
    Response: The NRC disagrees with the comment. The purpose of the 
security program is to prevent unauthorized access and to detect 
unauthorized removal of the material. The sooner material is discovered 
to be missing, the more quickly a response can be started that includes 
trying to apprehend those who stole the material and to recover the 
material before it can be used for malevolent purposes. The NRC agrees 
that the licensee is not expected to respond to events that do not 
trigger the security system. The threshold for the security systems 
should not be set so high that actual attempts, such as someone trying 
to pry open the door, are not detected or so low such as someone 
casually brushing a doorknob sets off the alarm. The NRC does not see 
any benefit to adding ``as outlined in their security plan'' to the 
rule text. The security plan must meet the requirements, and the 
licensee must follow the security plan.
    Comment C5: One commenter recommended that a provision be added to 
require the licensee to appoint an individual with overall 
responsibility for the security program. The commenter noted examples 
where no one individual had responsibility to implement the security 
measures and noted that a default person such as the RSO may not have 
the necessary authority or ability to ensure that the program is 
working. The commenter noted that having the licensee specifically 
designate an individual will clarify responsibility and provide some 
authority. Another commenter noted that the individual should be placed 
on the license as is done for the RSO.
    Response: The NRC, while agreeing that it is good practice to have 
an individual with overall responsibility for the security program, 
does not believe that the requirement needs to be in the regulations. 
If there were a requirement most licensees would likely name the 
individual on the license and then it would take a license amendment to 
change the named individual.
    Comment C6: Several commenters objected to the requirement to 
develop a security plan if they are authorized but never possess a 
category 2 quantity or never aggregate the material above a category 2 
threshold. Commenters felt that the exercise to develop a plan was a 
waste of time and manpower and questioned the value of preparing for an 
eventuality that will never occur. Some commenters noted that the 
material was in different buildings or scattered throughout a facility. 
One commenter stated that physical protection requirements during use 
have already been met and there isn't any evidence that requiring 
licensees to try and track locations of small amounts of source 
material so as not to aggregate to a threshold quantity is unnecessary 
to protect the security of the general public. One commenter asked what 
the security plan should contain if a licensee doesn't possess category 
2 quantities of material. Two commenters stated that a licensee must 
implement a full security program based on authorization and not 
possession and that this is inconsistent and places an undue burden on 
licensees. One commenter requested clarification on whether the 
security plan would need to be implemented if the licensee was 
authorized for sources above the category 2 threshold but the sources 
were located at different sites.
    Response: The NRC agrees with the comment and has revised the rule. 
Licensees will only be required to develop and implement a security 
plan if it aggregates the material to a category 1 or category 2 
quantity of radioactive material at a specific location.
    Comment C7: Several commenters felt that the specified contents for 
the security plan were too prescriptive. Commenters felt that each 
facility needs to have the flexibility necessary to develop a security 
plan that works best for them and that every security plan may not need 
all the prescriptive requirements specified in the proposed rule. 
Commenters noted that licensees have already developed their programs 
to implement the orders and that the programs have already been 
inspected and compliance verified. Commenters felt that the specificity 
of the rule was in conflict with the concept of a performance-based 
regulation. One commenter noted that the blind ``broad brush'' 
application of arbitrary requirements is not how to increase security; 
it should be based on each licensee's unique requirements. One 
commenter noted that there should be an exemption for licensees that 
already have a security plan in place.
    Response: The NRC does not agree with the comment that the security 
program is too prescriptive. The licensee is free to choose the methods 
that work best for its facility; the exact security measures to be used 
are not prescribed. The content of the security plan is based on the 
measures that the licensee chooses to use. The NRC has made changes to 
Sec.  37.43(a) to clarify that the security plan is specific to a 
facility and its operation and to remove the requirement to address 
site-specific conditions that affect implementation. The NRC has 
determined that the site-specific aspects would be addressed by the 
measures used by the licensee and could not be addressed for temporary 
jobsites without creating a security plan for each site. It was not the 
NRC's intent to require a unique security plan for each temporary 
jobsite. The NRC has also removed the requirement to include a 
description of the training program. There is a separate requirement 
that addresses training, and it is not necessary to describe the 
program in the security plan.
    Comment C8: One commenter noted that the original security plan 
must be reviewed and approved by the individual with overall security 
responsibility but that any revisions to the plan must also be reviewed 
by licensee management. The commenter questioned the different review 
and approval requirements. The commenter further noted that licensee 
management may not have a need-to-know and may not wish to go through 
the background investigation process just to review a plan, 
particularly if the authority and responsibility have been delegated. 
Another commenter noted that this also contradicts the requirement to 
limit access to the security plan.
    Response: The NRC agrees with the comment and has removed the 
requirement for licensee management to review the revised plan.
    Comment C9: One commenter stated that the phrase ``measures and 
strategies'' in Sec.  37.43(a)(1)(i) is meaningless and unenforceable 
even as a performance-based goal. The commenter stated that the phrase 
should either be removed or the intent made clear by measurable, 
quantifiable, or otherwise objective expectations.
    Response: The NRC disagrees with the comment. The licensee is 
required to describe the overall approach, methods,

[[Page 16971]]

and equipment that it uses to meet the security requirements. 
Additional information has been added to the guidance.
    Comment C10: One commenter indicated that the present security plan 
(from the orders) is sufficient and that a more stringent security plan 
is unnecessary.
    Response: The NRC disagrees with the comment. The orders did not 
require licensees to even develop a security plan. The NRC does not 
believe that the requirements for the security plan are overly 
stringent. In fact, the licensee has the flexibility to include in the 
plan the site-specific measures that the licensee employs.
    Comment C11: One commenter requested clarification in the situation 
where there is a high-level corporate security plan in place. The 
commenter's interpretation is that the security plan is not required to 
apply exclusively to the security of category 1 and 2 radioactive 
materials but can be an adaptation of a preexisting site or corporate-
wide plan as long as the required elements are met.
    Response: The NRC agrees with the comment. As long as a preexisting 
site or corporate-wide plan meets the requirements of subpart C as to 
the content of the security plan, the plan would be acceptable and a 
new plan would not need to be developed.
    Comment C12: One commenter asked whether the written security plan 
must be a separate document in addition to the Standard Operating 
Procedures (SOPs) that pertain to security. The commenter felt that it 
is acceptable for a set of written SOPs to constitute a ``written 
security plan'' and would like the regulation to confirm that. Another 
commenter requested that a subsection be added to Sec.  37.43 to allow 
the security plan and procedures to be the same document or a group of 
documents.
    Response: Each licensee must determine what information is 
applicable to its facility and must be included and documented in its 
security plan. If a licensee already has a security plan developed to 
meet the requirements of an order or for other purposes, and this plan 
meets all the requirements in 10 CFR part 37, there is no need to 
develop a new plan. However, it is unlikely that many licensees will 
already have all the required information in place in existing 
procedures.
    If a licensee has existing written procedures and policies in place 
that will be incorporated as part of its security plan under 10 CFR 
part 37, these may be referenced in the security plan as such; however, 
if these existing procedures contain information which would require 
marking and handling as SGI-M, then the licensee must ensure that all 
copies of the existing documents are appropriately marked and handled.
    Comment C13: One commenter proposed that for mobile licensees the 
rule be modified to allow the preparation and submittal of a generic 
security plan that would be supplemented by a project-specific security 
plan prior to initiating work on any given project. The commenter 
proposed that the submittal of the generic security plan be required 
within 30 days of publication of the final rule as proposed by NRC; 
however, the 90-day requirement would not apply.
    Response: It was not the intent of the NRC to require the 
development of a site-specific security plan for each temporary 
jobsite. Development of a general security plan that addresses how 
security will be applied at temporary jobsites will meet the 
requirement for having a security plan. The security plan is not 
submitted to the NRC for approval but would be available at a facility 
or temporary jobsite during inspection. The NRC has removed the 
requirement that the security plan address site-specific conditions.
    Comment C14: One commenter noted that, since the security plan is 
to include a description of the environment, buildings, or facility 
where the material is used or stored, this would require companies that 
work at temporary jobsites to develop a separate plan for each jobsite. 
The commenter noted that this would be extremely costly and would 
require at least one additional employee per crew to follow the workers 
around, assess the surrounding environment, write a security plan, and 
train the crew in the new security plan prior to any work being 
performed each day. The commenter stated that this would cause undue 
burden on the licensee with no evidence that it would in any way stop 
an attack or protect the general public.
    Response: The NRC agrees with the comment and has removed the 
requirement for the security plan to address site-specific conditions. 
It was not the intent of the NRC to require the development of a site-
specific plan for each temporary jobsite. Development of a general 
security plan that addresses how security will be applied at temporary 
jobsites will meet the requirement for having a security plan. For 
those temporary jobsites that may be considered permanent (i.e., pipe 
yards), the licensee should develop a more specific security plan.
    Comment C15: One commenter noted that references to the security 
plan should be more specific to avoid security plans required by other 
parts.
    Response: The NRC disagrees with the comment. The term, as used in 
10 CFR part 37, refers to the security plan required by 10 CFR part 37, 
and there should be no confusion. Anywhere in this Federal Register 
notice or in the guidance for the rule where a different security plan 
is being referred to, language has been added to make clear that it is 
a 10 CFR part 73 security plan.
    Comment C16: One commenter stated that the security program is too 
prescriptive and suggested using language similar to Sec.  20.1101 to 
implement a program commensurate with the scope and extent of licensing 
activities and sufficient to ensure compliance with the provision of 
this Part. The commenter stated that this would allow the licensee the 
necessary flexibility in documenting its specific program but would not 
be prescriptive.
    Response: The NRC disagrees with the comment. The NRC believes that 
the 10 CFR part 37 requirements provide the licensee flexibility. The 
rule does not specify what specific measures that a licensee must use; 
a licensee can choose those methods that fit its facility. The security 
plan, procedures, and training would address the measures that the 
licensee has chosen to use to protect the material.
    Comment C17: One commenter suggested deleting Sec.  37.43(b) on 
implementing procedures because separate procedures for the 
implementation of the security program are unnecessary since they 
should be incorporated into the security procedures. Another commenter 
stated that many implementing procedures will be developed that do not 
include specific security measures designed to protect the sources and 
that do not need to be protected under this section. As examples the 
commenter offered procedures and forms on how to apply for unescorted 
access, how to add people to Radiation Use Authorizations involving 
irradiators, or procedures on record destruction.
    Response: The NRC disagrees with the comment in part and agrees in 
part. Implementing procedures are a necessary component of both safety 
and security programs. If a licensee already has security procedures, 
it is acceptable to continue using those procedures and update the 
procedures to reflect any changes to the program. The licensee is not 
required to protect all of its procedures under this provision. The 
only procedures that require protection are procedures that document 
how the security program is implemented. This would include procedures 
on alarm

[[Page 16972]]

response, security guard checks, and procedures that describe actual 
security measures. It would not include the types of procedures 
mentioned by the commenter. Examples have been added to the guidance 
document.
    Comment C18: One commenter noted that Sec.  37.43 does not mention 
that the requirements apply to individuals who have access to SGI.
    Response: Section 37.43(d)(8) does contain a reference to the 
protection of SGI. The requirements for access to and protection and 
handling of SGI are contained in 10 CFR part 73.
    Comment C19: Several commenters stated that there was no need for 
the refresher training unless something specific about the program 
changes. Commenters felt that only those individuals with a need-to-
know should receive training on specific changes and that not everyone 
should be trained on the security plan. One commenter noted that those 
who just use the device do not need to be trained on the security of 
the device. Two commenters felt that refresher training every 12 months 
would be burdensome, particularly if you have many employees needing 
the training. One commenter suggested that the periodicity of the 
refresher training be based on licensee's expectations and assessments 
for a need for refresher training. One commenter noted that the 
inclusion of training on the security program just added to the 
overhead. Another commenter expressed concern with the probable cost of 
the training program and noted that it could require a staff member to 
be assigned to the task full time to keep up with the training, 
refresher training, and testing for large numbers of diverse 
individuals with frequent turnover such as at a university. One 
commenter requested cost estimates specific to the training 
requirement.
    Response: The NRC disagrees with the comment. The NRC believes that 
training is an essential element of any program. If employees are not 
trained, how will they know what to do if an alarm sounds or material 
is determined to be missing? The training needs to be commensurate with 
the individuals' responsibilities. The estimated cost for the training 
is included in the regulatory analysis prepared to support the rule.
    Comment C20: One commenter stated that the training program 
requirements were too prescriptive and go well above what is in the 
existing orders. One commenter wanted to know what the training entails 
and requested a definition of the term ``adequate training.''
    Response: The NRC disagrees with the comment that the training 
program requirements are too prescriptive. The NRC believes that 
training is an essential element of any program and should be required. 
The orders did not require any training to be conducted. The training 
must address the licensee's security program and procedures and the 
security measures employed by the facility. Individuals do not need to 
be trained on the complete security plan; the training should be 
commensurate with their responsibilities. The provisions in Sec.  
37.43(c)(1)(ii), (iii), and (iv) are also general and are similar to 
the training provisions of Sec.  19.12.
    The term ``adequate training'' is not used in the rule language. 
However, the training must cover the information for an individual to 
carry out his or her assigned duties and responsibilities.
    Comment C21: One commenter stated that Sec.  37.23(a)(2) requires 
users to be trained in all aspects of the security plan and that this 
conflicts with Sec.  37.43(c)(2) which notes that the training should 
be commensurate with the individual's responsibilities.
    Response: The NRC disagrees that there is a conflict between the 
sections. Section 37.23(a)(2) requires the training required by Sec.  
37.43(c) to be completed before allowing the individual to have 
unescorted access. It does not state that the individual must be 
trained on all aspects of the security plan.
    Comment C22: One commenter recommended defining ``relevant 
results'' in Sec.  37.43(c)(3).
    Response: The NRC disagrees with the comment. The term relevant is 
a common term and in this case simply refers to items that are related 
to security. Examples of some items that would be included are areas 
where staff has had trouble following the security requirements, 
violations of the security requirements that have been discussed in an 
inspection report, and measures taken to fix any identified security 
issues. Additional information has been added to the associated 
implementation guidance.
    Comment C23: Two commenters requested clarification on the timing 
of the refresher training. The commenters noted that their 
understanding was that refresher training could be taken more than 365 
days after the previous training, as long as it is taken within the 
same month of the succeeding year.
    Response: The commenter is correct in its understanding that the 
training is to be provided at a 12-month frequency and be conducted 
within the same month of each succeeding year. This allows licensees 
greater scheduling flexibility to accommodate the needs of their 
operations, instead of holding them to a strict 365-day time 
constraint.
    Comment C24: One commenter did not think that the licensee should 
be training the LLEA on rules of engagement, such as the proper 
response to an alarm. The commenter also asked whether it would be 
considered self defense to shoot a perpetrator that holds a category 2 
source up as to expose the responder. Another commenter noted that the 
LLEA does not have the time or the inclination to undergo licensee 
training. One commenter requested clarification on whether the training 
program included LLEAs.
    Response: The training is not for the LLEA but for the licensee's 
staff that would be responding to the alarm. The licensee is not 
required to conduct any training of the LLEA, although providing the 
LLEA an overview of the facility is a good practice. The rule does not 
authorize lethal force or arming of licensee personnel.
    Comment C25: In the proposed rule, the NRC specifically invited 
comment on the requirement to protect security-related information. 
Commenters were requested to provide information on: (1) Whether the 
Agreement States have adequate authority to impose the information 
protection requirements in this proposed rule; (2) whether the 
Agreement States can protect the information from disclosure in the 
event of a request under a State's Freedom of Information Act or 
comparable State law; (3) whether the proposed rule is adequate to 
protect the licensee's security plan and implementing procedures from 
unauthorized disclosure, whether additional or different provisions are 
necessary, or whether the proposed requirements are unnecessarily 
strict; (4) whether other information beyond the security plan and 
implementing procedures should be protected under this proposed 
requirement; and (5) whether the background investigation elements for 
determining if an individual is trustworthy and reliable for access to 
the security information should be the same as for determining access 
to category 1 and category 2 quantities of radioactive material. 
Nineteen commenters provided responses to the specific questions on 
this subject.
    Of those that provided responses to the questions on the protection 
of information, the commenters were divided in their views. Some felt 
that the proposed provisions were sufficient, some felt that they were 
unnecessarily strict, and some felt that the current provisions from 
the Increased Control Orders were sufficient. One commenter stated that 
with the proposed provisions, there was no continued need

[[Page 16973]]

for any of the security information to be considered SGI or SGI-M. One 
commenter stated that the requirements should be clarified to indicate 
that only written copies of the plan and procedures will be protected. 
One commenter stated that the rule was unnecessarily strict by 
requiring that persons with access to the security plan and procedures 
also be permitted unescorted access to the sources. Two commenters 
suggested that the list of individuals granted unescorted access to the 
security zone should also be protected. Most of the commenters agreed 
that the background investigation elements for determining whether an 
individual has access to the information and radioactive material 
should be the same. Two individuals stated that a criminal history 
records check should be part of the background investigation for access 
to the information. Two commenters stated that the elements should be 
different but did not indicate what should be different. On the 
question of whether the States have adequate authority to impose the 
information requirements, many commenters indicated that the States do 
have the authority or that they thought the States did. On the question 
of whether the States can protect the information from disclosure in 
the event of a request under a State's Freedom of Information Act, most 
of the responses were not definitive. Several commenters indicated that 
an opinion from the State Attorney General's Office would be necessary; 
four States indicated that they did have the necessary authority.
    In addition to those that provided responses to the specific 
questions, 8 commenters addressed the information protection 
provisions. One State noted that it did have authority to impose the 
information protection requirements and could protect the information 
from disclosure. One commenter noted that there are already processes 
in place under SGI and/or official use only (OUO) to protect security 
information.
    One commenter recommended adding the list of individuals approved 
for unescorted access authorization to the information that must be 
protected from unauthorized disclosure, noting that if the names become 
public, the individuals could potentially be targeted to gain unabated 
access to sources. One commenter requested that Sec.  37.43(d)(1) be 
revised to clarify that the protection of information refers to the 
written security plan or procedures only, so as to preclude unwarranted 
interpretations during a regulatory inspection about what information 
or discussions to restrict. The commenter offered suggested language as 
follows: ``(1) Except as provided in paragraph (d)(8) of this section, 
licensees authorized to possess category 1 or category 2 quantities of 
radioactive material shall limit access to copies of their written 
security plan and implementing procedures and unauthorized disclosure 
of substantive details of the plan or procedures that facilitate 
unauthorized access.''
    Commenters noted that the fingerprinting element was not included 
in the background investigation elements for access to security 
information, and several commenters stated that it should be included. 
Other commenters requested clarification whether fingerprints were 
prohibited for this purpose. Commenters requested that the NRC make the 
requirements for background checks consistent throughout the rule. One 
of the commenters noted that a licensee is left either to perform 
incomplete checks on individuals with whom information is shared, or to 
grant unrestricted access to individuals who truly do not need the 
access, just to allow the licensee to conduct the main element of the 
background check (i.e., the FBI identification and criminal history 
records check). One commenter stated that the response discussion for 
C6 in the Statements of Consideration should be modified to include the 
requirement that anyone seeking information on category 1 quantities of 
radioactive material must also have undergone the access authorization 
process, including the FBI criminal history review and fingerprint 
identification verification. The commenter stated that this would be a 
practical threshold for States to have equivalent rules in place that 
mimic the NRC's SGI-M requirements in 10 CFR part 73.
    One commenter stated that the phrase ``security service provider 
employees'' as used in paragraph Sec.  37.43(d)(4)(ii) is too general. 
The commenter indicated that it didn't appear that the intent of the 
NRC was to require background checks on individuals who do not access 
the facility and simply monitor the facility's security system from an 
offsite location, such as alarm service providers. The commenter 
further asked if the requirement is intended to address security guard 
service employees who work on the licensee's premises that contain 
category 1 and category 2 quantities of materials. Another commenter 
requested clarification and suggested revised language. One commenter 
noted that the exemption to performing background investigations for 
employees of security service providers requires written verification 
from the provider for each employee. The commenter stated that it may 
be more appropriate to approve the security service provider as a whole 
since it may be difficult for the licensee to maintain a current list 
of all employees of the vendor who may have intimate knowledge of the 
security system at the licensee's location(s). The commenter noted that 
it would be burdensome for the licensee to track individual employees 
of these companies. The commenter stated that a letter documenting the 
background investigation procedures of the security vendor could be 
provided to the licensee to allow it to forego the access authorization 
procedures for the security vendor employees. One commenter stated that 
each subsection on the protection of information (background 
investigation information) should be revised to state explicitly which 
subsections are applicable and must be followed for individuals 
provided relief in Sec.  37.29.
    One commenter stated that there should be no need to have another 
documented basis for an individual to have access to the security plan 
if it has already been documented that the individual has unescorted 
access to material as it is redundant and create additional burden. One 
commenter also requested that a table or flow diagram be added to the 
guidance document to show when the background investigation elements 
apply.
    Response: All aspects of the information protection requirements 
apply to all of the background investigation information possessed by 
the licensee whether the information is the full background 
investigation or information on how the individual met a category in 
Sec.  37.29 for relief from background investigation requirements. The 
NRC agrees that the list of individuals that have been approved for 
unescorted access should be protected and has added it to the list of 
items for protection. Individuals do not need to have unescorted access 
to the radioactive material in order to have access to the protected 
information. An individual who has been granted unescorted access to 
the radioactive material would not need to undergo another background 
investigation to have access to the security information. The licensee 
would need to document that the individual has a need-to-know the 
information. The rule has been clarified that a second background 
investigation is not necessary.
    On the issue of protecting only written copies of sensitive 
information, the NRC disagrees with the comment. The licensee must 
protect against any form of unauthorized disclosure of the

[[Page 16974]]

protected information, including verbal or electronic disclosure.
    On the issue of the security service provider, the NRC disagrees 
with the suggested change as a security service provider may not be a 
guard and could include other occupations. Language in Sec.  
37.43(d)(4)(ii) allows the licensee to accept a security service 
provider's determination of trustworthiness and reliability based on a 
full background investigation. Additional information has been added to 
the implementation guidance.
    On the issue of requiring fingerprints and FBI criminal history 
records for access to the information, the NRC does not have the 
authority to require fingerprints for access to this type of security 
information. The NRC can only require fingerprints for access to SGI 
and unescorted access to radioactive material. The NRC has added a 
table to the guidance document on the background investigation 
elements.
    Comment C26: One commenter requested clarification of Sec.  
37.43(d)(3) as to whether individuals, who by nature of their job 
position have knowledge of critical components of the security plan, 
would be required to undergo a background investigation unless they 
have access to the security plan document or any of its implementing 
SOPs. Examples include a security guard with access to an alarm-
response schematic or an IT specialist who supports an IT system 
responsible for alerting security personnel of adverse indicators in 
the area of category 1 or category 2 radioactive sources. In each case 
the individual has knowledge of security plan components but would not 
have access to the plan itself or implementing SOPs.
    Response: Employees or service providers with limited knowledge of 
the security plan but without access to the plan or the implementing 
procedures would not necessarily need to undergo a background 
investigation. The licensee would have to decide in some cases how much 
knowledge of the plan the employee has; if the employee is familiar 
with the plan and procedures, even if he does not have access to the 
document, it may be necessary to conduct a background investigation and 
make a determination of trustworthiness and reliability. Note that new 
language in Sec.  37.43(d)(4)(ii) allows the licensee to accept a 
security service provider's determination of trustworthiness and 
reliability based on a full background investigation.
    Comment C27: One commenter requested that the language in Sec.  
37.43(d)(5) requiring that ``* * * the licensee shall immediately 
remove the person * * *'' be revised to remove the word ``immediately'' 
and to substitute ``as soon as practical.'' The commenter noted that 
the person won't immediately forget the information in the plan and 
that there is no need for immediate removal.
    Response: The NRC agrees with the comment. An immediate removal 
from the list is probably not necessary. The NRC has revised the 
language to reflect that the removal should occur as soon as possible 
but no later than 7 working days.
    Comment C28: One commenter objected to the phrase ``in a manner to 
prevent removal'' in Sec.  37.43(d)(6). The commenter felt that the 
phrase was exceedingly vague. The commenter suggested a change to 
``secure the plan to prevent unauthorized access.''
    Response: The NRC agrees with the comment and has revised the rule 
text to read: ``When not in use, the licensee shall store its security 
plan and implementing procedures in a manner to prevent unauthorized 
access.''
    Comment C29: One commenter requested clarification on whether a 
reinvestigation is required for individuals who have access to 
sensitive information only, and if so, the procedure that should be 
followed.
    Response: Yes, the reinvestigation applies to individuals who have 
access to sensitive information. The rule has been clarified to make 
the requirement clear.
    Comment C30: One commenter requested that language from the orders 
addressing marking and transmission of security related documents be 
added to the rule.
    Response: The NRC disagrees with the comment and does not believe 
that the marking and transmission measures need to be added to the 
rule. Licensees are not required to submit either the security plan or 
implementing procedures to the NRC. The NRC reviews these documents 
during inspections at the site. The transmission portion is therefore 
not necessary. The necessary elements from the orders on access to and 
protection of the information are in the rule. The other elements are 
good practice, but the NRC does not believe that they are essential for 
the adequate protection of the information. However, if a licensee 
believes that information submitted to the NRC should be withheld from 
public disclosure, the licensee should follow the requirements in Sec.  
2.390.
    Comment C31: One commenter suggested that the terms ``Safeguards 
information'' and ``Safeguards information modified handling'' be 
defined in 10 CFR part 37.
    Response: The NRC disagrees with the comment. Safeguards 
information and safeguards information modified handling are defined in 
10 CFR part 73 where the requirements for handling such material are 
located. The reference in 10 CFR part 37 is merely a pointer to the 
requirements and does not establish any new requirements; therefore, 
the NRC does not believe that a definition for these terms is necessary 
in 10 CFR part 37.
    Comment C32: One commenter asked that the NRC define ``to the 
extent practicable'' for coordination with LLEAs.
    Response: This provision was added to the rule to provide the 
licensee with some flexibility. Some LLEAs may be reluctant to engage 
in coordination activities with a licensee. The provision ``to the 
extent practicable'' allows the licensee to remain in compliance with 
the rule when an LLEA will not participate in any coordination 
activities. The NRC does not believe that phrase needs to be defined. 
Guidance is available on this topic and other aspects of the rule in 
the associated implementation guidance.
    Comment C33: Two commenters recommended deleting paragraph Sec.  
37.45(a)(1)(ii) as this information would be classified as SGI or SGI-M 
for some licensees and would require handling and control in accordance 
with Sec.  73.21. The commenter indicated that there appears to be 
little if any benefit in providing this information to the LLEA that 
would warrant the dissemination of SGI or SGI-M. Another commenter felt 
it was unnecessary to describe specific security measures such as alarm 
types and locations unless the LLEA is actually monitoring these 
alarms. The commenter asserted that a generic description would be 
adequate for the purpose of LLEA situational awareness.
    Response: The NRC disagrees with the comments. The NRC believes 
that the information on the facility can be useful to the LLEA. In an 
event where someone is trying to steal the material, the LLEA can mount 
a more informed response if information about the facility is available 
to the responders. When NRC staff has met with LLEA representatives, 
the representatives have indicated interest in the coordination 
activities. LLEAs are deemed trustworthy and reliable for access to 
sensitive security information as well as SGI.
    Comment C34: One commenter noted that an LLEA is not going to tell 
every licensee whether the initial response to an emergency involving 
radioactive materials must be provided by other than armed LLEA 
personnel and

[[Page 16975]]

questioned how a licensee would know this information. The commenter 
suggested removing the provision as it was a nonsense requirement. One 
commenter stated that the NRC should coordinate with the States to be 
notified instead of requiring the licensee to notify the NRC after the 
licensee becomes aware of any State or local requirements that an 
initial response to an emergency involving radioactive material must be 
provided by other than armed LLEA personnel. Another commenter 
recommended removing the requirement. One commenter asked what the NRC 
would do after such notification.
    Response: The NRC agrees that there may be some reluctance on the 
part of the LLEA to provide the information. The provision is not 
included in the final rule.
    Comment C35: One commenter questioned the need for a specific 
written agreement for response. The commenter also requested 
clarification on what must be included in the agreement. Some 
commenters questioned the benefit of requiring coordination with the 
LLEAs and questioned whether this was the best use of LLEA resources 
given the low probability of an actual threat to sabotage or steal a 
category 2 source. Commenters indicated that, based on their experience 
to date with the orders, the LLEA coordination was not beneficial, 
noting that at best the LLEAs would acknowledge the coordination 
attempts with no commitments, other than to respond in the manner they 
believed was proper, and that most LLEAs were completely disinterested 
and did not acknowledge any information provided by the licensee. They 
noted that in their discussions with those LLEAs where feedback was 
provided, the LLEAs were unwilling to discuss the manner in which they 
planned to respond and unwilling to commit to any specific action as 
each decision to respond must be based on their judgment of the 
circumstance. One commenter indicated that LLEAs would not want to 
disclose their capabilities. One commenter noted that the LLEA is not 
required to comply with the request. At least one commenter questioned 
whether it would be more efficient to inform/train only the LLEA 
involved when the billions we spend on intelligence indicate a credible 
threat. Commenters felt that adding a requirement does not address the 
root cause. One commenter expressed concern that security could be 
reduced if the LLEA failed to protect the information or had to release 
the information under a FOIA request. The commenter suggested a 
reevaluation of the information provided to the LLEA such that release 
of information would not cause a breach in security. Two commenters 
noted that they had successfully coordinated with their LLEA under the 
orders and do not believe that any additional requirements are needed. 
One commenter indicated that the coordination process should be a 
clearly defined process. One commenter stated that LLEA coordination 
requirements were overly prescriptive and difficult to implement. The 
commenter stated that, if NRC feels this is necessary, NRC should take 
the lead and identify contacts and provide training. A commenter noted 
that the use of 911 is effective for all kinds of emergencies and 
should be used by licensees. One commenter agreed that there is value 
in a coordinated response from an LLEA and that such a response should 
include the capability of bringing armed force; however, the commenter 
stated that it was inappropriate to place the requirement on the 
licensee. The commenter stated that the extent of the response should 
be left to the discretion of the LLEA. The commenter noted that the 
requirement for a written agreement with the LLEA was unenforceable and 
outside the State's jurisdiction. Two commenters noted that the LLEA 
coordination was one of the most difficult areas to implement from the 
orders and places responsibility on licensees for activities they 
cannot control.
    Response: While the orders contained a requirement for a 
prearranged plan with the LLEA, the proposed rule only contained a 
provision to request that the LLEA enter into a written agreement. 
After evaluation of all of the comments on the LLEA coordination, the 
NRC has simplified the requirement. The NRC continues to believe that 
coordination with the LLEA is important, and the rule contains a 
requirement for coordination. However, the decision was made that 
several of the items, while good ideas, were better addressed in the 
guidance document and not in the rule itself. A written agreement and 
several of the coordination activities are not included in the final 
rule. Even if a written agreement had been reached, an LLEA will 
respond as it feels is appropriate to the particular situation.
    Comment C36: One commenter objected to requesting the LLEA to 
provide updated contact information as it places a burden on the LLEA. 
Two commenters suggested that this only be a requirement if a facility 
is not served by a 911 system.
    Response: The NRC agrees that it is not necessary to request 
contact information or updated contact information. Most licensees in 
the case of an actual threat would call 911 and not the contact. 
Additionally, no contact would be available 24/7. The provision is not 
included in the final rule.
    Comment C37: Many commenters objected to the requirement that a 
licensee request the LLEA to notify it of degraded capabilities as 
unrealistic, unnecessary, unenforceable, and would probably violate 
LLEA ``need-to-know'' procedures. Some commenters felt that the 
requirement that the LLEA notify licensees of a degradation of their 
response capabilities was clearly outside the purview of the regulating 
agencies. Others noted that licensees have no authority over 
nonlicensed entities such as LLEAs. Commenters felt that the LLEA is 
better equipped to arrange for alternative response capabilities than 
would the licensee and that this would be an inherent part of LLEA 
organizational framework; some commenters asked what the direction was 
if a licensee was notified of a degraded LLEA response capability. 
Another commenter asked what the State was to do if notified that the 
LLEA was not cooperating in providing the degraded capability 
information. Commenters noted that it is inconceivable to believe that 
the LLEA would notify a licensee that their response capabilities have 
become degraded, not only because that would appear to be an open 
invitation to the criminal sector, but also, if capabilities are 
degraded, logically the LLEA would not have the capability to notify 
licensees. Commenters asked what they would do with the information if 
provided. One commenter suggested as an alternative that the licensee 
request the LLEA to confirm that it has a contingency plan in case of 
compromised response capabilities. Another commenter noted that it was 
more important for the licensee to discuss this issue with the LLEA 
during the coordination meetings. Another commenter noted that there is 
not prescribed action for the licensee to take if notified and 
questioned the purpose of the notification.
    Response: The NRC agrees that many LLEAs may not want to provide 
information on degraded capabilities. The provision is not included in 
the final rule.
    Comment C38: One commenter stated that the participation of 
licensees and LLEAs in drills and exercises was an unfunded mandate and 
should not be required. The commenter also questioned whether drills 
and exercises contribute to the security of the sources or the public 
health and safety. Two

[[Page 16976]]

commenters suggested removing this requirement as there is no 
requirement to conduct such drills.
    Response: The NRC agrees in part and disagrees in part. The 
proposed rule did not require that drills and exercises be conducted. 
The rule did contain a provision that required the licensee to ask 
whether the LLEA would be willing to participate in drills and 
exercises. As there is no requirement to conduct drills and exercises, 
the NRC has removed this provision as suggested by the commenters. The 
NRC does note that drills and exercises can contribute to the public 
health and safety and the security of the material.
    Comment C39: Several commenters felt that the requirement for a 
licensee to notify the regulatory agency if an LLEA declines to 
participate in coordination activities creates an unnecessary burden 
for the regulatory agencies that will now be required to notify the 
Department of Homeland Security or contact the LLEA directly to explain 
the importance of cooperating. Some commenters suggested that if NRC 
believes this is truly a critical issue, NRC should coordinate with the 
Federal Department of Homeland Security's Nuclear Sector Government 
Coordination Council to engage law enforcement from a broader 
perspective. One commenter asked what actions the NRC would take when 
notified and what the NRC would do if the NRC did not gain confidence 
that the LLEA would respond in an actual emergency.
    Response: The NRC disagrees with the comment. The NRC believes it 
is vitally important for the licensee to coordinate with the LLEA, and 
the agency wants to know if the LLEA won't participate. There were 
instances during implementation of the orders where the NRC met with 
the LLEA to explain the importance of LLEA cooperation with the 
licensee. The State is not required to contact DHS or the LLEA if the 
LLEA does not want to participate in coordination activities. DHS does 
have training programs to educate LLEAs.
    Comment C40: Two commenters objected to the requirement to 
coordinate with the LLEA every 12 months, noting that it took several 
months to set up a meeting for the coordination required by the orders. 
The commenter felt that, as there had been no events requiring contact 
with the LLEA and no changes to the security program, there was no need 
to meet annually. The commenter noted that both parties have plenty of 
work and are not just sitting around and focusing on this one agenda 
item. The commenters asked whether the licensee would be cited if the 
LLEA refused to meet on an annual basis.
    Response: The NRC disagrees with the comment. The NRC believes that 
it is important to maintain contact with the LLEA. Turnover at both the 
LLEA and the licensee occurs over time and if contacts are not 
maintained, the knowledge obtained during the initial coordination is 
lost. The annual follow up does not need to be extensive. If the LLEA 
refuses to participate, the licensee should document the attempt. The 
licensee would not be cited as long as it had documented the 
attempt(s).
    Comment C41: One commenter noted that the requirement to document 
coordination activities with the LLEA would now require regulatory 
agency inspectors to visit LLEAs to determine licensee compliance, 
resulting in longer inspection times and possibly creating a situation 
that may be interpreted by the LLEA as intrusive.
    Response: It is not clear why the commenter feels that an inspector 
would be required to visit the LLEA to determine a licensee's 
compliance with the rule's coordination requirements under Sec.  37.45. 
The licensee is required to document the coordination activities, and 
an inspector would be expected to review the documentation. An 
inspector may choose to contact the LLEA to gain a greater 
understanding of the nature of the coordination efforts. However, this 
rule does not require that an inspector contact the LLEA to determine 
licensee compliance with Sec.  37.45.
    Comment C42: Two commenters noted that the goals and objectives for 
coordination activities with LLEAs are admirable, but the commenters 
stated that this is an area where the NRC should consider taking 
concerted efforts to engage law enforcement communities to improve 
situational awareness now, rather than waiting for feedback from 
licensees regarding potential LLEAs refusing to cooperate. The 
commenters suggested that the NRC consider an outreach campaign aimed 
at direct communications with LLEAs to better understand their 
perspectives regarding these issues. Another commenter suggested a 
Federal outreach training program to LLEAs for radioactive materials 
incident response. The commenter noted that DOT has an outreach program 
for transportation incident response.
    Response: During the security inspection process, the NRC 
inspectors have been contacting the LLEAs to both ensure that licensees 
have been coordinating and to improve the LLEAs understanding of the 
importance of providing a timely response. At this time, the NRC is not 
planning any additional outreach to LLEAs. However, the DOE has a 
program to provide LLEAs with additional training for responding to the 
attempted or actual theft of category 1 or category 2 quantities of 
radioactive material. The Global Threat Reduction Initiative (GTRI) 
program provides security personnel and local law enforcement with 
tools (e.g. radios, repeaters, and personal detection devices) and 
additional training to respond to a security incident. To ensure that 
both onsite and offsite responders understand how to respond to 
enhanced security system alarms, GTRI developed an alarm response 
training course, which is held at the Y-12 National Security Complex in 
Oak Ridge, Tennessee. This alarm response training also prepares 
responders to protect themselves and the public when responding to 
events involving radiological materials. The participants conduct 
hands-on training in a realistic setting using actual protection 
equipment and real radioactive sources. The courses include operational 
exercise scenarios that build on classroom instruction and allow 
response forces to exercise their own procedures during realistic alarm 
scenarios.
    Comment C43: One commenter noted that not all events that occur are 
of a nature that an LLEA would have to be involved and questioned why 
it should be mandatory that an LLEA respond to events that could be 
handled by internal security.
    Response: It is not mandatory that the LLEA respond to all events. 
The licensee is suppose to assess the event and contact the LLEA only 
if there has been an actual or attempted theft, diversion, or sabotage 
attempt. The language has been clarified.
    Comment C44: One commenter questioned how the failure of the LLEA 
to coordinate fully with the licensee would impact the status of a 
license. The commenter noted that licensees should not be held 
accountable for noncooperation or lack of resources on the part of the 
LLEA. The commenter stated that it should be under the purview of the 
NRC or Agreement State to ensure that the LLEA works with the licensee 
in the requested manner.
    Response: Failure of the LLEA to coordinate does not affect the 
status of the license, and licensees will not be held responsible if 
the LLEAs do not coordinate. Under Sec.  37.45(b) and (c), licensees 
are only required to document their coordination efforts and notify 
their appropriate NRC regional office if the LLEA does not wish to 
coordinate. The NRC will contact the LLEA to

[[Page 16977]]

explain the potential consequences of the theft of category 1 or 
category 2 quantities of radioactive material and encourage the LLEA to 
participate in coordination activities with the licensee.
    Comment C45: One commenter requested that the NRC add a subsection 
to clarify requirements for coordination by a licensee or permittee 
under a master materials license that has an onsite LLEA that would 
preclude unwarranted interpretations during a regulatory inspection 
about the extent that coordination must be documented. The commenter 
offered suggested language as follows: ``For a licensee or permittee 
under a master materials license with an on-site LLEA, coordination 
requirements in this subsection are considered to have been completed 
if the security plan and implementing procedures establish methods for 
LLEA response at the facility.'' Another commenter raised the issue of 
unnecessary documentation of coordination activities when the LLEA is 
part of the same organization that owns the radioactive material. The 
commenter noted that the lack of documentation activities should be 
seen as good news unless the LLEA refuses to respond to appropriate 
requests for assistance. The commenter also notes that burdening the 
police with detailed paperwork is an ``insult to their understanding of 
the risks inherent to their mission.'' This commenter also suggested 
adding a new subparagraph as follows: ``When the LLEA is part of the 
organization that owns and controls the Category sources, the 
documentation in Sec.  37.45(a)(2)'' {was (a)(1){time}  ``is not 
required provided all the elements of good willful coordination are 
clear.''
    Response: Even when the LLEA is on site, the licensee should 
conduct coordination activities. The coordination would likely be 
simplified but still needs to occur. The coordination activities to 
meet the requirements of Sec.  37.45 need to be documented even if the 
LLEA is part of the same organization. The licensee would not need to 
document all interactions with the LLEA, only those necessary to meet 
the requirements. Note that it is not the LLEA that is required to 
document the coordination activities.
    Comment C46: One licensee asked whether a written agreement with a 
third party service that provides off-duty local law enforcement agents 
on site at all times would be acceptable to demonstrate compliance with 
the LLEA coordination requirement. The commenter stated that the agents 
have full response and arrest capabilities while working at the 
facility.
    Response: If the third-party service provides individuals that meet 
the definition of LLEA and the third-party service can provide a timely 
armed response 24 hours per day, then the third party service providers 
meet the requirement for LLEA coordination.
    Comment C47: One commenter questioned what would be expected of the 
State if the LLEA did not respond to an event?
    Response: The expected response would depend on the circumstances 
and would be up to the State. The NRC believes that it would be highly 
unlikely that the LLEA would not respond to an actual or attempted 
theft of radioactive material.
    Comment C48: In the proposed rule, the NRC specifically invited 
comment on the requirement to contact the LLEA for work at a temporary 
jobsite. Commenters were requested to provide information on: (1) 
Whether there is any benefit in requiring that the LLEA be notified of 
work at a temporary jobsite; (2) whether notifications should be made 
by licensees for work at every temporary jobsite or only those where 
the licensee will be working for longer periods, such as the 7 day 
timeframe proposed in the rule; (3) whether 7 days is the appropriate 
threshold for notification of the LLEA or should there be a different 
threshold; (4) whether licensees can easily identify the LLEA with 
jurisdiction for temporary jobsites or whether this imposes an undue 
burden; and (5) whether LLEAs are interested in receiving these 
notifications. Eighteen commenters provided responses to the specific 
questions on this subject.
    Of those that provided responses to the questions on LLEA 
notification at temporary jobsites, the majority indicated that there 
was no benefit to notifying the LLEA of temporary jobsites. Only one 
commenter indicated that there is some benefit for notification of work 
using category 1 materials and one noting some benefit for a temporary 
jobsite lasting longer than 30 days. Commenters indicated that 
temporary jobsites are unpredictable in nature and therefore unlikely 
to be a primary target. Commenters noted that in most cases the 
licensee does not know 3 days in advance where work might occur and 
that due to the nature of the job it is often not possible to determine 
the length of the job in advance. Commenters noted that the 
notifications may cause confusion for the LLEA and would likely be 
intrusive. Commenters indicated that the emergency 911 system is 
adequate in the case of a security event. One commenter noted that the 
LLEA would also need to be notified when the job ended. One commenter 
suggested that notifications go to a central location, such as the NRC 
or Agreement State, and then the central organization could coordinate 
with State and local police. The commenter indicated that this would 
reduce the confusion and workload on both the licensees and the LLEA 
and help to maintain a healthy working relationship and be more 
effective. Some commenters noted that clarification would be needed to 
address cumulative time where 7 days are not consecutive and to better 
define the boundary of a temporary jobsite for jobs along pipelines. 
Commenters indicated that it would be difficult to identify LLEA with 
jurisdiction over temporary jobsites, noting issues with overlapping 
jurisdictions, moving jobsites, offshore locations, etc. Commenters 
stated that this would impose a huge burden without meaningful benefit. 
Most commenters indicated that the LLEA would not be interested in 
receiving temporary jobsite notifications. Commenters indicated that 
LLEAs would respond in the case of an emergency whether there was an 
advance notification or not. No LLEAs provided comments.
    In addition to those commenters that provided responses to the 
questions, 32 commenters provided comment on the issue of LLEA 
notification for temporary jobsites. Most of the commenters objected to 
the requirement to notify LLEA for work at temporary jobsites. 
Commenters thought that the requirement was unrealistic and created an 
unnecessary burden, both in personnel and operations. One licensee 
noted that its company had over 5,000 jobs a year that would meet the 
requirement and that in addition many jobs, that were to be less than 7 
days, experience delays that are beyond the control of the company. 
Commenters noted that the paperwork for the notifications will be time 
consuming to produce and, if it is to be valuable, time consuming for 
LLEAs to read and comprehend. Many noted that there is no practical 
means to identify the appropriate LLEA, particularly in areas that the 
licensee is not familiar with, and in some cases a temporary jobsite 
might cover a very large area with several overlapping jurisdictions, 
and it can be difficult to determine which agency is the first 
responder. Commenters noted that many times licensees are notified of 
the necessity of work on the same day the work is

[[Page 16978]]

required and don't know 3 days in advance, with one commenter noting 
that only about 3 percent of its jobs are known 3 days in advance. 
Commenters noted that these jobs often involve repair of critical oil 
and gas infrastructure which could be delayed while attempting to 
determine which LLEA has jurisdiction and coordinating with them, 
creating significant cost to the industries with no benefit. One 
commenter suggested that, if the provision was retained, it be modified 
to require the notification be made within three business days 
subsequent to beginning work as this would alleviate some of the 
problems created by advance notifications.
    Some commenters noted that the LLEAs do not want to receive these 
notifications and would be unprepared to receive the notifications. 
Some commenters thought that the contacts with the LLEA without 
possible response from the LLEA may accomplish nothing but aggravation 
and frustration for the LLEA. One commenter (a State) indicated that, 
based on a survey of LLEAs, the LLEAs want to know about a temporary 
jobsite, no matter how long the site will be used, so they can plan for 
emergencies. The commenter indicated that the LLEA would like a 
standardized form to be used by States that clearly indicates the high 
priority of the information. Many commenters noted that the 911 system 
is the best tool if there was an attempted theft and that responders 
would quickly respond once they realized that radioactive material was 
involved. Commenters noted that it is expected that the LLEA will 
respond to a security event in fulfillment of their responsibility to 
protect life and property and that in many jurisdictions LLEA resources 
are somewhat limited. Commenters felt that the NRC lacked a true 
understanding of the nature of the temporary jobsite work that is done 
or the concept of using the 911 system when law enforcement is needed. 
At least one commenter felt that the NRC was placing the licensee in a 
position that would likely result in unintentional violations to the 
rule. Commenters felt that due to the itinerant nature of temporary 
jobsites and being constantly on the move, it would be very difficult 
to plan a theft in the field setting. One commenter noted that 
licensees are already required to negotiate and pay for reciprocity, as 
well as inform the applicable State agency as to when and where 
operations are planned and the duration of the project and that 
expansion of this requirement to include local authorities was asking a 
lot.
    One commenter suggested an alternative of requiring daily contact 
with the home office and noted that failure to contact would prompt an 
investigation by the home office which would lead to LLEA notification 
as appropriate. Commenters asked who will offer training to every 
jurisdiction and who will subsidize those jurisdictions, current local 
budgets being what they are.
    Response: After reviewing the comments received on this issue, the 
NRC has decided not to include the LLEA notification for work at 
temporary jobsites in the final rule. While there is some limited 
benefit in receiving the notifications, the benefit does not outweigh 
the burden that the requirement would impose. Identification of the 
appropriate LLEA would not be easy. The notifications could also cause 
confusion among the LLEAs as to what they should do with the 
information. In the event of a theft, the licensees will likely call 
911, and the LLEA will respond as appropriate to the call. Also, as 
pointed out by the commenters, companies often don't know where they 
will be working in advance. Locations, particularly along pipelines, 
shift consistently making it difficult to know who to contact.
    Comment C49: One commenter suggested that instead of mandating the 
licensees to take on this burden, the Commission's approach should be 
to encourage licensees to offer LLEAs their expertise and offer some 
form of training to the local departments. The commenter noted that the 
Increased Control Orders require the licensees to establish their 
presence with LLEAs as the facilities clearly are a much more 
attractive target to an attack than the mobile fleets. The commenter 
suggested that an adjustment in the rule encouraging a closer 
relationship in this area would be more accepted by all parties 
involved and would not overly impact said parties financially or on a 
personnel basis. Creating a program that encourages and supports 
licensees and LLEAs working together would or could create close 
relationships that will have far more impacting and lasting results 
than calls to the departments advising them of work that is proposed to 
last more than 7 days.
    Response: The NRC has not included the notification provision for 
work at temporary jobsites in the final rule, and there are no 
requirements for training affected LLEAs. See the response to comment 
C48. The NRC recognizes the benefits to licensees of having a close 
working relationship with the LLEA for the security of any jobsite, 
permanent or temporary. Licensees are free to take whatever actions 
they feel are appropriate to develop this type of working relationship.
    Comment C50: One commenter noted that the temporary jobsite 
notification could be via email and that email is generally unsecured 
unless it is encrypted or sent as password protected attachments. The 
commenter noted that the rule does not contain any restrictions as 
outlined in Regulatory Issue Summary 2005-31.
    Response: The provision for LLEA notification for temporary 
jobsites is not included in the final rule. See the response to comment 
C48.
    Comment C51: Some commenters objected to the concept of a security 
zone because they believe it is abstract, nebulous, and unworkable in 
actual work environments of the types of licensees who must comply with 
the regulation, and unnecessary and burdensome with no benefit. 
Commenters felt that the concept would cause confusion. Commenters 
stated that it would add an unneeded term and concept that would likely 
lead to confusion and would add burden with little intrinsic benefit. 
The commenters noted that the licensees' procedures that have been put 
into place to meet the current orders create security and have been 
verified through inspections and that no change is necessary. Two of 
the commenters stated that the security zone concept was discussed 
during the orders working group process and that the concept was not 
incorporated in the orders. The two commenters indicated that this had 
the appearance of an attempt to incorporate in rule a concept that did 
not have consensus and was not incorporated after going through the 
orders working group process. One commenter noted that the industrial 
use of radioactive materials when used at its facility is essentially a 
security zone because facility access is restricted due to ITAR 
requirements. This commenter said it should be sufficiently secure to 
set up restricted areas based on the radiation level and monitor the 
material until it is secured in storage. One commenter noted that the 
increased controls are in place, and it was not aware of any situations 
that have occurred that now warrant the inclusion of a security zone 
designation.
    Response: While working groups for the orders may not have been 
able to reach a consensus on an issue, this does not mean that the 
working group for the rule was unable to reach consensus. The 10 CFR 
part 37 rule working group had information available that was not 
available to the orders working group.

[[Page 16979]]

The 10 CFR part 37 working group considered the orders, lessons 
learned, implementation issues, inspection issues, recommendations from 
other reviews, as well as the comments on the preliminary rule language 
and proposed rule. The purpose of security zones is to isolate and 
control access to category 1 and category 2 quantities of radioactive 
material to protect them more effectively and deter theft or diversion. 
A security zone effectively defines where the licensee will apply these 
isolation and access control measures. It is thus a logical extension 
of the requirement in the Increased Control Orders that licensees 
``control access at all times to [category 1 and category 2] 
radioactive material quantities * * * and limit access to such 
radioactive material and devices to only approved individuals who 
require access to perform their duties.''
    Because the purpose of security zones is different from the 
radiation safety purposes of the restricted areas and controlled areas 
defined in 10 CFR part 20, the security zone does not have to be the 
same as either of these areas. Because measures to control access are 
required for both radiation protection and security, however, a 
licensee does have the flexibility to use an area required for 
radiation protection purposes to fulfill the required functions of a 
security zone.
    Comment C52: One commenter noted that the security zone concept 
potentially has serious operational and financial repercussions and is 
expensive overkill. The commenter noted that adding continuous barriers 
could be extremely expensive and may introduce scattered radiation into 
labs that have very specific operational requirements. The commenter 
noted that isolating and controlling access does not appear to comply 
with the requirements for the physical barriers and that locks, cables, 
etc. would not isolate the same radioactive material in a security zone 
as required. The commenter noted that individuals could frequent the 
security zones but still be separated from the radioactive material due 
to the lock but that the rule requires that only authorized individuals 
have access to the security zones. The commenter stated that these two 
concepts seem to conflict with each other and if the common physical 
barrier concept is not acceptable, then many more licensees will fall 
under these requirements due to the aggregation of radioactive 
material. The commenter noted that it would cost over $200,000 to 
develop continuous barriers and redo calibrations, procedures, etc., if 
it can be done at all. The commenter suggested allowing the licensee to 
propose measures to compensate for the lack of a continuous barrier 
when that barrier would obstruct the use of the radioactive material 
for its intended purpose and when there is no available alternative.
    Response: A continuous barrier is not the only method that a 
licensee can use to meet the requirement. Direct observation is also 
allowed, as is a combination of barrier and direct observation. A 
continuous barrier does not have to be expensive; it can be a metal 
cage or walls. The commenter seems to believe that unauthorized 
individuals cannot be in a security zone. This was not the intent of 
the rule. Unauthorized individuals can have access to the security zone 
as long as they are escorted by an approved individual. The rule 
language has been clarified, and additional information has been added 
to the implementation guidance. The licensee can establish the 
boundaries of the security zone as appropriate for a particular 
facility; the rule does not dictate where the security zone is located. 
In most cases, whatever a licensee used to meet the orders will also 
meet the 10 CFR part 37 requirements. The Increased Control Orders did 
not use the term ``security zones'' but the concept was a factor.
    Comment C53: One commenter expressed concern with the security zone 
concept at temporary jobsites. The commenter noted that implementation 
would require additional personnel and expense, and the security zone 
will require areas that will be larger than the radiation areas. 
Another commenter noted that the concept could cause confusion in 
certain types of jobsites where aggregation of multiple low level 
sources would constitute a security zone. The commenter provided the 
example of petrochemical plants that use low level sources to monitor 
product levels, noting that aggregation of these sources will 
constitute a security zone which would require direct control by 
approved individuals at all times and\or intrusion detection systems 
and physical barriers. The commenter felt that this could mean that the 
entire plant would be a security zone, and only trustworthy and 
reliable employees could enter.
    Response: The NRC disagrees with the comment. It is not clear why 
the security zone concept would result in additional personnel and 
expense, or why it will require security zones larger than the 
radiation areas at either temporary or permanent jobsites. A security 
zone effectively defines where the licensee will apply the isolation 
and access control measures required under the Increased Control 
Orders. The NRC is unaware of any operating conditions that would 
require more space for compliance with any of the additional measures 
required by this rule. The licensee establishes the security zone, and 
because measures to control access are required for both radiation 
protection and security, a licensee has the flexibility to use an area 
required for radiation protection purposes to fulfill the required 
functions of a security zone. The NRC is unaware of any petrochemical 
or other industrial plants that have designated the entire plant as a 
radiation safety area for their radiography or other sources, and the 
NRC sees no reason why such licensees or licensed service providers 
would need to designate the entire plant a security zone for the 
purposes of this rule. A licensee could of course choose to do so.
    Because the concept of aggregation is no different from the concept 
of aggregation and co-location under the orders, it is not clear why 
the application of security zone requirements would result in confusion 
at jobsites where multiple low-level radiation sources are aggregated.
    Comment C54: Several commenters requested clarification on what 
constitutes a physical barrier and recommended that physical barrier be 
either defined or guidance provided. Another commenter suggested 
changing the term to physical security barrier to avoid confusion with 
the definition of physical barrier in 10 CFR part 73. One commenter 
suggested the physical barrier is where the security zone has been 
established.
    Response: The NRC has revised Sec.  37.47(c)(1) to provide 
additional clarity. This provision now notes that a physical barrier is 
``a natural or man-made structure or formation sufficient for the 
isolation of the category 1 or category 2 quantities of radioactive 
material within a security zone.'' Additional information has also been 
added to the implementation guidance.
    Comment C55: One commenter asked how many security zones needed to 
be designated and noted that the rule is unclear for those licensees 
within fixed facilities.
    Response: The licensee is responsible for establishing security 
zones. The number of security zones established by a licensee is 
dependent on the needs of the licensee. A licensee may have only one 
security zone or may have several.
    Comment C56: One commenter recommended including a provision in 
Sec.  37.47 that exempts the security zone requirements for category 1 
or category 2 quantities of material stored in casks

[[Page 16980]]

or packages that require specialized equipment to move, open, or 
access, if the equipment needed to access the material is unavailable. 
One commenter noted that the continuous monitoring of security zones 
and detection capability is a significant additional cost without any 
benefit for category 1 and category 2 materials that may be stored at a 
nuclear facility in a concrete mausoleum or within individual concrete 
vaults that require heavy equipment, such as a crane, to access. One 
commenter stated that clear criteria for applicability would be needed 
to implement security zones. The commenter offered the example of 
multiple high integrity containers with lids weighing 10 tons, each 
inside a shield, stored inside a fenced common area which contains, in 
the aggregate, a category 1 or category 2 quantity of radioactive 
material and no crane in the area to lift the shield container lid. The 
commenter stated that establishing a security zone for the common 
storage area is required and that this is excessive.
    Response: A licensee can always request an exemption for material 
or items that it believes should be exempt from all or some of the 10 
CFR part 37 requirements. Exemptions are handled on a case-by-case 
basis. Some of the material addressed by this comment is covered by the 
partial exemption in Sec.  37.11(c). See also response to comment A20.
    Comment C57: One commenter noted that large manufacturing and 
distribution facilities will have several security zones with 
significant quantities of category 2 sources in storage and that it 
would be impossible to perform an effective physical check on a weekly 
basis. The commenter also noted that a weekly check is not consistent 
with the ALARA principle. The commenter noted that putting tamper 
indicators on each source/device would be cost prohibitive and require 
a significant amount of time and personnel dose to install, monitor, 
and subsequently remove. The commenter noted that sources are 
constantly transferred from one container to another in the course of 
manufacturing, storage, and preparing for shipment and receiving. The 
commenter requested clarification as what ``other means'' would cover 
and/or be acceptable in Sec.  37.49(a)(3)(ii). The commenter noted that 
under the orders it has a method approved by the Regulatory Authority 
to ensure that the category 2 radioactive material is present and that 
the process is considered SGI-M information. The commenter wanted to 
know how such pre-existing compliance agreements would be handled under 
the rule. The commenter also requested clarification on the situation 
where there are individual sources that are each less than category 2 
but when they are collocated/aggregated the total quantity exceeds 
category 2, whether the individual sources need to have this physical 
check performed. The commenter noted that depending on the answer, the 
quantity of sources affected at a large facility could be more than a 
thousand and that this would affect many smaller facilities including 
medical institutions, universities, and gauging. The commenter noted 
that the requirement has significant implication and needs to be 
carefully considered to avoid unintended adverse consequences.
    Response: The licensee is not required to conduct a weekly physical 
inventory of the category 2 quantities of radioactive material; other 
methods can be used. The other means allowed by the rule are intended 
to provide the licensee with the flexibility to use the method that 
works best for its facility. A licensee could use methods to detect 
removal of the material from the security zone. If a licensee is 
currently using an agreed on method, the method should continue to meet 
the intent of the requirement. Any of the methods deployed for category 
1 materials could also be used for category 2 materials. Additional 
information is available in the implementation guidance.
    Comment C58: One commenter requested clarification on where an NRC 
security zone at a licensee site and a DOT security zone for transport 
take effect for shipments leaving a facility. One commenter noted that 
the NRC should clarify at what point the shipment is under DOT rules 
and not under 10 CFR part 37. The commenter asked if this occurs once a 
shipment of category 1 or category 2 radioactive material is prepared 
(DOT paperwork in possession of the driver) but still on a licensee's 
site. The commenter noted that a temporary security zone cannot 
accompany the shipment until it physically exits the licensee's 
property or jobsite.
    Response: It is the licensee's responsibility to implement the 
requirements of 10 CFR part 37 throughout the shipment regardless of 
the location.
    Comment C59: One commenter noted that Sec.  37.47(d) is not clear 
whether the regulation requires a physical presence for maintaining 
continuous surveillance, or whether the continuous surveillance may be 
by remote monitoring. The commenter also noted that the wording implies 
that the licensee must provide an approved individual and questioned 
whether the service provider approved under Sec.  37.29(m) is permitted 
to provide the continuous surveillance while working.
    Response: The continuous surveillance may be by remote monitoring. 
If a service provider has been approved for unescorted access, then the 
individual can provide the surveillance. It is noted that if that 
individual is conducting work of some sort, it may be difficult for 
that individual to also maintain continuous surveillance.
    Comment C60: One commenter noted that Sec.  37.47(d) requires 
additional measures for security zones for category 1 radioactive 
material during maintenance, source receipt, etc. when security zones 
are compromised and that permanent security zones are required in Sec.  
37.47(c) for both category 1 and 2 radioactive material. The commenter 
questioned why the additional measures are required only for category 1 
radioactive material if the security zones are compromised during 
certain times. The commenter noted that it appears that the isolation 
requirements for radiation protection under restricted, radiation, high 
radiation and very high radiation areas provide the same or better 
levels of security than those described (i.e., continuous physical 
barriers that allow access to the security zone only through 
established access control points; or licensees could exercise direct 
control of the security zone by approved individuals at all times). The 
commenter noted that you do not need to have duplicate regulations that 
apply to category 1 and category 2 quantities of radioactive material.
    Response: The additional measures are only required for the 
category 1 material because these materials are considered higher risk 
than the category 2 materials. A security zone can be the same as the 
area used for radiation protection if it meets the requirements of part 
37. The measures in part 37 are intended to prevent/detect theft of the 
material and not to protect an individual from radiation exposure.
    Comment C61: One commenter noted that Sec.  37.47(d) indicates that 
during those identified periods an approved individual must be provided 
to maintain continuous surveillance of the sources. The commenter noted 
that ``approved individual'' is not defined. The commenter also noted 
that depending on the design of the facility, multiple approved 
individuals may be necessary to adequately monitor activities 
throughout a site, which does

[[Page 16981]]

not appear to be clearly required by the rule.
    Response: The NRC agrees with the comment and has revised the rule 
to clarify that an approved individual is someone approved for 
unescorted access and to reflect that more than one individual may be 
necessary.
    Comment C62: One commenter recommend deleting the phrase ``without 
delay'' from Sec.  37.49(a)(1) as the phrase is unrealistic during 
normal business hours. The commenter noted that unauthorized access 
whether actual or attempted would only be detected ``without delay'' if 
individuals were in the vicinity and could witness the access or 
attempt to access. One commenter stated that the monitoring, detection 
and assessment requirements in Sec.  37.49 are unduly onerous. The 
commenter indicated that the requirement to maintain the capability to 
detect without delay attempted unauthorized entry into the security 
zone should be eliminated or defined in a more concrete manner for the 
sake of clarity in enforcement. One commenter asked how much time is 
allowed for response when an unauthorized entry into the security zone 
is discovered. The commenter also asked for clarification on the 
meaning of without delay. One commenter requested clarification on what 
is meant by detect without delay all unauthorized entries into a 
security zone. The commenter asked if the licensee was to respond 
immediately and also asked how this could be accomplished when using an 
alarm monitoring service. The commenter recommended removing ``without 
delay'' from Sec.  37.49(a)(1). The commenter stated that ``without 
delay'' is unrealistic during normal business hours as a business' 
security system will not be set to alarm. The commenter noted that 
areas that may contain category 1 or category 2 quantities may be 
locked and unoccupied but not monitored. The commenter noted that 
unauthorized access whether actual or attempted would only be detected 
``without delay'' if individuals were in the vicinity and could witness 
the access or attempt to access.
    Response: The NRC disagrees with the comment. The NRC notes that 
the orders contain a similar provision to immediately detect, assess, 
and respond to unauthorized access. ``Without delay'' means promptly or 
immediately. The purpose of security provisions is to quickly detect 
and respond to any potential theft of the material. The NRC further 
notes that, if a licensee is merely locking the material in a room and 
not implementing any other security provisions, they would not be in 
compliance with the orders or the rule. No change has been made to the 
rule.
    Comment C63: One commenter noted that the intent of Sec.  
37.49(a)(1), in the event of a power failure or tampering that affects 
the monitoring and detection system, should be to provide (1) a 
reliable power back up or (2) prompt notification of the power failure/
tampering such that the licensee will take immediate corrective action 
to restore the power and provide for alternate monitoring and detection 
that meets the requirements of the part until the system is repaired. 
One commenter asked what the NRC's expectations were for implementation 
of the security requirements in an emergency, including the expectation 
as to how long backup systems were required to operate. The commenter 
asked how a licensee is supposed to implement these requirements when 
there are no provisions for individuals to even reenter a disaster 
area.
    Response: The backup power for the monitoring and detection system 
needs to be available until power is restored or other measures need to 
be used such as direct surveillance. Disaster situations such as 
flooding or earthquakes that prevent entry to the facility would be 
addressed on a case-by-case basis.
    Comment C64: One commenter stated that Sec.  37.49(a)(2)(ii) should 
contain a more accurate description such as ``* * * alert personnel 
within audible range of the alarm.'' Another commenter noted that 
``nearby'' needed to be clarified as NNSA representatives recommended 
only silent alarms in the area immediately surrounding category 2 
sources.
    Response: The NRC believes that the language is appropriate and has 
not revised the rule. Additional information is provided in the 
implementation guidance document.
    Comment C65: Two commenters recommended adding a 4th method to 
Sec.  37.49(a)(3)(i) to allow security zone intrusion detection alarms. 
The commenter explained that when the intrusion detection system is 
monitoring the security zone, an attempt to gain unauthorized access 
into the security zone results in an alarm that is equated to an 
attempt to remove or sabotage the material. The commenter noted that 
during normal business hours when an intrusion detection alarm to a 
security zone is disabled the licensee prevents unauthorized access 
into security zones with locks, physical barriers, and surveillance or 
some combination of each. The commenter stated that it is during these 
periods that a tamper-indicating alarm or radiation detection alarm or 
video surveillance could alert the licensee of an unauthorized attempt 
to remove radioactive material from the security zone. The commenter 
stated that, if the method is not added, revision is needed in the 
implementation guide that allows the licensee to rely on its main site 
wide intrusion detection system when the intrusion detection system is 
activated, the facility is not occupied by the licensee, AND the 
intrusion detection system can detect access to the security zone.
    Response: The NRC disagrees with the comment that a 4th method 
needs to be added to the rule. Although this is not the preferred 
method, the situation described in the comment is not prohibited under 
the rule. Additional information has been added to the implementation 
guidance.
    Comment C66: One commenter asked whether a tamper device was 
sufficient to verify the presence of material or would a weekly check 
still be necessary. One commenter noted that a weekly verification 
should only be performed for sources/devices that do not have tamper-
indicating devices. Another commenter stated that the weekly check was 
too prescriptive and asked about the basis for the timeframe. Another 
commenter stated that a weekly check was not adequate. The commenter 
noted that the orders require the licensee to respond immediately to 
any actual or attempted theft, sabotage, or diversion and that a weekly 
check would allow the material to be missing for up to a week before it 
is discovered. The commenter suggested that Sec.  37.49(a)(3)(ii) be 
revised to read: ``For category 2 quantities of radioactive material, 
the licensee must maintain control of licensed material, secure it from 
unauthorized removal or access, and without delay, detect and recover 
all stolen, missing or lost licensed material.'' One commenter stated 
that verification of the radioactive material may not be appropriate 
for sources housed in devices. The commenter suggested requiring 
verification ``to ensure that the source/device is present'' and 
suggested that this verification could be made by means of a camera in 
the room housing the device/source.
    Response: Category 2 quantities of radioactive material are 
considered risk-significant and if not in use, the material needs to be 
checked to make sure it is still present. Contrary to the comment, the 
rule is not prescriptive. The rule does not require that a licensee 
conduct a physical check. The rule allows the licensee to pick a method 
that best fits its needs; a physical check is one of the methods that 
could be used. There are

[[Page 16982]]

many other methods that could be used to conduct the verification. 
Tamper indicating devices are considered adequate to meet the 
requirement. The licensee can also use methods to detect removal of the 
material.
    Comment C67: One commenter suggested deleting the weekly 
verification for category 2 quantities in Sec.  37.49(a)(3)(ii) and 
include the category 2 material in the category 1 material requirement 
for continuous surveillance. The commenter noted that the provision 
implies that it may be acceptable for a missing category 2 quantity of 
material to go undetected for up to a week when this is clearly not the 
case.
    Response: Category 1 quantities of radioactive material are 
considered higher risk than category 2 quantities of radioactive 
material. Therefore, there are more requirements on the category 1 
material. The commenter is correct, however, that the NRC does not mean 
to imply that it is acceptable for missing category 2 materials to go 
undetected for a week. A weekly verification is just one of several 
acceptable methods to make sure that unauthorized removal of the 
material has not occurred. Each licensee must determine its own 
compliance strategy to meet the security requirements of this rule, but 
the rule provides significant latitude for each licensee to comply in a 
way that optimizes its individual operating requirements.
    Comment C68: Two commenters stated that the monitoring and 
detection requirements of the security program need to be more 
prescriptive, with a minimum requirement for electronic sensors and a 
detection system linked to an onsite or offsite monitoring facility. 
The commenters did not believe that allowing monitoring and detection 
to be performed only by visual inspection or direct visual surveillance 
was adequate. The commenters noted that the concepts of detection, 
delay, and deterrence are best implemented through multiple tiers of 
security. The commenters stated that in the scenario of armed 
terrorists with explosives attacking a facility, reliance on 
individuals to be the sentinels would allow the security program to be 
defeated rather easily.
    Response: While the NRC agrees that defense in depth is always a 
good practice, the NRC believes that allowing direct visual 
surveillance is appropriate. The NRC attempts to balance the burden of 
imposing additional requirements against the risk of the material and 
the added protection a measure provides.
    Comment C69: One commenter stated that the requirement to have a 
means to detect unauthorized removal of the radioactive material from 
the security zone was unnecessary and would create a huge burden to 
establish. The commenter also noted that the requirement does not even 
account for the fact that the alarm has to be monitored or by whom.
    Response: The purpose of the security program is to detect and 
prevent unauthorized removal of the category 1 and category 2 
quantities of radioactive material. The provision in question does not 
require an alarm. If alarms are used, the licensee has flexibility in 
determining who conducts the monitoring and who responds.
    Comment C70: One commenter asked what the NRC's expectation was for 
implementation of the requirement to immediately detect any attempted 
unauthorized removal through the use of electronic sensors linked to an 
alarm. The commenter wanted to know if the electronic sensors are to be 
mounted to the actual source, hot cell, or storage area. The commenter 
noted that there are numerous ways to shield radioactive material, 
therefore, the method has to be able to detect an unauthorized removal 
of a shielded container, and using a building or area alarm is 
specifically not allowed.
    Response: The NRC assumes the commenter is referring to the 
requirements in Sec.  37.49(a)(3). This requirement is in addition to 
the requirements in Sec. Sec.  37.49(a)(1) and 37.49(a)(2). Licensees 
must be able to detect the unauthorized removal of a category 1 source. 
Licensees can choose any method to detect unauthorized removal. Some 
methods that the licensee may use to meet this requirement include, but 
are not limited to, the following:
     Alarming electronic tamper-indicating device;
     Alarming radiation detector; or
     Visual surveillance by an approved individual.
    If a licensee uses electronic tamper-indicating alarms, the alarm 
should be capable of alarming either when an attempt is made to remove 
a category 1 quantity of radioactive material from a device, or when an 
attempt is made to remove the device itself. The tamper-indicating 
alarms should be armed at all times, except during periods of 
maintenance.
    Comment C71: One commenter stated that it is an unreal expectation 
that licensees can assess an attempted unauthorized entry and that the 
requirement should be removed as there is no resulting gain in 
security. The commenter noted that this increases the surveillance 
burden on licensees to monitor not just access but attempted access. As 
an example the commenter noted the situation where someone walking by 
tries to open the door and the licensee would be required to be able to 
detect that and assess. For the same reasons, the commenter stated that 
the requirement to respond to attempted unauthorized access should also 
be removed. Another commenter felt that the requirement was too broad. 
This commenter also noted the situation where someone (including an 
inspector) tries a locked doorknob of a secured area. The commenter 
noted that there is no point in responding to this sort of challenge to 
the system as long as the door remains locked as there is no security 
benefit gained by responding to this type of situation. The commenter 
stated that to prevent and reduce unnecessary responses to this sort of 
trivial challenge, a continuous watchman would be needed or a locked 
door outside the security zone to prevent access to the boundary of the 
security zone to keep individuals away from the security zone. The 
commenter suggested the following change to the rule text: ``The 
licensee shall immediately respond to any action that breaches the 
perimeter of the Security Zone.'' One commenter noted that Sec.  
37.49(d) requires the licensee to immediately respond to any actual or 
attempted unauthorized access in addition to requesting an armed LLEA 
response. The commenter noted that presumably this means the alarm 
service will notify the LLEA on behalf of the licensee as requiring the 
licensee to physically respond could put them in harm's way should the 
intruder be armed. The commenter also asked what other actions the 
licensee should take (i.e., do surveys, inventory material, etc.).
    Response: The NRC disagrees with the comment. The NRC believes that 
it is important to assess the attempts to gain unauthorized entry. An 
individual could test the system before an actual break-in to steal the 
material.
    Comment C72: One commenter pointed out that the NRC supported and 
recommended that licensee's volunteer to participate in the NNSA GTRI 
program. The commenter noted that the rule does not acknowledge or 
differentiate its requirements for fixed facilities which have 
completed or are in the process of completing participation in the GTRI 
and that the NRC should acknowledge the differences between facilities 
that merely meet the NRC requirements and those that have the robust 
security provided by the GTRI. The commenter stated that licensees will 
be unable to

[[Page 16983]]

meet specific requirements prescribed in proposed part 37.
    Response: The NRC does support the GTRI program that provides 
security upgrades to licensee facilities. However, all licensees are 
required to meet all of the requirements of 10 CFR part 37 regardless 
of participation in the GTRI program. Licensees that participate in the 
GTRI program may take credit for those upgrades that meet the 10 CFR 
part 37 requirements.
    Comment C73: One commenter asked how long the continuous (primary 
or alternative) communication capability must continue to be operable. 
The commenter asked what arrangements need to be made to maintain the 
capability in any emergency. The commenter noted that there is no 
practicable means to implement this requirement as no communications 
systems work reliably for many hours or days, particularly if there is 
no power available, nor personnel allowed in the area to start a 
generator.
    Response: During most emergencies, the licensee would be expected 
to maintain operability of either the primary or alternative system 
throughout the emergency. Disaster situations such as flooding or 
earthquakes that prevent entry to the facility would be addressed on a 
case-by-case basis.
    Comment C74: One commenter noted that guidance on allowable dose 
limits should be added to Sec.  37.49(d) for LLEA first responders. The 
commenter noted that most licensees are probably following the EPA's 
Protective Action Guidance of 25 rem whole body dose for life-saving 
actions and protection of large populations and that it would be 
helpful to have guidance on what to plan for, as part of LLEA training.
    Response: The NRC disagrees with the comment and notes that 
guidance does not belong in the regulations. First responders are 
subject to the dose restrictions in State or Federal occupational 
safety regulations.
    Comment C75: Several commenters suggested revising the frequency of 
the testing, maintenance, and calibration requirement. One commenter 
questioned the technical basis to require operability and performance 
testing of intrusion alarms and communication systems every 3 months 
and asked if the frequency was supported by industry data or a 
probabilistic risk analysis from the nuclear power industry. Another 
commenter stated that the test frequency for a device should have a 
relationship to the device's known failure rate. Another commenter 
stated that the requirement was extremely vague, questioned what 
standard things are to be tested and calibrated, what performance 
standard should be used, and noted that the timeframe was arbitrary. 
The commenter suggested that annual testing would be more consistent 
with other requirements. One commenter suggested every quarter at 
intervals not to exceed 5 months. The same commenter also suggested 
adding ``Equipment without a known failure mechanism shall be tested 
after initial installation and at a frequency not to exceed 10 years.'' 
One commenter suggested a monthly frequency, another suggested an 
annual frequency. One commenter stated that testing should be more 
frequent than quarterly but did not specify a timeframe. One commenter 
suggested testing every 6 months and noted that testing required 40 
man-hours to complete. One commenter stated that any testing should 
include verification of the notification process to the responding 
individuals, including the LLEA, on at least an annual basis. One 
commenter recommended an annual requirement to exercise the assessment 
and response portions of the physical protection systems including an 
invitation to the LLEA to participate if reasonable to do so. One 
commenter stated that an annual requirement should be included that 
exercises the assessment and response portions of the physical 
protection systems.
    Response: The NRC reevaluated the testing frequency. The 
requirement has been changed to allow the licensee to conduct the 
maintenance and testing at the manufacturer's suggested frequency. The 
manufacturer's suggested frequency would presumably account for known 
failure rates. If the manufacturer does not suggest a frequency, the 
testing must not exceed 1 year.
    The NRC agrees that exercising the response portion of the security 
plan is a good practice, and we encourage licensees to exercise their 
plans with the LLEA. However, requiring licensees to exercise their 
response plans may be too burdensome for small licensees with less 
complex security plans.
    Comment C76: One commenter stated that the rule and guidance should 
allow licensees to limit testing of alarms, associated communication 
systems, and other physical components of the security system to those 
alarms, systems, and components necessary to meet the requirements. The 
commenter pointed out that testing all alarms, systems, and components 
quarterly is a long-term financial burden and could result in licensees 
removing all unnecessary alarms, systems, and components. The commenter 
noted that requiring only testing of necessary equipment leaves the 
requirement open for interpretation but that performance-based 
regulations should allow for a risk-based analysis. The commenter 
stated that testing of all alarms places an unnecessary burden on 
licensees and will encourage licensees to minimize the number of alarm 
points in a system which is counter to the intent of this regulation. 
Testing of necessary alarms will show that the system is functioning 
appropriately. Another commenter noted that some devices may require 
partial disassembly of the equipment for testing and that repeated 
disassembly and reassembly for testing purposes could lead to premature 
failure or wear on components. The commenter suggested that internally 
installed detection devices be allowed to be tested on an annual basis, 
which could coincide with an annual preventive maintenance of the 
equipment. One commenter noted that the rule needs to be modified to 
indicate what testing is required. One commenter requested that the 
following be addressed in the discussion when the final rule is 
published. If an alarm system/device is removed/de-energized from 
service because the ``individual with overall responsibility for the 
security program'' deemed the device unnecessary, obviously there are 
no testing/maintenance requirements; however, if the device is deemed 
unnecessary, but remains energized, must testing/maintenance be 
performed and documented?
    Response: The NRC agrees with the comment. The licensee is only 
required to maintain and test those components that it relies on to 
meet the security requirements of 10 CFR part 37. See also the response 
to C75.
    Comment C77: Three commenters recommended removing the requirement 
for calibration from Sec.  37.51. One commenter noted that there are 
procedures to test and maintain these systems, but the term calibration 
seems out of place. Another commenter questioned how you calibrate an 
intrusion detection system. Several commenters requested clarification 
on what is expected beyond maintenance and testing. One commenter 
suggested changing calibration to appropriate operational checks. The 
commenter noted that true calibration of radiation monitors would 
expose staff to unnecessary radiation dose.
    Response: The NRC agrees with the comment and has removed the 
calibration requirement. Testing the operability of a system is 
sufficient to ensure that the equipment is operational and able to 
serve its function. Some of the equipment, such as meters, relied on 
for safety may be calibrated, but some

[[Page 16984]]

equipment would not be calibrated as the term is typically considered.
    Comment C78: One commenter stated that it was not clear what is 
expected for compliance for the maintenance, testing, and calibration 
requirement. Another commenter asked what was considered acceptable 
maintenance, testing, and calibration.
    Response: The licensee must ensure that the intrusion detection 
system (IDS) is operational and capable of performing its required 
function. To maintain functionality, licensees must periodically test 
the IDS and perform maintenance on malfunctioning components. The 
testing program is considered acceptable if the IDS operates in a 
manner consistent with the licensees' physical security plan. Licensees 
will be required to test the entire IDS or components of the IDS at the 
frequency specified by the manufacturer or at least annually. The 
licensee may choose to test the entire IDS or components of the IDS 
throughout the 12 months.
    Comment C79: In the proposed rule, the NRC specifically requested 
comment on whether an exemption for disabling vehicles should be 
provided in certain hazardous situations. Commenters were requested to 
provide information on: (1) Whether relief from the vehicle disabling 
provisions should be provided; (2) any problems experienced in 
implementing this aspect of the Increased Controls; (3) whether there 
should be an exemption written into the regulations or should licensees 
with overriding safety concerns be required to request an exemption 
from the regulations to obtain relief from the provision; (4) whether 
any exemption should be a blanket exemption or a specific exemption for 
the oil and gas industry; and (5) whether the disabling provision 
conflicts with any Occupational Safety and Health Administration (OSHA) 
requirements or any State requirements. Fourteen commenters provided 
responses to the specific questions on this subject.
    Of those that provided responses to the questions on the exemption 
for disabling vehicles when a mobile source is in or on the vehicle, 
the majority supported providing some sort of relief from the vehicle 
disabling provisions where there is a potential threat due to the work 
environment, such as a refinery or oil field. Only one commenter 
opposed providing relief. A couple of commenters did indicate that they 
had had problems in implementing the vehicle disabling requirement 
under the Increased Controls, some commenters noted that the provision 
was in opposition to the facility safety rules. A couple of commenters 
noted that the requirement was in conflict with OSHA and/or State 
requirements. On the question of whether an exemption should be written 
into the regulations or handled on a case-by-case basis, the commenters 
were split, but a slight majority favored writing the exemption into 
the regulations. Those supporting the exemption being written into the 
regulations noted that providing an exemption on a case-by-case basis 
creates a burden on the licensee to prepare the request and on the 
regulatory agency to review the request. One of the commenters 
supporting the regulatory exemption still felt that the licensee should 
provide adequate justification for claiming the exemption. Those not 
supporting the regulatory exemption felt that the case-by-case review 
would allow the regulator to review whether the exemption was actually 
warranted. Two of the commenters stated that the requirement should be 
removed as the requirement to remove the ignition key is not warranted 
and unnecessary. On the question of whether an exemption should be 
specific for the oil and gas industry or be broader, most commenters 
supported a blanket or broader exemption. One commenter suggested a 
blanket exemption for all category 2 sources. On the question of 
whether the disabling provision was in conflict with OSHA or any State 
requirements, three commenters indicated a possible conflict but did 
not provide any specifics.
    In addition to those that responded to the specific questions, five 
commenters provided comments on this topic. One commenter noted that 
the requirement for disabling mobile sources presents safety concerns 
within a refinery or petrochemical plant. The commenter noted that 
individuals must be able to quickly evacuate the site in the event of 
an emergency and that unoccupied vehicles must be able to be moved by 
other evacuees or emergency responders. The commenter noted that 
requiring a secondary securing device other than the key from a vehicle 
prevents the easy movement of the vehicle and compromises safety in the 
event of an emergency. One commenter indicated that relief should be 
provided on an as-needed basis. Another commenter noted that there is a 
possibility that an individual using a mobile device needs to evacuate 
an area quickly and that using a disabling device could jeopardize the 
health and safety of the individual. The commenter suggested the 
following language: ``For devices in or on a vehicle or trailer, the 
licensee shall secure the vehicle or trailer containing the device from 
theft when not under the direct control of the licensee. This may be 
accomplished by removing the ignition key and arming a vehicle alarm 
system, or through the use of disabling device or by the removal of 
component that would result in the inability to operate the vehicle or 
trailer.'' One commenter stated that further guidance was necessary on 
what was meant by disable and that the commenter assumed that the 
disabling was temporary. One commenter indicated that any exemption 
should be broader than just for the oil and gas industry. One commenter 
recommend revising Sec.  37.53(b) to allow credit for removing the key 
from the ignition and maintaining the key with the individual. The 
commenter noted that a disabling device could add additional risks to 
the worker; for instance, if the device fails, the individual may 
become stranded, or it may slow emergency egress.
    Response: After consideration of the comments on this issue, the 
NRC has decided that an exemption should be added to the regulations 
instead of doing reviews on a case-by-case basis. Requiring licensees 
to submit an application for an exemption that would in most cases be 
approved imposes unnecessary burden on both the licensee and the agency 
staff. The NRC has also decided that the exemption should be broader 
than for just the oil and gas industry as there are other situations 
where a similar health and safety issue may arise. The NRC has revised 
Sec.  37.53(b) to provide flexibility for situations where the health 
and safety requirements for a site prohibit the disabling of the 
vehicle.
    Comment C80: One commenter indicated that the terms ``mobile'' and 
``portable devices'' are used differently in 10 CFR part 37 than 
elsewhere in the regulations. The commenter stated that the NRC should 
change the terminology or the requirements be changed to be applicable 
to already defined mobile and portable devices.
    Response: The NRC disagrees with the interpretation that the terms 
``mobile'' and ``portable devices'' are used differently in 10 CFR part 
37 than elsewhere in the regulations. The usage of the terms in 10 CFR 
part 37 is in agreement with previously issued NRC guidance. 
Specifically, the Increased Controls Question and Answer 159, 
provides guidance for definitions for ``portable'' and ``mobile'' as 
provided by the American National Standard for Gamma Radiography.
    Comment C81: A few commenters suggested a change to the timing of 
the program reviews. Commenters

[[Page 16985]]

suggested an annual frequency not to exceed 14 months between the dates 
of the reviews, a timeframe of 15 months, a timeframe of 8 to 15 
months, and language similar to Sec.  20.1101 of periodically (at least 
annually). The commenters noted that this would provide some 
flexibility to allow for circumstances beyond the control of the 
workforce. One commenter noted that the program review could be 
eliminated and included under Sec.  20.1101(c). One commenter stated 
that the review should include a requirement for the licensee to 
summarize those occasions where an unauthorized access resulted in 
activation of the monitoring and detection systems, but the licensee's 
assessment showed no actual or attempted theft or diversion of 
radioactive material as such alarms could be indicative of a `probe' to 
test or evaluate a licensee's response by a potential intruder.
    Response: The NRC agrees with the comment and has revised the 
language for the program review to be consistent with Sec.  20.1101. 
The use of consistent terminology between the safety and security 
programs should enhance the licensee's understanding of the 
requirement. The NRC does not believe that it is necessary to add 
additional detail on what must be included in the program review.
    Comment C82: One commenter noted that Sec.  37.55 introduces the 
term ``radioactive material security program'' which should be 
clarified and consistently used in the regulations.
    Response: The concept of the security program is introduced in 
Sec.  37.41. The NRC believes that the term has been used consistently 
in the regulations and that the concept is clear. The implementation 
guidance contains information on the security program.
    Comment C83: One commenter requested clarification on what 
radioactive materials should be included in the security program 
review.
    Response: Part 37 only applies to category 1 and category 2 
quantities of radioactive material. The security program review would 
only address the security of the category 1 and category 2 quantities 
of radioactive material.
    Comment C84: One commenter indicated that the LLEA required it to 
file Non-Residential Burglary Alarm Registrations for each room in 
which an irradiator is housed (and to which they are expected to 
respond in the event of an alarm). The commenter noted that the LLEA 
has indicated that an LLEA response is deemed false if no evidence of 
criminal activity is found, in which case a ``False Alarm Notice'' will 
be served, including penalties escalating up to $4000 for requested 
LLEA responses that are judged to be false. The commenter noted that 
this places the licensee in a very bad position to attempt compliance 
with this regulation and risk fines from the LLEA. The commenter noted 
that there does not need to be evidence of criminal activity for the 
licensee to perceive a threat to its facility, and appropriately 
request LLEA response. The commenter requested that NRC conduct 
outreach to the LLEA community with the intent of clarifying NRC's 
expectations on this topic.
    Response: Section 37.57 states that the licensee shall immediately 
notify the LLEA after determining that an unauthorized entry was an 
actual or attempted theft, sabotage, or diversion of a category 1 or 
category 2 quantity of radioactive material. The NRC believes that such 
an unauthorized entry would likely constitute criminal activity. 
Furthermore, suspicious activity related to possible theft, sabotage, 
or diversion of category 1 or category 2 quantities of radioactive 
material would also constitute suspicion of criminal activity. When 
coordinating with the LLEA, the licensee must explain that it will 
request a timely armed response to any actual or attempted theft, 
sabotage, or diversion of category 1 or category 2 quantities of 
material.
    Comment C85: One commenter requested that Sec. Sec.  37.41 and 
37.49 be revised to reflect that a licensee is restricted in detection 
and assessment by available technology and resources.
    Response: The NRC does not believe the change is necessary. The 
requirements do not specify a technology, and the licensee can change 
the method used to meet the requirements whenever it wants, as long as 
the plan is updated and training conducted on the revised plan.
    Comment C86: One commenter expressed concern that the vocabulary 
was not consistent with part 73 and that it was unclear exactly what 
the rule required from a security standpoint in Sec. Sec.  37.41(b) and 
37.49.
    Response: The commenter is correct that the terminology between 10 
CFR parts 73 and 37 may not be consistent. Part 37 does not have any 
requirement for a design basis accident and pertains to less risky 
materials. Part 37 applies to a different type of material and licensee 
in most cases. The terminology used in 10 CFR part 37 is geared for a 
materials licensee and not a reactor or fuel cycle facility. Guidance 
for implementing 10 CFR part 37 is contained in the implementation 
guidance.
    Comment C87: One commenter stated that the proposed regulations, as 
applied to Gamma Knife radiosurgery units, do not give sufficient 
weight to engineered controls. The commenter felt that the greatest 
risk was during source exchange, which only occurs every 5 to 7 years, 
and not from someone obtaining access to the equipment overnight or on 
a weekend. The commenter further stated the opinion that there is 
almost no danger during the ordinary operation of the equipment to 
treat patients.
    Response: The NRC acknowledges that accessibility of a category 2 
source(s) depends on the design of the device containing the source(s) 
and the means used to gain access to and possibly remove the source(s). 
However it is anticipated that an adversary will use whatever means is 
available to gain access to and possibly remove a source. The category 
2 designation has no basis in regard to the time it would take to 
remove a source from the device in which it is contained. The security 
program is designed to deny an adversary the opportunity to gain access 
to a category 2 source. It is reasonable to expect that overnight and 
weekend periods would provide an opportunity to an adversary.
    Comment C88: One commenter stated that the requirement limiting 
unescorted access to approved individuals would appear to preclude the 
treatment of patients with a Gamma Knife radiosurgery unit since the 
patient is required to be unescorted in the treatment room due to the 
high radiation levels, and the treatment room would normally be 
considered to be the security zone. The commenter noted that closed 
circuit television is used to monitor the patient rather than line-of-
sight observation, and that this could be used in place of human escort 
for those individuals needing entry to the treatment room.
    Response: A patient undergoing treatment is considered to be an 
escorted individual. Closed circuit television used to monitor the 
patient meets the requirements of Sec. Sec.  37.45 and 37.47.
    Comment C89: One commenter stated that for a Gamma Knife 
radiosurgery unit, individuals subject to background investigations 
should be defined as those who have the key or pass code for the 
treatment room door and the ability to turn off the security system and 
not the personnel who may need access to a patient on treatment day. 
The commenter stated that individuals with the keys or pass code are 
the ones that can enter a room and have access to the unit for a long 
enough time, such as outside of normal treatment days, to

[[Page 16986]]

remove any or all of the radioactive sources.
    Response: Gamma Knife radiosurgery is typically performed by a team 
of individuals. The licensee has the option of escorting those team 
members not authorized for unescorted access. For example, the licensee 
may decide to grant unescorted access to authorized medical physicists 
and have them provide escorted access for physicians, nurses, 
technologists, etc.
    Comment C90: One commenter noted that it is important that Gamma 
Knife units secured behind electronically locked doors have a backup 
door alarm which operates during a fire alarm. The commenter noted that 
hospitals are increasingly adopting electronic locks for securing rooms 
and that the fire code requires electronic locks to be disabled during 
a fire alarm. The commenter noted that frequently the door alarm and 
motion detector are tied into the same system.
    Response: The licensee must meet the requirements of the rule. Any 
additional alarms or other systems beyond those used to meet the 
requirements are at the discretion of the licensee.
    Comment C91: One commenter noted that since a Gamma Knife treatment 
room has a single entrance that could be controlled by an assailant, 
one or more panic alarm buttons, unobtrusively placed, should be 
installed so that the staff could summon security without being 
noticed. The commenter also suggested requiring use of a portal 
radiation monitor tied into security at the exit.
    Response: The use of duress/panic alarms could be used to enhance 
the licensee's response plans and a radiation monitor can be used to 
detect a situation where a source has been removed from a device. The 
licensee can determine which methods it will use to comply with the 
rule. Any additional alarms or other systems beyond those used to meet 
the requirements are at the discretion of the licensee.
    Comment C92: One commenter stated that additional security measures 
addressing radioactive materials are not necessary in the refining or 
petrochemicals industry due to the location, lack of accessibility, 
source holder design, and currently applicable security requirements. 
The commenter noted that the sources are continually monitored by 
process control systems and there would be an immediate response, due 
to process safety concerns, if they were to go off-line. The commenter 
noted that most sources are contained within source holders bolted 
individually to a process column or equipment and the source holders 
are typically very large, heavy, cumbersome metal containers. The 
commenter noted that to remove the source holders requires tools, 
cranes, hoist or scaffold support because of their weight and position 
on the process equipment. The commenter also noted that the sources are 
not aggregated but are located within the various operating unit 
locations scattered over several acres.
    Response: Part 37 only applies if the material is aggregated such 
that the total equals or exceeds the category 2 threshold. As with the 
orders, the licensee can take measures such that the provisions do not 
apply. For example, if a source holder is welded to the column and has 
a cage around it, the NRC has determined that this is sufficient and 
the sources would not need to be considered in aggregating the 
material. Additional information has been added to the implementation 
guidance to clarify what types of barriers would be sufficient.
    Comment C93: One commenter noted that the type and configuration of 
irradiators would render the probability of their use in an act of 
terrorism as extremely unlikely. The commenter noted that they are 
stationary, weigh in excess of 1000 pounds, and are secured within 
segregated and separately locked facilities on a secure campus 
requiring separate authorized keycard access to both the buildings 
themselves and the irradiator rooms 365 days per year. The commenter 
recommended that the NRC exempt irradiators from 10 CFR part 37.
    Response: The NRC disagrees that irradiators should be exempt from 
the requirements of 10 CFR part 37. The requirements are designed to 
control access both to the radioactive material and to the irradiator 
by controlling access to the security zone. The NRC has engaged the 
expertise of national laboratories that have shown that these devices 
may be vulnerable to theft, sabotage, or diversion under certain 
scenarios. For this reason, and the possibility that the necessary 
trained individual could be a malevolent insider, the NRC has 
determined that certain additional security measures are necessary in 
the current threat environment. Part 37 uses a layered, defense-in-
depth approach to enhance the security of radioactive material in 
category 1 and category 2 quantities. No single measure can provide the 
required security for this material. Therefore, a licensee must 
implement all applicable 10 CFR part 37 requirements.

D. Transportation Security

    Comment D1: In the proposed rule, the NRC specifically invited 
public comment on several aspects of license and address verification. 
Commenters were requested to provide information on: (1) Whether there 
should be a requirement for verification of the license for transfers 
of category 2 quantities of radioactive material or whether it would be 
acceptable to wait for the system being developed before requiring 
license verification for transfers of category 2 quantities of 
radioactive material; (2) how the address verification might work for 
shipments to temporary job sites and the ability of both licensees and 
the Agreement States to comply with such a requirement; (3) the 
frequency of the license verification, and (4) how the transferring 
licensee would know if a license has been modified since the last check 
and that the licensee is still authorized to receive the material. 
Seventeen commenters provided responses to the specific questions on 
this subject.
    Of those that provided responses to the questions on license 
verification, most commenters indicated that the current system for 
license verification for category 2 quantities of radioactive material 
is acceptable until the license verification is developed and ready for 
implementation. A few commenters indicated that phone verification for 
category 2 would be acceptable before the new system is available; 
others indicated that the NRC should wait for the new system. One 
commenter suggested that verification not be required for shipments 
that result in a change of jurisdiction but not a change of licensee. 
Most commenters did not support a requirement for address verification 
for temporary jobsites, noting that in most cases the regulatory 
authority will not know the address for a temporary site and that in 
some cases there is no address. One State indicated that it did not 
allow shipments to temporary jobsites. On the issue of frequency of 
license verification (every transfer, annual, etc.), the response was 
mixed; some noted that annual verification was adequate, some noted 
that every transfer should be verified, some noted that every transfer 
would be ok once the new system is available, some suggested 
semiannual, and some felt that use of the National Source Tracking 
System was sufficient. One commenter noted that amendments and 
enforcement actions typically take a long time so the likelihood of a 
license being modified after a copy is obtained by the transferor is 
very small. The commenter indicated that there was no compelling reason 
to take extra measures to verify that the license has

[[Page 16987]]

not been modified since that last check. Most commenters noted the 
current practice was acceptable until the new license verification 
system is up and running. One commenter suggested obtaining a written 
statement from the receiving licensee RSO attesting to the current 
amendment number.
    In addition to those that responded to the specific questions, 18 
commenters provided comments on this topic. One commenter noted that it 
was unclear why additional work over and beyond the current 
requirements in Sec.  30.41 is needed. Some commenters objected to the 
need to verify a licensee's validity prior to shipment as it creates a 
large burden on the licensee and the regulatory agency. At least one 
commenter felt that the current method of obtaining a copy of the 
receiving licensee's license via either fax or email was adequate to 
verify the validity of a licensee. Commenters felt that, for companies 
with which they do frequent business, verification was not necessary 
and that having a copy of the license on file or verification within 
the last year was adequate. Some commenters noted that verifying for 
every shipment would take time and personnel and increase the cost of 
doing business. One commenter indicated that they felt that it would 
take half a day to process 30 orders using the system which is 4 times 
the current time. Other commenters felt that that an annual check would 
not be acceptable and the verification should occur close to the 
shipping date. One commenter stated that a company should not be 
required to verify a same company license in another State prior to 
transfer between the same company but at different locations. Two 
commenters requested clarification on the need to report shipments 
within the same company but within different jurisdictions, such as 
temporary jobsites in another State.
    One commenter suggested that the verification requirement be 
revised to allow for verification of the delivery address through the 
receiving licensee's RSO or another individual specifically identified 
on the license. The commenter pointed out that some licenses may list 
the primary address but not individual buildings and that the delivery 
(or dock) address may be different than the official building address 
that is listed on the license. Commenters were opposed to including a 
requirement to validate the address for transfers of category 2 
quantities of radioactive material.
    Commenters noted that it can be difficult to reach the regulator 
and once reached that it may take the individual some time to look up 
the license and verify the information. Commenters indicated that this 
could result in delays and/or stopped shipments. As an alternative, one 
commenter suggested that the regulatory agency could send a copy of an 
amended license to ensure up to date and valid copies are on file.
    One commenter recommended removing reference to the License 
Verification System as it does not exist yet and another commenter 
noted that the system would unlikely be operational when the final rule 
is published. Several commenters expressed some concern over how well 
the license verification system will work; some asked for clarification 
on possible access to the system. One commenter recommended that the 
verification provision should not be implemented until the system is 
fully operational and demonstrated to be effective.
    One commenter asked if the verification of license provisions 
applied to exports. One commenter asked if these requirements would 
replace the National Source Tracking System requirements.
    One commenter noted that there is no need to document that a check 
has been done as it can be covered under a procedure that the licensee 
has in place for license checks and that adding additional 
documentation just adds time and effort without value. One commenter 
questioned what documentation was required for the transfer 
verification.
    Response: One of the recommendations from the Independent Review 
Panel was that licenses be confirmed for all transfers of radioactive 
material in risk-significant quantities. The NRC agrees with the 
recommendation and believes that verification of the license before 
transfer is an important component that enhances the security of the 
material by validating the licensee's legitimacy. Use of the License 
Verification System is a key component to allow 100 percent validation 
of licenses before transfer of category 1 or category 2 quantities of 
radioactive material. While some commenters felt that a fax or email 
was adequate to verify the validity of a license, the NRC disagrees. An 
individual can alter or tamper with a license to change the possession 
limits or location of use, or even the person that received the 
license. Currently, many licensees obtain copies of the license and 
keep the copy on file. The problem with this method is that the license 
could be amended or terminated and the licensee would not know that the 
license was no longer valid. The License Verification System is being 
developed to prevent these scenarios from occurring. Licensees are 
required to use either the License Verification System or contact the 
regulatory agency (NRC or Agreement State) to verify that a license is 
valid before shipping category 1 or category 2 quantities of 
radioactive material to a domestic company. For category 1 shipments, 
the licensee must also verify that the shipping address is valid. 
Transfers within the same company in a different State do not need to 
be verified as the company knows what it is authorized to possess. The 
rule language has been clarified to make this clear. Verification is 
not required for imports and exports; the requirements of part 110 
apply. The NRC agrees that the License Verification System (LVS) needs 
to be fully functional before this provision of the regulations is 
implemented. Although the NRC expects a timely startup of the LVS, this 
provision of 10 CFR part 37 permits a separate compliance date that can 
be changed if this startup is delayed.
    The NRC does understand that it can be difficult to reach regulator 
personnel and that there may be times when the system is down. 
Therefore, the NRC has added a new provision that provides an 
alternative so that licensees can still ship. If the licensee cannot 
reach the regulator and the system is nonfunctional, the licensee will 
be able to use certification from the receiving licensee that the 
licensee is authorized to receive the requested radioactive material. 
The licensee must follow-up by the end of the next business day to 
confirm the license was valid.
    The NRC has also changed the documentation requirement. The final 
rule only requires documentation if the licensee conducts the 
verification by contacting the license issuing authority (NRC or 
Agreement State). The documentation can simply be a note to file or a 
copy of an email response from the NRC or Agreement State. The license 
verification system will keep the record of any verification conducted 
using the system, therefore, the licensee is not required to keep 
separate documentation. Documentation is important from an inspection 
and enforcement aspect.
    Comment D2: One commenter noted that the verification requirement 
appears to duplicate the transfer requirements under Sec.  30.41. The 
commenter noted that licensees should be exempted from Sec.  30.41 if 
they have category 1 or category 2 quantities and follow 10 CFR part 
37. The commenter noted that this is an example of an area where 
industry and the NRC could constructively work together through

[[Page 16988]]

public meetings to find the most efficient and effective solution to 
address NRC's concern. One commenter noted that the proposed 
regulations should be consistent with existing NRC regulations related 
to radioactive materials, should not duplicate any existing 
requirements, and should not rely on the general statements of ``not 
withstanding the requirements of any other regulations in this 
chapter.''
    Response: The verification requirements in Sec.  37.71 are in place 
of the requirements in Sec.  30.41(d). The language has been revised to 
make this clear. In addition, the NRC has added a provision to address 
emergency situations where the License Verification System is down and 
the licensee cannot reach the licensing authority.
    Comment D3: One commenter objected to the preplanning and 
coordination requirements in Sec.  37.75 stating that it would be 
impossible to implement for category 2 sources for facilities that make 
numerous shipments a day. The commenter noted that it would require a 
dedicated individual to constantly communicate with customers and 
carriers throughout the day for the 40-60 shipments and receipts that 
occur during the day. The commenter noted that currently the customer 
is told of the shipment date and method of shipment and that the 
preplanning system takes advantage of the already understood arrival 
times if using FedEx or similar. The commenter noted that the shipper 
can review the FedEx confirmed deliveries each day (one central 
location) which verifies receipt by the customer. The commenter noted 
that this has been working very effectively, so there is no reason to 
change to a much more burdensome method.
    Response: It is not clear why the commenter believes that it will 
need to constantly communicate with customers and carriers throughout 
the day. The basic requirements are similar to the orders, with the 
exception of establishing a no-later-than arrival time. The licensee 
could easily establish the no-later-than arrival time as the close of 
the business day on the expected arrival date. If the licensee is 
already telling the customer the shipping information, the addition of 
one additional piece of information does not present a large burden and 
does not require the shipping licensee to conduct its business in a 
different manner than it currently does. The NRC has revised the 
language to clarify the coordination activities and has removed the 
requirement that specified methods of sharing information to provide 
licensees more flexibility. Information has been added to the 
implementation guidance.
    Comment D4: One commenter stated that in Sec.  37.75(a)(2) 
alternate requirements should be added for those States who will not be 
providing law enforcement escorts for the licensee to identify the 
intended LLEA contacts it will use to summon an armed response should 
there be an actual or attempted theft or diversion of the shipment.
    Response: The NRC disagrees with the comment. Part 37 does not 
require the use of escorts for shipments of category 1 or category 2 
quantities of radioactive material; therefore, an alternate requirement 
is not necessary.
    Comment D5: Two commenters noted that in Sec.  37.75(a)(2)(i) the 
term ``minimal delay'' is ambiguous and subject to interpretation. The 
commenter recommended that the term be clarified or deleted.
    Response: The NRC agrees with the comment and has removed the 
requirement. While the purpose of the preplanning and coordination with 
the State is to ensure minimal delays, the language is not necessary in 
the rule itself.
    Comment D6: Several commenters recommended removing the provisions 
for preplanning and coordination activities with the Governors of each 
State that the category 1 shipment will pass through. The commenters 
noted that the advanced notification provided to the State by the 
licensee provides sufficient time for the State to contact the licensee 
if a revision to the route or additional State imposed controls, such 
as escorts, are to be implemented. The commenters noted that Appendix A 
of the regulatory analysis indicates that there had been zero event 
notifications in the past 10 years regarding missing or lost material, 
suspicious activities, theft, or diversion of category 1 materials and 
questioned how additional coordination efforts that are not currently 
required by the orders can be justified. The commenters noted that the 
licensee would be unable to comply with the requirement to arrange for 
positional information sharing when required by the State because, as 
written, States would be authorized to dictate which position tracking 
provider a carrier must utilize, or the State could request that the 
carrier authorize the State to log into the carrier's tracking system. 
This would result in additional costs as there are licensing and data 
communication fees associated with tracking systems. One commenter 
asked if the NRC has determined whether carriers are willing to share 
their positional information real time. One commenter noted that this 
requirement could provide a mechanism for a State to block the 
transport of category 1 material through the State if the requesting 
state official cannot log onto the tracking system. Another commenter 
expressed concern over possible denial of a shipment through a State 
due to tracking system incompatibility. The commenter noted that denial 
of shipment could result in noncompliance with Federal interstate 
transportation laws. The commenter noted that the licensee and carrier 
are capable of determining safe havens along the route and that past 
experience has shown that requesting a State to identify safe havens 
has been fruitless. One commenter strongly agreed with the preplanning 
and coordination requirements as both necessary and desirable. The 
commenter urged the NRC to encourage States to coordinate with the 
LLEAs and affected Tribes, including route and schedule information in 
the shipment verification system, as it can help States monitor 
shipments and the no-later-than arrival times. One commenter noted that 
the coordination with the States is typically conducted by email and 
that there is no discussion unless the State initiates one in response 
to the licensee's notification. One commenter stated that there 
shouldn't be any additional requirements for category 1 quantities that 
might serve to dilute attention paid to highway route control 
quantities (HRCQ). One commenter suggested including the Agreement 
State program on the list for notification and preplanning coordination 
for category 1 shipments. The commenter noted that the Governor's 
designee is not always the Agreement State program director. One 
commenter noted that the need to coordinate with all States for 
transport will be very burdensome unless there is a tool to assist with 
implementation.
    Response: The NRC has determined that the requirement for 
preplanning and coordination with each State for category 1 shipments 
is necessary, but has removed several of the proposed elements.
    The NRC believes that it is necessary to coordinate with the State 
to determine whether the State plans to provide escorts. If the 
licensee doesn't find out about the need for an escort until after the 
advance notification is provided to the State, the licensee would 
likely need to adjust the schedule and reissue the advance 
notifications. Knowing upfront about the need for escorts is likely to 
reduce the overall burden on the licensee and allow the licensee to 
better plan the route for any shipment. The licensee is responsible for 
identifying safe havens along the route. The licensee would provide 
that

[[Page 16989]]

information to the State. If the licensee has difficulty identifying 
safe havens, it may want to discuss this with the NRC, State police, or 
other State contact. (See also response to Comment A11.)
    The NRC agrees that the other elements of preplanning and 
coordination are not necessary. It was not the intent that the State be 
given direct access to the position monitoring system, only that the 
state be provided information about the shipment's location upon 
request. This provision is not included in the final rule. The NRC has 
only retained what it believes are the minimum requirements for the 
preplanning and coordination. The rule does not specify the method for 
conducting the preplanning and coordination. The licensee can conduct 
the preplanning and coordination by email.
    The NRC will maintain the list of State contacts as it does for 10 
CFR part 73 shipments. The list will be available on the NRC's Web site 
at http://nrc-stp.ornl.gov/special/designee.pdf. The list will also be 
published in the Federal Register on an annual basis, typically in 
early July.
    Comment D7: Some commenters objected to the requirement to 
establish a no-later-than arrival time. One commenter pointed out that 
the shipping licensee has no control over when a common carrier 
delivers the material, noting that typically they know the day but not 
an exact hour. The commenter felt that the requirement would result in 
many unnecessary reports or an exaggeration of the time in order to 
avoid making reports and noted that licensees are responsible enough 
not to need a regulation that will burden them and ultimately be 
subverted. Another commenter felt that the rule would be extremely 
costly and time consuming to implement and impractical. The commenter 
stated that the NRC should place the requirement on the carrier and not 
the licensee, as the licensee has no control. Another commenter 
suggested waiting until the end of the day, which was previously agreed 
to, and send a report (NRC 748) into NSTS and hope that it gets put 
into the system, maybe receiving confirmation that the reports were 
received. Two commenters recommended allowing licensees to use the NSTS 
as method to fulfill the notification requirement in Sec.  37.75(b) and 
(c). One commenter supported the concept and suggested timeframes. One 
commenter noted that a loss of material is an immediate notification 
and that the rule as proposed places the licensee in a burdensome 
position of devoting additional time, effort, and concern over movement 
of material that is not completely in their control. The commenter did 
agree that notification between the shipper and consignee is important 
but felt no need for further restrictions or regulations in this area. 
Another commenter noted that the shipper currently sends an email 
notification that has a receiving document attached to the message 
noting when the shipment was received. The commenters believe that 
licensees already effectively track the movement of sources without the 
need to impose additional regulation. One commenter noted that category 
1 shipments are often held up in States for inspection. Commenters 
noted that common carrier delivery guarantees are not accurate to 
within 4 hours. Commenters noted that the 2- and 4-hour timeframes 
would result in numerous modifications to the time or ultra 
conservative estimates. Several commenters suggested 24 hours as the 
timeframe. One commenter noted that licensees routinely monitor the 
status of shipments and notify the carrier and regulatory agency when 
the shipment does not arrive within a reasonable timeframe. The 
commenter stated that the regulations should specify what is required 
and not how to achieve it. One commenter noted that the time of a 
shipment will not be known for material that is transported by common 
carrier as shippers like FedEx simply verify that a shipment will 
arrive by a certain date, and often the only notice that a shipment 
will be late is that it doesn't arrive by the end of the business day. 
One commenter requested clarification that the no-later-than arrival 
time applies only to domestic transfers, either within the definition 
or in the guidance. One commenter noted that Sec.  37.75(b) requires 
licensees to email or fax arrival times for shipments of category 2 
material and that licensees must be made aware that the email must be 
encrypted and faxes be made to an awaiting, known entity as was noted 
in Regulatory Issue Summary 2005-31.
    Response: The NRC continues to believe that the establishment of a 
no-later-than arrival time is beneficial. The NRC notes that the orders 
currently require the licensee to coordinate the expected arrival time 
of the shipment and to initiate an investigation if the shipment has 
not arrived by the expected arrival time. The provision for the no-
later-than arrival time actually provides the licensee with more 
flexibility. The no-later-than arrival time allows for traffic delays 
due to weather and other circumstances before an investigation is 
initiated. The no-later-than arrival time for category 1 shipments has 
been removed as the licensee is required to maintain continuous 
communication capability. The no-later-than arrival time provision only 
applies to domestic shipments. There is no requirement that email be 
encrypted and faxes be made to an awaiting, known entity.
    Comment D8: One commenter stated that Sec.  37.75(c) is a redundant 
requirement as licensees are already required to input data into the 
NSTS when shipping or receiving radioactive material. The commenter 
noted that licensees are already required to initiate an investigation 
if a shipment does not arrive and that there is no reason to require a 
licensee to notify the shipper when the shipment occurs as it is 
scheduled. The commenter noted that this would require a tremendous 
amount of resources and is unnecessary as a licensee is already 
required to notify the shipper if the shipment does not arrive. One 
commenter requested clarification on whether Sec.  37.75(c) applied to 
notify international shippers of receipt within 4 hours. One commenter 
noted that the transferee licensee should notify the NRC (and the 
License Verification System) and the host State when a shipment 
arrives. The commenter indicated that the notification should 
reasonably occur within 2 hours after arrival instead of the 4 hours 
proposed in the rule. Another commenter objected to the need to confirm 
a shipment with the shipper and noted that it was redundant to current 
requirements for the NSTS. A commenter noted that if a notification 
must be made when a shipment does not arrive that it doesn't make sense 
to also require that a notification be made when and if it does arrive 
and therefore it just adds burden without benefit. One commenter 
recommended that the licensee should notify the NRC (and the License 
Verification System) as well as the States affected when a shipment is 
revised or cancelled. The commenter noted that the change should be 
reported by the carrier company after communication/coordination with 
the driver. One commenter objected to the requirement for the receiving 
licensee to notify the shipping licensee within 4 hours of a package 
arrival and recommended that the requirement be removed from the rule. 
The commenter indicated that this would result in an undue cost and 
would require licensees to have personnel on evenings, weekends, and 
holidays to receive/send the information. One commenter asked why using 
NSTS wasn't sufficient.
    Response: The requirement in Sec.  37.75(c) to notify that a 
shipment has

[[Page 16990]]

been received and the requirement to report to NSTS are not redundant. 
The reporting to NSTS is a report to a system and does not notify the 
shipping licensee that a source has been received. The shipping 
licensee would need to access the system to see if the status of the 
source has changed in order to determine if a shipment has been 
received. The reporting to NSTS is by the close of the next business 
day which means information on the receipt of the shipment might not be 
available for several days and this would be too long for a shipment to 
go missing without starting an investigation. Additionally, not all 
shipments are reported to NSTS. When shipments don't arrive on time, 
the shipping licensee needs to start an investigation to determine if 
the material is missing or just delayed in shipment. The requirement to 
confirm shipment is not new as it is a current requirement from the 
orders. The notification provisions do not apply to international 
shipments.
    Comment D9: One commenter noted an inconsistency in the timeframes 
for the receiving licensee to notify the shipping licensee no later 
than 4 hours after the package arrives but that the shipping licensee 
is to begin an investigation within 2 hours of a category 1 shipment 
not arriving by the no-later-than arrival time.
    Response: The NRC has removed the no-later-than arrival 
requirements for shipments of category 1 quantities of radioactive 
material because they are not needed with the communication and 
monitoring requirements associated with these shipments. The provision 
for no-later-than arrival time remains for category 2 shipments. The 
arrival time and the no-later-than arrival time are not the same times. 
The arrival time is the time the shipment actually arrives at the 
facility. The no-later-than arrival time is the time established that 
when a shipment has not arrived and an investigation will be started to 
determine the whereabouts of the shipment.
    Comment D10: Two commenters pointed out an editorial error in Sec.  
37.75(d), noting that the reference to Sec.  37.75(a)(1) should be 
Sec.  37.75(b).
    Response: The NRC agrees with the comment and has made the 
correction.
    Comment D11: One commenter noted that it may not be possible to 
provide the information for an advance notification before the 
shipment. The commenter stated that the information is not available to 
most licensees because carriers are not willing and may not be able to 
provide the detailed information to licensees. The commenter noted that 
for an import, a licensee may not have this information until the 
shipment is in progress, or even when it is received. The commenter 
noted that if it is assumed that this requirement is only applicable 
from the point of customs clearance, then it may be practicable. The 
commenter indicated that the regulation should specifically state that 
it is applicable to the portion of the movement of shipments after 
customs clearance. One commenter asked if NRC has coordinated with DOT 
to determine if the advance notification is practicable. One commenter 
noted that the activity levels are not available with much degree of 
accuracy as the activity is often not measured until the shipment 
arrives. One commenter noted that the shipper may not know when a 
shipment will commence, cross State lines, and arrive. The commenter 
also noted that the shipper may not know of schedule changes ahead of 
time.
    Response: The NRC understands that all of the information may not 
be available at the time of the initial advance notification. Section 
37.77(b) specifically states that the licensee must provide the 
required information if available at the time of the notification. In 
addition, Sec.  37.77(c) provides for revised notifications for 
information that was not available at the time of the initial 
notification and for instances where information changes. The commenter 
is correct that the provisions only apply to the domestic portion of 
the transport for both imports and exports. The requirements would 
begin at the point of customs clearance for imports and end at the 
border for exports. Section 37.73(d) and (e) notes that the provisions 
only apply to the domestic portion of the shipment. Both sections have 
been revised to address exports.
    Although the NRC coordinates with DOT on a number of safety and 
security matters of mutual interest, licensees have implemented advance 
notification requirements for many years, and the practicability of 
these notifications is no longer in serious question.
    Comment D12: Two commenters recommended that the advanced 
notifications to the Governor be made through the NRC's Operations 
Center. The commenters noted that the licensee could simply provide the 
advanced notification to the NRC's Operations Center with a list of 
States affected and the NRC's Operations Center would then transmit the 
advanced notification to the affected States. The commenters noted that 
this would reduce the record retention and notification burden on the 
licensee and would ensure consistency in how the States receive 
notifications.
    Response: The NRC disagrees with the comment. It is the licensee's 
responsibility to notify the affected States. The need for the NRC's 
Operations Center to notify affected States could interfere with its 
primary responsibility to be available for response to events. 
Additionally, for those shipments that are made by an Agreement State 
licensee, the NRC would not be notified as the notification would go to 
the Agreement State. The Agreement State will need to provide the 
information to the NRC so that the NRC can share the information with 
its Federal partners.
    Comment D13: Two commenters recommended including an email address 
and fax number for the NRC point of contact receiving the notification 
in Sec.  37.77(a)(1). The commenters noted that the email address and 
fax numbers should be readily available as most notifications are made 
by email or fax.
    Response: The NRC agrees with the comment and has included the 
secure fax number and email address to submit the notifications to the 
NRC.
    Comment D14: Two commenters recommended removing the option in 
Sec.  37.77(a)(2) to mail in notifications or require that 
notifications not submitted by fax or email be sent via certified mail 
or delivery service. The commenters noted that 7 days prior to the 
shipment date may not be sufficient time to allow a notification 
transmitted through the regular mail to reach the intended recipient.
    Response: The NRC disagrees with the comment. The 7 days prior 
notice requirement is consistent with the similar provision for advance 
notifications for spent fuel shipments. Transmittal of the SGI-M 
information must meet the requirements of Sec.  73.23. The licensee 
always has the option of sending the notification earlier than 
required. The NRC has revised Sec.  37.77(a) to clarify the procedures 
for submitting the notifications.
    Comment D15: Two commenters recommended increasing the notification 
requirement in Sec.  37.77(a)(3) from 4 days to 7 days. The commenters 
noted that the additional time would provide States enough time to 
review and evaluate the details regarding the shipment and would 
preclude the need to conduct the required preplanning and coordination. 
The commenters noted that this advance notification process has been in 
place and proven effective for the past 6 years. One commenter 
recommended that ``other means'' in Sec.  37.77(a)(3) be defined or 
clarified. The commenter assumed it meant by email or fax.

[[Page 16991]]

    Response: The NRC disagrees with the comment. The NRC believes that 
4 days provide sufficient time for the States to review and evaluate, 
particularly since the licensee is required to conduct preplanning and 
coordination with the States in addition to the advance notifications. 
The timeframe is also consistent with the similar provision for advance 
notifications for spent fuel shipments. No State that commented on the 
rule indicated that additional time was necessary. Other means could 
include fax or email, or delivery by messenger. Additional information 
has been added to the implementation guidance.
    Comment D16: Two commenters indicated that it was unclear what 
information the point of contact, requested in Sec.  37.77(b)(7) for 
the advance notifications, should be able to provide. The commenter 
noted that ``current shipping information'' could imply that the point 
of contact should be a person accompanying the shipment, or did it mean 
someone who has information regarding the details of the notification.
    Response: The point of contact would be someone that has 
information regarding the details of the notification. It is not 
intended to be a person accompanying the shipment. Additional 
information has been added to the implementation guidance.
    Comment D17: One commenter noted that the NRC should provide for 
advance notification to Tribes for shipments that cross their 
reservation. The commenter noted that this rule should be consistent 
with the rule that the NRC promulgates for Tribal notifications.
    Response: The NRC may consider providing advance notification of 
these materials to Tribes in the future but does not currently plan to 
include the provision.
    Comment D18: Three commenters suggested changing the phrase 
``movement control center'' to ``communication control center'' in 
Sec.  37.79 to maintain consistency with the orders.
    Response: The NRC disagrees with the comment. Although the orders 
called the centers communication control centers, these centers are 
typically called movement control centers. The terms refer to the same 
function. The NRC is retaining the term movement control center to be 
consistent with the term in 10 CFR part 73 as the centers serve the 
same function.
    Comment D19: One commenter noted that in the definition of 
``movement control center'' various functions are combined and that 
there is no value in requiring that they all be accomplished by one 
entity as the functions may be accomplished by separate departments or 
personnel.
    Response: The movement control center definition does not require 
that all of the functions be carried out by the same department or 
personnel. It does require an operations center or base from which all 
of the functions are handled. The primary purpose of the movement 
control center is to have staff available that can immediately respond 
to an emergency and coordinate the required response.
    Comment D20: One commenter requested clarification in Sec.  
37.79(c)(1)(ii) on the use of authentication and duress codes. The 
commenter noted that it wasn't clear if there were two codes or if 
there needed to be a strategy for the ``use'' and ``authentication'' of 
duress codes.
    Response: The NRC has revised the rule language to clarify that 
there are two types of codes.
    Comment D21: One commenter noted that redundant communications 
systems are required but it was not clear if redundant position 
location or tracking systems are necessary.
    Response: The rule does not contain a requirement for a redundant 
position location or tracking system.
    Comment D22: One commenter noted that although a licensee can make 
arrangements to ensure that personnel are trained and can audit the 
carrier for compliance, it cannot ensure that personnel are trained as 
required. One commenter objected to the requirement for licensees 
providing training to entities beyond its control such as railroad 
personnel. The commenter noted that the carriers already have training 
and certification requirements under DOT. Two commenters recommended 
allowing the licensee to provide current copies of normal and 
contingency procedures in lieu of training as required by Sec.  
37.79(c)(2). The commenter noted that it is not feasible to provide 
``appropriate training'' to a group of individuals that the licensee 
has no control over.
    Response: The NRC agrees with the comment. The NRC agrees that it 
is acceptable to provide copies of the normal and contingency 
procedures in lieu of a formal training program. If this mechanism is 
used, the licensee should have a signoff sheet associated with the 
procedure that the individual would sign indicating that he or she has 
read and understands the procedure. The NRC also agrees that the 
licensee would be unable to dictate that railroad personnel undergo 
training and follow the licensee's procedures. Railroads have their own 
processes and procedures in place and would be required to follow them. 
The NRC has removed the requirement for railroad shipments.
    Comment D23: One commenter stated that the regulation must make it 
clear that the requirements in Sec.  37.79 are only applicable from the 
point of customs clearance.
    Response: Section 37.73(d) and (e) makes it clear that the 
provisions only apply during the domestic portion of the shipment. For 
imports, the provisions begin at the point of customs clearance.
    Comment D24: One commenter noted that Sec.  37.79 requires 
licensees to use companies who use package tracking systems (for 
category 2) and that it should be clarified that the package itself 
should be accounted for and not simply the paperwork.
    Response: The NRC believes that the regulations are clear that it 
is the package that is being tracked and not the paperwork. No change 
to the regulations is needed.
    Comment D25: One commenter objected to the requirement to start an 
investigation if a package does not arrive within 2 to 4 hours of its 
designated arrival time. The commenter noted that weather, traffic, 
etc. could affect delivery times and that starting an investigation 
because a package did not arrive on time due to poor weather, etc is a 
waste of time and resources with no foreseeable gains for security. The 
commenter noted that the timeframe should allow some time for 
investigation and suggested an 8- and 24-hour timeframes.
    Response: The NRC agrees in part with the comment. The NRC has 
clarified the text in Sec.  37.79(d) to remove reference to lost or 
unaccounted for material. The requirement to establish a no-later-than-
arrival time for shipment of category 1 quantities has been removed as 
the licensee is required to maintain constant communication capability. 
The NRC has increased the timeframe for the no-later-than arrival time 
for category 2 shipments to 6 hours.
    Comment D26: One commenter stated that when shipping radioactive 
material meeting the requirements of HRCQ and RAMQC the requirements 
should include having two forms of communications available at all 
times for reporting incidents and requesting assistance.
    Response: The NRC agrees and included a requirement for redundant 
communication capability for category 1 shipments (RAMQC) in the 
proposed rule. The final rule in Sec.  37.79(a)(1)(ii) requires 
licensees to ``Ensure that

[[Page 16992]]

redundant communications are established that allow the transport to 
contact the escort vehicle (when used) and movement control center at 
all times. Redundant communications may not be subject to the same 
interference factors as the primary communication.'' Redundant 
communications are required to mitigate an interruption, caused by 
either natural events, such as storms, or deliberate actions, such as 
signal jamming, that may cause communications to be lost on the primary 
communication device. One or more additional communication devices must 
be available to operate independently of the primary device, thereby 
minimizing the possibility that whatever disabled the primary device 
will impact the redundant devices. For category 2 shipments, the NRC is 
not requiring a redundant means of communication.
    The requirements for HRCQ shipments, other than the category 1 
material, are beyond the scope of this rulemaking.
    Comment D27: One commenter felt that the rule should be revised to 
require the licensee to provide some level of armed security during 
transport of HRCQ.
    Response: The NRC disagrees and feels that the physical protection 
measures in place are adequate without requiring the use of armed 
security personnel. The licensees that ship category 1 quantities of 
radioactive material by road would be required to have sufficient 
protective measures which include: A movement control center that 
maintains periodic position information from a location remote from the 
activity of the transport vehicle or trailer and monitors shipments 24 
hours a day, 7 days a week; redundant communications that would allow 
the transport to contact an escort vehicle; and the ability to 
communicate an emergency immediately to appropriate law enforcement 
agencies that would provide an armed response. Since the appropriate 
States are to be notified in advance of the shipment, the State may 
decide to have armed escorts accompany the shipment within the State's 
borders.
    The requirements for HRCQ shipments, other than the category 1 
material, are beyond the scope of this rulemaking.
    Comment D28: One commenter suggested adding an exemption to Sec.  
37.79 for shipments transported as Exclusive Use, in accordance with 49 
CFR 173.441. The commenter noted that package tracking systems are 
necessary when a carrier handles multiple consignments on single 
vehicles and when packages traverse through delivery hubs. The 
commenter noted that an exclusive use shipment removes the risk of lost 
or misdirected packages and would provide the same level of control as 
a package tracking system. The commenter noted that adding the 
exemption would give the licensee the ability to transport their own 
category 1 materials.
    Response: The NRC disagrees with the comment and does not believe 
that an exemption is appropriate for shipments transported as Exclusive 
Use. The shipment should still have the same security measures applied 
even if the shipment is in a dedicated truck. While it might remove the 
risk of a misdirected package, it does not remove the possibility that 
the material could be stolen during transport. The licensee is allowed 
to transport its own category 1 or category 2 material under the rule.
    Comment D29: One commenter was disappointed that the proposed rule 
did not contain the requirement for GPS tracking for trucks carrying 
category 2 quantities of radioactive material that was requested in 
PRM-71-13 or, alternatively, for the rule to give Agreement States the 
flexibility to be more stringent than NRC. The commenter was 
disappointed that the NRC did not request comments on the issues raised 
in the petition nor provided any further discussion or explanation for 
not including the two recommendations in the proposed rule. The 
commenter noted that NMED data shows that since the letter was sent, 
another truck carrying radiography sources was stolen, and the 
commenter further noted that it only takes one to become the terrorist 
event. The commenter noted that GPS tracking is very inexpensive and an 
easy way to help with rapid recovery should preventative measures fail 
and that GPS tracking for category 2 sources should be required.
    Response: The NRC reevaluated the need for requiring GPS tracking 
for trucks carrying category 2 quantities of material. The NRC 
continues to disagree with the comment. Tracking a truck can be 
misleading as either the source or the device containing the source can 
be removed and the GPS would provide no benefit. There is no easy 
method of placing the GPS tracking mechanism on either the source or 
device. While GPS could help with locating the truck, the source/device 
may not still be on the truck. For devices in or on a vehicle, the 
licensee is supposed to maintain control and have constant surveillance 
of the material or use a method to disable the vehicle. The NRC 
believes that these measures are adequate. As for the compatibility of 
the provisions, the provisions need to remain compatibility B because 
there are significant transboundary implications.
    Comment D30: One commenter noted that the shipping requirements are 
somewhat demanding with the authorized shippers having added 
responsibilities. The commenter assumed that the Commission will 
communicate with the shipping agencies accordingly. The commenter noted 
that the addition of GPS capabilities combined with vehicle/trailer 
alarms with remote features will be an added expense. Another commenter 
asked how to find the approved carriers.
    Response: The NRC is not sure what the commenter meant by 
authorized shipper, but assumes that it refers to the licensee that is 
shipping the material. The NRC is also uncertain what the commenter 
meant by shipping agencies, but assumes that the term refers to common 
carriers. Common carriers do not have any responsibilities under part 
37 as the NRC does not regulate the carrier. It is each licensee's 
responsibility to make sure that its shipments are compliant with the 
regulations. The NRC believes that the requirements in subpart D are 
necessary for the safe transport of category 1 and category 2 
quantities of radioactive material. The regulations do not require the 
licensee to use GPS or vehicle/trailer alarms during shipment of the 
material. Alarms may be necessary, however, if the material is stored 
in the vehicle or trailer while the vehicle is unoccupied. The NRC does 
not approve the carriers.
    Comment D31: One commenter stated that Sec.  73.35 is not clear on 
what to include/exclude from the calculation for ``net weight.'' The 
commenter indicated that if the ``net weight'' is intended to include 
only the weight of the nuclear or radioactive material contained in the 
irradiated fuel, then this should be clearly stated. The commenter 
noted that calculation by ``exclusion'' may lead to wide variation in 
interpretation.
    Response: The rule addresses the irradiated reactor fuel weighing 
100 g (0.22 lb) or less in net weight of irradiated fuel, exclusive of 
cladding or other structural or packaging material, and that has a 
total external radiation dose rate in excess of 1 Gray (100 rad) per 
hour at a distance of 1 m (3.3 ft) from any accessible surface without 
intervening shielding.
    Comment D32: One commenter proposed an exemption for the 
aggregation of packages that individually each contain less than a 
category 2 quantity of material and were in a package with an external 
volume

[[Page 16993]]

exceeding 1 cubic foot and with a mass exceeding 100 pounds. The 
commenter noted that these parameters would present a practical, 
individual barrier to theft. The commenter also suggested, as an 
alternative, the addition of a specific activity threshold to the 
category 2 table, and materials not exceeding the specified 
concentration values (sum of fractions could be applied to packages 
containing multiple radionuclides of interest) would be exempted from 
the requirements.
    Response: The NRC disagrees that the parameters described would 
present a practical barrier to theft. The requirements do not allow an 
individual licensee to aggregate less-than-category-2-quantity packages 
of material to exceed category 2 limits for an individual shipment 
unless the shipment complies with 10 CFR part 37 requirements. If two 
or more packages, each containing less than a category 2 quantity, in 
aggregate reach or exceed a category 2 quantity in a shipment from one 
NRC licensee, the licensee would be required to meet applicable subpart 
D requirements before shipping.
    The NRC did consider specific activity and grants an exemption as 
stated in Sec.  37.11(c), which states that licensees that possess 
radioactive waste that contains category 1 or category 2 quantities of 
radioactive material are exempt from the requirements of subpart B, C, 
and D of 10 CFR part 37, unless the radioactive waste contains discrete 
sources, ion-exchange resins, or activated material that weighs less 
than 2,000 kg (4,409 lbs).
    Comment D33: One commenter noted that category 1 rail shipments 
should be by dedicated trains.
    Response: The NRC disagrees with the comment. There is no security 
or health and safety basis for requiring dedicated trains for rail 
shipments of category 1 quantities of radioactive material.
    Comment D34: The proposed rule contained a provision that would 
require the licensee to have an NRC-approved monitoring plan to ensure 
that no unauthorized access to the shipment takes place while the 
shipment is in a railroad classification yard. The NRC specifically 
sought comment on the feasibility of this requirement. Commenters were 
requested to provide information on: (1) Whether surveillance of the 
shipment could be accomplished while in the classification yard; (2) 
whether the classification yard would allow an individual to accompany 
a shipment while the shipment is held in the classification yard; and 
(3) what precautions might be necessary from a personal safety 
standpoint. Five commenters provided responses to the specific 
questions on this subject.
    Of the commenters that addressed the questions on the monitoring 
plans for use in railroad classification yards, only one commenter gave 
an answer other than unknown. The commenter noted that, due to 
insurance and liability concerns, it was highly unlikely that the 
classification yard would allow an individual to accompany a shipment. 
The commenter noted that DOT regulations were sufficient for personal 
safety from a radiological perspective.
    In addition to those that addressed the specific questions, two 
commenters provided comment in this area. One commenter indicated that 
additional monitoring while the shipment is in a railroad 
classification yard is an impractical and unenforceable requirement. 
The commenter noted that the systems that are currently in place are 
sufficient. One commenter stated that remote monitoring of the package 
and not the railcar is necessary in a classification yard.
    Response: The NRC has decided not to include the provision for an 
NRC-approved monitoring plan for the time that a shipment is located in 
a railroad classification yard. The NRC agrees that DOT regulations are 
sufficient.
    Comment D35: One commenter asked if the requirement for continuous 
and active monitoring by licensees applies only to shipments carried by 
the licensee. The commenter noted that real-time information is not 
available to the licensee when a carrier is used.
    Response: The continuous and active monitoring of category 1 
shipments, whether by the licensee or by a carrier, is the 
responsibility of the licensee. It is also the licensee's 
responsibility to ensure that its carrier has the capabilities for 
continuous and active monitoring. Any time a shipment is enroute, the 
licensee must be knowledgeable of its whereabouts, which can be 
verified by a phone call to the movement control center or other means 
of communication. This provides licensees with flexibility to design 
continuous and active monitoring systems that meet their unique 
circumstances. A licensee may use a carrier or third-party 
communications center in lieu of establishing one itself.
    Comment D36: One commenter asked if FedEx's tracking system is 
considered to be proven and reliable as they are the primary carrier of 
radioactive material.
    Response: The NRC does not prescribe a particular system for 
tracking shipments. The NRC regulations describe the performance 
characteristics for a method used for category 2 shipments and does not 
endorse any particular company. The regulations require licensees to 
use carriers that have an established package tracking system which is 
a documented, proven, and reliable system routinely used to transport 
objects of value. This gives licensees the flexibility to use tracking 
systems that work within their organization. The package tracking 
system must allow the shipper or transporter to identify when and where 
the package was last located and when it should arrive at the next 
point of control. The NRC does not object to the use of Federal 
Express, as long as they continue to meet these requirements.
    Comment D37: One commenter asked how the security provision must be 
implemented when using a freight forwarder.
    Response: Transportation security requirements will still apply to 
shipments using a freight forwarder. The NRC expects licensees to 
ensure that their shipments are received by the recipient in a timely 
manner and that any suspicious, attempted, or actual acts against a 
shipment would be quickly detected, assessed, and immediately reported 
to law enforcement authorities.
    Comment D38: One commenter questioned who would be responsible for 
complying with the security requirements when a carrier aggregates the 
material during transport or storage incidental to transport. The 
commenter noted that it would be logical for the responsibility to be 
with the carrier.
    Response: Licensees are not responsible for packages that are 
aggregated by the carrier as long as the individual licensee does not 
exceed category 2 thresholds. The licensees are not responsible if the 
carrier picks up radioactive material from multiple locations that, in 
the aggregate, meet or exceed the category 2 threshold, since the 
licensees have no knowledge of what the total quantity of material 
might be in the shipment. The NRC does not regulate the carrier.
    Comment D39: One commenter suggested using a table to denote 
applicability for the different types of shipments in Sec.  37.73 as 
the paragraph format was confusing.
    Response: The NRC has added a table to denote applicability for 
different types of shipments to the implementation guidance.
    Comment D40: One commenter indicated that synchronization of the 
NRC and DOT requirements should be addressed. The commenter noted that 
the rulemaking does not discuss the connection between the NRC and DOT 
requirements on security and physical protection. The commenter noted 
that

[[Page 16994]]

the rulemaking appears to regulate carriers even if only for security 
purposes. The commenter felt that this situation could violate the 
separation of responsibilities that the two organizations have and 
will, at a minimum, create confusion among carriers. One commenter felt 
that the rule should more closely align with the DOT requirements for 
HRCQ shipments for routes used. One commenter asked if there has been 
coordination between DOT and NRC regarding security during transport, 
particularly in light of HM232F.
    Response: The NRC shares responsibility for the safe and secure 
transport of radioactive material with DOT and DHS. The NRC has a 
Memorandum of Understanding (MOU) with DOT for safety and is currently 
in the process of developing an MOU with DOE, DHS, and DOT on 
transportation security to ensure that the agencies work together. The 
Commission believes that it is necessary and appropriate to require 
licensees to implement the proposed requirements, believes that the 
issuance of security requirements for the transport of the material is 
not a significant regulatory impediment, and believes that licensees 
and carriers can successfully implement the requirements of both Title 
49 and Title 10.
    Comment D41: One commenter noted that the NRC's intent for 
shipments of category 2 quantities of radioactive material is not clear 
for licensees that are consignee, shipper, and consignor, as is the 
case for the movement of most industrial radiography sources used in 
the field. The commenter noted that this common situation should be 
addressed for clarity either by inclusion or exclusion in the rule.
    Response: The situation where a licensee is transporting its own 
material is covered by Sec.  37.79(a)(2).
    Comment D42: One commenter stated that the requirements placed on 
licensees to coordinate with and to notify the LLEA for transport of 
category I and category 2 quantities cannot be achieved by the licensee 
alone, and thus seem unreasonable.
    Response: The NRC disagrees with the comment. The rule does not 
contain any provisions to coordinate with the LLEA for transport of 
material. Licensees are required to notify the LLEA if a shipment of 
category 1 materials is lost or missing. The NRC continues to believe 
that this is an appropriate notification and sees nothing unreasonable 
in the requirement.
    Comment D43: One commenter (a State) noted that a number of 
shippers are routing around States that charge fees for transportation 
of HRCQ shipments of radioactive material and that this results in 
longer transportation times and greater risk for shipment incidents 
because of the additional transit time and miles traveled. The 
commenter noted that because shipments of radioactive material are 
being routed around the fee States, they are now traveling through 
areas where there is little training and coordination of response to 
radioactive material incidents increasing the risk and vulnerability. 
The commenter suggested that language be added to require the shortest, 
most direct, approved route for all HRCQ shipments and to prohibit 
avoidance of States with transportation fees. The commenter further 
suggested that licensees and shippers of HRCQ materials be required to 
meet and preplan shipment routes with States on an annual basis to 
ensure the States are ready to respond to incidents as needed.
    Response: Routing of HRCQ material lies within the jurisdiction of 
DOT's regulations and is beyond the scope of this rulemaking. For 
category 1 shipments, the licensee is required to preplan and 
coordinate with the States along the shipment route.
    Comment D44: One commenter questioned why spent fuel was not 
addressed in the rule.
    Response: The rule does address transportation security of small 
quantities (less than 100 grams) of irradiated fuel. Transportation 
security of spent fuel is being addressed in a separate rulemaking. The 
proposed rule was published for public comment on October 13, 2010; 75 
FR 62695. Most of the licensees impacted by 10 CFR part 37 do not 
possess spent fuel and large quantities of special nuclear material. 
Security of special nuclear material and spent fuel security is 
addressed in 10 CFR part 73 and in orders that were issued to specific 
licensees possessing the material. Security for independent spent fuel 
storage installations will be addressed in a future rulemaking.
    Comment D45: One commenter noted that the link for Agreement State 
contacts did not appear to work.
    Response: The NRC has tested the link for Agreement State contacts 
provided in the response to Q4 and it does take you to the Web page on 
the Agreement States. From that location, you can access the State 
transportation contacts. Part 37 contacts will not be added until just 
before the rule is implemented.
    Comment D46: One commenter stated that it is imperative that the 
requirements for the transshipment of radioactive material be identical 
to those for domestic shipments, and urged the NRC to work with other 
Federal agencies to harmonize the regulations so that licensees and 
their regulators at the Federal and State level follow consistent rules 
for all shipments. The commenter suggested general licensing of 
carriers as one way to resolve this issue. One commenter asked why 
transuranic shipments were not addressed in 10 CFR part 37 and whether 
these shipments fell under other security program requirements. Another 
commenter asked what security requirements covered transshipments and 
noted that it does not make sense to impose additional security on 
licensees, if transshipments are not covered. Another commenter 
recommended consistent regulations for transshipments, air shipments, 
and water shipments regardless of the Federal authority and that the 
standards for transshipments must be consistent with domestic 
shipments. The commenter urged the NRC to provide leadership in 
promoting consistency, perhaps via interagency agreement. The commenter 
also recommended that the license verification system (licensees and 
shipments by and among licensees) incorporate all RAMQC shipments, 
regardless of the Federal authority under which they are made and that 
the relevant information in the License Verification System be 
appropriately shared with the State and local authorities involved in 
enforcement.
    Response: The NRC does not have any authority over transshipments 
and does not regulate common carriers. However, the NRC has provided 
copies of transportation security orders to companies that transship 
category 1 quantities of radioactive materials. These companies have 
agreed to voluntarily implement the security requirements for 
transshipments. DHS has the overall lead for harmonizing transshipment 
security, and the NRC has and will continue to work with other Federal 
agencies on the security requirements for transshipments. The License 
Verification System will be available to Agreement State personnel.
    Comment D47: One commenter recommended that NRC work with the 
States and law enforcement groups to determine effective ways to 
support transport of category 1 and category 2 quantities of 
radioactive material.
    Response: The NRC did coordinate with the States. The Agreement 
States were involved in both the development of the orders and 
development of 10 CFR part 37. Law enforcement is not involved in the 
routine transport of category 1 and category 2 quantities of 
radioactive material. If a shipment is

[[Page 16995]]

lost or stolen, law enforcement would be contacted to assist.

E. Miscellaneous

    Comment E1: One commenter wanted a clear, concise statement that 
the requirements in 10 CFR part 37 supersede the Increased Control 
Orders. The commenter suggested adding a second paragraph to Sec.  
37.1.
    Response: The NRC disagrees with the comment. A provision in the 
rule is not necessary to note that the rule supersedes the orders. The 
orders will be formally rescinded (withdrawn) on the effective date of 
the final rule in each jurisdiction (Agreement State or NRC).
    Comment E2: One commenter noted that the rule does not contain any 
punitive provisions regarding situations where employees or outside 
persons compromise safety and/or security. The commenter noted that 
there are no provisions that can be cited in the event that a licensee 
or an unlicensed person attempts to or gains unauthorized access, 
breaches security systems, or otherwise compromises the security of 
radioactive material.
    Response: The NRC does not agree with the commenter's statement. 
The proposed rule does contain punitive provisions for situations where 
employees or outside persons compromise safety and/or security. 
Specifically, Sec.  37.109 provides for criminal penalties. Section 
37.109 of subpart G states that section 223 of the AEA provides 
criminal sanctions for violations of any regulation issued under 161b., 
161i., or 161o., of the AEA. As stated in Sec.  37.109, all relevant 
portions of this final rule have been issued pursuant to one or more of 
sections 161b., 161i., or 161o. of the AEA. Further, there are other 
applicable statutory provisions that provide punitive sanctions for 
trespass and sabotage of nuclear facilities or fuel that could be 
imposed on employees or outside persons who compromise safety and/or 
security.
    Comment E3: One commenter noted that the proposed rule fails to 
provide descriptions in most sections to outline how the regulations 
are applicable to a master materials licensee or a Federal agency. The 
commenter felt that this lack of descriptions follows the pattern of 
the previously issued increased controls and will likely result in 
confusion during NRC compliance inspections at master materials 
licensee facilities.
    Response: A master material licensee and a Federal agency are still 
a licensee and are treated the same as any other licensee. While a 
master material licensee can issue permits within its organization for 
the use of material, the permittees must still meet the requirements of 
the license and the regulations. The NRC is not aware of any 
implementation or inspection issues that have resulted from a licensee 
being a master material licensee or a Federal agency.
    Comment E4: Some States expressed concern that the proposed rule 
would result in a potential increase in workload for the Agreement 
State programs and that many States, particularly smaller States, may 
have trouble accommodating the additional workload. Some of the 
Agreement States also noted that the radiation control programs within 
the States do not have the necessary expertise to handle what are 
essentially ``law enforcement'' activities, nor will they likely be 
able to hire additional staff to undertake these responsibilities. They 
also noted that many of the proposed changes would impose duties that 
are beyond traditional radiation control agency functions, and it is 
likely that they would need to seek amendments to enabling legislation 
to undertake the activities. One commenter stated that since the 
regulatory activities formerly carried out under the NRC's Common 
Defense and Security authority are being shifted to the Agreement 
States because the rule is being issued under the NRC's Health and 
Safety authority, the NRC should provide the funds necessary to pay the 
direct costs incurred by the Agreement State governments in 
implementing the regulation. One commenter (a State) indicated that NRC 
must determine if funding will be provided to the States to increase 
staffing levels to implement the rule or if other health and safety 
programs should be cut.
    Response: The NRC acknowledges that the rule will result in a 
potential increase in workload for the Agreement State programs. 
However, this is not unique to 10 CFR part 37. Any time the NRC issues 
a rule that is a matter of compatibility for the Agreement States, 
there will be an increased workload for the States. The State must 
expend some effort to adopt the regulations and to include the 
provisions in its inspection programs. These costs are addressed in the 
regulatory analysis. The Agreement States will now need to conduct the 
security inspections for those facilities in their State that were 
issued orders under common defense and security and budget for those 
inspections instead of being reimbursed by the NRC for conducting the 
inspections. The NRC disagrees that the rule contains provisions that 
are essentially ``law enforcement'' activities. The NRC assumes that 
the commenters are referring to the regulatory agency approval of the 
reviewing official. The NRC does not believe that this is a law 
enforcement function, but in any case, regulatory agency approval of 
the reviewing official has been removed and is not in the final rule. 
As for the NRC paying the direct costs of increased staffing levels, 
the NRC is not authorized to pay the salary costs for Agreement State 
staff. The NRC can and will continue to pay for the necessary training 
for Agreement State staff.
    Comment E5: One commenter agreed with the proposed provisions to 
remove the concept of sensitive information as used in the orders and 
address information security in relevant sections of the proposed rule. 
One commenter noted that placing all of the security requirements in 
one chapter significantly enhanced their clarity. One commenter 
supported the NRC decision to forgo conventional significant figure 
conventions and list the actual curie activity equivalents to three 
figures as many licensees use curies in their activities instead of 
Becquerels. One commenter supported the general objective of the 
rulemaking. Two commenters supported the approach to terminate the 
orders coincident with the effective date of the rule in each 
jurisdiction to avoid potential confusion and noncompliance. One 
commenter expressed general support for the overall rulemaking and 
suggested enhancements in the transportation security area. Several 
commenters supported placing the security requirements in a rule 
instead of in orders as it allows for public input and shows the 
American population steps that are being taken to ensure their 
security.
    Response: No response necessary. Suggested enhancements were 
considered as separate comments.
    Comment E6: One commenter suggested that the NRC develop programs 
and information packets to all involved (regulatory personnel, shipping 
agencies, law enforcement agencies, Governors) so that everyone can be 
on the same page.
    Response: The NRC does have information on its Web site. 
Information on radioactive material security can be found at http://www.nrc.gov/security/byproduct.html and information on radioactive 
material transportation at http://www.nrc.gov/materials/transportation.html. These sites provide links to a variety of source 
documents and specific NRC security enhancement activities, including 
those on a Web page on current NRC radioactive

[[Page 16996]]

material security orders and requirements (http://www.nrc.gov/security/byproduct/orders.html) and a Web page on material transportation 
regulations, guidance, and communications (http://www.nrc.gov/materials/transportation/regs-guides-comm.html). The NRC also routinely 
participates in interagency efforts, such as the Task Force on 
Radiation Source Protection and Security, where subjects of common 
interest are discussed.
    Comment E7: One commenter (a State agency that possesses 
radioactive material subject to the rule) stated that the State would 
not provide the additional funding necessary to implement the 
requirements in 10 CFR part 37.
    Response: Licensees are responsible for implementing and complying 
with relevant regulations. A licensee may always request an exemption 
from specific aspects of the requirements for its regulator to 
consider.
    Comment E8: One commenter stated that the phrase `Background Check' 
was used inconsistently and seemed to mean different things in 
different places. The commenter recommended reviewing the rule text for 
consistent use of all terminology.
    Response: The term ``background check'' is only used in the rule in 
the context of the Bureau of Alcohol, Tobacco, Firearms, and Explosives 
background checks. The term is used consistently in the rule. The NRC 
tries to be consistent within the document, and any inconsistencies 
identified have been corrected.
    Comment E9: Three commenters addressed plain language in the rule. 
One commenter suggested using ``you'' instead of ``licensee,'' pointed 
out some long sentences, and noted some use of passive instead of 
active voice. One commenter suggested rewriting the rule to address 
these concerns. Another commenter noted that a single standard, clearly 
spelled out in living room language, would better meet the need of all 
licensees. One commenter noted that the rule did not meet the goal or 
the intent of the President's directive.
    Response: The NRC has considered the editorial changes and made 
changes as appropriate.
    Comment E10: One commenter noted that 10 CFR part 37 does nothing 
to improve the security of radioactive materials that could be 
introduced into the United States from foreign origins.
    Response: The NRC's regulations only apply once the radioactive 
material is in the U.S. The NRC does not have authority over material 
in foreign countries.
    Comment E11: One commenter noted that while the rule will help 
protect the United States from terrorists, we should be thinking of the 
environmental consequences.
    Response: The NRC prepared an environmental assessment to support 
the rulemaking.
    Comment E12: One commenter suggested that the concept of what 
category 1 and category 2 quantities are should be introduced earlier 
in the summary and background sections to ensure that the distinction 
between radioactive materials and category 1 and 2 quantities of 
radioactive material is clear and that each term is used appropriately.
    Response: The NRC disagrees with the comment. The summary notes 
that the rule establishes security requirements for category 1 and 
category 2 quantities of radioactive material and that the category 1 
and category 2 thresholds are based on the IAEA Code of Conduct. The 
NRC believes that the Statements of Consideration adequately describe 
the material and are clear on what radioactive material is covered by 
the rule.
    Comment E13: One commenter noted that since few changes were made 
by NRC as a result of Agreement States comments on the predecisional 
draft of the proposed regulations, the NRC should make available to the 
Director of the Office of Management and Budget (OMB) any written 
communications submitted to the agency by State officials, including 
State comments on the pre-decisional draft of 10 CFR part 37.
    Response: The NRC made a number of changes in response to Agreement 
State comments on the predecisional draft of the proposed rule. The NRC 
did not make changes to the major issues on the reviewing official, 
background investigation, and temporary jobsites, but specifically 
invited comment on these issues in the proposed rule. Major differences 
with the States were identified to the Commission as is common 
practice. The NRC does not provide any comments to OMB, other than 
comments on the information collection associated with the rule.
    Comment E14: One commenter stated that the title of the rule should 
also include a reference to the protection of information (SGI-M and 
SUNSI). The commenter also stated that references to the protection of 
information need to be made more consistent throughout the rule as most 
sections and subsections only require implementation if individuals 
have access to category 1 and category 2 quantities of radioactive 
material. The commenter stated that those having access to safeguarded 
or sensitive information also need to be included in the majority of 
the sections in the rule, and the NRC should consider the inclusion of 
10 CFR part 73 among the list of provisions of parts affecting 
licensees in Sec.  37.1.
    Response: The NRC disagrees with the comment. Part 73 contains the 
physical protection requirements for special nuclear material as well 
as requirements for protection of SGI. Reference to the SGI provisions 
in 10 CFR part 73 were added to parts 30, 35, etc., as part of the SGI 
rule that was published in the Federal Register on October 24, 2008; 73 
FR 63546. References to 10 CFR part 73 are included at appropriate 
locations in 10 CFR part 37. Section 37.1 contains the purpose of 10 
CFR part 37 and does not include a reference to any affected provisions 
of other NRC rules.
    Comment E15: One commenter stated that the rule (and orders) moves 
the emphasis for security away from engineered controls toward 
administrative controls and that this goes against decades of NRC 
safety policy and generally-accepted safety philosophy.
    Response: The NRC disagrees with the comment. Part 37 contains a 
mix of engineered controls and administrative controls.
    Comment E16: One Agreement State expressed disappointment in what 
was viewed to be the overly prescriptive content of the proposed rule 
and the resurgence of issues that were previously discussed and agreed 
upon as resolved in the orders. One Agreement State indicated that the 
operational and practical understanding of the orders, together with 
the knowledge of the effectiveness of the orders that the collective 
Agreement States have gained during this time, should be taken into 
consideration by the NRC. Other Agreement States noted disappointment 
and concern that many concepts that were discussed at length during the 
development of the orders and rejected by the orders working groups/
steering committees now appear in this proposed rule. They further 
noted that they disagree with the new provisions and do not believe 
that the added benefit warrants the significant resource burden that 
would be incurred. One Agreement State felt that the rule contained too 
many prescriptive items and was not adequately performance based. One 
commenter noted that the knowledge and understanding that the Agreement 
States have obtained during implementation of the orders should be 
helpful to the NRC in improving the rulemaking.

[[Page 16997]]

    Response: The rulemaking process is a more deliberative process 
than what is used to develop an order. The 10 CFR part 37 working group 
also had additional information to consider that included information 
from lessons learned, implementation issues, inspection issues, 
recommendations from other reviews, as well as the comments on the 
preliminary rule language. In some cases the 10 CFR part 37 working 
group and steering committee came to a different resolution than that 
for the orders. Agreement State experience was utilized. There were 
Agreement State representatives on the 10 CFR part 37 working group and 
on the steering committee that brought their experience to the 
discussions. In some areas where agreement could not be reached, the 
NRC sought public comment on the issue to better inform the final 
decision.
    Comment E17: One commenter suggested that the NRC reconsider its 
decision to use the same software developers for the verification 
system as were used for the National Source Tracking System based on 
the multiple continuing problems with the system.
    Response: The comment is beyond the scope of the rulemaking.
    Comment E18: Two commenters suggested that NRC conduct one or more 
additional public workshops prior to submitting the draft final rule 
and implementation guidance to the Commission for approval. The 
commenters noted that the NRC could explain at the meeting how it 
addressed and resolved the more significant or controversial topics 
addressed by the public comments. The commenters noted that the 
September 2008 workshop that NRC conducted on the Security and 
Continued Use of Cesium-137 Chloride sources could serve as an 
excellent model for such workshops. One commenter suggested holding 
public meetings to discuss the regulatory analysis document and receive 
insights and perspectives on its content.
    Response: The NRC does not plan to hold any public meetings or 
workshops on the 10 CFR part 37 final rule. The public was provided 
opportunity to provide input on the rule and regulatory analysis during 
the public comment period. The NRC considered the comments received and 
made changes to the rule and supporting documents as appropriate.
    Comment E19: Two commenters stated that continued stakeholder input 
and involvement in the security area are essential and requested that 
the NRC allow substantive opportunities to engage industry over the 
next 4 years on the myriad of issues that the Congressionally mandated 
Radiation Source Protection and Security Task Force is addressing as 
all stakeholders continue to work collectively toward mutual safety and 
security objectives.
    Response: Continued stakeholder involvement in the security area is 
beyond the scope of this rulemaking.
    Comment E20: Two commenters noted that the NRC does not routinely 
share the technical basis for rulemakings with stakeholders and 
recommended that this become routine practice. The commenters noted 
that providing the technical basis may have proven helpful for this 
rule.
    Response: Stakeholder involvement in regulatory basis development 
is beyond the scope of this rulemaking. The decision to solicit 
stakeholder input during the development of the regulatory (technical) 
basis for a potential rule is decided on a case-by-case basis. The NRC 
does obtain stakeholder input more routinely than it did a few years 
ago. The NRC did obtain stakeholder input during the development of the 
technical basis for the transportation security portion of this 
rulemaking.
    Comment E21: One commenter stated that the NRC should conduct 
inspections to ensure that licensees are following the requirements and 
that the focus on compliance verified by inspection should receive 
greater emphasis instead of imposing additional administrative burdens 
based on authorized use. Another commenter noted that the NRC must 
ensure compliance through periodic inspections as is currently done. 
Several commenters recommended that the NRC perform compliance audit 
based reviews similar to what was done after the orders were 
implemented. The commenter noted that the reviews were done with a 
level of discretion and without citation as long as the licensee made 
significant efforts to address the orders. One commenter requested that 
the inspection frequency be modified to more closely coincide with the 
risk.
    Response: The NRC will conduct inspections to ensure that licensees 
are complying with 10 CFR part 37 requirements. The inspections will be 
conducted as part of the normal inspection program. The comment on 
inspection frequency is beyond the scope of the rulemaking as the 
inspection frequency is not set by the rule.
    Comment E22: One commenter noted that a new licensee must have the 
physical protection measures in place prior to a license being issued 
and that this would be part of any prelicensing inspection. The 
commenter noted that the agency should ensure implementation before 
issuing a license.
    Response: The NRC agrees that licensees should have the majority of 
the provisions in place before the license is issued; some measures 
could not be implemented until material is actually at the facility. 
The NRC conducts prelicensing inspections before granting a license to 
anyone that would be authorized to possess category 1 or category 2 
quantities of radioactive material.
    Comment E23: One commenter noted that certain materials licensees 
would remain subject to the SGI requirements. The commenter recommended 
that conforming changes to 10 CFR part 73 be included as part of the 
regulation development under 10 CFR part 37, to ensure efficiency, 
clarity, and help ensure compliance. The commenter noted that SECY-09-
0181 was silent on the timing of the future rulemaking to revise 10 CFR 
part 73 to remove the SGI handling requirements for licensees subject 
to 10 CFR part 37.
    Response: The changes to 10 CFR part 73 to revise the SGI 
requirements are beyond the scope of this rulemaking. The timing of any 
potential changes to 10 CFR part 73 is unknown at this time.
    Comment E24: One commenter noted that the rule could result in 
institutions choosing to store materials, including waste, in separate 
locations. The commenter noted that this could cause logistical 
problems to keep track of the material and could inadvertently increase 
the risk to the security of these materials.
    Response: A licensee may choose to store radioactive materials, in 
any form, in separate locations to avoid being subject to the proposed 
security requirements. Such action would not conflict with the intent 
of the proposed rule, which is to limit access to an aggregated 
category 2 quantity of radioactive material listed in Table 1. 
Aggregated, for purposes of this rule, means accessible by breach of a 
single physical barrier.
    Comment E25: One commenter made several comments related to a 
change in the annual occupational radiation dose to a lower range and 
how it would impact the licensee.
    Response: These comments are beyond the scope of the rulemaking as 
the proposed rule did not include any changes to the annual 
occupational radiation dose. These comments appeared to be filed under 
the wrong docket and were provided to the NRC working group that is 
looking at possible changes to 10 CFR part 20.

[[Page 16998]]

IV. Discussion of Final Amendments by Section

Section 20.2201(c) Reports of Theft or Loss of Licensed Material

    This section is revised to include a reference to the reporting 
requirements in 10 CFR part 37 so that a licensee is not required to 
file duplicate reports for the same event.

Section 30.6 Communications

    This section is revised to include a reference to the new 10 CFR 
part 37.

Section 30.13 Carriers

    This section is revised to include 10 CFR part 37 in the list of 
regulations that exempt common carriers.

Section 30.33 General Requirements for Issuance of Specific Licenses

    Paragraph (a)(4) is revised to include a reference to the new 10 
CFR part 37.

Section 32.1 Purpose and Scope

    10 CFR part 37 is added to the list of 10 CFR parts that apply to 
applications and licenses subject to this part.

Section 33.1 Purpose and Scope

    10 CFR part 37 is added to the list of 10 CFR parts that apply to 
applications and licenses subject to this part.

Section 34.1 Purpose and Scope

    10 CFR part 37 is added to the list of 10 CFR parts that apply to 
applications and licensees subject to this part.

Section 35.1 Purpose and Scope

    10 CFR part 37 is added to the list of 10 CFR parts that apply to 
applications and licenses subject to this part.

Section 36.1 Purpose and Scope

    10 CFR part 37 is added to the list of 10 CFR parts that apply to 
applications and licenses subject to this part.

Section 37.1 Purpose

    This section establishes the purpose for the new 10 CFR part 37.

Section 37.3 Scope

    This section establishes the scope of the proposed new 10 CFR part 
37. These regulations apply to any person licensed by the NRC, who 
possesses, uses, or transports an aggregated category 1 or category 2 
quantity of radioactive material. Paragraph (a) establishes the 
applicability for subpart B and C. Paragraph (b) establishes the 
applicability for subpart D.

Section 37.5 Definitions

    Definitions of the following terms that are included in this part 
are identical to the definition of the term in other parts of this 
chapter: Act, Agreement State, Becquerel, Byproduct material, Carrier, 
Commission, Curie, Government agency, License, Lost or missing 
material, Person, State, and United States. In addition, definitions 
for the following terms are included in this Part: Approved 
individuals, Access control, Aggregated, Background investigation, 
Category 1 quantity of radioactive material, Category 2 quantity of 
radioactive material, Diversion, Escorted access, Fingerprint Orders, 
License issuing authority, Local law enforcement agency, Mobile device, 
Movement control center, No-later-than arrival time, Reviewing 
official, Sabotage, Security zone, Telemetric position monitoring 
system, Trustworthiness and reliability, and Unescorted access.

Section 37.7 Communications

    This section specifies where all communications and reports 
concerning 10 CFR part 37 are to be sent.

Section 37.9 Interpretations

    This section establishes that no interpretations of the meaning of 
the regulations in 10 CFR part 37 by any officer or employee of the 
Commission other than a written interpretation by the General Counsel 
will be recognized as binding upon the Commission, unless specifically 
authorized by the Commission in writing.

Section 37.11 Specific Exemptions

    This section establishes that the Commission may grant exemptions 
from the requirements of the regulations in 10 CFR part 37 that it 
determines are authorized by law and that will not endanger life or 
property or the common defense and security, and are otherwise in the 
public interest. Paragraph (b) exempts an NRC licensee's activities 
from 10 CFR part 37 to the extent that the activities are covered under 
the physical protection requirements of 10 CFR part 73. Paragraph (c) 
provides security measures for certain radioactive waste that contains 
category 1 or category 2 quantities of radioactive waste.

Section 37.13 Information Collection Requirements: OMB Approval

    Paragraph (a) specifies that the NRC may not conduct or sponsor, 
and a person is not required to respond to, a collection of information 
unless it displays a currently valid OMB control number. Paragraph (b) 
lists those sections in 10 CFR part 37 that have approved information 
collection requirements.

Section 37.21 Personnel Access Authorization Requirements for Category 
1 or Category 2 Quantities of Radioactive Material

    Paragraph (a) of this section establishes which licensees need to 
comply with the requirements of subpart B of 10 CFR part 37.
    Paragraph (b) establishes the general performance objective to 
ensure that the individuals subject to the access authorization program 
are trustworthy and reliable.
    Paragraph (c)(1) establishes the individuals that are subject to 
the access authorization program. Paragraph (c)(2) allows licensees to 
not subject those individuals listed in Sec.  37.29(a) to the 
investigation elements of the access authorization program. Paragraph 
(c)(3) requires that licensees only approve those individuals whose job 
duties permit unescorted access to category 1 or category 2 quantities 
of radioactive material.

Section 37.23 Access Authorization Program Requirements

    This section establishes the general requirements for the access 
authorization program, such as the use of reviewing officials, informed 
consent, personal history disclosure, determination basis, procedures, 
the right to correct and complete information, and record retention.

Section 37.25 Background Investigations

    This section establishes the elements of the background 
investigation that are necessary before granting an individual 
unescorted access to category 1 or category 2 quantities of radioactive 
material. The scope of the initial investigation is the past 7 years. 
This section also addresses reinvestigation and grandfathering of 
individuals.

Section 37.27 Requirements for Criminal History Records Checks of 
Individuals Granted Unescorted Access to Category 1 or Category 2 
Quantities of Radioactive Material

    Paragraph (a) establishes the general requirements for criminal 
history records checks of individuals to be granted unescorted access 
to category 1 or category 2 quantities of radioactive material.
    Paragraph (b) prohibits a licensee from basing a final 
determination to deny an individual unescorted access authorization 
solely on the basis of certain information received from the FBI.
    Paragraph (c) establishes the procedure for submitting fingerprint 
records to the NRC.

[[Page 16999]]

Section 37.29 Relief From Fingerprinting, Identification, and Criminal 
History Records Checks and Other Elements of Background Investigations 
for Designated Categories of Individuals Permitted Unescorted Access to 
Certain Radioactive Materials

    This section provides relief from the fingerprinting and criminal 
history records check requirements and the background investigation 
requirements of this subpart for certain categories of individuals.

Section 37.31 Protection of Information

    This section outlines the requirements for the protection and 
release to authorized personnel of personal information collected by a 
licensee during a background investigation.

Section 37.33 Access Authorization Program Review

    This section outlines the requirements for an annual access 
authorization program review to confirm compliance with the 
requirements of subpart B of 10 CFR part 37 and for comprehensive 
corrective actions to be taken in response to any nonconformance 
identified by the review.

Section 37.41 Security Program

    Paragraph (a) establishes the applicability of the security 
program. Paragraph (a)(1) requires licensees that possess an aggregated 
quantity of category 1 or category 2 quantities of radioactive material 
to establish, implement, and maintain a security program. Paragraph 
(a)(2) requires those licensees that are newly subject to subpart C, 
upon application for modification of its license or an applicant 
submitting a new application, to implement the requirements before 
taking possession of an aggregated category 1 or category 2 quantity of 
radioactive material. Paragraph (a)(3) requires any licensee that has 
not previously implemented either the orders or subpart C to notify the 
NRC at least 90 days before aggregating radioactive material to a 
quantity that equals or exceeds the category 2 threshold.
    Paragraph (b) establishes the general performance objective of the 
security program.
    Paragraph (c) establishes the program features that must be 
addressed in the security program.

Section 37.43 General Security Program Requirements

    Paragraph (a)(1) requires licensees to develop a written security 
plan that addresses how the licensee will implement the security 
program requirements. Paragraph (a)(2) requires the security plan to be 
reviewed and approved by the individual with overall responsibility for 
the security program. Paragraph (a)(3) allows a licensee to revise its 
security plan to ensure effective implementation of the plan. Paragraph 
(a)(4) requires the licensee to retain a copy of the current security 
plan until the license is terminated and any security plan revisions 
for 3 years.
    Paragraph (b)(1) requires licensees to develop and maintain written 
procedures for implementation of the security plan. Paragraph (b)(2) 
requires the procedures to be approved by the individual with overall 
responsibility for the security program. Paragraph (b)(3) requires the 
licensee to retain a copy of the procedures for 3 years after the 
procedure is no longer needed or upon termination of the license and 
any revisions for 3 years.
    Paragraph (c) requires licensees to conduct training and annual 
refresher training on the security plan. Licensees are required to 
maintain training records for 3 years from the date of the training.
    Paragraph (d) requires licensees to protect the security plan, 
implementing procedures, and the list of individuals that have been 
approved for unescorted access from unauthorized disclosure. Licensees 
are required to develop, maintain and implement written policies and 
procedures for controlling access to, and for proper handling and 
protection against unauthorized disclosure of, the security plan and 
implementing procedures. Only individuals with a need-to-know and that 
have been determined to be trustworthy and reliable should have access 
to the protected information. The information protection procedures are 
retained for 3 years after the document is no longer needed.

Section 37.45 LLEA Coordination

    Paragraph (a) requires that a licensee attempt to coordinate with 
an LLEA and specifies the types of information to be shared with the 
LLEA.
    Paragraph (b) requires the licensee to notify the NRC if the LLEA 
isn't willing to participate in coordination activities or does not 
respond to the coordination request.
    Paragraph (c) requires the licensee to maintain records of its 
coordination activities with any LLEA.

Section 37.47 Security Zones

    Paragraph (a) requires licensees to establish security zones for 
the use of category 1 or category 2 quantities of radioactive material.
    Paragraph (b) requires the establishment of temporary security 
zones, as necessary, to meet transitory or intermittent business 
activities.
    Paragraph (c) requires that security zones use physical barriers or 
direct control of the security zone to allow unescorted access only to 
approved individuals.
    Paragraph (d) requires licensees to provide an approved individual 
to maintain constant surveillance of sources in temporary security 
zones or in a security zone in which a physical barrier or intrusion 
detection system has been disabled to allow maintenance, source 
receipt, preparation for shipment, source installation, or removal or 
exchange of category 1 quantities of radioactive material.
    Paragraph (e) requires individuals not approved for unescorted 
access to be escorted by an approved individual when in a security 
zone.

Section 37.49 Monitoring, Detection, and Assessment

    Paragraph (a) requires the licensee to establish and maintain the 
capability to continuously monitor and detect without delay all 
unauthorized entries into the security zones.
    Paragraph (b) requires the licensee to assess without delay each 
actual or attempted unauthorized entry into the security zone.
    Paragraph (c)(1) requires the licensee to maintain continuous 
capability for personnel communication and electronic data transmission 
and processing among site security systems.
    Paragraph (c)(2) requires the licensee to provide alternative 
capabilities for personnel communication and data transmission and 
processing.
    Paragraph (d) requires the licensee to respond without delay to any 
actual or attempted unauthorized access to the security zone.

Section 37.51 Maintenance and Testing

    This section requires licensees to implement a maintenance and 
testing program to ensure that intrusion alarms, associated 
communication systems, and other physical components of the systems 
used to secure or detect unauthorized access to radioactive material 
are maintained in operable condition, are capable of performing their 
intended function when needed, and are inspected and tested for 
operability and performance. The testing and maintenance are to be 
conducted at the frequency recommended by the manufacturer or annually 
if there is no manufacturer's recommended frequency. Licensees are

[[Page 17000]]

required to maintain the maintenance and testing records for 3 years.

Section 37.53 Requirements for Mobile Devices

    This section requires licensees that possess mobile devices 
containing category 1 or category 2 quantities of radioactive materials 
to have two independent physical controls to secure the radioactive 
material from unauthorized removal and to use a method to disable the 
vehicle or trailer when the device is on a vehicle or trailer, unless 
the site prohibits the use of a disabling mechanism due to health and 
safety concerns.

Section 37.55 Security Program Review

    This section requires licensees to conduct an annual review of the 
security program. The licensee is required to document the results of 
the review and any findings and keep the records for 3 years.

Section 37.57 Reporting of Events

    Paragraph (a) requires licensees to immediately notify the LLEA of 
any actual or attempted theft, sabotage, or diversion of category 1 or 
category 2 quantities of radioactive material and to then notify the 
NRC.
    Paragraph (b) requires licensees to assess any suspicious activity 
related to the theft, sabotage, or diversion of category 1 or category 
2 quantities of radioactive material and to notify the LLEA as 
appropriate and then notify the NRC.
    Paragraph (c) requires licensees to submit a written report to the 
NRC within 30 days of any report of actual or attempted theft, 
sabotage, or diversion of radioactive material.

Section 37.71 Additional Requirements for Transfer of Category 1 and 
Category 2 Quantities of Radioactive Material

    Paragraphs (a) and (b) establish new requirements for licensees 
transferring category 1 and category 2 quantities of radioactive 
material. The licensee is required to verify the validity of the 
license by using the license verification system or contacting the 
license issuing authority.
    Paragraph (c) provides an emergency method for when the licensee 
can't reach the license issuing authority and the license verification 
system is nonfunctional.
    Paragraph (d) requires documentation to be maintained for 3 years.

Section 37.73 Applicability of Physical Protection of Category 1 and 
Category 2 Quantities of Radioactive Material During Transit

    This section establishes which requirements apply to licensees 
shipping category 1 or category 2 quantities of radioactive material 
and what requirements apply during the domestic portion of a shipment 
that is imported from another country or exported to another country. 
This section also allows the receiving licensee to arrange for the in-
transit physical protection of a shipment instead of the shipping 
licensee as long as the agreement is in writing.

Section 37.75 Preplanning and Coordination of Shipment of Category 1 or 
Category 2 Quantities of Radioactive Material

    This section establishes the preplanning and coordination necessary 
for a shipment of category 1 or category 2 quantities of radioactive 
material.

Section 37.77 Advance Notification of Shipment of Category 1 Quantities 
of Radioactive Material

    This section establishes the requirements for advance notification 
to the NRC and the governor of a State, or the governor's designee, of 
the shipment of category 1 quantities of radioactive material that will 
pass through or across the State.

Section 37.79 Requirements for Physical Protection of Category 1 and 
Category 2 Quantities of Radioactive Material During Shipment

    This section establishes the physical protection requirements for 
shipments of category 1 and category 2 quantities of radioactive 
material. Paragraph (a)(1) establishes the requirements for shipping a 
category 1 quantity of radioactive material by road. Paragraph (a)(2) 
establishes the requirements for a licensee that transports category 2 
quantities of radioactive material by road. Paragraph (a)(3) 
establishes the requirements for a licensee that uses a carrier for 
shipping category 2 quantities of radioactive material.
    Paragraph (b)(1) establishes the requirements for shipping category 
1 quantities of radioactive material by rail. Paragraph (b)(2) 
establishes the security requirements for shipping category 2 
quantities of radioactive material by rail.
    Paragraph (c) requires the shipping licensee to immediately conduct 
an investigation of any shipment of category 2 quantities of 
radioactive material that is lost or unaccounted for after the 
designated no-later-than arrival time. It also requires the licensee to 
conduct an investigation once it is determined that a category 1 
shipment is lost or missing.

Section 37.81 Reporting of Events

    This section establishes requirements for the shipping licensee to 
make notifications upon the discovery that a shipment is lost or 
missing and upon discovery of any actual or attempted theft or 
diversion of a shipment, or suspicious activities related to the theft 
or diversion of a shipment of either a category 1 or category 2 
quantity of radioactive material. This section also establishes 
requirements for notification upon recovery of a lost or missing 
shipment. Written follow-up reports are required for notifications of 
actual theft or attempted theft or diversion of a shipment.

Section 37.101 Form of Records

    This section establishes the requirements for the storage and 
protection of records required by this part.

Section 37.103 Record Retention

    This section establishes the Commission's termination of the 
license as the end point of the retention period for any record where a 
specific retention period is not specified.

Section 37.105 Inspections

    Paragraph (a) requires licensees to allow the Commission the 
opportunity to inspect the materials and facilities subject to 10 CFR 
part 37.
    Paragraph (b) requires the licensee to make available for 
inspection any records subject to 10 CFR part 37.

Section 37.107 Violations

    Paragraph (a) of this section establishes that the Commission may 
obtain an injunction or other court order to prevent a violation of the 
AEA, Title II of the Energy Reorganization Act of 1974, as amended; or 
a regulation or order issued under those Acts.
    Paragraph (b) of this section establishes the violations for which 
the Commission may obtain a court order for the payment of a civil 
penalty imposed under Section 234 of the AEA.

Section 37.109 Criminal Penalties

    This section establishes the sections in 10 CFR part 37 that are 
issued under one or more of Sections 161b, 161i, or 161o and are 
therefore subject to criminal sanctions for willful violation of, 
attempted violation of, or conspiracy to violate the regulation.

[[Page 17001]]

Appendix A to 10 CFR Part 37--Category 1 and Category 2 Radioactive 
Materials

    Table 1 of this appendix establishes the radionuclides and 
associated thresholds for category 1 and category 2 quantities of 
radioactive material. The appendix also provides the methodology for 
calculating the sum of fractions for evaluating combinations of 
multiple radionuclides.

Section 39.1 Purpose and Scope

    10 CFR part 37 is added to the list of 10 CFR parts that apply to 
applications and licenses subject to this part.

Section 51.22 Criterion for Categorical Exclusion; Identification of 
Licensing and Regulatory Actions Eligible for Categorical Exclusion or 
Otherwise Not Requiring Environmental Review

    Paragraph (c)(3) is revised to include 10 CFR part 37.

Section 71.97 Advance Notification of Shipment of Irradiated Reactor 
Fuel and Nuclear Waste

    Paragraph (b) is revised to delete the reference to shipments of 
irradiated reactor fuel in quantities less than those subject to the 
advance notification requirements of 10 CFR 73.37(f). Section 73.35 
provides that such irradiated reactor fuel shipments be subject to the 
same requirements that apply to shipments of category 1 radioactive 
material, including the advance notification requirements.

Section 73.35 Requirements for Physical Protection of Irradiated 
Reactor Fuel (100 Grams or Less) in Transit

    A new section is added to 10 CFR part 73 to address the physical 
protection requirements for shipments of irradiated reactor fuel 
weighing 100 g (0.22 lb) or less in net weight of irradiated fuel, 
exclusive of cladding or other structural or packaging material, which 
has a total external radiation dose rate in excess of 1 Gray (100 rad) 
per hour at a distance of 1 m (3.3 ft) from any accessible surface 
without intervening shielding. The material is subject to the same 
transportation security requirements as category 1 quantities of 
radioactive material.

V. Criminal Penalties

    For the purpose of Section 223 of the AEA, the Commission is 
amending 10 CFR parts 20, 30, 32, 33, 34, 35, 36, 39, 51, 71, and 73 
and adding new 10 CFR part 37 under one or more of Sections 161b, 161i, 
or 161o of the AEA. Willful violations of the rule would be subject to 
criminal enforcement.

VI. Agreement State Compatibility

    Under the ``Policy Statement on Adequacy and Compatibility of 
Agreement State Programs'' approved by the Commission on June 30, 1997, 
and published in the Federal Register (62 FR 46517; September 3, 1997), 
this final rule is a matter of compatibility between the NRC and the 
Agreement States, thereby providing consistency among the Agreement 
States and the NRC requirements. The NRC analyzed the final rule in 
accordance with the procedure established within part III, 
``Categorization Process for NRC Program Elements,'' of Handbook 5.9 to 
Management Directive 5.9, ``Adequacy and Compatibility of Agreement 
State Programs'' (a copy of which may be viewed at http://www.nrc.gov/reading-rm/doc-collections/management-directives/).
    The NRC program elements (including regulations) are placed into 
four compatibility categories (see the Compatibility Table in this 
section). In addition, the NRC program elements can also be identified 
as having particular health and safety significance or as being 
reserved solely to the NRC. Compatibility Category A elements are those 
program elements that are basic radiation protection standards and 
scientific terms and definitions that are necessary to understand 
radiation protection concepts. An Agreement State should adopt Category 
A program elements in an essentially identical manner to provide 
uniformity in the regulation of agreement material on a nationwide 
basis. Compatibility Category B elements are those program elements 
that apply to activities that have direct and significant effects in 
multiple jurisdictions. An Agreement State should adopt Category B 
program elements in an essentially identical manner. Compatibility 
Category C elements are those program elements that do not meet the 
criteria of Category A or B, but the essential objectives of which an 
Agreement State should adopt to avoid conflict, duplication, gaps, or 
other conditions that would jeopardize an orderly pattern in the 
regulation of agreement material on a nationwide basis. An Agreement 
State should adopt the essential objectives of the Category C program 
elements. Compatibility Category D elements are those program elements 
that do not meet any of the criteria of Category A, B, or C, above, 
and, thus, do not need to be adopted by Agreement States for purposes 
of compatibility.
    Health and Safety (H&S) elements are program elements that are not 
required for compatibility, but are identified as having a particular 
health and safety role (i.e., adequacy) in the regulation of agreement 
material within the State. Although not required for compatibility, the 
State should adopt program elements in this H&S Category based on those 
of the NRC that embody the essential objectives of the NRC program 
elements because of particular health and safety considerations. 
Compatibility Category NRC elements are those program elements that 
address areas of regulation that cannot be relinquished to Agreement 
States under the AEA or provisions of 10 CFR. These program elements 
are not adopted by Agreement States. The following table lists the 
parts and sections that have been created or revised and their 
corresponding categorization under the ``Policy Statement on Adequacy 
and Compatibility of Agreement State Programs.'' A bracket around a 
category means that the section may have been adopted elsewhere, and it 
is not necessary to adopt it again.
    The Agreement States have 3 years from the publication of the final 
rule in the Federal Register to adopt compatible regulations.

                                       Compatibility Table for Final Rule
----------------------------------------------------------------------------------------------------------------
                                                                                            Compatibility
                 Section                         Change               Subject      -----------------------------
                                                                                       Existing         New
----------------------------------------------------------------------------------------------------------------
                                                     Part 20
----------------------------------------------------------------------------------------------------------------
20.2201(c)..............................  Amend...............  Reports of theft    D............  D
                                                                 or loss of
                                                                 licensed material.
----------------------------------------------------------------------------------------------------------------
                                                     Part 30
----------------------------------------------------------------------------------------------------------------
30.6....................................  Amend...............  Communications....  D............  D

[[Page 17002]]

 
30.13...................................  Amend...............  Carriers..........  B............  B
30.33(a)(4).............................  Amend...............  General             D............  D
                                                                 requirements for
                                                                 issuance of
                                                                 specific licenses.
----------------------------------------------------------------------------------------------------------------
                                                     Part 32
----------------------------------------------------------------------------------------------------------------
32.1(b).................................  Amend...............  Purpose and scope.  D............  D
----------------------------------------------------------------------------------------------------------------
                                                     Part 33
----------------------------------------------------------------------------------------------------------------
33.1....................................  Amend...............  Purpose and scope.  D............  D
----------------------------------------------------------------------------------------------------------------
                                                     Part 34
----------------------------------------------------------------------------------------------------------------
34.1....................................  Amend...............  Purpose and scope.  D............  D
----------------------------------------------------------------------------------------------------------------
                                                     Part 35
35.1....................................  Amend...............  Purpose and scope.  D............  D
----------------------------------------------------------------------------------------------------------------
                                                     Part 36
36.1....................................  Amend...............  Purpose and scope.  D............  D
----------------------------------------------------------------------------------------------------------------
                                                     Part 37
----------------------------------------------------------------------------------------------------------------
37.1....................................  New.................  Purpose...........  .............  D
37.3....................................  New.................  Scope.............  .............  D
37.5....................................  New.................  Definition Access   .............  C
                                                                 control.
37.5....................................  New.................  Definition Act....  .............  D
37.5....................................  New.................  Definition          .............  C
                                                                 Aggregated.
37.5....................................  New.................  Definition          .............  [B]
                                                                 Agreement State.
37.5....................................  New.................  Definition          .............  B
                                                                 Approved
                                                                 individual.
37.5....................................  New.................  Definition          .............  C
                                                                 Background
                                                                 Investigation.
37.5....................................  New.................  Definition          .............  [A]
                                                                 Becquerel.
37.5....................................  New.................  Definition          .............  [H&S]
                                                                 Byproduct
                                                                 Material.
37.5....................................  New.................  Definition Carrier  .............  [B]
37.5....................................  New.................  Definition          .............  B
                                                                 Category 1
                                                                 quantities of
                                                                 radioactive
                                                                 material.
37.5....................................  New.................  Definition          .............  B
                                                                 Category 2
                                                                 quantities of
                                                                 radioactive
                                                                 material.
37.5....................................  New.................  Definition          .............  D
                                                                 Commission.
37.5....................................  New.................  Definition Curie..  .............  [A]
37.5....................................  New.................  Definition          .............  C
                                                                 Diversion.
37.5....................................  New.................  Definition          .............  B
                                                                 Escorted access.
37.5....................................  New.................  Definition          .............  C
                                                                 Fingerprint
                                                                 Orders.
37.5....................................  New.................  Definition          .............  D
                                                                 Government agency.
37.5....................................  New.................  Definition License  .............  D
37.5....................................  New.................  Definition License  .............  D
                                                                 issuing agency.
37.5....................................  New.................  Definition Local    .............  C
                                                                 law enforcement
                                                                 agency.
37.5....................................  New.................  Definition Lost or  .............  [B]
                                                                 missing material.
37.5....................................  New.................  Definition Mobile   .............  B
                                                                 device.
37.5....................................  New.................  Definition          .............  B
                                                                 Movement control
                                                                 center.
37.5....................................  New.................  Definition No-      .............  B
                                                                 later-than
                                                                 arrival time.
37.5....................................  New.................  Definition Person.  .............  [C]
37.5....................................  New.................  Definition          .............  C
                                                                 Reviewing
                                                                 official.
37.5....................................  New.................  Definition          .............  C
                                                                 Sabotage.
37.5....................................  New.................  Safe haven........  .............  B
37.5....................................  New.................  Definition          .............  C
                                                                 Security zone.
37.5....................................  New.................  Definition State..  .............  D
37.5....................................  New.................  Definition          .............  B
                                                                 Telemetric
                                                                 position
                                                                 monitoring system.
37.5....................................  New.................  Definition          .............  B
                                                                 Trustworthiness
                                                                 and reliability.
37.5....................................  New.................  Definition          .............  B
                                                                 Unescorted access.
37.5....................................  New.................  Definition United   .............  D
                                                                 States.
37.7....................................  New.................  Communications....  .............  D
37.9....................................  New.................  Interpretations...  .............  D
37.11(a)................................  New.................  Specific            .............  D
                                                                 exemptions.
37.11(b)................................  New.................  Specific            .............  D
                                                                 exemptions.
37.11(c)................................  New.................  Specific            .............  B
                                                                 exemptions.
37.13...................................  New.................  Information         .............  D
                                                                 collection
                                                                 requirements: OMB
                                                                 approval.
37.21(a)................................  New.................  General...........  .............  C
37.21(b)................................  New.................  General             .............  B
                                                                 performance
                                                                 objective.
37.21(c)................................  New.................  Applicability.....  .............  B
37.23(a)................................  New.................  Granting            .............  B
                                                                 unescorted access
                                                                 authorization.
37.23(b)(1), (2), (4), (5)..............  New.................  Reviewing           .............  B
                                                                 officials.
37.23(b)(3).............................  New.................  Reviewing           .............  C
                                                                 officials.

[[Page 17003]]

 
37.23(c)................................  New.................  Informed consent..  .............  B
37.23(d)................................  New.................  Personal history    .............  B
                                                                 disclosure.
37.23(e)................................  New.................  Determination       .............  B
                                                                 basis.
37.23(f)................................  New.................  Procedures........  .............  C
37.23(g)................................  New.................  Right to correct    .............  B
                                                                 and complete
                                                                 information.
37.23(h)................................  New.................  Records...........  .............  C
37.25(a)................................  New.................  Initial             .............  B
                                                                 investigation.
37.25(b)................................  New.................  Grandfathering....  .............  C
37.25(c)................................  New.................  Reinvestigations..  .............  B
37.27(a)................................  New.................  General             .............  B
                                                                 performance
                                                                 objective and
                                                                 requirements.
37.27(b)................................  New.................  Prohibitions......  .............  B
37.27(c)................................  New.................  Procedures for      .............  B
                                                                 processing
                                                                 fingerprint
                                                                 checks.
37.29(a), (b)...........................  New.................  Relief from         .............  B
                                                                 fingerprinting,
                                                                 identification,
                                                                 and criminal
                                                                 history records
                                                                 checks and other
                                                                 elements of a
                                                                 background
                                                                 investigations
                                                                 for designated
                                                                 categories of
                                                                 individuals
                                                                 permitted
                                                                 unescorted access
                                                                 to certain
                                                                 radioactive
                                                                 materials.
37.31(a)-(d)............................  New.................  Protection of       .............  B
                                                                 information.
37.31(e)................................  New.................  Protection of       .............  C
                                                                 information.
37.33(a), (b), (c)......................  New.................  Access              .............  C
                                                                 authorization
                                                                 program review.
37.41(a)................................  New.................  Applicability.....  .............  B
37.41(b)................................  New.................  General             .............  B
                                                                 performance
                                                                 objective.
37.41(c)................................  New.................  Program features..  .............  C
37.43(a)................................  New.................  Security plan.....  .............  B
37.43(b)................................  New.................  Implementing        .............  C
                                                                 procedures.
37.43(c)(1)-(c)(3)......................  New.................  Training..........  .............  B
37.43(c)(4).............................  New.................  Training..........  .............  C
37.43(d)(1)-(d)(8)......................  New.................  Protection of       .............  C
                                                                 Information.
37.43(d)(9).............................  New.................  Protection of       .............  NRC
                                                                 Information.
37.45(a), (b), (d)......................  New.................  LLEA coordination.  .............  B
37.45(c)................................  New.................  LLEA coordination   .............  C
                                                                 (records).
37.47(a)-(e)............................  New.................  Security zones....  .............  B
37.49(a)................................  New.................  Monitoring and      .............  B
                                                                 detection.
37.49(b)................................  New.................  Assessment........  .............  B
37.49(c)................................  New.................  Personnel           .............  B
                                                                 communications
                                                                 and data
                                                                 transmission.
37.49(d)................................  New.................  Response..........  .............  B
37.51...................................  New.................  Maintenance and     .............  C
                                                                 testing.
37.53...................................  New.................  Requirements for    .............  B
                                                                 mobile devices.
37.55(a), (b), (c)......................  New.................  Security program    .............  C
                                                                 review.
37.57(a)................................  New.................  Reporting of        .............  C
                                                                 events.
37.57(b)................................  New.................  Reporting of        .............  C
                                                                 events.
37.71...................................  New.................  Additional          .............  B
                                                                 requirements for
                                                                 transfer of
                                                                 category 1 and
                                                                 category 2
                                                                 quantities of
                                                                 radioactive
                                                                 material.
37.71(a), (b) (c).......................  New.................  Additional          .............  B
                                                                 requirements for
                                                                 transfer of
                                                                 category 1 and
                                                                 category 2
                                                                 quantities of
                                                                 radioactive
                                                                 material.
37.71(d)................................  New.................  Additional          .............  C
                                                                 requirements for
                                                                 transfer of
                                                                 category 1 and
                                                                 category 2
                                                                 quantities of
                                                                 radioactive
                                                                 material.
37.73(a), (b), (d), (e).................  New.................  Applicability of    .............  D
                                                                 physical
                                                                 protection of
                                                                 category 1 and
                                                                 category 2
                                                                 quantities of
                                                                 radioactive
                                                                 material during
                                                                 transit.
37.73(c)................................  New.................  Applicability of    .............  B
                                                                 physical
                                                                 protection of
                                                                 category 1 and
                                                                 category 2
                                                                 quantities of
                                                                 radioactive
                                                                 material during
                                                                 transit.
37.75(a)-(d)............................  New.................  Preplanning and     .............  B
                                                                 coordination of
                                                                 shipment of
                                                                 category 1 or
                                                                 category 2
                                                                 quantities of
                                                                 radioactive
                                                                 material.
37.75(e)................................  New.................  Preplanning and     .............  C
                                                                 coordination of
                                                                 shipment of
                                                                 category 1 or
                                                                 category 2
                                                                 quantities of
                                                                 radioactive
                                                                 material.
37.77...................................  New.................  Advance             .............  B
                                                                 notification for
                                                                 shipments of
                                                                 category 1
                                                                 quantities of
                                                                 radioactive
                                                                 material.
37.77(a)................................  New.................  Procedures for      .............  B
                                                                 submitting
                                                                 advance
                                                                 notification.
37.77(b)................................  New.................  Information to be   .............  B
                                                                 furnished in
                                                                 advance
                                                                 notification of
                                                                 shipment.
37.77(c)................................  New.................  Revision notice...  .............  B
37.77(d)................................  New.................  Cancellation        .............  B
                                                                 notice.
37.77(e)................................  New.................  Records...........  .............  C
37.77(f)................................  New.................  Protection of       .............  NRC
                                                                 information.
37.79(a)................................  New.................  Shipments by road.  .............  B
37.79(b)................................  New.................  Shipments by rail.  .............  B
37.79(c)................................  New.................  Investigations....  .............  B
37.81(a)................................  New.................  Reporting of        .............  B
                                                                 events.
37.81(b)................................  New.................  Reporting of        .............  B
                                                                 events.
37.81(c)................................  New.................  Reporting of        .............  B
                                                                 events.
37.81(d)................................  New.................  Reporting of        .............  B
                                                                 events.
37.81(e)................................  New.................  Reporting of        .............  B
                                                                 events.

[[Page 17004]]

 
37.81(f)................................  New.................  Reporting of        .............  B
                                                                 events.
37.81(g)................................  New.................  Reporting of        .............  C
                                                                 events.
37.81(h)................................  New.................  Reporting of        .............  C
                                                                 events.
37.101..................................  New.................  Form of records...  .............  C
37.103..................................  New.................  Record retention..  .............  C
37.105..................................  New.................  Inspections.......  .............  D
37.107..................................  New.................  Violations........  .............  D
37.109..................................  New.................  Criminal penalties  .............  D
Appendix A..............................  New.................  Category 1 and 2    .............  B
                                                                 thresholds.
----------------------------------------------------------------------------------------------------------------
                                                     Part 39
----------------------------------------------------------------------------------------------------------------
39.1....................................  Amend...............  Purpose and scope.  D............  D
----------------------------------------------------------------------------------------------------------------
                                                     Part 51
----------------------------------------------------------------------------------------------------------------
51.22(c)(3).............................  Amend...............  Criterion for       NRC..........  NRC
                                                                 categorical
                                                                 exclusion;
                                                                 identification of
                                                                 licensing and
                                                                 regulatory
                                                                 actions eligible
                                                                 for categorical
                                                                 exclusion or
                                                                 otherwise not
                                                                 requiring
                                                                 environmental
                                                                 review.
----------------------------------------------------------------------------------------------------------------
                                                     Part 71
----------------------------------------------------------------------------------------------------------------
71.97(b)................................  Amend...............  Advance             B............  B
                                                                 notification of
                                                                 shipment of
                                                                 irradiated
                                                                 reactor fuel and
                                                                 nuclear waste.
----------------------------------------------------------------------------------------------------------------
                                                     Part 73
----------------------------------------------------------------------------------------------------------------
73.35...................................  New.................  Requirements for    .............  NRC
                                                                 physical
                                                                 protection of
                                                                 irradiated
                                                                 reactor fuel (100
                                                                 grams or less) in
                                                                 transit.
----------------------------------------------------------------------------------------------------------------

VII. Plain Writing

    The Plain Writing Act of 2010 (Pub. L. 111-274) requires Federal 
agencies to write documents in a clear, concise, and well-organized 
manner. The NRC has written this document to be consistent with the 
Plain Writing Act as well as the Presidential Memorandum, ``Plain 
Language in Government Writing,'' published June 10, 1998 (63 FR 
31883).

VIII. Voluntary Consensus Standards

    The National Technology Transfer and Advancement Act of 1995 (Pub. 
L. 104-113), requires that Federal agencies use technical standards 
that are developed or adopted by voluntary consensus standards bodies 
unless the use of such a standard is inconsistent with applicable law 
or otherwise impractical. In this final rule, the NRC is establishing 
security requirements for the use of category 1 and category 2 
quantities of radioactive materials. The NRC is not aware of any 
voluntary consensus standards that address the subject matter of this 
final rule. This action does not constitute the establishment of a 
standard that establishes generally applicable requirements.

IX. Finding of No Significant Environmental Impact: Availability

    Under the National Environmental Policy Act of 1969, as amended, 
and the NRC regulations in subpart A of 10 CFR part 51, the NRC has 
determined that this final rule, if adopted, would not be a major 
Federal action significantly affecting the quality of the human 
environment, and therefore an environmental impact statement is not 
required for this rulemaking. The NRC has prepared an environmental 
assessment and, on the basis of this environmental assessment, has made 
a finding of no significant impact.
    The implementation of the final rule's security requirements would 
not result in significant changes to the licensee's facilities, nor 
would such implementation result in any significant increase in 
effluents released to the environment. Similarly, the implementation of 
the final rule's security requirements would not affect occupational 
exposure requirements. No major construction or other earth-disturbing 
activities on the part of affected licensees are anticipated in 
connection with licensees' implementation of the final rule's 
requirements. The Commission has determined that the implementation of 
this final rule is procedural and administrative in nature.
    The determination of this environmental assessment is that there 
will be no significant impact to the public from this action.
    This conclusion was published in the environmental assessment that 
was posted to the NRC's rulemaking Web site: http://www.regulations.gov 
after publication of the proposed rule. No comments were received on 
the content of the environmental assessment.

X. Paperwork Reduction Act Statement

    This final rule contains new information collection requirements in 
10 CFR part 37 that are subject to the Paperwork Reduction Act of 1995 
(44 U.S.C. 3501 et seq.). These requirements were approved by the 
Office of Management and Budget (OMB), approval number 3150-0214. The 
changes to 10 CFR parts 20, 30, 32, 33, 34, 35, 36, 39, 51, 71, and 73 
do not contain new or amended information collection requirements. 
Existing requirements were approved by the OMB, approval numbers 3150-
0014, 3150-0017, 3150-0001, 3150-0015, 3150-0007, 3150-0010, 3150-0158, 
3150-0130, 3150-0021, 3150-0008, and 3150-0002.
    The burden to the public for the information collections in 10 CFR 
part

[[Page 17005]]

37 is estimated to average1.7 hours per response. This includes the 
time for reviewing instructions, searching existing data sources, 
gathering and maintaining the data needed, and completing and reviewing 
the information collection. Send comments on any aspect of these 
information collections, including suggestions for reducing the burden, 
to the Information Services Branch (T-5 F53), U.S. Nuclear Regulatory 
Commission, Washington, DC 20555-0001, or by Internet electronic mail 
to [email protected]; and to the Desk Officer, Chad 
Whiteman, Office of Information and Regulatory Affairs, NEOB-10202, 
(3150-0214), Office of Management and Budget, Washington, DC 20503.

Public Protection Notification

    The NRC may not conduct or sponsor, and a person is not required to 
respond to, a request for information or an information collection 
requirement unless the requesting document displays a currently valid 
OMB control number.

XI. Regulatory Analysis

    The Commission has prepared a regulatory analysis on this final 
regulation. The analysis examines the costs and benefits of the 
alternatives considered by the Commission.
    The analysis is available for inspection in the NRC's Public 
Document Room, 11555 Rockville Pike, Rockville, Maryland 20852. The 
analysis may also be viewed and downloaded electronically via the 
Federal erulemaking portal at http://www.regulations.gov by searching 
for Docket ID NRC-2008-0120.

XII. Regulatory Flexibility Certification

    The NRC has prepared a regulatory analysis of the impact of this 
final rule on small entities. The final rule will affect about 300 NRC 
licensees and an additional 1,100 Agreement State licensees. Affected 
licensees include laboratories, reactors, universities, colleges, 
medical clinics, hospitals, irradiators, manufacturers and 
distributors, well loggers, and radiographers, some of which may 
qualify as small business entities as defined by 10 CFR 2.810. Based on 
the regulatory analysis conducted for this action, the costs of the 
rule for affected licensees are estimated to be between $358 million 
and $488 million (7-percent and 3-percent discount rate over 20 years, 
respectively) total. The average licensee will have a one-time cost of 
approximately $23,375 and an annual cost of approximately $21,736 to 
fully implement the final rule. The NRC believes that the selected 
alternative reflected in the final rule is the least burdensome, most 
flexible alternative that accomplishes the NRC's regulatory objective. 
The Regulatory Flexibility Analysis is included as an Appendix to this 
final rule.

XIII. Backfit Analysis

    The NRC has determined that the backfit rule, which is found in the 
regulations at 10 CFR 50.109, 70.76, 72.62, 76.76, and in 10 CFR part 
52, does not apply to this final rule because this amendment would not 
involve any provisions that would impose backfits as defined in 10 CFR 
chapter I. Therefore, a backfit analysis is not required.

XIV. Congressional Review Act

    In accordance with the Congressional Review Act of 1996, the NRC 
has determined that this action is a major rule and has verified this 
determination with the Office of Information and Regulatory Affairs of 
OMB.

List of Subjects

10 CFR Part 20

    Byproduct material, Criminal penalties, Licensed material, Nuclear 
materials, Nuclear power plants and reactors, Occupational safety and 
health, Packaging and containers, Radiation protection, Reporting and 
recordkeeping requirements, Source material, Special nuclear material, 
Waste treatment and disposal.

10 CFR Part 30

    Byproduct material, Criminal penalties, Government contracts, 
Intergovernmental relations, Isotopes, Nuclear materials, Radiation 
protection, Reporting and recordkeeping requirements.

10 CFR Part 32

    Byproduct material, Criminal penalties, Labeling, Nuclear 
materials, Radiation protection, Reporting and recordkeeping 
requirements.

10 CFR Part 33

    Byproduct material, Criminal penalties, Nuclear materials, 
Radiation protection, Reporting and recordkeeping requirements.

10 CFR Part 34

    Criminal penalties, Packaging and containers, Radiation protection, 
Radiography, Reporting and recordkeeping requirements, Scientific 
equipment, Security measures.

10 CFR Part 35

    Byproduct material, Criminal penalties, Drugs, Health facilities, 
Health professions, Medical devices, Nuclear materials, Occupational 
safety and health, Radiation protection, Reporting and recordkeeping 
requirements.

10 CFR Part 36

    Byproduct material, Criminal penalties, Nuclear materials, 
Reporting and recordkeeping requirements, Scientific equipment, 
Security measures.

10 CFR Part 37

    Byproduct material, Criminal penalties, Export, Hazardous materials 
transportation, Import, Licensed material, Nuclear materials, Reporting 
and recordkeeping requirements, Security measures.

10 CFR Part 39

    Byproduct material, Criminal penalties, Nuclear material, Oil and 
gas exploration--well logging, Reporting and recordkeeping 
requirements, Scientific equipment, Security measures, Source material, 
Special nuclear material.

10 CFR Part 51

    Administrative practice and procedure, Environmental impact 
statement, Nuclear materials, Nuclear power plants and reactors, 
Reporting and recordkeeping requirements.

10 CFR Part 71

    Criminal penalties, Hazardous materials transportation, Nuclear 
materials, Packaging and containers, Reporting and recordkeeping 
requirements.

10 CFR Part 73

    Criminal penalties, Export, Hazardous materials transportation, 
Import, Nuclear materials, Nuclear power plants and reactors, Reporting 
and recordkeeping requirements, Security measures.

    For the reasons set out in the preamble and under the authority of 
the Atomic Energy Act of 1954, as amended; the Energy Reorganization 
Act of 1974, as amended; and 5 U.S.C. 552 and 553; the NRC is adopting 
the following amendments to 10 CFR parts 20, 30, 32, 33, 34, 35, 36, 
37, 39, 51, 71, and 73.

PART 20--STANDARDS FOR PROTECTION AGAINST RADIATION

0
1. The authority citation for part 20 continues to read as follows:


[[Page 17006]]


    Authority:  Atomic Energy Act secs. 53, 63, 65, 81, 103, 104, 
161, 182, 186, 223. 234 1701 (42 U.S.C. 2073, 2093, 2095, 2111, 
2133, 2134, 2201, 2232, 2236, 2273, 2282, 2297f), Energy 
Reorganization Act secs. 201, 202, 206 (42 U.S.C. 5841, 5842, 5846); 
Government Paperwork Elimination Act sec. 1704 (44 U.S.C. 3504 
note); Energy Policy Act of 2005 sec. 651(e), Pub. L. No. 109-58, 
119 Stat. 549 (2005) (42 U.S.C. 2014, 2021, 2021b, 2111).


0
2. In Sec.  20.2201, paragraph (c) is revised to read as follows:


Sec.  20.2201  Reports of theft or loss of licensed material.

* * * * *
    (c) A duplicate report is not required under paragraph (b) of this 
section if the licensee is also required to submit a report pursuant to 
Sec. Sec.  30.55(c), 37.57, 37.81, 40.64(c), 50.72, 50.73, 70.52, 
73.27(b), 73.67(e)(3)(vii), 73.67(g)(3)(iii), 73.71, or 150.19(c) of 
this chapter.
* * * * *

PART 30--RULES OF GENERAL APPLICABILITY TO DOMESTIC LICENSING OF 
BYPRODUCT MATERIAL

0
3. The authority citation for part 30 continues to read as follows:

    Authority:  Atomic Energy Act secs. 81, 82, 161, 181, 182, 183, 
186, 223, 234 (42 U.S.C. 2111, 2112, 2201, 2231, 2232, 2233, 2236, 
2273, 2282); Energy Reorganization Act secs. 201, 202, 206 (42 
U.S.C. 5841, 5842, 5846); Government Paperwork Elimination Act sec. 
1704 (44 U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. No. 
109-58, 119 Stat. 549 (2005).
    Section 30.7 also issued under Energy Reorganization Act sec. 
211, Pub. L. 95-601, sec. 10, as amended by Pub. L. 102-486, sec. 
2902 (42 U.S.C. 5851). Section 30.34(b) also issued under Atomic 
Energy Act sec. 184 (42 U.S.C. 2234). Section 30.61 also issued 
under Atomic Energy Act sec. 187 (42 U.S.C. 2237).


0
4. In Sec.  30.6, the introductory text of paragraph (a) is revised to 
read as follows:


Sec.  30.6  Communications.

    (a) Unless otherwise specified or covered under the regional 
licensing program as provided in paragraph (b) of this section, any 
communication or report concerning the regulations in parts 30 through 
37 and 39 of this chapter and any application filed under these 
regulations may be submitted to the Commission as follows:
* * * * *

0
5. Section 30.13 is revised to read as follows:


Sec.  30.13  Carriers.

    Common and contract carriers, freight forwarders, warehousemen, and 
the U.S. Postal Service are exempt from the regulations in this part 
and parts 31 through 37 and 39 of this chapter and the requirements for 
a license set forth in section 81 of the Act to the extent that they 
transport or store byproduct material in the regular course of carriage 
for another or storage incident thereto.


0
6. In Sec.  30.33, paragraph (a)(4) is revised to read as follows:


Sec.  30.33  General requirements for issuance of specific licenses.

    (a) * * *
    (4) The applicant satisfies any special requirements contained in 
parts 32 through 37 and 39 of this chapter; and
* * * * *

PART 32--SPECIFIC DOMESTIC LICENSES TO MANUFACTURE OR TRANSFER 
CERTAIN ITEMS CONTAINING BYPRODUCT MATERIAL

0
7. The authority citation for part 32 continues to read as follows:

    Authority:  Atomic Energy Act secs. 81, 161, 181, 182, 183, 223, 
234 (42 U.S.C. 2111, 2201, 2231, 2232, 2233, 2273, 2282); Energy 
Reorganization Act sec. 201 (42 U.S.C. 5841); Government Paperwork 
Elimination Act sec. 1704 (44 U.S.C. 3504 note); Energy Policy Act 
of 2005, sec. 651(e), Pub. L. No. 109-58, 119 Stat. 806-810 (42 
U.S.C. 2014, 2021, 2021b, 2111).


0
8. In Sec.  32.1, paragraph (b) is revised to read as follows:


Sec.  32.1  Purpose and scope.

* * * * *
    (b) The provisions and requirements of this part are in addition 
to, and not in substitution for, other requirements of this chapter. In 
particular, the provisions of part 30 of this chapter apply to 
applications, licenses and certificates of registration subject to this 
part, and the provisions of part 37 of this chapter apply to 
applications and licenses subject to this part.
* * * * *

PART 33--SPECIFIC DOMESTIC LICENSES OF BROAD SCOPE FOR BYPRODUCT 
MATERIAL

0
9. The authority citation for part 33 continues to read as follows:

    Authority: Atomic Energy Act secs. 81, 161, 181, 182, 183, 223, 
234 (42 U.S.C. 2111, 2201, 2231, 2232, 2233, 2273, 2282); Energy 
Reorganization Act sec. 201 (42 U.S.C. 5841); Government Paperwork 
Elimination Act sec. 1704 (44 U.S.C. 3504 note); Energy Policy Act 
of 2005 sec. 651(e), Public Law 109-58, 119 Stat. 806-810 (42 U.S.C. 
2014, 2021, 2021b, 2111).


0
10. Section 33.1 is revised to read as follows:


Sec.  33.1  Purpose and scope.

    This part prescribes requirements for the issuance of specific 
licenses of broad scope for byproduct material (``broad licenses'') and 
certain regulations governing holders of such licenses. The provisions 
and requirements of this part are in addition to, and not in 
substitution for, other requirements of this chapter. In particular, 
the provisions of parts 30 and 37 of this chapter apply to applications 
and licenses subject to this part.

PART 34--LICENSES FOR INDUSTRIAL RADIOGRAPHY AND RADIATION SAFETY 
REQUIREMENTS FOR INDUSTRIAL RADIOGRAPHIC OPERATIONS

0
11. The authority citation for part 34 continues to read as follows:

    Authority: Atomic Energy Act secs. 81, 161, 181, 182, 183, 223, 
234 (42 U.S.C. 2111, 2201, 2231, 2232, 2233, 2273, 2282); Energy 
Reorganization Act sec. 201 (42 U.S.C. 5841); Government Paperwork 
Elimination Act sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note). 
Atomic Energy Act of 2005 sec. 651(e), Pub. L. No. 109-58, 119 Stat. 
806-810 (42 U.S.C. 2014, 2021, 2021b, 2111). Section 34.45 also 
issued under Energy Reorganization Act sec. 206 (42 U.S.C. 5846).

0
12. Section 34.1 is revised to read as follows:


Sec.  34.1  Purpose and scope.

    This part prescribes requirements for the issuance of licenses for 
the use of sealed sources containing byproduct material and radiation 
safety requirements for persons using these sealed sources in 
industrial radiography. The provisions and requirements of this part 
are in addition to, and not in substitution for, other requirements of 
this chapter. In particular, the requirements and provisions of parts 
19, 20, 21, 30, 37, 71, 150, 170, and 171 of this chapter apply to 
applications and licenses subject to this part. This rule does not 
apply to medical uses of byproduct material.

PART 35--MEDICAL USE OF BYPRODUCT MATERIAL

0
13. The authority citation for part 35 continues to read as follows:

    Authority:  Atomic Energy Act secs. 81, 161, 181, 182, 183, 223, 
234 (42 U.S.C. 2111, 2201, 2231, 2232, 2233, 2273, 2282); Energy 
Reorganization Act sec. 201, 206 (42 U.S.C. 5841, 5842, 5846); sec. 
1704 (44 U.S.C. 3504 note); Energy Policy Act of 2005, sec. 651(e), 
Public Law 109-58, 119 Stat. 806-810 (42 U.S.C. 2014, 2021, 2021b, 
2111).


0
14. Section 35.1 is revised to read as follows:

[[Page 17007]]

Sec.  35.1  Purpose and scope.

    This part contains the requirements and provisions for the medical 
use of byproduct material and for issuance of specific licenses 
authorizing the medical use of this material. These requirements and 
provisions provide for the radiation safety of workers, the general 
public, patients, and human research subjects. The requirements and 
provisions of this part are in addition to, and not in substitution 
for, others in this chapter. The requirements and provisions of parts 
19, 20, 21, 30, 37, 71, 170, and 171 of this chapter apply to 
applicants and licensees subject to this part unless specifically 
exempted.

PART 36--LICENSES AND RADIATION SAFETY REQUIREMENTS FOR IRRADIATORS

0
15. The authority citation for part 36 continues to read as follows:

    Authority:  Atomic Energy Act secs. 81, 82, 161, 181, 182, 183, 
186, 223, 234 (42 U.S.C. 2111, 2112, 2201, 2232, 2233, 2236, 2273, 
2282); Energy Reorganization Act secs. 201, 202, 206 (42 U.S.C. 
5841, 5842, 5846); Government Paperwork Elimination Act sec. 1704 
(44 U.S.C. 3504 note); Atomic Energy Act of 2005 sec. 651(e), Pub. 
L. No. 109-58, 119 Stat. 806-810 (42 U.S.C. 2014, 2021, 2021b, 
2111).


0
16. In Sec.  36.1, paragraph (a) is revised to read as follows:


Sec.  36.1  Purpose and scope.

    (a) This part contains requirements for the issuance of a license 
authorizing the use of sealed sources containing radioactive materials 
in irradiators used to irradiate objects or materials using gamma 
radiation. This part also contains radiation safety requirements for 
operating irradiators. The requirements of this part are in addition to 
other requirements of this chapter. In particular, the provisions of 
parts 19, 20, 21, 30, 37, 71, 170, and 171 of this chapter apply to 
applications and licenses subject to this part. Nothing in this part 
relieves the licensee from complying with other applicable Federal, 
State and local regulations governing the siting, zoning, land use, and 
building code requirements for industrial facilities.
* * * * *

0
17. Part 37 is added to read as follows:

PART 37--PHYSICAL PROTECTION OF CATEGORY 1 AND CATEGORY 2 
QUANTITIES OF RADIOACTIVE MATERIAL

Sec.
Subpart A--General Provisions
37.1 Purpose.
37.3 Scope.
37.5 Definitions.
37.7 Communications.
37.9 Interpretations.
37.11 Specific exemptions.
37.13 Information collection requirements: OMB approval.
Subpart B--Background Investigations and Access Control Program
37.21 Personnel access authorization requirements for category 1 or 
category 2 quantities of radioactive material.
37.23 Access authorization program requirements.
37.25 Background investigations.
37.27 Requirements for criminal history records checks of 
individuals granted unescorted access to category 1 or category 2 
quantities of radioactive material.
37.29 Relief from fingerprinting, identification, and criminal 
history records checks and other elements of background 
investigations for designated categories of individuals permitted 
unescorted access to certain radioactive materials.
37.31 Protection of information.
37.33 Access authorization program review.
Subpart C--Physical Protection Requirements During Use
37.41 Security program.
37.43 General security program requirements.
37.45 LLEA coordination.
37.47 Security zones.
37.49 Monitoring, detection, and assessment.
37.51 Maintenance and testing.
37.53 Requirements for mobile devices.
37.55 Security program review.
37.57 Reporting of events.
Subpart D--Physical Protection in Transit
37.71 Additional requirements for transfer of category 1 and 
category 2 quantities of radioactive material.
37.73 Applicability of physical protection of category 1 and 
category 2 quantities of radioactive material during transit.
37.75 Preplanning and coordination of shipment of category 1 or 
category 2 quantities of radioactive material.
37.77 Advance notification of shipment of category 1 quantities of 
radioactive material.
37.79 Requirements for physical protection of category 1 and 
category 2 quantities of radioactive material during shipment.
37.81 Reporting of events.
Subpart E--[Reserved]
Subpart F--Records
37.101 Form of records.
37.103 Record retention.
Subpart G--Enforcement
37.105 Inspections.
37.107 Violations.
37.109 Criminal penalties.

Appendix A to Part 37--Category 1 and Category 2 Radioactive Materials


    Authority:  Atomic Energy Act secs. 53, 81, 103, 104, 147, 148, 
149, 161, 182, 183, 223, 234 (42 U.S.C. 2073, 2111, 2133, 2134, 
2167, 2168, 2169, 2201a., 2232, 2233, 2273, 2282).

Subpart A--General Provisions


Sec.  37.1  Purpose.

    This part has been established to provide the requirements for the 
physical protection program for any licensee that possesses an 
aggregated category 1 or category 2 quantity of radioactive material 
listed in Appendix A to this part. These requirements provide 
reasonable assurance of the security of category 1 or category 2 
quantities of radioactive material by protecting these materials from 
theft or diversion. Specific requirements for access to material, use 
of material, transfer of material, and transport of material are 
included. No provision of this part authorizes possession of licensed 
material.


Sec.  37.3  Scope.

    (a) Subparts B and C of this part apply to any person who, under 
the regulations in this chapter, possesses or uses at any site, an 
aggregated category 1 or category 2 quantity of radioactive material.
    (b) Subpart D of this part applies to any person who, under the 
regulations of this chapter:
    (1) Transports or delivers to a carrier for transport in a single 
shipment, a category 1 or category 2 quantity of radioactive material; 
or
    (2) Imports or exports a category 1 or category 2 quantity of 
radioactive material; the provisions only apply to the domestic portion 
of the transport.


Sec.  37.5  Definitions.

    As used in this part:
    Access control means a system for allowing only approved 
individuals to have unescorted access to the security zone and for 
ensuring that all other individuals are subject to escorted access.
    Act means the Atomic Energy Act of 1954 (68 Stat. 919), including 
any amendments thereto.
    Aggregated means accessible by the breach of a single physical 
barrier that would allow access to radioactive material in any form, 
including any devices that contain the radioactive material, when the 
total activity equals or exceeds a category 2 quantity of radioactive 
material.
    Agreement State means any state with which the Atomic Energy 
Commission or the U.S. Nuclear Regulatory

[[Page 17008]]

Commission has entered into an effective agreement under subsection 
274b. of the Act. Non-agreement State means any other State.
    Approved individual means an individual whom the licensee has 
determined to be trustworthy and reliable for unescorted access in 
accordance with subpart B of this part and who has completed the 
training required by Sec.  37.43(c).
    Background investigation means the investigation conducted by a 
licensee or applicant to support the determination of trustworthiness 
and reliability.
    Becquerel (Bq) means one disintegration per second.
    Byproduct material means--
    (1) Any radioactive material (except special nuclear material) 
yielded in, or made radioactive by, exposure to the radiation incident 
to the process of producing or using special nuclear material;
    (2) The tailings or wastes produced by the extraction or 
concentration of uranium or thorium from ore processed primarily for 
its source material content, including discrete surface wastes 
resulting from uranium solution extraction processes. Underground ore 
bodies depleted by these solution extraction operations do not 
constitute ``byproduct material'' within this definition;
    (3)(i) Any discrete source of radium-226 that is produced, 
extracted, or converted after extraction, before, on, or after August 
8, 2005, for use for a commercial, medical, or research activity; or
    (ii) Any material that--
    (A) Has been made radioactive by use of a particle accelerator; and
    (B) Is produced, extracted, or converted after extraction, before, 
on, or after August 8, 2005, for use for a commercial, medical, or 
research activity; and
    (4) Any discrete source of naturally occurring radioactive 
material, other than source material, that--
    (i) The Commission, in consultation with the Administrator of the 
Environmental Protection Agency, the Secretary of Energy, the Secretary 
of Homeland Security, and the head of any other appropriate Federal 
agency, determines would pose a threat similar to the threat posed by a 
discrete source of radium-226 to the public health and safety or the 
common defense and security; and
    (ii) Before, on, or after August 8, 2005, is extracted or converted 
after extraction for use in a commercial, medical, or research 
activity.
    Carrier means a person engaged in the transportation of passengers 
or property by land or water as a common, contract, or private carrier, 
or by civil aircraft.
    Category 1 quantity of radioactive material means a quantity of 
radioactive material meeting or exceeding the category 1 threshold in 
Table 1 of Appendix A to this part. This is determined by calculating 
the ratio of the total activity of each radionuclide to the category 1 
threshold for that radionuclide and adding the ratios together. If the 
sum is equal to or exceeds 1, the quantity would be considered a 
category 1 quantity. Category 1 quantities of radioactive material do 
not include the radioactive material contained in any fuel assembly, 
subassembly, fuel rod, or fuel pellet.
    Category 2 quantity of radioactive material means a quantity of 
radioactive material meeting or exceeding the category 2 threshold but 
less than the category 1 threshold in Table 1 of Appendix A to this 
part. This is determined by calculating the ratio of the total activity 
of each radionuclide to the category 2 threshold for that radionuclide 
and adding the ratios together. If the sum is equal to or exceeds 1, 
the quantity would be considered a category 2 quantity. Category 2 
quantities of radioactive material do not include the radioactive 
material contained in any fuel assembly, subassembly, fuel rod, or fuel 
pellet.
    Commission means the U.S. Nuclear Regulatory Commission or its duly 
authorized representatives.
    Curie means that amount of radioactive material which disintegrates 
at the rate of 37 billion atoms per second.
    Diversion means the unauthorized movement of radioactive material 
subject to this part to a location different from the material's 
authorized destination inside or outside of the site at which the 
material is used or stored.
    Escorted access means accompaniment while in a security zone by an 
approved individual who maintains continuous direct visual surveillance 
at all times over an individual who is not approved for unescorted 
access.
    Fingerprint orders means the orders issued by the U.S. Nuclear 
Regulatory Commission or the legally binding requirements issued by 
Agreement States that require fingerprints and criminal history records 
checks for individuals with unescorted access to category 1 and 
category 2 quantities of radioactive material or safeguards 
information-modified handling.
    Government agency means any executive department, commission, 
independent establishment, corporation, wholly or partly owned by the 
United States of America which is an instrumentality of the United 
States, or any board, bureau, division, service, office, officer, 
authority, administration, or other establishment in the executive 
branch of the Government.
    License, except where otherwise specified, means a license for 
byproduct material issued pursuant to the regulations in parts 30 
through 36 and 39 of this chapter;
    License issuing authority means the licensing agency that issued 
the license, i.e. the U.S. Nuclear Regulatory Commission or the 
appropriate agency of an Agreement State;
    Local law enforcement agency (LLEA) means a public or private 
organization that has been approved by a federal, state, or local 
government to carry firearms and make arrests, and is authorized and 
has the capability to provide an armed response in the jurisdiction 
where the licensed category 1 or category 2 quantity of radioactive 
material is used, stored, or transported.
    Lost or missing licensed material means licensed material whose 
location is unknown. It includes material that has been shipped but has 
not reached its destination and whose location cannot be readily traced 
in the transportation system.
    Mobile device means a piece of equipment containing licensed 
radioactive material that is either mounted on wheels or casters, or 
otherwise equipped for moving without a need for disassembly or 
dismounting; or designed to be hand carried. Mobile devices do not 
include stationary equipment installed in a fixed location.
    Movement control center means an operations center that is remote 
from transport activity and that maintains position information on the 
movement of radioactive material, receives reports of attempted attacks 
or thefts, provides a means for reporting these and other problems to 
appropriate agencies and can request and coordinate appropriate aid.
    No-later-than arrival time means the date and time that the 
shipping licensee and receiving licensee have established as the time 
at which an investigation will be initiated if the shipment has not 
arrived at the receiving facility. The no-later-than-arrival time may 
not be more than 6 hours after the estimated arrival time for shipments 
of category 2 quantities of radioactive material.
    Person means--
    (1) Any individual, corporation, partnership, firm, association, 
trust, estate, public or private institution, group, Government agency 
other than the Commission or the DOE (except that the Department shall 
be considered a

[[Page 17009]]

person within the meaning of the regulations in 10 CFR chapter I to the 
extent that its facilities and activities are subject to the licensing 
and related regulatory authority of the Commission under section 202 of 
the Energy Reorganization Act of 1974 (88 Stat. 1244), the Uranium Mill 
Tailings Radiation Control Act of 1978 (92 Stat. 3021), the Nuclear 
Waste Policy Act of 1982 (96 Stat. 2201), and section 3(b)(2) of the 
Low-Level Radioactive Waste Policy Amendments Act of 1985 (99 Stat. 
1842), any State or any political subdivision of or any political 
entity within a State, any foreign government or nation or any 
political subdivision of any such government or nation, or other 
entity; and
    (2) Any legal successor, representative, agent, or agency of the 
foregoing.
    Reviewing official means the individual who shall make the 
trustworthiness and reliability determination of an individual to 
determine whether the individual may have, or continue to have, 
unescorted access to the category 1 or category 2 quantities of 
radioactive materials that are possessed by the licensee.
    Sabotage means deliberate damage, with malevolent intent, to a 
category 1 or category 2 quantity of radioactive material, a device 
that contains a category 1 or category 2 quantity of radioactive 
material, or the components of the security system.
    Safe haven means a readily recognizable and readily accessible site 
at which security is present or from which, in the event of an 
emergency, the transport crew can notify and wait for the local law 
enforcement authorities.
    Security zone means any temporary or permanent area determined and 
established by the licensee for the physical protection of category 1 
or category 2 quantities of radioactive material.
    State means a State of the United States, the District of Columbia, 
the Commonwealth of Puerto Rico, the Virgin Islands, Guam, American 
Samoa, and the Commonwealth of the Northern Mariana Islands.
    Telemetric position monitoring system means a data transfer system 
that captures information by instrumentation and/or measuring devices 
about the location and status of a transport vehicle or package between 
the departure and destination locations.
    Trustworthiness and reliability are characteristics of an 
individual considered dependable in judgment, character, and 
performance, such that unescorted access to category 1 or category 2 
quantities of radioactive material by that individual does not 
constitute an unreasonable risk to the public health and safety or 
security. A determination of trustworthiness and reliability for this 
purpose is based upon the results from a background investigation.
    Unescorted access means solitary access to an aggregated category 1 
or category 2 quantity of radioactive material or the devices that 
contain the material.
    United States, when used in a geographical sense, includes Puerto 
Rico and all territories and possessions of the United States.


Sec.  37.7  Communications.

    Except where otherwise specified or covered under the regional 
licensing program as provided in Sec.  30.6(b) of this chapter, all 
communications and reports concerning the regulations in this part may 
be sent as follows:
    (a) By mail addressed to: ATTN: Document Control Desk; Director, 
Office of Nuclear Reactor Regulation; Director, Office of New Reactors; 
Director, Office of Nuclear Material Safety and Safeguards; Director, 
Office of Federal and State Materials and Environmental Management 
Programs; or Director, Division of Security Policy, Office of Nuclear 
Security and Incident Response, as appropriate, U.S. Nuclear Regulatory 
Commission, Washington, DC 20555-0001;
    (b) By hand delivery to the NRC's offices at 11555 Rockville Pike, 
Rockville, Maryland 20852;
    (c) Where practicable, by electronic submission, for example, 
Electronic Information Exchange, or CD-ROM. Electronic submissions must 
be made in a manner that enables the NRC to receive, read, 
authenticate, distribute, and archive the submission, and process and 
retrieve it a single page at a time. Detailed guidance on making 
electronic submissions can be obtained by visiting the NRC's Web site 
at http://www.nrc.gov/site-help/e-submittals.html; by email to 
nrc.gov">MSHD.Resource@nrc.gov; or by writing the Office of Information 
Services, U.S. Nuclear Regulatory Commission, Washington, DC 20555-
0001. The guidance discusses, among other topics, the formats the NRC 
can accept, the use of electronic signatures, and the treatment of 
nonpublic information.


Sec.  37.9  Interpretations.

    Except as specifically authorized by the Commission in writing, no 
interpretations of the meaning of the regulations in this part by any 
officer or employee of the Commission other than a written 
interpretation by the General Counsel will be recognized as binding 
upon the Commission.


Sec.  37.11  Specific exemptions.

    (a) The Commission may, upon application of any interested person 
or upon its own initiative, grant such exemptions from the requirements 
of the regulations in this part as it determines are authorized by law 
and will not endanger life or property or the common defense and 
security, and are otherwise in the public interest.
    (b) Any licensee's NRC-licensed activities are exempt from the 
requirements of subparts B and C of this part to the extent that its 
activities are included in a security plan required by part 73 of this 
chapter.
    (c) A licensee that possesses radioactive waste that contains 
category 1 or category 2 quantities of radioactive material is exempt 
from the requirements of subparts B, C, and D of this part. Except that 
any radioactive waste that contains discrete sources, ion-exchange 
resins, or activated material that weighs less than 2,000 kg (4,409 
lbs) is not exempt from the requirements of this part. The licensee 
shall implement the following requirements to secure the radioactive 
waste:
    (1) Use continuous physical barriers that allow access to the 
radioactive waste only through established access control points;
    (2) Use a locked door or gate with monitored alarm at the access 
control point;
    (3) Assess and respond to each actual or attempted unauthorized 
access to determine whether an actual or attempted theft, sabotage, or 
diversion occurred; and
    (4) Immediately notify the LLEA and request an armed response from 
the LLEA upon determination that there was an actual or attempted 
theft, sabotage, or diversion of the radioactive waste that contains 
category 1 or category 2 quantities of radioactive material.


Sec.  37.13  Information collection requirements: OMB approval.

    (a) The U.S. Nuclear Regulatory Commission has submitted the 
information collection requirements contained in this part to the 
Office of Management and Budget (OMB) for approval as required by the 
Paperwork Reduction Act (44 U.S.C. 3501 et seq.). The NRC may not 
conduct or sponsor, and a person is not required to respond to, a 
collection of information unless it displays a currently valid OMB 
control number. The OMB has approved the information collection 
requirements

[[Page 17010]]

contained in this part under control number 3150-0214.
    (b) The approved information collection requirements contained in 
this part appear in Sec. Sec.  37.11, 37.21, 37.23, 37.25, 37.27, 
37.29, 37.31, 37.33, 37.41, 37.43, 37.45, 37.49, 37.51, 37.55, 37.57, 
37.71, 37.75, 37.77, 37.79, and 37.81.

Subpart B--Background Investigations and Access Authorization 
Program


Sec.  37.21  Personnel access authorization requirements for category 1 
or category 2 quantities of radioactive material.

    (a) General. (1) Each licensee that possesses an aggregated 
quantity of radioactive material at or above the category 2 threshold 
shall establish, implement, and maintain its access authorization 
program in accordance with the requirements of this subpart.
    (2) An applicant for a new license and each licensee that would 
become newly subject to the requirements of this subpart upon 
application for modification of its license shall implement the 
requirements of this subpart, as appropriate, before taking possession 
of an aggregated category 1 or category 2 quantity of radioactive 
material.
    (3) Any licensee that has not previously implemented the Security 
Orders or been subject to the provisions of this subpart B shall 
implement the provisions of this subpart B before aggregating 
radioactive material to a quantity that equals or exceeds the category 
2 threshold.
    (b) General performance objective. The licensee's access 
authorization program must ensure that the individuals specified in 
paragraph (c)(1) of this section are trustworthy and reliable.
    (c) Applicability. (1) Licensees shall subject the following 
individuals to an access authorization program:
    (i) Any individual whose assigned duties require unescorted access 
to category 1 or category 2 quantities of radioactive material or to 
any device that contains the radioactive material; and
    (ii) Reviewing officials.
    (2) Licensees need not subject the categories of individuals listed 
in Sec.  37.29(a)(1) through (13) to the investigation elements of the 
access authorization program.
    (3) Licensees shall approve for unescorted access to category 1 or 
category 2 quantities of radioactive material only those individuals 
with job duties that require unescorted access to category 1 or 
category 2 quantities of radioactive material.
    (4) Licensees may include individuals needing access to safeguards 
information-modified handling under part 73 of this chapter in the 
access authorization program under this subpart B.


Sec.  37.23  Access authorization program requirements.

    (a) Granting unescorted access authorization. (1) Licensees shall 
implement the requirements of this subpart for granting initial or 
reinstated unescorted access authorization.
    (2) Individuals who have been determined to be trustworthy and 
reliable shall also complete the security training required by Sec.  
37.43(c) before being allowed unescorted access to category 1 or 
category 2 quantities of radioactive material.
    (b) Reviewing officials. (1) Reviewing officials are the only 
individuals who may make trustworthiness and reliability determinations 
that allow individuals to have unescorted access to category 1 or 
category 2 quantities of radioactive materials possessed by the 
licensee.
    (2) Each licensee shall name one or more individuals to be 
reviewing officials. After completing the background investigation on 
the reviewing official, the licensee shall provide under oath or 
affirmation, a certification that the reviewing official is deemed 
trustworthy and reliable by the licensee. The fingerprints of the named 
reviewing official must be taken by a law enforcement agency, Federal 
or State agencies that provide fingerprinting services to the public, 
or commercial fingerprinting services authorized by a State to take 
fingerprints. The licensee shall recertify that the reviewing official 
is deemed trustworthy and reliable every 10 years in accordance with 
Sec.  37.25(b).
    (3) Reviewing officials must be permitted to have unescorted access 
to category 1 or category 2 quantities of radioactive materials or 
access to safeguards information or safeguards information-modified 
handling, if the licensee possesses safeguards information or 
safeguards information-modified handling.
    (4) Reviewing officials cannot approve other individuals to act as 
reviewing officials.
    (5) A reviewing official does not need to undergo a new background 
investigation before being named by the licensee as the reviewing 
official if:
    (i) The individual has undergone a background investigation that 
included fingerprinting and an FBI criminal history records check and 
has been determined to be trustworthy and reliable by the licensee; or
    (ii) The individual is subject to a category listed in Sec.  
37.29(a).
    (c) Informed consent. (1) Licensees may not initiate a background 
investigation without the informed and signed consent of the subject 
individual. This consent must include authorization to share personal 
information with other individuals or organizations as necessary to 
complete the background investigation. Before a final adverse 
determination, the licensee shall provide the individual with an 
opportunity to correct any inaccurate or incomplete information that is 
developed during the background investigation. Licensees do not need to 
obtain signed consent from those individuals that meet the requirements 
of Sec.  37.25(b). A signed consent must be obtained prior to any 
reinvestigation.
    (2) The subject individual may withdraw his or her consent at any 
time. Licensees shall inform the individual that:
    (i) If an individual withdraws his or her consent, the licensee may 
not initiate any elements of the background investigation that were not 
in progress at the time the individual withdrew his or her consent; and
    (ii) The withdrawal of consent for the background investigation is 
sufficient cause for denial or termination of unescorted access 
authorization.
    (d) Personal history disclosure. Any individual who is applying for 
unescorted access authorization shall disclose the personal history 
information that is required by the licensee's access authorization 
program for the reviewing official to make a determination of the 
individual's trustworthiness and reliability. Refusal to provide, or 
the falsification of, any personal history information required by this 
subpart is sufficient cause for denial or termination of unescorted 
access.
    (e) Determination basis. (1) The reviewing official shall determine 
whether to permit, deny, unfavorably terminate, maintain, or 
administratively withdraw an individual's unescorted access 
authorization based on an evaluation of all of the information 
collected to meet the requirements of this subpart.
    (2) The reviewing official may not permit any individual to have 
unescorted access until the reviewing official has evaluated all of the 
information collected to meet the requirements of this subpart and 
determined that the individual is trustworthy and reliable. The 
reviewing official may deny unescorted access to

[[Page 17011]]

any individual based on information obtained at any time during the 
background investigation.
    (3) The licensee shall document the basis for concluding whether or 
not there is reasonable assurance that an individual is trustworthy and 
reliable.
    (4) The reviewing official may terminate or administratively 
withdraw an individual's unescorted access authorization based on 
information obtained after the background investigation has been 
completed and the individual granted unescorted access authorization.
    (5) Licensees shall maintain a list of persons currently approved 
for unescorted access authorization. When a licensee determines that a 
person no longer requires unescorted access or meets the access 
authorization requirement, the licensee shall remove the person from 
the approved list as soon as possible, but no later than 7 working 
days, and take prompt measures to ensure that the individual is unable 
to have unescorted access to the material.
    (f) Procedures. Licensees shall develop, implement, and maintain 
written procedures for implementing the access authorization program. 
The procedures must include provisions for the notification of 
individuals who are denied unescorted access. The procedures must 
include provisions for the review, at the request of the affected 
individual, of a denial or termination of unescorted access 
authorization. The procedures must contain a provision to ensure that 
the individual is informed of the grounds for the denial or termination 
of unescorted access authorization and allow the individual an 
opportunity to provide additional relevant information.
    (g) Right to correct and complete information. (1) Prior to any 
final adverse determination, licensees shall provide each individual 
subject to this subpart with the right to complete, correct, and 
explain information obtained as a result of the licensee's background 
investigation. Confirmation of receipt by the individual of this 
notification must be maintained by the licensee for a period of 1 year 
from the date of the notification.
    (2) If, after reviewing his or her criminal history record, an 
individual believes that it is incorrect or incomplete in any respect 
and wishes to change, correct, update, or explain anything in the 
record, the individual may initiate challenge procedures. These 
procedures include direct application by the individual challenging the 
record to the law enforcement agency that contributed the questioned 
information or a direct challenge as to the accuracy or completeness of 
any entry on the criminal history record to the Federal Bureau of 
Investigation, Criminal Justice Information Services (CJIS) Division, 
ATTN: SCU, Mod. D-2, 1000 Custer Hollow Road, Clarksburg, WV 26306 as 
set forth in 28 CFR 16.30 through 16.34. In the latter case, the 
Federal Bureau of Investigation (FBI) will forward the challenge to the 
agency that submitted the data, and will request that the agency verify 
or correct the challenged entry. Upon receipt of an official 
communication directly from the agency that contributed the original 
information, the FBI Identification Division makes any changes 
necessary in accordance with the information supplied by that agency. 
Licensees must provide at least 10 days for an individual to initiate 
action to challenge the results of an FBI criminal history records 
check after the record being made available for his or her review. The 
licensee may make a final adverse determination based upon the criminal 
history records only after receipt of the FBI's confirmation or 
correction of the record.
    (h) Records. (1) The licensee shall retain documentation regarding 
the trustworthiness and reliability of individual employees for 3 years 
from the date the individual no longer requires unescorted access to 
category 1 or category 2 quantities of radioactive material.
    (2) The licensee shall retain a copy of the current access 
authorization program procedures as a record for 3 years after the 
procedure is no longer needed. If any portion of the procedure is 
superseded, the licensee shall retain the superseded material for 3 
years after the record is superseded.
    (3) The licensee shall retain the list of persons approved for 
unescorted access authorization for 3 years after the list is 
superseded or replaced.


Sec.  37.25  Background investigations.

    (a) Initial investigation. Before allowing an individual unescorted 
access to category 1 or category 2 quantities of radioactive material 
or to the devices that contain the material, licensees shall complete a 
background investigation of the individual seeking unescorted access 
authorization. The scope of the investigation must encompass at least 
the 7 years preceding the date of the background investigation or since 
the individual's eighteenth birthday, whichever is shorter. The 
background investigation must include at a minimum:
    (1) Fingerprinting and an FBI identification and criminal history 
records check in accordance with Sec.  37.27;
    (2) Verification of true identity. Licensees shall verify the true 
identity of the individual who is applying for unescorted access 
authorization to ensure that the applicant is who he or she claims to 
be. A licensee shall review official identification documents (e.g., 
driver's license; passport; government identification; certificate of 
birth issued by the state, province, or country of birth) and compare 
the documents to personal information data provided by the individual 
to identify any discrepancy in the information. Licensees shall 
document the type, expiration, and identification number of the 
identification document, or maintain a photocopy of identifying 
documents on file in accordance with Sec.  37.31. Licensees shall 
certify in writing that the identification was properly reviewed, and 
shall maintain the certification and all related documents for review 
upon inspection;
    (3) Employment history verification. Licensees shall complete an 
employment history verification, including military history. Licensees 
shall verify the individual's employment with each previous employer 
for the most recent 7 years before the date of application;
    (4) Verification of education. Licensees shall verify that the 
individual participated in the education process during the claimed 
period;
    (5) Character and reputation determination. Licensees shall 
complete reference checks to determine the character and reputation of 
the individual who has applied for unescorted access authorization. 
Unless other references are not available, reference checks may not be 
conducted with any person who is known to be a close member of the 
individual's family, including but not limited to the individual's 
spouse, parents, siblings, or children, or any individual who resides 
in the individual's permanent household. Reference checks under this 
subpart must be limited to whether the individual has been and 
continues to be trustworthy and reliable;
    (6) The licensee shall also, to the extent possible, obtain 
independent information to corroborate that provided by the individual 
(e.g., seek references not supplied by the individual); and
    (7) If a previous employer, educational institution, or any other 
entity with which the individual claims to have been engaged fails to 
provide information or indicates an inability or unwillingness to 
provide information

[[Page 17012]]

within a time frame deemed appropriate by the licensee but at least 
after 10 business days of the request or if the licensee is unable to 
reach the entity, the licensee shall document the refusal, 
unwillingness, or inability in the record of investigation; and attempt 
to obtain the information from an alternate source.
    (b) Grandfathering. (1) Individuals who have been determined to be 
trustworthy and reliable for unescorted access to category 1 or 
category 2 quantities of radioactive material under the Fingerprint 
Orders may continue to have unescorted access to category 1 and 
category 2 quantities of radioactive material without further 
investigation. These individuals shall be subject to the 
reinvestigation requirement.
    (2) Individuals who have been determined to be trustworthy and 
reliable under the provisions of part 73 of this chapter or the 
security orders for access to safeguards information, safeguards 
information-modified handling, or risk-significant material may have 
unescorted access to category 1 and category 2 quantities of 
radioactive material without further investigation. The licensee shall 
document that the individual was determined to be trustworthy and 
reliable under the provisions of part 73 of this chapter or a security 
order. Security order, in this context, refers to any order that was 
issued by the NRC that required fingerprints and an FBI criminal 
history records check for access to safeguards information, safeguards 
information-modified handling, or risk significant material such as 
special nuclear material or large quantities of uranium hexafluoride. 
These individuals shall be subject to the reinvestigation requirement.
    (c) Reinvestigations. Licensees shall conduct a reinvestigation 
every 10 years for any individual with unescorted access to category 1 
or category 2 quantities of radioactive material. The reinvestigation 
shall consist of fingerprinting and an FBI identification and criminal 
history records check in accordance with Sec.  37.27. The 
reinvestigations must be completed within 10 years of the date on which 
these elements were last completed.


Sec.  37.27  Requirements for criminal history records checks of 
individuals granted unescorted access to category 1 or category 2 
quantities of radioactive material.

    (a) General performance objective and requirements. (1) Except for 
those individuals listed in Sec.  37.29 and those individuals 
grandfathered under Sec.  37.25(b), each licensee subject to the 
provisions of this subpart shall fingerprint each individual who is to 
be permitted unescorted access to category 1 or category 2 quantities 
of radioactive material. Licensees shall transmit all collected 
fingerprints to the Commission for transmission to the FBI. The 
licensee shall use the information received from the FBI as part of the 
required background investigation to determine whether to grant or deny 
further unescorted access to category 1 or category 2 quantities of 
radioactive materials for that individual.
    (2) The licensee shall notify each affected individual that his or 
her fingerprints will be used to secure a review of his or her criminal 
history record, and shall inform him or her of the procedures for 
revising the record or adding explanations to the record.
    (3) Fingerprinting is not required if a licensee is reinstating an 
individual's unescorted access authorization to category 1 or category 
2 quantities of radioactive materials if:
    (i) The individual returns to the same facility that granted 
unescorted access authorization within 365 days of the termination of 
his or her unescorted access authorization; and
    (ii) The previous access was terminated under favorable conditions.
    (4) Fingerprints do not need to be taken if an individual who is an 
employee of a licensee, contractor, manufacturer, or supplier has been 
granted unescorted access to category 1 or category 2 quantities of 
radioactive material, access to safeguards information, or safeguards 
information-modified handling by another licensee, based upon a 
background investigation conducted under this subpart, the Fingerprint 
Orders, or part 73 of this chapter. An existing criminal history 
records check file may be transferred to the licensee asked to grant 
unescorted access in accordance with the provisions of Sec.  37.31(c).
    (5) Licensees shall use the information obtained as part of a 
criminal history records check solely for the purpose of determining an 
individual's suitability for unescorted access authorization to 
category 1 or category 2 quantities of radioactive materials, access to 
safeguards information, or safeguards information-modified handling.
    (b) Prohibitions. (1) Licensees may not base a final determination 
to deny an individual unescorted access authorization to category 1 or 
category 2 quantities of radioactive material solely on the basis of 
information received from the FBI involving:
    (i) An arrest more than 1 year old for which there is no 
information of the disposition of the case; or
    (ii) An arrest that resulted in dismissal of the charge or an 
acquittal.
    (2) Licensees may not use information received from a criminal 
history records check obtained under this subpart in a manner that 
would infringe upon the rights of any individual under the First 
Amendment to the Constitution of the United States, nor shall licensees 
use the information in any way that would discriminate among 
individuals on the basis of race, religion, national origin, gender, or 
age.
    (c) Procedures for processing of fingerprint checks. (1) For the 
purpose of complying with this subpart, licensees shall use an 
appropriate method listed in Sec.  37.7 to submit to the U.S. Nuclear 
Regulatory Commission, Director, Division of Facilities and Security, 
11545 Rockville Pike, ATTN: Criminal History Program/Mail Stop TWB-05 
B32M, Rockville, Maryland 20852, one completed, legible standard 
fingerprint card (Form FD-258, ORIMDNRCOOOZ), electronic fingerprint 
scan or, where practicable, other fingerprint record for each 
individual requiring unescorted access to category 1 or category 2 
quantities of radioactive material. Copies of these forms may be 
obtained by writing the Office of Information Services, U.S. Nuclear 
Regulatory Commission, Washington, DC 20555-0001, by calling 1-630-829-
9565, or by email to nrc.gov">FORMS.Resource@nrc.gov. Guidance on submitting 
electronic fingerprints can be found at http://www.nrc.gov/site-help/e-submittals.html.
    (2) Fees for the processing of fingerprint checks are due upon 
application. Licensees shall submit payment with the application for 
the processing of fingerprints through corporate check, certified 
check, cashier's check, money order, or electronic payment, made 
payable to ``U.S. NRC.'' (For guidance on making electronic payments, 
contact the Security Branch, Division of Facilities and Security at 
301-492-3531.) Combined payment for multiple applications is 
acceptable. The Commission publishes the amount of the fingerprint 
check application fee on the NRC's public Web site. (To find the 
current fee amount, go to the Electronic Submittals page at http://www.nrc.gov/site-help/e-submittals.html and see the link for the 
Criminal History Program under Electronic Submission Systems.)
    (3) The Commission will forward to the submitting licensee all data 
received from the FBI as a result of the licensee's

[[Page 17013]]

application(s) for criminal history records checks.


Sec.  37.29  Relief from fingerprinting, identification, and criminal 
history records checks and other elements of background investigations 
for designated categories of individuals permitted unescorted access to 
certain radioactive materials.

    (a) Fingerprinting, and the identification and criminal history 
records checks required by section 149 of the Atomic Energy Act of 
1954, as amended, and other elements of the background investigation 
are not required for the following individuals prior to granting 
unescorted access to category 1 or category 2 quantities of radioactive 
materials:
    (1) An employee of the Commission or of the Executive Branch of the 
U.S. Government who has undergone fingerprinting for a prior U.S. 
Government criminal history records check;
    (2) A Member of Congress;
    (3) An employee of a member of Congress or Congressional committee 
who has undergone fingerprinting for a prior U.S. Government criminal 
history records check;
    (4) The Governor of a State or his or her designated State employee 
representative;
    (5) Federal, State, or local law enforcement personnel;
    (6) State Radiation Control Program Directors and State Homeland 
Security Advisors or their designated State employee representatives;
    (7) Agreement State employees conducting security inspections on 
behalf of the NRC under an agreement executed under section 274.i. of 
the Atomic Energy Act;
    (8) Representatives of the International Atomic Energy Agency 
(IAEA) engaged in activities associated with the U.S./IAEA Safeguards 
Agreement who have been certified by the NRC;
    (9) Emergency response personnel who are responding to an 
emergency;
    (10) Commercial vehicle drivers for road shipments of category 2 
quantities of radioactive material;
    (11) Package handlers at transportation facilities such as freight 
terminals and railroad yards;
    (12) Any individual who has an active Federal security clearance, 
provided that he or she makes available the appropriate documentation. 
Written confirmation from the agency/employer that granted the Federal 
security clearance or reviewed the criminal history records check must 
be provided to the licensee. The licensee shall retain this 
documentation for a period of 3 years from the date the individual no 
longer requires unescorted access to category 1 or category 2 
quantities of radioactive material; and
    (13) Any individual employed by a service provider licensee for 
which the service provider licensee has conducted the background 
investigation for the individual and approved the individual for 
unescorted access to category 1 or category 2 quantities of radioactive 
material. Written verification from the service provider must be 
provided to the licensee. The licensee shall retain the documentation 
for a period of 3 years from the date the individual no longer requires 
unescorted access to category 1 or category 2 quantities of radioactive 
material.
    (b) Fingerprinting, and the identification and criminal history 
records checks required by section 149 of the Atomic Energy Act of 
1954, as amended, are not required for an individual who has had a 
favorably adjudicated U.S. Government criminal history records check 
within the last 5 years, under a comparable U.S. Government program 
involving fingerprinting and an FBI identification and criminal history 
records check provided that he or she makes available the appropriate 
documentation. Written confirmation from the agency/employer that 
reviewed the criminal history records check must be provided to the 
licensee. The licensee shall retain this documentation for a period of 
3 years from the date the individual no longer requires unescorted 
access to category 1 or category 2 quantities of radioactive material. 
These programs include, but are not limited to:
    (1) National Agency Check;
    (2) Transportation Worker Identification Credentials (TWIC) under 
49 CFR part 1572;
    (3) Bureau of Alcohol, Tobacco, Firearms, and Explosives background 
check and clearances under 27 CFR part 555;
    (4) Health and Human Services security risk assessments for 
possession and use of select agents and toxins under 42 CFR part 73;
    (5) Hazardous Material security threat assessment for hazardous 
material endorsement to commercial drivers license under 49 CFR part 
1572; and
    (6) Customs and Border Protection's Free and Secure Trade (FAST) 
Program.


Sec.  37.31  Protection of information.

    (a) Each licensee who obtains background information on an 
individual under this subpart shall establish and maintain a system of 
files and written procedures for protection of the record and the 
personal information from unauthorized disclosure.
    (b) The licensee may not disclose the record or personal 
information collected and maintained to persons other than the subject 
individual, his or her representative, or to those who have a need to 
have access to the information in performing assigned duties in the 
process of granting or denying unescorted access to category 1 or 
category 2 quantities of radioactive material, safeguards information, 
or safeguards information-modified handling. No individual authorized 
to have access to the information may disseminate the information to 
any other individual who does not have a need to know.
    (c) The personal information obtained on an individual from a 
background investigation may be provided to another licensee:
    (1) Upon the individual's written request to the licensee holding 
the data to disseminate the information contained in his or her file; 
and
    (2) The recipient licensee verifies information such as name, date 
of birth, social security number, gender, and other applicable physical 
characteristics.
    (d) The licensee shall make background investigation records 
obtained under this subpart available for examination by an authorized 
representative of the NRC to determine compliance with the regulations 
and laws.
    (e) The licensee shall retain all fingerprint and criminal history 
records (including data indicating no record) received from the FBI, or 
a copy of these records if the individual's file has been transferred, 
on an individual for 3 years from the date the individual no longer 
requires unescorted access to category 1 or category 2 quantities of 
radioactive material.


Sec.  37.33  Access authorization program review.

    (a) Each licensee shall be responsible for the continuing 
effectiveness of the access authorization program. Each licensee shall 
ensure that access authorization programs are reviewed to confirm 
compliance with the requirements of this subpart and that comprehensive 
actions are taken to correct any noncompliance that is identified. The 
review program shall evaluate all program performance objectives and 
requirements. Each licensee shall periodically (at least annually) 
review the access program content and implementation.
    (b) The results of the reviews, along with any recommendations, 
must be

[[Page 17014]]

documented. Each review report must identify conditions that are 
adverse to the proper performance of the access authorization program, 
the cause of the condition(s), and, when appropriate, recommend 
corrective actions, and corrective actions taken. The licensee shall 
review the findings and take any additional corrective actions 
necessary to preclude repetition of the condition, including 
reassessment of the deficient areas where indicated.
    (c) Review records must be maintained for 3 years.

Subpart C--Physical Protection Requirements During Use


Sec.  37.41  Security program.

    (a) Applicability. (1) Each licensee that possesses an aggregated 
category 1 or category 2 quantity of radioactive material shall 
establish, implement, and maintain a security program in accordance 
with the requirements of this subpart.
    (2) An applicant for a new license and each licensee that would 
become newly subject to the requirements of this subpart upon 
application for modification of its license shall implement the 
requirements of this subpart, as appropriate, before taking possession 
of an aggregated category 1 or category 2 quantity of radioactive 
material.
    (3) Any licensee that has not previously implemented the Security 
Orders or been subject to the provisions of subpart C shall provide 
written notification to the NRC regional office specified in Sec.  30.6 
of this chapter at least 90 days before aggregating radioactive 
material to a quantity that equals or exceeds the category 2 threshold.
    (b) General performance objective. Each licensee shall establish, 
implement, and maintain a security program that is designed to monitor 
and, without delay, detect, assess, and respond to an actual or 
attempted unauthorized access to category 1 or category 2 quantities of 
radioactive material.
    (c) Program features. Each licensee's security program must include 
the program features, as appropriate, described in Sec. Sec.  37.43, 
37.45, 37.47, 37.49, 37.51, 37.53, and 37.55.


Sec.  37.43  General security program requirements.

    (a) Security plan. (1) Each licensee identified in Sec.  37.41(a) 
shall develop a written security plan specific to its facilities and 
operations. The purpose of the security plan is to establish the 
licensee's overall security strategy to ensure the integrated and 
effective functioning of the security program required by this subpart. 
The security plan must, at a minimum:
    (i) Describe the measures and strategies used to implement the 
requirements of this subpart; and
    (ii) Identify the security resources, equipment, and technology 
used to satisfy the requirements of this subpart.
    (2) The security plan must be reviewed and approved by the 
individual with overall responsibility for the security program.
    (3) A licensee shall revise its security plan as necessary to 
ensure the effective implementation of Commission requirements. The 
licensee shall ensure that:
    (i) The revision has been reviewed and approved by the individual 
with overall responsibility for the security program; and
    (ii) The affected individuals are instructed on the revised plan 
before the changes are implemented.
    (4) The licensee shall retain a copy of the current security plan 
as a record for 3 years after the security plan is no longer required. 
If any portion of the plan is superseded, the licensee shall retain the 
superseded material for 3 years after the record is superseded.
    (b) Implementing procedures. (1) The licensee shall develop and 
maintain written procedures that document how the requirements of this 
subpart and the security plan will be met.
    (2) The implementing procedures and revisions to these procedures 
must be approved in writing by the individual with overall 
responsibility for the security program.
    (3) The licensee shall retain a copy of the current procedure as a 
record for 3 years after the procedure is no longer needed. Superseded 
portions of the procedure must be retained for 3 years after the record 
is superseded.
    (c) Training. (1) Each licensee shall conduct training to ensure 
that those individuals implementing the security program possess and 
maintain the knowledge, skills, and abilities to carry out their 
assigned duties and responsibilities effectively. The training must 
include instruction in:
    (i) The licensee's security program and procedures to secure 
category 1 or category 2 quantities of radioactive material, and in the 
purposes and functions of the security measures employed;
    (ii) The responsibility to report promptly to the licensee any 
condition that causes or may cause a violation of Commission 
requirements;
    (iii) The responsibility of the licensee to report promptly to the 
local law enforcement agency and licensee any actual or attempted 
theft, sabotage, or diversion of category 1 or category 2 quantities of 
radioactive material; and
    (iv) The appropriate response to security alarms.
    (2) In determining those individuals who shall be trained on the 
security program, the licensee shall consider each individual's 
assigned activities during authorized use and response to potential 
situations involving actual or attempted theft, diversion, or sabotage 
of category 1 or category 2 quantities of radioactive material. The 
extent of the training must be commensurate with the individual's 
potential involvement in the security of category 1 or category 2 
quantities of radioactive material.
    (3) Refresher training must be provided at a frequency not to 
exceed 12 months and when significant changes have been made to the 
security program. This training must include:
    (i) Review of the training requirements of paragraph (c) of this 
section and any changes made to the security program since the last 
training;
    (ii) Reports on any relevant security issues, problems, and lessons 
learned;
    (iii) Relevant results of NRC inspections; and
    (iv) Relevant results of the licensee's program review and testing 
and maintenance.
    (4) The licensee shall maintain records of the initial and 
refresher training for 3 years from the date of the training. The 
training records must include dates of the training, topics covered, a 
list of licensee personnel in attendance, and related information.
    (d) Protection of information. (1) Except as provided in paragraph 
(d)(9) of this section, licensees authorized to possess category 1 or 
category 2 quantities of radioactive material shall limit access to and 
unauthorized disclosure of their security plan, implementing 
procedures, and the list of individuals that have been approved for 
unescorted access.
    (2) Efforts to limit access shall include the development, 
implementation, and maintenance of written policies and procedures for 
controlling access to, and for proper handling and protection against 
unauthorized disclosure of, the security plan and implementing 
procedures.
    (3) Before granting an individual access to the security plan or 
implementing procedures, licensees shall:
    (i) Evaluate an individual's need to know the security plan or 
implementing procedures; and
    (ii) If the individual has not been authorized for unescorted 
access to

[[Page 17015]]

category 1 or category 2 quantities of radioactive material, safeguards 
information, or safeguards information-modified handling, the licensee 
must complete a background investigation to determine the individual's 
trustworthiness and reliability. A trustworthiness and reliability 
determination shall be conducted by the reviewing official and shall 
include the background investigation elements contained in Sec.  
37.25(a)(2) through (a)(7).
    (4) Licensees need not subject the following individuals to the 
background investigation elements for protection of information:
    (i) The categories of individuals listed in Sec.  37.29(a)(1) 
through (13); or
    (ii) Security service provider employees, provided written 
verification that the employee has been determined to be trustworthy 
and reliable, by the required background investigation in Sec.  
37.25(a)(2) through (a)(7), has been provided by the security service 
provider.
    (5) The licensee shall document the basis for concluding that an 
individual is trustworthy and reliable and should be granted access to 
the security plan or implementing procedures.
    (6) Licensees shall maintain a list of persons currently approved 
for access to the security plan or implementing procedures. When a 
licensee determines that a person no longer needs access to the 
security plan or implementing procedures or no longer meets the access 
authorization requirements for access to the information, the licensee 
shall remove the person from the approved list as soon as possible, but 
no later than 7 working days, and take prompt measures to ensure that 
the individual is unable to obtain the security plan or implementing 
procedures.
    (7) When not in use, the licensee shall store its security plan and 
implementing procedures in a manner to prevent unauthorized access. 
Information stored in nonremovable electronic form must be password 
protected.
    (8) The licensee shall retain as a record for 3 years after the 
document is no longer needed:
    (i) A copy of the information protection procedures; and
    (ii) The list of individuals approved for access to the security 
plan or implementing procedures.
    (9) Licensees that possess safeguards information or safeguards 
information-modified handling are subject to the requirements of Sec.  
73.21 of this chapter, and shall protect any safeguards information or 
safeguards information-modified handling in accordance with the 
requirements of that section.


Sec.  37.45  LLEA coordination.

    (a) A licensee subject to this subpart shall coordinate, to the 
extent practicable, with an LLEA for responding to threats to the 
licensee's facility, including any necessary armed response. The 
information provided to the LLEA must include:
    (1) A description of the facilities and the category 1 and category 
2 quantities of radioactive materials along with a description of the 
licensee's security measures that have been implemented to comply with 
this subpart; and
    (2) A notification that the licensee will request a timely armed 
response by the LLEA to any actual or attempted theft, sabotage, or 
diversion of category 1 or category 2 quantities of material.
    (b) The licensee shall notify the appropriate NRC regional office 
listed in Sec.  30.6(a)(2) of this chapter within 3 business days if:
    (1) The LLEA has not responded to the request for coordination 
within 60 days of the coordination request; or
    (2) The LLEA notifies the licensee that the LLEA does not plan to 
participate in coordination activities.
    (c) The licensee shall document its efforts to coordinate with the 
LLEA. The documentation must be kept for 3 years.
    (d) The licensee shall coordinate with the LLEA at least every 12 
months, or when changes to the facility design or operation adversely 
affect the potential vulnerability of the licensee's material to theft, 
sabotage, or diversion.


Sec.  37.47  Security zones.

    (a) Licensees shall ensure that all aggregated category 1 and 
category 2 quantities of radioactive material are used or stored within 
licensee-established security zones. Security zones may be permanent or 
temporary.
    (b) Temporary security zones must be established as necessary to 
meet the licensee's transitory or intermittent business activities, 
such as periods of maintenance, source delivery, and source 
replacement.
    (c) Security zones must, at a minimum, allow unescorted access only 
to approved individuals through:
    (1) Isolation of category 1 and category 2 quantities of 
radioactive materials by the use of continuous physical barriers that 
allow access to the security zone only through established access 
control points. A physical barrier is a natural or man-made structure 
or formation sufficient for the isolation of the category 1 or category 
2 quantities of radioactive material within a security zone; or
    (2) Direct control of the security zone by approved individuals at 
all times; or
    (3) A combination of continuous physical barriers and direct 
control.
    (d) For category 1 quantities of radioactive material during 
periods of maintenance, source receipt, preparation for shipment, 
installation, or source removal or exchange, the licensee shall, at a 
minimum, provide sufficient individuals approved for unescorted access 
to maintain continuous surveillance of sources in temporary security 
zones and in any security zone in which physical barriers or intrusion 
detection systems have been disabled to allow such activities.
    (e) Individuals not approved for unescorted access to category 1 or 
category 2 quantities of radioactive material must be escorted by an 
approved individual when in a security zone.


Sec.  37.49  Monitoring, detection, and assessment.

    (a) Monitoring and detection. (1) Licensees shall establish and 
maintain the capability to continuously monitor and detect without 
delay all unauthorized entries into its security zones. Licensees shall 
provide the means to maintain continuous monitoring and detection 
capability in the event of a loss of the primary power source, or 
provide for an alarm and response in the event of a loss of this 
capability to continuously monitor and detect unauthorized entries.
    (2) Monitoring and detection must be performed by:
    (i) A monitored intrusion detection system that is linked to an 
onsite or offsite central monitoring facility; or
    (ii) Electronic devices for intrusion detection alarms that will 
alert nearby facility personnel; or
    (iii) A monitored video surveillance system; or
    (iv) Direct visual surveillance by approved individuals located 
within the security zone; or
    (v) Direct visual surveillance by a licensee designated individual 
located outside the security zone.
    (3) A licensee subject to this subpart shall also have a means to 
detect unauthorized removal of the radioactive material from the 
security zone. This detection capability must provide:
    (i) For category 1 quantities of radioactive material, immediate 
detection of any attempted unauthorized removal of the radioactive 
material from the security zone. Such immediate detection capability 
must be provided by:
    (A) Electronic sensors linked to an alarm; or
    (B) Continuous monitored video surveillance; or

[[Page 17016]]

    (C) Direct visual surveillance.
    (ii) For category 2 quantities of radioactive material, weekly 
verification through physical checks, tamper indicating devices, use, 
or other means to ensure that the radioactive material is present.
    (b) Assessment. Licensees shall immediately assess each actual or 
attempted unauthorized entry into the security zone to determine 
whether the unauthorized access was an actual or attempted theft, 
sabotage, or diversion.
    (c) Personnel communications and data transmission. For personnel 
and automated or electronic systems supporting the licensee's 
monitoring, detection, and assessment systems, licensees shall:
    (1) Maintain continuous capability for personnel communication and 
electronic data transmission and processing among site security 
systems; and
    (2) Provide an alternative communication capability for personnel, 
and an alternative data transmission and processing capability, in the 
event of a loss of the primary means of communication or data 
transmission and processing. Alternative communications and data 
transmission systems may not be subject to the same failure modes as 
the primary systems.
    (d) Response. Licensees shall immediately respond to any actual or 
attempted unauthorized access to the security zones, or actual or 
attempted theft, sabotage, or diversion of category 1 or category 2 
quantities of radioactive material at licensee facilities or temporary 
job sites. For any unauthorized access involving an actual or attempted 
theft, sabotage, or diversion of category 1 or category 2 quantities of 
radioactive material, the licensee's response shall include requesting, 
without delay, an armed response from the LLEA.


Sec.  37.51  Maintenance and testing.

    (a) Each licensee subject to this subpart shall implement a 
maintenance and testing program to ensure that intrusion alarms, 
associated communication systems, and other physical components of the 
systems used to secure or detect unauthorized access to radioactive 
material are maintained in operable condition and are capable of 
performing their intended function when needed. The equipment relied on 
to meet the security requirements of this part must be inspected and 
tested for operability and performance at the manufacturer's suggested 
frequency. If there is no suggested manufacturer's suggested frequency, 
the testing must be performed at least annually, not to exceed 12 
months.
    (b) The licensee shall maintain records on the maintenance and 
testing activities for 3 years.


Sec.  37.53  Requirements for mobile devices.

    Each licensee that possesses mobile devices containing category 1 
or category 2 quantities of radioactive material must:
    (a) Have two independent physical controls that form tangible 
barriers to secure the material from unauthorized removal when the 
device is not under direct control and constant surveillance by the 
licensee; and
    (b) For devices in or on a vehicle or trailer, unless the health 
and safety requirements for a site prohibit the disabling of the 
vehicle, the licensee shall utilize a method to disable the vehicle or 
trailer when not under direct control and constant surveillance by the 
licensee. Licensees shall not rely on the removal of an ignition key to 
meet this requirement.


Sec.  37.55  Security program review.

    (a) Each licensee shall be responsible for the continuing 
effectiveness of the security program. Each licensee shall ensure that 
the security program is reviewed to confirm compliance with the 
requirements of this subpart and that comprehensive actions are taken 
to correct any noncompliance that is identified. The review must 
include the radioactive material security program content and 
implementation. Each licensee shall periodically (at least annually) 
review the security program content and implementation.
    (b) The results of the review, along with any recommendations, must 
be documented. Each review report must identify conditions that are 
adverse to the proper performance of the security program, the cause of 
the condition(s), and, when appropriate, recommend corrective actions, 
and corrective actions taken. The licensee shall review the findings 
and take any additional corrective actions necessary to preclude 
repetition of the condition, including reassessment of the deficient 
areas where indicated.
    (c) The licensee shall maintain the review documentation for 3 
years.


Sec.  37.57  Reporting of events.

    (a) The licensee shall immediately notify the LLEA after 
determining that an unauthorized entry resulted in an actual or 
attempted theft, sabotage, or diversion of a category 1 or category 2 
quantity of radioactive material. As soon as possible after initiating 
a response, but not at the expense of causing delay or interfering with 
the LLEA response to the event, the licensee shall notify the NRC's 
Operations Center (301-816-5100). In no case shall the notification to 
the NRC be later than 4 hours after the discovery of any attempted or 
actual theft, sabotage, or diversion.
    (b) The licensee shall assess any suspicious activity related to 
possible theft, sabotage, or diversion of category 1 or category 2 
quantities of radioactive material and notify the LLEA as appropriate. 
As soon as possible but not later than 4 hours after notifying the 
LLEA, the licensee shall notify the NRC's Operations Center (301-816-
5100).
    (c) The initial telephonic notification required by paragraph (a) 
of this section must be followed within a period of 30 days by a 
written report submitted to the NRC by an appropriate method listed in 
Sec.  37.7. The report must include sufficient information for NRC 
analysis and evaluation, including identification of any necessary 
corrective actions to prevent future instances.

Subpart D--Physical Protection in Transit


Sec.  37.71  Additional requirements for transfer of category 1 and 
category 2 quantities of radioactive material.

    A licensee transferring a category 1 or category 2 quantity of 
radioactive material to a licensee of the Commission or an Agreement 
State shall meet the license verification provisions listed below 
instead of those listed in Sec.  30.41(d) of this chapter:
    (a) Any licensee transferring category 1 quantities of radioactive 
material to a licensee of the Commission or an Agreement State, prior 
to conducting such transfer, shall verify with the NRC's license 
verification system or the license issuing authority that the 
transferee's license authorizes the receipt of the type, form, and 
quantity of radioactive material to be transferred and that the 
licensee is authorized to receive radioactive material at the location 
requested for delivery. If the verification is conducted by contacting 
the license issuing authority, the transferor shall document the 
verification. For transfers within the same organization, the licensee 
does not need to verify the transfer.
    (b) Any licensee transferring category 2 quantities of radioactive 
material to a licensee of the Commission or an Agreement State, prior 
to conducting such transfer, shall verify with the NRC's license 
verification system or the license issuing authority that the 
transferee's license authorizes the

[[Page 17017]]

receipt of the type, form, and quantity of radioactive material to be 
transferred. If the verification is conducted by contacting the license 
issuing authority, the transferor shall document the verification. For 
transfers within the same organization, the licensee does not need to 
verify the transfer.
    (c) In an emergency where the licensee cannot reach the license 
issuing authority and the license verification system is nonfunctional, 
the licensee may accept a written certification by the transferee that 
it is authorized by license to receive the type, form, and quantity of 
radioactive material to be transferred. The certification must include 
the license number, current revision number, issuing agency, expiration 
date, and for a category 1 shipment the authorized address. The 
licensee shall keep a copy of the certification. The certification must 
be confirmed by use of the NRC's license verification system or by 
contacting the license issuing authority by the end of the next 
business day.
    (d) The transferor shall keep a copy of the verification 
documentation as a record for 3 years.


Sec.  37.73  Applicability of physical protection of category 1 and 
category 2 quantities of radioactive material during transit.

    (a) For shipments of category 1 quantities of radioactive material, 
each shipping licensee shall comply with the requirements for physical 
protection contained in Sec. Sec.  37.75(a) and (e); 37.77; 
37.79(a)(1), (b)(1), and (c); and 37.81(a), (c), (e), (g) and (h).
    (b) For shipments of category 2 quantities of radioactive material, 
each shipping licensee shall comply with the requirements for physical 
protection contained in Sec. Sec.  37.75(b) through (e); 37.79(a)(2), 
(a)(3), (b)(2), and (c); and 37.81(b), (d), (f), (g), and (h). For 
those shipments of category 2 quantities of radioactive material that 
meet the criteria of Sec.  71.97(b) of this chapter, the shipping 
licensee shall also comply with the advance notification provisions of 
Sec.  71.97 of this chapter.
    (c) The shipping licensee shall be responsible for meeting the 
requirements of this subpart unless the receiving licensee has agreed 
in writing to arrange for the in-transit physical protection required 
under this subpart.
    (d) Each licensee that imports or exports category 1 quantities of 
radioactive material shall comply with the requirements for physical 
protection during transit contained in Sec. Sec.  37.75(a)(2) and (e); 
37.77; 37.79(a)(1), (b)(1), and (c); and 37.81(a), (c), (e), (g), and 
(h) for the domestic portion of the shipment.
    (e) Each licensee that imports or exports category 2 quantities of 
radioactive material shall comply with the requirements for physical 
protection during transit contained in Sec. Sec.  37.79(a)(2), (a)(3), 
and (b)(2); and 37.81(b), (d), (f), (g), and (h) for the domestic 
portion of the shipment.


Sec.  37.75  Preplanning and coordination of shipment of category 1 or 
category 2 quantities of radioactive material.

    (a) Each licensee that plans to transport, or deliver to a carrier 
for transport, licensed material that is a category 1 quantity of 
radioactive material outside the confines of the licensee's facility or 
other place of use or storage shall:
    (1) Preplan and coordinate shipment arrival and departure times 
with the receiving licensee;
    (2) Preplan and coordinate shipment information with the governor 
or the governor's designee of any State through which the shipment will 
pass to:
    (i) Discuss the State's intention to provide law enforcement 
escorts; and
    (ii) Identify safe havens; and
    (3) Document the preplanning and coordination activities.
    (b) Each licensee that plans to transport, or deliver to a carrier 
for transport, licensed material that is a category 2 quantity of 
radioactive material outside the confines of the licensee's facility or 
other place of use or storage shall coordinate the shipment no-later-
than arrival time and the expected shipment arrival with the receiving 
licensee. The licensee shall document the coordination activities.
    (c) Each licensee who receives a shipment of a category 2 quantity 
of radioactive material shall confirm receipt of the shipment with the 
originator. If the shipment has not arrived by the no-later-than 
arrival time, the receiving licensee shall notify the originator.
    (d) Each licensee, who transports or plans to transport a shipment 
of a category 2 quantity of radioactive material, and determines that 
the shipment will arrive after the no-later-than arrival time provided 
pursuant to paragraph (b) of this section, shall promptly notify the 
receiving licensee of the new no-later-than arrival time.
    (e) The licensee shall retain a copy of the documentation for 
preplanning and coordination and any revision thereof, as a record for 
3 years.


Sec.  37.77  Advance notification of shipment of category 1 quantities 
of radioactive material.

    As specified in paragraphs (a) and (b) of this section, each 
licensee shall provide advance notification to the NRC and the governor 
of a State, or the governor's designee, of the shipment of licensed 
material in a category 1 quantity, through or across the boundary of 
the State, before the transport, or delivery to a carrier for transport 
of the licensed material outside the confines of the licensee's 
facility or other place of use or storage.
    (a) Procedures for submitting advance notification. (1) The 
notification must be made to the NRC and to the office of each 
appropriate governor or governor's designee. The contact information, 
including telephone and mailing addresses, of governors and governors' 
designees, is available on the NRC's Web site at http://nrc-stp.ornl.gov/special/designee.pdf. A list of the contact information is 
also available upon request from the Director, Division of 
Intergovernmental Liaison and Rulemaking, Office of Federal and State 
Materials and Environmental Management Programs, U.S. Nuclear 
Regulatory Commission, Washington, DC 20555-0001. Notifications to the 
NRC must be to the NRC's Director, Division of Security Policy, Office 
of Nuclear Security and Incident Response, U.S. Nuclear Regulatory 
Commission, Washington, DC 20555-0001. The notification to the NRC may 
be made by email to RAMQC_SHIPMENTS@nrc.gov or by fax to 
301-816-5151.
    (2) A notification delivered by mail must be postmarked at least 7 
days before transport of the shipment commences at the shipping 
facility.
    (3) A notification delivered by any means other than mail must 
reach NRC at least 4 days before the transport of the shipment 
commences and must reach the office of the governor or the governor's 
designee at least 4 days before transport of a shipment within or 
through the State.
    (b) Information to be furnished in advance notification of 
shipment. Each advance notification of shipment of category 1 
quantities of radioactive material must contain the following 
information, if available at the time of notification:
    (1) The name, address, and telephone number of the shipper, 
carrier, and receiver of the category 1 radioactive material;
    (2) The license numbers of the shipper and receiver;
    (3) A description of the radioactive material contained in the 
shipment, including the radionuclides and quantity;
    (4) The point of origin of the shipment and the estimated time and 
date that shipment will commence;

[[Page 17018]]

    (5) The estimated time and date that the shipment is expected to 
enter each State along the route;
    (6) The estimated time and date of arrival of the shipment at the 
destination; and
    (7) A point of contact, with a telephone number, for current 
shipment information.
    (c) Revision notice. (1) The licensee shall provide any information 
not previously available at the time of the initial notification, as 
soon as the information becomes available but not later than 
commencement of the shipment, to the governor of the State or the 
governor's designee and to the NRC's Director of Nuclear Security, 
Office of Nuclear Security and Incident Response, U.S. Nuclear 
Regulatory Commission, Washington, DC 20555-0001.
    (2) A licensee shall promptly notify the governor of the State or 
the governor's designee of any changes to the information provided in 
accordance with paragraphs (b) and (c)(1) of this section. The licensee 
shall also immediately notify the NRC's Director, Division of Security 
Policy, Office of Nuclear Security and Incident Response, U.S. Nuclear 
Regulatory Commission, Washington, DC 20555-0001 of any such changes.
    (d) Cancellation notice. Each licensee who cancels a shipment for 
which advance notification has been sent shall send a cancellation 
notice to the governor of each State or to the governor's designee 
previously notified and to the NRC's Director, Division of Security 
Policy, Office of Nuclear Security and Incident Response, U.S. Nuclear 
Regulatory Commission, Washington, DC 20555-0001. The licensee shall 
send the cancellation notice before the shipment would have commenced 
or as soon thereafter as possible. The licensee shall state in the 
notice that it is a cancellation and identify the advance notification 
that is being cancelled.
    (e) Records. The licensee shall retain a copy of the advance 
notification and any revision and cancellation notices as a record for 
3 years.
    (f) Protection of information. State officials, State employees, 
and other individuals, whether or not licensees of the Commission or an 
Agreement State, who receive schedule information of the kind specified 
in Sec.  37.77(b) shall protect that information against unauthorized 
disclosure as specified in Sec.  73.21 of this chapter.


Sec.  37.79  Requirements for physical protection of category 1 and 
category 2 quantities of radioactive material during shipment.

    (a) Shipments by road. (1) Each licensee who transports, or 
delivers to a carrier for transport, in a single shipment, a category 1 
quantity of radioactive material shall:
    (i) Ensure that movement control centers are established that 
maintain position information from a remote location. These control 
centers must monitor shipments 24 hours a day, 7 days a week, and have 
the ability to communicate immediately, in an emergency, with the 
appropriate law enforcement agencies.
    (ii) Ensure that redundant communications are established that 
allow the transport to contact the escort vehicle (when used) and 
movement control center at all times. Redundant communications may not 
be subject to the same interference factors as the primary 
communication.
    (iii) Ensure that shipments are continuously and actively monitored 
by a telemetric position monitoring system or an alternative tracking 
system reporting to a movement control center. A movement control 
center must provide positive confirmation of the location, status, and 
control over the shipment. The movement control center must be prepared 
to promptly implement preplanned procedures in response to deviations 
from the authorized route or a notification of actual, attempted, or 
suspicious activities related to the theft, loss, or diversion of a 
shipment. These procedures will include, but not be limited to, the 
identification of and contact information for the appropriate LLEA 
along the shipment route.
    (iv) Provide an individual to accompany the driver for those 
highway shipments with a driving time period greater than the maximum 
number of allowable hours of service in a 24-hour duty day as 
established by the Department of Transportation Federal Motor Carrier 
Safety Administration. The accompanying individual may be another 
driver.
    (v) Develop written normal and contingency procedures to address:
    (A) Notifications to the communication center and law enforcement 
agencies;
    (B) Communication protocols. Communication protocols must include a 
strategy for the use of authentication codes and duress codes and 
provisions for refueling or other stops, detours, and locations where 
communication is expected to be temporarily lost;
    (C) Loss of communications; and
    (D) Responses to an actual or attempted theft or diversion of a 
shipment.
    (vi) Each licensee who makes arrangements for the shipment of 
category 1 quantities of radioactive material shall ensure that 
drivers, accompanying personnel, and movement control center personnel 
have access to the normal and contingency procedures.
    (2) Each licensee that transports category 2 quantities of 
radioactive material shall maintain constant control and/or 
surveillance during transit and have the capability for immediate 
communication to summon appropriate response or assistance.
    (3) Each licensee who delivers to a carrier for transport, in a 
single shipment, a category 2 quantity of radioactive material shall:
    (i) Use carriers that have established package tracking systems. An 
established package tracking system is a documented, proven, and 
reliable system routinely used to transport objects of value. In order 
for a package tracking system to maintain constant control and/or 
surveillance, the package tracking system must allow the shipper or 
transporter to identify when and where the package was last and when it 
should arrive at the next point of control.
    (ii) Use carriers that maintain constant control and/or 
surveillance during transit and have the capability for immediate 
communication to summon appropriate response or assistance; and
    (iii) Use carriers that have established tracking systems that 
require an authorized signature prior to releasing the package for 
delivery or return.
    (b) Shipments by rail. (1) Each licensee who transports, or 
delivers to a carrier for transport, in a single shipment, a category 1 
quantity of radioactive material shall:
    (i) Ensure that rail shipments are monitored by a telemetric 
position monitoring system or an alternative tracking system reporting 
to the licensee, third-party, or railroad communications center. The 
communications center shall provide positive confirmation of the 
location of the shipment and its status. The communications center 
shall implement preplanned procedures in response to deviations from 
the authorized route or to a notification of actual, attempted, or 
suspicious activities related to the theft or diversion of a shipment. 
These procedures will include, but not be limited to, the 
identification of and contact information for the appropriate LLEA 
along the shipment route.

[[Page 17019]]

    (ii) Ensure that periodic reports to the communications center are 
made at preset intervals.
    (2) Each licensee who transports, or delivers to a carrier for 
transport, in a single shipment, a category 2 quantity of radioactive 
material shall:
    (i) Use carriers that have established package tracking systems. An 
established package tracking system is a documented, proven, and 
reliable system routinely used to transport objects of value. In order 
for a package tracking system to maintain constant control and/or 
surveillance, the package tracking system must allow the shipper or 
transporter to identify when and where the package was last and when it 
should arrive at the next point of control.
    (ii) Use carriers that maintain constant control and/or 
surveillance during transit and have the capability for immediate 
communication to summon appropriate response or assistance; and
    (iii) Use carriers that have established tracking systems that 
require an authorized signature prior to releasing the package for 
delivery or return.
    (c) Investigations. Each licensee who makes arrangements for the 
shipment of category 1 quantities of radioactive material shall 
immediately conduct an investigation upon the discovery that a category 
1 shipment is lost or missing. Each licensee who makes arrangements for 
the shipment of category 2 quantities of radioactive material shall 
immediately conduct an investigation, in coordination with the 
receiving licensee, of any shipment that has not arrived by the 
designated no-later-than arrival time.


Sec.  37.81  Reporting of events.

    (a) The shipping licensee shall notify the appropriate LLEA and the 
NRC's Operations Center (301-816-5100) within 1 hour of its 
determination that a shipment of category 1 quantities of radioactive 
material is lost or missing. The appropriate LLEA would be the law 
enforcement agency in the area of the shipment's last confirmed 
location. During the investigation required by Sec.  37.79(c), the 
shipping licensee will provide agreed upon updates to the NRC's 
Operations Center on the status of the investigation.
    (b) The shipping licensee shall notify the NRC's Operations Center 
(301-816-5100) within 4 hours of its determination that a shipment of 
category 2 quantities of radioactive material is lost or missing. If, 
after 24 hours of its determination that the shipment is lost or 
missing, the radioactive material has not been located and secured, the 
licensee shall immediately notify the NRC's Operations Center.
    (c) The shipping licensee shall notify the designated LLEA along 
the shipment route as soon as possible upon discovery of any actual or 
attempted theft or diversion of a shipment or suspicious activities 
related to the theft or diversion of a shipment of a category 1 
quantity of radioactive material. As soon as possible after notifying 
the LLEA, the licensee shall notify the NRC's Operations Center (301-
816-5100) upon discovery of any actual or attempted theft or diversion 
of a shipment, or any suspicious activity related to the shipment of 
category 1 radioactive material.
    (d) The shipping licensee shall notify the NRC's Operations Center 
(301-816-5100) as soon as possible upon discovery of any actual or 
attempted theft or diversion of a shipment, or any suspicious activity 
related to the shipment, of a category 2 quantity of radioactive 
material.
    (e) The shipping licensee shall notify the NRC's Operations Center 
(301-816-5100) and the LLEA as soon as possible upon recovery of any 
lost or missing category 1 quantities of radioactive material.
    (f) The shipping licensee shall notify the NRC's Operations Center 
(301-816-5100) as soon as possible upon recovery of any lost or missing 
category 2 quantities of radioactive material.
    (g) The initial telephonic notification required by paragraphs (a) 
through (d) of this section must be followed within a period of 30 days 
by a written report submitted to the NRC by an appropriate method 
listed in Sec.  37.7. A written report is not required for 
notifications on suspicious activities required by paragraphs (c) and 
(d) of this section. In addition, the licensee shall provide one copy 
of the written report addressed to the Director, Division of Security 
Policy, Office of Nuclear Security and Incident Response, U.S. Nuclear 
Regulatory Commission, Washington, DC 20555-0001. The report must set 
forth the following information:
    (1) A description of the licensed material involved, including 
kind, quantity, and chemical and physical form;
    (2) A description of the circumstances under which the loss or 
theft occurred;
    (3) A statement of disposition, or probable disposition, of the 
licensed material involved;
    (4) Actions that have been taken, or will be taken, to recover the 
material; and
    (5) Procedures or measures that have been, or will be, adopted to 
ensure against a recurrence of the loss or theft of licensed material.
    (h) Subsequent to filing the written report, the licensee shall 
also report any additional substantive information on the loss or theft 
within 30 days after the licensee learns of such information.

Subpart E--[Reserved]

Subpart F--Records


Sec.  37.101  Form of records.

    Each record required by this part must be legible throughout the 
retention period specified by each Commission regulation. The record 
may be the original or a reproduced copy or a microform, provided that 
the copy or microform is authenticated by authorized personnel and that 
the microform is capable of producing a clear copy throughout the 
required retention period. The record may also be stored in electronic 
media with the capability for producing legible, accurate, and complete 
records during the required retention period. Records such as letters, 
drawings, and specifications, must include all pertinent information 
such as stamps, initials, and signatures. The licensee shall maintain 
adequate safeguards against tampering with and loss of records.


Sec.  37.103  Record retention.

    Licensees shall maintain the records that are required by the 
regulations in this part for the period specified by the appropriate 
regulation. If a retention period is not otherwise specified, these 
records must be retained until the Commission terminates the facility's 
license. All records related to this part may be destroyed upon 
Commission termination of the facility license.

Subpart G--Enforcement


Sec.  37.105  Inspections.

    (a) Each licensee shall afford to the Commission at all reasonable 
times opportunity to inspect category 1 or category 2 quantities of 
radioactive material and the premises and facilities wherein the 
nuclear material is used, produced, or stored.
    (b) Each licensee shall make available to the Commission for 
inspection, upon reasonable notice, records kept by the licensee 
pertaining to its receipt, possession, use, acquisition, import, 
export, or transfer of category 1 or category 2 quantities of 
radioactive material.


Sec.  37.107  Violations.

    (a) The Commission may obtain an injunction or other court order to

[[Page 17020]]

prevent a violation of the provisions of--
    (1) The Atomic Energy Act of 1954, as amended;
    (2) Title II of the Energy Reorganization Act of 1974, as amended; 
or
    (3) A regulation or order issued pursuant to those Acts.
    (b) The Commission may obtain a court order for the payment of a 
civil penalty imposed under section 234 of the Atomic Energy Act:
    (1) For violations of--
    (i) Sections 53, 57, 62, 63, 81, 82, 101, 103, 104, 107, or 109 of 
the Atomic Energy Act of 1954, as amended:
    (ii) Section 206 of the Energy Reorganization Act;
    (iii) Any rule, regulation, or order issued pursuant to the 
sections specified in paragraph (b)(1)(i) of this section;
    (iv) Any term, condition, or limitation of any license issued under 
the sections specified in paragraph (b)(1)(i) of this section.
    (2) For any violation for which a license may be revoked under 
Section 186 of the Atomic Energy Act of 1954, as amended.


Sec.  37.109  Criminal penalties.

    (a) Section 223 of the Atomic Energy Act of 1954, as amended, 
provides for criminal sanctions for willful violation of, attempted 
violation of, or conspiracy to violate, any regulation issued under 
sections 161b, 161i, or 161o of the Act. For purposes of section 223, 
all the regulations in this part 37 are issued under one or more of 
sections 161b, 161i, or 161o, except for the sections listed in 
paragraph (b) of this section.
    (b) The regulations in this part 37 that are not issued under 
sections 161b, 161i, or 161o for the purposes of section 223 are as 
follows: Sec. Sec.  37.1, 37.3, 37.5, 37.7, 37.9, 37.11, 37.13, 37.107, 
and 37.109.

Appendix A to Part 37--Category 1 and Category 2 Radioactive Materials

Table 1--Category 1 and Category 2 Threshold

    The terabecquerel (TBq) values are the regulatory standard. The 
curie (Ci) values specified are obtained by converting from the TBq 
value. The curie values are provided for practical usefulness only.

----------------------------------------------------------------------------------------------------------------
                                                    Category 1      Category 1      Category 2      Category 2
              Radioactive material                     (TBq)           (Ci)            (TBq)           (Ci)
----------------------------------------------------------------------------------------------------------------
Americium-241...................................              60           1,620             0.6            16.2
Americium-241/Be................................              60           1,620             0.6            16.2
Californium-252.................................              20             540             0.2            5.40
Cobalt-60.......................................              30             810             0.3            8.10
Curium-244......................................              50           1,350             0.5            13.5
Cesium-137......................................             100           2,700               1            27.0
Gadolinium-153..................................           1,000          27,000              10             270
Iridium-192.....................................              80           2,160             0.8            21.6
Plutonium-238...................................              60           1,620             0.6            16.2
Plutonium-239/Be................................              60           1,620             0.6            16.2
Promethium-147..................................          40,000       1,080,000             400          10,800
Radium-226......................................              40           1,080             0.4            10.8
Selenium-75.....................................             200           5,400               2            54.0
Strontium-90....................................           1,000          27,000              10             270
Thulium-170.....................................          20,000         540,000             200           5,400
Ytterbium-169...................................             300           8,100               3            81.0
----------------------------------------------------------------------------------------------------------------


    Note: Calculations Concerning Multiple Sources or Multiple 
Radionuclides
    The ''sum of fractions'' methodology for evaluating combinations 
of multiple sources or multiple radionuclides is to be used in 
determining whether a location meets or exceeds the threshold and is 
thus subject to the requirements of this part.
    I. If multiple sources of the same radionuclide and/or multiple 
radionuclides are aggregated at a location, the sum of the ratios of 
the total activity of each of the radionuclides must be determined 
to verify whether the activity at the location is less than the 
category 1 or category 2 thresholds of Table 1, as appropriate. If 
the calculated sum of the ratios, using the equation below, is 
greater than or equal to 1.0, then the applicable requirements of 
this part apply.
    II. First determine the total activity for each radionuclide 
from Table 1. This is done by adding the activity of each individual 
source, material in any device, and any loose or bulk material that 
contains the radionuclide. Then use the equation below to calculate 
the sum of the ratios by inserting the total activity of the 
applicable radionuclides from Table 1 in the numerator of the 
equation and the corresponding threshold activity from Table 1 in 
the denominator of the equation. Calculations must be performed in 
metric values (i.e., TBq) and the numerator and denominator values 
must be in the same units.

R1 = total activity for radionuclide 1
R2 = total activity for radionuclide 2
RN = total activity for radionuclide n
AR1 = activity threshold for radionuclide 1
AR2 = activity threshold for radionuclide 2
ARN = activity threshold for radionuclide n

[GRAPHIC] [TIFF OMITTED] TR19MR13.000

PART 39--LICENSES AND RADIATION SAFETY REQUIREMENTS FOR WELL 
LOGGING


0
18. The authority citation for part 39 continues to read as follows:

    Authority: Atomic Energy Act secs. 53, 57, 62, 63, 65, 69, 81, 
82, 161, 181, 182, 183, 186, 223, 234 (42 U.S.C. 2073, 2077, 2092, 
2093, 2095, 2099, 2111, 2112, 2201, 2231, 2232, 2233, 2236, 2273, 
2282); Energy Reorganization Act secs. 201, 202, 206 (42 U.S.C. 
5841, 5842, 5846); Government Paperwork Elimination Act sec. 1704 
(44 U.S.C. 3504 note).


0
19. In Sec.  39.1, paragraph (a) is revised to read as follows:


Sec.  39.1  Purpose and scope.

    (a) This part prescribes requirements for the issuance of a license 
authorizing the use of licensed materials including sealed sources, 
radioactive tracers, radioactive markers, and uranium sinker bars in 
well logging in a single well. This part also prescribes radiation 
safety requirements for persons using licensed materials in these 
operations. The provisions and requirements of this part are in 
addition to, and not in substitution for, other requirements of this 
chapter. In particular, the provisions of parts 19, 20, 21, 30, 37, 40, 
70, 71, and 150 of this chapter apply to applicants and licensees 
subject to this part.
* * * * *

[[Page 17021]]

PART 51--ENVIRONMENTAL PROTECTION REGULATIONS FOR DOMESTIC 
LICENSING AND RELATED REGULATORY FUNCTIONS

0
20. The authority citation for part 51 continues to read as follows:

    Authority:  Atomic Energy Act sec. 161, 1701 (42 U.S.C. 2201, 
2297f); Energy Reorganization Act secs. 201, 202, 211 (42 U.S.C. 
5841, 5842, 5851); Government Paperwork Elimination Act sec. 1704 
(44 U.S.C. 3504 note). Subpart A also issued under National 
Environmental Policy Act secs. 102, 104, 105 (42 U.S.C. 4332, 4334, 
4335); Pub. L. 95-604, Title II, 92 Stat. 3033 3041; Atomic Energy 
Act sec. 193 (42 U.S.C. 2243). Sections 51.20, 51.30, 51.60, 51.80. 
and 51.97 also issued under Nuclear Waste Policy Act secs. 135, 141, 
148 (42 U.S.C. 10155, 10161, 10168). Section 51.22 also issued under 
Atomic Energy Act sec. 274 (42 U.S.C. 2021) and under Nuclear Waste 
Policy Act sec. 121 (42 U.S.C. 10141). Sections 51.43, 51.67, and 
51.109 also issued under Nuclear Waste Policy Act sec. 114(f) (42 
U.S.C. 10134(f)).

0
21. In Sec.  51.22, the introductory text of paragraph (c)(3) is 
revised to read as follows:


Sec.  51.22  Criterion for categorical exclusion; identification of 
licensing and regulatory actions eligible for categorical exclusion or 
otherwise not requiring environmental review.

* * * * *
    (c) * * *
    (3) Amendments to parts 20, 30, 31, 32, 33, 34, 35, 37, 39, 40, 50, 
51, 52, 54, 60, 61, 63, 70, 71, 72, 73, 74, 81, and 100 of this chapter 
which relate to--
* * * * *

PART 71--PACKAGING AND TRANSPORTATION OF RADIOACTIVE MATERIAL

0
22. The authority citation for part 71 continues to read as follows:

    Authority:  Atomic Energy Act secs. 53, 57, 62, 63, 81, 161, 
182, 183, 223, 234, 1701 (42 U.S.C. 2073, 2077, 2092, 2093, 2111, 
2201, 2232, 2233, 2273, 2282, 2297f); Energy Reorganization Act 
secs. 201, 202, 206, 211 (42 U.S.C. 5841, 5842, 5846, 5851); Nuclear 
Waste Policy Act sec. 180 (42 U.S.C. 10175); Government Paperwork 
Elimination Act sec. 1704 (44 U.S.C. 3504 note); Energy Policy Act 
of 2005, Pub. L. No. 109-58, 119 Stat. 594 (2005). Section 71.97 
also issued under sec. 301, Pub. L. 96-295, 94 Stat. 789 790.

0
23. In Sec.  71.97, the introductory text of paragraph (b) is revised 
to read as follows:


Sec.  71.97  Advance notification of shipment of irradiated reactor 
fuel and nuclear waste.

* * * * *
    (b) Advance notification is also required under this section for 
the shipment of licensed material, other than irradiated fuel, meeting 
the following three conditions:
* * * * *

PART 73--PHYSICAL PROTECTION OF PLANTS AND MATERIALS

0
24. The authority citation for part 73 continues to read as follows:

    Authority:  Atomic Energy Act secs. 53, 147, 161, 223, 234, 1701 
(42 U.S.C. 2073, 2167, 2169, 2201, 2273, 2282, 2297(f), 2210(e)); 
Energy Reorganization Act sec. 201, 204 (42 U.S.C. 5841, 5844); 
Government Paperwork Elimination Act sec. 1704, 112 Stat. 2750 (44 
U.S.C. 3504 note); Energy Policy Act of 2005, Pub. L. 109-58, 119 
Stat. 594 (2005).

    Section 73.1 also issued under Nuclear Waste Policy Act secs. 
135, 141 (42 U.S.C, 10155, 10161). Section 73.37(f) also issued 
under sec. 301, Pub. L. 96-295, 94 Stat. 789 (42 U.S.C. 5841 note).


0
25. A new Sec.  73.35 is added to read as follows:


Sec.  73.35  Requirements for physical protection of irradiated reactor 
fuel (100 grams or less) in transit.

    Each licensee who transports, or delivers to a carrier for 
transport, in a single shipment, a quantity of irradiated reactor fuel 
weighing 100 grams (0.22 pounds) or less in net weight of irradiated 
fuel, exclusive of cladding or other structural or packaging material, 
which has a total external radiation dose rate in excess of 1 Gray (100 
rad) per hour at a distance of 1 meter (3.3 feet) from any accessible 
surface without intervening shielding, shall follow the physical 
protection requirements for category 1 quantities of radioactive 
material in subpart D of part 37 of this chapter.

    Dated at Rockville, Maryland, this 8th day of March, 2013.

    For the Nuclear Regulatory Commission.
Annette Vietti-Cook,
Secretary of the Commission.

    Note:  This Appendix Will Not Appear in the Code of Federal 
Regulations.

APPENDIX A TO THIS FINAL RULE--REGULATORY FLEXIBILITY ANALYSIS FOR THE 
AMENDMENTS TO 10 CFR PARTS 20, 30, 32, 33, 34, 35, 36, 37, 39, 51, 71, 
AND 73 (PHYSICAL PROTECTION OF BYPRODUCT MATERIAL)

I. Background

    The Regulatory Flexibility Act (RFA), as amended 5 U.S.C. 601 et 
seq., requires that agencies consider the impact of their 
rulemakings on small entities and, consistent with applicable 
statutes, consider alternatives to minimize these impacts on the 
businesses, organizations, and government jurisdictions to which 
they apply.
    The U.S. Nuclear Regulatory Commission (NRC) has established 
standards for determining which NRC licensees qualify as small 
entities (10 CFR 2.810). These size standards were based on the 
Small Business Administration's most common receipts-based size 
standards and include a size standard for business concerns that are 
manufacturing entities.

Description of the Reasons That Action by the Agency Is Being 
Considered

    The NRC has long participated in efforts to address radioactive 
source protection and security. The terrorist attacks of September 
11, 2001, heightened concerns about the use of risk-significant 
radioactive materials in a malevolent act. Such an attack is of 
particular concern because of the widespread use of radioactive 
materials in the United States by industrial, medical, and academic 
institutions. The theft or diversion of risk-significant radioactive 
materials could lead to their unauthorized use in a radiological 
dispersal device or a radiological exposure device.
    Commission regulations provide requirements for the safe use, 
transport, and control of licensed material. A licensee's loss of 
control of risk-significant radioactive material, whether it is 
inadvertent or through a deliberate act, could result in significant 
adverse impacts that could reasonably constitute a threat to the 
public health and safety or the common defense and security of the 
United States. After the attacks of September 11, 2001, the 
Commission determined that certain licensed material should be 
subject to enhanced security provisions and safeguarded during 
transport, and that individuals with unescorted access to risk-
significant radioactive material should be subject to background 
investigations. For additional information see the Discussion 
portion of the Statements of Consideration (SOC).

Succinct Statement of the Objectives of, and Legal Basis for, the 
Final Rule

    The objective of this rule is to establish generically 
applicable security requirements for the protection of category 1 
and category 2 quantities of radioactive materials possessed by 
certain NRC and Agreement State licensees. These security 
requirements are similar to the requirements imposed on these 
licensees through the NRC's applicable previously-issued security 
orders. The NRC has determined that it is preferable to regulate 
through rulemaking rather than order because notice and comment 
rulemaking is an open and transparent process that facilitates 
public participation. In developing the final rule, the NRC 
considered, among other things, the various orders, lessons-learned 
during implementation, the recommendations from the Independent 
Review Panel and the Materials Working Group, and stakeholder 
comments. The rule also considered a petition for rulemaking 
submitted by the State of Washington. For additional information see 
the Discussion portion of the SOC. The authority citation sections 
of the final rule contain the statutory authority for the rule.

[[Page 17022]]

Description of and, Where Feasible, an Estimate of the Number of 
Small Entities to Which the Final Rule Will Apply

    The final rule would affect about 300 NRC licensees and about 
1,100 Agreement State licensees. This includes a wide range of 
licensees, including pool-type irradiator licensees; manufacturer 
and distributor licensees; medical facilities with gamma knife 
devices; self-shielded irradiator licensees (including blood 
irradiators); teletherapy unit licensees; radiographers; well 
loggers; broad scope users; radioisotope thermoelectric generator 
licensees; and licensees that ship or prepare for shipment category 
1 or category 2 quantities of radioactive material. Some of these 
licensees would be considered small entities. In fiscal year 2008, 
about 26 percent of materials licensees qualified as small entities. 
Using the same percentage, approximately 364 of the licensees that 
will be affected by the rule would be considered small entities.

Description of the Projected Reporting, Recordkeeping, and Other 
Compliance Requirements of the Final Rule, Including an Estimate of 
the Classes of Small Entities That Will Be Subject to the 
Requirements, and the Type of Professional Skills Necessary for 
Preparation of Reports and Records

    Licensees will be required to: (1) Develop procedures for 
implementation of the security provisions; (2) develop a security 
plan that describes how security is being implemented; (3) conduct 
training on the procedures and security plan; (4) conduct background 
investigations for those individuals permitted access to category 1 
or category 2 quantities of radioactive material; (5) coordinate 
with local law enforcement agencies (LLEAs) so the LLEAs would be 
better prepared to respond in an emergency; (6) conduct preplanning 
and coordination activities before shipping radioactive material; 
and (7) implement security measures for the protection of the 
radioactive material. Licensees will be required to promptly report 
any attempted or actual theft or diversion of the radioactive 
material. Licensees will be required to keep copies of the security 
plan, procedures, background investigation records, training 
records, and documentation that certain activities have occurred. 
For additional information on the requirements, see the SOC or the 
final rule text. No special skills are necessary for the preparation 
of reports or records.
    On average, a licensee would have a one-time cost of 
approximately $23,375 and an annual cost of approximately $21,736 to 
fully implement the final rule. Much of this cost would result from 
the requirements to have procedures, conduct training, and to 
develop a security plan. Although not required by the various 
orders, many licensees may have developed procedures and conducted 
training that may require only minor revisions; if so, the actual 
cost may be lower. Additional large costs are the annual program 
review and the maintenance and testing of the security-related 
equipment. The program review is important for licensees to review 
the effectiveness of the program and to ensure that requirements are 
being implemented. Maintenance and testing is essential to ensure 
that the equipment is operational and available when needed. More 
information on the cost of the rule is contained in the Regulatory 
Analysis.

Identification, to the Extent Practicable, of All Relevant Federal 
Rules That May Duplicate, Overlap, or Conflict With the Final Rule

    Several U.S. Government programs involve fingerprinting and an 
FBI identification and criminal history records check. These include 
the National Agency Check; Transportation Worker Identification 
Credentials in accordance with 49 CFR 1572; Bureau of Alcohol, 
Tobacco, Firearms, and Explosives background check and clearances in 
accordance with 27 CFR 555; Health and Human Services security risk 
assessments for possession and use of select agents and toxins in 
accordance with 42 CFR 73; Hazardous Material security threat 
assessment for hazardous material endorsement to commercial drivers 
license in accordance with 49 CFR 1572; and Customs and Border 
Protection's Free and Secure Trade Program. Any individual that has 
favorably undergone the background investigation required by these 
programs would be relieved from the fingerprinting and FBI criminal 
history records check element of the final rule as long as the 
licensee has appropriate documentation. Any individual who has an 
active Federal security clearance would also be relieved assuming 
appropriate documentation is provided.
    The Department of Transportation requires security plans for the 
transport of highway route control quantities of radioactive 
material in accordance with 49 CFR 172.800. This provision covers 
only a small portion of the category 1 and category 2 quantities of 
radioactive material covered by the rule.
    The NRC is not aware of any other relevant Federal rules that 
may duplicate, overlap, or conflict with the final rule.
    Description of any significant alternatives to the final rule 
that accomplish the stated objectives of applicable statutes and 
that minimize any significant economic impact of the final rule on 
small entities, including alternatives considered, such as: (1) 
Establishment of differing compliance or reporting requirements or 
timetables that take into account the resources available to small 
entities; (2) clarification, consolidation, or simplification of 
compliance and reporting requirements under the rule for small 
entities; (3) use of performance rather than design standards; and 
(4) any exemption from coverage of the rule, or any part thereof, 
for such small entities.
    As noted earlier, some of the licensees that would be impacted 
by the final rule are small businesses. The rule would impose the 
minimum requirements that the NRC believes are necessary to 
adequately protect the public health and safety and the common 
defense and security. Therefore, the NRC could not generically grant 
relief to small entities to allow them to implement less effective 
measures. The final rule provides some flexibility in the particular 
measures that a licensee can choose to employ. Licensees affected by 
the rule have already implemented the bulk of the rule's 
requirements in response to various orders.

[FR Doc. 2013-05895 Filed 3-18-13; 8:45 am]
BILLING CODE 7590-01-P